Formal Methods in System Design

, Volume 38, Issue 1, pp 33–61 | Cite as

Certifying compilers using higher-order theorem provers as certificate checkers

Article

Abstract

Correct software requires compilers to work correctly. Especially code generation can be an error prone task, since it potentially uses sophisticated algorithms to produce efficient code.

In this paper we present an approach to guarantee the correctness of compiler transformations with respect to a formal notion of correctness. We certify the results of each compilation run. With the help of a compiler generated certificate and a certificate checker, we verify the results of each compilation run automatically. Thereby we ensure the correctness of the compilation run without having to look at concrete compilation algorithms.

We use higher-order theorem provers to check the certificates and to formally define syntax, and semantics of the involved languages as well as a criterion under which we regard a compilation as correct. The use of higher-order theorem provers ensures a small and well understood trusted computing base. The task of efficient certificate checking is especially crucial for the acceptance of certifying compilation. We present methods to facilitate this task, most notably by using computational reflection: We present small—in an executable way specified—evaluators that solve certain properties appearing in our certificates and are used to speed up certain subtasks in the checking process.

We discuss an implemented prototype performing code generation. Using Coq and Isabelle/HOL as certificate checkers we highlight typical challenges and their solutions

Keywords

Translation validation Compiler correctness Theorem proving Coq Isabelle/HOL 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Allen SF, Constable RL, Howe DJ, Aitken W (1990) The semantics of reflected proofs. In: Logic in computer science (LICS ’90). IEEE Computer Society Press, Los Alamitos Google Scholar
  2. 2.
    Appel AW (2001) Foundational proof-carrying code. In: Logic in computer science (LICS ’01). IEEE Computer Society Press, Los Alamitos Google Scholar
  3. 3.
    Buth B, Buth K-H, Fränzle M, von Karger B, Lakhnech Y, Langmaack H, Müller-Olm M (1992) Provably correct compiler development and implementation. In: Compiler construction (CC ’92). LNCS. Springer, Berlin Google Scholar
  4. 4.
    Barrett C, Fang Y, Goldberg B, Hu Y, Pnueli A, Zuck L (2005) TVOC: a translation validator for optimizing compilers. In: Computer aided verification (CAV ’05). LNCS. vol 3576. Springer, Berlin Google Scholar
  5. 5.
    Blech JO, Grégoire B (2008) Certifying code generation with coq. In: Compiler optimization meets compiler verification (COCV ’08), April 2008. ENTCS. Elsevier, Amsterdam Google Scholar
  6. 6.
    Blech JO, Grégoire B (2009) Using checker predicates in certifying code generation. In: Compiler optimization meets compiler verification (COCV ’09), March 2009. Elsevier, Amsterdam Google Scholar
  7. 7.
    Blech JO, Glesner S, Leitner J, Mülling S (2005) Optimizing code generation from SSA form: a comparison between two formal correctness proofs in Isabelle/HOL. In: Compiler optimization meets compiler verification (COCV ’05), April 2005. Elsevier, Amsterdam Google Scholar
  8. 8.
    Blech JO (2007) On certifying code generation. Technical Report 366/07, University of Kaiserslautern, November 2007 Google Scholar
  9. 9.
    Blech JO (2009) Certifying system translations using higher order theorem provers. PhD-Thesis. Logos, Berlin, ISBN 3832522115 Google Scholar
  10. 10.
    Berghofer S, Nipkow T (2000) Proof terms for simply typed higher order logic. In: Theorem proving in higher order logics. LNCS. Springer, Berlin Google Scholar
  11. 11.
    Blech JO, Périn M (2009) Using checker predicates in certifying code generation. In: Software and compilers for embedded systems (SCOPES ’09), April 2009 Google Scholar
  12. 12.
    Blech JO, Périn M (2011) Generating invariant-based certificates for embedded systems. In ACM Trans Embed Comput Syst (TECS) (to appear) Google Scholar
  13. 13.
    Blech JO, Poetzsch-Heffter A (2007) A certifying code generation phase. In: Compiler optimization meets compiler verification (COCV ’07), March 2007. ENTCS. Elsevier, Amsterdam Google Scholar
  14. 14.
    Blech JO, Schaefer I, Poetzsch-Heffter A (2007) Translation validation of system abstractions. In: Runtime verification (RV ’07), March 2007. LNCS. vol 4839. Springer, Berlin Google Scholar
  15. 15.
    Boutin S (1997) Using reflection to build efficient and certified decision procedures. In: Theoretical aspects of computer software (TACS ’97). LNCS. Springer, Berlin Google Scholar
  16. 16.
    Chetali B, Nguyen QH (2008) Industrial use of formal methods for a high-level security evaluation. In: Formal methods in the development of computing systems. LNCS, vol 5014. Springer, Berlin Google Scholar
  17. 17.
    Dave M (2003) Compiler verification: a bibliography. ACM SIGSOFT Softw Eng Notes Google Scholar
  18. 18.
    Gawkowski MJ, Blech JO, Poetzsch-Heffter A (2006) Certifying compilers based on formal translation contracts. Technical Report 355-06, University of Kaiserslautern, November 2006 Google Scholar
