Results 1  10
of
27
Combined satisfiability modulo parametric theories
 Proceedings of the 13th International Conference on Tools and Algorithms for the Construction and Analysis of Systems
, 2007
"... Abstract. We give a fresh theoretical foundation for designing comprehensive SMT solvers, generalizing in a practically motivated direction. We define parametric theories that most appropriately express the “logic ” of common data types. Our main result is a combination theorem for decision proced ..."
Abstract

Cited by 15 (2 self)
 Add to MetaCart
(Show Context)
Abstract. We give a fresh theoretical foundation for designing comprehensive SMT solvers, generalizing in a practically motivated direction. We define parametric theories that most appropriately express the “logic ” of common data types. Our main result is a combination theorem for decision procedures for disjoint theories of this kind. Virtually all of the deeply nested data structures (lists of arays of sets of...) that arise in verification work are covered. 1
A verified runtime for a verified theorem prover
"... rely on the correctness of runtime systems for programming languages like ML, OCaml or Common Lisp. These runtime systems are complex and critical to the integrity of the theorem provers. In this paper, we present a new Lisp runtime which has been formally verified and can run the Milawa theorem pro ..."
Abstract

Cited by 14 (8 self)
 Add to MetaCart
(Show Context)
rely on the correctness of runtime systems for programming languages like ML, OCaml or Common Lisp. These runtime systems are complex and critical to the integrity of the theorem provers. In this paper, we present a new Lisp runtime which has been formally verified and can run the Milawa theorem prover. Our runtime consists of 7,500 lines of machine code and is able to complete a 4 gigabyte Milawa proof effort. When our runtime is used to carry out Milawa proofs, less unverified code must be trusted than with any other theorem prover. Our runtime includes a justintime compiler, a copying garbage collector, a parser and a printer, all of which are HOL4verified down to the concrete x86 code. We make heavy use of our previously developed tools for machinecode verification. This work demonstrates that our approach to machinecode verification scales to nontrivial applications. 1
Proof Translation and SMTLIB Benchmark Certification: A Preliminary Report
 In 6’th International Workshop on SMT
, 2008
"... Satisfiability Modulo Theories (SMT) solvers are large and complicated pieces of code. As a result, ensuring their correctness is challenging. In this paper, we discuss a technique for ensuring soundness by producing and checking proofs. We give details of our implementation using CVC3 and HOL Light ..."
Abstract

Cited by 10 (5 self)
 Add to MetaCart
(Show Context)
Satisfiability Modulo Theories (SMT) solvers are large and complicated pieces of code. As a result, ensuring their correctness is challenging. In this paper, we discuss a technique for ensuring soundness by producing and checking proofs. We give details of our implementation using CVC3 and HOL Light and provide initial results from our effort to certify the SMTLIB benchmarks. 1
Software Verification and System Assurance
, 2009
"... Littlewood [1] introduced the idea that software may be possibly perfect and that we can contemplate its probability of (im)perfection. We review this idea and show how it provides a bridge between correctness, which is the goal of software verification (and especially formal verification), and the ..."
Abstract

Cited by 9 (4 self)
 Add to MetaCart
Littlewood [1] introduced the idea that software may be possibly perfect and that we can contemplate its probability of (im)perfection. We review this idea and show how it provides a bridge between correctness, which is the goal of software verification (and especially formal verification), and the probabilistic properties such as reliability that are the targets for systemlevel assurance. We enumerate the hazards to formal verification, consider how each of these may be countered, and propose relative weightings that an assessor may employ in assigning a probability of perfection.
Importing HOL Light into Coq
 In ITP
, 2010
"... Abstract. We present a new scheme to translate mathematical developments from HOL Light to Coq, where they can be reused and rechecked. By relying on a carefully chosen embedding of HigherOrder Logic into Type Theory, we try to avoid some pitfalls of interoperation between proof systems. In parti ..."
Abstract

Cited by 9 (1 self)
 Add to MetaCart
(Show Context)
Abstract. We present a new scheme to translate mathematical developments from HOL Light to Coq, where they can be reused and rechecked. By relying on a carefully chosen embedding of HigherOrder Logic into Type Theory, we try to avoid some pitfalls of interoperation between proof systems. In particular, our translation keeps the mathematical statements intelligible. This translation has been implemented and allows the importation of the HOL Light basic library into Coq. 1
Formalizing Arrow’s theorem
"... Abstract. We present a small project in which we encoded a proof of Arrow’s theorem – probably the most famous results in the economics field of social choice theory – in the computer using the Mizar system. We both discuss the details of this specific project, as well as describe the process of for ..."
Abstract

