Verification of Code Generators Using Term Rewriting Systems

Code generators for modern compilers are difficult to construct. To build a code generator that produces correct target code, we require detailed knowledge of the intermediate representation (IR) generated by the compiler’s front-end and intimate knowledge of the instruction set available on the target machine. We then put this knowledge to use by mapping the individual IR instructions to a sequence of target instructions that are identical in meaning. That is, the semantics of the original program and thus the original IR instructions that make up the program are preserved by this mapping. Unfortunately, it is often the case that errors are introduced by an incorrect mapping that results in the generation of incorrect code. Usually these incorrect code sequences can only be detected by compiling complete programs and testing their execution on some finite number of test cases. Because these test cases are finite, they are not sufficient to guarantee that our code generator will produce correct code in all cases. To guarantee correctness we require a general mechanism that will allow us to reason about the meaning of an IR instruction and the meaning of the target instruction sequence to determine if they are semantically identical. This reasoning procedure should not only allow us to reason about the meaning of instructions, but should do so in an automated fashion. An automated reasoning framework that will allow us to accomplish this task is known as term rewriting systems. Using a set of rules that define semantic equivalence a term rewriting system can be used to determine if the meaning of one instruction is identical to another. For this to be possible, a term rewriting system must satisfy two important properties: termination and confluence. In this paper we present an automated reasoning system based on term rewriting systems that allows us to verify the correctness of code generators. We introduce a formal machine model that provides the basis for defining instruction semantics. We use this model to define a set of equations that are processed by a well known procedure called completion to produce a set of rewrite rules that are terminating and confluent. These rules are then used to rewrite our instruction semantics into unique normal forms. These normal forms can then be used to determine if a set of instructions is equivalent in meaning to another. PISA, a prototype system implementing these techniques, shows that a terminating and confluent term rewriting system can be generated from a set of equations defining semantic equivalence for instructions. These rules are then used by a rewriting inference procedure to show that the equivalence of instruction semantics can be determined efficiently.