CakeML: a verified implementation of ML

We have developed and mechanically verified an ML system called CakeML, which supports a substantial subset of Standard ML. CakeML is implemented as an interactive read-eval-print loop (REPL) in x86-64 machine code. Our correctness theorem ensures that this REPL implementation prints only those results permitted by the semantics of CakeML. Our verification effort touches on a breadth of topics including lexing, parsing, type checking, incremental and dynamic compilation, garbage collection, arbitrary-precision arithmetic, and compiler bootstrapping. Our contributions are twofold. The first is simply in building a system that is end-to-end verified, demonstrating that each piece of such a verification effort can in practice be composed with the others, and ensuring that none of the pieces rely on any over-simplifying assumptions. The second is developing novel approaches to some of the more challenging aspects of the verification. In particular, our formally verified compiler can bootstrap itself: we apply the verified compiler to itself to produce a verified machine-code implementation of the compiler. Additionally, our compiler proof handles diverging input programs with a lightweight approach based on logical timeout exceptions. The entire development was carried out in the HOL4 theorem prover.

[1]  Michael Norrish,et al.  Verified, Executable Parsing , 2009, ESOP.

[2]  Andrew McCreight,et al.  A certified framework for compiling and executing garbage-collected languages , 2010, ICFP '10.

[3]  Magnus O. Myreen,et al.  Proof Pearl: A Verified Bignum Implementation in x86-64 Machine Code , 2013, CPP.

[4]  Konrad Slind,et al.  Extensible Proof-Producing Compilation , 2009, CC.

[5]  Francesco Zappa Nardelli,et al.  The semantics of power and ARM multiprocessor machine code (abstract only) , 2009, SIGP.

[6]  Magnus O. Myreen,et al.  A Verified Runtime for a Verified Theorem Prover , 2011, ITP.

[7]  Peter Beike,et al.  The Definition Of Standard Ml Revised , 2016 .

[8]  Ramana Kumar,et al.  (Nominal) Unification by Recursive Descent with Triangular Substitutions , 2010, ITP.

[9]  Adam Chlipala,et al.  A verified compiler for an impure functional language , 2010, POPL '10.

[10]  Tom Ridge,et al.  The semantics of x86-CC multiprocessor machine code , 2009, POPL '09.

[11]  Ramana Kumar,et al.  Steps towards Verified Implementations of HOL Light , 2013, ITP.

[12]  Robin Milner,et al.  Definition of standard ML , 1990 .

[13]  Xavier Leroy,et al.  Validating LR(1) Parsers , 2012, ESOP.

[14]  Xavier Leroy,et al.  Formal verification of a realistic compiler , 2009, CACM.

[15]  Suresh Jagannathan,et al.  Relaxed-memory concurrency and verified compilation , 2011, POPL '11.

[16]  Magnus O. Myreen,et al.  Proof-producing synthesis of ML from higher-order logic , 2012, ICFP.

[17]  Joe Hurd,et al.  The OpenTheory Standard Theory Library , 2011, NASA Formal Methods.

[18]  Tobias Nipkow,et al.  Type Inference Verified: Algorithm W in Isabelle/HOL , 2004, Journal of Automated Reasoning.

[19]  Karl Crary,et al.  Towards a mechanized metatheory of standard ML , 2007, POPL '07.

[20]  Adam Koprowski,et al.  TRX: A Formally Verified Parser Interpreter , 2010, Log. Methods Comput. Sci..

[21]  Matthias Felleisen,et al.  Semantics Engineering with PLT Redex , 2009 .

[22]  Andrew W. Appel Verified Software Toolchain - (Invited Talk) , 2011, ESOP.

[23]  Tom Ridge,et al.  Simple, Functional, Sound and Complete Parsing for All Context-Free Grammars , 2011, CPP.

[24]  Matthias Felleisen,et al.  A Syntactic Approach to Type Soundness , 1994, Inf. Comput..

[25]  Xavier Leroy,et al.  Coinductive big-step operational semantics , 2006, Inf. Comput..

[26]  Jacques Garrigue A Certified Implementation of ML with Structural Polymorphism , 2010, APLAS.

[27]  Benjamin C. Pierce,et al.  Mechanized Metatheory for the Masses: The PoplMark Challenge , 2005, TPHOLs.

[28]  Robin Milner,et al.  A Theory of Type Polymorphism in Programming , 1978, J. Comput. Syst. Sci..

[29]  Mitchell Wand,et al.  VLISP: A verified implementation of Scheme , 1995, LISP Symb. Comput..

[30]  Simon L. Peyton Jones,et al.  OutsideIn(X) Modular type inference with local assumptions , 2011, J. Funct. Program..

[31]  Magnus O. Myreen Verified just-in-time compiler on x86 , 2010, POPL '10.