Results 1  10
of
99
An Industrial Strength Theorem Prover for a Logic Based on Common Lisp
 IEEE Transactions on Software Engineering
, 1997
"... ACL2 is a reimplemented extended version of Boyer and Moore's Nqthm and Kaufmann's PcNqthm, intended for large scale verification projects. This paper deals primarily with how we scaled up Nqthm's logic to an "industrial strength" programming language  namely, a large applicative subset of Comm ..."
Abstract

Cited by 107 (5 self)
 Add to MetaCart
ACL2 is a reimplemented extended version of Boyer and Moore's Nqthm and Kaufmann's PcNqthm, intended for large scale verification projects. This paper deals primarily with how we scaled up Nqthm's logic to an "industrial strength" programming language  namely, a large applicative subset of Common Lisp  while preserving the use of total functions within the logic. This makes it possible to run formal models efficiently while keeping the logic simple. We enumerate many other important features of ACL2 and we briefly summarize two industrial applications: a model of the Motorola CAP digital signal processing chip and the proof of the correctness of the kernel of the floating point division algorithm on the AMD5K 86 microprocessor by Advanced Micro Devices, Inc.
Strand Spaces: Proving Security Protocols Correct
, 1999
"... A strand is a sequence of events; it represents either an execution by a legitimate party in a security protocol or else a sequence of actions by a penetrator. A strand space is a collection of strands, equipped with a graph structure generated by causal interaction. In this framework, protocol corr ..."
Abstract

Cited by 90 (8 self)
 Add to MetaCart
A strand is a sequence of events; it represents either an execution by a legitimate party in a security protocol or else a sequence of actions by a penetrator. A strand space is a collection of strands, equipped with a graph structure generated by causal interaction. In this framework, protocol correctness claims may be expressed in terms of the connections between strands of different kinds. Preparing for a
Automating the Meta Theory of Deductive Systems
, 2000
"... not be interpreted as representing the o cial policies, either expressed or implied, of NSF or the U.S. Government. This thesis describes the design of a metalogical framework that supports the representation and veri cation of deductive systems, its implementation as an automated theorem prover, a ..."
Abstract

Cited by 81 (17 self)
 Add to MetaCart
not be interpreted as representing the o cial policies, either expressed or implied, of NSF or the U.S. Government. This thesis describes the design of a metalogical framework that supports the representation and veri cation of deductive systems, its implementation as an automated theorem prover, and experimental results related to the areas of programming languages, type theory, and logics. Design: The metalogical framework extends the logical framework LF [HHP93] by a metalogic M + 2. This design is novel and unique since it allows higherorder encodings of deductive systems and induction principles to coexist. On the one hand, higherorder representation techniques lead to concise and direct encodings of programming languages and logic calculi. Inductive de nitions on the other hand allow the formalization of properties about deductive systems, such as the proof that an operational semantics preserves types or the proof that a logic is is a proof calculus whose proof terms are recursive functions that may be consistent.M +
Generic Wrappers
 IN PROCEEDINGS OF ECOOP 2000, LNCS 1850
, 2000
"... Component software means reuse and separate marketing of premanufactured binary components. This requires components from different vendors to be composed very late, possibly by end users at run time as in compounddocument frameworks. To this aim, we propose generic wrappers, a new language constr ..."
Abstract

Cited by 42 (0 self)
 Add to MetaCart
Component software means reuse and separate marketing of premanufactured binary components. This requires components from different vendors to be composed very late, possibly by end users at run time as in compounddocument frameworks. To this aim, we propose generic wrappers, a new language construct for stronglytyped classbased languages. With generic wrappers, objects can be aggregated at run time. The aggregate belongs to a subtype of the actual type of the wrapped object. A lower bound for the type of the wrapped object is fixed at compile time. Generic wrappers are type safe and support modular reasoning. This feature combination is required for true component software but not achieved by known wrapping and combination techniques, such as the wrapper pattern or mixins. We analyze the design space for generic wrappers, e.g. overriding, forwarding vs. delegation, and snappy binding of the wrapped object. As a proof of concept, we add generic wrappers to Java and report on a mechanized type soundness proof of the latter.
The KIVApproach to Software Verification
 KORSO: METHODS, LANGUAGES, AND TOOLS FOR THE CONSTRUCTION OF CORRECT SOFTWARE – FINAL REPORT, LNCS 1009
, 1995
"... This paper presents a particular approach to the design and verification of large sequential systems. It is based on structured algebraic specifications and stepwise refinement by program modules. The approach is implemented in Kiv (Karlsruhe Interactive Verifier), and supports the entire desig ..."
Abstract

