Results 1  10
of
31
A new approach to abstract syntax with variable binding
 Formal Aspects of Computing
, 2002
"... Abstract. The permutation model of set theory with atoms (FMsets), devised by Fraenkel and Mostowski in the 1930s, supports notions of ‘nameabstraction ’ and ‘fresh name ’ that provide a new way to represent, compute with, and reason about the syntax of formal systems involving variablebinding op ..."
Abstract

Cited by 207 (44 self)
 Add to MetaCart
Abstract. The permutation model of set theory with atoms (FMsets), devised by Fraenkel and Mostowski in the 1930s, supports notions of ‘nameabstraction ’ and ‘fresh name ’ that provide a new way to represent, compute with, and reason about the syntax of formal systems involving variablebinding operations. Inductively defined FMsets involving the nameabstraction set former (together with Cartesian product and disjoint union) can correctly encode syntax modulo renaming of bound variables. In this way, the standard theory of algebraic data types can be extended to encompass signatures involving binding operators. In particular, there is an associated notion of structural recursion for defining syntaxmanipulating functions (such as capture avoiding substitution, set of free variables, etc.) and a notion of proof by structural induction, both of which remain pleasingly close to informal practice in computer science. 1.
A New Approach to Abstract Syntax Involving Binders
 In 14th Annual Symposium on Logic in Computer Science
, 1999
"... Syntax Involving Binders Murdoch Gabbay Cambridge University DPMMS Cambridge CB2 1SB, UK M.J.Gabbay@cantab.com Andrew Pitts Cambridge University Computer Laboratory Cambridge CB2 3QG, UK ap@cl.cam.ac.uk Abstract The FraenkelMostowski permutation model of set theory with atoms (FMsets) ..."
Abstract

Cited by 145 (14 self)
 Add to MetaCart
Syntax Involving Binders Murdoch Gabbay Cambridge University DPMMS Cambridge CB2 1SB, UK M.J.Gabbay@cantab.com Andrew Pitts Cambridge University Computer Laboratory Cambridge CB2 3QG, UK ap@cl.cam.ac.uk Abstract The FraenkelMostowski permutation model of set theory with atoms (FMsets) can serve as the semantic basis of metalogics for specifying and reasoning about formal systems involving name binding, ffconversion, capture avoiding substitution, and so on. We show that in FMset theory one can express statements quantifying over `fresh' names and we use this to give a novel settheoretic interpretation of name abstraction. Inductively defined FMsets involving this nameabstraction set former (together with cartesian product and disjoint union) can correctly encode objectlevel syntax modulo ffconversion. In this way, the standard theory of algebraic data types can be extended to encompass signatures involving binding operators. In particular, there is an associated n...
ObjectOriented Verification based on Record Subtyping in HigherOrder Logic
 In 11th International Conference on Theorem Proving in Higher Order Logics, volume 1479 of LNCS, ANU
, 1998
"... We show how extensible records with structural subtyping can be represented directly in HigherOrder Logic (HOL). Exploiting some specific properties of HOL, this encoding turns out to be extremely simple. In particular, structural subtyping is subsumed by naive parametric polymorphism, while ov ..."
Abstract

Cited by 38 (11 self)
 Add to MetaCart
We show how extensible records with structural subtyping can be represented directly in HigherOrder Logic (HOL). Exploiting some specific properties of HOL, this encoding turns out to be extremely simple. In particular, structural subtyping is subsumed by naive parametric polymorphism, while overridable generic functions may be based on overloading. Taking HOL plus extensible records as a starting point, we then set out to build an environment for objectoriented specification and verification (HOOL). This framework offers several wellknown concepts like classes, objects, methods and latebinding. All of this is achieved by very simple means within HOL. 1 Introduction Higherorder Logic (HOL) [2, 1, 3] is a rather simplistic typed system, Church originally even called it "Simple Theory of Types". At first sight, it might seem futile attempting to use HOL to represent extensible records with structural subtyping, or even objectoriented concepts. One might expect that this ...
Subtypes for Specifications: Predicate Subtyping in PVS
 IEEE Transactions on Software Engineering
, 1998
"... A specification language used in the context of an effective theorem prover can provide novel features that enhance precision and expressiveness. In particular, typechecking for the language can exploit the services of the theorem prover. We describe a feature called "predicate subtyping" that uses ..."
Abstract

Cited by 31 (4 self)
 Add to MetaCart
A specification language used in the context of an effective theorem prover can provide novel features that enhance precision and expressiveness. In particular, typechecking for the language can exploit the services of the theorem prover. We describe a feature called "predicate subtyping" that uses this capability and illustrate its utility as mechanized in PVS.
Verifying temporal properties of reactive systems: A STeP tutorial
 FORMAL METHODS IN SYSTEM DESIGN
, 2000
"... We review a number of formal verification techniques supported by STeP, the Stanford Temporal Prover, describing how the tool can be used to verify properties of several versions of the Bakery algorithm for mutual exclusion. We verify the classic twoprocess algorithm and simple variants, as well a ..."
Abstract

