# Equivalence Checking for Prepack

### By Ben and Suhail
#### November 29, 2017

# What is Prepack?

Prepack is a tool developed by Facebook for "making JavaScript code run faster". 
<img src="img/prepack-github.png" />

<img src="img/prepack-hello-world.png" />

<img src="img/prepack-tax.png" />

 
# Python Z3-based Equivalence Checker

* SMT-based verifier implemented using Z3

* Assumes source code has a general form
    * Finite set of global variables
    * Sequence of operations that potentially modify state of global variables
    * Ignore handling of tricky pointers/memory implementation

### Supports only a subset of Javascript syntax

* Declarations: `var x`, `var y = 1`, and `function myFunc(x, y) { ... }`

* Statements: `while (cond) { ... }` and `if ... [else if] ... [else]` 

* Expressions: Assignment, binary, unary, and function calls `x = -10 + myFunc(123)`

# How does it work?

* Generate AST using `Esprima`

* Construct SMT by traversing AST in recursive manner

* Bind the variable from both programs

* Pass ouput SMT to Z3

* If unsat, then programs equivalent

* Else, return mismatched variables

<img src="img/system.png" />

# Examples

```
var x = 0;
var y = 0;

(function() {
  y = 1;
  var x = 1;
  x = 2;
})();
```

In [8]:
import subprocess
output = subprocess.check_output(['python', '../verify-demo.py', '--verbose', '-f', '../trivial.js'])
print (output.decode())

Parsing original program
(x0_1==0)^(y0_1==0)^(And((And((y0_2==1),(x1_1==1))),(x1_2==2)))

Parsing prepack output
(ppx0_1==ppx0_1)^(ppx0_2==0)^(ppy0_1==ppy0_1)^(ppy0_2==0)^(ppy0_3==1)

SMT Result: 
unsat



<img src="img/simple-if.png" />
<img src="img/if-smt.png" />

# Limitations

* Does not handle recursion and complex loops with `break` and `continue` 
* Brute force nature of IC3 is inelegant

* Handle loops by unrolling, and iteratively doubling the unroll depth 
* Cannot handle infinite loops
* Will hit a "Parser stack overflow - Memory Error"

* Correctness depends on the `Esprima`
* Checker can be buggy due to lack of refinement

# Future Work

* Checker code is spaghetti held together by bubble gum and coffee
* More rigorous way of translating JavaScript into SMT for equivalence checking

# Demo & Questions