Abstract. We present a fully proof-producing implementation of a quantifierelimination procedure for real closed fields. To our knowledge, this is the first generally useful proof-producing implementation of such an algorithm. Whilemany problems within the domain are intractable, we demonstrate convincing examples of its value in interactive theorem proving. 1 Overview and related work Arguably the first automated theorem prover ever written was for a theory of lineararithmetic [8]. Nowadays many theorem proving systems, even those normally classified as `interactive ' rather than `automatic', contain procedures to automate routinearithmetical reasoning over some of the supported number systems like N, Z, Q, R and C. Experience shows that such automated support is invaluable in relieving users ofwhat would otherwise be tedious low-level proofs. We can identify several very common limitations of such procedures:- Often they are restricted to proving purely universal formulas rather than dealingwith arbitrary quantifier structure and performing general quantifier elimination.- Often they are not complete even for the supported class of formulas; in partic-ular procedures for the integers often fail on problems that depend inherently on divisibility properties (e.g. 8x y 2 Z. 2x + 1 6 = 2y)- They seldom handle non-trivial nonlinear reasoning, even in such simple cases as 8x y 2 R. x> 0 ^ y> 0) xy> 0, and those that do [18] tend to use heuristicsrather than systematic complete methods.- Many of the procedures are standalone decision algorithms that produce no certifi-cate of correctness and do not produce a `proof ' in the usual sense. The earliest serious exception is described in [4]. Many of these restrictions are not so important in practice, since subproblems aris-ing in interactive proof can still often be handled effectively. Indeed, sometimes the restrictions are unavoidable: Tarski's theorem on the undefinability of truth implies thatthere cannot even be a complete semidecision procedure for nonlinear reasoning over

Abstract. We describe a formalization of the elementary algebra, topology and analysis of finite-dimensional Euclidean space in the HOL Light theorem prover. (Euclidean space is R N with the usual notion of distance.) A notable feature is that the HOL type system is used to encode the dimension N in a simple and useful way, even though HOL does not permit dependent types. In the resulting theory the HOL type system, far from getting in the way, naturally imposes the correct dimensional constraints, e.g. checking compatibility in matrix multiplication. Among the interesting later developments of the theory are a partial decision procedure for the theory of vector spaces (based on a more general algorithm due to Solovay) and a formal proof of various classic theorems of topology and analysis for arbitrary N-dimensional Euclidean space, e.g. Brouwer’s fixpoint theorem and the differentiability of inverse functions. 1 1 The problem with R N

de recherche ISSN 0249-6399 ISRN INRIA/RR--6155--FR+ENG

In this paper we propose a framework for the incorporation of formal methods in the design flow of DSP (Digital Signal Processing) systems in a rigorous way. In the proposed approach we model and verify DSP descriptions at different abstraction levels using higher-order logic based on the HOL theorem prover. This framework enables the formal verification of DSP designs which in the past could only be done partially using conventional simulation techniques. To this end, we provide a shallow embedding of DSP descriptions in HOL at the floating-point, fixed-point, behavioral, RTL, and netlist gate levels. We make use of existing formalization of floating-point theory in HOL and a parallel one developed for fixed-point arithmetic. The high ability of abstraction in HOL allows a seamless hierarchical verification encompassing the whole DSP design path, starting from top level floating- and fixedpoint algorithmic descriptions down to RTL, and gate level implementations. We illustrate the new verification framework on FFT algorithm as case study. I.

We use higher-order logic to verify a quantifier elimination procedure for linear arithmetic over ordered fields, where the coefficients of variables are multivariate polynomials over another set of variables, we call parameters. The procedure generalizes Ferrante and Rackoff’s algorithm for the non-parametric case. The formalization is based on axiomatic type classes and automatically carries over to e.g. the rational, real and non-standard real numbers. It is executable, can be applied to HOL formulae by reflection and performs well on practical examples.

IEEE 802.11 is a widely used technology which powers many of the digital wireless communication revolutions currently taking place. It uses OFDM (Orthogonal Frequency Division Multiplexing) in its physical layer which is an efficient way to deal with multipath, good for relatively slow time-varying channels, and robust against narrowband interference. In this paper, we formally specify and verify an implementation of the IEEE 802.11 standard physical layer based OFDM modem using the HOL (Higher Order Logic) theorem prover. The versatile expressive power of HOL helped us model the original design at all abstraction levels starting from a floating-point model to the fixed-point design and then synthesized and implemented in FPGA technology. We have been able to find a bug in one of the blocks of the design that is responsible for modulation which implementation diverts from the constellation provided in the IEEE standard specification. The paper also derives new expressions for the rounding error accumulated during ideal real to floating-point and fixed-point transitions at the algorithmic level and performs a formal error analysis for