The present Isabelle theory builds a formal model for both the International System of Quantities... more The present Isabelle theory builds a formal model for both the International System of Quantities (ISQ) and the International System of Units (SI), which are both fundamental for physics and engineering [2]. Both the ISQ and the SI are deeply integrated into Isabelle’s type system. Quantities are parameterised by dimension types, which correspond to base vectors, and thus only quantities of the same dimension can be equated. Since the underlying “algebra of quantities” from [2] induces congruences on quantity and SI types, specific tactic support is developed to capture these. Our construction is validated by a test-set of known equivalences between both quantities and SI units. Moreover, the presented theory can be used for type-safe conversions between the SI system and others, like the British Imperial System (BIS).
Clean is based on a simple, abstract execution model for an imperative target language. “Abstract... more Clean is based on a simple, abstract execution model for an imperative target language. “Abstract” is understood as contrast to “Concrete Semantics”; alternatively, the term “shallow-style embedding” could be used. It strives for a type-safe notation of programvariables, an incremental construction of the typed state-space, support of incremental verification, and open-world extensibility of new type definitions being intertwined with the program definitions. Clean is based on a “no-frills” state-exception monad with the usual definitions of bind and unit for the compositional glue of state-based computations. Clean offers conditionals and loops supporting C-like control-flow operators such as break and return. The state-space construction is based on the extensible record package. Direct recursion of procedures is supported. Clean’s design strives for extreme simplicity. It is geared towards symbolic execution and proven correct verification tools. The underlying libraries of this ...
In this paper, we study the semantics of a specification language for the coordination of concurr... more In this paper, we study the semantics of a specification language for the coordination of concurrent systems, which supports time at different levels: various time domains, polychrony, and mixed metric/logical time constraints. The language itself is defined by a denotational semantics. In order to be able to construct the possible timelines for verification purposes, we also define a symbolic operational semantics, which is the reference for an efficient implementation of a tool for runtime-testing of heterogeneous systems. This study presents a novel way to link these two semantics by taking advantage of a coinductive unfolding principle of these timelines. Furthermore, these semantics and their equivalence have been formalized in the Isabelle/HOL proof assistant, together with proofs for soundness, completeness and progress.
2016 IEEE International Conference on Software Quality, Reliability and Security (QRS), 2016
Path-biased random testing is an interesting alternative to classical path-based approaches faced... more Path-biased random testing is an interesting alternative to classical path-based approaches faced to the explosion of the number of paths, and to the weak structural coverage of random methods based on the input domain only. Given a graph representation of the system under test a probability distribution on paths of a certain length is computed and then used for drawing paths. A limitation of this approach, similarly to other methods based on symbolic execution and static analysis, is the existence of infeasible paths that often leads to a lot of unexploitable drawings. We present a prototype for pruning some infeasible paths, thus eliminating useless drawings. It is based on graph transformations that have been proved to preserve the actual behaviour of the program. It is driven by symbolic execution and heuristics that use detection of subsumptions and the abstract-check-refine paradigm. The approach is illustrated on some detailed examples.
We report on the results of a long-term project to formalize the semantics of OCL 2.0 in Higher-o... more We report on the results of a long-term project to formalize the semantics of OCL 2.0 in Higher-order Logic (HOL). The ultimate goal of the project is to provide a formalized, machine-checked semantic basis for a theorem proving environment for OCL (as an example for an object-oriented specification formalism) which is as faithful as possible to the original informal semantics. We report on various (minor) inconsistencies of the OCL semantics, discuss the more recent attempt to align the OCL semantics with UML 2.0 and suggest several extensions which make, in our view, OCL semantics more fit for future extensions towards program verifications and specification refinement.
The Circus specification language combines elements for complex data and behavior specifications,... more The Circus specification language combines elements for complex data and behavior specifications, using an integration of Z and CSP with a refinement calculus. Its semantics is based on Hoare and He’s unifying theories of programming (UTP). Isabelle/Circus is a formalization of the UTP and the Circus language in Isabelle/HOL. It contains proof rules and tactic support that allows for proofs of refinement for Circus processes (involving both data and behavioral aspects). This environment supports a syntax for the semantic definitions which is close to textbook presentations of Circus. These theories are presented with details in [9]. This document is a technical appendix of this report.
