CompCertELF: verified separate compilation of C programs into ELF object files

Wang, Yuting; Xu, Xiangzhe; Wilke, Pierre; Shao, Zhong

doi:10.1145/3428265

Cited by 13 publications

(11 citation statements)

References 30 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…We repeat this experiment for 30 times on a machine with Intel(R) i7-4980HQ CPU@2.8 GHz and 16 GB memory. For comparison, we conduct the same experiments on the hand-written encoder and decoder in the X86-32 back-end of Com-pCertELF [20]. The results are shown in Table 3.…”

Section: Discussionmentioning

confidence: 99%

“…Consistency is essential for verification of machine code because it guarantees that manipulation and reasoning over the abstract syntax of instructions can be mirrored precisely onto their binary forms. For example, verification of assemblers requires that instruction decoding reverts the assembling (encoding) process [20]. However, the previously proposed approaches to verifying instruction encoders and decoders all fail to establish consistency: to handle the complexity of instruction formats (especially that of CISC architectures), they employ expressive but ambiguous specifications such as context-free grammars or variants of regular expressions, from which it is impossible to derive consistent encoders and decoders.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Automatic Generation and Validation of Instruction Encoders and Decoders

Jin-hua

Wang

et al. 2021

Computer Aided Verification

Self Cite

View full text Add to dashboard Cite

Verification of instruction encoders and decoders is essential for formalizing manipulation of machine code. The existing approaches cannot guarantee the critical consistency property, i.e., that an encoder and its corresponding decoder are mutual inverses of each other. We observe that consistent encoder-decoder pairs can be automatically derived from bijections inherently embedded in instruction formats. Based on this observation, we develop a framework for writing specifications that capture these bijections, for automatically generating encoders and decoders from these specifications, and for formally validating the consistency and soundness of the generated encoders and decoders by synthesizing proofs in Coq and discharging verification conditions using SMT solvers. We apply this framework to a subset of X86-32 instructions to illustrate its effectiveness in these regards. We also demonstrate that the generated encoders and decoders have reasonable performance.

show abstract

Section: Discussionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Automatic Generation and Validation of Instruction Encoders and Decoders

Jin-hua

Wang

et al. 2021

Computer Aided Verification

Self Cite

View full text Add to dashboard Cite

show abstract

“…The correctness proof was later extended, in version 2.7, to account for separate compilation and linking, following [24]. There have been proposals for more ambitious formalizations of the linking process [49], even implementing a verified linker for a subset of ELF on the x86-32 architecture [56]; 40 Specifying and proving correct a general ELF linker is itself a fairly ambitious project [26].…”

Section: Assembling and Linkingmentioning

confidence: 99%

The Trusted Computing Base of the CompCert Verified Compiler

Monniaux¹,

Boulmé²

2022

Preprint

View full text Add to dashboard Cite

CompCert is the first realistic formally verified compiler: it provides a machine-checked mathematical proof that the code it generates matches the source code. Yet, there could be loopholes in this approach. We comprehensively analyze aspects of CompCert where errors could lead to incorrect code being generated. Possible issues range from the modeling of the source and the target languages to some techniques used to call external algorithms from within the compiler.

show abstract

“…The CompCert memory model is infinite, whereas our representation of arrays in Verilog is inherently finite. There have already been efforts to define a general finite memory model for all intermediate languages in CompCert, such as CompCertS [Besson et al 2018] or CompCert-TSO [Ševčík et al 2013], or keeping the intermediate languages intact and translate to a more concrete finite memory model in the back end, such as in CompCertELF [Wang et al 2020]. We also define such a translation from CompCert's standard infinite memory model to finite arrays that can be represented in Verilog.…”

Section: Memory Modelmentioning

confidence: 99%

Formal verification of high-level synthesis

Herklotz

Pollard

Ramanathan

et al. 2021

Proc. ACM Program. Lang.

View full text Add to dashboard Cite

High-level synthesis (HLS), which refers to the automatic compilation of software into hardware, is rapidly gaining popularity. In a world increasingly reliant on application-specific hardware accelerators, HLS promises hardware designs of comparable performance and energy efficiency to those coded by hand in a hardware description language such as Verilog, while maintaining the convenience and the rich ecosystem of software development. However, current HLS tools cannot always guarantee that the hardware designs they produce are equivalent to the software they were given, thus undermining any reasoning conducted at the software level. Furthermore, there is mounting evidence that existing HLS tools are quite unreliable, sometimes generating wrong hardware or crashing when given valid inputs. To address this problem, we present the first HLS tool that is mechanically verified to preserve the behaviour of its input software. Our tool, called Vericert, extends the CompCert verified C compiler with a new hardware-oriented intermediate language and a Verilog back end, and has been proven correct in Coq. Vericert supports most C constructs, including all integer operations, function calls, local arrays, structs, unions, and general control-flow statements. An evaluation on the PolyBench/C benchmark suite indicates that Vericert generates hardware that is around an order of magnitude slower (only around 2× slower in the absence of division) and about the same size as hardware generated by an existing, optimising (but unverified) HLS tool.

show abstract

CompCertELF: verified separate compilation of C programs into ELF object files

Cited by 13 publications

References 30 publications

Automatic Generation and Validation of Instruction Encoders and Decoders

Automatic Generation and Validation of Instruction Encoders and Decoders

The Trusted Computing Base of the CompCert Verified Compiler

Formal verification of high-level synthesis

Contact Info

Product

Resources

About