A formally verified compiler for lustre

Timothy Bourke; Lélio Brun; Pierre Évariste Dagand; Xavier Leroy; Marc Pouzet; Lionel Rieg

doi:10.1145/3062341.3062358

A formally verified compiler for lustre

Timothy Bourke
, Lélio Brun
, Pierre Évariste Dagand
, Xavier Leroy
, Marc Pouzet
, Lionel Rieg

École Polytechnique

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

Abstract

The correct compilation of block diagram languages like Lustre, Scade, and a discrete subset of Simulink is important since they are used to program critical embedded control software. We describe the specification and verification in an Interactive Theorem Prover of a compilation chain that treats the key aspects of Lustre: sampling, nodes, and delays. Building on CompCert, we show that repeated execution of the generated assembly code faithfully implements the dataflow semantics of source programs. We resolve two key technical challenges. The first is the change from a synchronous dataflow semantics, where programs manipulate streams of values, to an imperative one, where computations manipulate memory sequentially. The second is the verified compilation of an imperative language with encapsulated state to C code where the state is realized by nested records. We also treat a standard control optimization that eliminates unnecessary conditional statements. Copyright is held by the owner/author(s).

Original language	English
Title of host publication	PLDI 2017 - Proceedings of the 38th ACM SIGPLAN Conference on Programming Language Design and Implementation
Editors	Albert Cohen, Martin Vechev
Publisher	Association for Computing Machinery
Pages	586-601
Number of pages	16
ISBN (Electronic)	9781450349888
DOIs	https://doi.org/10.1145/3062341.3062358
Publication status	Published - 14 Jun 2017
Event	38th ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI 2017 - Barcelona, Spain Duration: 18 Jun 2017 → 23 Jun 2017

Publication series

Name	Proceedings of the ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI)
Volume	Part F128414

Conference

Conference	38th ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI 2017
Country/Territory	Spain
City	Barcelona
Period	18/06/17 → 23/06/17

Keywords

Formally verified compilation
Interactive theorem proving (Coq)
Synchronous languages (Lustre)

Access to Document

10.1145/3062341.3062358

Cite this

Bourke, T., Brun, L., Dagand, P. É., Leroy, X., Pouzet, M., & Rieg, L. (2017). A formally verified compiler for lustre. In A. Cohen, & M. Vechev (Eds.), PLDI 2017 - Proceedings of the 38th ACM SIGPLAN Conference on Programming Language Design and Implementation (pp. 586-601). (Proceedings of the ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI); Vol. Part F128414). Association for Computing Machinery. https://doi.org/10.1145/3062341.3062358

Bourke, Timothy ; Brun, Lélio ; Dagand, Pierre Évariste et al. / A formally verified compiler for lustre. PLDI 2017 - Proceedings of the 38th ACM SIGPLAN Conference on Programming Language Design and Implementation. editor / Albert Cohen ; Martin Vechev. Association for Computing Machinery, 2017. pp. 586-601 (Proceedings of the ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI)).

@inproceedings{782e05cd9a67414f8e2d9195080084c1,

title = "A formally verified compiler for lustre",

abstract = "The correct compilation of block diagram languages like Lustre, Scade, and a discrete subset of Simulink is important since they are used to program critical embedded control software. We describe the specification and verification in an Interactive Theorem Prover of a compilation chain that treats the key aspects of Lustre: sampling, nodes, and delays. Building on CompCert, we show that repeated execution of the generated assembly code faithfully implements the dataflow semantics of source programs. We resolve two key technical challenges. The first is the change from a synchronous dataflow semantics, where programs manipulate streams of values, to an imperative one, where computations manipulate memory sequentially. The second is the verified compilation of an imperative language with encapsulated state to C code where the state is realized by nested records. We also treat a standard control optimization that eliminates unnecessary conditional statements. Copyright is held by the owner/author(s).",

keywords = "Formally verified compilation, Interactive theorem proving (Coq), Synchronous languages (Lustre)",

author = "Timothy Bourke and L{\'e}lio Brun and Dagand, \{Pierre {\'E}variste\} and Xavier Leroy and Marc Pouzet and Lionel Rieg",

year = "2017",

month = jun,

day = "14",

doi = "10.1145/3062341.3062358",

language = "English",

series = "Proceedings of the ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI)",

publisher = "Association for Computing Machinery",

pages = "586--601",

editor = "Albert Cohen and Martin Vechev",

booktitle = "PLDI 2017 - Proceedings of the 38th ACM SIGPLAN Conference on Programming Language Design and Implementation",

note = "38th ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI 2017 ; Conference date: 18-06-2017 Through 23-06-2017",

