The design and implementation of a certifying compiler

This paper presents the design and implementation of a compiler that translates programs written in a type-safe subset of the C programming language into highly optimized DEC Alpha assembly language programs, and a certifier that automatically checks the type safety and memory safety of any assembly language program produced by the compiler. The result of the certifier is either a formal proof of type safety or a counterexample pointing to a potential violation of the type system by the target program. The ensemble of the compiler and the certifier is called a certifying compiler.Several advantages of certifying compilation over previous approaches can be claimed. The notion of a certifying compiler is significantly easier to employ than a formal compiler verification, in part because it is generally easier to verify the correctness of the result of a computation than to prove the correctness of the computation itself. Also, the approach can be applied even to highly optimizing compilers, as demonstrated by the fact that our compiler generates target code, for a range of realistic C programs, which is competitive with both the cc and gcc compilers with all optimizations enabled. The certifier also drastically improves the effectiveness of compiler testing because, for each test case, it statically signals compilation errors that might otherwise require many executions to detect. Finally, this approach is a practical way to produce the safety proofs for a Proof-Carrying Code system, and thus may be useful in a system for safe mobile code.

[1]  F. Lockwood Morris,et al.  Advice on structuring compilers and proving them correct , 1973, POPL.

[2]  Greg Nelson,et al.  Simplification by Cooperating Decision Procedures , 1979, TOPL.

[3]  Steven M. German,et al.  Stanford Pascal Verifier user manual , 1979 .

[4]  Robert E. Shostak,et al.  Deciding Linear Inequalities by Computing Loop Residues , 1981, JACM.

[5]  More on Advice on Structuring Compilers and Proving them Correct , 1981, Theor. Comput. Sci..

[6]  Peter Dybjer,et al.  Using Domain Algebras to Prove the Correctness of a Compiler , 1985, STACS.

[7]  M. Gordon HOL : A machine oriented formulation of higher order logic , 1985 .

[8]  F. Honsell,et al.  A Framework for De ning LogicsRobert Harper , 1987 .

[9]  Robert S. Boyer,et al.  Computational Logic , 1990, ESPRIT Basic Research Series.

[10]  Stephen J. Garland,et al.  Pvs: a Prototype Veriication System , 1992 .

[11]  Natarajan Shankar,et al.  PVS: A Prototype Verification System , 1992, CADE.

[12]  Furio Honsell,et al.  A framework for defining logics , 1993, JACM.

[13]  Joshua Guttman {28 () Vlisp: a Veriied Implementation of Scheme * , 1995 .

[14]  Mitchell Wand,et al.  The VLISP verified PreScheme compiler , 1995, LISP Symb. Comput..

[15]  Mitchell Wand,et al.  VLISP: A verified implementation of Scheme , 1995, LISP Symb. Comput..

[16]  Guy L. Steele,et al.  The Java Language Specification , 1996 .

[17]  Frank Yellin,et al.  The Java Virtual Machine Specification , 1996 .

[18]  George C. Necula,et al.  Safe kernel extensions without run-time checking , 1996, OSDI '96.

[19]  Robert Harper,et al.  TIL: a type-directed optimizing compiler for ML , 1996, PLDI '96.

[20]  Fausto Giunchiglia,et al.  A Provably Correct Embedded Verifier for the Certification of Safety Critical Software , 1997, CAV.

[21]  Manuel Blum,et al.  Software reliability via run-time result-checking , 1997, JACM.

[22]  George C. Necula,et al.  Efficient Representation and Validation of Logical Proofs , 1997, LICS 1997.

[23]  George C. Necula,et al.  Safe, Untrusted Agents Using Proof-Carrying Code , 1998, Mobile Agents and Security.

[24]  Liwu Li,et al.  Java Virtual Machine , 1998 .

[25]  David Walker,et al.  Stack-based typed assembly language , 1998, Journal of Functional Programming.

[26]  Amir Pnueli,et al.  Translation Validation , 1998, TACAS.

[27]  George C. Necula,et al.  Compiling with proofs , 1998 .

[28]  Trevor Jim,et al.  Certifying Compilation and Run-Time Code Generation , 1999, High. Order Symb. Comput..

[29]  Karl Crary,et al.  From system F to typed assembly language , 1999 .

[30]  MorrisettGreg,et al.  From system F to typed assembly language , 1999 .

[31]  George C. Necula,et al.  Translation validation for an optimizing compiler , 2000, PLDI '00.

[32]  David Walker,et al.  Alias Types , 2000, ESOP.

[33]  George C. Necula,et al.  A certifying compiler for Java , 2000, PLDI '00.