Results 1 
8 of
8
Observational Proofs with Critical Contexts
 In Fundamental Approaches to Software Engineering
, 1998
"... Observability concepts contribute to a better understanding of software correctness. In order to prove observational properties, the concept of Context Induction has been developed by Hennicker [10]. We propose in this paper to embed Context Induction in the implicit induction framework of [8]. The ..."
Abstract

Cited by 24 (3 self)
 Add to MetaCart
Observability concepts contribute to a better understanding of software correctness. In order to prove observational properties, the concept of Context Induction has been developed by Hennicker [10]. We propose in this paper to embed Context Induction in the implicit induction framework of [8]. The proof system we obtain applies to conditional specifications. It allows for many rewriting techniques and for the refutation of false observational conjectures. Under reasonable assumptions our method is refutationally complete, i.e. it can refute any conjecture which is not observationally valid. Moreover this proof system is operational: it has been implemented within the Spike prover and interesting computer experiments are reported.
Using Induction and Rewriting to Verify and Complete Parameterized Specifications
 THEORETICAL COMPUTER SCIENCE
, 1996
"... In software engineering there is a growing demand for formal methods for the specification and validation of software systems. The formal development of a system might give rise to many proof obligations. We must prove the completeness of the specification and the validity of some inductive properti ..."
Abstract

Cited by 15 (8 self)
 Add to MetaCart
In software engineering there is a growing demand for formal methods for the specification and validation of software systems. The formal development of a system might give rise to many proof obligations. We must prove the completeness of the specification and the validity of some inductive properties. In this framework, many provers have been developed. However they require much user interaction even for simple proof tasks. In this paper, we present new procedures to test sufficient completeness and to prove or disprove inductive properties automatically in parameterized conditional specifications. The method has been implemented in the prover SPIKE. Computer experiments illustrate the improvements in length and structure of proofs, due to parameterization. Moreover, SPIKE offers facilities to check and complete specifications.
Observational Proofs by Implicit Context Induction
, 1997
"... Observability concepts contribute to a better understanding of software correctness. In order to prove observational properties, the powerful concept of Context Induction has been developed by Hennicker [Hen91]. We propose in this paper to embed Context Induction in the implicit induction framework ..."
Abstract

Cited by 1 (1 self)
 Add to MetaCart
Observability concepts contribute to a better understanding of software correctness. In order to prove observational properties, the powerful concept of Context Induction has been developed by Hennicker [Hen91]. We propose in this paper to embed Context Induction in the implicit induction framework of [BR95]. The proof system we obtain applies to conditional specifications. It allows for many rewriting techniques and for the refutation of false conjectures. Under reasonable assumptions it is refutationally complete. Moreover this proof system is operational: it has been implemented within the Spike prover and interesting computer experiments are reported.
User Manual
 INRIA Lorraine and CRIN
, 1995
"... The SPIKE system is an automatic theorem prover in theories presented by conditional equations. SPIKE was written in Caml Light c fl , a functional language of the ML c fl family. The program is provided with a graphic interface written in TCL/TK c fl (X11 toolkit) that allows for interaction thr ..."
Abstract
 Add to MetaCart
The SPIKE system is an automatic theorem prover in theories presented by conditional equations. SPIKE was written in Caml Light c fl , a functional language of the ML c fl family. The program is provided with a graphic interface written in TCL/TK c fl (X11 toolkit) that allows for interaction through the mouse and menus. The principal functions of SPIKE are proof by induction and an aid in the construction of correct speciøcations. In contrast to the majority of current proof systems that construct their proofs step by step and require frequent user intervention, not to say a great expertise on the part of the user, SPIKE is meant to reduce the number of interactions due to the automatisation of numerous routine tasks. The SPIKE system belongs to the family of program veriøcation tools. The development of a program demands a certain number of proof obligations. In general, the necessary proofs are tedious and veriøcation by hand becomes rapidly unreliable and even impossible. This s...
Algebraic System Specification and Development: Survey and Annotated Bibliography  Second Edition 
, 1997
"... Data Types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50 4.5.4 Special Approaches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50 4.6 Semantics of Programming Languages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52 4.6.1 Semantics of Ada . . . ..."
Abstract
 Add to MetaCart
Data Types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50 4.5.4 Special Approaches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50 4.6 Semantics of Programming Languages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52 4.6.1 Semantics of Ada . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52 4.6.2 Action Semantics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52 4.7 Specification Languages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53 4.7.1 Early Algebraic Specification Languages . . . . . . . . . . . . . . . . . . . . . . . . 53 4.7.2 Recent Algebraic Specification Languages . . . . . . . . . . . . . . . . . . . . . . . 55 4.7.3 The Common Framework Initiative. . . . . . . . . . . . . . . . . . . . . . . . . . . 56 5 Methodology 57 5.1 Development Phases . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57 5.1.1 Applica...
Implicit Induction Techniques for the Verification of PIM  a transformational toolkit for compilers
, 1996
"... The development of the proof techniques presented in this paper was inspired by a proof problem for Pim  a transformational toolkit for compilers. Pim consists of the untyped lambda calculus extended with an algebraic rewriting system that characterizes the behavior of lazy stores and generalized ..."
Abstract
 Add to MetaCart
The development of the proof techniques presented in this paper was inspired by a proof problem for Pim  a transformational toolkit for compilers. Pim consists of the untyped lambda calculus extended with an algebraic rewriting system that characterizes the behavior of lazy stores and generalized conditionals. The firstorder algebraic component of Pim has an !complete conservative extension. Showing conservativeness of the extension requires proving that the additional equations of the extension are inductive consequences of the initial axioms. The complexity of the manual proofs motivated us to look into the current implicit induction procedures w.r.t. their applicability to this proof problem. However, the existing implicit induction methods turned out to be inadequate. In this paper we propose new implicit induction techniques adequate for solving the indicated proof problem.
Constructors, Sufficient completeness . . . Generalized Rewrite Theories
, 2010
"... Sufficient completeness has been throughly studied for equational specifications, where function symbols are classified into constructors and defined symbols. But what should sufficient completeness mean for a rewrite theory R = (Σ, E, R) with equations E and nonequational rules R describing concur ..."
Abstract
 Add to MetaCart
Sufficient completeness has been throughly studied for equational specifications, where function symbols are classified into constructors and defined symbols. But what should sufficient completeness mean for a rewrite theory R = (Σ, E, R) with equations E and nonequational rules R describing concurrent transitions in a system? This work argues that a rewrite theory naturally has two notions of constructor: the usual one for its equations E, and a different one for its rules R. The sufficient completeness of constructors for the rules R turns out to be intimately related with deadlock freedom, i.e., R has no deadlocks outside the constructors for R. The relation between these two notions is studied in the setting of unconditional ordersorted rewrite theories with (i) a frozenness map restricting rewriting with R, and (ii) a contextsensitive map restricting rewriting with the equations E, as it is possible for specifications in the Maude language. Sufficient conditions are given allowing the automatic checking of sufficient completeness, and other related properties, by equational tree automata modulo equational axioms such as associativity, commutativity, and identity. They are used