## Validated Compilation through Logic

Citations: | 3 - 2 self |

### BibTeX

@MISC{Li_validatedcompilation,

author = {Guodong Li},

title = {Validated Compilation through Logic},

year = {}

}

### OpenURL

### Abstract

Abstract. To reason about programs written in a language, one needs to define its formal semantics, derive a reasoning mechanism (e.g. a program logic), and maximize the proof automation. Unfortunately, a compiler may involve multiple languages and phases; it is tedious and error prone to do so for each language and each phase. We present an approach based on the use of higher order logic to ease this burden. All the Intermediate Representations (IRs) are special forms of the logic of a prover such that IR programs can be reasoned about directly in the logic. We use this technique to construct and validate an optimizing compiler. New techniques are used to compile-with-proof all the programs into the logic, e.g. a logic specification is derived automatically from the monad interpretation of a piece of assembly code. 1

### Citations

717 |
Isabelle/HOL — A Proof Assistant for Higher-Order Logic, volume 2283 of LNCS
- Nipkow, Paulson, et al.
- 2002
(Show Context)
Citation Context ...age of the HOL theorem prover — Total Functional Language (TFL) [20] — a pure, total functional programming layer built on top of higher order logic and implemented in both the HOL-4 [8] and Isabelle =-=[17]-=- systems. Its front-end [12] translates a source function into a simpler intermediate format by compiling away many advanced features, e.g. it performs monomorphisation and defunctionalization to elim... |

705 | Separation logic: a logic for shared mutable data structures
- Reynolds
(Show Context)
Citation Context ...ariables into the input and output. Since all the variables updated in a structure will appear in the output, we might safely assume that those not in the output are unchanged. As in separation logic =-=[18]-=-, we can add these unchanged variables into the input/output using the frame rule if needed. On the other hand, as in the shrink rule, we may remove from the output those variables which will not be r... |

226 | Formal certification of a compiler back-end or: programming a compiler with a proof assistant
- Leroy
- 2006
(Show Context)
Citation Context ...evel code using a mathematical, domain-theoretic functions, as well as the proof of a simple compiler. But we need not to define the semantics in terms of tricky and customized interpretations. Leroy =-=[2, 9]-=- verified a compiler from a subset of C, i.e. Clight, to PowerPC assembly code in the Coq system. The semantics of Clight is completely deterministic and specified as big-step operational semantics. T... |

65 | From ML to Ada: strongly-typed language interoperability via source translation
- Oliva, Tolmach
- 1998
(Show Context)
Citation Context ... correctness of third-party compilers. 6 Related Work and Conclusions There has been much work on translating functional languages; one of the most influential has been the paper of Tolmach and Oliva =-=[21]-=- which developed a translation from SML-like functional language to Ada. Hickey and Nogin [7] worked in MetaPRL to construct a compiler from a full higher order, untyped, functional language to Intel ... |

62 | Formal verification of a C compiler front-end
- Blazy, Dargaye, et al.
- 2006
(Show Context)
Citation Context ...evel code using a mathematical, domain-theoretic functions, as well as the proof of a simple compiler. But we need not to define the semantics in terms of tricky and customized interpretations. Leroy =-=[2, 9]-=- verified a compiler from a subset of C, i.e. Clight, to PowerPC assembly code in the Coq system. The semantics of Clight is completely deterministic and specified as big-step operational semantics. T... |

41 |
A certified type-preserving compiler from lambda calculus to assembly language
- Chlipala
- 2007
(Show Context)
Citation Context ...rs correct. Hannan and Pfenning [6] constructed a verified compiler in LF for the untyped λ-calculus. The target machine is a variant of the CAM runtime and differs a lot from real machines. Chlipala =-=[4]-=- considered compiling a simplytyped λ-calculus to assembly language. He proved semantics preservation based on denotational semantics assigned to the intermediate languages. These source languages are... |

41 | Compiler verification in LF
- Hannan, Pfenning
- 1992
(Show Context)
Citation Context ...rely on higher-order rewrite 13rules. They use higher-order abstract syntax to represent programs and do not define any semantics. These works do not prove the compilers correct. Hannan and Pfenning =-=[6]-=- constructed a verified compiler in LF for the untyped λ-calculus. The target machine is a variant of the CAM runtime and differs a lot from real machines. Chlipala [4] considered compiling a simplyty... |

30 |
Reasoning about Terminating Functional Programs
- Slind
- 1999
(Show Context)
Citation Context ...de. The presented work is inspired by our software compiler [10–12] which produces assembly code for a subset of the specification language of the HOL theorem prover — Total Functional Language (TFL) =-=[20]-=- — a pure, total functional programming layer built on top of higher order logic and implemented in both the HOL-4 [8] and Isabelle [17] systems. Its front-end [12] translates a source function into a... |

24 | Biorthogonality, step-indexing and compiler correctness, in
- Benton, Hur
- 2009
(Show Context)
Citation Context ...r case this is automatically taken care of by the prover. Its representative optimization, common subexpression elimination, is accomplished in our compiler by a one-line rewrite rule. Benton and Hur =-=[1]-=- interprets types as binary relations to connect the denotational semantics of a simply typed functional language and the operational behavior of low-level programs in a SECD machine. This allows, as ... |

