Results 11  20
of
49
Trustworthy Tools for Trustworthy Programs: A Verified Verification Condition Generator
, 1994
"... Verification Condition Generator (VCG) tools have been effective in simplifying the task of proving programs correct. However, in the past these VCG tools have in general not themselves been mechanically proven, so any proof using and depending on these VCGs might have contained errors. In our w ..."
Abstract

Cited by 21 (1 self)
 Add to MetaCart
Verification Condition Generator (VCG) tools have been effective in simplifying the task of proving programs correct. However, in the past these VCG tools have in general not themselves been mechanically proven, so any proof using and depending on these VCGs might have contained errors. In our work, we define and rigorously prove correct a VCG tool within the HOL theorem proving system, for a standard whileloop language, with one new feature not usually treated: expressions with side effects. Starting from a structural operational semantics of this programming language, we prove as theorems the axioms and rules of inference of a Hoarestyle axiomatic semantics, verifying their soundness. This axiomatic semantics is then used to define and prove correct a VCG tool for this language. Finally, this verified VCG is applied to an example program to verify its correctness.
A Case Study in Class Library Verification: Java's Vector Class
, 1999
"... One of the reasons for the popularity of objectoriented programming is the possibility it offers for reuse of code. Usually, the distribution of an objectoriented programming language comes together with a collection of readytouse classes, in a class library. Typically, these classes contain gen ..."
Abstract

Cited by 20 (6 self)
 Add to MetaCart
One of the reasons for the popularity of objectoriented programming is the possibility it offers for reuse of code. Usually, the distribution of an objectoriented programming language comes together with a collection of readytouse classes, in a class library. Typically, these classes contain general purpose code, which can be used in many applications. Before using such classes, a programmer usually wants to know how they behave and when their methods throw exceptions. One way to do this, is to study the actual code, but since this is timeconsuming and requires understanding all particular ins and outs of the implementation, this is often not the most efficient way. Another approach is to study the documentation provided. As long as the documentation is clear and concise, this works well, but otherwise one still is forced to look at the actual code.
Auxiliary Variables and Recursive Procedures
 In TAPSOFT '97, volume 1214 of LNCS
, 1997
"... Much research in axiomatic semantics suffers from a lack of formality. In particular, most proposed verification calculi for imperative programs dealing with recursive procedures are known to be unsound or incomplete. Focussing on total correctness, we present a new consequence rule which yields a s ..."
Abstract

Cited by 19 (0 self)
 Add to MetaCart
Much research in axiomatic semantics suffers from a lack of formality. In particular, most proposed verification calculi for imperative programs dealing with recursive procedures are known to be unsound or incomplete. Focussing on total correctness, we present a new consequence rule which yields a sound and complete Hoarestyle calculus in the presence of parameterless recursive procedures. Both, the standard consequence and an improved rule of adaptation are instances of our new rule. This work has been developed under the auspices of the computeraided proof system Lego. The rigorous treatment of auxiliary variables has been crucial for establishing our results. A comparison with VDM reinforces our view that auxiliary variables deserve to be treated seriously.
Reasoning about Java classes
 OOPSLAâ€™98, ACM SIGPLAN Notices
, 1998
"... We present the first results of a project called LOOP, on formal methods for the objectoriented language Java. It aims at verification of program properties, with support of modern tools. We use our own frontend tool (which is still partly under construction) for translating Java classes into logi ..."
Abstract

Cited by 18 (0 self)
 Add to MetaCart
We present the first results of a project called LOOP, on formal methods for the objectoriented language Java. It aims at verification of program properties, with support of modern tools. We use our own frontend tool (which is still partly under construction) for translating Java classes into logic, and a backend theorem prover (namely PVS, developed at SRI) for reasoning. In several examples we will demonstrate how nontrivial properties of Java programs and classes can be proved following this twostep approach.
Weakest Precondition Reasoning for Java Programs with JML Annotations
 Journal of Logic and Algebraic Programming
, 2002
"... This paper distinguishes several different approaches to organising a Weakest Precondition (WP) calculus in a theorem prover. The implementation of two of these approaches for Java within the LOOP project is described. This involves the WPinfrastructures in the higher order logic of the theorem pro ..."
Abstract

Cited by 17 (2 self)
 Add to MetaCart
This paper distinguishes several different approaches to organising a Weakest Precondition (WP) calculus in a theorem prover. The implementation of two of these approaches for Java within the LOOP project is described. This involves the WPinfrastructures in the higher order logic of the theorem prover PVS, together with some associated rules and strategies for automatically proving JML specifications for Java implementations. The soundness of all WPrules has been proven on the basis of the underlying Java semantics. These WPcalculi are integrated with the existing Hoare logic, and together form a verification toolkit in PVS: typically one uses Hoare logic rules to break a large verification task up into smaller parts that can be handled automatically by one of the WPstrategies.
Verified JustInTime Compiler on x86
"... This paper presents a method for creating formally correct justintime (JIT) compilers. The tractability of our approach is demonstrated through, what we believe is the first, verification of a JIT compiler with respect to a realistic semantics of selfmodifying x86 machine code. Our semantics inclu ..."
Abstract

