Results 1  10
of
13
Towards Verified Model Transformations
 IN PROCEEDINGS OF MODEVA WORKSHOP ASSOCIATED TO MODELS'06
, 2006
"... Modeldriven software development (MDD) is seen as a promising approach to improve software quality and reduce production costs significantly. However, one of the problems in using MDD especially in the area of safetycritical systems is the lack of verified transformations. The verification of cruc ..."
Abstract

Cited by 20 (2 self)
 Add to MetaCart
(Show Context)
Modeldriven software development (MDD) is seen as a promising approach to improve software quality and reduce production costs significantly. However, one of the problems in using MDD especially in the area of safetycritical systems is the lack of verified transformations. The verification of crucial safety properties on the model level is only really useful, if the automatic code generation is also guaranteed to be correct, i.e., the verified properties are guaranteed to hold also for the generated code. This particularly means to check semantic equivalence, at least to a certain extent between the model specification and the generated code. This paper addresses the problem of verifying that a given transformation ensures semantic equivalence between an arbitrary model in a given model specification language and the resulting programming language code. While the presented approach ensures that the transformation algorithm is correct, existing related work is restricted on verifying only the correctness of a particular transformation result.
A PVS based framework for validating compiler optimizations
 In SEFM ’06: Proceedings of the Fourth IEEE International Conference on Software Engineering and Formal Methods
, 2006
"... Abstract An optimization can be specified as sequential compositions of predefined transformation primitives. For each primitive, we can define soundness conditions which guarantee that the transformation is semantics preserving. An optimization of a program preserves semantics, if all applicatio ..."
Abstract

Cited by 13 (1 self)
 Add to MetaCart
(Show Context)
Abstract An optimization can be specified as sequential compositions of predefined transformation primitives. For each primitive, we can define soundness conditions which guarantee that the transformation is semantics preserving. An optimization of a program preserves semantics, if all applications of the primitives in the optimization satisfy their respective soundness conditions on the versions of the inputprogram on which they are applied. This scheme does not directly check semantic equivalence of the input and the optimized programs and is therefore amenable to automation. Automating this scheme however requires a trustedframework for simulating transformation primitives and checking their soundness conditions. In this paper, wepresent the design of such a framework based on PVS. We have used it for specifying and validating several optimizations viz. common subexpression elimination, optimal code placement, lazy code motion, loop invariant code motion,full and partial dead code elimination, etc. 1.
Structuring optimizing transformations and proving them sound
 In Proceedings of COCV’06
, 2006
"... A compiler optimization is sound if the optimized program that it produces is semantically equivalent to the input program. The proofs of semantic equivalence are usually tedious. To reduce the efforts required, we identify a set of common transformation primitives that can be composed sequentially ..."
Abstract

Cited by 8 (4 self)
 Add to MetaCart
A compiler optimization is sound if the optimized program that it produces is semantically equivalent to the input program. The proofs of semantic equivalence are usually tedious. To reduce the efforts required, we identify a set of common transformation primitives that can be composed sequentially to obtain specifications of optimizing transformations. We also identify the conditions under which the transformation primitives preserve semantics and prove their sufficiency. Consequently, proving the soundness of an optimization reduces to showing that the soundness conditions of the underlying transformation primitives are satisfied. The program analysis required for optimization is defined over the input program whereas the soundness conditions of a transformation primitive need to be shown on the version of the program on which it is applied. We express both in a temporal logic. We also develop a logic called temporal transformation logic to correlate temporal properties over a program (seen as a Kripke structure) and its transformation. An interesting possibility created by this approach is a novel scheme for validating optimizer implementations. An optimizer can be instrumented to generate a trace of its transformations in terms of the transformation primitives. Conformance of the trace with the optimizer can be checked through simulation. If soundness conditions of the underlying primitives are satisfied by the trace then it preserves semantics.
Optimizing Code Generation from SSA Form: A Comparison Between Two Formal Correctness Proofs in Isabelle/HOL
, 2005
"... Correctness of compilers is a vital precondition for the correctness of the software translated by them. In this paper, we present two approaches for the formalization of static single assignment (SSA) form together with two corresponding formal proofs in the Isabelle/HOL system, each showing the co ..."
Abstract

Cited by 8 (0 self)
 Add to MetaCart
Correctness of compilers is a vital precondition for the correctness of the software translated by them. In this paper, we present two approaches for the formalization of static single assignment (SSA) form together with two corresponding formal proofs in the Isabelle/HOL system, each showing the correctness of code generation. Our comparison between the two proofs shows that it is very important to find adequate formalizations in formal proofs since they can simplify the verification task considerably. Our formal correctness proofs do not only verify the correctness of a certain class of code generation algorithms but also give us sufficient, easily checkable correctness criteria characterizing correct compilation results obtained from implementations (compilers) of these algorithms. These correctness criteria can be used in a compiler result checker.
A Formal Correctness Proof for Code Generation from SSA Form in Isabelle/HOL
 In Proc. 3. Arbeitstagung Programmiersprachen (ATPS),. LNI
, 2004
"... Optimizations in compilers are the most errorprone phases in the compilation process. Since correct compilers are a vital precondition for software correctness, it is necessary to prove their correctness. We develop a formal semantics for static single assignment (SSA) intermediate representatio ..."
Abstract

Cited by 7 (1 self)
 Add to MetaCart
(Show Context)
Optimizations in compilers are the most errorprone phases in the compilation process. Since correct compilers are a vital precondition for software correctness, it is necessary to prove their correctness. We develop a formal semantics for static single assignment (SSA) intermediate representations and prove formally within the Isabelle /HOL theorem prover that a relatively simple form of code generation preserves the semantics of the transformed programs in SSA form. This formal correctness proof does not only verify the correctness of a certain class of code generation algorithms but also gives us a sufficient, easily checkable correctness criterion characterizing correct compilation results obtained from implementations (compilers) of these algorithms.
H.: From UML Activities to TAAL  Towards BehaviourPreserving Model Transformations
 In: ECMDAFA ’08. Volume 5095 of LNCS
, 2008
"... Abstract. Model transformations support a modeldriven design by providing an automatic translation of abstract models into more concrete ones, and eventually program code. Crucial to a successful application of model transformations is their correctness, in the sense that the meaning (semantics) of ..."
Abstract

Cited by 4 (1 self)
 Add to MetaCart
(Show Context)
Abstract. Model transformations support a modeldriven design by providing an automatic translation of abstract models into more concrete ones, and eventually program code. Crucial to a successful application of model transformations is their correctness, in the sense that the meaning (semantics) of the models is preserved. This is especially important if the models not only describe the structure but also the intended behaviour of the systems. Reasoning about and showing correctness is, however, often impossible as the source and target models typically lack a precise definition of their semantics. In this paper, we take a first step towards provably correct behavioural model transformations. In particular, we develop transformations from UML Activities (which are visual models) to programs in TAAL, which is a textual Javalike programming language. Both languages come equipped with formal behavioural semantics, which, moreover, have the same semantic domain. This sets the stage for showing correctness, which in this case comes down to showing that the behaviour of every (wellformed) UML Activity coincides with that of the corresponding TAAL program, in a welldefined sense. 1
Concept Assignment as a Debugging Technique for Code Generators
, 2005
"... Code generators are notoriously difficult to debug, yet their correctness is crucial. This paper demonstrates that concept assignment can be performed in an entirely syntaxdirected manner for code generators and other highly structured program modules. Anomalies in this concept assignment indicate ..."
Abstract

Cited by 3 (2 self)
 Add to MetaCart
Code generators are notoriously difficult to debug, yet their correctness is crucial. This paper demonstrates that concept assignment can be performed in an entirely syntaxdirected manner for code generators and other highly structured program modules. Anomalies in this concept assignment indicate the possible existence of bugs. These insights enable the formulation of a new debugging technique for code generators. This paper describes the procedure, a practical implementation, and results from the application of this debugging technique to an experimental code generator.
RESOLUTION METHODS IN PROVING THE PROGRAM CORRECTNESS
, 2003
"... Abstract: Program testing determines whether its behavior matches the specification, and also how it behaves in different exploitation conditions. Proving of program correctness is reduced to finding a proof for assertion that given sequence of formulas represents derivation within a formal theory o ..."
Abstract

Cited by 1 (1 self)
 Add to MetaCart
Abstract: Program testing determines whether its behavior matches the specification, and also how it behaves in different exploitation conditions. Proving of program correctness is reduced to finding a proof for assertion that given sequence of formulas represents derivation within a formal theory of special predicted calculus. A wellknown variant of this conception is described: correctness based on programming logic rules. It is shown that programming logic rules may be used in automatic resolution procedure. Illustrative examples are given, realized in prologlike LPlanguage (with no restrictions to Horn's clauses and without the final failure). Basic information on LPlanguage are also given. It has been shown how a Pascalprogram is being executed in LPsystem proffer.