Isabelle/UTP is a mechanised theory engineering toolkit based on Hoare and He’s Unifying Theories... more Isabelle/UTP is a mechanised theory engineering toolkit based on Hoare and He’s Unifying Theories of Programming (UTP). UTP enables the creation of denotational, algebraic, and operational semantics for different programming languages using an alphabetised relational calculus. We provide a semantic embedding of the alphabetised relational calculus in Isabelle/HOL, including new type definitions, relational constructors, automated proof tactics, and accompanying algebraic laws. Isabelle/UTP can be used to both capture laws of programming for different languages, and put these fundamental theorems to work in the creation of associated verification tools, using calculi like Hoare logics. This document describes the relational core of the UTP in Isabelle/HOL.
This paper presents the concepts and the semantics of a transformation-calculus TC that is generi... more This paper presents the concepts and the semantics of a transformation-calculus TC that is generic wrt. concrete object languages. Built upon an object language description given by theory in higher-order logics (see [Andr 86]), TC provides context-sensitive rules in which requirements on the context of a redex can be imposed, and integrates a restricted form of extended rewriting. Furthermore, rules may be higher-order in order to represent tactical combinators and to model "parametric transformations". This work can be seen as a specification of transformation systems and a foundation for correctness-proofs of transformations.
Introduction We present a new approach to the implementation of graphical user interfaces (GUIs) ... more Introduction We present a new approach to the implementation of graphical user interfaces (GUIs) for formal program development systems like transformation systems or interactive theorem provers. Its distinguishing feature is a generic, open system design which allows the development of a family of tools for different formal methods on a sound logical basis with a uniform appearance. The context of this work is the UniForM project [KPO + 95], the aim of which is to develop a framework integrating different formal methods in a logically consistent way. Consistency is achieved by encoding formal methods such as CSP and Z in the theorem prover Isabelle [Pau94], which is used to perform the program development as well as to prove the correctness of the transformation rules. One of the main UniForM objectives is to enable non-expert users to actually perform at least part of the development themselves. Hence there is a crucial need
The present Isabelle theory builds a formal model for both the International System of Quantities... more The present Isabelle theory builds a formal model for both the International System of Quantities (ISQ) and the International System of Units (SI), which are both fundamental for physics and engineering [2]. Both the ISQ and the SI are deeply integrated into Isabelle’s type system. Quantities are parameterised by dimension types, which correspond to base vectors, and thus only quantities of the same dimension can be equated. Since the underlying “algebra of quantities” from [2] induces congruences on quantity and SI types, specific tactic support is developed to capture these. Our construction is validated by a test-set of known equivalences between both quantities and SI units. Moreover, the presented theory can be used for type-safe conversions between the SI system and others, like the British Imperial System (BIS).
Clean is based on a simple, abstract execution model for an imperative target language. “Abstract... more Clean is based on a simple, abstract execution model for an imperative target language. “Abstract” is understood as contrast to “Concrete Semantics”; alternatively, the term “shallow-style embedding” could be used. It strives for a type-safe notation of programvariables, an incremental construction of the typed state-space, support of incremental verification, and open-world extensibility of new type definitions being intertwined with the program definitions. Clean is based on a “no-frills” state-exception monad with the usual definitions of bind and unit for the compositional glue of state-based computations. Clean offers conditionals and loops supporting C-like control-flow operators such as break and return. The state-space construction is based on the extensible record package. Direct recursion of procedures is supported. Clean’s design strives for extreme simplicity. It is geared towards symbolic execution and proven correct verification tools. The underlying libraries of this ...
In this paper, we study the semantics of a specification language for the coordination of concurr... more In this paper, we study the semantics of a specification language for the coordination of concurrent systems, which supports time at different levels: various time domains, polychrony, and mixed metric/logical time constraints. The language itself is defined by a denotational semantics. In order to be able to construct the possible timelines for verification purposes, we also define a symbolic operational semantics, which is the reference for an efficient implementation of a tool for runtime-testing of heterogeneous systems. This study presents a novel way to link these two semantics by taking advantage of a coinductive unfolding principle of these timelines. Furthermore, these semantics and their equivalence have been formalized in the Isabelle/HOL proof assistant, together with proofs for soundness, completeness and progress.
