Abstract
We describe the design, implementation, and use of a machine-certified framework for correct compilation and execution of programs in garbage-collected languages. Our framework extends Leroy's Coq-certified Compcert compiler and Cminor intermediate language. We add: (i) a new intermediate language, GCminor, that includes primitives for allocating memory in a garbage-collected heap and for specifying GC roots; (ii) a precise, low-level specification for a Cminor library for garbage collection; and (iii) a proven semantics-preserving translation from GCminor to Cminor plus the GC library. GCminor neatly encapsulates the interface between mutator and collector code, while remaining simple and flexible enough to be used with a wide variety of source languages and collector styles. Front ends targeting GCminor can be implemented using any compiler technology and any desired degree of verification, including full semantics preservation, type preservation, or informal trust.
As an example application of our framework, we describe a compiler for Haskell that translates the Glasgow Haskell Compiler's Core intermediate language to GCminor. To support a simple but useful memory safety argument for this compiler, the front end uses a novel combination of type preservation and runtime checks, which is of independent interest.
Supplemental Material
- }}H. Abelson and G. J. Sussman. Structure and Interpretation of Computer Programs. The MIT Press, FIrst edition, 1985. Google Scholar
Digital Library
- }}ADT Coq. The Coq proof assistant. http://coq.inria.fr.Google Scholar
- }}A. W. Appel and S. Blazy. Separation logic for small-step Cminor. In TPHOLs, volume 4732 of LNCS, pp. 5--21. Springer, 2007. Google Scholar
Digital Library
- }}A. W. Appel and T. Jim. Continuation-passing, closure-passing style. In POPL, pp. 293--302. ACM Press, 1989. Google Scholar
Digital Library
- }}A. Bloss, P. Hudak, and J. Young. Code optimizations for lazy evaluation. Lisp and Symbolic Computation, 1(2):147--164, 1988.Google Scholar
Cross Ref
- }}U. Boquist and T. Johnsson. The GRIN project: A highly optimising back end for lazy functional languages. In IFL '96, volume 1268 of LNCS, pp. 58--84. Springer, 1996. Google Scholar
Digital Library
- }}J. Chen, C. Hawblitzel, F. Perry, M. Emmi, J. Condit, D. Coetzee, and P. Pratikaki. Type-preserving compilation for large-scale optimizing object-oriented compilers. In PLDI, pp. 183--192, 2008. Google Scholar
Digital Library
- }}A. Chlipala. A certified type-preserving compiler from lambda calculus to assembly language. In PLDI, pp. 54--65. ACM, 2007. Google Scholar
Digital Library
- }}Z. Dargaye. MLCompCert Coq proofs.http://gallium.inria.fr/~dargaye/mlcompcert.html, 2009.Google Scholar
- }}Z. Dargaye. Vérification formelle d'un compilateur pour langages fonctionnels. PhD thesis, Université Paris 7 Denis Diderot, July 2009.Google Scholar
- }}A. Dijkstra, J. Fokker, and S. D. Swierstra. The architecture of the Utrecht Haskell Compiler. In Haskell Symp., pp. 93--104. ACM, 2009. Google Scholar
Digital Library
- }}K.-F. Faxèn. Analysing, Transforming and Compiling Lazy Functional Programs. PhD thesis, Royal Institute of Technology, June 1997.Google Scholar
- }}C. Flanagan, A. Sabry, B. F. Duba, and M. Felleisen. The essence of compiling with continuations. In PLDI, pp. 237--247. ACM, 1993. Google Scholar
Digital Library
- }}C. Hawblitzel and E. Petrank. Automated verification of practical garbage collectors. In POPL, pp. 441--453. ACM, 2009. Google Scholar
Digital Library
- }}F. Henderson. Accurate garbage collection in an uncooperative environment. In MSP/ISMM, pp. 256--263, 2002. Google Scholar
Digital Library
- }}X. Leroy. Formal certification of a compiler back-end or: programming a compiler with a proof assistant. In POPL, pp. 42--54, 2006. Google Scholar
Digital Library
- }}X. Leroy. The Compcert verified compiler. http://compcert.inria.fr/doc/index.html, April 2009.Google Scholar
- }}X. Leroy. A formally verified compiler back-end. J. Autom. Reason., 43(4):363--446, 2009. Google Scholar
Digital Library
