Abstract
CompCert is the first realistic formally verified compiler: it provides a machine-checked mathematical proof that the code it generates matches the source code. Yet, there could be loopholes in this approach. We comprehensively analyze aspects of CompCert where errors could lead to incorrect code being generated. Possible issues range from the modeling of the source and the target languages to some techniques used to call external algorithms from within the compiler.
A software artefact is available from https://doi.org/10.5281/zenodo.5913981
Chapter PDF
Similar content being viewed by others
References
Requirements on the use of Coq in the context of common criteria evaluations. Tech. rep., French National Cybersecurity Agency (ANSSI) and INRIA (Sep 2020), https://www.ssi.gouv.fr/uploads/2014/11/anssi-requirements-on-the-use-of-coq-in-the-context-of-common-criteria-evaluations-v1.0-en.pdf
The Coq Reference Manual, 8.13.2 edn. (Apr 2021), https://github.com/coq/coq/releases/download/V8.13.2/coq-8.13.2-reference-manual.pdf
International standard—programming languages—C. Tech. rep., ISO/IEC (9899:1999)
International standard—programming languages—C. Tech. rep., ISO/IEC (9899:2011)
Armstrong, A., Bauereiss, T., Campbell, B., Reid, A., Gray, K.E., Norton, R.M.,Mundkur, P., Wassell, M., French, J., Pulte, C., Flur, S., Stark, I., Krishnaswami, N., Sewell, P.: ISA semantics for ARMv8-a, RISC-V, and CHERI-MIPS. Proc. ACM Program. Lang. 3(POPL) (jan 2019). https://doi.org/10.1145/3290384, https://doi.org/10.1145/3290384
Barthe, G., Demange, D., Pichardie, D.: A formally verified SSA-based middle-end - static single assignment meets CompCert. In: Seidl, H. (ed.) Programming Languages and Systems (ESOP). Lecture Notes in Computer Science, vol. 7211, pp. 47–66. Springer (2012). https://doi.org/10.1007/978-3-642-28869-2_3
Besson, F., Blazy, S., Wilke, P.: CompCertS: a memory-aware verified C compiler using a pointer as integer semantics. J. Autom. Reason. 63(2), 369–392 (2019). https://doi.org/10.1007/s10817-018-9496-y
Blanchet, B., Cousot, P., Cousot, R., Feret, J., Mauborgne, L., Miné, A., Monniaux, D., Rival, X.: A static analyzer for large safety-critical software. In: ACM SIGPLAN Conference on Programming language design and implementation (PLDI). pp. 196–207. ACM (2003). https://doi.org/10.1145/781131.781153
Blazy, S.: Experiments in validating formal semantics for C. In: C/C++ Verification Workshop. pp. 95–102. Oxford, United Kingdom (2007), https://hal.inria.fr/inria-00292043
Boespflug, M., Dénès, M., Grégoire, B.: Full reduction at full throttle. In: Jouannaud, J., Shao, Z. (eds.) Certified Programs and Proofs - First International Conference, CPP 2011, Kenting, Taiwan, December 7-9, 2011. Proceedings. Lecture Notes in Computer Science, vol. 7086, pp. 362–377. Springer (2011). https://doi.org/10.1007/978-3-642-25379-9_26
Boulmé, S.: Formally Verified Defensive Programming (efficient Coq-verified computations from untrusted ML oracles). Habilitation à diriger des recherches, Université Grenoble-Alpes (Sep 2021), https://hal.archives-ouvertes.fr/tel-03356701, see also http://www-verimag.imag.fr/~boulme/hdr.html
Boulmé, S., Maréchal, A., Monniaux, D., Périn, M., Yu, H.: The verified polyhedron library: an overview. In: 20th International Symposium on Symbolic and Numeric Algorithms for Scientific Computing, SYNASC 2018, Timisoara, Romania, September 20-23, 2018. pp. 9–17. IEEE Computer Society (2018). https://doi.org/10.1109/SYNASC.2018.00014, https://hal.archives-ouvertes.fr/hal-02100006
Bourke, T., Brun, L., Évariste Dagand, P., Leroy, X., Pouzet, M., Rieg, L.: A formally verified compiler for Lustre. In: PLDI 2017: Programming Language Design and Implementation. pp. 586–601. ACM Press (2017), http://xavierleroy.org/publi/velus-pldi17.pdf
Braibant, T., Jourdan, J.H., Monniaux, D.: Implementing and reasoning about hash-consed data structures in Coq. Journal of Automated Reasoning pp. 1–34 (Jun 2014). https://doi.org/10.1007/s10817-014-9306-0, https://hal.archives-ouvertes.fr/hal-00816672
