## Bounded Relational Analysis of Free Data Types (2008)

Citations: | 1 - 1 self |

### BibTeX

@MISC{Dunets08boundedrelational,

author = {Andriy Dunets and Gerhard Schellhorn and Wolfgang Reif},

title = { Bounded Relational Analysis of Free Data Types},

year = {2008}

}

### OpenURL

### Abstract

In this paper we report on our first experiences using the relational analysis provided by the Alloy tool with the theorem prover KIV in the context of specifications of freely generated data types. The presented approach aims at improving KIV’s performance on first-order theories. In theorem proving practice a significant amount of time is spent on unsuccessful proof attempts. An automatic method that exhibits counter examples for unprovable theorems would offer an extremely valuable support for a proof engineer by saving his time and effort. In practice, such counterexamples tend to be small, so usually there is no need to search for big instances. The paper defines a translation from KIV’s recursive definitions to Alloy, discusses its correctness and gives some examples.

### Citations

819 | Dynamic logic
- Harel
- 1984
(Show Context)
Citation Context ...omic user interface. Details on KIV can be found in [4,5]. 2.1 Specification of Algebraic Data Types The basic logic underlying the KIV system combines Higher-Order Logic (HOL) and Dynamic Logic (DL) =-=[8]-=-, which allows to reason over imperative programs (partial and total correctness as well as program equivalence are expressible). In this work we are particularly interested in the FOL part of the KIV... |

116 | Automating first-order relational logic
- Jackson
- 2000
(Show Context)
Citation Context ...lloy Analyzer [10] and its successful application in the Mondex challenge by Ramananandro [15]. Alloy’s algorithm handles the full first-order relational logic with quantifiers and transitive closure =-=[11]-=-. B. Beckert and R. Hähnle (Eds.): TAP 2008, LNCS 4966, pp. 99–115, 2008. c○ Springer-Verlag Berlin Heidelberg 2008100 A. Dunets, G. Schellhorn, and W. Reif Because formal theories in KIV are constru... |

60 | Kodkod: A relational model finder
- Torlak, Jackson
- 2007
(Show Context)
Citation Context ... ∈ : elem × list can be specified as a ∈ x ↔∃y, z. y + a + z = x. The translation to Alloy language was done manually and we have to automate it. A new more powerful tool based on Alloy called Kodkod =-=[22]-=- has become available recently. It is implemented as an API rather than as a standalone application and can easily be incorporated as a backend of another tool. We plan to use it for more seamless int... |

31 | Integrating automated and interactive theorem proving
- Ahrendt, Beckert, et al.
- 1998
(Show Context)
Citation Context ...tion or other calculi as a tactic in KIV to prove first-order theorems. A fundamental investigation of a conceptual integration that goes beyond a loose coupling of two proof systems was performed in =-=[1]-=- and some improvements on exploiting the structure of algebraic theories were presented in [16]. In [13] an automation procedure for a theorem prover is described which bridges numerous differences be... |

28 | Automation for interactive proof: First prototype - Meng, Quigley, et al. |

27 | G.: Theorem proving in large theories
- Reif, Schellhorn
- 1998
(Show Context)
Citation Context ...ation of a conceptual integration that goes beyond a loose coupling of two proof systems was performed in [1] and some improvements on exploiting the structure of algebraic theories were presented in =-=[16]-=-. In [13] an automation procedure for a theorem prover is described which bridges numerous differences between Isabelle with its higher-order logic and resolution provers Vampire and SPASS (restricted... |

26 | Verifying Concurrent System with Symbolic Execution
- Balser
- 2006
(Show Context)
Citation Context ...rly interested in the FOL part of the KIV system. The reason is, that in almost all proof tasks carried out interactively in KIV, whether in the basic logic or in extensions for temporal logic proofs =-=[2]-=-, ASM specifications [19], statecharts [21,3] or Java program proofs [20], eventually a lot of first-order proof obligations arise. These are typically discharged using simplifier rules. Most simplifi... |

23 | A.: Expressiveness + automation + soundness: towards combining SMT solvers and interactive proof assistants
- Fontaine, Marion, et al.
- 2006
(Show Context)
Citation Context ...theorem prover is described which bridges numerous differences between Isabelle with its higher-order logic and resolution provers Vampire and SPASS (restricted first-order, untyped, clause form). In =-=[7]-=- a proof certification using theorem prover Isabelle/HOL for a decision procedure for the quantifier-free first-order logic in SMT-solver haRVey is described. The theorem prover is used to guarantee s... |

22 |
Inductive definitions: automation and application
- Harrison
- 1995
(Show Context)
Citation Context ...d order <. Then for each model M of the original specification the enrichment defines exactly one function g. A formal proof of this theorem, which views Ψ as a higher-order function, can be found in =-=[9]-=-. For our case g is the relation (= boolean function) F .Thetheorem implies that just translating the equivalence already fixes exactly one relation F . Since the relational translation, when adding u... |

20 | Relational analysis of algebraic datatypes
- Kuncak, Jackson
- 2005
(Show Context)
Citation Context ...fications, the sought-after automatic procedure involving Alloy Analyzer would represent a relational analysis of algebraic data types. A fundamental work on this topic was done by Kuncak and Jackson =-=[12]-=-. They present a method for the satisfiability checking of first-order formulas which is based on finite model finding, formulate essential properties which should be satisfied by an analyzed data str... |