}

Bourke, T, Brun, L, Dagand, PÉ, Leroy, X, Pouzet, M & Rieg, L 2017, A formally verified compiler for lustre. in A Cohen & M Vechev (eds), PLDI 2017 - Proceedings of the 38th ACM SIGPLAN Conference on Programming Language Design and Implementation. Proceedings of the ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI), vol. Part F128414, Association for Computing Machinery, pp. 586-601, 38th ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI 2017, Barcelona, Spain, 18/06/17. https://doi.org/10.1145/3062341.3062358

A formally verified compiler for lustre. / Bourke, Timothy; Brun, Lélio; Dagand, Pierre Évariste et al.
PLDI 2017 - Proceedings of the 38th ACM SIGPLAN Conference on Programming Language Design and Implementation. ed. / Albert Cohen; Martin Vechev. Association for Computing Machinery, 2017. p. 586-601 (Proceedings of the ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI); Vol. Part F128414).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - A formally verified compiler for lustre

AU - Bourke, Timothy

AU - Brun, Lélio

AU - Dagand, Pierre Évariste

AU - Leroy, Xavier

AU - Pouzet, Marc

AU - Rieg, Lionel

PY - 2017/6/14

Y1 - 2017/6/14

N2 - The correct compilation of block diagram languages like Lustre, Scade, and a discrete subset of Simulink is important since they are used to program critical embedded control software. We describe the specification and verification in an Interactive Theorem Prover of a compilation chain that treats the key aspects of Lustre: sampling, nodes, and delays. Building on CompCert, we show that repeated execution of the generated assembly code faithfully implements the dataflow semantics of source programs. We resolve two key technical challenges. The first is the change from a synchronous dataflow semantics, where programs manipulate streams of values, to an imperative one, where computations manipulate memory sequentially. The second is the verified compilation of an imperative language with encapsulated state to C code where the state is realized by nested records. We also treat a standard control optimization that eliminates unnecessary conditional statements. Copyright is held by the owner/author(s).

AB - The correct compilation of block diagram languages like Lustre, Scade, and a discrete subset of Simulink is important since they are used to program critical embedded control software. We describe the specification and verification in an Interactive Theorem Prover of a compilation chain that treats the key aspects of Lustre: sampling, nodes, and delays. Building on CompCert, we show that repeated execution of the generated assembly code faithfully implements the dataflow semantics of source programs. We resolve two key technical challenges. The first is the change from a synchronous dataflow semantics, where programs manipulate streams of values, to an imperative one, where computations manipulate memory sequentially. The second is the verified compilation of an imperative language with encapsulated state to C code where the state is realized by nested records. We also treat a standard control optimization that eliminates unnecessary conditional statements. Copyright is held by the owner/author(s).

KW - Formally verified compilation

KW - Interactive theorem proving (Coq)

KW - Synchronous languages (Lustre)

U2 - 10.1145/3062341.3062358

DO - 10.1145/3062341.3062358

M3 - Conference contribution

AN - SCOPUS:85025163024

T3 - Proceedings of the ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI)

SP - 586

EP - 601

BT - PLDI 2017 - Proceedings of the 38th ACM SIGPLAN Conference on Programming Language Design and Implementation

A2 - Cohen, Albert

A2 - Vechev, Martin

PB - Association for Computing Machinery

T2 - 38th ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI 2017

Y2 - 18 June 2017 through 23 June 2017

ER -

Bourke T, Brun L, Dagand PÉ, Leroy X, Pouzet M, Rieg L. A formally verified compiler for lustre. In Cohen A, Vechev M, editors, PLDI 2017 - Proceedings of the 38th ACM SIGPLAN Conference on Programming Language Design and Implementation. Association for Computing Machinery. 2017. p. 586-601. (Proceedings of the ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI)). doi: 10.1145/3062341.3062358

A formally verified compiler for lustre

Abstract

Publication series

Conference

Keywords

Access to Document

Fingerprint

Cite this