Object Code Verification for Safety-critical Railway Control Systems

In this article we describe a method for fully automated object code verification, applicable to railway control systems developed within a framework previously proposed by the authors. This allows us to apply arbitrary off-theshelf compilers in a safety-critical context without having to perform expensive compiler validations. Within the restrictions of the framework, the object code verification is less complex than the general problem which has been already been investigated by other authors. Therefore it can be performed quite efficiently: High-level code M written in SystemC, C or C++ and the associated assembler code A generated by the compiler are both lifted to transition system models T (M), T (A), respectively, representing their behaviour. A generic theory containing equivalence preserving transformations on transition systems is elaborated and proven. Using a pattern matching system on these behavioural models, the transformations are applied with a strategy to transform T (M) into T (A) or vice versa. If the transformation succeeds, this establishes behavioural equivalence between M and A.