Results 1  10
of
68
The Design and Implementation of a Certifying Compiler
, 1998
"... This paper presents the design and implementation of a compiler that translates programs written in a typesafe subset of the C programming language into highly optimized DEC Alpha assembly language programs, and a certifier that automatically checks the type safety and memory safety of any assembl ..."
Abstract

Cited by 288 (10 self)
 Add to MetaCart
(Show Context)
This paper presents the design and implementation of a compiler that translates programs written in a typesafe subset of the C programming language into highly optimized DEC Alpha assembly language programs, and a certifier that automatically checks the type safety and memory safety of any assembly language program produced by the compiler. The result of the certifier is either a formal proof of type safety or a counterexample pointing to a potential violation of the type system by the target program. The ensemble of the compiler and the certifier is called a certifying compiler. Several advantages of certifying compilation over previous approaches can be claimed. The notion of a certifying compiler is significantly easier to employ than a formal compiler verification, in part because it is generally easier to verify the correctness of the result of a computation than to prove the correctness of the computation itself. Also, the approach can be applied even to highly optimizing compilers, as demonstrated by the fact that our compiler generates target code, for a range of realistic C programs, which is competitive with both the cc and gee compilers with all optimizations enabled. The certifier also drastically improves the effectiveness of compiler testing because, for each test case, it statically signals compilation errors that might otherwise require many executions to detect. Finally, this approach is a practical way to produce the safety proofs for a ProofCarrying Code system, and thus may be useful in a system for safe mobile code.
Automating Recursive Type Definitions in Higher Order Logic
 Current Trends in Hardware Verification and Automated Theorem Proving
, 1988
"... : The expressive power of higher order logic makes it possible to define a wide variety of types within the logic and to prove theorems that state the properties of these types concisely and abstractly. This paper contains a tutorial introduction to the logical basis for such type definitions. Examp ..."
Abstract

Cited by 82 (6 self)
 Add to MetaCart
: The expressive power of higher order logic makes it possible to define a wide variety of types within the logic and to prove theorems that state the properties of these types concisely and abstractly. This paper contains a tutorial introduction to the logical basis for such type definitions. Examples are given of the formal definitions in logic of several simple types. A method is then described for systematically defining any instance of a certain class of commonlyused recursive types. The automation of this method in HOL, an interactive system for generating proofs in higher order logic, is also discussed. 1 To appear in Current Trends in Hardware Verification and Automated Theorem Proving, proceedings of the 1988 Banff Workshop on Hardware Verification, edited by G. Birtwistle and P. Subrahmanyam (SpringerVerlag, 1988). Revised 28 January Contents Introduction 5 1 Introduction to Higher Order Logic 6 1.1 Notation : : : : : : : : : : : : : : : : : : : : : : : : : : : : : ...
Elf: A Language for Logic Definition and Verified Metaprogramming
 In Fourth Annual Symposium on Logic in Computer Science
, 1989
"... We describe Elf, a metalanguage for proof manipulation environments that are independent of any particular logical system. Elf is intended for metaprograms such as theorem provers, proof transformers, or type inference programs for programming languages with complex type systems. Elf unifies logic ..."
Abstract

Cited by 81 (7 self)
 Add to MetaCart
(Show Context)
We describe Elf, a metalanguage for proof manipulation environments that are independent of any particular logical system. Elf is intended for metaprograms such as theorem provers, proof transformers, or type inference programs for programming languages with complex type systems. Elf unifies logic definition (in the style of LF, the Edinburgh Logical Framework) with logic programming (in the style of Prolog). It achieves this unification by giving types an operational interpretation, much the same way that Prolog gives certain formulas (Hornclauses) an operational interpretation. Novel features of Elf include: (1) the Elf search process automatically constructs terms that can represent objectlogic proofs, and thus a program need not construct them explicitly, (2) the partial correctness of metaprograms with respect to a given logic can be expressed and proved in Elf itself, and (3) Elf exploits Elliott's unification algorithm for a calculus with dependent types. This research was...
Implementing Tactics and Tacticals in a HigherOrder Logic Programming Language
 Journal of Automated Reasoning
, 1993
"... We argue that a logic programming language with a higherorder intuitionistic logic as its foundation can be used both to naturally specify and implement tactic style theorem provers. The language extends traditional logic programming languages by replacing firstorder terms with simplytyped terms ..."
Abstract

