Results 1  10
of
13
On Proving Safety Properties by Integrating Static Analysis, Theorem Proving and Abstraction
 TACAS '99
, 1999
"... We present a new approach for proving safety properties of reactive systems, based on tight interaction between static analysis, theorem proving and abstraction techniques. The method incrementally constructs a proof or finds a counterexample. Every step consists of applying one of the techniques an ..."
Abstract

Cited by 19 (0 self)
 Add to MetaCart
We present a new approach for proving safety properties of reactive systems, based on tight interaction between static analysis, theorem proving and abstraction techniques. The method incrementally constructs a proof or finds a counterexample. Every step consists of applying one of the techniques and makes constructive use of information obtained from failures in previous steps. The amount of user intervention is limited and is highly guided by the system at each step. We demonstrate the method on three simple examples, and show that by using it one can prove more properties than by using each component as a standalone.
A Broader Class of Trees for Recursive Type Definitions for HOL
 Higher Order Logic Theorem Proving and Its Applications, volume 780 of LNCS
, 1994
"... . In this paper we describe the construction in hol of the inductive type of arbitrarily branching labeled trees. Such a type is characterized by an initiality theorem similar to that for finitely branching labeled trees. We discuss how to use this type to extend the system of simple recursive t ..."
Abstract

Cited by 16 (0 self)
 Add to MetaCart
. In this paper we describe the construction in hol of the inductive type of arbitrarily branching labeled trees. Such a type is characterized by an initiality theorem similar to that for finitely branching labeled trees. We discuss how to use this type to extend the system of simple recursive type specifications automatically definable in hol to ones including a limited class of functional arguments. The work discussed here is a part of a larger project to expand the recursive types package of hol which is nearing completion. All work described in this paper has been completed. 1 A Broader Class of Recursive Type Definitions The work described in this paper forms the foundation of a project to expand the class of recursive type specifications for which hol is capable of automatically defining the types specified and proving the initiality theorem, which acts as an axiomatization for the defined types. The full class of specifications the project aims to handle are those BNF...
An Approach to Combining B and Alloy
 In Proc. of ZB 2002, volume 2272 of LNCS
, 2002
"... In this paper we propose to combine two software verification approaches, theorem proving and model checking. We focus on the Bmethod and a theorem proving tool associated with it, and the Alloy specification notation and its model checker “Alloy Constraint Analyser”. We consider how software devel ..."
Abstract

Cited by 6 (1 self)
 Add to MetaCart
In this paper we propose to combine two software verification approaches, theorem proving and model checking. We focus on the Bmethod and a theorem proving tool associated with it, and the Alloy specification notation and its model checker “Alloy Constraint Analyser”. We consider how software development in B can be assisted using Alloy and how Alloy can be used for verifying refinement of abstract specifications. We demonstrate our approach with an example. Keywords: Bmethod, Alloy. 1
Mechanized Operational Semantics of WSL
 IEEE International Workshop on Source Code Analysis and Manipulation (SCAM), Los Alamitos
, 2002
"... This paper presents an experiment on computer assisted formal verification of program transformations. The operational semantics of WSL is formalized in the type theoretical proof assistant Coq, which forms the basis, on which the correctness of program transformations can be stated and proved as fo ..."
Abstract

Cited by 4 (1 self)
 Add to MetaCart
This paper presents an experiment on computer assisted formal verification of program transformations. The operational semantics of WSL is formalized in the type theoretical proof assistant Coq, which forms the basis, on which the correctness of program transformations can be stated and proved as formul in Coq. A group of program transformations frequently used for software maintenance have been proved correct. The existence of a machine checked formal verification increases significantly the confidence in the correctness of program transformations, which is crucial for the reliability of software maintenance systems.
Combining Tools for the Verification of FaultTolerant Systems
 In: Tools for System Development and Verification, (Workshop Proceedings), BISS Monographs, Shaker
, 1996
"... . In this article, we describe an approach for the toolsupported development and verification of faulttolerant systems according to the invent&verify paradigm. Our method is based on the CSP (Communicating Sequential Processes) specification language. It allows the desired properties of a system t ..."
Abstract

Cited by 4 (3 self)
 Add to MetaCart
. In this article, we describe an approach for the toolsupported development and verification of faulttolerant systems according to the invent&verify paradigm. Our method is based on the CSP (Communicating Sequential Processes) specification language. It allows the desired properties of a system to be expressed as implicit specifications (assertions about traces and refusals), explicit specifications (CSP process terms), refinement relations or combinations of these three description formalisms. From our experience with industrial verification projects, this possibility to choose between different specification paradigms according to the specific needs of each development step is essential to cope with largescale formal development and verification projects. Each topdown development step according to the invent&verify paradigm introduces a verification obligation whose type depends on the specification techniques applied for the different components involved in the step. We describe...
Learning to Verify Systems
, 2006
"... Making high quality and reliable software systems remains a difficult problem. One approach to address this problem is automated verification which attempts to demonstrate algorithmically that a software system meets its specification. However, verification of software systems is not easy: such sys ..."
Abstract

