A Auxiliary Definitions This appendix contains auxiliary definitions omitted from the main text. Variables fun lvars :: com ⇒ vname set where lvars SKIP = {} lvars (x ::= e)={x} lvars (c1;; c2)=lvars c1 ∪ lvars c2 lvars (IF b THEN c1 ELSE c2)=lvars c1 ∪ lvars c2 lvars (WHILE b DO c)=lvars c fun rvars :: com ⇒ vname set where rvars SKIP = {} rvars (x ::= e)=vars e rvars (c1;; c2)=rvars c1 ∪ rvars c2 rvars (IF b THEN c1 ELSE c2)=vars b ∪ rvars c1 ∪ rvars c2 rvars (WHILE b DO c)=vars b ∪ rvars c definition vars :: com ⇒ vname set where vars c = lvars c ∪ rvars c Abstract Interpretation fun strip :: aacom⇒ com where strip (SKIP {P})=SKIP strip (x ::= e {P})=x ::= e © Springer International Publishing Switzerland 2014 281 T. Nipkow and G. Klein, Concrete Semantics, DOI 10.1007/978-3-319-10542-0 282 A Auxiliary Definitions strip (C 1;;C 2)=strip C 1;; strip C 2 strip (IF b THEN {P 1} C 1 ELSE {P 2} C 2 {P})= IF b THEN strip C 1 ELSE strip C 2 strip ({I } WHILE b DO {P} C {Q})=WHILE b DO strip C fun annos :: aacom⇒ a list where annos (SKIP {P})=[P] annos (x ::= e {P})=[P] annos (C 1;;C 2)=annos C 1 @ annos C 2 annos (IF b THEN {P 1} C 1 ELSE {P 2} C 2 {Q})= P 1 # annos C 1 @ P 2 # annos C 2 @ [Q] annos ({I } WHILE b DO {P} C {Q})=I # P # annos C @ [Q] fun asize :: com ⇒ nat where asize SKIP = 1 asize (x ::= e)=1 asize (C 1;;C 2)=asize C 1 + asize C 2 asize (IF b THEN C 1 ELSE C 2)=asize C 1 + asize C 2 + 3 asize (WHILE b DO C )=asize C + 3 definition shift :: (nat ⇒ a) ⇒ nat ⇒ nat ⇒ a where shift f n =(λp. f (p+n)) fun annotate :: (nat ⇒ a) ⇒ com ⇒ aacomwhere annotate f SKIP = SKIP {f 0} annotate f (x ::= e)=x ::= e {f 0} annotate f (c1;;c2)=annotate f c1;; annotate (shift f (asize c1)) c2 annotate f (IF b THEN c1 ELSE c2)= IF b THEN {f 0} annotate (shift f 1) c1 ELSE {f (asize c1 + 1)} annotate (shift f (asize c1 + 2)) c2 {f (asize c1 + asize c2 + 2)} annotate f (WHILE b DO c)= {f 0} WHILE b DO {f 1} annotate (shift f 2) c {f (asize c + 2)} fun map_acom :: ( a ⇒ b) ⇒ aacom⇒ bacomwhere map_acom f (SKIP {P})=SKIP {fP} map_acom f (x ::= e {P})=x ::= e {fP} map_acom f (C 1;;C 2)=map_acom f C 1;; map_acom f C 2 map_acom f (IF b THEN {P 1} C 1 ELSE {P 2} C 2 {Q})= IF b THEN {fP1} map_acom f C 1 ELSE {fP2} map_acom f C 2 {fQ} map_acom f ({I } WHILE b DO {P} C {Q})= {fI} WHILE b DO {fP} map_acom f C {fQ} B Symbols [[ [| \<lbrakk> ]] |] \<rbrakk> =⇒ ==> \<Longrightarrow> !! \<And> ≡ == \<equiv> λ % \<lambda> ⇒ => \<Rightarrow> ∧ & \<and> ∨ | \<or> −→ --> \<longrightarrow> → -> \<rightarrow> ¬ ~ \<not> = ~= \<noteq> ∀ ALL \<forall> ∃ EX \<exists> <= \<le> × * \<times> ∈ : \<in> ∈/ ~: \<notin> ⊆ <= \<subseteq> ⊂ < \<subset> ∪ Un \<union> ∩ Int \<inter> UN, Union \<Union> INT, Inter \<Inter> sup \<squnion> inf \<sqinter> SUP, Sup \<Squnion> INF, Inf \<Sqinter> \<top> ⊥ \<bottom> Table B.1. Mathematical symbols, their ascii equivalents and internal names © Springer International Publishing Switzerland 2014 283 T. Nipkow and G. Klein, Concrete Semantics, DOI 10.1007/978-3-319-10542-0 C Theories The following table shows which sections are based on which theories in the directory src/HOL/IMP of the Isabelle distribution. 