Results 1  10
of
17
The Isabelle Collections Framework
"... The Isabelle Collections Framework (ICF) provides a unified framework for using verified collection data structures in Isabelle/HOL formalizations and generating efficient functional code in ML, Haskell, and OCaml. Thanks to its modularity, it is easily extensible and supports switching to differen ..."
Abstract

Cited by 18 (10 self)
 Add to MetaCart
(Show Context)
The Isabelle Collections Framework (ICF) provides a unified framework for using verified collection data structures in Isabelle/HOL formalizations and generating efficient functional code in ML, Haskell, and OCaml. Thanks to its modularity, it is easily extensible and supports switching to different data structures any time. For good integration with applications, a data refinement approach separates the correctness proofs from implementation details. The generated code based on the ICF lies in better complexity classes than the one that uses Isabelle’s default setup (logarithmic vs. linear time). In a case study with tree automata, we demonstrate that the ICF is easy to use and efficient: An ICF based, verified tree automata library outperforms the unverified Timbuk/Taml library by a factor of 14.
Practical tactics for separation logic
 In TPHOLs, volume 5674 of LNCS
, 2009
"... Abstract. We present a comprehensive set of tactics that make it practical to use separation logic in a proof assistant. These tactics enable the verification of partial correctness properties of complex pointerintensive programs. Our goal is to make separation logic as easy to use as the standard ..."
Abstract

Cited by 13 (1 self)
 Add to MetaCart
(Show Context)
Abstract. We present a comprehensive set of tactics that make it practical to use separation logic in a proof assistant. These tactics enable the verification of partial correctness properties of complex pointerintensive programs. Our goal is to make separation logic as easy to use as the standard logic of a proof assistant. We have developed tactics for the simplification, rearranging, splitting, matching and rewriting of separation logic assertions as well as the discharging of a program verification condition using a separation logic description of the machine state. We have implemented our tactics in the Coq proof assistant, applying them to a deep embedding of Cminor, a Clike intermediate language used by Leroy’s verified CompCert compiler. We have used our tactics to verify the safety and completeness of a Cheney copying garbage collector written in Cminor. Our ideas should be applicable to other substructural logics and imperative languages. 1
Code generation from Isabelle/HOL theories
, 2008
"... This tutorial gives a motivationdriven introduction to a generic code generator framework in Isabelle for generating executable code in functional programming languages from logical specifications. ..."
Abstract

Cited by 10 (0 self)
 Add to MetaCart
(Show Context)
This tutorial gives a motivationdriven introduction to a generic code generator framework in Isabelle for generating executable code in functional programming languages from logical specifications.
Verification of Certifying Computations
"... Abstract. Formal verification of complex algorithms is challenging. Verifying their implementations goes beyond the state of the art of current verification tools and proving their correctness usually involves nontrivial mathematical theorems. Certifying algorithms compute in addition to each outpu ..."
Abstract

Cited by 9 (5 self)
 Add to MetaCart
(Show Context)
Abstract. Formal verification of complex algorithms is challenging. Verifying their implementations goes beyond the state of the art of current verification tools and proving their correctness usually involves nontrivial mathematical theorems. Certifying algorithms compute in addition to each output a witness certifying that the output is correct. A checker for such a witness is usually much simpler than the original algorithm – yet it is all the user has to trust. Verification of checkers is feasible with current tools and leads to computations that can be completely trusted. In this paper we develop a framework to seamlessly verify certifying computations. The automatic verifier VCC is used for checking code correctness, and the interactive theorem prover Isabelle/HOL targets highlevel mathematical properties of algorithms. We demonstrate the effectiveness of our approach by applying it to the verification of the algorithmic library LEDA. 1
Tracebased Verification of Imperative Programs with I/O
"... In this paper we demonstrate how to prove the correctness of systems implemented using lowlevel imperative features like pointers, files, and socket I/O with respect to high level I/O protocol descriptions by using the Coq proof assistant. We present a webbased course gradebook application develope ..."
Abstract

