Results 1 
8 of
8
Calculational Reasoning Revisited  An Isabelle/Isar experience
 THEOREM PROVING IN HIGHER ORDER LOGICS: TPHOLS 2001
, 2001
"... We discuss the general concept of calculational reasoning within Isabelle/Isar, which provides a framework for highlevel natural deduction proofs that may be written in a humanreadable fashion. Setting out from a few basic logical concepts of the underlying metalogical framework of Isabelle, such ..."
Abstract

Cited by 14 (5 self)
 Add to MetaCart
We discuss the general concept of calculational reasoning within Isabelle/Isar, which provides a framework for highlevel natural deduction proofs that may be written in a humanreadable fashion. Setting out from a few basic logical concepts of the underlying metalogical framework of Isabelle, such as higherorder unification and resolution, calculational commands are added to the basic Isar proof language in a flexible and nonintrusive manner. Thus calculational proof style may be combined with the remaining natural deduction proof language in a liberal manner, resulting in many useful proof patterns. A casestudy on formalizing Computational Tree Logic (CTL) in simplytyped settheory demonstrates common calculational idioms in practice.
Compositional Analysis of Dynamical Systems using Predicate Transformers (Summary).
, 1993
"... Introduction We propose a complementary approach to discrete dynamical systems, using predicate transformers. We present general concepts like invariance and attraction, and we propose properties to characterize the structure of invariants. Then we present the concept of composition of dynamical sy ..."
Abstract

Cited by 10 (7 self)
 Add to MetaCart
Introduction We propose a complementary approach to discrete dynamical systems, using predicate transformers. We present general concepts like invariance and attraction, and we propose properties to characterize the structure of invariants. Then we present the concept of composition of dynamical systems. We define algebraic operators on systems and we try to discover how dynamical properties of small systems are preserved or transformed when these are composed into more complex systems. Finally, we illustrate this approach on an example. We work with a space E (e.g. N, or R), and extend functions from E to E into functions PE ! PE, which are invertible. Any subset of E can be described by a predicate. For example, an interval [a; b] ` R is defined by the predicate P (x) =
ComputerAssisted Mathematics at Work  The HahnBanach Theorem in Isabelle/Isar
 TYPES FOR PROOFS AND PROGRAMS: TYPES’99, LNCS
, 2000
"... We present a complete formalization of the HahnBanach theorem in the simplytyped settheory of Isabelle/HOL, such that both the modeling of the underlying mathematical notions and the full proofs are intelligible to human readers. This is achieved by means of the Isar environment, which provides ..."
Abstract

Cited by 7 (4 self)
 Add to MetaCart
We present a complete formalization of the HahnBanach theorem in the simplytyped settheory of Isabelle/HOL, such that both the modeling of the underlying mathematical notions and the full proofs are intelligible to human readers. This is achieved by means of the Isar environment, which provides a framework for highlevel reasoning based on natural deduction. The final result is presented as a readable formal proof document, following usual presentations in mathematical textbooks quite closely. Our case study demonstrates that Isabelle/Isar is capable to support this kind of application of formal logic very well, while being open for an even larger scope.
Composing Invariants
, 2003
"... We explore the question of the composition of invariance speci cations in a context of formal methods applied to concurrent and reactive systems. Depending on how compositionality is stated and how invariants are de ned, invariance speci cations may or may not be compositional. ..."
Abstract

Cited by 3 (1 self)
 Add to MetaCart
We explore the question of the composition of invariance speci cations in a context of formal methods applied to concurrent and reactive systems. Depending on how compositionality is stated and how invariants are de ned, invariance speci cations may or may not be compositional.
A proof environment for a subset of SDL
, 1991
"... This paper presents a formal study of the operational semantics of the specification and description language SDL and a proof system allowing the derivation of invariance and eventuality properties based on this semantics. The SDL language is not fully used but only a subset of it. This subset is in ..."
Abstract

