diff --git a/web/entries/BTree.html b/web/entries/BTree.html --- a/web/entries/BTree.html +++ b/web/entries/BTree.html @@ -1,212 +1,212 @@ A Verified Imperative Implementation of B-Trees - Archive of Formal Proofs

A Verified Imperative Implementation of B-Trees

Niels MĂŒndler 📧

February 24, 2021

Abstract

In this work, we use the interactive theorem prover Isabelle/HOL to verify an imperative implementation of the classical B-tree data structure invented by Bayer and McCreight [ACM 1970]. The implementation supports set membership, insertion and deletion queries with efficient binary search for intra-node navigation. This is accomplished by first specifying the structure abstractly in the functional modeling language HOL and proving functional correctness. Using manual refinement, we derive an imperative implementation in Imperative/HOL. We show the validity of this refinement using the separation logic utilities from the Isabelle Refinement Framework . The code can be exported to the programming languages SML, OCaml and Scala. We examine the runtime of all operations indirectly by reproducing results of the logarithmic relationship between height and the number of nodes. The results are discussed in greater detail in the corresponding Bachelor's Thesis.

License

BSD License

History

May 2, 2021
Add implementation and proof of correctness of imperative deletion operations. Further add the option to export code to OCaml.

Topics

- +

Session BTree

\ No newline at end of file diff --git a/web/entries/Eval_FO.html b/web/entries/Eval_FO.html --- a/web/entries/Eval_FO.html +++ b/web/entries/Eval_FO.html @@ -1,201 +1,201 @@ First-Order Query Evaluation - Archive of Formal Proofs

First-Order Query Evaluation

Martin Raszyk 📧

February 15, 2022

Abstract

We formalize first-order query evaluation over an infinite domain with equality. We first define the syntax and semantics of first-order logic with equality. Next we define a locale eval_fo abstracting a representation of a potentially infinite set of tuples satisfying a first-order query over finite relations. Inside the locale, we define a function eval checking if the set of tuples satisfying a first-order query over a database (an interpretation of the query's predicates) is finite (i.e., deciding relative safety) and computing the set of satisfying tuples if it is finite. Altogether the function eval solves capturability (Avron and Hirshfeld, 1991) of first-order logic with equality. We also use the function eval to prove a code equation for the semantics of first-order logic, i.e., the function checking if a first-order query over a database is satisfied by a variable assignment.
We provide an interpretation of the locale eval_fo based on the approach by Ailamazyan et al. A core notion in the interpretation is the active domain of a query and a database that contains all domain elements that occur in the database or interpret the query's constants. We prove the main theorem of Ailamazyan et al. relating the satisfaction of a first-order query over an infinite domain to the satisfaction of this query over a finite domain consisting of the active domain and a few additional domain elements (outside the active domain) whose number only depends on the query. In our interpretation of the locale eval_fo, we use a potentially higher number of the additional domain elements, but their number still only depends on the query and thus has no effect on the data complexity (Vardi, 1982) of query evaluation. Our interpretation yields an executable function eval. The time complexity of eval on a query is linear in the total number of tuples in the intermediate relations for the subqueries. Specifically, we build a database index to evaluate a conjunction. We also optimize the case of a negated subquery in a conjunction. Finally, we export code for the infinite domain of natural numbers.

License

BSD License

Topics

- +

Session Eval_FO

\ No newline at end of file diff --git a/web/entries/Generic_Join.html b/web/entries/Generic_Join.html --- a/web/entries/Generic_Join.html +++ b/web/entries/Generic_Join.html @@ -1,181 +1,181 @@ Formalization of Multiway-Join Algorithms - Archive of Formal Proofs

Formalization of Multiway-Join Algorithms

Thibault Dardinier

September 16, 2019

Abstract

Worst-case optimal multiway-join algorithms are recent seminal achievement of the database community. These algorithms compute the natural join of multiple relational databases and improve in the worst case over traditional query plan optimizations of nested binary joins. In 2014, Ngo, RĂ©, and Rudra gave a unified presentation of different multi-way join algorithms. We formalized and proved correct their "Generic Join" algorithm and extended it to support negative joins.

License

BSD License

Topics

- +

Session Generic_Join

\ No newline at end of file diff --git a/web/entries/Safe_Range_RC.html b/web/entries/Safe_Range_RC.html --- a/web/entries/Safe_Range_RC.html +++ b/web/entries/Safe_Range_RC.html @@ -1,196 +1,196 @@ Making Arbitrary Relational Calculus Queries Safe-Range - Archive of Formal Proofs

Making Arbitrary Relational Calculus Queries Safe-Range

Martin Raszyk 📧 and Dmitriy Traytel 🌐

September 28, 2022

Abstract

The relational calculus (RC), i.e., first-order logic with equality but without function symbols, is a concise, declarative database query language. In contrast to relational algebra or SQL, which are the traditional query languages of choice in the database community, RC queries can evaluate to an infinite relation. Moreover, even in cases where the evaluation result of an RC query would be finite it is not clear how to efficiently compute it. Safe-range RC is an interesting syntactic subclass of RC, because all safe-range queries evaluate to a finite result and it is well-known how to evaluate such queries by translating them to relational algebra. We formalize and prove correct our recent translation of an arbitrary RC query into a pair of safe-range queries. Assuming an infinite domain, the two queries have the following meaning: The first is closed and characterizes the original query's relative safety, i.e., whether given a fixed database (interpretation of atomic predicates with finite relations), the original query evaluates to a finite relation. The second safe-range query is equivalent to the original query, if the latter is relatively safe. The formalization uses the Refinement Framework to go from the non-deterministic algorithm described in the paper to a deterministic, executable query translation. Our executable query translation is a first step towards a verified tool that efficiently evaluates arbitrary RC queries. This very problem is also solved by the AFP entry Eval_FO with a theoretically incomparable but practically worse time complexity. (The latter is demonstrated by our empirical evaluation.)