Cited by 5 (0 self)
 Add to MetaCart
(Show Context)
In this paper we demonstrate how to prove the correctness of systems implemented using lowlevel imperative features like pointers, files, and socket I/O with respect to high level I/O protocol descriptions by using the Coq proof assistant. We present a webbased course gradebook application developed with Ynot, a Coq library for verified imperative programming. We add a dialogbased I/O system to Ynot, and we extend Ynot’s underlying Hoare logic with event traces to reason about I/O and protocol behavior. Expressive abstractions allow the modular verification of both high level specifications like privacy guarantees and low level properties like data structure pointer invariants.
Animating the formalised semantics of a Javalike language
 In Interactive Theorem Proving, volume 6898 of LNCS
, 2011
"... ..."
(Show Context)
A Framework for Verified DepthFirst Algorithms
"... We present a framework in Isabelle/HOL for formalizing variants of depthfirst search. This framework allows to easily prove nontrivial properties of these variants. Moreover, verified code in several programming languages including Haskell, Scala and Standard ML can be generated. In this paper, we ..."
Abstract

Cited by 2 (0 self)
 Add to MetaCart
(Show Context)
We present a framework in Isabelle/HOL for formalizing variants of depthfirst search. This framework allows to easily prove nontrivial properties of these variants. Moreover, verified code in several programming languages including Haskell, Scala and Standard ML can be generated. In this paper, we present an abstract formalization of depthfirst search and demonstrate how it is refined to an efficiently executable version. Further we use the emptinessproblem of Büchiautomata known from model checking as the motivation to present three Nested DFS algorithms. They are formalized, verified and transformed into executable code using our framework.
Extending Coq with Imperative Features and its Application to SAT Verification
"... Abstract. Coq has within its logic a programming language that can be used effectively to replace many deduction steps into a single computation, this is the socalled reflection. In this paper, we present a major improvement of the evaluation mechanism that preserves its correctness and makes it p ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
(Show Context)
Abstract. Coq has within its logic a programming language that can be used effectively to replace many deduction steps into a single computation, this is the socalled reflection. In this paper, we present a major improvement of the evaluation mechanism that preserves its correctness and makes it possible to deal with cpuintensive tasks such as proof checking of SAT traces. 1
Contents
, 2009
"... Dynamic Pushdown Networks (DPNs) are a model for concurrent programs with recursive procedures and thread creation. We formalize a trueconcurrency semantics for DPNs. Executions of this semantics have a tree structure. We show the relation of our semantics to the original interleavings semantics. W ..."
Abstract
 Add to MetaCart
(Show Context)
Dynamic Pushdown Networks (DPNs) are a model for concurrent programs with recursive procedures and thread creation. We formalize a trueconcurrency semantics for DPNs. Executions of this semantics have a tree structure. We show the relation of our semantics to the original interleavings semantics. We then show how to compute predecessor sets of regular sets of configurations w.r.t. treeregular constraints on the execution. Acquisition histories have been introduced by Kahlon et al. to modelcheck parallel pushdown systems with wellnested locks, but without thread creation. We generalize acquisistion histories to be used with DPNs. For this purpose, our treebased semantics can be naturally applied. Moreover, the generalized acquisition histories enable us to characterize the (treebased) executions that have a schedule that is valid w.r.t. locks, thus obtaining an algorithm to compute locksensitive predecessor sets.
Formal Verification of a Modern SAT Solver
, 2009
"... We present a formalization and a formal total correctness proof of a MiniSATlike SAT solver within the system Isabelle/HOL. The solver is based on the DPLL procedure and employs most stateofthe art SAT solving techniques, including the conflictguided backjumping, clause learning, and the twowatc ..."
Abstract
 Add to MetaCart
We present a formalization and a formal total correctness proof of a MiniSATlike SAT solver within the system Isabelle/HOL. The solver is based on the DPLL procedure and employs most stateofthe art SAT solving techniques, including the conflictguided backjumping, clause learning, and the twowatch unit propagation scheme. A shallow embedding into HOL is used and the solver is expressed as a set of recursive HOL functions. Based on this specification, the Isabelle’s builtin code generator can be used to generate executable code in several supported functional languages (Haskell, SML, and OCaml). The SAT solver implemented in this way is, to our knowledge, the first fully formally and mechanically verified modern SAT solver.