Results 1  10
of
15
Real Theorem Provers Deserve Real UserInterfaces
, 1992
"... This paper explains how to add a modern user interface to existing theorem provers, using principles and tools designed for programming environments. ..."
Abstract

Cited by 55 (5 self)
 Add to MetaCart
This paper explains how to add a modern user interface to existing theorem provers, using principles and tools designed for programming environments.
Set theory for verification: I. From foundations to functions
 J. Auto. Reas
, 1993
"... A logic for specification and verification is derived from the axioms of ZermeloFraenkel set theory. The proofs are performed using the proof assistant Isabelle. Isabelle is generic, supporting several different logics. Isabelle has the flexibility to adapt to variants of set theory. Its higherord ..."
Abstract

Cited by 44 (16 self)
 Add to MetaCart
A logic for specification and verification is derived from the axioms of ZermeloFraenkel set theory. The proofs are performed using the proof assistant Isabelle. Isabelle is generic, supporting several different logics. Isabelle has the flexibility to adapt to variants of set theory. Its higherorder syntax supports the definition of new binding operators. Unknowns in subgoals can be instantiated incrementally. The paper describes the derivation of rules for descriptions, relations and functions, and discusses interactive proofs of Cantor’s Theorem, the Composition of Homomorphisms challenge [9], and Ramsey’s Theorem [5]. A generic proof assistant can stand up against provers dedicated to particular logics. Key words. Isabelle, set theory, generic theorem proving, Ramsey’s Theorem,
A rational deconstruction of Landin’s SECD machine
 Implementation and Application of Functional Languages, 16th International Workshop, IFL’04, number 3474 in Lecture Notes in Computer Science
, 2004
"... Abstract. Landin’s SECD machine was the first abstract machine for applicative expressions, i.e., functional programs. Landin’s J operator was the first control operator for functional languages, and was specified by an extension of the SECD machine. We present a family of evaluation functions corre ..."
Abstract

Cited by 27 (19 self)
 Add to MetaCart
Abstract. Landin’s SECD machine was the first abstract machine for applicative expressions, i.e., functional programs. Landin’s J operator was the first control operator for functional languages, and was specified by an extension of the SECD machine. We present a family of evaluation functions corresponding to this extension of the SECD machine, using a series of elementary transformations (transformation into continuationpassing style (CPS) and defunctionalization, chiefly) and their left inverses (transformation into direct style and refunctionalization). To this end, we modernize the SECD machine into a bisimilar one that operates in lockstep with the original one but that (1) does not use a data stack and (2) uses the callersave rather than the calleesave convention for environments. We also identify that the dump component of the SECD machine is managed in a calleesave way. The callersave counterpart of the modernized SECD machine precisely corresponds to Thielecke’s doublebarrelled continuations and to Felleisen’s encoding of J in terms of call/cc. We then variously characterize the J operator in terms of CPS and in terms of delimitedcontrol operators in the CPS hierarchy. As a byproduct, we also present several reduction semantics for applicative expressions
Practical Verification And Synthesis Of Low Latency Asynchronous Systems
, 1994
"... A new theory and methodology for the practical verification and synthesis of asynchronous systems is developed to aid in the rapid and correct implementation of complex control structures. Specifications are based on a simple process algebra called CCS that is concise and easy to understand and use. ..."
Abstract

Cited by 26 (12 self)
 Add to MetaCart
A new theory and methodology for the practical verification and synthesis of asynchronous systems is developed to aid in the rapid and correct implementation of complex control structures. Specifications are based on a simple process algebra called CCS that is concise and easy to understand and use. A software prototype CAD tool called Analyze was written as part of this dissertation to allow the principles of this work to be tested and applied. Attention to complexity, efficient algorithms, and compositional methods has resulted in a tool that can be several orders of magnitude faster than currently available tools for comparable applications. A new theory for loose specifications based on partial orders is developed for both trace and bisimulation semantics. Formal verification uses these partial orders as the foundation of conformance between a specification and its refinement. The definitions support freedom of design choices by identifying the necessary behaviors, the illegal beh...
A Practical Methodology for the Formal Verification of RISC Processors
, 1995
"... In this paper a practical methodology for formally verifying RISC cores is presented. This methodology is based on a hierarchical model of interpreters which reflects the abstraction levels used by a designer in the implementation of RISC cores, namely the architecture level, the pipeline stage leve ..."
Abstract

