: The expressive power of higher order logic makes it possible to define a wide variety of data types within the logic and to prove theorems that state the properties of these types concisely and abstractly. This paper describes how such defined data types can be used to support formal reasoning in higher order logic about the behaviour of hardware designs. First printed: May 1988 Reprinted with revisions: April 1990 An earlier version of this paper appears in: The Fusion of Hardware Design and Verification, ed. G.J. Milne (North-Holland, 1988), pp. 27--50. Contents Introduction 5 1 Hardware Verification using Higher Order Logic 5 1.1 Notation : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : 5 1.2 Specifying Hardware Behaviour : : : : : : : : : : : : : : : : : : 6 1.3 Specifying Hardware Structure : : : : : : : : : : : : : : : : : : 7 1.4 Formulating Correctness : : : : : : : : : : : : : : : : : : : : : : 8 2 Recursive Types in Higher Order Logic 8 2.1 Type Definit...

Preface This volume contains a tutorial on the HOL system. It is one of three documents making up the documentation for HOL: (i) TUTORIAL: a tutorial introduction to HOL. (ii) DESCRIPTION: a description of higher order logic, the ML programming language, and theorem proving methods in the HOL system; (iii) REFERENCE: the reference documentation of the tools available in HOL. These three documents will be referred to by the short names (in small slanted capitals) given above. This document, TUTORIAL, is intended to be the first item read by new users of HOL. It provides a self-study introduction to the structure and use of the system. The tutorial is intended to give a `hands-on ' feel for the way HOL is used, but it does not systematically explain all the underlying principles (DESCRIPTION, explains these). After working through TUTORIAL the reader should be capable of using HOL for simple tasks, and should also be in a position to consult the other two documents. Getting started Chapter 1 explains how to get and install HOL. Once this is done, the potential HOL user should become familiar with the following subjects: 1. The programming meta-language ML, and how to interact with it through an editor. 2. The formal logic supported by the HOL system (higher order logic) and its manipulation via ML. 3. Forward proof and derived rules of inference. 4. Goal directed proof, tactics and tacticals. iii iv Preface Chapters 1-3 introduce the first two of these topics. Chapter 4 then develops an extended example (Euclid's proof of the infinitude of primes) to demonstrate how HOL is used to prove theorems. This example is intended to demonstrate HOL's capabilities and to explain some of the issues at a high level. Chapters 5 and 6 then describe forward and goal directed proof in much greater detail. Chapter 7 consists of a worked example: the specification and verification of a simple sequential parity checker. The intention is to accomplish two things: (i) to present a complete piece of work with HOL; and (ii) to give an idea of what it is like to use the HOL system for a tricky proof. Chapter 8 briefly discusses some of the examples distributed with hol98 in the examples directory.

Preface This volume contains a tutorial on the HOL system. It is one of three documents making up the documentation for HOL: (i) TUTORIAL: a tutorial introduction to HOL. (ii) DESCRIPTION: a description of higher order logic, the ML programming language, and theorem proving methods in the HOL system; (iii) REFERENCE: the reference documentation of the tools available in HOL. These three documents will be referred to by the short names (in small slanted capitals) given above. This document, TUTORIAL, is intended to be the first item read by new users of HOL. It provides a self-study introduction to the structure and use of the system. The tutorial is intended to give a `hands-on ' feel for the way HOL is used, but it does not systematically explain all the underlying principles (DESCRIPTION, explains these). After working through TUTORIAL the reader should be capable of using HOL for simple tasks, and should also be in a position to consult the other two documents. Getting started Chapter 1 explains how to get and install HOL. Once this is done, the potential HOL user should become familiar with the following subjects: 1. The programming meta-language ML, and how to interact with it through an editor. 2. The formal logic supported by the HOL system (higher order logic) and its manipulation via ML. 3. Forward proof and derived rules of inference. 4. Goal directed proof, tactics and tacticals. iii iv Preface Chapters 1-3 introduce the first two of these topics. Chapter 4 then develops an extended example (Euclid's proof of the infinitude of primes) to demonstrate how HOL is used to prove theorems. This example is intended to demonstrate HOL's capabilities and to explain some of the issues at a high level. Chapters 5 and 6 then describe forward and goal directed proof in much greater detail. Chapter 7 consists of a worked example: the specification and verification of a simple sequential parity checker. The intention is to accomplish two things: (i) to present a complete piece of work with HOL; and (ii) to give an idea of what it is like to use the HOL system for a tricky proof. Chapter 8 briefly discusses some of the examples distributed with hol98 in the examples directory.

