CompCertS: A Memory-Aware Verified C Compiler Using a Pointer as Integer Semantics

  • Frédéric Besson
  • Sandrine Blazy
  • Pierre WilkeEmail author


The CompCert C compiler provides the formal guarantee that the observable behaviour of the compiled code improves on the observable behaviour of the source code. In this paper, we present a formally verified C compiler, CompCertS, which is essentially the CompCert compiler, albeit with a stronger formal guarantee: it gives a semantics to more programs and ensures that the memory consumption is preserved by the compiler. CompCertS is based on an enhanced memory model where, unlike CompCert but like Gcc, the binary representation of pointers can be manipulated much like integers and where, unlike CompCert, allocation may fail if no memory is available. The whole proof of CompCertS is a significant proof-effort and we highlight the crux of the novel proofs of 12 passes of the back-end and a challenging proof of an essential optimising pass of the front-end.


Verified compilation Low-level code Optimisations Pointer as integer 



This work has been partially funded by the ANR Project AnaStaSec ANR-14-CE28-0014, NSF Grant 1521523 and DARPA Grant FA8750-12-2-0293.


  1. 1.
    Bedin Franca, R., Blazy, S., Favre-Felix, D., Leroy, X., Pantel, M., Souyris, J.: Formally verified optimizing compilation in ACG-based flight control software. In: ERTS 2012: Embedded Real Time Software and Systems (2012)Google Scholar
  2. 2.
    Besson, F., Blazy, S., Wilke, P.: Companion website.
  3. 3.
    Besson, F., Blazy, S., Wilke, P.: A precise and abstract memory model for C using symbolic values. In: APLAS, LNCS, vol. 8858 (2014)Google Scholar
  4. 4.
    Besson, F., Blazy, S., Wilke, P.: A concrete memory model for CompCert. In: ITP, LNCS, vol. 9236. Springer, Berlin (2015)Google Scholar
  5. 5.
    Besson, F., Blazy, S., Wilke, P.: A Verified CompCert Front-End for a Memory Model supporting Pointer Arithmetic and Uninitialised Data. Journal of Automated Reasoning pp. 1–48 (2017).
  6. 6.
    Blazy, S., Trieu, A.: Formal verification of control-flow graph flattening. In: CPP. ACM, New York (2016)Google Scholar
  7. 7.
    Carbonneaux, Q., Hoffmann, J., Ramananandro, T., Shao, Z.: End-to-end verification of stack-space bounds for C programs. In: PLDI. ACM, New York (2014)Google Scholar
  8. 8.
    Ellison, C., Rosu, G.: An executable formal semantics of C with applications. SIGPLAN Not. 47(1) (2012). CrossRefGoogle Scholar
  9. 9.
    Hathhorn, C., Ellison, C., Rosu, G.: Defining the undefinedness of C. In: PLDI. ACM, New York (2015)Google Scholar
  10. 10.
    ISO: ISO C Standard 2011. Tech. rep. (2011)Google Scholar
  11. 11.
    Kang, J., Hur, C., Mansky, W., Garbuzov, D., Zdancewic, S., Vafeiadis, V.: A formal C memory model supporting integer-pointer casts. In: PLDI (2015)Google Scholar
  12. 12.
    Krebbers, R.: Aliasing restrictions of C11 formalized in Coq. In: CPP, LNCS, vol. 8307. Springer, Berlin (2013). CrossRefGoogle Scholar
  13. 13.
    Krebbers, R.: An operational and axiomatic semantics for non-determinism and sequence points in C. In: POPL. ACM, New York (2014)Google Scholar
  14. 14.
    Leroy, X.: Formal verification of a realistic compiler. C. ACM 52(7), 107–115 (2009). CrossRefGoogle Scholar
  15. 15.
    Leroy, X., Blazy, S.: Formal verification of a C-like memory model and its uses for verifying program transformations. J. Autom. Reason. 41(1), 1–31 (2008)MathSciNetCrossRefGoogle Scholar
  16. 16.
    Memarian, K., Matthiesen, J., Lingard, J., Nienhuis, K., Chisnall, D., Watson, R.N., Sewell, P.: Into the depths of C: elaborating the de facto standards. In: PLDI. ACM, New York (2016)CrossRefGoogle Scholar
  17. 17.
    Mullen, E., Zuniga, D., Tatlock, Z., Grossman, D.: Verified peephole optimizations for CompCert. In: PLDI, pp. 448–461. ACM, New York (2016).
  18. 18.
    Norrish, M.: C formalised in hol. Ph.D. thesis, University of Cambridge, Cambridge (1998)Google Scholar
  19. 19.
    Robert, V., Leroy, X.: A formally-verified alias analysis. In: CPP, LNCS, vol. 7679. Springer, Berlin (2012).
  20. 20.
    Ševčík, J., Vafeiadis, V., Zappa Nardelli, F., Jagannathan, S., Sewell, P.: CompCertTSO: A verified compiler for relaxed-memory concurrency. J. ACM 60(3), 22:1–22:50 (2013). MathSciNetCrossRefzbMATHGoogle Scholar

Copyright information

© Springer Nature B.V. 2018

Authors and Affiliations

  1. 1.Inria, Univ Rennes, CNRS, IRISARennesFrance
  2. 2.Yale UniversityNew HavenUSA

Personalised recommendations