Results 1  10
of
15
The Isabelle Collections Framework
"... Abstract. The Isabelle Collections Framework (ICF) provides a unified framework for using verified collection data structures in Isabelle/HOL formalizations and generating efficient functional code in ML, Haskell, and OCaml. Thanks to its modularity, it is easily extensible and supports switching to ..."
Abstract

Cited by 12 (7 self)
 Add to MetaCart
Abstract. The Isabelle Collections Framework (ICF) provides a unified framework for using verified collection data structures in Isabelle/HOL formalizations and generating efficient functional code in ML, Haskell, and OCaml. Thanks to its modularity, it is easily extensible and supports switching to different data structures any time. For good integration with applications, a data refinement approach separates the correctness proofs from implementation details. The generated code based on the ICF lies in better complexity classes than the one that uses Isabelle’s default setup (logarithmic vs. linear time). In a case study with tree automata, we demonstrate that the ICF is easy to use and efficient: An ICF based, verified tree automata library outperforms the unverified Timbuk/Taml library by a factor of 14. 1
Practical tactics for separation logic
 In TPHOLs, volume 5674 of LNCS
, 2009
"... Abstract. We present a comprehensive set of tactics that make it practical to use separation logic in a proof assistant. These tactics enable the verification of partial correctness properties of complex pointerintensive programs. Our goal is to make separation logic as easy to use as the standard ..."
Abstract

Cited by 7 (1 self)
 Add to MetaCart
Abstract. We present a comprehensive set of tactics that make it practical to use separation logic in a proof assistant. These tactics enable the verification of partial correctness properties of complex pointerintensive programs. Our goal is to make separation logic as easy to use as the standard logic of a proof assistant. We have developed tactics for the simplification, rearranging, splitting, matching and rewriting of separation logic assertions as well as the discharging of a program verification condition using a separation logic description of the machine state. We have implemented our tactics in the Coq proof assistant, applying them to a deep embedding of Cminor, a Clike intermediate language used by Leroy’s verified CompCert compiler. We have used our tactics to verify the safety and completeness of a Cheney copying garbage collector written in Cminor. Our ideas should be applicable to other substructural logics and imperative languages. 1
Code generation from Isabelle/HOL theories
, 2007
"... This tutorial introduces the code generator facilities of Isabelle/HOL. They empower the user to turn HOL specifications into corresponding executable programs in the languages SML, OCaml, Haskell and Scala. 1 INTRODUCTION 1 1 ..."
Abstract

Cited by 6 (0 self)
 Add to MetaCart
This tutorial introduces the code generator facilities of Isabelle/HOL. They empower the user to turn HOL specifications into corresponding executable programs in the languages SML, OCaml, Haskell and Scala. 1 INTRODUCTION 1 1
Verification of Certifying Computations
"... Abstract. Formal verification of complex algorithms is challenging. Verifying their implementations goes beyond the state of the art of current verification tools and proving their correctness usually involves nontrivial mathematical theorems. Certifying algorithms compute in addition to each outpu ..."
Abstract

Cited by 3 (3 self)
 Add to MetaCart
Abstract. Formal verification of complex algorithms is challenging. Verifying their implementations goes beyond the state of the art of current verification tools and proving their correctness usually involves nontrivial mathematical theorems. Certifying algorithms compute in addition to each output a witness certifying that the output is correct. A checker for such a witness is usually much simpler than the original algorithm – yet it is all the user has to trust. Verification of checkers is feasible with current tools and leads to computations that can be completely trusted. In this paper we develop a framework to seamlessly verify certifying computations. The automatic verifier VCC is used for checking code correctness, and the interactive theorem prover Isabelle/HOL targets highlevel mathematical properties of algorithms. We demonstrate the effectiveness of our approach by applying it to the verification of the algorithmic library LEDA. 1
Animating the Formalised Semantics of a Javalike Language
"... Abstract. Considerable effort has gone into the techniques of extracting executable code from formal specifications and animating them. We show how to apply these techniques to the large JinjaThreads formalisation. It models a substantial subset of multithreaded Java source and bytecode in Isabelle/ ..."
Abstract

Cited by 2 (1 self)
 Add to MetaCart
Abstract. Considerable effort has gone into the techniques of extracting executable code from formal specifications and animating them. We show how to apply these techniques to the large JinjaThreads formalisation. It models a substantial subset of multithreaded Java source and bytecode in Isabelle/HOL and focuses on proofs and modularity whereas code generation was of little concern in its design. Employing Isabelle’s code generation facilities, we obtain a verified Java interpreter that is sufficiently efficient for running small Java programs. To this end, we present refined implementations for common notions such as the reflexive transitive closure and Russell’s definite description operator. From our experience, we distill simple guidelines on how to develop future formalisations with executability in mind. 1
Tracebased Verification of Imperative Programs with I/O
"... In this paper we demonstrate how to prove the correctness of systems implemented using lowlevel imperative features like pointers, files, and socket I/O with respect to high level I/O protocol descriptions by using the Coq proof assistant. We present a webbased course gradebook application develope ..."
Abstract

