Results 1 
8 of
8
A languagebased approach to functionally correct imperative programming
 IN PROCEEDINGS OF THE 10TH INTERNATIONAL CONFERENCE ON FUNCTIONAL PROGRAMMING (ICFP05
, 2005
"... In this paper a languagebased approach to functionally correct imperative programming is proposed. The approach is based on a programming language called RSP1, which combines dependent types, general recursion, and imperative features in a typesafe way, while preserving decidability of type checki ..."
Abstract

Cited by 35 (8 self)
 Add to MetaCart
In this paper a languagebased approach to functionally correct imperative programming is proposed. The approach is based on a programming language called RSP1, which combines dependent types, general recursion, and imperative features in a typesafe way, while preserving decidability of type checking. The methodology used is that of internal verification, where programs manipulate programmersupplied proofs explicitly as data. The fundamental technical idea of RSP1 is to identify problematic operations as impure, and keep them out of dependent types. The resulting language is powerful enough to verify statically nontrivial properties of imperative and functional programs. The paper presents the ideas through the examples of statically verified merge sort, statically verified imperative binary search trees, and statically verified directed acyclic graphs. This paper is an extended version of [30].
Verifying and reflecting quantifier elimination for Presburger arithmetic
 LOGIC FOR PROGRAMMING, ARTIFICIAL INTELLIGENCE, AND REASONING
, 2005
"... We present an implementation and verification in higherorder logic of Cooper’s quantifier elimination for Presburger arithmetic. Reflection, i.e. the direct execution in ML, yields a speedup of a factor of 200 over an LCFstyle implementation and performs as well as a decision procedure handcode ..."
Abstract

Cited by 11 (7 self)
 Add to MetaCart
We present an implementation and verification in higherorder logic of Cooper’s quantifier elimination for Presburger arithmetic. Reflection, i.e. the direct execution in ML, yields a speedup of a factor of 200 over an LCFstyle implementation and performs as well as a decision procedure handcoded in ML.
Validated ProofProducing Decision Procedures
, 2004
"... A widely used technique to integrate decision procedures (DPs) with other systems is to have the DPs emit proofs of the formulas they report valid. One problem that arises is debugging the proofproducing code; it is very easy in standard programming languages to write code which produces an incorre ..."
Abstract

Cited by 10 (5 self)
 Add to MetaCart
A widely used technique to integrate decision procedures (DPs) with other systems is to have the DPs emit proofs of the formulas they report valid. One problem that arises is debugging the proofproducing code; it is very easy in standard programming languages to write code which produces an incorrect proof. This paper demonstrates how proofproducing DPs may be implemented in a programming language, called RogueSigmaPi (RSP), whose type system ensures that proofs are manipulated correctly. RSP combines the Rogue rewriting language and the Edinburgh Logical Framework (LF). Typecorrect RSP programs are partially correct: essentially, any putative LF proof object produced by a typecorrect RSP program is guaranteed to type check in LF. The paper describes a simple proofproducing combination of propositional satisfiability checking and congruence closure implemented in RSP.
Verifying mixed realinteger quantifier elimination
 IJCAR 2006, LNCS 4130
, 2006
"... We present a formally verified quantifier elimination procedure for the first order theory over linear mixed realinteger arithmetics in higherorder logic based on a work by Weispfenning. To this end we provide two verified quantifier elimination procedures: for Presburger arithmitics and for lin ..."
Abstract

Cited by 8 (5 self)
 Add to MetaCart
We present a formally verified quantifier elimination procedure for the first order theory over linear mixed realinteger arithmetics in higherorder logic based on a work by Weispfenning. To this end we provide two verified quantifier elimination procedures: for Presburger arithmitics and for linear real arithmetics.
A Dependently Typed Programming Language, with applications to Foundational Certified Code Systems
, 2009
"... Certified code systems enable trust to be generated in untrusted pieces of code. This is done by requiring that a machine–verifiable certificate be packaged with code, which can then be proved safe independently. Safety is defined with respect to a defined safety policy. Recent work has focused on “ ..."
Abstract

