A Formally Verified Compiler Back-end

This article describes the development and formal verification (proof of semantic preservation) of a compiler back-end from Cminor (a simple imperative intermediate language) to PowerPC assembly code, using the Coq proof assistant both for programming the compiler and for proving its soundness. Such a verified compiler is useful in the context of formal methods applied to the certification of critical software: the verification of the compiler guarantees that the safety properties proved on the source code hold for the executable compiled code as well.

[1]  Guodong Li,et al.  Structure of a Proof-Producing Compiler for a Subset of Higher Order Logic , 2007, ESOP.

[2]  Sumit Gulwani,et al.  A polynomial-time algorithm for global value numbering , 2004, Sci. Comput. Program..

[3]  J. Strother Moore,et al.  A mechanically verified language implementation , 1989, Journal of Automated Reasoning.

[4]  Simon L. Peyton Jones,et al.  C--: A Portable Assembly Language that Supports Garbage Collection , 1999, PPDP.

[5]  Xavier Leroy,et al.  Mechanized Semantics for the Clight Subset of the C Language , 2009, Journal of Automated Reasoning.

[6]  Xavier Leroy,et al.  Coinductive big-step operational semantics , 2006, Inf. Comput..

[7]  John R. Ellis,et al.  Bulldog: A Compiler for VLIW Architectures , 1986 .

[8]  M. Wegman,et al.  Global value numbers and redundant computations , 1988, POPL '88.

[9]  Acknowledgments , 2006, Molecular and Cellular Endocrinology.

[10]  Vipin Swarup,et al.  The VLISP verified Scheme system , 1995, LISP Symb. Comput..

[11]  J. Strother Moore Piton: A Mechanically Verified Assembly-Level Language , 1996 .

[12]  Axel Dold,et al.  A Mechanically Verified Compiling Specification for a Lisp Compiler , 2001, FSTTCS.

[13]  Xavier Leroy,et al.  Formal Verification of a C-like Memory Model and Its Uses for Verifying Program Transformations , 2008, Journal of Automated Reasoning.

[14]  Steven S. Muchnick,et al.  Advanced Compiler Design and Implementation , 1997 .

[15]  Martin Strecker,et al.  Formal Verification of a Java Compiler in Isabelle , 2002, CADE.

[16]  Gerhard Goos,et al.  Modular Compiler Verification: A Refinement-Algebraic Approach Advocating Stepwise Abstraction , 1997 .

[17]  George C. Necula,et al.  CIL: Intermediate Language and Tools for Analysis and Transformation of C Programs , 2002, CC.

[18]  Andrew W. Appel,et al.  Foundational proof-carrying code , 2001, Proceedings 16th Annual IEEE Symposium on Logic in Computer Science.

[19]  George C. Necula,et al.  Oracle-based checking of untrusted software , 2001, POPL '01.

[20]  Tobias Nipkow,et al.  A machine-checked model for a Java-like language, virtual machine, and compiler , 2006, TOPL.

[21]  Adam Chlipala,et al.  A certified type-preserving compiler from lambda calculus to assembly language , 2007, PLDI '07.

[22]  Benjamin Grégoire,et al.  Certificate translation for optimizing compilers , 2009, TOPL.

[23]  David F. Martin,et al.  Toward compiler implementation correctness proofs , 1986, TOPL.

[24]  Sebastian Pop,et al.  The SSA Representation Framework: Semantics, Analyses and GCC Implementation , 2006 .

[25]  Anthony C. J. Fox,et al.  Formal Specification and Verification of ARM6 , 2003, TPHOLs.

[26]  Chung-Kil Hur,et al.  Biorthogonality, step-indexing and compiler correctness , 2009, ICFP.

[27]  W. M. McKeeman,et al.  Differential Testing for Software , 1998, Digit. Tech. J..

[28]  Guodong Li,et al.  Compilation as Rewriting in Higher Order Logic , 2007, CADE.

