Results 1  10
of
26
A Reflective Functional Language for Hardware Design and Theorem Proving
"... This paper introduces reFLect, a functional programming language with reflection features intended for applications in hardware design and verification. The reFLect language is strongly typed and similar to ML, but has quotation and antiquotation constructs. These may be used to construct and decomp ..."
Abstract

Cited by 32 (7 self)
 Add to MetaCart
This paper introduces reFLect, a functional programming language with reflection features intended for applications in hardware design and verification. The reFLect language is strongly typed and similar to ML, but has quotation and antiquotation constructs. These may be used to construct and decompose expressions in the reFLect language itself. The paper motivates and presents the syntax and type system of this language, which brings together a new combination of patternmatching and reflection features targeted specifically at our application domain. It also gives an operational semantics based on a new use of contexts as expression constructors, and it presents a scheme for compiling reFLect programs into the λcalculus using the same context mechanism.
A Design Structure for Higher Order Quotients
 In Proc. of the 18th International Conference on Theorem Proving in Higher Order Logics (TPHOLs), volume 3603 of LNCS
, 2005
"... Abstract. The quotient operation is a standard feature of set theory, where a set is partitioned into subsets by an equivalence relation. We reinterpret this idea for higher order logic, where types are divided by an equivalence relation to create new types, called quotient types. We present a desig ..."
Abstract

Cited by 12 (0 self)
 Add to MetaCart
(Show Context)
Abstract. The quotient operation is a standard feature of set theory, where a set is partitioned into subsets by an equivalence relation. We reinterpret this idea for higher order logic, where types are divided by an equivalence relation to create new types, called quotient types. We present a design to mechanically construct quotient types as new types in the logic, and to support the automatic lifting of constants and theorems about the original types to corresponding constants and theorems about the quotient types. This design exceeds the functionality of Harrison’s package, creating quotients of multiple mutually recursive types simultaneously, and supporting the equivalence of aggregate types, such as lists and pairs. Most importantly, this design supports the creation of higher order quotients, which enable the automatic lifting of theorems with quantification over functions of any higher order. 1
Choice in Dynamic Linking
 IN FOSSACS’04  FOUNDATIONS OF SOFTWARE SCIENCE AND COMPUTATION STRUCTURES 2004, LECTURE NOTES IN COMPUTER SCIENCE
, 2004
"... We introduce a computational interpretation for Hilbert's choice operator (#). This interpretation yields a typed foundation for dynamic linking in software systems. The use of choice leads to interesting difficultiessome known from proof theory and others specific to the programminglan ..."
Abstract

Cited by 11 (0 self)
 Add to MetaCart
We introduce a computational interpretation for Hilbert's choice operator (#). This interpretation yields a typed foundation for dynamic linking in software systems. The use of choice leads to interesting difficultiessome known from proof theory and others specific to the programminglanguage perspective that we develop. We therefore emphasize an important special case, restricting the nesting of choices. We define
On the Logic of TLA+
 Computers and Informatics
, 2003
"... TLA+ is a language intended for the highlevel specification of reactive, distributed, and in particular asynchronous systems. Combining the lineartime temporal logic TLA and classical settheory, it provides an expressive specification formalism and supports assertional verification. ..."
Abstract

Cited by 9 (0 self)
 Add to MetaCart
TLA+ is a language intended for the highlevel specification of reactive, distributed, and in particular asynchronous systems. Combining the lineartime temporal logic TLA and classical settheory, it provides an expressive specification formalism and supports assertional verification.
Against pointillisme about mechanics
 British Journal for the Philosophy of Science
, 2006
"... This paper forms part of a wider campaign: to deny pointillisme, the doctrine that a physical theory’s fundamental quantities are defined at points of space or of spacetime, and represent intrinsic properties of such points or pointsized objects located there; so that properties of spatial or spati ..."
Abstract

