Zoe Paraskevopoulou
Andrew W. Appel
Skip Abstract Section
Skip Supplemental Material SectionAbstract
Compositional compiler verification is a difficult problem that focuses on separate compilation of program components with possibly different verified compilers. Logical relations are widely used in proving correctness of program transformations in higher-order languages; however, they do not scale to compositional verification of multi-pass compilers due to their lack of transitivity. The only known technique to apply to compositional verification of multi-pass compilers for higher-order languages is parametric inter-language simulations (PILS), which is however significantly more complicated than traditional proof techniques for compiler correctness. In this paper, we present a novel verification framework for lightweight compositional compiler correctness. We demonstrate that by imposing the additional restriction that program components are compiled by pipelines that go through the same sequence of intermediate representations, logical relation proofs can be transitively composed in order to derive an end-to-end compositional specification for multi-pass compiler pipelines. Unlike traditional logical-relation frameworks, our framework supports divergence preservation—even when transformations reduce the number of program steps. We achieve this by parameterizing our logical relations with a pair of relational invariants.
We apply this technique to verify a multi-pass, optimizing middle-end pipeline for CertiCoq, a compiler from Gallina (Coq’s specification language) to C. The pipeline optimizes and closure-converts an untyped functional intermediate language (ANF or CPS) to a subset of that language without nested functions, which can be easily code-generated to low-level languages. Notably, our pipeline performs more complex closure-allocation optimizations than the state of the art in verified compilation. Using our novel verification framework, we prove an end-to-end theorem for our pipeline that covers both termination and divergence and applies to whole-program and separate compilation, even when different modules are compiled with different optimizations. Our results are mechanized in the Coq proof assistant.
Supplemental Material
- Umut A. Acar, Amal Ahmed, and Matthias Blume. 2008. Imperative Self-Adjusting Computation. In Proceedings of the 35th Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL ’08). Association for Computing Machinery, New York, NY, USA. 309–322. isbn:9781595936899 https://doi.org/10.1145/1328438.1328476 Google Scholar
Digital Library
- Norman Adams, David Kranz, Richard Kelsey, Jonathan Rees, Paul Hudak, and James Philbin. 1986. ORBIT: An Optimizing Compiler for Scheme. In Proceedings of the 1986 SIGPLAN Symposium on Compiler Construction (SIGPLAN ’86). Association for Computing Machinery, New York, NY, USA. 219–233. isbn:0897911970 https://doi.org/10.1145/12276.13333 Google ScholarDigital Library
- Amal Ahmed. 2006. Step-Indexed Syntactic Logical Relations for Recursive and Quantified Types. In Programming Languages and Systems, Peter Sestoft (Ed.). Springer Berlin Heidelberg, Berlin, Heidelberg. 69–83. isbn:978-3-540-33096-7Google Scholar
- Abhishek Anand, Andrew W. Appel, John Gregory Morrisett, Zoe Paraskevopoulou, Randy Pollack, Olivier Savary Bélanger, Matthieu Sozeau, and Matthew Weaver. 2017. CertiCoq: A verified compiler for Coq. In CoqPL’17: The Third International Workshop on Coq for Programming Languages. 2 pages.Google Scholar
- Andrew W. Appel and Trevor Jim. 1997. Shrinking lambda expressions in linear time. Journal of Functional Programming, 7, 5 (1997), Sept., 515–540. issn:0956-7968 https://doi.org/10.1017/S0956796897002839 Google ScholarDigital Library
- Andrew W. Appel. 1992. Compiling with Continuations. Cambridge University Press, New York.Google ScholarDigital Library
- Andrew W. Appel. 2015. Verification of a Cryptographic Primitive: SHA-256. ACM Trans. Program. Lang. Syst., 37, 2 (2015), Article 7, April, 31 pages. issn:0164-0925 https://doi.org/10.1145/2701415 Google ScholarDigital Library
- Andrew W. Appel. 2020. Verified Functional Algorithms. Version 1.4, http://softwarefoundations.cis.upenn.eduGoogle Scholar
- Andrew W. Appel and Trevor Jim. 1997. Shrinking Lambda Expressions in Linear Time. J. Funct. Program., 7, 5 (1997), Sept., 515–540.Google ScholarDigital Library
- Andrew W. Appel and David McAllester. 2001. An Indexed Model of Recursive Types for Foundational Proof-Carrying Code. ACM Trans. Program. Lang. Syst., 23, 5 (2001), Sept., 657–683. issn:0164-0925 https://doi.org/10.1145/504709.504712 Google ScholarDigital Library
- Gilles Barthe, Sandrine Blazy, Benjamin Grégoire, Rémi Hutin, Vincent Laporte, David Pichardie, and Alix Trieu. 2019. Formal Verification of a Constant-Time Preserving C Compiler. Proc. ACM Program. Lang., 4, POPL (2019), Article 7, Dec., 30 pages. https://doi.org/10.1145/3371075 Google ScholarDigital Library
- Nick Benton and Chung-Kil Hur. 2009. Biorthogonality, Step-Indexing and Compiler Correctness. In Proceedings of the 14th ACM SIGPLAN International Conference on Functional Programming (ICFP ’09). Association for Computing Machinery, New York, NY, USA. 97–108. isbn:9781605583327 https://doi.org/10.1145/1596550.1596567 Google ScholarDigital Library
- Nick Benton, Andrew Kennedy, Sam Lindley, and Claudio Russo. 2005. Shrinking Reductions in SML.NET. In Implementation and Application of Functional Languages, Clemens Grelck, Frank Huch, Greg J. Michaelson, and Phil Trinder (Eds.). Springer Berlin Heidelberg, Berlin, Heidelberg. 142–159. isbn:978-3-540-32038-8Google Scholar
- Gregory J Chaitin, Marc A Auslander, Ashok K Chandra, John Cocke, Martin E Hopkins, and Peter W Markstein. 1981. Register allocation via coloring. Computer languages, 6, 1 (1981), 47–57.Google Scholar
- Adam Chlipala. 2010. A Verified Compiler for an Impure Functional Language. In Proceedings of the 37th Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL ’10). Association for Computing Machinery, New York, NY, USA. 93–106. isbn:9781605584799 https://doi.org/10.1145/1706299.1706312 Google ScholarDigital Library
- Zaynah Dargaye and Xavier Leroy. 2007. Mechanized Verification of CPS Transformations. In Proceedings of the 14th International Conference on Logic for Programming, Artificial Intelligence and Reasoning (LPAR’7). Springer-Verlag, Berlin, Heidelberg. 211–225. isbn:3540755586Google ScholarDigital Library
- Cormac Flanagan, Amr Sabry, Bruce F. Duba, and Matthias Felleisen. 1993. The Essence of Compiling with Continuations. In Proceedings of the ACM SIGPLAN 1993 Conference on Programming Language Design and Implementation (PLDI ’93). ACM, New York, NY, USA. 237–247. isbn:0-89791-598-4 https://doi.org/10.1145/155090.155113 Google ScholarDigital Library
- Pascal Fradet and Daniel Le Métayer. 1991. Compilation of Functional Languages by Program Transformation. ACM Trans. Program. Lang. Syst., 13, 1 (1991), Jan., 21–51. issn:0164-0925 https://doi.org/10.1145/114005.102805 Google ScholarDigital Library
- Aïna Linn Georges, Armaël Guéneau, Thomas Van Strydonck, Amin Timany, Alix Trieu, Sander Huyghebaert, Dominique Devriese, and Lars Birkedal. 2021. Efficient and Provable Local Capability Revocation Using Uninitialized Capabilities. Proc. ACM Program. Lang., 5, POPL (2021), Article 6, Jan., 30 pages. https://doi.org/10.1145/3434287 Google ScholarDigital Library
- Sebastian Graf and Simon Peyton Jones. 2019. Selective Lambda Lifting. CoRR, abs/1910.11717 (2019), arxiv:1910.11717. arxiv:1910.11717Google Scholar
- Ronghui Gu, Jérémie Koenig, Tahina Ramananandro, Zhong Shao, Xiongnan (Newman) Wu, Shu-Chun Weng, Haozhong Zhang, and Yu Guo. 2015. Deep Specifications and Certified Abstraction Layers. In Proceedings of the 42nd Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL ’15). Association for Computing Machinery, New York, NY, USA. 595–608. isbn:9781450333009 https://doi.org/10.1145/2676726.2676975 Google ScholarDigital Library
- R. J. M. Hughes. 1982. Super-Combinators: A New Implementation Method for Applicative Languages. In In Conference Record of the 1982 ACM Symposium on Lisp and Functional Programming. ACM, 1–10.Google Scholar
- Chung-Kil Hur and Derek Dreyer. 2011. A Kripke Logical Relation Between ML and Assembly. In Proceedings of the 38th Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL ’11). ACM, New York, NY, USA. 133–146. isbn:978-1-4503-0490-0 https://doi.org/10.1145/1926385.1926402 Google ScholarDigital Library
- Chung-Kil Hur, Derek Dreyer, Georg Neis, and Viktor Vafeiadis. 2012. The Marriage of Bisimulations and Kripke Logical Relations. In Proceedings of the 39th Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL ’12). Association for Computing Machinery, New York, NY, USA. 59–72. isbn:9781450310833 https://doi.org/10.1145/2103656.2103666 Google ScholarDigital Library
- Neis Georg Hur, Chung-Kil, Derek Dreyer, and Viktor Vafeiadis. 2014. Parametric Bisimulations: A Logical Step Forward.Google Scholar
- Thomas Johnsson. 1985. Lambda Lifting: Transforming Programs to Recursive Equations. In Proc. of a Conference on Functional Programming Languages and Computer Architecture. Springer-Verlag, Berlin, Heidelberg. 190–203. isbn:3387159754Google ScholarDigital Library
- Simon L. Peyton Jones. 1996. Compiling Haskell by program transformation: A report from the trenches. In Programming Languages and Systems — ESOP ’96, Hanne Riis Nielson (Ed.). Springer Berlin Heidelberg, Berlin, Heidelberg. 18–44. isbn:978-3-540-49942-8Google Scholar
- Simon Peyton Jones and André Santos. 1995. Compilation by Transformation in the Glasgow Haskell Compiler. In Functional Programming, Glasgow 1994, Kevin Hammond, David N. Turner, and Patrick M. Sansom (Eds.). Springer London, London. 184–204. isbn:978-1-4471-3573-9Google Scholar
- Jeehoon Kang, Yoonseung Kim, Chung-Kil Hur, Derek Dreyer, and Viktor Vafeiadis. 2016. Lightweight Verification of Separate Compilation. SIGPLAN Not., 51, 1 (2016), Jan., 178–190. issn:0362-1340 https://doi.org/10.1145/2914770.2837642 Google ScholarDigital Library
- R. Kelsey and P. Hudak. 1989. Realistic Compilation by Program Transformation (Detailed Summary). In Proceedings of the 16th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL ’89). Association for Computing Machinery, New York, NY, USA. 281–292. isbn:0897912942 https://doi.org/10.1145/75277.75302 Google ScholarDigital Library
- Andrew Kennedy. 2007. Compiling with Continuations, Continued. In Proceedings of the 12th ACM SIGPLAN International Conference on Functional Programming (ICFP ’07). ACM, New York, NY, USA. 177–190. isbn:978-1-59593-815-2 https://doi.org/10.1145/1291151.1291179 Google ScholarDigital Library
- Ramana Kumar, Magnus O. Myreen, Michael Norrish, and Scott Owens. 2014. CakeML: A Verified Implementation of ML. SIGPLAN Not., 49, 1 (2014), Jan., 179–191. issn:0362-1340 https://doi.org/10.1145/2578855.2535841 Google ScholarDigital Library
- Xavier Leroy. 2009. Formal verification of a realistic compiler. Commun. ACM, 52, 7 (2009), 107–115. http://xavierleroy.org/publi/compcert-CACM.pdfGoogle ScholarDigital Library
- Xavier Leroy. 2009. A formally verified compiler back-end. Journal of Automated Reasoning, 43, 4 (2009), 363–446. http://xavierleroy.org/publi/compcert-backend.pdfGoogle ScholarCross Ref
- Xavier Leroy, Damien Doligez, Alain Frisch, Jacques Garrigue, Didier Rémy, and Jérôme Vouillon. 2020. The OCaml system release 4.11. Available electronically at https://coq.inria.fr/refmanGoogle Scholar
- Xavier Leroy and Hervé Grall. 2009. Coinductive Big-Step Operational Semantics. Inf. Comput., 207, 2 (2009), Feb., 284–304. issn:0890-5401 https://doi.org/10.1016/j.ic.2007.12.004 Google ScholarDigital Library
- Jacob Matthews and Robert Bruce Findler. 2007. Operational Semantics for Multi-Language Programs. In Proceedings of the 34th Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL ’07). Association for Computing Machinery, New York, NY, USA. 3–10. isbn:1595935754 https://doi.org/10.1145/1190216.1190220 Google ScholarDigital Library
- Luke Maurer, Paul Downen, Zena M. Ariola, and Simon Peyton Jones. 2017. Compiling Without Continuations. In Proceedings of the 38th ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI 2017). ACM, New York, NY, USA. 482–494. isbn:978-1-4503-4988-8 https://doi.org/10.1145/3062341.3062380 Google ScholarDigital Library
- Eric Mullen, Stuart Pernsteiner, James R. Wilcox, Zachary Tatlock, and Dan Grossman. 2018. Œ uf: Minimizing the Coq Extraction TCB. In Proceedings of the 7th ACM SIGPLAN International Conference on Certified Programs and Proofs (CPP 2018). Association for Computing Machinery, New York, NY, USA. 172–185. isbn:9781450355865 https://doi.org/10.1145/3167089 Google ScholarDigital Library
- Juan Antonio Navarro Pérez and Andrey Rybalchenko. 2011. Separation logic + superposition calculus = heap theorem prover. In PLDI. 556–566.Google Scholar
- Georg Neis, Chung-Kil Hur, Jan-Oliver Kaiser, Craig McLaughlin, Derek Dreyer, and Viktor Vafeiadis. 2015. Pilsner: A Compositionally Verified Compiler for a Higher-Order Imperative Language. In Proceedings of the 20th ACM SIGPLAN International Conference on Functional Programming (ICFP 2015). Association for Computing Machinery, New York, NY, USA. 166–178. isbn:9781450336697 https://doi.org/10.1145/2784731.2784764 Google ScholarDigital Library
- Scott Owens, Magnus O. Myreen, Ramana Kumar, and Yong Kiam Tan. 2016. Functional Big-Step Semantics. In Programming Languages and Systems, Peter Thiemann (Ed.). Springer Berlin Heidelberg, Berlin, Heidelberg. 589–615. isbn:978-3-662-49498-1Google Scholar
- Scott Owens, Michael Norrish, Ramana Kumar, Magnus O. Myreen, and Yong Kiam Tan. 2017. Verifying Efficient Function Calls in CakeML. Proc. ACM Program. Lang., 1, ICFP (2017), Article 18, Aug., 27 pages. issn:2475-1421 https://doi.org/10.1145/3110262 Google ScholarDigital Library
- Zoe Paraskevopoulou and Andrew W. Appel. 2019. Closure Conversion is Safe for Space. Proc. ACM Program. Lang., 3, ICFP (2019), Article 83, July, 29 pages. https://doi.org/10.1145/3341687 Google ScholarDigital Library
- Zoe Paraskevopoulou and Anvay Grover. 2021. Compiling with Continuations, Correctly. Under submission.Google Scholar
- Daniel Patterson and Amal Ahmed. 2019. The next 700 Compiler Correctness Theorems (Functional Pearl). Proc. ACM Program. Lang., 3, ICFP (2019), Article 85, July, 29 pages. https://doi.org/10.1145/3341689 Google ScholarDigital Library
- James T. Perconti and Amal Ahmed. 2014. Verifying an Open Compiler Using Multi-Language Semantics. In Proceedings of the 23rd European Symposium on Programming Languages and Systems - Volume 8410. Springer-Verlag, Berlin, Heidelberg. 128–148. isbn:9783642548321 https://doi.org/10.1007/978-3-642-54833-8_8 Google ScholarDigital Library
- G.D. Plotkin. 1975. Call-by-name, call-by-value and the λ -calculus. Theoretical Computer Science, 1, 2 (1975), 125 – 159. issn:0304-3975 https://doi.org/10.1016/0304-3975(75)90017-1 Google ScholarCross Ref
- Tahina Ramananandro, Zhong Shao, Shu-Chun Weng, Jérémie Koenig, and Yuchen Fu. 2015. A Compositional Semantics for Verified Separate Compilation and Linking. In Proceedings of the 2015 Conference on Certified Programs and Proofs (CPP ’15). Association for Computing Machinery, New York, NY, USA. 3–14. isbn:9781450332965 https://doi.org/10.1145/2676724.2693167 Google ScholarDigital Library
- Leonardo Rodríguez, Miguel Pagano, and Daniel Fridlender. 2016. Proving Correctness of a Compiler Using Step-indexed Logical Relations. Electronic Notes in Theoretical Computer Science, 323 (2016), 07, 197–214. https://doi.org/10.1016/j.entcs.2016.06.013 Google ScholarDigital Library
- Andre Santos. 1995. Compilation by transformation for non-strict functional languages. Ph.D. Dissertation. University of Glasgow. https://www.microsoft.com/en-us/research/publication/compilation-transformation-non-strict-functional-languages/Google Scholar
- Olivier Savary Bélanger and Andrew W. Appel. 2017. Shrink Fast Correctly!. In Proceedings of the 19th International Symposium on Principles and Practice of Declarative Programming (PPDP ’17). Association for Computing Machinery, New York, NY, USA. 49–60. isbn:9781450352918 https://doi.org/10.1145/3131851.3131859 Google ScholarDigital Library
- Olivier Savary Bélanger, Matthew Z. Weaver, and Andrew W. Appel. 2019. Certified Code Generation from CPS to C. Oct., https://www.cs.princeton.edu/ appel/papers/CPStoC.pdfGoogle Scholar
- Zhong Shao and Andrew W. Appel. 1994. Space-Efficient Closure Representations. In Proceedings of the 1994 ACM Conference on LISP and Functional Programming (LFP ’94). Association for Computing Machinery, New York, NY, USA. 150–161. isbn:0897916433 https://doi.org/10.1145/182409.156783 Google ScholarDigital Library
- Zhong Shao and Andrew W. Appel. 2000. Efficient and Safe-for-Space Closure Conversion. ACM Trans. Program. Lang. Syst., 22, 1 (2000), Jan., 129–161. issn:0164-0925 https://doi.org/10.1145/345099.345125 Google ScholarDigital Library
- Youngju Song, Minki Cho, Dongjoo Kim, Yonghyun Kim, Jeehoon Kang, and Chung-Kil Hur. 2019. CompCertM: CompCert with C-Assembly Linking and Lightweight Modular Verification. Proc. ACM Program. Lang., 4, POPL (2019), Article 23, Dec., 31 pages. https://doi.org/10.1145/3371091 Google ScholarDigital Library
- Matthieu Sozeau, Simon Boulier, Yannick Forster, Nicolas Tabareau, and Théo Winterhalter. 2019. Coq Coq correct! Verification of Type Checking and Erasure for Coq, in Coq. Proc. ACM Program. Lang., 4, POPL (2019), Article 8, Dec., 28 pages. https://doi.org/10.1145/3371076 Google ScholarDigital Library
- Guy L. Steele. 1978. Rabbit: A Compiler for Scheme. USA.Google ScholarDigital Library
- Gordon Stewart, Lennart Beringer, and Andrew W. Appel. 2012. Verified Heap Theorem Prover by Paramodulation. In Proceedings of the 17th ACM SIGPLAN International Conference on Functional Programming (ICFP ’12). Association for Computing Machinery, New York, NY, USA. 3–14. isbn:9781450310543 https://doi.org/10.1145/2364527.2364531 Google ScholarDigital Library
- Gordon Stewart, Lennart Beringer, Santiago Cuellar, and Andrew W. Appel. 2015. Compositional CompCert. In Proceedings of the 42Nd Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL ’15). ACM, New York, NY, USA. 275–287. isbn:978-1-4503-3300-9 https://doi.org/10.1145/2676726.2676985 Google ScholarDigital Library
- Yong Kiam Tan, Magnus O. Myreen, Ramana Kumar, Anthony Fox, Scott Owens, and Michael Norrish. 2016. A New Verified Compiler Backend for CakeML. In International Conference on Functional Programming (ICFP). ACM Press, 60–73. https://doi.org/10.1145/2951913.2951924 Invited to special issue of Journal of Functional Programming. Google ScholarDigital Library
- Yong Kiam Tan, Magnus O. Myreen, Ramana Kumar, Anthony Fox, Scott Owens, and Michael Norrish. 2019. The verified CakeML compiler backend. Journal of Functional Programming, 29 (2019), Article e2, https://doi.org/10.1017/S0956796818000229 Google ScholarCross Ref
- Amin Timany, Léo Stefanesco, Morten Krogh-Jespersen, and Lars Birkedal. 2017. A Logical Relation for Monadic Encapsulation of State: Proving Contextual Equivalences in the Presence of runST. Proc. ACM Program. Lang., 2, POPL (2017), Article 64, Dec., 28 pages. issn:2475-1421 https://doi.org/10.1145/3158152 Google ScholarDigital Library
- Jean Vuillemin. 1978. A Data Structure for Manipulating Priority Queues. Commun. ACM, 21, 4 (1978), April, 309–315. issn:0001-0782 https://doi.org/10.1145/359460.359478 Google ScholarDigital Library
- Yuting Wang, Pierre Wilke, and Zhong Shao. 2019. An Abstract Stack Based Approach to Verified Compositional Compilation to Machine Code. Proc. ACM Program. Lang., 3, POPL (2019), Article 62, Jan., 30 pages. https://doi.org/10.1145/3290375 Google ScholarDigital Library
Index Terms
- Compositional optimizations for CertiCoq
Recommendations
A simple separate compilation mechanism for block-structured languages
A very simple and efficient technique for the introduction of separate compilation facilities into compilers for block-structured languages is presented. Using this technique, programs may be compiled in parts while the compile-time checking advantages ...
Source-to-Source Compilation via Submodules
ELS2016: Proceedings of the 9th European Lisp Symposium on European Lisp SymposiumRacket's macro system enables language extension and definition primarily for programs that are run on the Racket virtual machine, but macro facilities are also useful for implementing languages and compilers that target different platforms. Even when ...
Lightweight verification of separate compilation
POPL '16: Proceedings of the 43rd Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming LanguagesMajor compiler verification efforts, such as the CompCert project, have traditionally simplified the verification problem by restricting attention to the correctness of whole-program compilation, leaving open the question of how to verify the ...
Comments