research-article

Pilsner: a compositionally verified compiler for a higher-order imperative language

Authors:
Georg Neis

MPI-SWS, Germany

MPI-SWS, Germany
View Profile

,
Chung-Kil Hur

Seoul National University, South Kroea

Seoul National University, South Kroea
View Profile

,
Jan-Oliver Kaiser

MPI-SWS, Germany

MPI-SWS, Germany
View Profile

,
Craig McLaughlin

University of Glasgow, UK

University of Glasgow, UK
View Profile

,
Derek Dreyer

MPI-SWS, Germany

MPI-SWS, Germany
View Profile

,
Viktor Vafeiadis

MPI-SWS, Germany

MPI-SWS, Germany
View Profile

ICFP 2015: Proceedings of the 20th ACM SIGPLAN International Conference on Functional ProgrammingAugust 2015Pages 166–178https://doi.org/10.1145/2784731.2784764

Published:29 August 2015Publication History

ICFP 2015: Proceedings of the 20th ACM SIGPLAN International Conference on Functional Programming

Pages 166–178

ABSTRACT

Compiler verification is essential for the construction of fully verified software, but most prior work (such as CompCert) has focused on verifying whole-program compilers. To support separate compilation and to enable linking of results from different verified compilers, it is important to develop a compositional notion of compiler correctness that is modular (preserved under linking), transitive (supports multi-pass compilation), and flexible (applicable to compilers that use different intermediate languages or employ non-standard program transformations). In this paper, building on prior work of Hur et al., we develop a novel approach to compositional compiler verification based on parametric inter-language simulations (PILS). PILS are modular: they enable compiler verification in a manner that supports separate compilation. PILS are transitive: we use them to verify Pilsner, a simple (but non-trivial) multi-pass optimizing compiler (programmed in Coq) from an ML-like source language S to an assembly-like target language T, going through a CPS-based intermediate language. Pilsner is the first multi-pass compiler for a higher-order imperative language to be compositionally verified. Lastly, PILS are flexible: we use them to additionally verify (1) Zwickel, a direct non-optimizing compiler for S, and (2) a hand-coded self-modifying T module, proven correct w.r.t. an S-level specification. The output of Zwickel and the self-modifying T module can then be safely linked together with the output of Pilsner. All together, this has been a significant undertaking, involving several person-years of work and over 55,000 lines of Coq.

References

Appendix and Coq development. http://plv.mpi-sws.org/pils.Google Scholar
A. Ahmed. Step-indexed syntactic logical relations for recursive and quantified types. In ESOP, 2006. Google ScholarDigital Library
A. Ahmed, D. Dreyer, and A. Rossberg. State-dependent representation independence. In POPL, 2009. Google ScholarDigital Library
L. Beringer, G. Stewart, R. Dockins, and A. W. Appel. Verified compilation for shared-memory C. In ESOP, 2014.Google ScholarDigital Library
D. Dobbs, M. Fontana, and S.-E. Kabbaj, editors. Advances in Commutative Ring Theory. CRC Press, 1999.Google Scholar
D. Dreyer, G. Neis, and L. Birkedal. The impact of higher-order state and control effects on local relational reasoning. JFP, 22(4-5), 2012. Google ScholarDigital Library
M. Fluet and S. Weeks. Contification using dominators. In ICFP, 2001. Google ScholarDigital Library
C.-K. Hur and D. Dreyer. A Kripke logical relation between ML and assembly. In POPL, 2011. Google ScholarDigital Library
C.-K. Hur, D. Dreyer, G. Neis, and V. Vafeiadis. The marriage of bisimulations and Kripke logical relations. In POPL, 2012. Google ScholarDigital Library
C.-K. Hur, G. Neis, D. Dreyer, and V. Vafeiadis. The transitive composability of relation transition systems. Technical Report MPISWS-2012-002, MPI-SWS, 2012.Google Scholar
C.-K. Hur, G. Neis, D. Dreyer, and V. Vafeiadis. A logical step forward in parametric bisimulations. Technical Report MPI-SWS-2014-003, MPI-SWS, 2014.Google Scholar
A. Kennedy. Compiling with continuations, continued. In ICFP, 2007. Google ScholarDigital Library
R. Kumar, M. Myreen, M. Norrish, and S. Owens. CakeML: A verified implementation of ML. In POPL, 2014. Google ScholarDigital Library
V. Le, M. Afshari, and Z. Su. Compiler validation via equivalence modulo inputs. In PLDI, 2014. Google ScholarDigital Library
X. Leroy. A formally verified compiler back-end. Journal of Automated Reasoning, 43(4):363–446, 2009. Google ScholarDigital Library
J. Matthews and R. B. Findler. Operational semantics for multilanguage programs. In POPL, 2007. Google ScholarDigital Library
K. S. Namjoshi. A simple characterization of stuttering bisimulation. In FSTTCS, pages 284–296, 1997. Google ScholarDigital Library
A. Nanevski, V. Vafeiadis, and J. Berdine. Structuring the verification of heap-manipulating programs. In POPL, 2010. Google ScholarDigital Library
J. T. Perconti and A. Ahmed. Verifying an open compiler using multilanguage semantics. In ESOP, 2014.Google Scholar
A. Pitts and I. Stark. Operational reasoning for functions with local state. In HOOTS, 1998. Google ScholarDigital Library
D. Sangiorgi, N. Kobayashi, and E. Sumii. Environmental bisimulations for higher-order languages. In LICS, 2007. Google ScholarDigital Library
G. Stewart, L. Beringer, S. Cuellar, and A. W. Appel. Compositional CompCert. In POPL, 2015. Google ScholarDigital Library
K. Støvring and S. Lassen. A complete, co-inductive syntactic theory of sequential control and state. In POPL, 2007. Google ScholarDigital Library
E. Sumii and B. Pierce. A bisimulation for type abstraction and recursion. Journal of the ACM, 54(5):1–43, 2007. Google ScholarDigital Library
P. Wang, S. Cuellar, and A. Chlipala. Compiler verification meets cross-language linking via data abstraction. In OOPSLA, 2014. Google ScholarDigital Library

