Translation Validation of Optimizing Compilers

There is a growing awareness, both in industry and academia, of the crucial role of formally verifying the translation from high-level source-code into lowlevel object code that is typically performed by an optimizing compiler. Formally verifying an optimizing compiler, as one would verify any other large program, is not feasible due to its size, ongoing evolution and modification, and possibly, proprietary considerations. Translation validation is a novel approach that offers an alternative to the verification of translator in general and compilers in particular: Rather than verifying the compiler itself, one constructs a validation tool which, after every run of the compiler, formally confirms that the target code produced in the run is a correct translation of the source program. This thesis work takes an important step towards ensuring an extremely high level of confidence in compilers targeted at EPIC architectures. The dissertation focuses on the translation validation of structure-preserving optimizations, i.e., transformations that do not modify programs’ structure in a major way, which include most of the global optimizations performed by compilers. The first part of the dissertation develops the theory of a correct translation, which provides a precise definition of the notion of a target program being a correct translation of a source program, and the method that formally establishes the correctness of structure preserving transformations based on computational induction. The second part of the dissertation describes a tool that applies the theory of the first part to the automatic validation of global optimizations performed by Intel’s ORC compiler for IA-64 architecture. With minimal instrumentation from the compiler, the tool constructs “verification conditions” – formal theorems that, if valid, establish the correctness of a translation. This is achieved by performing own control-flow and data-flow analyses together with various heuristics. The verification condition are then transferred to an automatic theorem prover that checks their validity. Together with the theorem prover, the tool offers a fully automatic method to formally establish the correctness of each translation.