Results 11  20
of
124
Proving the Soundness of a Java Bytecode Verifier Specification in Isabelle/HOL
 In Tools and Algorithms for the Construction and Analysis of Systems (TACAS’99
, 1999
"... . Compiled Java programs may be downloaded from the World Wide Web and be executed on any host platform that implements the Java Virtual Machine (JVM). However, in general it is impossible to check the origin of the code and trust in its correctness. Therefore, standard implementations of the JV ..."
Abstract

Cited by 38 (0 self)
 Add to MetaCart
. Compiled Java programs may be downloaded from the World Wide Web and be executed on any host platform that implements the Java Virtual Machine (JVM). However, in general it is impossible to check the origin of the code and trust in its correctness. Therefore, standard implementations of the JVM contain a bytecode verifier that statically checks several security constraints before execution of the code. We have formalized large parts of the JVM, covering the central parts of object orientation, within the theorem prover Isabelle/HOL. We have then formalized a specification for a Java bytecode verifier and formally proved its soundness. While a similar proof done with paper and pencil turned out to be incomplete, using a theorem prover like Isabelle/HOL guarantees a maximum amount of reliability. 1 Introduction The Java Virtual Machine (JVM) is an abstract machine consisting of a memory architecture and an instruction set. It is part of the Java language design developed b...
Locales: A sectioning concept for Isabelle
 IN BERTOT ET AL
, 1999
"... Locales are a means to define local scopes for the interactive proving process of the theorem prover Isabelle. They delimit a range in which fixed assumption are made, and theorems are proved that depend on these assumptions. A locale may also contain constants defined locally and associated with pr ..."
Abstract

Cited by 35 (10 self)
 Add to MetaCart
Locales are a means to define local scopes for the interactive proving process of the theorem prover Isabelle. They delimit a range in which fixed assumption are made, and theorems are proved that depend on these assumptions. A locale may also contain constants defined locally and associated with pretty printing syntax. Locales can be seen as a simple form of modules. They are similar to reasoning and similar applications of theorem provers. This paper motivates the concept of locales by examples from abstract algebraic reasoning. It also discusses some implementation issues.
Proof Terms for Simply Typed Higher Order Logic
 IN THEOREM PROVING IN HIGHER ORDER LOGICS, 13TH INTERNATIONAL CONFERENCE, VOLUME 1869 OF LNCS
, 2000
"... This paper presents proof terms for simply typed, intuitionistic higher order logic, a popular logical framework. Unificationbased algorithms for the compression and reconstruction of proof terms are described and have been implemented in the theorem prover Isabelle. Experimental results confir ..."
Abstract

Cited by 35 (8 self)
 Add to MetaCart
This paper presents proof terms for simply typed, intuitionistic higher order logic, a popular logical framework. Unificationbased algorithms for the compression and reconstruction of proof terms are described and have been implemented in the theorem prover Isabelle. Experimental results confirm the effectiveness of the compression scheme.
AutoFocus  A Tool for Distributed Systems Specification
 PROCEEDINGS FTRTFT’96  FORMAL TECHNIQUES IN REALTIME AND FAULTTOLERANT SYSTEMS
, 1996
"... We describe the concept of AutoFocus a tool for the specification of distributed systems. AutoFocus is based ..."
Abstract

Cited by 32 (4 self)
 Add to MetaCart
We describe the concept of AutoFocus a tool for the specification of distributed systems. AutoFocus is based
An open extensible tool environment for EventB
 ICFEM 2006, LNCS
, 2006
"... Abstract. We consider modelling indispensable for the development of complex systems. Modelling must be carried out in a formal notation to reason and make meaningful conjectures about a model. But formal modelling of complex systems is a difficult task. Even when theorem provers improve further and ..."
Abstract

Cited by 28 (11 self)
 Add to MetaCart
Abstract. We consider modelling indispensable for the development of complex systems. Modelling must be carried out in a formal notation to reason and make meaningful conjectures about a model. But formal modelling of complex systems is a difficult task. Even when theorem provers improve further and get more powerful, modelling will remain difficult. The reason for this that modelling is an exploratory activity that requires ingenuity in order to arrive at a meaningful model. We are aware that automated theorem provers can discharge most of the onerous trivial proof obligations that appear when modelling systems. In this article we present a modelling tool that seamlessly integrates modelling and proving similar to what is offered today in modern integrated development environments for programming. The tool is extensible and configurable so that it can be adapted more easily to different application domains and development methods. 1
Symbolic Reachability Analysis Using Narrowing and its Application to Verification of Cryptographic Protocols
 Journal of HigherOrder and Symbolic Computation
, 2004
"... Narrowing was introduced, and has traditionally been used, to solve equations in initial and free algebras modulo a set of equations E. This paper proposes a generalization of narrowing which can be used to solve reachability goals in initial and free models of a rewrite theory R. We show that narro ..."
Abstract

Cited by 28 (11 self)
 Add to MetaCart
Narrowing was introduced, and has traditionally been used, to solve equations in initial and free algebras modulo a set of equations E. This paper proposes a generalization of narrowing which can be used to solve reachability goals in initial and free models of a rewrite theory R. We show that narrowing is sound and weakly complete (i.e., complete for normalized solutions) under reasonable executability assumptions about R. We also show that in general narrowing is not strongly complete, that is, not complete when some solutions can be further rewritten by R. We then identify several large classes of rewrite theories, covering many practical applications, for which narrowing is strongly complete. Finally, we illustrate an application of narrowing to analysis of cryptographic protocols.
A proofproducing decision procedure for real arithmetic
 Automated deduction – CADE20. 20th international conference on automated deduction
, 2005
"... Abstract. We present a fully proofproducing implementation of a quantifierelimination procedure for real closed fields. To our knowledge, this is the first generally useful proofproducing implementation of such an algorithm. Whilemany problems within the domain are intractable, we demonstrate conv ..."
Abstract