Chicli, L., Pottier, L., Simpson, C.: Mathematical quotients and quotient types in coq. In: Geuvers, H., Wiedijk, F. (eds.) Types for Proofs and Programs, Second International Workshop, TYPES 2002, Berg en Dal, The Netherlands, April 24-28, 2002, Selected Papers. Lecture Notes in Computer Science, vol. 2646, pp. 95–107. Springer (2002). https://doi.org/10.1007/3-540-39185-1_6
Chicli, L.I.: Sur la formalisation des mathématiques dans le Calcul des Constructions Inductives. Ph.D. thesis, Université de Nice (2003), http://www-sop.inria.fr/lemme/Laurent.Chicli/these_chicli.ps
Conchon, S., Filliâtre, J.: A persistent union-find data structure. In: Russo, C.V., Dreyer, D. (eds.) Proceedings of the ACM Workshop on ML, 2007, Freiburg, Germany, October 5, 2007. pp. 37–46. ACM (2007). https://doi.org/10.1145/1292535.1292541
Demange, D.: Semantic foundations of intermediate program representations. (Fondements sémantiques des représentations intermédiaires de programmes). Ph.D. thesis, École normale supérieure de Cachan, France (2012), https://tel.archives-ouvertes.fr/tel-00905442
Filliâtre, J., Conchon, S.: Type-safe modular hash-consing. In: Kennedy, A., Pottier, F. (eds.) Proceedings of the ACM Workshop on ML, 2006, Portland, Oregon, USA, September 16, 2006. pp. 12–19. ACM (2006). https://doi.org/10.1145/1159876.1159880
Fox, A.C.J., Myreen, M.O., Tan, Y.K., Kumar, R.: Verified compilation of cakeml to multiple machine-code targets. In: Bertot, Y., Vafeiadis, V. (eds.) Proceedings of the 6th ACM SIGPLAN Conference on Certified Programs and Proofs, CPP 2017, Paris, France, January 16-17, 2017. pp. 125–137. ACM (2017). https://doi.org/10.1145/3018610.3018621, https://doi.org/10.1145/3018610.3018621
Goubault, J.: Implementing functional languages with fast equality, sets and maps: an exercise in hash consing. Tech. rep., Bull S.A. Corporate Research Center (June 1992), http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.41.1757&rep=rep1&type=pdf, may 1994 version also available
Goubault, J.: HimML: Standard ML with fast sets and maps. In: In 5th ACM SIGPLAN Workshop on ML and its Applications. ACM Press (1994), http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.40.4967&rep=rep1&type=pdf, also INRIA RR-2265
Goubault-Larrecq, J.: The GimML reference manual, version 1.0 edn. (Jul 2021), http://www.lsv.fr/~goubault/GimML/refman.pdf
Grégoire, B., Leroy, X.: A compiled implementation of strong reduction. In: Wand, M., Jones, S.L.P. (eds.) Proceedings of the Seventh ACM SIGPLAN International Conference on Functional Programming (ICFP ’02), Pittsburgh, Pennsylvania, USA, October 4-6, 2002. pp. 235–246. ACM (2002). https://doi.org/10.1145/581478.581501
Jourdan, J.H., Pottier, F., Leroy, X.: Validating LR(1) parsers. In: Programming Languages and Systems – 21st European Symposium on Programming, ESOP 2012. Lecture Notes in Computer Science, vol. 7211, pp. 397–416. Springer (2012), http://xavierleroy.org/publi/validated-parser.pdf
Kang, J., Kim, Y., Hur, C.K., Dreyer, D., Vafeiadis, V.: Lightweight verification of separate compilation. SIGPLAN Not. 51(1), 178–190 (Jan 2016). https://doi.org/10.1145/2914770.2837642
Kästner, D., Leroy, X., Blazy, S., Schommer, B., Schmidt, M., Ferdinand, C.: Closing the gap – the formally verified optimizing compiler CompCert. In: SSS’17: Developments in System Safety Engineering: Proceedings of the Twenty-fifth Safety-critical Systems Symposium. pp. 163–180. CreateSpace (2017)
Kell, S., Mulligan, D.P., Sewell, P.: The missing link: explaining ELF static linking, semantically. In: Visser, E., Smaragdakis, Y. (eds.) Proceedings of the 2016 ACM SIGPLAN International Conference on Object-Oriented Programming, Systems, Languages, and Applications, OOPSLA 2016, part of SPLASH 2016, Amsterdam, The Netherlands, October 30 - November 4, 2016. pp. 607–623. ACM (2016). https://doi.org/10.1145/2983990.2983996
