Results 1  10
of
10
A verified runtime for a verified theorem prover
"... rely on the correctness of runtime systems for programming languages like ML, OCaml or Common Lisp. These runtime systems are complex and critical to the integrity of the theorem provers. In this paper, we present a new Lisp runtime which has been formally verified and can run the Milawa theorem pro ..."
Abstract

Cited by 13 (7 self)
 Add to MetaCart
rely on the correctness of runtime systems for programming languages like ML, OCaml or Common Lisp. These runtime systems are complex and critical to the integrity of the theorem provers. In this paper, we present a new Lisp runtime which has been formally verified and can run the Milawa theorem prover. Our runtime consists of 7,500 lines of machine code and is able to complete a 4 gigabyte Milawa proof effort. When our runtime is used to carry out Milawa proofs, less unverified code must be trusted than with any other theorem prover. Our runtime includes a justintime compiler, a copying garbage collector, a parser and a printer, all of which are HOL4verified down to the concrete x86 code. We make heavy use of our previously developed tools for machinecode verification. This work demonstrates that our approach to machinecode verification scales to nontrivial applications. 1
Steps Towards Verified Implementations of HOL Light
"... Abstract. This short paper describes our plans and progress towards construction of verified ML implementations of HOL Light: the first formally proved soundness result for an LCFstyle prover. Building on Harrison’s formalisation of the HOL Light logic and our previous work on proofproducing synth ..."
Abstract

Cited by 5 (3 self)
 Add to MetaCart
Abstract. This short paper describes our plans and progress towards construction of verified ML implementations of HOL Light: the first formally proved soundness result for an LCFstyle prover. Building on Harrison’s formalisation of the HOL Light logic and our previous work on proofproducing synthesis of ML, we have produced verified implementations of each of HOL Light’s kernel functions. What remains is extending Harrison’s soundness proof and proving that ML’s module system provides the required abstraction for soundness of the kernel to relate to the entire theorem prover. The proofs described in this paper involve the HOL Light and HOL4 theorem provers and the OpenTheory toolchain. 1
Automated cyclic entailment proofs in separation logic
 In CADE’11
, 2011
"... Abstract. We present a general automated proof procedure, based upon cyclic proof, for inductive entailments in separation logic. Our procedure has been implemented via a deep embedding of cyclic proofs in the HOL Light theorem prover. Experiments show that our mechanism is able to prove a number of ..."
Abstract

Cited by 3 (1 self)
 Add to MetaCart
Abstract. We present a general automated proof procedure, based upon cyclic proof, for inductive entailments in separation logic. Our procedure has been implemented via a deep embedding of cyclic proofs in the HOL Light theorem prover. Experiments show that our mechanism is able to prove a number of nontrivial entailments involving inductive predicates. 1
The reflective Milawa theorem prover is sound
, 2012
"... Abstract. This paper presents, what we believe to be, the most comprehensive evidence of a theorem prover’s soundness to date. We have proved the soundness of the reflective Milawa theorem prover: we formalised its logic, proved the logic sound, and proved that Milawa’s kernel (2,000 lines of Lisp) ..."
Abstract

