Results 11  20
of
22
Understanding proofs
 The Philosophy of Mathematical Practice
, 2008
"... “Now, in calm weather, to swim in the open ocean is as easy to the practised swimmer as to ride in a springcarriage ashore. But the awful lonesomeness is intolerable. The intense concentration of self in the middle of such a heartless immensity, my God! who can tell it? Mark, how when sailors in a ..."
Abstract

Cited by 3 (0 self)
 Add to MetaCart
“Now, in calm weather, to swim in the open ocean is as easy to the practised swimmer as to ride in a springcarriage ashore. But the awful lonesomeness is intolerable. The intense concentration of self in the middle of such a heartless immensity, my God! who can tell it? Mark, how when sailors in a dead calm bathe in the open sea—mark how closely they hug their ship and only coast along her
Animating the Formalised Semantics of a Javalike Language
"... Abstract. Considerable effort has gone into the techniques of extracting executable code from formal specifications and animating them. We show how to apply these techniques to the large JinjaThreads formalisation. It models a substantial subset of multithreaded Java source and bytecode in Isabelle/ ..."
Abstract

Cited by 2 (1 self)
 Add to MetaCart
Abstract. Considerable effort has gone into the techniques of extracting executable code from formal specifications and animating them. We show how to apply these techniques to the large JinjaThreads formalisation. It models a substantial subset of multithreaded Java source and bytecode in Isabelle/HOL and focuses on proofs and modularity whereas code generation was of little concern in its design. Employing Isabelle’s code generation facilities, we obtain a verified Java interpreter that is sufficiently efficient for running small Java programs. To this end, we present refined implementations for common notions such as the reflexive transitive closure and Russell’s definite description operator. From our experience, we distill simple guidelines on how to develop future formalisations with executability in mind. 1
Efficient Construction of MachineChecked Symbolic Protocol Security Proofs
, 2012
"... We embed an untyped security protocol model in the interactive theorem prover Isabelle/HOL and derive a theory for constructing proofs of secrecy and authentication properties. Our theory is based on two key ingredients. The first is an inference rule for enumerating the possible origins of messages ..."
Abstract

Cited by 2 (2 self)
 Add to MetaCart
We embed an untyped security protocol model in the interactive theorem prover Isabelle/HOL and derive a theory for constructing proofs of secrecy and authentication properties. Our theory is based on two key ingredients. The first is an inference rule for enumerating the possible origins of messages known to the intruder. The second is a class of protocolspecific invariants that formalize type assertions about variables in protocol specifications. The resulting theory is wellsuited for interactively constructing humanreadable, protocol security proofs. We additionally give an algorithm that automatically generates Isabelle/HOL proof scripts based on this theory. We provide case studies showing that both interactive and automatic proof construction are efficient. The resulting proofs provide strong correctness guarantees since all proofs, including those deriving our theory from the security protocol model, are machinechecked. 1
A better reduction theorem for store buffers. arXiv:0909.4637v1
, 2009
"... Abstract. When verifying a concurrent program, it is usual to assume that memory is sequentially consistent. However, most modern multiprocessors depend on store buffering for efficiency, and provide native sequential consistency only at a substantial performance penalty. To regain sequential consis ..."
Abstract

