Results 21  30
of
565
A MachineChecked Theory of Floating Point Arithmetic
, 1999
"... . Intel is applying formal verification to various pieces of mathematical software used in Merced, the first implementation of the new IA64 architecture. This paper discusses the development of a generic floating point library giving definitions of the fundamental terms and containing formal pr ..."
Abstract

Cited by 40 (5 self)
 Add to MetaCart
. Intel is applying formal verification to various pieces of mathematical software used in Merced, the first implementation of the new IA64 architecture. This paper discusses the development of a generic floating point library giving definitions of the fundamental terms and containing formal proofs of important lemmas. We also briefly describe how this has been used in the verification effort so far. 1 Introduction IA64 is a new 64bit computer architecture jointly developed by HewlettPackard and Intel, and the forthcoming Merced chip from Intel will be its first silicon implementation. To avoid some of the limitations of traditional architectures, IA64 incorporates a unique combination of features, including an instruction format encoding parallelism explicitly, instruction predication, and speculative /advanced loads [4]. Nevertheless, it also offers full upwardscompatibility with IA32 (x86) code. 1 IA64 incorporates a number of floating point operations, the centerpi...
The Barendregt Cube with Definitions and Generalised Reduction
, 1997
"... In this paper, we propose to extend the Barendregt Cube by generalising reduction and by adding definition mechanisms. We show that this extension satisfies all the original properties of the Cube including Church Rosser, Subject Reduction and Strong Normalisation. Keywords: Generalised Reduction, ..."
Abstract

Cited by 39 (18 self)
 Add to MetaCart
In this paper, we propose to extend the Barendregt Cube by generalising reduction and by adding definition mechanisms. We show that this extension satisfies all the original properties of the Cube including Church Rosser, Subject Reduction and Strong Normalisation. Keywords: Generalised Reduction, Definitions, Barendregt Cube, Church Rosser, Subject Reduction, Strong Normalisation. Contents 1 Introduction 3 1.1 Why generalised reduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 1.2 Why definition mechanisms . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 1.3 The item notation for definitions and generalised reduction . . . . . . . . . . 4 2 The item notation 7 3 The ordinary typing relation and its properties 10 3.1 The typing relation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 3.2 Properties of the ordinary typing relation . . . . . . . . . . . . . . . . . . . . 13 4 Generalising reduction in the Cube 15 4.1 The generalised...
Verifying a file system implementation
 In Sixth International Conference on Formal Engineering Methods (ICFEM’04), volume 3308 of LNCS
, 2004
"... ..."
(Show Context)
Modular Data Structure Verification
 EECS DEPARTMENT, MASSACHUSETTS INSTITUTE OF TECHNOLOGY
, 2007
"... This dissertation describes an approach for automatically verifying data structures, focusing on techniques for automatically proving formulas that arise in such verification. I have implemented this approach with my colleagues in a verification system called Jahob. Jahob verifies properties of Java ..."
Abstract

Cited by 38 (21 self)
 Add to MetaCart
This dissertation describes an approach for automatically verifying data structures, focusing on techniques for automatically proving formulas that arise in such verification. I have implemented this approach with my colleagues in a verification system called Jahob. Jahob verifies properties of Java programs with dynamically allocated data structures. Developers write Jahob specifications in classical higherorder logic (HOL); Jahob reduces the verification problem to deciding the validity of HOL formulas. I present a new method for proving HOL formulas by combining automated reasoning techniques. My method consists of 1) splitting formulas into individual HOL conjuncts, 2) soundly approximating each HOL conjunct with a formula in a more tractable fragment and 3) proving the resulting approximation using a decision procedure or a theorem prover. I present three concrete logics; for each logic I show how to use it to approximate HOL formulas, and how to decide the validity of formulas in this logic. First, I present an approximation of HOL based on a translation to firstorder logic, which enables the use of existing resolutionbased theorem provers. Second, I present an approximation of HOL based on field constraint analysis, a new technique that enables
RegionBased Qualitative Geometry
, 2000
"... We present a highly expressive logical language for describing qualitative configurations of spatial regions. We call the theory Region Based Geometry (RBG). Our axiomatisation is based on Tarski's Geometry of Solids, in which the parthood relation and the concept of sphere are taken as pri ..."
Abstract

