. This paper deals with formalizations and verifications in type theory that are abstracted with respect to a class of datatypes; i.e polytypic constructions. The main advantage of these developments are that they can not only be used to define functions in a generic way but also to formally state polytypic theorems and to synthesize polytypic proof objects in a formal way. This opens the door to mechanically proving many useful facts about large classes of datatypes once and for all. 1 Introduction It is a major challenge to design libraries for theorem proving systems that are both sufficiently complete and relatively easy to use in a wide range of applications (see e.g. [6, 26]). A library for abstract datatypes, in particular, is an essential component of every proof development system. The libraries of the Coq [1] and the Lego [13] system, for example, include a number of functions, theorems, and proofs for common datatypes like natural numbers or polymorphic lists. In th...

Abstract. We relate two well-studied methodologies in deductive verification of operationally modeled sequential programs, namely the use of inductive invariants and clock functions. We show that the two methodologies are equivalent and one can mechanically transform a proof of a program in one methodology to a proof in the other. Both partial and total correctness are considered. This mechanical transformation is compositional; different parts of a program can be verified using different methodologies to achieve a complete proof of the entire program. The equivalence theorems have been mechanically checked by the ACL2 theorem prover and we implement automatic tools to carry out the transformation between the two methodologies in ACL2.

Abstract not found

: The ß-calculus is a process algebra for modelling concurrent systems in which the pattern of communication between processes may change over time. This paper describes the results of preliminary work on a definitional formal theory of the ß-calculus in higher order logic using the HOL theorem prover. The ultimate goal of this work is to provide practical mechanized support for reasoning with the ß-calculus about applications. Introduction The ß-calculus [17, 18] is a process algebra proposed by Milner, Parrow and Walker for modelling concurrent systems in which the pattern of interconnection between processes may change over time. This paper describes work on a mechanized formal theory of the ß-calculus in higher order logic using the HOL theorem prover [8]. The main aim of this work is to construct a practical and sound theorem-proving tool to support reasoning about applications using the ß-calculus, as well as metatheoretic reasoning about the ß-calculus itself. Four general prin...

This paper presents a model of proof discovery derived from the proof attempts of subjects who carried out interactive proofs using the HOL or Isabelle provers. Techniques of knowledge modelling, from knowledge-basedsystem development, are used to derive a semi-formal model of the knowledge utilised by the subjects. The proposedmodel makes claims about the relation between the problem class, the proof plan and its implementation.

We present an approach to mathematical assistants which uses readable, executable proof scripts as the central language for interaction. We examine an implementation that combines the Isar language, the Isabelle theorem prover and the IsaPlanner proof planner. We argue that this synergy provides a flexible environment for the exploration, certification, and presentation of mathematical proof.

The present paper presents an overview of the main results of the ASTEC project Verification of Erlang Programs, focusing in particular on the Erlang verification tool. This is a theorem-proving tool which assists in obtaining proofs that Erlang applications satisfy their correctness requirements formulated in a specification logic. We give a summary of the verification framework as supported by the tool, discuss reasoning principles essential for successful verification such as inductive and compositional reasoning, and an efficient treatment of side-effect-free code. The experiences of applying the verification tool in an industrial case study are summarised, and an approach for supporting verification in the presence of program libraries is outlined. The verification tool is essentially a classical proof assistant, or theorem-proving tool, requiring users to intervene in the proof process at crucial steps such as stating program invariants. However, the tool offers considerable support for au...

We explore the tension between adding functionality to create resilient software and minimizing functionality to make it more feasible to formally verify software. To illustrate the effects of this trade-off, we examine a tiny example in detail. We show how code written with a good style may be hard to verify, specifically that the test condition is troublesome. We also show that a test condition "improved" in an attempt to make the verification more straight-forward worsens the failure characteristics. To demonstrate the effect in an actual situation, we examine a secure web server, thttpd, its design principles and security features. We discuss how the security features introduce redundancies making verification harder, but also present some of its formal verification to show that verification is feasible. We conclude that software should be designed with necessary redundancies and that the temptation to oversimplify the design in order to formally verify it should be resisted. 1 ...

. This paper discusses the adaptation of the PVS theorem prover for performing analysis of real-time systems written in the ASTRAL formal specification language. A number of issues were encountered during the encoding of ASTRAL that are relevant to the encoding of many real-time specification languages. These issues are presented as well as how they were handled in the ASTRAL encoding. A translator has been written that translates any ASTRAL specification into its corresponding PVS encoding. After performing the proofs of several systems using the encoding, PVS strategies have been developed to automate the proofs of certain types of properties. In addition, the encoding has been used as the basis for a transition sequence generator tool. 1 Introduction A real-time system is a system that must perform its actions within specified time bounds. With the advent of cheap processing power and increasingly sophisticated consumer demands, real-time systems have become commonplace ...

Most new theorem provers implement strong and complicated type theories which eliminate some of the limitations of simple type theories such as the HOL logic. A more accessible alternative might be to use a combination of set theory and simple type theory as in HOL-ST which is a version of the HOL system supporting a ZF-like set theory in addition to higher order logic. This paper presents a case study on the use of HOL-ST to build a model of the -calculus by formalising the inverse limit construction of domain theory. This construction is not possible in the HOL system itself, or in simple type theories in general. 1 Introduction The HOL system [GM93] supports a simple and accessible yet very powerful logic, called higher order logic or simple type theory. This is probably a main reason why it has one of the largest user communities of any theorem prover today. However, it is heard every now and then that users cannot quite do what they would like to do, e.g. due to restrictions in t...