Results 1  10
of
31
SOFL: A Formal Engineering Methodology for Industrial Applications
"... Formal methods have yet to achieve wide industrial acceptance for several reasons. They are not well integrated into established industrial software processes, their application requires signi cant abstraction and mathematical skills, and existing tools do not satisfactorily support the entire forma ..."
Abstract

Cited by 34 (11 self)
 Add to MetaCart
Formal methods have yet to achieve wide industrial acceptance for several reasons. They are not well integrated into established industrial software processes, their application requires signi cant abstraction and mathematical skills, and existing tools do not satisfactorily support the entire formal software development process. We have proposed a language called SOFL (StructuredObjectbasedFormal Language) and a SOFL methodology for system development that attempts to address these problems using an integration of formal methods, structured methods and objectoriented methodology. Construction of a system uses structured methods in requirements analysis and specifications, and an objectbased methodology during design and implementation stages, with formal methods applied throughout the development in a manner that best suits their capabilities. This paper describes the SOFL methodology, which introduces some substantial changes from current formal methods practice. A comprehensive, practical case study of an actual industrial Residential Suites Management System illustrates how SOFLis used.
Formal Objects in Type Theory Using Very Dependent Types
 In Foundations of Object Oriented Languages 3
, 1996
"... In this paper we present an extension to basic type theory to allow a uniform construction of abstract data types (ADTs) having many of the properties of objects, including abstraction, subtyping, and inheritance. The extension relies on allowing type dependencies for function types to range over ..."
Abstract

Cited by 29 (8 self)
 Add to MetaCart
In this paper we present an extension to basic type theory to allow a uniform construction of abstract data types (ADTs) having many of the properties of objects, including abstraction, subtyping, and inheritance. The extension relies on allowing type dependencies for function types to range over a wellfounded domain. Using the propositionsastypes correspondence, abstract data types can be identified with logical theories, and proofs of the theories are the objects that inhabit the corresponding ADT. 1 Introduction In the past decade, there has been considerable progress in developing formal account of a theory of objects. One property of object oriented languages that make them popular is that they attack the problem of scale: all object oriented languages provide mechanisms for providing software modularity and reuse. In addition, the mechanisms are intuitive enough to be followed easily by novice programmers. During the same decade, the body of formal mathematics has be...
Automation for interactive proof: First prototype
 Information and Computation
"... Interactive theorem provers require too much effort from their users. We have been developing a system in which Isabelle users obtain automatic support from automatic theorem provers (ATPs) such as Vampire and SPASS. An ATP is invoked at suitable points in the interactive session, and any proof foun ..."
Abstract

Cited by 29 (10 self)
 Add to MetaCart
Interactive theorem provers require too much effort from their users. We have been developing a system in which Isabelle users obtain automatic support from automatic theorem provers (ATPs) such as Vampire and SPASS. An ATP is invoked at suitable points in the interactive session, and any proof found is given to the user in a window displaying an Isar proof script. There are numerous differences between Isabelle (polymorphic higherorder logic with type classes, natural deduction rule format) and classical ATPs (firstorder, untyped, clause form). Many of these differences have been bridged, and a working prototype that uses background processes already provides much of the desired functionality. 1
Proofs of Correctness of CacheCoherence Protocols
, 2001
"... . We describe two proofs of correctness for Cachet, an adaptive cachecoherence protocol. Each proof demonstrates soundness (conformance to an abstract cache memory model CRF) and liveness. One proof is manual, based on a termrewriting system definition; the other is machineassisted, based on ..."
Abstract

Cited by 10 (0 self)
 Add to MetaCart
. We describe two proofs of correctness for Cachet, an adaptive cachecoherence protocol. Each proof demonstrates soundness (conformance to an abstract cache memory model CRF) and liveness. One proof is manual, based on a termrewriting system definition; the other is machineassisted, based on a TLA formulation and using PVS. A twostage presentation of the protocol simplifies the treatment of soundness, in the design and in the proofs, by separating all liveness concerns. The TLA formulation demands precision about what aspects of the system's behavior are observable, bringing complication to some parts which were trivial in the manual proof. Handing a completed design over for independent verification is unlikely to be successful: the prover requires detailed insight into the design, and the designer must keep correctness concerns at the forefront of the design process. 1 Introduction: Memory Models and Protocols Shared memory multiprocessor systems provide a global mem...
Fast Tacticbased Theorem Proving
 TPHOLs 2000, LNCS 1869
, 2000
"... Theorem provers for higherorder logics often use tactics to implement automated proof search. Tactics use a generalpurpose metalanguage to implement both generalpurpose reasoning and computationally intensive domainspecific proof procedures. The generality of tactic provers has a performance pe ..."
Abstract

