D J Pavey and L A Winsborrow, "Demonstrating the equivalence of source code and PROM contents", Fourth European Workshop on Dependable Computing (EWDC-4), Prague, April, 1992  Home/Search   Document Not in Database   Summary   Related Articles   Check

....tool against a standard test suite . functional testing of the code generated by the tool . analysis of the object code generated by the tool This final defence is quite effort intensive and tends to be used only for SIL 3 or 4 applications, especially for compilers that generate machine code [29]. On the other hand, some process control systems include facilities for back translation of the generated code, which reduces the effort required to verify correct translation. 5.1.6 Long term maintenance and support A safety system has to maintain its integrity over the long term. Changes may ....

D J Pavey and L A Winsborrow, "Demonstrating the equivalence of source code and PROM contents", Fourth European Workshop on Dependable Computing (EWDC-4), Prague, April, 1992

....industrial environment in particular, the hard evidence provided by a decompiler may be perceived as more convincing than the assurances that come with a proved compiler. The nuclear industry is considering such an approachtocheck the validity of the object code produced byanunvalidated compiler [29], although they find that, in the current state of the art, some human intervention is necessary in practice. NASA have also used decompilation techniques on software for the space shuttle [31] Safety related standards provide guidance on the use of this approach for safety critical software ....

D.J. Pavey and L.A. Winsborrow, Demonstrating equivalence of source code and PROM contents, 4th European Workshop on Dependable Computing, Prague, Czechoslovakia (8--10 April 1992) 14

....from the correctness of the source code. In particular in the area of safety critical systems, trusted verifed compilers would allow to certify control software on the source code level which would be less time consuming and thus less costly than the current practice of inspecting machine code [39]. Moreover it would encourage a good documentation or even formal verification of the source code. In this section we highlight an approach to verifying translations to machine code of actual processors. As a major case study we investigated the Transputer manufactured by the British company ....

D. J. Pavey and L. A. Winsborrow. Demonstrating equivalence of source code and PROM contents. The Computer Journal, 36(7):654--667, 1993.

....was not trusted. Their environment incorporated a decompiler that made use of data type information from the original high level language program, decompiled the executable program, and determined whether the high level code regenerated was similar in functionality to the initial high level code [7]. Also in the UK, a group at Oxford University has worked on the automatic generation of decompilers based on compiler specifications using logic and functional languages [8, 9] and recently such approach was used to generate a decompiler for a subset of a C compiler [10] This research was ....

D.J. Pavey and L.A. Winsborrow. Demonstrating equivalence of source code and PROM contents. The Computer Language, 36(7):654--667, 1993.

.... viruses and worms (such as the 1988 Internet Worm) In the 1990s, decompilers have become a reverse engineering tool capable of helping the user with such tasks as checking software for the existence of malicious code [11] validation of compiler generated code for safety critical systems [30], and recovery of lost source code to fix the year 2000 bug in operational software [37, 17, 20] The recent introduction of the Java language has also seen the introduction of Java decompilers [41, 1] Java decompilers are more accurate than traditional decompilers for register based machines as ....

D.J. Pavey and L.A. Winsborrow. Demonstrating equivalence of source code and PROM contents. The Computer Language, 36(7):654--667, 1993.

.... information lost in the compilation process, to be able to regenerate high level language (HLL) code, all of these experimental decompilers have limitations in one way or another, including decompilation of assembly files[1, 2, 3, 4, 5] or object files with or without symbolic debugging information[6, 7], simplified high level language[1] and the requirement of the compiler s specification[8, 9] Assembly programs have helpful data information in the form of symbolic text, such as data segments, data and type declarations, subroutine names, subroutine entry point, and subroutine exit statement. ....

D.J. Pavey and L.A. Winsborrow. Demonstrating equivalence of source code and PROM contents. The Computer Language, 36(7):654--667, 1993.

....is called object code verification. Author address for correspondence: marcob dcs.warwick.ac.uk. A specifiction language has to be fixed. We decided to use logical specifications, and as such higher order logic. This decision destinguishes our approach from others like Paway and Winsborrow [PW93], who used a rather informal mapping of program code into MALPAS Intermediate Language, in mathematical rigor and Yu [Yu93] who used the quantifier free, first order logic of Nqthm, in expressiveness. Our decision was also influenced by the availability of automated theorem provers for ....

D. Pavay and L. Winsborrow. Demonstrating equivalence of source code and PROM contents. The Computer Journal, 36(7):654--667, 1993.

....proof does not use any form of theorem proving, as the equivalence of the (restricted) normal form of Lap code is decidable. 3.2. 3 Sizewell PPS A similar approach to Samet has been used more recently in the verification of the Primary Protection System (PPS) of the Sizewell B nuclear power station[41, 42, 43], for programs written in PL M 86 targeted at the Intel i8086 processor. A large amount of effort was spent demonstrating that the PL M source code correctly implemented the requirements specification. To continue this 3 Scale of work noted by Boyer, in private communication, 1998. ....

