Results 1  10
of
17
Inductive datatypes in HOL  lessons learned in FormalLogic Engineering
 Theorem Proving in Higher Order Logics: TPHOLs ’99, LNCS 1690
, 1999
"... Isabelle/HOL has recently acquired new versions of definitional packages for inductive datatypes and primitive recursive functions. In contrast to its predecessors and most other implementations, Isabelle/HOL datatypes may be mutually and indirect recursive, even infinitely branching. We also su ..."
Abstract

Cited by 42 (6 self)
 Add to MetaCart
Isabelle/HOL has recently acquired new versions of definitional packages for inductive datatypes and primitive recursive functions. In contrast to its predecessors and most other implementations, Isabelle/HOL datatypes may be mutually and indirect recursive, even infinitely branching. We also support inverted datatype definitions for characterizing existing types as being inductive ones later. All our constructions are fully definitional according to established HOL tradition. Stepping back from the logical details, we also see this work as a typical example of what could be called "FormalLogic Engineering". We observe that building realistic theorem proving environments involves further issues rather than pure logic only. 1
Effective Theorem Proving for Hardware Verification
, 1994
"... . The attractiveness of using theorem provers for system design verification lies in their generality. The major practical challenge confronting theorem proving technology is in combining this generality with an acceptable degree of automation. We describe an approach for enhancing the effectiveness ..."
Abstract

Cited by 37 (6 self)
 Add to MetaCart
. The attractiveness of using theorem provers for system design verification lies in their generality. The major practical challenge confronting theorem proving technology is in combining this generality with an acceptable degree of automation. We describe an approach for enhancing the effectiveness of theorem provers for hardware verification through the use of efficient automatic procedures for rewriting, arithmetic and equality reasoning, and an offtheshelf BDDbased propositional simplifier. These automatic procedures can be combined into generalpurpose proof strategies that can efficiently automate a number of proofs including those of hardware correctness. The inference procedures and proof strategies have been implemented in the PVS verification system. They are applied to several examples including an Nbit adder, the Saxe pipelined processor, and the benchmark Tamarack microprocessor design. These examples illustrate the basic design philosophy underlying PVS where powerful...
Defining the IEEE854 FloatingPoint Standard in PVS
 in PVS. Technical Memorandum 110167, NASA, Langley Research
, 1995
"... A significant portion of the ANSI/IEEE854 Standard for RadixIndependent FloatingPoint Arithmetic is defined in PVS (Prototype Verification System). Since IEEE854 is a generalization of the ANSI/IEEE754 Standard for Binary FloatingPoint Arithmetic, the definition of IEEE854 in PVS also formall ..."
Abstract

Cited by 29 (3 self)
 Add to MetaCart
A significant portion of the ANSI/IEEE854 Standard for RadixIndependent FloatingPoint Arithmetic is defined in PVS (Prototype Verification System). Since IEEE854 is a generalization of the ANSI/IEEE754 Standard for Binary FloatingPoint Arithmetic, the definition of IEEE854 in PVS also formally defines much of IEEE754. This collection of PVS theories provides a basis for machine checked verification of floatingpoint systems. This formal definition illustrates that formal specification techniques are sufficiently advanced that it is reasonable to consider their use in the development of future standards. keywords: Floatingpoint arithmetic, Formal Methods, Specification, Verification. 1 Introduction This document describes a definition of the ANSI/IEEE854 [3] Standard for RadixIndependent FloatingPoint Arithmetic in the PVS verification system (developed at SRI International) [4]. IEEE854 is a generalization of the ANSI/IEEE754 [2] Standard for Binary FloatingPoint Ari...
Specification of the IEEE854 FloatingPoint Standard in HOL and PVS
, 1995
"... The IEEE854 Standard for radixindependent floatingpoint arithmetic has been partially defined within two mechanical verification systems. We present the specification of key parts of the standard in both HOL and PVS. This effort to formalize IEEE854 has given the opportunity to compare the st ..."
Abstract

Cited by 24 (1 self)
 Add to MetaCart
The IEEE854 Standard for radixindependent floatingpoint arithmetic has been partially defined within two mechanical verification systems. We present the specification of key parts of the standard in both HOL and PVS. This effort to formalize IEEE854 has given the opportunity to compare the styles imposed by the two verification systems on the specification.
The Formal Semantics of PVS
, 1997
"... A specification language is a medium for expressing what is computed rather than how it is computed. Specification languages share a number of features with programming languages but are also different in some important ways. For our purpose, a specification language is a logic within which the beha ..."
Abstract

Cited by 23 (2 self)
 Add to MetaCart
A specification language is a medium for expressing what is computed rather than how it is computed. Specification languages share a number of features with programming languages but are also different in some important ways. For our purpose, a specification language is a logic within which the behavior of computational systems can be formalized. Although a specification can be used to simulate the behavior of such systems, we mainly use specifications to state and prove system properties with mechanical assistance. We present the formal semantics of the specification language of SRI's Prototype Verification System (PVS). This specification language is based on the simply typed lambda calculus. The novelty in PVS is that it contains a number of very expressive language features whose static analysis (e.g., typechecking) requires the assistance of a theorem prover. The formal semantics illuminates several of the design considerations underlying PVS, particularly the interaction between ...
Deriving Cryptographically Sound Implementations Using Composition and Formally Verified Bisimulation
, 2002
"... We consider abstract specifications of cryptographic protocols which are both suitable for formal verification and maintain a sound cryptographic semantics. ..."
Abstract

