Results 1  10
of
34
Some lambda calculus and type theory formalized
 Journal of Automated Reasoning
, 1999
"... Abstract. We survey a substantial body of knowledge about lambda calculus and Pure Type Systems, formally developed in a constructive type theory using the LEGO proof system. On lambda calculus, we work up to an abstract, simplified, proof of standardization for beta reduction, that does not mention ..."
Abstract

Cited by 65 (10 self)
 Add to MetaCart
(Show Context)
Abstract. We survey a substantial body of knowledge about lambda calculus and Pure Type Systems, formally developed in a constructive type theory using the LEGO proof system. On lambda calculus, we work up to an abstract, simplified, proof of standardization for beta reduction, that does not mention redex positions or residuals. Then we outline the meta theory of Pure Type Systems, leading to the strengthening lemma. One novelty is our use of named variables for the formalization. Along the way we point out what we feel has been learned about general issues of formalizing mathematics, emphasizing the search for formal definitions that are convenient for formal proof and convincingly represent the intended informal concepts.
Mobile Resource Guarantees for Smart Devices
 Proceedings of CASSIS’04, LNCS
, 2005
"... Abstract. We present the Mobile Resource Guarantees framework: a system for ensuring that downloaded programs are free from runtime violations of resource bounds. Certificates are attached to code in the form of efficiently checkable proofs of resource bounds; in contrast to cryptographic certifica ..."
Abstract

Cited by 56 (6 self)
 Add to MetaCart
(Show Context)
Abstract. We present the Mobile Resource Guarantees framework: a system for ensuring that downloaded programs are free from runtime violations of resource bounds. Certificates are attached to code in the form of efficiently checkable proofs of resource bounds; in contrast to cryptographic certificates of code origin, these are independent of trust networks. A novel programming language with resource constraints encoded in function types is used to streamline the generation of proofs of resource usage. 1
Automatic Certification of Heap Consumption
 In LPAR’04, LNAI 3452
, 2005
"... Abstract. We present a program logic for verifying the heap consumption of lowlevel programs. The proof rules employ a uniform assertion format and have been derived from a general purpose program logic [1]. In a proofcarrying code scenario, the inference of invariants is delegated to the code pro ..."
Abstract

Cited by 28 (15 self)
 Add to MetaCart
(Show Context)
Abstract. We present a program logic for verifying the heap consumption of lowlevel programs. The proof rules employ a uniform assertion format and have been derived from a general purpose program logic [1]. In a proofcarrying code scenario, the inference of invariants is delegated to the code provider, who employs a certifying compiler that generates a certificate from program annotations and analysis. The granularity of the proof rules matches that of the linear type system presented in [6], which enables us to perform verification by replaying typing derivations in a theorem prover, given the specifications of individual methods. The resulting verification conditions are of limited complexity, and are automatically discharged. We also outline a proof system that relaxes the linearity restrictions and relates to the type system of usage aspects presented in [2]. 1
Hoare Logics in Isabelle/HOL
 PROOF AND SYSTEMRELIABILITY
, 2002
"... This paper describes Hoare logics for a number of imperative language constructs, from whileloops via exceptions to mutually recursive procedures. Both partial and total correctness are treated. In particular a proof system for total correctness of recursive procedures in the presence of unbounded ..."
Abstract

Cited by 22 (2 self)
 Add to MetaCart
This paper describes Hoare logics for a number of imperative language constructs, from whileloops via exceptions to mutually recursive procedures. Both partial and total correctness are treated. In particular a proof system for total correctness of recursive procedures in the presence of unbounded nondeterminism is presented. All systems are formalized and shown to be sound and complete in the theorem prover Isabelle/HOL.
Hoare logic for NanoJava: Auxiliary variables, side effects and virtual methods revisited
 Formal Methods – Getting IT Right (FME’02). LNCS 2391
, 2002
"... Abstract. We define NanoJava, a kernel of Java tailored to the investigation of Hoare logics. We then introduce a Hoare logic for this language featuring an elegant approach for expressing auxiliary variables: by universal quantification on the outer logical level. Furthermore, we give simple means ..."
Abstract

Cited by 22 (2 self)
 Add to MetaCart
(Show Context)
Abstract. We define NanoJava, a kernel of Java tailored to the investigation of Hoare logics. We then introduce a Hoare logic for this language featuring an elegant approach for expressing auxiliary variables: by universal quantification on the outer logical level. Furthermore, we give simple means of handling sideeffecting expressions and dynamic binding within method calls. The logic is proved sound and (relatively) complete using Isabelle/HOL. Keywords: Hoare logic, Java, Isabelle/HOL, auxiliary variables, side effects, dynamic binding.
A Program Logic for Resource Verification
 In Proceedings of the 17th International Conference on Theorem Proving in HigherOrder Logics, (TPHOLs 2004), volume 3223 of LNCS
, 2004
"... We present a program logic for reasoning about resource consumption of programs written in Grail, an abstract fragment of the Java Virtual Machine Language. Serving as the target logic of a certifying compiler, the logic exploits Grail's dual nature of combining a functional interpretation w ..."
Abstract

