An overview of LP, the Larch Prover

Garland, Stephen J.; Guttag, John V.

doi:10.1007/3-540-51081-8_105

Cited by 88 publications

(26 citation statements)

References 10 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The interesting question here is how to accommodate multivalued state mappings and nondeterministic algorithms. Another potential line of research would be to integrate a simulation system like Spectrum with a theorem prover like LP [21,221 or Isabelle [52] by providing mechanical translation between the Spectrum language and the specification language of the theorem prover. In this way, one could write algorithms as I/O automata, debug them with the help of Spectators or other tools based on proof techniques, and then use a theorem prover to generate the correctness proof.…”

Section: Resultsmentioning

confidence: 99%

“…A simulation system may be used to assist in program verification by checking properties of particular executions. However, it does not prove properties about all possible executions (as do theorem provers such as LP [21,22] or Isabelle [52]), and it does not perform exhaustive search to check properties of all possible states (as does the Statemate system [26], which we will discuss later).…”

mentioning

confidence: 99%

See 1 more Smart Citation

Distributed Algorithm Simulation Using Input/Output Automata

Goldman¹

1990

View full text Add to dashboard Cite

Section: Resultsmentioning

confidence: 99%

mentioning

confidence: 99%

Distributed Algorithm Simulation Using Input/Output Automata

Goldman¹

1990

View full text Add to dashboard Cite

“…This is equivalent to defining a sublanguage of set theory to be translated into the language of the tool. The approach was used in TLP [Engberg et al 1992], which translated from an untyped, ZF-based first-order language into LP [Garland and Guttag 1989], a typed logic that (at the time) lacked quantifiers. We believe this technique can be applied more generally and merits further research.…”

Section: Discussionmentioning

confidence: 99%

Should your specification language be typed

Lamport¹,

Paulson

1999

ACM Trans. Program. Lang. Syst.

View full text Add to dashboard Cite

Most specification languages have a type system. Type systems are hard to get right, and getting them wrong can lead to inconsistencies. Set theory can serve as the basis for a specification language without types. This possibility, which has been widely overlooked, offers many advantages. Untyped set theory is simple and is more flexible than any simple typed formalism. Polymorphism, overloading, and subtyping can make a type system more powerful, but at the cost of increased complexity, and such refinements can never attain the flexibility of having no types at all. Typed formalisms have advantages too, stemming from the power of mechanical type checking. While types serve little purpose in hand proofs, they do help with mechanized proofs. In the absence of verification, type checking can catch errors in specifications. It may be possible to have the best of both worlds by adding typing annotations to an untyped specification language.We consider only specification languages, not programming languages.

show abstract

“…The differences between SGAs and Hoare's parallel commands [Hoar78] are that SGAs do not have a disjoint set of variables and they communicate over shared variables (broadcast) instead of synchronous message passing. Using the Larch Prover, a rewriting-based theorem prover for the Larch language [GaGu89], they were able to verify some non-trivial hardware designs in a series of papers [StGG90,StGG92,StMe95,MeSt95,Stau97]. In contrast to our SGAs, Staunstrup and Greenstreets' synchronized transitions are asynchronous in the sense that only a subset of the enabled actions is selected for execution.…”

Section: Related Workmentioning

confidence: 99%

Interactive verification of synchronous systems

Gesell

Schneider

2012

Tenth ACM/IEEE International Conference on Formal Methods and Models for Codesign (MEMCODE2012)

View full text Add to dashboard Cite

Embedded systems, ranging from very simple systems up to complex controllers, may nowadays have quite challenging real-time requirements. Many embedded systems are reactive systems that have to respond to environmental events and have to guarantee certain real-time constrain. Their execution is usually divided into reaction steps, where in each step, the system reads inputs from the environment and reacts to these by computing corresponding outputs.The synchronous Model of Computation (MoC) has proven to be well-suited for the development of reactive real-time embedded systems whose paradigm directly reflects the reactive nature of the systems it describes. Another advantage is the availability of formal verification by model checking as a result of the deterministic execution based on a formal semantics. Nevertheless, the increasing complexity of embedded systems requires to compensate the natural disadvantages of model checking that suffers from the well-known state-space explosion problem. It is therefore natural to try to integrate other verification methods with the already established techniques. Hence, improvements to encounter these problems are required, e.g., appropriate decomposition techniques, which encounter the disadvantages of the model checking approach naturally. But defining decomposition techniques for synchronous language is a difficult task, as a result of the inherent parallelism emerging from the synchronous broadcast communication.Inspired by the progress in the field of desynchronization of synchronous systems by representing them in other MoCs, this work will investigate the possibility of adapting and use methods and tools designed for other MoC for the verification of systems represented in the synchronous MoC. Therefore, this work introduces the interactive verification of synchronous systems based on the basic foundation of formal verification for sequential programs -the Hoare calculus. Due to the different models of computation several problems have to be solved. In particular due to the large amount of concurrency, several parts of the program are active at the same point of time. In contrast to sequential programs, a decomposition in the Hoare-logic style that is in some sense a symbolic execution from one control flow location to another one requires the consideration of several flows here. Therefore, different approaches for the interactive verification of synchronous systems are presented.Additionally, the representation of synchronous systems by other MoCs and the influence of the representation on the verification task by differently embedding synchronous system in a single verification tool are elaborated.The feasibility is shown by integration of the presented approach with the established model checking methods by implementing the AIFProver on top of the Averest system.

show abstract

An overview of LP, the Larch Prover

Cited by 88 publications

References 10 publications

Distributed Algorithm Simulation Using Input/Output Automata

Distributed Algorithm Simulation Using Input/Output Automata

Should your specification language be typed

Interactive verification of synchronous systems

Contact Info

Product

Resources

About