Specification of Compiler Correctness 1.3 Compiler Specifications A compiler (the code generation part at least) must produce object code whose meaning corresponds to that of the source program. An abstract compiler specification can be given in terms of the source and object language semantics. Informally, a compiler will be correct if the meaning of every source program is related to the meaning of the object code resulting from compiling it. More formally, a compiler must fulfil an abstract specification of the form below. AbstractCompilerSpec compiler = 8p. Compare (SourceSemantics p) (ObjectSemantics (compiler p)) SourceSemantics gives the semantics of the source language, ObjectSemantics gives the semantics of the target language and Compare relates semantics of the two forms. The argument compiler is a compiler from the source language to the target language. This form of specification is illustrated in Figure 1.2. Many different object programs will be suitable as an implem...

©Copyright in this paper belongs to the author(s) Published in collaboration with the

. This paper describes a semantical embedding of the relation based language Ruby in Zermelo-Fraenkel set theory (ZF) using the Isabelle theorem prover. A small subset of Ruby, called Pure Ruby, is embedded as a conservative extension of ZF and many useful structures used in connection with VLSI design are defined in terms of Pure Ruby. The inductive package of Isabelle is used to characterise the Pure Ruby subset to allow proofs to be performed by structural induction over the Pure Ruby elements. 1 Introduction Ruby [5] is a relation based language intended for specifying VLSI circuits. A circuit is described by a binary relation between appropriate, possibly complex domains of values, and simple relations can be combined into more complex relations by a variety of combining forms. The Ruby relations generate an algebra which defines a set of equivalences. These are used in the Ruby design process which typically involves a transformation from a "specification" to an "impleme...

We present a formal semantics for an object-oriented specification language. The formal semantics is presented as a conservative shallow embedding in Isabelle/HOL and the language is oriented towards OCL formulae in the context of UML class diagrams. On this basis, we formally derive several equational and tableaux calculi, which form the basis of an integrated proof environment including automatic proof support and support for the analysis of this type of specifications. We show applications of our proof environment to data refinement based on an adapted standard refinement notion. Thus, we provide an integrated formal method for refinement-based object-oriented development.

This paper describes an approach to capturing the relation between circuits and their behaviours within a formal theory. The method exploits dependent types to achieve a rigorous yet theoretically simple connection between circuits (treated as graphs) and their behavioural specifications (treated as predicates). An example is given of a behavioural extraction function and it is shown how a type for modules can be defined that is sufficiently fine to guarantee that the behaviour of a module will satisfy its behavioural specification. The method is discussed in relation to VHDL and in relation to formal synthesis, (a process whereby one starts with a behavioural specification and, using an interactive goal-directed approach, ends up with a circuit and a formal proof that it satisfies the given behavioural specification).

. We present a shallow embedding of the weakest precondition semantics for a program renement language. We use the Isabelle/ZF theorem prover for untyped set theory, and statements in our renement language are represented as set transformers. Our representation is signi cant in making use of the expressiveness of Isabelle/ZF's set theory to represent states as dependently-typed functions from variable names to their values. This lets us give a uniform treatment of statements such as variable assignment, framed specication statements, local blocks, and parameterisation. ZF set theory requires set comprehensions to be explicitly bounded. This requirement propagates to the denitions of statements in our renement language, which have operands for the state type. We reduce the syntactic burden of repeatedly writing the state type by using Isabelle's meta-logic to dene a lifted set transformer language which implicitly passes the state type to statements. Weakest precondi...

We investigate the verification of a translation phase of the Multiway Decision Graphs (MDG) verification system using the Higher Order Logic (HOL) theorem prover. In this paper, we deeply embed the semantics of a subset of the MDG-HDL language and its Table subset into HOL. We define a set of functions which translate this subset MDG-HDL language to its Table subset. A correctness theorem for this translator, which quantifies over its syntactic structure, has been proved. This theorem states that the semantics of the MDG-HDL program is equivalent to the semantics of its Table subset.

We describe an approach for formally verifying the linkage between a symbolic state enumeration system and a theorem proving system. This involves the following three stages of proof. Firstly we prove theorems about the correctness of the translation part of the symbolic state system. It interfaces between low level decision diagrams and high level description languages. We ensure that the semantics of a program is preserved in those of its translated form. Secondly we prove linkage theorems: theorems that justify introducing a result from a state enumeration system into a proof system. Finally we combine the translator correctness and linkage theorems. The resulting new linkage theorems convert results to a high level language from the low level decision diagrams that the result was actually proved about in the state enumeration system.They justify importing low-level external verification results into a theorem prover. We use a linkage between the HOL system and a simplified version of the MDG system to illustrate the ideas and consider a small example that integrates two applications from MDG and HOL to illustrate the linkage theorems.

The Signal Processing WorkSystem (SPW) of Cadence is an integrated framework for developing DSP and communications products. Formal verification is a complementary technique to simulation based on mathematical logic. The HOL system is an environment for interactive theorem proving in a higher-order logic. It has an open user-extensible architecture which makes it suitable for providing proof support for embedded languages. In this paper, we propose an approach to model SPW descriptions at different abstraction levels in HOL based on the shallow embedding technique. This will enable the formal verification of SPW designs which in the past could only be verified partially using conventional simulation techniques. We illustrate this novel application through a simple case study of a Notch filter.

This paper describes a deductive verification framework that allows the use of general purpose decision procedures and traditional model checking along with domain specific inference rules. The latter allow established algorithms for timing verification and other hardware verification tasks to be imported into the verification framework. To demonstrate this approach, a SRT divider is verified using a transistor-level model with timing.