Cited by 68 (15 self)
 Add to MetaCart
(Show Context)
We argue that a logic programming language with a higherorder intuitionistic logic as its foundation can be used both to naturally specify and implement tactic style theorem provers. The language extends traditional logic programming languages by replacing firstorder terms with simplytyped terms, replacing firstorder unification with higherorder unification, and allowing implication and universal quantification in queries and the bodies of clauses. Inference rules for a variety of inference systems can be naturally specified in this language. The higherorder features of the language contribute to a concise specification of provisos concerning variable occurrences in formulas and the discharge of assumptions present in many inference systems. Tactics and tacticals, which provide a framework for highlevel control over search for proofs, can be directly and naturally implemented in the extended language. This framework serves as a starting point for implementing theorem provers an...
Natural Deduction as HigherOrder Resolution
 Journal of Logic Programming
, 1986
"... An interactive theorem prover, Isabelle, is under development. In LCF, each inference rule is represented by one function for forwards proof and another (a tactic) for backwards proof. In Isabelle, each inference rule is represented by a Horn clause. ..."
Abstract

Cited by 61 (11 self)
 Add to MetaCart
(Show Context)
An interactive theorem prover, Isabelle, is under development. In LCF, each inference rule is represented by one function for forwards proof and another (a tactic) for backwards proof. In Isabelle, each inference rule is represented by a Horn clause.
The Notion of Proof in Hardware Verification
, 1989
"... : Recent advances in the field of hardware verification have raised some fresh (and some familiar) issues to do with the scope and limitations of formal proof. In this note, some of these are considered in the context of the Viper verification project. Viper is a microprocessor designed by W. J. Cu ..."
Abstract

Cited by 49 (0 self)
 Add to MetaCart
: Recent advances in the field of hardware verification have raised some fresh (and some familiar) issues to do with the scope and limitations of formal proof. In this note, some of these are considered in the context of the Viper verification project. Viper is a microprocessor designed by W. J. Cullyer, C. Pygott and J. Kershaw, of the Royal Signals and Radar Establishment of the U.K. Ministry of Defense, for use in safetycritical applications. Much to their credit, the designers intended from the start that Viper be formally verified; they presented Viper's more abstract specifications in a language suitable for formal reasoning, and they placed the design in the public domain. Viper microprocessors are currently being marketed as verified chips. The formal proof aspects of the verification work have been carried out at the Computer Laboratory of the University of Cambridge. To date, some important properties of a registertransfer level model of Viper, relative to a more abstract ...
Abstraction Mechanisms for Hardware Verification
 VLSI Specification, Verification and Synthesis
, 1987
"... ion Mechanisms for Hardware Verification Thomas F. Melham University of Cambridge Computer Laboratory New Museums Site, Pembroke Street Cambridge, CB2 3QG, England Abstract: It is argued that techniques for proving the correctness of hardware designs must use abstraction mechanisms for relating fo ..."
Abstract

