Abstract
Garbage collectors relieve the programmer from manual memory management, but lead to compiler-generated machine code that can behave differently (e.g. out-of-memory errors) from the source code. To ensure that the generated code behaves exactly like the source code, programmers need a way to answer questions of the form: what is a sufficient amount of memory for my program to never reach an out-of-memory error?
This paper develops a cost semantics that can answer such questions for CakeML programs. The work described in this paper is the first to be able to answer such questions with proofs in the context of a language that depends on garbage collection. We demonstrate that positive answers can be used to transfer liveness results proved for the source code to liveness guarantees about the generated machine code. Without guarantees about space usage, only safety results can be transferred from source to machine code.
Our cost semantics is phrased in terms of an abstract intermediate language of the CakeML compiler, but results proved at that level map directly to the space cost of the compiler-generated machine code. All of the work described in this paper has been developed in the HOL4 theorem prover.
Supplemental Material
- Oskar Abrahamsson and Magnus O. Myreen. 2017. Automatically Introducing Tail Recursion in CakeML. In Trends in Functional Programming-18th International Symposium, TFP 2017, Canterbury, UK, June 19-21, 2017, Revised Selected Papers (Lecture Notes in Computer Science, Vol. 10788 ), Meng Wang and Scott Owens (Eds.). Springer, 118-134. https: //doi.org/10.1007/978-3-319-89719-6_7 Google Scholar
Cross Ref
- Roberto M. Amadio, Nicolas Ayache, Francois Bobot, Jaap P. Boender, Brian Campbell, Ilias Garnier, Antoine Madet, James McKinna, Dominic P. Mulligan, Mauro Piccolo, Randy Pollack, Yann Régis-Gianas, Claudio Sacerdoti Coen, Ian Stark, and Paolo Tranquilli. 2014. Certified Complexity (CerCo). In Foundational and Practical Aspects of Resource Analysis, Ugo Dal Lago and Ricardo Peña (Eds.). Springer International Publishing, Cham, 1-18.Google Scholar
- Johannes Åman Pohjola, Henrik Rostedt, and Magnus O. Myreen. 2019. Characteristic Formulae for Liveness Properties of Non-terminating CakeML Programs. In Interactive Theorem Proving (ITP). LIPICS.Google Scholar
- David Aspinall, Lennart Beringer, Martin Hofmann, Hans-Wolfgang Loidl, and Alberto Momigliano. 2007. A program logic for resources. Theoretical Computer Science 389, 3 ( 2007 ), 411-445.Google Scholar
- Robert Atkey. 2010. Amortised Resource Analysis with Separation Logic. In Programming Languages and Systems, Andrew D. Gordon (Ed.). Springer Berlin Heidelberg, Berlin, Heidelberg, 85-103.Google Scholar
- Frédéric Besson, Sandrine Blazy, and Pierre Wilke. 2014. A Precise and Abstract Memory Model for C Using Symbolic Values. In Programming Languages and Systems, Jacques Garrigue (Ed.). Springer International Publishing, Cham, 449-468.Google Scholar
- Frédéric Besson, Sandrine Blazy, and Pierre Wilke. 2015. A Concrete Memory Model for CompCert. In Interactive Theorem Proving. Springer International Publishing, Cham, 67-83.Google Scholar
- Frédéric Besson, Sandrine Blazy, and Pierre Wilke. 2019. CompCertS: A Memory-Aware Verified C Compiler Using a Pointer as Integer Semantics. Journal of Automated Reasoning 63, 2 ( 01 Aug 2019 ), 369-392.Google Scholar
Digital Library
- Quentin Carbonneaux, Jan Hofmann, Tahina Ramananandro, and Zhong Shao. 2014. End-to-end Verification of Stack-space Bounds for C Programs. SIGPLAN Not. 49, 6 ( June 2014 ), 270-281.Google Scholar
- Ezgi Çiçek, Gilles Barthe, Marco Gaboardi, Deepak Garg, and Jan Hofmann. 2017. Relational Cost Analysis. SIGPLAN Not. 52, 1 (Jan. 2017 ), 316-329.Google Scholar
Digital Library
- Ezgi Çiçek, Deepak Garg, and Umut Acar. 2015. Refinement Types for Incremental Computational Complexity. In Programming Languages and Systems, Jan Vitek (Ed.). Springer Berlin Heidelberg, Berlin, Heidelberg, 406-431.Google Scholar
- Karl Crary and Stephnie Weirich. 2000. Resource Bound Certification. In Proceedings of the 27th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (Boston, MA, USA) ( POPL '00). ACM, 184-198.Google Scholar
Digital Library
- Armaël Guéneau, Arthur Charguéraud, and François Pottier. 2018. A Fistful of Dollars: Formalizing Asymptotic Complexity Claims via Deductive Program Verification. In ESOP 2018-27th European Symposium on Programming (LNCS-Lecture Notes in Computer Science, Vol. 10801 ). Springer.Google Scholar
Cross Ref