....(Semantic) Table Generator PL M SOURCE IL(P) Preprocessor NAME TABLE Compl. Preprocessor MALPAS (Compliance) RESULT DIFFERENCES Figure 3.1: Outline of the Sizewell B source object code comparison process. rigour to the level of delivered object code in PROM a decompilation approach was introduced[41]. The approach is outlined in Figure 3.1 4 . The PL M source and the object code from the PROM are both translated via a number of steps into the intermediate language (MALPAS IL) of the MALPAS static analysis tool[44] The MALPAS IL representations are then submitted to a preprocessor which ....

[Article contains additional citation context not shown here]

D.J. Pavey and L.A. Winsborrow. Demonstrating equivalence of source code and PROM contents. The Computer Journal, 36(7):654--667, 1993.

....during testing, in order to ease validation. In the context of safety, the requirements surrounding the application of computers to nuclear shut down systems has been well documented [Archinoff 90] In the same application area, the need to show that compiler errors can be detected is given in [Pavey 93] In the security area, the general requirements are well documented in [DoD 85, ITSEC 91] Although the latter document does imply some requirements on the programming language in use, they are at a level that is not really relevant to this Annex. Dealing with Language Insecurities To reason ....

D. J. Pavey and L. A. Winsborrow. "Demonstrating Equivalence of Source Code and PROM Contents". Computer Journal 36(7): 654-667, 1993.

....environment in particular, the hard evidence provided by a decompiler may be perceived as more convincing than the assurances that come with a proved compiler. The nuclear industry is considering such an approach to check the validity of the object code produced by an unvalidated compiler [29], although they find that, in the current state of the art, some human intervention is necessary in practice. NASA have also used decompilation techniques on software for the space shuttle [31] Safety related standards provide guidance on the use of this approach for safety critical software ....

D.J. Pavey and L.A. Winsborrow, Demonstrating equivalence of source code and PROM contents, 4th European Workshop on Dependable Computing, Prague, Czechoslovakia (8--10 April 1992)

....for the NASA Space Shuttle software (Spector et al. 1984) They worked on a tool to decompile memory images and compare the results with the original inputs. More recently, Nuclear Electric in the UK have used decompilation techniques to verify significant amounts of safety critical code (Pavey et al. 1992). They first disassemble Intel PL M 86 compiler object code. This and the source code are converted into a common language (MALPAS IL) and the two can be compared for consistency using static analysis techniques. There are limitations to this approach, but it appears to be a practical method to ....

.... concerning optimized code and complicated data structures, the techniques described here are most likely to prove useful in situations where these are normally avoided, such as in the decompilation of code for safety critical systems for verification purposes e.g. as in (Spector et al. 1984, Pavey et al. 1992). Currently most object program debuggers provide disassembled representations of the object code to the engineer. Decompilation techniques could be used to display a higher level reconstruction of the code which could aid the understanding of the functioning of the code. Other information could ....

Pavey, D.J. and Winsborrow, L.A. (1992). `Demonstrating equivalence of source code and PROM contents', 4th European Workshop on Dependable Computing, Prague, Czechoslovakia, 8--10 April 1992.

.... there are a variety of applications that could benefit from them, including the obvious maintenance of old code and recovery of lost source code, but also the debugging of binary programs, migration of applications to a new hardware environment [26] verification of generated code by the compiler [23], and translation of code written in an obsolete language. When binary programs are decompiled, the control flow graph of the program is constructed and analyzed for data and control flow. Data flow analysis transforms the intermediate representation of the binary program into a higher level ....

D.J. Pavey and L.A. Winsborrow. Demonstrating equivalence of source code and PROM contents. The Computer Language, 36(7):654--667, 1993.

....environment in particular, the hard evidence provided by a decompiler may be perceived as more convincing than the assurances that come with a proved compiler. The nuclear industry is considering such an approach to check the validity of the object code produced by an unvalidated compiler [40, 51], although they find that, in the current state of the art, some human intervention is necessary in practice. NASA have also used decompilation techniques on software for the space shuttle [43] Safetyrelated standards provide guidance on the use of this approach for safety critical software ....

D.J. Pavey and L.A. Winsborrow, Demonstrating equivalence of source code and PROM contents, The Computer Journal Vol 36 No 7 (1993) pp 654--667

....it is desirable to verify this rather than just the high level code [14] A high level representation also helps in checking its consistency with the original highlevel code. Decompilation has already been used for this reason by NASA for the space shuttle [33] and by the UK nuclear industry [32]. Fortunately, because of safety considerations, such systems tend not to use highly optimized code and this makes the decompilation process tractable. Simple decompilers have been attempted previously [29] and approaches such as graph transformation have been considered [27] We wish to improve ....

D.J. Pavey and L.A. Winsborrow, Demonstrating equivalence of source code and PROM contents, 4th European Workshop on Dependable Computing, Prague, Czechoslovakia, 8--10 April 1992.

No context found.

D. J. Pavey and L. A. Winsborrow, `Demonstrating equivalence of source code and PROM contents', The Computer Language, 36(7), 654--667 (1993).

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC