Results 1  10
of
20
A verified runtime for a verified theorem prover
"... rely on the correctness of runtime systems for programming languages like ML, OCaml or Common Lisp. These runtime systems are complex and critical to the integrity of the theorem provers. In this paper, we present a new Lisp runtime which has been formally verified and can run the Milawa theorem pro ..."
Abstract

Cited by 14 (8 self)
 Add to MetaCart
(Show Context)
rely on the correctness of runtime systems for programming languages like ML, OCaml or Common Lisp. These runtime systems are complex and critical to the integrity of the theorem provers. In this paper, we present a new Lisp runtime which has been formally verified and can run the Milawa theorem prover. Our runtime consists of 7,500 lines of machine code and is able to complete a 4 gigabyte Milawa proof effort. When our runtime is used to carry out Milawa proofs, less unverified code must be trusted than with any other theorem prover. Our runtime includes a justintime compiler, a copying garbage collector, a parser and a printer, all of which are HOL4verified down to the concrete x86 code. We make heavy use of our previously developed tools for machinecode verification. This work demonstrates that our approach to machinecode verification scales to nontrivial applications. 1
Steps Towards Verified Implementations of HOL Light
"... Abstract. This short paper describes our plans and progress towards construction of verified ML implementations of HOL Light: the first formally proved soundness result for an LCFstyle prover. Building on Harrison’s formalisation of the HOL Light logic and our previous work on proofproducing synth ..."
Abstract

Cited by 7 (4 self)
 Add to MetaCart
(Show Context)
Abstract. This short paper describes our plans and progress towards construction of verified ML implementations of HOL Light: the first formally proved soundness result for an LCFstyle prover. Building on Harrison’s formalisation of the HOL Light logic and our previous work on proofproducing synthesis of ML, we have produced verified implementations of each of HOL Light’s kernel functions. What remains is extending Harrison’s soundness proof and proving that ML’s module system provides the required abstraction for soundness of the kernel to relate to the entire theorem prover. The proofs described in this paper involve the HOL Light and HOL4 theorem provers and the OpenTheory toolchain. 1
Automated cyclic entailment proofs in separation logic
 In CADE’11
, 2011
"... Abstract. We present a general automated proof procedure, based upon cyclic proof, for inductive entailments in separation logic. Our procedure has been implemented via a deep embedding of cyclic proofs in the HOL Light theorem prover. Experiments show that our mechanism is able to prove a number of ..."
Abstract

Cited by 6 (1 self)
 Add to MetaCart
(Show Context)
Abstract. We present a general automated proof procedure, based upon cyclic proof, for inductive entailments in separation logic. Our procedure has been implemented via a deep embedding of cyclic proofs in the HOL Light theorem prover. Experiments show that our mechanism is able to prove a number of nontrivial entailments involving inductive predicates. 1
The reflective Milawa theorem prover is sound
, 2012
"... Abstract. This paper presents, what we believe to be, the most comprehensive evidence of a theorem prover’s soundness to date. We have proved the soundness of the reflective Milawa theorem prover: we formalised its logic, proved the logic sound, and proved that Milawa’s kernel (2,000 lines of Lisp) ..."
Abstract

Cited by 4 (2 self)
 Add to MetaCart
(Show Context)
Abstract. This paper presents, what we believe to be, the most comprehensive evidence of a theorem prover’s soundness to date. We have proved the soundness of the reflective Milawa theorem prover: we formalised its logic, proved the logic sound, and proved that Milawa’s kernel (2,000 lines of Lisp) is faithful to its logic. By combining these results with previous work, we have shown that Milawa can never claim to prove anything that is false when run on top of our previously developed verified runtime. This work was carried out using the HOL4 theorem prover. Dedicated to John McCarthy (1927–2011)
Matching concepts across HOL libraries
 CICM’15, volume 8543 of LNCS
, 2014
"... Abstract. Many proof assistant libraries contain formalizations of the same mathematical concepts. The concepts are often introduced (defined) in different ways, but the properties that they have, and are in turn formalized, are the same. For the basic concepts, like natural numbers, matching them ..."
Abstract

Cited by 4 (4 self)
 Add to MetaCart
(Show Context)
Abstract. Many proof assistant libraries contain formalizations of the same mathematical concepts. The concepts are often introduced (defined) in different ways, but the properties that they have, and are in turn formalized, are the same. For the basic concepts, like natural numbers, matching them between libraries is often straightforward, because of mathematical naming conventions. However, for more advanced concepts, finding similar formalizations in different libraries is a nontrivial task even for an expert. In this paper we investigate automatic discovery of similar concepts across libraries of proof assistants. We propose an approach for normalizing properties of concepts in formal libraries and a number of similarity measures. We evaluate the approach on HOL based proof assistants HOL4, HOL Light and Isabelle/HOL, discovering 398 pairs of isomorphic constants and types. 1
A Condensed Semantics for Qualitative Spatial Reasoning About Oriented Straight Line Segments
"... More than 15 years ago, a set of qualitative spatial relations between oriented straight line segments (dipoles) was suggested by Schlieder. However, it turned out to be difficult to establish a sound constraint calculus based on these relations. In this paper, we present the results of a new invest ..."
Abstract

