Results 1  10
of
124
Nominal Logic: A First Order Theory of Names and Binding
 Information and Computation
, 2001
"... This paper formalises within firstorder logic some common practices in computer science to do with representing and reasoning about syntactical structures involving named bound variables (as opposed to nameless terms, explicit substitutions, or higher order abstract syntax). It introduces Nominal L ..."
Abstract

Cited by 161 (15 self)
 Add to MetaCart
This paper formalises within firstorder logic some common practices in computer science to do with representing and reasoning about syntactical structures involving named bound variables (as opposed to nameless terms, explicit substitutions, or higher order abstract syntax). It introduces Nominal Logic, a version of firstorder manysorted logic with equality containing primitives for renaming via nameswapping and for freshness of names, from which a notion of binding can be derived. Its axioms express...
A Metalanguage for Programming with Bound Names Modulo Renaming
 Mathematics of Program Construction, volume 1837 of Lecture Notes in Computer Science
, 2000
"... This paper describes work in progress on the design of an MLstyle metalanguage FreshML for programming with recursively defined functions on userdefined, concrete data types whose constructors may involve variable binding. Up to operational equivalence, values of such FreshML data types can faithf ..."
Abstract

Cited by 88 (15 self)
 Add to MetaCart
This paper describes work in progress on the design of an MLstyle metalanguage FreshML for programming with recursively defined functions on userdefined, concrete data types whose constructors may involve variable binding. Up to operational equivalence, values of such FreshML data types can faithfully encode terms modulo alphaconversion for a wide range of object languages in a straightforward fashion. The design of FreshML is `semantically driven', in that it arises from the model of variable binding in set theory with atoms given by the authors in [7]. The language has a type constructor for abstractions over names ( = atoms) and facilities for declaring locally fresh names. Moreover, recursive definitions can use a form of patternmatching on bound names in abstractions. The crucial point is that the FreshML type system ensures that these features can only be used in welltyped programs in ways that are insensitive to renaming of bound names.
Isar  a Generic Interpretative Approach to Readable Formal Proof Documents
, 1999
"... We present a generic approach to readable formal proof documents, called Intelligible semiautomated reasoning (Isar). It addresses the major problem of existing interactive theorem proving systems that there is no appropriate notion of proof available that is suitable for human communication, or ..."
Abstract

Cited by 81 (16 self)
 Add to MetaCart
We present a generic approach to readable formal proof documents, called Intelligible semiautomated reasoning (Isar). It addresses the major problem of existing interactive theorem proving systems that there is no appropriate notion of proof available that is suitable for human communication, or even just maintenance. Isar's main aspect is its formal language for natural deduction proofs, which sets out to bridge the semantic gap between internal notions of proof given by stateoftheart interactive theorem proving systems and an appropriate level of abstraction for userlevel work. The Isar language is both human readable and machinecheckable, by virtue of the Isar/VM interpreter. Compared to existing declarative theorem proving systems, Isar avoids several shortcomings: it is based on a few basic principles only, it is quite independent of the underlying logic, and supports a broad range of automated proof methods. Interactive proof development is supported as well...
HOL Light: A tutorial introduction
 Proceedings of the First International Conference on Formal Methods in ComputerAided Design (FMCAD’96), volume 1166 of Lecture Notes in Computer Science
, 1996
"... HOL Light is a new version of the HOL theorem prover. While retaining the reliability and programmability of earlier versions, it is more elegant, lightweight, powerful and automatic; it will be the basis for the Cambridge component of the HOL2000 initiative to develop the next generation of HOL th ..."
Abstract

Cited by 70 (9 self)
 Add to MetaCart
HOL Light is a new version of the HOL theorem prover. While retaining the reliability and programmability of earlier versions, it is more elegant, lightweight, powerful and automatic; it will be the basis for the Cambridge component of the HOL2000 initiative to develop the next generation of HOL theorem provers. HOL Light is written in CAML Light, and so will run well even on small machines, e.g. PCs and Macintoshes with a few megabytes of RAM. This is in stark contrast to the resourcehungry systems which are the norm in this field, other versions of HOL included. Among the new features of this version are a powerful simplifier, effective first order automation, simple higherorder matching and very general support for inductive and recursive definitions.
Java Program Verification via a Hoare Logic with Abrupt Termination
 Fundamental Approaches to Software Engineering (FASE 2000), number 1783 in LNCS
, 2000
"... This paper formalises a semantics for statements and expressions (in sequential imperative languages) which includes nontermination, normal termination and abrupt termination (e.g. because of an exception, break, return or continue). This extends the traditional semantics underlying e.g. Hoare logi ..."
Abstract

