Certifying Compilation and Run-Time Code Generation

A certifying compiler takes a source language program and produces object code as well as a certi cate that can be used to verify that the object code satis es desirable prop erties such as type safety and memory safety Certifying compilation helps to increase both compiler robustness and program safety Compiler robustness is improved since some compiler errors can be caught by checking the object code against the certi cate immediately after compilation Pro gram safety is improved because the object code and certi cate alone are su cient to establish safety even if the object code and certi cate are produced on an unknown machine by an unknown compiler and sent over an untrusted net work safe execution is guaranteed as long as the code and certi cate pass the veri er Existing work in certifying compilation has addressed statically generated code In this paper we extend this to code generated at run time Our goal is to combine certi fying compilation with run time code generation to produce programs that are both veri ably safe and extremely fast To achieve this goal we present two new languages with ex plicit run time code generation constructs Cyclone a type safe dialect of C and TAL T a type safe assembly language We have designed and implemented a system that translates a safe C program into Cyclone which is then compiled to TAL T and nally assembled into executable object code This paper focuses on our overall approach and the front end of our system details about TAL T will appear in a subsequent paper