2016 IEEE International Conference on Software Quality, Reliability and Security (QRS), 2016
Path-biased random testing is an interesting alternative to classical path-based approaches faced... more Path-biased random testing is an interesting alternative to classical path-based approaches faced to the explosion of the number of paths, and to the weak structural coverage of random methods based on the input domain only. Given a graph representation of the system under test a probability distribution on paths of a certain length is computed and then used for drawing paths. A limitation of this approach, similarly to other methods based on symbolic execution and static analysis, is the existence of infeasible paths that often leads to a lot of unexploitable drawings. We present a prototype for pruning some infeasible paths, thus eliminating useless drawings. It is based on graph transformations that have been proved to preserve the actual behaviour of the program. It is driven by symbolic execution and heuristics that use detection of subsumptions and the abstract-check-refine paradigm. The approach is illustrated on some detailed examples.
We report on the results of a long-term project to formalize the semantics of OCL 2.0 in Higher-o... more We report on the results of a long-term project to formalize the semantics of OCL 2.0 in Higher-order Logic (HOL). The ultimate goal of the project is to provide a formalized, machine-checked semantic basis for a theorem proving environment for OCL (as an example for an object-oriented specification formalism) which is as faithful as possible to the original informal semantics. We report on various (minor) inconsistencies of the OCL semantics, discuss the more recent attempt to align the OCL semantics with UML 2.0 and suggest several extensions which make, in our view, OCL semantics more fit for future extensions towards program verifications and specification refinement.
The Circus specification language combines elements for complex data and behavior specifications,... more The Circus specification language combines elements for complex data and behavior specifications, using an integration of Z and CSP with a refinement calculus. Its semantics is based on Hoare and He’s unifying theories of programming (UTP). Isabelle/Circus is a formalization of the UTP and the Circus language in Isabelle/HOL. It contains proof rules and tactic support that allows for proofs of refinement for Circus processes (involving both data and behavioral aspects). This environment supports a syntax for the semantic definitions which is close to textbook presentations of Circus. These theories are presented with details in [9]. This document is a technical appendix of this report.
Isabelle/UTP is a mechanised theory engineering toolkit based on Hoare and He’s Unifying Theories... more Isabelle/UTP is a mechanised theory engineering toolkit based on Hoare and He’s Unifying Theories of Programming (UTP). UTP enables the creation of denotational, algebraic, and operational semantics for different programming languages using an alphabetised relational calculus. We provide a semantic embedding of the alphabetised relational calculus in Isabelle/HOL, including new type definitions, relational constructors, automated proof tactics, and accompanying algebraic laws. Isabelle/UTP can be used to both capture laws of programming for different languages, and put these fundamental theorems to work in the creation of associated verification tools, using calculi like Hoare logics. This document describes the relational core of the UTP in Isabelle/HOL.
This paper presents the concepts and the semantics of a transformation-calculus TC that is generi... more This paper presents the concepts and the semantics of a transformation-calculus TC that is generic wrt. concrete object languages. Built upon an object language description given by theory in higher-order logics (see [Andr 86]), TC provides context-sensitive rules in which requirements on the context of a redex can be imposed, and integrates a restricted form of extended rewriting. Furthermore, rules may be higher-order in order to represent tactical combinators and to model "parametric transformations". This work can be seen as a specification of transformation systems and a foundation for correctness-proofs of transformations.
Introduction We present a new approach to the implementation of graphical user interfaces (GUIs) ... more Introduction We present a new approach to the implementation of graphical user interfaces (GUIs) for formal program development systems like transformation systems or interactive theorem provers. Its distinguishing feature is a generic, open system design which allows the development of a family of tools for different formal methods on a sound logical basis with a uniform appearance. The context of this work is the UniForM project [KPO + 95], the aim of which is to develop a framework integrating different formal methods in a logically consistent way. Consistency is achieved by encoding formal methods such as CSP and Z in the theorem prover Isabelle [Pau94], which is used to perform the program development as well as to prove the correctness of the transformation rules. One of the main UniForM objectives is to enable non-expert users to actually perform at least part of the development themselves. Hence there is a crucial need
Uploads
Papers by Burkhart Wolff