Cited by 3 (1 self)
 Add to MetaCart
Making high quality and reliable software systems remains a difficult problem. One approach to address this problem is automated verification which attempts to demonstrate algorithmically that a software system meets its specification. However, verification of software systems is not easy: such systems are often modeled using abstractions of infinite structures such as unbounded integers, infinite memory for allocation, unbounded space for call stack, unrestricted queue sizes and so on. It can be shown that for most classes of such systems, the verification problem is actually undecidable (there exists no algorithm which will always give the correct answer for arbitrary inputs). In spite of this negative theoretical result, techniques have been developed which are successful on some practical examples although they are not guaranteed to always work. This dissertation is in a similar spirit and develops a new paradigm for automated verification of large or infinite state systems. We observe that even if the state space of a system is infinite, for practical examples, the set of reachable states (or other fixpoints needed for verification) is often expressible in a simple representation. Based on this observation, we propose an entirely new approach to verification: the idea is to use techniques from computational learning theory to identify the reachable states (or other fixpoints) and then verify the property of interest. To use learning techniques, we solve key problems of
A Theorem Proving Abstraction of Model Checking
, 1995
"... ion of Model Checking Rachel CardellOliver and Chris Southon Department of Computer Science University of Essex October 1995 Abstract This paper presents a new approach to the verification of temporal requirements for realtime systems which combines the benefits of abstraction in theorem prov ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
ion of Model Checking Rachel CardellOliver and Chris Southon Department of Computer Science University of Essex October 1995 Abstract This paper presents a new approach to the verification of temporal requirements for realtime systems which combines the benefits of abstraction in theorem proving and automation in model checking. Previous work combining these paradigms has provided a uniform interface to two different methods whereas here model checking is represented by proof rules and procedures within the theorem proving paradigm. Logical expressions are used to represent (possibly infinite) classes of states. Logical deduction and an operational semantics are used to evaluate the possible behaviours of specifications. Sound inductive proof rules evaluate the truth of temporal propositions over these behaviours. The theory has been embedded in the HOL system providing a tool for automatic verification which has been tested on a number of examples. 1 Introduction One way to ma...
Variations on an Alloycentric ToolChain in Verifying a Journaled File System Model
, 2010
"... Tool interoperability is among the main goals of the international Grand Challenge initiative. In the context of the Verifiable File System minichallenge put forward by Joshi and Holzmann, our work has been focused on the integration of different formal methods and tools in a toolchain for modelli ..."
Abstract

Cited by 1 (1 self)
 Add to MetaCart
Tool interoperability is among the main goals of the international Grand Challenge initiative. In the context of the Verifiable File System minichallenge put forward by Joshi and Holzmann, our work has been focused on the integration of different formal methods and tools in a toolchain for modelling and verification. The current paper shows how to adapt such a toolchain to the task in hands, aiming at reducing tool integration costs. The refinement of an abstract file store model into a journaled (flash) data model catering for wear leveling and recovery from power loss is taken as case study. This shows that refinement steps can be carried out within a shorter, reduced lifecycle where model checking in Alloy goes hand in hand with manual proofs carried out in the (pointfree) algebra of binary relations. This provides ample evidence of the positive impact of Alloy’s lemma ’everything is a relation ’ on software verification, in particular in carrying out inductionfree proofs about data structures such as finite maps and lists.
Execution and Verification of 2nd Order Interval Temporal Logic
, 1995
"... this paper we show 2ITL as a subset of interval temporal logic. 2ITL is undecidable, but through investigations on verification procedures, we find decidable subset of ITL. Its automatic verification is also presented. 1 Interval Temporal Logic as Second Order Temporal Logic ..."
Abstract
 Add to MetaCart
this paper we show 2ITL as a subset of interval temporal logic. 2ITL is undecidable, but through investigations on verification procedures, we find decidable subset of ITL. Its automatic verification is also presented. 1 Interval Temporal Logic as Second Order Temporal Logic
Implementing a RealTime Process Algebra in HOL
, 1991
"... theories are an extension to HOL88 that were discussed in the previous two meetings of the HOL Users Group [5]. Very briey, an abstract theory is an HOL theory that is parametrized by a collection of assumed types, terms and theorem statements. Within an abstract theory, one has access to the elemen ..."
Abstract
 Add to MetaCart
theories are an extension to HOL88 that were discussed in the previous two meetings of the HOL Users Group [5]. Very briey, an abstract theory is an HOL theory that is parametrized by a collection of assumed types, terms and theorem statements. Within an abstract theory, one has access to the elements of the formal parameter as type constants, term constants and axioms. To use the abstract theory within another theory, you must supply it with values for the types, terms and theorems matching the formal parameter. The reason for using an abstract theory is that it allows us to focus on the purely algebraic aspects of the system as it is described by the axioms in Table 1, without confusing issues with details of a particular model. We do have a model in mind from which these axioms were derived. However, by using abstract theories we have separated the task of proving that the model satises these axioms from the task of developing the general theory that follows from them. Below is h...