Results 11  20
of
160
Inductive datatypes in HOL  lessons learned in FormalLogic Engineering
 Theorem Proving in Higher Order Logics: TPHOLs ’99, LNCS 1690
, 1999
"... Isabelle/HOL has recently acquired new versions of definitional packages for inductive datatypes and primitive recursive functions. In contrast to its predecessors and most other implementations, Isabelle/HOL datatypes may be mutually and indirect recursive, even infinitely branching. We also su ..."
Abstract

Cited by 42 (6 self)
 Add to MetaCart
Isabelle/HOL has recently acquired new versions of definitional packages for inductive datatypes and primitive recursive functions. In contrast to its predecessors and most other implementations, Isabelle/HOL datatypes may be mutually and indirect recursive, even infinitely branching. We also support inverted datatype definitions for characterizing existing types as being inductive ones later. All our constructions are fully definitional according to established HOL tradition. Stepping back from the logical details, we also see this work as a typical example of what could be called "FormalLogic Engineering". We observe that building realistic theorem proving environments involves further issues rather than pure logic only. 1
ObjectOriented Verification based on Record Subtyping in HigherOrder Logic
 In 11th International Conference on Theorem Proving in Higher Order Logics, volume 1479 of LNCS, ANU
, 1998
"... We show how extensible records with structural subtyping can be represented directly in HigherOrder Logic (HOL). Exploiting some specific properties of HOL, this encoding turns out to be extremely simple. In particular, structural subtyping is subsumed by naive parametric polymorphism, while ov ..."
Abstract

Cited by 38 (11 self)
 Add to MetaCart
We show how extensible records with structural subtyping can be represented directly in HigherOrder Logic (HOL). Exploiting some specific properties of HOL, this encoding turns out to be extremely simple. In particular, structural subtyping is subsumed by naive parametric polymorphism, while overridable generic functions may be based on overloading. Taking HOL plus extensible records as a starting point, we then set out to build an environment for objectoriented specification and verification (HOOL). This framework offers several wellknown concepts like classes, objects, methods and latebinding. All of this is achieved by very simple means within HOL. 1 Introduction Higherorder Logic (HOL) [2, 1, 3] is a rather simplistic typed system, Church originally even called it "Simple Theory of Types". At first sight, it might seem futile attempting to use HOL to represent extensible records with structural subtyping, or even objectoriented concepts. One might expect that this ...
Effective Theorem Proving for Hardware Verification
, 1994
"... . The attractiveness of using theorem provers for system design verification lies in their generality. The major practical challenge confronting theorem proving technology is in combining this generality with an acceptable degree of automation. We describe an approach for enhancing the effectiveness ..."
Abstract

Cited by 37 (6 self)
 Add to MetaCart
. The attractiveness of using theorem provers for system design verification lies in their generality. The major practical challenge confronting theorem proving technology is in combining this generality with an acceptable degree of automation. We describe an approach for enhancing the effectiveness of theorem provers for hardware verification through the use of efficient automatic procedures for rewriting, arithmetic and equality reasoning, and an offtheshelf BDDbased propositional simplifier. These automatic procedures can be combined into generalpurpose proof strategies that can efficiently automate a number of proofs including those of hardware correctness. The inference procedures and proof strategies have been implemented in the PVS verification system. They are applied to several examples including an Nbit adder, the Saxe pipelined processor, and the benchmark Tamarack microprocessor design. These examples illustrate the basic design philosophy underlying PVS where powerful...
Rigorous specification and conformance testing techniques for network protocols, as applied to TCP, UDP, and Sockets
 In Proceedings of ACM Conference on Computer Communication (SIGCOMM 2005
, 2005
"... Network protocols are hard to implement correctly. Despite the existence of RFCs and other standards, implementations often have subtle differences and bugs. One reason for this is that the specifications are typically informal, and hence inevitably contain ambiguities. Conformance testing against s ..."
Abstract

