Results 1  10
of
13
Certifying Model Checkers
 In 13th International Conference Computer Aided Verification
, 2001
"... Model Checking is an algorithmic technique to determine whether a temporal property holds of a program. For linear time properties, a model checker produces a counterexample computation if the check fails. This computation acts as a "certificate" of failure, as it can be checked easily and indep ..."
Abstract

Cited by 34 (1 self)
 Add to MetaCart
Model Checking is an algorithmic technique to determine whether a temporal property holds of a program. For linear time properties, a model checker produces a counterexample computation if the check fails. This computation acts as a "certificate" of failure, as it can be checked easily and independently of the model checker by simulating it on the program. On the other hand, no such certificate is produced if the check succeeds. In this paper, we show how this asymmetry can be eliminated with a certifying model checker. The key idea is that, with some extra bookkeeping, a model checker can produce a deductive proof on either success or failure. This proof acts as a certificate of the result, as it can be checked mechanically by simple, nonfixpoint methods that are independent of the model checker. We develop a deductive proof system for verifying branching time properties expressed in the mucalculus, and show how to generate a proof in this system from a model checking run. Proofs for linear time properties form a special case. A model checker that generates proofs can be used for many interesting applications, such as better ways of exploring errors in a program, and a tight integration of model checking with automated theorem proving. 1
Reflecting BDDs in Coq
 IN ASIAN'2000
, 2000
"... We describe an implementation and a proof of correctness of binary decision diagrams (BDDs), completely formalized in Coq. This allows us to run BDDbased algorithms inside Coq and paves the way for a smooth integration of symbolic model checking in the Coq proof assistant by using reflection. I ..."
Abstract

Cited by 12 (2 self)
 Add to MetaCart
We describe an implementation and a proof of correctness of binary decision diagrams (BDDs), completely formalized in Coq. This allows us to run BDDbased algorithms inside Coq and paves the way for a smooth integration of symbolic model checking in the Coq proof assistant by using reflection. It also gives us, by Coq's extraction mechanism, certified BDD algorithms implemented in Caml. We also implement and prove correct a garbage collector for our implementation of BDDs inside Coq. Our experiments show that this approach works in practice, and is able to solve both relatively hard propositional problems and actual industrial hardware verification tasks.
A verified model checker for the modal µcalculus in Coq
 In TACAS, volume 1384 of LNCS
, 1998
"... . We report on the formalisation and correctness proof of a model checker for the modal calculus in Coq's constructive type theory. Using Coq's extraction mechanism we obtain an executable Caml program, which is added as a safe decision procedure to the system. An example illustrates its applic ..."
Abstract

Cited by 10 (0 self)
 Add to MetaCart
. We report on the formalisation and correctness proof of a model checker for the modal calculus in Coq's constructive type theory. Using Coq's extraction mechanism we obtain an executable Caml program, which is added as a safe decision procedure to the system. An example illustrates its application in combination with deduction. 1 Introduction There is an obvious advantage in combining theorem proving and model checking techniques for the verification of reactive systems. The expressiveness of the theorem prover's (often higherorder) logic can be used to accommodate a variety of program modelling and verification paradigms, so infinite state and parametrised designs can be verified. However, using a theorem prover is not transparent and may require a fair amount of expertise. On the other hand, model checking is transparent, but exponential in the number of concurrent components. Its application is thus limited to systems with small state spaces. A combination of the two techn...
On the formalization of the modal µcalculus in the Calculus of Inductive Constructions
 Information and Computation
, 2000
"... This paper is part of an ongoing research programme at the Computer Science Department of the University of Udine on proof editors, started in 1992, based on HOAS encodings in dependent typed #calculus for program logics [15, 21, 16]. In this paper, we investigate the applicability of this approach ..."
Abstract

Cited by 6 (0 self)
 Add to MetaCart
This paper is part of an ongoing research programme at the Computer Science Department of the University of Udine on proof editors, started in 1992, based on HOAS encodings in dependent typed #calculus for program logics [15, 21, 16]. In this paper, we investigate the applicability of this approach to the modal calculus. Due to its expressive power, we adopt the Calculus of Inductive Constructions (CIC), implemented in the system Coq. Beside its importance in the theory and verification of processes, the modal calculus is interesting also for its syntactic and proof theoretic peculiarities. These idiosyncrasies are mainly due to a) the negative arity of "" (i.e., the bound variable x ranges over the same syntactic class of x#); b) a contextsensitive grammar due the condition on x#; c) rules with complex side conditions (sequentstyle "proof " rules). These anomalies escape the "standard" representation paradigm of CIC; hence, we need to accommodate special techniques for enforcing these peculiarities. Moreover, since generated editors allow the user to reason "under assumptions", the designer of a proof editor for a given logic is urged to look for a Natural Deduction formulation of the system. Hence, we introduce a new proof system N # K in Natural Deduction style for K. This system should be more natural to use than traditional Hilbertstyle systems; moreover, it takes best advantage of the possibility of manipulating assumptions o#ered by CIC in order to implement the problematic substitution of formul for variables. In fact, substitutions are delayed as much as possible, and are kept in the derivation context by means of assumptions. This mechanism fits perfectly the stack discipline of assumptions of Natural Deduction, and it is neatly formalized in CIC. Bes...
Experiments with Finite Tree Automata in Coq
, 2001
"... Tree automata are a fundamental tool in computer science. We report on experiments to integrate tree automata in Coq using shallow and deep reflection techniques. While shallow reflection seems more natural in this context, it turns out to give disappointing results. Deep reflection is more diffi ..."
Abstract

