Abstract not found

: Our ultimate goal is to provide a framework and a methodology which will allow users, and not only system developers, to construct complex reasoning systems by composing existing modules, or to add new modules to existing systems, in a "plug and play" manner. These modules and systems might be based on different logics; have different domain models; use different vocabularies and data structures; use different reasoning strategies; and have different interaction capabilities. This paper makes two main contributions towards our goal. First, it proposes a general architecture for a class of reasoning systems called Open Mechanized Reasoning Systems (OMRSs). An OMRS has three components: a reasoning theory component which is the counterpart of the logical notion of formal system, a control component which consists of a set of inference strategies, and an interaction component which provides an OMRS with the capability of interacting with other systems, including OMRSs and hum...

: Recent advances in the field of hardware verification have raised some fresh (and some familiar) issues to do with the scope and limitations of formal proof. In this note, some of these are considered in the context of the Viper verification project. Viper is a microprocessor designed by W. J. Cullyer, C. Pygott and J. Kershaw, of the Royal Signals and Radar Establishment of the U.K. Ministry of Defense, for use in safety-critical applications. Much to their credit, the designers intended from the start that Viper be formally verified; they presented Viper's more abstract specifications in a language suitable for formal reasoning, and they placed the design in the public domain. Viper microprocessors are currently being marketed as verified chips. The formal proof aspects of the verification work have been carried out at the Computer Laboratory of the University of Cambridge. To date, some important properties of a register-transfer level model of Viper, relative to a more abstract ...

We present a highly expressive logical language for describing qualitative configurations of spatial regions. We call the theory Region Based Geometry (RBG). Our axiomatisation is based on Tarski's Geometry of Solids, in which the parthood relation and the concept of sphere are taken as primitive. We show that our theory is categorical: all models are isomorphic to a classical interpretation in terms of Cartesian spaces over R. We investigate

This paper gives an introduction to type theory, focusing on its recent use as a logical framework for proofs and programs. The first two sections give a background to type theory intended for the reader who is new to the subject. The following presents Martin-Lof's monomorphic type theory and an implementation, ALF, of this theory. Finally, a few small tutorial examples in ALF are given.

This paper presents a formalization of finite and infinite sequences in domain theory carried out in the theorem prover Isabelle. The results

The need to use partial functions arises frequently in formal descriptions of computer systems. However, most proof assistants are based on logics of total functions. One way to address this mismatch is to invent and mechanize a new logic. Another is to develop practical workarounds in existing settings. In this paper we take the latter course: we survey and compare methods used to support partiality in a mechanization of a higher order logic featuring only total functions. The techniques we discuss are generally applicable and are illustrated by relatively large examples. 1.

System specification by state machines together with property specification and verification by temporal logics are by now standard techniques to reason about the control flow of hardware components, embedded systems and communication protocols. The techniques to reason about the dataflow within a system, however, are less well developed. This report adapts a UNITY-like formalism for specification and verification to systems of asynchronously communicating components. The components themselves are specified as state machines. The resulting proof techniques allows abstract and compositional reasoning about dataflow properties of systems.

The behavior of reactive systems is typically specified by state machines. This results in an operational description of how a system produces its output. An alternative and more abstract approachistojust specify the relation between the input and output histories of a system.

The rules of inductive inference are formalized using a transition system. The rejection of a consequence obtained by inductive inference is formalized by a revision rule. An inductive process is de ned as a sequence of versions of a theory generated by alternatively applying the inductive inference rules and the revision rule. An inductive procedure is constructed. It takes a sequence EM of instances of a given model M and a given formal theory as its inputs, and generates the inductive processes. It is proved that if EM contains all instances of the model M, then every inductive sequence generated by the procedure is convergent. Its limit is the set of all true statements of the model M.