Results 1 
9 of
9
Axiomatic constructor classes in Isabelle/HOLCF
 In In Proc. 18th International Conference on Theorem Proving in Higher Order Logics (TPHOLs ’05), Volume 3603 of Lecture Notes in Computer Science
, 2005
"... Abstract. We have definitionally extended Isabelle/HOLCF to support axiomatic Haskellstyle constructor classes. We have subsequently defined the functor and monad classes, together with their laws, and implemented state and resumption monad transformers as generic constructor class instances. This ..."
Abstract

Cited by 16 (5 self)
 Add to MetaCart
Abstract. We have definitionally extended Isabelle/HOLCF to support axiomatic Haskellstyle constructor classes. We have subsequently defined the functor and monad classes, together with their laws, and implemented state and resumption monad transformers as generic constructor class instances. This is a step towards our goal of giving modular denotational semantics for concurrent lazy functional programming languages, such as GHC Haskell. 1
Mechanically Verifying the Correctness of an Offline Partial Evaluator
, 1995
"... We show that using deductive systems to specify an offline partial evaluator allows its correctness to be mechanically verified. For a mixstyle partial evaluator, we specify bindingtime constraints using a naturaldeduction logic, and the associated program specializer using natural (aka "deducti ..."
Abstract

Cited by 12 (3 self)
 Add to MetaCart
We show that using deductive systems to specify an offline partial evaluator allows its correctness to be mechanically verified. For a mixstyle partial evaluator, we specify bindingtime constraints using a naturaldeduction logic, and the associated program specializer using natural (aka "deductive") semantics. These deductive systems can be directly encoded in the Elf programming language  a logic programming language based on the LF logical framework. The specifications are then executable as logic programs. This provides a prototype implementation of the partial evaluator. Moreover, since deductive system proofs are accessible as objects in Elf, many aspects of the partial evaluation correctness proofs (e.g., the correctness of bindingtime analysis) can be coded in Elf and mechanically verified. This work illustrates the utility of declarative programming and of using deductive systems for defining program specialization systems: by exploiting the logical character of definit...
Using a Generalisation Critic to Find Bisimulations for Coinductive Proofs
 PROCEEDINGS OF THE 14TH CONFERENCE ON AUTOMATED DEDUCTION, VOLUME 1249 OF LECTURE NOTES IN ARTIFICIAL INTELIGENCE
, 1997
"... Coinduction is a method of growing importance in reasoning about functional languages, due to the increasing prominence of lazy data structures. Through the use of bisimulations and proofs that observational equivalence is a congruence in various domains it can be used to proof the congruence of ..."
Abstract

Cited by 11 (2 self)
 Add to MetaCart
Coinduction is a method of growing importance in reasoning about functional languages, due to the increasing prominence of lazy data structures. Through the use of bisimulations and proofs that observational equivalence is a congruence in various domains it can be used to proof the congruence of two processes. Several proof tools have been developed to aid coinductive proofs but all require user interaction. Crucially they require the user to supply an appropriate relation which the system can then prove to be a bisimulation. A method is proposed which uses the idea of proof plans to make a heuristic guess at a suitable relation. If the proof fails for that relation the reasons for failure are analysed using a proof critic and a new relation is proposed to allow the proof to go through.
Axiomatic Semantics Verification of a Secure Web Server
, 1998
"... We formally verify that a particular web server written in C is secure, that is, a remote user cannot get files he shouldn't or change the server's files. Although the code was thoroughly reviewed and tested, the verification located some heretofore unknown behavioral weaknesses. To verify this code ..."
Abstract

Cited by 4 (1 self)
 Add to MetaCart
We formally verify that a particular web server written in C is secure, that is, a remote user cannot get files he shouldn't or change the server's files. Although the code was thoroughly reviewed and tested, the verification located some heretofore unknown behavioral weaknesses. To verify this code, we invented new inference rules for reasoning about expressions with side effects, which occur often in C. We also formalized aspects of Unix file systems and processes, operating system and library calls, parts of the C language, and security properties. We propose an architecture for a software verification system which could be widely useful, and argue that our proof demonstrates that real world software written in real world languages can be verified.
Functional procedures in higherorder logic
 Theorem Proving in Higher Order Logics, volume 1896 of Lect. Notes in Comp. Sci
, 1999
"... In this paper we present an approach for modelling functional procedures (as they occur in imperative programming languages) in a weakest precondition framework. Functional procedures are modelled in their full generality � thus the body of a functional procedure can be built using standard speci ca ..."
Abstract

