Abstract
Memory models play an important role in verified compilation of imperative programming languages. A representative one is the block-based memory model of CompCert---the state-of-the-art verified C compiler. Despite its success, the abstraction over memory space provided by CompCert's memory model is still primitive and inflexible. In essence, it uses a fixed representation for identifying memory blocks in a global memory space and uses a globally shared state for distinguishing between used and unused blocks. Therefore, any reasoning about memory must work uniformly for the global memory; it is impossible to individually reason about different sub-regions of memory (i.e., the stack and global definitions). This not only incurs unnecessary complexity in compiler verification, but also poses significant difficulty for supporting verified compilation of open or concurrent programs which need to work with contextual memory, as manifested in many previous extensions of CompCert.
To remove the above limitations, we propose an enhancement to the block-based memory model based on nominal techniques; we call it the nominal memory model. By adopting the key concepts of nominal techniques such as atomic names and supports to model the memory space, we are able to 1) generalize the representation of memory blocks to any types satisfying the properties of atomic names and 2) remove the global constraints for managing memory blocks, enabling flexible memory structures for open and concurrent programs.
To demonstrate the effectiveness of the nominal memory model, we develop a series of extensions of CompCert based on it. These extensions show that the nominal memory model 1) supports a general framework for verified compilation of C programs, 2) enables intuitive reasoning of compiler transformations on partial memory; and 3) enables modular reasoning about programs working with contextual memory. We also demonstrate that these extensions require limited changes to the original CompCert, making the verification techniques based on the nominal memory model easy to adopt.
Supplemental Material
- Samson Abramsky, Dan R. Ghica, Andrzej S. Murawski, C.-H. Luke Ong, and Ian David Bede Stark. 2004. Nominal Games and Full Abstraction for the Nu-Calculus. In Proc. 19th IEEE Symposium on Logic in Computer Science (LICS’04). IEEE Computer Society, 150–159. https://doi.org/10.1109/LICS.2004.1319609 Google Scholar
Cross Ref
- Roberto M. Amadio, Nicolas Ayache, Francois Bobot, Jaap P. Boender, Brian Campbell, Ilias Garnier, Antoine Madet, James McKinna, Dominic P. Mulligan, Mauro Piccolo, Randy Pollack, Yann Régis-Gianas, Claudio Sacerdoti Coen, Ian Stark, and Paolo Tranquilli. 2014. Certified Complexity (CerCo). In Foundational and Practical Aspects of Resource Analysis, Ugo Dal Lago and Ricardo Peña (Eds.) (LNCS, Vol. 8552). Springer, Cham. 1–18. isbn:978-3-319-12466-7 https://doi.org/10.1007/978-3-319-12466-7_1 Google Scholar
Cross Ref
- Andrew Appel. 2011. Verified Software Toolchain. In Proc. 20th European Symposium on Programming (ESOP’11), Gilles Barthe (Ed.) (LNCS, Vol. 6602). Springer, Saarbrucken, Germany. 1–17. https://doi.org/10.1007/978-3-642-19718-5_1 Google Scholar
Cross Ref
- Frédéric Besson, Sandrine Blazy, and Pierre Wilke. 2017. CompCertS: A Memory-Aware Verified C Compiler Using Pointer as Integer Semantics. In Interactive Theorem Proving (ITP’17), Mauricio Ayala-Rincón and César A. Muñoz (Eds.) (LNCS, Vol. 10499). Springer, Cham. 81–97. isbn:978-3-319-66107-0 https://doi.org/10.1007/978-3-319-66107-0_6 Google Scholar
Digital Library
- Quentin Carbonneaux, Jan Hoffmann, Tahina Ramananandro, and Zhong Shao. 2014. End-to-End Verification of Stack-Space Bounds for C Programs. In Proc. 2014 ACM Conference on Programming Language Design and Implementation (PLDI’14). ACM, New York. 270–281. https://doi.org/10.1145/2594291.2594301 Google Scholar
Digital Library
- Murdoch Gabbay and Andrew M. Pitts. 2002. A New Approach to Abstract Syntax with Variable Binding. Formal Aspects Comput., 13, 3-5 (2002), 341–363. https://doi.org/10.1007/s001650200016 Google Scholar
Digital Library
