| Credible Compilation | |
| Date | Friday, 19JAN01 |
| Time | 2-3pm |
| Speaker | Darko Marinov |
| Affiliation | MIT LCS |
| Abstract | This
talk presents a theoretical framework for building compilers that generate
formal guarantees that they work correctly. Traditional compilers provide
no such guarantees---given an original source program, a traditional compiler
generates only a transformed executable program. The only way to investigate
the correctness of a compilation is to run the transformed program on some
sample inputs. Even if the transformed program generates expected results
for these inputs, it does not ensure that the transformed program is indeed
equivalent to the original program for all inputs. Most previous research on compiler correctness focused on developing compilers that are guaranteed to correctly translate every original program. It is extremely difficult, however, to verify that a complex code, which implements a compiler, is correct. Therefore, a novel approach was proposed: instead of verifying a compiler, verify the result of each single compilation. We require the compiler to generate a transformed program and some additional information that enables a simple verifier to check the compilation. We call this approach credible compilation. This talk presents a formal framework for the credible compilation of imperative programming languages. Each transformation generates, in addition to a transformed program, a set of standard invariants and contexts, which the compiler uses to prove that its analysis results are correct, and a set of simulation invariants and contexts, which the compiler uses to prove that the transformed program is equivalent to the original program. The compiler has also to generate a proof for all the invariants and contexts. We describe in detail the structure of a verifier that checks the compiler results. The verifier first uses standard and simulation verification-condition generators to symbolically execute the original and transformed programs and generate a verification condition. The verifier then uses a proof checker to verify that the supplied proof indeed proves that verification condition. If the proof fails, the particular compilation is potentially not correct. Our framework supports numerous intraprocedural transformations and some interprocedural transformations. This is joint work with Martin Rinard. |
| Location | 545 Technology Square (aka "NE43") |
| Room | 8th Floor Playroom |
| Bio | |