Ëý×øøñ Óö Çç Blockinø Ó Îððððøøóò

A. K. Bhatta harjee1, Gopa Sen1, S. D. Dhodapkar1?, K. Karunakar2, Basant Rajan3, and R. K. Shyamasundar3 1 Rea tor Control Division, Bhabha Atomi Resear h Centre, Mumbai 400 085, India fanup,gopa,sddg magnum.bar .ernet.in 2 Independent V&V Group, Aeronauti al Development Agen y, Bangalore, India 3 STCS, Tata Institute of Fundamental Resear h, Mumbai 400 005, India fbasant,shyamg t s.tifr.res.in Abstra t. In several key safetyriti al embedded appli ations, it has be ome mandatory to verify the pro ess of translation by ompilers sin e usually ompilers are only erti ed rather than veri ed. In this paper, we shall des ribe a methodology and a system for the validation of translation of a safe-subset of Ada to assembly language programs. The work des ribed here is an appli ation of Translation Validation te hnique to safetyriti al programs that are developed using standard software engineering pra ti es using safe subsets of Ada su h as SPARK Ada [3℄. Our method onsists of onverting the high level language (HLL) program and its obje t ode to a ommon semanti representation su h as Fair Transition System (FTS) [6℄, and then establishing that the obje t ode is a re nement of the HLL program. The proof of re nement is performed using STeP (Stanford Temporal Prover) theorem prover. The proposed approa h also has the additional advantage that the embedded system remains una e ted by ompiler revisions/updates. We on lude with a dis ussion of our pra ti al experien e, e e tiveness and further possibilities. 1 Introdu tion In the development of software for safety riti al appli ations, very high levels of on den e in the orre tness of ode is essential. The two steps in the realization of obje t ode ( f. Fig. 1) are: