Abstract
We have developed and mechanically verified an ML system called CakeML, which supports a substantial subset of Standard ML. CakeML is implemented as an interactive read-eval-print loop (REPL) in x86-64 machine code. Our correctness theorem ensures that this REPL implementation prints only those results permitted by the semantics of CakeML. Our verification effort touches on a breadth of topics including lexing, parsing, type checking, incremental and dynamic compilation, garbage collection, arbitrary-precision arithmetic, and compiler bootstrapping.
Our contributions are twofold. The first is simply in building a system that is end-to-end verified, demonstrating that each piece of such a verification effort can in practice be composed with the others, and ensuring that none of the pieces rely on any over-simplifying assumptions. The second is developing novel approaches to some of the more challenging aspects of the verification. In particular, our formally verified compiler can bootstrap itself: we apply the verified compiler to itself to produce a verified machine-code implementation of the compiler. Additionally, our compiler proof handles diverging input programs with a lightweight approach based on logical timeout exceptions. The entire development was carried out in the HOL4 theorem prover.
Supplemental Material
- A. W. Appel. Verified software toolchain (invited talk). In ESOP, volume 6602 of LNCS, 2011. Google Scholar
Digital Library
- B. E. Aydemir, A. Bohannon, M. Fairbairn, J. N. Foster, B. C. Pierce, P. Sewell, D. Vytiniotis, G. Washburn, S. Weirich, and S. Zdancewic. Mechanized metatheory for the masses: The POPLMark challenge. In TPHOLs, volume 3603 of LNCS, 2005. Google Scholar
Digital Library
- A. Barthwal and M. Norrish. Verified, executable parsing. In ESOP, volume 5502 of LNCS, 2009. Google Scholar
Digital Library
- A. Chlipala. A verified compiler for an impure functional language. In POPL, 2010. Google Scholar
Digital Library
- M. Felleisen, R. B. Findler, and M. Flatt. Semantics Engineering with PLT Redex. MIT Press, 2009. Google Scholar
Digital Library
- J. Garrigue. A certified implementation of ML with structural polymorphism. In APLAS, volume 6461 of LNCS, 2010. Google Scholar
Digital Library
- J. Guttman, J. Ramsdell, and M. Wand. VLISP: A verified implementation of Scheme. Lisp and Symbolic Computation, 8 (1/2): 5--32, 1995. Google Scholar
Digital Library
- HOL4. http://hol.sourceforge.net.Google Scholar
- J. Hurd. The OpenTheory standard theory library. In NASA Formal Methods, volume 6617 of LNCS, 2011. Google Scholar
Digital Library
- J.-H. Jourdan, F. Pottier, and X. Leroy. Validating LR(1) parsers. In ESOP, volume 7211 of LNCS, 2012. Google Scholar
Digital Library
- A. Koprowski and H. Binsztok. TRX: A formally verified parser interpreter. Logical Methods in Computer Science, 7 (2), 2011.Google Scholar
- R. Kumar and M. Norrish. (Nominal) Unification by recursive descent with triangular substitutions. In ITP, volume 6172 of LNCS, 2010. Google Scholar
Digital Library
- D. K. Lee, K. Crary, and R. Harper. Towards a mechanized metatheory of Standard ML. In POPL, 2007. Google Scholar
Digital Library
- X. Leroy. Formal verification of a realistic compiler. Commun. ACM, 52 (7), 2009. Google Scholar
Digital Library
- X. Leroy and H. Grall. Coinductive big-step operational semantics. Inf. Comput., 207 (2), 2009. Google Scholar
Digital Library
- A. McCreight, T. Chevalier, and A. P. Tolmach. A certified framework for compiling and executing garbage-collected languages. In ICFP, 2010. Google Scholar
Digital Library
- R. Milner. A theory of type polymorphism in programming. J. Comput. Syst. Sci., 17 (3), 1978.Google Scholar
Cross Ref
- R. Milner, M. Tofte, R. Harper, and D. MacQueen. The Definition of Standard ML (Revised). MIT Press, 1997. Google Scholar
Digital Library
- M. O. Myreen. Verified just-in-time compiler on x86. In POPL, 2010. Google Scholar
Digital Library
- M. O. Myreen and G. Curello. Proof pearl: A verified bignum implementation in x86--64 machine code. In CPP, volume 8307 of LNCS, 2013.Google Scholar
- M. O. Myreen and J. Davis. A verified runtime for a verified theorem prover. In ITP, volume 6898 of LNCS, 2011. Google Scholar
Digital Library
- M. O. Myreen and S. Owens. Proof-producing synthesis of ML from higher-order logic. In ICFP, 2012. Google Scholar
Digital Library
- M. O. Myreen, K. Slind, and M. J. C. Gordon. Extensible proof-producing compilation. In CC, volume 5501 of LNCS, 2009. Google Scholar
Digital Library
- M. O. Myreen, S. Owens, and R. Kumar. Steps towards verified implementations of HOL Light. In ITP, volume 7998 of LNCS, 2013. Google Scholar
Digital Library
- W. Naraschewski and T. Nipkow. Type inference verified: Algorithm W in Isabelle/HOL. J. Autom. Reasoning, 23 (3--4), 1999. Google Scholar
Digital Library
- S. Owens. A sound semantics for OCaml light. In ESOP, volume 4960 of LNCS, 2008. Google Scholar
Digital Library
- T. Ridge. Simple, functional, sound and complete parsing for all context-free grammars. In CPP, volume 7086 of LNCS, 2011. Google Scholar
Digital Library
- S. Sarkar, P. Sewell, F. Zappa Nardelli, S. Owens, T. Ridge, T. Braibant, M. O. Myreen, and J. Alglave. The semantics of x86-CC multiprocessor machine code. In POPL, 2009. Google Scholar
Digital Library
- J.Sevcik, V. Vafeiadis, F. Zappa Nardelli, S. Jagannathan, and P. Sewell. Relaxed-memory concurrency and verified compilation. In POPL, 2011. Google Scholar
Digital Library
- D. Vytiniotis, S. L. Peyton Jones, T. Schrijvers, and M. Sulzmann. OutsideIn(X) Modular type inference with local assumptions. J. Funct. Program., 21 (4--5), 2011. Google Scholar
Digital Library
- A. K. Wright and M. Felleisen. A syntactic approach to type soundness. Inf. Comput., 115 (1), 1994. Google Scholar
Digital Library
Index Terms
CakeML: a verified implementation of ML
Recommendations
A new verified compiler backend for CakeML
ICFP 2016: Proceedings of the 21st ACM SIGPLAN International Conference on Functional ProgrammingWe have developed and mechanically verified a new compiler backend for CakeML. Our new compiler features a sequence of intermediate languages that allows it to incrementally compile away high-level features and enables verification at the right levels ...
CakeML: a verified implementation of ML
POPL '14: Proceedings of the 41st ACM SIGPLAN-SIGACT Symposium on Principles of Programming LanguagesWe have developed and mechanically verified an ML system called CakeML, which supports a substantial subset of Standard ML. CakeML is implemented as an interactive read-eval-print loop (REPL) in x86-64 machine code. Our correctness theorem ensures that ...
A verified type system for CakeML
IFL '15: Proceedings of the 27th Symposium on the Implementation and Application of Functional Programming LanguagesCakeML is a dialect of the (strongly typed) ML family of programming languages, designed to play a central role in high-assurance software systems. To date, the main artefact supporting this is a verified compiler from CakeML source code to x86-64 ...







Comments