Results 1  10
of
48
Elf: A Language for Logic Definition and Verified Metaprogramming
 In Fourth Annual Symposium on Logic in Computer Science
, 1989
"... We describe Elf, a metalanguage for proof manipulation environments that are independent of any particular logical system. Elf is intended for metaprograms such as theorem provers, proof transformers, or type inference programs for programming languages with complex type systems. Elf unifies logic ..."
Abstract

Cited by 77 (8 self)
 Add to MetaCart
We describe Elf, a metalanguage for proof manipulation environments that are independent of any particular logical system. Elf is intended for metaprograms such as theorem provers, proof transformers, or type inference programs for programming languages with complex type systems. Elf unifies logic definition (in the style of LF, the Edinburgh Logical Framework) with logic programming (in the style of Prolog). It achieves this unification by giving types an operational interpretation, much the same way that Prolog gives certain formulas (Hornclauses) an operational interpretation. Novel features of Elf include: (1) the Elf search process automatically constructs terms that can represent objectlogic proofs, and thus a program need not construct them explicitly, (2) the partial correctness of metaprograms with respect to a given logic can be expressed and proved in Elf itself, and (3) Elf exploits Elliott's unification algorithm for a calculus with dependent types. This research was...
Automating Recursive Type Definitions in Higher Order Logic
 Current Trends in Hardware Verification and Automated Theorem Proving
, 1988
"... : The expressive power of higher order logic makes it possible to define a wide variety of types within the logic and to prove theorems that state the properties of these types concisely and abstractly. This paper contains a tutorial introduction to the logical basis for such type definitions. Examp ..."
Abstract

Cited by 74 (6 self)
 Add to MetaCart
: The expressive power of higher order logic makes it possible to define a wide variety of types within the logic and to prove theorems that state the properties of these types concisely and abstractly. This paper contains a tutorial introduction to the logical basis for such type definitions. Examples are given of the formal definitions in logic of several simple types. A method is then described for systematically defining any instance of a certain class of commonlyused recursive types. The automation of this method in HOL, an interactive system for generating proofs in higher order logic, is also discussed. 1 To appear in Current Trends in Hardware Verification and Automated Theorem Proving, proceedings of the 1988 Banff Workshop on Hardware Verification, edited by G. Birtwistle and P. Subrahmanyam (SpringerVerlag, 1988). Revised 28 January Contents Introduction 5 1 Introduction to Higher Order Logic 6 1.1 Notation : : : : : : : : : : : : : : : : : : : : : : : : : : : : : ...
Natural Deduction as HigherOrder Resolution
 Journal of Logic Programming
, 1986
"... An interactive theorem prover, Isabelle, is under development. In LCF, each inference rule is represented by one function for forwards proof and another (a tactic) for backwards proof. In Isabelle, each inference rule is represented by a Horn clause. ..."
Abstract

Cited by 54 (8 self)
 Add to MetaCart
An interactive theorem prover, Isabelle, is under development. In LCF, each inference rule is represented by one function for forwards proof and another (a tactic) for backwards proof. In Isabelle, each inference rule is represented by a Horn clause.
The Notion of Proof in Hardware Verification
, 1989
"... : Recent advances in the field of hardware verification have raised some fresh (and some familiar) issues to do with the scope and limitations of formal proof. In this note, some of these are considered in the context of the Viper verification project. Viper is a microprocessor designed by W. J. Cu ..."
Abstract

Cited by 48 (0 self)
 Add to MetaCart
: Recent advances in the field of hardware verification have raised some fresh (and some familiar) issues to do with the scope and limitations of formal proof. In this note, some of these are considered in the context of the Viper verification project. Viper is a microprocessor designed by W. J. Cullyer, C. Pygott and J. Kershaw, of the Royal Signals and Radar Establishment of the U.K. Ministry of Defense, for use in safetycritical applications. Much to their credit, the designers intended from the start that Viper be formally verified; they presented Viper's more abstract specifications in a language suitable for formal reasoning, and they placed the design in the public domain. Viper microprocessors are currently being marketed as verified chips. The formal proof aspects of the verification work have been carried out at the Computer Laboratory of the University of Cambridge. To date, some important properties of a registertransfer level model of Viper, relative to a more abstract ...
Abstraction Mechanisms for Hardware Verification
 VLSI Specification, Verification and Synthesis
, 1987
"... ion Mechanisms for Hardware Verification Thomas F. Melham University of Cambridge Computer Laboratory New Museums Site, Pembroke Street Cambridge, CB2 3QG, England Abstract: It is argued that techniques for proving the correctness of hardware designs must use abstraction mechanisms for relating fo ..."
Abstract

Cited by 38 (0 self)
 Add to MetaCart
ion Mechanisms for Hardware Verification Thomas F. Melham University of Cambridge Computer Laboratory New Museums Site, Pembroke Street Cambridge, CB2 3QG, England Abstract: It is argued that techniques for proving the correctness of hardware designs must use abstraction mechanisms for relating formal descriptions at different levels of detail. Four such abstraction mechanisms and their formalization in higher order logic are discussed. Introduction Recent advances in microelectronics have given designers of digital hardware the potential to build electronic devices of unprecedented size and complexity. With increasing size and complexity, however, it becomes increasingly difficult to ensure that such systems will not malfunction because of design errors. This problem has prompted some researchers to look for a firm theoretical basis for correct design of hardware systems. Mathematical methods have been developed to model the functional behaviour of electronic devices and to verify,...
Safe, Untrusted Agents using ProofCarrying Code
 of Lecture Notes in Computer Science
, 1998
"... . ProofCarrying Code (PCC) enables a computer system to determine, automatically and with certainty, that program code provided by another system is safe to install and execute without requiring interpretation or runtime checking. PCC has applications in any computing system in which the safe, eff ..."
Abstract