Krebbers, R.: A formal C memory model for separation logic. J. Autom. Reason. 57(4), 319–387 (2016). https://doi.org/10.1007/s10817-016-9369-1
Krebbers, R., Leroy, X., Wiedijk, F.: Formal C semantics: CompCert and the C standard. In: ITP 2014: Interactive Theorem Proving. pp. 543–548. No. 8558 in LNCS, Springer (2014). https://doi.org/10.1007/978-3-319-08970-6_36
Kumar, R., Mullen, E., Tatlock, Z., Myreen, M.O.: Software verification with itps should use binary code extraction to reduce the TCB - (short paper). In: Avigad, J., Mahboubi, A. (eds.) Interactive Theorem Proving (ITP). Lecture Notes in Computer Science, vol. 10895, pp. 362–369. Springer (2018). https://doi.org/10.1007/978-3-319-94821-8_21
Lee, G., Werner, B.: Proof-irrelevant model of CC with predicative induction and judgmental equality. Log. Methods Comput. Sci. 7(4) (2011). https://doi.org/10.2168/LMCS-7(4:5)2011, https://doi.org/10.2168/LMCS-7(4:5)2011
Lee, J., Kim, Y., Song, Y., Hur, C., Das, S., Majnemer, D., Regehr, J., Lopes, N.P.: Taming undefined behavior in LLVM. In: Cohen, A., Vechev, M.T. (eds.) Proceedings of the 38th ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI 2017, Barcelona, Spain, June 18-23, 2017. pp. 633–647. ACM (2017). https://doi.org/10.1145/3062341.3062343
Leroy, X.: Formal verification of a realistic compiler. Communications of the ACM 52(7) (2009). https://doi.org/10.1145/1538788.1538814
Leroy, X.: A formally verified compiler back-end. Journal of Automated Reasoning 43(4), 363–446 (2009), http://xavierleroy.org/publi/compcert-backend.pdf
Leroy, X.: The CompCert C verified compiler, 3.9 edn. (May 2021), an up-to-date version is at https://compcert.org/man/
Leroy, X., Blazy, S., Kästner, D., Schommer, B., Pister, M., Ferdinand, C.: CompCert – a formally verified optimizing compiler. In: ERTS 2016: Embedded Real Time Software and Systems. SEE (2016)
Letouzey, P.: Programmation fonctionnelle certifiée : L’extraction de programmes dans l’assistant Coq. (Certified functional programming : Program extraction within Coq proof assistant). Ph.D. thesis, University of Paris-Sud, Orsay, France (2004), https://tel.archives-ouvertes.fr/tel-00150912
Letouzey, P.: Extraction in Coq: An overview. In: Logic and Theory of Algorithms, Fourth Conference on Computability in Europe, CiE 2008. Lecture Notes in Computer Science, vol. 5028, pp. 359–369. Springer (2008)
Monniaux, D.: The pitfalls of verifying floating-point computations. TOPLAS 30(3), 12 (May 2008). https://doi.org/10.1145/1353445.1353446, http://hal.archives-ouvertes.fr/hal-00128124/en/
Monniaux, D., Six, C.: Simple, light, yet formally verified, global common subexpression elimination and loop-invariant code motion. In: Henkel, J., Liu, X. (eds.) LCTES ’21: 22nd ACM SIGPLAN/SIGBED International Conference on Languages, Compilers, and Tools for Embedded Systems, Virtual Event, Canada, 22 June, 2021. pp. 85–96. ACM (2021). https://doi.org/10.1145/3461648.3463850
Mullen, E., Pernsteiner, S., Wilcox, J.R., Tatlock, Z., Grossman, D.: Œuf: Minimizing the Coq extraction TCB. In: Proceedings of the 7th ACM SIGPLAN International Conference on Certified Programs and Proofs. p. 172–185. CPP 2018, Association for Computing Machinery, New York, NY, USA (2018). https://doi.org/10.1145/3167089
Mullen, E., Zuniga, D., Tatlock, Z., Grossman, D.: Verified peephole optimizations for compcert. SIGPLAN Not. 51(6), 448–461 (Jun 2016). https://doi.org/10.1145/2980983.2908109
Paraskevopoulou, Z.: Verified Optimizations for Functional Languages. Ph.D. thesis, Princeton University (Nov 2020), http://zoep.github.io/thesis_final.pdf
Paraskevopoulou, Z., Li, J.M., Appel, A.W.: Compositional optimizations for certicoq. Proc. ACM Program. Lang. 5(ICFP), 1–30 (2021). https://doi.org/10.1145/3473591
Recoules, F., Bardin, S., Bonichon, R., Lemerre, M., Mounier, L., Potet, M.: Interface compliance of inline assembly: Automatically check, patch and refine. In: 43rd IEEE/ACM International Conference on Software Engineering, ICSE 2021, Madrid, Spain, 22-30 May 2021. pp. 1236–1247. IEEE (2021). https://doi.org/10.1109/ICSE43902.2021.00113
