Declarative theorem proving for operational semantics

This dissertation is concerned with techniques for formally checking properties of systems that are described by operational semantics. We describe innovations and tools for tackling this problem, and a large case study in the application of these tools. The innovations centre on the notion of \declarative theorem proving", and in particular techniques for declarative proof description. We de ne what we mean by this, assess its costs and bene ts, and describe the impact of this approach with respect to four fundamental areas of theorem prover design: speci cation, proof description, automated reasoning and interaction. We have implemented our techniques as the Declare system, which we use to demonstrate how the ideas translate into practice. The case study is a formally checked proof of the type soundness of a subset of the Java language, and is an interesting result in its own right. We argue why declarative techniques substantially improved the quality of the results achieved, particularly with respect to maintainability and readability. Declaration This dissertation is the result of my own work and includes nothing which is the outcome of work done in collaboration. xi

[1]  Cliff B. Jones,et al.  Specifications are not (necessarily) executable , 1989 .

[2]  Richard J. Boulton,et al.  Combining Decision Procedures in the HOL System , 1995, TPHOLs.

[3]  John Harrison,et al.  Inductive Definitions: Automation and Application , 1995, TPHOLs.

[4]  Richard J. Lipton,et al.  Social processes and proofs of theorems and programs , 1977, POPL.

[5]  Sarfraz Khurshid,et al.  Is the Java Type System Sound? , 1999, Theory Pract. Object Syst..

[6]  Richard J. Boulton Boyer-Moore Automation for the HOL System , 1992, TPHOLs.

[7]  Martín Abadi,et al.  A type system for Java bytecode subroutines , 1999, TOPL.

[8]  Carl A. Gunter,et al.  The machine-assisted proof of programming language properties , 1996 .

[9]  Edward Y. Chang,et al.  STeP: The Stanford Temporal Prover , 1995, TAPSOFT.

[10]  Nimal Nissanke An Overview of VDM , 1999 .

[11]  T. Melham A mechanized theory of the π-calculus in HOL , 1992 .

[12]  Dan S. Wallach,et al.  Java security: from HotJava to Netscape and beyond , 1996, Proceedings 1996 IEEE Symposium on Security and Privacy.

[13]  Lawrence C. Paulson,et al.  Proving properties of security protocols by induction , 1997, Proceedings 10th Computer Security Foundations Workshop.

[14]  S. Eisenbach,et al.  Java I S T Ype Safe | Probably , 1996 .

[15]  J. S. Moore,et al.  ACL2: an industrial strength version of Nqthm , 1996, Proceedings of 11th Annual Conference on Computer Assurance. COMPASS '96.

[16]  Savi Maharaj,et al.  Studying the ML Module System in HOL , 1995, Comput. J..

[17]  James H. Andrews Executing Formal Specifications by Translation to Higher Order Logic Programming , 1997, TPHOLs.

[18]  Greg Nelson,et al.  Fast Decision Procedures Based on Congruence Closure , 1980, JACM.

[19]  Zoltan Somogyi,et al.  The Execution Algorithm of Mercury, an Efficient Purely Declarative Logic Programming Language , 1996, J. Log. Program..

[20]  Tobias Nipkow,et al.  Formal Verification of Algorithm W: The Monomorphic Case , 1996, TPHOLs.

[21]  David von Oheimb Javàight Is Type-safe | Deenitely , 1998 .

[22]  Robert E. Shostak,et al.  Deciding Combinations of Theories , 1982, JACM.

[23]  James F. Harrison First Order Logic in Practice , 1997 .

[24]  Konrad Slind,et al.  Treating Partiality in a Logic of Total Functions , 1997, Comput. J..

[25]  Albert L. Baker,et al.  Executing Formal Speci cations with Constraint Programming , 1998 .

[26]  Don Syme,et al.  Reasoning with the Formal Definition of Standard ML in HOL , 1993, HUG.

[27]  Don Syme DECLARE: A Prototype Declarative Proof System for Higher Order Logic , 1997 .

[28]  Lawrence C. Paulson,et al.  Isabelle: The Next 700 Theorem Provers , 2000, ArXiv.

[29]  Thomas F. Melham The HOL logic extended with quantification over type variables , 1993, Formal Methods Syst. Des..

[30]  Greg Nelson,et al.  Simplification by Cooperating Decision Procedures , 1979, TOPL.

[31]  Tom Melham,et al.  Reasoning with Inductively Defined Relations in the HOL Theorem Prover , 1992 .

[32]  Don Syme,et al.  A New Interface for HOL - Ideas, Issues and Implementation , 1995, TPHOLs.

[33]  Ole Rasmussen,et al.  The Church-Rosser Theorem in Isabelle: A Proof Porting Experiment , 1995 .

[34]  Donald W. Loveland,et al.  Mechanical Theorem-Proving by Model Elimination , 1968, JACM.

[35]  John Harrison,et al.  Proof Style , 1996, TYPES.

[36]  Nils Klarlund,et al.  Mona: Monadic Second-Order Logic in Practice , 1995, TACAS.

[37]  John Harrison,et al.  HOL Light: A Tutorial Introduction , 1996, FMCAD.

[38]  Monica Nesi,et al.  Formalizing a Modal Logic for CSS in the HOL Theorem Prover , 1992, TPHOLs.

[39]  Matthias Felleisen,et al.  A Syntactic Approach to Type Soundness , 1994, Inf. Comput..

[40]  Don Syme,et al.  Proving Java Type Soundness , 1999, Formal Syntax and Semantics of Java.

[41]  Elsa L. Gunter A Broader Class of Trees for Recursive Type Definitions for HOL , 1993, HUG.

[42]  Tobias Nipkow,et al.  Equational Reasoning in Isabelle , 1989, Sci. Comput. Program..

[43]  Richard J. Boulton,et al.  A Tool to Support Formal Reasoning about Computer Languages , 1997, TACAS.

[44]  Piotr Rudnicki,et al.  An Overview of the MIZAR Project , 1992 .

[45]  John Harrison,et al.  A Mizar Mode for HOL , 1996, TPHOLs.

[46]  Muffy Calder,et al.  Interactive Theorem Proving: An Empirical Study of User Activity , 1998, J. Symb. Comput..

[47]  Christine Paulin-Mohring,et al.  Inductive Definitions in the system Coq - Rules and Properties , 1993, TLCA.

[48]  Jacob Frost,et al.  A case study of co-induction in Isabelle HOL , 1993 .

[49]  Tobias Nipkow,et al.  More Church-Rosser Proofs (in Isabelle/HOL) , 1996, CADE.

[50]  Robin Milner,et al.  A Calculus of Communicating Systems , 1980, Lecture Notes in Computer Science.

[51]  T. Melham Automating recursive type definitions in higher order logic , 1989 .

[52]  Michel Mauny,et al.  Functional programming using CAML , 1991 .