Overview

CompCert is referenced as an example of deductive verification applied to the transition from C programs to processor models. In the cited certification-oriented discussion, the authors state that even if this transition has been completely covered by deductive verification methods “as in CompCert,” certification bodies will still require test sets that check whether the underlying processor model conforms to real hardware.

Role in a verified systems context

The evidence places CompCert in the broader context of formally verified computer systems. In the Verisoft architecture described by the source, verification spans multiple layers, from application software down to hardware. Within this layered view, the Tools Layer includes the need to verify compiler correctness, while the Hardware Layer includes formal verification of the hardware design.

Certification implications

The source uses CompCert to illustrate that deductive verification of the C-to-processor-model transition is not, by itself, sufficient for some certification scenarios. For higher-assurance certification processes, the authors emphasize that test sets are still required to check conformance of the processor model against real hardware. This motivates model-based generation of test programs from an existing formal processor model, rather than relying only on manually developed certification kits.

Relationship to deductive verification

CompCert is explicitly associated with deductive verification methods in the evidence. The cited passage presents it as an example of deductive verification coverage for the transition from C programs to processor models.