Proving the correctness of a compiler

Xavier Leroy

Collège de France and Inria Paris Abstract

Formal semantics of programming languages supports not only reasoning over individual programs (program correctness), but also reasoning over program transformations and static analyses, as typically found in compilers (tool correctness). With the help of a proof assistant, we can prove semantic preservation properties of program transformations and semantic soundness properties of static analyses that greatly increase the confidence we can have in compilers and program verification tools.

The course illustrates these ideas on a simple compiler for IMP (a simple imperative language), formalized and proved correct using the Coq proof assistant.

Course material

The slides for the lectures.

A ZIP archive containing all the Coq sources. Do make -f CoqMakefile to compile.

The Coq sources, pretty-printed and HTML-formatted:

IMP: the source language and its semantics.

Compil: the compiler and its correctness proofs.

Constprop: an optimization: constant propagation optimization

Deadcode: another optimization: dead code elimination via liveness analysis

Fixpoints: more on fixpoints and static analysis

Sequences: a library of definitions and lemmas about sequences of transitions.

Introductory reading

Xavier Leroy. Formal verification of a realistic compiler, Comm. ACM 52(7):107-115, 2009.

Further reading

Xavier.Leroy@college-de-france.fr