W. Goerigk, T. Gaul, and W. Zimmermann. Correct Programs without Proof? On CheckerBased Program Verification. In R. Berghammer and Y. Lakhnech, editors, Tool Support for System Specification, Development, and Verification, Advances in Computing Science, pages 108 -- 122, Wien, New York, 1998. Springer Verlag.  Home/Search   Document Not in Database   Summary   Related Articles   Check

No context found.

W. Goerigk, T. Gaul, and W. Zimmermann. Correct Programs without Proof? On CheckerBased Program Verification. In R. Berghammer and Y. Lakhnech, editors, Tool Support for System Specification, Development, and Verification, Advances in Computing Science, pages 108 -- 122, Wien, New York, 1998. Springer Verlag.

....called checker Q # that implies Q. We also allow Q # to be partial: Q # (x, y) Q(x, y) We define a checked version f # of f that delivers the result of f i# the checker Q # proved the result to be correct, otherwise the result is undefined. For more details on this approach see section 2 and [GGZ98]. In an implementation f # is intended either to deliver the result or to emit an error message. This also means, that the resulting application is more partial than the original specification of the problem. To achieve a practically useful implementation, the checker itself should be ....

....but the relation between unverified and verified code will be even worse. 4 Related Work Our checker approach is closely related to the work of M. Blum on result checking [BK95, WB97] and the ideas of [GG75] A more detailed discussion of the theoretical aspects of our approach can be found in [GGZ98]. Program checking is already used in compiler construction for checking properties necessary to establish correctness of a transformation. Necula and Lee [NL98] describe a compiler which contains a certifier that automatically checks the type safety and the memory safety of any assembler program ....

W. Goerigk, T.S. Gaul, and W. Zimmermann. Correct Programs without Proof? On Checker-Based Program Verification. In Proceedings ATOOLS'98 Workshop on "Tool Support for System Specification, Development, and Verification ", Advances in Computing Science, pages 108 -- 122, Wien, New York, 1998. Springer Verlag.

....(in ACL2 logic) are checked mechanically using the ACL2 interpreter. In contrast to our work, the compilation is a macro expansion and the source programs must be terminating regularly. The idea of program checking was originally applied to algorithms in [1] and continued in [2, 3, 50] [22] discusses its application to constructing correct systems. 41, 42] apply the idea to translating synchronous languages (SIGNAL, Lustre, Statecharts) to C programs; however, their assumptions allow only for (reactive) source programs consisting of a single loop; the loop body must implement a ....

Wolfgang Goerigk, Thilo Gaul, and Wolf Zimmermann. Correct Programs without Proof? On Checker-Based Program Verification. In Proceedings ATOOLS'98 Workshop on "Tool Support for System Specification, Development, and Verification ", Advances in Computing Science, Malente, 1998. Springer Verlag. Accepted for Publication.

....condition we can use unverified generators and other tools as in traditional compilers and nevertheless trust the resulting code. 7 5 Verifying Compilers: the Case for Program Checking Program checking was originally introduced for algorithms by Blum and Kannan, 1] We present it here as in [27] for verifying the outputs of systems such as compilers or parts thereof. be a program implementing a function f : I O with precondition P (x) and postcondition Q(x, C(x) on input x. Let checker (x, y) Bool be a function that returns the value of Q(x, y) Consider the program ....

....(in ACL2 logic) are checked mechanically using the ACL2 interpreter. In contrast to our work, the compilation is a macro expansion and the source programs must be terminating regularly. The idea of program checking was originally applied to algorithms in [1] and continued in [2, 3, 58] [27] discusses its application to constructing correct systems. 47, 48] apply the idea to translating synchronous languages (SIGNAL, Lustre, Statecharts) to C programs; however, their assumptions allow only for (reactive) source programs consisting of a single loop; the loop body must implement a ....

W. Goerigk, T.S. Gaul, and W. Zimmermann. Correct Programs without Proof? On Checker-Based Program Verification. In Proceedings ATOOLS'98 Workshop on "Tool Support for System Specification, Development, and Verification", Advances in Computing Science, Malente, 1998. Springer Verlag.

....checker Q that implies Q. We also allow Q to be partial: Q (x; y) Q(x; y) We define a checked version f of f that delivers the result of f iff the checker proved the result to be correct, otherwise the result is undefined. For more details on this approach see section 3 and [GGZ98] In an implementation f is intended either to deliver the result or to emit an error message. This also means, that the resulting application is more partial than the original specification of the problem. To achieve a practically useful implementation, the checker itself should be ....

