Compositional CompCert

This paper reports on the development of Compositional CompCert, the first verified separate compiler for C. Specifying and proving separate compilation for C is made challenging by the coincidence of: compiler optimizations, such as register spilling, that introduce compiler-managed (private) memory regions into function stack frames, and C's stack-allocated addressable local variables, which may leak portions of stack frames to other modules when their addresses are passed as arguments to external function calls. The CompCert compiler, as built/proved by Leroy etal 2006--2014, has proofs of correctness for whole programs, but its simulation relations are too weak to specify or prove separately compiled modules. Our technical contributions that make Compositional CompCert possible include: language-independent linking, a new operational model of multilanguage linking that supports strong semantic contextual equivalences; and structured simulations, a refinement of Beringer etal logical simulation relations that enables expressive module-local invariants on the state communicated between compilation units at runtime. All the results in the paper have been formalized in Coq and are available for download together with the Compositional CompCert compiler.

[1]  Chung-Kil Hur,et al.  A kripke logical relation between ML and assembly , 2011, POPL '11.

[2]  Dan R. Ghica,et al.  A System-Level Game Semantics , 2012, MFPS.

[3]  Aleksandar Nanevski,et al.  Subjective auxiliary state for coarse-grained concurrency , 2013, POPL.

[4]  Maulik A. Dave,et al.  Compiler verification: a bibliography , 2003, SOEN.

[5]  Andreas Lochbihler,et al.  A machine-checked, type-safe model of Java concurrency: language, virtual machine, memory model, and verified compiler , 2012 .

[6]  J. Strother Moore,et al.  A mechanically verified language implementation , 1989, Journal of Automated Reasoning.

[7]  John McCarthy,et al.  Correctness of a compiler for arithmetic expressions , 1966 .

[8]  Peng Wang,et al.  Compiler verification meets cross-language linking via data abstraction , 2014, OOPSLA.

[9]  Robert Bruce Findler,et al.  Operational semantics for multi-language programs , 2007, POPL '07.

[10]  Matthias Blume,et al.  An equivalence-preserving CPS translation via multi-language semantics , 2011, ICFP '11.

[11]  Suresh Jagannathan,et al.  CompCertTSO: A Verified Compiler for Relaxed-Memory Concurrency , 2013, JACM.

[12]  Chung-Kil Hur,et al.  Realizability and Compositional Compiler Correctness for a Polymorphic Language , 2010 .

[13]  William Mansky Specifying and verifying program transformations with PTRANS , 2014 .

[14]  Andrew W. Appel,et al.  Program Logics for Certified Compilers , 2014 .

[15]  Xinyu Feng,et al.  A rely-guarantee-based simulation for verifying concurrent program transformations , 2012, POPL '12.

[16]  Adam Chlipala,et al.  A verified compiler for an impure functional language , 2010, POPL '10.

[17]  Xavier Leroy,et al.  Formal verification of a realistic compiler , 2009, CACM.

[18]  Chung-Kil Hur,et al.  Parametric Bisimulations : A Logical Step Forward , 2013 .

[19]  Chung-Kil Hur,et al.  Biorthogonality, step-indexing and compiler correctness , 2009, ICFP.

[20]  Amal Ahmed,et al.  Verifying an Open Compiler Using Multi-language Semantics , 2014, ESOP.

[21]  Andrew W. Appel,et al.  Verified Compilation for Shared-Memory C , 2014, ESOP.

[22]  Chung-Kil Hur,et al.  The marriage of bisimulations and Kripke logical relations , 2012, POPL '12.

[23]  Ilya Sergey,et al.  Communicating State Transition Systems for Fine-Grained Concurrent Resources , 2014, ESOP.

[24]  Adam Chlipala,et al.  A certified type-preserving compiler from lambda calculus to assembly language , 2007, PLDI '07.