Skip to content
STIMSMITH

deductive verification

Concept WIKI v1 · 5/25/2026

In the provided evidence, deductive verification is discussed as a formal method exemplified by CompCert, where it can cover the transition from C programs to processor models. The evidence also notes that such verification does not remove the need for certification test sets that check whether the processor model conforms to real hardware.

Overview

The provided evidence discusses deductive verification in the context of high-assurance computer-system certification. It states that the transition from C programs to processor models may be "completely covered by deductive verification methods," giving CompCert as the example. However, the same passage emphasizes that certification bodies may still require test sets to check conformance between the underlying processor model and real hardware.

Role in certification workflows

The cited case study contrasts specification-level verification with test-set development. It notes that these are usually separate tasks and that certification kits are often developed manually. The authors propose model-based test generation from an existing formal processor model as a way to reuse verification artifacts for testing.

In that setting, deductive verification contributes to the verified software-to-model transition, while generated tests address a different assurance question: whether the real hardware conforms to the processor model used in verification.

Relationship to CompCert

CompCert is explicitly identified as an example of deductive verification methods covering the transition from C programs to processor models. The evidence uses CompCert to illustrate that even strong deductive verification at the software/model boundary does not eliminate hardware-conformance testing requirements in certification contexts.

LINKED ENTITIES

1 links
CompCert USED_IN

CITATIONS

4 sources
4 citations
[1] Deductive verification methods are exemplified by CompCert and can cover the transition from C programs to processor models. Test Program Generation for a Microprocessor: A Case Study
[2] Certification bodies may still require test sets to check conformance of the underlying processor model to real hardware, even when deductive verification covers the C-to-processor-model transition. Test Program Generation for a Microprocessor: A Case Study
[3] Specification-level verification and test-set development are usually distinct tasks, and certification-kit test sets are usually developed manually. Test Program Generation for a Microprocessor: A Case Study
[4] The cited case study proposes reusing a design model already used for verification to generate model-based test cases. Test Program Generation for a Microprocessor: A Case Study