Validation of Optimizing Compilers

There is a growing awareness, both in industry and academia, of the crucial role of formally proving the correctness of safety-critical components of systems. Most formal verification methods verify the correctness of a high-level representation of the system against a given specification. However, if one wishes to infer from such a verification the correctness of the code which runs on the actual target architecture, it is essential to prove that the high-level representation is correctly implemented at the lower level. That is, it is essential to verify the the correctness of the translation from the high-level source-code representation to the object code, a translation which is typically performed by a compiler (or a code generator in case the source is a specification rather than a programming language). Formally verifying a full-fledged optimizing compiler, as one would verify any other large program, is not feasible due to its size, ongoing evolution and modification, and, possibly, proprietary considerations. The translation validation method used in this paper is a novel approach that offers an alternative to the verification of translators in general and compilers in particular. According to the translation validation approach, rather than verifying the compiler itself, one constructs a validation tool which, after every run of the compiler, formally confirms that the target code produced on that run is a correct translation of the source program. The paper presents a methodology for translation validation of optimizing compilers. We distinguish between structure preserving optimizations, for which we establish simulation relation between source and target based on computational induction, and structure modifying optimizations, for which we develop specialized “meta-rules”. We present some examples that illustrate the use of the methodology, including a “real-life” validation of an EPIC compiler which uncovered a bug in the compiler. ? This research was supported in part by the Minerva Center for Verification of Reactive Systems, a gift from Intel, a grant from the German Israel Foundation for Scientific Research and Development, and ONR grant N00014-99-1-0131.