The design and implementation of a certifying compiler

George C. Necula, Peter Lee
2004 SIGPLAN notices  
This paper presents the design and implementation of a compiler that translates programs written in a type-safe subset of the C programming language into highly optimized DEC Alpha assembly language programs, and a certi er that automatically checks the type safety a n d memory safety o f a n y a s s e m bly language program produced by the compiler. The result of the certi er is either a formal proof of type safety or a counterexample pointing to a potential violation of the type system by the
more » ... assembly-language target program. The ensemble of the compiler and the certi er is called a certifying compiler. Several advantages of certifying compilation over previous approaches can be claimed. The notion of a certifying compiler is signi cantly easier to employ than a formal compiler veri cation, in part because it is generally easier to verify the correctness of the result of a computation than to prove the correctness of the computation itself. Also, the approach can be applied even to highly optimizing compilers, as demonstrated by the fact that our compiler generates target code, for a range of realistic C programs, which is competitive w i t h b o t h t h e cc and gcc compilers with all optimizations enabled. The certi er also drastically improves the e ectiveness of compiler testing because, for each test case, it statically signals compilation errors that might otherwise require many executions to detect. Finally, this approach is a practical way to produce the safety proofs for a Proof-Carrying Code system, and thus may be useful in a system for safe mobile code.
doi:10.1145/989393.989454 fatcat:xdts3x3l5jbilf66fgcnvn5omq