skip to main content

Verified compilation of C programs with a nominal memory model

Published:12 January 2022Publication History
Skip Abstract Section

Abstract

Memory models play an important role in verified compilation of imperative programming languages. A representative one is the block-based memory model of CompCert---the state-of-the-art verified C compiler. Despite its success, the abstraction over memory space provided by CompCert's memory model is still primitive and inflexible. In essence, it uses a fixed representation for identifying memory blocks in a global memory space and uses a globally shared state for distinguishing between used and unused blocks. Therefore, any reasoning about memory must work uniformly for the global memory; it is impossible to individually reason about different sub-regions of memory (i.e., the stack and global definitions). This not only incurs unnecessary complexity in compiler verification, but also poses significant difficulty for supporting verified compilation of open or concurrent programs which need to work with contextual memory, as manifested in many previous extensions of CompCert.

To remove the above limitations, we propose an enhancement to the block-based memory model based on nominal techniques; we call it the nominal memory model. By adopting the key concepts of nominal techniques such as atomic names and supports to model the memory space, we are able to 1) generalize the representation of memory blocks to any types satisfying the properties of atomic names and 2) remove the global constraints for managing memory blocks, enabling flexible memory structures for open and concurrent programs.

To demonstrate the effectiveness of the nominal memory model, we develop a series of extensions of CompCert based on it. These extensions show that the nominal memory model 1) supports a general framework for verified compilation of C programs, 2) enables intuitive reasoning of compiler transformations on partial memory; and 3) enables modular reasoning about programs working with contextual memory. We also demonstrate that these extensions require limited changes to the original CompCert, making the verification techniques based on the nominal memory model easy to adopt.

Skip Supplemental Material Section

Supplemental Material

Auxiliary Presentation Video

We propose an enhancement to the block-based memory model based on nominal techniques; we call it the nominal memory model. By adopting the key concepts of nominal techniques such as atomic names and supports to model the memory space, we are able to 1) generalize the representation of memory blocks to any types satisfying the properties of atomic names and 2) remove the global constraints for managing memory blocks, enabling flexible memory structures for open and concurrent programs. To demonstrate the effectiveness of the nominal memory model, we develop a series of extensions of CompCert based on it. These extensions show that the nominal memory model 1) supports a general framework for verified compilation of C programs, 2) enables intuitive reasoning of compiler transformations on partial memory; and 3) enables modular reasoning about programs working with contextual memory.