Preface This volume contains a tutorial on the HOL system. It is one of three documents making up the documentation for HOL: (i) TUTORIAL: a tutorial introduction to HOL. (ii) DESCRIPTION: a description of higher order logic, the ML programming language, and theorem proving methods in the HOL system; (iii) REFERENCE: the reference documentation of the tools available in HOL. These three documents will be referred to by the short names (in small slanted capitals) given above. This document, TUTORIAL, is intended to be the first item read by new users of HOL. It provides a self-study introduction to the structure and use of the system. The tutorial is intended to give a `hands-on ' feel for the way HOL is used, but it does not systematically explain all the underlying principles (DESCRIPTION, explains these). After working through TUTORIAL the reader should be capable of using HOL for simple tasks, and should also be in a position to consult the other two documents. Getting started Chapter 1 explains how to get and install HOL. Once this is done, the potential HOL user should become familiar with the following subjects: 1. The programming meta-language ML, and how to interact with it through an editor. 2. The formal logic supported by the HOL system (higher order logic) and its manipulation via ML. 3. Forward proof and derived rules of inference. 4. Goal directed proof, tactics and tacticals. iii iv Preface Chapters 1-3 introduce the first two of these topics. Chapter 4 then develops an extended example (Euclid's proof of the infinitude of primes) to demonstrate how HOL is used to prove theorems. This example is intended to demonstrate HOL's capabilities and to explain some of the issues at a high level. Chapters 5 and 6 then describe forward and goal directed proof in much greater detail. Chapter 7 consists of a worked example: the specification and verification of a simple sequential parity checker. The intention is to accomplish two things: (i) to present a complete piece of work with HOL; and (ii) to give an idea of what it is like to use the HOL system for a tricky proof. Chapter 8 briefly discusses some of the examples distributed with hol98 in the examples directory.

Preface This volume contains a tutorial on the HOL system. It is one of three documents making up the documentation for HOL: (i) TUTORIAL: a tutorial introduction to HOL. (ii) DESCRIPTION: a description of higher order logic, the ML programming language, and theorem proving methods in the HOL system; (iii) REFERENCE: the reference documentation of the tools available in HOL. These three documents will be referred to by the short names (in small slanted capitals) given above. This document, TUTORIAL, is intended to be the first item read by new users of HOL. It provides a self-study introduction to the structure and use of the system. The tutorial is intended to give a `hands-on ' feel for the way HOL is used, but it does not systematically explain all the underlying principles (DESCRIPTION, explains these). After working through TUTORIAL the reader should be capable of using HOL for simple tasks, and should also be in a position to consult the other two documents. Getting started Chapter 1 explains how to get and install HOL. Once this is done, the potential HOL user should become familiar with the following subjects: 1. The programming meta-language ML, and how to interact with it through an editor. 2. The formal logic supported by the HOL system (higher order logic) and its manipulation via ML. 3. Forward proof and derived rules of inference. 4. Goal directed proof, tactics and tacticals. iii iv Preface Chapters 1-3 introduce the first two of these topics. Chapter 4 then develops an extended example (Euclid's proof of the infinitude of primes) to demonstrate how HOL is used to prove theorems. This example is intended to demonstrate HOL's capabilities and to explain some of the issues at a high level. Chapters 5 and 6 then describe forward and goal directed proof in much greater detail. Chapter 7 consists of a worked example: the specification and verification of a simple sequential parity checker. The intention is to accomplish two things: (i) to present a complete piece of work with HOL; and (ii) to give an idea of what it is like to use the HOL system for a tricky proof. Chapter 8 briefly discusses some of the examples distributed with hol98 in the examples directory.

