Verified Compilers for a Multi-Language World

Though there has been remarkable progress on formally verified compilers in recent years, most of these compilers suffer from a serious limitation: they are proved correct under the assumption that they will only be used to compile whole programs. This is an unrealistic assumption since most software systems today are comprised of components written in different languages - both typed and untyped - compiled by different compilers to a common target, as well as low-level libraries that may be handwritten in the target language. We are pursuing a new methodology for building verified compilers for today's world of multi-language software. The project has two central themes, both of which stem from a view of compiler correctness as a language interoperability problem. First, to specify correctness of component compilation, we require that if a source component s compiles to target component t, then t linked with some arbitrary target code t' should behave the same as s interoperating with t'. The latter demands a formal semantics of interoperability between the source and target languages. Second, to enable safe interoperability between components compiled from languages as different as ML, Rust, Python, and C, we plan to design a gradually type-safe target language based on LLVM that supports safe interoperability between more precisely typed, less precisely typed, and type-unsafe components. Our approach opens up a new avenue for exploring sensible language interoperability while also tackling compiler correctness.

[1]  Juan Chen,et al.  Fully abstract compilation to JavaScript , 2013, POPL.

[2]  Sam Tobin-Hochstadt,et al.  Complete Monitors for Behavioral Contracts , 2012, ESOP.

[3]  Milo M. K. Martin,et al.  Formalizing the LLVM intermediate representation for verified program transformations , 2012, POPL '12.

[4]  Neha Narula,et al.  Native Client: A Sandbox for Portable, Untrusted x86 Native Code , 2009, IEEE Symposium on Security and Privacy.

[5]  Xavier Leroy,et al.  Formal certification of a compiler back-end or: programming a compiler with a proof assistant , 2006, POPL '06.

[6]  Cormac Flanagan,et al.  Hybrid type checking , 2006, POPL '06.

[7]  Chung-Kil Hur,et al.  Pilsner: a compositionally verified compiler for a higher-order imperative language , 2015, ICFP.

[8]  Lars Birkedal,et al.  The impact of higher-order state and control effects on local relational reasoning , 2012, J. Funct. Program..

[9]  Matthias Felleisen,et al.  Contracts for higher-order functions , 2002, ICFP '02.

[10]  Robert Bruce Findler,et al.  Operational semantics for multi-language programs , 2007, POPL '07.

[11]  Xavier Leroy,et al.  A Formally Verified Compiler Back-end , 2009, Journal of Automated Reasoning.

[12]  Stephen N. Freund,et al.  Sage: Hybrid Checking for Flexible Specifications , 2006 .

[13]  Adam Chlipala,et al.  A verified compiler for an impure functional language , 2010, POPL '10.

[14]  Matthias Blume,et al.  Typed closure conversion preserves observational equivalence , 2008, ICFP 2008.

[15]  Robert Bruce Findler,et al.  Fine-grained interoperability through mirrors and contracts , 2005, OOPSLA '05.

[16]  Deepak Garg,et al.  Verification of Information Flow and Access Control Policies with Dependent Types , 2011, 2011 IEEE Symposium on Security and Privacy.

[17]  Maulik A. Dave,et al.  Compiler verification: a bibliography , 2003, SOEN.

[18]  Lars Birkedal,et al.  Ynot: dependent types for imperative programs , 2008, ICFP 2008.

[19]  Philip Wadler,et al.  Well-Typed Programs Can't Be Blamed , 2009, ESOP.

[20]  Chung-Kil Hur,et al.  Biorthogonality, step-indexing and compiler correctness , 2009, ICFP.

[21]  Chung-Kil Hur,et al.  Realizability and Compositional Compiler Correctness for a Polymorphic Language , 2010 .

[22]  J. Gregory Morrisett,et al.  L3: A Linear Language with Locations , 2007, Fundam. Informaticae.

[23]  Robert Harper,et al.  Typed closure conversion , 1996, POPL '96.

