Results 1  10
of
11
A formally verified compiler backend
, 2008
"... This article describes the development and formal verification (proof of semantic preservation) of a compiler backend from Cminor (a simple imperative intermediate language) to PowerPC assembly code, using the Coq proof assistant both for programming the compiler and for proving its correctness. Su ..."
Abstract

Cited by 58 (10 self)
 Add to MetaCart
This article describes the development and formal verification (proof of semantic preservation) of a compiler backend from Cminor (a simple imperative intermediate language) to PowerPC assembly code, using the Coq proof assistant both for programming the compiler and for proving its correctness. Such a verified compiler is useful in the context of formal methods applied to the certification of critical software: the verification of the compiler guarantees that the safety properties proved on the source code hold for the executable compiled code as well. Categories and Subject Descriptors: F.3.1 [Logics and meanings of programs]: Specifying and verifying and reasoning about programs—Mechanical verification; D.2.4 [Software engineering]: Software/program verification—Correctness proofs, formal methods, reliability; D.3.4 [Programming languages]: Processors—Compilers, optimization
Formal Verification of Translation Validators  A Case Study on Instruction Scheduling Optimizations
, 2008
"... Translation validation consists of transforming a program and a posteriori validating it in order to detect a modification of its semantics. This approach can be used in a verified compiler, provided that validation is formally proved to be correct. We present two such validators and their Coq proof ..."
Abstract

Cited by 24 (4 self)
 Add to MetaCart
Translation validation consists of transforming a program and a posteriori validating it in order to detect a modification of its semantics. This approach can be used in a verified compiler, provided that validation is formally proved to be correct. We present two such validators and their Coq proofs of correctness. The validators are designed for two instruction scheduling optimizations: list scheduling and trace scheduling.
Finding lexicographic orders for termination proofs in Isabelle/HOL
 Theorem Proving in Higher Order Logics: TPHOLs 2007, volume 4732 of Lecture Notes in Computer Science
, 2007
"... Abstract. We present a simple method to formally prove termination of recursive functions by searching for lexicographic combinations of size measures. Despite its simplicity, the method turns out to be powerful enough to solve a large majority of termination problems encountered in daily theorem pr ..."
Abstract

Cited by 15 (5 self)
 Add to MetaCart
Abstract. We present a simple method to formally prove termination of recursive functions by searching for lexicographic combinations of size measures. Despite its simplicity, the method turns out to be powerful enough to solve a large majority of termination problems encountered in daily theorem proving practice. 1
Partial recursive functions in higherorder logic
 Int. Joint Conference on Automated Reasoning (IJCAR 2006), LNCS
, 2006
"... Abstract. Based on inductive definitions, we develop an automated tool for defining partial recursive functions in HigherOrder Logic and providing appropriate reasoning tools for them. Our method expresses termination in a uniform manner and includes a very general form of pattern matching, where p ..."
Abstract

Cited by 12 (2 self)
 Add to MetaCart
Abstract. Based on inductive definitions, we develop an automated tool for defining partial recursive functions in HigherOrder Logic and providing appropriate reasoning tools for them. Our method expresses termination in a uniform manner and includes a very general form of pattern matching, where patterns can be arbitrary expressions. Termination proofs can be deferred, restricted to subsets of arguments and are interchangeable with other proofs about the function. We show that this approach can also facilitate termination arguments for total functions, in particular for nested recursions. We implemented our tool as a definitional specification mechanism for Isabelle/HOL. 1
Recursive definitions of monadic functions
 In Proc. of PAR 2010
, 2010
"... Using standard domaintheoretic fixedpoints, we present an approach for defining recursive functions that are formulated in monadic style. The method works both in the simple option monad and the stateexception monad of Isabelle/HOL’s imperative programming extension, which results in a convenient ..."
Abstract

Cited by 3 (0 self)
 Add to MetaCart
Using standard domaintheoretic fixedpoints, we present an approach for defining recursive functions that are formulated in monadic style. The method works both in the simple option monad and the stateexception monad of Isabelle/HOL’s imperative programming extension, which results in a convenient definition principle for imperative programs, which were previously hard to define. For such monadic functions, the recursion equation can always be derived without preconditions, even if the function is partial. The construction is easy to automate, and convenient induction principles can be derived automatically. 1
Verification of the Redecoration Algorithm for Triangular Matrices
, 2007
"... Abstract. Triangular matrices with a dedicated type for the diagonal elements can be profitably represented by a nested datatype, i. e., a heterogeneous family of inductive datatypes. These families are fully supported since the version 8.1 of the Coq theorem proving environment, released in 2007. R ..."
Abstract

