Results 1  10
of
15
Mechanizing a Theory of Program Composition for UNITY
 ACM TRANSACTIONS ON PROGRAMMING LANGUAGES AND SYSTEMS
, 2001
"... This paper reports experiments on mechanizing a theory of UNITY program composition. The key ingredients are mechanized proofs, compositional reasoning, and the UNITY formalism. Mechanical proof tools provide rigour and power, but they are highly sensitive to small changes in the definitions. The ..."
Abstract

Cited by 10 (4 self)
 Add to MetaCart
This paper reports experiments on mechanizing a theory of UNITY program composition. The key ingredients are mechanized proofs, compositional reasoning, and the UNITY formalism. Mechanical proof tools provide rigour and power, but they are highly sensitive to small changes in the definitions. The gap between the "hand proof" and "mechanical proof" communities makes communication difficult. Unstated assumptions in a hand formalism can cause major problems during its mechanization. Notations designed for hand proofs may not be suitable for mechanical tools
HOLZ 2.0: A proof environment for Zspecifications
 JOURNAL OF UNIVERSAL COMPUTER SCIENCE
, 2002
"... We present a new proof environment for the specification language Z. The basis is a semantic representation of Z in a structurepreserving, shallow embedding in Isabelle/HOL. On top of the embedding, new proof support for the Z schema calculus and for proof structuring are developed. Thus, we integ ..."
Abstract

Cited by 9 (5 self)
 Add to MetaCart
We present a new proof environment for the specification language Z. The basis is a semantic representation of Z in a structurepreserving, shallow embedding in Isabelle/HOL. On top of the embedding, new proof support for the Z schema calculus and for proof structuring are developed. Thus, we integrate Z into a wellknown and trusted theorem prover with advanced deduction technology such as higherorder rewriting, tableauxbased provers and arithmetic decision procedures. A further achievement of this work is the integration of our embedding into a new toolchain providing a Zoriented type checker, documentation facilities and macro support for refinement proofs; as a result, the gap has been closed between a logical embedding proven correct and a tool suited for applications of nontrivial size.
Black Box Views of State Machines
, 1999
"... System specification by state machines together with property specification and verification by temporal logics are by now standard techniques to reason about the control flow of hardware components, embedded systems and communication protocols. The techniques to reason about the dataflow within a s ..."
Abstract

Cited by 8 (5 self)
 Add to MetaCart
System specification by state machines together with property specification and verification by temporal logics are by now standard techniques to reason about the control flow of hardware components, embedded systems and communication protocols. The techniques to reason about the dataflow within a system, however, are less well developed. This report adapts a UNITYlike formalism for specification and verification to systems of asynchronously communicating components. The components themselves are specified as state machines. The resulting proof techniques allows abstract and compositional reasoning about dataflow properties of systems.
A Survey on Embedding Programming Logics in a Theorem Prover
 Institute of Information and Computing Sciences Utrecht University
, 2002
"... Theorem provers were also called 'proof checkers' because that is what they were in the beginning. They have grown powerful, however, capable in many cases to automatically produce complicated proofs. In particular, higher order logic based theorem provers such as HOL and PVS became popular because ..."
Abstract

Cited by 8 (2 self)
 Add to MetaCart
Theorem provers were also called 'proof checkers' because that is what they were in the beginning. They have grown powerful, however, capable in many cases to automatically produce complicated proofs. In particular, higher order logic based theorem provers such as HOL and PVS became popular because the logic is well known and very expressive. They are generally considered to be potential platforms to embed a programming logic for the purpose of formal verification. In this paper we investigate a number of most commonly used methods of embedding programming logics in such theorem provers and expose problems we discover. We will also propose an alternative approach: hybrid embedding.
Program Composition in Isabelle/UNITY
 In Parallel and Distributed Processing. IEEE, 2002. Workshop on Formal Methods for Parallel Programming: Theory and Applications; text on CDROM
, 2002
"... We describe the mechanization of recent examples of compositional reasoning, due to Charpentier and Chandy [4]. The examples illustrate a new theory for composition proposed by Chandy and Sanders [2, 3], based on the socalled existential and universal properties. We show that, while avoiding hand p ..."
Abstract

Cited by 5 (3 self)
 Add to MetaCart
We describe the mechanization of recent examples of compositional reasoning, due to Charpentier and Chandy [4]. The examples illustrate a new theory for composition proposed by Chandy and Sanders [2, 3], based on the socalled existential and universal properties. We show that, while avoiding hand proof mistakes, a such compositional reasoning can be mechanized quite straightforwardly. We also present the mechanization of some theoretical results [5] concerning existential properties and their relation with the guarantees concept. The result is a new module added to the existing Isabelle/UNITY theory for composition.
Mechanizing Compositional Reasoning for Concurrent Systems: Some Lessons
, 2005
"... The paper reports on experiences of mechanizing various proposals for compositional reasoning in concurrent systems. The work uses the UNITY formalism and the Isabelle proof tool. The proposals investigated include existential/universal properties, guarantees properties and progress sets. The result ..."
Abstract