References

  1. Samson Abramsky, Dan R. Ghica, Andrzej S. Murawski, C.-H. Luke Ong, and Ian David Bede Stark. 2004. Nominal Games and Full Abstraction for the Nu-Calculus. In Proc. 19th IEEE Symposium on Logic in Computer Science (LICS’04). IEEE Computer Society, 150–159. https://doi.org/10.1109/LICS.2004.1319609 Google ScholarGoogle ScholarCross RefCross Ref
  2. Roberto M. Amadio, Nicolas Ayache, Francois Bobot, Jaap P. Boender, Brian Campbell, Ilias Garnier, Antoine Madet, James McKinna, Dominic P. Mulligan, Mauro Piccolo, Randy Pollack, Yann Régis-Gianas, Claudio Sacerdoti Coen, Ian Stark, and Paolo Tranquilli. 2014. Certified Complexity (CerCo). In Foundational and Practical Aspects of Resource Analysis, Ugo Dal Lago and Ricardo Peña (Eds.) (LNCS, Vol. 8552). Springer, Cham. 1–18. isbn:978-3-319-12466-7 https://doi.org/10.1007/978-3-319-12466-7_1 Google ScholarGoogle ScholarCross RefCross Ref
  3. Andrew Appel. 2011. Verified Software Toolchain. In Proc. 20th European Symposium on Programming (ESOP’11), Gilles Barthe (Ed.) (LNCS, Vol. 6602). Springer, Saarbrucken, Germany. 1–17. https://doi.org/10.1007/978-3-642-19718-5_1 Google ScholarGoogle ScholarCross RefCross Ref
  4. Frédéric Besson, Sandrine Blazy, and Pierre Wilke. 2017. CompCertS: A Memory-Aware Verified C Compiler Using Pointer as Integer Semantics. In Interactive Theorem Proving (ITP’17), Mauricio Ayala-Rincón and César A. Muñoz (Eds.) (LNCS, Vol. 10499). Springer, Cham. 81–97. isbn:978-3-319-66107-0 https://doi.org/10.1007/978-3-319-66107-0_6 Google ScholarGoogle ScholarDigital LibraryDigital Library
  5. Quentin Carbonneaux, Jan Hoffmann, Tahina Ramananandro, and Zhong Shao. 2014. End-to-End Verification of Stack-Space Bounds for C Programs. In Proc. 2014 ACM Conference on Programming Language Design and Implementation (PLDI’14). ACM, New York. 270–281. https://doi.org/10.1145/2594291.2594301 Google ScholarGoogle ScholarDigital LibraryDigital Library
  6. Murdoch Gabbay and Andrew M. Pitts. 2002. A New Approach to Abstract Syntax with Variable Binding. Formal Aspects Comput., 13, 3-5 (2002), 341–363. https://doi.org/10.1007/s001650200016 Google ScholarGoogle ScholarDigital LibraryDigital Library
  7. Ronghui Gu, Jérémie Koenig, Tahina Ramananandro, Zhong Shao, Xiongnan(Newman) Wu, Shu-Chun Weng, Haozhong Zhang, and Yu Guo. 2015. Deep Specifications and Certified Abstraction Layers. In Proc. 42nd ACM Symposium on Principles of Programming Languages (POPL’15). ACM, New York. 595–608. https://doi.org/10.1145/2775051.2676975 Google ScholarGoogle ScholarDigital LibraryDigital Library
  8. Ronghui Gu, Zhong Shao, Jieung Kim, Xiongnan (Newman) Wu, Jérémie Koenig, Vilhelm Sjober, Hao Chen, David Costanzo, and Tahnia Ramananandro. 2018. Certified Concurrent Abstraction Layers. In Proc. 2018 ACM Conference on Programming Language Design and Implementation (PLDI’18). ACM, New York. 646–661. https://doi.org/10.1145/3192366.3192381 Google ScholarGoogle ScholarDigital LibraryDigital Library
  9. Hanru Jiang, Hongjin Liang, Siyang Xiao, Junpeng Zha, and Xinyu Feng. 2019. Towards Certified Separate Compilation for Concurrent Programs. In Proc. 40th ACM Conference on Programming Language Design and Implementation (PLDI’19). ACM, New York. 111–125. isbn:978-1-4503-6712-7 https://doi.org/10.1145/3314221.3314595 Google ScholarGoogle ScholarDigital LibraryDigital Library
  10. Jeehoon Kang, Yoonseung Kim, Chung-Kil Hur, Derek Dreyer, and Viktor Vafeiadis. 2016. Lightweight Verification of Separate Compilation. In Proc. 43rd ACM Symposium on Principles of Programming Languages (POPL’16). ACM, New York. 178–190. https://doi.org/10.1145/2837614.2837642 Google ScholarGoogle ScholarDigital LibraryDigital Library