24 |
The Definition of Standard ML, Revised edition
- Milner, Tofte, et al.
- 1997
(Show Context)
Citation Context ...cs tractable so that we can reason about non-trivial programs in a formal setting. Some widely used functional languages have been given a formal semantics, e.g. ML has a formal operational semantics =-=[13]-=-. However, these semantics do not as yet provide a practical basis for formal reasoning about programs, although they are extremely valuable as reference documents and for proving meta-theorems (like ... |

24 | Formal verification of translation validators: a case study on instruction scheduling optimizations
- Tristan, Leroy
(Show Context)
Citation Context ...ics. The proof of semantics preservation for the translation proceeds by induction over the Clight evaluation derivation; while our proofs proceed by verifying the rewriting steps. As demonstrated in =-=[22]-=-, his compiler needs extensive manual effort to verify new optimizations; while our rewriting based approach is very flexible and easy to accommodate non-trivial optimizations. In fact our modeling of... |

21 | A verified compiler for an impure functional language
- Chlipala
- 2010
(Show Context)
Citation Context ...e proved semantics preservation based on denotational semantics assigned to the intermediate languages. These source languages are the bare lambda calculus and is thus much simpler than TFL. Chlipala =-=[5]-=- further considered translating a simple impure functional language to an idealized assembly language. One of main points is to avoid binder manipulation by using a parametric higher-order abstract sy... |

18 | M.: Hoare logic for realistically modelled machine code
- Myreen, Gordon
- 2007
(Show Context)
Citation Context ...ell structured since these methods need to discover the control flow structures to guide the composition. What is worse, such methods require substantial effort on soundness proof, as demonstrated in =-=[19, 15]-=- where most of the space of a paper is used to explain the rule system and its proof. They are also difficult to extend; and a minor modification may demand redoing the entire proof of the rule system... |

16 | Verified just-in-time compiler on x86
- Myreen
(Show Context)
Citation Context ...,1 is succinct since it does not take r1 as an extra argument. The fact that r1 is not changed is recorded by the identity function g1,2. This technique performs the task of the “separation logic” in =-=[15, 16, 14]-=-, but again needs no ad-hoc and intractable program logic. (l, f1, {(g1,1, r0), (g1,2, r1)}, r0 = rf r0) (l+1, f2, {(g2,1, (r0, r1))}, add r0 r0 r1) Procedure Call. The relation between monads represe... |

16 | M.J.C.: Machine-code verification for multiple architectures - an application of decompilation into logic
- Myreen, Slind, et al.
(Show Context)
Citation Context ...ck-end decompiles an assembly program to equivalent HOL functions. The “decompilation with proof” trick is first used by us in [10] to synthesize a function from an intermediate program. Magnus et al =-=[16]-=- extended this method to decompile ARM code. Unfortunately, these methods are based on rule composition — as we show in the previous section — the function is constructed by composing rules in a botto... |

15 | A compositional natural semantics and Hoare logic for low-level languages
- Saabas, Uustalu
(Show Context)
Citation Context ...ell structured since these methods need to discover the control flow structures to guide the composition. What is worse, such methods require substantial effort on soundness proof, as demonstrated in =-=[19, 15]-=- where most of the space of a paper is used to explain the rule system and its proof. They are also difficult to extend; and a minor modification may demand redoing the entire proof of the rule system... |

9 |
Formal compiler construction in a logical framework. Higher-Order and Symbolic Computation
- Hickey, Nogin
(Show Context)
Citation Context ... on translating functional languages; one of the most influential has been the paper of Tolmach and Oliva [21] which developed a translation from SML-like functional language to Ada. Hickey and Nogin =-=[7]-=- worked in MetaPRL to construct a compiler from a full higher order, untyped, functional language to Intel x86 code, based entirely on higher-order rewrite 13rules. They use higher-order abstract syn... |

9 | Trusted source translation of a total function language
- Li, Slind
- 2008
(Show Context)
Citation Context ...r — Total Functional Language (TFL) [20] — a pure, total functional programming layer built on top of higher order logic and implemented in both the HOL-4 [8] and Isabelle [17] systems. Its front-end =-=[12]-=- translates a source function into a simpler intermediate format by compiling away many advanced features, e.g. it performs monomorphisation and defunctionalization to eliminate polymorphism and highe... |

8 | Structure of a proof-producing compiler for a subset of higher order logic
- Li, Owens, et al.
- 2007
(Show Context)
Citation Context ...to a simpler intermediate format by compiling away many advanced features, e.g. it performs monomorphisation and defunctionalization to eliminate polymorphism and higher order functions. Its back-end =-=[10]-=- generates from this intermediate format an equivalent imperative program, which will be translated to other imperative IRs and finally to the machine code. In particular, the imperative IRs (with exp... |

7 |
Program verification through characteristic formulae
- Charguéraud
- 2010
(Show Context)
Citation Context ...g method. We do not rely on a Hoare Logic built for ARM, and overcome many limitations brought by composing reasoning rules in a bottom-up style (e.g. unable to handle unstructured code). Charguéraud =-=[3]-=- proposed a method to decompile pure Caml programs into logical formulas that implies the programs’ post-conditions. Similar to our C0 front-end, this method supports performing the correctness proof ... |

7 | K.: Compilation as rewriting in higher order logic - Li, Slind - 2007 |