From Formal Methods to Executable Code

Note: the cover page of this report shows an incorrect title. The title given on the first page of the document itself is correct.The objective of this work is the derivation of software that is verifiably correct. Our approach is to abstract system specifications and model these in a formal framework called Timed Input/Output Automata, which provides a notation for expressing distributed systems and mathematical support for reasoning about their properties. Although formal reasoning is easier at an abstract level, it is not clear how to transform these abstractions into executable code. During system implementation, when an abstract system specification is left up to human interpretation, then this opens a possibility of undesirable behaviors being introduced into the final code, thereby nullifying all formal efforts. This manuscript addresses this issue and presents a set of transformation methods for systems described as a network to timed automata into Java code for distributed platforms. We prove that the presented transformation methods preserve guarantees of the source specifications, and therefore, result in code that is correct by construction

Generating event logics with higher-order processes as realizers

Our topic is broadening a practical ”proofs-as-programs” method of program development to “proofs-as-processes”. We extend our previous results that implement proofs-as-processes for the standard model of asynchronous message passing computation to a much wider class of process models including the ¼-calculus and other process algebras. Our first result is a general process model whose definition in type theory is interesting in itself both technically and foundationally. Process terms are type free lambda-terms. Typed processes are elements of a co-inductive type. They are higher-order in that they can take processes as inputs and produce them as outputs. A second new result is a procedure to generate event structures over the general process model and then define event logics and event classes over these structures. Processes are abstract realizers for assertions in the event logics over them, and they extend the class of primitively realizable propositions built on the propositions-as-types principle. They also provide a basis for the third new result, showing when programmable event classes generate strong realizers that prevent logical interference as processes are synthesized

Knowledge-Based Synthesis of Distributed Systems Using Event Structures

To produce a program guaranteed to satisfy a given specification one can synthesize it from a formal constructive proof that a computation satisfying that specification exists. This process is particularly effective if the specifications are written in a high-level language that makes it easy for designers to specify their goals. We consider a high-level specification language that results from adding knowledge to a fragment of Nuprl specifically tailored for specifying distributed protocols, called event theory. We then show how high-level knowledge-based programs can be synthesized from the knowledge-based specifications using a proof development system such as Nuprl. Methods of Halpern and Zuck then apply to convert these knowledge-based protocols to ordinary protocols. These methods can be expressed as heuristic transformation tactics in Nuprl.Comment: A preliminary version of this paper appeared in Proceedings of the 11th International Conference on Logic for Programming, Artificial Intelligence, and Reasoning LPAR 2004, pp. 449-46

Interfacing with Proof Assistants for Domain Specific Programming Using EventML

This paper presents a paradigm for using proof assistants in the programming process. We demonstrate how the programming language EventML provides a useful interface to proof assistants throughout code development. Enhancing the use of proof assistants in programming will make them more valuable and accessible to a large community. We designed EventML specifically to cooperate with proof assistants at every stage of program creation. It will help programmers ensure correctness, document the code, and support modifications and improvements. Cooperation is especially effective when the proof assistant and the programming language share the same type system and when the proof assistant can generate executable code for the programming language, as is natural for proof assistants using constructive type theories.

A Foundational View on Integration Problems

The integration of reasoning and computation services across system and language boundaries is a challenging problem of computer science. In this paper, we use integration for the scenario where we have two systems that we integrate by moving problems and solutions between them. While this scenario is often approached from an engineering perspective, we take a foundational view. Based on the generic declarative language MMT, we develop a theoretical framework for system integration using theories and partial theory morphisms. Because MMT permits representations of the meta-logical foundations themselves, this includes integration across logics. We discuss safe and unsafe integration schemes and devise a general form of safe integration

Emerging trends proceedings of the 17th International Conference on Theorem Proving in Higher Order Logics: TPHOLs 2004

technical reportThis volume constitutes the proceedings of the Emerging Trends track of the 17th International Conference on Theorem Proving in Higher Order Logics (TPHOLs 2004) held September 14-17, 2004 in Park City, Utah, USA. The TPHOLs conference covers all aspects of theorem proving in higher order logics as well as related topics in theorem proving and verification. There were 42 papers submitted to TPHOLs 2004 in the full research cate- gory, each of which was refereed by at least 3 reviewers selected by the program committee. Of these submissions, 21 were accepted for presentation at the con- ference and publication in volume 3223 of Springer?s Lecture Notes in Computer Science series. In keeping with longstanding tradition, TPHOLs 2004 also offered a venue for the presentation of work in progress, where researchers invite discussion by means of a brief introductory talk and then discuss their work at a poster session. The work-in-progress papers are held in this volume, which is published as a 2004 technical report of the School of Computing at the University of Utah

Logic of Events, a framework to reason about distributed systems

We present a logical framework to reason about distributed systems called the Logic of Events. This logic has been formalized in Nuprl. We developed a suite of tools and tactics in Nuprl to reason about event classes. We also developed a programming language called EventML which allows programmers to write specifications of distributed protocols