Cited by 2 (0 self)
 Add to MetaCart
In this paper we demonstrate how to prove the correctness of systems implemented using lowlevel imperative features like pointers, files, and socket I/O with respect to high level I/O protocol descriptions by using the Coq proof assistant. We present a webbased course gradebook application developed with Ynot, a Coq library for verified imperative programming. We add a dialogbased I/O system to Ynot, and we extend Ynot’s underlying Hoare logic with event traces to reason about I/O and protocol behavior. Expressive abstractions allow the modular verification of both high level specifications like privacy guarantees and low level properties like data structure pointer invariants.
Formal Verification of a Modern SAT Solver
, 2009
"... We present a formalization and a formal total correctness proof of a MiniSATlike SAT solver within the system Isabelle/HOL. The solver is based on the DPLL procedure and employs most stateofthe art SAT solving techniques, including the conflictguided backjumping, clause learning, and the twowatc ..."
Abstract
 Add to MetaCart
We present a formalization and a formal total correctness proof of a MiniSATlike SAT solver within the system Isabelle/HOL. The solver is based on the DPLL procedure and employs most stateofthe art SAT solving techniques, including the conflictguided backjumping, clause learning, and the twowatch unit propagation scheme. A shallow embedding into HOL is used and the solver is expressed as a set of recursive HOL functions. Based on this specification, the Isabelle’s builtin code generator can be used to generate executable code in several supported functional languages (Haskell, SML, and OCaml). The SAT solver implemented in this way is, to our knowledge, the first fully formally and mechanically verified modern SAT solver.
2.1.1 Empty Map........................ 8
, 2010
"... This development provides an efficient, extensible, machine checked collections framework for use in Isabelle/HOL. The library adopts the concepts of interface, implementation and generic algorithm from objectoriented programming and implements them in Isabelle/HOL. The framework features the use o ..."
Abstract
 Add to MetaCart
This development provides an efficient, extensible, machine checked collections framework for use in Isabelle/HOL. The library adopts the concepts of interface, implementation and generic algorithm from objectoriented programming and implements them in Isabelle/HOL. The framework features the use of data refinement techniques to refine an abstract specification (using highlevel concepts like sets) to a more concrete implementation (using collection datastructures, like redblacktrees). The codegenerator of Isabelle/HOL can be used to generate efficient code in all supported target languages, i.e. Haskell,
Imperative HOL – a leightweight framework for imperative data structures in Isabelle/HOL
, 2011
"... Imperative HOL is a leightweight framework for reasoning about imperative data structures in Isabelle/HOL [2]. Its basic ideas are described in [1]. However their concrete realisation has changed since, due to both extensions and refinements. Therefore this overview wants to present the framework “a ..."
Abstract
 Add to MetaCart
Imperative HOL is a leightweight framework for reasoning about imperative data structures in Isabelle/HOL [2]. Its basic ideas are described in [1]. However their concrete realisation has changed since, due to both extensions and refinements. Therefore this overview wants to present the framework “as it is ” by now. It focusses on the userview, less on matters of construction. For details study of the theory sources is encouraged. 1 A polymorphic heap inside a monad Heaps (heap) can be populated by values of class heap; HOL’s default types are already instantiated to class heap. Class heap is a subclass of countable; see theory Countable for ways to instantiate types as countable. The heap is wrapped up in a monad ′ a Heap by means of the following specification: datatype ′ a Heap = Heap.Heap (heap ⇒ ( ′ a × heap) option) Unwrapping of this monad type happens through execute:: ′ a Heap ⇒ heap ⇒ ( ′ a × heap) option execute (Heap.Heap f) = f This allows for equational reasoning about monadic expressions; the fact collection executesimps contains appropriate rewrites for all fundamental operations. Primitive finegranular control over heaps is available through rule Heapcases: ( ∧ x h ′. execute f h = Some (x, h ′ ) = ⇒ P) = ⇒ (execute f h = None = ⇒ P) = ⇒ P
Imperative HOL – a leightweight framework for
"... 2011 Imperative HOL is a leightweight framework for reasoning about imperative data structures in Isabelle/HOL [2]. Its basic ideas are described in [1]. However their concrete realisation has changed since, due to both extensions and refinements. Therefore this overview wants to present the framewo ..."
Abstract
 Add to MetaCart
2011 Imperative HOL is a leightweight framework for reasoning about imperative data structures in Isabelle/HOL [2]. Its basic ideas are described in [1]. However their concrete realisation has changed since, due to both extensions and refinements. Therefore this overview wants to present the framework “as it is ” by now. It focusses on the userview, less on matters of construction. For details study of the theory sources is encouraged. 1 A polymorphic heap inside a monad Heaps (heap) can be populated by values of class heap; HOL’s default types are already instantiated to class heap. Class heap is a subclass of countable; see theory Countable for ways to instantiate types as countable. The heap is wrapped up in a monad ′ a Heap by means of the following specification: datatype ′ a Heap = Heap.Heap (heap ⇒ ( ′ a × heap) option) Unwrapping of this monad type happens through execute:: ′ a Heap ⇒ heap ⇒ ( ′ a × heap) option execute (Heap.Heap f) = f This allows for equational reasoning about monadic expressions; the fact collection executesimps contains appropriate rewrites for all fundamental operations. Primitive finegranular control over heaps is available through rule Heapcases: ( ∧ x h ′. execute f h = Some (x, h ′ ) = ⇒ P) = ⇒ (execute f h = None = ⇒ P) = ⇒ P Monadic expression involve the usual combinators: