Results 1  10
of
21
Specification of Realtime Systems Using ASTRAL
 IEEE Transactions on Software Engineering
, 1997
"... Abstract—ASTRAL is a formal specification language for realtime systems. It is intended to support formal software development and, therefore, has been formally defined. The structuring mechanisms in ASTRAL allow one to build modularized specifications of complex systems with layering. A realtime sy ..."
Abstract

Cited by 39 (19 self)
 Add to MetaCart
Abstract—ASTRAL is a formal specification language for realtime systems. It is intended to support formal software development and, therefore, has been formally defined. The structuring mechanisms in ASTRAL allow one to build modularized specifications of complex systems with layering. A realtime system is modeled by a collection of state machine specifications and a single global specification. This paper discusses the rationale of ASTRAL’s design. ASTRAL’s specification style is illustrated by discussing a telephony example. Composability of one or more ASTRAL system specifications is also discussed by the introduction of a composition section, which provides the needed information to combine two or more ASTRAL system specifications. Index Terms—Formal methods, formal specification and verification, assertions, temporal logic, realtime systems, timing
A Metatheory of a Mechanized Object Theory
, 1994
"... In this paper we propose a metatheory, MT which represents the computation which implements its object theory, OT, and, in particular, the computation which implements deduction in OT. To emphasize this fact we say that MT is a metatheory of a mechanized object theory. MT has some "unusual" prope ..."
Abstract

Cited by 22 (10 self)
 Add to MetaCart
In this paper we propose a metatheory, MT which represents the computation which implements its object theory, OT, and, in particular, the computation which implements deduction in OT. To emphasize this fact we say that MT is a metatheory of a mechanized object theory. MT has some "unusual" properties, e.g. it explicitly represents failure in the application of inference rules, and the fact that large amounts of the code implementing OT are partial, i.e. they work only for a limited class of inputs. These properties allow us to use MT to express and prove tactics, i.e. expressions which specify how to compose possibly failing applications of inference rules, to interpret them procedurally to assert theorems in OT, to compile them into the system implementation code, and, finally, to generate MT automatically from the system code. The definition of MT is part of a larger project which aims at the implementation of selfreflective systems, i.e. systems which are able to intros...
AutomataDriven Automated Induction
 Information and Computation
, 1996
"... . This work investigates inductive theorem proving techniques for firstorder functions whose meaning and domains can be specified by Horn Clauses built up from the equality and finitely many unary membership predicates. In contrast with other works in the area, constructors are not assumed to be fr ..."
Abstract

Cited by 22 (9 self)
 Add to MetaCart
. This work investigates inductive theorem proving techniques for firstorder functions whose meaning and domains can be specified by Horn Clauses built up from the equality and finitely many unary membership predicates. In contrast with other works in the area, constructors are not assumed to be free. Techniques originating from tree automata are used to describe ground constructor terms in normal form, on which the induction proofs are built up. Validity of (free) constructor clauses is checked by an original technique relying on the recent discovery of a complete axiomatisation of finite trees and their rational subsets. Validity of clauses with defined symbols or nonfree constructor terms is reduced to the latter case by appropriate inference rules using a notion of ground reducibility for these symbols. We show how to check this property by generating proof obligations which can be passed over to the inductive prover. 1 Introduction The need for large formal proofs has lead to t...
Program Tactics and Logic Tactics
 IN PROCEEDINGS 5TH INTNL. CONFERENCE ON LOGIC PROGRAMMING AND AUTOMATED REASONING (LPAR'94
, 1994
"... In this paper we present a first order classical metatheory, called MT, with the following properties: (1) tactics are terms of the language of MT (we call these tactics, Logic Tactics); (2) there exists a mapping between Logic Tactics and the tactics developed as programs within the GETFOL theor ..."
Abstract

