Provably Correct Compiler Generation

We have designed, implemented, and proved the correctness of a compiler generator that accepts action semantic descriptions of imperative programming languages. We have used it to generate compilers for both a toy language and a non-trivial subset of Ada. The generated compilers emit absolute code for an abstract RISC machine language that is assembled into code for the SPARC and the HP Precision Architecture. The generated code is an order of magnitude better than that produced by compilers generated by the classical systems of Mosses, Paulson, and Wand. Our machine language needs no run time type-checking and is thus more realistic than those considered in previous compiler proofs. We use solely algebraic specifications; proofs are given in the initiaI model. The use of action semantics makes the processable language specifications easy to read and pleasant to work with. We view our compiler generator as a promising first step towards user-friendly and automatic generation of realistic and provably correct compilers

Within ARM's reach : compilation of left-linear rewrite systems via minimalrewrite systems

A new compilation technique for left-linear term rewriting systems is presented, where rewrite rules are transformed into so-called minimal rewrite rules. These minimal rules have such a simple form that they can be viewed as instructions for an abstract rewriting machine (ARM)

Compiler-Decided Dynamic Memory Allocation for Scratch-Pad Based Embedded Systems

In this research we propose a highly predictable, low overhead and yet dynamic, memory allocation strategy for embedded systems with scratch-pad memory. A scratch-pad is a fast compiler-managed SRAM memory that replaces the hardware-managed cache. It is motivated by its better real-time guarantees vs cache and by its significantly lower overheads in energy consumption, area and overall runtime, even with a simple allocation scheme. Scratch-pad allocation methods primarily are of two types. First, software-caching schemes emulate the workings of a hardware cache in software. Instructions are inserted before each load/store to check the software-maintained cache tags. Such methods incur large overheads in runtime, code size, energy consumption and SRAM space for tags and deliver poor real-time guarantees, just like hardware caches. A second category of algorithms partitions variables at compile-time into the two banks. However, a drawback of such static allocation schemes is that they do not account for dynamic program behavior. We propose a dynamic allocation methodology for global and stack data and program code that (i) accounts for changing program requirements at runtime (ii) has no software-caching tags (iii) requires no run-time checks (iv) has extremely low overheads, and (v) yields 100% predictable memory access times. In this method data that is about to be accessed frequently is copied into the scratch-pad using compiler-inserted code at fixed and infrequent points in the program. Earlier data is evicted if necessary. When compared to an existing static allocation scheme, results show that our scheme reduces runtime by up to 39.8% and energy by up to 31.3% on average for our benchmarks, depending on the SRAM size used. The actual gain depends on the SRAM size, but our results show that close to the maximum benefit in run-time and energy is achieved for a substantial range of small SRAM sizes commonly found in embedded systems. Our comparison with a direct mapped cache shows that our method performs roughly as well as a cached architecture in runtime and energy while delivering better real-time benefits

Techniques for Modelling Structured Operational and Denotational Semantics Definitions with Term Rewriting Systems

A fundamental requirement for the application of automatic proof support for program verification is that the semantics of programs be appropriately formalized using the object language underlying the proof tool. This means that the semantics definition must not only be stated as syntactically correct input for the proof tool to be used, but also in such a way that the desired proofs can be performed without too many artificial complications. And it must be clear, of course, that the translation from mathematical metalanguage into the object language is correct. The objective of this work is to present methods for the formalization of structured operational and denotational semantics definitions that meet these requirements. It combines techniques known from implementation of the $\lambda$-calculus with a new way to control term rewriting on object level, thus reaching a conceptually simple representation based on unconditional rewriting. This deduction formalism is available within many of the existent proof tools, and therefore application of the representation methods is not restricted to a particular tool. Correctness of the representations is achieved by proving that the non-trivial formalizations yield results that are equivalent to the meta-level definitions in a strong sense. Since the representation algorithms have been implemented in form of executable programs, there is no need to carry out tedious coding schemes by hand. Semantics definitions can be stated in a format very close to the usual meta language format, and they can be transformed automatically into an object-level representation that is accessible to proof tools. The formalizations of the two semantics definition styles are designed in a consistent way, both making use of the same modelling of the underlying mathematical basis. Therefore, they can be used simultaneously in proofs. This is demonstrated in a larger example, where an operational and a denotational semantics definition for a programming language are proved to be equivalent using the Larch Prover. This proof has been carried out by hand before, and so the characteristics of the automated proof can be made quite clear

Towards the formal specification of the requirements and design of a processor interface unit

Work to formally specify the requirements and design of a Processor Interface Unit (PIU), a single-chip subsystem providing memory interface, bus interface, and additional support services for a commercial microprocessor within a fault-tolerant computer system, is described. This system, the Fault-Tolerant Embedded Processor (FTEP), is targeted towards applications in avionics and space requiring extremely high levels of mission reliability, extended maintenance free operation, or both. The approaches that were developed for modeling the PIU requirements and for composition of the PIU subcomponents at high levels of abstraction are described. These approaches were used to specify and verify a nontrivial subset of the PIU behavior. The PIU specification in Higher Order Logic (HOL) is documented in a companion NASA contractor report entitled 'Towards the Formal Specification of the Requirements and Design of a Processor Interfacs Unit - HOL Listings.' The subsequent verification approach and HOL listings are documented in NASA contractor report entitled 'Towards the Formal Verification of the Requirements and Design of a Processor Interface Unit' and NASA contractor report entitled 'Towards the Formal Verification of the Requirements and Design of a Processor Interface Unit - HOL Listings.

Coalgebraic Methods for Object-Oriented Specification

This thesis is about coalgebraic methods in software specification and verification. It extends known techniques of coalgebraic specification to a more general level to pave the way for real world applications of software verification. There are two main contributions of the present thesis: 1. Chapter 3 proposes a generalisation of the familiar notion of coalgebra such that classes containing methods with arbitrary types (including binary methods) can be modelled with these generalised coalgebras. 2. Chapter 4 presents the specification language CCSL (short for Coalgebraic Class Specification Language), its syntax, its semantics, and a prototype compiler that translates CCSL into higher-order logic.Die Dissertation beschreibt coalgebraische Mittel und Methoden zur Softwarespezifikation und -verifikation. Die Ergebnisse dieser Dissertation vereinfachen die Anwendung coalgebraischer Spezifikations- und Verifikationstechniken und erweitern deren Anwendbarkeit. Damit werden Softwareverifikation im Allgemeinen und im Besonderen coalgebraische Methoden zur Softwareverifikation der praktischen Anwendbarkeit ein Stück nähergebracht. Diese Dissertation enthält zwei wesentliche Beiträge: 1. Im Kapitel 3 wird eine Erweiterung des klassischen Begriffs der Coalgebra vorgestellt. Diese Erweiterung erlaubt die coalgebraische Modellierung von Klassenschnittstellen mit beliebigen Methodentypen (insbesondere mit binären Methoden). 2. Im Kapitel 4 wird die coalgebraische Spezifikationssprache CCSL (Coalgebraic Class Specification Language) vorgestellt. Die Bescheibung umfasst Syntax, Semantik und einen Prototypcompiler, der CCSL Spezifikationen in Logik höherer Ordnung (passend für die Theorembeweiser PVS und Isabelle/HOL) übersetzt

Correct abstraction in counter-planning : a knowledge compilation approach

Knowledge compilation improves search-intensive problem-solvers that are easily specified but inefficient. One promising approach improves efficiency by constructing a database of problem-instance/best-action pairs that replace problem-solving search with efficient lookup. The database is constructed by reverse enumeration- expanding the complete search space backwards, from the terminal problem instances. This approach has been used successfully in counter-planning to construct perfect problem-solvers for sub domains of chess and checkers. However, the approach is limited to small problems because both the space needed to store the database and the time needed to generate the database grow exponentially with problem size. This thesis addresses these problems through two mechanisms. First, the space needed is reduced through an abstraction mechanism that is especially suited to counter-planning domains. The search space is abstracted by representing problem states as equivalence classes with respect to the goal achieved and the operators as equivalence classes with respect to how they influence the goals. Second, the time needed is reduced through a hueristic best-first control of the reverse enumeration. Since with larger problems it may be impractical to run the compiler to completion, the search is organized to optimize the tradeoff between the time spent compiling a domain and the coverage achieved over that domain. These two mechanisms are implemented in a system that has been applied to problems in chess and checkers. Empirical results demonstrate both the strengths and weaknesses of the approach. In most problems and 80/20 rule was demonstrated, where a small number of patterns were identified early that covered most of the domain, justifying the use of best-first search. In addition, the method was able to automatically generate a set of abstract rules that had previously required two person-months to hand engineer