[29]  Egon Börger,et al.  Java and the Java Virtual Machine: Definition, Verification, Validation , 2001 .

[30]  Zhong Shao,et al.  A type system for certi .ed binaries , 2002, Foundations of Intrusion Tolerant Systems, 2003 [Organically Assured and Survivable Information Systems].

[31]  Hans-Juergen Boehm,et al.  HP Laboratories , 2006 .

[32]  Eric Van Wyk,et al.  Proving correctness of compiler optimizations by temporal logic , 2002, POPL '02.

[33]  Pierre Courtieu,et al.  Tool-Assisted Specification and Verification of the JavaCard Platform , 2002, AMAST.

[34]  Ole N. Oest,et al.  Formal specification and development of an ada compiler - a vdm case study , 1984, ICSE '84.

[35]  Andrew W. Appel,et al.  Oracle Semantics for Concurrent Separation Logic , 2008, ESOP.

[36]  Gilles Barthe,et al.  Defining and Reasoning About Recursive Functions: A Practical Tool for the Coq Proof Assistant , 2006, FLOPS.

[37]  Xavier Leroy,et al.  Tilting at Windmills with Coq: Formal Verification of a Compilation Algorithm for Parallel Moves , 2007, Journal of Automated Reasoning.

[38]  Benjamin Grégoire,et al.  A Structured Approach to Proving Compiler Optimizations Based on Dataflow Analysis , 2004, TYPES.

[39]  Robin Milner,et al.  Proving compiler correctness in a mechanised logic , 1972 .

[40]  Gérard P. Huet,et al.  The Zipper , 1997, Journal of Functional Programming.

[41]  Xavier Leroy,et al.  Verified validation of lazy code motion , 2009, PLDI '09.

[42]  Xavier Rival,et al.  Symbolic transfer function-based approaches to certified compilation , 2004, POPL.

[43]  Amir Pnueli,et al.  Translation Validation , 1998, TACAS.

[44]  Lennart Beringer Functional Elimination of Phi-instructions , 2007, Electron. Notes Theor. Comput. Sci..

[45]  Martin Rinard,et al.  Credible Compilation with Pointers , 1999 .

[46]  Amir Pnueli,et al.  TVOC: A Translation Validator for Optimizing Compilers , 2005, CAV.

[47]  Xavier Leroy,et al.  Java Bytecode Verification: Algorithms and Formalizations , 2003, Journal of Automated Reasoning.

[48]  Andrew W. Appel,et al.  Modern Compiler Implementation in ML , 1997 .

[49]  Pierre Castéran,et al.  Interactive Theorem Proving and Program Development , 2004, Texts in Theoretical Computer Science An EATCS Series.

[50]  Bernhard Steffen,et al.  Optimal code motion: theory and practice , 1994, TOPL.

[51]  Solange Coupet-Grimal,et al.  A Uniform and Certified Approach for Two Static Analyses , 2004, TYPES.

[52]  David Cachera,et al.  Extracting a Data Flow Analyser in Constructive Logic , 2004, ESOP.

[53]  Sabine Glesner,et al.  Optimizing Code Generation from SSA Form: A Comparison Between Two Formal Correctness Proofs in Isabelle/HOL , 2005, COCV@ETAPS.

[54]  Benjamin Grégoire,et al.  Compilation de termes de preuves : un (nouveau) mariage entre coq et OCaml , 2003 .

[55]  Ernst-Rüdiger Olderog,et al.  Correct System Design, Recent Insight and Advances, (to Hans Langmaack on the occasion of his retirement from his professorship at the University of Kiel) , 1999 .

[56]  David Pichardie Interprétation abstraite en logique intuitionniste : extraction d'analyseurs Java certifiés , 2005 .

[57]  Xavier Leroy,et al.  Formal verification of translation validators: a case study on instruction scheduling optimizations , 2008, POPL '08.

