Abstract

This paper presents Vellvm (verified LLVM), a framework for reasoning about programs expressed in LLVM's intermediate representation and transformations that operate on it. Vellvm provides a mechanized formal semantics of LLVM's intermediate representation, its type system, and properties of its SSA form. The framework is built using the Coq interactive theorem prover. It includes multiple operational semantics and proves relations among them to facilitate different reasoning styles and proof techniques.
To validate Vellvm's design, we extract an interpreter from the Coq formal semantics that can execute programs from LLVM test suite and thus be compared against LLVM reference implementations. To demonstrate Vellvm's practicality, we formalize and verify a previously proposed transformation that hardens C programs against spatial memory safety violations. Vellvm's tools allow us to extract a new, verified implementation of the transformation pass that plugs into the real LLVM infrastructure; its performance is competitive with the non-verified, ad-hoc original.
Supplemental Material
- E. Alkassar and M. A. Hillebrand. Formal functional verification of device drivers. In VSTTE '08: Proceedings of the 2nd International Conference on Verified Software: Theories, Tools, Experiments, 2008. Google Scholar
Digital Library
- A. W. Appel. Foundational proof-carrying code. In LICS '01: Proceedings of the 16th Annual IEEE Symposium on Logic in Computer Science, 2001. Google Scholar
Digital Library
- A. W. Appel. Verified software toolchain. In ESOP '11: Proceedings of the 20th European Conference on Programming Languages and Systems, 2011. Google Scholar
Digital Library
- B. Aydemir, A. Charguéraud, B. C. Pierce, R. Pollack, and S. Weirich. Engineering formal metatheory. In POPL '08: Proceedings of the 35th Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, 2008. Google Scholar
Digital Library
- N. Benton and N. Tabareau. Compiling functional types to relational specifications for low level imperative code. In TLDI '09: Proceedings of the 4th International Workshop on Types in Language design and Implementation, 2009. Google Scholar
Digital Library
- S. Blazy, B. Robillard, and A. W. Appel. Formal verification of coalescing graph-coloring register allocation. In ESOP '10: Proceedings of the 19th European Conference on Programming Languages and Systems, 2010. Google Scholar
Digital Library
- J. Chen, D. Wu, A. W. Appel, and H. Fang. A provably sound TAL for back-end optimization. In PLDI '03: Proceedings of the ACM SIGPLAN 2003 Conference on Programming Language Design and Implementation, 2003. Google Scholar
Digital Library
- A. Chlipala. A verified compiler for an impure functional language. In POPL '10: Proceedings of the 37th Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, 2010. Google Scholar
Digital Library
- A. Chlipala. A certified type-preserving compiler from lambda calculus to assembly language. In PLDI '07: Proceedings of the ACM SIGPLAN 2007 Conference on Programming Language Design and Implementation, 2007. Google Scholar
Digital Library
- The Coq Proof Assistant Reference Manual (Version 8.3pl1). The Coq Development Team, 2011.Google Scholar
- K. Crary. Toward a foundational typed assembly language. In POPL '03: Proceedings of the 30th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, 2003. Google Scholar
Digital Library
- K. Crary and R. Harper. Mechanized definition of standard ml (alpha release), 2009. http://www.cs.cmu.edu/crary/papers/2009/mldef-alpha.tar.gz.Google Scholar
- R. Cytron, J. Ferrante, B. K. Rosen, M. N. Wegman, and F. K. Zadeck. Efficiently computing static single assignment form and the control dependence graph. ACM Trans. Program. Lang. Syst., 13: 451--490, 1991. Google Scholar
Digital Library
- G. A. Kildall. A unified approach to global program optimization. In POPL '73: Proceedings of the 1st Annual ACM SIGACT-SIGPLAN Symposium on Principles of Programming Languages, 1973. Google Scholar
Digital Library
- hen}KN04G. Klein, T. Nipkow, and T. U. München. A machine-checked model for a Java-like language, virtual machine and compiler. ACM Trans. Program. Lang. Syst., 28: 619--695, 2006. Google Scholar
Digital Library
- C. Lattner and V. Adve. LLVM: A Compilation Framework for Lifelong Program Analysis & Transformation. In CGO '04: Proceedings of the International Symposium on Code Generation and Optimization: Feedback-directed and Runtime Optimization, 2004. Google Scholar
Digital Library
- S. Lerner, T. Millstein, E. Rice, and C. Chambers. Automated soundness proofs for dataflow analyses and transformations via local rules. In POPL '05: Proceedings of the 32th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, 2005. Google Scholar
Digital Library
- X. Leroy. A formally verified compiler back-end. Journal of Automated Reasoning, 43 (4): 363--446, 2009. Google Scholar
Digital Library
- The LLVM Reference Manual (Version 2.6). The LLVM Development Team, 2010. http://llvm.org/releases/2.6/docs/LangRef.html.Google Scholar
- V. S. Menon, N. Glew, B. R. Murphy, A. McCreight, T. Shpeisman, A.-R. Adl-Tabatabai, and L. Petersen. A verifiable SSA program representation for aggressive compiler optimization. In POPL '06: Proceedings of the 33th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, 2006. Google Scholar