3.1 AExp 12.1 Hoare_Examples 3.2 BExp 12.2.2 Hoare 3.3 ASM 12.2.3 Hoare_Examples 7.1 Com 12.3 Hoare_Sound_Complete 7.2 Big_Step 12.4 VCG 7.3 Small_Step 12.5 Hoare_Total 8.1 Compiler 13.2 ACom 8.2 Compiler 13.3 Collecting 8.3 Compiler 13.3.3 Complete_Lattice 8.4 Compiler2 13.4 Abs_Int1_parity 9.1 Types 13.4.2 Abs_Int0 9.2.1 Sec_Type_Expr 13.5 Abs_Int0 9.2.2 Sec_Typing 13.5.1 Collecting 9.2.6 Sec_TypingT 13.6 Abs_Int1 10.1.1 Def_Init 13.6.1 Abs_Int1_parity 10.1.2 Def_Init_Exp 13.6.2 Abs_Int1_const 10.1.3 Def_Init_Small 13.6.3 Abs_State 10.1.4 Def_Init_Big 13.7 Abs_Int2 10.2 Fold 13.8 Abs_Int2_ivl 10.3 Live 13.9 Abs_Int3 10.4 Live_True 11.0 Denotational © Springer International Publishing Switzerland 2014 285 T. Nipkow and G. Klein, Concrete Semantics, DOI 10.1007/978-3-319-10542-0 References 1. Samson Abramsky and Achim Jung. Domain theory. In S. Abramsky, D. Gab- bay, and T.S.E. Maibaum, editors, Handbook of Logic in Computer Science, volume 3, pages 1–168. Oxford University Press, 1994. 2. Alfred Aho, Monica Lam, Ravi Sethi, and Jeffrey Ullman. Compilers: Princi- ples, Techniques, & Tools. Addison-Wesley, 2nd edition, 2007. 3. Eyad Alkassar, Mark Hillebrand, Dirk Leinenbach, Norbert Schirmer, Artem Starostin, and Alexandra Tsyban. Balancing the load — leveraging a semantics stack for systems verification. Journal of Automated Reasoning: Special Issue on Operating System Verification, 42, Numbers 2–4:389–454, 2009. 4. Eyad Alkassar, Mark Hillebrand, Wolfgang Paul, and Elena Petrova. Auto- mated verification of a small hypervisor. In Gary Leavens, Peter O’Hearn, and Sriram Rajamani, editors, Proceedings of Verified Software: Theories, Tools and Experiments 2010, volume 6217 of LNCS, pages 40–54. Springer, 2010. 5. Pierre America and Frank de Boer. Proving total correctness of recursive pro- cedures. Information and Computation, 84:129–162, 1990. 6. Krzysztof Apt. Ten Years of Hoare’s Logic: A Survey — Part I. ACM Trans. Program. Lang. Syst., 3(4):431–483, 1981. 7. Krzysztof Apt. Ten Years of Hoare’s Logic: A Survey — Part II: Nondetermin- ism. Theoretical Computer Science, 28:83–109, 1984. 8. Krzysztof Apt, Frank de Boer, and Ernst-Rüdiger Olderog. Verification of Sequential and Concurrent Programs. Springer, 3rd edition, 2009. 9. Clemens Ballarin. Tutorial on Locales and Locale Interpretation. http:// isabelle.in.tum.de/doc/locales.pdf. 10. Bernhard Beckert, Reiner Hähnle, and Peter H. Schmitt, editors. Verifica- tion of Object-Oriented Software: The KeY Approach, volume 4334 of LNCS. Springer, 2007. 11. Nick Benton, Andrew Kennedy, and Carsten Varming. Some domain theory and denotational semantics in Coq. In S. Berghofer, T. Nipkow, C. Urban, and M. Wenzel, editors, Theorem Proving in Higher Order Logics (TPHOLs 2009), volume 5674 of LNCS, pages 115–130. Springer, 2009. 12. William R. Bevier, Warren A. Hunt Jr., J. Strother Moore, and William D. Young. An approach to systems verification. J. Autom. Reasoning, 5(4):411– 428, 1989. © Springer International Publishing Switzerland 2014 287 T. Nipkow and G. Klein, Concrete Semantics, DOI 10.1007/978-3-319-10542-0 288 References 13. Richard Bornat. Proving pointer programs in Hoare Logic. In R. Backhouse and J. Oliveira, editors, Mathematics of Program Construction (MPC 2000), volume 1837 of LNCS, pages 102–126. Springer, 2000. 