Cited by 2 (1 self)
 Add to MetaCart
Abstract. Triangular matrices with a dedicated type for the diagonal elements can be profitably represented by a nested datatype, i. e., a heterogeneous family of inductive datatypes. These families are fully supported since the version 8.1 of the Coq theorem proving environment, released in 2007. Redecoration of triangular matrices has a succinct implementation in this representation, thus giving the challenge of proving it correct. This has been achieved within Coq, using also induction with measures. An axiomatic approach allowed a verification in the Isabelle theorem prover, giving insights about the differences of both systems. 1
General Terms
"... We propose a new way to reason about general recursive functional programs in the dependently typed programming language Agda, which is based on MartinLöf’s intuitionistic type theory. We show how to embed an external programming logic, Aczel’s Logical Theory of Constructions (LTC) inside Agda. To ..."
Abstract
 Add to MetaCart
We propose a new way to reason about general recursive functional programs in the dependently typed programming language Agda, which is based on MartinLöf’s intuitionistic type theory. We show how to embed an external programming logic, Aczel’s Logical Theory of Constructions (LTC) inside Agda. To this end we postulate the existence of a domain of untyped functional programs and the conversion rules for these programs. Furthermore, we represent the inductive notions in LTC (intuitionistic predicate logic and totality predicates) as inductive notions in Agda. To illustrate our approach we specify an LTCstyle logic for PCF, and show how to prove the termination and correctness of a general recursive algorithm for computing the greatest common divisor of two numbers. Categories and Subject Descriptors F.3.1 [Logics and meanings of programs]: Specifying and Verifying and Reasoning about Programs–Logics of programs; D.2.4 [Software Engineering]:
Contents
, 2008
"... Abstract Based on inductive definitions, we develop a tool that automates the definition of partial recursive functions in higherorder logic (HOL) and provides appropriate proof rules for reasoning about them. Termination is modeled by an inductive domain predicate which follows the structure of th ..."
Abstract
 Add to MetaCart
Abstract Based on inductive definitions, we develop a tool that automates the definition of partial recursive functions in higherorder logic (HOL) and provides appropriate proof rules for reasoning about them. Termination is modeled by an inductive domain predicate which follows the structure of the recursion. Since a partial induction rule is available immediately, partial correctness properties can be proved before termination is established. It turns out that this modularity also facilitates termination arguments for total functions, in particular for nested recursions. Our tool is implemented as a definitional package extending Isabelle/HOL. Various extensions provide convenience to the user: pattern matching, default values, tail recursion,
Under consideration for publication in Math. Struct. in Comp. Science Partiality and Recursion in Interactive Theorem Provers — An Overview
, 2011
"... The use of interactive theorem provers to establish the correctness of critical parts of a software development or for formalising mathematics is becoming more common and feasible in practice. However, most mature theorem provers lack a direct treatment of partial and general recursive functions; ov ..."
Abstract
 Add to MetaCart
The use of interactive theorem provers to establish the correctness of critical parts of a software development or for formalising mathematics is becoming more common and feasible in practice. However, most mature theorem provers lack a direct treatment of partial and general recursive functions; overcoming this weakness has been the objective of intensive research during the last decades. In this article, we review many techniques that have been proposed in the literature to simplify the formalisation of partial and general recursive functions in interactive theorem provers. Moreover, we classify the techniques according to their theoretical basis and their practical use. This uniform presentation of the different techniques facilitates the comparison and highlights their commonalities and differences, as well as their relative advantages and limitations. We focus on theorem provers based on constructive type theory (in particular, Agda and Coq) and higherorder logic (in particular Isabelle/HOL). Other systems and logics are covered to a certain extend, but not exhaustively. In addition to the description of the techniques, we also demonstrate tools which facilitate working with the problematic functions in particular theorem provers. 1.
Under consideration for publication in Math. Struct. in Comp. Science Partiality and Recursion in Interactive Theorem Provers — An Overview
, 2011
"... The use of interactive theorem provers to establish the correctness of critical parts of a software development or for formalising mathematics is becoming more common and feasible in practice. However, most mature theorem provers lack a direct treatment of partial and general recursive functions; ov ..."
Abstract
 Add to MetaCart
The use of interactive theorem provers to establish the correctness of critical parts of a software development or for formalising mathematics is becoming more common and feasible in practice. However, most mature theorem provers lack a direct treatment of partial and general recursive functions; overcoming this weakness has been the objective of intensive research during the last decades. In this article, we review several techniques that have been proposed in the literature to simplify the formalisation of partial and general recursive functions in interactive theorem provers. Moreover, we classify the techniques according to their theoretical basis and their practical use. This uniform presentation of the different techniques facilitates the comparison and highlights their commonalities and differences, as well as their relative advantages and limitations. We focus on theorem provers based on constructive type theory (in particular, Agda and Coq) and higherorder logic (in particular Isabelle/HOL). Other systems and logics are covered to a certain extent, but not exhaustively. In addition to the description of the techniques, we also demonstrate tools which facilitate working with the problematic functions in particular theorem provers. 1.