Cited by 16 (3 self)
 Add to MetaCart
This paper presents a method for creating formally correct justintime (JIT) compilers. The tractability of our approach is demonstrated through, what we believe is the first, verification of a JIT compiler with respect to a realistic semantics of selfmodifying x86 machine code. Our semantics includes a model of the instruction cache. Two versions of the verified JIT compiler are presented: one generates all of the machine code at once, the other one is incremental i.e. produces code ondemand. All proofs have been performed inside the HOL4 theorem prover.
An abstract dynamic semantics for C
 Computer Laboratory, University of Cambridge
, 1997
"... This report is a presentation of a formal semantics for the C programming language. The semantics has been defined operationally in a structured semantics style and covers the bulk of the core of the language. ..."
Abstract

Cited by 15 (1 self)
 Add to MetaCart
This report is a presentation of a formal semantics for the C programming language. The semantics has been defined operationally in a structured semantics style and covers the bulk of the core of the language.
A Natural Deduction Approach to Dynamic Logic
 Proceedings of TYPES'95, LNCS 1158
, 1996
"... . Natural Deduction style presentations of program logics are useful in view of the implementation of such logics in interactive proof development environments, based on type theory, such as LEGO, Coq, etc. In fact, NDstyle systems are the kind of systems which can take best advantage of the possib ..."
Abstract

Cited by 13 (5 self)
 Add to MetaCart
. Natural Deduction style presentations of program logics are useful in view of the implementation of such logics in interactive proof development environments, based on type theory, such as LEGO, Coq, etc. In fact, NDstyle systems are the kind of systems which can take best advantage of the possibility of reasoning "under assumptions" o#ered by proof assistants generated by Logical Frameworks. In this paper we introduce and discuss sound and complete proof systems in Natural Deduction style for representing various "truth" consequence relations of Dynamic Logic. We discuss the design decisions which lead to adequate encodings of these logics in Coq. We derive in Dynamic Logic a set of rules representing a NDstyle system for Hoare Logic.
The HOL Verification of ELLA Designs
, 1991
"... : HOL is a public domain system for generating proofs in higher order predicate calculus. It has been in experimental and commercial use in several countries for a number of years. ELLA 2 is a hardware design language developed at the Royal Signals and Radar Establishment (RSRE) and marketed by ..."
Abstract

Cited by 11 (1 self)
 Add to MetaCart
: HOL is a public domain system for generating proofs in higher order predicate calculus. It has been in experimental and commercial use in several countries for a number of years. ELLA 2 is a hardware design language developed at the Royal Signals and Radar Establishment (RSRE) and marketed by Computer General Electronic Design. It supports simulation models at a variety of different abstraction levels. A preliminary methodology for reasoning about ELLA designs using HOL is described. Our approach is to semantically embed a subset of the ELLA language in higher order logic, and then to make this embedding convenient to use with parsers and prettyprinters. There are a number of semantic issues that may affect the ease of verification. We discuss some of these briefly. We also give a simple example to illustrate the methodology. 1 Presented at the International Workshop on Formal Methods in VLSI Design, Miami, January 1991. 2 ELLA is a registered trademark of the Secretary of St...
A Formalization of the Process Algebra CCS in Higher Order Logic
, 1992
"... : This paper describes a mechanization in higher order logic of the theory for a subset of Milner's ccs. The aim is to build a sound and effective tool to support verification and reasoning about process algebra specifications. To achieve this goal, the formal theory for pure ccs (no value passing) ..."
Abstract

Cited by 9 (0 self)
 Add to MetaCart
: This paper describes a mechanization in higher order logic of the theory for a subset of Milner's ccs. The aim is to build a sound and effective tool to support verification and reasoning about process algebra specifications. To achieve this goal, the formal theory for pure ccs (no value passing) is defined in the interactive theorem prover hol, and a set of proof tools, based on the algebraic presentation of ccs, is provided. y Research supported by Consiglio Nazionale delle Ricerche (C.N.R.), Italy. Contents 1 Introduction 2 2 The HOL System 3 3 CCS 4 3.1 Syntax and Operational Semantics : : : : : : : : : : : : : : : : : : : : : : : 4 3.2 Observational Semantics : : : : : : : : : : : : : : : : : : : : : : : : : : : : : 5 3.3 Axiomatic Characterization of Observational Congruence : : : : : : : : : : 6 3.4 A Modal Logic : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : 7 4 Mechanization of CCS in HOL 8 4.1 The Syntax : : : : : : : : : : : : : : : : : : : : : ...