License

BSD License

Topics

- +

Session Safe_Range_RC

\ No newline at end of file diff --git a/web/index.json b/web/index.json --- a/web/index.json +++ b/web/index.json @@ -1,14277 +1,14285 @@ [ { "abstract": "The relational calculus (RC), i.e., first-order logic with equality but without function symbols, is a concise, declarative database query language. In contrast to relational algebra or SQL, which are the traditional query languages of choice in the database community, RC queries can evaluate to an infinite relation. Moreover, even in cases where the evaluation result of an RC query would be finite it is not clear how to efficiently compute it. Safe-range RC is an interesting syntactic subclass of RC, because all safe-range queries evaluate to a finite result and it is \u003ca href=\"http://webdam.inria.fr/Alice/pdfs/Chapter-5.pdf\"\u003ewell-known\u003c/a\u003e how to evaluate such queries by translating them to relational algebra. We formalize and prove correct \u003ca href=\"https://doi.org/10.4230/LIPIcs.ICDT.2022.11\"\u003eour recent translation\u003c/a\u003e of an arbitrary RC query into a pair of safe-range queries. Assuming an infinite domain, the two queries have the following meaning: The first is closed and characterizes the original query's relative safety, i.e., whether given a fixed database (interpretation of atomic predicates with finite relations), the original query evaluates to a finite relation. The second safe-range query is equivalent to the original query, if the latter is relatively safe. The formalization uses the Refinement Framework to go from the non-deterministic algorithm described in the paper to a deterministic, executable query translation. Our executable query translation is a first step towards a verified tool that efficiently evaluates arbitrary RC queries. This very problem is also solved by the AFP entry \u003ca href=\"https://isa-afp.org/entries/Eval_FO.html\"\u003eEval_FO\u003c/a\u003e with a theoretically incomparable but practically worse time complexity. (The latter is demonstrated by \u003ca href=\"https://doi.org/10.4230/LIPIcs.ICDT.2022.11\"\u003eour empirical evaluation\u003c/a\u003e.)", "authors": [ "Martin Raszyk", "Dmitriy Traytel" ], "date": "2022-09-28", "id": 0, "link": "/entries/Safe_Range_RC.html", "permalink": "/entries/Safe_Range_RC.html", "shortname": "Safe_Range_RC", "title": "Making Arbitrary Relational Calculus Queries Safe-Range", "topic_links": [ + "computer-science/data-management-systems", "logic/general-logic/classical-first-order-logic" ], "topics": [ + "Computer science/Data management systems", "Logic/General logic/Classical first-order logic" ], "used_by": 0 }, { "abstract": "This work is a formalization of Stalnaker's epistemic logic with countably many agents and its soundness and completeness theorems, as well as the equivalence between the axiomatization of S4 available in the Epistemic Logic theory and the topological one. It builds on the Epistemic Logic theory.", "authors": [ "Laura P. Gamboa Guzman" ], "date": "2022-09-23", "id": 1, "link": "/entries/Stalnaker_Logic.html", "permalink": "/entries/Stalnaker_Logic.html", "shortname": "Stalnaker_Logic", "title": "Stalnaker's Epistemic Logic", "topic_links": [ "logic/general-logic/logics-of-knowledge-and-belief" ], "topics": [ "Logic/General logic/Logics of knowledge and belief" ], "used_by": 0 }, { "abstract": "The field of p-adic numbers for a prime integer p is constructed. Basic facts about p-adic topology including Hensel's Lemma are proved, building on a prior submission by the author. The theory of semialgebraic sets and semialgebraic functions on cartesian powers of p-adic fields is also developed, following a formalization of these concepts due to Denef. This is done towards a formalization of Denef's proof of Macintyre's quantifier elimination theorem for p-adic fields. Theories developing general multivariable polynomial rings over a commutative ring are developed, as well as some general theory of cartesian powers of an arbitrary ring.", "authors": [ "Aaron Crighton" ], "date": "2022-09-22", "id": 2, "link": "/entries/Padic_Field.html", "permalink": "/entries/Padic_Field.html", "shortname": "Padic_Field", "title": "p-adic Fields and p-adic Semialgebraic Sets", "topic_links": [ "mathematics/number-theory", "mathematics/algebra" ], "topics": [ "Mathematics/Number theory", "Mathematics/Algebra" ], "used_by": 0 }, { "abstract": "We construct an abstract ledger supporting the \u003cem\u003erisk-free lending\u003c/em\u003e protocol. The risk-free lending protocol is a system for issuing and exchanging novel financial products we call \u003cem\u003erisk-free loan\u003c/em\u003e. The system allows one party to lend money at 0\u0026#37; APY to another party in exchange for a good or service. On every update of the ledger, accounts have interest distributed to them. Holders of lent assets keep interest accrued by those assets. After distributing interest, the system returns a fixed fraction of each loan. These fixed fractions determine \u003cem\u003eloan periods\u003c/em\u003e. Loans for longer periods have a smaller fixed fraction returned. Loans may be re-lent or used as collateral for other loans. We give a sufficient criterion to enforce all accounts will forever be solvent. We give a protocol for maintaining this invariant when transferring or lending funds. We also show this invariant holds after update. Even though the system does not track counter-party obligations, we show that all credited and debited loans cancel and the monetary supply grows at a specified interest rate.", "authors": [ "Matthew Doty" ], "date": "2022-09-18", "id": 3, "link": "/entries/Risk_Free_Lending.html", "permalink": "/entries/Risk_Free_Lending.html", "shortname": "Risk_Free_Lending", "title": "Risk-Free Lending", "topic_links": [ "mathematics/games-and-economics" ], "topics": [ "Mathematics/Games and economics" ], "used_by": 0 }, { "abstract": "This work is a formalization of soundness and completeness of the Bernays-Tarski axiom system for classical implicational logic. The completeness proof is constructive following the approach by LĂĄszlĂł KalmĂĄr, Elliott Mendelson and others. The result can be extended to full classical propositional logic by uncommenting a few lines for falsehood. ", "authors": [ "Asta HalkjĂŠr From", "JĂžrgen Villadsen" ], "date": "2022-09-13", "id": 4, "link": "/entries/Implicational_Logic.html", "permalink": "/entries/Implicational_Logic.html", "shortname": "Implicational_Logic", "title": "Soundness and Completeness of Implicational Logic", "topic_links": [ "logic/general-logic/classical-propositional-logic", "logic/proof-theory" ], "topics": [ "Logic/General logic/Classical propositional logic", "Logic/Proof theory" ], "used_by": 0 }, { "abstract": "This article formalizes the specification and the algorithm of the cryptographic scheme CRYSTALS-KYBER with multiplication using the Number Theoretic Transform and verifies its (1-ÎŽ)-correctness proof. CRYSTALS-KYBER is a key encapsulation mechanism in lattice-based post-quantum cryptography. This entry formalizes the key generation, encryption and decryption algorithms and shows that the algorithm decodes correctly under a highly probable assumption ((1-ÎŽ)-correctness). Moreover, the Number Theoretic Transform (NTT) in the case of Kyber and the convolution theorem thereon is formalized.", "authors": [ "Katharina Kreuzer" ], "date": "2022-09-08", "id": 5, "link": "/entries/CRYSTALS-Kyber.html", "permalink": "/entries/CRYSTALS-Kyber.html", "shortname": "CRYSTALS-Kyber", "title": "CRYSTALS-Kyber", "topic_links": [ "computer-science/security" ], "topics": [ "Computer science/Security" ], "used_by": 0 }, { "abstract": "Many separation logics support fractional permissions to distinguish between read and write access to a heap location, for instance, to allow concurrent reads while enforcing exclusive writes. Fractional permissions extend to composite assertions such as (co)inductive predicates and magic wands by allowing those to be multiplied by a fraction. Typical separation logic proofs require that this multiplication has three key properties: it needs to distribute over assertions, it should permit fractions to be factored out from assertions, and two fractions of the same assertion should be combinable into one larger fraction. Existing formal semantics incorporating fractional assertions into a separation logic define multiplication semantically (via models), resulting in a semantics in which distributivity and combinability do not hold for key resource assertions such as magic wands, and fractions cannot be factored out from a separating conjunction. By contrast, existing automatic separation logic verifiers define multiplication syntactically, resulting in a different semantics for which it is unknown whether distributivity and combinability hold for all assertions. In this entry (which accompanies an \u003ca href=\"https://dardinier.me/papers/multiplication.pdf\"\u003eOOPSLA'22 paper\u003c/a\u003e), we present and formalize an unbounded version of separation logic, a novel semantics for separation logic assertions that allows states to hold more than a full permission to a heap location during the evaluation of an assertion. By reimposing upper bounds on the permissions held per location at statement boundaries, we retain key properties of separation logic, in particular, we prove that the frame rule still holds. We also prove that our assertion semantics unifies semantic and syntactic multiplication and thereby reconciles the discrepancy between separation logic theory and tools and enjoys distributivity, factorisability, and combinability.", "authors": [ "Thibault Dardinier" ], "date": "2022-09-05", "id": 6, "link": "/entries/Separation_Logic_Unbounded.html", "permalink": "/entries/Separation_Logic_Unbounded.html", "shortname": "Separation_Logic_Unbounded", "title": "Unbounded Separation Logic", "topic_links": [ "computer-science/programming-languages/logics" ], "topics": [ "Computer science/Programming languages/Logics" ], "used_by": 0 }, { "abstract": "We formalise the proof of an important theorem in additive combinatorics due to Khovanskii, attesting that the cardinality of the set of all sums of $n$ many elements of $A$, where $A$ is a finite subset of an abelian group, is a polynomial in $n$ for all sufficiently large $n$. We follow a proof due to Nathanson and Ruzsa as presented in the notes “Introduction to Additive Combinatorics” by Timothy Gowers for the University of Cambridge.", "authors": [ "Angeliki Koutsoukou-Argyraki", "Lawrence C. Paulson" ], "date": "2022-09-02", "id": 7, "link": "/entries/Khovanskii_Theorem.html", "permalink": "/entries/Khovanskii_Theorem.html", "shortname": "Khovanskii_Theorem", "title": "Khovanskii\u0026#x27;s Theorem", "topic_links": [ "mathematics/combinatorics" ], "topics": [ "Mathematics/Combinatorics" ], "used_by": 0 }, { "abstract": "\u003cp\u003eThis article is a formalisation of a proof of the Hales–Jewett theorem presented in the textbook \u003cem\u003eRamsey Theory\u003c/em\u003e by Graham et al.\u003c/p\u003e \u003cp\u003eThe Hales–Jewett theorem is a result in Ramsey Theory which states that, for any non-negative integers $r$ and $t$, there exists a minimal dimension $N$, such that any $r$-coloured $N'$-dimensional cube over $t$ elements (with $N' \\geq N$) contains a monochromatic line. This theorem generalises Van der Waerden's Theorem, which has already been formalised in another \u003ca href=\"https://www.isa-afp.org/entries/Van_der_Waerden.html\"\u003eAFP entry\u003c/a\u003e.\u003c/p\u003e", "authors": [ "Ujkan Sulejmani", "Manuel Eberl", "Katharina Kreuzer" ], "date": "2022-09-02", "id": 8, "link": "/entries/Hales_Jewett.html", "permalink": "/entries/Hales_Jewett.html", "shortname": "Hales_Jewett", "title": "The Hales–Jewett Theorem", "topic_links": [ "mathematics/combinatorics" ], "topics": [ "Mathematics/Combinatorics" ], "used_by": 0 }, { "abstract": "\u003cp\u003eThis entry contains an Isabelle formalization of the \u003cem\u003eNumber Theoretic Transform (NTT)\u003c/em\u003e which is the analogue to a \u003cem\u003eDiscrete Fourier Transform (DFT)\u003c/em\u003e over a finite field. Roots of unity in the complex numbers are replaced by those in a finite field. \u003c/p\u003e\u003cp\u003eFirst, we define both \u003cem\u003eNTT\u003c/em\u003e and the inverse transform \u003cem\u003eINTT\u003c/em\u003e in Isabelle and prove them to be mutually inverse. \u003c/p\u003e\u003cp\u003e\u003cem\u003eDFT\u003c/em\u003e can be efficiently computed by the recursive \u003cem\u003eFast Fourier Transform (FFT)\u003c/em\u003e. In our formalization, this algorithm is adapted to the setting of the \u003cem\u003eNTT\u003c/em\u003e: We implement a \u003cem\u003eFast Number Theoretic Transform (FNTT)\u003c/em\u003e based on the Butterfly scheme by Cooley and Tukey. Additionally, we provide an inverse transform \u003cem\u003eIFNTT\u003c/em\u003e and prove it mutually inverse to \u003cem\u003eFNTT\u003c/em\u003e. \u003c/p\u003e\u003cp\u003e Afterwards, a recursive formalization of the \u003cem\u003eFNTT\u003c/em\u003e running time is examined and the famous $O(n \\log n)$ bounds are proven.\u003c/p\u003e", "authors": [ "Thomas Ammer", "Katharina Kreuzer" ], "date": "2022-08-18", "id": 9, "link": "/entries/Number_Theoretic_Transform.html", "permalink": "/entries/Number_Theoretic_Transform.html", "shortname": "Number_Theoretic_Transform", "title": "Number Theoretic Transform", "topic_links": [ "computer-science/algorithms/mathematical" ], "topics": [ "Computer science/Algorithms/Mathematical" ], "used_by": 1 }, { "abstract": "We prove the correctness of a sequential algorithm for computing maximal strongly connected components (SCCs) of a graph due to Vincent Bloemen.", "authors": [ "Stephan Merz", "Vincent TrĂ©lat" ], "date": "2022-08-17", "id": 10, "link": "/entries/SCC_Bloemen_Sequential.html", "permalink": "/entries/SCC_Bloemen_Sequential.html", "shortname": "SCC_Bloemen_Sequential", "title": "Correctness of a Set-based Algorithm for Computing Strongly Connected Components of a Graph", "topic_links": [ "computer-science/algorithms/graph" ], "topics": [ "Computer science/Algorithms/Graph" ], "used_by": 0 }, { "abstract": "This theory contains the involution-based proof of the two squares theorem from \u003ca href=\"https://dx.doi.org/10.1007/978-3-662-57265-8\"\u003eTHE BOOK\u003c/a\u003e.", "authors": [ "Maksym Bortin" ], "date": "2022-08-15", "id": 11, "link": "/entries/Involutions2Squares.html", "permalink": "/entries/Involutions2Squares.html", "shortname": "Involutions2Squares", "title": "From THE BOOK: Two Squares via Involutions", "topic_links": [ "mathematics/number-theory" ], "topics": [ "Mathematics/Number theory" ], "used_by": 0 }, { "abstract": "This entry provides executable formalisations of complete test generation algorithms for finite state machines. It covers testing for the language-equivalence and reduction conformance relations, supporting the former via the W, Wp, HSI, H, SPY and SPYH-methods, and the latter via adaptive state counting. The test strategies are implemented using generic frameworks, allowing for reuse of shared components between related strategies. This work is described in the author\u0026#x27;s \u003ca href=\"https://doi.org/10.26092/elib/1665\"\u003edoctoral thesis\u003c/a\u003e.", "authors": [ "Robert Sachtleben" ], "date": "2022-08-09", "id": 12, "link": "/entries/FSM_Tests.html", "permalink": "/entries/FSM_Tests.html", "shortname": "FSM_Tests", "title": "Verified Complete Test Strategies for Finite State Machines", "topic_links": [ "computer-science/automata-and-formal-languages", "computer-science/algorithms" ], "topics": [ "Computer science/Automata and formal languages", "Computer science/Algorithms" ], "used_by": 0 }, { "abstract": "JSON (JavaScript Object Notation) is a common format for exchanging data, based on a collection of key/value-pairs (the JSON objects) and lists. Its syntax is inspired by JavaScript with the aim of being easy to read and write for humans and easy to parse and generate for machines. Despite its origin in the JavaScript world, JSON is language-independent and many programming languages support working with JSON-encoded data. This makes JSON an interesting format for exchanging data with Isabelle/HOL. This AFP entry provides a JSON-like import-expert format for both Isabelle/ML and Isabelle/HOL. On the one hand, this AFP entry provides means for Isabelle/HOL users to work with JSON encoded data without the need using Isabelle/ML. On the other and, the provided Isabelle/ML interfaces allow additional extensions or integration into Isabelle extensions written in Isabelle/ML. While format is not fully JSON compliant (e.g., due to limitations in the range of supported Unicode characters), it works in most situations: the provided implementation in Isabelle/ML and its representation in Isabelle/HOL have been used successfully in several projects for exchanging data sets of several hundredths of megabyte between Isabelle and external tools.", "authors": [ "Achim D. Brucker" ], "date": "2022-07-29", "id": 13, "link": "/entries/Nano_JSON.html", "permalink": "/entries/Nano_JSON.html", "shortname": "Nano_JSON", "title": "Nano JSON: Working with JSON formatted data in Isabelle/HOL and Isabelle/ML", "topic_links": [ "tools", "computer-science/data-structures" ], "topics": [ "Tools", "Computer science/Data structures" ], "used_by": 0 }, { "abstract": "Smart contracts are automatically executed programs, usually representing legal agreements such as financial transactions. Thus, bugs in smart contracts can lead to large financial losses. For example, an incorrectly initialized contract was the root cause of the Parity Wallet bug that saw $280M worth of Ether destroyed. Ether is the cryptocurrency of the Ethereum blockchain that uses Solidity for expressing smart contracts. We address this problem by formalizing an executable denotational semantics for Solidity in the interactive theorem prover Isabelle/HOL. This formal semantics builds the foundation of an interactive program verification environment for Solidity programs and allows for inspecting them by (symbolic) execution. We combine the latter with grammar based fuzzing to ensure that our formal semantics complies to the Solidity implementation on the Ethereum Blockchain. Finally, we demonstrate the formal verification of Solidity programs by two examples: constant folding and a simple verified token.", "authors": [ "Diego Marmsoler", "Achim D. Brucker" ], "date": "2022-07-18", "id": 14, "link": "/entries/Solidity.html", "permalink": "/entries/Solidity.html", "shortname": "Solidity", "title": "Isabelle/Solidity: A deep Embedding of Solidity in Isabelle/HOL", "topic_links": [ "computer-science/programming-languages", "computer-science/semantics-and-reasoning" ], "topics": [ "Computer science/Programming languages", "Computer science/Semantics and reasoning" ], "used_by": 0 }, { "abstract": "A Hermitian matrix is a square complex matrix that is equal to its conjugate transpose. The (finite-dimensional) spectral theorem states that any such matrix can be decomposed into a product of a unitary matrix and a diagonal matrix containing only real elements. We formalize the generalization of this result, which states that any finite set of Hermitian and pairwise commuting matrices can be decomposed as previously, using the same unitary matrix; in other words, they are simultaneously diagonalizable. Sets of pairwise commuting Hermitian matrices are called \u003cem\u003eComplete Sets of Commuting Observables\u003c/em\u003e in Quantum Mechanics, where they represent physical quantities that can be simultaneously measured to uniquely distinguish quantum states.", "authors": [ "Mnacho Echenim" ], "date": "2022-07-18", "id": 15, "link": "/entries/Commuting_Hermitian.html", "permalink": "/entries/Commuting_Hermitian.html", "shortname": "Commuting_Hermitian", "title": "Simultaneous diagonalization of pairwise commuting Hermitian matrices", "topic_links": [ "mathematics/algebra" ], "topics": [ "Mathematics/Algebra" ], "used_by": 0 }, { "abstract": "\u003cp\u003eThis article provides a formalisation of the Weighted Arithmetic–Geometric Mean Inequality: given non-negative reals $a_1, \\ldots, a_n$ and non-negative weights $w_1, \\ldots, w_n$ such that $w_1 + \\ldots + w_n = 1$, we have \\[\\prod\\limits_{i=1}^n a_i^{w_i} \\leq \\sum\\limits_{i=1}^n w_i a_i\\ .