[58]  Andrew W. Appel,et al.  Iterated register coalescing , 1996, TOPL.

[59]  Christian Jacobi,et al.  Putting it all together – Formal verification of the VAMP , 2006, International Journal on Software Tools for Technology Transfer.

[60]  Eric Eide,et al.  Volatiles are miscompiled, and what to do about it , 2008, EMSOFT '08.

[61]  Prof. Dr. Robert F. Stärk,et al.  Java and the Java Virtual Machine , 2001, Springer Berlin Heidelberg.

[62]  Yves Bertot,et al.  Fixed point semantics and partial recursion in Coq , 2008, PPDP.

[63]  Gregory J. Chaitin,et al.  Register allocation and spilling via graph coloring , 2004, SIGP.

[64]  Elena Petrova,et al.  Pervasive Compiler Verification - From Verified Programs to Verified Systems , 2008, Electron. Notes Theor. Comput. Sci..

[65]  Bart Jacobs,et al.  Java Program Verification via a Hoare Logic with Abrupt Termination , 2000, FASE.

[66]  Xavier Leroy,et al.  Formal Verification of a C Compiler Front-End , 2006, FM.

[67]  Pieter H. Hartel,et al.  Formalizing the safety of Java, the Java virtual machine, and Java card , 2001, CSUR.

[68]  Gilles Barthe,et al.  Certificate Translation in Abstract Interpretation , 2008, ESOP.

[69]  Amir Pnueli,et al.  VOC: A Translation Validator for Optimizing Compilers , 2002, COCV@ETAPS.

[70]  Juan Chen,et al.  Type-preserving compilation for large-scale optimizing object-oriented compilers , 2008, PLDI '08.

[71]  Yu Guo,et al.  An open framework for foundational proof-carrying code , 2007, TLDI '07.

[72]  Andrew W. Appel,et al.  Separation Logic for Small-Step cminor , 2007, TPHOLs.

[73]  Pierre Letouzey Extraction in Coq: An Overview , 2008, CiE.

[74]  Gary A. Kildall,et al.  A unified approach to global program optimization , 1973, POPL.

[75]  Christian Lindig,et al.  Random testing of C calling conventions , 2005, AADEBUG'05.

[76]  Pierre Letouzey,et al.  A New Extraction for Coq , 2002, TYPES.

[77]  David Walker,et al.  Stack-based typed assembly language , 1998, Journal of Functional Programming.

[78]  Andrew W. Appel,et al.  Modern Compiler Implementation in Java , 1997 .

[79]  Mary Lou Soffa,et al.  Catching and Identifying Bugs in Register Allocation , 2006, SAS.

[80]  Wolfgang J. Paul,et al.  Towards the Formal Verification of a C0 Compiler: Code Generation and Implementation Correctnes , 2005, SEFM.

[81]  Peter W. O'Hearn,et al.  Resources, Concurrency and Local Reasoning , 2004, CONCUR.

[82]  Gerhard Goos,et al.  Verification of Compilers , 1999, Correct System Design.

[83]  T. Hales Formal Proof , 2008 .

[84]  Sorin Lerner,et al.  Automated soundness proofs for dataflow analyses and transformations via local rules , 2005, POPL '05.

[85]  Maulik A. Dave,et al.  Compiler verification: a bibliography , 2003, SOEN.

[86]  Fergus Henderson Accurate garbage collection in an uncooperative environment , 2002, ISMM '02.

[87]  George C. Necula,et al.  Translation validation for an optimizing compiler , 2000, PLDI '00.

[88]  Yves Bertot,et al.  Interactive Theorem Proving and Program Development: Coq'Art The Calculus of Inductive Constructions , 2010 .

[89]  Xavier Leroy,et al.  Formal certification of a compiler back-end or: programming a compiler with a proof assistant , 2006, POPL '06.

[90]  Bernhard Steffen,et al.  Basic-Block Graphs: Living Dinosaurs? , 1998, CC.