Cited by 63 (6 self)
 Add to MetaCart
This paper formalises a semantics for statements and expressions (in sequential imperative languages) which includes nontermination, normal termination and abrupt termination (e.g. because of an exception, break, return or continue). This extends the traditional semantics underlying e.g. Hoare logic, which only distinguishes termination and nontermination. An extension of Hoare logic is elaborated that includes means for reasoning about abrupt termination (and sideeffects). It prominently involves rules for reasoning about while loops, which may contain exceptions, breaks, continues and returns. This extension applies in particular to Java. As an example, a standard pattern search algorithm in Java (involving a while loop with returns) is proven correct using the prooftool PVS.
Five axioms of alphaconversion
 Ninth international Conference on Theorem Proving in Higher Order Logics TPHOL
, 1996
"... Abstract. We present five axioms of namecarrying lambdaterms identified up to alphaconversion—that is, up to renaming of bound variables. We assume constructors for constants, variables, application and lambdaabstraction. Other constants represent a function Fv that returns the set of free variab ..."
Abstract

Cited by 51 (0 self)
 Add to MetaCart
Abstract. We present five axioms of namecarrying lambdaterms identified up to alphaconversion—that is, up to renaming of bound variables. We assume constructors for constants, variables, application and lambdaabstraction. Other constants represent a function Fv that returns the set of free variables in a term and a function that substitutes a term for a variable free in another term. Our axioms are (1) equations relating Fv and each constructor, (2) equations relating substitution and each constructor, (3) alphaconversion itself, (4) unique existence of functions on lambdaterms defined by structural iteration, and (5) construction of lambdaabstractions given certain functions from variables to terms. By building a model from de Bruijn’s nameless lambdaterms, we show that our five axioms are a conservative extension of HOL. Theorems provable from the axioms include distinctness, injectivity and an exhaustion principle for the constructors, principles of structural induction and primitive recursion on lambdaterms, Hindley and Seldin’s substitution lemmas and
The KEY Approach: Integrating Object Oriented Design and Formal Verification
, 2000
"... This paper reports on the ongoing KeY project aimed at bridging the gap between (a) objectoriented software engineering methods and tools and (b) deductive verification. A distinctive feature of our approach is the use of a commercial CASE tool enhanced with functionality for formal specifiation an ..."
Abstract

Cited by 44 (18 self)
 Add to MetaCart
This paper reports on the ongoing KeY project aimed at bridging the gap between (a) objectoriented software engineering methods and tools and (b) deductive verification. A distinctive feature of our approach is the use of a commercial CASE tool enhanced with functionality for formal specifiation and deductive verification.
Inductive datatypes in HOL  lessons learned in FormalLogic Engineering
 Theorem Proving in Higher Order Logics: TPHOLs ’99, LNCS 1690
, 1999
"... Isabelle/HOL has recently acquired new versions of definitional packages for inductive datatypes and primitive recursive functions. In contrast to its predecessors and most other implementations, Isabelle/HOL datatypes may be mutually and indirect recursive, even infinitely branching. We also su ..."
Abstract

Cited by 42 (6 self)
 Add to MetaCart
Isabelle/HOL has recently acquired new versions of definitional packages for inductive datatypes and primitive recursive functions. In contrast to its predecessors and most other implementations, Isabelle/HOL datatypes may be mutually and indirect recursive, even infinitely branching. We also support inverted datatype definitions for characterizing existing types as being inductive ones later. All our constructions are fully definitional according to established HOL tradition. Stepping back from the logical details, we also see this work as a typical example of what could be called "FormalLogic Engineering". We observe that building realistic theorem proving environments involves further issues rather than pure logic only. 1
TAME: A PVS Interface to Simplify Proofs for Automata Models
 In Proc. User Interfaces for Theorem Provers 1998 (UITP '98
, 1998
"... Although a number of mechanical provers have been introduced and applied widely by academic researchers, these provers are rarely used in the practical development of software. For mechanical provers to be used more widely in practice, two major barriers must be overcome. First, the languages provid ..."
Abstract

Cited by 39 (12 self)
 Add to MetaCart
Although a number of mechanical provers have been introduced and applied widely by academic researchers, these provers are rarely used in the practical development of software. For mechanical provers to be used more widely in practice, two major barriers must be overcome. First, the languages provided by the mechanical provers for expressing the required system behavior must be more natural for software developers. Second, the reasoning steps supported by mechanical provers are usually at too low and detailed a level and therefore discourage use of the prover. To help remove these barriers, we are developing a system called TAME, a highlevel user interface to PVS for specifying and proving properties of automata models. TAME provides both a standard specification format for automata models and numerous highlevel proof steps appropriate for reasoning about automata models. In previous work, we have shown how TAME can be useful in proving properties about systems described as LynchVaa...