- Ronghui Gu, Jérémie Koenig, Tahina Ramananandro, Zhong Shao, Xiongnan(Newman) Wu, Shu-Chun Weng, Haozhong Zhang, and Yu Guo. 2015. Deep Specifications and Certified Abstraction Layers. In Proc. 42nd ACM Symposium on Principles of Programming Languages (POPL’15). ACM, New York. 595–608. https://doi.org/10.1145/2775051.2676975 Google Scholar
Digital Library
- Ronghui Gu, Zhong Shao, Jieung Kim, Xiongnan (Newman) Wu, Jérémie Koenig, Vilhelm Sjober, Hao Chen, David Costanzo, and Tahnia Ramananandro. 2018. Certified Concurrent Abstraction Layers. In Proc. 2018 ACM Conference on Programming Language Design and Implementation (PLDI’18). ACM, New York. 646–661. https://doi.org/10.1145/3192366.3192381 Google Scholar
Digital Library
- Hanru Jiang, Hongjin Liang, Siyang Xiao, Junpeng Zha, and Xinyu Feng. 2019. Towards Certified Separate Compilation for Concurrent Programs. In Proc. 40th ACM Conference on Programming Language Design and Implementation (PLDI’19). ACM, New York. 111–125. isbn:978-1-4503-6712-7 https://doi.org/10.1145/3314221.3314595 Google Scholar
Digital Library
- Jeehoon Kang, Yoonseung Kim, Chung-Kil Hur, Derek Dreyer, and Viktor Vafeiadis. 2016. Lightweight Verification of Separate Compilation. In Proc. 43rd ACM Symposium on Principles of Programming Languages (POPL’16). ACM, New York. 178–190. https://doi.org/10.1145/2837614.2837642 Google Scholar
Digital Library
- Jérémie Koenig and Zhong Shao. 2021. CompCertO: Compiling Certified Open C Components. In Proc. 42nd ACM SIGPLAN International Conference on Programming Language Design and Implementation (PLDI’21). ACM, New York. 1095–1109. https://doi.org/10.1145/3453483.3454097 Google Scholar
Digital Library
- James Laird. 2004. A Game Semantics of Local Names and Good Variables. In Foundations of Software Science and Computation Structures (FOSSACS’04), Held as Part of the Joint European Conferences on Theory and Practice of Software (ETAPS’04), Igor Walukiewicz (Ed.) (LNCS, Vol. 2987). Springer, 289–303. https://doi.org/10.1007/978-3-540-24727-2_21 Google Scholar
Cross Ref
- James Laird. 2006. Game Semantics for Higher-Order Concurrency. In Foundations of Software Technology and Theoretical Computer Science (FSTTCS’06), S. Arun-Kumar and Naveen Garg (Eds.) (LNCS, Vol. 4337). Springer, 417–428. https://doi.org/10.1007/11944836_38 Google Scholar
Digital Library
- Xavier Leroy. 2005–2021. The CompCert Verified Compiler. https://compcert.org/Google Scholar
- Xavier Leroy, Andrew W. Appel, Sandrine Blazy, and Gordon Stewart. 2012. The CompCert Memory Model, Version 2. INRIA, 26. https://hal.inria.fr/hal-00703441Google Scholar
- Xavier Leroy and Sandrine Blazy. 2008. Formal Verification of a C-like Memory Model and Its Uses for Verifying Program Transformation. Journal of Automated Reasoning, 41, 1 (2008), 1–31. https://doi.org/10.1007/s10817-008-9099-0 Google Scholar
Digital Library
- Eric Mullen, Daryl Zuniga, Zachary Tatlock, and Dan Grossman. 2016. Verified Peephole Optimizations for CompCert. In Proc. 37th ACM Conference on Programming Language Design and Implementation (PLDI’16). ACM, New York, NY, USA. 448–461. isbn:978-1-4503-4261-2 https://doi.org/10.1145/2980983.2908109 Google Scholar
Digital Library
- Andrzej S. Murawski and Nikos Tzevelekos. 2011. Game Semantics for Good General References. In Proc. 26th IEEE Symposium on Logic in Computer Science (LICS’11). IEEE Computer Society, 75–84. https://doi.org/10.1109/LICS.2011.31 Google Scholar
Digital Library
- Andrzej S. Murawski and Nikos Tzevelekos. 2014. Game Semantics for Interface Middleweight Java. In Proc. 41st ACM Symposium on Principles of Programming Languages (POPL’14). ACM, New York. 517–528. https://doi.org/10.1145/2535838.2535880 Google Scholar
Digital Library
- Andrzej S. Murawski and Nikos Tzevelekos. 2016. Nominal Game Semantics. Found. Trends Program. Lang., 2, 4 (2016), 191–269. https://doi.org/10.1561/2500000017 Google Scholar
Digital Library
- Andrzej S. Murawski and Nikos Tzevelekos. 2021. Game Semantics for Interface Middleweight Java. J. ACM, 68, 1 (2021), 4:1–4:51. https://doi.org/10.1145/3428676 Google Scholar
Digital Library
- Andrew M. Pitts. 2013. Nominal Sets: Names and Symmetry in Computer Science. Cambridge University Press, Cambridge, England.Google Scholar
Digital Library
- Andrew M. Pitts. 2016. Nominal Techniques. ACM SIGLOG News, 3, 1 (2016), 57–72. https://doi.org/10.1145/2893582.2893594 Google Scholar
