Book contents
- Frontmatter
- Dedication
- Contents
- Road map
- Acknowledgments
- 1 Introduction
- I Generic separation logic
- II Higher order separation logic
- III Separation logic for CompCert
- IV Operational semantics of CompCert
- 31 CompCert
- 32 The CompCert memory model
- 33 How to specify a compiler
- 34 C light operational semantics
- V Higher-order semantic models
- VI Semantic model and soundness of Verifiable C
- VII Applications
- Bibliography
- Index
31 - CompCert
from IV - Operational semantics of CompCert
Published online by Cambridge University Press: 05 August 2014
- Frontmatter
- Dedication
- Contents
- Road map
- Acknowledgments
- 1 Introduction
- I Generic separation logic
- II Higher order separation logic
- III Separation logic for CompCert
- IV Operational semantics of CompCert
- 31 CompCert
- 32 The CompCert memory model
- 33 How to specify a compiler
- 34 C light operational semantics
- V Higher-order semantic models
- VI Semantic model and soundness of Verifiable C
- VII Applications
- Bibliography
- Index
Summary
Program logics for certified compilers: We prove that the program logic is sound with respect to the operational semantics of a source language—meaning that if the program logic proves some claim about the observable behavior of a program, then the source program actually respects that claim when interpreted in the source-language semantics. But computers don't directly execute source-language semantics: we also need a proof about the correctness of an interpreter or a compiler.
CompCert (compilateur certifié in French) is a formally verified optimizing compiler for the C language, translating to assembly language for various machines (Intel x86, ARM, PowerPC) [62]. Like most optimizing compilers, it translates in several sequential phases through a sequence of intermediate languages. Unlike most compilers, each of these intermediate languages has a formal specification written down in Coq as an operational semantics. Each phase is proved correct: the form of the proof is a simulation theorem expressing that the observable behavior of the target program corresponds to the observable behavior of the source program. The composition of all these per-phase simulation theorems gives the compiler correctness theorem.
Although there had been formally verified compilers before [67, 36, 61, 60], CompCert is an important breakthrough for several reasons:
Language: One of Leroy's goals has been that CompCert should be able to compile real high-assurance embedded C programs, such as the avionics software for a commercial jetliner. Such software is not trivially modified: any tweak to the software—let alone rewriting it in another language—requires months or years of rebuilding an assurance case.
- Type
- Chapter
- Information
- Program Logics for Certified Compilers , pp. 233 - 236Publisher: Cambridge University PressPrint publication year: 2014