Cited by 2 (2 self)
 Add to MetaCart
Abstract. This paper presents, what we believe to be, the most comprehensive evidence of a theorem prover’s soundness to date. We have proved the soundness of the reflective Milawa theorem prover: we formalised its logic, proved the logic sound, and proved that Milawa’s kernel (2,000 lines of Lisp) is faithful to its logic. By combining these results with previous work, we have shown that Milawa can never claim to prove anything that is false when run on top of our previously developed verified runtime. This work was carried out using the HOL4 theorem prover. Dedicated to John McCarthy (1927–2011)
A Condensed Semantics for Qualitative Spatial Reasoning About Oriented Straight Line Segments
"... More than 15 years ago, a set of qualitative spatial relations between oriented straight line segments (dipoles) was suggested by Schlieder. However, it turned out to be difficult to establish a sound constraint calculus based on these relations. In this paper, we present the results of a new invest ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
More than 15 years ago, a set of qualitative spatial relations between oriented straight line segments (dipoles) was suggested by Schlieder. However, it turned out to be difficult to establish a sound constraint calculus based on these relations. In this paper, we present the results of a new investigation into dipole constraint calculi which uses algebraic methods to derive sound results on the composition of relations of dipole calculi. This new method, which we call condensed semantics, is based on an abstract symbolic model of a specific fragment of our domain. It is based on the fact that qualitative dipole relations are invariant under orientation preserving affine transformations. The dipole calculi allow for a straightforward representation of prototypical reasoning tasks for spatial agents. As an example, we show how to generate survey knowledge from local observations in a street network. The example illustrates the fast constraintbased reasoning capabilities of dipole calculi. We integrate our results into two reasoning tools which are publicly available. Keywords: Qualitative Spatial Reasoning, Relation Algebra, Affine Geometry
Communicating Formal Proofs: The Case of Flyspeck
"... Abstract. We introduce a platform for presenting and crosslinking formal and informal proof developments together. The platform supports writing natural language ‘narratives ’ that include islands of formal text. The formal text contains hyperlinks and gives ondemand state information at every pro ..."
Abstract
 Add to MetaCart
Abstract. We introduce a platform for presenting and crosslinking formal and informal proof developments together. The platform supports writing natural language ‘narratives ’ that include islands of formal text. The formal text contains hyperlinks and gives ondemand state information at every proof step. We argue that such a system significantly lowers the threshold for understanding formal development and facilitates collaboration on informal and formal parts of large developments. As an example, we show the Flyspeck formal development (in HOL Light) and the Flyspeck informal mathematical text as a narrative linked to the formal development. To make this possible, we use the Agora system, a MathWiki platform developed at Nijmegen which has so far mainly been used with the Coq theorem prover: we show that the system itself is generic and easily adapted to the HOL Light case. 1
Formalizing a Proof that e is Transcendental
, 2011
"... We describe a HOL Light formalization of Hermite’s proof that the base of the natural logarithm e is transcendental. This is the first time a proof of this fact has been formalized in a theorem prover. 1 ..."
Abstract
 Add to MetaCart
We describe a HOL Light formalization of Hermite’s proof that the base of the natural logarithm e is transcendental. This is the first time a proof of this fact has been formalized in a theorem prover. 1
Standalone Tactics using OpenTheory
"... Abstract. Proof tools in interactive theorem provers are usually developed within and tied to a specific system, which leads to a duplication of effort to make the functionality available in different systems. Many verification projects would benefit from access to proof tools developed in other sys ..."
Abstract
 Add to MetaCart
Abstract. Proof tools in interactive theorem provers are usually developed within and tied to a specific system, which leads to a duplication of effort to make the functionality available in different systems. Many verification projects would benefit from access to proof tools developed in other systems. Using OpenTheory as a language for communicating between systems, we show how to turn a proof tool implemented for one system into a standalone tactic available to many systems via the internet. This enables, for example, LCFstyle proof reconstruction efforts to be shared by users of different interactive theorem provers and removes the need for each user to install the external tool being integrated. 1
A Fast and Verified Algorithm for Proving StoreandForward Networks DeadlockFree
"... Abstract—Deadlocks are an important issue in the design of interconnection networks. A successful approach is to restrict the routing function such that it satisfies a necessary and sufficient condition for deadlockfree routing. Typically, such a condition states that some (extended) dependency gra ..."
Abstract
 Add to MetaCart
Abstract—Deadlocks are an important issue in the design of interconnection networks. A successful approach is to restrict the routing function such that it satisfies a necessary and sufficient condition for deadlockfree routing. Typically, such a condition states that some (extended) dependency graph must be acyclic. Defining and proving such a condition is complex. Proving that a routing function satisfies a condition can be complex as well. In this paper we present the first algorithm that automatically proves routing functions deadlockfree for storeandforward networks. The time complexity of our algorithm is linear in the size of the resource dependency graph. The algorithm checks a variation of Duato’s condition for adaptive routing. The condition and the algorithm have been formalized in the logic of the ACL2 interactive theorem prover. The correctness of our algorithm w.r.t. the condition is formally checked using ACL2. I.