Results 1 
4 of
4
Cooperating theorem provers: A case study combining HOLLight and CVC Lite
 In Proc. 3 rd Workshop on Pragmatics of Decision Procedures in Automated Reasoning (PDPAR ’05), volume 144(2) of Electronic Notes in Theoretical Computer Science
, 2006
"... Abstract. This paper is a case study in combining theorem provers. We define a derived rule in HOLLight, CVC PROVE, which calls CVC Lite and translates the resulting proof object back to HOLLight. This technique fundamentally expands the capabilities of HOLLight while preserving soundness. 1 ..."
Abstract

Cited by 28 (5 self)
 Add to MetaCart
(Show Context)
Abstract. This paper is a case study in combining theorem provers. We define a derived rule in HOLLight, CVC PROVE, which calls CVC Lite and translates the resulting proof object back to HOLLight. This technique fundamentally expands the capabilities of HOLLight while preserving soundness. 1
Type Systems for the Masses: Deriving Soundness Proofs and Efficient Checkers
"... The correct definition and implementation of nontrivial type systems is difficult and requires expert knowledge, which is not available to developers of domainspecific languages (DSLs) in practice. We propose Veritas, a workbench that simplifies the development of sound type systems. Veritas provi ..."
Abstract

Cited by 2 (1 self)
 Add to MetaCart
(Show Context)
The correct definition and implementation of nontrivial type systems is difficult and requires expert knowledge, which is not available to developers of domainspecific languages (DSLs) in practice. We propose Veritas, a workbench that simplifies the development of sound type systems. Veritas provides a single, highlevel specification language for type systems, from which it automatically tries to derive soundness proofs and efficient and correct typechecking algorithms. For verification, Veritas combines offtheshelf automated firstorder theorem provers with automated proof strategies specific to type systems. For deriving efficient type checkers, Veritas provides a collection of optimization strategies whose applicability to a given type system is checked through verification on a casebycase basis. We have developed a prototypical implementation of Veritas and used it to verify type soundness of the simplytyped lambda calculus and of parts of typed SQL. Our experience suggests that many of the individual verification steps can be automated and, in particular, that a high degree of automation is possible for type systems of DSLs. 1.
ToolAssisted Specification and Verification of Typed LowLevel Languages
"... Bytecode verification is one of the key security functions of several architectures for mobile and embedded code, including Java, Java Card, and.NET. Over the last few years, its formal correctness has been studied extensively by academia and industry, using general purpose theorem provers. The obje ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
Bytecode verification is one of the key security functions of several architectures for mobile and embedded code, including Java, Java Card, and.NET. Over the last few years, its formal correctness has been studied extensively by academia and industry, using general purpose theorem provers. The objective of our work is to facilitate such endeavors by providing a dedicated environment for establishing the correctness of bytecode verification within a proof assistant. The environment, called Jakarta, exploits a methodology that casts the correctness of bytecode verification relatively to a defensive virtual machine that performs checks at runtime, and an offensive one that does not, and can be summarized as stating that the two machines coincide on programs that pass bytecode verification. Such a methodology has been used successfully to prove the correctness of the Java Card bytecode verifier, and may potentially be applied to many other similar problems. One definite advantage of the methodology is that it is amenable to automation. Indeed, Jakarta automates the construction of an offensive virtual machine and a bytecode verifier from a defensive machine, and the proofs of correctness of the bytecode verifier. We illustrate the principles of Jakarta on a simple lowlevel language extended with subroutines, and discuss its usefulness to proving the correctness of the Java Card platform.
Virtual machines, such as the Java Virtual Machine, Java Card Virtual
"... Abstract. Bytecode verification is one of the key security functions of several architectures for mobile and embedded code, including Java, Java Card, and.NET. Over the last few years, its formal correctness has been studied extensively by academia and industry, using general purpose theorem provers ..."
Abstract
 Add to MetaCart
(Show Context)
Abstract. Bytecode verification is one of the key security functions of several architectures for mobile and embedded code, including Java, Java Card, and.NET. Over the last few years, its formal correctness has been studied extensively by academia and industry, using general purpose theorem provers. The objective of our work is to facilitate such endeavors by providing a dedicated environment for establishing the correctness of bytecode verification within a proof assistant. The environment, called Jakarta, exploits a methodology that casts the correctness of bytecode verification relatively to a defensive virtual machine that performs checks at runtime, and an offensive one that does not, and can be summarized as stating that the two machines coincide on programs that pass bytecode verification. Such a methodology has been used successfully to prove the correctness of the Java Card bytecode verifier, and may potentially be applied to many other similar problems. One definite advantage of the methodology is that it is amenable to automation. Indeed, Jakarta automates the construction of an offensive virtual machine and a bytecode verifier from a defensive machine, and the proofs of correctness of the bytecode verifier. We illustrate the principles of Jakarta on a simple lowlevel language extended with subroutines, and discuss its usefulness to proving the correctness of the Java Card platform.