Proving the correctness of a flight-director program for an airborne minicomputer

Authors:
W. D. Maurer
Affiliations:
Department of Electrical Engineering and Computer Science, George Washington University, Washington, D. C.
Venue:
SIGMINI '76 Proceedings of the ACM SIGMINI/SIGPLAN interface meeting on Programming systems in the small processor environment
Year:
1976

Citing 2
Cited 2

An axiomatic basis for computer programming

Communications of the ACM
Some correctness principles for machine language programs and microprograms

MICRO 7 Conference record of the 7th annual workshop on Microprogramming

ACM forum

Communications of the ACM
Hoare logic for realistically modelled machine code

TACAS'07 Proceedings of the 13th international conference on Tools and algorithms for the construction and analysis of systems

Quantified Score

Hi-index	0.02

Visualization

Abstract

Over the past five years, our research efforts have been devoted in large part to developing techniques for proving the correctness of assembly-language and machine-language programs running on actual computers. In this paper, we report upon an effort to put this work into practice by proving the correctness of a program written for the Litton C4000 airborne computer. This includes overflow analysis, non-self-modification analysis, round-off and truncation analysis, fixed-point scaling considerations, and analysis of the sub-routine parameter and return-address conventions used in the given program. The basic method we use is the inductive assertion method of (Floyd, 1967), suitably modified and extended for application to a machine-language situation.