Results 1  10
of
20
Engineering and Theoretical Underpinnings of Retrenchment
, 2001
"... Refinement is reviewed in a partial correctness framework, highlighting in particular the distinction between its use as a specification constructor at a high level, and its use as an implementation mechanism at a low level. Some of its shortcomings as specification constructor at high levels of ..."
Abstract

Cited by 24 (16 self)
 Add to MetaCart
Refinement is reviewed in a partial correctness framework, highlighting in particular the distinction between its use as a specification constructor at a high level, and its use as an implementation mechanism at a low level. Some of its shortcomings as specification constructor at high levels of abstraction are pointed out, and these are used to motivate the adoption of retrenchment for certain high level development steps. Basic properties of retrenchment are described, including a justification of the operation PO, simple examples, simulation properties, and compositionality for both the basic retrenchment notion and enriched versions. The issue of framing retrenchment in the wide variety of correctness notions for refinement calculi that exist in the literature is tackled, culminating in guidelines on how to `brew your own retrenchment theory'. Two short case studies are presented. One is a simple digital redesign control theory problem, the other is a radiotherapy dos...
Proving bounds on realvalued functions with computations
 4th International Joint Conference on Automated Reasoning. Volume 5195 of Lecture Notes in Artificial Intelligence
, 2008
"... Abstract. Intervalbased methods are commonly used for computing numerical bounds on expressions and proving inequalities on real numbers. Yet they are hardly used in proof assistants, as the large amount of numerical computations they require keeps them out of reach from deductive proof processes. ..."
Abstract

Cited by 18 (3 self)
 Add to MetaCart
(Show Context)
Abstract. Intervalbased methods are commonly used for computing numerical bounds on expressions and proving inequalities on real numbers. Yet they are hardly used in proof assistants, as the large amount of numerical computations they require keeps them out of reach from deductive proof processes. However, evaluating programs inside proofs is an efficient way for reducing the size of proof terms while performing numerous computations. This work shows how programs combining automatic differentiation with floatingpoint and interval arithmetic can be used as efficient yet certified solvers. They have been implemented in a library for the Coq proof system. This library provides tactics for proving inequalities on realvalued expressions. 1
Floatingpoint arithmetic in the Coq system
"... The process of proving some mathematical theorems can be greatly reduced by relying on numericallyintensive computations with a certified arithmetic. This article presents a formalization of floatingpoint arithmetic that makes it possible to efficiently compute inside the proofs of the Coq system. T ..."
Abstract

Cited by 11 (0 self)
 Add to MetaCart
(Show Context)
The process of proving some mathematical theorems can be greatly reduced by relying on numericallyintensive computations with a certified arithmetic. This article presents a formalization of floatingpoint arithmetic that makes it possible to efficiently compute inside the proofs of the Coq system. This certified library is a multiradix and multiprecision implementation free from underflow and overflow. It provides the basic arithmetic operators and a few elementary functions. 1
Verified Real Number Calculations: A Library for Interval Arithmetic
, 2007
"... Real number calculations on elementary functions are remarkably difficult to handle in mechanical proofs. In this paper, we show how these calculations can be performed within a theorem prover or proof assistant in a convenient and highly automated as well as interactive way. First, we formally est ..."
Abstract

Cited by 10 (1 self)
 Add to MetaCart
(Show Context)
Real number calculations on elementary functions are remarkably difficult to handle in mechanical proofs. In this paper, we show how these calculations can be performed within a theorem prover or proof assistant in a convenient and highly automated as well as interactive way. First, we formally establish upper and lower bounds for elementary functions. Then, based on these bounds, we develop a rational interval arithmetic where real number calculations take place in an algebraic setting. In order to reduce the dependency effect of interval arithmetic, we integrate two techniques: interval splitting and taylor series expansions. This pragmatic approach has been developed, and formally verified, in a theorem prover. The formal development also includes a set of customizable strategies to automate proofs involving explicit calculations over real numbers. Our ultimate goal is to provide guaranteed proofs of numerical properties with minimal human theoremprover interaction.
Towards Automatic Proofs of Inequalities Involving Elementary Functions
 In Pragmatics of Decision Procedures in Automated Reasoning (PDPAR
, 2006
"... Inequalities involving functions such as sines, exponentials and logarithms lie outside the scope of decision procedures, and can only be solved using heuristic methods. Preliminary investigations suggest that many such problems can be solved by reduction to algebraic inequalities, which can then be ..."
Abstract