Cited by 2 (2 self)
 Add to MetaCart
This paper presents a formal study of the operational semantics of the specification and description language SDL and a proof system allowing the derivation of invariance and eventuality properties based on this semantics. The SDL language is not fully used but only a subset of it. This subset is integrated into the Concerto environment and the proof system is implemented under Isabelle theorem prover. Experiments using this new environment tend to demonstrate that a rigorous approach for building SDL specifications is feasible and that sufficiently interesting problems can be treated using this system. This work is partially supported by the CNET under grant number 8958 00 790 92 45/PAA. 1. INTRODUCTION The description and design of protocols (or systems) using the CCITT Specification and Description Language (SDL) [2] state problems of verification. Although SDL is a specification language, we need to develop formal methods to prove SDL specifications. Since the terms "specificatio...
Reasoning about Composition: A Predicate Transformer Approach
, 2001
"... As interest in components and compositionrelated methods is growing rapidly, it is not always clear what the goals (and the corresponding difficulties) actually are. If composition is to become central in the future of software engineering, we need to better identify the fundamental issues that are ..."
Abstract

Cited by 2 (2 self)
 Add to MetaCart
As interest in components and compositionrelated methods is growing rapidly, it is not always clear what the goals (and the corresponding difficulties) actually are. If composition is to become central in the future of software engineering, we need to better identify the fundamental issues that are related to it, before we attempt to solve them as they occur in objectoriented systems or in concurrent and reactive systems. In this paper, we present our formulation of some of the composition problems in a context of formal methods and program specification and verification. This formalization is based on predicate calculus and predicate transformers and aims at remaining as general as possible. This way, we hope to better understand some of the fundamental issues of composition and componentbased reasoning.
Recursive Boolean Functions in HOL
 In 1991 International Tutorial and Workshop on the HOL Theorem Proving System and its Applications
, 1991
"... The HOL system supports mechanized verification of specifications in polymorphic Higher Order Logic. HOL has facilities for defining primitive recursive functions, but no support for defining nonprimitive recursive functions. This paper presents a package for defining recursive boolean functions in ..."
Abstract

Cited by 1 (1 self)
 Add to MetaCart
The HOL system supports mechanized verification of specifications in polymorphic Higher Order Logic. HOL has facilities for defining primitive recursive functions, but no support for defining nonprimitive recursive functions. This paper presents a package for defining recursive boolean functions in HOL as the minimal or maximal fixed point of a boolean function transformer. The implementation of the package is based on the results on fixed points in complete lattices by Tarski. Two examples on how to use the package are given. Both examples describe the definition of recursive boolean functions for specifying properties of parallel programs. 1 Introduction The proof generating system HOL includes facilities for constructing primitive recursive functions over the predefined types num (nonnegative numbers) and list (finite lists), tools have been made for defining recursive data types and primitive recursive functions over these [13, 5], but no facilities exist for constructing funct...
Verified Calculations
, 2013
"... Abstract. Calculational proofs—proofs by stepwise formula manipulation—are praised for their rigor, readability, and elegance. It seems desirable to reuse this style, often employed on paper, in the context of mechanized reasoning, and in particular, program verification. This work leverages the pow ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
Abstract. Calculational proofs—proofs by stepwise formula manipulation—are praised for their rigor, readability, and elegance. It seems desirable to reuse this style, often employed on paper, in the context of mechanized reasoning, and in particular, program verification. This work leverages the power of SMT solvers to machinecheck calculational proofs at the level of detail they are usually written by hand. It builds the support for calculations into the programming language and autoactive program verifier Dafny. The paper demonstrates that calculations integrate smoothly with other language constructs, producing concise and readable proofs in a wide range of problem domains: from mathematical theorems to correctness of imperative programs. The examples show that calculational proofs in Dafny compare favorably, in terms of readability and conciseness, with arguments written in other styles and proof languages. 0