Cited by 2 (1 self)
 Add to MetaCart
(Show Context)
More than 15 years ago, a set of qualitative spatial relations between oriented straight line segments (dipoles) was suggested by Schlieder. However, it turned out to be difficult to establish a sound constraint calculus based on these relations. In this paper, we present the results of a new investigation into dipole constraint calculi which uses algebraic methods to derive sound results on the composition of relations of dipole calculi. This new method, which we call condensed semantics, is based on an abstract symbolic model of a specific fragment of our domain. It is based on the fact that qualitative dipole relations are invariant under orientation preserving affine transformations. The dipole calculi allow for a straightforward representation of prototypical reasoning tasks for spatial agents. As an example, we show how to generate survey knowledge from local observations in a street network. The example illustrates the fast constraintbased reasoning capabilities of dipole calculi. We integrate our results into two reasoning tools which are publicly available. Keywords: Qualitative Spatial Reasoning, Relation Algebra, Affine Geometry
Automation of HigherOrder Logic
 THE HANDBOOK OF THE HISTORY OF LOGIC, EDS. D. GABBAY & J. WOODS; VOLUME 9: LOGIC AND COMPUTATION, EDITOR JÖRG SIEKMANN
, 2014
"... ..."
(Show Context)
Standalone Tactics using OpenTheory
"... Abstract. Proof tools in interactive theorem provers are usually developed within and tied to a specific system, which leads to a duplication of effort to make the functionality available in different systems. Many verification projects would benefit from access to proof tools developed in other sys ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
(Show Context)
Abstract. Proof tools in interactive theorem provers are usually developed within and tied to a specific system, which leads to a duplication of effort to make the functionality available in different systems. Many verification projects would benefit from access to proof tools developed in other systems. Using OpenTheory as a language for communicating between systems, we show how to turn a proof tool implemented for one system into a standalone tactic available to many systems via the internet. This enables, for example, LCFstyle proof reconstruction efforts to be shared by users of different interactive theorem provers and removes the need for each user to install the external tool being integrated. 1
A Fast and Verified Algorithm for Proving StoreandForward Networks DeadlockFree
"... Abstract—Deadlocks are an important issue in the design of interconnection networks. A successful approach is to restrict the routing function such that it satisfies a necessary and sufficient condition for deadlockfree routing. Typically, such a condition states that some (extended) dependency gra ..."
Abstract
 Add to MetaCart
(Show Context)
Abstract—Deadlocks are an important issue in the design of interconnection networks. A successful approach is to restrict the routing function such that it satisfies a necessary and sufficient condition for deadlockfree routing. Typically, such a condition states that some (extended) dependency graph must be acyclic. Defining and proving such a condition is complex. Proving that a routing function satisfies a condition can be complex as well. In this paper we present the first algorithm that automatically proves routing functions deadlockfree for storeandforward networks. The time complexity of our algorithm is linear in the size of the resource dependency graph. The algorithm checks a variation of Duato’s condition for adaptive routing. The condition and the algorithm have been formalized in the logic of the ACL2 interactive theorem prover. The correctness of our algorithm w.r.t. the condition is formally checked using ACL2. I.
Coquelicot: A UserFriendly Library of Real Analysis for Coq
, 2013
"... Abstract. Real analysis is pervasive to many applications, if only because it is a suitable tool for modeling physical or socioeconomical systems. As such, its support is warranted in proof assistants, so that the users have a way to formally verify mathematical theorems and correctness of critical ..."
Abstract
 Add to MetaCart
(Show Context)
Abstract. Real analysis is pervasive to many applications, if only because it is a suitable tool for modeling physical or socioeconomical systems. As such, its support is warranted in proof assistants, so that the users have a way to formally verify mathematical theorems and correctness of critical systems. The Coq system comes with an axiomatization of standard real numbers and a library of theorems on real analysis. Unfortunately, this standard library is lacking some widely used results. For instance, power series are not developed further than their definition. Moreover, the definitions of integrals and derivatives are based on dependent types, which make them especially cumbersome to use in practice. To palliate these inadequacies, we have designed a userfriendly library: Coquelicot. An easier way of writing formulas and theorem statements is achieved by relying on total functions in place of dependent types for limits, derivatives, integrals, power series, and so on. To help with the proof process, the library comes with a comprehensive set of theorems that cover not only these notions, but also some extensions such as parametric integrals, twodimensional differentiability, asymptotic behaviors. It also offers some automations for performing differentiability proofs. Moreover, Coquelicot is a conservative extension of Coq’s standard library and we provide correspondence theorems between the two libraries. We have exercised the library on several use cases: in an exam at university entry level, for the definitions and properties of Bessel functions, and for the solution of the onedimensional wave equation.