H. Langmaack. Contribution to Goodenough's and Gerhart's Theory of Software Testing and Veri cation: Relation between Strong Compiler Test and Compiler Implementation Veri cation. Foundations of Computer Science: Potential-Theory-Cognition. LNCS, 1337:321-335, 1997.  Home/Search   Document Details and Download   Summary   Related Articles   Check

....correctness proof in order to guarantee trustworthiness of compiler executables with sucient mathematical rigor. It turns out that we can exploit source level correctness and provide a proof technique for such proofs. We call it a posteriori code inspection based on syntactical code comparison [7, 4, 6, 5]. The missing proof obligation can be reduced to a purely syntactical comparison of compiler source and target program after running a particular bootstrap similar to the one we have seen in Exercise 15.2. Our proof technique helps to save a lot of cumbersome low level code inspection and allows ....

H. Langmaack. Contribution to Goodenough's and Gerhart's Theory of Software Testing and Veri cation: Relation between Strong Compiler Test and Compiler Implementation Veri cation. Foundations of Computer Science: Potential-Theory-Cognition. LNCS, 1337:321-335, 1997.

....story is interesting to the reader for its own, since due to lack of space we are not able to give more than a brief sketch of a full compiler correctness proof including binary machine code implementation correctness. Thus, for the second story we will mainly refer to work presented elsewhere [14, 15, 13, 8, 6, 7, 11]. That work is part of the Verifix and VerComp projects on compiler verification and on compiler implementation verification at the universities of Karslruhe, Ulm, and Kiel. The first story will start with some exercises in writing self reproducing programs (section 2) After some remarks on ....

....of compilers with sufficient mathematical rigour. And this is what the second story tells about. At a first glance it sounds very cumbersome, as if we would have an additional program verification job, now for a large machine program. Fortunately, it turns out that exactly one test is sufficient [10, 14, 13]. Unfortunately, however, it is the bootstrap test, and we have to verify that its result (the compiler machine program) has been generated as expected (and verified semantically) Fortunately again, we can exploit the correctness of specification and high level implementation in order to show ....

[Article contains additional citation context not shown here]

H. Langmaack. Contribution to Goodenough's and Gerhart's Theory of Software Testing and Verification: Relation between Strong Compiler Test and Compiler Implementation Verification. Foundations of Computer Science: Potential-TheoryCognition. LNCS, 1337:321--335, 1997.

....developed techniques to other personnel. It is just now that it becomes apparent how successful these information dissemination activities were: The compiler verification activities of the ProCoS project led to a dedicated German compiler verification project named Verifix [GDG 96,Lan97c,Lan97a] that builds upon the ProCoS techniques [MO96b] Furthermore, ProCoS researchers from Kiel have been taken over by other universities: Markus Muller Olm, whose extensive case study of applying the ProCoS compiling verification techniques onto the translation of a prototypic hard real time ....

....correct annotation and correct transformation. A diagonal argument allows for trusted machine support to generate large and in particular low level parts without need for checking at all [Hof98] This can be seen as an application of the work of Goodenough and Gerhart [GG75] on software testing [Lan97a] We also use result checking techniques [WB97] for verification [GGZ98] but also for further reduction of the code inspection work load [Hof98,GH98b] It turns out that the complete proof documentation compares to what is usual in certification processes. So we are able to prove the ....

H. Langmaack. Contribution to Goodenough's and Gerhart's Theory of Software Testing and Verification: Relation between Strong Compiler Test and Compiler Implementation Verification. Foundations of Computer Science: Potential-Theory-Cognition. LNCS, 1337:321--335, 1997.

....developed techniques to other personnel. It is just now that it becomes apparent how successful these information dissemination activities were: The compiler verification activities of the ProCoS project led to a dedicated German compiler verification project named Verifix [GDG 96,Lan97c,Lan97a] that builds upon the ProCoS techniques [MO96b] Furthermore, ProCoS researchers from Kiel have been taken over by other universities: Markus Muller Olm, whose extensive case study of applying the ProCoS compiling verification techniques onto the translation of a prototypic hard real time ....

....correct annotation and correct transformation. A diagonal argument allows for trusted machine support to generate large and in particular low level parts without need for checking at all [Hof98] This can be seen as an application of the work of Goodenough and Gerhart [GG75] on software testing [Lan97a] We also use result checking techniques [WB97] for verification [GGZ98] but also for further reduction of the code inspection work load [Hof98,GH98b] It turns out that the complete proof documentation compares to what is usual in certification processes. So we are able to prove the ....