\\] If the weights are additionally all non-zero, equality holds if and only if $a_1 = \\ldots = a_n$.\u003c/p\u003e \u003cp\u003eAs a corollary with $w_1 = \\ldots = w_n = 1/n$, the regular arithmetic–geometric mean inequality follows, namely that \\[\\sqrt[n]{a_1\\,\\cdots\\, a_n} \\leq \\tfrac{1}{n}(a_1 + \\ldots + a_n)\\ .\\]\u003c/p\u003e \u003cp\u003eI follow PĂłlya's elegant proof, which uses the inequality $1 + x \\leq e^x$ as a starting point. PĂłlya claims that this proof came to him in a dream, and that it was “the best mathematics he had ever dreamt.”\u003c/p\u003e", "authors": [ "Manuel Eberl" ], "date": "2022-07-11", "id": 16, "link": "/entries/Weighted_Arithmetic_Geometric_Mean.html", "permalink": "/entries/Weighted_Arithmetic_Geometric_Mean.html", "shortname": "Weighted_Arithmetic_Geometric_Mean", "title": "PĂłlya’s Proof of the Weighted Arithmetic–Geometric Mean Inequality", "topic_links": [ "mathematics/analysis" ], "topics": [ "Mathematics/Analysis" ], "used_by": 0 }, { "abstract": "After introducing the didactic imperative programming language IMP, Nipkow and Klein's book on formal programming language semantics (version of March 2021) specifies compilation of IMP commands into a lower-level language based on a stack machine, and expounds a formal verification of that compiler. Exercise 8.4 asks the reader to adjust such proof for a new compilation target, consisting of a machine language that (i) accesses memory locations through their addresses instead of variable names, and (ii) maintains a stack in memory via a stack pointer rather than relying upon a built-in stack. A natural strategy to maximize reuse of the original proof is keeping the original language as an assembly one and splitting compilation into multiple steps, namely a source-to-assembly step matching the original compilation process followed by an assembly-to-machine step. In this way, proving assembly code-machine code equivalence is the only extant task. A previous paper by the present author introduces a reasoning toolbox that allows for a compiler correctness proof shorter than the book's one, as such promising to constitute a further enhanced reference for the formal verification of real-world compilers. This paper in turn shows that such toolbox can be reused to accomplish the aforesaid task as well, which demonstrates that the proposed approach also promotes proof reuse in multi-stage compiler verifications.", "authors": [ "Pasquale Noce" ], "date": "2022-07-10", "id": 17, "link": "/entries/IMP_Compiler_Reuse.html", "permalink": "/entries/IMP_Compiler_Reuse.html", "shortname": "IMP_Compiler_Reuse", "title": "A Reuse-Based Multi-Stage Compiler Verification for Language IMP", "topic_links": [ "computer-science/programming-languages/compiling" ], "topics": [ "Computer science/Programming languages/Compiling" ], "used_by": 0 }, { "abstract": "A double-ended queue (\u003cem\u003edeque\u003c/em\u003e) is a queue where one can enqueue and dequeue at both ends. We define and verify the \u003ca href=\"https://doi.org/10.1145/165180.165225\"\u003edeque implementation by Chuang and Goldberg\u003c/a\u003e. It is purely functional and all operations run in constant time.", "authors": [ "Balazs Toth", "Tobias Nipkow" ], "date": "2022-06-23", "id": 18, "link": "/entries/Real_Time_Deque.html", "permalink": "/entries/Real_Time_Deque.html", "shortname": "Real_Time_Deque", "title": "Real-Time Double-Ended Queue", "topic_links": [ "computer-science/data-structures" ], "topics": [ "Computer science/Data structures" ], "used_by": 0 }, { "abstract": "In 1987, George Boolos gave an interesting and vivid concrete example of the considerable speed-up afforded by higher-order logic over first-order logic. (A phenomenon first noted by Kurt Gödel in 1936.) Boolos's example concerned an inference $I$ with five premises, and a conclusion, such that the shortest derivation of the conclusion from the premises in a standard system for first-order logic is astronomically huge; while there exists a second-order derivation whose length is of the order of a page or two. Boolos gave a short sketch of that second-order derivation, which relies on the comprehension principle of second-order logic. Here, Boolos's inference is formalized into fourteen lemmas, each quickly verified by the automated-theorem-proving assistant Isabelle/HOL.", "authors": [ "Jeffrey Ketland" ], "date": "2022-06-20", "id": 19, "link": "/entries/Boolos_Curious_Inference.html", "permalink": "/entries/Boolos_Curious_Inference.html", "shortname": "Boolos_Curious_Inference", "title": "Boolos's Curious Inference in Isabelle/HOL", "topic_links": [ "logic/philosophical-aspects" ], "topics": [ "Logic/Philosophical aspects" ], "used_by": 0 }, { "abstract": "This entry formalizes the classification of the finite fields (also called Galois fields): For each prime power $p^n$ there exists exactly one (up to isomorphisms) finite field of that size and there are no other finite fields. The derivation includes a formalization of the characteristic of rings, the Frobenius endomorphism, formal differentiation for polynomials in HOL-Algebra and Gauss' formula for the number of monic irreducible polynomials over finite fields: \\[ \\frac{1}{n} \\sum_{d | n} \\mu(d) p^{n/d} \\textrm{.} \\] The proofs are based on the books from \u003ca href=\"https://doi.org/10.1007/978-1-4757-2103-4\"\u003eIreland and Rosen\u003c/a\u003e, as well as, \u003ca href=\"https://doi.org/10.1017/CBO9781139172769\"\u003eLidl and Niederreiter\u003c/a\u003e.", "authors": [ "Emin Karayel" ], "date": "2022-06-08", "id": 20, "link": "/entries/Finite_Fields.html", "permalink": "/entries/Finite_Fields.html", "shortname": "Finite_Fields", "title": "Finite Fields", "topic_links": [ "mathematics/algebra" ], "topics": [ "Mathematics/Algebra" ], "used_by": 0 }, { "abstract": "Today's Internet is built on decades-old networking protocols that lack scalability, reliability and security. In response, the networking community has developed \u003cem\u003epath-aware\u003c/em\u003e Internet architectures that solve these issues while simultaneously empowering end hosts. In these architectures, autonomous systems authorize forwarding paths in accordance with their routing policies, and protect paths using cryptographic authenticators. For each packet, the sending end host selects an authorized path and embeds it and its authenticators in the packet header. This allows routers to efficiently determine how to forward the packet. The central security property of the data plane, i.e., of forwarding, is that packets can only travel along authorized paths. This property, which we call \u003cem\u003epath authorization\u003c/em\u003e, protects the routing policies of autonomous systems from malicious senders. The fundamental role of packet forwarding in the Internet's ecosystem and the complexity of the authentication mechanisms employed call for a formal analysis. We develop IsaNet, a parameterized verification framework for data plane protocols in Isabelle/HOL. We first formulate an abstract model without an attacker for which we prove path authorization. We then refine this model by introducing a Dolev--Yao attacker and by protecting authorized paths using (generic) cryptographic validation fields. This model is parametrized by the path authorization mechanism and assumes five simple verification conditions. We propose novel attacker models and different sets of assumptions on the underlying routing protocol. We validate our framework by instantiating it with nine concrete protocols variants and prove that they each satisfy the verification conditions (and hence path authorization). The invariants needed for the security proof are proven in the parametrized model instead of the instance models. Our framework thus supports low-effort security proofs for data plane protocols. In contrast to what could be achieved with state-of-the-art automated protocol verifiers, our results hold for arbitrary network topologies and sets of authorized paths.", "authors": [ "Tobias Klenze", "Christoph Sprenger" ], "date": "2022-06-08", "id": 21, "link": "/entries/IsaNet.html", "permalink": "/entries/IsaNet.html", "shortname": "IsaNet", "title": "IsaNet: Formalization of a Verification Framework for Secure Data Plane Protocols", "topic_links": [ "computer-science/security", "computer-science/networks" ], "topics": [ "Computer science/Security", "Computer science/Networks" ], "used_by": 0 }, { "abstract": "We present a formalization of Matiyasevich's proof of the DPRM theorem, which states that every recursively enumerable set of natural numbers is Diophantine. This result from 1970 yields a negative solution to Hilbert's 10th problem over the integers. To represent recursively enumerable sets in equations, we implement and arithmetize register machines. We formalize a general theory of Diophantine sets and relations to reason about them abstractly. Using several number-theoretic lemmas, we prove that exponentiation has a Diophantine representation.", "authors": [ "Jonas Bayer", "Marco David", "Benedikt Stock", "Abhik Pal", "Yuri Matiyasevich", "Dierk Schleicher" ], "date": "2022-06-06", "id": 22, "link": "/entries/DPRM_Theorem.html", "permalink": "/entries/DPRM_Theorem.html", "shortname": "DPRM_Theorem", "title": "Diophantine Equations and the DPRM Theorem", "topic_links": [ "logic/computability", "mathematics/number-theory" ], "topics": [ "Logic/Computability", "Mathematics/Number theory" ], "used_by": 0 }, { "abstract": "This AFP entry relates important rewriting properties between the set of terms and the set of ground terms induced by a given signature. The properties considered are confluence, strong/local confluence, the normal form property, unique normal forms with respect to reduction and conversion, commutation, conversion equivalence, and normalization equivalence.", "authors": [ "Alexander Lochmann" ], "date": "2022-06-02", "id": 23, "link": "/entries/Rewrite_Properties_Reduction.html", "permalink": "/entries/Rewrite_Properties_Reduction.html", "shortname": "Rewrite_Properties_Reduction", "title": "Reducing Rewrite Properties to Properties on Ground Terms", "topic_links": [ "logic/rewriting" ], "topics": [ "Logic/Rewriting" ], "used_by": 0 }, { "abstract": "Many separation logics support \u003cem\u003efractional permissions\u003c/em\u003e to distinguish between read and write access to a heap location, for instance, to allow concurrent reads while enforcing exclusive writes. The concept has been generalized to fractional assertions. $A^p$ (where $A$ is a separation logic assertion and $p$ a fraction between $0$ and $1$) represents a fraction $p$ of $A$. $A^p$ holds in a state $\\sigma$ iff there exists a state $\\sigma_A$ in which $A$ holds and $\\sigma$ is obtained from $\\sigma_A$ by multiplying all permission amounts held by $p$. While $A^{p + q}$ can always be split into $A^p * A^q$, recombining $A^p * A^q$ into $A^{p+q}$ is not always sound. We say that $A$ is \u003cem\u003ecombinable\u003c/em\u003e iff the entailment $A^p * A^q \\models A^{p+q}$ holds for any two positive fractions $p$ and $q$ such that $p + q \\le 1$. Combinable assertions are particularly useful to reason about concurrent programs, for instance, to combine the postconditions of parallel branches when they terminate. Unfortunately, the magic wand assertion $A \\mathbin{-\\!\\!*} B$, commonly used to specify properties of partial data structures, is typically \u003cem\u003enot\u003c/em\u003e combinable. In this entry, we formalize a novel, restricted definition of the magic wand, described in \u003ca href=\"https://arxiv.org/abs/2205.11325\"\u003ea paper at CAV 22\u003c/a\u003e, which we call the \u003cem\u003ecombinable wand\u003c/em\u003e. We prove some key properties of the combinable wand; in particular, a combinable wand is combinable if its right-hand side is combinable.", "authors": [ "Thibault Dardinier" ], "date": "2022-05-30", "id": 24, "link": "/entries/Combinable_Wands.html", "permalink": "/entries/Combinable_Wands.html", "shortname": "Combinable_Wands", "title": "A Restricted Definition of the Magic Wand to Soundly Combine Fractions of a Wand", "topic_links": [ "computer-science/programming-languages/logics" ], "topics": [ "Computer science/Programming languages/Logics" ], "used_by": 0 }, { "abstract": "We formalise PlĂŒnnecke's inequality and the PlĂŒnnecke-Ruzsa inequality, following the notes by Timothy Gowers: \"Introduction to Additive Combinatorics\" (2022) for the University of Cambridge. To this end, we first introduce basic definitions and prove elementary facts on sumsets and difference sets. Then, we show two versions of the Ruzsa triangle inequality. We follow with a proof due to Petridis.", "authors": [ "Angeliki Koutsoukou-Argyraki", "Lawrence C. Paulson" ], "date": "2022-05-26", "id": 25, "link": "/entries/Pluennecke_Ruzsa_Inequality.html", "permalink": "/entries/Pluennecke_Ruzsa_Inequality.html", "shortname": "Pluennecke_Ruzsa_Inequality", "title": "The PlĂŒnnecke-Ruzsa Inequality", "topic_links": [ "mathematics/combinatorics" ], "topics": [ "Mathematics/Combinatorics" ], "used_by": 1 }, { "abstract": "The magic wand $\\mathbin{-\\!\\!*}$ (also called separating implication) is a separation logic connective commonly used to specify properties of partial data structures, for instance during iterative traversals. A \u003cem\u003efootprint\u003c/em\u003e of a magic wand formula $$A \\mathbin{-\\!\\!