Refinement through restraint: bringing down the cost of verification

O’Connor, Liam; Chen, Zilin; Rizkallah, Christine; Amani, Sidney; Lim, Japheth; Murray, Toby; Nagashima, Yutaka; Sewell, Thomas; Klein, Gerwin

doi:10.1145/2951913.2951940

Cited by 19 publications

(13 citation statements)

References 32 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The Cogent (O'Connor et al, 2016) language has a proof-producing compiler down to C, which can be further compiled with CompCert, or via translation validation (Sewell et al, 2013). It is a pure, functional and total language, aimed at reasoning for systems programming.…”

Section: Discussion Of Related Workmentioning

confidence: 99%

The verified CakeML compiler backend

Tan¹,

Myreen²,

Kumar³

et al. 2019

J. Funct. Prog.

View full text Add to dashboard Cite

The CakeML compiler is, to the best of our knowledge, the most realistic verified compiler for a functional programming language to date. The architecture of the compiler, a sequence of intermediate languages through which high-level features are compiled away incrementally, enables verification of each compilation pass at an appropriate level of semantic detail. Parts of the compiler’s implementation resemble mainstream (unverified) compilers for strict functional languages, and it supports several important features and optimisations. These include efficient curried multi-argument functions, configurable data representations, efficient exceptions, register allocation, and more. The compiler produces machine code for five architectures: x86-64, ARMv6, ARMv8, MIPS-64, and RISC-V. The generated machine code contains the verified runtime system which includes a verified generational copying garbage collector and a verified arbitrary precision arithmetic (bignum) library. In this paper, we present the overall design of the compiler backend, including its 12 intermediate languages. We explain how the semantics and proofs fit together and provide detail on how the compiler has been bootstrapped inside the logic of a theorem prover. The entire development has been carried out within the HOL4 theorem prover.

show abstract

Section: Discussion Of Related Workmentioning

confidence: 99%

The verified CakeML compiler backend

Tan¹,

Myreen²,

Kumar³

et al. 2019

J. Funct. Prog.

View full text Add to dashboard Cite

show abstract

“…There are many large and successful verification projects that demonstrate that functional languages are well suited for verification. In contrast to our work, these projects require either re-implementing the code in a new functional language, as is the case for Cogent (O'Connor et al, 2016;Amani et al, 2016) and F* (Swamy et al, 2016); re-implementing the code in a proof assistant, such as HOL4 in the case of CakeML Kumar et al, 2014); or taking an SMT solver-based approach, as found in Leon (Blanc et al, 2013). The CakeML and Cogent projects have a different focus than ours, and they provide a higher assurance in their verified code.…”

Section: Translating Other Higher Order Functional Languagesmentioning

confidence: 97%

Ready,`Set`, Verify! Applying`hs-to-coq`to real-world Haskell code

Breitner¹,

Spector-Zabusky

et al. 2021

J. Funct. Prog.

Self Cite

View full text Add to dashboard Cite

Good tools can bring mechanical verification to programs written in mainstream functional languages. We use hs-to-coq to translate significant portions of Haskell’s containers library into Coq, and verify it against specifications that we derive from a variety of sources including type class laws, the library’s test suite, and interfaces from Coq’s standard library. Our work shows that it is feasible to verify mature, widely used, highly optimized, and unmodified Haskell code. We also learn more about the theory of weight-balanced trees, extend hs-to-coq to handle partiality, and – since we found no bugs – attest to the superb quality of well-tested functional code.

show abstract

“…Our work is similar to verify a file system (a similar system API like open, read and write etc.) Pioneering work in file system direction includes FSCQ [30], COGENT [31, 32] and Flashix [33, 34], which are all successful engineering achievements. However, almost all of these jobs need a developer to construct a proof of implementation correctness using theorem tools such as Coq or Isabelle.…”

Section: Related Workmentioning

confidence: 99%