Results 1  10
of
61
Verification of ASM refinements using generalized forward simulation
, 2001
"... Abstract: This paper describes a generic proof method for the correctness of refinements of Abstract State Machines based on commuting diagrams. The method generalizes forward simulations from the refinement of I/O automata by allowing arbitrary m:n diagrams, and by combining it with the refinemen ..."
Abstract

Cited by 31 (6 self)
 Add to MetaCart
Abstract: This paper describes a generic proof method for the correctness of refinements of Abstract State Machines based on commuting diagrams. The method generalizes forward simulations from the refinement of I/O automata by allowing arbitrary m:n diagrams, and by combining it with the refinement of data structures.
Dynamic logic with nonrigid functions: A basis for objectoriented program verification
 IJCAR, volume 4130 of LNCS
, 2006
"... Abstract. We introduce a dynamic logic that is enriched by nonrigid functions, i.e., functions that may change their value from state to state (during program execution), and we present a (relatively) complete sequent calculus for this logic. In conjunction with dynamically typed object enumerators ..."
Abstract

Cited by 24 (10 self)
 Add to MetaCart
(Show Context)
Abstract. We introduce a dynamic logic that is enriched by nonrigid functions, i.e., functions that may change their value from state to state (during program execution), and we present a (relatively) complete sequent calculus for this logic. In conjunction with dynamically typed object enumerators, nonrigid functions allow to embed notions of objectorientation in dynamic logic, thereby forming a basis for verification of objectoriented programs. A semantical generalisation of substitutions, called state update, which we add to the logic, constitutes the central technical device for dealing with object aliasing during function modification. With these few extensions, our dynamic logic captures the essential aspects of the complex verification system KeY and, hence, constitutes a foundation for objectoriented verification with the principles of reasoning that underly the successful KeY case studies.
Engineering and Theoretical Underpinnings of Retrenchment
, 2001
"... Refinement is reviewed in a partial correctness framework, highlighting in particular the distinction between its use as a specification constructor at a high level, and its use as an implementation mechanism at a low level. Some of its shortcomings as specification constructor at high levels of ..."
Abstract

Cited by 24 (16 self)
 Add to MetaCart
Refinement is reviewed in a partial correctness framework, highlighting in particular the distinction between its use as a specification constructor at a high level, and its use as an implementation mechanism at a low level. Some of its shortcomings as specification constructor at high levels of abstraction are pointed out, and these are used to motivate the adoption of retrenchment for certain high level development steps. Basic properties of retrenchment are described, including a justification of the operation PO, simple examples, simulation properties, and compositionality for both the basic retrenchment notion and enriched versions. The issue of framing retrenchment in the wide variety of correctness notions for refinement calculi that exist in the literature is tackled, culminating in guidelines on how to `brew your own retrenchment theory'. Two short case studies are presented. One is a simple digital redesign control theory problem, the other is a radiotherapy dos...
Taclets: A New Paradigm for Constructing Interactive Theorem Provers
 CIENCIAS EXACTAS, FÍSICAS Y NATURALES, SERIE A: MATEMÁTICAS, 98(1), 2004. SPECIAL ISSUE ON SYMBOLIC COMPUTATION IN LOGIC AND ARTIFICIAL INTELLIGENCE
, 2004
"... Frameworks for interactive theorem proving give the user explicit control over the construction of proofs based on meta languages that contain dedicated control structures for describing proof construction. Such languages are not easy to master and thus contribute to the already long list of skill ..."
Abstract

Cited by 22 (8 self)
 Add to MetaCart
Frameworks for interactive theorem proving give the user explicit control over the construction of proofs based on meta languages that contain dedicated control structures for describing proof construction. Such languages are not easy to master and thus contribute to the already long list of skills required by prospective users of interactive theorem provers. Most users, however, only need a convenient formalism that allows to introduce new rules with minimal overhead. On the the other hand, rules of calculi have not only purely logical content, but contain restrictions on the expected context of rule applications and heuristic information. We suggest a new and minimalist concept for implementing interactive theorem provers called taclet. Their usage can be mastered in a matter of hours, and they are efficiently compiled into the GUI of a prover. We implemented the KeY system, an interactive theorem prover for the full JAVA CARD language based on taclets.
Algorithms: A quest for absolute definitions
 Bulletin of the European Association for Theoretical Computer Science
, 2003
"... y Abstract What is an algorithm? The interest in this foundational problem is not only theoretical; applications include specification, validation and verification of software and hardware systems. We describe the quest to understand and define the notion of algorithm. We start with the ChurchTurin ..."
Abstract

Cited by 21 (9 self)
 Add to MetaCart
(Show Context)
y Abstract What is an algorithm? The interest in this foundational problem is not only theoretical; applications include specification, validation and verification of software and hardware systems. We describe the quest to understand and define the notion of algorithm. We start with the ChurchTuring thesis and contrast Church's and Turing's approaches, and we finish with some recent investigations.
On the Boolean Algebra of Shape Analysis Constraints
, 2003
"... Shape analysis is a promising technique for statically verifying and extracting properties of programs that manipulate complex data structures. We introduce a new characterization of constraints that arise in parametric shape analysis based on manipulation of threevalued structures as dataflow fact ..."
Abstract