[24]  Amal Ahmed,et al.  Verifying an Open Compiler Using Multi-language Semantics , 2014, ESOP.

[25]  Christian Queinnec Inverting back the inversion of control or, continuations versus page-centric programming , 2003, SIGP.

[26]  Milo M. K. Martin,et al.  Formal verification of SSA-based optimizations for LLVM , 2013, PLDI.

[27]  Ramana Kumar,et al.  CakeML: a verified implementation of ML , 2014, POPL.

[28]  David Walker,et al.  The logical approach to stack typing , 2003, TLDI '03.

[29]  David Walker,et al.  Reasoning about hierarchical storage , 2003, 18th Annual IEEE Symposium of Logic in Computer Science, 2003. Proceedings..

[30]  Walid Taha,et al.  Gradual Typing for Objects , 2007, ECOOP.

[31]  Andreas Lochbihler,et al.  Verifying a Compiler for Java Threads , 2010, ESOP.

[32]  Magnus O. Myreen Verified just-in-time compiler on x86 , 2010, POPL '10.

[33]  Andrew W. Appel,et al.  Verified Compilation for Shared-Memory C , 2014, ESOP.

[34]  Lars Birkedal,et al.  Abstract Predicates and Mutable ADTs in Hoare Type Theory , 2007, ESOP.

[35]  J. Gregory Morrisett,et al.  Linear Regions Are All You Need , 2006, ESOP.

[36]  Jeremy G. Siek Gradual Typing for Functional Languages , 2006 .

[37]  Benjamin C. Pierce,et al.  Contracts made manifest , 2012, J. Funct. Program..

[38]  Philip Wadler,et al.  Blame for all , 2011, POPL '11.

[39]  J. Gregory Morrisett,et al.  A step-indexed model of substructural state , 2005, ICFP '05.

[40]  Matthew Fluet,et al.  A Linear Language with Locations , 2007 .

[41]  Amal Ahmed,et al.  Step-Indexed Syntactic Logical Relations for Recursive and Quantified Types , 2006, ESOP.

[42]  Juan Chen,et al.  Gradual typing embedded securely in JavaScript , 2014, POPL.

[43]  David Walker,et al.  Dynamic Typing with Dependent Types , 2004, IFIP TCS.

[44]  Peng Wang,et al.  Compiler verification meets cross-language linking via data abstraction , 2014, OOPSLA.

[45]  Matthias Felleisen,et al.  Implementation and use of the PLT scheme Web server , 2007, High. Order Symb. Comput..

[46]  Atsushi Igarashi,et al.  Polymorphic Contracts , 2011, ESOP.

[47]  Sam Tobin-Hochstadt,et al.  Gradual typing for first-class classes , 2012, OOPSLA '12.

[48]  Riccardo Pucella,et al.  Stateful Contracts for Affine Types , 2010, ESOP.

[49]  Matthias Blume,et al.  An equivalence-preserving CPS translation via multi-language semantics , 2011, ICFP '11.

[50]  Peter-Michael Osera,et al.  Dependent interoperability , 2012, PLPV '12.

[51]  Andrew W. Appel,et al.  Compositional CompCert , 2015, POPL.

[52]  Louis-Julien Guillemette A type-preserving compiler from system f to typed assembly language , 2009 .

[53]  Chung-Kil Hur,et al.  A kripke logical relation between ML and assembly , 2011, POPL '11.

[54]  Lars Birkedal,et al.  Logical relations for fine-grained concurrency , 2013, POPL.

[55]  Amal Ahmed,et al.  Parametric Polymorphism through Run-Time Sealing or, Theorems for Low, Low Prices! , 2008, ESOP.

[56]  Derek Dreyer,et al.  State-dependent representation independence , 2009, POPL '09.

[57]  Frank Piessens,et al.  Sound Modular Verification of C Code Executing in an Unverified Context , 2014, POPL.

[58]  Suresh Jagannathan,et al.  Relaxed-memory concurrency and verified compilation , 2011, POPL '11.