Program refinement usually translates an abstract specification to a highlevel language program. However, this process can be taken further by refining a high-level language `specification' to an assembler code `implementation '. It is shown how this can be done in the familiar refinement calculus framework. Several derived refinement rules for modelling program compilation are presented. Keywords: Program refinement; compilation; action systems 1 Introduction Compilation of high-level language programs to assembler code is among the oldest and most well-explored technologies in computer programming. Nevertheless, stories of production compilers containing bugs abound! Often this is merely an annoyance, but in safety-critical applications the danger of unknown compilation errors is unacceptable. One solution to this is to develop a verified, trustworthy compilation strategy for a simplified programming language. Such a strategy can then be used as a basis for either (directly)...

. The goal of the Provably Correct Systems project (ProCoS) is to develop a mathematical basis for development of embedded, realtime, computer systems. This survey paper introduces the specification languages and verification techniques for four levels of development: Requirements definition and control design; Transformation to a systems architecture with program designs and their transformation to programs; Compilation of real-time programs to conventional processors, and Compilation of programs to hardware. 1 Introduction An embedded computer system is part of a total system that is a physical process, a plant, characterized by a state that changes over real time. The role of the computer is to monitor this state through sensors and to change the state through actuators. The computer is simply a convenient device that can be instructed to manipulate a mathematical model of the physical system and state. Correctness means that the program and the hardware faithfully implement the co...

A practical methodology for compilation of trustworthy real-time programs is introduced. It combines new program development and timing analysis techniques with traditional compilation and assembly technologies. Keywords and phrases: Real-time programming; compilation; timing analysis. 1 Introduction High-integrity real-time programs must always meet all their `hard' deadlines. Real-time code must exhibit not only correct functional behaviour, but predictable timing behaviour as well. Programming real-time systems in a highlevel language is difficult because it is the machine code generated by the compiler and assembler, not the high-level source program, that ultimately determines timing correctness. Contemporary compilers make no attempt to generate code with predictable timing characteristics [30, 28], undermining their value for real-time applications. Consequently, safety-critical real-time programs are typically written directly in assembler language, forsaking the well-est...

This report reflects work which is partially funded by the Commission of the European Communities (CEC) under the ESPRIT programme in the field of Basic Research Project No. 7071: "ProCoS II: Provably Correct Systems"

s and compressed postscript files are available via http://svrc.it.uq.edu.au A Formal Model of Real-Time Program Compilation Karl Lermer and Colin Fidge Software Verification Research Centre, The University of Queensland, Queensland 4072, Australia. Abstract Program compilation can be formally defined as a sequence of equivalence-preserving transformations, or refinements, from high-level language programs to assembler code. Recent models also incorporate timing properties, but the resulting formalisms are intimidatingly complex. Here we take advantage of a new, simple model of realtime refinement, based on predicate transformer semantics, to present a straightforward compilation formalism that incorporates real-time constraints. Key words: Refinement calculus; Program compilation; Program semantics; Real-time programming; Program verification 1 Introduction Compiler correctness is a significant concern for developers of safety-critical systems. However, verifying an indus...

We show how compilation of high-level language programs to assembler code can be formally represented in the refinement calculus. New operators are introduced to widen the modelling language to encompass assembler code. A compilation strategy is then embodied as a set of derived refinement rules. 1 Introduction The idea of modelling program compilation as a formal development procedure has surfaced many times in the literature, but has presented a significant challenge. This has resulted in complex models, often using new, unfamiliar formalisms. Our goal is to develop a model of program compilation within the alreadyfamiliar refinement calculus. Normally the refinement calculus translates an abstract requirements specification into a programming language implementation, using guarded command language augmented with specification statements as the underlying modelling notation. In the context of compilation, however, our `specification' is a high-level language (HLL) program, an...

An overview of the current and planned activities of the ESPRIT Working Group (no. 8694) comprising 24 European academic and industrial partners interested in "Provably Correct Systems" is presented. This Working Group is associated with the ESPRIT Basic Research project (no. 7071) previously announced in the Bulletin of the EATCS and also reported elsewhere.

ProCoS aims to improve dependability, reduce timescales and cut development costs of construction for embedded systems, particularly in real-time and safety-critical applications. It uses and develops the results of basic research into fundamental properties of interactive systems. It aims to provide a scientific basis for future standards of practice in the development of embedded systems, ensuring correctness of all stages in the development, from elicitation and analysis of requirements through design and implementation of programs down to compilation and execution on verified hardware.

An overview of the activities of the European collaborative ESPRIT ProCoS-WG Working Group (no. 8694) on "Provably Correct Systems" which ran from 1993 to 1997 is presented. This was a follow-on to the ESPRIT BRA ProCoSI project (no. 3104, 1989--1991) and ProCoSII project (no.