Provably Correct Code Generation: A Case Study

1993

The paper presents a practical verification tool that helps in the development of provably correct compilers. The tool is based on the approach of proving termination of PROLOG-like programs using term-rewriting techniques and a technique of testing whether a given PROLOG program can be soundly executed on PROLOG interpreters without the Occur-check test. The tool has been built on top of the theorem prover, RRL (Rewrite Rule Laboratory).

2012

Here we are interested in the semantics of Forth from the point of view of using Forth as a target language for a formally verified compiler for Ruth-R, a reversible sequential programming language we are currently developing. We limit out attention to those Forth operations and constructs which will be targetted by the Ruth-R compiler. To facilitate the comparison of meanings of source and target languages, we represent the semantics of Forth code by translation into a form which can be described using the ”prospective value” semantics we use for Ruth-R.

Theory and Practice of Logic Programming, 2015

Many recent analyses for conventional imperative programs begin by transforming programs into logic programs, capitalising on existing LP analyses and simple LP semantics. We propose using logic programs as an intermediate program representation throughout the compilation process. With restrictions ensuring determinism and single-modedness, a logic program can easily be transformed to machine language or other low-level language, while maintaining the simple semantics that makes it suitable as a language for program analysis and transformation. We present a simple LP language that enforces determinism and single-modedness, and show that it makes a convenient program representation for analysis and transformation.

This paper reports on the development and formal verification (proof of semantic preservation) of CompCert, a compiler from Clight (a large subset of the C programming language) to PowerPC assembly code, using the Coq proof assistant both for programming the compiler and for proving its correctness. Such a verified compiler is useful in the context of critical software and its formal verification: the verification of the compiler guarantees that the safety properties proved on the source code hold for the executable compiled code as well.

Proceedings 1997 High-Assurance Engineering Workshop

This pa.per describes how automatic transformation technology can be used to construct a verified conipilcr for an impcrative language. Our approach is to "transformationally" pass a source program through a. series of canonical forms cach of which correspond to sonic goal or objective in the compilation process (e.g., introduction of rcgistcrs, simplification of expressions, \h'c describe a dcriotational semantic based framework in which it is possible to verify the correctness of transformations; The correctness of the compilcr follows from the corrcctncss of tkic transformations. ctc.).

Journal of Automated Reasoning, 2009

This article describes the development and formal verification (proof of semantic preservation) of a compiler back-end from Cminor (a simple imperative intermediate language) to PowerPC assembly code, using the Coq proof assistant both for programming the compiler and for proving its soundness. Such a verified compiler is useful in the context of formal methods applied to the certification of critical software: the verification of the compiler guarantees that the safety properties proved on the source code hold for the executable compiled code as well.

This paper reports on the development and formal certification (proof of semantic preservation) of a compiler from Cminor (a C-like imperative language) to PowerPC assembly code, using the Coq proof assistant both for programming the compiler and for proving its correctness. Such a certified compiler is useful in the context of formal methods applied to the certification of critical software: the certification of the compiler guarantees that the safety properties proved on the source code hold for the executable compiled code as well.

Lecture Notes in Computer Science, 2013

We present an error calculus to support a novel specification mechanism for sound and/or complete safety properties that are to be given by users. With such specifications, our calculus can form a foundation for both proving program safety and/or discovering real bugs. The basis of our calculus is an algebra with a lattice domain of four abstract statuses (namely unreachability, validity, must-error and may-error) on possible program states and four operators for this domain to calculate suitable program status. We show how proof search and error localization can be supported by our calculus. Our calculus can also be extended to separation logic with support for user-defined predicates and lemmas. We have implemented our calculus in an automated verification tool for pointer-based programs. Initial experiments have confirmed that it can achieve the dual objectives, namely of safety proving and bug finding, with modest overheads.

Theory and Practice of Logic Programming

This paper surveys recent work on applying analysis and transformation techniques that originate in the field of constraint logic programming (CLP) to the problem of verifying software systems. We present specialization-based techniques for translating verification problems for different programming languages, and in general software systems, into satisfiability problems for constrained Horn clauses (CHCs), a term that has become popular in the verification field to refer to CLP programs. Then, we describe static analysis techniques for CHCs that may be used for inferring relevant program properties, such as loop invariants. We also give an overview of some transformation techniques based on specialization and fold/unfold rules, which are useful for improving the effectiveness of CHC satisfiability tools. Finally, we discuss future developments in applying these techniques.

Programming Language Implementation and Logic Programming, Proc. International Workshop PLILP '90, 1990

A compiler may be specified as a set of theorems, each describing how a construct in the programming language is translated into a sequence of machine instructions. The machine may be specified as an interpreter written in the programming language itself. Using refinement algebra, it can then be verified that interpreting a compiled program is the same or better than executing the original source program. The compiling specification is very similar to a logic program and thus a prototype compiler (and interpreter) may easily be produced in a language such as Prolog. A subset of the occam programming language and the transputer instruction set are used to illustrate the approach. An advantage of the method is that new programming constructs can be added without necessarily affecting existing development work.

2008

The ideal goal of this grand challenge should be a future in which no production software is considered properly engineered unless it has been fully specified and fully verified as satisfying its specifications. The verifying compiler then becomes the essential central artifact necessary to achieve this outcome, and its characteristics are determined by the overall goal. From this perspective, the nature of programming languages that a verifying compiler could process becomes an immediate issue, and we present several critical features that such a programming language must possess. Specifically, it must include specifications as an integral constituent, and it must have clean semantics, which preclude unexpected side-effecting, aliasing, etc. It must include mechanisms for writing reusable components that are amenable to verification, and consequently, it must include an open-ended mechanism for adding arbitrarily sophisticated mathematical theories in order to specify large software components concisely. Because the current programming languages lack these essential characteristics, the verifying compiler grand challenge will not be met unless it redirects its focus to include the development of a suitable programming language within which full verification is possible.

1998

We describe a formalization of the meta-mathematics of programming in a higher-order logical calculus as a means to create verifiably correct implementations of program synthesis tools. Using reflected notions of programming concepts we can specify the actions of synthesis methods within the object language of the calculus and prove formal theorems about their behavior. The theorems serve as derived inference rules implementing the kernel of these methods in a flexible, safe, efficient and comprehensible way. We demonstrate the advantages of using formal mathematics in support of program development systems through an example in which we formalize a strategy for deriving global search algorithms from formal specifications.

2007

We describe a semantic type soundness result, formalized in the Coq proof assistant, for a compiler from a simple imperative language with heap-allocated data into an idealized assembly language. Types in the high-level language are interpreted as binary relations, built using both second-order quantification and a form of separation structure, over stores and code pointers in the low-level machine.

2010

This paper describes a novel technique for the synthesis of imperative programs. Automated program synthesis has the potential to make programming and the design of systems easier by allowing programs to be specified at a higher-level than executable code. In our approach, which we call proof-theoretic synthesis, the user provides an input-output functional specification, a description of the atomic operations in the programming language, and a specification of the synthesized program's looping structure, allowed stack space, and bound on usage of certain operations. Our technique synthesizes a program, if there exists one, that meets the inputoutput specification and uses only the given resources.