ABSTRACT
Verified compilers, such as Leroy's CompCert, are accompanied by a fully checked correctness proof. Both the compiler and proof are often constructed with an interactive proof assistant. This technique provides a strong, end-to-end correctness guarantee on top of a small trusted computing base. Unfortunately, these compilers are also challenging to extend since each additional transformation must be proven correct in full formal detail.
At the other end of the spectrum, techniques for compiler correctness based on a domain-specific language for writing optimizations, such as Lerner's Rhodium and Cobalt, make the compiler easy to extend: the correctness of additional transformations can be checked completely automatically. Unfortunately, these systems provide a weaker guarantee since their end-to-end correctness has not been proven fully formally.
We present an approach for compiler correctness that provides the best of both worlds by bridging the gap between compiler verification and compiler extensibility. In particular, we have extended Leroy's CompCert compiler with an execution engine for optimizations written in a domain specific and proved that this execution engine preserves program semantics, using the Coq proof assistant. We present our CompCert extension, XCert, including the details of its execution engine and proof of correctness in Coq. Furthermore, we report on the important lessons learned for making the proof development manageable.
- N. Benton and N. Tabareau. Compiling functional types to relational specifications for low level imperative code. In TLDI, 2009. Google Scholar
Digital Library
- A. Chlipala. A certified type-preserving compiler from lambda calculus to assembly language. In PLDI, 2007. Google Scholar
Digital Library
- A. Chlipala. A verified compiler for an impure functional language. In POPL, 2010. Google Scholar
Digital Library
- L. de Moura and N. Bjørner. Z3: An efficient SMT solver. In TACAS, 2008. Google Scholar
Digital Library
- D. Detlefs, G. Nelson, and J. B. Saxe. Simplify: a theorem prover for program checking. J. ACM, 52(3):365--473, 2005. Google Scholar
Digital Library
- S. Z. Guyer and C. Lin. Broadway: A compiler for exploiting the domain-specific semantics of software libraries. Proceedings of IEEE, 93(2), 2005.Google Scholar
Cross Ref
- S. Kundu, Z. Tatlock, and S. Lerner. Proving optimizations correct using parameterized program equivalence. In PLDI, 2009. Google Scholar
Digital Library
- S. Lerner, T. Millstein, E. Rice, and C. Chambers. Automated soundness proofs for dataflow analyses and transformations via local rules. In POPL, 2005. Google Scholar
Digital Library
- X. Leroy. Formal certification of a compiler back-end, or: programming a compiler with a proof assistant. In POPL, 2006. Google Scholar
Digital Library
- G. C. Necula. Translation validation for an optimizing compiler. In PLDI, 2000. Google Scholar
Digital Library
- A. Pnueli, M. Siegel, and E. Singerman. Translation validation. In TACAS, 1998. Google Scholar
Digital Library
- M. Rinard and D. Marinov. Credible compilation with pointers. In Workshop on Run-Time Result Verification, 1999.Google Scholar
- S. Sarkar, P. Sewell, F. Z. Nardelli, S. Owens, T. Ridge, T. Braibant, M. O. Myreen,, and J. Alglave. The semantics of x86-cc multiprocessor machine code. In POPL, 2009. Google Scholar
Digital Library
- J.-B. Tristan and X. Leroy. Formal verification of translation validators: A case study on instruction scheduling optimizations. In POPL, 2008. Google Scholar
Digital Library
- J.-B. Tristan and X. Leroy. Verified validation of lazy code motion. In PLDI, 2009 Google Scholar
Digital Library
- J.-B. Tristan and X. Leroy. A simple, verified validator for software pipelining. In POPL, 2010. Google Scholar
Digital Library
- D. L. Whitfield and M. L. Soffa. An approach for exploring code improving transformations. ACM Transactions on Programming Languages and Systems, 19(6):1053--1084, Nov. 1997. Google Scholar
Digital Library
- L. Zuck, A. Pnueli, B. Goldberg, C. Barrett, Y. Fang, and Y. Hu. Translation and runtime validation of loop transformations. Form. Methods Syst. Des., 27(3):335--360, 2005. Google Scholar
Digital Library
Index Terms
Bringing extensibility to verified compilers
Recommendations
Bringing extensibility to verified compilers
PLDI '10Verified compilers, such as Leroy's CompCert, are accompanied by a fully checked correctness proof. Both the compiler and proof are often constructed with an interactive proof assistant. This technique provides a strong, end-to-end correctness guarantee ...
The Intel labs Haskell research compiler
Haskell '13The Glasgow Haskell Compiler (GHC) is a well supported optimizing compiler for the Haskell programming language, along with its own extensions to the language and libraries. Haskell's lazy semantics imposes a runtime model which is in general difficult ...
Pervasive Compiler Verification -- From Verified Programs to Verified Systems
We report in this paper on the formal verification of a simple compiler for the C-like programming language C0. The compiler correctness proof meets the special requirements of pervasive system verification and allows to transfer correctness properties ...







Comments