2nd/10_Wiki/Topics/AI_and_ML/CompCert-C-Compiler.md

id, title, category, status, canonical_id, aliases, duplicate_of, source_trust_level, confidence_score, verification_status, tags, raw_sources, last_reinforced, github_commit, tech_stack

id	title	category	status	canonical_id	aliases	duplicate_of	source_trust_level	confidence_score	verification_status	tags	raw_sources	last_reinforced	github_commit	tech_stack
wiki-2026-0508-compcert	CompCert (Verified C Compiler)	10_Wiki/Topics	verified	self	CompCert verified compiler formal verification Coq Xavier Leroy safety-critical	none	A	0.93	applied	formal-verification compiler coq compcert safety-critical sel4 full-stack-verification		2026-05-10	pending	language framework Coq / OCaml Coq Proof Assistant

CompCert

매 한 줄

"매 compiler 의 mathematically proven correct". Xavier Leroy 등 의 INRIA. 매 source-to-binary 의 의미 보존 의 Coq 의 증명. 매 safety-critical (avionics, medical, nuclear) 의 standard. 매 full-stack verification (seL4) 의 inspiration.

매 핵심

매 verification target

• 매 매 compilation pass 의 semantic preservation.
• 매 source code 의 behavior = 매 compiled binary 의 behavior.
• 매 over all valid input.

매 trust chain

1. Specification correctness (C semantics).
2. Coq kernel (small, audited).
3. Compiler proof (in Coq).
4. Code extraction (Coq → OCaml, audited).
5. OCaml runtime + assembler (트러스트 base).

매 시간 history

• 2003 Project start.
• 2005 First version.
• 2009 Version 1.6 (more passes verified).
• 2024+ active development (Cs, Verasco extension).

매 application

• Avionics: 매 Airbus, 매 ASTREE.
• Medical devices (some).
• Automotive (research).
• Nuclear.
• Crypto / financial: 매 critical.

매 alternative / related

• CakeML: 매 ML 의 verified.
• CertiKOS: 매 OS 의 verified.
• seL4: 매 micro-kernel 의 verified.
• Vellvm: 매 LLVM 의 verified.
• HACL*: 매 verified crypto library.

매 limitation

• 매 narrow C subset (no concurrency some).
• 매 slower compile time.
• 매 GCC 의 -O2 만큼 가, 매 -O3 의 lose.
• 매 high investment of formal expert.
• 매 license (mostly proprietary, dual).

매 modern relevance

• Software supply chain: 매 trust 의 chain.
• AI safety: 매 verifiable property.
• Formal methods 의 renaissance: 매 rust borrow checker, TLA+ 의 popularization.

매 trust 의 critique (Ken Thompson)

• "Reflections on Trusting Trust" (1984).
• 매 compiler 의 self-reproduce + 매 backdoor.
• 매 CompCert 의 partial answer.
• 매 Diverse Double-Compilation (DDC).

💻 패턴 (응용 — formal verification)

CompCert install + use

# 매 OPAM
opam install coq=8.18 coq-flocq menhir
git clone https://github.com/AbsInt/CompCert.git
cd CompCert
./configure x86_64-linux
make -j8
sudo make install

# 매 compile
ccomp -O2 hello.c -o hello

매 verified pass example (in Coq)

(* 매 매 transformation 의 simulation 의 prove *)
Theorem transf_program_correct:
  forall p tp,
  transf_program p = OK tp ->
  forward_simulation (semantics p) (semantics tp).
Proof.
  intros. apply forward_simulation_step with match_states; simpl; intros; eauto.
  - apply senv_preserved.
  - eapply transf_initial_states; eauto.
  - eapply transf_final_states; eauto.
  - eapply step_simulation; eauto.
Qed.

Lean 4 (modern alternative)

-- 매 Lean 4: 매 mainstream alternative
def add_then_double (n : Nat) : Nat := (n + 1) * 2

theorem add_then_double_eq : ∀ n, add_then_double n = 2 * n + 2 := by
  intro n
  unfold add_then_double
  ring

TLA+ (distributed protocol verification)

EXTENDS Naturals
VARIABLE counter

Init == counter = 0

Increment == counter' = counter + 1

Spec == Init /\ [][Increment]_counter

Invariant == counter >= 0

THEOREM Spec => []Invariant

Z3 + property check

from z3 import *

# 매 prove: 매 transformation 의 preserve property
x = Int('x')
y = Int('y')

solver = Solver()
solver.add(Not(Implies(x > 0, x * 2 > 0)))  # 매 negation
result = solver.check()
if result == unsat:
    print('Property holds.')

Verified compiler in modern Rust (research)

// 매 RustBelt-like — 매 Rust 의 borrow checker 의 verify
// 매 unsafe code 의 contained correctness 의 prove

Property-based testing (poor man's verification)

from hypothesis import given, strategies as st

@given(st.integers(min_value=-1000, max_value=1000))
def test_compiler_optimization_preserves_meaning(x):
    naive_result = unoptimized_compile_and_run(x)
    opt_result = optimized_compile_and_run(x)
    assert naive_result == opt_result

→ 매 formal verify 의 X 가, 매 thousand random input 의 invariant check.

Trusted base 의 minimize

Trust:
  - Coq kernel (~10K LOC).
  - Specification of C (PEER-reviewed).
  - OCaml extractor.
  - OCaml runtime + assembler.

Don't trust:
  - The compiler itself (proven against spec).
  - Optimization passes (each verified).

CI integration (verified build)

- name: Verified C compile
  run: |
    ccomp -O2 -fall src/safety_critical.c -o build/output.o
    cosign sign --key cosign.key build/output.o

🤔 결정 기준

상황	Tool
Avionics / medical	CompCert
OS kernel	seL4 / Coq
Crypto	HACL* / F*
Distributed protocol	TLA+
Math research	Lean 4
Quick property	Hypothesis / Z3
General compile	GCC / Clang + tests
Rust safety	borrow checker + Miri

기본값: 매 safety-critical = CompCert + Coq. 매 일반 = GCC + tests + sanitize.

🔗 Graph

• 부모: Formal-Methods · Compiler · Automated-Theorem-Proving
• 변형: CakeML · CertiKOS · seL4 · Vellvm
• Tool: Coq · Lean-4 · TLA-Plus · F-Star · Z3
• Adjacent: Software-Supply-Chain-Security · Reliability · Antifragility · CI_CD 파이프라인 및 IDE 통합 보안

🤖 LLM 활용

언제: 매 safety-critical compile. 매 formal verification reference. 매 trust chain 설계. 언제 X: 매 일반 web app (over-engineering). 매 fast iteration.

❌ 안티패턴

• 모든 software 의 verified: 매 ROI X.
• CompCert 의 -O3 expectation: 매 performance gap.
• No specification: 매 wrong thing 의 prove.
• Trust base 의 over-extend: 매 verification 가치 X.
• Unverified passes 의 add: 매 chain 의 break.

🧪 검증 / 중복

• Verified (Leroy CompCert papers, Pierce "Software Foundations", seL4 paper).
• 신뢰도 A.
• Related: Automated-Theorem-Proving · Software-Supply-Chain-Security · CI_CD 파이프라인 및 IDE 통합 보안 · Antifragility.

🕓 Changelog

날짜	변경
2026-05-08	Phase 1
2026-05-10	Manual cleanup — verification target + trust chain + 매 Coq / Lean / TLA+ / Z3 code