Results 1  10
of
10
Animating the Formalised Semantics of a Javalike Language
"... Abstract. Considerable effort has gone into the techniques of extracting executable code from formal specifications and animating them. We show how to apply these techniques to the large JinjaThreads formalisation. It models a substantial subset of multithreaded Java source and bytecode in Isabelle/ ..."
Abstract

Cited by 2 (1 self)
 Add to MetaCart
Abstract. Considerable effort has gone into the techniques of extracting executable code from formal specifications and animating them. We show how to apply these techniques to the large JinjaThreads formalisation. It models a substantial subset of multithreaded Java source and bytecode in Isabelle/HOL and focuses on proofs and modularity whereas code generation was of little concern in its design. Employing Isabelle’s code generation facilities, we obtain a verified Java interpreter that is sufficiently efficient for running small Java programs. To this end, we present refined implementations for common notions such as the reflexive transitive closure and Russell’s definite description operator. From our experience, we distill simple guidelines on how to develop future formalisations with executability in mind. 1
Refinement for Monadic Programs
"... We provide a framework for program and data refinement in Isabelle/HOL. The framework is based on a nondeterminismmonad with assertions, i.e., the monad carries a set of results or an assertion failure. Recursion is expressed by fixed points. For convenience, we also provide while and foreach combi ..."
Abstract

Cited by 1 (1 self)
 Add to MetaCart
We provide a framework for program and data refinement in Isabelle/HOL. The framework is based on a nondeterminismmonad with assertions, i.e., the monad carries a set of results or an assertion failure. Recursion is expressed by fixed points. For convenience, we also provide while and foreach combinators. The framework provides tools to automatize canonical tasks, such as verification condition generation, finding appropriate data refinement relations, and refine an executable program to a form that is accepted by the Isabelle/HOL code generator. This submission comes with a collection of examples and a userguide,
Data Refinement for Verified ModelChecking Algorithms in Isabelle/HOL
"... Our goal is to verify modelchecking algorithms with Isabelle/HOL. When regarding such algorithms on an abstract level, they often use nondeterminism like ”take an element from this set”. Which element is actually taken depends on the concrete implementation of the set. When formalizing these algori ..."
Abstract
 Add to MetaCart
Our goal is to verify modelchecking algorithms with Isabelle/HOL. When regarding such algorithms on an abstract level, they often use nondeterminism like ”take an element from this set”. Which element is actually taken depends on the concrete implementation of the set. When formalizing these algorithms, one has to either fix the concrete implementation for the correctness proof, or describe the algorithm nondeterministically. The former approach makes it difficult to exchange the implementation afterwards. Moreover, using a set implementation (e.g. Red Black Trees) instead of the standard set datatype of Isabelle makes the use of automated reasoning tools more complicated, as they are tailored to Isabelle’s standard types. In this extended abstract, we briefly present our current effort to address the latter approach. We describe a framework that allows to specify nondeterministic algorithms on Isabelle’s standard datatypes, prove them correct, and then refine them to executable algorithms. Our framework smoothly integrates with existing Isabelle/HOL specifications, is powerful enough to express modelchecking algorithms, and automates tedious but canonical tasks. Overview Our framework is based on program and data refinement (cf. [1]). The possible results of a program are described by sets. Additionally, we add the result ⊤ that represents a failed assertion. Lifting the subset ordering, we get a complete lattice of results, where ∅ is the smallest element, and ⊤ is the greatest element. We write ⊑ for the lifted subset ordering. Programs itself are described by a nondeterminism monad [9]. We define the operations return and bind as follows: return x: = {x} bind M f: = ⊔ {f x  x ∈ M} if M = ⊤ otherwise Intuitively, the return operation builds a result that contains a single value, and the bind operation applies the function f to each result in M. In addition to thereturn and bind operations, we define the following elementary operations: spec Φ: = {x  Φ x} return () assert Φ:= return ()
A Fully Verified Executable LTL Model Checker ⋆
"... Abstract. We present an LTL model checker whose code has been completely verified using the Isabelle theorem prover. The checker consists of over 4000 lines of ML code. The code is produced using recent Isabelle technology called the Refinement Framework, which allows us to split its correctness pro ..."
