Abstract
This paper reports on the development of Compositional CompCert, the first verified separate compiler for C.
Specifying and proving separate compilation for C is made challenging by the coincidence of: compiler optimizations, such as register spilling, that introduce compiler-managed (private) memory regions into function stack frames, and C's stack-allocated addressable local variables, which may leak portions of stack frames to other modules when their addresses are passed as arguments to external function calls. The CompCert compiler, as built/proved by Leroy etal 2006--2014, has proofs of correctness for whole programs, but its simulation relations are too weak to specify or prove separately compiled modules.
Our technical contributions that make Compositional CompCert possible include: language-independent linking, a new operational model of multilanguage linking that supports strong semantic contextual equivalences; and structured simulations, a refinement of Beringer etal logical simulation relations that enables expressive module-local invariants on the state communicated between compilation units at runtime. All the results in the paper have been formalized in Coq and are available for download together with the Compositional CompCert compiler.
Supplemental Material
- A. Ahmed and M. Blume. An equivalence-preserving CPS translation via multi-language semantics. In ICFP'11: The 16th ACM SIGPLAN International Conference on Functional Programming, 2011. Google Scholar
Digital Library
- A. W. Appel, R. Dockins, A. Hobor, L. Beringer, J. Dodds, G. Stewart, S. Blazy, and X. Leroy. Program Logics for Certified Compilers. Cambridge, 2014. Google Scholar
Digital Library
- N. Benton and C.-K. Hur. Biorthogonality, step-indexing and compiler correctness. In ICFP'09: The 14th ACM SIGPLAN International Conference on Functional Programming, 2009. Google Scholar
Digital Library
- N. Benton and C.-K. Hur. Realizability and compositional compiler correctness for a polymorphic language. Technical Report MSR-TR-2010--62, Microsoft Research, 2010.Google Scholar
- L. Beringer, G. Stewart, R. Dockins, and A. W. Appel. Verified compilation for shared-memory C. In ESOP'14: The 23rd European Symposium on Programming, 2014.Google Scholar
Digital Library
- C11. C11 draft standard. http://www.open-std.org/jtc1/sc22/wg14/www/docs/n1570.pdf, April 2011.Google Scholar
- A. Chlipala. A certified type-preserving compiler from lambda calculus to assembly language. In PLDI 2007: Programming Language Design and Implementation, 2007. Google Scholar
Digital Library
- A. Chlipala. A verified compiler for an impure functional language. In POPL'10: The 37th ACM SIGACT-SIGPLAN Symposium on Principles of Programming Languages, 2010. Google Scholar
Digital Library
- M. A. Dave. Compiler verification: A bibliography. SIGSOFT Software Engineeering Notes, 28(6), 2003. Google Scholar
Digital Library
- D. Ghica and N. Tzevelekos. A system-level game semantics. In MFPS'12: The 28th Conference on the Mathematical Foundations of Programming Semantics, 2012.Google Scholar
Digital Library
- C. Hur, D. Dreyer, G. Neis, and V. Vafeiadis. The marriage of bisimulations and Kripke logical relations. In POPL'12: The 39th ACM SIGACT- SIGPLAN Symposium on Principles of Programming Languages, 2012. Google Scholar
Digital Library
- C. Hur, G. Neis, D. Dreyer, and V. Vafeiadis. Parametric bisimulations: A logical step forward. In POPL'13: The 40th ACM SIGACT-SIGPLAN Symposium on Principles of Programming Languages, 2013.Google Scholar
- C.-K. Hur and D. Dreyer. A Kripke logical relation between ML and assembly. In POPL'11: The 38th ACM SIGACT-SIGPLAN Symposium on Principles of Programming Languages, 2011. Google Scholar
Digital Library
- X. Leroy. Formal verification of a realistic compiler. Communications of the ACM, 52(7):107--115, 2009. Google Scholar
Digital Library
- X. Leroy. The CompCert C compiler website. http://compcert.inria.fr/compcert-C.html, 2014.Google Scholar
- R. Ley-Wild and A. Nanevski. Subjective auxiliary state for coarse-grained concurrency. In POPL'13: The 40th ACM SIGACT-SIGPLAN Symposium on Principles of Programming Languages, 2013. Google Scholar
Digital Library
- H. Liang, X. Feng, and M. Fu. A rely-guarantee-based simulation for verifying concurrent program transformations. In POPL'12: The 39th ACM SIGACT-SIGPLAN Symposium on Principles of Programming Languages, 2012. Google Scholar
Digital Library
- A. Lochbihler. A Machine-Checked, Type-Safe Model of Java Concurrency: Language, Virtual Machine, Memory Model, and Verified Compiler. PhD thesis, Karlsruher Institut für Technologie, July 2012.Google Scholar
- W. E. Mansky. Specifying and Verifying Program Transformations with PTRANS. PhD thesis, University of Illinois, 2014.Google Scholar
- J. Matthews and R. B. Findler. Operational semantics for multi-language programs. In POPL'07: The 34th ACM SIGACT-SIGPLAN Symposium on Principles of Programming Languages, 2007. Google Scholar
Digital Library
- J. McCarthy and J. Painter. Correctness of a compiler for arithmetic expressions. Mathematical Aspects of Computer Science, 1, 1967.Google Scholar
- M. McKay. Compiler correctness via contextual equivalence. Undergraduate thesis, Carnegie Mellon University, May 2014. J. S. Moore. A mechanically verified language implementation. Journal of Automated Reasoning, 5(4):461--492, 1989. Google Scholar
Digital Library
- A. Nanevski, R. Ley-Wild, I. Sergey, and G. A. Delbianco. Communicating state transition systems for fine-grained concurrent resources. In ESOP'14: The 23rd European Symposium on Programming, 2014.Google Scholar
Digital Library
- J. T. Perconti and A. Ahmed. Verifying an open compiler using multi- language semantics. In ESOP'14: The 23rd European Symposium on Programming, 2014.Google Scholar
Digital Library
- J. Sevcík, V. Vafeiadis, F. Z. Nardelli, S. Jagannathan, and P. Sewell. Comp-CertTSO: A verified compiler for relaxed-memory concurrency. J. ACM, 60(3):22, 2013. Google Scholar
Digital Library
- P. Wang, S. Cuellar, and A. Chlipala. Compiler verification meets cross- language linking via data abstraction. In OOPSLA'14: Proceedings of the 2014 ACM International Conference on Object Oriented Programming Systems Languages and Applications, 2014. Google Scholar
Digital Library
Index Terms
Compositional CompCert
Recommendations
A verified messaging system
We present a concurrent-read exclusive-write buffer system with strong correctness and security properties. Our motivating application for this system is the distribution of sensor values in a multicomponent vehicle-control system, where some ...
CompCertM: CompCert with C-assembly linking and lightweight modular verification
Supporting multi-language linking such as linking C and handwritten assembly modules in the verified compiler CompCert requires a more compositional verification technique than that used in CompCert just supporting separate compilation. The two ...
Formal verification of a realistic compiler
Barbara Liskov: ACM's A.M. Turing Award WinnerThis paper reports on the development and formal verification (proof of semantic preservation) of CompCert, a compiler from Clight (a large subset of the C programming language) to PowerPC assembly code, using the Coq proof assistant both for ...







Comments