Cited by 18 (10 self)
 Add to MetaCart
(Show Context)
Shape analysis is a promising technique for statically verifying and extracting properties of programs that manipulate complex data structures. We introduce a new characterization of constraints that arise in parametric shape analysis based on manipulation of threevalued structures as dataflow facts. We identify an interesting syntactic class of firstorder logic formulas that captures the meaning of threevalued structures under concretization. This class is broader than previously introduced classes, allowing for a greater flexibility in the formulation of shape analysis constraints in program annotations and internal analysis representations. Threevalued structures can be viewed as one possible normal form of the formulas in our class. Moreover, we characterize the meaning of threevalued
On Role Logic
, 2003
"... We present role logic, a notation for describing properties of relational structures in shape analysis, databases, and knowledge bases. We construct role logic using the ideas of de Bruijn's notation for lambda calculus, an encoding of firstorder logic in lambda calculus, and a simple rule for ..."
Abstract

Cited by 13 (7 self)
 Add to MetaCart
(Show Context)
We present role logic, a notation for describing properties of relational structures in shape analysis, databases, and knowledge bases. We construct role logic using the ideas of de Bruijn's notation for lambda calculus, an encoding of firstorder logic in lambda calculus, and a simple rule for implicit arguments of unary and binary predicates.
The Timed Abstract State Machine Language: An Executable Specification Language for Reactive RealTime Systems
 IN: PROCEEDINGS OF THE 15TH INTERNATIONAL CONFERENCE ON REALTIME AND NETWORK SYSTEMS (RTNS ’07
, 2007
"... In this paper, we present the Timed Abstract State Machine (TASM) language, which is a language for the specification of embedded realtime systems. The TASM language is an extension of Abstract State Machines (ASM), that includes facilities for specifying nonfunctional behavior namely time and r ..."
Abstract

Cited by 10 (1 self)
 Add to MetaCart
(Show Context)
In this paper, we present the Timed Abstract State Machine (TASM) language, which is a language for the specification of embedded realtime systems. The TASM language is an extension of Abstract State Machines (ASM), that includes facilities for specifying nonfunctional behavior namely time and resource consumption. In the engineering of realtime systems, the correctness of the system is defined in terms of three aspects function, time, and resource consumption. The goal of the TASM language and its associated toolset is to provide a basis for specificationbased realtime system engineering where these three key aspects can be specified and analyzed. We begin the presentation of the language with a historical survey on the use of ASM in specifying realtime systems. The core difference between the TASM language and ASM is that steps are durative instead of being instantaneous. This paradigm captures the realistic behavior of realtime systems where actions are never instantaneous. The concurrency semantics of TASM is synchronous with respect to durative steps. We present the syntax and semantics of the language and illustrate the concepts using the production cell case study.
The hidden computation steps of turbo Abstract State Machines
 Abstract State Machines — Advances in Theory and Applications, 10th International Workshop, ASM 2003
, 2003
"... Abstract. Turbo Abstract State Machines are ASMs with parallel and sequential composition and possibly recursive submachine calls. Turbo ASMs are viewed as blackboxes that can combine arbitrary many steps of one or more submachines into one big step. The intermediate steps of a turbo ASM are not ob ..."
Abstract

Cited by 10 (2 self)
 Add to MetaCart
Abstract. Turbo Abstract State Machines are ASMs with parallel and sequential composition and possibly recursive submachine calls. Turbo ASMs are viewed as blackboxes that can combine arbitrary many steps of one or more submachines into one big step. The intermediate steps of a turbo ASM are not observable from outside. It is not even clear what exactly the intermediate steps are, because the semantics of turbo ASMs is usually defined inductively along the call graph of the ASM and the structure of the rule bodies. The most important application of turbo ASMs are recursive algorithms. Such algorithms can directly be simulated on turbo ASMs without transforming them into multiagent (distributed) ASMs. In this article we analyze the hidden intermediate steps of turbo ASMs and characterize them using PAR/SEQ trees. We also address the problem of the reserve in the presence of recursion and sequential composition. 1
An Overview of the Leon Verification System Verification by Translation to Recursive Functions
"... We present the Leon verification system for a subset of the Scala programming language. Along with several functional features of Scala, Leon supports imperative constructs such as mutations and loops, using a translation into recursive functional form. Both properties and programs in Leon are expre ..."
Abstract

Cited by 9 (8 self)
 Add to MetaCart
(Show Context)
We present the Leon verification system for a subset of the Scala programming language. Along with several functional features of Scala, Leon supports imperative constructs such as mutations and loops, using a translation into recursive functional form. Both properties and programs in Leon are expressed in terms of userdefined functions. We discuss several techniques that led to an efficient semidecision procedure for firstorder constraints with recursive functions, which is the core solving engine of Leon. We describe a generational unrolling strategy for recursive templates that yields smaller satisfiable formulas and ensures completeness for counterexamples. We illustrate the current capabilities of Leon on a set of examples, such as data structure implementations; we show that Leon successfully finds bugs or proves completeness of pattern matching as well as validity of function postconditions.