5,658 research outputs found
A Linear First-Order Functional Intermediate Language for Verified Compilers
We present the linear first-order intermediate language IL for verified
compilers. IL is a functional language with calls to a nondeterministic
environment. We give IL terms a second, imperative semantic interpretation and
obtain a register transfer language. For the imperative interpretation we
establish a notion of live variables. Based on live variables, we formulate a
decidable property called coherence ensuring that the functional and the
imperative interpretation of a term coincide. We formulate a register
assignment algorithm for IL and prove its correctness. The algorithm translates
a functional IL program into an equivalent imperative IL program. Correctness
follows from the fact that the algorithm reaches a coherent program after
consistently renaming local variables. We prove that the maximal number of live
variables in the initial program bounds the number of different variables in
the final coherent program. The entire development is formalized in Coq.Comment: Addressed comments from reviewers (ITP 2015): (1) Added discussion of
a paper in related work (2) Added definition of renamed-apart in appendix (3)
Formulation changes in a coupe of place
A formally verified compiler back-end
This article describes the development and formal verification (proof of
semantic preservation) of a compiler back-end from Cminor (a simple imperative
intermediate language) to PowerPC assembly code, using the Coq proof assistant
both for programming the compiler and for proving its correctness. Such a
verified compiler is useful in the context of formal methods applied to the
certification of critical software: the verification of the compiler guarantees
that the safety properties proved on the source code hold for the executable
compiled code as well
Specifying and Executing Optimizations for Parallel Programs
Compiler optimizations, usually expressed as rewrites on program graphs, are
a core part of all modern compilers. However, even production compilers have
bugs, and these bugs are difficult to detect and resolve. The problem only
becomes more complex when compiling parallel programs; from the choice of graph
representation to the possibility of race conditions, optimization designers
have a range of factors to consider that do not appear when dealing with
single-threaded programs. In this paper we present PTRANS, a domain-specific
language for formal specification of compiler transformations, and describe its
executable semantics. The fundamental approach of PTRANS is to describe program
transformations as rewrites on control flow graphs with temporal logic side
conditions. The syntax of PTRANS allows cleaner, more comprehensible
specification of program optimizations; its executable semantics allows these
specifications to act as prototypes for the optimizations themselves, so that
candidate optimizations can be tested and refined before going on to include
them in a compiler. We demonstrate the use of PTRANS to state, test, and refine
the specification of a redundant store elimination optimization on parallel
programs.Comment: In Proceedings GRAPHITE 2014, arXiv:1407.767
Beyond Good and Evil: Formalizing the Security Guarantees of Compartmentalizing Compilation
Compartmentalization is good security-engineering practice. By breaking a
large software system into mutually distrustful components that run with
minimal privileges, restricting their interactions to conform to well-defined
interfaces, we can limit the damage caused by low-level attacks such as
control-flow hijacking. When used to defend against such attacks,
compartmentalization is often implemented cooperatively by a compiler and a
low-level compartmentalization mechanism. However, the formal guarantees
provided by such compartmentalizing compilation have seen surprisingly little
investigation.
We propose a new security property, secure compartmentalizing compilation
(SCC), that formally characterizes the guarantees provided by
compartmentalizing compilation and clarifies its attacker model. We reconstruct
our property by starting from the well-established notion of fully abstract
compilation, then identifying and lifting three important limitations that make
standard full abstraction unsuitable for compartmentalization. The connection
to full abstraction allows us to prove SCC by adapting established proof
techniques; we illustrate this with a compiler from a simple unsafe imperative
language with procedures to a compartmentalized abstract machine.Comment: Nit
Combining Static and Dynamic Contract Checking for Curry
Static type systems are usually not sufficient to express all requirements on
function calls. Hence, contracts with pre- and postconditions can be used to
express more complex constraints on operations. Contracts can be checked at run
time to ensure that operations are only invoked with reasonable arguments and
return intended results. Although such dynamic contract checking provides more
reliable program execution, it requires execution time and could lead to
program crashes that might be detected with more advanced methods at compile
time. To improve this situation for declarative languages, we present an
approach to combine static and dynamic contract checking for the functional
logic language Curry. Based on a formal model of contract checking for
functional logic programming, we propose an automatic method to verify
contracts at compile time. If a contract is successfully verified, dynamic
checking of it can be omitted. This method decreases execution time without
degrading reliable program execution. In the best case, when all contracts are
statically verified, it provides trust in the software since crashes due to
contract violations cannot occur during program execution.Comment: Pre-proceedings paper presented at the 27th International Symposium
on Logic-Based Program Synthesis and Transformation (LOPSTR 2017), Namur,
Belgium, 10-12 October 2017 (arXiv:1708.07854
Verified Compilers for a Multi-Language World
Though there has been remarkable progress on formally verified compilers in recent years, most of these compilers suffer from a serious limitation: they are proved correct under the assumption that they will only be used to compile whole programs. This is an unrealistic assumption since most software systems today are comprised of components written in different languages - both typed and untyped - compiled by different compilers to a common target, as well as low-level libraries that may be handwritten in the target language.
We are pursuing a new methodology for building verified compilers for today\u27s world of multi-language software. The project has two central themes, both of which stem from a view of compiler correctness as a language interoperability problem. First, to specify correctness of component compilation, we require that if a source component s compiles to target component t, then t linked with some arbitrary target code t\u27 should behave the same as s interoperating with t\u27. The latter demands a formal semantics of interoperability between the source and target languages. Second, to enable safe interoperability between components compiled from languages as different as ML, Rust, Python, and C, we plan to design a gradually type-safe target language based on LLVM that supports safe interoperability between more precisely typed, less precisely typed, and type-unsafe components. Our approach opens up a new avenue for exploring sensible language interoperability while also tackling compiler correctness
Mechanized semantics
The goal of this lecture is to show how modern theorem provers---in this
case, the Coq proof assistant---can be used to mechanize the specification of
programming languages and their semantics, and to reason over individual
programs and over generic program transformations, as typically found in
compilers. The topics covered include: operational semantics (small-step,
big-step, definitional interpreters); a simple form of denotational semantics;
axiomatic semantics and Hoare logic; generation of verification conditions,
with application to program proof; compilation to virtual machine code and its
proof of correctness; an example of an optimizing program transformation (dead
code elimination) and its proof of correctness
- …