Results 1 
9 of
9
The Foundation of a Generic Theorem Prover
 Journal of Automated Reasoning
, 1989
"... Isabelle [28, 30] is an interactive theorem prover that supports a variety of logics. It represents rules as propositions (not as functions) and builds proofs by combining rules. These operations constitute a metalogic (or `logical framework') in which the objectlogics are formalized. Isabelle is ..."
Abstract

Cited by 422 (47 self)
 Add to MetaCart
Isabelle [28, 30] is an interactive theorem prover that supports a variety of logics. It represents rules as propositions (not as functions) and builds proofs by combining rules. These operations constitute a metalogic (or `logical framework') in which the objectlogics are formalized. Isabelle is now based on higherorder logic  a precise and wellunderstood foundation. Examples illustrate use of this metalogic to formalize logics and proofs. Axioms for firstorder logic are shown sound and complete. Backwards proof is formalized by metareasoning about objectlevel entailment. Higherorder logic has several practical advantages over other metalogics. Many proof techniques are known, such as Huet's higherorder unification procedure. Key words: higherorder logic, higherorder unification, Isabelle, LCF, logical frameworks, metareasoning, natural deduction Contents 1 History and overview 2 2 The metalogic M 4 2.1 Syntax of the metalogic ......................... 4 2.2 ...
Reusing Software Developments
 In Proceedings of the 4th ACM SIGSOFT Symposium on Software Development Environments
, 1990
"... Software development environments of the future will be characterized by extensive reuse of previous work. This paper addresses the issue of reusability in the context in which design is achieved by the transformational development of formal specifications into efficient implementations. It explores ..."
Abstract

Cited by 14 (2 self)
 Add to MetaCart
Software development environments of the future will be characterized by extensive reuse of previous work. This paper addresses the issue of reusability in the context in which design is achieved by the transformational development of formal specifications into efficient implementations. It explores how an implementation of a modified specification can be realized by replaying the transformational derivation of the original and modifying it as required by changes made to the specification. Our approach is to structure derivations using the notion of tactics, and record derivation histories as an execution trace of the application of tactics. One key idea is that tactics are compositional: higher level tactics are constructed from more rudimentary using defined control primitives. This is similar to the approach used in LCF[12] and NuPRL[1, 8]. Given such a derivation history and a modified specification, the correspondence problem [21, 20] addresses how during replay a correspondence...
Deductive Runtime Certification
 In Proceedings of the 2004 Workshop on Runtime Verification
, 2004
"... This paper introduces a notion of certified computation whereby an algorithm not only produces a result r for a given input x, but also proves that r is a correct result for x. This can greatly enhance the credibility of the result: if we trust the axioms and inference rules that are used in the pro ..."
Abstract

Cited by 11 (8 self)
 Add to MetaCart
This paper introduces a notion of certified computation whereby an algorithm not only produces a result r for a given input x, but also proves that r is a correct result for x. This can greatly enhance the credibility of the result: if we trust the axioms and inference rules that are used in the proof, then we can be assured that r is correct. Typically, the reasoning used in a certified computation is much simpler than the computation itself. We present and analyze two examples of certifying algorithms. We have developed...
MachineAssisted TheoremProving for Software Engineering
 Technical Monograph PRG121, ISBN 0902928953, Oxford University Computing LaboratoryWolfson Building, Parks Road
, 1994
"... The thesis describes the production of a large prototype proof system for Z, and a tactic language in which the proof tactics used in a wide range of systems (including the system described here) can be discussed. The details of the construction of the toolusing the W logic for Z, and implemented ..."
Abstract

Cited by 5 (1 self)
 Add to MetaCart
The thesis describes the production of a large prototype proof system for Z, and a tactic language in which the proof tactics used in a wide range of systems (including the system described here) can be discussed. The details of the construction of the toolusing the W logic for Z, and implemented in 2OBJare presented, along with an account of some of the proof tactics which enable W to be applied to typical proofs in Z. A case study gives examples of such proofs. Special attention is paid to soundness concerns, since it is considerably easier to check that a program such as this one produces sound proofs, than to check that each of the impenetrable proofs which it creates is indeed sound. As the first such encoding of W, this helped to find bugs in the published presentations of W, and to demonstrate that W makes proof in Z tractable. The second part of the thesis presents a tactic language, with a formal semantics (independent of any particular tool) and a set of rules for reasoning about tactics written in this language. A small set of these rules is shown to be complete for the finite (nonrecursive)
Proof Script Pragmatics in IMPS
 Automated Deduction CADE12, volume 814 of Lecture Notes in Computer Science
, 1994
"... . This paper introduces the imps proof script mechanism and some practical methods for exploiting it. 1 Introduction imps, an Interactive Mathematical Proof System [4, 2], is intended to serve three ultimate purposes: { To provide mathematics education with a mathematics laboratory for students ..."
Abstract

