## Comparison of IMPS, PVS and Larch with respect to theory treatment and modularization (1996)

Citations: | 1 - 0 self |

### BibTeX

@MISC{Kammüller96comparisonof,

author = {F. Kammüller},

title = {Comparison of IMPS, PVS and Larch with respect to theory treatment and modularization },

year = {1996}

}

### OpenURL

### Abstract

This paper serves as a report of the literature study I performed between November '95 and February '96 concerning concepts for Isabelle Modules. It compares three proof systems which are recent and successful enough to serve as exemplaries for a study of their theory handling.

### Citations

853 |
A formulation of the simple theory of types
- Church
- 1940
(Show Context)
Citation Context ...tructors and quasi-constructors are polymorphic in the sense that they can be applied to expressions of several different types. 2.1.2 Type System The type hierarchy of LUTINS is a simple type theory =-=[Chu40]-=-. It consists of base types and function types. For a language L in LUTINS there is always the type of propositions prop,sfor short, and depending on L some types of individuals. Function types are de... |

539 | PVS: A Prototype Verification System
- Owre, Rushby, et al.
- 1992
(Show Context)
Citation Context ...e expressions, function definitions, and conditions of conditional rewrite rules. The proof strategies provide a means to compose frequently used patters 9 of proofs into single steps. At the time of =-=[ORS92]-=- there were only two commands, TRY and IF, for composing strategies. The proof checker might invoke the typechecker, e.g. to check typing conditions on variables during instantiation. Resulting TCC's ... |

310 | Languages and Tools for Formal Specifications
- Guttag, Horning, et al.
- 1993
(Show Context)
Citation Context ...asic details and are more detailed in aspects interesting for the global subject. For more comprehensive introductions to PVS and IMPS the reader is referred to [OSR93] and [FGT93a], and for Larch to =-=[GH93]-=-. Section 3 is then concerned with theories in those systems. There the notion of theories and the mechanisms available to handle those theories are introduced and in the following Section 4 some majo... |

272 | An initial algebra approach to the specification, correctness and implementation of abstract data types - Goguen, Thatcher, et al. - 1978 |

219 | Fundamentals of Algebraic Specification 1 - Ehrig, Mahr - 1985 |

156 |
Fundamental concepts in programming languages
- Strachey
- 1967
(Show Context)
Citation Context ...ere is no explicit way to abstract over a once interpreted type. Besides that, PVS allows the overloading of declaration identifiers. But, we do not get by this an ad hoc polymorphism in the sense of =-=[Str67]-=- because the PVS overloading is restricted to different kinds (cf. Section 2.2.1). For example, it is impossible to define two +'s of, say, type [int, int -? int] and [set, set -? set], respectively, ... |

79 | IMPS: An interactive mathematical proof system
- Farmer
- 1993
(Show Context)
Citation Context ...mplete. They omit lots of basic details and are more detailed in aspects interesting for the global subject. For more comprehensive introductions to PVS and IMPS the reader is referred to [OSR93] and =-=[FGT93a]-=-, and for Larch to [GH93]. Section 3 is then concerned with theories in those systems. There the notion of theories and the mechanisms available to handle those theories are introduced and in the foll... |

74 | A partial functions version of Church’s simple theory of types - Farmer - 1990 |

73 | A first Course in Abstract Algebra - Fraleigh - 2003 |

63 | Formal verification of the AAMP5 microprocessor: A case study in the industrial use of formal methods - Miller, Srivas - 1995 |

50 | Little theories
- Farmer, Guttman, et al.
- 1992
(Show Context)
Citation Context ... at MITRE is mainly designed to the interactive machine supported proof of mathematical reasoning. It tries to emphasize the linking of axiomatic theories as the main method of mathematical reasoning =-=[FGT92b]-=-. The heart of IMPS is its higher-order logic LUTINS, a Logic of Undefined Terms for Inference in a Natural Style. The speciality of LUTINS compared to other logics based on simple type theory, like H... |

35 | Theory Interpretation in Simple Type Theory - Farmer - 1994 |

30 |
A Simple Type Theory with Partial Functions and Subtypes
- Farmer
- 1993
(Show Context)
Citation Context ...rticular the \Phi-images of all axioms T . If each obligation of the source theory T is a theorem of the target theory T 0 then \Phi is a theory interpretation by the interpretation theorem of LUTINS =-=[Far93]-=-. That is, \Phi translates each theorem of T to a theorem of T 0 . Interpretations are independent from languages L so they form a means to relate arbitrary user defined applications. Syntactically, t... |

30 | Structured theories in LCF
- Sannella, Burstall
- 1983
(Show Context)
Citation Context ...ort several instances of one theory thus simulating the theory ensemble. LSL offers with its includes a similar device as PVS. There are other possibilities of reasoning on a large scale. The article =-=[SB83]-=- describes some possible ways of constructing theories. Renaming, one of the points described there, is only possible in LSL. Abstraction, i.e. forgetting some types and constants and perhaps renaming... |

29 | Debugging Larch Shared Language Specifications
- Garland, Guttag, et al.
- 1990
(Show Context)
Citation Context ...ning of the interface languages given in the interface specifications. The Larch Prover, LP, serves as a proof assistant to reason about Larch specifications or to assist in "specification debugg=-=ing" [GGH90]-=-. In contrast to the specification languages of PVS and IMPS LSL is based on first-order logic. 2.1 The IMPS System 2.1.1 Constructors and Quasi-Constructors The expressions of a language of LUTINS ar... |