Cited by 32 (3 self)
 Add to MetaCart
. ProofCarrying Code (PCC) enables a computer system to determine, automatically and with certainty, that program code provided by another system is safe to install and execute without requiring interpretation or runtime checking. PCC has applications in any computing system in which the safe, efficient, and dynamic installation of code is needed. The key idea of ProofCarrying is to attach to the code an easilycheckable proof that its execution does not violate the safety policy of the receiving system. This paper describes the design and a typical implementation of ProofCarrying Code, where the language used for specifying the safety properties is firstorder predicate logic. Examples of safety properties that are covered in this paper are memory safety and compliance with data access policies, resource usage bounds, and data abstraction boundaries. 1 Introduction ProofCarrying Code (PCC) enables a computer system to determine, automatically and with certainty, that program cod...
Using Recursive Types to Reason about Hardware in Higher Order Logic
, 1988
"... : The expressive power of higher order logic makes it possible to define a wide variety of data types within the logic and to prove theorems that state the properties of these types concisely and abstractly. This paper describes how such defined data types can be used to support formal reasoning in ..."
Abstract

Cited by 19 (1 self)
 Add to MetaCart
: The expressive power of higher order logic makes it possible to define a wide variety of data types within the logic and to prove theorems that state the properties of these types concisely and abstractly. This paper describes how such defined data types can be used to support formal reasoning in higher order logic about the behaviour of hardware designs. First printed: May 1988 Reprinted with revisions: April 1990 An earlier version of this paper appears in: The Fusion of Hardware Design and Verification, ed. G.J. Milne (NorthHolland, 1988), pp. 2750. Contents Introduction 5 1 Hardware Verification using Higher Order Logic 5 1.1 Notation : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : 5 1.2 Specifying Hardware Behaviour : : : : : : : : : : : : : : : : : : 6 1.3 Specifying Hardware Structure : : : : : : : : : : : : : : : : : : 7 1.4 Formulating Correctness : : : : : : : : : : : : : : : : : : : : : : 8 2 Recursive Types in Higher Order Logic 8 2.1 Type Definit...
Proof Generation in the Touchstone Theorem Prover
 In Proceedings of the International Conference on Automated Deduction
, 2000
"... . The ability of a theorem prover to generate explicit derivations for the theorems it proves has major benets for the testing and maintenance of the prover. It also eliminates the need to trust the correctness of the prover at the expense of trusting a much simpler proof checker. However, it is ..."
Abstract

Cited by 17 (0 self)
 Add to MetaCart
. The ability of a theorem prover to generate explicit derivations for the theorems it proves has major benets for the testing and maintenance of the prover. It also eliminates the need to trust the correctness of the prover at the expense of trusting a much simpler proof checker. However, it is not always obvious how to generate explicit proofs in a theorem prover that uses decision procedures whose operation does not directly model the axiomatization of the underlying theories. In this paper we describe the modications that are necessary to support proof generation in a congruenceclosure decision procedure for equality and in a Simplexbased decision procedure for linear arithmetic. Both of these decision procedures have been integrated using a modied NelsonOppen cooperation mechanism in the Touchstone theorem prover, which we use to produce proofcarrying code. Our experience with designing and implementing Touchstone is that proof generation has a relatively low c...
A Logic Programming Approach to Implementing HigherOrder Term Rewriting
 Second International Workshop on Extensions to Logic Programming, volume 596 of Lecture Notes in Arti Intelligence
, 1992
"... Term rewriting has proven to be an important technique in theorem proving. In this paper, we illustrate that rewrite systems and strategies for higherorder term rewriting, which includes the usual notion of firstorder rewriting, can be naturally specified and implemented in a higherorder logic pr ..."
Abstract

Cited by 16 (2 self)
 Add to MetaCart
Term rewriting has proven to be an important technique in theorem proving. In this paper, we illustrate that rewrite systems and strategies for higherorder term rewriting, which includes the usual notion of firstorder rewriting, can be naturally specified and implemented in a higherorder logic programming language. We adopt a notion of higherorder rewrite system which uses the simply typed calculus as the language for expressing rules, with a restriction on the occurrences of free variables on the left hand sides of rules so that matching of terms with rewrite templates is decidable. The logic programming language contains an implementation of the simplytyped lambda calculus including fij conversion and higherorder unification. In addition, universal quantification in queries and the bodies of clauses is permitted. For higherorder rewriting, we show how these operations implemented at the metalevel provide elegant mechanisms for the objectlevel operations of descending thro...
Techniques For Efficient Formal Verification Using Binary Decision Diagrams
, 1995
"... The appeal of automatic formal verification is that it's automatic  minimal human labor and expertise should be needed to get useful results and counterexamples. BDD(binary decision diagram)based approaches have promised to allow automatic verification of complex, real systems. For large classes ..."
Abstract

Cited by 15 (0 self)
 Add to MetaCart
The appeal of automatic formal verification is that it's automatic  minimal human labor and expertise should be needed to get useful results and counterexamples. BDD(binary decision diagram)based approaches have promised to allow automatic verification of complex, real systems. For large classes of problems, however, (including many distributed protocols, multiprocessor systems, and network architectures) this promise has yet to be fulfilled. Indeed, the few successes have required extensive time and effort from sophisticated researchers in the field. Clearly, techniques are needed that are more sophisticated than the obvious direct implementation of theoretical results. This thesis addresses that need, emphasizing an application domain that has been particularly difficult for BDDbased methods  highlevel models of systems or distributed protocols  rather than gatelevel descriptions of circuits. Additionally, the emphasis is on providing useful debugging information for the...