CompCertS: A Memory-Aware Verified C Compiler Using a Pointer as Integer Semantics

Abstract

The CompCert C compiler provides the formal guarantee that the observable behaviour of the compiled code improves on the observable behaviour of the source code. In this paper, we present a formally verified C compiler, CompCertS, which is essentially the CompCert compiler, albeit with a stronger formal guarantee: it gives a semantics to more programs and ensures that the memory consumption is preserved by the compiler. CompCertS is based on an enhanced memory model where, unlike CompCert but like Gcc, the binary representation of pointers can be manipulated much like integers and where, unlike CompCert, allocation may fail if no memory is available. The whole proof of CompCertS is a significant proof-effort and we highlight the crux of the novel proofs of 12 passes of the back-end and a challenging proof of an essential optimising pass of the front-end.

This is a preview of subscription content, log in to check access.

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11
Fig. 12

Notes

  1. 1.

    http://www.cs.yale.edu/homes/wilke-pierre/jar18/doc/html/../index.html

  2. 2.

    http://www.cs.yale.edu/homes/wilke-pierre/jar18/doc/html/NormaliseSpec.html#compat

  3. 3.

    \(\lfloor \cdot \rfloor \) denotes the option type. We write \(\lfloor v \rfloor \) for Some(v) and \(\emptyset \) for None.

  4. 4.

    http://www.cs.yale.edu/homes/wilke-pierre/jar18/doc/html/Memory.html#Mem.norm_inject

  5. 5.

    http://www.cs.yale.edu/homes/wilke-pierre/jar18/doc/html/InjectWellBehaved.html#inject_well_behaved

  6. 6.

    http://www.cs.yale.edu/homes/wilke-pierre/jar18/doc/html/InjectWellBehaved.html#forget_compat

  7. 7.

    http://www.cs.yale.edu/homes/wilke-pierre/jar18/doc/html/InjectWellBehaved.html#forget_norm

  8. 8.

    See https://github.com/AbsInt/CompCert/blob/a968152051941a0fc50a86c3fc15e90e22ed7c47/backend/ValueDomain.v#L707

  9. 9.

    http://www.cs.yale.edu/homes/wilke-pierre/jar18/doc/html/ExprEval.html#depends_on_blocks

  10. 10.

    http://www.cs.yale.edu/homes/wilke-pierre/jar18/doc/html/ValueDomain.html#epmatch

  11. 11.

    http://www.cs.yale.edu/homes/wilke-pierre/jar18/doc/html/ValueDomain.html#epmatch_binop_lub

  12. 12.

    http://www.cs.yale.edu/homes/wilke-pierre/jar18/doc/html/SelectOp.html#sub

  13. 13.

    http://www.cs.yale.edu/homes/wilke-pierre/jar18/doc/html/RTL.html#exec_function_internal

  14. 14.

    http://www.cs.yale.edu/homes/wilke-pierre/jar18/doc/html/RTL.html#exec_Ireturn

  15. 15.

    http://www.cs.yale.edu/homes/wilke-pierre/jar18/doc/html/MemReserve.html#reserve_boxes

  16. 16.

    http://www.cs.yale.edu/homes/wilke-pierre/jar18/doc/html/MemReserve.html#release_boxes

  17. 17.

    http://www.cs.yale.edu/homes/wilke-pierre/jar18/doc/html/Memory.html#Mem.wfm_alloc_ok

  18. 18.

    http://www.cs.yale.edu/homes/wilke-pierre/jar18/doc/html/Compiler.html#transf_c_program_correct

References

  1. 1.

    Bedin Franca, R., Blazy, S., Favre-Felix, D., Leroy, X., Pantel, M., Souyris, J.: Formally verified optimizing compilation in ACG-based flight control software. In: ERTS 2012: Embedded Real Time Software and Systems (2012)

  2. 2.

    Besson, F., Blazy, S., Wilke, P.: Companion website. http://www.cs.yale.edu/homes/wilke-pierre/jar18/

  3. 3.

    Besson, F., Blazy, S., Wilke, P.: A precise and abstract memory model for C using symbolic values. In: APLAS, LNCS, vol. 8858 (2014)

  4. 4.