*} B$$ is a state that, combined with any state in which $A$ holds, yields a state in which $B$ holds. The key challenge of proving a magic wand (also called \u003cem\u003epackaging\u003c/em\u003e a wand) is to find such a footprint. Existing package algorithms either have a high annotation overhead or are unsound. In this entry, we formally define a framework for the sound automation of magic wands, described in an \u003ca href=\"https://www.cs.ubc.ca/~alexsumm/papers/DardinierParthasarathyWeeksMuellerSummers22.pdf\"\u003eupcoming paper at CAV 2022\u003c/a\u003e, and prove that it is sound and complete. This framework, called the \u003cem\u003epackage logic\u003c/em\u003e, precisely characterises a wide design space of possible package algorithms applicable to a large class of separation logics.", "authors": [ "Thibault Dardinier" ], "date": "2022-05-18", "id": 26, "link": "/entries/Package_logic.html", "permalink": "/entries/Package_logic.html", "shortname": "Package_logic", "title": "Formalization of a Framework for the Sound Automation of Magic Wands", "topic_links": [ "computer-science/programming-languages/logics" ], "topics": [ "Computer science/Programming languages/Logics" ], "used_by": 1 }, { "abstract": "\u003cp\u003e Given a graph $G$ with $n$ vertices and a number $s$, the decision problem Clique asks whether $G$ contains a fully connected subgraph with $s$ vertices. For this NP-complete problem there exists a non-trivial lower bound: no monotone circuit of a size that is polynomial in $n$ can solve Clique. \u003c/p\u003e\u003cp\u003e This entry provides an Isabelle/HOL formalization of a concrete lower bound (the bound is $\\sqrt[7]{n}^{\\sqrt[8]{n}}$ for the fixed choice of $s = \\sqrt[4]{n}$), following a proof by Gordeev. \u003c/p\u003e", "authors": [ "RenĂ© Thiemann" ], "date": "2022-05-08", "id": 27, "link": "/entries/Clique_and_Monotone_Circuits.html", "permalink": "/entries/Clique_and_Monotone_Circuits.html", "shortname": "Clique_and_Monotone_Circuits", "title": "Clique is not solvable by monotone circuits of polynomial size", "topic_links": [ "mathematics/combinatorics" ], "topics": [ "Mathematics/Combinatorics" ], "used_by": 0 }, { "abstract": "Linear algebraic techniques are powerful, yet often underrated tools in combinatorial proofs. This formalisation provides a library including matrix representations of incidence set systems, general formal proof techniques for the rank argument and linear bound argument, and finally a formalisation of a number of variations of the well-known Fisher's inequality. We build on our prior work formalising combinatorial design theory using a locale-centric approach, including extensions such as constant intersect designs and dual incidence systems. In addition to Fisher's inequality, we also formalise proofs on other incidence system properties using the incidence matrix representation, such as design existence, dual system relationships and incidence system isomorphisms. This formalisation is presented in the paper \"Formalising Fisher's Inequality: Formal Linear Algebraic Techniques in Combinatorics\", accepted to ITP 2022.", "authors": [ "Chelsea Edmonds", "Lawrence C. Paulson" ], "date": "2022-04-21", "id": 28, "link": "/entries/Fishers_Inequality.html", "permalink": "/entries/Fishers_Inequality.html", "shortname": "Fishers_Inequality", "title": "Fisher's Inequality: Linear Algebraic Proof Techniques for Combinatorics", "topic_links": [ "mathematics/combinatorics", "mathematics/algebra" ], "topics": [ "Mathematics/Combinatorics", "Mathematics/Algebra" ], "used_by": 0 }, { "abstract": "We formalize how a natural number can be expanded into its digits in some base and prove properties about functions that operate on digit expansions. This includes the formalization of concepts such as digit shifts and carries. For a base that is a power of 2 we formalize the binary AND, binary orthogonality and binary masking of two natural numbers. This library on digit expansions builds the basis for the formalization of the DPRM theorem.", "authors": [ "Jonas Bayer", "Marco David", "Abhik Pal", "Benedikt Stock" ], "date": "2022-04-20", "id": 29, "link": "/entries/Digit_Expansions.html", "permalink": "/entries/Digit_Expansions.html", "shortname": "Digit_Expansions", "title": "Digit Expansions", "topic_links": [ "mathematics/number-theory" ], "topics": [ "Mathematics/Number theory" ], "used_by": 1 }, { "abstract": "We consider the problem of comparing two multisets via the generalized multiset ordering. We show that the corresponding decision problem is NP-complete. To be more precise, we encode multiset-comparisons into propositional formulas or into conjunctive normal forms of quadratic size; we further prove that satisfiability of conjunctive normal forms can be encoded as multiset-comparison problems of linear size. As a corollary, we also show that the problem of deciding whether two terms are related by a recursive path order is NP-hard, provided the recursive path order is based on the generalized multiset ordering.", "authors": [ "RenĂ© Thiemann", "Lukas Schmidinger" ], "date": "2022-04-20", "id": 30, "link": "/entries/Multiset_Ordering_NPC.html", "permalink": "/entries/Multiset_Ordering_NPC.html", "shortname": "Multiset_Ordering_NPC", "title": "The Generalized Multiset Ordering is NP-Complete", "topic_links": [ "logic/rewriting" ], "topics": [ "Logic/Rewriting" ], "used_by": 0 }, { "abstract": "\u003cp\u003eThis article provides a brief formalisation of the two equations known as the \u003cem\u003eSophomore's Dream\u003c/em\u003e, first discovered by Johann Bernoulli in 1697:\u003c/p\u003e \\[\\int_0^1 x^{-x}\\,\\text{d}x = \\sum_{n=1}^\\infty n^{-n} \\quad\\text{and}\\quad \\int_0^1 x^x\\,\\text{d}x = -\\sum_{n=1}^\\infty (-n)^{-n}\\]", "authors": [ "Manuel Eberl" ], "date": "2022-04-10", "id": 31, "link": "/entries/Sophomores_Dream.html", "permalink": "/entries/Sophomores_Dream.html", "shortname": "Sophomores_Dream", "title": "The Sophomore's Dream", "topic_links": [ "mathematics/analysis" ], "topics": [ "Mathematics/Analysis" ], "used_by": 0 }, { "abstract": "This entry contains a set of binary encodings for primitive data types, such as natural numbers, integers, floating-point numbers as well as combinators to construct encodings for products, lists, sets or functions of/between such types. For natural numbers and integers, the entry contains various encodings, such as Elias-Gamma-Codes and exponential Golomb Codes, which are efficient variable-length codes in use by current compression formats. A use-case for this library is measuring the persisted size of a complex data structure without having to hand-craft a dedicated encoding for it, independent of Isabelle's internal representation.", "authors": [ "Emin Karayel" ], "date": "2022-04-08", "id": 32, "link": "/entries/Prefix_Free_Code_Combinators.html", "permalink": "/entries/Prefix_Free_Code_Combinators.html", "shortname": "Prefix_Free_Code_Combinators", "title": "A Combinator Library for Prefix-Free Codes", "topic_links": [ "computer-science/algorithms", "computer-science/data-structures" ], "topics": [ "Computer science/Algorithms", "Computer science/Data structures" ], "used_by": 1 }, { "abstract": "In 1999 Alon et. al. introduced the still active research topic of approximating the frequency moments of a data stream using randomized algorithms with minimal space usage. This includes the problem of estimating the cardinality of the stream elements - the zeroth frequency moment. But, also higher-order frequency moments that provide information about the skew of the data stream. (The \u003ci\u003ek\u003c/i\u003e-th frequency moment of a data stream is the sum of the \u003ci\u003ek\u003c/i\u003e-th powers of the occurrence counts of each element in the stream.) This entry formalizes three randomized algorithms for the approximation of \u003ci\u003eF\u003csub\u003e0\u003c/sub\u003e\u003c/i\u003e, \u003ci\u003eF\u003csub\u003e2\u003c/sub\u003e\u003c/i\u003e and \u003ci\u003eF\u003csub\u003ek\u003c/sub\u003e\u003c/i\u003e for \u003ci\u003ek ≄ 3\u003c/i\u003e based on [\u003ca href=\"https://doi.org/10.1006/jcss.1997.1545\"\u003e1\u003c/a\u003e, \u003ca href=\"https://doi.org/10.1007/3-540-45726-7_1\"\u003e2\u003c/a\u003e] and verifies their expected accuracy, success probability and space usage.", "authors": [ "Emin Karayel" ], "date": "2022-04-08", "id": 33, "link": "/entries/Frequency_Moments.html", "permalink": "/entries/Frequency_Moments.html", "shortname": "Frequency_Moments", "title": "Formalization of Randomized Approximation Algorithms for Frequency Moments", "topic_links": [ "computer-science/algorithms/approximation", "mathematics/probability-theory" ], "topics": [ "Computer science/Algorithms/Approximation", "Mathematics/Probability theory" ], "used_by": 0 }, { "abstract": "The type of real numbers is constructed from the positive rationals using the method of Dedekind cuts. This development, briefly described in papers by the authors, follows the textbook presentation by Gleason. It's notable that the first formalisation of a significant piece of mathematics, by Jutting in 1977, involved a similar construction.", "authors": [ "Jacques D. Fleuriot", "Lawrence C. Paulson" ], "date": "2022-03-24", "id": 34, "link": "/entries/Dedekind_Real.html", "permalink": "/entries/Dedekind_Real.html", "shortname": "Dedekind_Real", "title": "Constructing the Reals as Dedekind Cuts of Rationals", "topic_links": [ "mathematics/analysis" ], "topics": [ "Mathematics/Analysis" ], "used_by": 0 }, { "abstract": "Ackermann's function is defined in the usual way and a number of its elementary properties are proved. Then, the primitive recursive functions are defined inductively: as a predicate on the functions that map lists of numbers to numbers. It is shown that every primitive recursive function is strictly dominated by Ackermann's function. The formalisation follows an earlier one by Nora Szasz.", "authors": [ "Lawrence C. Paulson" ], "date": "2022-03-23", "id": 35, "link": "/entries/Ackermanns_not_PR.html", "permalink": "/entries/Ackermanns_not_PR.html", "shortname": "Ackermanns_not_PR", "title": "Ackermann's Function Is Not Primitive Recursive", "topic_links": [ "logic/computability" ], "topics": [ "Logic/Computability" ], "used_by": 0 }, { "abstract": "\u003cp\u003e The AFP entry \u003ca href=\"https://www.isa-afp.org/entries/Abstract_Completeness.html\"\u003eAbstract Completeness\u003c/a\u003e by Blanchette, Popescu and Traytel formalizes the core of Beth/Hintikka-style completeness proofs for first-order logic and can be used to formalize executable sequent calculus provers. In the Journal of Automated Reasoning, the authors instantiate the framework with a sequent calculus for first-order logic and prove its completeness. Their use of an infinite set of proof rules indexed by formulas yields very direct arguments. A fair stream of these rules controls the prover, making its definition remarkably simple. The AFP entry, however, only contains a toy example for propositional logic. The AFP entry \u003ca href=\"https://www.isa-afp.org/entries/FOL_Seq_Calc2.html\"\u003eA Sequent Calculus Prover for First-Order Logic with Functions\u003c/a\u003e by From and Jacobsen also uses the framework, but uses a finite set of generic rules resulting in a more sophisticated prover with more complicated proofs. \u003c/p\u003e \u003cp\u003e This entry contains an executable sequent calculus prover for first-order logic with functions in the style presented by Blanchette et al. The prover can be exported to Haskell and this entry includes formalized proofs of its soundness and completeness. The proofs are simpler than those for the prover by From and Jacobsen but the performance of the prover is significantly worse. \u003c/p\u003e \u003cp\u003e The included theory \u003cem\u003eFair-Stream\u003c/em\u003e first proves that the sequence of natural numbers 0, 0, 1, 0, 1, 2, etc. is fair. It then proves that mapping any surjective function across the sequence preserves fairness. This method of obtaining a fair stream of rules is similar to the one given by Blanchette et al. The concrete functions from natural numbers to terms, formulas and rules are defined using the \u003cem\u003eNat-Bijection\u003c/em\u003e theory in the HOL-Library. \u003c/p\u003e", "authors": [ "Asta HalkjĂŠr From" ], "date": "2022-03-22", "id": 36, "link": "/entries/FOL_Seq_Calc3.html", "permalink": "/entries/FOL_Seq_Calc3.html", "shortname": "FOL_Seq_Calc3", "title": "A Naive Prover for First-Order Logic", "topic_links": [ "logic/general-logic/classical-first-order-logic", "logic/proof-theory", "logic/general-logic/mechanization-of-proofs" ], "topics": [ "Logic/General logic/Classical first-order logic", "Logic/Proof theory", "Logic/General logic/Mechanization of proofs" ], "used_by": 0 }, { "abstract": "\u003cp\u003eIn this article, I formalise a proof from \u003ca href=\"https://dx.doi.org/10.1007/978-3-662-57265-8\"\u003eTHE BOOK\u003c/a\u003e; namely a formula that was called ‘one of the most beautiful formulas involving elementary functions’:\u003c/p\u003e \\[\\pi \\cot(\\pi z) = \\frac{1}{z} + \\sum_{n=1}^\\infty\\left(\\frac{1}{z+n} + \\frac{1}{z-n}\\right)\\] \u003cp\u003eThe proof uses Herglotz's trick to show the real case and analytic continuation for the complex case.\u003c/p\u003e", "authors": [ "Manuel Eberl" ], "date": "2022-03-15", "id": 37, "link": "/entries/Cotangent_PFD_Formula.html", "permalink": "/entries/Cotangent_PFD_Formula.html", "shortname": "Cotangent_PFD_Formula", "title": "A Proof from THE BOOK: The Partial Fraction Expansion of the Cotangent", "topic_links": [ "mathematics/analysis" ], "topics": [ "Mathematics/Analysis" ], "used_by": 0 }, { "abstract": "We redeveloped our formalization of forcing in the set theory framework of Isabelle/ZF. Under the assumption of the existence of a countable transitive model of ZFC, we construct proper generic extensions that satisfy the Continuum Hypothesis and its negation.", "authors": [ "Emmanuel Gunther", "Miguel Pagano", "Pedro SĂĄnchez Terraf", "MatĂ­as Steinberg" ], "date": "2022-03-06", "id": 38, "link": "/entries/Independence_CH.html", "permalink": "/entries/Independence_CH.html", "shortname": "Independence_CH", "title": "The Independence of the Continuum Hypothesis in Isabelle/ZF", "topic_links": [ "logic/set-theory" ], "topics": [ "Logic/Set theory" ], "used_by": 0 }, { "abstract": "We extend the ZF-Constructibility library by relativizing theories of the Isabelle/ZF and Delta System Lemma sessions to a transitive class. We also relativize Paulson's work on Aleph and our former treatment of the Axiom of Dependent Choices. This work is a prerrequisite to our formalization of the independence of the Continuum Hypothesis.", "authors": [ "Emmanuel Gunther", "Miguel Pagano", "Pedro SĂĄnchez Terraf", "MatĂ­as Steinberg" ], "date": "2022-03-03", "id": 39, "link": "/entries/Transitive_Models.html", "permalink": "/entries/Transitive_Models.html", "shortname": "Transitive_Models", "title": "Transitive Models of Fragments of ZFC", "topic_links": [ "logic/set-theory" ], "topics": [ "Logic/Set theory" ], "used_by": 1 }, { "abstract": "\u003cp\u003e A \u003cem\u003eresiduated transition system\u003c/em\u003e (RTS) is a transition system that is equipped with a certain partial binary operation, called \u003cem\u003eresiduation\u003c/em\u003e, on transitions. Using the residuation operation, one can express nuances, such as a distinction between nondeterministic and concurrent choice, as well as partial commutativity relationships between transitions, which are not captured by ordinary transition systems. A version of residuated transition systems was introduced in previous work by the author, in which they were called “concurrent transition systems” in view of the original motivation for their definition from the study of concurrency. In the first part of the present article, we give a formal development that generalizes and subsumes the original presentation. We give an axiomatic definition of residuated transition systems that assumes only a single partial binary operation as given structure. From the axioms, we derive notions of “arrow“ (transition), “source”, “target”, “identity”, as well as “composition” and “join” of transitions; thereby recovering structure that in the previous work was assumed as given. We formalize and generalize the result, that residuation extends from transitions to transition paths, and we systematically develop the properties of this extension. A significant generalization made in the present work is the identification of a general notion of congruence on RTS’s, along with an associated quotient construction. \u003c/p\u003e \u003cp\u003e In the second part of this article, we use the RTS framework to formalize several results in the theory of reduction in Church’s λ-calculus. Using a de Bruijn index-based syntax in which terms represent parallel reduction steps, we define residuation on terms and show that it satisfies the axioms for an RTS. An application of the results on paths from the first part of the article allows us to prove the classical Church-Rosser Theorem with little additional effort. We then use residuation to define the notion of “development” and we prove the Finite Developments Theorem, that every development is finite, formalizing and adapting to de Bruijn indices a proof by de Vrijer. We also use residuation to define the notion of a “standard reduction path”, and we prove the Standardization Theorem: that every reduction path is congruent to a standard one. As a corollary of the Standardization Theorem, we obtain the Leftmost Reduction Theorem: that leftmost reduction is a normalizing strategy. \u003c/p\u003e", "authors": [ "Eugene W. Stark" ], "date": "2022-02-28", "id": 40, "link": "/entries/ResiduatedTransitionSystem.html", "permalink": "/entries/ResiduatedTransitionSystem.html", "shortname": "ResiduatedTransitionSystem", "title": "Residuated Transition Systems", "topic_links": [ "computer-science/automata-and-formal-languages", "computer-science/concurrency", "computer-science/programming-languages/lambda-calculi" ], "topics": [ "Computer science/Automata and formal languages", "Computer science/Concurrency", "Computer science/Programming languages/Lambda calculi" ], "used_by": 0 }, { "abstract": "A \u003ci\u003ek\u003c/i\u003e-universal hash family is a probability space of functions, which have uniform distribution and form \u003ci\u003ek\u003c/i\u003e-wise independent random variables. They can often be used in place of classic (or cryptographic) hash functions and allow the rigorous analysis of the performance of randomized algorithms and data structures that rely on hash functions. In 1981 \u003ca href=\"https://doi.org/10.1016/0022-0000(81)90033-7\"\u003eWegman and Carter\u003c/a\u003e introduced a generic construction for such families with arbitrary \u003ci\u003ek\u003c/i\u003e using polynomials over a finite field. This entry contains a formalization of them and establishes the property of \u003ci\u003ek\u003c/i\u003e-universality. To be useful the formalization also provides an explicit construction of finite fields using the factor ring of integers modulo a prime. Additionally, some generic results about independent families are shown that might be of independent interest.", "authors": [ "Emin Karayel" ], "date": "2022-02-20", "id": 41, "link": "/entries/Universal_Hash_Families.html", "permalink": "/entries/Universal_Hash_Families.html", "shortname": "Universal_Hash_Families", "title": "Universal Hash Families", "topic_links": [ "mathematics/probability-theory", "computer-science/algorithms" ], "topics": [ "Mathematics/Probability theory", "Computer science/Algorithms" ], "used_by": 1 }, { "abstract": "Let $F$ be a set of analytic functions on the complex plane such that, for each $z\\in\\mathbb{C}$, the set $\\{f(z) \\mid f\\in F\\}$ is countable; must then $F$ itself be countable? The answer is yes if the Continuum Hypothesis is false, i.e., if the cardinality of $\\mathbb{R}$ exceeds $\\aleph_1$. But if CH is true then such an $F$, of cardinality $\\aleph_1$, can be constructed by transfinite recursion. The formal proof illustrates reasoning about complex analysis (analytic and homomorphic functions) and set theory (transfinite cardinalities) in a single setting. The mathematical text comes from \u003cem\u003eProofs from THE BOOK\u003c/em\u003e by Aigner and Ziegler.", "authors": [ "Lawrence C. Paulson" ], "date": "2022-02-18", "id": 42, "link": "/entries/Wetzels_Problem.html", "permalink": "/entries/Wetzels_Problem.html", "shortname": "Wetzels_Problem", "title": "Wetzel's Problem and the Continuum Hypothesis", "topic_links": [ "mathematics/analysis", "logic/set-theory" ], "topics": [ "Mathematics/Analysis", "Logic/Set theory" ], "used_by": 0 }, { "abstract": "We formalize first-order query evaluation over an infinite domain with equality. We first define the syntax and semantics of first-order logic with equality. Next we define a locale \u003ci\u003eeval\u0026lowbar;fo\u003c/i\u003e abstracting a representation of a potentially infinite set of tuples satisfying a first-order query over finite relations. Inside the locale, we define a function \u003ci\u003eeval\u003c/i\u003e checking if the set of tuples satisfying a first-order query over a database (an interpretation of the query's predicates) is finite (i.e., deciding \u003ci\u003erelative safety\u003c/i\u003e) and computing the set of satisfying tuples if it is finite. Altogether the function \u003ci\u003eeval\u003c/i\u003e solves \u003ci\u003ecapturability\u003c/i\u003e (Avron and Hirshfeld, 1991) of first-order logic with equality. We also use the function \u003ci\u003eeval\u003c/i\u003e to prove a code equation for the semantics of first-order logic, i.e., the function checking if a first-order query over a database is satisfied by a variable assignment.\u003cbr/\u003e We provide an interpretation of the locale \u003ci\u003eeval\u0026lowbar;fo\u003c/i\u003e based on the approach by Ailamazyan et al. A core notion in the interpretation is the active domain of a query and a database that contains all domain elements that occur in the database or interpret the query's constants. We prove the main theorem of Ailamazyan et al. relating the satisfaction of a first-order query over an infinite domain to the satisfaction of this query over a finite domain consisting of the active domain and a few additional domain elements (outside the active domain) whose number only depends on the query. In our interpretation of the locale \u003ci\u003eeval\u0026lowbar;fo\u003c/i\u003e, we use a potentially higher number of the additional domain elements, but their number still only depends on the query and thus has no effect on the data complexity (Vardi, 1982) of query evaluation. Our interpretation yields an \u003ci\u003eexecutable\u003c/i\u003e function \u003ci\u003eeval\u003c/i\u003e. The time complexity of \u003ci\u003eeval\u003c/i\u003e on a query is linear in the total number of tuples in the intermediate relations for the subqueries. Specifically, we build a database index to evaluate a conjunction. We also optimize the case of a negated subquery in a conjunction. Finally, we export code for the infinite domain of natural numbers.", "authors": [ "Martin Raszyk" ], "date": "2022-02-15", "id": 43, "link": "/entries/Eval_FO.html", "permalink": "/entries/Eval_FO.html", "shortname": "Eval_FO", "title": "First-Order Query Evaluation", "topic_links": [ + "computer-science/data-management-systems", "logic/general-logic/classical-first-order-logic" ], "topics": [ + "Computer science/Data management systems", "Logic/General logic/Classical first-order logic" ], "used_by": 0 }, { "abstract": "Runtime monitoring (or runtime verification) is an approach to checking compliance of a system's execution with a specification (e.g., a temporal query). The system's execution is logged into a trace---a sequence of time-points, each consisting of a time-stamp and observed events. A monitor is an algorithm that produces verdicts on the satisfaction of a temporal query on a trace. We formalize a monitoring algorithm for metric dynamic logic, an extension of metric temporal logic with regular expressions. The monitor computes whether a given query is satisfied at every position in an input trace of time-stamped events. We formalize the time-stamps as an abstract algebraic structure satisfying certain assumptions. Instances of this structure include natural numbers, real numbers, and lexicographic combinations of them. Our monitor follows the multi-head paradigm: it reads the input simultaneously at multiple positions and moves its reading heads asynchronously. This mode of operation results in unprecedented time and space complexity guarantees for metric dynamic logic: The monitor's amortized time complexity to process a time-point and the monitor's space complexity neither depends on the event-rate, i.e., the number of events within a fixed time-unit, nor on the numeric constants occurring in the quantitative temporal constraints in the given query. The multi-head monitoring algorithm for metric dynamic logic is reported in our paper \"Multi-Head Monitoring of Metric Dynamic Logic\" published at ATVA 2020. We have also formalized unpublished specialized algorithms for the temporal operators of metric temporal logic.", "authors": [ "Martin Raszyk" ], "date": "2022-02-13", "id": 44, "link": "/entries/VYDRA_MDL.html", "permalink": "/entries/VYDRA_MDL.html", "shortname": "VYDRA_MDL", "title": "Multi-Head Monitoring of Metric Dynamic Logic", "topic_links": [ "computer-science/algorithms" ], "topics": [ "Computer science/Algorithms" ], "used_by": 0 }, { "abstract": "\u003cp\u003eThis entry contains a formalization of an algorithm enumerating all equivalence relations on an initial segment of the natural numbers. The approach follows the method described by Stanton and White \u003ca href=\"https://doi.org/10.1007/978-1-4612-4968-9\"\u003e[5,§ 1.5]\u003c/a\u003e using restricted growth functions.\u003c/p\u003e \u003cp\u003eThe algorithm internally enumerates restricted growth functions (as lists), whose equivalence kernels then form the equivalence relations. This has the advantage that the representation is compact and lookup of the relation reduces to a list lookup operation.\u003c/p\u003e \u003cp\u003eThe algorithm can also be used within a proof and an example application is included, where a sequence of variables is split by the possible partitions they can form.\u003c/p\u003e", "authors": [ "Emin Karayel" ], "date": "2022-02-04", "id": 45, "link": "/entries/Equivalence_Relation_Enumeration.html", "permalink": "/entries/Equivalence_Relation_Enumeration.html", "shortname": "Equivalence_Relation_Enumeration", "title": "Enumeration of Equivalence Relations", "topic_links": [ "mathematics/combinatorics", "computer-science/algorithms/mathematical" ], "topics": [ "Mathematics/Combinatorics", "Computer science/Algorithms/Mathematical" ], "used_by": 1 }, { "abstract": "We formalize the weak and strong duality theorems of linear programming. For the strong duality theorem we provide three sufficient preconditions: both the primal problem and the dual problem are satisfiable, the primal problem is satisfiable and bounded, or the dual problem is satisfiable and bounded. The proofs are based on an existing formalization of Farkas' Lemma.", "authors": [ "RenĂ© Thiemann" ], "date": "2022-02-03", "id": 46, "link": "/entries/LP_Duality.html", "permalink": "/entries/LP_Duality.html", "shortname": "LP_Duality", "title": "Duality of Linear Programming", "topic_links": [ "mathematics/algebra" ], "topics": [ "Mathematics/Algebra" ], "used_by": 0 }, { "abstract": "The notion of quasi-Borel spaces was introduced by \u003ca href=\"https://dl.acm.org/doi/10.5555/3329995.3330072\"\u003e Heunen et al\u003c/a\u003e. The theory provides a suitable denotational model for higher-order probabilistic programming languages with continuous distributions. This entry is a formalization of the theory of quasi-Borel spaces, including construction of quasi-Borel spaces (product, coproduct, function spaces), the adjunction between the category of measurable spaces and the category of quasi-Borel spaces, and the probability monad on quasi-Borel spaces. This entry also contains the formalization of the Bayesian regression presented in the work of Heunen et al. This work is a part of the work by same authors, \u003ci\u003eProgram Logic for Higher-Order Probabilistic Programs in Isabelle/HOL\u003c/i\u003e, which will be published in the proceedings of the 16th International Symposium on Functional and Logic Programming (FLOPS 2022).", "authors": [ "Michikazu Hirata", "Yasuhiko Minamide", "Tetsuya Sato" ], "date": "2022-02-03", "id": 47, "link": "/entries/Quasi_Borel_Spaces.html", "permalink": "/entries/Quasi_Borel_Spaces.html", "shortname": "Quasi_Borel_Spaces", "title": "Quasi-Borel Spaces", "topic_links": [ "computer-science/semantics-and-reasoning" ], "topics": [ "Computer science/Semantics and reasoning" ], "used_by": 0 }, { "abstract": "The first-order theory of rewriting (FORT) is a decidable theory for linear variable-separated rewrite systems. The decision procedure is based on tree automata technique and an inference system presented in \"Certifying Proofs in the First-Order Theory of Rewriting\". This AFP entry provides a formalization of the underlying decision procedure. Moreover it allows to generate a function that can verify each inference step via the code generation facility of Isabelle/HOL. Additionally it contains the specification of a certificate language (that allows to state proofs in FORT) and a formalized function that allows to verify the validity of the proof. This gives software tool authors, that implement the decision procedure, the possibility to verify their output.", "authors": [ "Alexander Lochmann", "Bertram Felgenhauer" ], "date": "2022-02-02", "id": 48, "link": "/entries/FO_Theory_Rewriting.html", "permalink": "/entries/FO_Theory_Rewriting.html", "shortname": "FO_Theory_Rewriting", "title": "First-Order Theory of Rewriting", "topic_links": [ "computer-science/automata-and-formal-languages", "logic/rewriting", "logic/proof-theory" ], "topics": [ "Computer science/Automata and formal languages", "Logic/Rewriting", "Logic/Proof theory" ], "used_by": 0 }, { "abstract": "We formalize an automated theorem prover for first-order logic with functions. The proof search procedure is based on sequent calculus and we verify its soundness and completeness using the Abstract Soundness and Abstract Completeness theories. Our analytic completeness proof covers both open and closed formulas. Since our deterministic prover considers only the subset of terms relevant to proving a given sequent, we do so as well when building a countermodel from a failed proof. We formally connect our prover with the proof system and semantics of the existing SeCaV system. In particular, the prover's output can be post-processed in Haskell to generate human-readable SeCaV proofs which are also machine-verifiable proof certificates.", "authors": [ "Asta HalkjĂŠr From", "Frederik Krogsdal Jacobsen" ], "date": "2022-01-31", "id": 49, "link": "/entries/FOL_Seq_Calc2.html", "permalink": "/entries/FOL_Seq_Calc2.html", "shortname": "FOL_Seq_Calc2", "title": "A Sequent Calculus Prover for First-Order Logic with Functions", "topic_links": [ "logic/general-logic/classical-first-order-logic", "logic/proof-theory", "logic/general-logic/mechanization-of-proofs" ], "topics": [ "Logic/General logic/Classical first-order logic", "Logic/Proof theory", "Logic/General logic/Mechanization of proofs" ], "used_by": 0 }, { "abstract": "Young's inequality states that $$ ab \\leq \\int_0^a f(x)dx + \\int_0^b f^{-1}(y) dy $$ where $a\\geq 0$, $b\\geq 0$ and $f$ is strictly increasing and continuous. Its proof is formalised following \u003ca href=\"https://www.jstor.org/stable/2318018\"\u003ethe development\u003c/a\u003e by Cunningham and Grossman. Their idea is to make the intuitive, geometric folklore proof rigorous by reasoning about step functions. The lack of the Riemann integral makes the development longer than one would like, but their argument is reproduced faithfully.", "authors": [ "Lawrence C. Paulson" ], "date": "2022-01-31", "id": 50, "link": "/entries/Youngs_Inequality.html", "permalink": "/entries/Youngs_Inequality.html", "shortname": "Youngs_Inequality", "title": "Young's Inequality for Increasing Functions", "topic_links": [ "mathematics/analysis" ], "topics": [ "Mathematics/Analysis" ], "used_by": 0 }, { "abstract": "\u003cp\u003eA well known result from algebra is that, on any field, there is exactly one polynomial of degree less than n interpolating n points [\u003ca href=\"https://doi.org/10.1017/CBO9780511814549\"\u003e1\u003c/a\u003e, §7].\u003c/p\u003e \u003cp\u003eThis entry contains a formalization of the above result, as well as the following generalization in the case of finite fields \u003ci\u003eF\u003c/i\u003e: There are \u003ci\u003e|F|\u003csup\u003em-n\u003c/sup\u003e\u003c/i\u003e polynomials of degree less than \u003ci\u003em ≄ n\u003c/i\u003e interpolating the same n points, where \u003ci\u003e|F|\u003c/i\u003e denotes the size of the domain of the field. To establish the result the entry also includes a formalization of Lagrange interpolation, which might be of independent interest.\u003c/p\u003e \u003cp\u003eThe formalized results are defined on the algebraic structures from HOL-Algebra, which are distinct from the type-class based structures defined in HOL. Note that there is an existing formalization for polynomial interpolation and, in particular, Lagrange interpolation by Thiemann and Yamada [\u003ca href=\"https://www.isa-afp.org/entries/Polynomial_Interpolation.html\"\u003e2\u003c/a\u003e] on the type-class based structures in HOL.\u003c/p\u003e", "authors": [ "Emin Karayel" ], "date": "2022-01-29", "id": 51, "link": "/entries/Interpolation_Polynomials_HOL_Algebra.html", "permalink": "/entries/Interpolation_Polynomials_HOL_Algebra.html", "shortname": "Interpolation_Polynomials_HOL_Algebra", "title": "Interpolation Polynomials (in HOL-Algebra)", "topic_links": [ "mathematics/algebra" ], "topics": [ "Mathematics/Algebra" ], "used_by": 2 }, { "abstract": "\u003cp\u003eThe median method is an amplification result for randomized approximation algorithms described in [\u003ca href=\"https://doi.org/10.1006/jcss.1997.1545\"\u003e1\u003c/a\u003e]. Given an algorithm whose result is in a desired interval with a probability larger than \u003ci\u003e1/2\u003c/i\u003e, it is possible to improve the success probability, by running the algorithm multiple times independently and using the median. In contrast to using the mean, the amplification of the success probability grows exponentially with the number of independent runs.\u003c/p\u003e \u003cp\u003eThis entry contains a formalization of the underlying theorem: Given a sequence of n independent random variables, which are in a desired interval with a probability \u003ci\u003e1/2 + a\u003c/i\u003e. Then their median will be in the desired interval with a probability of \u003ci\u003e1 − exp(−2a\u003csup\u003e2\u003c/sup\u003e n)\u003c/i\u003e. In particular, the success probability approaches \u003ci\u003e1\u003c/i\u003e exponentially with the number of variables.\u003c/p\u003e \u003cp\u003eIn addition to that, this entry also contains a proof that order-statistics of Borel-measurable random variables are themselves measurable and that generalized intervals in linearly ordered Borel-spaces are measurable.\u003c/p\u003e", "authors": [ "Emin Karayel" ], "date": "2022-01-25", "id": 52, "link": "/entries/Median_Method.html", "permalink": "/entries/Median_Method.html", "shortname": "Median_Method", "title": "Median Method", "topic_links": [ "mathematics/probability-theory" ], "topics": [ "Mathematics/Probability theory" ], "used_by": 1 }, { "abstract": "Actuarial Mathematics is a theory in applied mathematics, which is mainly used for determining the prices of insurance products and evaluating the liability of a company associating with insurance contracts. It is related to calculus, probability theory and financial theory, etc. In this entry, I formalize the very basic part of Actuarial Mathematics in Isabelle/HOL. The first formalization is about the theory of interest which deals with interest rates, present value factors, an annuity certain, etc. I have already formalized the basic part of Actuarial Mathematics in Coq (https://github.com/Yosuke-Ito-345/Actuary). This entry is currently the partial translation and a little generalization of the Coq formalization. The further translation in Isabelle/HOL is now proceeding.", "authors": [ "Yosuke Ito" ], "date": "2022-01-23", "id": 53, "link": "/entries/Actuarial_Mathematics.html", "permalink": "/entries/Actuarial_Mathematics.html", "shortname": "Actuarial_Mathematics", "title": "Actuarial Mathematics", "topic_links": [ "mathematics/games-and-economics" ], "topics": [ "Mathematics/Games and economics" ], "used_by": 0 }, { "abstract": "An elementary proof is formalised: that \u003cem\u003eexp r\u003c/em\u003e is irrational for every nonzero rational number \u003cem\u003er\u003c/em\u003e. The mathematical development comes from the well-known volume \u003cem\u003eProofs from THE BOOK\u003c/em\u003e, by Aigner and Ziegler, who credit the idea to Hermite. The development illustrates a number of basic Isabelle techniques: the manipulation of summations, the calculation of quite complicated derivatives and the estimation of integrals. We also see how to import another AFP entry (Stirling's formula). As for the theorem itself, note that a much stronger and more general result (the Hermite--Lindemann--Weierstraß transcendence theorem) is already available in the AFP.", "authors": [ "Lawrence C. Paulson" ], "date": "2022-01-08", "id": 54, "link": "/entries/Irrationals_From_THEBOOK.html", "permalink": "/entries/Irrationals_From_THEBOOK.html", "shortname": "Irrationals_From_THEBOOK", "title": "Irrational numbers from THE BOOK", "topic_links": [ "mathematics/number-theory" ], "topics": [ "Mathematics/Number theory" ], "used_by": 0 }, { "abstract": "This is a formalization of the article \u003ci\u003eKnight's Tour Revisited\u003c/i\u003e by Cull and De Curtins where they prove the existence of a Knight's path for arbitrary \u003ci\u003en \u0026times; m\u003c/i\u003e-boards with \u003ci\u003emin(n,m) \u0026ge; 5\u003c/i\u003e. If \u003ci\u003en \u0026middot; m\u003c/i\u003e is even, then there exists a Knight's circuit. A Knight's Path is a sequence of moves of a Knight on a chessboard s.t. the Knight visits every square of a chessboard exactly once. Finding a Knight's path is a an instance of the Hamiltonian path problem. A Knight's circuit is a Knight's path, where additionally the Knight can move from the last square to the first square of the path, forming a loop. During the formalization two mistakes in the original proof were discovered. These mistakes are corrected in this formalization.", "authors": [ "Lukas Koller" ], "date": "2022-01-04", "id": 55, "link": "/entries/Knights_Tour.html", "permalink": "/entries/Knights_Tour.html", "shortname": "Knights_Tour", "title": "Knight's Tour Revisited Revisited", "topic_links": [ "mathematics/graph-theory" ], "topics": [ "Mathematics/Graph theory" ], "used_by": 0 }, { "abstract": "\u003cp\u003eHyperdual numbers are ones with a real component and a number of infinitesimal components, usually written as $a_0 + a_1 \\cdot \\epsilon_1 + a_2 \\cdot \\epsilon_2 + a_3 \\cdot \\epsilon_1\\epsilon_2$. They have been proposed by \u003ca href=\"https://doi.org/10.2514/6.2011-886\"\u003eFike and Alonso\u003c/a\u003e in an approach to automatic differentiation.\u003c/p\u003e \u003cp\u003eIn this entry we formalise hyperdual numbers and their application to forward differentiation. We show them to be an instance of multiple algebraic structures and then, along with facts about twice-differentiability, we define what we call the hyperdual extensions of functions on real-normed fields. This extension formally represents the proposed way that the first and second derivatives of a function can be automatically calculated. We demonstrate it on the standard logistic function $f(x) = \\frac{1}{1 + e^{-x}}$ and also reproduce the example analytic function $f(x) = \\frac{e^x}{\\sqrt{sin(x)^3 + cos(x)^3}}$ used for demonstration by Fike and Alonso.\u003c/p\u003e", "authors": [ "Filip Smola", "Jacques D. Fleuriot" ], "date": "2021-12-31", "id": 56, "link": "/entries/Hyperdual.html", "permalink": "/entries/Hyperdual.html", "shortname": "Hyperdual", "title": "Hyperdual Numbers and Forward Differentiation", "topic_links": [ "mathematics/algebra", "mathematics/analysis" ], "topics": [ "Mathematics/Algebra", "Mathematics/Analysis" ], "used_by": 0 }, { "abstract": "This is a stepwise refinement and proof of the Gale-Shapley stable matching (or marriage) algorithm down to executable code. Both a purely functional implementation based on lists and a functional implementation based on efficient arrays (provided by the Collections Framework in the AFP) are developed. The latter implementation runs in time \u003ci\u003eO(n\u003csup\u003e2\u003c/sup\u003e)\u003c/i\u003e where \u003ci\u003en\u003c/i\u003e is the cardinality of the two sets to be matched.", "authors": [ "Tobias Nipkow" ], "date": "2021-12-29", "id": 57, "link": "/entries/Gale_Shapley.html", "permalink": "/entries/Gale_Shapley.html", "shortname": "Gale_Shapley", "title": "Gale-Shapley Algorithm", "topic_links": [ "computer-science/algorithms", "mathematics/games-and-economics" ], "topics": [ "Computer science/Algorithms", "Mathematics/Games and economics" ], "used_by": 0 }, { "abstract": "We formalise a proof of Roth's Theorem on Arithmetic Progressions, a major result in additive combinatorics on the existence of 3-term arithmetic progressions in subsets of natural numbers. To this end, we follow a proof using graph regularity. We employ our recent formalisation of SzemerĂ©di's Regularity Lemma, a major result in extremal graph theory, which we use here to prove the Triangle Counting Lemma and the Triangle Removal Lemma. Our sources are Yufei Zhao's MIT lecture notes \"\u003ca href=\"https://ocw.mit.edu/courses/mathematics/18-217-graph-theory-and-additive-combinatorics-fall-2019/lecture-notes/MIT18_217F19_ch3.pdf\"\u003eGraph Theory and Additive Combinatorics\u003c/a\u003e\" (revised version \u003ca href=\"https://yufeizhao.com/gtac/gtac17.pdf\"\u003ehere\u003c/a\u003e) and W.T. Gowers's Cambridge lecture notes \"\u003ca href=\"https://www.dpmms.cam.ac.uk/~par31/notes/tic.pdf\"\u003eTopics in Combinatorics\u003c/a\u003e\". We also refer to the University of Georgia notes by Stephanie Bell and Will Grodzicki, \"\u003ca href=\"http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.432.327\"\u003eUsing SzemerĂ©di's Regularity Lemma to Prove Roth's Theorem\u003c/a\u003e\".", "authors": [ "Chelsea Edmonds", "Angeliki Koutsoukou-Argyraki", "Lawrence C. Paulson" ], "date": "2021-12-28", "id": 58, "link": "/entries/Roth_Arithmetic_Progressions.html", "permalink": "/entries/Roth_Arithmetic_Progressions.html", "shortname": "Roth_Arithmetic_Progressions", "title": "Roth's Theorem on Arithmetic Progressions", "topic_links": [ "mathematics/graph-theory", "mathematics/combinatorics" ], "topics": [ "Mathematics/Graph theory", "Mathematics/Combinatorics" ], "used_by": 0 }, { "abstract": "We present a formalization of Markov Decision Processes with rewards. In particular we first build on Hölzl's formalization of MDPs (AFP entry: Markov_Models) and extend them with rewards. We proceed with an analysis of the expected total discounted reward criterion for infinite horizon MDPs. The central result is the construction of the iteration rule for the Bellman operator. We prove the optimality equations for this operator and show the existence of an optimal stationary deterministic solution. The analysis can be used to obtain dynamic programming algorithms such as value iteration and policy iteration to solve MDPs with formal guarantees. Our formalization is based on chapters 5 and 6 in Puterman's book \"Markov Decision Processes: Discrete Stochastic Dynamic Programming\".", "authors": [ "Maximilian SchĂ€ffeler", "Mohammad Abdulaziz" ], "date": "2021-12-16", "id": 59, "link": "/entries/MDP-Rewards.html", "permalink": "/entries/MDP-Rewards.html", "shortname": "MDP-Rewards", "title": "Markov Decision Processes with Rewards", "topic_links": [ "mathematics/probability-theory" ], "topics": [ "Mathematics/Probability theory" ], "used_by": 1 }, { "abstract": "We present a formalization of algorithms for solving Markov Decision Processes (MDPs) with formal guarantees on the optimality of their solutions. In particular we build on our analysis of the Bellman operator for discounted infinite horizon MDPs. From the iterator rule on the Bellman operator we directly derive executable value iteration and policy iteration algorithms to iteratively solve finite MDPs. We also prove correct optimized versions of value iteration that use matrix splittings to improve the convergence rate. In particular, we formally verify Gauss-Seidel value iteration and modified policy iteration. The algorithms are evaluated on two standard examples from the literature, namely, inventory management and gridworld. Our formalization covers most of chapter 6 in Puterman's book \"Markov Decision Processes: Discrete Stochastic Dynamic Programming\".", "authors": [ "Maximilian SchĂ€ffeler", "Mohammad Abdulaziz" ], "date": "2021-12-16", "id": 60, "link": "/entries/MDP-Algorithms.html", "permalink": "/entries/MDP-Algorithms.html", "shortname": "MDP-Algorithms", "title": "Verified Algorithms for Solving Markov Decision Processes", "topic_links": [ "mathematics/probability-theory", "computer-science/algorithms" ], "topics": [ "Mathematics/Probability theory", "Computer science/Algorithms" ], "used_by": 0 }, { "abstract": "Tree automata have good closure properties and therefore a commonly used to prove/disprove properties. This formalization contains among other things the proofs of many closure properties of tree automata (anchored) ground tree transducers and regular relations. Additionally it includes the well known pumping lemma and a lifting of the Myhill Nerode theorem for regular languages to tree languages. We want to mention the existence of a \u003ca href=\"https://www.isa-afp.org/entries/Tree-Automata.html\"\u003etree automata APF-entry\u003c/a\u003e developed by Peter Lammich. His work is based on epsilon free top-down tree automata, while this entry builds on bottom-up tree auotamta with epsilon transitions. Moreover our formalization relies on the \u003ca href=\"https://www.isa-afp.org/entries/Collections.html\"\u003eCollections Framework\u003c/a\u003e, also by Peter Lammich, to obtain efficient code. All proven constructions of the closure properties are exportable using the Isabelle/HOL code generation facilities.", "authors": [ "Alexander Lochmann", "Bertram Felgenhauer", "Christian Sternagel", "RenĂ© Thiemann", "Thomas Sternagel" ], "date": "2021-12-15", "id": 61, "link": "/entries/Regular_Tree_Relations.html", "permalink": "/entries/Regular_Tree_Relations.html", "shortname": "Regular_Tree_Relations", "title": "Regular Tree Relations", "topic_links": [ "computer-science/automata-and-formal-languages" ], "topics": [ "Computer science/Automata and formal languages" ], "used_by": 2 }, { "abstract": "In this work we formalise the isomorphism between simplicial complexes of dimension $n$ and monotone Boolean functions in $n$ variables, mainly following the definitions and results as introduced by N. A. Scoville. We also take advantage of the AFP representation of \u003ca href=\"https://www.isa-afp.org/entries/ROBDD.html\"\u003eROBDD\u003c/a\u003e (Reduced Ordered Binary Decision Diagrams) to compute the ROBDD representation of a given simplicial complex (by means of the isomorphism to Boolean functions). Some examples of simplicial complexes and associated Boolean functions are also presented.", "authors": [ "JesĂșs Aransay", "Alejandro del Campo", "Julius Michaelis" ], "date": "2021-11-29", "id": 62, "link": "/entries/Simplicial_complexes_and_boolean_functions.html", "permalink": "/entries/Simplicial_complexes_and_boolean_functions.html", "shortname": "Simplicial_complexes_and_boolean_functions", "title": "Simplicial Complexes and Boolean functions", "topic_links": [ "mathematics/topology" ], "topics": [ "Mathematics/Topology" ], "used_by": 0 }, { "abstract": "The \u003cem\u003evan Emde Boas tree\u003c/em\u003e or \u003cem\u003evan Emde Boas priority queue\u003c/em\u003e is a data structure supporting membership test, insertion, predecessor and successor search, minimum and maximum determination and deletion in \u003cem\u003eO(log log U)\u003c/em\u003e time, where \u003cem\u003eU = 0,...,2\u003csup\u003en-1\u003c/sup\u003e\u003c/em\u003e is the overall range to be considered. \u003cp/\u003e The presented formalization follows Chapter 20 of the popular \u003cem\u003eIntroduction to Algorithms (3rd ed.)\u003c/em\u003e by Cormen, Leiserson, Rivest and Stein (CLRS), extending the list of formally verified CLRS algorithms. Our current formalization is based on the first author's bachelor's thesis. \u003cp/\u003e First, we prove correct a \u003cem\u003efunctional\u003c/em\u003e implementation, w.r.t. an abstract data type for sets. Apart from functional correctness, we show a resource bound, and runtime bounds w.r.t. manually defined timing functions for the operations. \u003cp/\u003e Next, we refine the operations to Imperative HOL with time, and show correctness and complexity. This yields a practically more efficient implementation, and eliminates the manually defined timing functions from the trusted base of the proof.", "authors": [ "Thomas Ammer", "Peter Lammich" ], "date": "2021-11-23", "id": 63, "link": "/entries/Van_Emde_Boas_Trees.html", "permalink": "/entries/Van_Emde_Boas_Trees.html", "shortname": "Van_Emde_Boas_Trees", "title": "van Emde Boas Trees", "topic_links": [ "computer-science/data-structures" ], "topics": [ "Computer science/Data structures" ], "used_by": 0 }, { "abstract": "\"Foundations of Geometry\" is a mathematical book written by Hilbert in 1899. This entry is a complete formalization of \"Incidence\" (excluding cubic axioms), \"Order\" and \"Congruence\" (excluding point sequences) of the axioms constructed in this book. In addition, the theorem of the problem about the part that is treated implicitly and is not clearly stated in it is being carried out in parallel.", "authors": [ "Fumiya Iwama" ], "date": "2021-11-22", "id": 64, "link": "/entries/Foundation_of_geometry.html", "permalink": "/entries/Foundation_of_geometry.html", "shortname": "Foundation_of_geometry", "title": "Foundation of geometry in planes, and some complements: Excluding the parallel axioms", "topic_links": [ "mathematics/geometry" ], "topics": [ "Mathematics/Geometry" ], "used_by": 0 }, { "abstract": "In this work we formalize the Hahn decomposition theorem for signed measures, namely that any measure space for a signed measure can be decomposed into a positive and a negative set, where every measurable subset of the positive one has a positive measure, and every measurable subset of the negative one has a negative measure. We also formalize the Jordan decomposition theorem as a corollary, which states that the signed measure under consideration admits a unique decomposition into a difference of two positive measures, at least one of which is finite.", "authors": [ "Marie Cousin", "Mnacho Echenim", "HervĂ© Guiol" ], "date": "2021-11-19", "id": 65, "link": "/entries/Hahn_Jordan_Decomposition.html", "permalink": "/entries/Hahn_Jordan_Decomposition.html", "shortname": "Hahn_Jordan_Decomposition", "title": "The Hahn and Jordan Decomposition Theorems", "topic_links": [ "mathematics/measure-and-integration" ], "topics": [ "Mathematics/Measure and integration" ], "used_by": 0 }, { "abstract": "We present a shallow embedding of public announcement logic (PAL) with relativized general knowledge in HOL. We then use PAL to obtain an elegant encoding of the wise men puzzle, which we solve automatically using sledgehammer.", "authors": [ "Christoph BenzmĂŒller", "Sebastian Reiche" ], "date": "2021-11-08", "id": 66, "link": "/entries/PAL.html", "permalink": "/entries/PAL.html", "shortname": "PAL", "title": "Automating Public Announcement Logic and the Wise Men Puzzle in Isabelle/HOL", "topic_links": [ "logic/general-logic/logics-of-knowledge-and-belief" ], "topics": [ "Logic/General logic/Logics of knowledge and belief" ], "used_by": 0 }, { "abstract": "\u003cp\u003eSimplified variants of Gödel's ontological argument are explored. Among those is a particularly interesting simplified argument which is (i) valid already in basic modal logics K or KT, (ii) which does not suffer from modal collapse, and (iii) which avoids the rather complex predicates of essence (Ess.) and necessary existence (NE) as used by Gödel. \u003c/p\u003e\u003cp\u003e Whether the presented variants increase or decrease the attractiveness and persuasiveness of the ontological argument is a question I would like to pass on to philosophy and theology. \u003c/p\u003e", "authors": [ "Christoph BenzmĂŒller" ], "date": "2021-11-08", "id": 67, "link": "/entries/SimplifiedOntologicalArgument.html", "permalink": "/entries/SimplifiedOntologicalArgument.html", "shortname": "SimplifiedOntologicalArgument", "title": "Exploring Simplified Variants of Gödel’s Ontological Argument in Isabelle/HOL", "topic_links": [ "logic/philosophical-aspects", "logic/general-logic/modal-logic" ], "topics": [ "Logic/Philosophical aspects", "Logic/General logic/Modal logic" ], "used_by": 0 }, { "abstract": "The AFP already contains a verified implementation of algebraic numbers. However, it is has a severe limitation in its factorization algorithm of real and complex polynomials: the factorization is only guaranteed to succeed if the coefficients of the polynomial are rational numbers. In this work, we verify an algorithm to factor all real and complex polynomials whose coefficients are algebraic. The existence of such an algorithm proves in a constructive way that the set of complex algebraic numbers is algebraically closed. Internally, the algorithm is based on resultants of multivariate polynomials and an approximation algorithm using interval arithmetic.", "authors": [ "Manuel Eberl", "RenĂ© Thiemann" ], "date": "2021-11-08", "id": 68, "link": "/entries/Factor_Algebraic_Polynomial.html", "permalink": "/entries/Factor_Algebraic_Polynomial.html", "shortname": "Factor_Algebraic_Polynomial", "title": "Factorization of Polynomials with Algebraic Coefficients", "topic_links": [ "mathematics/algebra" ], "topics": [ "Mathematics/Algebra" ], "used_by": 2 }, { "abstract": "In this formalisation, we construct real exponents as the limits of sequences of rational exponents. In particular, if $a \\ge 1$ and $x \\in \\mathbb{R}$, we choose an increasing rational sequence $r_n$ such that $\\lim_{n\\to\\infty} {r_n} = x$. Then the sequence $a^{r_n}$ is increasing and if $r$ is any rational number such that $r \u003e x$, $a^{r_n}$ is bounded above by $a^r$. By the convergence criterion for monotone sequences, $a^{r_n}$ converges. We define $a^ x = \\lim_{n\\to\\infty} a^{r_n}$ and show that it has the expected properties (for $a \\ge 0$). This particular construction of real exponents is needed instead of the usual one using the natural logarithm and exponential functions (which already exists in Isabelle) to support our mechanical derivation of Euler's exponential series as an ``infinite polynomial\". Aside from helping us avoid circular reasoning, this is, as far as we are aware, the first time real exponents are mechanised in this way within a proof assistant.", "authors": [ "Jacques D. Fleuriot" ], "date": "2021-11-08", "id": 69, "link": "/entries/Real_Power.html", "permalink": "/entries/Real_Power.html", "shortname": "Real_Power", "title": "Real Exponents as the Limits of Sequences of Rational Exponents", "topic_links": [ "mathematics/analysis" ], "topics": [ "Mathematics/Analysis" ], "used_by": 0 }, { "abstract": "\u003ca href=\"https://en.wikipedia.org/wiki/SzemerĂ©di_regularity_lemma\"\u003eSzemerĂ©di's regularity lemma\u003c/a\u003e is a key result in the study of large graphs. It asserts the existence of an upper bound on the number of parts the vertices of a graph need to be partitioned into such that the edges between the parts are random in a certain sense. This bound depends only on the desired precision and not on the graph itself, in the spirit of Ramsey's theorem. The formalisation follows online course notes by \u003ca href=\"https://www.dpmms.cam.ac.uk/~par31/notes/tic.pdf\"\u003eTim Gowers\u003c/a\u003e and \u003ca href=\"https://yufeizhao.com/gtac/gtac.pdf\"\u003eYufei Zhao\u003c/a\u003e.", "authors": [ "Chelsea Edmonds", "Angeliki Koutsoukou-Argyraki", "Lawrence C. Paulson" ], "date": "2021-11-05", "id": 70, "link": "/entries/Szemeredi_Regularity.html", "permalink": "/entries/Szemeredi_Regularity.html", "shortname": "Szemeredi_Regularity", "title": "SzemerĂ©di's