| 1 | \section{Conclusion} |
|---|
| 2 | |
|---|
| 3 | In the previous sections we have discussed the branch displacement optimisation |
|---|
| 4 | problem, presented an optimised solution, and discussed the proof of |
|---|
| 5 | termination and correctness for this algorithm, as formalised in Matita. |
|---|
| 6 | |
|---|
| 7 | The algorithm we have presented is fast and correct, but not optimal; a true |
|---|
| 8 | optimal solution would need techniques like constraint solvers. While outside |
|---|
| 9 | the scope of the present research, it would be interesting to see if enough |
|---|
| 10 | heuristics could be found to make such a solution practical for implementing |
|---|
| 11 | in an existing compiler; this would be especially useful for embedded systems, |
|---|
| 12 | where it is important to have as small solution as possible. |
|---|
| 13 | |
|---|
| 14 | In itself the algorithm is already useful, as it results in a smaller solution |
|---|
| 15 | than the simple `every branch instruction is long' used up until now---and with |
|---|
| 16 | only 64 Kb of memory, every byte counts. It also results in a smaller solution |
|---|
| 17 | than the greatest fixed point algorithm that {\tt gcc} uses. It does this |
|---|
| 18 | without sacrificing speed or correctness. |
|---|
| 19 | |
|---|
| 20 | This algorithm is part of a greater whole, the CerCo project, which aims to |
|---|
| 21 | completely formalise and verify a concrete cost preserving compiler for a large |
|---|
| 22 | subset of the C programming language. More information on the formalisation of |
|---|
| 23 | the assembler, of which the present work is a part, can be found in a companion |
|---|
| 24 | publication~\cite{DC2012}. |
|---|
| 25 | |
|---|
| 26 | \subsection{Related work} |
|---|
| 27 | |
|---|
| 28 | As far as we are aware, this is the first formal discussion of the branch |
|---|
| 29 | displacement optimisation algorithm. |
|---|
| 30 | |
|---|
| 31 | The CompCert project is another verified compiler project. |
|---|
| 32 | Their backend~\cite{Leroy2009} generates assembly code for (amongst others) subsets of the |
|---|
| 33 | PowerPC and x86 (32-bit) architectures. At the assembly code stage, there is |
|---|
| 34 | no distinction between the span-dependent jump instructions, so a branch |
|---|
| 35 | displacement optimisation algorithm is not needed. |
|---|
| 36 | |
|---|
| 37 | An offshoot of the CompCert project is the CompCertTSO project, who add thread |
|---|
| 38 | concurrency and synchronisation to the CompCert compiler~\cite{TSO2011}. This |
|---|
| 39 | compiler also generates assembly code and therefore does not include a branch |
|---|
| 40 | displacement algorithm. |
|---|
| 41 | |
|---|
| 42 | Finally, there is also the Piton stack~\cite{Moore1996}, which not only includes the |
|---|
| 43 | formal verification of a compiler, but also of the machine architecture |
|---|
| 44 | targeted by that compiler, a bespoke microprocessor called the FM9001. |
|---|
| 45 | However, this architecture does not have different |
|---|
| 46 | jump sizes (branching is simulated by assigning values to the program counter), |
|---|
| 47 | so the branch displacement problem is irrelevant. |
|---|
| 48 | |
|---|
| 49 | \subsection{Formal development} |
|---|
| 50 | |
|---|
| 51 | All Matita files related to this development can be found on the CerCo |
|---|
| 52 | website, \url{http://cerco.cs.unibo.it}. The specific part that contains the |
|---|
| 53 | branch displacement algorithm is in the {\tt ASM} subdirectory, in the files |
|---|
| 54 | {\tt PolicyFront.ma}, {\tt PolicyStep.ma} and {\tt Policy.ma}. |
|---|
