We describe an approach to mechanically prove the correctness of BURS specifications and show how such a tool can be connected with BURS based back-end generators [9]. The proofs are based on the operational semantics of both source and target system languages specified by means of Abstract State Machines [14]. In [27] we decomposed the correctness condition based on these operational semantics into local correctness conditions for each BURS rule and showed that these local correctness conditions can be proven independently. The specification and verification system PVS is used to mechanicaly verify BURS-rules based on formal representations of the languages involved. In particular, we have defined PVS proof strategies which enable an automatic verification of the rules. Using PVS, several erroneous rules have been found. Moreover, from failed proof attempts we were able to correct them.

Abstract: We evaluate the use of program checking to ensure the correctness of compiler implementations. Our contributions in this paper are threefold: Firstly, we extend the classical notion of black-box program checking to program checking with certificates. Our checking approach with certificates relies on the observation that the correctness of solutions of NP-complete problems can be checked in polynomial time whereas their computation itself is believed to be much harder. Our second contribution is the application of program checking with certificates to optimizing compiler backends, in particular code generators, thus answering the open question of how program checking for such compiler backends can be achieved. In particular, we state a checking algorithm for code generation based on bottom-up rewrite systems from static single assignment representations. We have implemented this algorithm in a checker for a code generator used in an industrial project. Our last contribution in this paper is an integrated view on all compiler passes, in particular a comparison between frontend and backend phases, with respect to the applicable methods of program checking.

This paper describes how program-checking can be used to significantly reduce the amount of verification work to establish the implementation correctness of software systems which may be partly generated by unverified construction tools. We show the practicability of our approach with an application to the construction of verified compiler back-ends. The basic idea of program-checking is to use an unverified algorithm whose results are checked by a verified component at run time. Run-Time Result Verification in our approach assures formal correctness of the software system and its implementation if partial correctness of the application is sufficient. In our example the approach does not only simplify the construction of verified compilers because checking the result of the transformations is much simpler to verify than the verification of an optimizing code selection. Furthermore, we are still able to use existing compiler generator tools without modifications. Compiler verification plays two roles in this paper: First it closes the gap between verification on high-level programming language and the implementation on machine level using a verified compiler to translate the verified program to machine code. Second it serves as a large-scale case study for software verification. This work points out the tasks which still have to be verified and it discusses the flexibility of the approach.

During the last years, a number of formal specification languages for knowledge-based systems has been developed. Characteristic for knowledge-based systems are a complex knowledge base and an inference engine which uses this knowledge to solve a given problem. Specification languages for knowledge-based systems have to cover both aspects. They have to provide means to specify a complex and large amount of knowledge and they have to provide means to specify the dynamic reasoning behaviour of a knowledge-based system. This paper focuses on the second aspect. For this purpose, we survey existing approaches for specifying dynamic behaviour in related areas of research. In fact, we have taken approaches for the specification of information systems (Language for Conceptual Modelling and TROLL), approaches for the specification of database updates and logic programming (Transaction Logic and Dynamic Database Logic), and the generic specification framework of Abstract State Machines. Keywords...

Montages are a semi-visual formalism for defining the static and dynamic semantics of a programming language using Gurevich's Abstract State Machines (ASMs). We describe an application of Montages to describe the static and dynamic semantics of the C programming language.

State Machines (ASMs) have been used to describe and validate a wide variety of computing systems [9]. Numerous introductions to ASMs have been written (see for example [20, 10, 21, 36]). In addition, many ASM papers include brief overviews for the casual reader. In this paper we attempt to provide a gentler introduction, focusing more on the use of the technique than on formal de nitions.

Digital signal processors provide specialized SIMD (single instruction multiple data) operations designed to dramatically increase performance in embedded systems. While these operations are simple to understand, their unusual functions and their parallelism make it di#cult for automatic code generation algorithms to use them e#ectively. In this paper, we present a new optimizing code generation method that can deploy these operations successfully while also verifying that the generated code is a correct translation of the input program.

Abstract. Static single assignment (SSA) form is the intermediate representation of choice in modern optimizing compilers for which no formal semantics has been stated yet. To prove such compilers correct, a formal semantics of SSA representations is necessary. In this paper, we show that abstract state machines (ASMs) are able to capture the imperative as well as the data flow-driven and therefore non-deterministic aspects of SSA representations in a simple and elegant way. Furthermore, we demonstrate that correctness of code generation can be verified based on this ASM semantics by proving the correctness of a simple code generation algorithm. 1

For each of the principal current models of computation and of highlevel system design, we present a uniform set of transparent easily understandable descriptions, which are faithful to the basic intuitions and concepts of the investigated systems. Our main goal is to provide a mathematical basis for the technical comparison of established models of computation which can contribute to rationalize the scientific evaluation of different system specification approaches in the literature, clarifying in detail their advantages and disadvantages. As a side effect we obtain a powerful yet simple new conceptual framework for teaching the fundamentals of computation theory. 1

State Machines (ASMs) provide a sound mathematical basis for the specification and verification of systems. An application of the ASM methodology to the verification of a pipelined microprocessor (an ARM2 implementation) is described. Both the sequential execution model and final pipelined model are formalized using ASMs. A series of intermediate models are introduced that gradually expose the complications of pipelining. The first intermediate model is proven equivalent to the sequential model in the absence of structural, control, and data hazards. In the following steps, these simplifying assumptions are lifted one by one, and the original proof is refined to establish the equivalence of each intermediate model with the sequential model, leading ultimately to a full proof of equivalence of the sequential and pipelined models. Categories and Subject Descriptors: B.5.2 [Hardware]: Register transfer level implementation--- Design Aids; C.1.1 [Computer Systems Organization]: Processor ...