Regularity Lemma", "topic_links": [ "mathematics/graph-theory", "mathematics/combinatorics" ], "topics": [ "Mathematics/Graph theory", "Mathematics/Combinatorics" ], "used_by": 1 }, { "abstract": "A formalization of the theory of quantum and classical registers as developed by (Unruh, Quantum and Classical Registers). In a nutshell, a register refers to a part of a larger memory or system that can be accessed independently. Registers can be constructed from other registers and several (compatible) registers can be composed. This formalization develops both the generic theory of registers as well as specific instantiations for classical and quantum registers.", "authors": [ "Dominique Unruh" ], "date": "2021-10-28", "id": 71, "link": "/entries/Registers.html", "permalink": "/entries/Registers.html", "shortname": "Registers", "title": "Quantum and Classical Registers", "topic_links": [ "computer-science/algorithms/quantum-computing", "computer-science/programming-languages/logics", "computer-science/semantics-and-reasoning" ], "topics": [ "Computer science/Algorithms/Quantum computing", "Computer science/Programming languages/Logics", "Computer science/Semantics and reasoning" ], "used_by": 0 }, { "abstract": "The 1985 paper by Carlos AlchourrĂłn, Peter GĂ€rdenfors, and David Makinson (AGM), “On the Logic of Theory Change: Partial Meet Contraction and Revision Functions” launches a large and rapidly growing literature that employs formal models and logics to handle changing beliefs of a rational agent and to take into account new piece of information observed by this agent. In 2011, a review book titled \"AGM 25 Years: Twenty-Five Years of Research in Belief Change\" was edited to summarize the first twenty five years of works based on AGM. This HOL-based AFP entry is a faithful formalization of the AGM operators (e.g. contraction, revision, remainder ...) axiomatized in the original paper. It also contains the proofs of all the theorems stated in the paper that show how these operators combine. Both proofs of Harper and Levi identities are established.", "authors": [ "Valentin Fouillard", "Safouan Taha", "FrĂ©dĂ©ric Boulanger", "Nicolas Sabouret" ], "date": "2021-10-19", "id": 72, "link": "/entries/Belief_Revision.html", "permalink": "/entries/Belief_Revision.html", "shortname": "Belief_Revision", "title": "Belief Revision Theory", "topic_links": [ "logic/general-logic/logics-of-knowledge-and-belief" ], "topics": [ "Logic/General logic/Logics of knowledge and belief" ], "used_by": 0 }, { "abstract": "This AFP entry provides semantics for roughly 120 different X86-64 assembly instructions. These instructions include various moves, arithmetic/logical operations, jumps, call/return, SIMD extensions and others. External functions are supported by allowing a user to provide custom semantics for these calls. Floating-point operations are mapped to uninterpreted functions. The model provides semantics for register aliasing and a byte-level little-endian memory model. The semantics are purposefully incomplete, but overapproximative. For example, the precise effect of flags may be undefined for certain instructions, or instructions may simply have no semantics at all. In those cases, the semantics are mapped to universally quantified uninterpreted terms from a locale. Second, this entry provides a method to symbolic execution of basic blocks. The method, called ''se_step'' (for: symbolic execution step) fetches an instruction and updates the current symbolic state while keeping track of assumptions made over the memory model. A key component is a set of theorems that prove how reads from memory resolve after writes have occurred. Thirdly, this entry provides a parser that allows the user to copy-paste the output of the standard disassembly tool objdump into Isabelle/HOL. A couple small and explanatory examples are included, including functions from the word count program. Several examples can be supplied upon request (they are not included due to the running time of verification): functions from the floating-point modulo function from FDLIBM, the GLIBC strlen function and the CoreUtils SHA256 implementation.", "authors": [ "Freek Verbeek", "Abhijith Bharadwaj", "Joshua Bockenek", "Ian Roessle", "Timmy Weerwag", "Binoy Ravindran" ], "date": "2021-10-13", "id": 73, "link": "/entries/X86_Semantics.html", "permalink": "/entries/X86_Semantics.html", "shortname": "X86_Semantics", "title": "X86 instruction semantics and basic block symbolic execution", "topic_links": [ "computer-science/hardware", "computer-science/semantics-and-reasoning" ], "topics": [ "Computer science/Hardware", "Computer science/Semantics and reasoning" ], "used_by": 0 }, { "abstract": "We study models of state-based non-deterministic sequential computations and describe them using algebras. We propose algebras that describe iteration for strict and non-strict computations. They unify computation models which differ in the fixpoints used to represent iteration. We propose algebras that describe the infinite executions of a computation. They lead to a unified approximation order and results that connect fixpoints in the approximation and refinement orders. This unifies the semantics of recursion for a range of computation models. We propose algebras that describe preconditions and the effect of while-programs under postconditions. They unify correctness statements in two dimensions: one statement applies in various computation models to various correctness claims.", "authors": [ "Walter Guttmann" ], "date": "2021-10-12", "id": 74, "link": "/entries/Correctness_Algebras.html", "permalink": "/entries/Correctness_Algebras.html", "shortname": "Correctness_Algebras", "title": "Algebras for Iteration, Infinite Executions and Correctness of Sequential Computations", "topic_links": [ "computer-science/programming-languages/logics" ], "topics": [ "Computer science/Programming languages/Logics" ], "used_by": 0 }, { "abstract": "This paper presents a formally verified quantifier elimination (QE) algorithm for first-order real arithmetic by linear and quadratic virtual substitution (VS) in Isabelle/HOL. The Tarski-Seidenberg theorem established that the first-order logic of real arithmetic is decidable by QE. However, in practice, QE algorithms are highly complicated and often combine multiple methods for performance. VS is a practically successful method for QE that targets formulas with low-degree polynomials. To our knowledge, this is the first work to formalize VS for quadratic real arithmetic including inequalities. The proofs necessitate various contributions to the existing multivariate polynomial libraries in Isabelle/HOL. Our framework is modularized and easily expandable (to facilitate integrating future optimizations), and could serve as a basis for developing practical general-purpose QE algorithms. Further, as our formalization is designed with practicality in mind, we export our development to SML and test the resulting code on 378 benchmarks from the literature, comparing to Redlog, Z3, Wolfram Engine, and SMT-RAT. This identified inconsistencies in some tools, underscoring the significance of a verified approach for the intricacies of real arithmetic.", "authors": [ "Matias Scharager", "Katherine Cordwell", "Stefan Mitsch", "AndrĂ© Platzer" ], "date": "2021-10-02", "id": 75, "link": "/entries/Virtual_Substitution.html", "permalink": "/entries/Virtual_Substitution.html", "shortname": "Virtual_Substitution", "title": "Verified Quadratic Virtual Substitution for Real Arithmetic", "topic_links": [ "computer-science/algorithms/mathematical" ], "topics": [ "Computer science/Algorithms/Mathematical" ], "used_by": 0 }, { "abstract": "This work is a formalization of the soundness and completeness of an axiomatic system for first-order logic. The proof system is based on System Q1 by Smullyan and the completeness proof follows his textbook \"First-Order Logic\" (Springer-Verlag 1968). The completeness proof is in the Henkin style where a consistent set is extended to a maximal consistent set using Lindenbaum's construction and Henkin witnesses are added during the construction to ensure saturation as well. The resulting set is a Hintikka set which, by the model existence theorem, is satisfiable in the Herbrand universe.", "authors": [ "Asta HalkjĂŠr From" ], "date": "2021-09-24", "id": 76, "link": "/entries/FOL_Axiomatic.html", "permalink": "/entries/FOL_Axiomatic.html", "shortname": "FOL_Axiomatic", "title": "Soundness and Completeness of an Axiomatic System for First-Order Logic", "topic_links": [ "logic/general-logic/classical-first-order-logic", "logic/proof-theory" ], "topics": [ "Logic/General logic/Classical first-order logic", "Logic/Proof theory" ], "used_by": 0 }, { "abstract": "We present a formalization of bounded operators on complex vector spaces. Our formalization contains material on complex vector spaces (normed spaces, Banach spaces, Hilbert spaces) that complements and goes beyond the developments of real vectors spaces in the Isabelle/HOL standard library. We define the type of bounded operators between complex vector spaces (\u003cem\u003ecblinfun\u003c/em\u003e) and develop the theory of unitaries, projectors, extension of bounded linear functions (BLT theorem), adjoints, Loewner order, closed subspaces and more. For the finite-dimensional case, we provide code generation support by identifying finite-dimensional operators with matrices as formalized in the \u003ca href=\"Jordan_Normal_Form.html\"\u003eJordan_Normal_Form\u003c/a\u003e AFP entry.", "authors": [ "JosĂ© Manuel RodrĂ­guez Caballero", "Dominique Unruh" ], "date": "2021-09-18", "id": 77, "link": "/entries/Complex_Bounded_Operators.html", "permalink": "/entries/Complex_Bounded_Operators.html", "shortname": "Complex_Bounded_Operators", "title": "Complex Bounded Operators", "topic_links": [ "mathematics/analysis" ], "topics": [ "Mathematics/Analysis" ], "used_by": 1 }, { "abstract": "We define the weighted path order (WPO) and formalize several properties such as strong normalization, the subterm property, and closure properties under substitutions and contexts. Our definition of WPO extends the original definition by also permitting multiset comparisons of arguments instead of just lexicographic extensions. Therefore, our WPO not only subsumes lexicographic path orders (LPO), but also recursive path orders (RPO). We formally prove these subsumptions and therefore all of the mentioned properties of WPO are automatically transferable to LPO and RPO as well. Such a transformation is not required for Knuth\u0026ndash;Bendix orders (KBO), since they have already been formalized. Nevertheless, we still provide a proof that WPO subsumes KBO and thereby underline the generality of WPO.", "authors": [ "Christian Sternagel", "RenĂ© Thiemann", "Akihisa Yamada" ], "date": "2021-09-16", "id": 78, "link": "/entries/Weighted_Path_Order.html", "permalink": "/entries/Weighted_Path_Order.html", "shortname": "Weighted_Path_Order", "title": "A Formalization of Weighted Path Orders and Recursive Path Orders", "topic_links": [ "logic/rewriting" ], "topics": [ "Logic/Rewriting" ], "used_by": 1 }, { "abstract": "This article provides a foundational framework for the formalization of category theory in the object logic ZFC in HOL of the formal proof assistant Isabelle. More specifically, this article provides a formalization of canonical set-theoretic constructions internalized in the type \u003ci\u003eV\u003c/i\u003e associated with the ZFC in HOL, establishes a design pattern for the formalization of mathematical structures using sequences and locales, and showcases the developed infrastructure by providing formalizations of the elementary theories of digraphs and semicategories. The methodology chosen for the formalization of the theories of digraphs and semicategories (and categories in future articles) rests on the ideas that were originally expressed in the article \u003ci\u003eSet-Theoretical Foundations of Category Theory\u003c/i\u003e written by Solomon Feferman and Georg Kreisel. Thus, in the context of this work, each of the aforementioned mathematical structures is represented as a term of the type \u003ci\u003eV\u003c/i\u003e embedded into a stage of the von Neumann hierarchy.", "authors": [ "Mihails Milehins" ], "date": "2021-09-06", "id": 79, "link": "/entries/CZH_Foundations.html", "permalink": "/entries/CZH_Foundations.html", "shortname": "CZH_Foundations", "title": "Category Theory for ZFC in HOL I: Foundations: Design Patterns, Set Theory, Digraphs, Semicategories", "topic_links": [ "mathematics/category-theory", "logic/set-theory" ], "topics": [ "Mathematics/Category theory", "Logic/Set theory" ], "used_by": 1 }, { "abstract": "This article provides a formalization of the foundations of the theory of 1-categories in the object logic ZFC in HOL of the formal proof assistant Isabelle. The article builds upon the foundations that were established in the AFP entry \u003ci\u003eCategory Theory for ZFC in HOL I: Foundations: Design Patterns, Set Theory, Digraphs, Semicategories\u003c/i\u003e.", "authors": [ "Mihails Milehins" ], "date": "2021-09-06", "id": 80, "link": "/entries/CZH_Elementary_Categories.html", "permalink": "/entries/CZH_Elementary_Categories.html", "shortname": "CZH_Elementary_Categories", "title": "Category Theory for ZFC in HOL II: Elementary Theory of 1-Categories", "topic_links": [ "mathematics/category-theory" ], "topics": [ "Mathematics/Category theory" ], "used_by": 1 }, { "abstract": "The article provides a formalization of elements of the theory of universal constructions for 1-categories (such as limits, adjoints and Kan extensions) in the object logic ZFC in HOL of the formal proof assistant Isabelle. The article builds upon the foundations established in the AFP entry \u003ci\u003eCategory Theory for ZFC in HOL II: Elementary Theory of 1-Categories\u003c/i\u003e.", "authors": [ "Mihails Milehins" ], "date": "2021-09-06", "id": 81, "link": "/entries/CZH_Universal_Constructions.html", "permalink": "/entries/CZH_Universal_Constructions.html", "shortname": "CZH_Universal_Constructions", "title": "Category Theory for ZFC in HOL III: Universal Constructions", "topic_links": [ "mathematics/category-theory" ], "topics": [ "Mathematics/Category theory" ], "used_by": 0 }, { "abstract": "The article provides a collection of experimental general-purpose proof methods for the object logic Isabelle/HOL of the formal proof assistant Isabelle. The methods in the collection offer functionality that is similar to certain aspects of the functionality provided by the standard proof methods of Isabelle that combine classical reasoning and rewriting, such as the method \u003ci\u003eauto\u003c/i\u003e, but use a different approach for rewriting. More specifically, these methods allow for the side conditions of the rewrite rules to be solved via intro-resolution.", "authors": [ "Mihails Milehins" ], "date": "2021-09-06", "id": 82, "link": "/entries/Conditional_Simplification.html", "permalink": "/entries/Conditional_Simplification.html", "shortname": "Conditional_Simplification", "title": "Conditional Simplification", "topic_links": [ "tools" ], "topics": [ "Tools" ], "used_by": 1 }, { "abstract": "This article provides a collection of experimental utilities for unoverloading of definitions and synthesis of conditional transfer rules for the object logic Isabelle/HOL of the formal proof assistant Isabelle written in Isabelle/ML.", "authors": [ "Mihails Milehins" ], "date": "2021-09-06", "id": 83, "link": "/entries/Conditional_Transfer_Rule.html", "permalink": "/entries/Conditional_Transfer_Rule.html", "shortname": "Conditional_Transfer_Rule", "title": "Conditional Transfer Rule", "topic_links": [ "tools" ], "topics": [ "Tools" ], "used_by": 1 }, { "abstract": "In their article titled \u003ci\u003eFrom Types to Sets by Local Type Definitions in Higher-Order Logic\u003c/i\u003e and published in the proceedings of the conference \u003ci\u003eInteractive Theorem Proving\u003c/i\u003e in 2016, Ondƙej Kunčar and Andrei Popescu propose an extension of the logic Isabelle/HOL and an associated algorithm for the relativization of the \u003ci\u003etype-based theorems\u003c/i\u003e to more flexible \u003ci\u003eset-based theorems\u003c/i\u003e, collectively referred to as \u003ci\u003eTypes-To-Sets\u003c/i\u003e. One of the aims of their work was to open an opportunity for the development of a software tool for applied relativization in the implementation of the logic Isabelle/HOL of the proof assistant Isabelle. In this article, we provide a prototype of a software framework for the interactive automated relativization of theorems in Isabelle/HOL, developed as an extension of the proof language Isabelle/Isar. The software framework incorporates the implementation of the proposed extension of the logic, and builds upon some of the ideas for further work expressed in the original article on Types-To-Sets by Ondƙej Kunčar and Andrei Popescu and the subsequent article \u003ci\u003eSmooth Manifolds and Types to Sets for Linear Algebra in Isabelle/HOL\u003c/i\u003e that was written by Fabian Immler and Bohua Zhan and published in the proceedings of the \u003ci\u003eInternational Conference on Certified Programs and Proofs\u003c/i\u003e in 2019.", "authors": [ "Mihails Milehins" ], "date": "2021-09-06", "id": 84, "link": "/entries/Types_To_Sets_Extension.html", "permalink": "/entries/Types_To_Sets_Extension.html", "shortname": "Types_To_Sets_Extension", "title": "Extension of Types-To-Sets", "topic_links": [ "tools" ], "topics": [ "Tools" ], "used_by": 0 }, { "abstract": "The article provides the command \u003cb\u003emk_ide\u003c/b\u003e for the object logic Isabelle/HOL of the formal proof assistant Isabelle. The command \u003cb\u003emk_ide\u003c/b\u003e enables the automated synthesis of the introduction, destruction and elimination rules from arbitrary definitions of constant predicates stated in Isabelle/HOL.", "authors": [ "Mihails Milehins" ], "date": "2021-09-06", "id": 85, "link": "/entries/Intro_Dest_Elim.html", "permalink": "/entries/Intro_Dest_Elim.html", "shortname": "Intro_Dest_Elim", "title": "IDE: Introduction, Destruction, Elimination", "topic_links": [ "tools" ], "topics": [ "Tools" ], "used_by": 1 }, { "abstract": "This entry formalises the fast iterative algorithm for computing dominators due to Cooper, Harvey and Kennedy. It gives a specification of computing dominators on a control flow graph where each node refers to its reverse post order number. A semilattice of reversed-ordered list which represents dominators is built and a Kildall-style algorithm on the semilattice is defined for computing dominators. Finally the soundness and completeness of the algorithm are proved w.r.t. the specification.", "authors": [ "Nan Jiang" ], "date": "2021-09-05", "id": 86, "link": "/entries/Dominance_CHK.html", "permalink": "/entries/Dominance_CHK.html", "shortname": "Dominance_CHK", "title": "A data flow analysis algorithm for computing dominators", "topic_links": [ "computer-science/programming-languages/static-analysis" ], "topics": [ "Computer science/Programming languages/Static analysis" ], "used_by": 0 }, { "abstract": "\u003cp\u003eWe formalize Cardano's formula to solve a cubic equation $$ax^3 + bx^2 + cx + d = 0,$$ as well as Ferrari's formula to solve a quartic equation. We further turn both formulas into executable algorithms based on the algebraic number implementation in the AFP. To this end we also slightly extended this library, namely by making the minimal polynomial of an algebraic number executable, and by defining and implementing $n$-th roots of complex numbers.