Results 21  30
of
49
HOL Light Tutorial (for version 2.20
, 2006
"... The HOL Light theorem prover can be difficult to get started with. While the manual is fairly detailed and comprehensive, the large amount of background information that has to be absorbed before the user can do anything interesting is intimidating. Here we give an alternative ‘quick start ’ guide, ..."
Abstract

Cited by 9 (0 self)
 Add to MetaCart
The HOL Light theorem prover can be difficult to get started with. While the manual is fairly detailed and comprehensive, the large amount of background information that has to be absorbed before the user can do anything interesting is intimidating. Here we give an alternative ‘quick start ’ guide, aimed at teaching basic use of the system quickly by means of a graded set of examples. Some readers may find it easier to absorb; those who do not are referred after all to the standard manual. “Shouldn’t we read the instructions?”
Undefinedness in Z: Issues for Specification and Proof
 CADE13 Workshop on Mechanization of Partial Functions. Available on the Web as ftp://ftp.cs.bham.ac.uk/pub/authors/M.Kerber/96CADEWS/Arthan.ps.gz
, 1996
"... . This paper considers the treatment of undefined terms in the Z specification language. We argue, on pragmatic grounds, that specification and proof are activities which place conflicting requirements on the handling of undefinedness. We believe that the conflict can be reconciled by encouraging sp ..."
Abstract

Cited by 8 (0 self)
 Add to MetaCart
. This paper considers the treatment of undefined terms in the Z specification language. We argue, on pragmatic grounds, that specification and proof are activities which place conflicting requirements on the handling of undefinedness. We believe that the conflict can be reconciled by encouraging specifications that are independent of the treatment of undefined terms and by gaining a better understanding of the metatheory of undefinedness. 1 Introduction Mathematical specification languages such as the Z notation [11] are becoming more widely used in the development of critical systems. A particular advantage of Z is (or should be) its familiar mathematical foundations. From the point of view of mathematical logic, the language as defined in [10, 11] or in the evolving Z standard can fairly readily be explicated as classical set theory subjected to a simple type discipline. Providing effective tools for carrying out proofs in Z is an issue of some practical significance. For over six ...
A Mechanized Theory of the picalculus in HOL
, 1992
"... : The ßcalculus is a process algebra for modelling concurrent systems in which the pattern of communication between processes may change over time. This paper describes the results of preliminary work on a definitional formal theory of the ßcalculus in higher order logic using the HOL theorem prov ..."
Abstract

Cited by 8 (0 self)
 Add to MetaCart
: The ßcalculus is a process algebra for modelling concurrent systems in which the pattern of communication between processes may change over time. This paper describes the results of preliminary work on a definitional formal theory of the ßcalculus in higher order logic using the HOL theorem prover. The ultimate goal of this work is to provide practical mechanized support for reasoning with the ßcalculus about applications. Introduction The ßcalculus [17, 18] is a process algebra proposed by Milner, Parrow and Walker for modelling concurrent systems in which the pattern of interconnection between processes may change over time. This paper describes work on a mechanized formal theory of the ßcalculus in higher order logic using the HOL theorem prover [8]. The main aim of this work is to construct a practical and sound theoremproving tool to support reasoning about applications using the ßcalculus, as well as metatheoretic reasoning about the ßcalculus itself. Four general prin...
A Hoare Logic for SingleInput SingleOutput ContinuousTime Control Systems
 In Proceedings 6th International Workshop on Hybrid Systems, Computation and Control
, 2003
"... This paper presents a Hoarestyle logic for reasoning about the frequency response of control systems in the continuoustime domain. Two properties, the gain (amplitude) and phase shift, of a control system are considered. These properties are for a sinusoidal input of variable frequency. The logic ..."
Abstract

Cited by 7 (5 self)
 Add to MetaCart
This paper presents a Hoarestyle logic for reasoning about the frequency response of control systems in the continuoustime domain. Two properties, the gain (amplitude) and phase shift, of a control system are considered. These properties are for a sinusoidal input of variable frequency. The logic operates over a simplified form of block diagram, including arbitrary transfer functions, feedback loops, and summation of signals. Reasoning is compositional, i.e.\ properties of a system can be deduced from properties of its subsystems. A prototype tool has been implemented in a mechanised theorem prover.
A Verified Compiler for a Structured Assembly Language
 In proceedings of the 1991 international workshop on the HOL theorem Proving System and its applications. IEEE Computer
, 1991
"... We describe the verification of a compiler for a subset of the Vista language: a structured assembly language for the Viper microprocessor. This proof has been mechanically checked using the HOL system. We consider how the compiler correctness theorem could be used to deduce safety and liveness prop ..."
Abstract

Cited by 6 (2 self)
 Add to MetaCart
We describe the verification of a compiler for a subset of the Vista language: a structured assembly language for the Viper microprocessor. This proof has been mechanically checked using the HOL system. We consider how the compiler correctness theorem could be used to deduce safety and liveness properties of compiled code from theorems stating that these properties hold of the source code. We also show how secure compilation can be achieved using automated theorem proving techniques. 1 Introduction In this paper, we describe the verification of a compiler for a subset of the Vista language[10]. Our motivation for verifying the compiler is to allow us to infer properties about the code which is actually executed from properties we prove about Vista programs. Previous work on the formal verification of compilers has largely considered the compiler correctness theorem itself to be the ultimate goal. Consequently, little attention has been given to identifying the way in which the correc...
A Mechanized Hoare Logic of State Transitions
, 1993
"... this paper selfcontained, a simplified version of the theory is outlined in 1.7. The general idea of mechanising Hoare logics by generating verification conditions and then feeding them to a theorem prover is standard [3, 5, 13]. The particular approach used here was originally developed for nonti ..."
Abstract

Cited by 6 (0 self)
 Add to MetaCart
this paper selfcontained, a simplified version of the theory is outlined in 1.7. The general idea of mechanising Hoare logics by generating verification conditions and then feeding them to a theorem prover is standard [3, 5, 13]. The particular approach used here was originally developed for nontimed Hoare logics [4]. Verification conditions are described in 1.6. The main contribution of this paper is to make the use of STAs for reasoning about dataprocessing algorithms much easier by defining a Hoare logic on top of them. 1.3 Timed Hoare specifications
Formalizing the Wellformedness Rules of EJB3QL in UML + OCL
 Reports and Revised Selected Papers, Workshops and Symposia at MoDELS 2006, Genoa, Italy, LNCS 4364
, 2006
"... Abstract. This paper reports the application of language metamodeling techniques to EJB3QL, the objectoriented query language for Java Persistence recently standardized in JSR220. Five years from now, today’s EJB3 applications will be legacy. We see our metamodel as an enabler for increasing the e ..."
Abstract

Cited by 6 (5 self)
 Add to MetaCart
Abstract. This paper reports the application of language metamodeling techniques to EJB3QL, the objectoriented query language for Java Persistence recently standardized in JSR220. Five years from now, today’s EJB3 applications will be legacy. We see our metamodel as an enabler for increasing the efficiency of reverse engineering activities. It has already proven useful in uncovering spots where the EJB3QL spec is vague. The case study reported in this paper involved (a) expressing the abstract syntax and wellformedness rules of EJB3QL in UML and OCL respectively; (b) deriving from that metamodel software artifacts required for several languageprocessing tasks, targeting two modeling platforms (Eclipse EMF and Octopus); and (c) comparing the generated artifacts with their counterparts in the reference implementation of EJB3 (which was not developed following a languagemetamodeling approach). The metamodel of EJB3QL constitutes the basis for applying modelcheckers to aid in assuring conformance of tools claiming to support the specification. 1
Mechanized Semantics of Simple Imperative Programming Constructs
 ANATOMY OF THE PENTIUM BUG. IN
, 1996
"... In this paper a uniform formalization in PVS of various kinds of semantics of imperative programming language constructs is presented. Based on a comprehensive development of fixed point theory, the denotational semantics of elementary constructs of imperative programming languages are defined as st ..."
Abstract

Cited by 3 (2 self)
 Add to MetaCart
In this paper a uniform formalization in PVS of various kinds of semantics of imperative programming language constructs is presented. Based on a comprehensive development of fixed point theory, the denotational semantics of elementary constructs of imperative programming languages are defined as state transformers. These state transformers induce corresponding predicate transformers, providing a means to formally derive both a weakest liberal precondition semantics and an axiomatic semantics in the style of Hoare. Moreover, algebraic laws as used in refinement calculus proofs are validated at the level of predicate transformers. Simple reformulations of the state transformer semantics yield both a continuationstyle semantics and rules similar to those used in Structural Operational Semantics. This formalization provides the foundations on which formal specification of programming languages and mechanical verification of compilation steps are carried out within the Verifix project.
Derivation of verification rules for C from operational definitions
 Supplementary Proceedings of the 9th International Conference on Theorem Proving in Higher Order Logics (TPHOLs '96
, 1996
"... While a lowlevel, operational definition of a language's semantics is a straightforward way of specifying the behaviour of programs written in that language, it is not necessarily very suitable for formal activities such as program verification. This is clearly the case with languages such as C ..."
Abstract

Cited by 2 (0 self)
 Add to MetaCart
While a lowlevel, operational definition of a language's semantics is a straightforward way of specifying the behaviour of programs written in that language, it is not necessarily very suitable for formal activities such as program verification. This is clearly the case with languages such as C, where the language definition is complicated by much tedious detail. However, the work described here demonstrates that a necessarily complicated semantics for C can still be used as the basis for the generation of "axiomatic" style rules. These can then be used to support verification work in a way that is both familiar and not overly complex. 1 Introduction The C programming language [ANS89] represents a significant challenge in applying the theory of formal semantics to a "real world" example. Many of the simplifications made in standard pedagogical expositions are overturned in spades when one seeks to define the behaviour of C programs. Four problems are particularly apparent: ...
Towards A Formal Verification Of A Secure Distributed System And Its Applications
 In Proceedings of the 17th National Computer Security Conference
, 1994
"... This paper presents research towards the formal specification and verification of a secure distributed system and secure application programs that run on it. We refer to the whole system  from hardware to application programs written in a concurrent programming language  as the Silo, and to a ..."
Abstract

Cited by 2 (1 self)
 Add to MetaCart
This paper presents research towards the formal specification and verification of a secure distributed system and secure application programs that run on it. We refer to the whole system  from hardware to application programs written in a concurrent programming language  as the Silo, and to a simplified view of the Silo as the miniSilo. Both miniSilo and Silo consist of a collection of microprocessors interconnected by a network, a distributed operating system and a compiler for a distributed programming language. Our goal is to verify the full Silo by mechanized layered formal proof using the higher order logic theorem proving system HOL. This paper describes our current results for verifying the miniSilo and our incremental approach for evolving the verification of the miniSilo into the verification of the full Silo. Scalability is addressed in part by extending the distributed operating system with additional servers which in turn provide services that extend the programming l...