No full-text available
To read the full-text of this research,
you can request a copy directly from the authors.
Ergo User Manual
Abstract
this document to describe Qu-Prolog in detail. However, since Ergo is implemented in Qu-Prolog, some comments about Qu-Prolog are required in order to use its syntax during interaction with the system. Furthermore, many users of Ergo will need to have sufficient knowledge of Qu-Prolog to be able to write simple tactics and heuristics. See [Robinson and Cheng, 1993] and [Staples, Robinson and Paterson, 1989] for a fuller discussion of Qu-Prolog. It is assumed the reader has some familiarity with standard Prolog. A suitable introductory Prolog text is [Bratko, 1986].
... This style of proof forms the basis of the provers Affirm [18] and Eves [28], and is a major proof style in Isabelle [39]. Term rewriting is also a foundation of the window inference proof technique used in the Ergo theorem prover [43]. ...
... PRT is built as an extension of the Ergo theorem prover [43], which uses the window inference proof paradigm. Ergo has other characteristics that suit its use in a refinement tool: it is designed to be extensible, and it supports automated proof through a comprehensive tactic language [48]. ...
... Our axiomatisation gives the infrastructure for such an implementation. The actual implementation has been carried out using the Ergo theorem prover [14,1]. Cerone ...
... In this work we use Ergo 4 [14,1]. The architecture of Ergo 4 consists of the proof engine, which is the core of Ergo, the theory database, which is Ergo's repository of information containing object logics, and the tactics that implement the command-line interface and a higher level Ergo-Emacs interface [9]. ...
s and compressed postscript files are available via http://svrc.it.uq.edu.au Axiomatisation of an Interval Calculus for Theorem Proving Antonio Cerone Abstract We provide an axiomatisation of the Timed Interval Calculus, a set-theoretic notation for expressing properties of time intervals. We implement the axiomatisation in the Ergo theorem prover in order to automatically prove laws for reasoning about predicates expressed using interval operators. These laws can be then used in the automatic verification of real-time applications. 1 Introduction In recent years formalisms based on time intervals have been increasingly used for specifying real time systems. However, the complexity of proofs by hand makes their use in verification hard. There is thus the need to express such calculi in an environment that provides a reasonable automatisation for theorem proving. The only work in this direction we are aware of is an early attempt at implementing the Duration Calculus in the ...
... This style of proof forms the basis of the provers Affirm [18] and Eves [28], and is a major proof style in Isabelle [39]. Term rewriting is also a foundation of the window inference proof technique used in the Ergo theorem prover [43]. ...
... PRT is built as an extension of the Ergo theorem prover [43], which uses the window inference proof paradigm. Ergo has other characteristics that suit its use in a refinement tool: it is designed to be extensible, and it supports automated proof through a comprehensive tactic language [48]. ...
The refinement calculus for the development of programs from specifications is well suited to mechanised support. We review the requirements for tool support of refinement as gleaned from our experience with a number of existing refinement tools, and report on the design and implementation of a new tool to support refinement based on these requirements. The main features of the new tool are close integration of refinement and proof in a single tool (the same mechanism is used for both), good management of the refinement context, an extensible theory base that allows the tool to be adapted to new application domains, and a flexible user interface. 1 Introduction The refinement calculus of Back [Bac88], Morgan [MV94, Mor94] and Morris [Mor87] neatly formalises the stepwise refinement ideas of Wirth [Wir71] using the weakest precondition formalism of Dijkstra [Dij76]. Using a wide-spectrum language, that incorporates both specification and executable code constructs, and a set ...
... In practice, the efficiency of these tools depends on whether the appropriate hooks are provided by the target proof assistant. For systems which record proof structures explicitly, such as mural [11] and Ergo [18], these tools could be very fast. In other cases an alternative design strategy may be needed (e.g. ...
... In practice, the efficiency of these tools depends on whether the appropriate hooks are provided by the target proof assistant. For systems which record proof structures explicitly, such as mural [11] and Ergo [18], these tools could be very fast. In other cases an alternative design strategy may be needed (e.g. ...
... In practice, the efficiency of these tools depends on whether the appropriate hooks are provided by the target proof assistant. For systems which record proof structures explicitly, such as mural [11] and Ergo [18], these tools could be very fast. In other cases an alternative design strategy may be needed (e.g. ...
This paper presents a method for formally specifying and reasoning about process models for interactive systems. The method addresses two important aspects of user interface design: controlled but flexible access to functionality; and provision of useful task management information, such as indicating what progress has been made towards achieving goals and what remains to be done. The method is well suited to "data intensive" applications in which the system is being used to manage complex "configurations" of interconnected objects, and for which task goals can be expressed in terms of properties of the underlying configuration of objects. The method includes proof obligations to check the accuracy of the task management information. The paper illustrates the method on a Theory Manager, which manages a store of theorems and proofs; the store has complex consistency and completeness requirements. 1 Introduction This paper describes a formal method for modelling and reasonin...
