Results 1  10
of
20
A Formalization of the Process Algebra CCS in Higher Order Logic
, 1992
"... : This paper describes a mechanization in higher order logic of the theory for a subset of Milner's ccs. The aim is to build a sound and effective tool to support verification and reasoning about process algebra specifications. To achieve this goal, the formal theory for pure ccs (no value passing) ..."
Abstract

Cited by 9 (0 self)
 Add to MetaCart
: This paper describes a mechanization in higher order logic of the theory for a subset of Milner's ccs. The aim is to build a sound and effective tool to support verification and reasoning about process algebra specifications. To achieve this goal, the formal theory for pure ccs (no value passing) is defined in the interactive theorem prover hol, and a set of proof tools, based on the algebraic presentation of ccs, is provided. y Research supported by Consiglio Nazionale delle Ricerche (C.N.R.), Italy. Contents 1 Introduction 2 2 The HOL System 3 3 CCS 4 3.1 Syntax and Operational Semantics : : : : : : : : : : : : : : : : : : : : : : : 4 3.2 Observational Semantics : : : : : : : : : : : : : : : : : : : : : : : : : : : : : 5 3.3 Axiomatic Characterization of Observational Congruence : : : : : : : : : : 6 3.4 A Modal Logic : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : 7 4 Mechanization of CCS in HOL 8 4.1 The Syntax : : : : : : : : : : : : : : : : : : : : : ...
Embedding CSP in PVS. An Application to Authentication Protocols
, 1997
"... In [28], Schneider applies CSP to the modelling and analysis of authentication protocols and develops a general proof strategy for verifying authentication properties. This paper shows how the PVS theorem prover can provide effective mechanical support to the approach. Contents 1 Introduction 1 2 ..."
Abstract

Cited by 8 (4 self)
 Add to MetaCart
In [28], Schneider applies CSP to the modelling and analysis of authentication protocols and develops a general proof strategy for verifying authentication properties. This paper shows how the PVS theorem prover can provide effective mechanical support to the approach. Contents 1 Introduction 1 2 Authentication Protocols in CSP 3 2.1 CSP notation : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : 3 2.2 A general model for authentication protocols : : : : : : : : : : : : : 4 2.3 Checking authentication properties : : : : : : : : : : : : : : : : : : : 7 3 An Embedding of CSP in PVS 9 3.1 Lists : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : 10 3.2 Basic CSP : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : 14 3.3 Parametric processes : : : : : : : : : : : : : : : : : : : : : : : : : : : 18 3.4 Properties of processes : : : : : : : : : : : : : : : : : : : : : : : : : : 21 3.5 Fixed points and induction : : : : : : : : : : : : : : : ...
Lightweight Analysis of Operational Specifications Using Inference Graphs
 In Proc. of the 2001 International Conference on Software Engineering (ICSE'2001
"... The Amalia framework generates lightweight components that automate the analysis of operational specifications and designs [16]. A key concept is the step analyzer, which enables Amalia to automatically tailor highlevel analyses, such as behavior simulation and model checking, to different specific ..."
Abstract

Cited by 8 (6 self)
 Add to MetaCart
The Amalia framework generates lightweight components that automate the analysis of operational specifications and designs [16]. A key concept is the step analyzer, which enables Amalia to automatically tailor highlevel analyses, such as behavior simulation and model checking, to different specification languages and representations. A step analyzer uses a new abstraction, called an inference graph, for the analysis. It creates and evaluates an inference graph onthefly during a topdown traversal of a specification to deduce the specification's local behaviors (called steps). The nodes of an inference graph directly reify the rules in an operational semantics, enabling Amalia to automatically generate a step analyzer from an operational description of a notation's semantics. Inference graphs are a clean abstraction that can be formally defined. The paper provides a detailed, but informal, introduction to inference graphs. It uses example specifications written in LOTOS for purposes of illustration. Keywords Testing, analysis, and verification; Patterns and frameworks; Formal methods; Lightweight analysis components; Operational specifications; Automated software generators. 1.
A Mechanized Theory of the picalculus in HOL
, 1992
"... : The ßcalculus is a process algebra for modelling concurrent systems in which the pattern of communication between processes may change over time. This paper describes the results of preliminary work on a definitional formal theory of the ßcalculus in higher order logic using the HOL theorem prov ..."
Abstract

Cited by 8 (0 self)
 Add to MetaCart
: The ßcalculus is a process algebra for modelling concurrent systems in which the pattern of communication between processes may change over time. This paper describes the results of preliminary work on a definitional formal theory of the ßcalculus in higher order logic using the HOL theorem prover. The ultimate goal of this work is to provide practical mechanized support for reasoning with the ßcalculus about applications. Introduction The ßcalculus [17, 18] is a process algebra proposed by Milner, Parrow and Walker for modelling concurrent systems in which the pattern of interconnection between processes may change over time. This paper describes work on a mechanized formal theory of the ßcalculus in higher order logic using the HOL theorem prover [8]. The main aim of this work is to construct a practical and sound theoremproving tool to support reasoning about applications using the ßcalculus, as well as metatheoretic reasoning about the ßcalculus itself. Four general prin...
Inference graphs: A computational structure supporting generation of customizable and correct analysis components
 IEEE Transactions on Software Engineering
, 2003
"... Abstract—Amalia is a generator framework for constructing analyzers for operationally defined formal notations. These generated analyzers are components that are designed for customization and integration into a larger environment. The customizability and efficiency of Amalia analyzers owe to a comp ..."
Abstract