- Martin Adam Thomas Handley, Niki Vazou, and Graham Hutton. 2020. Liquidate Your Assets: Reasoning About Resource Usage in Liquid Haskell. In Principles of Programming Languages (POPL). to appear.Google Scholar
- Jan Hofmann, Klaus Aehlig, and Martin Hofmann. 2012. Resource Aware ML. In Proceedings of the 24th International Conference on Computer Aided Verification (Berkeley, CA) ( CAV'12). Springer-Verlag, Berlin, Heidelberg, 781-786.Google Scholar
Digital Library
- Martin Hofmann and Stefen Jost. 2003. Static Prediction of Heap Space Usage for First-order Functional Programs. In Proceedings of the 30th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL '03). ACM, New York, NY, USA, 185-197.Google Scholar
Digital Library
- Stefen Jost, Pedro Vasconcelos, Mário Florido, and Kevin Hammond. 2017. Type-Based Cost Analysis for Lazy Functional Languages. Journal of Automated Reasoning 59, 1 ( 01 Jun 2017 ), 87-120.Google Scholar
Digital Library
- Xavier Leroy. 2009. Formal Verification of a Realistic Compiler. Communications of the ACM 52, 7 ( 2009 ). https://doi.org/10. 1145/1538788.1538814 Google Scholar
Digital Library
- Magnus O. Myreen. 2010. Reusable Verification of a Copying Collector. In Verified Software: Theories, Tools, Experiments (VSTTE) (Lecture Notes in Computer Science, Vol. 6217 ), Gary T. Leavens, Peter W. O'Hearn, and Sriram K. Rajamani (Eds.). Springer. https://doi.org/10.1007/978-3-642-15057-9 Google Scholar
Cross Ref
- Magnus O. Myreen and Gregorio Curello. 2013. Proof Pearl: A Verified Bignum Implementation in x86-64 Machine Code. In Certified Programs and Proofs (CPP), Georges Gonthier and Michael Norrish (Eds.). Springer, 66-81.Google Scholar
- Scott Owens, Magnus O. Myreen, Ramana Kumar, and Yong Kiam Tan. 2016. Functional Big-Step Semantics. In European Symposium on Programming (ESOP) (Lecture Notes in Computer Science), Peter Thiemann (Ed.). Springer, 589-615.Google Scholar
- Scott Owens, Michael Norrish, Ramana Kumar, Magnus O. Myreen, and Yong Kiam Tan. 2017. Verifying Eficient Function Calls in CakeML. Proc. ACM Program. Lang. 1, ICFP, Article 18 ( Sept. 2017 ), 27 pages.Google Scholar
- Zoe Paraskevopoulou and Andrew W. Appel. 2019. Closure Conversion is Safe for Space. Proc. ACM Program. Lang. 3, ICFP, Article 83 ( July 2019 ), 29 pages.Google Scholar
- Adam Sandberg Ericsson, Magnus O. Myreen, and Johannes Åman Pohjola. 2019. A Verified Generational Garbage Collector for CakeML. J. Autom. Reasoning 63, 2 ( 2019 ), 463-488. https://doi.org/10.1007/s10817-018-9487-z Google Scholar
Digital Library
- Konrad Slind and Michael Norrish. 2008. A Brief Overview of HOL4. In Theorem Proving in Higher Order Logics (TPHOLs).Google Scholar
- Yong Kiam Tan, Magnus O. Myreen, Ramana Kumar, Anthony Fox, Scott Owens, and Michael Norrish. 2019. The verified CakeML compiler backend. Journal of Functional Programming 29 ( 2019 ).Google Scholar
- Pedro B Vasconcelos. 2008. Space Cost Analysis Using Sized Types. Ph.D. Dissertation. University of St. Andrews.Google Scholar
- Peng Wang, Di Wang, and Adam Chlipala. 2017. TiML: A Functional Language for Practical Complexity Analysis with Invariants. Proc. ACM Program. Lang. 1, OOPSLA, Article 79 (Oct. 2017 ), 26 pages.Google Scholar
Digital Library
- Yuting Wang, Pierre Wilke, and Zhong Shao. 2019. An Abstract Stack Based Approach to Verified Compositional Compilation to Machine Code. Proc. ACM Program. Lang. 3, POPL, Article 62 ( Jan. 2019 ), 30 pages.Google Scholar
Digital Library
Index Terms
Do you have space for dessert? a verified space cost semantics for CakeML programs
Recommendations
A flat reachability-based measure for CakeML’s cost semantics
IFL '21: Proceedings of the 33rd Symposium on Implementation and Application of Functional LanguagesThe CakeML project has recently developed a verified cost semantics that allows reasoning about the space safety of CakeML programs. With this space cost semantics, compiled machine code can be proven to have tight memory bounds ensuring no out-of-...
A Verified Generational Garbage Collector for CakeML
This paper presents the verification of a generational copying garbage collector for the CakeML runtime system. The proof is split into an algorithm proof and an implementation proof. The algorithm proof follows the structure of the informal intuition ...
CakeML: a verified implementation of ML
POPL '14We have developed and mechanically verified an ML system called CakeML, which supports a substantial subset of Standard ML. CakeML is implemented as an interactive read-eval-print loop (REPL) in x86-64 machine code. Our correctness theorem ensures that ...






Comments