Section: New Results
A separation logic for small-step Cminor
Andrew Appel and Sandrine Blazy have specified in Coq a Separation Logic for the Cminor intermediate language of the Compcert verified compiler. In this logic, we can prove fine-grained properties about pointers and memory footprints that are not ensured by the certified compiler.
The Separation Logic consists of an assertion language and an axiomatic semantics. The assertion language is a shallow embedding in Coq. Some operators of this language are specific to separation logic. The axiomatic semantics relies on a small-step semantics for statements, to support reasoning about input/output, non-termination and concurrency. The small-step semantics is based on continuations. Using the Coq proof assistant, we have proved the soundness of our axiomatic semantics with respect to our small-step semantics, and also the equivalence between our small-step semantics and the big-step semantics used in the verification of the Compcert compiler.
This experiment is encouraging: our axiomatic and operational semantics for Cminor are a first bridge between, on the one hand, program proof in the style of Hoare, and on the other hand the Compcert compiler verification effort. Further work remain to handle concurrency and to study the usability of the small-step semantics within proofs of compiler correctness.
A paper describing this work was submitted for publication  .
Coinductive natural semantics
Natural semantics, also called big-step operational semantics, is a well-known formalism for describing the semantics of a wide variety of programming languages. It lends itself well to proving the correctness of compilers and other program transformations. Our ongoing work on compiler verification makes heavy use of natural semantics. A limitation of natural semantics, as commonly used, is that it can only describe the semantics of terminating programs. However, it turns out that non-termination can be captured by inference rules similar to those of natural semantics, provided that these rules are interpreted coinductively instead of the usual inductive interpretation, or in other terms provided that infinite evaluation derivations are considered in addition to the usual finite evaluation derivations.
Xavier Leroy formalized a coinductive natural semantics for divergence, using the Coq proof assistant, for a tiny functional language (call-by-value -calculus). He proved several results: equivalences with small-step semantics, semantic preservation for compilation to an abstract machine, and a novel approach to proving soundness of type systems. These results were presented at the ESOP 2006 symposium  . In collaboration with Hervé Grall, he is currently extending these results to trace semantics, where the natural semantics captures not only the final outcome of evaluation but also a trace of events generated during program execution.