14. François Bourdoncle. Efficient chaotic iteration strategies with widenings. In D. Bjørner, Manfred M. Broy, and I. Pottosin, editors, Formal Methods in Programming and Their Applications, volume 735 of LNCS, pages 128–141. Springer, 1993. 15. David Brumley and Dan Boneh. Remote timing attacks are practical. Computer Networks, 48(5):701–716, 2005. 16. Rod Burstall. Some techniques for proving correctness of programs which alter data structures. In B. Meltzer and D. Michie, editors, Machine Intelligence 7, pages 23–50. Edinburgh University Press, 1972. 17. David Cachera and David Pichardie. A certified denotational abstract inter- preter. In M. Kaufmann and L. Paulson, editors, Interactive Theorem Proving (ITP 2010), volume 6172 of LNCS, pages 9–24. Springer, 2010. 18. Ellis Cohen. Information transmission in computational systems. In Proceedings of the sixth ACM symposium on Operating systems principles (SOSP’77), pages 133–139, West Lafayette, Indiana, USA, 1977. ACM. 19. Ernie Cohen, Markus Dahlweid, Mark Hillebrand, Dirk Leinenbach, Michał Moskal, Thomas Santen, Wolfram Schulte, and Stephan Tobies. VCC: A prac- tical system for verifying concurrent C. In Stefan Berghofer, Tobias Nipkow, Christian Urban, and Markus Wenzel, editors, Theorem Proving in Higher Order Logics (TPHOLs 2009), volume 5674 of LNCS, pages 23–42, Munich, Germany, 2009. Springer. 20. Stephen Cook. Soundness and completeness of an axiom system for program verification. SIAM J. on Computing, 7:70–90, 1978. 21. Patrick Cousot. The calculational design of a generic abstract interpreter. In Broy and Steinbrüggen, editors, Calculational System Design. IOS Press, 1999. 22. Patrick Cousot and Radhia Cousot. Abstract interpretation: A unified lattice model for static analysis of programs by construction or approximation of fix- points. In Proc. 4th ACM Symp. Principles of Programming Languages, pages 238–252, 1977. 23. Patrick Cousot and Nicolas Halbwachs. Automatic discovery of linear restraints among variables of a program. In Proc. 5th ACM Symp. Principles of Pro- gramming Languages, pages 84–97, 1978. 24. Marc Daumas, Laurence Rideau, and Laurent Théry. A generic library for floating-point numbers and its application to exact computing. In R. Boulton and P. Jackson, editors, Theorem Proving in Higher Order Logics (TPHOLs 2001), volume 2152 of LNCS, pages 169–184. Springer, 2001. 25. Leonardo Mendonça de Moura and Nikolaj Bjørner. Z3: An efficient SMT solver. In TACAS, volume 4963 of LNCS, pages 337–340, Budapest, Hungary, March 2008. Springer. 26. Dorothy E. Denning. A lattice model of secure information flow. Communica- tions of the ACM, 19(5):236–243, May 1976. 27. Edsger W. Dijkstra. Go to statement considered harmful. Communications of the ACM, 11(3):147–148, March 1968. 28. Edsger W. Dijkstra. A Discipline of Programming. Prentice-Hall, 1976. References 289 29. Gidon Ernst, Gerhard Schellhorn, Dominik Haneberg, Jörg Pfähler, and Wolf- gang Reif.
Details
-
File Typepdf
-
Upload Time-
-
Content LanguagesEnglish
-
Upload UserAnonymous/Not logged-in
-
File Pages16 Page
-
File Size-