Credible Compilation by Darko Marinov

This thesis describes a theoretical framework for building compilers that generate formal guarantees that they work correctly. Traditional compilers provide no such guarantees-given an original source program, a traditional compiler generates only a transformed executable program. The only way to investigate the correctness of a compilation is to run the transformed program on some sample inputs. Even if the transformed program generates expected results for these inputs, it does not ensure that the transformed program is indeed equivalent to the original program for all inputs. Most previous research on compiler correctness focused on developing compilers that are guaranteed to correctly translate every original program. It is extremely difficult, however, to verify that a complex code, which implements a compiler, is correct. Therefore, a novel approach was proposed: instead of verifying a compiler, verify the result of each single compilation. We require the compiler to generate a transformed program and some additional information that enables a simple verifier to check the compilation. We call this approach credible compilation. This thesis presents a formal framework for the credible compilation of imperative programming languages. Each transformation generates, in addition to a transformed program, a set of standard invariants and contexts, which the compiler uses to prove that its analysis results are correct, and a set of simulation invariants and contexts, which the compiler uses to prove that the transformed program is equivalent to the original program. The compiler has also to generate a proof for all the invariants and contexts. We describe in detail the structure of a verifier that checks the compiler results. The verifier first uses standard and simulation verification-condition generators to symbolically execute the original and transformed programs and generate a verification condition. The verifier then uses a proof checker to verify that the supplied proof indeed proves that verification condition. If the proof fails, the particular compilation is potentially not correct. Our framework supports numerous intraprocedural transformations and some interprocedural transformations. Thesis Supervisor: Martin C. Rinard Title: Associate Professor