Cited by 35 (15 self)
 Add to MetaCart
We present a highly expressive logical language for describing qualitative configurations of spatial regions. We call the theory Region Based Geometry (RBG). Our axiomatisation is based on Tarski's Geometry of Solids, in which the parthood relation and the concept of sphere are taken as primitive. We show that our theory is categorical: all models are isomorphic to a classical interpretation in terms of Cartesian spaces over R. We investigate
Embedding imperative synchronous languages in interactive theorem provers
 In International Conference on Application of Concurrency to System Design (ICACSD 2001
, 2001
"... We present a new way to define the semantics of imperative synchronous languages by means of separating the control and the data flow. The control flow is defined by predicates that describe entering conditions, conditions for internal moves, and termination conditions. The data flow is based on t ..."
Abstract

Cited by 35 (24 self)
 Add to MetaCart
(Show Context)
We present a new way to define the semantics of imperative synchronous languages by means of separating the control and the data flow. The control flow is defined by predicates that describe entering conditions, conditions for internal moves, and termination conditions. The data flow is based on the extraction of guarded commands. This definition principle can be applied to any imperative synchronous language like Esterel or some statechart variants. Following this definition principle, we have embedded our languageQuartz (an Esterel variant) in the interactive theorem prover HOL. We use this embedding for formal verification (both interactive theorem proving and symbolic model checking), program analysis, reasoning about the language at a metalevel, and verified code generation (formal synthesis). 1.
An Industrially Effective Environment for Formal Hardware Verification
 IEEE TCAD
, 2005
"... ..."
(Show Context)
A Structure Preserving Encoding of Z in Isabelle/HOL
 Theorem Proving in HigherOrder Logics, LNCS 1125
, 1996
"... . We present a semantic representation of the core concepts of the specification language Z in higherorder logic. Although it is a "shallow embedding" like the one presented by Bowen and Gordon, our representation preserves the structure of a Z specification and avoids expanding Z sch ..."
Abstract

Cited by 34 (7 self)
 Add to MetaCart
. We present a semantic representation of the core concepts of the specification language Z in higherorder logic. Although it is a "shallow embedding" like the one presented by Bowen and Gordon, our representation preserves the structure of a Z specification and avoids expanding Z schemas. The representation is implemented in the higherorder logic instance of the generic theorem prover Isabelle. Its parser can convert the concrete syntax of Z schemas into their semantic representation and thus spare users from having to deal with the representation explicitly. Our representation essentially conforms with the latest draft of the Z standard and may give both a clearer understanding of Z schemas and inspire the development of proof calculi for Z. 1 Introduction Implementations of proof support for Z [Spi 92, Nic 95] can roughly be divided into two categories. In direct implementations, the rules of the logic are directly represented by functions of the prover's implementation...
Nemos: A Framework for Axiomatic and Executable Specifications of Memory Consistency Models
 In International Parallel and Distributed Processing Symposium (IPDPS
, 2003
"... Conforming to the underlying memory consistency rules is a fundamental requirement for implementing shared memory systems and writing multiprocessor programs. ..."
Abstract

Cited by 34 (5 self)
 Add to MetaCart
(Show Context)
Conforming to the underlying memory consistency rules is a fundamental requirement for implementing shared memory systems and writing multiprocessor programs.
Deciding Boolean Algebra with Presburger Arithmetic
 J. of Automated Reasoning
"... Abstract. We describe an algorithm for deciding the firstorder multisorted theory BAPA, which combines 1) Boolean algebras of sets of uninterpreted elements (BA) and 2) Presburger arithmetic operations (PA). BAPA can express the relationship between integer variables and cardinalities of unbounded ..."
Abstract

Cited by 32 (26 self)
 Add to MetaCart
Abstract. We describe an algorithm for deciding the firstorder multisorted theory BAPA, which combines 1) Boolean algebras of sets of uninterpreted elements (BA) and 2) Presburger arithmetic operations (PA). BAPA can express the relationship between integer variables and cardinalities of unbounded finite sets, and supports arbitrary quantification over sets and integers. Our original motivation for BAPA is deciding verification conditions that arise in the static analysis of data structure consistency properties. Data structures often use an integer variable to keep track of the number of elements they store; an invariant of such a data structure is that the value of the integer variable is equal to the number of elements stored in the data structure. When the data structure content is represented by a set, the resulting constraints can be captured in BAPA. BAPA formulas with quantifier alternations arise when verifying programs with annotations containing quantifiers, or when proving simulation relation conditions for refinement and equivalence of program fragments. Furthermore, BAPA constraints can be used for proving the termination of programs that manipulate data structures, as well as