A mechanically verified code generator

Young, William D.

doi:10.1007/bf00243134

Cited by 55 publications

(17 citation statements)

References 11 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Two significant instances are Young's [95] work, using the Boyer-Moore theorem prover, and Joyce's [30,29] work using the HOL system. In both cases, the target code of the translation is a nonidealized machine-level architecture whose implementation has been verified with respect to a low level of the computer, see for example [27,42].…”

Section: Compiler Correctness Proofsmentioning

confidence: 99%

Provably Correct Compiler Generation

Palsberg¹

1992

DPB

View full text Add to dashboard Cite

We have designed, implemented, and proved the correctness of a compiler generator that accepts action semantic descriptions of imperative programming languages. We have used it to generate compilers for both a toy language and a non-trivial subset of Ada. The generated compilers emit absolute code for an abstract RISC machine language that is assembled into code for the SPARC and the HP Precision Architecture. The generated code is an order of magnitude better than that produced by compilers generated by the classical systems of Mosses, Paulson, and Wand. Our machine language needs no runtime type-checking and is thus more realistic than those considered in previous compiler proofs. We use solely algebraic specifications; proofs are given in the initial model. The use of action semantics makes the processable language specifications easy to read and pleasant to work with. We view our compiler generator as a promising first step towards user-friendly and automatic generation of realistic and provably correct compilers. AckowledgementsThe author thanks Peter Mosses for advice and support. The author also thanks Peter Ørbaek for implementing the Cantor system.Overviews Det er et langsigtet mål, for de der arbejder med oversaetter generering og korrekthed, at konstruere en sprog-designer's arbejdsbaenk, med henblik på støtte af sprog-design processen. Hovedkomponterne i sådan en arbejdsbaenk er:• Et specifikations-sprog hvis specifikationer er lette at vedligeholde, og tilgaengelige uden kendskab til den underliggende teori; og• En oversaetter generator som genererer realistiske og bevisligt korrekte oversaettere ud fra sådanne specifikationer.ii Med sådan en arbejdsbaenk kan sprog-designeren:• Dokumentere design beslutninger;• Eksperimentere med det nye sprog efter en aendring; og• Aflevere en oversaetter til programmørerne umiddelbart efter designet er faerdigt.Hidtidigt arbejde har ikke formået at bevise korrektheden af nogen realistisk oversaetter generator. Derimod er det lykkedes i flere projekter at generere oversaettere, der tåler sammenligning med kommercielt tilgaengelige oversaetere. Disse projekters' erfaring eq at det bliver lettere at generere gode oversaetere, hvis:• En sprog definition ikke indeholder en fuldstaendig implementations model; og• Specifikations-sproget er rettet mod sprog, som traditionelt implementeres via en oversaetter.Vi har designet, implementeret og bevist korrektheden af en oversaetter generator, som potentielt kunne blive en komponent i en sprog-designer's arbejdsbaenk. Sum specifikations-sprog benytter vi Mosses' aktions-notation, som blev designet netop med henblik på at undgå at et sprog-design fastlaegger en implementations model. Den centrale komponent i oversaetter generatoren er en oversaetter fra aktions-notation til absolut kode for en abstrakt RISC maskine. Når oversaetter-generatoren gives en sprog-definition i aktions-notation, så bliver den sammensat med aktions-oversaetteren, hvilket tilsammen giver en korrekt oversaetter for det definerede sprog, idet vi h...

show abstract

Section: Compiler Correctness Proofsmentioning

confidence: 99%

Provably Correct Compiler Generation

Palsberg¹

1992

DPB

View full text Add to dashboard Cite

show abstract

“…Working with the Boyer-Moore theorem prover [2] the researchers of the CLI stack project succeeded as early as 1989 to prove formally the correctness of a system which provided the following components: a non pipelined processor [3], an assembler [4], a compiler for a simple imperative language [5], a rudimentary operating system kernel [6] written in machine language. This kernel provided scheduling for a fixed number of processes; each process had the right to access a fixed interval of addresses in the processor's physical memory.…”

Section: The Challenge Of Verifying Entire Systemsmentioning

confidence: 99%

On the Verification of Memory Management Mechanisms

Dalinger

Hillebrand

Paul

2005

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. We report on the design and formal verification of a complex processor supporting address translation by means of a memory management unit (MMU). We give a paper and pencil proof that such a processor together with an appropriate page fault handler simulates virtual machines modeling user computation. These results are crucial steps towards the seamless verification of entire computer systems.

show abstract

“…We feel that the size alone of the specifications calls for automatic proof checking. Recent attempts to automatically check a compiler correctness proof are reported by Young [46] and Joyce [9,8]. For now, however, we leave the automatic checking of the Cantor correctness proof to future work and turn to a performance evaluation.…”

Section: Compiling Action Notationmentioning

confidence: 99%

An Automatically Generated and Provably Correct Compiler for a Subset of Ada

Palsberg¹

1992

DPB

View full text Add to dashboard Cite

We describe the automatic generation of a provably correct compiler for a non-trivial subset of Ada. The compiler is generated from an action semantic description; it emits absolute code for an abstract RISC machine language that currently is assembled into code for the SPARC and the HP Precision Architecture. The generated code is an order of magnitude better than what is produced by compilers generated by the classical systems of Mosses, Paulson, and Wand. The use of action semantics makes the processable language specification easy to read and pleasant to work with.A reformatted version of this report (with only an excerpt of appendix B) is to be presented at ICCL'92, Fourth IEEE International Conference on Computer Languages, to be held 20-23 April, 1992, in San Francisco, California. Citations should refer to the Proceedings.

show abstract

A mechanically verified code generator

Cited by 55 publications

References 11 publications

Provably Correct Compiler Generation

Provably Correct Compiler Generation

On the Verification of Memory Management Mechanisms

An Automatically Generated and Provably Correct Compiler for a Subset of Ada

Contact Info

Product

Resources

About