Results 21  30
of
36
ToolAssisted Specification and Verification of Typed LowLevel Languages
"... Bytecode verification is one of the key security functions of several architectures for mobile and embedded code, including Java, Java Card, and.NET. Over the last few years, its formal correctness has been studied extensively by academia and industry, using general purpose theorem provers. The obje ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
Bytecode verification is one of the key security functions of several architectures for mobile and embedded code, including Java, Java Card, and.NET. Over the last few years, its formal correctness has been studied extensively by academia and industry, using general purpose theorem provers. The objective of our work is to facilitate such endeavors by providing a dedicated environment for establishing the correctness of bytecode verification within a proof assistant. The environment, called Jakarta, exploits a methodology that casts the correctness of bytecode verification relatively to a defensive virtual machine that performs checks at runtime, and an offensive one that does not, and can be summarized as stating that the two machines coincide on programs that pass bytecode verification. Such a methodology has been used successfully to prove the correctness of the Java Card bytecode verifier, and may potentially be applied to many other similar problems. One definite advantage of the methodology is that it is amenable to automation. Indeed, Jakarta automates the construction of an offensive virtual machine and a bytecode verifier from a defensive machine, and the proofs of correctness of the bytecode verifier. We illustrate the principles of Jakarta on a simple lowlevel language extended with subroutines, and discuss its usefulness to proving the correctness of the Java Card platform.
Automated Termination Analysis for Programs with SecondOrder Recursion
"... Abstract. Many algorithms on data structures such as terms (finitely branching trees) are naturally implemented by secondorder recursion: A firstorder procedure f passes itself as an argument to a secondorder procedure like map, every, foldl, foldr, etc. to recursively apply f to the direct subte ..."
Abstract

Cited by 1 (1 self)
 Add to MetaCart
(Show Context)
Abstract. Many algorithms on data structures such as terms (finitely branching trees) are naturally implemented by secondorder recursion: A firstorder procedure f passes itself as an argument to a secondorder procedure like map, every, foldl, foldr, etc. to recursively apply f to the direct subterms of a term. We present a method for automated termination analysis of such procedures. It extends the approach of argumentbounded functions (i) by inspecting type components and (ii) by adding a facility to take care of secondorder recursion. Our method has been implemented and automatically solves the examples considered in the literature. This improves the state of the art of inductive theorem provers, which (without our approach) require user interaction even for termination proofs of simple secondorder recursive procedures. 1
Standalone Tactics using OpenTheory
"... Abstract. Proof tools in interactive theorem provers are usually developed within and tied to a specific system, which leads to a duplication of effort to make the functionality available in different systems. Many verification projects would benefit from access to proof tools developed in other sys ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
(Show Context)
Abstract. Proof tools in interactive theorem provers are usually developed within and tied to a specific system, which leads to a duplication of effort to make the functionality available in different systems. Many verification projects would benefit from access to proof tools developed in other systems. Using OpenTheory as a language for communicating between systems, we show how to turn a proof tool implemented for one system into a standalone tactic available to many systems via the internet. This enables, for example, LCFstyle proof reconstruction efforts to be shared by users of different interactive theorem provers and removes the need for each user to install the external tool being integrated. 1
Shallow Dependency Pairs
"... Abstract. We show how the dependency pair approach, commonly used to modularize termination proofs of rewrite systems, can be adapted to establish termination of recursive functions in a system like Isabelle/HOL or Coq. It turns out that all that is required are two simple lemmas about wellfoundedne ..."
Abstract
 Add to MetaCart
(Show Context)
Abstract. We show how the dependency pair approach, commonly used to modularize termination proofs of rewrite systems, can be adapted to establish termination of recursive functions in a system like Isabelle/HOL or Coq. It turns out that all that is required are two simple lemmas about wellfoundedness. 1
Deductive Translation Validation for a Subset of Higher Order Logic
"... Abstract. We discuss a proofproducing compiler for a subset of higher order logic. The translation validation is automatic, and is based on Hoare rules derived from a compositional semantics for sequences of instructions for an ARMlike machine. Partial and total correctness are dealt with. The mai ..."
Abstract
 Add to MetaCart
(Show Context)
Abstract. We discuss a proofproducing compiler for a subset of higher order logic. The translation validation is automatic, and is based on Hoare rules derived from a compositional semantics for sequences of instructions for an ARMlike machine. Partial and total correctness are dealt with. The main focus is on issues in the intermediate level and backend of the compiler. 1
Author manuscript, published in "Functional and Logic Programming (FLOPS'06) (2006)" Defining and Reasoning About Recursive Functions: A Practical Tool for the Coq Proof Assistant
, 2011
"... Abstract. We present a practical tool for defining and proving properties of recursive functions in the Coq proof assistant. The tool generates from pseudocode the graph of the intended function as an inductive relation. Then it proves that the relation actually represents a function, which is by c ..."
Abstract
 Add to MetaCart
(Show Context)
Abstract. We present a practical tool for defining and proving properties of recursive functions in the Coq proof assistant. The tool generates from pseudocode the graph of the intended function as an inductive relation. Then it proves that the relation actually represents a function, which is by construction the function that we are trying to define. Then, we generate induction and inversion principles, andafixpoint equation for proving other properties of the function. Our tool builds upon stateoftheart techniques for defining recursive functions, and can also be used to generate executable functions from inductive descriptions of their graph. We illustrate the benefits of our tool on two case studies. 1
Inductive Fixpoints in Higher Order Logic
"... We show that an analogue of the domaintheoretic least fixpoint operator can be defined in a purely settheoretic framework. It can be formalized in classical higher order logic, serving as a solid foundation for proving termination of (possibly nested) recursive programs in a variety of mechanized ..."
Abstract
 Add to MetaCart
(Show Context)
We show that an analogue of the domaintheoretic least fixpoint operator can be defined in a purely settheoretic framework. It can be formalized in classical higher order logic, serving as a solid foundation for proving termination of (possibly nested) recursive programs in a variety of mechanized proof systems. 1.
Proving Program Termination in Higher Order Logic
, 2002
"... We suggest two simple additions to packages that use wellfounded recursion to justify termination of recursive programs:  The contraction condition, to be proved in cases when termination conditions are di#cult or impossible to extract automatically;  usersupplied inductive invariants in case ..."
Abstract
 Add to MetaCart
We suggest two simple additions to packages that use wellfounded recursion to justify termination of recursive programs:  The contraction condition, to be proved in cases when termination conditions are di#cult or impossible to extract automatically;  usersupplied inductive invariants in cases of nested recursion.