Results 1 
9 of
9
Trustworthy Tools for Trustworthy Programs: A Verified Verification Condition Generator
, 1994
"... Verification Condition Generator (VCG) tools have been effective in simplifying the task of proving programs correct. However, in the past these VCG tools have in general not themselves been mechanically proven, so any proof using and depending on these VCGs might have contained errors. In our w ..."
Abstract

Cited by 21 (1 self)
 Add to MetaCart
Verification Condition Generator (VCG) tools have been effective in simplifying the task of proving programs correct. However, in the past these VCG tools have in general not themselves been mechanically proven, so any proof using and depending on these VCGs might have contained errors. In our work, we define and rigorously prove correct a VCG tool within the HOL theorem proving system, for a standard whileloop language, with one new feature not usually treated: expressions with side effects. Starting from a structural operational semantics of this programming language, we prove as theorems the axioms and rules of inference of a Hoarestyle axiomatic semantics, verifying their soundness. This axiomatic semantics is then used to define and prove correct a VCG tool for this language. Finally, this verified VCG is applied to an example program to verify its correctness.
Program Verification using HOLUNITY
 Higher Order Logic Theorem Proving and Its Applications: HUG ’93, LNCS 780
, 1994
"... . HOLUNITY is an implementation of Chandy and Misra's UNITY theory in the HOL88 and HOL90 theorem provers. This paper shows how to verify safety and progress properties of concurrent programs using HOLUNITY. As an example it is proved that a liftcontrol program satisfies a given progress property ..."
Abstract

Cited by 16 (1 self)
 Add to MetaCart
. HOLUNITY is an implementation of Chandy and Misra's UNITY theory in the HOL88 and HOL90 theorem provers. This paper shows how to verify safety and progress properties of concurrent programs using HOLUNITY. As an example it is proved that a liftcontrol program satisfies a given progress property. The proof is compositional and partly automated. The progress property is decomposed into basic safety and progress properties, which are proved automatically by a developed tactic based on a combination of Gentzenlike proof methods and Pressburger decision procedures. The proof of the decomposition which includes induction is done mechanically using the inference rules of the UNITY logic implemented as theorems in HOL. The paper also contains some empirical results of running the developed tactic in HOL88 and HOL90, respectively. It turns out that HOL90 in average is about 9 times faster than HOL88. Finally, we discuss various ways of improving the tactic. 1 Introduction This paper pres...
Inference rules for programming languages with side effects in expressions
 In International Conference on Theorem Proving in Higher Order Logics
, 1996
"... Abstract. Much of the work on verifying software has been done on simple, often artificial, languages or subsets of existing languages to avoid difficult details. In trying to verify a secure application written in C, we have encountered and overcome some semantically complicated uses of the languag ..."
Abstract

Cited by 15 (2 self)
 Add to MetaCart
Abstract. Much of the work on verifying software has been done on simple, often artificial, languages or subsets of existing languages to avoid difficult details. In trying to verify a secure application written in C, we have encountered and overcome some semantically complicated uses of the language. We present inference rules for assignment statements with pre and postevaluation side effects and while loops with arbitrary preevaluation side effects in the test expression. We also discuss the need to abstract the semantics of program functions and present an inference rule for abstraction.
LCF Examples in HOL
 The Computer Journal
, 1994
"... The LCF system provides a logic of fixed point theory and is useful to reason about nontermination, recursive definitions and infinitevalued types such as lazy lists. Because of continual presence of bottom elements, it is clumsy for reasoning about finitevalued types and strict functions. The ..."
Abstract

Cited by 12 (4 self)
 Add to MetaCart
The LCF system provides a logic of fixed point theory and is useful to reason about nontermination, recursive definitions and infinitevalued types such as lazy lists. Because of continual presence of bottom elements, it is clumsy for reasoning about finitevalued types and strict functions. The HOL system provides set theory and supports reasoning about finitevalued types and total functions well. In this paper a number of examples are used to demonstrate that an extension of HOL with domain theory combines the benefits of both systems. The examples illustrate reasoning about infinite values and nonterminating functions and show how domain and set theoretic reasoning can be mixed to advantage. An example presents a proof of correctness of a recursive unification algorithm using wellfounded induction.
A Survey on Embedding Programming Logics in a Theorem Prover
 Institute of Information and Computing Sciences Utrecht University
, 2002
"... Theorem provers were also called 'proof checkers' because that is what they were in the beginning. They have grown powerful, however, capable in many cases to automatically produce complicated proofs. In particular, higher order logic based theorem provers such as HOL and PVS became popular because ..."
Abstract

