Verifying Compiler Transformations for Concurrent Programs

Compilers transform programs, either to optimize performance orto translate language-level constructs into hardware primitives. Forconcurrent programs, ensuring that a transformation preserves thesemantics of the input program can be challenging. In particu-lar, the emitted code must correctly emulate the semantics of thelanguage-level memory model when running on hardware with arelaxed memory model.In this paper, we present a novel proof methodology for prov-ing the soundness of compiler transformations for concurrent pro-grams. Our methodology is based on a new formalization of mem-ory models as dynamic rewrite rules on event streams. We imple-ment our proof methodology in a first-of-its-kind semi-automatedtool called Traver to verify or falsify compiler transformations. Us-ing Traver, we prove or refute the soundness of several commonlyused compiler transformations for various memory models. In thisprocess, we find subtle bugs in the CLR JIT compiler and in theJSR-133 Java JIT compiler recommendations.