Six, C.: Optimized and formally-verified compilation for a VLIW processor. Ph.D. thesis, Université Grenoble Alpes, France (Jul 2021), https://hal.archives-ouvertes.fr/tel-03326923
Six, C., Boulmé, S., Monniaux, D.: Certified and efficient instruction scheduling: application to interlocked VLIW processors. Proc. ACM Program. Lang. 4(OOPSLA), 129:1–129:29 (2020). https://doi.org/10.1145/3428197
Six, C., Gourdin, L., Boulmé, S., Monniaux, D., Fasse, J., Nardino, N.: Formally Verified Superblock Scheduling. In: Certified Programs and Proofs (CPP ’22). Philadelphia, United States (Jan 2022). https://doi.org/10.1145/3497775.3503679
Song, Y., Cho, M., Kim, D., Kim, Y., Kang, J., Hur, C.K.: CompCertM: CompCert with C-assembly linking and lightweight modular verification. Proc. ACM Program. Lang. 4(POPL) (Dec 2019). https://doi.org/10.1145/3371091
Sozeau, M., Boulier, S., Forster, Y., Tabareau, N., Winterhalter, T.: Coq coq correct! verification of type checking and erasure for coq, in coq. Proc. ACM Program. Lang. 4(POPL’20), 8:1–8:28 (2020). https://doi.org/10.1145/3371076
Sun, C., Le, V., Zhang, Q., Su, Z.: Toward understanding compiler bugs in GCC and LLVM. In: Proceedings of the 25th International Symposium on Software Testing and Analysis. p. 294–305. ISSTA 2016, Association for Computing Machinery, New York, NY, USA (2016). https://doi.org/10.1145/2931037.2931074
Timany, A., Sozeau, M.: Consistency of the Predicative Calculus of Cumulative Inductive Constructions (pCuIC). Research Report RR-9105, KU Leuven, Belgium ; Inria Paris (Oct 2017), https://hal.inria.fr/hal-01615123
Tristan, J.B., Leroy, X.: Formal verification of translation validators: A case study on instruction scheduling optimizations. In: Proceedings of the 35th ACM Symposium on Principles of Programming Languages (POPL’08). pp. 17–27. ACM Press (Jan 2008), http://xavierleroy.org/publi/validation-scheduling.pdf
Wang, Y., Wilke, P., Shao, Z.: An abstract stack based approach to verified compositional compilation to machine code. Proc. ACM Program. Lang. 3(POPL) (Jan 2019). https://doi.org/10.1145/3290375
Wang, Y., Xu, X., Wilke, P., Shao, Z.: CompCertELF: Verified separate compilation of C programs into ELF object files. Proc. ACM Program. Lang. 4(OOPSLA) (Nov 2020). https://doi.org/10.1145/3428265
Yang, X., Chen, Y., Eide, E., Regehr, J.: Finding and understanding bugs in C compilers. In: Programming Language Design and Implementation (PLDI). pp. 283–294. Association for Computing Machinery (2011). https://doi.org/10.1145/1993498.1993532
Author information
Authors and Affiliations
Corresponding authors
Editor information
Editors and Affiliations
Rights and permissions
Open Access This chapter is licensed under the terms of the Creative Commons Attribution 4.0 International License (http://creativecommons.org/licenses/by/4.0/), which permits use, sharing, adaptation, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons license and indicate if changes were made.
The images or other third party material in this chapter are included in the chapter's Creative Commons license, unless indicated otherwise in a credit line to the material. If material is not included in the chapter's Creative Commons license and your intended use is not permitted by statutory regulation or exceeds the permitted use, you will need to obtain permission directly from the copyright holder.
Copyright information
© 2022 The Author(s)
About this paper
Cite this paper
Monniaux, D., Boulmé, S. (2022). The Trusted Computing Base of the CompCert Verified Compiler. In: Sergey, I. (eds) Programming Languages and Systems. ESOP 2022. Lecture Notes in Computer Science, vol 13240. Springer, Cham. https://doi.org/10.1007/978-3-030-99336-8_8
Download citation
DOI: https://doi.org/10.1007/978-3-030-99336-8_8
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-99335-1
Online ISBN: 978-3-030-99336-8
eBook Packages: Computer ScienceComputer Science (R0)