... These new versions will support some of the things (higher-order syntax; typed quanti cations; theory interpretation) that are mentioned as lacking in this report. Ergo RW93,UW94] is the Software Veri cation Research Centre's theorem prover. It is implemented in Qu- Prolog RC93]. ...
Refinement is a mathematically-based technique for developing a program from an abstract specification so that the program satisfies the specification. The aim of the Program Refinement Tool project is to develop a generic refinement tool suitable for supporting a methodology for the interactive development of programs based on the refinement calculus. This report summarizes our investigation into how the Ergo theorem prover can be used to model the refinement calculus and form the basis of this tool. Contents 1 Introduction 3 2 Ergo 4 2.1 Theory Hierarchy : : : : : : : : : : : : : : : : : : : : : : : : : 4 2.2 Constants and Functions : : : : : : : : : : : : : : : : : : : : : 5 2.3 Types : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : 7 2.4 Rewrite rules : : : : : : : : : : : : : : : : : : : : : : : : : : : 7 2.5 Window inference : : : : : : : : : : : : : : : : : : : : : : : : : 7 2.6 Tactics and Heuristics : : : : : : : : : : : : : : : : : : : : : : 9 1 3 Model...
... Independently of the Refinement Calculator tool described in this chapter, a refinement tool called PRT [29,30] has been developed by a group at the University of Queensland. PRT is built on top of the Ergo [102] theorem prover which also supports the window inference style of reasoning. The underlying logic of the PRT tool is a purpose-built modal logic. ...
of the Thesis . ..................... 1 1.2 Motivation . . . ......................... 2 1.3 Outline of the Thesis . . ..................... 4 2 The Refinement Calculus theory 7 2.1 Introduction . . . ......................... 7 2.2 The Refinement Calculus . . . ................. 8 2.3 Underlying Logic ......................... 10 2.4 State Predicates and Predicate Transformers ......... 11 2.5 Language of Program Statements . . . ............. 13 2.6 Data Refinement ......................... 17 2.7 History . ............................. 18 3 Mechanisation of the Refinement Calculus 19 3.1 Introduction . . . ......................... 19 3.2 The HOL Proof Assistant . . . ................. 20 3.3 The HOL Theory of the Refinement Calculus ......... 23 3.4 Using Window Inference ..................... 27 3.5 The Refinement Calculator Tool . . . ............. 30 3.6 Extensions of the Refinement Calculator . . . ......... 33 3.7 Conclusions . . . ......................... 34 ...
The paper describes the CARE toolset for interactive development of verified programs from formal specifications. The software engineer begins by giving a characterization of the application domain in the form of a mathematical theory. CARE tools are then used to progressively design a program by sketching out the program structure and gradually filling in the details. At any stage the correctness of the partial design can be checked by using one of the CARE tools to generate proof obligations. Another tool gives access to pre-proven parameterised design templates which encapsulate useful programming knowledge. When the design is complete, a third CARE tool is used to automatically synthesize a source code program which-if all the proof obligations can be discharged-is guaranteed to meet its formal specification. The knowledge base of CARE can be extended by users in a soundness-preserving manner to include reusable domain theories, library routines, design templates and proof tactics. The CARE toolset includes a fully automatic resolution-based theorem prover which will discharge many of the simpler proof obligations, and a general-purpose interactive theorem prover for the rest.
This paper describes a deep embedding of a refinement calculus for logic programs in Isabelle/HOL. It extends a previous tool
with support for procedures and recursion. The tool supports refinement in context, and a number of window-inference tactics
that ease the burden on the user. In this paper, we also discuss the insights gained into the suitability of different logics
for embedding refinement calculii (applicable to both declarative and imperative paradigms). In particular, we discuss the
richness of the language, choice between typed and untyped logics, automated proof support, support for user-defined tactics,
and representation of program states.
ArcAngel is a specialised tactic language devised to facilitate and automate program developments using Morgan's renement calculus. It is especially well-suited for the specication of high-level strategies to derive programs by construction, and equipped with a formal semantics that enables reasoning about tactics. In this paper, we present an implementation of ArcAngel for the ProofPower theorem prover. We discuss the underlying design, explain how it implements the semantics of ArcAngel, and examine dierences in expressiveness and exibility in comparison to ProofPower's in-built tactic language. ArcAngel supports backtracking through angelic choice; this is beyond the basic capabilities of ProofPower and many other main-stream theorem provers. The implementation is demonstrated with a non-trivial tactic example.