Cited by 2 (0 self)
 Add to MetaCart
Abstract. When verifying a concurrent program, it is usual to assume that memory is sequentially consistent. However, most modern multiprocessors depend on store buffering for efficiency, and provide native sequential consistency only at a substantial performance penalty. To regain sequential consistency, a programmer has to follow an appropriate programming discipline. However, naïve disciplines, such as protecting all shared accesses with locks, are not flexible enough for building highperformance multiprocessor software. We present a new discipline for concurrent programming under TSO (total store order, with store buffer forwarding). It does not depend on concurrency primitives, such as locks. Instead, threads use ghost operations to acquire and release ownership of memory addresses. A thread can write to an address only if no other thread owns it, and can read from an address only if it owns it or it is shared and the thread has flushed its store buffer since it last wrote to an address it did not own. This discipline covers both coarsegrained concurrency (where data is protected by locks) as well as finegrained concurrency (where atomic operations race to memory). We formalize this discipline in Isabelle/HOL, and prove that if every execution of a program in a system without store buffers follows the discipline, then every execution of the program with store buffers is sequentially consistent. Thus, we can show sequential consistency under TSO by ordinary assertional reasoning about the program, without having to consider store buffers at all. 1
State Spaces  The Locale Way
 SSV 2009
, 2009
"... Verification of imperative programs means reasoning about modifications of a program state. So proper representation of state spaces is crucial for the usability of a corresponding verification environment. In this paper we discuss various existing state space models under different aspects like str ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
Verification of imperative programs means reasoning about modifications of a program state. So proper representation of state spaces is crucial for the usability of a corresponding verification environment. In this paper we discuss various existing state space models under different aspects like strong typing, modularity and scalability. We also propose a variant based on the locale infrastructure of Isabelle. Thus we manage to combine the advantages of previous formulations (without suffering from their disadvantages), and gain extra flexibility in composing state space components (inherited from the modularity of locales).
Reflecting Quantifier Elimination for Linear Arithmetic
"... Abstract. This paper formalizes and verifies quantifier elimination procedures for dense linear orders and for real and integer linear arithmetic in the theorem prover ..."
Abstract

Cited by 1 (1 self)
 Add to MetaCart
Abstract. This paper formalizes and verifies quantifier elimination procedures for dense linear orders and for real and integer linear arithmetic in the theorem prover
Change Management for Heterogeneous Development Graphs
"... The errorprone process of formal specification and verification of large systems requires an efficient, evolutionary formal development approach. Development graphs have been designed to support such an approach. They can formally represent the actual state of a software development comprising spec ..."
Abstract
 Add to MetaCart
The errorprone process of formal specification and verification of large systems requires an efficient, evolutionary formal development approach. Development graphs have been designed to support such an approach. They can formally represent the actual state of a software development comprising specification and verification work in a structured way and assist the user in her evolutionary development by the incorporated change management support. In this paper we extend this work with respect to heterogeneous development graphs allowing one to make use of different institutions, i.e. logics, for specifying and verifying large developments. We also push forward the idea of stringent locality of definitions by introducing presignatures and presignature morphisms, which allow us to build up signatures in an incremental and parametric way.
Algebraic structures in Axiom and Isabelle: attempt at a comparison
, 2007
"... The hierarchic structures of abstract algebra pose challenges to the module systems of both programming and specification languages. We relate two existing module systems that are designed for this purpose: the type system of the computer algebra system Axiom, and the module system of the theorem p ..."
Abstract
 Add to MetaCart
The hierarchic structures of abstract algebra pose challenges to the module systems of both programming and specification languages. We relate two existing module systems that are designed for this purpose: the type system of the computer algebra system Axiom, and the module system of the theorem prover Isabelle.
Proof Pearl: A Probabilistic Proof for the GirthChromatic Number Theorem
"... Abstract. The GirthChromatic number theorem is a theorem from graph theory, stating that graphs with arbitrarily large girth and chromatic number exist. We formalize a probabilistic proof of this theorem in the Isabelle/HOL theorem prover, closely following a standard textbook proof and use this to ..."
Abstract
 Add to MetaCart
Abstract. The GirthChromatic number theorem is a theorem from graph theory, stating that graphs with arbitrarily large girth and chromatic number exist. We formalize a probabilistic proof of this theorem in the Isabelle/HOL theorem prover, closely following a standard textbook proof and use this to explore the use of the probabilistic method in a theorem prover. 1
12 Understanding Proofs
"... ‘Now, in calm weather, to swim in the open ocean is as easy to the practised swimmer as to ride in a springcarriage ashore. But the awful lonesomeness is intolerable. The intense concentration of self in the middle of such a heartless immensity, my God! who can tell it? Mark, how when sailors in a ..."
Abstract
 Add to MetaCart
‘Now, in calm weather, to swim in the open ocean is as easy to the practised swimmer as to ride in a springcarriage ashore. But the awful lonesomeness is intolerable. The intense concentration of self in the middle of such a heartless immensity, my God! who can tell it? Mark, how when sailors in a dead calm bathe in the open sea—mark how closely they hug their ship and only coast along her sides. ’ (Herman Melville, Moby Dick, Chapter94) What does it mean to understand mathematics? How does mathematics help us understand? These questions are not idle. We look to mathematics for understanding, we value theoretical developments for improving our understanding, and we