Cited by 41 (0 self)
 Add to MetaCart
(Show Context)
ion Mechanisms for Hardware Verification Thomas F. Melham University of Cambridge Computer Laboratory New Museums Site, Pembroke Street Cambridge, CB2 3QG, England Abstract: It is argued that techniques for proving the correctness of hardware designs must use abstraction mechanisms for relating formal descriptions at different levels of detail. Four such abstraction mechanisms and their formalization in higher order logic are discussed. Introduction Recent advances in microelectronics have given designers of digital hardware the potential to build electronic devices of unprecedented size and complexity. With increasing size and complexity, however, it becomes increasingly difficult to ensure that such systems will not malfunction because of design errors. This problem has prompted some researchers to look for a firm theoretical basis for correct design of hardware systems. Mathematical methods have been developed to model the functional behaviour of electronic devices and to verify,...
Safe, Untrusted Agents using ProofCarrying Code
 of Lecture Notes in Computer Science
, 1998
"... . ProofCarrying Code (PCC) enables a computer system to determine, automatically and with certainty, that program code provided by another system is safe to install and execute without requiring interpretation or runtime checking. PCC has applications in any computing system in which the safe, eff ..."
Abstract

Cited by 35 (3 self)
 Add to MetaCart
. ProofCarrying Code (PCC) enables a computer system to determine, automatically and with certainty, that program code provided by another system is safe to install and execute without requiring interpretation or runtime checking. PCC has applications in any computing system in which the safe, efficient, and dynamic installation of code is needed. The key idea of ProofCarrying is to attach to the code an easilycheckable proof that its execution does not violate the safety policy of the receiving system. This paper describes the design and a typical implementation of ProofCarrying Code, where the language used for specifying the safety properties is firstorder predicate logic. Examples of safety properties that are covered in this paper are memory safety and compliance with data access policies, resource usage bounds, and data abstraction boundaries. 1 Introduction ProofCarrying Code (PCC) enables a computer system to determine, automatically and with certainty, that program cod...
A Logic Programming Approach to Implementing HigherOrder Term Rewriting
 Second International Workshop on Extensions to Logic Programming, volume 596 of Lecture Notes in Arti Intelligence
, 1992
"... Term rewriting has proven to be an important technique in theorem proving. In this paper, we illustrate that rewrite systems and strategies for higherorder term rewriting, which includes the usual notion of firstorder rewriting, can be naturally specified and implemented in a higherorder logic pr ..."
Abstract

Cited by 20 (4 self)
 Add to MetaCart
Term rewriting has proven to be an important technique in theorem proving. In this paper, we illustrate that rewrite systems and strategies for higherorder term rewriting, which includes the usual notion of firstorder rewriting, can be naturally specified and implemented in a higherorder logic programming language. We adopt a notion of higherorder rewrite system which uses the simply typed calculus as the language for expressing rules, with a restriction on the occurrences of free variables on the left hand sides of rules so that matching of terms with rewrite templates is decidable. The logic programming language contains an implementation of the simplytyped lambda calculus including fij conversion and higherorder unification. In addition, universal quantification in queries and the bodies of clauses is permitted. For higherorder rewriting, we show how these operations implemented at the metalevel provide elegant mechanisms for the objectlevel operations of descending thro...
Using Recursive Types to Reason about Hardware in Higher Order Logic
, 1988
"... : The expressive power of higher order logic makes it possible to define a wide variety of data types within the logic and to prove theorems that state the properties of these types concisely and abstractly. This paper describes how such defined data types can be used to support formal reasoning in ..."
Abstract

Cited by 19 (1 self)
 Add to MetaCart
: The expressive power of higher order logic makes it possible to define a wide variety of data types within the logic and to prove theorems that state the properties of these types concisely and abstractly. This paper describes how such defined data types can be used to support formal reasoning in higher order logic about the behaviour of hardware designs. First printed: May 1988 Reprinted with revisions: April 1990 An earlier version of this paper appears in: The Fusion of Hardware Design and Verification, ed. G.J. Milne (NorthHolland, 1988), pp. 2750. Contents Introduction 5 1 Hardware Verification using Higher Order Logic 5 1.1 Notation : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : 5 1.2 Specifying Hardware Behaviour : : : : : : : : : : : : : : : : : : 6 1.3 Specifying Hardware Structure : : : : : : : : : : : : : : : : : : 7 1.4 Formulating Correctness : : : : : : : : : : : : : : : : : : : : : : 8 2 Recursive Types in Higher Order Logic 8 2.1 Type Definit...