Abstract
 Add to MetaCart
Abstract. We present an LTL model checker whose code has been completely verified using the Isabelle theorem prover. The checker consists of over 4000 lines of ML code. The code is produced using recent Isabelle technology called the Refinement Framework, which allows us to split its correctness proof into (1) the proof of an abstract version of the checker, consisting of a few hundred lines of “formalized pseudocode”, and (2) a structures are replaced by implementations of efficient structures like redblack trees and functional arrays. This leads to a checker that, while still slower than unverified checkers, can already be used as a trusted reference implementation against which advanced implementations can be tested. We report on the structure of the checker, the development process, and some experiments on standard benchmarks. 1
A Framework for Verified DepthFirst Algorithms
"... We present a framework in Isabelle/HOL for formalizing variants of depthfirst search. This framework allows to easily prove nontrivial properties of these variants. Moreover, verified code in several programming languages including Haskell, Scala and Standard ML can be generated. In this paper, we ..."
Abstract
 Add to MetaCart
We present a framework in Isabelle/HOL for formalizing variants of depthfirst search. This framework allows to easily prove nontrivial properties of these variants. Moreover, verified code in several programming languages including Haskell, Scala and Standard ML can be generated. In this paper, we present an abstract formalization of depthfirst search and demonstrate how it is refined to an efficiently executable version. Further we use the emptinessproblem of Büchiautomata known from model checking as the motivation to present three Nested DFS algorithms. They are formalized, verified and transformed into executable code using our framework. 1
Contents
, 2013
"... We provide the operations of matrix addition, multiplication, transposition, and matrix comparisons as executable functions over ordered semirings. Moreover, it is proven that strongly normalizing (monotone) orders can be lifted to strongly normalizing (monotone) orders over matrices. We further sho ..."
Abstract
 Add to MetaCart
We provide the operations of matrix addition, multiplication, transposition, and matrix comparisons as executable functions over ordered semirings. Moreover, it is proven that strongly normalizing (monotone) orders can be lifted to strongly normalizing (monotone) orders over matrices. We further show that the standard semirings over the naturals, integers, and rationals, as well as the arctic semirings satisfy the axioms that are required by our matrix theory. Our formalization was performed as part of the IsaFoR/CeTAsystem [3] 1 which contains several termination techniques. The provided theories have been essential to formalize matrixinterpretations [1] and arctic interpretations [2]. A short description of this formalization can be found in [4].
3.2 Basic operations on Graphs................... 5
, 2013
"... We implement and prove correct Dijkstra’s algorithm for the single source shortest path problem, conceived in 1956 by E. Dijkstra. The algorithm is implemented using the data refinement framework for monadic, nondeterministic programs. An efficient implementation ..."
Abstract
 Add to MetaCart
We implement and prove correct Dijkstra’s algorithm for the single source shortest path problem, conceived in 1956 by E. Dijkstra. The algorithm is implemented using the data refinement framework for monadic, nondeterministic programs. An efficient implementation
Verified Synthesis of KnowledgeBased Programs in Finite Synchronous Environments
, 2013
"... Knowledgebased programs (KBPs) are a formalism for directly relating an agent’s knowledge and behaviour. Here we present a general scheme for compiling KBPs to executable automata with a proof of correctness in Isabelle/HOL. We develop the algorithm topdown, using Isabelle’s locale mechanism to st ..."
Abstract
 Add to MetaCart
Knowledgebased programs (KBPs) are a formalism for directly relating an agent’s knowledge and behaviour. Here we present a general scheme for compiling KBPs to executable automata with a proof of correctness in Isabelle/HOL. We develop the algorithm topdown, using Isabelle’s locale mechanism to structure these proofs, and show that two classic examples
LightWeight Containers
"... This development provides a framework for container types like sets and maps such that generated code implements these containers with different (efficient) data structures. Thanks to type classes and refinement during code generation, this lightweight approach can seamlessly replace Isabelle’s def ..."
Abstract
 Add to MetaCart
This development provides a framework for container types like sets and maps such that generated code implements these containers with different (efficient) data structures. Thanks to type classes and refinement during code generation, this lightweight approach can seamlessly replace Isabelle’s default setup for code generation. Heuristics automatically pick one of the available data structures depending on the type of elements to be stored, but users can also choose on their own. The extensible design permits to add more implementations at any time. To support arbitrary nesting of sets, we define a linear order on sets based on a linear order of the elements and provide efficient implementations. It even allows to compare complements with noncomplements. Contents