Syntactic Proofs of Compositional Compiler Correctness

Semantic preservation by compilers for higher-order languages can be veriï¬ed using simple syntactic methods. At the heart of classic techniques are relations between source-level and target-level values. Unfortunately, these relations are speciï¬c to particular compilers, leading to correctness theorems that have nothing to say about linking programs with functions compiled by other compilers or written by hand in the target language. Theorems based on logical relations manage to avoid this problem, but at a cost: standard logical relations do not apply directly to programs with non-termination or impurity, and extensions to handle those features are relatively complicated, compared to the classical compiler veriï¬cation literature.

In this paper, we present a new approach to â€œopenâ€ compiler correctness theorems that is â€œsyntacticâ€ in the sense that the core relations do not refer to semantics. Though the technique is much more elementary than previous proposals, it scales up nicely to realistic languages. In particular, untyped and impure programs may be handled simply, while previous work has addressed neither in this context.

Our approach is based on the observation that it is an unnecessary handicap to consider proofs as black boxes. We identify some theorem-speciï¬c proof skeletons, such that we can deï¬ne an algebra of nondeterministic compilations and their proofs, and we can compose any two compilations to produce a correct-by-construction result. We have prototyped these ideas with a Coq implementation of multiple CPS translations for an untyped Mini-ML source language with recursive functions, sums, products, mutable references, and exceptions.