Cited by 22 (9 self)
 Add to MetaCart
(Show Context)
We present a program logic for reasoning about resource consumption of programs written in Grail, an abstract fragment of the Java Virtual Machine Language. Serving as the target logic of a certifying compiler, the logic exploits Grail's dual nature of combining a functional interpretation with objectoriented features and a cost model for the JVM. We present the resourceaware operational semantics of Grail, the program logic, and prove soundness and completeness. All of the work described has been formalised in the theorem prover Isabelle/HOL, which provides us with an implementation of the logic as well as confidence in the results. We conclude with examples of using the logic for proving resource bounds on code resulting from compiling highlevel functional programs.
Secure information flow and program logics
 In IEEE Computer Security Foundations Symposium
, 2007
"... We present interpretations of type systems for secure information flow in Hoare logic, complementing previous encodings in binary (e.g. relational) program logics. Treating baseline noninterference, multilevel security and flow sensitivity for a while language, we show how typing derivations may ..."
Abstract

Cited by 18 (6 self)
 Add to MetaCart
(Show Context)
We present interpretations of type systems for secure information flow in Hoare logic, complementing previous encodings in binary (e.g. relational) program logics. Treating baseline noninterference, multilevel security and flow sensitivity for a while language, we show how typing derivations may be used to automatically generate proofs in the program logic that certify the absence of illicit flows. In addition, we present proof rules for baseline noninterference for objectmanipulating instructions, As a consequence, standard verification technology may be used for verifying that a concrete program satisfies the noninterference property. Our development is based on a formalisation of the encodings in Isabelle/HOL. 1
Hoare Logic for Mutual Recursion and Local Variables
 Foundations of Software Technology and Theoretical Computer Science, volume 1738 of LNCS
, 1999
"... We present a (the first?) sound and relatively complete Hoare logic for a simple imperative programming language including mutually recursive procedures with callbyvalue parameters as well as global and local variables. For such a language we formalize an operational and an axiomatic semantics ..."
Abstract

Cited by 15 (1 self)
 Add to MetaCart
(Show Context)
We present a (the first?) sound and relatively complete Hoare logic for a simple imperative programming language including mutually recursive procedures with callbyvalue parameters as well as global and local variables. For such a language we formalize an operational and an axiomatic semantics of partial correctness and prove their equivalence.
Weakest Precondition for General Recursive Programs Formalized in Coq
, 2002
"... This paper describes a formalization of the weakest precondition, wp, for general recursive programs using the typetheoretical proof assistant Coq. The formalization is a deep embedding using the computational power intrinsic to type theory. Since Coq accepts only structural recursive functions, th ..."
Abstract

Cited by 4 (1 self)
 Add to MetaCart
(Show Context)
This paper describes a formalization of the weakest precondition, wp, for general recursive programs using the typetheoretical proof assistant Coq. The formalization is a deep embedding using the computational power intrinsic to type theory. Since Coq accepts only structural recursive functions, the computational embedding of general recursive programs is nontrivial. To justify the embedding, an operational semantics is defined and the equivalence between wp and the operational semantics is proved. Three major healthiness conditions, namely: Strictness, Monotonicity and Conjunctivity are proved as well.
Certification of Quantitative Properties of Programs
, 2003
"... In the context of mobile and global computing knowledge of quantitative properties of programs is particularly important. Here are some typical scenarios: • A provider of distributed computational power may only be willing to offer this service upon receiving dependable guarantees about the required ..."
Abstract

Cited by 4 (2 self)
 Add to MetaCart
In the context of mobile and global computing knowledge of quantitative properties of programs is particularly important. Here are some typical scenarios: • A provider of distributed computational power may only be willing to offer this service upon receiving dependable guarantees about the required resource consumption. • A user of a handheld device, wearable computer, or smart card might want to know that a downloaded application will definitely run within the limited amount of memory available. • Thirdparty software updates for mobile phones, household appliances, or car electronics should come with a guarantee not to set system parameters beyond manufacturerspecified safe limits. Requiring certificates of specified resource consumption will also help to prevent mobile agents from performing denial of service attacks using bona fide host environments as a portal. These lecture notes describe how such quantitative resourcerelated properties can be inferred automatically using type systems and how the results of such analysis can be turned into unforgeable certificates using a proofcarrying code framework.