Results 1 
9 of
9
Inductive datatypes in HOL  lessons learned in FormalLogic Engineering
 Theorem Proving in Higher Order Logics: TPHOLs ’99, LNCS 1690
, 1999
"... Isabelle/HOL has recently acquired new versions of definitional packages for inductive datatypes and primitive recursive functions. In contrast to its predecessors and most other implementations, Isabelle/HOL datatypes may be mutually and indirect recursive, even infinitely branching. We also su ..."
Abstract

Cited by 43 (7 self)
 Add to MetaCart
Isabelle/HOL has recently acquired new versions of definitional packages for inductive datatypes and primitive recursive functions. In contrast to its predecessors and most other implementations, Isabelle/HOL datatypes may be mutually and indirect recursive, even infinitely branching. We also support inverted datatype definitions for characterizing existing types as being inductive ones later. All our constructions are fully definitional according to established HOL tradition. Stepping back from the logical details, we also see this work as a typical example of what could be called "FormalLogic Engineering". We observe that building realistic theorem proving environments involves further issues rather than pure logic only. 1
Compound Types for Java
, 1998
"... Type compatibility can be defined based on name equivalence, that is, explicit declarations, or on structural matching. We argue that component software has demands for both. For types expressing individual contracts, name equivalence should be used so that references are made to external semantical ..."
Abstract

Cited by 29 (3 self)
 Add to MetaCart
Type compatibility can be defined based on name equivalence, that is, explicit declarations, or on structural matching. We argue that component software has demands for both. For types expressing individual contracts, name equivalence should be used so that references are made to external semantical specifications. For types that are composed of several such contracts, the structure of this composition should decide about compatibility. We introduce
Hoare Logics in Isabelle/HOL
 PROOF AND SYSTEMRELIABILITY
, 2002
"... This paper describes Hoare logics for a number of imperative language constructs, from whileloops via exceptions to mutually recursive procedures. Both partial and total correctness are treated. In particular a proof system for total correctness of recursive procedures in the presence of unbounded ..."
Abstract

Cited by 20 (2 self)
 Add to MetaCart
This paper describes Hoare logics for a number of imperative language constructs, from whileloops via exceptions to mutually recursive procedures. Both partial and total correctness are treated. In particular a proof system for total correctness of recursive procedures in the presence of unbounded nondeterminism is presented. All systems are formalized and shown to be sound and complete in the theorem prover Isabelle/HOL.
A type system for checking applet isolation in Java Card
 In Formal Techniques for Java Programs
, 2001
"... Abstract. A Java Card applet is, in general, not allowed to access fields and methods of other applets on the same smart card. This applet isolation property is enforced by dynamic checks in the Java Card Virtual Machine. This paper describes a refined type system for Java Card that enables static c ..."
Abstract

Cited by 6 (0 self)
 Add to MetaCart
Abstract. A Java Card applet is, in general, not allowed to access fields and methods of other applets on the same smart card. This applet isolation property is enforced by dynamic checks in the Java Card Virtual Machine. This paper describes a refined type system for Java Card that enables static checking of applet isolation. With this type system, firewall violations are detected at compile time. Only a special kind of downcast requires dynamic checks. 1
From I/O Automata to Timed I/O Automata  A solution to the `Generalized Railroad Crossing' in Isabelle/HOLCF
"... The model of timed I/O automata represents an extension of the model of I/O automata with the aim of reasoning about realtime systems. A number of case studies using timed I/O automata has been carried out, among them a treatment of the socalled Generalized Railroad Crossing (GRC). An already e ..."
Abstract

