Results 1  10
of
219
Model Checking Programs
, 2003
"... The majority of work carried out in the formal methods community throughout the last three decades has (for good reasons) been devoted to special languages designed to make it easier to experiment with mechanized formal methods such as theorem provers, proof checkers and model checkers. In this pape ..."
Abstract

Cited by 583 (63 self)
 Add to MetaCart
(Show Context)
The majority of work carried out in the formal methods community throughout the last three decades has (for good reasons) been devoted to special languages designed to make it easier to experiment with mechanized formal methods such as theorem provers, proof checkers and model checkers. In this paper we will attempt to give convincing arguments for why we believe it is time for the formal methods community to shift some of its attention towards the analysis of programs written in modern programming languages. In keeping with this philosophy we have developed a verification and testing environment for Java, called Java PathFinder (JPF), which integrates model checking, program analysis and testing. Part of this work has consisted of building a new Java Virtual Machine that interprets Java bytecode. JPF uses state compression to handle big states, and partial order and symmetry reduction, slicing, abstraction, and runtime analysis techniques to reduce the state space. JPF has been applied to a realtime avionics operating system developed at Honeywell, illustrating an intricate error, and to a model of a spacecraft controller, illustrating the combination of abstraction, runtime analysis, and slicing with model checking.
The Foundation of a Generic Theorem Prover
 Journal of Automated Reasoning
, 1989
"... Isabelle [28, 30] is an interactive theorem prover that supports a variety of logics. It represents rules as propositions (not as functions) and builds proofs by combining rules. These operations constitute a metalogic (or `logical framework') in which the objectlogics are formalized. Isabell ..."
Abstract

Cited by 471 (49 self)
 Add to MetaCart
(Show Context)
Isabelle [28, 30] is an interactive theorem prover that supports a variety of logics. It represents rules as propositions (not as functions) and builds proofs by combining rules. These operations constitute a metalogic (or `logical framework') in which the objectlogics are formalized. Isabelle is now based on higherorder logic  a precise and wellunderstood foundation. Examples illustrate use of this metalogic to formalize logics and proofs. Axioms for firstorder logic are shown sound and complete. Backwards proof is formalized by metareasoning about objectlevel entailment. Higherorder logic has several practical advantages over other metalogics. Many proof techniques are known, such as Huet's higherorder unification procedure. Key words: higherorder logic, higherorder unification, Isabelle, LCF, logical frameworks, metareasoning, natural deduction Contents 1 History and overview 2 2 The metalogic M 4 2.1 Syntax of the metalogic ......................... 4 2.2 ...
The Verifying Compiler: A Grand Challenge for Computing Research
 Journal of the ACM
, 2003
"... Abstract. This contribution proposes a set of criteria that distinguish a grand challenge in science or engineering from the many other kinds of shortterm or longterm research problems that engage the interest of scientists and engineers. As an example drawn from Computer Science, it revives an ol ..."
Abstract

Cited by 112 (2 self)
 Add to MetaCart
(Show Context)
Abstract. This contribution proposes a set of criteria that distinguish a grand challenge in science or engineering from the many other kinds of shortterm or longterm research problems that engage the interest of scientists and engineers. As an example drawn from Computer Science, it revives an old challenge: the construction and application of a verifying compiler that guarantees correctness of a program before running it. Introduction. The primary purpose of the formulation and promulgation of a grand challenge is the advancement of science or engineering. A grand challenge represents a commitment by a significant section of the research community to work together towards a common goal, agreed to be valuable and achievable by a team effort within a predicted timescale. The challenge is formulated by the
Formal verification in hardware design: A survey
, 1997
"... In recent years, formal methods have emerged as an alternative approach to ensuring the quality and correctness of hardware designs, overcoming some of the limitations of traditional validation techniques such as simulation and testing. There are two main aspects to the application of formal methods ..."
Abstract

Cited by 110 (0 self)
 Add to MetaCart
In recent years, formal methods have emerged as an alternative approach to ensuring the quality and correctness of hardware designs, overcoming some of the limitations of traditional validation techniques such as simulation and testing. There are two main aspects to the application of formal methods in a design process: The formal framework used to specify desired properties of a design, and the verification techniques and tools used to reason about the relationship between a specification and a corresponding implementation. We survey a variety of frameworks and techniques which have been proposed in the literature and applied to actual designs. The specification frameworks we describe include temporal logics, predicate logic, abstraction and refinement, as well as containment between!regular languages. The verification techniques presented include model checking, automatatheoretic techniques, automated theorem proving, and approaches that integrate the above methods.
Experiments in Theorem Proving and Model Checking for Protocol Verification
, 1996
"... . Communication protocols pose interesting and difficult challenges for verification technologies. The state spaces of interesting protocols are either infinite or too large for finitestate verification techniques like model checking and state exploration. Theorem proving is also not effective sinc ..."
Abstract