Cited by 3 (0 self)
 Add to MetaCart
Certified code systems enable trust to be generated in untrusted pieces of code. This is done by requiring that a machine–verifiable certificate be packaged with code, which can then be proved safe independently. Safety is defined with respect to a defined safety policy. Recent work has focused on “foundational certified code systems”, which define the safety policy as execution on a concrete machine architecture. This makes the safety guarantees of the system more concrete relative to previous systems. There are two advantages. One, we gain in flexibility since the proof producers can use different assumptions and techniques. Two, the parts of the system that must be trusted become substantially simpler. This work describes our design of a practical foundational certified code system. Foundational systems have new proof obligations, for which we need different proof techniques and verification environments. In common with other such systems, we use an intermediate formal system such as a type system to isolate a group of programs. There are then two proof obligations. A program– specific proof verifies that the program belongs to the group so defined. This is the type checking problem. A generic safety proof says that all programs belonging to the group is safe to execute on the concrete machine. For a type system this is the type safety property.
Tactics for Hierarchical Proof
"... Abstract. There is something of a discontinuity at the heart of popular tactical theorem provers. Lowlevel, fullychecked mechanical proofs are large trees consisting of primitive logical inferences. Meanwhile, highlevel human inputs are lexically structured formal texts which include tactics desc ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
Abstract. There is something of a discontinuity at the heart of popular tactical theorem provers. Lowlevel, fullychecked mechanical proofs are large trees consisting of primitive logical inferences. Meanwhile, highlevel human inputs are lexically structured formal texts which include tactics describing search procedures. The proof checking process maps from the highlevel to lowlevel, but after that, explicit connections are usually lost. The lack of connection can make it difficult to understand the proof trees produced by successful tactic proofs, and difficult to debug faulty tactic proofs. We propose the use of hierarchical proofs, also known as hiproofs, to help bridge these levels. Hiproofs superimpose a labelled hierarchical nesting on an ordinary proof tree, abstracting from the underlying logic. The labels and nesting are used to describe the organisation of the proof, typically relating to its construction process. In this paper we introduce a foundational tactic language Hitac which constructs hiproofs in a generic setting. Hitac programs can be evaluated using a bigstep or a smallstep operational semantics. The bigstep semantics captures the intended meaning, whereas the smallstep semantics is closer to possible implementations and provides a unified notion of proof state. We prove that the semantics are equivalent and construct valid proofs. We also explain how to detect terms which are stuck in the smallstep semantics, and how these suggest interaction points with debugging tools. Finally we show some typical examples of tactics, constructed using tactical combinators, in our language.
A Tactic Language for Hiproofs
"... Abstract. We introduce and study a tactic language, Hitac, for constructing hierarchical proofs, known as hiproofs. The idea of hiproofs is to superimpose a labelled hierarchical nesting on an ordinary proof tree. The labels and nesting are used to describe the organisation of the proof, typically r ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
Abstract. We introduce and study a tactic language, Hitac, for constructing hierarchical proofs, known as hiproofs. The idea of hiproofs is to superimpose a labelled hierarchical nesting on an ordinary proof tree. The labels and nesting are used to describe the organisation of the proof, typically relating to its construction process. This can be useful for understanding and navigating the proof. Tactics in our language construct hiproof structure together with an underlying proof tree. We provide both a bigstep and a smallstep operational semantics for evaluating tactic expressions. The bigstep semantics captures the intended meaning, whereas the smallstep semantics hints at possible implementations and provides a unified notion of proof state. We prove that these notions are equivalent and construct valid proofs. 1
Mechanized quantifier elimination for linear realarithmetic in Isabelle/HOL
"... Abstract. We integrate Ferrante and Rackoff’s quantifier elimination procedure for linear real arithmetic in Isabelle/HOL in two manners: (a) tacticstyle, i.e. for every problem instance a proof is generated by invoking a series of inference rules, and (b) reflection, where the whole algorithm is i ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
Abstract. We integrate Ferrante and Rackoff’s quantifier elimination procedure for linear real arithmetic in Isabelle/HOL in two manners: (a) tacticstyle, i.e. for every problem instance a proof is generated by invoking a series of inference rules, and (b) reflection, where the whole algorithm is implemented and verified within Isabelle/HOL. We discuss the performance obtained for both integrations. 1