Window inference is a transformational style of reasoning with support for the contextual transformation of sub-terms. Window inference has been successfully used as the basis of various refinement tools. Normal presentations of completed program refinements closely match the presentations of completed window inference proofs. However, in the development of a program refinement, window inference is not as flexible as it should be. Current implementations of window inference allow a user to work on only one sub-problem at a time. While developing a program refinement, a user may wish to work on many sub-problems at the same time---to quickly switch backwards and forwards between working on the sub-problems. This paper describes a design for a window inference system which provides simultaneous access to multiple subproblems. In the core of the design, access is available to any sub-problem, but constraints can be added on top of the core in order to provide a hierarchical inter...
s and compressed postscript files are available via http://svrc.it.uq.edu.au The Ergo 5 Generic Proof Engine Mark Utting Abstract This paper describes the design principles and the architecture of the latest version of the Ergo proof engine, Ergo 5. Ergo 5 is a generic interactive theorem prover, similar to Isabelle, but based on sequent calculus rather than natural deduction and with a quite different approach to handling variable scoping. An efficient implementation of Ergo 5, based on Qu-Prolog, is also described, together with some benchmark results. 1 Motivation The Software Verification Research Centre, a special research centre of the Australian Research Council, is developing a suite of tools for reasoning about Z specifications and verifying refinement of specifications to code. There are several different projects investigating various aspects and approaches. To gain synergy, we want a common proof tool for all the projects, even though they have differing requi...
This report is a companion report to [LK94a], which discusses issues in formal specification and verification techniques on the basis of case studies. It presents formal VDM developments of three of those case studies as entered into the mural proof-tool. Most of the report consists of presentations of proofs discharging the proof obligations associated with the specifications. The report also reflects on the experience gained in "proof engineering" while developing the case studies. Contents 1 Introduction 1 1.1 How to read this report : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : 1 1.2 The case studies : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : 1 1.3 Constructing VDM developments in mural : : : : : : : : : : : : : : : : : : : : : : : : : : 2 1.3.1 The specification tool : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : 2 1.3.2 Translation of the specification : : : : : : : : : : : : : : : : : : : :...
s and compressed postscript files are available via http://svrc.it.uq.edu.au Using CARE to Construct Verified Software Peter Lindsay David Hemer Abstract The CARE project investigated integration of wellunderstood formal development principles into an industrial organisation's software development methodology. The result was a method for construction and verification of programs from formal specifications, using libraries of preproven, formally specified components. Tools help the user build products by selecting and instantiating components to fit the problem at hand, and generating and discharging correctness-of-fit proof obligations. This paper illustrates the method on part of the development of a software module for logging events in a medical embedded device. Keywords formal methods, program development, software verification, refinement 1 1. Introduction 1.1. Motivation Formal specification techniques are currently being used in industry mainly to offer improved unders...
This document describes the commands available in the theorem prover Ergo. It assumes that the reader is familiar, to some extent, with Ergo (refer to the Ergo User Manual [UW94]). As such, it is intended to serve as a reference only. Ergo is a term rewriting theorem prover designed and implemented at the Software Verification Research Centre at the University of Queensland. It is based on the window inference [RS93, Gru92] proof paradigm. The architecture of Ergo is based on a layered design (Figure 1). The proof engine
. We present a shallow embedding of the weakest precondition semantics for a program renement language. We use the Isabelle/ZF theorem prover for untyped set theory, and statements in our renement language are represented as set transformers. Our representation is signi cant in making use of the expressiveness of Isabelle/ZF's set theory to represent states as dependently-typed functions from variable names to their values. This lets us give a uniform treatment of statements such as variable assignment, framed specication statements, local blocks, and parameterisation. ZF set theory requires set comprehensions to be explicitly bounded. This requirement propagates to the denitions of statements in our renement language, which have operands for the state type. We reduce the syntactic burden of repeatedly writing the state type by using Isabelle's meta-logic to dene a lifted set transformer language which implicitly passes the state type to statements. Weakest precondi...
Window inference is a transformational style of reasoning that provides an intuitive framework for managing context during the transformation of subterms under transitive relations. This report describes the design for a prototype window inference tool in Isabelle, and discusses possible directions for the final tool.
A large effort is usually required to have a theorem prover establish a complex theorem. Having invested this effort, how can we store the result for later use, or communicate it to others while preserving our trust in its validity? This paper discusses the use of digital signatures to store and exchange theorems in a secure way.
ResearchGate has not been able to resolve any references for this publication.