Certifying compilers using higher-order theorem provers as certificate checkers

Correct software requires compilers to work correctly. Especially code generation can be an error prone task, since it potentially uses sophisticated algorithms to produce efficient code. In this paper we present an approach to guarantee the correctness of compiler transformations with respect to a formal notion of correctness. We certify the results of each compilation run. With the help of a compiler generated certificate and a certificate checker, we verify the results of each compilation run automatically. Thereby we ensure the correctness of the compilation run without having to look at concrete compilation algorithms. We use higher-order theorem provers to check the certificates and to formally define syntax, and semantics of the involved languages as well as a criterion under which we regard a compilation as correct. The use of higher-order theorem provers ensures a small and well understood trusted computing base. The task of efficient certificate checking is especially crucial for the acceptance of certifying compilation. We present methods to facilitate this task, most notably by using computational reflection: We present small-in an executable way specified-evaluators that solve certain properties appearing in our certificates and are used to speed up certain subtasks in the checking process. We discuss an implemented prototype performing code generation. Using Coq and Isabelle/HOL as certificate checkers we highlight typical challenges and their solutions.