This work presents a model JIT with dynamic generation of native code, implemented and formally verified in Coq. Traditional static compilers like CompCert have been mechanized in proof assistants, but JITs have been scarcely formalized so far, partly due to their impure nature and their numerous components.
Such compilers are complex pieces of software with various components, and greatly rely on a precise interplay between the different languages being executed, including on-stack-replacement. Although some time is spent compiling dynamically, this mechanism makes for much faster times for the remaining of the program execution. But after a while, JITs dynamically produce native code for parts of the program they execute often. For faster startup times and to observe the initial behavior of an execution, interpretation can be initially used.
Modern Just-in-Time compilers (or JITs) typically interleave several mechanisms to execute a program. We have demonstrated the effectiveness of our framework for implementation and for verification through two file system implementations. The refinement theorem connecting the two semantics allows the compiler to produce a proof via translation validation certifying the correctness of the generated C code with respect to the semantics of the Cogent source program. Moreover, it allows us to assign two semantics to the language: The first semantics is imperative, suitable for efficient C code generation, and the second is purely functional, providing a user-friendly interface for equational reasoning and verification of higher-level correctness properties. A central aspect of the language is its uniqueness type system, which eliminates the need for a trusted runtime or garbage collector while still guaranteeing memory safety, a crucial property for safety and security. The framework is designed around a new functional programming language, Cogent.
This paper presents a framework aimed at significantly reducing the cost of proving functional correctness for low-level operating systems components.
0 kommentar(er)