Cited by 4 (1 self)
 Add to MetaCart
Abstract—Amalia is a generator framework for constructing analyzers for operationally defined formal notations. These generated analyzers are components that are designed for customization and integration into a larger environment. The customizability and efficiency of Amalia analyzers owe to a computational structure called an inference graph. This paper describes this structure, how inference graphs enable Amalia to generate analyzers for operational specifications, and how we build in assurance. On another level, this paper illustrates how to balance the need for assurance, which typically implies a formal proof obligation, against other design concerns, whose solutions leverage design techniques that are not (yet) accompanied by mature proof methods. We require Amaliagenerated designs to be transparent with respect to the formal semantic models upon which they are based. Inference graphs are complex structures that incorporate many design optimizations. While not formally verifiable, their fidelity with respect to a formal operational semantics can be discharged by inspection. Index Terms—Amalia, analysis software, engineering tradeoffs, inference graphs, operational semantics, program transformations, proofs of correctness, transparent design.
From I/O Automata to Timed I/O Automata  A solution to the `Generalized Railroad Crossing' in Isabelle/HOLCF
, 1999
"... The model of timed I/O automata represents an extension of the model of I/O automata with the aim of reasoning about realtime systems. A number of case studies using timed I/O automata has been carried out, among them a treatment of the socalled Generalized Railroad Crossing (GRC). An already exist ..."
Abstract

Cited by 3 (1 self)
 Add to MetaCart
The model of timed I/O automata represents an extension of the model of I/O automata with the aim of reasoning about realtime systems. A number of case studies using timed I/O automata has been carried out, among them a treatment of the socalled Generalized Railroad Crossing (GRC). An already existing formalization of the metatheory of I/O automata within Isabelle/HOLCF allows for fully formal toolsupported verification using I/O automata. We present a modification of this formalization which accomodates for reasoning about timed I/O automata. The guiding principle in choosing the parts of the metatheory of timed I/O automata to formalize has been to provide all the theory necessary for formalizing the solution to the GRC. This leads to a formalization of the GRC, in which not only the correctness proof itself has been formalized, but also the underlying metatheory of timed I/O automata, on which the correctness proof is based.
A Mathematically Precise TwoLevel Formal Hardware Verification Methodology
, 1992
"... Theoremproving and symbolic trajectory evaluation are both described as methods for the formal verification of hardware. They are both used to achieve a common goalcorrectly designed hardwareand both are intended to be an alternative to conventional methods based on nonexhaustive simulati ..."
Abstract

Cited by 3 (1 self)
 Add to MetaCart
Theoremproving and symbolic trajectory evaluation are both described as methods for the formal verification of hardware. They are both used to achieve a common goalcorrectly designed hardwareand both are intended to be an alternative to conventional methods based on nonexhaustive simulation. However, they have different strengths and weaknesses. The main significance of this paper is the description of a twolevel approach to formal hardware verification, where the HOL theorem prover is combined with the Voss verification system. From symbolic trajectory evaluation we inherit a high degree of automation and accurate models of circuit behavior and timing. From interactive theoremproving we gain access to powerful mathematical tools such as induction and abstraction. The interface between the HOL and Voss is, however, more than just an ad hoc translation of verification results obtained by one tool into input for the other tool. We have developed a "mathematical" inte...
Mechanized Semantics of Simple Imperative Programming Constructs
 ANATOMY OF THE PENTIUM BUG. IN
, 1996
"... In this paper a uniform formalization in PVS of various kinds of semantics of imperative programming language constructs is presented. Based on a comprehensive development of fixed point theory, the denotational semantics of elementary constructs of imperative programming languages are defined as st ..."
Abstract

Cited by 3 (2 self)
 Add to MetaCart
In this paper a uniform formalization in PVS of various kinds of semantics of imperative programming language constructs is presented. Based on a comprehensive development of fixed point theory, the denotational semantics of elementary constructs of imperative programming languages are defined as state transformers. These state transformers induce corresponding predicate transformers, providing a means to formally derive both a weakest liberal precondition semantics and an axiomatic semantics in the style of Hoare. Moreover, algebraic laws as used in refinement calculus proofs are validated at the level of predicate transformers. Simple reformulations of the state transformer semantics yield both a continuationstyle semantics and rules similar to those used in Structural Operational Semantics. This formalization provides the foundations on which formal specification of programming languages and mechanical verification of compilation steps are carried out within the Verifix project.
A Hybrid Model for Reasoning about Composed Hardware Systems
 Conference on ComputerAided Verification
, 1994
"... . To formally specify and reason about composed systems, a process algebra is developed that integrates an extended interpreter model. This approach utilizes the interpreter model for device decomposition, while also being able to reason about larger systems that require interdevice communication. B ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
. To formally specify and reason about composed systems, a process algebra is developed that integrates an extended interpreter model. This approach utilizes the interpreter model for device decomposition, while also being able to reason about larger systems that require interdevice communication. By combining these approaches, convenient notations are available to specify and verify both device independent properties (e.g., instruction sets) and device interdependent properties (e.g., communication protocols). 1 Introduction Previous approaches to system verification have decomposed systems into several hardware and software layers that may be independently verified [3, 9, 11, 17]. Each layer consists of an implementation description and a more abstract specification. The layers are joined, or "stacked", with each implementation description serving as the specification for the next lower layer. The hardware layers of these systems have been modeled as a microprocessor with memory. Th...