Abstract
This paper briefly describes a programming language, its implementation on a microprocessor via a compiler and link-assembler, and the mechanically checked proof of the correctness of the implementation. The programming language, called Piton, is a high-level assembly language designed for verified applications and as the target language for high-level language compilers. It provides executeonly programs, recursive subroutine call and return, stack based parameter passing, local variables, global variables and arrays, a user-visible stack for intermediate results, and seven abstract data types including integers, data addresses, program addresses and subroutine names. Piton is formally specified by an interpreter written for it in the computational logic of Boyer and Moore. Piton has been implemented on the FM8502, a general purpose microprocessor whose gate-level design has been mechanically proved to implement its machine code interpreter. The FM8502 implementation of Piton is via a function in the Boyer-Moore logic which maps a Piton initial state into an FM8502 binary core image. The compiler and link-assembler are both defined as functions in the logic. The implementation requires approximately 36K bytes and 1400 lines of prettyprinted source code in the Pure Lisp-like syntax of the logic. The implementation has been mechanically proved correct. In particular, if a Piton state can be run to completion without error, then the final values of all the global data structures can be ascertained from an inspection of an FM8502 core image obtained by running the core image produced by the compiler and link-assembler. Thus, verified Piton programs running on FM8502 can be thought of as having been verified down to the gate level.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Boyer, R. S. and Moore, J S., A Computational Logic, Academic Press, New York, 1979.
Boyer, R. S. and Moore, J S., ‘A verification condition generator for FORTRAN’, in The Correctness Problem in Computer Sicence (R. S. Boyer and J S. Moore, eds), Academic Press, London, 1981.
Boyer, R. S. and Moore, J S., ‘A user's manual for a computational logic’, Tech. Rept 18, Computational Logic, Inc., Suite 290, 1717 West Sixth Street, Austin, TX 78703, 1988.
Craigen, Dan, A Description of m-Verdi [Working Draft], I.P. Sharp Associates, Ltd, 1986.
Gerhart, S. L., Musser, D. R., Thompson, D. H., Baker, D. A., Bates, R. L., Erickson, R. W., London, R. L., Taylor, D. G. and Wile, D. S., ‘An overview of AFFIRM: a specification and verification system’, Information Processing 80 (S. H. Lavington, ed.), North Holland, October, 1980, pp. 343–348.
Good, Donald I., ‘Mechanical proofs about computer programs’, in Mathematical Logic and Programming Languages (C. A. R. Hoare and J. C. Shepherdson, eds), Prentice-Hall International Series in Computer Science, 1985, pp. 55–75.
Good, D. I., Akers, R. L. and Smith, L. M., Report on Gypsy 2.05-January 1986, Computational Logic, Inc., Suite 290, 1717 West Sixth Street, Austin, TX 78703, 1986.
Smith, Michael K., Good, Donald I. and DiVito, Benedetto L., Using the Gypsy Methodology, Computational Logic, Inc., Suite 290, 1717 West Sixth Street, Austin, TX 78703, 1988. Revised January 1988.
Gordon, Mike, ‘Proving a computer correct’, Tech. Rept TR 42, Univ. of Cambridge, Computer Laboratory, 1983.
Hunt, W. A. Jr., ‘FM8501: A verified microprocessor’, Univ. of Texas at Austin, December, 1985. Also available through Computational Logic, Inc., Suite 290, 1717 West Sixth Street, Austin, TX 78703.
Melliar-Smith, P. M. and Schwartz, R., ‘Hierarchical specification of the SIFT fault-tolerant flight control system’, Tech. Rept CSL-123, Computer Science Laboratory, SRI International, Menlo Park, Ca., 1981.
Moore, J S., ‘Piton: a verified assembly level language’, Tech. Rept 22, Computational Logic, Inc., 1717 West Sixth Street, Suite 290, Austin, TX 78703, 1988.
Musser, David R. and Cyrluk, David A., AFFIRM-85 Installation Guide and Reference Manual Update, General Electric Corporate Research and Development, 1985.
Neumann, P. G., Robinson, L., Levitt, K., Boyer, R. and Saxena, A., ‘A provably secure operating system’, Tech. Rept CSL-116, Computer Science Laboratory, SRI International, 1977.
Polak, W., Compiler Specification and Verification, Springer-Verlag, Berlin, 1981.
Robinson, L. and Levitt, K., ‘Proof techniques for hierarchically structured programs’, Comm. ACM 20, 4 (April 1977).
Saaltink, Mark, The Verdi Logic [Working Draft], I.P. Sharp Associates, Ltd, 1986.
Stanat, D. F., Thomas, T. A. and Dunham, J. R., ‘Proceedings of a formal verification/design proof peer review’, Tech. Rept RTI/2094/13–01F, Research Triangle Institute, PO Box 12194, Research Triangle Park, N.C. 27709, 1984.
Stanford Verification Group, Stanford Pascal Verifier User Manual, Standford Univ., 1979.
Thompson, D. and Erikson, W., AFFIRM Reference Manual, USC Information Sciences Institute, 4676 Admiralty Way, Marina Del Rey, Ca. 90291, 1981.
Author information
Authors and Affiliations
Additional information
This work was supported in part by the Defense Advanced Research Projects Agency under DARPA Orders 6082 and 9151, contract MDA904-87-C-H009.
Rights and permissions
About this article
Cite this article
Moore, J.S. A mechanically verified language implementation. J Autom Reasoning 5, 461–492 (1989). https://doi.org/10.1007/BF00243133
Received:
Issue Date:
DOI: https://doi.org/10.1007/BF00243133