Cited by 24 (3 self)
 Add to MetaCart
Abstract. We present a fully proofproducing implementation of a quantifierelimination procedure for real closed fields. To our knowledge, this is the first generally useful proofproducing implementation of such an algorithm. Whilemany problems within the domain are intractable, we demonstrate convincing examples of its value in interactive theorem proving. 1 Overview and related work Arguably the first automated theorem prover ever written was for a theory of lineararithmetic [8]. Nowadays many theorem proving systems, even those normally classified as `interactive ' rather than `automatic', contain procedures to automate routinearithmetical reasoning over some of the supported number systems like N, Z, Q, R and C. Experience shows that such automated support is invaluable in relieving users ofwhat would otherwise be tedious lowlevel proofs. We can identify several very common limitations of such procedures: Often they are restricted to proving purely universal formulas rather than dealingwith arbitrary quantifier structure and performing general quantifier elimination. Often they are not complete even for the supported class of formulas; in particular procedures for the integers often fail on problems that depend inherently on divisibility properties (e.g. 8x y 2 Z. 2x + 1 6 = 2y) They seldom handle nontrivial nonlinear reasoning, even in such simple cases as 8x y 2 R. x> 0 ^ y> 0) xy> 0, and those that do [18] tend to use heuristicsrather than systematic complete methods. Many of the procedures are standalone decision algorithms that produce no certificate of correctness and do not produce a `proof ' in the usual sense. The earliest serious exception is described in [4]. Many of these restrictions are not so important in practice, since subproblems arising in interactive proof can still often be handled effectively. Indeed, sometimes the restrictions are unavoidable: Tarski's theorem on the undefinability of truth implies thatthere cannot even be a complete semidecision procedure for nonlinear reasoning over
HOLCF: Higher Order Logic of Computable Functions
 In Theorem Proving in Higher Order Logics, volume 971 of LNCS
, 1995
"... . This paper presents a survey of HOLCF, a higher order logic of computable functions. The logic HOLCF is based on HOLC, a variant of the well known higher order logic HOL, which offers the additional concept of type classes. HOLCF extends HOLC with concepts of domain theory such as complete pa ..."
Abstract

Cited by 24 (0 self)
 Add to MetaCart
. This paper presents a survey of HOLCF, a higher order logic of computable functions. The logic HOLCF is based on HOLC, a variant of the well known higher order logic HOL, which offers the additional concept of type classes. HOLCF extends HOLC with concepts of domain theory such as complete partial orders, continuous functions and a fixed point operator. With the help of type classes the extension can be formulated in a way such that the logic LCF constitutes a proper sublanguage of HOLCF. Therefore techniques from higher order logic and LCF can be combined in a fruitful manner avoiding drawbacks of both logics. The development of HOLCF was entirely conducted within the Isabelle system. 1 Introduction This paper presents a survey of HOLCF, a higher order logic of computable functions. The logic HOLCF is based on HOLC, a variant of the well known higher order logic HOL [GM93], which offers the additional concept of type classes. HOLCF extends HOLC with concepts of domain t...
Taclets: A New Paradigm for Constructing Interactive Theorem Provers
 CIENCIAS EXACTAS, FÍSICAS Y NATURALES, SERIE A: MATEMÁTICAS, 98(1), 2004. SPECIAL ISSUE ON SYMBOLIC COMPUTATION IN LOGIC AND ARTIFICIAL INTELLIGENCE
, 2004
"... Frameworks for interactive theorem proving give the user explicit control over the construction of proofs based on meta languages that contain dedicated control structures for describing proof construction. Such languages are not easy to master and thus contribute to the already long list of skill ..."
Abstract

Cited by 22 (8 self)
 Add to MetaCart
Frameworks for interactive theorem proving give the user explicit control over the construction of proofs based on meta languages that contain dedicated control structures for describing proof construction. Such languages are not easy to master and thus contribute to the already long list of skills required by prospective users of interactive theorem provers. Most users, however, only need a convenient formalism that allows to introduce new rules with minimal overhead. On the the other hand, rules of calculi have not only purely logical content, but contain restrictions on the expected context of rule applications and heuristic information. We suggest a new and minimalist concept for implementing interactive theorem provers called taclet. Their usage can be mastered in a matter of hours, and they are efficiently compiled into the GUI of a prover. We implemented the KeY system, an interactive theorem prover for the full JAVA CARD language based on taclets.
I/O Automata in Isabelle/HOL
 Types for Proofs and Programs, volume 996 of Lecture Notes in Computer Science
, 1995
"... . We have embedded the metatheory of I/O automata, a model for describing and reasoning about distributed systems, in Isabelle 's version of higher order logic. On top of that, we have specified and verified a recent network transmission protocol which achieves reliable communication using sing ..."
Abstract

Cited by 22 (2 self)
 Add to MetaCart
. We have embedded the metatheory of I/O automata, a model for describing and reasoning about distributed systems, in Isabelle 's version of higher order logic. On top of that, we have specified and verified a recent network transmission protocol which achieves reliable communication using singlebitheader packets over a medium which may reorder packets arbitrarily. 1 Introduction This paper describes a formalization of Input/Output automata (IOA), a particular model for concurrent and distributed discrete event systems due to Lynch and Tuttle [9], inside Isabelle/HOL, a theorem prover for higherorder logic [12]. The motivation for our work is twofold:  The verification of distributed systems is a challenging application for formal methods because in that area informal arguments are notoriously unreliable.  This area is doubly challenging for interactive general purpose theorem provers because modelchecking [4] already provides a successful automatic approach to the ver...