Cited by 10 (5 self)
 Add to MetaCart
(Show Context)
Inequalities involving functions such as sines, exponentials and logarithms lie outside the scope of decision procedures, and can only be solved using heuristic methods. Preliminary investigations suggest that many such problems can be solved by reduction to algebraic inequalities, which can then be decided by a decision procedure for the theory of real closed fields (RCF). The reduction involves replacing each occurrence of a function by a lower or upper bound (as appropriate) typically derived from a power series expansion. Typically this requires splitting the domain of the function being replaced, since most bounds are only valid for specific intervals. 1
Numerical Analysis of Ordinary Differential Equations
, 2013
"... Since many ordinary differential equations (ODEs) do not have a closed solution, approximating them is an important problem in numerical analysis. This work formalizes a method to approximate solutions of ODEs in Isabelle/HOL. We formalize initial value problems (IVPs) of ODEs and prove the existenc ..."
Abstract

Cited by 5 (3 self)
 Add to MetaCart
(Show Context)
Since many ordinary differential equations (ODEs) do not have a closed solution, approximating them is an important problem in numerical analysis. This work formalizes a method to approximate solutions of ODEs in Isabelle/HOL. We formalize initial value problems (IVPs) of ODEs and prove the existence of a unique solution, i.e. the PicardLindelöf theorem. We introduce general onestep methods for numerical approximation of the solution and provide an analysis regarding the local and global error of onestep methods. We give an executable specification of the Euler method to approximate the solution of IVPs. With usersupplied proofs for bounds of the differential equation we can prove an explicit bound for the global error. We use arbitraryprecision floatingpoint numbers and also handle rounding errors when we truncate the numbers for efficiency reasons. 1 Relations to the paper Our paper [1] is structured roughly according to the sources you find here. In the following list we show which notions of the paper correspond to which parts of the source code:
Stochastic Formal Methods: An application to accuracy of numeric software
, 2006
"... Abstract — This paper provides a bound on the number of numeric operations (fixed or floating point) that can safely be performed before accuracy is lost. This work has important implications for control systems with safetycritical software, as these systems are now running fast enough and long eno ..."
Abstract

Cited by 3 (2 self)
 Add to MetaCart
(Show Context)
Abstract — This paper provides a bound on the number of numeric operations (fixed or floating point) that can safely be performed before accuracy is lost. This work has important implications for control systems with safetycritical software, as these systems are now running fast enough and long enough for their errors to impact on their functionality. Furthermore, worstcase analysis would blindly advise the replacement of existing systems that have been successfully running for years. We present here a set of formal theorems validated by the PVS proof assistant. These theorems will allow code analyzing tools to produce formal certificates of accurate behavior. For example, FAA regulations for aircraft require that the probability of an error be below 10 −9 for a 10 hour flight [1]. I.
proving and proof scripting in PVS
 NIANASA Langley, National Institute of Aerospace
, 2007
"... Abstract. The batch execution modes of PVS are powerful, but highly technical, features of the system that are mostly accessible to expert users. This paper presents a PVS tool, called ProofLite, that extends the theorem prover interface with a batch proving utility and a proof scripting notation. P ..."
Abstract

Cited by 2 (0 self)
 Add to MetaCart
(Show Context)
Abstract. The batch execution modes of PVS are powerful, but highly technical, features of the system that are mostly accessible to expert users. This paper presents a PVS tool, called ProofLite, that extends the theorem prover interface with a batch proving utility and a proof scripting notation. ProofLite enables a semiliterate proving style where specification and proof scripts reside in the same file. The goal of ProofLite is to provide batch proving and proof scripting capabilities to regular, nonexpert, users of PVS. 1
NASA in the NASA STI Report Series, which
"... Since its founding, NASA has been dedicated to the ..."
(Show Context)