42 research outputs found
Krivine realizability for compiler correctness
We propose a semantic type soundness result, formalized in the Coq proof assistant, for a compiler from a simple functional language to SECD machine code. Our result is quite independent from the source language as it uses Krivine's realizability to give a denotational semantics to SECD machine code using only the type system of the source language. We use realizability to prove the correctness of both a call-by-name (CBN) and a call-by-value (CBV) compiler with the same notion of orthogonality. We abstract over the notion of observation (e.g. divergence or termination) and derive an operational correctness result that relates the reduction of a term with the execution of its compiled SECD machine code
The Journey of Biorthogonal Logical Relations to the Realm of Assembly Code
Logical relations appeared to be very fruitful for the development of modular proofs of compiler correctness. In this field, logical relations are parametrized by a high-level type system, and are even sometimes directly relating low level pieces of code to high-level programs. All those works rely crucially on biorthogonality to get extensionality and compositionality properties. But the use of biorthogonality in the definitions also complicates matters when it comes to operational correctness. Most of the time, such correctness results amount to show an unfolding lemma that makes reduction more explicit than in a biorthogonal definition. Unfortunately, unfolding lemmas are not easy to derive for rich languages and in particular for assembly code. In this paper, we focus on three different situations that enable to reach step-by-step the assembly code universe: the use of Curry-style polymorphism, the presence of syntactical equality in the language and finally an ideal assembly code with a notion of code pointer
10351 Abstracts Collection -- Modelling, Controlling and Reasoning About State
From 29 August 2010 to 3 September 2010, the Dagstuhl Seminar 10351
``Modelling, Controlling and Reasoning About State \u27\u27 was held in
Schloss Dagstuhl~--~Leibniz Center for Informatics. During the
seminar, several participants presented their current research, and
ongoing work and open problems were discussed. Abstracts of the
presentations given during the seminar as well as abstracts of seminar
results and ideas are put together in this paper. Links to extended
abstracts or full papers are provided, if available
Modular, Fully-abstract Compilation by Approximate Back-translation
A compiler is fully-abstract if the compilation from source language programs
to target language programs reflects and preserves behavioural equivalence.
Such compilers have important security benefits, as they limit the power of an
attacker interacting with the program in the target language to that of an
attacker interacting with the program in the source language. Proving compiler
full-abstraction is, however, rather complicated. A common proof technique is
based on the back-translation of target-level program contexts to
behaviourally-equivalent source-level contexts. However, constructing such a
back- translation is problematic when the source language is not strong enough
to embed an encoding of the target language. For instance, when compiling from
STLC to ULC, the lack of recursive types in the former prevents such a
back-translation.
We propose a general and elegant solution for this problem. The key insight
is that it suffices to construct an approximate back-translation. The
approximation is only accurate up to a certain number of steps and conservative
beyond that, in the sense that the context generated by the back-translation
may diverge when the original would not, but not vice versa. Based on this
insight, we describe a general technique for proving compiler full-abstraction
and demonstrate it on a compiler from STLC to ULC. The proof uses asymmetric
cross-language logical relations and makes innovative use of step-indexing to
express the relation between a context and its approximate back-translation.
