Abstract
This paper presents a novel formal semantics, mechanized in Coq, for a large, sequential subset of the LLVM IR. In contrast to previous approaches, which use relationally-specified operational semantics, this new semantics is based on monadic interpretation of interaction trees, a structure that provides a more compositional approach to defining language semantics while retaining the ability to extract an executable interpreter. Our semantics handles many of the LLVM IR's non-trivial language features and is constructed modularly in terms of event handlers, including those that deal with nondeterminism in the specification. We show how this semantics admits compositional reasoning principles derived from the interaction trees equational theory of weak bisimulation, which we extend here to better deal with nondeterminism, and we use them to prove that the extracted reference interpreter faithfully refines the semantic model. We validate the correctness of the semantics by evaluating it on unit tests and LLVM IR programs generated by HELIX.
Highlights
The CompCert [Leroy 2009] C compiler was pivotal to the history of verified compilation, paving the way to large-scale software verification of real-world programming languages [Ringer et al 2019]
We focus on the LLVM framework [Lattner and Adve 2004] because it is an attractive target for formal verification: it is a widely used, industrial-strength codebase; its intermediate representation (IR) provides a comparatively small and reasonably well-defined core language; and many of its analyses, program transformations, and optimizations, operate entirely at the level of the LLVM IR itself
We present VIR, a compositional, modular and executable formal semantics in Coq for a realistic sequential subset of LLVM IR
Summary
The CompCert [Leroy 2009] C compiler was pivotal to the history of verified compilation, paving the way to large-scale software verification of real-world programming languages [Ringer et al 2019]. We draw on classic ideas about how to structure monadic interpreters [Steele 1994] and make heavy use of interaction trees [Xia et al 2020], a recent Coq formalism that provides (1) expressive monadic combinators for defining compositional semantics, (2) effect handlers for the modular interpretation of effectful programs, and (3) a coinductive implementation that can be extracted into an executable definitional interpreter These features allow for a strong separation of concerns: each syntactic sub-component can be given a selfcontained meaning, and each effect of the language can be defined in isolation via an effect handler.
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