  19. 19.
    Grégoire B, Théry L, Werner B (2006) A computational approach to Pocklington certificates in type theory. In: Functional and logic programming, 8th international symposium. LNCS. Springer, Berlin Google Scholar
  20. 20.
    Grégoire B, Mahboubi A (2005) Proving equalities in a commutative ring done right in Coq. In: Theorem proving in higher order logics (TPHOLs ’05). LNCS. Springer, Berlin Google Scholar
  21. 21.
    Goos G, Zimmermann W (1999) Verification of compilers. In: Steffen B, Olderog ER (eds) Correct system design, November 1999. LNCS, vol 1710. Springer, Berlin CrossRefGoogle Scholar
  22. 22.
    Kaufmann M, Moore J (2010) ACL2 homepage. See URL http://www.cs.-utexas.edu/users/moore/acl2
  23. 23.
    Klein G, Nipkow T (2006) A machine-checked model for a Java-like language, virtual machine and compiler. ACM Trans Program Lang Syst 28(4):619–695 CrossRefGoogle Scholar
  24. 24.
    Leroy X (2006) Formal certification of a compiler back-end or: programming a compiler with a proof assistant. In: Principles of programming languages (POPL ’06). ACM Press, New York, pp 42–54 Google Scholar
  25. 25.
    Lerner S, Millstein T, Rice E, Chambers C (2005) Automated soundness proofs for dataflow analyses and transformations via local rules. In: Principles of programming languages (POPL ’05). ACM Press, New York Google Scholar
  26. 26.
    Leinenbach D, Paul W, Petrova E (2005) Towards the formal verification of a C0 compiler: code generation and implementation correctness. In: Software engineering and formal methods (SEFM ’05). IEEE Computer Society Press, Los Alamitos Google Scholar
  27. 27.
    McCarthy J, Painter J (1967) Correctness of a compiler for arithmetic expressions. In: Applied mathematics. Mathematical aspects of computer science, vol 19. American Mathematical Society, Providence, pp 33–41 Google Scholar
  28. 28.
    Moore J (1989) A mechanically verified language implementation. J Autom Reason 5(4):461–492 Google Scholar
  29. 29.
    Moore J (1996) Piton: a mechanically verified assembly-level language. Kluwer Academic, Norwell Google Scholar
  30. 30.
    Necula GC (1997) Proof-carrying code. In: ACM symposium on principles of programming languages and systems, Paris, France, January 1997 Google Scholar
  31. 31.
    Necula GC (1998) Compiling with proofs. PhD thesis Google Scholar
  32. 32.
    Necula GC (2000) Translation validation for an optimizing compiler. In: Programming language design and implementation (PLDI ’00). ACM Press, New York, pp 83–95 CrossRefGoogle Scholar
  33. 33.
    Necula GC, Lee P (1998) The design and implementation of a certifying compiler. In: Conference on programming language design and implementation (PLDI ’00). ACM Press, New York, pp 333–344 Google Scholar
  34. 34.
    Nipkow T, Paulson LC, Wenzel M (2002) Isabelle/HOL—a proof assistant for higher-order logic. In: LNCS, vol 2283. Springer, Berlin Google Scholar
  35. 35.
    Patterson DA, Hennessy JL (1998) Computer organization and design, the hardware/software interface, 2nd edn. Morgan Kaufmann, San Francisco Google Scholar
  36. 36.
    Poetzsch-Heffter A, Gawkowski MJ (2005) Towards proof generating compilers. Electron Notes Theor Comput Sci 132(1):37–51 CrossRefGoogle Scholar
  37. 37.
    Pnueli A, Siegel M, Singerman E (1998) Translation validation. In: LNCS, vol 1384. Springer, Berlin, p 151 Google Scholar
  38. 38.
    Rinard M, Marinov D (1999) Credible compilation with pointers. In: Run-time result verification, Trento, Italy, July 1999. Springer, Berlin Google Scholar
  39. 39.
    Samet H (1975) Automatically proving the correctness of translations involving optimized code. PhD thesis, Computer Science Department, Stanford University Google Scholar
  40. 40.
    Samet H (1976) Compiler testing via symbolic interpretation. In: ACM 76: proceedings of the annual conference. ACM Press, New York, pp 492–497. http://doi.acm.org/10.1145/800191.805648 CrossRefGoogle Scholar
  41. 41.
    The Coq Development Team (2007) The Coq proof assistant reference manual—version 8.1. http://coq.inria.fr
  42. 42.
    Tristan J-B, Leroy X (2008) Formal verification of translation validators: a case study on instruction scheduling optimizations. In: Principles of programming languages (POPL ’08). ACM Press, New York Google Scholar
  43. 43.
    Rival X (2004) Symbolic transfer functions-based approaches to certified compilation. In: Principles of programming languages (POPL ’04). ACM Press, New York Google Scholar
  44. 44.
    Zimmermann W (2006) On the correctness of transformations in compiler back-ends. In: Leveraging applications of formal methods. LNCS, vol 4313. Springer, Berlin CrossRefGoogle Scholar
  45. 45.
    Zuck L, Pnueli A, Fang Y, Goldberg B (2003) VOC: A methodology for the translation validation of optimizing compilers. J Univers Comput Sci 9(3):223–247 Google Scholar

Copyright information

© Springer Science+Business Media, LLC 2010

Authors and Affiliations

  1. 1.VERIMAG LaboratoryUniversité de GrenobleGrenobleFrance
  2. 2.INRIASophia AntipolisFrance

Personalised recommendations