Results 1 
6 of
6
The CtCoq System: Design and Architecture
 FORMAL ASPECTS OF COMPUTING
, 1998
"... We present issues that arose in the design of the CtCoq userinterface for proof development. Covered issues include multiprocessing, data display, mouse interaction, and script management. ..."
Abstract

Cited by 7 (1 self)
 Add to MetaCart
We present issues that arose in the design of the CtCoq userinterface for proof development. Covered issues include multiprocessing, data display, mouse interaction, and script management.
Support for Interactive Theorem Proving: Some Design Principles and Their Application
 In Proc. 4th Workshop on User Interfaces for Theorem Provers (UITP’98
, 1998
"... . This paper proposes a set of guidelines for use in the design of automated support for theorem proving. In particular they are aimed at graphical user interfaces to existing interactive proof engines. The application of these guidelines to the design of a graphical user interface to Isabelle is de ..."
Abstract

Cited by 6 (0 self)
 Add to MetaCart
. This paper proposes a set of guidelines for use in the design of automated support for theorem proving. In particular they are aimed at graphical user interfaces to existing interactive proof engines. The application of these guidelines to the design of a graphical user interface to Isabelle is described. 1 Introduction This paper presents a number of principles formulated to guide the design of enhancements to a graphical user interface of an interactive theorem prover. An interactive theorem prover is a tool in which a user chooses and applies proof steps to terms in a given logic, to produce theorems. The prover actually performs the proof steps and ensures that only valid chains of inference are developed. Although there are many standards and texts which provide general guidelines for designing GUIs there is great benefit in attempting to formulate principles and guidelines that are specific to the problem domain of an application. Such specific principles can be informed by th...
Proof Tactics for a Theory of State Machines in a Graphical Environment
 In Proc. 14th Intenational Conference on Automated Deduction (CADE14), Lecture Notes in Artificial Intelligence
, 1997
"... . The state machine paradigm is a popular and convenient means for expressing designs of critical systems. State machines can be readily represented by transition graphs, thus enhancing human understanding of even quite complex problems. In the case of state machines, tracing a path through the ..."
Abstract

Cited by 2 (2 self)
 Add to MetaCart
. The state machine paradigm is a popular and convenient means for expressing designs of critical systems. State machines can be readily represented by transition graphs, thus enhancing human understanding of even quite complex problems. In the case of state machines, tracing a path through the transition graph can represent a critical sequence in the execution of a machine. State machine notations are also amenable to formal treatment. A highlevel of assurance can be gained by a combination of both these aspects: a machinechecked, formal proof together with a higherlevel argument that can be understood by humans. This paper describes proof tactics that support reasoning about state machines at the level of diagrams and paths, and the construction of a corresponding formal proof. A tool, called Veracity [3], has been developed, which links these powerful proof tactics to a graphical userinterface. The proof tactics are implemented in Isabelle, and the paper discusses s...
Dependency Graphs for Interactive Theorem Provers
, 2000
"... We propose tools to visualize large proof developments as graphs of theorems and definitions where edges denote the dependency between two theorems. In particular, we study means to limit the size of graphs. Experiments have been done with the Coq theorem prover [DFH + 93] and the GraphViz [EGKN] an ..."
Abstract

Cited by 2 (0 self)
 Add to MetaCart
We propose tools to visualize large proof developments as graphs of theorems and definitions where edges denote the dependency between two theorems. In particular, we study means to limit the size of graphs. Experiments have been done with the Coq theorem prover [DFH + 93] and the GraphViz [EGKN] and daVinci [FW98] graph visualization suites.
DOVE: A Tool for Design Oriented Verification and Evaluation
 Macquarie University, Sydney
, 1997
"... loring symbolic execution of the machine; and a Proof Mode, for formally verifying that critical properties of the machine specification hold. State machine definitions have two parts: a topology or state transition diagram part and a transition definition part. The presence of an edge(transition) ..."
Abstract

Cited by 1 (1 self)
 Add to MetaCart
loring symbolic execution of the machine; and a Proof Mode, for formally verifying that critical properties of the machine specification hold. State machine definitions have two parts: a topology or state transition diagram part and a transition definition part. The presence of an edge(transition) between two states in the diagram indicates the possibility that the state machine may undergo a transition between them. The definition of the transition determines if, and how, such a transition can occur. The Edit Mode is used to specify state machine designs by providing the means for laying out the state transition graph of a machine; declaring types, constants, variables and inputs; defining the associated transitions; and checking occurrences of variables (e.g. variables declared and not used, or idenitifiers used and not declared). The Animation Mode is used to observe how variables and terms evolve during exec
A Proof Tree Package for Isabelle
"... . This paper describes the design of a proof tree package for the Isabelle theorem prover. Proof trees are a popular structure for representing the form and history of a proof. However, for higherorder logics with scheme variables, proof trees present a problem. The occurrence of the same scheme va ..."
Abstract
 Add to MetaCart
. This paper describes the design of a proof tree package for the Isabelle theorem prover. Proof trees are a popular structure for representing the form and history of a proof. However, for higherorder logics with scheme variables, proof trees present a problem. The occurrence of the same scheme variable in different branches of the tree introduces dependencies among the tree's branches. Such dependencies impair the predicatibility of proof commands as their effect is not local and it may not be clear to the user which branches of the tree will be affected. The proof tree package aims at limiting the negative effects of interbranch dependencies. Both the proof state and the proof history are represented by the proof tree. Dependencies between branches caused by scheme variables is managed by maintaining a list of global constraints on variables. Using a modified unification procedure, the instantiation of a scheme variable in one branch limits the instantiations possible for that vari...