Results 21  30
of
61
HOL Light Tutorial (for version 2.20)
, 2007
"... The HOL Light theorem prover can be difficult to get started with. While the manual is fairly detailed and comprehensive, the large amount of background information that has to be absorbed before the user can do anything interesting is intimidating. Here we give an alternative ‘quick start ’ guide, ..."
Abstract

Cited by 10 (0 self)
 Add to MetaCart
The HOL Light theorem prover can be difficult to get started with. While the manual is fairly detailed and comprehensive, the large amount of background information that has to be absorbed before the user can do anything interesting is intimidating. Here we give an alternative ‘quick start ’ guide, aimed at teaching basic use of the system quickly by means of a graded set of examples. Some readers may find it easier to absorb; those who do not are referred after all to the standard manual. “Shouldn’t we read the instructions?”
A Formalization of the Process Algebra CCS in Higher Order Logic
, 1992
"... : This paper describes a mechanization in higher order logic of the theory for a subset of Milner's ccs. The aim is to build a sound and effective tool to support verification and reasoning about process algebra specifications. To achieve this goal, the formal theory for pure ccs (no value pass ..."
Abstract

Cited by 9 (0 self)
 Add to MetaCart
: This paper describes a mechanization in higher order logic of the theory for a subset of Milner's ccs. The aim is to build a sound and effective tool to support verification and reasoning about process algebra specifications. To achieve this goal, the formal theory for pure ccs (no value passing) is defined in the interactive theorem prover hol, and a set of proof tools, based on the algebraic presentation of ccs, is provided. y Research supported by Consiglio Nazionale delle Ricerche (C.N.R.), Italy. Contents 1 Introduction 2 2 The HOL System 3 3 CCS 4 3.1 Syntax and Operational Semantics : : : : : : : : : : : : : : : : : : : : : : : 4 3.2 Observational Semantics : : : : : : : : : : : : : : : : : : : : : : : : : : : : : 5 3.3 Axiomatic Characterization of Observational Congruence : : : : : : : : : : 6 3.4 A Modal Logic : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : 7 4 Mechanization of CCS in HOL 8 4.1 The Syntax : : : : : : : : : : : : : : : : : : : : : ...
A Mechanized Theory of the picalculus in HOL
, 1992
"... : The ßcalculus is a process algebra for modelling concurrent systems in which the pattern of communication between processes may change over time. This paper describes the results of preliminary work on a definitional formal theory of the ßcalculus in higher order logic using the HOL theorem prov ..."
Abstract

Cited by 9 (0 self)
 Add to MetaCart
: The ßcalculus is a process algebra for modelling concurrent systems in which the pattern of communication between processes may change over time. This paper describes the results of preliminary work on a definitional formal theory of the ßcalculus in higher order logic using the HOL theorem prover. The ultimate goal of this work is to provide practical mechanized support for reasoning with the ßcalculus about applications. Introduction The ßcalculus [17, 18] is a process algebra proposed by Milner, Parrow and Walker for modelling concurrent systems in which the pattern of interconnection between processes may change over time. This paper describes work on a mechanized formal theory of the ßcalculus in higher order logic using the HOL theorem prover [8]. The main aim of this work is to construct a practical and sound theoremproving tool to support reasoning about applications using the ßcalculus, as well as metatheoretic reasoning about the ßcalculus itself. Four general prin...
Undefinedness in Z: Issues for Specification and Proof
 CADE13 Workshop on Mechanization of Partial Functions. Available on the Web as ftp://ftp.cs.bham.ac.uk/pub/authors/M.Kerber/96CADEWS/Arthan.ps.gz
, 1996
"... . This paper considers the treatment of undefined terms in the Z specification language. We argue, on pragmatic grounds, that specification and proof are activities which place conflicting requirements on the handling of undefinedness. We believe that the conflict can be reconciled by encouraging sp ..."
Abstract

Cited by 8 (0 self)
 Add to MetaCart
(Show Context)
. This paper considers the treatment of undefined terms in the Z specification language. We argue, on pragmatic grounds, that specification and proof are activities which place conflicting requirements on the handling of undefinedness. We believe that the conflict can be reconciled by encouraging specifications that are independent of the treatment of undefined terms and by gaining a better understanding of the metatheory of undefinedness. 1 Introduction Mathematical specification languages such as the Z notation [11] are becoming more widely used in the development of critical systems. A particular advantage of Z is (or should be) its familiar mathematical foundations. From the point of view of mathematical logic, the language as defined in [10, 11] or in the evolving Z standard can fairly readily be explicated as classical set theory subjected to a simple type discipline. Providing effective tools for carrying out proofs in Z is an issue of some practical significance. For over six ...
A Verified Compiler for a Structured Assembly Language
 In proceedings of the 1991 international workshop on the HOL theorem Proving System and its applications. IEEE Computer
, 1991
"... We describe the verification of a compiler for a subset of the Vista language: a structured assembly language for the Viper microprocessor. This proof has been mechanically checked using the HOL system. We consider how the compiler correctness theorem could be used to deduce safety and liveness prop ..."
Abstract

Cited by 7 (2 self)
 Add to MetaCart
(Show Context)
We describe the verification of a compiler for a subset of the Vista language: a structured assembly language for the Viper microprocessor. This proof has been mechanically checked using the HOL system. We consider how the compiler correctness theorem could be used to deduce safety and liveness properties of compiled code from theorems stating that these properties hold of the source code. We also show how secure compilation can be achieved using automated theorem proving techniques. 1 Introduction In this paper, we describe the verification of a compiler for a subset of the Vista language[10]. Our motivation for verifying the compiler is to allow us to infer properties about the code which is actually executed from properties we prove about Vista programs. Previous work on the formal verification of compilers has largely considered the compiler correctness theorem itself to be the ultimate goal. Consequently, little attention has been given to identifying the way in which the correc...
A Hoare Logic for SingleInput SingleOutput ContinuousTime Control Systems
 In Proceedings 6th International Workshop on Hybrid Systems, Computation and Control
, 2003
"... This paper presents a Hoarestyle logic for reasoning about the frequency response of control systems in the continuoustime domain. Two properties, the gain (amplitude) and phase shift, of a control system are considered. These properties are for a sinusoidal input of variable frequency. The logic ..."
Abstract

