Results 1  10
of
40
The Theory of LEGO  A Proof Checker for the Extended Calculus of Constructions
, 1994
"... LEGO is a computer program for interactive typechecking in the Extended Calculus of Constructions and two of its subsystems. LEGO also supports the extension of these three systems with inductive types. These type systems can be viewed as logics, and as meta languages for expressing logics, and LEGO ..."
Abstract

Cited by 68 (10 self)
 Add to MetaCart
LEGO is a computer program for interactive typechecking in the Extended Calculus of Constructions and two of its subsystems. LEGO also supports the extension of these three systems with inductive types. These type systems can be viewed as logics, and as meta languages for expressing logics, and LEGO is intended to be used for interactively constructing proofs in mathematical theories presented in these logics. I have developed LEGO over six years, starting from an implementation of the Calculus of Constructions by G erard Huet. LEGO has been used for problems at the limits of our abilities to do formal mathematics. In this thesis I explain some aspects of the metatheory of LEGO's type systems leading to a machinechecked proof that typechecking is decidable for all three type theories supported by LEGO, and to a verified algorithm for deciding their typing judgements, assuming only that they are normalizing. In order to do this, the theory of Pure Type Systems (PTS) is extended and f...
Set theory for verification: I. From foundations to functions
 J. Auto. Reas
, 1993
"... A logic for specification and verification is derived from the axioms of ZermeloFraenkel set theory. The proofs are performed using the proof assistant Isabelle. Isabelle is generic, supporting several different logics. Isabelle has the flexibility to adapt to variants of set theory. Its higherord ..."
Abstract

Cited by 46 (18 self)
 Add to MetaCart
A logic for specification and verification is derived from the axioms of ZermeloFraenkel set theory. The proofs are performed using the proof assistant Isabelle. Isabelle is generic, supporting several different logics. Isabelle has the flexibility to adapt to variants of set theory. Its higherorder syntax supports the definition of new binding operators. Unknowns in subgoals can be instantiated incrementally. The paper describes the derivation of rules for descriptions, relations and functions, and discusses interactive proofs of Cantor’s Theorem, the Composition of Homomorphisms challenge [9], and Ramsey’s Theorem [5]. A generic proof assistant can stand up against provers dedicated to particular logics. Key words. Isabelle, set theory, generic theorem proving, Ramsey’s Theorem,
ConSIT: A conditioned program slicer
 In IEEE International Conference on Software Maintenance (ICSM’00
"... Conditioned slicing is a powerful generalisation of static and dynamic slicing which has applications to many problems in software maintenance and evolution, including reuse, reengineering and program comprehension. However; there has been relatively little work on the implementation of conditioned ..."
Abstract

Cited by 38 (20 self)
 Add to MetaCart
Conditioned slicing is a powerful generalisation of static and dynamic slicing which has applications to many problems in software maintenance and evolution, including reuse, reengineering and program comprehension. However; there has been relatively little work on the implementation of conditioned slicing. Algorithms for implementing conditioned slicing necessarily involve reasoning about the values of program predicates in certain sets of states derived from the conditioned slicing criterion, making implementation particularly demanding. This paper introduces ConSIT a conditioned slicing system which is based upon conventional static slicing, symbolic execution and theorem proving. ConSIT is the jirst fully automated implementation of conditioned slicing. An implementation of ConSIT is available for experimentationat
Using I/O Automata for Developing Distributed Systems
 In Gary T. Leavens and Murali Sitaraman, editors, Foundations of ComponentBased Systems
, 2000
"... This paper describes a new experimental programming language, IOA, for modeling and implementing distributed systems, plus designs for a set of tools to support IOA programming. The language and tools are based on the I/O automaton model for reactive systems, which has been used extensively for rese ..."
Abstract

Cited by 36 (6 self)
 Add to MetaCart
This paper describes a new experimental programming language, IOA, for modeling and implementing distributed systems, plus designs for a set of tools to support IOA programming. The language and tools are based on the I/O automaton model for reactive systems, which has been used extensively for research on distributed algorithms. The language supports structured modeling of distributed systems using sharedaction composition and levels of abstraction. The tools are intended to support system design, several kinds of analysis, and generation of efficient runnable code.
The IOA Language and Toolset: Support for Designing, Analyzing, and Building Distributed Systems
, 1998
"... This report describes a new language for distributed programming, the IOA language, together with a highlevel design and preliminary implementation for a suite of tools, the IOA toolset, to support the production of highquality distributed software. The language and tools are based on the I/O a ..."
Abstract