  11. Jérémie Koenig and Zhong Shao. 2021. CompCertO: Compiling Certified Open C Components. In Proc. 42nd ACM SIGPLAN International Conference on Programming Language Design and Implementation (PLDI’21). ACM, New York. 1095–1109. https://doi.org/10.1145/3453483.3454097 Google ScholarGoogle ScholarDigital LibraryDigital Library
  12. James Laird. 2004. A Game Semantics of Local Names and Good Variables. In Foundations of Software Science and Computation Structures (FOSSACS’04), Held as Part of the Joint European Conferences on Theory and Practice of Software (ETAPS’04), Igor Walukiewicz (Ed.) (LNCS, Vol. 2987). Springer, 289–303. https://doi.org/10.1007/978-3-540-24727-2_21 Google ScholarGoogle ScholarCross RefCross Ref
  13. James Laird. 2006. Game Semantics for Higher-Order Concurrency. In Foundations of Software Technology and Theoretical Computer Science (FSTTCS’06), S. Arun-Kumar and Naveen Garg (Eds.) (LNCS, Vol. 4337). Springer, 417–428. https://doi.org/10.1007/11944836_38 Google ScholarGoogle ScholarDigital LibraryDigital Library
  14. Xavier Leroy. 2005–2021. The CompCert Verified Compiler. https://compcert.org/Google ScholarGoogle Scholar
  15. Xavier Leroy, Andrew W. Appel, Sandrine Blazy, and Gordon Stewart. 2012. The CompCert Memory Model, Version 2. INRIA, 26. https://hal.inria.fr/hal-00703441Google ScholarGoogle Scholar
  16. Xavier Leroy and Sandrine Blazy. 2008. Formal Verification of a C-like Memory Model and Its Uses for Verifying Program Transformation. Journal of Automated Reasoning, 41, 1 (2008), 1–31. https://doi.org/10.1007/s10817-008-9099-0 Google ScholarGoogle ScholarDigital LibraryDigital Library
  17. Eric Mullen, Daryl Zuniga, Zachary Tatlock, and Dan Grossman. 2016. Verified Peephole Optimizations for CompCert. In Proc. 37th ACM Conference on Programming Language Design and Implementation (PLDI’16). ACM, New York, NY, USA. 448–461. isbn:978-1-4503-4261-2 https://doi.org/10.1145/2980983.2908109 Google ScholarGoogle ScholarDigital LibraryDigital Library
  18. Andrzej S. Murawski and Nikos Tzevelekos. 2011. Game Semantics for Good General References. In Proc. 26th IEEE Symposium on Logic in Computer Science (LICS’11). IEEE Computer Society, 75–84. https://doi.org/10.1109/LICS.2011.31 Google ScholarGoogle ScholarDigital LibraryDigital Library
  19. Andrzej S. Murawski and Nikos Tzevelekos. 2014. Game Semantics for Interface Middleweight Java. In Proc. 41st ACM Symposium on Principles of Programming Languages (POPL’14). ACM, New York. 517–528. https://doi.org/10.1145/2535838.2535880 Google ScholarGoogle ScholarDigital LibraryDigital Library
  20. Andrzej S. Murawski and Nikos Tzevelekos. 2016. Nominal Game Semantics. Found. Trends Program. Lang., 2, 4 (2016), 191–269. https://doi.org/10.1561/2500000017 Google ScholarGoogle ScholarDigital LibraryDigital Library
  21. Andrzej S. Murawski and Nikos Tzevelekos. 2021. Game Semantics for Interface Middleweight Java. J. ACM, 68, 1 (2021), 4:1–4:51. https://doi.org/10.1145/3428676 Google ScholarGoogle ScholarDigital LibraryDigital Library
  22. Andrew M. Pitts. 2013. Nominal Sets: Names and Symmetry in Computer Science. Cambridge University Press, Cambridge, England.Google ScholarGoogle ScholarDigital LibraryDigital Library
  23. Andrew M. Pitts. 2016. Nominal Techniques. ACM SIGLOG News, 3, 1 (2016), 57–72. https://doi.org/10.1145/2893582.2893594 Google ScholarGoogle ScholarDigital LibraryDigital Library
  24. Tahina Ramananandro, Zhong Shao, Shu-Chun Weng, Jérémie Koenig, and Yuchen Fu. 2015. A Compositional Semantics for Verified Separate Compilation and Linking. In Proc. 2015 Conference on Certified Programs and Proofs (CPP’15). ACM, New York. 3–14. https://doi.org/10.1145/2676724.2693167 Google ScholarGoogle ScholarDigital LibraryDigital Library