Cited by 24 (5 self)
 Add to MetaCart
We review a number of formal verification techniques supported by STeP, the Stanford Temporal Prover, describing how the tool can be used to verify properties of several versions of the Bakery algorithm for mutual exclusion. We verify the classic twoprocess algorithm and simple variants, as well as an atomic parameterized version. The methods used include deductive verification rules, verification diagrams, automatic invariant generation, and finitestate model checking and abstraction.
A Small OpenMath Type System
 ACM SIGSAM Bulletin
, 1999
"... This paper describes the "lightweight" Small Type System of OpenMath. It is based on various discussion with the OpenMath Consortium, and notably with the NAG team. ..."
Abstract

Cited by 20 (5 self)
 Add to MetaCart
This paper describes the "lightweight" Small Type System of OpenMath. It is based on various discussion with the OpenMath Consortium, and notably with the NAG team.
STMM: A Set Theory for Mechanized Mathematics
 JOURNAL OF AUTOMATED REASONING
, 2000
"... Although set theory is the most popular foundation for mathematics, not many mechanized mathematics systems are based on set theory. ZermeloFraenkel (zf) set theory and other traditional set theories are not an adequate foundation for mechanized mathematics. stmm is a version of vonNeumannBerna ..."
Abstract

Cited by 12 (6 self)
 Add to MetaCart
Although set theory is the most popular foundation for mathematics, not many mechanized mathematics systems are based on set theory. ZermeloFraenkel (zf) set theory and other traditional set theories are not an adequate foundation for mechanized mathematics. stmm is a version of vonNeumannBernaysGödel (nbg) set theory that is intended to be a Set Theory for Mechanized Mathematics. stmm allows terms to denote proper classes and to be undened, has a denite description operator, provides a sort system for classifying terms by value, and includes lambdanotation with term constructors for function application and function abstraction. This paper describes stmm and discusses why it is a good foundation for mechanized mathematics.
HighLevel Specifications: Lessons from Industry
, 2003
"... We explain the rationale behind the design of the TLA specification language, and we describe our experience using it and the TLC model checker in industrial applications  including the verification of multiprocessor memory designs at Intel. Based on this experience, we challenge some conventional ..."
Abstract

Cited by 11 (1 self)
 Add to MetaCart
We explain the rationale behind the design of the TLA specification language, and we describe our experience using it and the TLC model checker in industrial applications  including the verification of multiprocessor memory designs at Intel. Based on this experience, we challenge some conventional wisdom about highlevel specifications.
Lazy caching in TLA
, 1999
"... We address the problem, proposed by Gerth, of verifying that a simplified version of the lazy caching algorithm of Afek, Brown, and Merritt is sequentially consistent. We specify the algorithm and sequential consistency in TLA +, a formal specification language based on TLA (the Temporal Logic of Ac ..."
Abstract

Cited by 8 (1 self)
 Add to MetaCart
We address the problem, proposed by Gerth, of verifying that a simplified version of the lazy caching algorithm of Afek, Brown, and Merritt is sequentially consistent. We specify the algorithm and sequential consistency in TLA +, a formal specification language based on TLA (the Temporal Logic of Actions). We then describe how to construct
An Overview of Ciao and its Design Philosophy
"... We provide an overall description of the Ciao multiparadigm programming system emphasizing some of the novel aspects and motivations behind its design and implementation. An important aspect of Ciao is that, in addition to supporting logic programming (and, in particular, Prolog), it provides the pr ..."
Abstract

Cited by 6 (4 self)
 Add to MetaCart
We provide an overall description of the Ciao multiparadigm programming system emphasizing some of the novel aspects and motivations behind its design and implementation. An important aspect of Ciao is that, in addition to supporting logic programming (and, in particular, Prolog), it provides the programmer with a large number of useful features from different programming paradigms and styles, and that the use of each of these features (including those of Prolog) can be turned on and off at will for each program module. Thus, a given module may be using, e.g., higher order functions and constraints, while another module may be using imperative operations, predicates, Prolog metaprogramming builtins, and concurrency. Furthermore, the language is designed to be extensible in a simple and modular way. Another important aspect of Ciao is its programming environment, which provides a powerful preprocessor (with an associated assertion language) capable of statically finding nontrivial bugs, verifying that programs comply with specifications, and performing many types of program optimizations (including automatic parallelization). Such optimizations produce code that is highly competitive with other dynamic languages or, when the (experimental) optimizing compiler is used, even that of static languages, all while retaining the interactive development environment