A certified framework for compiling and executing garbage-collected languages

McCreight, Andrew; Chevalier, Tim; Tolmach, Andrew

doi:10.1145/1863543.1863584

Cited by 30 publications

(10 citation statements)

References 23 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Garbage Collection GCMinor (McCreight et al 2010) is an intermediate language with GC primitives, that can be compiled down to CMinor with calls to a verified GC. They do not run into the same problem as we do because register allocation occurs in CompCert after CMinor.…”

Section: Detailed Comparison With Previous Compilermentioning

confidence: 99%

A new verified compiler backend for CakeML

et al. 2016

View full text Add to dashboard Cite

We have developed and mechanically verified a new compiler backend for CakeML. Our new compiler features a sequence of intermediate languages that allows it to incrementally compile away high-level features and enables verification at the right levels of semantic detail. In this way, it resembles mainstream (unverified) compilers for strict functional languages. The compiler supports efficient curried multi-argument functions, configurable data representations, exceptions that unwind the call stack, register allocation, and more. The compiler targets several architectures: x86-64, ARMv6, ARMv8, MIPS-64, and RISC-V.In this paper, we present the overall structure of the compiler, including its 12 intermediate languages, and explain how everything fits together. We focus particularly on the interaction between the verification of the register allocator and the garbage collector, and memory representations. The entire development has been carried out within the HOL4 theorem prover.

show abstract

Section: Detailed Comparison With Previous Compilermentioning

confidence: 99%

A new verified compiler backend for CakeML

et al. 2016

View full text Add to dashboard Cite

show abstract

“…Any higher-level intermediate stage would introduce source-language dependence. Cminor is used in other work as a natural target in the CompCert stack for compiling various source languages [31].…”

Section: Cminor Compcert and Infrastructurementioning

confidence: 99%

Portable Software Fault Isolation

Kroll

Stewart

Appel

2014

2014 IEEE 27th Computer Security Foundations Symposium

View full text Add to dashboard Cite

We present a new technique for architecture portable software fault isolation (SFI), together with a prototype implementation in the Coq proof assistant. Unlike traditional SFI, which relies on analysis of assembly-level programs, we analyze and rewrite programs in a compiler intermediate language, the Cminor language of the CompCert C compiler. But like traditional SFI, the compiler remains outside of the trusted computing base. By composing our program transformer with the verified back-end of CompCert and leveraging CompCert's formally proved preservation of the behavior of safe programs, we can obtain binary modules that satisfy the SFI memory safety policy for any of CompCert's supported architectures (currently: PowerPC, ARM, and x86-32). This allows the same SFI analysis to be used across multiple architectures, greatly simplifying the most difficult part of deploying trustworthy SFI systems.

show abstract

“…They prove in Coq that various collectors implement this interface, and that various mutator programs respect it. In more recent work, McCreight et al [19] extend Leroy's Compcert compiler [18] with support for garbage collection, by building the mutator-collector interface into the design of a new intermediate language, GCminor. They prove semantics preservation (mostly) for a compiler from a purely functional, typed language-Dminor-to GCminor, but (as in Compcert) not compositional correctness.…”

Section: Kripke Logical Relationsmentioning

confidence: 99%

“…Of particular note is Leroy's Compcert project [18], in which he used the Coq proof assistant to both program and verify a multi-pass optimizing compiler from Cminor (a C-like intermediate language) to PowerPC assembly. Dargaye [13] has adapted the Compcert framework to a compiler for a pure mini-ML language, and McCreight et al [19] have extended it to support interfacing with a garbage collector. Independently, Chlipala [10,12] has developed verified compilers for both pure and impure functional core languages, the former garbage-collected, with a focus on using custom Coq tactics to provide significant automation of verification.…”

Section: Introductionmentioning

confidence: 99%

A kripke logical relation between ML and assembly

Hur

Dreyer

2011

SIGPLAN Not.

View full text Add to dashboard Cite

There has recently been great progress in proving the correctness of compilers for increasingly realistic languages with increasingly realistic runtime systems. Most work on this problem has focused on proving the correctness of a particular compiler, leaving open the question of how to verify the correctness of assembly code that is hand-optimized or linked together from the output of multiple compilers. This has led Benton and other researchers to propose more abstract, compositional notions of when a low-level program correctly realizes a high-level one. However, the state of the art in so-called "compositional compiler correctness" has only considered relatively simple high-level and low-level languages.In this paper, we propose a novel, extensional, compilerindependent notion of equivalence between high-level programs in an expressive, impure ML-like λ-calculus and low-level programs in an (only slightly) idealized assembly language. We define this equivalence by means of a biorthogonal, step-indexed, Kripke logical relation, which enables us to reason quite flexibly about assembly code that uses local state in a different manner than the high-level code it implements (e.g., self-modifying code). In contrast to prior work, we factor our relation in a symmetric, languagegeneric fashion, which helps to simplify and clarify the formal presentation, and we also show how to account for the presence of a garbage collector. Our approach relies on recent developments in Kripke logical relations for ML-like languages, in particular the idea of possible worlds as state transition systems.

show abstract

A certified framework for compiling and executing garbage-collected languages

Cited by 30 publications

References 23 publications

A new verified compiler backend for CakeML

A new verified compiler backend for CakeML

Portable Software Fault Isolation

A kripke logical relation between ML and assembly

Contact Info

Product

Resources

About