- }}X. Leroy and S. Blazy. Formal verification of a C-like memory model and its uses for verifying program transformations. J. Autom. Reason., 41(1):1--31, 2008. Google Scholar
Digital Library
- }}A. McCreight. The Mechanized Verification of Garbage Collector Implementations. PhD thesis, Yale University, New Haven, CT, USA, 2008. Google Scholar
Digital Library
- }}A. McCreight. Practical tactics for separation logic. In TPHOLs, volume 5674 of LNCS, pp. 343--358. Springer, 2009. Google Scholar
Digital Library
- }}A. McCreight, Z. Shao, C. Lin, and L. Li. A general framework for certifying GCs and their mutators. In PLDI, pp. 468--479. ACM, 2007. Google Scholar
Digital Library
- }}G. Morrisett, D. Walker, K. Crary, and N. Glew. From System F to typed assembly language. TOPLAS, 21(3):527--568, 1999. Google Scholar
Digital Library
- }}M. O. Myreen. Formal verification of machine-code programs. PhD thesis, University of Cambridge, 2008.Google Scholar
- }}W. Partain. The nofib benchmark suite of Haskell programs. In Proc. 1992 Glasgow Workshop on FP, pp. 195--202. Springer, 1993. Google Scholar
Digital Library
- }}S. Peyton Jones, editor. Haskell 98 Language and Libraries - The Revised Report. Cambridge University Press, 2003.Google Scholar
- }}S. L. Peyton Jones. Implementing lazy functional languages on stock hardware: the Spineless Tagless G-machine. JFP, 2(2):127--202, 1992.Google Scholar
Cross Ref
- }}S. L. Peyton Jones. Compiling Haskell by program transformation: A report from the trenches. In ESOP, pp. 18--44, 1996. Google Scholar
Digital Library
- }}S. L. Peyton Jones, N. Ramsey, and F. Reig. C-: A portable assembly language that supports garbage collection. In PPDP '99, pp. 1--28, London, UK, 1999. Springer-Verlag. Google Scholar
Digital Library
- }}M. Sulzmann, M. Chakravarty, S. Peyton Jones, and K. Donnelly. System F with type equality coercions. In TLDI, pp. 53--66, 2007. Google Scholar
Digital Library
- }}The GHC Team. GHC. http://haskell.org/ghc, 2009.Google Scholar
- }}The GHC Team. Replacing GMP. http://hackage.haskell.org/trac/ghc/wiki/ReplacingGMPNotes, April 2009.Google Scholar
- }}The HASP Project. http://hasp.cs.pdx.edu.Google Scholar
- }}The Ocaml Development Team. The Caml language. http://caml.inria.fr.Google Scholar
- }}A. Tolmach, T. Chevalier, and the GHC Team. An external representation for the GHC Core language. http://www.haskell.org/ghc/docs/6.10.4/html/ext-core/core.pdf, July 2009.Google Scholar
- }}N. Torp-Smith, L. Birkedal, and J. C. Reynolds. Local reasoning about a copying garbage collector. ACM TOPLAS, 30(4):1--58, 2008. Google Scholar
Digital Library
- }}J. C. Vanderwaart and K. Crary. A typed interface for garbage collection. In TLDI, pp. 109--122. ACM Press, 2003. Google Scholar
Digital Library
Index Terms
A certified framework for compiling and executing garbage-collected languages
Recommendations
A certified framework for compiling and executing garbage-collected languages
ICFP '10: Proceedings of the 15th ACM SIGPLAN international conference on Functional programmingWe describe the design, implementation, and use of a machine-certified framework for correct compilation and execution of programs in garbage-collected languages. Our framework extends Leroy's Coq-certified Compcert compiler and Cminor intermediate ...
Formal certification of a compiler back-end or: programming a compiler with a proof assistant
Proceedings of the 2006 POPL ConferenceThis paper reports on the development and formal certification (proof of semantic preservation) of a compiler from Cminor (a C-like imperative language) to PowerPC assembly code, using the Coq proof assistant both for programming the compiler and for ...
Formal certification of a compiler back-end or: programming a compiler with a proof assistant
POPL '06: Conference record of the 33rd ACM SIGPLAN-SIGACT symposium on Principles of programming languagesThis paper reports on the development and formal certification (proof of semantic preservation) of a compiler from Cminor (a C-like imperative language) to PowerPC assembly code, using the Coq proof assistant both for programming the compiler and for ...







Comments