Digital Library
- Tahina Ramananandro, Zhong Shao, Shu-Chun Weng, Jérémie Koenig, and Yuchen Fu. 2015. A Compositional Semantics for Verified Separate Compilation and Linking. In Proc. 2015 Conference on Certified Programs and Proofs (CPP’15). ACM, New York. 3–14. https://doi.org/10.1145/2676724.2693167 Google Scholar
Digital Library
- Jaroslav Sevcík, Viktor Vafeiadis, Francesco Zappa Nardelli, Suresh Jagannathan, and Peter Sewell. 2011. Relaxed-Memory Concurrency and Verified Compilation. In Proc. 38th ACM Symposium on Principles of Programming Languages (POPL’11). ACM, New York. 43–54. https://doi.org/10.1145/1926385.1926393 Google Scholar
Digital Library
- Jaroslav Sevcík, Viktor Vafeiadis, Francesco Zappa Nardelli, Suresh Jagannathan, and Peter Sewell. 2013. CompCertTSO: A Verified Compiler for Relaxed-Memory Concurrency. J. ACM, 60, 3 (2013), 22:1–22:50. https://doi.org/10.1145/2487241.2487248 Google Scholar
Digital Library
- Youngju Song, Minki Cho, Dongjoo Kim, Yonghyun Kim, Jeehoon Kang, and Chung-Kil Hur. 2020. CompCertM: CompCert with C-Assembly Linking and Lightweight Modular Verification. Proc. ACM Program. Lang., 4, POPL (2020), Article 23, Jan., 31 pages. https://doi.org/10.1145/3371091 Google Scholar
Digital Library
- Gordon Stewart, Lennart Beringer, Santiago Cuellar, and Andrew W. Appel. 2015. Compositional CompCert. In Proc. 42nd ACM Symposium on Principles of Programming Languages (POPL’15). ACM, New York. 275–287. https://doi.org/10.1145/2676726.2676985 Google Scholar
Digital Library
- Harvey Tuch, Gerwin Klein, and Michael Norrish. 2007. Types, Bytes, and Separation Logic. In Proc. 34th ACM SIGPLAN Symposium on Principles of Programming Languages (POPL’07), Martin Hofmann and Matthias Felleisen (Eds.). ACM, New York. 97–108. https://doi.org/10.1145/1190216.1190234 Google Scholar
Digital Library
- Christian Urban and Stefan Berghofer. 2006. A Recursion Combinator for Nominal Datatypes Implemented in Isabelle/HOL. In International Joint Conference on Automated Reasoning (IJCAR’06), Ulrich Furbach and Natarajan Shankar (Eds.) (LNCS, Vol. 4130). Springer, 498–512. https://doi.org/10.1007/11814771_41 Google Scholar
Digital Library
- Christian Urban and Christine Tasson. 2005. Nominal Techniques in Isabelle/HOL. In International Conference on Automated Deduction (CADE-20), Robert Nieuwenhuis (Ed.) (LNCS, Vol. 3632). Springer, 38–53. https://doi.org/10.1007/11532231_4 Google Scholar
Digital Library
- Yuting Wang, Pierre Wilke, and Zhong Shao. 2019. An Abstract Stack Based Approach to Verified Compositional Compilation to Machine Code. Proc. ACM Program. Lang., 3, POPL (2019), Article 62, Jan., 30 pages. issn:2475-1421 https://doi.org/10.1145/3290375 Google Scholar
Digital Library
- Yuting Wang, Xiangzhe Xu, Pierre Wilke, and Zhong Shao. 2020. CompCertELF: Verified Separate Compilation of C Programs into ELF Object Files. Proc. ACM Program. Lang., 4, OOPSLA (2020), Article 197, 28 pages. https://doi.org/10.1145/3428265 Google Scholar
Digital Library
Index Terms
Verified compilation of C programs with a nominal memory model
Recommendations
A Verified CompCert Front-End for a Memory Model Supporting Pointer Arithmetic and Uninitialised Data
The CompCert C compiler guarantees that the target program behaves as the source program. Yet, source programs without a defined semantics do not benefit from this guarantee and could therefore be miscompiled. To reduce the possibility of a ...
CompCertS: A Memory-Aware Verified C Compiler Using Pointer as Integer Semantics
Interactive Theorem ProvingAbstractThe CompCert C compiler provides the formal guarantee that the observable behaviour of the compiled code improves on the observable behaviour of the source code. In this paper, we present a formally verified C compiler, CompCertS, which is ...
Formally Verified Native Code Generation in an Effectful JIT: Turning the CompCert Backend into a Formally Verified JIT Compiler
Modern Just-in-Time compilers (or JITs) typically interleave several mechanisms to execute a program. For faster startup times and to observe the initial behavior of an execution, interpretation can be initially used. But after a while, JITs ...






Comments