Cited by 34 (6 self)
 Add to MetaCart
This paper presents a particular approach to the design and verification of large sequential systems. It is based on structured algebraic specifications and stepwise refinement by program modules. The approach is implemented in Kiv (Karlsruhe Interactive Verifier), and supports the entire design process starting from formal specifications and ending with verified code. Its main characteristics are a strict decompositional design discipline for modular systems, a powerful proof component, and an evolutionary verification model supporting incremental error correction and verification. We present the design methodology for modular systems, a feasible verification method for single modules, and an evolutionary verification technique based on reuse of proofs. We report on the current performance of the system, compare it to others in the field, and discuss future perspectives.
A Structure Preserving Encoding of Z in Isabelle/HOL
 Theorem Proving in HigherOrder Logics, LNCS 1125
, 1996
"... . We present a semantic representation of the core concepts of the specification language Z in higherorder logic. Although it is a "shallow embedding" like the one presented by Bowen and Gordon, our representation preserves the structure of a Z specification and avoids expanding Z schemas. The ..."
Abstract

Cited by 34 (7 self)
 Add to MetaCart
. We present a semantic representation of the core concepts of the specification language Z in higherorder logic. Although it is a "shallow embedding" like the one presented by Bowen and Gordon, our representation preserves the structure of a Z specification and avoids expanding Z schemas. The representation is implemented in the higherorder logic instance of the generic theorem prover Isabelle. Its parser can convert the concrete syntax of Z schemas into their semantic representation and thus spare users from having to deal with the representation explicitly. Our representation essentially conforms with the latest draft of the Z standard and may give both a clearer understanding of Z schemas and inspire the development of proof calculi for Z. 1 Introduction Implementations of proof support for Z [Spi 92, Nic 95] can roughly be divided into two categories. In direct implementations, the rules of the logic are directly represented by functions of the prover's implementation...
PDS  A ThreeDimensional Data Structure for Proof Plans
 PROC. OF ACIDCA'2000
, 2000
"... We present a new data structure that enables to store threedimensional proof objects in a proof development environment. The aim is to handle calculus level proofs as well as abstract proof plans together with information of their correspondences in a single structure. This enables not only differe ..."
Abstract

Cited by 28 (8 self)
 Add to MetaCart
We present a new data structure that enables to store threedimensional proof objects in a proof development environment. The aim is to handle calculus level proofs as well as abstract proof plans together with information of their correspondences in a single structure. This enables not only different means of the proof development environment (e.g., rule and tacticbased theorem proving, or proof planning) to act directly on the same proof object but it also allows for easy presentation of proofs on different levels of abstraction. However, the threedimensional structure requires adjustment of the regular techniques for addition and deletion of proof lines and backtracking of the proof planner.
Applying sourcecode verification to a microkernel  The VFiasco project
, 2002
"... Sourcecode verification works by reasoning about the semantics of the full source code of a program. Traditionally it is limited to small programs written in an academic programming language. In this paper we present the VFiasco (Verified Fiasco) project, in which we apply sourcecode verification ..."
Abstract

Cited by 28 (5 self)
 Add to MetaCart
Sourcecode verification works by reasoning about the semantics of the full source code of a program. Traditionally it is limited to small programs written in an academic programming language. In this paper we present the VFiasco (Verified Fiasco) project, in which we apply sourcecode verification to a complete operatingsystem kernel written in C++. The aim of the VFiasco project is to establish security relevant properties of the Fiasco microkernel using source code verification. The project's main challenges are to develop a clean semantics for the subset of C++ used by the kernel and to enable highlevel reasoning about typed data starting from only lowlevel knowledge about the hardware. In this paper we present our ideas for tackling these challenges. We sketch a semantics of C++ and develop a typesafe object store for reasoning about C++ programs. This object store is based on a hardware model that closely resembles the IA32 virtualmemory architecture, and on guarantees provided by the kernel itself.
Three Theses of Representation in the Semantic Web
, 2003
"... The Sematic Web is vitally dependant on a formal meaning for the constructs of its languages. For Semantic Web languages to work well together their formal meanings must employ a common view (or thesis) of representation, otherwise it will not be possible to reconcile documents written in different ..."
Abstract

Cited by 26 (1 self)
 Add to MetaCart
The Sematic Web is vitally dependant on a formal meaning for the constructs of its languages. For Semantic Web languages to work well together their formal meanings must employ a common view (or thesis) of representation, otherwise it will not be possible to reconcile documents written in different languages. The thesis of representation underlying RDF and RDFS is particularly troublesome in this regard, as it has several unusual aspects, both semantic and syntactic. A morestandard thesis of representation would result in the ability to reuse existing results and tools in the Semantic Web.