A Machine -Verified Code Generator

A Machine -Verified Code Generator Christoph Walther and Stephan Schweitzer Fachgebiet Programmiermethodik Technische Universit¨ at Darmstadt Abstrac...
Author: Emil Terry
2 downloads 1 Views 300KB Size
A Machine -Verified Code Generator Christoph Walther and Stephan Schweitzer Fachgebiet Programmiermethodik Technische Universit¨ at Darmstadt

Abstract. We consider the machine-supported verification of a code generator computing machine code from WHILE-programs, i.e. abstract syntax trees which may be obtained by a parser from programs of an imperative programming language. We motivate the representation of states developed for the verification, which is crucial for success, as the interpretation of tree-structured WHILE-programs differs significantly in its operation from the interpretation of the linear machine code. This work has been developed for a course to demonstrate to the students the support gained by computer-aided verification in a central subject of computer science, boiled down to the classroom-level. We report about the insights obtained into the properties of machine code as well as the challenges and efforts encountered when verifying the correctness of the code generator. We also illustrate the performance of the X eriFun system that was used for this work.

1

Introduction

We develop the X eriFun system [1],[23], a semi-automated system for the verification of programs written in a functional programming language. One reason for this development originates from our experiences when teaching Formal Methods, Automated Reasoning, Semantics, Verification, and similar subjects. As the motivation of the students largely increases when they can gather practical experiences with the principles and methods taught, X eriFun has been developed as a small, highly portable system with an elaborated user interface and a simple base logic, which nevertheless allows the students to perform ambitious verification case studies within the restricted time frame of a course. The system has been used in practical courses at the graduate level for proving e.g. the correctness of a first-order matching algorithm, the RSA public key encryption algorithm and the unsolvability of the Halting Problem, as well as recently in an undergraduate course about Algorithms and Data Structures, where more than 400 students took their first steps in computer-aided verification of simple statements about Arithmetic and Linear Lists and the verification of algorithms like Insertion Sort and Mergesort, cf. [22], [24]. X eriFun comes as a JAVA application which the students can run on their home PC (whatever platform it may use) after a 1 MB download to work with the system whenever they like to. B

{chr.walther,schweitz}@informatik.tu-darmstadt.de

Technical Report VFR 03/01

This paper is concerned with the verification of a code generator for a simple imperative language. Work on verified code generators and compilers dates back more than 35 years [9]. With the development of elaborated logics and the evolving technology of theorem proving over the years, systems developed that provide a remarkable support for compiler verification as well. Various impressive projects have been carried out which demonstrate well the benefits of certain logical frameworks and their implementation by reasoning systems in this domain. Meanwhile a tremendous amount of literature exists, which excludes an exhaustive account. E.g., [8] presents a case study using the Elf language, [14] uses the HOL system to verify a compiler for an assembly language, [6] and [3] report on compiler verification projects for a subset of CommonLisp using PVS, and [15] verifies a compiler for Prolog with the KIV system. Much work also centers around the Boyer-Moore prover and its successors, e.g. [4], and in one of the largest projects the compilation of an imperative programming language via an assembly language down to machine code is verified, cf. [10], [11], [27]. However, the high performance of these systems also comes with the price of highly elaborated logics and complicated user interfaces, which makes their use difficult for teaching within the restricted time frame of a course (if it is not impossible at all). Furthermore, as almost all of the cited work is concerned with real programming languages and the bits-and-pieces coming with them, it is hard to work out the essential principles and problems from the presentations to demonstrate them in the classroom. And last but not least, it is also difficult (in particular for the students) to assess the effort needed when using a certain tool, as most of the papers do not provide appropriate statistics but refer to large proof scripts in an appendix or to be downloaded from the web for further investigation. The work presented here was prepared (in addition to the material given in [18]) for a course about Semantics and Program Verification to illustrate the principles of state-based semantics and the practical use of formal semantics when developing compilers etc. However, the main focus is to demonstrate the support gained by computer-aided verification in a central subject of computer science education, boiled down to the classroom-level. The code generator computes machine code from abstract syntax trees as used in standard textbooks of formal semantics, e.g. [7], [13], [26]. We report about the insights obtained into the properties of machine code as well as the challenges and efforts encountered when verifying the correctness of this program. We also illustrate the performance of the X eriFun system that was used for this work.

2

WHILE - Programs

The language of WHILE-programs consists of conditional statements, while-loops, assignments, compound statements and statements for doing nothing, and is defined by the data structure WHILE.PROGRAM in Fig. 1. WHILE-programs represent abstract syntax trees which for instance are computed by a compiler from a program conforming to the concrete syntax of a programming language to be 2

structure structure structure structure

VARIABLE