Index Terms

Pilsner: a compositionally verified compiler for a higher-order imperative language
1. Software and its engineering
  1. Software notations and tools
    1. Compilers
2. Theory of computation
  1. Logic
  2. Semantics and reasoning
    1. Program reasoning

Recommendations

Pilsner: a compositionally verified compiler for a higher-order imperative language
ICFP '15

Compiler verification is essential for the construction of fully verified software, but most prior work (such as CompCert) has focused on verifying whole-program compilers. To support separate compilation and to enable linking of results from different ...
Read More
A verified compiler for an impure functional language
POPL '10: Proceedings of the 37th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages

We present a verified compiler to an idealized assembly language from a small, untyped functional language with mutable references and exceptions. The compiler is programmed in the Coq proof assistant and has a proof of total correctness with respect to ...
Read More
Lightweight verification of separate compilation
POPL '16: Proceedings of the 43rd Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages

Major compiler verification efforts, such as the CompCert project, have traditionally simplified the verification problem by restricting attention to the correctness of whole-program compilation, leaving open the question of how to verify the ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Published in
ICFP 2015: Proceedings of the 20th ACM SIGPLAN International Conference on Functional Programming
August 2015
436 pages
ISBN:9781450336697
DOI:10.1145/2784731
General Chair:
Kathleen Fisher
Tufts University, USA
,
Program Chair:
John Reppy
University of Chicago, USA
ACM SIGPLAN Notices Volume 50, Issue 9
ICFP '15
September 2015
436 pages
ISSN:0362-1340
EISSN:1558-1160
DOI:10.1145/2858949
Editor:
Andy Gill
University of Kansas, Lawrence, KS
Issue’s Table of Contents
Copyright © 2015 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 29 August 2015
Permissions
Request permissions about this article.
Request Permissions

Check for updates
Author Tags
Compositional compiler verification
abstract types
higher-order state
parametric simulations
recursive types
transitivity
Qualifiers
- research-article
Conference

Acceptance Rates
Overall Acceptance Rate333of1,064submissions,31%
Upcoming Conference
ICFP '24

Sponsor:

sigplan

ACM SIGPLAN International Conference on Functional Programming

September 9 - 13, 2024

Milan , Italy
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 65
  Total Citations
  View Citations
- 292
  Total Downloads
- Downloads (Last 12 months)14
- Downloads (Last 6 weeks)2
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Pilsner: a compositionally verified compiler for a higher-order imperative language

ICFP 2015: Proceedings of the 20th ACM SIGPLAN International Conference on Functional Programming

ABSTRACT

References

Cited By

Index Terms

Recommendations

Pilsner: a compositionally verified compiler for a higher-order imperative language

A verified compiler for an impure functional language

Lightweight verification of separate compilation