Verified peephole optimizations for CompCert

Transformations over assembly code are common in many compilers. These transformations are also some of the most bug-dense compiler components. Such bugs could be elim- inated by formally verifying the compiler, but state-of-the- art formally verified compilers like CompCert do not sup- port assembly-level program transformations. This paper presents Peek, a framework for expressing, verifying, and running meaning-preserving assembly-level program trans- formations in CompCert. Peek contributes four new com- ponents: a lower level semantics for CompCert x86 syntax, a liveness analysis, a library for expressing and verifying peephole optimizations, and a verified peephole optimiza- tion pass built into CompCert. Each of these is accompanied by a correctness proof in Coq against realistic assumptions about the calling convention and the system memory alloca- tor. Verifying peephole optimizations in Peek requires prov- ing only a set of local properties, which we have proved are sufficient to ensure global transformation correctness. We have proven these local properties for 28 peephole transfor- mations from the literature. We discuss the development of our new assembly semantics, liveness analysis, representa- tion of program transformations, and execution engine; de- scribe the verification challenges of each component; and detail techniques we applied to mitigate the proof burden.

[1]  Mary Lou Soffa,et al.  An approach for exploring code improving transformations , 1997, TOPL.

[2]  Xavier Leroy,et al.  Verified validation of lazy code motion , 2009, PLDI '09.

[3]  Santosh Nagarakatte,et al.  Formal verification of SSA-based optimizations for LLVM , 2013, PLDI.

[4]  Sebastian Buchwald Optgen: A Generator for Local Optimizations , 2015, CC.

[5]  Xavier Leroy,et al.  Formal verification of a realistic compiler , 2009, CACM.

[6]  Xuejun Yang,et al.  Finding and understanding bugs in C compilers , 2011, PLDI '11.

[7]  Jeehoon Kang,et al.  A formal C memory model supporting integer-pointer casts , 2015, PLDI.

[8]  Xavier Leroy,et al.  Validating Register Allocation and Spilling , 2010, CC.

[9]  Suresh Jagannathan,et al.  CompCertTSO: A Verified Compiler for Relaxed-Memory Concurrency , 2013, JACM.

[10]  Sorin Lerner,et al.  Cobalt: A Language for Writing Provably-Sound Compiler Optimizations , 2005, COCV@ETAPS.

[11]  Joseph Tassarotti,et al.  RockSalt: better, faster, stronger SFI for the x86 , 2012, PLDI.

[12]  Calvin Lin,et al.  Broadway: A Compiler for Exploiting the Domain-Specific Semantics of Software Libraries , 2005, Proceedings of the IEEE.

[13]  Zhendong Su,et al.  Compiler validation via equivalence modulo inputs , 2014, PLDI.

[14]  Adam Chlipala,et al.  A verified compiler for an impure functional language , 2010, POPL '10.

[15]  J. Strother Moore,et al.  A mechanically verified language implementation , 1989, Journal of Automated Reasoning.

[16]  Xavier Leroy,et al.  A Formally-Verified Alias Analysis , 2012, CPP.

[17]  Sandrine Blazy,et al.  A Concrete Memory Model for CompCert , 2015, ITP.

[18]  Rastislav Bodík,et al.  Chlorophyll : Synthesis-Aided Compiler for Low-Power Spatial Architectures by Phitchaya Mangpo Phothilimthana , 2015 .

[19]  Sorin Lerner,et al.  Bringing extensibility to verified compilers , 2010, PLDI '10.

[20]  Milo M. K. Martin,et al.  Formalizing the LLVM intermediate representation for verified program transformations , 2012, POPL '12.

[21]  W. M. McKeeman,et al.  Peephole optimization , 1965, CACM.

[22]  Andrew W. Appel,et al.  Verification of a Cryptographic Primitive: SHA-256 , 2015, TOPL.

[23]  Xavier Leroy,et al.  A simple, verified validator for software pipelining , 2010, POPL '10.

[24]  Alexander Aiken,et al.  Stochastic optimization of floating-point programs with tunable precision , 2014, PLDI.

[25]  Alexander Aiken,et al.  Automatic generation of peephole superoptimizers , 2006, ASPLOS XII.

[26]  John Regehr,et al.  Provably correct peephole optimizations with alive , 2015, PLDI.

[27]  Peter Sewell,et al.  A Better x86 Memory Model: x86-TSO , 2009, TPHOLs.

[28]  W AppelAndrew Verification of a Cryptographic Primitive , 2015 .

[29]  Sorin Lerner,et al.  Proving optimizations correct using parameterized program equivalence , 2009, PLDI '09.

[30]  Sorin Lerner,et al.  Automated soundness proofs for dataflow analyses and transformations via local rules , 2005, POPL '05.

[31]  Alexander Aiken,et al.  Stochastic superoptimization , 2012, ASPLOS '13.