Cited by 2 (0 self)
 Add to MetaCart
In this paper we present an approach for modelling functional procedures (as they occur in imperative programming languages) in a weakest precondition framework. Functional procedures are modelled in their full generality � thus the body of a functional procedure can be built using standard speci cation syntax, including nondeterminism, sequential composition, conditionals and loops. We integrate our theory of functional procedures into the existing mechanisation of the re nement calculus in the HOL system. To make formal reasoning possible, we derive correctness rules for functional procedures and their calls. Weshow also how recursive functional procedures can be handled according to our approach. Finally,weprovide a nontrivial example of reasoning about a recursive procedure for binary search.
Making a Productive Use of Failure to Generate Witnesses for Coinduction from Divergent Proof Attempts
 RR0004 in the Informatics Report Series
, 2000
"... this paper. Corresponding Author. 2 Witnesses for Coinduction witness relation is a fundamental step in the process of proof by coinduction. These techniques are based on middle{out reasoning (delaying the choice of witness for as long as possible by using meta{variables and higher order unicati ..."
Abstract

Cited by 2 (1 self)
 Add to MetaCart
this paper. Corresponding Author. 2 Witnesses for Coinduction witness relation is a fundamental step in the process of proof by coinduction. These techniques are based on middle{out reasoning (delaying the choice of witness for as long as possible by using meta{variables and higher order unication) and proof critics (exploiting information from failed proof attempts to modify witnesses). Coinduction is the dual of induction and is used to deal naturally with innite processes. It was rst investigated seriously in the eld of concurrency [25] where looping communication networks are commonplace. It is also used in so{ called \lazy" functional languages where the evaluation procedure only evaluates functions when they are required and may not fully evaluate 1 them. In this way a potentially innite process may be present in a program without forcing the entire program to be non{terminating. The semantics of lazy languages are generally expressed in an operational style. This work concentrates on the use of coinduction with the operational semantics of a lazy functional language. Coinduction has also been proposed for use with object{oriented languages [20], cryptographic protocols [1] and the calculus of mobile ambients [21]. Tools have been provided for coinduction in several theorem proving environments. One of these, the Edinburgh Concurrency Workbench [12], is fully automated. This deals with problems described in Process Algebras. In other areas, such as functional languages, automation has not been attempted. The choice of the bisimulation needed by a proof is equivalent to the choice of induction scheme in inductive proofs [15]. Like the choice of induction scheme, the choice of bisimulation is a hard step in coinductive proof. This work presents an auto...
The Circuit That Was Too Lazy to Fail
 in ‘Proceedings of the Glasgow Functional Programming Workshop
, 1997
"... This paper describes a translation of a relational hardware description language into a functional language in such a way that the user does not have to decide the direction of the data flow in the functional language. This approach relies on laziness, making the translation hard to analyse. The use ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
This paper describes a translation of a relational hardware description language into a functional language in such a way that the user does not have to decide the direction of the data flow in the functional language. This approach relies on laziness, making the translation hard to analyse. The use of a theorem prover that supports reasoning about laziness and undefined elements allows the investigation of the validity of the translation.
Functional Procedures in HigherOrder Logic Linas Laibinis Joakim von Wright
"... In this paper we present an approach for modelling functional procedures (as they occur in imperative programming languages) in a weakest precondition framework. Functional procedures are modelled in their full generality; thus the body of a functional procedure can be built using standard specifica ..."
Abstract
 Add to MetaCart
In this paper we present an approach for modelling functional procedures (as they occur in imperative programming languages) in a weakest precondition framework. Functional procedures are modelled in their full generality; thus the body of a functional procedure can be built using standard specification syntax, including nondeterminism, sequential composition, conditionals and loops.
Witnesses for Coinduction from Divergent Proof Attempts
"... Abstract: Coinduction is a proof rule. It is the dual of induction. It allows reasoning about non–well–founded structures such as lazy lists or streams and is of particular use for reasoning about equivalences. A central difficulty in the automation of coinductive proof is the choice of a relation ( ..."
Abstract
 Add to MetaCart
Abstract: Coinduction is a proof rule. It is the dual of induction. It allows reasoning about non–well–founded structures such as lazy lists or streams and is of particular use for reasoning about equivalences. A central difficulty in the automation of coinductive proof is the choice of a relation (called a bisimulation). We present an automation of coinductive theorem proving. This automation is based on the idea of proof planning. Proof planning constructs the higher level steps in a proof, using knowledge of the general structure of a family of proofs and exploiting this knowledge to control the proof search. Part of proof planning involves the use of failure information to modify the plan by the use of a proof critic which exploits the information gained from the failed proof attempt. Our approach to the problem was to develop a strategy that makes an initial simple guess at a bisimulation and then uses generalisation techniques, motivated by a critic, to refine this guess, so that a larger class of coinductive problems can be automatically verified.The implementation of this strategy has focused on the use of coinduction to prove the equivalence of programs in a small lazy functional language which is similar to Haskell. We have developed a proof plan for coinduction and a critic associated with this proof plan. These have been implemented in CoCLAM, an extended version of CLAM with encouraging results. The planner has been successfully tested on a number of theorems.