Cited by 21 (8 self)
 Add to MetaCart
We consider abstract specifications of cryptographic protocols which are both suitable for formal verification and maintain a sound cryptographic semantics.
A Tutorial on Using PVS for Hardware Verification
 Proc. 2nd International Conference on Theorem Provers in Circuit Design (TPCD94), volume 901 of Lecture Notes in Computer Science
, 1995
"... PVS stands for "Prototype Verification System." It consists of a specification language integrated with support tools and a theorem prover. PVS tries to provide the mechanization needed to apply formal methods both rigorously and productively. This tutorial serves to introduce PVS and its use in the ..."
Abstract

Cited by 15 (0 self)
 Add to MetaCart
PVS stands for "Prototype Verification System." It consists of a specification language integrated with support tools and a theorem prover. PVS tries to provide the mechanization needed to apply formal methods both rigorously and productively. This tutorial serves to introduce PVS and its use in the context of hardware verification. In the first section, we briefly sketch the purposes for which PVS is intended and the rationale behind its design, mention some of the uses that we and others are making of it. We give an overview of the PVS specification language and proof checker. The PVS language, system, and theorem prover each have their own reference manuals, which you will need to study in order to make productive use of the system. A pocket reference card, summarizing all the features of the PVS language, system, and prover is also available. The purpose of this tutorial is not to describe in detail the features of PVS and how to use the system. Rather, its purpose is to...
Reasoning about static and dynamic properties in alloy: A purely relational approach
 ACM TRANSACTIONS ON SOFTWARE ENGINEERING AND METHODOLOGY (TOSEM
, 2005
"... We study a number of restrictions associated with the firstorder relational specification language Alloy. The main shortcomings we address are: — the lack of a complete calculus for deduction in Alloy’s underlying formalism, the so called relational logic, — the inappropriateness of the Alloy langu ..."
Abstract

Cited by 9 (4 self)
 Add to MetaCart
We study a number of restrictions associated with the firstorder relational specification language Alloy. The main shortcomings we address are: — the lack of a complete calculus for deduction in Alloy’s underlying formalism, the so called relational logic, — the inappropriateness of the Alloy language for describing (and analyzing) properties regarding execution traces. The first of these points was not regarded as an important issue during the genesis of Alloy, and therefore has not been taken into account in the design of the relational logic. The second point is a consequence of the static nature of Alloy specifications, and has been partly solved by the developers of Alloy; however, their proposed solution requires a complicated and unstructured characterization of executions. We propose to overcome the first problem by translating relational logic to the equational calculus of fork algebras. Fork algebras provide a purely relational formalism close to Alloy, which
Foundational, Compositional (Co)datatypes for HigherOrder Logic  Category Theory Applied to Theorem Proving
"... Higherorder logic (HOL) forms the basis of several popular interactive theorem provers. These follow the definitional approach, reducing highlevel specifications to logical primitives. This also applies to the support for datatype definitions. However, the internal datatype construction used in H ..."
Abstract

Cited by 8 (4 self)
 Add to MetaCart
Higherorder logic (HOL) forms the basis of several popular interactive theorem provers. These follow the definitional approach, reducing highlevel specifications to logical primitives. This also applies to the support for datatype definitions. However, the internal datatype construction used in HOL4, HOL Light, and Isabelle/HOL is fundamentally noncompositional, limiting its efficiency and flexibility, and it does not cater for codatatypes. We present a fully modular framework for constructing (co)datatypes in HOL, with support for mixed mutual and nested (co)recursion. Mixed (co)recursion enables type definitions involving both datatypes and codatatypes, such as the type of finitely branching trees of possibly infinite depth. Our framework draws heavily from category theory. The key notion is that of a rich type constructor—a functor satisfying specific properties preserved by interesting categorical operations. Our ideas are formalized in Isabelle and implemented as a new definitional package, answering a longstanding user request.
Principles and Pragmatics of Subtyping in PVS
 Recent Trends in Algebraic Development Techniques, WADT ’99. Volume 1827 of Lecture Notes in Computer Science
, 1999
"... PVS (Prototype Verification System) is a mechanized framework for formal specification and interactive proof development. The PVS specification language is based on higherorder logic enriched with features such as predicate subtypes, dependent types, recursive datatypes, and parametric theories. Su ..."
Abstract

Cited by 5 (0 self)
 Add to MetaCart
PVS (Prototype Verification System) is a mechanized framework for formal specification and interactive proof development. The PVS specification language is based on higherorder logic enriched with features such as predicate subtypes, dependent types, recursive datatypes, and parametric theories. Subtyping is a central concept in the PVS type system. PVS admits the definition of subtypes corresponding to nonzero integers, prime numbers, injective maps, orderpreserving maps, and even empty subtypes. We examine the principles underlying the PVS subtype mechanism and its implementation and use. The PVS specification language is primarily a medium for communicating formal mathematical descriptions. Formal PVS specifications are meant for both mach...