Towards a Coq-verified Chain of Esterel Semantics
Gérard Berry, Lionel Rieg
TL;DR
This work formalizes the chain of Esterel semantics in Coq, introducing a novel microstep semantics that closely mirrors circuit behavior while staying SOS-friendly. It establishes formal simulations and refinements among the logical, constructive, and state constructive semantics, and proves equivalence with the microstep view for the loop-free Kernel Esterel. By providing Coq-based representations, proofs, and interpreters, it lays groundwork toward a verified Esterel-to-circuit compiler, bridging high-level synchronous semantics and low-level hardware translation. Although looped constructs remain outside the current formalization, the framework delivers a rigorous, machine-checked foundation for correctness of Esterel semantics and paves the way for future extensions to full Esterel and circuit backends.
Abstract
This paper focuses on formally specifying and verifying the chain of formal semantics of the Esterel synchronous programming language using the Coq proof assistant. In particular, in addition to the standard logical (LBS) semantics, constructive semantics (CBS) and constructive state semantics (CSS), we introduce a novel microstep semantics that gets rid of the Must/Can potential function pair of the constructive semantics and can be viewed as an abstract version of Esterel's circuit semantics used by compilers to generate software code and hardware designs. Excluding the loop construct from Esterel, the paper also provides formal proofs in Coq of the equivalence between the CBS and CSS semantics and of the refinement of the CSS by the microstep semantics.