Results 11  20
of
37
An objectoriented approach to verifying group communication systems
, 1998
"... Group communication system assist the development of faulttolerant distributed algorithms by providing precise guarantees on message ordering, delivery, and synchronization. Ensemble is a widely used group communication system that is highly modular and configurable. Formally verifying Ensemble is ..."
Abstract

Cited by 11 (2 self)
 Add to MetaCart
Group communication system assist the development of faulttolerant distributed algorithms by providing precise guarantees on message ordering, delivery, and synchronization. Ensemble is a widely used group communication system that is highly modular and configurable. Formally verifying Ensemble is a formidable task, but it has wideranging benefits, from formal assistance in the design of new distributed applications, to ensuring the reliability of critical distributed algorithms for all applications that use Ensemble. In this paper, we present a verification framework that we are using the verify Ensemble in the Nuprl proof development system. The framework is based on I/O automata, which are ideal for the verification in some respects: they they specify modular components that range from concrete protocol code to abstract services. But traditional I/O automata do not allow reuse of formal theorems as automata are composed. We present a new typetheoretic basis for I/O automata that preserves safety properties during composition using an objectoriented methodology.
Constructively Formalizing Automata Theory
 Proof, Language and Interaction: Essays in Honour of Robert Milner
, 1997
"... We present a constructive formalization of the MyhillNerode theorem on the minimization of finite automata that follows the account in Hopcroft and Ullman's book Formal Languages and Their Relation to Automata. We chose to formalize this theorem because it illustrates many points critical to formal ..."
Abstract

Cited by 11 (0 self)
 Add to MetaCart
We present a constructive formalization of the MyhillNerode theorem on the minimization of finite automata that follows the account in Hopcroft and Ullman's book Formal Languages and Their Relation to Automata. We chose to formalize this theorem because it illustrates many points critical to formalization of computational mathematics, especially the extraction of an important algorithm from a proof as a method of knowing that the algorithm is correct. It also gave us an opportunity to experiment with a constructive implementation of quotient sets. We carried out the formalization in Nuprl, an interactive theorem prover based on constructive type theory. Nuprl borrows an implementation of the ML language from the LCF system of Milner, Gordon, and Wadsworth, and makes heavy use of the notion of tactic pioneered by Milner in LCF. We are interested in the pedagogical value of electronic formal mathematical texts and have put our formalization on the World Wide Web. Readers are invited to ...
A Constructive Algebraic Hierarchy in Coq
"... We describe a framework of algebraic structures in the proof assistant Coq. We have developed this framework as part of the FTA project in Nijmegen, in which a constructive proof of the Fundamental Theorem of Algebra has been formalized in Coq. The algebraic hierarchy that is described here is both ..."
Abstract

Cited by 11 (0 self)
 Add to MetaCart
We describe a framework of algebraic structures in the proof assistant Coq. We have developed this framework as part of the FTA project in Nijmegen, in which a constructive proof of the Fundamental Theorem of Algebra has been formalized in Coq. The algebraic hierarchy that is described here is both abstract and way, dening e.g. a ring as a tuple consisting of a group, a binary operation and a constant that together satisfy the properties of a ring. In this way, a ring automatically inherits the group properties of the additive subgroup. The algebraic hierarchy is formalized in Coq by applying a combination of labeled record types and coercions. In the labeled record types of Coq, one can use dependent types: the type of one label may depend on another label. This allows to give a type to a dependenttyped tuple like hA; f; ai, where A is a set, f an operation on A and a an element of A. Coercions are
The structure of nuprl’s type theory
, 1997
"... on the World Wide Web (\the Web") (www.cs.cornell.edu/Info/NuPrl/nuprl.html) ..."
Abstract

Cited by 9 (3 self)
 Add to MetaCart
on the World Wide Web (\the Web") (www.cs.cornell.edu/Info/NuPrl/nuprl.html)
Predicate transformers for infinitestate automata in nuprl type theory
 In Proceedings of 3 rd Irish Workshop in Formal Methods
, 1999
"... This paper has two goals. The first is to present a formalization in Nuprl type theory of a very general methodology for system description, specification and verification. The method is especially suitable for describing distributed systems, and is based on a modification of the I/O automata of Lyn ..."
Abstract

Cited by 8 (3 self)
 Add to MetaCart
This paper has two goals. The first is to present a formalization in Nuprl type theory of a very general methodology for system description, specification and verification. The method is especially suitable for describing distributed systems, and is based on a modification of the I/O automata of Lynch & Tuttle. By using infinite extendible records as the state spaces of automata we gain a key inheritance property that make modular verification tractible. The second goal is to show how we can state and prove metatheorems about the method in Nuprl by a reflection procedure whereby we define syntax and semantics for both system descriptions and specifications within Nuprl type theory. We can then define a syntactic predicate transformation algorithm that generates syntactic verification conditions, and then prove the metatheorem that shows that the truth of (the meanings of) the verification conditions implies that (the meaning of) the description satisfies (the meaning of) the specification. 1
MetaPRL  A Modular Logical Environment
, 2003
"... MetaPRL is the latest system to come out of over twenty five years of research by the Cornell PRL group. While initially created at Cornell, MetaPRL is currently a collaborative project involving several universities in several countries. The MetaPRL system combines the properties of an interactive ..."
Abstract

