In this article we describe a method for fully automated object code verification, applicable to railway control systems developed within a framework previously proposed by the authors. This allows us to apply arbitrary off-theshelf compilers in a safety-critical context without having to perform expensive compiler validations. Within the restrictions of the framework, the object code verification is less complex than the general problem which has been already been investigated by other authors. Therefore it can be performed quite efficiently: High-level code M written in SystemC, C or C++ and the associated assembler code A generated by the compiler are both lifted to transition system models T (M), T (A), respectively, representing their behaviour. A generic theory containing equivalence preserving transformations on transition systems is elaborated and proven. Using a pattern matching system on these behavioural models, the transformations are applied with a strategy to transform T (M) into T (A) or vice versa. If the transformation succeeds, this establishes behavioural equivalence between M and A.
[1]
Martin Fränzle,et al.
Test automation for hybrid systems
,
2006,
SOQUA '06.
[2]
Amir Pnueli,et al.
The Code Validation Tool (CVT)
,
1998,
International Journal on Software Tools for Technology Transfer (STTT).
[3]
Wolfgang Rosenstiel,et al.
SystemC: methodologies and applications
,
2003
.
[4]
Anne Elisabeth Haxthausen,et al.
Formal Development and Verification of a Distributed Railway Control System
,
1999,
World Congress on Formal Methods.
[5]
Gerhard Goos,et al.
Verification of Compilers
,
1999,
Correct System Design.