Cited by 9 (4 self)
 Add to MetaCart
Theorem provers for higherorder logics often use tactics to implement automated proof search. Tactics use a generalpurpose metalanguage to implement both generalpurpose reasoning and computationally intensive domainspecific proof procedures. The generality of tactic provers has a performance penalty; the speed of proof search lags far behind specialpurpose provers. We present a new modular proving architecture that significantly increases the speed of the core logic engine.
Defining functions on equivalence classes
 ACM Transactions on Computational Logic
"... A quotient construction defines an abstract type from a concrete type, using an equivalence relation to identify elements of the concrete type that are to be regarded as indistinguishable. The elements of a quotient type are equivalence classes: sets of equivalent concrete values. Simple techniques ..."
Abstract

Cited by 8 (1 self)
 Add to MetaCart
A quotient construction defines an abstract type from a concrete type, using an equivalence relation to identify elements of the concrete type that are to be regarded as indistinguishable. The elements of a quotient type are equivalence classes: sets of equivalent concrete values. Simple techniques are presented for defining and reasoning about quotient construction, based on a general lemma library concerning functions that operate on equivalence classes. The techniques are applied to a definition of the integers from the natural numbers, and then to the definition of a recursive datatype satisfying equational constraints.
Faulttolerant distributed theorem proving
, 1999
"... Higherorder logics are expressive tools for tasks ranging from formalizing the foundations of mathematics to largescale software verification and synthesis. Because of their complexity, proofs in higherorder logics often use a combination of interactive proving together with computationallyinten ..."
Abstract

Cited by 7 (4 self)
 Add to MetaCart
Higherorder logics are expressive tools for tasks ranging from formalizing the foundations of mathematics to largescale software verification and synthesis. Because of their complexity, proofs in higherorder logics often use a combination of interactive proving together with computationallyintensive tactic applications that perform proof automation. As problems and proof automation become more sophisticated, these proofs represent substantial investments  each interactive step may represent several hours of design time. We present an implementation of a distributed proving architecture to address the problems of speed, availability, and reliability in tactic provers. This architecture is implemented as a module in the MetaPRL logical framework. The implementation supports arbitrary process joins and allbutone process failures at any time during a proof. Proof distribution is completely transparent; the existing tactic base is unmodified.
Formal Verification of a Basic Circuits Library
 In Proc. of IASTED Int. Conf. on Applied Informatics, Innsbruck (AI 2001
, 2001
"... We describe the results and status of a project aiming to provide a provably correct library of basic circuits. We use the theorem proving system PVS in order to prove circuits such as incrementers, adders, arithmetic units, multipliers, leading zero counters, shifters, and decoders. All specificati ..."
Abstract

Cited by 7 (4 self)
 Add to MetaCart
We describe the results and status of a project aiming to provide a provably correct library of basic circuits. We use the theorem proving system PVS in order to prove circuits such as incrementers, adders, arithmetic units, multipliers, leading zero counters, shifters, and decoders. All specifications and proofs are available on the web.
Three Tactic Theorem Proving
 IN THEOREM PROVING IN HIGHER ORDER LOGICS, TPHOLS '99
, 1999
"... We describe the key features of the proof description language of Declare, an experimental theorem prover for higher order logic. We take a somewhat radical approach to proof description: proofs are not described with tactics but by using just three expressive outlining constructs. The language ..."
Abstract

Cited by 7 (0 self)
 Add to MetaCart
We describe the key features of the proof description language of Declare, an experimental theorem prover for higher order logic. We take a somewhat radical approach to proof description: proofs are not described with tactics but by using just three expressive outlining constructs. The language is "declarative" because each step specifies its logical consequences, i.e. the constants and formulae that are introduced, independently of the justification of that step. Logical constants and facts are lexically scoped in a style reminiscent of structured programming. The style is also heavily "inferential", because Declare relies on an automated prover to eliminate much of the detail normally made explicit in tactic proofs. Declare has been partly inspired by Mizar, but provides better automation. The proof language has been designed to take advantage of this, allowing proof steps to be both large and controlled. We assess the costs and benefits of this approach, and describe ...