Formal verification of SSA-based optimizations for LLVM

Modern compilers, such as LLVM and GCC, use a static single assignment(SSA) intermediate representation (IR) to simplify and enable many advanced optimizations. However, formally verifying the correctness of SSA-based optimizations is challenging because SSA properties depend on a function's entire control-flow graph. This paper addresses this challenge by developing a proof technique for proving SSA-based program invariants and compiler optimizations. We use this technique in the Coq proof assistant to create mechanized correctness proofs of several "micro" transformations that form the building blocks for larger SSA optimizations. To demonstrate the utility of this approach, we formally verify a variant of LLVM's mem2reg transformation in Vellvm, a Coq-based formal semantics of the LLVM IR. The extracted implementation generates code with performance comparable to that of LLVM's unverified implementation.

[1]  Christine Paulin-Mohring,et al.  The coq proof assistant reference manual , 2000 .

[2]  Xavier Leroy,et al.  A Formally Verified Compiler Back-end , 2009, Journal of Automated Reasoning.

[3]  Elsa L. Gunter,et al.  A Framework for Formal Verification of Compiler Optimizations , 2010, ITP.

[4]  Steve Zdancewic,et al.  Mechanized Verification of Computing Dominators for Formalizing Compilers , 2012, CPP.

[5]  Andrew McCreight,et al.  A verifiable SSA program representation for aggressive compiler optimization , 2006, POPL '06.

[6]  Xavier Leroy,et al.  Verified validation of lazy code motion , 2009, PLDI '09.

[7]  Sabine Glesner,et al.  Optimizing Code Generation from SSA Form: A Comparison Between Two Formal Correctness Proofs in Isabelle/HOL , 2005, COCV@ETAPS.

[8]  Andrew W. Appel,et al.  SSA is functional programming , 1998, SIGP.

[9]  Guang R. Gao,et al.  A linear time algorithm for placing φ-nodes , 1995, POPL '95.

[10]  Mark N. Wegman,et al.  Efficiently computing static single assignment form and the control dependence graph , 1991, TOPL.

[11]  Gilles Barthe,et al.  A Formally Verified SSA-Based Middle-End - Static Single Assignment Meets CompCert , 2012, ESOP.

[12]  R. Nigel Horspool,et al.  Simple Generation of Static Single-Assignment Form , 2000, CC.

[13]  Hugo Herbelin,et al.  The Coq proof assistant : reference manual, version 6.1 , 1997 .

[14]  Xuejun Yang,et al.  Finding and understanding bugs in C compilers , 2011, PLDI '11.

[15]  Xavier Leroy,et al.  Formal verification of translation validators: a case study on instruction scheduling optimizations , 2008, POPL '08.

[16]  Xavier Leroy,et al.  A simple, verified validator for software pipelining , 2010, POPL '10.

[17]  Milo M. K. Martin,et al.  Formalizing the LLVM intermediate representation for verified program transformations , 2012, POPL '12.

[18]  Richard Kelsey,et al.  A correspondence between continuation passing style and static single assignment form , 1995, IR '95.

[19]  Steven S. Muchnick,et al.  Advanced Compiler Design and Implementation , 1997 .

[20]  Yutaka Matsuno,et al.  A type system equivalent to static single assignment , 2006, PPDP '06.