27 | Modet: Report on the Larch Shared Language, Version 2.3
- Guttag, Horning, et al.
- 1990
(Show Context)
Citation Context ... of a programming language module or object its logical meaning is that of a theory: "each trait defines a theory (a set of formulas without free variables) in typed first-order logic with equali=-=ty " [GHM90]-=-. A trait is constituted by its introduces part, the section declaring all the operators of the trait, and its asserts part which contains the constraints on the operators in form of equations and pos... |

21 |
The PVS Specification Language (Beta Release
- Owre, Shankar, et al.
- 1993
(Show Context)
Citation Context ...2 are not complete. They omit lots of basic details and are more detailed in aspects interesting for the global subject. For more comprehensive introductions to PVS and IMPS the reader is referred to =-=[OSR93]-=- and [FGT93a], and for Larch to [GH93]. Section 3 is then concerned with theories in those systems. There the notion of theories and the mechanisms available to handle those theories are introduced an... |

16 | Formal Specification and Verification of a Fault-Masking and Transient-Recovery Model for Digital Flight Control Systems - Rushby - 1992 |

14 | IMPS: System description - Farmer, Guttman - 1992 |

13 |
A tutorial on Larch and LCL, a Larch/C interface language
- Guttag, Horning
- 1991
(Show Context)
Citation Context ... of several axiomatic specification languages. One group of languages is designed for the specification of interfaces between program components. Such interface languages exist for example for C (LCL =-=[GH91]-=-) and Modula-3 (LM3 [Nel91]). Then there is the language LSL, the Larch Shared Language which all interface languages have in common. It is independent from any programming language and intended to sp... |

11 |
Using Axiomatic Type Classes
- Wenzel
(Show Context)
Citation Context ...s declared as a member of the type class all axioms are inherited. The mechanism of defining type classes together with axioms has now become an explicit device of the Isabelle specification language =-=[Wen95]-=-. A type class in Isabelle is a device for grouping types. For example, semigroup ! term defines a type class as a subclass of the built-in class term of HOL. Type classes can now be directly defined ... |

10 | A formal description of Verdi - Saaltink - 1990 |

4 | Proof script pragmatics in imps
- Farmer, Guttman, et al.
- 1994
(Show Context)
Citation Context ...ng Since the IMPS system is considering theorem proving mainly as a matter of theory handling we treat theorem proving in the present "theory" section. There are two levels of theorem provin=-=g in IMPS [FGNT94]. Rea-=-soning at the formula level is strongly supported by an automatic expression simplification routine whereas the reasoning at the proof structure level is performed interactively. The user "orches... |

2 |
Reasoning with Contexts
- Farmer, Guttman, et al.
- 1993
(Show Context)
Citation Context ...ore than an annoying obligation. Thus the more explicit parameterization /instantiation concept, like e.g. PVS uses, is more likely to be adopted by us. Still, the reasoning with context idea of IMPS =-=[FGT93b]-=- offers a good exemplary for the base of the theory treatment, i.e. the current context in which the various theories are treated. Though we do not have a notion of definedness in Isabelle we might tr... |

2 |
Theories as ML Structures, Signatures, and Functors
- Paulson
- 1991
(Show Context)
Citation Context ...be simulated by the others and like in the world of Turing machines and register machines all can do the same. 6 Isabelle The present section first introduces Isabelle Modules as they are proposed in =-=[Pau91]-=- and implemented in [Asp91]. The implementation and the proposal differ slightly which is discussed. Then, we show up the extension of the Isabelle system which are now available and have to be integr... |

2 | Formal Verification of an Avioniocs Microprocessor - Srivas, Miller - 1995 |

1 |
Isabelle Modules -- A New Theory Mechanism for Isabelle
- Aspinall
- 1991
(Show Context)
Citation Context ...ction 4 some major aspects are compared. Finally, Section 5 tries to reflect some issues and evaluate them. In Section 6 we shortly introduce a work already performed with respect to Isabelle modules =-=[Asp91]-=-. This work is based on the ideas and concepts of [Pau91]. Since [Asp91] has somehow prototypical character and furthermore builds on an old version of Isabelle 1 it is not incorporated in the compari... |

1 |
Axiomatic Type Classes (in Isabelle
- Nipkow
- 1993
(Show Context)
Citation Context ...thermore declared as sharing. 6.2 Isabelle at Present In the present state of Isabelle a theory is something like a primitive structure satisfying a given signature. The type class system of Isabelle =-=[Nip93]-=- allows to formulate polymorphic object logics in a proper way. By using type variables and coercing them in certain classes it is then possible to state axioms for whole classes of types. If a type i... |

1 |
Simple Type Theory
- Saaltink, Craigen
- 1991
(Show Context)
Citation Context ...ame to the conclusion that its facilities of theory construction do not offer something remarkable. Though there is a device to relate specifications to models in a mechanical way in the Eves library =-=[SC91] the speci-=-fication language of Eves, Verdi, has none of the constructions we found in the other systems apart from a "load theory"-device which is even available in the current Isabelle. This paper fi... |