Cited by 28 (9 self)
 Add to MetaCart
This report describes a new language for distributed programming, the IOA language, together with a highlevel design and preliminary implementation for a suite of tools, the IOA toolset, to support the production of highquality distributed software. The language and tools are based on the I/O automaton model, which has been used to describe and verify distributed algorithms. The toolset supports a development process that begins with a highlevel specification, refines that specification via successively more detailed designs, and ends by automatically generating distributed programs. The toolset encourages system decomposition, which helps make distributed programs understandable and easy to modify. It also provides a variety of validation methods (theorem proving, model checking, and simulation), which can be used to ensure that the generated programs are correct, subject to assumptions about externallyprovided system services (e.g., communication services), and about the correctness of handcoded data type implementations.
IO Automaton Models and Proofs for SharedKey Communication Systems
 12th Computer Security Foundations Workshop (CSFW), IEEE
, 1999
"... The combination of two security protocols, a simple sharedkey communication protocol and the Di#eHellman key distribution protocol, is modeled formally and proved correct. The modeling is based on the I#O automaton model for distributed algorithms, and the proofs are based on invariant assertio ..."
Abstract

Cited by 24 (1 self)
 Add to MetaCart
The combination of two security protocols, a simple sharedkey communication protocol and the Di#eHellman key distribution protocol, is modeled formally and proved correct. The modeling is based on the I#O automaton model for distributed algorithms, and the proofs are based on invariant assertions, simulation relations, and compositional reasoning. Arguments about the cryptosystems are handled separately from arguments about the protocols.
Un Calcul De Constructions Infinies Et Son Application A La Verification De Systemes Communicants
, 1996
"... m networks and the recent works of Thierry Coquand in type theory have been the most important sources of motivation for the ideas presented here. I wish to specially thank Roberto Amadio, who read the manuscript in a very short delay, providing many helpful comments and remarks. Many thanks also to ..."
Abstract

Cited by 16 (0 self)
 Add to MetaCart
m networks and the recent works of Thierry Coquand in type theory have been the most important sources of motivation for the ideas presented here. I wish to specially thank Roberto Amadio, who read the manuscript in a very short delay, providing many helpful comments and remarks. Many thanks also to Luc Boug'e, who accepted to be my oficial supervisor, and to the chair of the jury, Michel Cosnard, who opened to me the doors of the LIP. During these last three years in Lyon I met many wonderful people, who then become wonderful friends. Miguel, Nuria, Veronique, Patricia, Philippe, Pia, Rodrigo, Salvador, Sophie : : : with you I have shared the happiness and sadness of everyday life, those little things which make us to remember someone forever. I also would like to thank the people from "Tango de Soie", for all those funny nights at the Caf'e Moulin Joly. Thanks too to the Uruguayan research community in Computer Science (specially to Cristina Cornes and Alberto Pardo) w
Structured theory presentations and logic representations
 ANNALS OF PURE AND APPLIED LOGIC
, 1994
"... The purpose of a logical framework such as LF is to provide a language for defining logical systems suitable for use in a logicindependent proof development environment. All inferential activity in an object logic (in particular, proof search) is to be conducted in the logical framework via the ..."
Abstract

Cited by 14 (2 self)
 Add to MetaCart
The purpose of a logical framework such as LF is to provide a language for defining logical systems suitable for use in a logicindependent proof development environment. All inferential activity in an object logic (in particular, proof search) is to be conducted in the logical framework via the representation of that logic in the framework. An important tool for controlling search in an object logic, the need for which is motivated by the difficulty of reasoning about large and complex systems, is the use of structured theory presentations. In this paper a rudimentary language of structured theory presentations is presented, and the use of this structure in proof search for an arbitrary object logic is explored. The behaviour of structured theory presentations under representation in a logical framework is studied, focusing on the problem of "lifting" presentations from the object logic to the metalogic of the framework. The topic of imposing structure on logic presentations...
CoInductive Types in Coq: An Experiment with the Alternating Bit Protocol
, 1995
"... We describe an experience concerning the implementation and use of coinductive types in the proof editor Coq. Coinductive types are recursive types which, opposite to inductive ones, may be inhabited by infinite objects. In order to illustrate their use in Coq, we describe an axiomatisation of ..."
Abstract

Cited by 12 (1 self)
 Add to MetaCart
We describe an experience concerning the implementation and use of coinductive types in the proof editor Coq. Coinductive types are recursive types which, opposite to inductive ones, may be inhabited by infinite objects. In order to illustrate their use in Coq, we describe an axiomatisation of a calculus of broadcasting systems where recursive processes are represented using infinite objects. This calculus is used for developing a verification proof of the alternating bit protocol. Keywords: Program Verification, Type Theory, CoInductive Types, Communicating Processes R'esum'e Dans cet article nous d'ecrivons une exp'erience concernant l'implantation et l'utilisation de types coinductifs dans l'environnement de preuves Coq. Les types coinductifs sont des types recursifs qui, `a la diff'erence des types inductifs, peuvent etre habit'es par des objets infinis. Pour illustrer leur utilisation dans Coq nous d'ecrivons comment axiomatiser un calcul de processus qui communiq...