2,756 research outputs found
Verification of the C0 compiler implementation on the source code level
This thesis concerns practical application of two methods for program verification. The programming language we consider is a C dialect, called C0, which supports dynamic memory allocation, recursion, pointer types, etc. First, we verify a program using a formalization of small-step semantics of C0. The example we study is a small loop program, which allocates a linked list of the given length on the heap. Second, we describe the verification of a compiler implementation in a Hoare Logic in the sense of partial correctness. The source and implementation language of the compiler is C0. The correctness statement is divided into independent parts: i) the correctness of the compilation algorithm with respect to the target machine and ii) the correctness of the implementation with respect to the specified algorithm. This thesis considers the second task. We give the formal specification of the compilation algorithm and develop the connection of the implementation data structures to the abstract types used in the specification. Finally, we show the correctness of the compiler implementation with respect to the specification.Die vorliegende Arbeit befasst sich mit der praktischen Anwendung von zwei Methoden zur Programmverifikation. Die Programmiersprache, die dabei betrachtet wird, ist C0, ein C Dialekt, der unter anderem dynamische Allokation von Speicher, Rekursion und Pointer unterstützt. Zuerst beweisen wir die Korrektheit eines Programms mit Hilfe der formalen Small-Step Semantik von C0. Das Beispiel, das wir untersuchen, ist ein kleines Programm, das in einer Schleife eine gelinkte Liste gegebener Länge auf dem Heap alloziert. Danach beschreiben wir die Verifikation einer Compiler-Implementierung mittels einer Hoare Logik für partielle Korrektheit. Die Quell- und Implementierungssprache des Compilers ist C0. Die Korrektheitsaussage ist in unabhängige Aufgaben aufgeteilt: i) die Korrektheit des Compileralgorithmus bezüglich der Zielarchitektur und ii) die Korrektheit der Implementierung bezüglich dieses Algorithmus. Die vorliegende Arbeit beschäftigt sich mit der zweiten Aufgabe. Wir beschreiben die formale Spezifikation des Compileralgorithmus und entwickeln eine Verbindung zwischen den Datenstrukturen der Implementierung und den abstrakten Typen, die in der Spezifikation benutzt werden. Schließlich zeigen wir die Korrektheit der Compilerimplementierung bezüglich der Spezifikation
Separation Logic for Small-step Cminor
Cminor is a mid-level imperative programming language; there are
proved-correct optimizing compilers from C to Cminor and from Cminor to machine
language. We have redesigned Cminor so that it is suitable for Hoare Logic
reasoning and we have designed a Separation Logic for Cminor. In this paper, we
give a small-step semantics (instead of the big-step of the proved-correct
compiler) that is motivated by the need to support future concurrent
extensions. We detail a machine-checked proof of soundness of our Separation
Logic. This is the first large-scale machine-checked proof of a Separation
Logic w.r.t. a small-step semantics. The work presented in this paper has been
carried out in the Coq proof assistant. It is a first step towards an
environment in which concurrent Cminor programs can be verified using
Separation Logic and also compiled by a proved-correct compiler with formal
end-to-end correctness guarantees.Comment: Version courte du rapport de recherche RR-613
A formally verified compiler back-end
This article describes the development and formal verification (proof of
semantic preservation) of a compiler back-end from Cminor (a simple imperative
intermediate language) to PowerPC assembly code, using the Coq proof assistant
both for programming the compiler and for proving its correctness. Such a
verified compiler is useful in the context of formal methods applied to the
certification of critical software: the verification of the compiler guarantees
that the safety properties proved on the source code hold for the executable
compiled code as well
CapablePtrs: Securely Compiling Partial Programs using the Pointers-as-Capabilities Principle
Capability machines such as CHERI provide memory capabilities that can be
used by compilers to provide security benefits for compiled code (e.g., memory
safety). The C to CHERI compiler, for example, achieves memory safety by
following a principle called "pointers as capabilities" (PAC). Informally, PAC
says that a compiler should represent a source language pointer as a machine
code capability. But the security properties of PAC compilers are not yet well
understood. We show that memory safety is only one aspect, and that PAC
compilers can provide significant additional security guarantees for partial
programs: the compiler can provide guarantees for a compilation unit, even if
that compilation unit is later linked to attacker-controlled machine code. This
paper is the first to study the security of PAC compilers for partial programs
formally. We prove for a model of such a compiler that it is fully abstract.
The proof uses a novel proof technique (dubbed TrICL, read trickle), which is
of broad interest because it reuses and extends the compiler correctness
relation in a natural way, as we demonstrate. We implement our compiler on top
of the CHERI platform and show that it can compile legacy C code with minimal
code changes. We provide performance benchmarks that show how performance
overhead is proportional to the number of cross-compilation-unit function
calls
An investigation of the performance portability of OpenCL
This paper reports on the development of an MPI/OpenCL implementation of LU, an application-level benchmark from the NAS Parallel Benchmark Suite. An account of the design decisions addressed during the development of this code is presented, demonstrating the importance of memory arrangement and work-item/work-group distribution strategies when applications are deployed on different device types. The resulting platform-agnostic, single source application is benchmarked on a number of different architectures, and is shown to be 1.3–1.5× slower than native FORTRAN 77 or CUDA implementations on a single node and 1.3–3.1× slower on multiple nodes. We also explore the potential performance gains of OpenCL’s device fissioning capability, demonstrating up to a 3× speed-up over our original OpenCL implementation
- …