Cited by 35 (12 self)
 Add to MetaCart
Network protocols are hard to implement correctly. Despite the existence of RFCs and other standards, implementations often have subtle differences and bugs. One reason for this is that the specifications are typically informal, and hence inevitably contain ambiguities. Conformance testing against such specifications is challenging. In this paper we present a practical technique for rigorous protocol specification that supports specificationbased testing. We have applied it to TCP, UDP, and the Sockets API, developing a detailed ‘posthoc’ specification that accurately reflects the behaviour of several existing implementations (FreeBSD 4.6, Linux 2.4.208, and Windows XP SP1). The development process uncovered a number of differences between and infelicities in these implementations. Our experience shows for the first time that rigorous specification is feasible for protocols as complex as TCP. We argue that the technique is also applicable ‘prehoc’, in the design phase of new protocols. We discuss how such a designfortest approach should influence protocol development, leading to protocol specifications that are both unambiguous and clear, and to highquality implementations that can be tested directly against those specifications. 1
LiftedFL: A Pragmatic Implementation of Combined Model Checking and Theorem Proving
, 1999
"... Abstract. Combining theorem proving and model checking o ers the tantalizing possibility of e ciently reasoning about large circuits at high levels of abstraction. We have constructed a system that seamlessly integrates symbolic trajectory evaluation based model checking with theorem proving in a hi ..."
Abstract

Cited by 34 (3 self)
 Add to MetaCart
Abstract. Combining theorem proving and model checking o ers the tantalizing possibility of e ciently reasoning about large circuits at high levels of abstraction. We have constructed a system that seamlessly integrates symbolic trajectory evaluation based model checking with theorem proving in a higherorder classical logic. The approach is made possible by using the same programming language ( ) as both the meta and object language of theorem proving. This is done by \lifting ",essentially deeply embedding in itself. The approach is a pragmatic solution that provides an e cient and extensible veri cation environment. Our approach is generally applicable to any dialect of the ML programming language and any modelchecking algorithm that has practical inference rules for combining results. 1
The Refinement Calculator: Proof Support for Program Refinement
 Formal Methods Pacific ’97
, 1997
"... . We describe the Refinement Calculator, a tool which supports ..."
Abstract

Cited by 27 (2 self)
 Add to MetaCart
. We describe the Refinement Calculator, a tool which supports
Three Theses of Representation in the Semantic Web
, 2003
"... The Sematic Web is vitally dependant on a formal meaning for the constructs of its languages. For Semantic Web languages to work well together their formal meanings must employ a common view (or thesis) of representation, otherwise it will not be possible to reconcile documents written in different ..."
Abstract

Cited by 26 (1 self)
 Add to MetaCart
The Sematic Web is vitally dependant on a formal meaning for the constructs of its languages. For Semantic Web languages to work well together their formal meanings must employ a common view (or thesis) of representation, otherwise it will not be possible to reconcile documents written in different languages. The thesis of representation underlying RDF and RDFS is particularly troublesome in this regard, as it has several unusual aspects, both semantic and syntactic. A morestandard thesis of representation would result in the ability to reuse existing results and tools in the Semantic Web.
Cryptographically Sound Theorem Proving
 In Proc. 19th IEEE CSFW
, 2006
"... We describe a faithful embedding of the DolevYao model of Backes, Pfitzmann, and Waidner (CCS 2003) in the theorem prover Isabelle/HOL. This model is cryptographically sound in the strong sense of reactive simulatability/UC, which essentially entails the preservation of arbitrary security proper ..."
Abstract

Cited by 26 (7 self)
 Add to MetaCart
We describe a faithful embedding of the DolevYao model of Backes, Pfitzmann, and Waidner (CCS 2003) in the theorem prover Isabelle/HOL. This model is cryptographically sound in the strong sense of reactive simulatability/UC, which essentially entails the preservation of arbitrary security properties under active attacks and in arbitrary protocol environments. The main challenge in designing a practical formalization of this model is to cope with the complexity of providing such strong soundness guarantees. We reduce this complexity by abstracting the model into a sound, lightweight formalization that enables both concise property specifications and efficient application of our proof strategies and their supporting proof tools. This yields the first toolsupported framework for symbolically verifying security protocols that enjoys the strong cryptographic soundness guarantees provided by reactive simulatability/UC. As a proof of concept, we have proved the security of the NeedhamSchroederLowe protocol using our framework.
Engineering with Logic: HOL Specification and SymbolicEvaluation Testing for TCP Implementations
 POPL'06
, 2006
"... The TCP/IP protocols and Sockets API underlie much of modern computation, but their semantics have historically been very complex and illdefined. The real standard is the de facto one of the common implementations, including, for example, the 15 000 20 000 lines of C in the BSD implementation. De ..."
Abstract

Cited by 26 (8 self)
 Add to MetaCart
The TCP/IP protocols and Sockets API underlie much of modern computation, but their semantics have historically been very complex and illdefined. The real standard is the de facto one of the common implementations, including, for example, the 15 000 20 000 lines of C in the BSD implementation. Dealing rigorously with the behaviour of such bodies of code is challenging. We have