Cited by 19 (10 self)
 Add to MetaCart
In this paper we present a first order classical metatheory, called MT, with the following properties: (1) tactics are terms of the language of MT (we call these tactics, Logic Tactics); (2) there exists a mapping between Logic Tactics and the tactics developed as programs within the GETFOL theorem prover (we call these tactics, Program Tactics). MT is expressive enough to represent the most interesting tacticals, i.e. then, orelse, try, progress and repeat. repeat allows us to express Logic Tactics which correspond to Program Tactics which may not terminate. This work is part of a larger project which aims at the development and mechanization of a metatheory which can be used to reason about, extend and, possibly, modify the code implementing Program Tactics and the GETFOL basic inference rules.
Deductive verification of advanced outoforder microprocessors
 IN COMPUTERAIDED VERIFICATION (CAV ’03), LNCS 2725
, 2003
"... ..."
A Provably Correct Embedded Verifier for the Certification of Safety . . .
, 1997
"... vframe is one of Ansaldo's software driven vital architectures for safety critical products. This paper describes a project whose result is the development of an "embedded verifier", i.e. a system integrated within vframe and able to certify the correctness of one of vframe components, a compiler. ..."
Abstract

Cited by 14 (1 self)
 Add to MetaCart
vframe is one of Ansaldo's software driven vital architectures for safety critical products. This paper describes a project whose result is the development of an "embedded verifier", i.e. a system integrated within vframe and able to certify the correctness of one of vframe components, a compiler. The embedded verifier satisfies two precise requirements. First, the compiler must be certified in a fully automatic and efficient way. Second, the embedded verifier must be itself certified, in a way which can be easily understood and validated by end users.
Building Reliable Voting Machine Software
, 2007
"... BackCover Texts. A copy of the license is included in the appendix entitled GNU Free ..."
Abstract

Cited by 11 (0 self)
 Add to MetaCart
BackCover Texts. A copy of the license is included in the appendix entitled GNU Free
A Certified Compiler for an Imperative Language
, 1998
"... This paper describes the process of mechanically certifying a compiler with respect to the semantic specification of the source and target languages. The proofs are performed in type theory using the Coq system. These proofs introduce specific theoretical tools: fragmentation theorems and general in ..."
Abstract

Cited by 9 (2 self)
 Add to MetaCart
This paper describes the process of mechanically certifying a compiler with respect to the semantic specification of the source and target languages. The proofs are performed in type theory using the Coq system. These proofs introduce specific theoretical tools: fragmentation theorems and general induction principles.
Two computersupported proofs in metric space topology
 Notices of the American Mathematical Society
, 1991
"... Every mathematician will agree that the discovery, analysis, and communication ..."
Abstract

Cited by 8 (3 self)
 Add to MetaCart
Every mathematician will agree that the discovery, analysis, and communication
The Design of the CADE13 ATP System Competition
 Journal of Automated Reasoning, This issue
, 1997
"... . Running a competition for Automated Theorem Proving (ATP) systems is a difficult and arguable venture. However, the potential benefits of such an event by far outweigh the controversial aspects. The motivations for running the CADE13 ATP System Competition were to contribute to the evaluation of ..."
Abstract

Cited by 8 (4 self)
 Add to MetaCart
. Running a competition for Automated Theorem Proving (ATP) systems is a difficult and arguable venture. However, the potential benefits of such an event by far outweigh the controversial aspects. The motivations for running the CADE13 ATP System Competition were to contribute to the evaluation of ATP systems, to stimulate ATP research and system development, and to expose ATP systems to researchers both within and outside the ATP community. This paper identifies and discusses the issues that determine the nature of such a competition. Choices and motivated decisions for the CADE13 competition, with respect to the issues, are given. Key words: Automated theorem proving, competition, design 1. Introduction Running a competition for Automated Theorem Proving (ATP) systems 1 is a difficult and arguable venture. The reasons for this are that existing ATP systems require different amounts of user interaction, are designed for different types of reasoning, are based on different logics...