The proof extends easily to common compiler patterns such as modular
compilation and it, to the best of our knowledge, it is the first compiler full
abstraction proof to have been fully mechanised in Coq. We believe this proof
technique can scale to challenging settings and enable simpler, more scalable
proofs of compiler full-abstraction
FunTAL: Reasonably Mixing a Functional Language with Assembly
We present FunTAL, the first multi-language system to formalize safe
interoperability between a high-level functional language and low-level
assembly code while supporting compositional reasoning about the mix. A central
challenge in developing such a multi-language is bridging the gap between
assembly, which is staged into jumps to continuations, and high-level code,
where subterms return a result. We present a compositional stack-based typed
assembly language that supports components, comprised of one or more basic
blocks, that may be embedded in high-level contexts. We also present a logical
relation for FunTAL that supports reasoning about equivalence of high-level
components and their assembly replacements, mixed-language programs with
callbacks between languages, and assembly components comprised of different
numbers of basic blocks.Comment: 15 pages; implementation at https://dbp.io/artifacts/funtal/;
published in PLDI '17, Proceedings of the 38th ACM SIGPLAN Conference on
Programming Language Design and Implementation, June 18 - 23, 2017,
Barcelona, Spai
The Journey of Biorthogonal Logical Relations to the Realm of Assembly Code
Logical relations appeared to be very fruitful for the development of modular proofs of compiler correctness. In this field, logical relations are parametrized by a high-level type system, and are even sometimes directly relating low level pieces of code to high-level programs. All those works rely crucially on biorthogonality to get extensionality and compositionality properties. But the use of biorthogonality in the definitions also complicates matters when it comes to operational correctness. Most of the time, such correctness results amount to show an unfolding lemma that makes reduction more explicit than in a biorthogonal definition. Unfortunately, unfolding lemmas are not easy to derive for rich languages and in particular for assembly code. In this paper, we focus on three different situations that enable to reach step-by-step the assembly code universe: the use of Curry-style polymorphism, the presence of syntactical equality in the language and finally an ideal assembly code with a notion of code pointer
Compiler verification meets cross-language linking via data abstraction
Many real programs are written in multiple different programming languages, and supporting this pattern creates challenges for formal compiler verification. We describe our Coq verification of a compiler for a high-level language, such that the compiler correctness theorem allows us to derive partial-correctness Hoare-logic theorems for programs built by linking the assembly code output by our compiler and assembly code produced by other means. Our compiler supports such tricky features as storable cross-language function pointers, without giving up the usual benefits of being able to verify different compiler phases (including, in our case, two classic optimizations) independently. The key technical innovation is a mixed operational and axiomatic semantics for the source language, with a built-in notion of abstract data types, such that compiled code interfaces with other languages only through axiomatically specified methods that mutate encapsulated private data, represented in whatever formats are most natural for those languages.National Science Foundation (U.S.) (Grant CCF-1253229)United States. Defense Advanced Research Projects Agency (Agreement FA8750-12-2-0293)United States. Dept. of Energy. Office of Science (Award DE-SC0008923
Step-Indexing: The Good, the Bad and the Ugly
Over the last decade, step-indices have been widely used for the
construction of operationally-based logical relations in the presence
of various kinds of recursion. We first give an argument that
step-indices, or something like them, seem to be required for defining
realizability relations between high-level source languages and
low-level targets, in the case that the low-level allows egregiously
intensional operations such as reflection or comparison of code
pointers. We then show how, much to our annoyance, step-indices also
seem to prevent us from exploiting such operations as aggressively as
we would like in proving program transformations
Logical Relations for Session-Typed Concurrency
Program equivalence is the fulcrum for reasoning about and proving properties
of programs. For noninterference, for example, program equivalence up to the
secrecy level of an observer is shown. A powerful enabler for such proofs are
logical relations. Logical relations only recently were adopted for session
types -- but exclusively for terminating languages. This paper scales logical
relations to general recursive session types. It develops a logical relation
for progress-sensitive noninterference (PSNI) for intuitionistic linear logic
session types (ILLST), tackling the challenges non-termination and concurrency
pose, and shows that logical equivalence is sound and complete with regard to
closure of weak bisimilarity under parallel composition, using a
biorthogonality argument. A distinguishing feature of the logical relation is
its stratification with an observation index (as opposed to a step or unfolding
index), a crucial shift to make the logical relation closed under parallel
composition in a concurrent setting. To demonstrate practicality of the logical
relation, the paper develops an information flow control (IFC) refinement type
system for ILLST, with support of secrecy-polymorphic processes, and shows that
well-typed programs are self-related by the logical relation and thus enjoy
PSNI. The refinement type system has been implemented in a type checker,
featuring local security theories to support secrecy-polymorphic processes.Comment: arXiv admin note: text overlap with arXiv:2208.1374
A Certified Extension of the Krivine Machine for a Call-by-Name Higher-Order Imperative Language
In this paper we present a compiler that translates programs from an
imperative higher-order language into a sequence of instructions
for an abstract machine. We consider an extension of the Krivine machine for the call-by-name lambda calculus, which includes strict operators and imperative features. We show that the compiler is
correct with respect to the big-step semantics of our language, both
for convergent and divergent programs