Cited by 4 (2 self)
 Add to MetaCart
. This paper introduces the imps proof script mechanism and some practical methods for exploiting it. 1 Introduction imps, an Interactive Mathematical Proof System [4, 2], is intended to serve three ultimate purposes: { To provide mathematics education with a mathematics laboratory for students to develop axiomatic theories, proofs, and rigorous methods of symbolic computation. { To provide mathematical research with mechanized support covering a range of concrete and abstract mathematics, eventually with the help of a large theory library of formal mathematics. { To allow applied formal methods to use exible approaches to formalizing problem domains and proof techniques, in showing software or hardware correctness. Thus, the goal of imps is to provide mechanical support for traditional methods and activities of mathematics, and for traditional styles of mathematical proof. Other automated theorem provers may be intended for quite dierent sorts of problems, and they can theref...
A Monadic Interpretation of Tactics
, 2002
"... Many proof tools use `tactic languages' as programs to direct their proofs. We present a simplified idealised tactic language, and describe its denotational semantics. The language has many applications outside theoremproveo activ5QbG) The semantics is parametrised by a monad (plus additional struc ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
Many proof tools use `tactic languages' as programs to direct their proofs. We present a simplified idealised tactic language, and describe its denotational semantics. The language has many applications outside theoremproveo activ5QbG) The semantics is parametrised by a monad (plus additional structure). By instantiating this inv arious ways, the core semantics of a number of di#erent tactic languages is obtained. 1 Int roduct45 The notiB of a tactic as a program usedi the constructifi of a (machic[ assi46fi8 formal proof has become quie wie[S#fifi[ Tacti# orifi#z[ i the work of Gordon et al [GMW79] onEdi burgh LCF. The extent to whi h other`tacti4 based' systems istems[ t essentien[ the same style of programmifi faci#[I vari4 consi[I8#Bfi . InEdi burgh LCF, atacti does notit[8B construct a proof. Rather,i ti s usedi backwardreasoni[ to construct a vali#fiz[I functi[ whi h mayi46z8 prove thedesi6B property. Theoremhood i guarded by use of a `safe datatype', and only sound vali484[I functi[I may construct elements ofthi type. In other work, the type of theoremsi protected by havi8 the class oftacti icti protected, so thati i ia ossiSB tobui# unsound proofs. The account here tends towards the secondvion though the treatment oftacti6 i s actually so abstract that thi may not be an i[ edi# t to i[ appli#[IS# i eipli sense. Whie. tacti[ arewiSfi6[IS tacti programmi remai4 adiBfiBS task. Inthi paper, weconsi#[ abstractdescri[S#fi oftactifi[ wit the hope that modern algori desii techniSzS# such as thosedescri ed byBiS and de Moor [BdM97], can be brought to bear on thedi8Sfi[IS ontacti programmi#4 Earlia di#S[ISS oftacti6 i n the abstract (wiract operati6z[ bii to any parti[ISS proof tool)i)[SS those by SchmiB [Sch84] and Mi4#...
The Compiler Forest
"... Abstract. We address the problem of writing compilers targeting complex execution environments, such as computer clusters composed of machines with multicore CPUs. To that end we introduce partial compilers. These compilers can pass subprograms to several child (partial) compilers, combining the c ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
Abstract. We address the problem of writing compilers targeting complex execution environments, such as computer clusters composed of machines with multicore CPUs. To that end we introduce partial compilers. These compilers can pass subprograms to several child (partial) compilers, combining the code generated by their children to generate the final target code. We define a set of highlevel polymorphic operations manipulating both compilers and partial compilers as firstclass values. These mechanisms provide a software architecture for modular compiler construction. This allows the building of a forest of compilers, providing a structured treatment of multistage compilers. 1
Desiderata for Interactive Verification Systems
, 1994
"... What facilities should an interactive verification system provide? We take the pragmatic view that the particular logic underlying a proof system is not as important as the support that is provided. Although a plethora of logics have been implemented, we think that there is a common kernel of suppor ..."
Abstract
 Add to MetaCart
What facilities should an interactive verification system provide? We take the pragmatic view that the particular logic underlying a proof system is not as important as the support that is provided. Although a plethora of logics have been implemented, we think that there is a common kernel of support that a proof system ought to provide. Towards this end, we give detailed suggestions for verification support in three major areas: formalization, proof, and interface. Although our perspective comes from experience with highly expressive logics such as set theory, higher order logic, and type theory, we think our analyses apply more generally. Introduction Currently, theorem provers are used in the verification of both hardware and software [GM93, ORS92, BM90, HRS90, FFMH92], the formalization of informal mathematical proofs [FGT90, CH85, Pau90b], the teaching of logic[AMC84], and as tools of mathematical and metamathematical research [WWM + 90, CAB + 86]. 1 In this paper we describ...