formal-methods

Spark-Ada postcondition for array total

痞子三分冷 提交于 2021-02-10 05:52:30
问题 How does one write a Spark postcondition for a function that sums the elements of an array? (Spark 2014, but if someone shows me how to do it for an earlier Spark I should be able to adapt it.) So if I have: type Positive_Array is array (Positive range <>) of Positive; function Array_Total(The_Array: Positive_Array) return Positive with Post => Array_Total'Return = -- What goes here? is -- and so on I don't need to worry about overflow in my particular case (I know what the total was at

How can I glue/identify inclusions in two structures in MMT?

爱⌒轻易说出口 提交于 2021-01-28 01:16:01
问题 I'd like to formalize formal languages and their semantics in MMT and define a general notion of semantics equivalence of two semantics wrt. one syntax. Precisely, encoding the latter turns out to be an identification/glueing that I have no idea on how to do in MMT. Let me elaborate on my concrete formalization setup next. Below is a simplified formalization showing my approach. Based on a theory Meta aggregating both the logical framework LF and some logic, I start in Syntax defining a

How to implement `forall` (mathematics) in a procedural or OO language

不羁岁月 提交于 2020-01-02 12:16:12
问题 I am trying to understand how to implement forall in a procedural or OO language like Ruby or JavaScript. For example (this is Coq): Axiom point : Type. Axiom line : Type. Axiom lies_in : point -> line -> Prop. Axiom ax : forall (p1 p2 : point), p1 <> p2 -> exists! l : line, lies_in p1 l /\ lies_in p2 l. My attempt at doing this is just defining a class such as this (call MainAxiom == ax ). class MainAxiom attr :p1 attr :p2 def initialize raise 'Invalid' if @p1 == @p2 l = Line.new check_lies

Experiences with using Alloy in real-world projects

陌路散爱 提交于 2019-12-20 09:20:58
问题 I have been interested in formal methods for some time. I have used formal methods to reason about some very specific sub-areas of a few projects I have been working on. I was never able to convince other team members to try the same let alone specify an entire domain with a formal method. One method I have found particularly interesting is Alloy. I think that it may "scale" better as foundation for an entire project because it is conceptually and notationally very close to actual programming

What are the strengths and weaknesses of the Isabelle proof assistant compared to Coq?

帅比萌擦擦* 提交于 2019-12-18 10:09:01
问题 Does Isabelle/HOL proof assistant have any weaknesses and strengths compared to Coq? 回答1: I am mostly familiar with Coq, and do not have much experience with Isabelle/HOL, but I might be able to help a little bit. Perhaps others with more experience on Isabelle/HOL can help improve this. There are two big points of divergence between the two systems: the underlying theories and the style of interaction . I'll try to give a brief overview of the main differences in each case. Theories Both Coq

How to implement `forall` (mathematics) in a procedural or OO language

安稳与你 提交于 2019-12-06 05:24:39
I am trying to understand how to implement forall in a procedural or OO language like Ruby or JavaScript. For example (this is Coq): Axiom point : Type. Axiom line : Type. Axiom lies_in : point -> line -> Prop. Axiom ax : forall (p1 p2 : point), p1 <> p2 -> exists! l : line, lies_in p1 l /\ lies_in p2 l. My attempt at doing this is just defining a class such as this (call MainAxiom == ax ). class MainAxiom attr :p1 attr :p2 def initialize raise 'Invalid' if @p1 == @p2 l = Line.new check_lies_in(l, @p1) check_lies_in(l, @p2) end def check_lies_in(line, point) ... end end This has all kinds of

What are the most interesting equivalences arising from the Curry-Howard Isomorphism?

China☆狼群 提交于 2019-12-04 07:41:11
问题 I came upon the Curry-Howard Isomorphism relatively late in my programming life, and perhaps this contributes to my being utterly fascinated by it. It implies that for every programming concept there exists a precise analogue in formal logic, and vice versa. Here's a "basic" list of such analogies, off the top of my head: program/definition | proof type/declaration | proposition inhabited type | theorem/lemma function | implication function argument | hypothesis/antecedent function result |

Can Haskell functions be proved/model-checked/verified with correctness properties?

混江龙づ霸主 提交于 2019-12-03 00:11:10
问题 Continuing on from ideas in: Are there any provable real-world languages? I don't know about you, but I'm sick of writing code that I can't guarantee. After asking the above question and getting a phenomenal response (Thanks all!) I have decided to narrow my search for a provable, pragmatic, approach to Haskell. I chose Haskell because it is actually useful (there are many web frameworks written for it, this seems a good benchmark) AND I think it is strict enough, functionally, that it might

Experiences with using Alloy in real-world projects

无人久伴 提交于 2019-12-02 18:22:35
I have been interested in formal methods for some time. I have used formal methods to reason about some very specific sub-areas of a few projects I have been working on. I was never able to convince other team members to try the same let alone specify an entire domain with a formal method. One method I have found particularly interesting is Alloy . I think that it may "scale" better as foundation for an entire project because it is conceptually and notationally very close to actual programming languages. Furthermore, the tools are quite solid so that the benefits of model verification are

Can Haskell functions be proved/model-checked/verified with correctness properties?

落爺英雄遲暮 提交于 2019-12-02 13:54:22
Continuing on from ideas in: Are there any provable real-world languages? I don't know about you, but I'm sick of writing code that I can't guarantee. After asking the above question and getting a phenomenal response (Thanks all!) I have decided to narrow my search for a provable, pragmatic, approach to Haskell . I chose Haskell because it is actually useful (there are many web frameworks written for it, this seems a good benchmark) AND I think it is strict enough, functionally , that it might be provable, or at least allow the testing of invariants. Here's what I want (and have been unable to
订阅 formal-methods