....this is beyond the scope of our work. 2 Related Work Our checker approach is closely related to the work of M. Blum et.al. on resultchecking [BK95,WB97] and the ideas of [GG75] A more detailed discussion of the theoretical aspects of our approach and proofs performed with ACL2 can be found in [GGZ98] Program checking is already used in compiler construction for checking properties necessary to establish correctness of a transformation. Necula and Lee [NL98] describe a compiler which contains a certifier that automatically checks the type safety and the memory safety of any assembler ....

W. Goerigk, T.S. Gaul, and W. Zimmermann. Correct Programs without Proof? On Checker-Based Program Verification. In Proceedings ATOOLS'98 Workshop on "Tool Support for System Specification, Development, and Verification", Advances in Computing Science, Malente, 1998. Springer Verlag.

....layers. A diagonal argument allows for trusted machine support to generate large parts without need for checking at all [11] This can be seen as an application of the work of Goodenough and Gerhart [10] on software testing [13] We also use result checking techniques [20] for verification [5], but also for further reduction of the code inspection work load [11, 7] There is a lot to win without weakening the rigorous correctness requirement. 6 Conclusions and Related Work Our paper shows in detail why source level verification is not sufficient in order to guarantee compiler ....

Wolfgang Goerigk, Thilo Gaul, and Wolf Zimmermann. Correct Programs without Proof? On Checker-Based Program Verification. In Proceedings ATOOLS'98 Workshop on "Tool Support for System Specification, Development, and Verification ", Advances in Computing Science, Malente, 1998. Springer Verlag.

....executables on the other hand. It turns out, that a rigorous correctness requirement nevertheless allows for the use of standard and approved compiler construction techniques and classical compiler architectures [GGH 97,GZG 98] Program checking and checker based program verification [GGZ98] enable us to even use unverified tools like e.g. code generator generators [GZG99] or parser generators [HGG 99] for compiler implementation, without weakening the rigorous correctness property established for the final compiler machine program. Implementation correctness (refinement) has to ....

.... for trusted machine support to generate large and in particular low level parts without need for checking at all [Hof98] This can be seen as an application of the work of Goodenough and Gerhart [GG75] on software testing [Lan97a] We also use result checking techniques [WB97] for verification [GGZ98] but also for further reduction of the code inspection work load [Hof98,GH98b] It turns out that the complete proof documentation compares to what is usual in certification processes. So we are able to prove the correctness of compiler machine executables rigorously, and to give a complete ....

Wolfgang Goerigk, Thilo Gaul, and Wolf Zimmermann. Correct Programs without Proof? On Checker-Based Program Verification. In Proceedings ATOOLS'98 Workshop on "Tool Support for System Specification, Development, and Verification", Advances in Computing Science, Malente, 1998. Springer Verlag.

....executables on the other hand. It turns out, that a rigorous correctness requirement nevertheless allows for the use of standard and approved compiler construction techniques and classical compiler architectures [GGH 97,GZG 98] Program checking and checker based program verification [GGZ98] enable us to even use unverified tools like e.g. code generator generators [GZG99] or parser generators [HGG 99] for compiler implementation, without weakening the rigorous correctness property established for the final compiler machine program. Implementation correctness (refinement) has to ....

.... for trusted machine support to generate large and in particular low level parts without need for checking at all [Hof98] This can be seen as an application of the work of Goodenough and Gerhart [GG75] on software testing [Lan97a] We also use result checking techniques [WB97] for verification [GGZ98] but also for further reduction of the code inspection work load [Hof98,GH98b] It turns out that the complete proof documentation compares to what is usual in certification processes. So we are able to prove the correctness of compiler machine executables rigorously, and to give a complete ....

Wolfgang Goerigk, Thilo Gaul, and Wolf Zimmermann. Correct Programs without Proof? On Checker-Based Program Verification. In Proceedings ATOOLS'98 Workshop on "Tool Support for System Specification, Development, and Verification", Advances in Computing Science, Malente, 1998. Springer Verlag.

....selected as a bootstrapping kernel, as both source and implementation language. Its applicative part (the pure functional sub language of ComLisp) also coincides with the logic of the new Boyer Moore prover ACL2 [16, 21] This links mechanical program correctness proofs to the work described here [3, 6], allowing for partial correctness proofs of executable programs. We have implemented the ComLisp compiler as a ComLisp program. The complete compiler has been bootstrapped successfully as executable machine program on a Transputer T400 single board computer with 1 MB of memory. The output which ....

Wolfgang Goerigk, Thilo Gaul, and Wolf Zimmermann. Correct Programs without Proof? On Checker-Based Program Verification. In Proceedings ATOOLS'98 Workshop on "Tool Support for System Specification, Development, and Verification ", Advances in Computing Science, Malente, 1998. Springer Verlag. To Appear.

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC