Abstract
A key ingredient contributing to the success of CompCert, the state-of-the-art verified compiler for C, is its block-based memory model, which is used uniformly for all of its languages and their verified compilation. However, CompCert's memory model lacks an explicit notion of stack. Its target assembly language represents the runtime stack as an unbounded list of memory blocks, making further compilation of CompCert assembly into more realistic machine code difficult since it is not possible to merge these blocks into a finite and continuous stack. Furthermore, various notions of verified compositional compilation rely on some kind of mechanism for protecting private stack data and enabling modification to the public stack-allocated data, which is lacking in the original CompCert. These problems have been investigated but not fully addressed before, in the sense that some advanced optimization passes that significantly change the ways stack blocks are (de-)allocated, such as tailcall recognition and inlining, are often omitted.
We propose a lightweight and complete solution to the above problems. It is based on the enrichment of CompCert's memory model with an abstract stack that keeps track of the history of stack frames to bound the stack consumption and that enforces a uniform stack access policy by assigning fine-grained permissions to stack memory. Using this enriched memory model for all the languages of CompCert, we are able to reprove the correctness of the full compilation chain of CompCert, including all the optimization passes. In the end, we get Stack-Aware CompCert, a complete extension of CompCert that enforces the finiteness of the stack and fine-grained stack permissions.
Based on Stack-Aware CompCert, we develop CompCertMC, the first extension of CompCert that compiles into a low-level language with flat memory spaces. Based on CompCertMC, we develop Stack-Aware CompCertX, a complete extension of CompCert that supports a notion of compositional compilation that we call contextual compilation by exploiting the uniform stack access policy provided by the abstract stack.
Supplemental Material
- Roberto M. Amadio, Nicolas Ayache, Francois Bobot, Jaap P. Boender, Brian Campbell, Ilias Garnier, Antoine Madet, James McKinna, Dominic P. Mulligan, Mauro Piccolo, Randy Pollack, Yann Régis-Gianas, Claudio Sacerdoti Coen, Ian Stark, and Paolo Tranquilli. 2014. Certified Complexity (CerCo). In Foundational and Practical Aspects of Resource Analysis, Ugo Dal Lago and Ricardo Peña (Eds.). Springer International Publishing, Cham, 1–18.Google Scholar
- Andrew Appel. 2011. Verified Software Toolchain. In Proc. 20th European Symposium on Programming (ESOP’11), Gilles Barthe (Ed.). LNCS, Vol. 6602. Springer, Saarbrucken, Germany, 1–17. Google ScholarDigital Library
- Andrea Asperti, Wilmer Ricciotti, Claudio Sacerdoti Coen, and Enrico Tassi. 2011. The Matita Interactive Theorem Prover. In Proc. 23rd International Conference on Automated Deduction (CADE’11). Springer-Verlag, Berlin, Heidelberg, 64–69. Google ScholarDigital Library
- Frédéric Besson, Sandrine Blazy, and Pierre Wilke. 2017. CompCertS: A Memory-Aware Verified C Compiler Using Pointer as Integer Semantics. In Interactive Theorem Proving, Mauricio Ayala-Rincón and César A. Muñoz (Eds.). Springer International Publishing, Cham, 81–97.Google Scholar
- Sandrine Blazy, Zaynah Dargaye, and Xavier Leroy. 2006. Formal Verification of a C Compiler Front-end. In Proceedings of the 14th International Conference on Formal Methods (FM’06). Springer-Verlag, Berlin, Heidelberg, 460–475. Google ScholarDigital Library
- Quentin Carbonneaux, Jan Hoffmann, Tahina Ramananandro, and Zhong Shao. 2014. End-to-End Verification of Stack-Space Bounds for C Programs. In Proc. 2014 ACM Conference on Programming Language Design and Implementation (PLDI’14). ACM, New York, 270–281. Google ScholarDigital Library
- Ronghui Gu, Jeremie Koenig, Tahina Ramananandro, Zhong Shao, Xiongnan(Newman) Wu, Shu-Chun Weng, Haozhong Zhang, and Yu Guo. 2014. Deep Specifications and Certified Abstraction Layers. Yale Univ. Technical Report YALEU/DCS/TR-1500; http://flint.cs.yale.edu/publications/dscal.html .Google Scholar
- Ronghui Gu, Jeremie Koenig, Tahina Ramananandro, Zhong Shao, Xiongnan(Newman) Wu, Shu-Chun Weng, Haozhong Zhang, and Yu Guo. 2015. Deep Specifications and Certified Abstraction Layers. In Proc. 42nd ACM Symposium on Principles of Programming Languages (POPL’15). ACM, New York, 595–608. Google ScholarDigital Library
- Ronghui Gu, Zhong Shao, Hao Chen, Xiongnan (Newman) Wu, Jieung Kim, Vilhelm Sjöberg, and David Costanzo. 2016. CertiKOS: An Extensible Architecture for Building Certified Concurrent OS Kernels. In Proc. 12th USENIX Symposium on Operating Systems Design and Implementation (OSDI’16). USENIX Association, GA, 653–669. Google ScholarDigital Library
- Ronghui Gu, Zhong Shao, Jieung Kim, Xiongnan (Newman) Wu, Jeremie Koenig, Vilhelm Sjober, Hao Chen, David Costanzo, and Tahnia Ramananandro. 2018. Certified Concurrent Abstraction Layers. In Proc. 2018 ACM Conference on Programming Language Design and Implementation (PLDI’18). ACM, New York, 646–661. Google ScholarDigital Library
- Jeehoon Kang, Yoonseung Kim, Chung-Kil Hur, Derek Dreyer, and Viktor Vafeiadis. 2016. Lightweight verification of separate compilation. In Proc. 43rd ACM Symposium on Principles of Programming Languages (POPL’16). ACM, New York, 178–190. Google ScholarDigital Library
- Ramana Kumar, Magnus O. Myreen, Michael Norrish, and Scott Owens. 2014. CakeML: A Verified Implementation of ML. In Proc. 41st ACM Symposium on Principles of Programming Languages (POPL’14). ACM, New York, NY, USA, 179–191. Google ScholarDigital Library
- Xavier Leroy. 2005–2014. The CompCert verified compiler. http://compcert.inria.fr/ .Google Scholar
- Xavier Leroy. 2009a. Formal verification of a realistic compiler. Commun. ACM 52, 7 (2009), 107–115. Google ScholarDigital Library
- Xavier Leroy. 2009b. A formally verified compiler back-end. Journal of Automated Reasoning 43, 4 (2009), 363–446. Google ScholarDigital Library
- Xavier Leroy, Andrew W. Appel, Sandrine Blazy, and Gordon Stewart. 2012. The CompCert Memory Model, Version 2. Research Report RR-7987. INRIA. 26 pages. https://hal.inria.fr/hal- 00703441Google Scholar
- Xavier Leroy and Sandrine Blazy. 2008. Formal verification of a C-like memory model and its uses for verifying program transformation. Journal of Automated Reasoning 41, 1 (2008), 1–31. Google ScholarDigital Library
- Greg Morrisett, Gang Tan, Joseph Tassarotti, Jean-Baptiste Tristan, and Edward Gan. 2012. RockSalt: Better, Faster, Stronger SFI for the x86. In Proc. 2012 ACM Conference on Programming Language Design and Implementation (PLDI’12). ACM, New York, NY, USA, 395–404. Google ScholarDigital Library
- Jaroslav Sevcík, Viktor Vafeiadis, Francesco Zappa Nardelli, Suresh Jagannathan, and Peter Sewell. 2011. Relaxed-memory concurrency and verified compilation. In Proc. 38th ACM Symposium on Principles of Programming Languages (POPL’11). ACM, New York, 43–54. Google ScholarDigital Library
- Jaroslav Sevcík, Viktor Vafeiadis, Francesco Zappa Nardelli, Suresh Jagannathan, and Peter Sewell. 2013. CompCertTSO: A Verified Compiler for Relaxed-Memory Concurrency. J. ACM 60, 3 (2013), 22:1–22:50. Google ScholarDigital Library
- Gordon Stewart. 2015. Verified Separate Compilation for C. Ph.D. Dissertation. Princeton University.Google Scholar
- Gordon Stewart, Lennart Beringer, Santiago Cuellar, and Andrew W. Appel. 2015. Compositional CompCert. In Proc. 42nd ACM Symposium on Principles of Programming Languages (POPL’15). ACM, New York, 275–287. Google ScholarDigital Library
- Gang Tan and Greg Morrisett. 2018. Bidirectional Grammars for Machine-Code Decoding and Encoding. Journal of Automated Reasoning 60, 3 (2018), 257–277. Google ScholarDigital Library
Index Terms
- An abstract stack based approach to verified compositional compilation to machine code
Recommendations
Verified compilation on a verified processor
PLDI 2019: Proceedings of the 40th ACM SIGPLAN Conference on Programming Language Design and ImplementationDeveloping technology for building verified stacks, i.e., computer systems with comprehensive proofs of correctness, is one way the science of programming languages furthers the computing discipline. While there have been successful projects verifying ...
From Verified Compilation to Secure Compilation: a Semantic Approach
PLAS'20: Proceedings of the 15th Workshop on Programming Languages and Analysis for SecurityA formally verified compiler is a compiler that comes with a machine-checked proof that no bug is introduced during compilation. This correctness property states that the compiler preserves the semantics of programs. Formally verified compilers ...
Linear capabilities for fully abstract compilation of separation-logic-verified code
Separation logic is a powerful program logic for the static modular verification of imperative programs. However, dynamic checking of separation logic contracts on the boundaries between verified and untrusted modules is hard, because it requires one to ...
Comments