Results 1  10
of
11
I/O Automata and Beyond: Temporal Logic and Abstraction in Isabelle
, 1998
"... We describe a verification framework for I/O automata in Isabelle. It includes a temporal logic, proof support for showing implementation relations between live I/O automata, and a combination of Isabelle with model checking via a verified abstraction theory. The underlying domaintheoretic sequence ..."
Abstract

Cited by 14 (3 self)
 Add to MetaCart
We describe a verification framework for I/O automata in Isabelle. It includes a temporal logic, proof support for showing implementation relations between live I/O automata, and a combination of Isabelle with model checking via a verified abstraction theory. The underlying domaintheoretic sequence model turned out to be especially adequate for these purposes. Furthermore, using a tailored combination of Isabelle's logics HOL and HOLCF we achieve two complementary goals: expressiveness for proving meta theory (HOLCF) and simplicity and efficiency for system verification (HOL).
Mechanical Verification of Distributed Algorithms in HigherOrder Logic
 The Computer Journal
, 1995
"... this paper we explain how to do so using HOLan interactive proof assistant for higherorder logic developed by Gordon and others [18]. First, we describe how to build an infrastructure in HOL that supports reasoning about distributed algorithms, including formal theories of predicates, temporal l ..."
Abstract

Cited by 13 (1 self)
 Add to MetaCart
(Show Context)
this paper we explain how to do so using HOLan interactive proof assistant for higherorder logic developed by Gordon and others [18]. First, we describe how to build an infrastructure in HOL that supports reasoning about distributed algorithms, including formal theories of predicates, temporal logic, labeled transition systems, simulation of programs, translation of properties, and graphs. Then we demonstrate, via an example, how to use the powerful intuition about events and causality to guide and structure correctness proofs of distributed algorithms. The example used is the verification of PIF (propagation of information with feedback), which is a simple but typical distributed algorithm due to Segall [33]. 1 INTRODUCTION
Tool Support for the Compositional Development of Distributed Systems
 In Tagungsband 7. GI/ITGFachgespr ach Formale Beschreibungstechniken fur verteilte Systeme, number 315 in GMD Studien. GMD
, 1997
"... There is a large number of formalisms available for the development of distributed, concurrent and reactive systems. Also, effort has been invested in the development of model checkers and theorem provers for such formalisms. We argue that for formal developments of a substantial size, the increa ..."
Abstract

Cited by 10 (7 self)
 Add to MetaCart
There is a large number of formalisms available for the development of distributed, concurrent and reactive systems. Also, effort has been invested in the development of model checkers and theorem provers for such formalisms. We argue that for formal developments of a substantial size, the increased complexity of formalisms for compositional development (like [1]) requires tool support which goes beyond theorem provers for the bare formalism. In particular, we discuss the management of proof obligations, changes in the development, and the relationship between development structure and proof structure. 1 Introduction With respect to theoretical aspects, formal description techniques for statebased concurrent, reactive and distributed systems have been developed to a level of maturity where they promise real benefits for the development of systems. Unfortunately, the effort spent on tools for such formal methods has been focused on support for model checking or proving in the...
From dy/dx to [ ]P: A matter of notation
 In Proceedings of the Conference on User Interfaces for Theorem Provers
, 1998
"... An analysis is given of the conventional dy notation for derivatives that explains it dx as a notational abbreviation for expressions using the simpler binding structure standard in modern formalizations. The Nuprl display system was used to implement examples of such notation. It turns out that the ..."
Abstract

Cited by 6 (1 self)
 Add to MetaCart
(Show Context)
An analysis is given of the conventional dy notation for derivatives that explains it dx as a notational abbreviation for expressions using the simpler binding structure standard in modern formalizations. The Nuprl display system was used to implement examples of such notation. It turns out that the same methods can be used to explain conventional modal logic notations. We construe necessity as a firstorder quantifier, in a well known way, then explain standard modal notation as a way simply to display these formulas of a nonmodal logic. We contrast the method with the interpretation of necessity as a sentential operator, and also with higherorder interpretations that have been used to interpret temporal logic in HOL. The methods are then applied to a simple firstorder temporal logic. The intention is that the user can work in this notation interactively, not just produce it for printing. The methods to be discussed here for formalizing a few mathematical and logical concepts are already well known, or are small variations on well known methods, and are not the true subject of this paper. This paper is about notational enhancements for exploiting those methods, and may also serve as an explanation for some notations that are conventional, but do not obviously conform to the simpler syntax and semantics of currentday computerized formal mathematics. We apply a particular combination of notational devices to a few examples, revealing their notational similarity. We start with Leibniz’s notation for derivatives, dy dx, and end with firstorder temporal logic for programs. These notational methods have been made precise, and implemented in the Nuprl proof development system, 1 where they are meant for use as working notation. These examples were developed within it, although almost none of the mathematics for which these notations were implemented has been carried out in Nuprl. The basic idea: How dy dx works. Suppose Deriv(x. e(x) ; a) is a binding operator used to stand for the derivative, at a, of the function denoted by e(x) in variable x. 2 So, for example,
A Framework for Verifying DataCentric Protocols
"... Abstract. Data centric languages, such as recursive rule based languages, have been proposed to program distributed applications over networks. They simplify greatly the code, which is orders of magnitude shorter, much more declarative, while still admitting efficient distributed execution. We show ..."
Abstract

