Results 1 
8 of
8
The CtCoq System: Design and Architecture
 FORMAL ASPECTS OF COMPUTING
, 1998
"... We present issues that arose in the design of the CtCoq userinterface for proof development. Covered issues include multiprocessing, data display, mouse interaction, and script management. ..."
Abstract

Cited by 8 (1 self)
 Add to MetaCart
We present issues that arose in the design of the CtCoq userinterface for proof development. Covered issues include multiprocessing, data display, mouse interaction, and script management.
Support for Interactive Theorem Proving: Some Design Principles and Their Application
 In Proc. 4th Workshop on User Interfaces for Theorem Provers (UITP’98
, 1998
"... . This paper proposes a set of guidelines for use in the design of automated support for theorem proving. In particular they are aimed at graphical user interfaces to existing interactive proof engines. The application of these guidelines to the design of a graphical user interface to Isabelle is de ..."
Abstract

Cited by 6 (0 self)
 Add to MetaCart
. This paper proposes a set of guidelines for use in the design of automated support for theorem proving. In particular they are aimed at graphical user interfaces to existing interactive proof engines. The application of these guidelines to the design of a graphical user interface to Isabelle is described. 1 Introduction This paper presents a number of principles formulated to guide the design of enhancements to a graphical user interface of an interactive theorem prover. An interactive theorem prover is a tool in which a user chooses and applies proof steps to terms in a given logic, to produce theorems. The prover actually performs the proof steps and ensures that only valid chains of inference are developed. Although there are many standards and texts which provide general guidelines for designing GUIs there is great benefit in attempting to formulate principles and guidelines that are specific to the problem domain of an application. Such specific principles can be informed by th...
Dependency Graphs for Interactive Theorem Provers
, 2000
"... We propose tools to visualize large proof developments as graphs of theorems and definitions where edges denote the dependency between two theorems. In particular, we study means to limit the size of graphs. Experiments have been done with the Coq theorem prover [DFH + 93] and the GraphViz [EGKN] an ..."
Abstract

Cited by 2 (0 self)
 Add to MetaCart
We propose tools to visualize large proof developments as graphs of theorems and definitions where edges denote the dependency between two theorems. In particular, we study means to limit the size of graphs. Experiments have been done with the Coq theorem prover [DFH + 93] and the GraphViz [EGKN] and daVinci [FW98] graph visualization suites.
Proof Tactics for a Theory of State Machines in a Graphical Environment
 In Proc. 14th Intenational Conference on Automated Deduction (CADE14), Lecture Notes in Artificial Intelligence
, 1997
"... . The state machine paradigm is a popular and convenient means for expressing designs of critical systems. State machines can be readily represented by transition graphs, thus enhancing human understanding of even quite complex problems. In the case of state machines, tracing a path through the ..."
Abstract

Cited by 2 (2 self)
 Add to MetaCart
. The state machine paradigm is a popular and convenient means for expressing designs of critical systems. State machines can be readily represented by transition graphs, thus enhancing human understanding of even quite complex problems. In the case of state machines, tracing a path through the transition graph can represent a critical sequence in the execution of a machine. State machine notations are also amenable to formal treatment. A highlevel of assurance can be gained by a combination of both these aspects: a machinechecked, formal proof together with a higherlevel argument that can be understood by humans. This paper describes proof tactics that support reasoning about state machines at the level of diagrams and paths, and the construction of a corresponding formal proof. A tool, called Veracity [3], has been developed, which links these powerful proof tactics to a graphical userinterface. The proof tactics are implemented in Isabelle, and the paper discusses s...
Cant DOVE: A Tool for Design Oriented Verification and Evaluation Algebraic Methods in Software Technology (AMAST `97
 Macquarie University, Sydney
, 1997
"... ..."
APPROVED FOR PUBLIC RELEASE StateMachine Modelling in the DOVE System
, 2003
"... The DOVE tool supports highlevel system modelling and design, and formal reasoning about critical properties. DOVE uses statemachine graphs to illustrate designs, thus building on a familiar and effective means of communicating system designs to a wide audience. DOVE employs a propositional tempor ..."
Abstract
 Add to MetaCart
The DOVE tool supports highlevel system modelling and design, and formal reasoning about critical properties. DOVE uses statemachine graphs to illustrate designs, thus building on a familiar and effective means of communicating system designs to a wide audience. DOVE employs a propositional temporal logic to express desirable behavioural properties of the design, and presents it in a sequent calculus syntax for ease of manipulation. A verification procedure which can handle temporal properties of DOVE state machines is included through high level tactics in a graphical proof tool interface. The DOVE program is committed to developing proof visualization techniques to complement the power of this proof scheme. This paper presents the theoretical structure underlying the DOVE tool.
Theorem Prover Usability
, 2001
"... Introduction There is a large research group in the Cornell CS department on automated reasoning and theorem proving. They have developed a system of formal mathematics and a program called Nuprl[5] that allows users to state and prove theorems about mathematical and computational systems in a full ..."
Abstract
 Add to MetaCart
Introduction There is a large research group in the Cornell CS department on automated reasoning and theorem proving. They have developed a system of formal mathematics and a program called Nuprl[5] that allows users to state and prove theorems about mathematical and computational systems in a fully veriable way. The vision for systems of this kind is that researchers and programmers ought to be able to rely on formal mathematical tools like Nuprl to do their jobs better, because these tools can help analyze problems, solve easy problems, and can check whether a proposed solution does in fact solve a problem, or if there is a gap in the argument. Recently the Nuprl group has been awarded a grant for the purpose of building online digital libraries of formal mathematics; in a sense, this is complementary to building an \online community " of people interested in communicating in a medium of formal mathematics. It is hoped that in the presence of the right kind of tools, a \open
A Proof Tree Package for Isabelle
"... . This paper describes the design of a proof tree package for the Isabelle theorem prover. Proof trees are a popular structure for representing the form and history of a proof. However, for higherorder logics with scheme variables, proof trees present a problem. The occurrence of the same scheme va ..."
Abstract
 Add to MetaCart
. This paper describes the design of a proof tree package for the Isabelle theorem prover. Proof trees are a popular structure for representing the form and history of a proof. However, for higherorder logics with scheme variables, proof trees present a problem. The occurrence of the same scheme variable in different branches of the tree introduces dependencies among the tree's branches. Such dependencies impair the predicatibility of proof commands as their effect is not local and it may not be clear to the user which branches of the tree will be affected. The proof tree package aims at limiting the negative effects of interbranch dependencies. Both the proof state and the proof history are represented by the proof tree. Dependencies between branches caused by scheme variables is managed by maintaining a list of global constraints on variables. Using a modified unification procedure, the instantiation of a scheme variable in one branch limits the instantiations possible for that vari...