ion. ACM Transactions on Programming Languages and Systems, 16(5):1512--1542, September 1994. Bibliography 401 [Che80] B. F. Chellas. Modal Logic -- an Introduction. Cambridge University Press, 1980. [Dam96] D. R. Dams. Abstract Interpretation and Partition Refinement for Model Checking. PhD thesis, Institute for Programming research and Algorithmics. Eindhoven University of Technology, July 1996. [Dij76] E. W. Dijkstra. A Discipline of Programming. Prentice Hall, 1976. [DP96] R. Davies and F. Pfenning. A Modal Analysis of Staged Computation. In 23rd Annual ACM Symposium on Principles of Programming Languages. ACM Press, January 1996. [EN94] R. Elmasri and S. B. Navathe. Fundamentals of Database Systems. Benjamin/Cummings, 1994. [FHMV95] Ronald Fagin, Joseph Y. Halpern, Yoram Moses, and Moshe Y. Vardi. Reasoning about Knowledge. MIT Press, Cambridge, 1995. [Fit93] M. Fitting. Basic modal logic. In D. Gabbay, C. Hogger, and J. Robinson, editors, Handbook of Logic in Artificial In...

Abstract This paper presents an approach to the integration of statecharts, temporal logic and algebraic specification within an interactive verification environment. Currently some integrated formalisms exist [13, 7], but there is no proof support for theses approaches. Also model checkers are able to prove temporal properties of statecharts [3, 10], but they can only be used to verify properties based on a small, finite data domain. Our goal is to provide a uniform, interactive proof support for verifying temporal properties of statecharts with algebraic data types and functions over infinite data domains. As an implementation platform the KIV system [2] is used. The semantics of statecharts is based on [6], which formalizes the STATEMATE semantics of statecharts [12].

In verification of finite domain models (model checking) counterexamples help the user to identify, why a proof attempt has failed. In this paper we present an approach to construct counterexamples for first-order goals over infinite data types, which are defined by algebraic specifications. The approach avoids the implementation of a new calculus, by integrating counterexample search with the interactive theorem proving strategy. The paper demonstrates, that this integrations requires only a few modifications to the theorem proving strategy. 1

Imperative programs can be inverted directly from their forward-directed program code with the use of logical inference. The relational semantics of imperative computations treats programs as logical relations over the observable state of the environment, which is taken to be the state of the variables in memory. Program relations denote both forward and backward computations, and the direction of the computation depends upon the instantiation pattern of arguments in the relation. This view of inversion has practical applications when the relational semantics is treated as a logic program. Depending on the logic programming inference scheme used, execution of this relational program can compute the inverse of the imperative program. A number of nontrivial imperative computations can be inverted with minimal logic programming tools.

We give the first polynomial-time algorithm for the following problem: Given a degree sequence in which each degree is bounded from above by a constant, select, uniformly at random, an unlabelled connected multigraph with the given degree sequence. We also give the first polynomial-time algorithm for the following related problem: Given a molecular formula, select, uniformly at random, a structural isomer having the given formula.

Experience has shown that the issue of software documentation cannot be ignored if safe reliable software is the goal. To be useful, software documentation should be easy to manipulate. Function tables are a natural way of documenting software through the use of mathematical tabular notation. The need has been expressed for a tool to automatically generate the mathematical composition of two function tables, which would document the sequential execution of two programs. The Function Composition Tool is a prototype toward this end. The tool is based on existing algorithms using normal function tables, and their extensions to vector function tables. This work involves the design and implementation of the software. Supporting software enables the execution of test suites on the tool. iii Acknowledgements I would like to express my appreciation for the efforts and advice of my supervisors, Dr. David L. Parnas and Dr. Martin von Mohrenschildt, and those of the defense committee, Dr. Emil ...

This paper describes the use of tactics in the KIV proof environment for interactive, machinesupported proofs. Software veri cation is used as an example for a special application. We present the basic concepts of proof trees and tactics in KIV, and a suitable proof method, tactics, automated support, and proof engineering facilities for module veri cation.

This thesis presents an algorithm to determine semantic equality of two given tables used in software documentations. Tabular notation is seen to be a useful method for formal specification of software systems [8]. Verification of the software specification is an important part of software life cycle when software is used in safety critical environments. Industries such as Ontario Hydro invest time and money to ensure that their design of safety critical software corresponds to specification [13]. In this thesis we present an algorithm to verify whether two given tabular expressions specify the same relation. This algorithm is useful in verifying whether the design corresponds to specification. This algorithm handles all tables described in [1]. We also present the design of a prototype tool which implements this algorithm, which can help us automate the verification of software design. iv Acknowledgments I thank my supervisor Dr. Martin von Mohrenschildt for his support and enthus...

XNOR, and blocks implementing more complex logic (Boolean) functions. • No logical loops, i.e., topologically there may be loops, but they are not sensitizable under any (valid) input combination, even such loops may be prohibited / not produced by automated analysis / synthesis tools Goal Given two Boolean netlists, check if the corresponding outputs of the two circuits are equal for all possible inputs • Two circuits are equivalent iff the Boolean function representing the outputs of the networks are logically equivalent • Identify equivalence points and implications between the two circuits to simplify equivalence checking • Since a typical design proceeds by a series of local changes, in most cases there are many implications / equivalent subcircuits in the two circuits to be compared • Various tautology/satisfiability checking algorithms based on heuristics (problem is NPcomplete, but many work well on “real ” applications...) • In this course we consider three main combinational equivalence checking methods:- Propositional resolution method (tautology/satisfiability checking)- Stålmarck’s method (recent patented algorithm, very efficient and popular)- ROBDD-based method (Boolean function converted into ROBDD’s representation)

References 39 1999 E. Cerny, X. Song 9/7/99 2.2 (of 38) Combinational Circuits . Consist of an interconnection of logic gates - AND, OR, NOT, NAND, NOR, XOR, XNOR, and blocks implementing more complex logic (Boolean) functions . No logical loops, i.e., topologically there may be loops, but they are not sensitizable under any (valid) input combination, even such loops may be prohibited / not produced by automated analysis / synthesis tools . For practical purposes it is a Directed Acyclic Graph, from inputs to outputs . Ususally,combinational circuits implement arithmetic and logic operations, and next-state g and output functions f of finite-state machines (sequential circuits) . Verifying the behavior of the gate-level implementation against the RTL design of digital systems can often be reduced to verifying the combinational circuits -<F11.