Cited by 4 (1 self)
 Add to MetaCart
The paper reports on experiences of mechanizing various proposals for compositional reasoning in concurrent systems. The work uses the UNITY formalism and the Isabelle proof tool. The proposals investigated include existential/universal properties, guarantees properties and progress sets. The results also apply to related proposals such as traditional assumptioncommitment guarantees and Misra's closure properties. Findings that have been published in detail elsewhere are summarised and consolidated here. One conclusion is that UNITY and related formalisms leave some important issues implicit, such as their concept of the program state, which means that great care must be exercised when implementing tool support. Another conclusion is that many compositional reasoning methods can be mechanized, provided that the issues mentioned above are correctly addressed.
Representing component states in higherorder logic
 Division of Informatics, University of Edinburgh
, 2001
"... Abstract. Component states can be formalized in higherorder logic as (1) functions from variables to values and (2) records, among other possibilities. Variabletovalue maps are natural, but they yield weak typing and restrict the user to a predefined value space. Record types define component sig ..."
Abstract

Cited by 4 (3 self)
 Add to MetaCart
Abstract. Component states can be formalized in higherorder logic as (1) functions from variables to values and (2) records, among other possibilities. Variabletovalue maps are natural, but they yield weak typing and restrict the user to a predefined value space. Record types define component signatures and properties need to be transferred between the various signatures. The method yields strong typing, but transferring properties requires an elaborate theory and not all properties can be transferred. The paper reports experiments with a third method: the state is represented by an abstract type. The method is described and contrasted with respect to the others. 1
A Framework for Verifying DataCentric Protocols
"... Abstract. Data centric languages, such as recursive rule based languages, have been proposed to program distributed applications over networks. They simplify greatly the code, which is orders of magnitude shorter, much more declarative, while still admitting efficient distributed execution. We show ..."
Abstract

Cited by 4 (3 self)
 Add to MetaCart
Abstract. Data centric languages, such as recursive rule based languages, have been proposed to program distributed applications over networks. They simplify greatly the code, which is orders of magnitude shorter, much more declarative, while still admitting efficient distributed execution. We show that they also provide a promising approach to the verification of distributed protocols, thanks to their data centric orientation, which allows to explicitly handle global structures, such as the topology of the network, routing tables, trees, etc, as well as their properties. We consider a framework using an original formalization in the Coq proof assistant of a distributed computation model based on message passing with either synchronous or asynchronous behavior. The declarative rules of the Netlog language for specifying distributed protocols, as well as the virtual machines for evaluating these rules, are encoded in Coq as well. We consider as a case study tree protocols, and show how this framework enables us to formally verify them in both the asynchronous and synchronous setting. 1
Maximally Concurrent Programs
 Formal Aspects of Computing
, 1999
"... Typically, program design involves constructing a program, P , that implements a given specification, S; that is, the set P of executions of P is a subset of the set S of executions satisfying S. In many cases, we seek a P that not only implements S but for which P = S. Then, every execution sat ..."
Abstract

Cited by 3 (1 self)
 Add to MetaCart
Typically, program design involves constructing a program, P , that implements a given specification, S; that is, the set P of executions of P is a subset of the set S of executions satisfying S. In many cases, we seek a P that not only implements S but for which P = S. Then, every execution satisfying the specification is a possible execution of the program; we call P maximal for the specification S. We argue in this paper that traditional specifications of concurrent programs are incomplete without some maximality requirement because they can often be implemented in a sequential fashion. Additionally, a maximal solution can be refined to a variety of programs each appropriate for execution on a different computing platform. In this paper, we suggest a method for proving the maximality of a program with respect to a given specification. Even though we prove facts about possible executions of programs there is no need to appeal to branching time logics; we employ a fragment of linear temporal logic for our proofs. The method results in concise proofs of maximality for many nontrivial examples. The method may also serve as a guide in constructing maximal programs. 1
Cones and foci: A mechanical framework for protocol verification
"... Abstract We define a cones and foci proof method, which rephrases the question whether two system specifications are branching bisimilar in terms of proof obligations on relations between data objects. Compared to the original cones and foci method from Groote and Springintveld, our method is more g ..."
Abstract

Cited by 2 (1 self)
 Add to MetaCart
Abstract We define a cones and foci proof method, which rephrases the question whether two system specifications are branching bisimilar in terms of proof obligations on relations between data objects. Compared to the original cones and foci method from Groote and Springintveld, our method is more generally applicable, because it does not require a preprocessing step to eliminate τloops. We prove soundness of our approach and present a set of rules to prove the reachability of focus points. Our method has been formalized and proved correct using PVS. Thus we have established a framework for mechanical protocol verification. We apply this framework to the Concurrent Alternating Bit Protocol.