Cited by 5 (3 self)
 Add to MetaCart
(Show Context)
Abstract. Data centric languages, such as recursive rule based languages, have been proposed to program distributed applications over networks. They simplify greatly the code, which is orders of magnitude shorter, much more declarative, while still admitting efficient distributed execution. We show that they also provide a promising approach to the verification of distributed protocols, thanks to their data centric orientation, which allows to explicitly handle global structures, such as the topology of the network, routing tables, trees, etc, as well as their properties. We consider a framework using an original formalization in the Coq proof assistant of a distributed computation model based on message passing with either synchronous or asynchronous behavior. The declarative rules of the Netlog language for specifying distributed protocols, as well as the virtual machines for evaluating these rules, are encoded in Coq as well. We consider as a case study tree protocols, and show how this framework enables us to formally verify them in both the asynchronous and synchronous setting. 1
AssumptionCommitment Specifications And SafetyCritical Systems
 In Formale Beschreibungstechniken fur verteilte Systeme, Shaker Verlag
, 1998
"... this paper, we discuss the use of assumptioncommitment style specifications for the formal development of safetycritical systems. Assumptioncommitment specifications are of the form "as long as the environment will satisfy certain conditions (assumptions), the system will behave in a part ..."
Abstract

Cited by 2 (2 self)
 Add to MetaCart
this paper, we discuss the use of assumptioncommitment style specifications for the formal development of safetycritical systems. Assumptioncommitment specifications are of the form "as long as the environment will satisfy certain conditions (assumptions), the system will behave in a particular way (commitments)." If the environment violates the assumptions, then after the environment's failure the system may fail to fulfill the commitments as well. Note the requirement that if the system fails, then the environment must have failed before. In this aspect, assumptioncommitment specifications differ from ordinary implication.
An Encoding of TLA in Isabelle
, 1999
"... This note describes the representation of Lamport's Temporal Logic of Actions that comes with the standard distribution of the generic theorem prover Isabelle. It is based on a simple technique for embedding possibleworlds based logics in Isabelle. ..."
Abstract

Cited by 2 (0 self)
 Add to MetaCart
(Show Context)
This note describes the representation of Lamport's Temporal Logic of Actions that comes with the standard distribution of the generic theorem prover Isabelle. It is based on a simple technique for embedding possibleworlds based logics in Isabelle.
The Semantics of TLA on the PVS Theorem Prover
, 1996
"... An implementation of Lamport's Temporal Logic of Actions (TLA) on a higher order logic theorem prover is described. TLA is a temporal logic, for which a syntax and semantics are defined, based on an action logic which is represented by higher order functions. The temporal logic includes quantif ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
An implementation of Lamport's Temporal Logic of Actions (TLA) on a higher order logic theorem prover is described. TLA is a temporal logic, for which a syntax and semantics are defined, based on an action logic which is represented by higher order functions. The temporal logic includes quantifiers for variables with constant values and for variables whose values change over time. The semantics of the latter depend on an auxiliary function which cannot be defined by primitive recursion and an alternative is given based on the Hilbert ffl operator. 1 Introduction The Temporal Logic of Actions (Lamport, 1994) is a system for reasoning about programs by considering the changes made to program variables during an execution. Actions are boolean expressions relating the values of the variables before and after some event, typically the execution of a command, of the program. Propositional operators are defined on actions giving the base of the temporal logic (the modal system S4.3.1, see Ab...
ISSN 02496399 ISRN INRIA/RR7511FR+ENGVerifying Declarative Netlog Protocols with Coq: a First Experiment
"... de recherche ..."
(Show Context)
Mechanizing TLA in Isabelle
"... Abstract We discuss some of the problems faced when trying to embed modal and temporal logics in a higherorder logic framework, and suggest a technique to obtain a sound embedding of TLA that is highly amenable to mechanized reasoning. 1 Background Formal methods that support the design and verific ..."
Abstract
 Add to MetaCart
(Show Context)
Abstract We discuss some of the problems faced when trying to embed modal and temporal logics in a higherorder logic framework, and suggest a technique to obtain a sound embedding of TLA that is highly amenable to mechanized reasoning. 1 Background Formal methods that support the design and verification of nontrivial pieces of hardware or software require computerbased tools to discharge the resulting proof obligations. Such tools have to be readily extensible to accomodate the representation of domainspecific data theories. It is therefore attractive to embed formal methods in standard logical frameworks with adequate theoremproving capabilities, such as the Larch prover, descendants of the LCF system such as Isabelle or HOL, or the PVS system. In this paper, we describe some of the issues encountered in a representation of Lamport's Temporal Logic of Actions (TLA) in Isabelle.