H. Langmaack. Contribution to Goodenough's and Gerhart's Theory of Software Testing and Verification: Relation between Strong Compiler Test and Compiler Implementation Verification. Foundations of Computer Science: Potential-Theory-Cognition. LNCS, 1337:321--335, 1997.

....code are only needed for one initial compiler per processor family with equal target and host machine language TML = HML, and for one suciently high source language SL which allows for formulating compilers and system programs. Veri x demonstrates how to develop a correct initial compiler [27], and also how to develop correct compiler generating tools, where even unveri ed existing tools can be incorporated in a fully trusted manner [21, 11] The speci cation and veri cation system PVS [35] is used for mechanical proof support, with main focus on formalizing and verifying the ....

....like viruses or Trojan horses. The idea of a posteriori result checking is old. We can nd applications e.g. in high school mathematics, like checking division or linear equation solving by (matrix vector) multiplication. The idea has found its way to algorithms theory [3] trusted compilation, [27, 38, 21, 11, 7] and systems veri cation [16] in general. Syntactical A Posteriori Code Inspection Since realistic compiling speci cations and compilers are of tangible size, we might ask if syntactical a posteriori code checking is realistically manageable. A rst idea might be to look for machine support, ....

H. Langmaack. Contribution to Goodenough's and Gerhart's Theory of Software Testing and Veri cation: Relation between Strong Compiler Test and Compiler Implementation Veri cation. Foundations of Computer Science: Potential-Theory-Cognition. LNCS, 1337:321-335, 1997.

....theorem found e.g. in [44, 20] Conclusion: The BSI software production process gap 2 can be closed if the Veri x recipes of correct initial compilers and a posteriori program checking [28, 39] are obeyed. Kiel s task in Veri x is to demonstrate how to develop a correct initial compiler [28, 44, 43]. Karlsruhe will demonstrate how to develop correct compiler generating tools, where even unveri ed existing tools can be incorporated in a fully trusted manner [35, 16, 15] Ulm s task is to mechanically support proof work, in particular the compiling speci cation correctness proofs. They use ....

....Trojan horses as of section 6. 23 The idea of a posteriori result checking is old. We can nd applications e.g. in high school mathematics, like checking division or linear equation solving by (matrixvector) multiplication. The idea has found its way to algorithms theory [4] trusted compilation [43, 28, 59, 35, 16, 10], and systems veri cation [25, 60, 2] in general. Realistic Syntactical A Posteriori Code Inspection However, since we know that realistic compiling speci cations and compilers are of tangible size, we might ask if syntactical a posteriori code checking is realistically manageable. A rst idea ....

H. Langmaack. Contribution to Goodenough's and Gerhart's Theory of Software Testing and Veri cation: Relation between Strong Compiler Test and Compiler Implementation Veri cation. Foundations of Computer Science: PotentialTheory -Cognition. LNCS, 1337:321-335, 1997.

....also found in [Lan97b, Goe99, GL01a, GL01b] As a conclusion we want to stress, that the second software production process gap (cf. section 1. 3) can be closed if the Veri x recipes of correct initial compilers and a posterioriprogram checking (cf. section 10 and [Lan97c, GH98b, Hof98, Lan97b, Lan97a] are obeyed. In the context of the Veri x project we will furthermore demonstrate how to develop correct compiler generating tools and how to incorporate even unveri ed existing tools in a fully trusted and rigorously proved correct manner [HGG 99, GZG99, GGH 97] Moreover, the speci ....

....horses as of section 7. The idea of a posteriori result checking is old. We can nd applications e.g. in high school mathematics, like checking division or linear equation solving by (matrixvector) multiplication. The idea has found its way to algorithms theory [BLR89] trusted compilation [Lan97a, GH98b, PSS98, HGG 99, GZG99, CGP 97] and systems veri cation [GGZ98, PT99, BG01] in general. 10.1 Realistic Syntactical a posteriori Code Inspection However, since we know that realistic compiling speci cations and compilers are of tangible size, we might ask if syntactical a ....

H. Langmaack. Contribution to Goodenough's and Gerhart's Theory of Software Testing and Veri cation: Relation between Strong Compiler Test and Compiler Implementation Veri cation. Foundations of Computer Science: Potential-TheoryCognition. LNCS, 1337:321-335, 1997.

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC