The Compcert certified compiler back-end

Commented Coq development

Version 0.2, 2006-01-07

Introduction

The Compcert back-end is a compiler that generates PowerPC assembly code from a low-level intermediate language called Cminor and a slightly more expressive intermediate language called Csharpminor. The particularity of this compiler is that it is written mostly within the specification language of the Coq proof assistant, and its correctness --- the fact that the generated assembly code is semantically equivalent to its source program --- was entirely proved within the Coq proof assistant.

A high-level overview of the Compcert back-end and its proof of correctness can be found in the following paper:

Xavier Leroy, Formal certification of a compiler back-end, or: programming a compiler with a proof assistant. Proceedings of the POPL 2006 symposium.

This Web site gives a commented listing of the underlying Coq specifications and proofs. Proof scripts and the parts of the compiler written directly in Caml are omitted. This development is a work in progress; some parts may have changed since the overview paper above was written.

This document and all Coq source files referenced from it are copyright 2005, 2006 Institut National de Recherche en Informatique et en Automatique (INRIA) and distributed under the terms of the GNU General Public License version 2.

Libraries, algorithms, data structures

Coqlib: addendum to the Coq standard library. (Coq source file with proofs: Coqlib.v.)
Maps: finite maps. (Coq source file with proofs: Maps.v.)
Sets: finite sets.
Union-find: representation of equivalence classes. (Coq source file with proofs: union_find.v.)
Inclusion: tactics to prove list inclusions.
AST: identifiers, whole programs and other common elements of abstract syntaxes. (Coq source file with proofs: AST.v.)
Integers: machine integers. (Coq source file with proofs: Integers.v.)
Floats: machine floating-point numbers.
Mem: the memory model.
Globalenvs: global execution environments.
Op: operators, addressing modes and their semantics.
Ordered: construction of ordered types.
Lattice: construction of semi-lattices.
Kildall: resolution of dataflow inequations by fixpoint iteration.

Source, intermediate and target languages: syntax and semantics

Csharpminor: low-level structured language.
Cminor: low-level structured language, with explicit stack allocation of certain local variables.
RTL: register transfer language (3-address code, control-flow graph, infinitely many pseudo-registers).
See also: Registers (representation of pseudo-registers).
LTL: location transfer language (3-address code, control-flow graph, finitely many physical registers, infinitely many stack slots).
See also: Locations (representation of locations).
Linear: like LTL, but the CFG is replaced by a linear list of instructions with explicit branches and labels.
Mach: like Linear, with a more concrete view of the activation record.
See also: an alternate semantics for the same syntax is given in Machabstr.
PPC: abstract syntax for PowerPC assembly code.

Compiler passes

Pass	Source & target	Compiler code	Correctness proof
Recognition of operators and addressing modes	Csharpminor to Cminor	Cmconstr	Cmconstrproof
Stack allocation of local variables whose address is taken	Csharpminor to Cminor	Cminorgen	Cminorgenproof
Construction of the CFG, 3-address code generation	Cminor to RTL	RTLgen	RTLgenproof1 RTLgenproof
Constant propagation	RTL to RTL	Constprop	Constpropproof
Common subexpression elimination	RTL to RTL	CSE	CSEproof
Register allocation by coloring of an interference graph	RTL to LTL	Conventions InterfGraph Coloring Parallelmove Allocation	Coloringproof Allocproof_aux Allocproof
Branch tunneling	LTL to LTL	Tunneling	Tunnelingproof
Linearization of the CFG	LTL to Linear	Linearize	Linearizeproof
Laying out the activation records	Linear to Mach	Stacking	Stackingproof
Storing the activation records in memory	Mach to Mach	(none)	Machabstr2mach
Emission of PowerPC assembly	Mach to PPC	PPCgen	PPCgenproof1 PPCgenproof

Type systems

Trivial type systems are used to statically capture well-formedness conditions on the intermediate languages.

RTLtyping: typing for RTL + type reconstruction.
LTLtyping: typing for LTL.
Lineartyping: typing for Linear.
Machtyping: typing for Mach.

Proofs that compiler passes are type-preserving:

Alloctyping_aux and Alloctyping (register allocation).
Tunnelingtyping (branch tunneling).
Lineartyping (branch tunneling).
Stackingtyping (layout of activation records).

All together

Main: composing the passes together; the final semantic preservation theorems.

Xavier.Leroy@inria.fr