Formalizing the LLVM intermediate representation for verified program transformations

Zhao, Jian-Zhou; Nagarakatte, Santosh; Martin, Milo M. K.; Zdancewic, Steve

doi:10.1145/2103656.2103709

Cited by 118 publications

(23 citation statements)

References 41 publications

(26 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The Standard ML language variant CakeML (Kumar et al, 2014) has a verified compiler in HOL4 with a certified machine-code implementation produced by bootstrapping (applying the compiler to itself). Using the Vellvm (Zhao et al, 2012) framework in Coq, proof engineers can reason about transformations on the LLVM intermediate language representation.…”

Section: Certified Compilersmentioning

confidence: 99%

QED at Large: A Survey of Engineering of Formally Verified Software

Ringer

Palmskog

Sergey

et al. 2019

FNT in Programming Languages

View full text Add to dashboard Cite

Development of formal proofs of correctness of programs can increase actual and perceived reliability and facilitate better understanding of program specifications and their underlying assumptions. Tools supporting such development have been available for over 40 years, but have only recently seen wide practical use. Projects based on construction of machine-checked formal proofs are now reaching an unprecedented scale, comparable to large software projects, which leads to new challenges in proof development and maintenance. Despite its increasing importance, the field of proof engineering is seldom considered in its own right; related theories, techniques, and tools span many fields and venues. This survey of the literature presents a holistic understanding of proof engineering for program correctness, covering impact in practice, foundations, proof automation, proof organization, and practical proof development.

show abstract

Section: Certified Compilersmentioning

confidence: 99%

QED at Large: A Survey of Engineering of Formally Verified Software

Ringer

Palmskog

Sergey

et al. 2019

FNT in Programming Languages

View full text Add to dashboard Cite

show abstract

“…In the first lecture we cover course texts (Compilers: principles, techniques and tools [1]) and Real World OCaml [6]), an overview of Compiler Technology (introducing concepts of lexing, parsing into AST representation, desugaring, semantic analysis, linearisation to SSA, high level optimization, RTL level optimization, and ABI conformance). A special focus was given to miscompilation and correctness (GNU C lexing [4], LLVM SSA optimizations [9]), and the CompCert C certified compiler [8]). The use of compilation techniques outside compilers were covered, such as the general use of parsers, transformations and optimizations.…”

Section: Lecture By Lecture Breakdownmentioning

confidence: 99%

“…8 Variables are of unbound integer type, Booleans are constants (and cannot be assigned/stored for sake of simplicity). 9 For any terminating program there exists a fueling parameter rendering a correct final configuration (as the "imp" language at hand does not model execution errors).…”

mentioning

confidence: 99%

Introducing Certified Compilation in Education by a Functional Language Approach

Lindgren

Lindner

Fitinghoff

2019

Electron. Proc. Theor. Comput. Sci.

View full text Add to dashboard Cite

Classes on compiler technology are commonly found in Computer Science curricula, covering aspects of parsing, semantic analysis, intermediate transformations and target code generation. This paper reports on introducing certified compilation techniques through a functional language approach in an introductory course on Compiler Construction. Targeting students with little or no experience in formal methods, the proof process is highly automated using the Why3 framework. Underlying logic, semantic modelling and proofs are introduced along with exercises and assignments leading up to a formally verified compiler for a simplistic imperative language.This paper covers the motivation, course design, tool selection, and teaching methods, together with evaluations and suggested improvements from the perspectives of both students and teachers.

show abstract

“…We conjecture that our reinterpretation techniques can be generalized to most passes of CompCert down to assembly. While we leave such generalization as future work, some guarantees from C to assembly can be derived by instrumenting CompCert [Barthe et al 2014] and LLVM [Almeida et al 2016b;Zhao et al 2012Zhao et al , 2013 and turning them into certifying (rather than certified) compilers where security guarantees are statically rechecked on the compiled code through translation validation, thus re-establishing them independently of source-level security proofs. In this case, rather than being fully preserved down to the compiled code, Low * -level proofs are still useful to practically reduce the risk of failures in translation validation.…”

Section: From C * To Compcert Clight and Beyondmentioning

confidence: 99%

Verified low-level programming embedded in F*

Protzenko

Zinzindohoué

Rastogi

et al. 2017

Proc. ACM Program. Lang.

View full text Add to dashboard Cite

We present Low * , a language for low-level programming and verification, and its application to high-assurance optimized cryptographic libraries. Low * is a shallow embedding of a small, sequential, well-behaved subset of C in F * , a dependently-typed variant of ML aimed at program verification. Departing from ML, Low * does not involve any garbage collection or implicit heap allocation; instead, it has a structured memory model à la CompCert, and it provides the control required for writing efficient low-level security-critical code. By virtue of typing, any Low * program is memory safe. In addition, the programmer can make full use of the verification power of F * to write high-level specifications and verify the functional correctness of Low * code using a combination of SMT automation and sophisticated manual proofs. At extraction time, specifications and proofs are erased, and the remaining code enjoys a predictable translation to C. We prove that this translation preserves semantics and side-channel resistance. We provide a new compiler back-end from Low * to C and, to evaluate our approach, we implement and verify various cryptographic algorithms, constructions, and tools for a total of about 28,000 lines of code, specification and proof. We show that our Low * code delivers performance competitive with existing (unverified) C cryptographic libraries, suggesting our approach may be applicable to larger-scale low-level software.

show abstract

Formalizing the LLVM intermediate representation for verified program transformations

Cited by 118 publications

References 41 publications

QED at Large: A Survey of Engineering of Formally Verified Software

QED at Large: A Survey of Engineering of Formally Verified Software

Introducing Certified Compilation in Education by a Functional Language Approach

Verified low-level programming embedded in F*

Contact Info

Product

Resources

About