    Besson, F., Blazy, S., Wilke, P.: A concrete memory model for CompCert. In: ITP, LNCS, vol. 9236. Springer, Berlin (2015)

  5. 5.

    Besson, F., Blazy, S., Wilke, P.: A Verified CompCert Front-End for a Memory Model supporting Pointer Arithmetic and Uninitialised Data. Journal of Automated Reasoning pp. 1–48 (2017). https://doi.org/10.1007/s10817-017-9439-z

  6. 6.

    Blazy, S., Trieu, A.: Formal verification of control-flow graph flattening. In: CPP. ACM, New York (2016)

  7. 7.

    Carbonneaux, Q., Hoffmann, J., Ramananandro, T., Shao, Z.: End-to-end verification of stack-space bounds for C programs. In: PLDI. ACM, New York (2014)

  8. 8.

    Ellison, C., Rosu, G.: An executable formal semantics of C with applications. SIGPLAN Not. 47(1) (2012). https://doi.org/10.1145/2103621.2103719

  9. 9.

    Hathhorn, C., Ellison, C., Rosu, G.: Defining the undefinedness of C. In: PLDI. ACM, New York (2015)

  10. 10.

    ISO: ISO C Standard 2011. Tech. rep. (2011)

  11. 11.

    Kang, J., Hur, C., Mansky, W., Garbuzov, D., Zdancewic, S., Vafeiadis, V.: A formal C memory model supporting integer-pointer casts. In: PLDI (2015)

  12. 12.

    Krebbers, R.: Aliasing restrictions of C11 formalized in Coq. In: CPP, LNCS, vol. 8307. Springer, Berlin (2013). https://doi.org/10.1007/978-3-319-03545-1_4

  13. 13.

    Krebbers, R.: An operational and axiomatic semantics for non-determinism and sequence points in C. In: POPL. ACM, New York (2014)

  14. 14.

    Leroy, X.: Formal verification of a realistic compiler. C. ACM 52(7), 107–115 (2009). http://gallium.inria.fr/~xleroy/publi/compcert-CACM.pdf

  15. 15.

    Leroy, X., Blazy, S.: Formal verification of a C-like memory model and its uses for verifying program transformations. J. Autom. Reason. 41(1), 1–31 (2008)

    MathSciNet  Article  MATH  Google Scholar 

  16. 16.

    Memarian, K., Matthiesen, J., Lingard, J., Nienhuis, K., Chisnall, D., Watson, R.N., Sewell, P.: Into the depths of C: elaborating the de facto standards. In: PLDI. ACM, New York (2016)

  17. 17.

    Mullen, E., Zuniga, D., Tatlock, Z., Grossman, D.: Verified peephole optimizations for CompCert. In: PLDI, pp. 448–461. ACM, New York (2016). https://doi.org/10.1145/2908080

  18. 18.

    Norrish, M.: C formalised in hol. Ph.D. thesis, University of Cambridge, Cambridge (1998)

  19. 19.

    Robert, V., Leroy, X.: A formally-verified alias analysis. In: CPP, LNCS, vol. 7679. Springer, Berlin (2012). http://gallium.inria.fr/~xleroy/publi/alias-analysis.pdf

  20. 20.

    Ševčík, J., Vafeiadis, V., Zappa Nardelli, F., Jagannathan, S., Sewell, P.: CompCertTSO: A verified compiler for relaxed-memory concurrency. J. ACM 60(3), 22:1–22:50 (2013). https://doi.org/10.1145/2487241.2487248

    MathSciNet  MATH  Google Scholar 

Download references

Acknowledgements

This work has been partially funded by the ANR Project AnaStaSec ANR-14-CE28-0014, NSF Grant 1521523 and DARPA Grant FA8750-12-2-0293.

Author information

Affiliations

Authors

Corresponding author

Correspondence to Pierre Wilke.

Rights and permissions

Reprints and Permissions

About this article

Verify currency and authenticity via CrossMark

Cite this article

Besson, F., Blazy, S. & Wilke, P. CompCertS: A Memory-Aware Verified C Compiler Using a Pointer as Integer Semantics. J Autom Reasoning 63, 369–392 (2019). https://doi.org/10.1007/s10817-018-9496-y

Download citation

Keywords

  • Verified compilation
  • Low-level code
  • Optimisations
  • Pointer as integer