Cited by 7 (0 self)
 Add to MetaCart
This paper forms part of a wider campaign: to deny pointillisme, the doctrine that a physical theory’s fundamental quantities are defined at points of space or of spacetime, and represent intrinsic properties of such points or pointsized objects located there; so that properties of spatial or spatiotemporal regions and their material contents are determined by the pointbypoint facts. More specifically, this paper argues against pointillisme about the concept of velocity in classical mechanics; especially against proposals by Tooley, Robinson and Lewis. A companion paper argues against pointillisme about (chrono)geometry, as proposed by Bricker. To avoid technicalities, I conduct the argument almost entirely in the context of ‘‘Newtonian’ ’ ideas about space and time, and the classical mechanics of pointparticles, i.e. extensionless particles moving in a void. But both the debate and my arguments carry over to relativistic physics.
A TLA+ Proof System
"... We describe an extension to the TLA + specification language with constructs for writing proofs and a proof environment, called the Proof Manager (PM), to checks those proofs. The language and the PM support the incremental development and checking of hierarchically structured proofs. The PM transla ..."
Abstract

Cited by 7 (3 self)
 Add to MetaCart
We describe an extension to the TLA + specification language with constructs for writing proofs and a proof environment, called the Proof Manager (PM), to checks those proofs. The language and the PM support the incremental development and checking of hierarchically structured proofs. The PM translates a proof into a set of independent proof obligations and calls upon a collection of backend provers to verify them. Different provers can be used to verify different obligations. The currently supported backends are the tableau prover Zenon and Isabelle/TLA+, an axiomatisation of TLA + in Isabelle/Pure. The proof obligations for a complete TLA +2 proof can also be used to certify the theorem in Isabelle/TLA+.
Tools and Techniques for the Design and Systematic Analysis of RealTime Systems
, 1999
"... As technology progresses and computers become smaller, cheaper, and more powerful, they are increasingly relied on to guarantee the safety of human life and the environment. In most cases, it is not enough to merely provide such safety mechanisms, but is also critical to assure that they will be a ..."
Abstract

Cited by 6 (4 self)
 Add to MetaCart
As technology progresses and computers become smaller, cheaper, and more powerful, they are increasingly relied on to guarantee the safety of human life and the environment. In most cases, it is not enough to merely provide such safety mechanisms, but is also critical to assure that they will be activated in time to prevent disasters. These realtime systems are found in both largescale projects with highly visible consequences such as nuclear reactors and air traffic control systems as well as in consumer goods such as automobiles and smoke detectors. As more and more reliance is placed on realtime computing systems to perform critical and everyday functions, the need for formal methods to guarantee the correctness of these systems becomes crucial. Given the time
Hemolymph: Composition
 In The Physiology of Insecta
, 1964
"... Étude de la sémantique de programmes parallèles « réels » en TLA THÈSE présentée et soutenue publiquement le 7 novembre 1996 pour l’obtention du Doctorat de l’université Henri Poincaré – Nancy 1 (spécialité informatique) par ..."
Abstract

Cited by 4 (0 self)
 Add to MetaCart
Étude de la sémantique de programmes parallèles « réels » en TLA THÈSE présentée et soutenue publiquement le 7 novembre 1996 pour l’obtention du Doctorat de l’université Henri Poincaré – Nancy 1 (spécialité informatique) par
Specification and Verification I
"... These lecture notes are for the course entitled Specification and Verification I. Some of the material is derived from previously published sources. 1 Chapters 1–4 introduce classical ideas of specification and proof of programs due to Floyd and Hoare. Chapter 5 is an introduction to program refinem ..."
Abstract

Cited by 3 (0 self)
 Add to MetaCart
These lecture notes are for the course entitled Specification and Verification I. Some of the material is derived from previously published sources. 1 Chapters 1–4 introduce classical ideas of specification and proof of programs due to Floyd and Hoare. Chapter 5 is an introduction to program refinement using an approach due to Paul Curzon. Chapter 6 presents higher order logic and Chapter 7 explains how FloydHoare logic can be embedded in higher order logic. The course presents classical ideas on the specification and verification of software. Although much of the material is old – see the dates on some of the cited references – it is still a key foundation for current research. 2 This course is a prerequisite for the Part II course entitled Specification and Verification II, which makes extensive use of higher order logic (see Chapter 6) for specifying and verifying hardware. Learning Guide These notes contain all the material that will be covered in the course. It should thus not be necessary to consult any textbooks etc. The copies of transparencies give the contents of the lectures. However note that I sometimes end up going faster or slower than expected so, for example, material shown in Lecture n might actually get covered in Lecture n+1 or Lecture n−1. The examination questions will be based on material in the lectures. Thus if I end up not covering some topic in the lectures, then I would not expect to set an examination question on it. This course has been fairly stable for several years, so past exam questions are a reasonable guide to the sort of thing I will set this year.