Preface This volume contains a tutorial on the HOL system. It is one of three documents making up the documentation for HOL: (i) TUTORIAL: a tutorial introduction to HOL. (ii) DESCRIPTION: a description of higher order logic, the ML programming language, and theorem proving methods in the HOL system; (iii) REFERENCE: the reference documentation of the tools available in HOL. These three documents will be referred to by the short names (in small slanted capitals) given above. This document, TUTORIAL, is intended to be the first item read by new users of HOL. It provides a self-study introduction to the structure and use of the system. The tutorial is intended to give a `hands-on ' feel for the way HOL is used, but it does not systematically explain all the underlying principles (DESCRIPTION, explains these). After working through TUTORIAL the reader should be capable of using HOL for simple tasks, and should also be in a position to consult the other two documents. Getting started Chapter 1 explains how to get and install HOL. Once this is done, the potential HOL user should become familiar with the following subjects: 1. The programming meta-language ML, and how to interact with it through an editor. 2. The formal logic supported by the HOL system (higher order logic) and its manipulation via ML. 3. Forward proof and derived rules of inference. 4. Goal directed proof, tactics and tacticals. Chapters 1-3 introduce the first two of these topics. Chapter 4 then develops an extended example (Euclid's proof of the infinitude of primes) to demonstrate how HOL is iii iv Preface used to prove theorems. This example is intended to demonstrate HOL's capabilities and to explain some of the issues at a high level. Chapters 5 and 6 then describe forward and goal directed proof in much greater detail. Chapter 7 consists of a worked example: the specification and verification of a simple sequential parity checker. The intention is to accomplish two things: (i) to present a complete piece of work with HOL; and (ii) to give an idea of what it is like to use the HOL system for a tricky proof. Chapter 8 briefly discusses some of the examples distributed with hol98 in the examples directory.

Preface This volume contains a tutorial on the HOL system. It is one of three documents making up the documentation for HOL: (i) TUTORIAL: a tutorial introduction to HOL. (ii) DESCRIPTION: a description of higher order logic, the ML programming language, and theorem proving methods in the HOL system; (iii) REFERENCE: the reference documentation of the tools available in HOL. These three documents will be referred to by the short names (in small slanted capitals) given above. This document, TUTORIAL, is intended to be the first item read by new users of HOL. It provides a self-study introduction to the structure and use of the system. The tutorial is intended to give a `hands-on ' feel for the way HOL is used, but it does not systematically explain all the underlying principles (DESCRIPTION, explains these). After working through TUTORIAL the reader should be capable of using HOL for simple tasks, and should also be in a position to consult the other two documents. Getting started Chapter 1 explains how to get and install HOL. Once this is done, the potential HOL user should become familiar with the following subjects: 1. The programming meta-language ML, and how to interact with it through an editor. 2. The formal logic supported by the HOL system (higher order logic) and its manipulation via ML. 3. Forward proof and derived rules of inference. 4. Goal directed proof, tactics and tacticals. iii iv Preface Chapters 1-3 introduce the first two of these topics. Chapter 4 then develops an extended example (Euclid's proof of the infinitude of primes) to demonstrate how HOL is used to prove theorems. This example is intended to demonstrate HOL's capabilities and to explain some of the issues at a high level. Chapters 5 and 6 then describe forward and goal directed proof in much greater detail. Chapter 7 consists of a worked example: the specification and verification of a simple sequential parity checker. The intention is to accomplish two things: (i) to present a complete piece of work with HOL; and (ii) to give an idea of what it is like to use the HOL system for a tricky proof. Chapter 8 briefly discusses some of the examples distributed with hol98 in the examples directory.

Abstract not found