Cited by 3 (1 self)
 Add to MetaCart
The model of timed I/O automata represents an extension of the model of I/O automata with the aim of reasoning about realtime systems. A number of case studies using timed I/O automata has been carried out, among them a treatment of the socalled Generalized Railroad Crossing (GRC). An already existing formalization of the metatheory of I/O automata within Isabelle/HOLCF allows for fully formal toolsupported verication using I/O automata. We present a modication of this formalization which accomodates for reasoning about timed I/O automata. The guiding principle in choosing the parts of the metatheory of timed I/O automata to formalize has been to provide all the theory necessary for formalizing the solution to the GRC. This leads to a formalization of the GRC, in which not only the correctness proof itself has been formalized, but also the underlying metatheory of timed I/O automata, on which the correctness proof is based.
Generic Wrapping
, 2000
"... Component software means reuse and separate marketing of premanufactured binary components. This requires components from different vendors to be composed very late, possibly by end users at run time as in compounddocument frameworks. To this aim, we propose generic wrappers, a new language constr ..."
Abstract

Cited by 3 (1 self)
 Add to MetaCart
Component software means reuse and separate marketing of premanufactured binary components. This requires components from different vendors to be composed very late, possibly by end users at run time as in compounddocument frameworks. To this aim, we propose generic wrappers, a new language construct for strongly typed classbased languages. With generic wrappers, objects can be aggregated at run time. The aggregate belongs to a subtype of the actual type of the wrapped object. A lower bound for the type of the wrapped object is fixed at compile time. Generic wrappers are type safe and support modular reasoning. This feature combination is required for true component software but is not achieved by known wrapping and combination techniques, such as the wrapper pattern or mixins. We analyze the design space for generic wrappers, e.g. overriding, forwarding vs. delegation, and snappy binding of the wrapped object. As a proof of concept, we add generic wrappers to Java and report on a mechanized type soundness proof of the latter.
Natural semantics as a static program analysis framework
 ACM TRANSACTIONS ON PROGRAMMING LANGUAGES AND SYSTEMS (TOPLAS
, 2004
"... Natural semantics specifications have become mainstream in the formal specification of programming language semantics during the last ten years. In this paper, we set up sorted natural semantics as a specification framework which is able to express static semantic information of programming language ..."
Abstract

Cited by 2 (0 self)
 Add to MetaCart
Natural semantics specifications have become mainstream in the formal specification of programming language semantics during the last ten years. In this paper, we set up sorted natural semantics as a specification framework which is able to express static semantic information of programming languages declaratively in a uniform way and allows at the same time to generate corresponding analyses. Such static semantic information comprises contextsensitive properties which are checked in the semantic analysis phase of compilers as well as further static program analyses such as e.g. classical data and control flow analyses or type and effect systems. The latter require fixed point analyses to determine their solutions. We show that, given a sorted natural semantics specification, we can generate the corresponding analysis. Therefore, we classify the solution of such an analysis by the notion of a proof tree. We show that a proof tree can be computed by solving an equivalent residuation problem. In case of the semantic analysis, this solution can be found by a basic algorithm. We show that its efficiency can be enhanced using solution strategies. We also demonstrate our prototype implementation of the basic algorithm which proves its applicability in practical situations. With the results of this paper, we have established natural semantics as a framework which closes the gap between declarative and
A Semantics of Python in Isabelle/HOL
, 2008
"... As computers are deployed in increasingly diverse, numerous, and critical roles, the need for confidence in their hardware and software becomes more acute. Often, however, computer technologies, such as programming languages, lack a sufficiently formal definition to allow rigorous mathematical analy ..."
Abstract
 Add to MetaCart
As computers are deployed in increasingly diverse, numerous, and critical roles, the need for confidence in their hardware and software becomes more acute. Often, however, computer technologies, such as programming languages, lack a sufficiently formal definition to allow rigorous mathematical analysis of their properties. Even in cases where a formal definition is available, the theorems to be proven and the definition itself tend to have many cases and many details that are easily overlooked when writing a proof by hand. This has created interest in the mechanization of the proof process through the use of automated proof assistants. In this report, we develop a formal definition for a programming language called IntegerPython, which is a subset of the Python language that supports integers, booleans, global variables, loops, modules, and nested functions. The definition takes the form of an operational semantics on a CEKS machine, which we embed in the Isabelle/HOL mechanized logic. We then prove an invariant of the CEKS machine in Isabelle/HOL. The report concludes with strategies for the efficient, executable implementation of the IntegerPython semantics and its extension into a semantics of