20 | A formally verified calculus for full Java Card
- Stenzel
- 2004
(Show Context)
Citation Context ... almost all proof tasks carried out interactively in KIV, whether in the basic logic or in extensions for temporal logic proofs [2], ASM specifications [19], statecharts [21,3] or Java program proofs =-=[20]-=-, eventually a lot of first-order proof obligations arise. These are typically discharged using simplifier rules. Most simplifier rules are first-order lemmas which are automatically used for rewritin... |

19 | Interactive Correctness Proofs for Software Modules Using KIV
- Reif, Schellhorn, et al.
- 1995
(Show Context)
Citation Context ...f Fig. 6. Counter example generated by Alloy 6.1 Example: Lists of Intervals As a nice nontrivial example we considered an implementation of sets of natural numbers by intervallists, that was used in =-=[17]-=- to demonstrate algebraic refinement via modules in KIV. The example has also been analyzed previously using KIV’s own counter example generation mechanism described in [18]. We first describe the exa... |

13 |
Verification of abstract state machines
- Schellhorn
- 1999
(Show Context)
Citation Context ...L part of the KIV system. The reason is, that in almost all proof tasks carried out interactively in KIV, whether in the basic logic or in extensions for temporal logic proofs [2], ASM specifications =-=[19]-=-, statecharts [21,3] or Java program proofs [20], eventually a lot of first-order proof obligations arise. These are typically discharged using simplifier rules. Most simplifier rules are first-order ... |

12 | W.: Interactive Verification of Statecharts
- Thums, Schellhorn, et al.
- 2004
(Show Context)
Citation Context ...system. The reason is, that in almost all proof tasks carried out interactively in KIV, whether in the basic logic or in extensions for temporal logic proofs [2], ASM specifications [19], statecharts =-=[21,3]-=- or Java program proofs [20], eventually a lot of first-order proof obligations arise. These are typically discharged using simplifier rules. Most simplifier rules are first-order lemmas which are aut... |

10 |
und Thums, A.: Formal system development with KIV
- Balser, Reif, et al.
(Show Context)
Citation Context ...g proof support for all validation and verification tasks and is capable of handling large-scale theories by efficient proof techniques and an ergonomic user interface. Details on KIV can be found in =-=[4,5]-=-. 2.1 Specification of Algebraic Data Types The basic logic underlying the KIV system combines Higher-Order Logic (HOL) and Dynamic Logic (DL) [8], which allows to reason over imperative programs (par... |

9 | Thums, A.: Flaw detection in formal specifications
- Reif, Schellhorn
- 2001
(Show Context)
Citation Context ...vallists, that was used in [17] to demonstrate algebraic refinement via modules in KIV. The example has also been analyzed previously using KIV’s own counter example generation mechanism described in =-=[18]-=-. We first describe the example, the results we got with Alloy and then give a short comparison of the results with KIV. Sets of natural numbers can be implemented as lists of intervals, where an inte... |

8 | KIV 3.0 for Provably Correct Systems
- Balser, Reif, et al.
- 1999
(Show Context)
Citation Context ...ion, formal methods. 1 Introduction In our work we present an integration of an automatic procedure for finding finite counter examples or witnesses for first-order theories in the theorem prover KIV =-=[4]-=-. KIV supports both functional and state-based approaches to model systems. In this paper, we concern ourselves with the functional approach, which uses hierarchically structured higher-order algebrai... |

8 | Geometric resolution: A proof procedure based on finite model search
- Nivelle, Meng
- 2006
(Show Context)
Citation Context ...proving is spent on unsuccessful proof attempts. For many applications knowing a counter model to a wrong assumption is as useful as knowing that a conjecture is true itself. This idea is realized in =-=[6]-=-, where a proof procedure based on finite model finding techniques is designed for first-order logic. Reversely, [14] presents a so-called small model theorem, which calculates a threshold size for da... |

8 |
Towards a small model theorem for data independent systems in Alloy
- Momtahan
- 2005
(Show Context)
Citation Context ... is as useful as knowing that a conjecture is true itself. This idea is realized in [6], where a proof procedure based on finite model finding techniques is designed for first-order logic. Reversely, =-=[14]-=- presents a so-called small model theorem, which calculates a threshold size for data types. If no counter examples are found at the threshold, the theorem guarantees that increasing the scope still p... |

5 |
Thums, A.: Interactive verification of UML state machines
- Balser, Baumler, et al.
- 2004
(Show Context)
Citation Context ...system. The reason is, that in almost all proof tasks carried out interactively in KIV, whether in the basic logic or in extensions for temporal logic proofs [2], ASM specifications [19], statecharts =-=[21,3]-=- or Java program proofs [20], eventually a lot of first-order proof obligations arise. These are typically discharged using simplifier rules. Most simplifier rules are first-order lemmas which are aut... |

2 | an electronic purse: specification and refinement checks with the Alloy model-finding method
- Ramananandro
- 2008
(Show Context)
Citation Context ...by the automatic analysis method for first-order relational logic with transitive closure implemented in the Alloy Analyzer [10] and its successful application in the Mondex challenge by Ramananandro =-=[15]-=-. Alloy’s algorithm handles the full first-order relational logic with quantifiers and transitive closure [11]. B. Beckert and R. Hähnle (Eds.): TAP 2008, LNCS 4966, pp. 99–115, 2008. c○ Springer-Verl... |