Results 1  10
of
10
A Discipline of Multiprogramming: Programming Theory for Distributed Applications
 Monographs in Computer Science
, 2001
"... ..."
Decision Procedures for Multisets with Cardinality Constraints
"... Abstract. Applications in software verification and interactive theorem proving often involve reasoning about sets of objects. Cardinality constraints on such collections also arise in these applications. Multisets arise in these applications for analogous reasons as sets: abstracting the content of ..."
Abstract

Cited by 12 (8 self)
 Add to MetaCart
Abstract. Applications in software verification and interactive theorem proving often involve reasoning about sets of objects. Cardinality constraints on such collections also arise in these applications. Multisets arise in these applications for analogous reasons as sets: abstracting the content of linked data structure with duplicate elements leads to multisets. Interactive theorem provers such as Isabelle specify theories of multisets and prove a number of theorems about them to enable their use in interactive verification. However, the decidability and complexity of constraints on multisets is much less understood than for constraints on sets. The first contribution of this paper is a polynomialspace algorithm for deciding expressive quantifierfree constraints on multisets with cardinality operators. Our decision procedure reduces in polynomial time constraints on multisets to constraints in an extension of quantifierfree Presburger arithmetic with certain “unbounded sum ” expressions. We prove bounds on solutions of resulting constraints and describe a polynomialspace decision procedure for these constraints. The second contribution of this paper is a proof that adding quantifiers to a constraint language containing subset and cardinality operators yields undecidable constraints. The result follows by reduction from Hilbert’s 10th problem. 1
Mechanizing Compositional Reasoning for Concurrent Systems: Some Lessons
, 2005
"... The paper reports on experiences of mechanizing various proposals for compositional reasoning in concurrent systems. The work uses the UNITY formalism and the Isabelle proof tool. The proposals investigated include existential/universal properties, guarantees properties and progress sets. The result ..."
Abstract

Cited by 4 (1 self)
 Add to MetaCart
The paper reports on experiences of mechanizing various proposals for compositional reasoning in concurrent systems. The work uses the UNITY formalism and the Isabelle proof tool. The proposals investigated include existential/universal properties, guarantees properties and progress sets. The results also apply to related proposals such as traditional assumptioncommitment guarantees and Misra's closure properties. Findings that have been published in detail elsewhere are summarised and consolidated here. One conclusion is that UNITY and related formalisms leave some important issues implicit, such as their concept of the program state, which means that great care must be exercised when implementing tool support. Another conclusion is that many compositional reasoning methods can be mechanized, provided that the issues mentioned above are correctly addressed.
Representing component states in higherorder logic
 Division of Informatics, University of Edinburgh
, 2001
"... Abstract. Component states can be formalized in higherorder logic as (1) functions from variables to values and (2) records, among other possibilities. Variabletovalue maps are natural, but they yield weak typing and restrict the user to a predefined value space. Record types define component sig ..."
Abstract