Cited by 4 (2 self)
 Add to MetaCart
Tree automata are a fundamental tool in computer science. We report on experiments to integrate tree automata in Coq using shallow and deep reflection techniques. While shallow reflection seems more natural in this context, it turns out to give disappointing results. Deep reflection is more difficult to apply, but is more promising.
Mathematical Vernacular in Type Theorybased Proof Assistants
 Workshop on User Interfaces in Theorem Proving
, 1998
"... In this paper we present the Durham Mathematical Vernacular (MV) project, discuss the general design of a prototype to support experimentation with issues of MV, explain current work on the prototype  specifically in the type theory basis of the work, and end with a brief discussion of methodology ..."
Abstract

Cited by 3 (2 self)
 Add to MetaCart
In this paper we present the Durham Mathematical Vernacular (MV) project, discuss the general design of a prototype to support experimentation with issues of MV, explain current work on the prototype  specifically in the type theory basis of the work, and end with a brief discussion of methodology and future directions. The current work concerns an implementation of Luo's typed logical framework LF, and making it more flexible with respect to the demands of implementing MV  in particular, metavariables, multiple contexts, subtyping, and automation. This part of the project may be of particular interest to the general theorem proving community. We will demonstrate a prototype at the conference. 1 Introduction: Defining a Mathematical Vernacular The long term aim of the project is to develop theory and techniques with which the complementary strengths of NLP (Natural Language Processing) and CAFR (ComputerAssisted Formal Reasoning) can be combined to support computerassisted reas...
Formalization of CTL∗ in calculus of inductive constructions
, 2006
"... A modular formalization of the branching time temporal logic CTL∗ is presented. Our formalization subsumes prior formalizations of propositional linear temporal logic (PTL) and computation tree logic (CTL). Moreover, the modularity allows to instantiate our formalization for different formal securi ..."
Abstract

Cited by 2 (1 self)
 Add to MetaCart
A modular formalization of the branching time temporal logic CTL∗ is presented. Our formalization subsumes prior formalizations of propositional linear temporal logic (PTL) and computation tree logic (CTL). Moreover, the modularity allows to instantiate our formalization for different formal security models. Validity of axioms and soundness of inference rules in axiomatizations of PTL, UB, CTL, and CTL∗ are discussed as well.
Implementing spi calculus using nominal techniques
 In CiE, volume 5028 of LNCS
, 2008
"... Abstract. The aim of this work is to obtain an interactive proof environment based on Isabelle/HOL for reasoning formally about cryptographic protocols, expressed as processes of the spi calculus (a πcalculus with cryptographic primitives). To this end, we formalise syntax, semantics, and hedged bi ..."
Abstract

Cited by 2 (0 self)
 Add to MetaCart
Abstract. The aim of this work is to obtain an interactive proof environment based on Isabelle/HOL for reasoning formally about cryptographic protocols, expressed as processes of the spi calculus (a πcalculus with cryptographic primitives). To this end, we formalise syntax, semantics, and hedged bisimulation, an environmentsensitive bisimulation which can be used for proving security properties of protocols. In order to deal smoothly with binding operators and reason upto αequivalence of bound names, we adopt the new Nominal datatype package. This simplifies both the encoding, and the formal proofs, which turn out to correspond closely to “manual proofs”. 1
Experiments with finite tree automata in Coq
 In Proc. 14th Int. Conf. Theorem Proving in Higher Order Logics (TPHOL’01), volume 2152 of LNCS
, 2001
"... Abstract. Tree automata are a fundamental tool in computer science. We report on experiments to integrate tree automata in Coq using shallow and deep reflection techniques. While shallow reflection seems more natural in this context, it turns out to give disappointing results. Deep reflection is mor ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
Abstract. Tree automata are a fundamental tool in computer science. We report on experiments to integrate tree automata in Coq using shallow and deep reflection techniques. While shallow reflection seems more natural in this context, it turns out to give disappointing results. Deep reflection is more difficult to apply, but is more promising. 1