Cited by 9 (0 self)
 Add to MetaCart
In this paper a practical methodology for formally verifying RISC cores is presented. This methodology is based on a hierarchical model of interpreters which reflects the abstraction levels used by a designer in the implementation of RISC cores, namely the architecture level, the pipeline stage level, the clock phase level and the hardware implementation. The use of this model allows us to successively prove the correctness between two neighbouring levels of abstractions, so that the verification process is simplified. The parallelism in the execution of the instructions, resulting from the pipelined architecture of RISCs is handled by splitting the proof into two independent steps. The first step shows that each architectural instruction is implemented correctly by the sequential execution of its pipeline stages. The second step shows that the instructions are correctly processed by the pipeline in that we prove that under certain constraints from the actual architecture, no conflic...
HOL Light Tutorial (for version 2.20
, 2006
"... The HOL Light theorem prover can be difficult to get started with. While the manual is fairly detailed and comprehensive, the large amount of background information that has to be absorbed before the user can do anything interesting is intimidating. Here we give an alternative ‘quick start ’ guide, ..."
Abstract

Cited by 9 (0 self)
 Add to MetaCart
The HOL Light theorem prover can be difficult to get started with. While the manual is fairly detailed and comprehensive, the large amount of background information that has to be absorbed before the user can do anything interesting is intimidating. Here we give an alternative ‘quick start ’ guide, aimed at teaching basic use of the system quickly by means of a graded set of examples. Some readers may find it easier to absorb; those who do not are referred after all to the standard manual. “Shouldn’t we read the instructions?”
A Proof Development System for the HOL Theorem Prover
, 1993
"... . In this paper, we present a system to improve the interaction between HOL and the user when doing proofs. 1 Introduction Learning how to use any theorem prover requires a rather important investment. The user has not only to assimilate the specificities of the prover in terms of the logic and the ..."
Abstract

Cited by 7 (0 self)
 Add to MetaCart
. In this paper, we present a system to improve the interaction between HOL and the user when doing proofs. 1 Introduction Learning how to use any theorem prover requires a rather important investment. The user has not only to assimilate the specificities of the prover in terms of the logic and the definition mechanisms but also to digest a command language with its own syntax and nomenclatures. In that respect, HOL is not an exception. On the contrary, the constant addition of new theories and new tools makes it even harder to handle. Our aim in building a proof development system is to simplify the use of HOL by providing a userfriendly environment for doing proofs. From generic ideas about interface of theorem provers given in [10], some specific tools have been implemented for HOL. In this paper, we present these different tools starting from the theory level, through the proof level and finally to the tactic level. 2 Theories HOL has the notion of theory to structure and organ...
Tagged up/down sorter  A hardware priority queue
 The Computer Journal
, 1995
"... We present a hardware oriented priority queue algorithm requiring n 2 comparators and swappers to maintain an n item queue. It supports two operations, insert and extract minimum (or alternatively, extract maximum), both of which operate in a single cycle. Thus, sorting time is O(n). Records w ..."
Abstract

Cited by 4 (0 self)
 Add to MetaCart
We present a hardware oriented priority queue algorithm requiring n 2 comparators and swappers to maintain an n item queue. It supports two operations, insert and extract minimum (or alternatively, extract maximum), both of which operate in a single cycle. Thus, sorting time is O(n). Records with identical keys are always extracted in FIFO order of insertion. A formal proof of correctness of these sorting and FIFO characteristics is presented. 1 Introduction A priority queue is an essential component in many software systems. This paper was motivated by the apparent lack of a priority queue algorithm that could be efficiently implemented in hardware. Such a device could be used in a wide range of applications from rapid scheduling (e.g. for multithreaded processors [Moo94] or ATM network routers [The93]) to event timers which can efficiently handle multiple events. The next section presents a statement of objectives. Section 3 reviews background material starting with a hardware...
GATE – a general architecture for text engineering
 In Proceedings of the 16th Conference on Computational Linguistics (COLING96). http://citeseer.nj.nec.com/43097.html
, 2004
"... The hol4 proof system has been used to formally verify the correctness of the ARM6 microarchitecture. This paper describes the specification and verification of one instructions class, block data transfers; these are a form of loadstore instruction in which a set of up to sixteen registers can be ..."
Abstract

Cited by 2 (1 self)
 Add to MetaCart
The hol4 proof system has been used to formally verify the correctness of the ARM6 microarchitecture. This paper describes the specification and verification of one instructions class, block data transfers; these are a form of loadstore instruction in which a set of up to sixteen registers can be transferred atomically. The ARM6 is a commercial RISC microprocessor that has been used extensively in embedded systems – it has a 3stage pipeline with a multicycled execute stage. A list based programmer’s model specification of the block data transfers is compared with the ARM6’s implementation which uses a 16bit mask. The models are far removed and reasonably complex, and this poses a verification challenge. This paper describes the approach and some key lemmas used in verifying correctness, which is defined using data and temporal abstraction maps. 1