Results 1  10
of
62
A proof of the Kepler conjecture
 Math. Intelligencer
, 1994
"... This section describes the structure of the proof of ..."
Abstract

Cited by 112 (11 self)
 Add to MetaCart
This section describes the structure of the proof of
Proving Java Type Soundness
, 1997
"... This technical report describes a machine checked proof of the type soundness of a subset of the Java language called Java S . A formal semantics for this subset has been developed by Drossopoulou and Eisenbach, and they have sketched an outline of the type soundness proof. The formulation developed ..."
Abstract

Cited by 86 (2 self)
 Add to MetaCart
This technical report describes a machine checked proof of the type soundness of a subset of the Java language called Java S . A formal semantics for this subset has been developed by Drossopoulou and Eisenbach, and they have sketched an outline of the type soundness proof. The formulation developed here complements their written semantics and proof by correcting and clarifying significant details; and it demonstrates the utility of formal, machine checking when exploring a large and detailed proof based on operational semantics. The development also serves as a case study in the application of `declarative' proof techniques to a major property of an operational system. Contents 1 Introduction 2 1.1 Java . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 1.2 What is Type Soundness for Java? . . . . . . . . . . . . . . . . . . . . . . . . . . 4 1.3 The Tool: DECLARE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 1.4 Outl...
ProofCarrying Code from Certified Abstract Interpretation and Fixpoint Compression
, 2006
"... ProofCarrying Code (PCC) is a technique for downloading mobile code on a host machine while ensuring that the code adheres to the host's safety policy. We show how certified abstract interpretation can be used to build a PCC architecture where the code producer can produce program certi cates autom ..."
Abstract

Cited by 28 (8 self)
 Add to MetaCart
ProofCarrying Code (PCC) is a technique for downloading mobile code on a host machine while ensuring that the code adheres to the host's safety policy. We show how certified abstract interpretation can be used to build a PCC architecture where the code producer can produce program certi cates automatically. Code consumers use proof checkers derived from certi ed analysers to check certificates. Proof checkers carry their own correctness proofs and accepting a new proof checker amounts to type checking the checker in Coq. Certi cates take the form of strategies for reconstructing a xpoint and are kept small due to a technique for fixpoint compression. The PCC architecture has been implemented and evaluated experimentally on a byte code language for which we have designed an interval analysis that allows to generate certificates ascertaining that no arrayoutofbounds accesses will occur.
Formal Verification of Floating Point Trigonometric Functions
 Formal Methods in ComputerAided Design: Third International Conference FMCAD 2000, volume 1954 of Lecture Notes in Computer Science
, 2000
"... Abstract. We have formal verified a number of algorithms for evaluating transcendental functions in doubleextended precision floating point arithmetic in the Intel ® IA64 architecture. These algorithms are used in the Itanium TM processor to provide compatibility with IA32 (x86) hardware transcen ..."
Abstract

Cited by 25 (4 self)
 Add to MetaCart
Abstract. We have formal verified a number of algorithms for evaluating transcendental functions in doubleextended precision floating point arithmetic in the Intel ® IA64 architecture. These algorithms are used in the Itanium TM processor to provide compatibility with IA32 (x86) hardware transcendentals, and similar ones are used in mathematical software libraries. In this paper we describe in some depth the formal verification of the sin and cos functions, including the initial range reduction step. This illustrates the different facets of verification in this field, covering both pure mathematics and the detailed analysis of floating point rounding. 1
A proofproducing decision procedure for real arithmetic
 Automated deduction – CADE20. 20th international conference on automated deduction
, 2005
"... Abstract. We present a fully proofproducing implementation of a quantifierelimination procedure for real closed fields. To our knowledge, this is the first generally useful proofproducing implementation of such an algorithm. Whilemany problems within the domain are intractable, we demonstrate conv ..."
Abstract

Cited by 24 (3 self)
 Add to MetaCart
Abstract. We present a fully proofproducing implementation of a quantifierelimination procedure for real closed fields. To our knowledge, this is the first generally useful proofproducing implementation of such an algorithm. Whilemany problems within the domain are intractable, we demonstrate convincing examples of its value in interactive theorem proving. 1 Overview and related work Arguably the first automated theorem prover ever written was for a theory of lineararithmetic [8]. Nowadays many theorem proving systems, even those normally classified as `interactive ' rather than `automatic', contain procedures to automate routinearithmetical reasoning over some of the supported number systems like N, Z, Q, R and C. Experience shows that such automated support is invaluable in relieving users ofwhat would otherwise be tedious lowlevel proofs. We can identify several very common limitations of such procedures: Often they are restricted to proving purely universal formulas rather than dealingwith arbitrary quantifier structure and performing general quantifier elimination. Often they are not complete even for the supported class of formulas; in particular procedures for the integers often fail on problems that depend inherently on divisibility properties (e.g. 8x y 2 Z. 2x + 1 6 = 2y) They seldom handle nontrivial nonlinear reasoning, even in such simple cases as 8x y 2 R. x> 0 ^ y> 0) xy> 0, and those that do [18] tend to use heuristicsrather than systematic complete methods. Many of the procedures are standalone decision algorithms that produce no certificate of correctness and do not produce a `proof ' in the usual sense. The earliest serious exception is described in [4]. Many of these restrictions are not so important in practice, since subproblems arising in interactive proof can still often be handled effectively. Indeed, sometimes the restrictions are unavoidable: Tarski's theorem on the undefinability of truth implies thatthere cannot even be a complete semidecision procedure for nonlinear reasoning over
Cooperating theorem provers: A case study combining HOLLight and CVC Lite
 In Proc. 3 rd Workshop on Pragmatics of Decision Procedures in Automated Reasoning (PDPAR ’05), volume 144(2) of Electronic Notes in Theoretical Computer Science
, 2006
"... Abstract. This paper is a case study in combining theorem provers. We define a derived rule in HOLLight, CVC PROVE, which calls CVC Lite and translates the resulting proof object back to HOLLight. This technique fundamentally expands the capabilities of HOLLight while preserving soundness. 1 ..."
Abstract

