: Existing works on the construction of correct compilers have at least one of the following drawbacks: (i) correct compilers do not compile into machine code of existing processors. Instead they compile into programs of an abstract machine which ignores limitations and properties of real-life processors. (ii) the code generated by correct compilers is orders of magnitudes slower than the code generated by unverified compilers. (iii) the considered source language is much less complex than real-life programming languages. This paper focuses on the construction of correct compiler backends which generate machine-code for real-life processors from realistic intermediate languages. Our main results are the following: (i) We present a proof approach based on abstract state machines for bottom-up rewriting system specifications (BURS) for back-end generators. A significant part of this proof can be parametrized with the intermediate and machine language. (ii) The performance of the code con...

We describe an approach to mechanically prove the correctness of BURS specifications and show how such a tool can be connected with BURS based back-end generators [9]. The proofs are based on the operational semantics of both source and target system languages specified by means of Abstract State Machines [14]. In [27] we decomposed the correctness condition based on these operational semantics into local correctness conditions for each BURS rule and showed that these local correctness conditions can be proven independently. The specification and verification system PVS is used to mechanicaly verify BURS-rules based on formal representations of the languages involved. In particular, we have defined PVS proof strategies which enable an automatic verification of the rules. Using PVS, several erroneous rules have been found. Moreover, from failed proof attempts we were able to correct them.

Code generators are widely used in the development of embedded software to automatically generate executable code from graphical specifications. However, at present, code generators are not as mature as classical compilers and they need to be extensively tested. This paper proposes a technique for systematically deriving suitable test cases for code generators, involving the interaction of chosen sets of rules. This is done by formalising the behaviour of a code generator by means of graph transformation rules and exploiting unfolding-based techniques. Since the representation of code generators in terms of graph grammars typically makes use of rules with negative application conditions, the unfolding approach is extended to deal with this feature.

Abstract: We evaluate the use of program checking to ensure the correctness of compiler implementations. Our contributions in this paper are threefold: Firstly, we extend the classical notion of black-box program checking to program checking with certificates. Our checking approach with certificates relies on the observation that the correctness of solutions of NP-complete problems can be checked in polynomial time whereas their computation itself is believed to be much harder. Our second contribution is the application of program checking with certificates to optimizing compiler backends, in particular code generators, thus answering the open question of how program checking for such compiler backends can be achieved. In particular, we state a checking algorithm for code generation based on bottom-up rewrite systems from static single assignment representations. We have implemented this algorithm in a checker for a code generator used in an industrial project. Our last contribution in this paper is an integrated view on all compiler passes, in particular a comparison between frontend and backend phases, with respect to the applicable methods of program checking.

This paper describes how program-checking can be used to significantly reduce the amount of verification work to establish the implementation correctness of software systems which may be partly generated by unverified construction tools. We show the practicability of our approach with an application to the construction of verified compiler back-ends. The basic idea of program-checking is to use an unverified algorithm whose results are checked by a verified component at run time. Run-Time Result Verification in our approach assures formal correctness of the software system and its implementation if partial correctness of the application is sufficient. In our example the approach does not only simplify the construction of verified compilers because checking the result of the transformations is much simpler to verify than the verification of an optimizing code selection. Furthermore, we are still able to use existing compiler generator tools without modifications. Compiler verification plays two roles in this paper: First it closes the gap between verification on high-level programming language and the implementation on machine level using a verified compiler to translate the verified program to machine code. Second it serves as a large-scale case study for software verification. This work points out the tasks which still have to be verified and it discusses the flexibility of the approach.

Digital signal processors provide specialized SIMD (single instruction multiple data) operations designed to dramatically increase performance in embedded systems. While these operations are simple to understand, their unusual functions and their parallelism make it di#cult for automatic code generation algorithms to use them e#ectively. In this paper, we present a new optimizing code generation method that can deploy these operations successfully while also verifying that the generated code is a correct translation of the input program.

Software verification is an expensive and tedious job, even software in safety critical applications is tested only. This paper deals with the construction of compilers as an exmaple for big software systems that are hard to verifiy. We describe how program-checking can be used to establish the full correctness of optimizing compilers which may be partly generated by unverified construction tools. We show the practicability of our approach with an application to the construction of verified optimizing compiler back-ends. The basic idea of program-checking is to use an unverified algorithm whose results are checked by a verified component at run time. Run-Time Result Verification in our approach assures formal correctness of the compilation process and its implementation. In our example the approach does not only simplify the construction of verified compilers because checking the result of the transformations is much simpler to verify than the verification of an optimizing code selection. Furthermore, we are still able to use existing compiler generator tools without modifications. This work points out the tasks which still have to be verified and it discusses the flexibility of the approach.

Abstract. We introduce program checking with certificates by extending the traditional notion of black-box program checking. Moreover, we establish program checking with certificates as a safety-scalable and practical method to ensure the correctness of real-scale applications. We motivate our extension of program checking with concepts of computational complexity theory and show its practical implication on the implementation and verification of checkers. Furthermore, we present an iterative method to construct checkers which is able to deal with the practically relevant problem of incomplete or missing specifications of software. In our case study, we have considered compilers and their generators, in particular code generators based on rewrite systems.

As regards competitiveness, flexibility to change from one target platform to another is decisive for application developers, especially in the area of embedded systems. The Architecture Neutral Distribution Format (ANDF), developed and evaluated within OMI (Open Microprocessor Systems Initiative) has turned out to be a key technology to improve this flexibility. The basic idea is to break compilers into front-ends (for specific languages) and back-ends (for specific microprocessors) where both pieces easily could be replaced by a "plug-and-play" compatible component.

A system called BURS that is based on term rewrite systems and a search algorithm A* are combined to produce a code generator that generates optimal code. The theory underlying BURS is re-developed, formalised and explained in this work. The search algorithm uses a cost heuristic that is derived from the term rewrite system to direct the search. The advantage of using a search algorithm is that we need to compute only those costs that may be part of an optimal rewrite sequence.