From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,FREEMAIL_FROM autolearn=unavailable autolearn_force=no version=3.4.4 X-Received: by 10.129.25.212 with SMTP id 203mr27580061ywz.35.1448432688742; Tue, 24 Nov 2015 22:24:48 -0800 (PST) X-Received: by 10.182.44.169 with SMTP id f9mr422580obm.16.1448432688701; Tue, 24 Nov 2015 22:24:48 -0800 (PST) Path: eternal-september.org!reader01.eternal-september.org!reader02.eternal-september.org!news.eternal-september.org!mx02.eternal-september.org!feeder.eternal-september.org!news.glorb.com!b51no2322074qgf.0!news-out.google.com!f6ni12867igq.0!nntp.google.com!mv3no2822964igc.0!postnews.google.com!glegroupsg2000goo.googlegroups.com!not-for-mail Newsgroups: comp.lang.ada Date: Tue, 24 Nov 2015 22:24:48 -0800 (PST) In-Reply-To: <1pl8set3ocirg.1v92rqtxaoq3z$.dlg@40tude.net> Complaints-To: groups-abuse@google.com Injection-Info: glegroupsg2000goo.googlegroups.com; posting-host=97.123.238.101; posting-account=lJ3JNwoAAAAQfH3VV9vttJLkThaxtTfC NNTP-Posting-Host: 97.123.238.101 References: <1pl8set3ocirg.1v92rqtxaoq3z$.dlg@40tude.net> User-Agent: G2/1.0 MIME-Version: 1.0 Message-ID: <69b11711-7f19-4b0f-9a5e-66b873a72cc2@googlegroups.com> Subject: Re: GNAT.Serial_Communication and Streams From: Shark8 Injection-Date: Wed, 25 Nov 2015 06:24:48 +0000 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Xref: news.eternal-september.org comp.lang.ada:28531 Date: 2015-11-24T22:24:48-08:00 List-Id: On Tuesday, November 24, 2015 at 3:45:52 AM UTC-7, Dmitry A. Kazakov wrote: > On Tue, 24 Nov 2015 10:28:20 +0000, Simon Wright wrote: > > I wholly agree with "trust, but verify", though! >=20 > You can verify given compiler for given machine. You cannot do that in > general. Whyever not? Let us suppose that the compiler is represented by a function F(Text) -> Ob= ject; furthermore, let F be a compositional function such that: function FE(text) -> token_stream function CP(token_stream) -> intermediate_form function BE(intermediate_form) -> Object and function F =3D BE(CP(FE)) Now, obviously we can have the front-end take the text (be it in ASCII, EBD= IC, or one of the UTF formats) and produce tokens which are a record of [To= ken_ID, Lexeme] where Lexeme is a standard textual form (let's say UTF32-BE= ). Now obviously we could split this so that FE =3D Encode_UTF(Decode_Parti= cular(File)) -- this is to say that, conceptually, the front-end (FE) will = only receive the proper UTF32-BE regardless of the particular encoding... n= othing here should be dependent on the underlying architecture. Let us now consider CP*, here we have a function taking a stream of tokens = and returning the proper IR; obviously this could be verified and also shou= ld be independent of the underlying architecture. Finally, considering the back-end (BE) we have essentially the same problem= as the above CP, with the addition that the execution of the result is cor= rect. So it seems the only possible break in applying verification is the H= W/BE divide, that the emitted code /does/ what it is supposed to do, but gi= ven that HW manufacturers have used formal methods verification to prove th= e HW (for some HW), it is certainly possible on the HW level as well. Going back to the idea of Forth, where every word (Forth's name for functio= n) is defined as a either a list of words or some (usually very small) mach= ine-code to be executed we could define a minimal set of words and implemen= t the rest of Forth's standard dictionary in them --which means that to por= t the entire [verified] compiler we'd just have to rewrite the aforemention= ed words, and feed the compiler's source to itself-- this reduces our machi= ne-dependent verification-burden to only the instructions used in that smal= l set of words that all the other words are written in. So, hooking the idea of having verified IR emition, if we use Forth as our = IR then [once the entire compiler is verified] so long as we've verified th= e instructions used in our minimal dictionary on our new target we have a v= erified compiler. Sure it's a lot of work, but I see no reason to consider it impossible. * -- Arguably CP is the 'heart' of the compiler and can itself be viewed as= a series of transformations; and it itself can conceptually be broken down= into a aeries of transformations.