The synchronous dataflow language Lustre is commonly used in the development of safety-critical systems. However, existing official code generators and the SCADE KCG code generator have neither been formally verified nor are they transparent to users. In recent years, translation validation methods that indirectly verify the correctness of compilers by proving the equivalence of source and target codes have been shown to be successful. This paper proposes a trusted compilation method for the Lustre language, based on a pushdown automaton compilation approach and a semantic consistency verification method. It successfully implements a trusted compiler from Lustre to C and rigorously proves the correctness of the translation process using Isabelle.
[1] Benveniste A, Caspi P, Edwards S A, et al. The synchronous languages 12 years later. Proceedings of the IEEE, 2003, 91(1): 64-83.[doi: 10.1109/JPROC.2002.805826]
[2] Caspi P, Pilaud D, Halbwachs N, Plaice JA. LUSTRE: A declarative language for real-time programming. In Proceedings of the 14th ACM SIGACT-SIGPLAN Symposium on Principles of Programming Languages (POPL '87). Association for Computing Machinery, New York, NY, USA, 1987, 178-188. [doi: 10.1145/41625.41641]
[3] Halbwachs N,Caspi P,Raymond P,et al.The synchronous dataflow programming language lustre.Proc.of the IEEE,1991,79(9):1305-1320.[ doi: 10.1109/5.97300]
[4] Berry G,Gonthier G.The esterel synchronous programming language : Design, semantics, implementation.Science of Computer Programming,1992,19(2):87-152.[doi: 10.1016/0167-6423(92)90005-V]
[5] Berry G.The foundations of esterel.In:Proc.of the Proof,Language and Interaction : Essaysin Honour of Robin Milner.Cambridge:The MIT Press,2000:425-454.
[6] Le Guernic P,Gautier T,Le Borgne M,et al.Programming real time applications with signal.Proc.of the IEEE,1991,79(9):1321-1336.[doi: 10.1109/5.97301]
[7] Le Guernic P,Talpin J,Le Lann J.Polychrony for system design.Journal for Circuits,Systems and Computers,2003,12(3):261-304.[doi: 10.1142/S0218126603000763]
[9] McCarthy J, Painter J. Correctness of a compiler for arithmetical expressions.Mathematical Aspects of Computer Science 19: Proc of Symposia in Applied Mathematics, 1967: 33-41.
[10] Stepney S, Whitley D, Cooper D, et al. A demonstrably correct compiler. Formal Aspects of Computing, 1991, 3(1): 58-101.[doi: 10.1007/BF01211435]
[11] LEROY X.Formal verification of a realistic compiler.Communications of The ACM,2009,52(7):107-115.[doi: 10.1145/1538788.1538814 ]
[12] CompCert Main Page.http://compcert.inria.fr/.
[13] Yang, Xuejun et al.Finding and understanding bugs in C compilers.ACM-SIGPLAN Symposium on Programming Language Design and Implementation (2011).[doi: 10.1145/1993316.1993532]
[14] BERTOT Y,CASTRAN P.Interactive Theorem Proving and Program Development - Coq’Art:The Calculus of Inductive Constructions.Texts in Theoretical Computer Science.An EATCS Series,Springer Verlag,2004.
[15] PAULIN C,POUZET M.Certified compilation of scade/lustre.https://www.lri.fr/~paulin/lustreincoq.pdf,2006.
[16] Timothy Bourke, Lélio Brun, Pierre-Évariste Dagand, Xavier Leroy, Marc Pouzet, and Lionel Rieg. 2017. A formally verified compiler for Lustre. SIGPLAN Not. 52, 6 (June 2017), 586-601. [doi: 10.1145/3140587.3062358]
[17] Pnueli A, Siegel M Singerman E. Translation validation. In: Proc. of the TACAS’98. LNCS 1384, Springer-Verlag, 1998.151-166.
[18] Pnueli A, Shtrichman O, Siegel M. Translation validation for synchronous languages. In: Proc. of the ICALP’98. LNCS 1443,Springer-Verlag, 1998. 235-246. [doi: 10.1007/BFb0055057]
[19] Shang S, Gan YK, Shi G, Wang SY, Dong Y. Key translations of the trustworthy compiler L2C and its design and implementation. Ruan Jian Xue Bao/Journal of Software, 2017,28(5):1233-1246 (in Chinese with English abstract). http://www.jos.org.cn/1000 9825/5213.htm [doi: 10.13328/j.cnki.jos.005213]