Cited by 8 (2 self)
 Add to MetaCart
Theorem provers were also called 'proof checkers' because that is what they were in the beginning. They have grown powerful, however, capable in many cases to automatically produce complicated proofs. In particular, higher order logic based theorem provers such as HOL and PVS became popular because the logic is well known and very expressive. They are generally considered to be potential platforms to embed a programming logic for the purpose of formal verification. In this paper we investigate a number of most commonly used methods of embedding programming logics in such theorem provers and expose problems we discover. We will also propose an alternative approach: hybrid embedding.
Window inference in isabelle
 University of Cambridge Computer Laboratory
, 1995
"... Window inference is a transformational style of reasoning that provides an intuitive framework for managing context during the transformation of subterms under transitive relations. This report describes the design for a prototype window inference tool in Isabelle, and discusses possible directions ..."
Abstract

Cited by 5 (2 self)
 Add to MetaCart
Window inference is a transformational style of reasoning that provides an intuitive framework for managing context during the transformation of subterms under transitive relations. This report describes the design for a prototype window inference tool in Isabelle, and discusses possible directions for the final tool. 1
Towards an Integrated CASE and Theorem Proving Tool for VDMSL
 In FME'97, SpringerVerlag LNCS
, 1997
"... . While CASE tools for formal methods have been relatively successful in industry, the uptake of the theorem proving technology has been quite slow. This suggests that more focus should be put on specification notations and pragmatic features of existing CASE tools in building proof support tools. ..."
Abstract

Cited by 5 (1 self)
 Add to MetaCart
. While CASE tools for formal methods have been relatively successful in industry, the uptake of the theorem proving technology has been quite slow. This suggests that more focus should be put on specification notations and pragmatic features of existing CASE tools in building proof support tools. This paper presents a prototype integrated CASE/TP tool which combines the benefits of a generalpurpose theorem prover called Isabelle with those of a commercial CASE tool for the VDMSL formal specification languagethe IFAD VDMSL Toolbox. The integrated tool supports pragmatic test and rigorous proof at the same time. Moreover, the tool supports proofs in the notation of the CASE tool by handling "difficult" constructs such as patterns and cases expressions in an untraditional way using reversible transformations. 1 Introduction CASE tools for formal software development support the validation of specifications through static checks and animation. Proofs can add rigor to the software ...
Design, Analysis and Reasoning about Tools: Abstracts from the Third Workshop
, 1993
"... s from the Third Workshop Flemming Nielson (editor) October 1993 1 Introduction The third DART workshop took place on Thursday August l9th and Friday August 20th at the Department of Computer Science (DIKU) at the University of Copenhagen; it was organized by Mads Rosendahl and others at DIKU, and ..."
Abstract
 Add to MetaCart
s from the Third Workshop Flemming Nielson (editor) October 1993 1 Introduction The third DART workshop took place on Thursday August l9th and Friday August 20th at the Department of Computer Science (DIKU) at the University of Copenhagen; it was organized by Mads Rosendahl and others at DIKU, and Torben Amtoft and Susanne Brønberg helped producing this report. The first day comprised survey presentations whereas the second contained more research oriented talks. The primary aim of the workshop was to increase the awareness of DART participants for each other's work, to stimulate collaboration between the di#erent groups, and to inform Danish industry about the skills possessed by the groups. The DART project started in March 1991 (prematurely terminating a smaller project on Formal Implementation, Transformation and Analysis of Programs) and is funded by the Danish Research Councils as part of the Danish Research Programme on Informatics. To date it has received about 8 million Danis...