Structured Specifications and Interactive Proofs with KIV

Reif, Wolfgang; Schellhorn, Gerhard; Stenzel, Kurt H.; Balser, Michael

doi:10.1007/978-94-017-0435-9_1

Cited by 76 publications

(43 citation statements)

References 7 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…In this section we now give an alternative version of the Mondex refinement problem using abstract state machines (ASMs, [Gur95], [BS03]) and algebraic specifications as used in KIV [RSSB98].…”

Section: Two Simple Asms For the Mondex Case Studymentioning

confidence: 99%

“…Rather the standard heuristics and automation features of KIV (simplifier rules and problem specific patterns to guide the proof search) as described in [RSSB98] were sufficient for the proof. Nevertheless, in some situations where it was not clear why our proof got stuck it was helpful to cross-check details in the original proofs.…”

Section: Binv(cs) ⊢ |Bop#(; Cs)| Binv(cs)mentioning

confidence: 99%

See 1 more Smart Citation

The Mondex Challenge: Machine Checked Proofs for an Electronic Purse

Schellhorn

Grandy

Haneberg

et al. 2006

FM 2006: Formal Methods

View full text Add to dashboard Cite

Abstract. The Mondex case study about the specification and refinement of an electronic purse as defined in [SCJ00] has recently been proposed as a challenge for formal system-supported verification. This paper reports on the successful verification of the major part of the case study using the KIV specification and verification system. We demonstrate that even though the hand-made proofs were elaborated to an enormous level of detail we still could find small errors in the underlying data refinement theory as well as the formal proofs of the case study. We also provide an alternative formalisation of the communication protocol using abstract state machines. Finally the Mondex case study verifies functional correctness assuming a suitable security protocol. Therefore we propose to extend the case study to include the verification of a suitable security protocol.

show abstract

Section: Two Simple Asms For the Mondex Case Studymentioning

confidence: 99%

Section: Binv(cs) ⊢ |Bop#(; Cs)| Binv(cs)mentioning

confidence: 99%

The Mondex Challenge: Machine Checked Proofs for an Electronic Purse

Schellhorn

Grandy

Haneberg

et al. 2006

FM 2006: Formal Methods

View full text Add to dashboard Cite

show abstract

“…In [SGH + 07] we have the second mechanized verification of Mondex using the KIV theorem prover [RSSB98]. While the first [SGHR06b] used the original backward simulation and data refinement, the second uses abstract state machines (ASMs, [Gur95], [BS03]) together with ASM refinement and generalized forward simulations [Sch01].…”

Section: The Refinement Of Schellhorn Et Al [Sgh + 07]mentioning

confidence: 99%

“…KIV [RSSB98] is an interactive theorem prover for many-sorted higher-order logic. There are several extensions to this logic (Dynamic Logic, Temporal Logic and a logic for Java programs), but they are not used here.…”

Section: Mechanical Verificationmentioning

confidence: 99%

Atomic actions, and their refinements to isolated protocols

Banach

Schellhorn

2010

Form. Asp. Comput.

View full text Add to dashboard Cite

Abstract. Inspired by the properties of the refinement development of the Mondex Electronic Purse, we view an isolated atomic action as a family of transitions with a common before-state, and different after-states corresponding to different possible outcomes when the action is attempted. We view a protocol for an atomic action as a computation DAG, each path of which achieves in several steps one of the outcomes of the atomic action. We show that in this picture, the protocol can be viewed as a relational refinement of the atomic action in a number of ways. Firstly, it yields a 'big diagram' simulationà la ASM. Secondly, it yields a 'small diagram' simulation, in which the atomic action is synchronised with an individual step along each path through the protocol, and all the other steps of the path simulate skip. We show that provided each path through the protocol contains one step synchronised with the atomic action, the choice of synchronisation point can be made freely. We describe the relationship between such synchronisations and forward and backward simulations. We relate this theory to serialisations of system runs containing multiple interleaved transactions, showing how the clean picture of the refinement of an isolated atomic action to an isolated protocol becomes obscured by the details of the interleaving. In effect, the fact that protocols are typically executed by a number of co-operating agents, not all of which embark on executing the protocol at the same moment, results in 'ragged starts' and 'ragged ends' to protocol instantiations, leading to potential overlaps between unrelated protocol instances that the theory must handle. We show how existing Mondex refinements embody the ideas developed, and describe a mechanical verification of the results presented.

show abstract

“…Using this example this paper presents an approach that combines refinement and compositional assumption-guarantee reasoning to prove linearizability. The temporal logic we use [9] has explicit imperative interleaved programs and is a variant of ITL [10].It is integrated into the interactive theorem prover KIV [11].…”

Section: Introductionmentioning

confidence: 99%

Proving linearizability with temporal logic

et al. 2011

View full text Add to dashboard Cite

Linearizability is a global correctness criterion for concurrent systems. One technique to prove linearizability is applying a composition theorem which reduces the proof of a property of the overall system to sufficient rely-guarantee conditions for single processes. In this paper, we describe how the temporal logic framework implemented in the KIV interactive theorem prover can be used to model concurrent systems and to prove such a composition theorem. Finally, we show how this generic theorem can be instantiated to prove linearizability of two classic lock-free implementations: a Treiber-like stack and a slightly improved version of Michael and Scott’s queue.

show abstract

Structured Specifications and Interactive Proofs with KIV

Cited by 76 publications

References 7 publications

The Mondex Challenge: Machine Checked Proofs for an Electronic Purse

The Mondex Challenge: Machine Checked Proofs for an Electronic Purse

Atomic actions, and their refinements to isolated protocols

Proving linearizability with temporal logic

Contact Info

Product

Resources

About