Cited by 8 (2 self)
 Add to MetaCart
MetaPRL is the latest system to come out of over twenty five years of research by the Cornell PRL group. While initially created at Cornell, MetaPRL is currently a collaborative project involving several universities in several countries. The MetaPRL system combines the properties of an interactive LCFstyle tacticbased proof assistant, a logical framework, a logical programming environment, and a formal methods programming toolkit. MetaPRL is distributed under an opensource license and can be downloaded from http://metaprl.org/. This paper provides an overview of the system focusing on the features that did not exist in the previous generations of PRL systems.
Faulttolerant distributed theorem proving
, 1999
"... Higherorder logics are expressive tools for tasks ranging from formalizing the foundations of mathematics to largescale software verification and synthesis. Because of their complexity, proofs in higherorder logics often use a combination of interactive proving together with computationallyinten ..."
Abstract

Cited by 7 (4 self)
 Add to MetaCart
Higherorder logics are expressive tools for tasks ranging from formalizing the foundations of mathematics to largescale software verification and synthesis. Because of their complexity, proofs in higherorder logics often use a combination of interactive proving together with computationallyintensive tactic applications that perform proof automation. As problems and proof automation become more sophisticated, these proofs represent substantial investments  each interactive step may represent several hours of design time. We present an implementation of a distributed proving architecture to address the problems of speed, availability, and reliability in tactic provers. This architecture is implemented as a module in the MetaPRL logical framework. The implementation supports arbitrary process joins and allbutone process failures at any time during a proof. Proof distribution is completely transparent; the existing tactic base is unmodified.
Formalizing Abstract Algebra in Type Theory with Dependent Records
 Universitat Freiburg
, 2003
"... algebra suitable for a general reasoning. One of the most common ways to formalize abstract algebra is to make use of a module system to specify an algebra as a theory. However, this approach suffers from the fact that modules are usually not firstclass objects in the formal system. In this paper, ..."
Abstract

Cited by 6 (2 self)
 Add to MetaCart
algebra suitable for a general reasoning. One of the most common ways to formalize abstract algebra is to make use of a module system to specify an algebra as a theory. However, this approach suffers from the fact that modules are usually not firstclass objects in the formal system. In this paper, we develop a new approach based on the use of dependent record types. In our account, all algebraic structures are firstclass objects, with the natural subtyping properties due to record extension (for example, a group is a subtype of a monoid). Our formalization cleanly separates the axiomatization of the algebra from its typing properties, corresponding more closely to a textbook presentation. 1
Admissibility of Fixpoint Induction over Partial Types
 Automated deduction  CADE15. Lect. Notes in Comp. Sci
, 1998
"... Partial types allow the reasoning about partial functions in type theory. The partial functions of main interest are recursively computed functions, which are commonly assigned types using fixpoint induction. However, fixpoint induction is valid only on admissible types. Previous work has shown many ..."
Abstract

Cited by 6 (2 self)
 Add to MetaCart
Partial types allow the reasoning about partial functions in type theory. The partial functions of main interest are recursively computed functions, which are commonly assigned types using fixpoint induction. However, fixpoint induction is valid only on admissible types. Previous work has shown many types to be admissible, but has not shown any dependent products to be admissible. Disallowing recursion on dependent product types substantially reduces the expressiveness of the logic; for example, it prevents much reasoning about modules, objects and algebras. In this paper I present two new tools, predicateadmissibility and monotonicity, for showing types to be admissible. These tools show a wide class of types to be admissible; in particular, they show many dependent products to be admissible. This alleviates difficulties in applying partial types to theorem proving in practice. I also present a general least upper bound theorem for fixed points with regard to a computational approxim...
Proving and Computing: a certified version of the Buchberger's algorithm
, 1997
"... This paper shows on a nontrivial example that it is possible to mix proving and computing using current technologies. We present a proof of the Buchberger's algorithm that has been developed in the Coq proof assistant. The formulation of the algorithm in Coq can then be efficiently compiled and use ..."
Abstract

Cited by 5 (0 self)
 Add to MetaCart
This paper shows on a nontrivial example that it is possible to mix proving and computing using current technologies. We present a proof of the Buchberger's algorithm that has been developed in the Coq proof assistant. The formulation of the algorithm in Coq can then be efficiently compiled and used to do computation.