Cited by 23 (2 self)
 Add to MetaCart
Abstract. This paper is a case study in combining theorem provers. We define a derived rule in HOLLight, CVC PROVE, which calls CVC Lite and translates the resulting proof object back to HOLLight. This technique fundamentally expands the capabilities of HOLLight while preserving soundness. 1
Formal verification of IA64 division algorithms
 Proceedings, Theorem Proving in Higher Order Logics (TPHOLs), LNCS 1869
, 2000
"... Abstract. The IA64 architecture defers floating point and integer division to software. To ensure correctness and maximum efficiency, Intel provides a number of recommended algorithms which can be called as subroutines or inlined by compilers and assembly language programmers. All these algorithms ..."
Abstract

Cited by 18 (4 self)
 Add to MetaCart
Abstract. The IA64 architecture defers floating point and integer division to software. To ensure correctness and maximum efficiency, Intel provides a number of recommended algorithms which can be called as subroutines or inlined by compilers and assembly language programmers. All these algorithms have been subjected to formal verification using the HOL Light theorem prover. As well as improving our level of confidence in the algorithms, the formal verification process has led to a better understanding of the underlying theory, allowing some significant efficiency improvements. 1
Towards Selfverification of HOL Light
 In International Joint Conference on Automated Reasoning
, 2006
"... Abstract. The HOL Light prover is based on a logical kernel consisting of about 400 lines of mostly functional OCaml, whose complete formal verification seems to be quite feasible. We would like to formally verify (i) that the abstract HOL logic is indeed correct, and (ii) that the OCaml code does c ..."
Abstract

Cited by 17 (0 self)
 Add to MetaCart
Abstract. The HOL Light prover is based on a logical kernel consisting of about 400 lines of mostly functional OCaml, whose complete formal verification seems to be quite feasible. We would like to formally verify (i) that the abstract HOL logic is indeed correct, and (ii) that the OCaml code does correctly implement this logic. We have performed a full verification of an imperfect but quite detailed model of the basic HOL Light core, without definitional mechanisms, and this verification is entirely conducted with respect to a settheoretic semantics within HOL Light itself. We will duly explain why the obvious logical and pragmatic difficulties do not vitiate this approach, even though it looks impossible or useless at first sight. Extension to include definitional mechanisms seems straightforward enough, and the results so far allay most of our practical worries. 1 Introduction: quis custodiet ipsos custodes? Mathematical proofs are subjected to peer review before publication, but there
SourceLevel Proof Reconstruction for Interactive Theorem Proving
"... Abstract. Interactive proof assistants should verify the proofs they receive from automatic theorem provers. Normally this proof reconstruction takes place internally, forming part of the integration between the two tools. We have implemented sourcelevel proof reconstruction: resolution proofs are ..."
Abstract

Cited by 17 (2 self)
 Add to MetaCart
Abstract. Interactive proof assistants should verify the proofs they receive from automatic theorem provers. Normally this proof reconstruction takes place internally, forming part of the integration between the two tools. We have implemented sourcelevel proof reconstruction: resolution proofs are automatically translated to Isabelle proof scripts. Users can insert this text into their proof development or (if they wish) examine it manually. Each step of a proof is justified by calling Hurd’s Metis prover, which we have ported to Isabelle. A recurrent issue in this project is the treatment of Isabelle’s axiomatic type classes. 1
A thread of HOL development
 Computer Journal
"... The HOL system is a mechanized proof assistant for higher order logic that has been under continuous development since the mid1980s, by an everchanging group of developers and external contributors. We give a brief overview of various implementations of the HOL logic before focusing on the evoluti ..."
Abstract

Cited by 11 (7 self)
 Add to MetaCart
The HOL system is a mechanized proof assistant for higher order logic that has been under continuous development since the mid1980s, by an everchanging group of developers and external contributors. We give a brief overview of various implementations of the HOL logic before focusing on the evolution of certain important features available in a recent implementation. We also illustrate how the module system of Standard ML provided security and modularity in the construction of the HOL kernel, as well as serving in a separate capacity as a useful representation medium for persistent, hierarchical logical theories.