The refinement calculus for the development of programs from specifications is well suited to mechanised support. We review the requirements for tool support of refinement as gleaned from our experience with a number of existing refinement tools, and report on the design and implementation of a new tool to support refinement based on these requirements. The main features of the new tool are close integration of refinement and proof in a single tool (the same mechanism is used for both), good management of the refinement context, an extensible theory base that allows the tool to be adapted to new application domains, and a flexible user interface.

We describe some of the technology we used to build a user interface for a programmable theorem prover. By separating the user interface from the application itself, it is possible to experiment with new interface features very easily, without compromising the soundness of the proof tool. INTRODUCTION In this paper, we describe some of the technology that allowed us to construct a workable user interface for a programmable theorem prover in a very short time. The theorem prover is Ergo [1, 2], which is a termrewriting theorem prover using a proof paradigm called window inference [3, 4]. Ergo is constructed in a way that allows programmers to easily add new theory management and proof commands, and even new commandline interfaces, without disturbing a trusted theoremproving core. The `outer levels' of our user interface were written in Emacs [5]. We hope that our positive experience with Emacs as an interface building tool will encourage other software engineers to attempt similar proj...

This paper gives an overview of: two levels of formal specification of the real-time behaviour of a commercial RISC chip; an approach to verifying the higher-level specification relative to the lower-level one; and the proof tool and environment used for the proofs. The specifications are written in functional logic, which provides an adaptable modal facility. The proof tool and environment support both rewriting and forward and backwards proof, through a development of the sequent calculus called window inference, and provide for the flexible interaction of manual and automatic modes of proof.