Cited by 5 (0 self)
 Add to MetaCart
Abstract. We present a small project in which we encoded a proof of Arrow’s theorem – probably the most famous results in the economics field of social choice theory – in the computer using the Mizar system. We both discuss the details of this specific project, as well as describe the process of formalization (encoding proofs in the computer) in general. Keywords: formalization of mathematics, Mizar, social choice theory, Arrow’s theorem, GibbardSatterthwaite theorem, proof errors.
Connecting Gröbner bases programs with Coq to do proofs in algebra, geometry and arithmetics
"... We describe how we connected three programs that compute Gröbner bases [1] to Coq [11], to do automated proofs on algebraic, geometrical and arithmetical expressions. The result is a set of Coq tactics and a certificate mechanism 1. The programs are: F4 [5], GB [4], and gbcoq [10]. F4 and GB are the ..."
Abstract

Cited by 5 (0 self)
 Add to MetaCart
We describe how we connected three programs that compute Gröbner bases [1] to Coq [11], to do automated proofs on algebraic, geometrical and arithmetical expressions. The result is a set of Coq tactics and a certificate mechanism 1. The programs are: F4 [5], GB [4], and gbcoq [10]. F4 and GB are the fastest (up to our knowledge) available programs that compute Gröbner bases. Gbcoq is slow in general but is proved to be correct (in Coq), and we adapted it to our specific problem to be efficient. The automated proofs concern equalities and nonequalities on polynomials with coefficients and indeterminates in R or Z, and are done by reducing to Gröbner computation, via Hilbert’s Nullstellensatz. We adapted also the results of [7], to allow to prove some theorems about modular arithmetics. The connection between Coq and the programs that compute Gröbner bases is done using the ”external” tactic of Coq that allows to call arbitrary programs accepting xml inputs and outputs. We also produce certificates in order to make the proof scripts independent from the external programs.
Matching concepts across HOL libraries
 CICM’15, volume 8543 of LNCS
, 2014
"... Abstract. Many proof assistant libraries contain formalizations of the same mathematical concepts. The concepts are often introduced (defined) in different ways, but the properties that they have, and are in turn formalized, are the same. For the basic concepts, like natural numbers, matching them ..."
Abstract

Cited by 4 (4 self)
 Add to MetaCart
(Show Context)
Abstract. Many proof assistant libraries contain formalizations of the same mathematical concepts. The concepts are often introduced (defined) in different ways, but the properties that they have, and are in turn formalized, are the same. For the basic concepts, like natural numbers, matching them between libraries is often straightforward, because of mathematical naming conventions. However, for more advanced concepts, finding similar formalizations in different libraries is a nontrivial task even for an expert. In this paper we investigate automatic discovery of similar concepts across libraries of proof assistants. We propose an approach for normalizing properties of concepts in formal libraries and a number of similarity measures. We evaluate the approach on HOL based proof assistants HOL4, HOL Light and Isabelle/HOL, discovering 398 pairs of isomorphic constants and types. 1
Directly reflective metaprogramming
 HigherOrder and Symbolic Computation
, 2010
"... Existing metaprogramming languages operate on encodings of programs as data. This paper presents a new metaprogramming language, based on an untyped lambda calculus, in which structurally reflective programming is supported directly, without any encoding. The language features callbyvalue and ..."
Abstract

Cited by 4 (0 self)
 Add to MetaCart
(Show Context)
Existing metaprogramming languages operate on encodings of programs as data. This paper presents a new metaprogramming language, based on an untyped lambda calculus, in which structurally reflective programming is supported directly, without any encoding. The language features callbyvalue and callbyname lambda abstractions, as well as novel reflective features enabling the intensional manipulation of arbitrary program terms. The language is scope safe, in the sense that variables can neither be captured nor escape their scopes. The expressiveness of the language is demonstrated by showing how to implement quotation and evaluation operations, as proposed by Wand. The language’s utility for metaprogramming is further demonstrated through additional representative examples. A prototype implementation is described and evaluated.
HOL with Definitions: Semantics, Soundness, and a Verified Implementation
"... Abstract. We present a mechanised semantics and soundness proof for the HOL Light kernel including its definitional principles, extending Harrison’s verification of the kernel without definitions. Soundness of the logic extends to soundness of a theorem prover, because we also show that a synthesis ..."
Abstract

Cited by 3 (2 self)
 Add to MetaCart
(Show Context)
Abstract. We present a mechanised semantics and soundness proof for the HOL Light kernel including its definitional principles, extending Harrison’s verification of the kernel without definitions. Soundness of the logic extends to soundness of a theorem prover, because we also show that a synthesised implementation of the kernel in CakeML refines the inference system. Our semantics is the first for Wiedijk’s stateless HOL; our implementation, however, is stateful: we give semantics to the stateful inference system by translation to the stateless. We improve on Harrison’s approach by making our model of HOL parametric on the universe of sets. Finally, we prove soundness for an improved principle of constant specification, in the hope of encouraging its adoption. This paper represents the logical kernel aspect of our work on verified HOL implementations; the production of a verified machinecode implementation of the whole system with the kernel as a module will appear separately. 1