Results 1  10
of
23
Kit: A Study in Operating System Verification
, 1989
"... Kernel Implements Processes The relationship between the abstract kernel and an individual task is pictured in Figure 4, and is formalized by the theorem AKIMPLEMENTSPARALLELTASKS. Intuitively, this theorem says that for a given good abstract kernel state AK and abstract kernel oracle ORACLE, th ..."
Abstract

Cited by 63 (0 self)
 Add to MetaCart
Kernel Implements Processes The relationship between the abstract kernel and an individual task is pictured in Figure 4, and is formalized by the theorem AKIMPLEMENTSPARALLELTASKS. Intuitively, this theorem says that for a given good abstract kernel state AK and abstract kernel oracle ORACLE, the final state reached by task I can equivalently be achieved by running TASKPROCESSOR on the initial task state, with an oracle constructed by the function CONTROLORACLE. The oracle constructed for TASKPROCESSOR accounts for the precise sequence of delays to task I in the abstract kernel. Task project AK Figure 4: AK Implements Parallel Tasks THEOREM AKIMPLEMENTSPARALLELTASKS (IMPLIES (AND (GOODAK AK) (FINITENUMBERP I (LENGTH (AKPSTATES AK)))) (EQUAL (PROJECT I (AKPROCESSOR AK ORACLE)) (TASKPROCESSOR (PROJECT I AK) I (CONTROLORACLE I AK ORACLE)))) 6. The Target Machine The target machine TM is a simple von Neumann computer. It is not based on an existing physical machine becaus...
A mechanically verified code generator
 Journal of Automated Reasoning
, 1989
"... in this document are those of the author and should not be interpreted as representing the official policies, either expressed or implied, of Computational ..."
Abstract

Cited by 33 (1 self)
 Add to MetaCart
(Show Context)
in this document are those of the author and should not be interpreted as representing the official policies, either expressed or implied, of Computational
A Grand Challenge Proposal for Formal Methods: A Verified Stack
"... We propose a grand challenge for the formal methods community: build and mechanically verify a practical embedded system, from transistors to software. We propose that each group within the formal methods community design and verify, by the methods appropriate to that group, an embedded system of ..."
Abstract

Cited by 31 (1 self)
 Add to MetaCart
We propose a grand challenge for the formal methods community: build and mechanically verify a practical embedded system, from transistors to software. We propose that each group within the formal methods community design and verify, by the methods appropriate to that group, an embedded system of their choice. The point is not to have just one integrated formal method or just one verified application, but to encourage groups to develop the techniques and methodologies necessary for systemlevel verification.
A Verified Implementation of an Applicative Language with Dynamic Storage Allocation
, 1993
"... A compiler for a subset of the Nqthm logic and a mechanically checked proof of its correctness is described. The Nqthm logic defines an applicative programming language very similar to McCarthy's pure Lisp[20]. The compiler compiles programs in the Nqthm logic into the Piton assembly level lang ..."
Abstract

Cited by 20 (0 self)
 Add to MetaCart
A compiler for a subset of the Nqthm logic and a mechanically checked proof of its correctness is described. The Nqthm logic defines an applicative programming language very similar to McCarthy's pure Lisp[20]. The compiler compiles programs in the Nqthm logic into the Piton assembly level language [23]. The correctness of the compiler is proven by showing that the result of executing the Piton code is the same as produced by the Nqthm interpreter V&C$. The Nqthm logic defines several different abstract data types, or shells, as they are called in Nqthm. The user can also define additional shells. The definition of a shell includes the definition of a constructor function that returns new objects with the type of that shell. These objects can become garbage, so the runtime system of the compiler includes a garbage collector. The proof of the correctness of the compiler has not been entirely mechanically checked. A plan for completing the proof is described.
Proving Theorems about Javalike Byte Code
 CORRECT SYSTEM DESIGN { RECENT INSIGHTS AND ADVANCES
, 1999
"... We describe a formalization of an abstract machine very similar to the Java Virtual Machine but far simpler. We develop techniques for specifying the properties of classes and methods for this machine. We ..."
Abstract

Cited by 17 (9 self)
 Add to MetaCart
We describe a formalization of an abstract machine very similar to the Java Virtual Machine but far simpler. We develop techniques for specifying the properties of classes and methods for this machine. We
Report on the Formal Specification and Partial Verification of the VIPER Microprocessor
, 1990
"... ..."
Proof styles in operational semantics
 Proceedings of the 5th International Conference on Formal Methods in ComputerAided Design (FMCAD 2004), volume 3312 of LNCS
, 2004
"... Abstract. We relate two wellstudied methodologies in deductive verification of operationally modeled sequential programs, namely the use of inductive invariants and clock functions. We show that the two methodologies are equivalent and one can mechanically transform a proof of a program in one meth ..."
Abstract

Cited by 11 (6 self)
 Add to MetaCart
Abstract. We relate two wellstudied methodologies in deductive verification of operationally modeled sequential programs, namely the use of inductive invariants and clock functions. We show that the two methodologies are equivalent and one can mechanically transform a proof of a program in one methodology to a proof in the other. Both partial and total correctness are considered. This mechanical transformation is compositional; different parts of a program can be verified using different methodologies to achieve a complete proof of the entire program. The equivalence theorems have been mechanically checked by the ACL2 theorem prover and we implement automatic tools to carry out the transformation between the two methodologies in ACL2.
Contribution to Goodenough's and Gerhart's Theory of Software Testing and Verification: Relation between Strong Compiler Test and Compiler Implementation Verification
 Foundations of Computer Science: PotentialTheoryCognition. LNCS
, 1997
"... ..."
(Show Context)
A mechanized program verifier
 In IFIP Working Conference on the Program Verifier Challenge
, 2005
"... Abstract. In my view, the “verification problem ” is the theorem proving problem, restricted to a computational logic. My approach is: adopt a functional programming language, build a general purpose formal reasoning engine around it, integrate it into a program and proof development environment, an ..."
Abstract

Cited by 3 (0 self)
 Add to MetaCart
(Show Context)
Abstract. In my view, the “verification problem ” is the theorem proving problem, restricted to a computational logic. My approach is: adopt a functional programming language, build a general purpose formal reasoning engine around it, integrate it into a program and proof development environment, and apply it to model and verify a wide variety of computing artifacts, usually modeled operationally within the functional programming language. Everything done in this approach is software verification since the models are runnable programs in a subset of an ANSI standard programming language (Common Lisp). But this approach is of interest to proponents of other approaches (e.g., verification of procedural programs or synthesis) because of the nature of the mathematics of computing. I summarize the progress so far using this approach, sketch the key research challenges ahead and describe my vision of the role and shape of a useful verification system. 1