Results 11  20
of
501
A Reference Model for Requirements and Specifications
, 2000
"... We define a reference model for applying formal methods to the development of user requirements and their reduction to behavioral specification of a system. The approach is characterized by its focus on the shared phenomena that define the interface between the system and the environment in which it ..."
Abstract

Cited by 46 (4 self)
 Add to MetaCart
We define a reference model for applying formal methods to the development of user requirements and their reduction to behavioral specification of a system. The approach is characterized by its focus on the shared phenomena that define the interface between the system and the environment in which it will operate and on how the parts of this interface are controlled. This paper extends our previous work on this model by representing it in higherorder logic and determining some of its key mathematical ramifications. In particular, we introduce a new form of refinement which is pivotal to defining the desired soundness and consistency properties precisely. 1 Introduction There are a collection of artifacts that commonly arise in programming projects. Among these are the program itself, of course, and also the document that describes the requirements of the software. This requirements document may undergo many revisions as the project proceeds. Requirements often fall into two categorie...
The Nuprl Open Logical Environment
, 2000
"... The Nuprl system is a framework for reasoning about mathematics and programming. Over the years its design has been substantially improved to meet the demands of largescale applications. Nuprl LPE, the newest release, features an open, distributed architecture centered around a flexible knowled ..."
Abstract

Cited by 44 (16 self)
 Add to MetaCart
The Nuprl system is a framework for reasoning about mathematics and programming. Over the years its design has been substantially improved to meet the demands of largescale applications. Nuprl LPE, the newest release, features an open, distributed architecture centered around a flexible knowledge base and supports the cooperation of independent formal tools. This paper gives a brief overview of the system and the objectives that are addressed by its new architecture.
Mechanizing Coinduction and Corecursion in Higherorder Logic
 Journal of Logic and Computation
, 1997
"... A theory of recursive and corecursive definitions has been developed in higherorder logic (HOL) and mechanized using Isabelle. Least fixedpoints express inductive data types such as strict lists; greatest fixedpoints express coinductive data types, such as lazy lists. Wellfounded recursion expresse ..."
Abstract

Cited by 41 (5 self)
 Add to MetaCart
A theory of recursive and corecursive definitions has been developed in higherorder logic (HOL) and mechanized using Isabelle. Least fixedpoints express inductive data types such as strict lists; greatest fixedpoints express coinductive data types, such as lazy lists. Wellfounded recursion expresses recursive functions over inductive data types; corecursion expresses functions that yield elements of coinductive data types. The theory rests on a traditional formalization of infinite trees. The theory is intended for use in specification and verification. It supports reasoning about a wide range of computable functions, but it does not formalize their operational semantics and can express noncomputable functions also. The theory is illustrated using finite and infinite lists. Corecursion expresses functions over infinite lists; coinduction reasons about such functions. Key words. Isabelle, higherorder logic, coinduction, corecursion Copyright c fl 1996 by Lawrence C. Paulson Content...
Verifying a file system implementation
 In Sixth International Conference on Formal Engineering Methods (ICFEM’04), volume 3308 of LNCS
, 2004
"... ..."
The Barendregt Cube with Definitions and Generalised Reduction
, 1997
"... In this paper, we propose to extend the Barendregt Cube by generalising reduction and by adding definition mechanisms. We show that this extension satisfies all the original properties of the Cube including Church Rosser, Subject Reduction and Strong Normalisation. Keywords: Generalised Reduction, ..."
Abstract

Cited by 37 (17 self)
 Add to MetaCart
In this paper, we propose to extend the Barendregt Cube by generalising reduction and by adding definition mechanisms. We show that this extension satisfies all the original properties of the Cube including Church Rosser, Subject Reduction and Strong Normalisation. Keywords: Generalised Reduction, Definitions, Barendregt Cube, Church Rosser, Subject Reduction, Strong Normalisation. Contents 1 Introduction 3 1.1 Why generalised reduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 1.2 Why definition mechanisms . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 1.3 The item notation for definitions and generalised reduction . . . . . . . . . . 4 2 The item notation 7 3 The ordinary typing relation and its properties 10 3.1 The typing relation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 3.2 Properties of the ordinary typing relation . . . . . . . . . . . . . . . . . . . . 13 4 Generalising reduction in the Cube 15 4.1 The generalised...
Modular Data Structure Verification
 EECS DEPARTMENT, MASSACHUSETTS INSTITUTE OF TECHNOLOGY
, 2007
"... This dissertation describes an approach for automatically verifying data structures, focusing on techniques for automatically proving formulas that arise in such verification. I have implemented this approach with my colleagues in a verification system called Jahob. Jahob verifies properties of Java ..."
Abstract

