Verified Software Toolchain

The software toolchain includes static analyzers to check assertions about programs; optimizing compilers to translate programs to machine language; operating systems and libraries to supply context for programs. Our Verified Software Toolchain verifies with machine-checked proofs that the assertions claimed at the top of the toolchain really hold in the machine-language program, running in the operating-system context, on a weakly-consistent-shared-memory machine. Our verification approach is modular, in that proofs about operating systems or concurrency libraries are oblivious of the programming language or machine language, proofs about compilers are oblivious of the program logic used to verify static analyzers, and so on. The approach is scalable, in that each component is verified in the semantic idiom most natural for that component. Finally, the verification is foundational: the trusted base for proofs of observable properties of the machine-language program includes only the operational semantics of the machine language, not the source language, the compiler, the program logic, or any other part of the toolchain--even when these proofs are carried out by source-level static analyzers. In this paper I explain the construction of a a verified toolchain, using the Coq proof assistant. I will illustrate with shape analysis for C programs based on separation logic.

[1]  Xavier Leroy,et al.  Formal certification of a compiler back-end or: programming a compiler with a proof assistant , 2006, POPL '06.

[2]  Hongseok Yang,et al.  Step-indexed kripke models over recursive worlds , 2011, POPL '11.

[3]  Peter W. O'Hearn,et al.  Permission accounting in separation logic , 2005, POPL '05.

[4]  Andrew W. Appel,et al.  A Fresh Look at Separation Algebras and Share Accounting , 2009, APLAS.

[5]  Xavier Leroy,et al.  Formal Verification of a C Compiler Front-End , 2006, FM.

[6]  Andrew W. Appel,et al.  Oracle Semantics for Concurrent Separation Logic , 2008, ESOP.

[7]  Andrew W. Appel,et al.  A provably sound TAL for back-end optimization , 2003, PLDI '03.

[8]  Xavier Leroy,et al.  Formal Verification of a C-like Memory Model and Its Uses for Verifying Program Transformations , 2008, Journal of Automated Reasoning.

[9]  Amal Ahmed,et al.  Semantics of types for mutable state , 2004 .

[10]  Hans-Juergen Boehm,et al.  HP Laboratories , 2006 .

[11]  Shmuel Sagiv Thread-Modular Shape Analysis , 2009, VMCAI.

[12]  Francesco Zappa Nardelli,et al.  86-TSO : A Rigorous and Usable Programmer ’ s Model for x 86 Multiprocessors , 2010 .

[13]  Gérard Boudol,et al.  Relaxed memory models: an operational approach , 2009, POPL '09.

[14]  Andrew W. Appel,et al.  A very modal model of a modern, major, general type system , 2007, POPL '07.

[15]  Norbert Schirmer,et al.  Verification of sequential imperative programs in Isabelle-HOL , 2006 .

[16]  Andrew W. Appel,et al.  Foundational proof checkers with small witnesses , 2003, PPDP '03.

[17]  Matthew J. Parkinson,et al.  Local reasoning for Java , 2005 .

[18]  Francesco Zappa Nardelli,et al.  x86-TSO , 2010, Commun. ACM.

[19]  Andrew W. Appel Foundational proof-carrying code , 2003, Foundations of Intrusion Tolerant Systems, 2003 [Organically Assured and Survivable Information Systems].

[20]  Andrew W. Appel,et al.  Oracle semantics , 2008 .

[21]  Andrew W. Appel,et al.  A stratified semantics of general references embeddable in higher-order logic , 2002, Proceedings 17th Annual IEEE Symposium on Logic in Computer Science.

[22]  Karl Crary,et al.  Foundational certified code in the Twelf metalogical framework , 2008, TOCL.

[23]  Andrew W. Appel,et al.  An Indexed Model of Impredicative Polymorphism and Mutable References , 2003 .

[24]  Andrew W. Appel,et al.  A Trustworthy Proof Checker , 2004, Journal of Automated Reasoning.

[25]  Yu Guo,et al.  An open framework for foundational proof-carrying code , 2007, TLDI '07.

[26]  Andrew W. Appel,et al.  Semantic foundations for typed assembly languages , 2010, TOPL.

[27]  George C. Necula,et al.  Proof-carrying code , 1997, POPL '97.

[28]  Peter W. O'Hearn,et al.  Resources, concurrency, and local reasoning , 2007 .

[29]  Alexey Gotsman,et al.  Local Reasoning for Storable Locks and Threads , 2007, APLAS.

[30]  Tobias Nipkow,et al.  A machine-checked model for a Java-like language, virtual machine, and compiler , 2006, TOPL.

[31]  Andrew W. Appel,et al.  A theory of indirection via approximation , 2010, POPL '10.