Formalizing the SSA-based Compiler for Verified Advanced Program Transformations

Compilers are not always correct due to the complexity of language semantics and transformation algorithms, the trade-offs between compilation speed and verifiability,etc.The bugs of compilers can undermine the source-level verification efforts (such as type systems, static analysis, and formal proofs) and produce target programs with different meaning from source programs. Researchers have used mechanized proof tools to implement verified compilers that are guaranteed to preserve program semantics and proved to be more robust than ad-hoc non-verified compilers. The goal of the dissertation is to make a step towards verifying an industrial strength modern compiler--LLVM, which has a typed, SSA-based, and general-purpose intermediate representation, therefore allowing more advanced program transformations than existing approaches. The dissertation formally defines the sequential semantics of the LLVM intermediate representation with its type system, SSA properties, memory model, and operational semantics. To design and reason about program transformations in the LLVM IR, we provide tools for interacting with the LLVM infrastructure and metatheory for SSA properties, memory safety, dynamic semantics, and control-flow-graphs. Based on the tools and metatheory, the dissertation implements verified and extractable applications for LLVM that include an interpreter for the LLVM IR, a transformation for enforcing memory safety, translation validators for local optimizations, and verified SSA construction transformation. This dissertation shows that formal models of SSA-based compiler intermediate representations can be used to verify low-level program transformations, thereby enabling the construction of high-assurance compiler passes

CETS: Compiler-Enforced Temporal Safety for C

Temporal memory safety errors, such as dangling pointer dereferences and double frees, are a prevalent source of software bugs in unmanaged languages such as C. Existing schemes that attempt to retrofit temporal safety for such languages have high runtime overheads and/or are incomplete, thereby limiting their effectiveness as debugging aids. This paper presents CETS, a compile-time transformation for detecting all violations of temporal safety in C programs. Inspired by existing approaches, CETS maintains a unique identifier with each object, associates this metadata with the pointers in a disjoint metadata space to retain memory layout compatibility, and checks that the object is still allocated on pointer dereferences. A formal proof shows that this is sufficient to provide temporal safety even in the presence of arbitrary casts if the program contains no spatial safety violations. Our CETS prototype employs both temporal check removal optimizations and traditional compiler optimizations to achieve a runtime overhead of just 48% on average. When combined with a spatial-checking system, the average overall overhead is 116% for complete memory safety

SoftBound: Highly Compatible and Complete Spatial Memory Safety for C

The serious bugs and security vulnerabilities facilitated by C/C++’s lack of bounds checking are well known. Yet, C and C++ remain in widespread use. Unfortunately, C’s arbitrary pointer arithmetic, conflation of pointers and arrays, and programmer-visible memory layout make retrofitting C/C++ with spatial safety guarantees extremely challenging. Existing approaches suffer from incompleteness, have high runtime overhead, or require non-trivial changes to the C source code. Thus far, these deficiencies have prevented widespread adoption of such techniques. This paper proposes SoftBound, a compile time transformation for enforcing complete spatial safety of C. SoftBound records base and bound information for every pointer as disjoint metadata. This decoupling enables SoftBound to provide complete spatial safety while requiring no changes to C source code. Moreover, SoftBound performs metadata manipulation only when loading or storing pointer values. A formal proof shows this is sufficient to provide complete spatial safety even in the presence of wild casts. SoftBound’s full checking mode provides complete spatial violation detection. To further reduce overheads, SoftBound has a store-only checking mode that successfully detects all the security vulnerabilities in a test suite while adding 15% or less overhead to half of the benchmarks

Spin Space Groups: Full Classification and Applications

In this work, we exhaust all the spin-space symmetries, which fully characterize collinear, non-collinear, commensurate, and incommensurate spiral magnetism, and investigate enriched features of electronic bands that respect these symmetries. We achieve this by systematically classifying the so-called spin space groups (SSGs) - joint symmetry groups of spatial and spin operations that leave the magnetic structure unchanged. Generally speaking, they are accurate (approximate) symmetries in systems where spin-orbit coupling (SOC) is negligible (finite but weaker than the interested energy scale); but we also show that specific SSGs could remain valid even in the presence of a strong SOC. By representing the SSGs as O($N$) representations, we - for the first time - obtain the complete classifications of 1421, 9542, and 56512 distinct SSGs for collinear ($N=1$), coplanar ($N=2$), and non-coplanar ($N=3$) magnetism, respectively. SSG not only fully characterizes the symmetry of spin d.o.f., but also gives rise to exotic electronic states, which, in general, form projective representations of magnetic space groups (MSGs). Surprisingly, electronic bands in SSGs exhibit features never seen in MSGs, such as nonsymmorphic SSG Brillouin zone (BZ), where SSG operations behave as glide or screw when act on momentum and unconventional spin-momentum locking, which is completely determined by SSG, independent of Hamiltonian details. To apply our theory, we identify the SSG for each of the 1604 published magnetic structures in the MAGNDATA database on the Bilbao Crystallographic Server. Material examples exhibiting aforementioned novel features are discussed with emphasis. We also investigate new types of SSG-protected topological electronic states that are unprecedented in MSGs