Cited by 36 (21 self)
 Add to MetaCart
This dissertation describes an approach for automatically verifying data structures, focusing on techniques for automatically proving formulas that arise in such verification. I have implemented this approach with my colleagues in a verification system called Jahob. Jahob verifies properties of Java programs with dynamically allocated data structures. Developers write Jahob specifications in classical higherorder logic (HOL); Jahob reduces the verification problem to deciding the validity of HOL formulas. I present a new method for proving HOL formulas by combining automated reasoning techniques. My method consists of 1) splitting formulas into individual HOL conjuncts, 2) soundly approximating each HOL conjunct with a formula in a more tractable fragment and 3) proving the resulting approximation using a decision procedure or a theorem prover. I present three concrete logics; for each logic I show how to use it to approximate HOL formulas, and how to decide the validity of formulas in this logic. First, I present an approximation of HOL based on a translation to firstorder logic, which enables the use of existing resolutionbased theorem provers. Second, I present an approximation of HOL based on field constraint analysis, a new technique that enables
Semantic Essence of AsmL
, 2004
"... The Abstract State Machine Language, AsmL, is a novel executable specification language based on the theory of Abstract State Machines. AsmL is objectoriented, provides highlevel mathematical datastructures, and is built around the notion of synchronous updates and finite choice. AsmL is full ..."
Abstract

Cited by 35 (5 self)
 Add to MetaCart
The Abstract State Machine Language, AsmL, is a novel executable specification language based on the theory of Abstract State Machines. AsmL is objectoriented, provides highlevel mathematical datastructures, and is built around the notion of synchronous updates and finite choice. AsmL is fully integrated into the .NET framework and Microsoft development tools. In this paper, we explain the design rationale of AsmL and provide static and dynamic semantics for a kernel of the language.
Locales: A sectioning concept for Isabelle
 IN BERTOT ET AL
, 1999
"... Locales are a means to define local scopes for the interactive proving process of the theorem prover Isabelle. They delimit a range in which fixed assumption are made, and theorems are proved that depend on these assumptions. A locale may also contain constants defined locally and associated with pr ..."
Abstract

Cited by 35 (10 self)
 Add to MetaCart
Locales are a means to define local scopes for the interactive proving process of the theorem prover Isabelle. They delimit a range in which fixed assumption are made, and theorems are proved that depend on these assumptions. A locale may also contain constants defined locally and associated with pretty printing syntax. Locales can be seen as a simple form of modules. They are similar to reasoning and similar applications of theorem provers. This paper motivates the concept of locales by examples from abstract algebraic reasoning. It also discusses some implementation issues.
A Structure Preserving Encoding of Z in Isabelle/HOL
 Theorem Proving in HigherOrder Logics, LNCS 1125
, 1996
"... . We present a semantic representation of the core concepts of the specification language Z in higherorder logic. Although it is a "shallow embedding" like the one presented by Bowen and Gordon, our representation preserves the structure of a Z specification and avoids expanding Z sch ..."
Abstract

Cited by 34 (7 self)
 Add to MetaCart
. We present a semantic representation of the core concepts of the specification language Z in higherorder logic. Although it is a "shallow embedding" like the one presented by Bowen and Gordon, our representation preserves the structure of a Z specification and avoids expanding Z schemas. The representation is implemented in the higherorder logic instance of the generic theorem prover Isabelle. Its parser can convert the concrete syntax of Z schemas into their semantic representation and thus spare users from having to deal with the representation explicitly. Our representation essentially conforms with the latest draft of the Z standard and may give both a clearer understanding of Z schemas and inspire the development of proof calculi for Z. 1 Introduction Implementations of proof support for Z [Spi 92, Nic 95] can roughly be divided into two categories. In direct implementations, the rules of the logic are directly represented by functions of the prover's implementation...