  25. Jaroslav Sevcík, Viktor Vafeiadis, Francesco Zappa Nardelli, Suresh Jagannathan, and Peter Sewell. 2011. Relaxed-Memory Concurrency and Verified Compilation. In Proc. 38th ACM Symposium on Principles of Programming Languages (POPL’11). ACM, New York. 43–54. https://doi.org/10.1145/1926385.1926393 Google ScholarGoogle ScholarDigital LibraryDigital Library
  26. Jaroslav Sevcík, Viktor Vafeiadis, Francesco Zappa Nardelli, Suresh Jagannathan, and Peter Sewell. 2013. CompCertTSO: A Verified Compiler for Relaxed-Memory Concurrency. J. ACM, 60, 3 (2013), 22:1–22:50. https://doi.org/10.1145/2487241.2487248 Google ScholarGoogle ScholarDigital LibraryDigital Library
  27. Youngju Song, Minki Cho, Dongjoo Kim, Yonghyun Kim, Jeehoon Kang, and Chung-Kil Hur. 2020. CompCertM: CompCert with C-Assembly Linking and Lightweight Modular Verification. Proc. ACM Program. Lang., 4, POPL (2020), Article 23, Jan., 31 pages. https://doi.org/10.1145/3371091 Google ScholarGoogle ScholarDigital LibraryDigital Library
  28. Gordon Stewart, Lennart Beringer, Santiago Cuellar, and Andrew W. Appel. 2015. Compositional CompCert. In Proc. 42nd ACM Symposium on Principles of Programming Languages (POPL’15). ACM, New York. 275–287. https://doi.org/10.1145/2676726.2676985 Google ScholarGoogle ScholarDigital LibraryDigital Library
  29. Harvey Tuch, Gerwin Klein, and Michael Norrish. 2007. Types, Bytes, and Separation Logic. In Proc. 34th ACM SIGPLAN Symposium on Principles of Programming Languages (POPL’07), Martin Hofmann and Matthias Felleisen (Eds.). ACM, New York. 97–108. https://doi.org/10.1145/1190216.1190234 Google ScholarGoogle ScholarDigital LibraryDigital Library
  30. Christian Urban and Stefan Berghofer. 2006. A Recursion Combinator for Nominal Datatypes Implemented in Isabelle/HOL. In International Joint Conference on Automated Reasoning (IJCAR’06), Ulrich Furbach and Natarajan Shankar (Eds.) (LNCS, Vol. 4130). Springer, 498–512. https://doi.org/10.1007/11814771_41 Google ScholarGoogle ScholarDigital LibraryDigital Library
  31. Christian Urban and Christine Tasson. 2005. Nominal Techniques in Isabelle/HOL. In International Conference on Automated Deduction (CADE-20), Robert Nieuwenhuis (Ed.) (LNCS, Vol. 3632). Springer, 38–53. https://doi.org/10.1007/11532231_4 Google ScholarGoogle ScholarDigital LibraryDigital Library
  32. Yuting Wang, Pierre Wilke, and Zhong Shao. 2019. An Abstract Stack Based Approach to Verified Compositional Compilation to Machine Code. Proc. ACM Program. Lang., 3, POPL (2019), Article 62, Jan., 30 pages. issn:2475-1421 https://doi.org/10.1145/3290375 Google ScholarGoogle ScholarDigital LibraryDigital Library
  33. Yuting Wang, Xiangzhe Xu, Pierre Wilke, and Zhong Shao. 2020. CompCertELF: Verified Separate Compilation of C Programs into ELF Object Files. Proc. ACM Program. Lang., 4, OOPSLA (2020), Article 197, 28 pages. https://doi.org/10.1145/3428265 Google ScholarGoogle ScholarDigital LibraryDigital Library

Index Terms

  1. Verified compilation of C programs with a nominal memory model

        Recommendations

        Comments

        Login options

        Check if you have access through your login credentials or your institution to get full access on this article.

        Sign in

        Full Access

        PDF Format

        View or Download as a PDF file.

        PDF

        eReader

        View online with eReader.

        eReader
        About Cookies On This Site

        We use cookies to ensure that we give you the best experience on our website.

        Learn more

        Got it!