Cited by 79 (12 self)
 Add to MetaCart
. Communication protocols pose interesting and difficult challenges for verification technologies. The state spaces of interesting protocols are either infinite or too large for finitestate verification techniques like model checking and state exploration. Theorem proving is also not effective since the formal correctness proofs of these protocols can be long and complicated. We describe a series of protocol verification experiments culminating in a methodology where theorem proving is used to abstract out the sources of unboundedness in the protocol to yield a skeletal protocol that can be verified using model checking. Our experiments focus on the Philips bounded retransmission protocol originally studied by Groote and van de Pol and by Helmink, Sellink, and Vaandrager. First, a scaleddown version of the protocol is analyzed using the MurOE state exploration tool as a debugging aid and then translated into the PVS specification language. The PVS verification of the generalized prot...
A Reference Model for Requirements and Specifications
, 2000
"... We define a reference model for applying formal methods to the development of user requirements and their reduction to behavioral specification of a system. The approach is characterized by its focus on the shared phenomena that define the interface between the system and the environment in which it ..."
Abstract

Cited by 79 (7 self)
 Add to MetaCart
We define a reference model for applying formal methods to the development of user requirements and their reduction to behavioral specification of a system. The approach is characterized by its focus on the shared phenomena that define the interface between the system and the environment in which it will operate and on how the parts of this interface are controlled. This paper extends our previous work on this model by representing it in higherorder logic and determining some of its key mathematical ramifications. In particular, we introduce a new form of refinement which is pivotal to defining the desired soundness and consistency properties precisely. 1 Introduction There are a collection of artifacts that commonly arise in programming projects. Among these are the program itself, of course, and also the document that describes the requirements of the software. This requirements document may undergo many revisions as the project proceeds. Requirements often fall into two categorie...
Lightweight formal methods
 In IEEE Computer
, 1996
"... document without permission of its author may be prohibited by law. What is a Formal Method? ..."
Abstract

Cited by 77 (8 self)
 Add to MetaCart
(Show Context)
document without permission of its author may be prohibited by law. What is a Formal Method?
The Theory of LEGO  A Proof Checker for the Extended Calculus of Constructions
, 1994
"... LEGO is a computer program for interactive typechecking in the Extended Calculus of Constructions and two of its subsystems. LEGO also supports the extension of these three systems with inductive types. These type systems can be viewed as logics, and as meta languages for expressing logics, and LEGO ..."
Abstract

Cited by 73 (10 self)
 Add to MetaCart
(Show Context)
LEGO is a computer program for interactive typechecking in the Extended Calculus of Constructions and two of its subsystems. LEGO also supports the extension of these three systems with inductive types. These type systems can be viewed as logics, and as meta languages for expressing logics, and LEGO is intended to be used for interactively constructing proofs in mathematical theories presented in these logics. I have developed LEGO over six years, starting from an implementation of the Calculus of Constructions by G erard Huet. LEGO has been used for problems at the limits of our abilities to do formal mathematics. In this thesis I explain some aspects of the metatheory of LEGO's type systems leading to a machinechecked proof that typechecking is decidable for all three type theories supported by LEGO, and to a verified algorithm for deciding their typing judgements, assuming only that they are normalizing. In order to do this, the theory of Pure Type Systems (PTS) is extended and f...
tps: A theorem proving system for classical type theory
 Journal of Automated Reasoning
, 1996
"... This is a description of TPS, a theorem proving system for classical type theory (Church’s typed λcalculus). TPS has been designed to be a general research tool for manipulating wffs of first and higherorder logic, and searching for proofs of such wffs interactively or automatically, or in a comb ..."
Abstract

Cited by 70 (6 self)
 Add to MetaCart
(Show Context)
This is a description of TPS, a theorem proving system for classical type theory (Church’s typed λcalculus). TPS has been designed to be a general research tool for manipulating wffs of first and higherorder logic, and searching for proofs of such wffs interactively or automatically, or in a combination of these modes. An important feature of TPS is the ability to translate between expansion proofs and natural deduction proofs. Examples of theorems which TPS can prove completely automatically are given to illustrate certain aspects of TPS’s behavior and problems of theorem proving in higherorder logic. 7
SafetyCritical Systems, Formal Methods and Standards
, 1993
"... Standards concerned with the development of safetycritical systems, and the software in such systems in particular, abound today as the software crisis increasingly affects the world of embedded computerbased systems. The use of formal methods is often advocated as a way of increasing confidence i ..."
Abstract

Cited by 69 (21 self)
 Add to MetaCart
Standards concerned with the development of safetycritical systems, and the software in such systems in particular, abound today as the software crisis increasingly affects the world of embedded computerbased systems. The use of formal methods is often advocated as a way of increasing confidence in such systems. This paper examines the industrial use of these techniques, the recommendations concerning formal methods in a number of current and draft standards, and comments on the applicability and problems of using formal methods for the development of safetycritical systems of an industrial scale. Some possible future directions are suggested.