Cited by 4 (3 self)
 Add to MetaCart
Abstract. Component states can be formalized in higherorder logic as (1) functions from variables to values and (2) records, among other possibilities. Variabletovalue maps are natural, but they yield weak typing and restrict the user to a predefined value space. Record types define component signatures and properties need to be transferred between the various signatures. The method yields strong typing, but transferring properties requires an elaborate theory and not all properties can be transferred. The paper reports experiments with a third method: the state is represented by an abstract type. The method is described and contrasted with respect to the others. 1
State Spaces  The Locale Way
 SSV 2009
, 2009
"... Verification of imperative programs means reasoning about modifications of a program state. So proper representation of state spaces is crucial for the usability of a corresponding verification environment. In this paper we discuss various existing state space models under different aspects like str ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
Verification of imperative programs means reasoning about modifications of a program state. So proper representation of state spaces is crucial for the usability of a corresponding verification environment. In this paper we discuss various existing state space models under different aspects like strong typing, modularity and scalability. We also propose a variant based on the locale infrastructure of Isabelle. Thus we manage to combine the advantages of previous formulations (without suffering from their disadvantages), and gain extra flexibility in composing state space components (inherited from the modularity of locales).
Verification of Parallel Programs with
"... This thesis presents the first formalization of the OwickiGries method and its compositional version, the relyguarantee method, in a theorem prover. These methods are widely used for correctness proofs of parallel imperative programs with shared variables. We define syntax, semantics and proof rul ..."
Abstract
 Add to MetaCart
This thesis presents the first formalization of the OwickiGries method and its compositional version, the relyguarantee method, in a theorem prover. These methods are widely used for correctness proofs of parallel imperative programs with shared variables. We define syntax, semantics and proof rules in Isabelle/HOL, which is the instantiation of higherorder logic in the theorem prover Isabelle. The proof rules also provide for programs parameterized in the number of parallel components. Their correctness w.r.t. the semantics is proven mechanically and the completeness proofs for both methods are extended to the new case of parameterized programs. For the automatic generation of verification conditions we define a tactic based on the proof rules. Using this tactic we verify several nontrivial examples for parameterized and nonparameterized programs. Zusammenfassung In dieser Arbeit wird die OwickiGries Methode, und ihre kompositionelle
To My Parents Sashibhusan and Shanty Preface
"... For every complex problem, there is a solution that is simple, neat and ..."
Compositional Proofs of Concurrent Programs
"... This proposal concerns proving the correctness of programs expressed in the UNITY formalism. Under an existing EPSRC project, Paulson has already developed an environment for verifying UNITY programs. The environment is based on and distributed with Isabelle, a proof assistant developed at Cambridge ..."
Abstract
 Add to MetaCart
This proposal concerns proving the correctness of programs expressed in the UNITY formalism. Under an existing EPSRC project, Paulson has already developed an environment for verifying UNITY programs. The environment is based on and distributed with Isabelle, a proof assistant developed at Cambridge. The novelty in this proposal is to allow program components to be specified and verified independently of one another. When a system is built from such components, the correctness proof should refer to the properties previously proved rather than regarding the composite system as one giant program. Towards this end, researchers have published many proof methods [4, 12, 15]. By mechanizing these methods and performing case studies, the current project will subject their work to formal scrutiny. Should the methods turn out to work well in practice, then the mechanization will be useful in itself as a tool. The work will be done within the Cambridge Automated Reasoning Group. Hardware verification was pioneered here by Prof. M. J. C. Gordon and his students. Techniques such as the use of higherorder logic to model hardware spread from the Computer Laboratory into general acceptance. The group’s work continues to attract worldwide attention. For example, John Harrison won the Distinguished Dissertation Award for his thesis on verification involving floatingpoint arithmetic; his recent move to Intel Corp. is evidence that formal proof is relevant to industry. The group has built two of the most important proof environments used today, namely HOL and Isabelle. Isabelle (originated by Paulson) is a generic theorem prover. It supports interactive proof in several formal systems, including firstorder logic, higherorder logic and ZermeloFrankel set theory. Derived logics can be supported as well as primitive formalisms. Researchers have used Isabelle to support complicated specification languages such as TLA [13] and Z [9]. Several recent projects at Cambridge involve Isabelle: • Combining HOL and Isabelle (SERC ref. GR/H40570), 199295. This project applied Isabelle to HOLstyle problems, the main application being
Under consideration for publication in Formal Aspects of Computing Mechanizing Compositional Reasoning for Concurrent Systems: Some Lessons
"... Abstract. The paper reports on experiences of mechanizing various proposals for compositional reasoning in concurrent systems. The work uses the UNITY formalism and the Isabelle proof tool. The proposals investigated include existential/universal properties, guarantees properties and progress sets. ..."
Abstract
 Add to MetaCart
Abstract. The paper reports on experiences of mechanizing various proposals for compositional reasoning in concurrent systems. The work uses the UNITY formalism and the Isabelle proof tool. The proposals investigated include existential/universal properties, guarantees properties and progress sets. The results also apply to related proposals such as traditional assumptioncommitment guarantees and Misra’s closure properties. Findings that have been published in detail elsewhere are summarised and consolidated here. One conclusion is that UNITY and related formalisms leave some important issues implicit, such as their concept of the program state, which means that great care must be exercised when implementing tool support. Another conclusion is that many compositional reasoning methods can be mechanized, provided that the issues mentioned above are correctly addressed.