Abstract not found

Hereditarily finite sets and hypersets are characterized both as an algorithmic data structure and by means of a first-order axiomatization which, although rather weak, suffices to make the following two problems decidable: (1) Establishing whether a conjunction r of formulae of the form 8 y 1 \Delta \Delta \Delta 8 y m ((y 1 2 w 1 & \Delta \Delta \Delta & y m 2 wm ) ! q), with q quantifier-free and involving only the relators =; 2 and propositional connectives, and each y i distinct from all w j 's, is satisfiable. (2) Establishing whether a formula of the form 8 y q, q quantifier-free, is satisfiable. Concerning (1), an explicit decision algorithm is provided; moreover, significantly broad sub-problems of (1) are singled out in which a classification ---named the `syllogistic decomposition' of r--- of all possible ways of satisfying the input conjunction r can be obtained automatically. For one of these sub-problems, carrying out the decomposition results in producing a fi...

Abstract. We have designed a programming logic based on an integration of functional programming languages with classical set theory. The logic merges a classical view of equality with a constructive one by using equivalence classes, while at the same time allowing computation with representatives of equivalence classes. Given a programming language and its operational semantics, a logic is obtained by extending the language with the operators of set theory and classical logic, and extending the operational semantics with “evaluation ” rules for these new operators. This operational approach permits us to give a generic design. We give a general formalism for specifying evaluation semantics, and parameterize our design with respect to languages specifiable in this formalism. This allows us to prove, once and for all, important properties of the semantics such as the coherence of the treatment of equality. 1

. The most powerful tools for analysis of formal specifications are general-purpose theorem provers and model checkers, but these tools provide scant methodological support. Conversely, those approaches that do provide a well-developed method generally have less powerful automation. It is natural, therefore, to try to combine the better-developed methods with the more powerful general-purpose tools. An obstacle is that the methods and the tools often employ very different logics. We argue that methods are separable from their logics and are largely concerned with the structure and organization of specifications. We propose a technique called structural embedding that allows the structural elements of a method to be supported by a general-purpose tool, while substituting the logic of the tool for that of the method. We have found this technique quite effective and we provide some examples of its application. We also suggest how general-purpose systems could be restructured ...

The open calculus of constructions integrates key features of Martin-Löf's type theory, the calculus of constructions, Membership Equational Logic, and Rewriting Logic into a single uniform language. The two key ingredients are dependent function types and conditional rewriting modulo equational theories. We explore the open calculus of constructions as a uniform framework for programming, specification and interactive verification in an equational higher-order style. By having equational logic and rewriting logic as executable sublogics we preserve the advantages of a first-order semantic and logical framework and especially target applications involving symbolic computation and symbolic execution of nondeterministic and concurrent systems.

Abstract. We introduce an operational set theory in the style of [5] and [17]. The theory we develop here is a theory of constructive sets and operations. One motivation behind constructive operational set theory is to merge a constructive notion of set ([1], [2]) with some aspects which are typical of explicit mathematics [14]. In particular, one has non-extensional operations (or rules) alongside extensional constructive sets. Operations are in general partial and a limited form of self–application is permitted. The system we introduce here is a fully explicit, finitely axiomatised system of constructive sets and operations, which is shown to be as strong as HA. 1.

Applicative Structure : : : : : : : : : : : : : : : : : : : : : : : : : : : : 16 3.2 Realizability : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : 17 3.3 Soundness for IZF : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : 20 3.4 Term Extraction : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : 21 3.5 Strong Intuitionistic Counterexamples : : : : : : : : : : : : : : : : : : : : : : : : 24 3.6 Some famous "nonstandard" consistency results : : : : : : : : : : : : : : : : : : : 25 4 Forcing in Constructive Set Theory (Unramified) 26 4.1 Kripke models over V (K) : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : 26 4.2 Soundness of IZF Axioms : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : 28 4.3 Examples : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : 30 5 \Omega -sets,Categories and Sheaves 34 5.1 From Kripke Models to cHa's : : : : : : : : : : : : : : : :...

We describe our experience with formal, machine-checked verification of algorithms for critical applications, concentrating on a Byzantine fault-tolerant algorithm for synchronizing the clocks in the replicated computers of a digital flight control system. First, we explain the problems encountered in unsynchronized systems and the necessity, and criticality, of fault-tolerant synchronization. We give an overview of one such algorithm, and of the arguments for its correctness. Next, we describe a verification of the algorithm that we performed using our Ehdm system for formal specification and verification. We indicate the errors we found in the published analysis of the algorithm, and other benefits that we derived from the verification. Based on our experience, we derive some key requirements for a formal specification and verification system adequate to the task of verifying algorithms of the type considered. Finally, we summarize our conclusions regarding the benefits of formal verification in this domain, and the capabilities required of verification systems in order to realize those benefits. Index terms: Formal specification, formal verification, clock synchronization, fault-tolerant systems.

Abstract not found

About the strength of operational regularity