Results 1  10
of
17
Choice in Dynamic Linking
 IN FOSSACS’04  FOUNDATIONS OF SOFTWARE SCIENCE AND COMPUTATION STRUCTURES 2004, LECTURE NOTES IN COMPUTER SCIENCE
, 2004
"... We introduce a computational interpretation for Hilbert's choice operator (#). This interpretation yields a typed foundation for dynamic linking in software systems. The use of choice leads to interesting difficultiessome known from proof theory and others specific to the programminglanguage ..."
Abstract

Cited by 11 (0 self)
 Add to MetaCart
We introduce a computational interpretation for Hilbert's choice operator (#). This interpretation yields a typed foundation for dynamic linking in software systems. The use of choice leads to interesting difficultiessome known from proof theory and others specific to the programminglanguage perspective that we develop. We therefore emphasize an important special case, restricting the nesting of choices. We define
On the Logic of TLA+
 Computers and Informatics
, 2003
"... TLA+ is a language intended for the highlevel specification of reactive, distributed, and in particular asynchronous systems. Combining the lineartime temporal logic TLA and classical settheory, it provides an expressive specification formalism and supports assertional verification. ..."
Abstract

Cited by 9 (0 self)
 Add to MetaCart
TLA+ is a language intended for the highlevel specification of reactive, distributed, and in particular asynchronous systems. Combining the lineartime temporal logic TLA and classical settheory, it provides an expressive specification formalism and supports assertional verification.
A Design Structure for Higher Order Quotients
 In Proc. of the 18th International Conference on Theorem Proving in Higher Order Logics (TPHOLs), volume 3603 of LNCS
, 2005
"... Abstract. The quotient operation is a standard feature of set theory, where a set is partitioned into subsets by an equivalence relation. We reinterpret this idea for higher order logic, where types are divided by an equivalence relation to create new types, called quotient types. We present a desig ..."
Abstract

Cited by 8 (0 self)
 Add to MetaCart
Abstract. The quotient operation is a standard feature of set theory, where a set is partitioned into subsets by an equivalence relation. We reinterpret this idea for higher order logic, where types are divided by an equivalence relation to create new types, called quotient types. We present a design to mechanically construct quotient types as new types in the logic, and to support the automatic lifting of constants and theorems about the original types to corresponding constants and theorems about the quotient types. This design exceeds the functionality of Harrison’s package, creating quotients of multiple mutually recursive types simultaneously, and supporting the equivalence of aggregate types, such as lists and pairs. Most importantly, this design supports the creation of higher order quotients, which enable the automatic lifting of theorems with quantification over functions of any higher order. 1
Tools and Techniques for the Design and Systematic Analysis of RealTime Systems
, 1999
"... As technology progresses and computers become smaller, cheaper, and more powerful, they are increasingly relied on to guarantee the safety of human life and the environment. In most cases, it is not enough to merely provide such safety mechanisms, but is also critical to assure that they will be a ..."
Abstract

Cited by 6 (4 self)
 Add to MetaCart
As technology progresses and computers become smaller, cheaper, and more powerful, they are increasingly relied on to guarantee the safety of human life and the environment. In most cases, it is not enough to merely provide such safety mechanisms, but is also critical to assure that they will be activated in time to prevent disasters. These realtime systems are found in both largescale projects with highly visible consequences such as nuclear reactors and air traffic control systems as well as in consumer goods such as automobiles and smoke detectors. As more and more reliance is placed on realtime computing systems to perform critical and everyday functions, the need for formal methods to guarantee the correctness of these systems becomes crucial. Given the time
A TLA+ Proof System
"... We describe an extension to the TLA + specification language with constructs for writing proofs and a proof environment, called the Proof Manager (PM), to checks those proofs. The language and the PM support the incremental development and checking of hierarchically structured proofs. The PM transla ..."
Abstract

Cited by 3 (1 self)
 Add to MetaCart
We describe an extension to the TLA + specification language with constructs for writing proofs and a proof environment, called the Proof Manager (PM), to checks those proofs. The language and the PM support the incremental development and checking of hierarchically structured proofs. The PM translates a proof into a set of independent proof obligations and calls upon a collection of backend provers to verify them. Different provers can be used to verify different obligations. The currently supported backends are the tableau prover Zenon and Isabelle/TLA+, an axiomatisation of TLA + in Isabelle/Pure. The proof obligations for a complete TLA +2 proof can also be used to certify the theorem in Isabelle/TLA+.
Against Pointillisme about Mechanics
, 2005
"... This paper forms part of a wider campaign: to deny pointillisme. That is the doctrine that a physical theory’s fundamental quantities are defined at points of space or of spacetime, and represent intrinsic properties of such points or pointsized objects located there; so that properties of spatial ..."
Abstract

Cited by 2 (0 self)
 Add to MetaCart
This paper forms part of a wider campaign: to deny pointillisme. That is the doctrine that a physical theory’s fundamental quantities are defined at points of space or of spacetime, and represent intrinsic properties of such points or pointsized objects located there; so that properties of spatial or spatiotemporal regions and their material contents are determined by the pointbypoint facts. More specifically, this paper argues against pointillisme about the concept of velocity in classical mechanics; especially against proposals by Tooley, Robinson and Lewis. A companion paper argues against pointillisme about (chrono)geometry, as proposed by Bricker. To avoid technicalities, I conduct the argument almost entirely in the context of “Newtonian ” ideas about space and time, and the classical mechanics of pointparticles, i.e. extensionless particles moving in a void. But both the debate and my arguments carry over to relativistic physics. 1
Higher Order Quotients in Higher Order Logic
"... Abstract. The quotient operation is a standard feature of set theory, where a set is partitioned into subsets by an equivalence relation. We reinterpret this idea for Higher Order Logic (HOL), where types are divided by an equivalence relation to create new types, called quotient types. We present a ..."
Abstract

Cited by 1 (1 self)
 Add to MetaCart
Abstract. The quotient operation is a standard feature of set theory, where a set is partitioned into subsets by an equivalence relation. We reinterpret this idea for Higher Order Logic (HOL), where types are divided by an equivalence relation to create new types, called quotient types. We present a tool for the Higher Order Logic theorem prover to mechanically construct quotient types as new types in the HOL logic, and to automatically lift constants and theorems about the original types to corresponding constants and theorems about the quotient types. This package exceeds the functionality of Harrison’s package, creating quotients of multiple mutually recursive types simultaneously, and supporting the equivalence of aggregate types, such as lists and pairs. Most importantly, this package successfully creates higherorder quotients, automatically lifting theorems with quantification over functions of any higher order. This is accomplished through the use of partial equivalence relations, a possibly nonreflexive version of equivalence relations. We demonstrate this tool by lifting Abadi and Cardelli’s sigma calculus. 1
Describing motion events: Incremental
 Proceedings of the 5 th international workshop on computational semantics (IWCS5
, 2003
"... We demonstrate how a preverbal message (Levelt 1989) is generated from an underlying conceptual representation in an incremental manner. ..."
Abstract
 Add to MetaCart
We demonstrate how a preverbal message (Levelt 1989) is generated from an underlying conceptual representation in an incremental manner.
Stateless HOL Dedicated to Roel de Vrijer, in the tradition of Automath
"... Abstract. We present a version of the HOL Light system that supports undoing definitions in such a way that this does not compromise the soundness of the logic. In our system the code that keeps track of the constants that have been defined thus far has been moved out of the kernel. This means that ..."
Abstract
 Add to MetaCart
Abstract. We present a version of the HOL Light system that supports undoing definitions in such a way that this does not compromise the soundness of the logic. In our system the code that keeps track of the constants that have been defined thus far has been moved out of the kernel. This means that the kernel now is purely functional. The changes to the system are small. All existing HOL Light developments can be run by the stateless system with only minor changes. The basic principle behind the system is not to name constants by strings, but by pairs consisting of a string and a definition. This means that the data structures for the terms are all merged into one big graph. OCaml – the implementation language of the system – can use pointer equality to establish equality of data structures fast. This allows the system to run at acceptable speeds. Our system is about 1 6 version of HOL Light. th slower than the stateful