Digital Library
- S. Nagarakatte, J. Zhao, M. M. K. Martin, and S. Zdancewic. SoftBound: Highly compatible and complete spatial memory safety for C. In PLDI '09: Proceedings of the ACM SIGPLAN 2009 Conference on Programming Language Design and Implementation, 2009. Google Scholar
Digital Library
- G. C. Necula. Translation validation for an optimizing compiler. In PLDI '00: Proceedings of the ACM SIGPLAN 2000 Conference on Programming Language Design and Implementation, 2000. Google Scholar
Digital Library
- NIST Juliet Test Suite for C/C+. NIST, 2010. http://samate.nist.gov/SRD/testCases/suites/Juliet-2010--12.c.cpp.zip.Google Scholar
- M. Nita and D. Grossman. Automatic transformation of bit-level C code to support multiple equivalent data layouts. In CC'08: Proceedings of the 17th International Conference on Compiler Construction, 2008. Google Scholar
Digital Library
- M. Nita, D. Grossman, and C. Chambers. A theory of platform-dependent low-level software. In POPL '08: Proceedings of the 35th Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, 2008. Google Scholar
Digital Library
- A. Pnueli, M. Siegel, and E. Singerman. Translation validation. In TACAS '98: Proceedings of the 4th International Conference on Tools and Algorithms for Construction and Analysis of Systems, 1998. Google Scholar
Digital Library
- P. Sewell, F. Zappa Nardelli, S. Owens, G. Peskine, T. Ridge, S. Sarkar, and R. Strnisa. Ott: Effective tool support for the working semanticist. In ICFP '07: Proceedings of the 9th ACM SIGPLAN International Conference on Functional Programming, 2007. Google Scholar
Digital Library
- M. Stepp, R. Tate, and S. Lerner. Equality-Based translation validator for LLVM. In CAV '11: Proceedings of the 23rd International Conference on Computer Aided Verification, 2011. Google Scholar
Digital Library
- Z. T. Sudipta Kundu and S. Lerner. Proving optimizations correct using parameterized program equivalence. In PLDI '09: Proceedings of the ACM SIGPLAN 2009 Conference on Programming Language Design and Implementation, 2009. Google Scholar
Digital Library
- D. Syme. Reasoning with the formal definition of Standard ML in HOL. In Sixth International Workshop on Higher Order Logic Theorem Proving and its Applications, 1993. Google Scholar
Digital Library
- Z. Tatlock and S. Lerner. Bringing extensibility to verified compilers. In PLDI '10: Proceedings of the ACM SIGPLAN 2010 Conference on Programming Language Design and Implementation, 2010. Google Scholar
Digital Library
- J.-B. Tristan and X. Leroy. Formal verification of translation validators: a case study on instruction scheduling optimizations. In POPL '08: Proceedings of the 35th Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, 2008. Google Scholar
Digital Library
- J.-B. Tristan and X. Leroy. Verified validation of lazy code motion. In PLDI '09: Proceedings of the ACM SIGPLAN 2009 Conference on Programming Language Design and Implementation, 2009. Google Scholar
Digital Library
- J. B. Tristan and X. Leroy. A simple, verified validator for software pipelining. In POPL '10: Proceedings of the 37th Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, 2010. Google Scholar
Digital Library
- J.-B. Tristan, P. Govereau, and G. Morrisett. Evaluating value-graph translation validation for llvm. In PLDI '11: Proceedings of the ACM SIGPLAN 2011 Conference on Programming Language Design and Implementation, 2011. Google Scholar
Digital Library
- A. Zaks and A. Pnueli. Program analysis for compiler validation. In PASTE '08: Proceedings of the 8th ACM SIGPLAN-SIGSOFT Workshop on Program Analysis for Software Tools and Engineering, 2008. Google Scholar
Digital Library
- L. Zhao, G. Li, B. De Sutter, and J. Regehr. ARMor: Fully verified software fault isolation. In EMSOFT '11: Proceedings of the 9th ACM International Conference on Embedded Software, 2011. Google Scholar
Digital Library
Index Terms
Formalizing the LLVM intermediate representation for verified program transformations
Recommendations
Formalizing the LLVM intermediate representation for verified program transformations
POPL '12: Proceedings of the 39th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languagesThis paper presents Vellvm (verified LLVM), a framework for reasoning about programs expressed in LLVM's intermediate representation and transformations that operate on it. Vellvm provides a mechanized formal semantics of LLVM's intermediate ...
Formal verification of SSA-based optimizations for LLVM
PLDI '13Modern compilers, such as LLVM and GCC, use a static single assignment(SSA) intermediate representation (IR) to simplify and enable many advanced optimizations. However, formally verifying the correctness of SSA-based optimizations is challenging ...
Formal verification of SSA-based optimizations for LLVM
PLDI '13: Proceedings of the 34th ACM SIGPLAN Conference on Programming Language Design and ImplementationModern compilers, such as LLVM and GCC, use a static single assignment(SSA) intermediate representation (IR) to simplify and enable many advanced optimizations. However, formally verifying the correctness of SSA-based optimizations is challenging ...







Comments