Relaxing safely: verified on-the-fly garbage collection for x86-TSO

Gammie, Peter; Hosking, Antony L.; Engelhardt, Kai

doi:10.1145/2737924.2738006

Cited by 19 publications

(22 citation statements)

References 41 publications

(64 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Both GCMinor and our work focus on compilation for single processors, and so our GC algorithm and its related proofs work only for the non-concurrent setting. State-of-the-art, concurrent GCs have also been verified (Gammie et al, 2015), although that work was not done in the context of verified compilation.…”

Section: Discussion Of Related Workmentioning

confidence: 99%

The verified CakeML compiler backend

Tan¹,

Myreen²,

Kumar³

et al. 2019

J. Funct. Prog.

View full text Add to dashboard Cite

The CakeML compiler is, to the best of our knowledge, the most realistic verified compiler for a functional programming language to date. The architecture of the compiler, a sequence of intermediate languages through which high-level features are compiled away incrementally, enables verification of each compilation pass at an appropriate level of semantic detail. Parts of the compiler’s implementation resemble mainstream (unverified) compilers for strict functional languages, and it supports several important features and optimisations. These include efficient curried multi-argument functions, configurable data representations, efficient exceptions, register allocation, and more. The compiler produces machine code for five architectures: x86-64, ARMv6, ARMv8, MIPS-64, and RISC-V. The generated machine code contains the verified runtime system which includes a verified generational copying garbage collector and a verified arbitrary precision arithmetic (bignum) library. In this paper, we present the overall design of the compiler backend, including its 12 intermediate languages. We explain how the semantics and proofs fit together and provide detail on how the compiler has been bootstrapped inside the logic of a theorem prover. The entire development has been carried out within the HOL4 theorem prover.

show abstract

Section: Discussion Of Related Workmentioning

confidence: 99%

The verified CakeML compiler backend

Tan¹,

Myreen²,

Kumar³

et al. 2019

J. Funct. Prog.

View full text Add to dashboard Cite

show abstract

“…Verification of Garbage Collection Algorithms. Schism [Gammie et al 2015;Pizlo et al 2010] is a certified concurrent collector built in a Java VM that services multi-core architectures with weak memory consistency. McCreight et al [2010McCreight et al [ , 2007 introduced GCminor, which is a certified translation step added to CompCert's translation from Clight to assembly.…”

Section: Related Workmentioning

confidence: 99%

Certifying graph-manipulating C programs via localizations within data structures

Wang

Cao

Mohan

et al. 2019

Proc. ACM Program. Lang.

View full text Add to dashboard Cite

We develop powerful and general techniques to mechanically verify realistic programs that manipulate heaprepresented graphs. These graphs can exhibit well-known organization principles, such as being a directed acyclic graph or a disjoint-forest; alternatively, these graphs can be totally unstructured. The common thread for such structures is that they exhibit deep intrinsic sharing and can be expressed using the language of graph theory. We construct a modular and general setup for reasoning about abstract mathematical graphs and use separation logic to define how such abstract graphs are represented concretely in the heap. We develop a Localize rule that enables modular reasoning about such programs, and show how this rule can support existential quantifiers in postconditions and smoothly handle modified program variables. We demonstrate the generality and power of our techniques by integrating them into the Verified Software Toolchain and certifying the correctness of seven graph-manipulating programs written in CompCert C, including a 400-line generational garbage collector for the CertiCoq project. While doing so, we identify two places where the semantics of C is too weak to define generational garbage collectors of the sort used in the OCaml runtime. Our proofs are entirely machine-checked in Coq.

show abstract

“…There has been much work on verifying runtime system components such as garbage collectors [5], [7], [18] and thread schedulers [11] using program logics. We view our work complementary to these efforts.…”

Section: E Verified Runtimesmentioning

confidence: 99%

Static Enforcement of Security in Runtime Systems

Pedersen

Askarov

2019

2019 IEEE 32nd Computer Security Foundations Symposium (CSF)

View full text Add to dashboard Cite

Underneath every modern programming language is a runtime environment (RTE) that handles features such as automatic memory management and thread scheduling. In the information-flow control (IFC) literature, the RTE is often part of the trusted computing base (TCB), and there has been little focus on applying IFC to the implementation of the RTE itself. In this paper we address this problem by designing an IFC language, Zee, for implementing secure RTEs, thereby removing the RTE from the TCB. We implement Zee and design and implement secure versions of garbage collectors and thread schedulers using Zee. We also prove that a faithful calculus of Zee satisfies a strong variant of timing-sensitive noninterference.

show abstract

Relaxing safely: verified on-the-fly garbage collection for x86-TSO

Cited by 19 publications

References 41 publications

The verified CakeML compiler backend

The verified CakeML compiler backend

Certifying graph-manipulating C programs via localizations within data structures

Static Enforcement of Security in Runtime Systems

Contact Info

Product

Resources

About