Cited by 7 (5 self)
 Add to MetaCart
(Show Context)
This paper presents a Hoarestyle logic for reasoning about the frequency response of control systems in the continuoustime domain. Two properties, the gain (amplitude) and phase shift, of a control system are considered. These properties are for a sinusoidal input of variable frequency. The logic operates over a simplified form of block diagram, including arbitrary transfer functions, feedback loops, and summation of signals. Reasoning is compositional, i.e.\ properties of a system can be deduced from properties of its subsystems. A prototype tool has been implemented in a mechanised theorem prover.
Formalizing the Wellformedness Rules of EJB3QL in UML + OCL
 Reports and Revised Selected Papers, Workshops and Symposia at MoDELS 2006, Genoa, Italy, LNCS 4364
, 2006
"... Abstract. This paper reports the application of language metamodeling techniques to EJB3QL, the objectoriented query language for Java Persistence recently standardized in JSR220. Five years from now, today’s EJB3 applications will be legacy. We see our metamodel as an enabler for increasing the e ..."
Abstract

Cited by 6 (5 self)
 Add to MetaCart
(Show Context)
Abstract. This paper reports the application of language metamodeling techniques to EJB3QL, the objectoriented query language for Java Persistence recently standardized in JSR220. Five years from now, today’s EJB3 applications will be legacy. We see our metamodel as an enabler for increasing the efficiency of reverse engineering activities. It has already proven useful in uncovering spots where the EJB3QL spec is vague. The case study reported in this paper involved (a) expressing the abstract syntax and wellformedness rules of EJB3QL in UML and OCL respectively; (b) deriving from that metamodel software artifacts required for several languageprocessing tasks, targeting two modeling platforms (Eclipse EMF and Octopus); and (c) comparing the generated artifacts with their counterparts in the reference implementation of EJB3 (which was not developed following a languagemetamodeling approach). The metamodel of EJB3QL constitutes the basis for applying modelcheckers to aid in assuring conformance of tools claiming to support the specification. 1
A Mechanized Hoare Logic of State Transitions
, 1993
"... this paper selfcontained, a simplified version of the theory is outlined in 1.7. The general idea of mechanising Hoare logics by generating verification conditions and then feeding them to a theorem prover is standard [3, 5, 13]. The particular approach used here was originally developed for nonti ..."
Abstract

Cited by 6 (0 self)
 Add to MetaCart
this paper selfcontained, a simplified version of the theory is outlined in 1.7. The general idea of mechanising Hoare logics by generating verification conditions and then feeding them to a theorem prover is standard [3, 5, 13]. The particular approach used here was originally developed for nontimed Hoare logics [4]. Verification conditions are described in 1.6. The main contribution of this paper is to make the use of STAs for reasoning about dataprocessing algorithms much easier by defining a Hoare logic on top of them. 1.3 Timed Hoare specifications
Efficient Construction of MachineChecked Symbolic Protocol Security Proofs
, 2012
"... We embed an untyped security protocol model in the interactive theorem prover Isabelle/HOL and derive a theory for constructing proofs of secrecy and authentication properties. Our theory is based on two key ingredients. The first is an inference rule for enumerating the possible origins of messages ..."
Abstract

Cited by 6 (3 self)
 Add to MetaCart
(Show Context)
We embed an untyped security protocol model in the interactive theorem prover Isabelle/HOL and derive a theory for constructing proofs of secrecy and authentication properties. Our theory is based on two key ingredients. The first is an inference rule for enumerating the possible origins of messages known to the intruder. The second is a class of protocolspecific invariants that formalize type assertions about variables in protocol specifications. The resulting theory is wellsuited for interactively constructing humanreadable, protocol security proofs. We additionally give an algorithm that automatically generates Isabelle/HOL proof scripts based on this theory. We provide case studies showing that both interactive and automatic proof construction are efficient. The resulting proofs provide strong correctness guarantees since all proofs, including those deriving our theory from the security protocol model, are machinechecked. 1
Mechanized Semantics of Simple Imperative Programming Constructs
 ANATOMY OF THE PENTIUM BUG. IN
, 1996
"... In this paper a uniform formalization in PVS of various kinds of semantics of imperative programming language constructs is presented. Based on a comprehensive development of fixed point theory, the denotational semantics of elementary constructs of imperative programming languages are defined as st ..."
Abstract

Cited by 3 (2 self)
 Add to MetaCart
(Show Context)
In this paper a uniform formalization in PVS of various kinds of semantics of imperative programming language constructs is presented. Based on a comprehensive development of fixed point theory, the denotational semantics of elementary constructs of imperative programming languages are defined as state transformers. These state transformers induce corresponding predicate transformers, providing a means to formally derive both a weakest liberal precondition semantics and an axiomatic semantics in the style of Hoare. Moreover, algebraic laws as used in refinement calculus proofs are validated at the level of predicate transformers. Simple reformulations of the state transformer semantics yield both a continuationstyle semantics and rules similar to those used in Structural Operational Semantics. This formalization provides the foundations on which formal specification of programming languages and mechanical verification of compilation steps are carried out within the Verifix project.