Results 31  40
of
77
A HOL specification of the ARM instruction set architecture
, 2001
"... This report gives details of a hol specification of the arm instruction set architecture. It is shown that the hol proof tool provides a suitable environment in which to model the architecture. The specification is used to execute fragments of arm code generated by an assembler. The specification is ..."
Abstract

Cited by 9 (0 self)
 Add to MetaCart
This report gives details of a hol specification of the arm instruction set architecture. It is shown that the hol proof tool provides a suitable environment in which to model the architecture. The specification is used to execute fragments of arm code generated by an assembler. The specification is based primarily around the third version of the arm architecture, and the intent is to provide a target semantics for future microprocessor verifications. Contents 1
HOL Light Tutorial (for version 2.20
, 2006
"... The HOL Light theorem prover can be difficult to get started with. While the manual is fairly detailed and comprehensive, the large amount of background information that has to be absorbed before the user can do anything interesting is intimidating. Here we give an alternative ‘quick start ’ guide, ..."
Abstract

Cited by 9 (0 self)
 Add to MetaCart
The HOL Light theorem prover can be difficult to get started with. While the manual is fairly detailed and comprehensive, the large amount of background information that has to be absorbed before the user can do anything interesting is intimidating. Here we give an alternative ‘quick start ’ guide, aimed at teaching basic use of the system quickly by means of a graded set of examples. Some readers may find it easier to absorb; those who do not are referred after all to the standard manual. “Shouldn’t we read the instructions?”
Formal verification of square root algorithms
 Formal Methods in Systems Design
, 2003
"... Abstract. We discuss the formal verification of some lowlevel mathematical software for the Intel ® Itanium ® architecture. A number of important algorithms have been proven correct using the HOL Light theorem prover. After briefly surveying some of our formal verification work, we discuss in more ..."
Abstract

Cited by 9 (1 self)
 Add to MetaCart
Abstract. We discuss the formal verification of some lowlevel mathematical software for the Intel ® Itanium ® architecture. A number of important algorithms have been proven correct using the HOL Light theorem prover. After briefly surveying some of our formal verification work, we discuss in more detail the verification of a square root algorithm, which helps to illustrate why some features of HOL Light, in particular programmability, make it especially suitable for these applications. 1. Overview The Intel ® Itanium ® architecture is a new 64bit architecture jointly developed by Intel and HewlettPackard, implemented in the Itanium® processor family (IPF). Among the software supplied by Intel to support IPF processors are some optimized mathematical functions to supplement or replace less efficient generic libraries. Naturally, the correctness of the algorithms used in such software is always a major concern. This is particularly so for division, square root and certain transcendental function kernels, which are intimately tied to the basic architecture. First, in IA32 compatibility mode, these algorithms are used by hardware instructions like fptan and fdiv. And while in “native ” mode, division and square root are implemented in software, typical users are likely to see them as part of the basic architecture. The formal verification of some of the division algorithms is described by Harrison (2000b), and a representative verification of a transcendental function by Harrison (2000a). In this paper we complete the picture by considering a square root algorithm. Division, transcendental functions and square roots all have quite distinctive features and their formal verifications differ widely from each other. The present proofs have a number of interesting features, and show how important some theorem prover features — in particular programmability — are. The formal verifications are conducted using the freely available 1 HOL Light prover (Harrison, 1996). HOL Light is a version of HOL (Gordon and Melham, 1993), itself a descendent of Edinburgh LCF
Refinement Concepts Formalized in Higher Order Logic
 Formal Aspects of Computing
, 1989
"... A theory of commands with weakest precondition semantics is formalized using the HOL proof assistant system. The concept of refinement between commands is formalized, a number of refinement rules are proved and it is shown how the formalization can be used for proving refinements of actual program t ..."
Abstract

Cited by 8 (2 self)
 Add to MetaCart
A theory of commands with weakest precondition semantics is formalized using the HOL proof assistant system. The concept of refinement between commands is formalized, a number of refinement rules are proved and it is shown how the formalization can be used for proving refinements of actual program texts correct. 1 Introduction The refinement calculus is a theory of program transformations that preserve the total correctness of programs. It was first described in [Ba78, Ba80] and has been further elaborated in [Ba88a, Ba88b, MoRoGa88, Morr87]. It is based on the weakest precondition technique of [Di76]. The refinement calculus has been used as a tool for stepwise refinement of sequential algorithms, and recently also for the derivation of parallel algorithms from sequential algorithms [BaSe89, Wr89]. The HOL system (Higher Order Logic) is a theorem proving assistant, which can be used to formalize theories and verify proofs of theorems within these theories. It is based on the LCF syst...
A Mechanized Theory of the picalculus in HOL
, 1992
"... : The ßcalculus is a process algebra for modelling concurrent systems in which the pattern of communication between processes may change over time. This paper describes the results of preliminary work on a definitional formal theory of the ßcalculus in higher order logic using the HOL theorem prov ..."
Abstract

Cited by 8 (0 self)
 Add to MetaCart
: The ßcalculus is a process algebra for modelling concurrent systems in which the pattern of communication between processes may change over time. This paper describes the results of preliminary work on a definitional formal theory of the ßcalculus in higher order logic using the HOL theorem prover. The ultimate goal of this work is to provide practical mechanized support for reasoning with the ßcalculus about applications. Introduction The ßcalculus [17, 18] is a process algebra proposed by Milner, Parrow and Walker for modelling concurrent systems in which the pattern of interconnection between processes may change over time. This paper describes work on a mechanized formal theory of the ßcalculus in higher order logic using the HOL theorem prover [8]. The main aim of this work is to construct a practical and sound theoremproving tool to support reasoning about applications using the ßcalculus, as well as metatheoretic reasoning about the ßcalculus itself. Four general prin...
A Formal Approach to Component Adaptation and Composition
, 2005
"... Component based software engineering (CBSE), can in principle lead to savings in the time and cost of software development, by encouraging software reuse. However the reality is that CBSE has not been widely adopted. From a technical perspective, the reason is largely due to the di#culty of locating ..."
Abstract

Cited by 7 (0 self)
 Add to MetaCart
Component based software engineering (CBSE), can in principle lead to savings in the time and cost of software development, by encouraging software reuse. However the reality is that CBSE has not been widely adopted. From a technical perspective, the reason is largely due to the di#culty of locating suitable components in the library and adapting these components to meet the specific needs of the user.
Proof synthesis and reflection for linear arithmetic. Submitted
, 2006
"... This article presents detailed implementations of quantifier elimination for both integer and real linear arithmetic for theorem provers. The underlying algorithms are those by Cooper (for Z) and by Ferrante and Rackoff (for R). Both algorithms are realized in two entirely different ways: once in ta ..."
Abstract

Cited by 6 (5 self)
 Add to MetaCart
This article presents detailed implementations of quantifier elimination for both integer and real linear arithmetic for theorem provers. The underlying algorithms are those by Cooper (for Z) and by Ferrante and Rackoff (for R). Both algorithms are realized in two entirely different ways: once in tactic style, i.e. by a proofproducing functional program, and once by reflection, i.e. by computations inside the logic rather than in the metalanguage. Both formalizations are highly generic because they make only minimal assumptions w.r.t. the underlying logical system and theorem prover. An implementation in Isabelle/HOL shows that the reflective approach is between one and two orders of magnitude faster. 1
The HOL Light manual (1.1)
, 2000
"... ion is in a precise sense a converse operation to application. Given 49 50 CHAPTER 5. PRIMITIVE BASIS OF HOL LIGHT a variable x and a term t, which may or may not contain x, one can construct the socalled lambdaabstraction x: t, which means `the function of x that yields t'. (In HOL's ASCII concr ..."
Abstract

Cited by 6 (0 self)
 Add to MetaCart
ion is in a precise sense a converse operation to application. Given 49 50 CHAPTER 5. PRIMITIVE BASIS OF HOL LIGHT a variable x and a term t, which may or may not contain x, one can construct the socalled lambdaabstraction x: t, which means `the function of x that yields t'. (In HOL's ASCII concrete syntax the backslash is used, e.g. \x. t.) For example, x: x + 1 is the function that adds one to its argument. Abstractions are not often seen in informal mathematics, but they have at least two merits. First, they allow one to write anonymous functionvalued expressions without naming them (occasionally one sees x 7! t[x] used for this purpose), and since our logic is avowedly higher order, it's desirable to place functions on an equal footing with rstorder objects in this way. Secondly, they make variable dependencies and binding explicit; by contrast in informal mathematics one often writes f(x) in situations where one really means x: f(x). We should give some idea of how ordina...
Admissibility of Fixpoint Induction over Partial Types
 Automated deduction  CADE15. Lect. Notes in Comp. Sci
, 1998
"... Partial types allow the reasoning about partial functions in type theory. The partial functions of main interest are recursively computed functions, which are commonly assigned types using fixpoint induction. However, fixpoint induction is valid only on admissible types. Previous work has shown many ..."
Abstract

Cited by 6 (2 self)
 Add to MetaCart
Partial types allow the reasoning about partial functions in type theory. The partial functions of main interest are recursively computed functions, which are commonly assigned types using fixpoint induction. However, fixpoint induction is valid only on admissible types. Previous work has shown many types to be admissible, but has not shown any dependent products to be admissible. Disallowing recursion on dependent product types substantially reduces the expressiveness of the logic; for example, it prevents much reasoning about modules, objects and algebras. In this paper I present two new tools, predicateadmissibility and monotonicity, for showing types to be admissible. These tools show a wide class of types to be admissible; in particular, they show many dependent products to be admissible. This alleviates difficulties in applying partial types to theorem proving in practice. I also present a general least upper bound theorem for fixed points with regard to a computational approxim...
Induction Proofs with Partial Functions
 Journal of Automated Reasoning
, 1998
"... In this paper we present a method for automated induction proofs about partial functions. We show that most wellknown techniques developed for (explicit) induction theorem proving are unsound when dealing with partial functions. But surprisingly, by slightly restricting the application of these te ..."
Abstract

Cited by 5 (4 self)
 Add to MetaCart
In this paper we present a method for automated induction proofs about partial functions. We show that most wellknown techniques developed for (explicit) induction theorem proving are unsound when dealing with partial functions. But surprisingly, by slightly restricting the application of these techniques, it is possible to develop a calculus for automated induction proofs with partial functions. In particular, under certain conditions one may even generate induction schemes from the recursions of nonterminating algorithms. The need for such induction schemes and the power of our calculus have been demonstrated on a large collection of nontrivial theorems (including Knuth and Bendix' critical pair lemma). In this way, existing induction theorem provers can be directly extended to partial functions without major changes of their logical framework.