\u003c/p\u003e", "authors": [ "RenĂ© Thiemann" ], "date": "2021-09-03", "id": 87, "link": "/entries/Cubic_Quartic_Equations.html", "permalink": "/entries/Cubic_Quartic_Equations.html", "shortname": "Cubic_Quartic_Equations", "title": "Solving Cubic and Quartic Equations", "topic_links": [ "mathematics/analysis" ], "topics": [ "Mathematics/Analysis" ], "used_by": 0 }, { "abstract": "In the context of formal cryptographic protocol verification, logging-independent message anonymity is the property for a given message to remain anonymous despite the attacker's capability of mapping messages of that sort to agents based on some intrinsic feature of such messages, rather than by logging the messages exchanged by legitimate agents as with logging-dependent message anonymity. This paper illustrates how logging-independent message anonymity can be formalized according to the relational method for formal protocol verification by considering a real-world protocol, namely the Restricted Identification one by the BSI. This sample model is used to verify that the pseudonymous identifiers output by user identification tokens remain anonymous under the expected conditions.", "authors": [ "Pasquale Noce" ], "date": "2021-08-26", "id": 88, "link": "/entries/Logging_Independent_Anonymity.html", "permalink": "/entries/Logging_Independent_Anonymity.html", "shortname": "Logging_Independent_Anonymity", "title": "Logging-independent Message Anonymity in the Relational Method", "topic_links": [ "computer-science/security" ], "topics": [ "Computer science/Security" ], "used_by": 0 }, { "abstract": "The Descartes test based on Bernstein coefficients and Descartes’ rule of signs effectively (over-)approximates the number of real roots of a univariate polynomial over an interval. In this entry we formalise the theorem of three circles, which gives sufficient conditions for when the Descartes test returns 0 or 1. This is the first step for efficient root isolation.", "authors": [ "Fox Thomson", "Wenda Li" ], "date": "2021-08-21", "id": 89, "link": "/entries/Three_Circles.html", "permalink": "/entries/Three_Circles.html", "shortname": "Three_Circles", "title": "The Theorem of Three Circles", "topic_links": [ "mathematics/analysis" ], "topics": [ "Mathematics/Analysis" ], "used_by": 0 }, { "abstract": "This entry contains the confidentiality verification of the (functional kernel of) the CoCon conference management system [\u003ca href=\"https://doi.org/10.1007/978-3-319-08867-9_11\"\u003e1\u003c/a\u003e, \u003ca href=\"https://doi.org/10.1007/s10817-020-09566-9\"\u003e2\u003c/a\u003e]. The confidentiality properties refer to the documents managed by the system, namely papers, reviews, discussion logs and acceptance/rejection decisions, and also to the assignment of reviewers to papers. They have all been formulated as instances of BD Security [\u003ca href=\"https://doi.org/10.4230/LIPIcs.ITP.2021.3\"\u003e3\u003c/a\u003e, \u003ca href=\"https://www.isa-afp.org/entries/Bounded_Deducibility_Security.html\"\u003e4\u003c/a\u003e] and verified using the BD Security unwinding technique.", "authors": [ "Andrei Popescu", "Peter Lammich", "Thomas Bauereiss" ], "date": "2021-08-16", "id": 90, "link": "/entries/CoCon.html", "permalink": "/entries/CoCon.html", "shortname": "CoCon", "title": "CoCon: A Confidentiality-Verified Conference Management System", "topic_links": [ "computer-science/security" ], "topics": [ "Computer science/Security" ], "used_by": 0 }, { "abstract": "Building on a previous \u003ca href=\"https://www.isa-afp.org/entries/Bounded_Deducibility_Security.html\"\u003eAFP entry\u003c/a\u003e that formalizes the Bounded-Deducibility Security (BD Security) framework \u003ca href=\"https://doi.org/10.4230/LIPIcs.ITP.2021.3\"\u003e[1]\u003c/a\u003e, we formalize compositionality and transport theorems for information flow security. These results allow lifting BD Security properties from individual components specified as transition systems, to a composition of systems specified as communicating products of transition systems. The underlying ideas of these results are presented in the papers \u003ca href=\"https://doi.org/10.4230/LIPIcs.ITP.2021.3\"\u003e[1]\u003c/a\u003e and \u003ca href=\"https://doi.org/10.1109/SP.2017.24\"\u003e[2]\u003c/a\u003e. The latter paper also describes a major case study where these results have been used: on verifying the CoSMeDis distributed social media platform (itself formalized as an \u003ca href=\"https://www.isa-afp.org/entries/CoSMeDis.html\"\u003eAFP entry\u003c/a\u003e that builds on this entry).", "authors": [ "Thomas Bauereiss", "Andrei Popescu" ], "date": "2021-08-16", "id": 91, "link": "/entries/BD_Security_Compositional.html", "permalink": "/entries/BD_Security_Compositional.html", "shortname": "BD_Security_Compositional", "title": "Compositional BD Security", "topic_links": [ "computer-science/security" ], "topics": [ "Computer science/Security" ], "used_by": 1 }, { "abstract": "This entry contains the confidentiality verification of the (functional kernel of) the CoSMed social media platform. The confidentiality properties are formalized as instances of BD Security [\u003ca href=\"https://doi.org/10.4230/LIPIcs.ITP.2021.3\"\u003e1\u003c/a\u003e, \u003ca href=\"https://www.isa-afp.org/entries/Bounded_Deducibility_Security.html\"\u003e2\u003c/a\u003e]. An innovation in the deployment of BD Security compared to previous work is the use of dynamic declassification triggers, incorporated as part of inductive bounds, for providing stronger guarantees that account for the repeated opening and closing of access windows. To further strengthen the confidentiality guarantees, we also prove \"traceback\" properties about the accessibility decisions affecting the information managed by the system.", "authors": [ "Thomas Bauereiss", "Andrei Popescu" ], "date": "2021-08-16", "id": 92, "link": "/entries/CoSMed.html", "permalink": "/entries/CoSMed.html", "shortname": "CoSMed", "title": "CoSMed: A confidentiality-verified social media platform", "topic_links": [ "computer-science/security" ], "topics": [ "Computer science/Security" ], "used_by": 0 }, { "abstract": "This entry contains the confidentiality verification of the (functional kernel of) the CoSMeDis distributed social media platform presented in [\u003ca href=\"https://doi.org/10.1109/SP.2017.24\"\u003e1\u003c/a\u003e]. CoSMeDis is a multi-node extension the CoSMed prototype social media platform [\u003ca href=\"https://doi.org/10.1007/978-3-319-43144-4_6\"\u003e2\u003c/a\u003e, \u003ca href=\"https://doi.org/10.1007/s10817-017-9443-3\"\u003e3\u003c/a\u003e, \u003ca href=\"https://www.isa-afp.org/entries/CoSMed.html\"\u003e4\u003c/a\u003e]. The confidentiality properties are formalized as instances of BD Security [\u003ca href=\"https://doi.org/10.4230/LIPIcs.ITP.2021.3\"\u003e5\u003c/a\u003e, \u003ca href=\"https://www.isa-afp.org/entries/Bounded_Deducibility_Security.html\"\u003e6\u003c/a\u003e]. The lifting of confidentiality properties from single nodes to the entire CoSMeDis network is performed using compositionality and transport theorems for BD Security, which are described in [\u003ca href=\"https://doi.org/10.1109/SP.2017.24\"\u003e1\u003c/a\u003e] and formalized in a separate \u003ca href=\"https://www.isa-afp.org/entries/BD_Security_Compositional.html\"\u003eAFP entry\u003c/a\u003e.", "authors": [ "Thomas Bauereiss", "Andrei Popescu" ], "date": "2021-08-16", "id": 93, "link": "/entries/CoSMeDis.html", "permalink": "/entries/CoSMeDis.html", "shortname": "CoSMeDis", "title": "CoSMeDis: A confidentiality-verified distributed social media platform", "topic_links": [ "computer-science/security" ], "topics": [ "Computer science/Security" ], "used_by": 0 }, { "abstract": "This entry defines a type class with an operator returning a fresh identifier, given a set of already used identifiers and a preferred identifier. The entry provides a default instantiation for any infinite type, as well as executable instantiations for natural numbers and strings.", "authors": [ "Andrei Popescu", "Thomas Bauereiss" ], "date": "2021-08-16", "id": 94, "link": "/entries/Fresh_Identifiers.html", "permalink": "/entries/Fresh_Identifiers.html", "shortname": "Fresh_Identifiers", "title": "Fresh identifiers", "topic_links": [ "computer-science/data-structures" ], "topics": [ "Computer science/Data structures" ], "used_by": 3 }, { "abstract": "Combinatorial design theory studies incidence set systems with certain balance and symmetry properties. It is closely related to hypergraph theory. This formalisation presents a general library for formal reasoning on incidence set systems, designs and their applications, including formal definitions and proofs for many key properties, operations, and theorems on the construction and existence of designs. Notably, this includes formalising t-designs, balanced incomplete block designs (BIBD), group divisible designs (GDD), pairwise balanced designs (PBD), design isomorphisms, and the relationship between graphs and designs. A locale-centric approach has been used to manage the relationships between the many different types of designs. Theorems of particular interest include the necessary conditions for existence of a BIBD, Wilson's construction on GDDs, and Bose's inequality on resolvable designs. Parts of this formalisation are explored in the paper \"A Modular First Formalisation of Combinatorial Design Theory\", presented at CICM 2021.", "authors": [ "Chelsea Edmonds", "Lawrence C. Paulson" ], "date": "2021-08-13", "id": 95, "link": "/entries/Design_Theory.html", "permalink": "/entries/Design_Theory.html", "shortname": "Design_Theory", "title": "Combinatorial Design Theory", "topic_links": [ "mathematics/combinatorics" ], "topics": [ "Mathematics/Combinatorics" ], "used_by": 1 }, { "abstract": "We study second-order formalisations of graph properties expressed as first-order formulas in relation algebras extended with a Kleene star. The formulas quantify over relations while still avoiding quantification over elements of the base set. We formalise the property of undirected graphs being acyclic this way. This involves a study of various kinds of orientation of graphs. We also verify basic algorithms to constructively prove several second-order properties.", "authors": [ "Walter Guttmann" ], "date": "2021-08-03", "id": 96, "link": "/entries/Relational_Forests.html", "permalink": "/entries/Relational_Forests.html", "shortname": "Relational_Forests", "title": "Relational Forests", "topic_links": [ "mathematics/graph-theory" ], "topics": [ "Mathematics/Graph theory" ], "used_by": 0 }, { "abstract": "This is a formalisation of Schutz' system of axioms for Minkowski spacetime published under the name \"Independent axioms for Minkowski space-time\" in 1997, as well as most of the results in the third chapter (\"Temporal Order on a Path\") of the above monograph. Many results are proven here that cannot be found in Schutz, either preceding the theorem they are needed for, or within their own thematic section.", "authors": [ "Richard Schmoetten", "Jake Palmer", "Jacques D. Fleuriot" ], "date": "2021-07-27", "id": 97, "link": "/entries/Schutz_Spacetime.html", "permalink": "/entries/Schutz_Spacetime.html", "shortname": "Schutz_Spacetime", "title": "Schutz' Independent Axioms for Minkowski Spacetime", "topic_links": [ "mathematics/physics", "mathematics/geometry" ], "topics": [ "Mathematics/Physics", "Mathematics/Geometry" ], "used_by": 0 }, { "abstract": "This article deals with the formalisation of some group-theoretic results including the fundamental theorem of finitely generated abelian groups characterising the structure of these groups as a uniquely determined product of cyclic groups. Both the invariant factor decomposition and the primary decomposition are covered. Additional work includes results about the direct product, the internal direct product and more group-theoretic lemmas.", "authors": [ "Joseph Thommes", "Manuel Eberl" ], "date": "2021-07-07", "id": 98, "link": "/entries/Finitely_Generated_Abelian_Groups.html", "permalink": "/entries/Finitely_Generated_Abelian_Groups.html", "shortname": "Finitely_Generated_Abelian_Groups", "title": "Finitely Generated Abelian Groups", "topic_links": [ "mathematics/algebra" ], "topics": [ "Mathematics/Algebra" ], "used_by": 1 }, { "abstract": "SpecCheck is a \u003ca href=\"https://en.wikipedia.org/wiki/QuickCheck\"\u003eQuickCheck\u003c/a\u003e-like testing framework for Isabelle/ML. You can use it to write specifications for ML functions. SpecCheck then checks whether your specification holds by testing your function against a given number of generated inputs. It helps you to identify bugs by printing counterexamples on failure and provides you timing information. SpecCheck is customisable and allows you to specify your own input generators, test output formats, as well as pretty printers and shrinking functions for counterexamples among other things.", "authors": [ "Kevin Kappelmann", "Lukas Bulwahn", "Sebastian Willenbrink" ], "date": "2021-07-01", "id": 99, "link": "/entries/SpecCheck.html", "permalink": "/entries/SpecCheck.html", "shortname": "SpecCheck", "title": "SpecCheck - Specification-Based Testing for Isabelle/ML", "topic_links": [ "tools" ], "topics": [ "Tools" ], "used_by": 3 }, { "abstract": "This article formalises the proof of Van der Waerden's Theorem from Ramsey theory. Van der Waerden's Theorem states that for integers $k$ and $l$ there exists a number $N$ which guarantees that if an integer interval of length at least $N$ is coloured with $k$ colours, there will always be an arithmetic progression of length $l$ of the same colour in said interval. The proof goes along the lines of \\cite{Swan}. The smallest number $N_{k,l}$ fulfilling Van der Waerden's Theorem is then called the Van der Waerden Number. Finding the Van der Waerden Number is still an open problem for most values of $k$ and $l$.", "authors": [ "Katharina Kreuzer", "Manuel Eberl" ], "date": "2021-06-22", "id": 100, "link": "/entries/Van_der_Waerden.html", "permalink": "/entries/Van_der_Waerden.html", "shortname": "Van_der_Waerden", "title": "Van der Waerden's Theorem", "topic_links": [ "mathematics/combinatorics" ], "topics": [ "Mathematics/Combinatorics" ], "used_by": 0 }, { "abstract": "MiniSail is a kernel language for Sail, an instruction set architecture (ISA) specification language. Sail is an imperative language with a light-weight dependent type system similar to refinement type systems. From an ISA specification, the Sail compiler can generate theorem prover code and C (or OCaml) to give an executable emulator for an architecture. The idea behind MiniSail is to capture the key and novel features of Sail in terms of their syntax, typing rules and operational semantics, and to confirm that they work together by proving progress and preservation lemmas. We use the Nominal2 library to handle binding.", "authors": [ "Mark Wassell" ], "date": "2021-06-18", "id": 101, "link": "/entries/MiniSail.html", "permalink": "/entries/MiniSail.html", "shortname": "MiniSail", "title": "MiniSail - A kernel language for the ISA specification language SAIL", "topic_links": [ "computer-science/programming-languages/type-systems" ], "topics": [ "Computer science/Programming languages/Type systems" ], "used_by": 0 }, { "abstract": "This work is a formalization of public announcement logic with countably many agents. It includes proofs of soundness and completeness for a variant of the axiom system PA + DIST! + NEC!. The completeness proof builds on the Epistemic Logic theory. Paper: \u003ca href=\"https://doi.org/10.1007/978-3-030-90138-7_2\"\u003ehttps://doi.org/10.1007/978-3-030-90138-7_2\u003c/a\u003e.", "authors": [ "Asta HalkjĂŠr From" ], "date": "2021-06-17", "id": 102, "link": "/entries/Public_Announcement_Logic.html", "permalink": "/entries/Public_Announcement_Logic.html", "shortname": "Public_Announcement_Logic", "title": "Public Announcement Logic", "topic_links": [ "logic/general-logic/logics-of-knowledge-and-belief" ], "topics": [ "Logic/General logic/Logics of knowledge and belief" ], "used_by": 0 }, { "abstract": "This paper presents a compiler correctness proof for the didactic imperative programming language IMP, introduced in Nipkow and Klein's book on formal programming language semantics (version of March 2021), whose size is just two thirds of the book's proof in the number of formal text lines. As such, it promises to constitute a further enhanced reference for the formal verification of compilers meant for larger, real-world programming languages. The presented proof does not depend on language determinism, so that the proposed approach can be applied to non-deterministic languages as well. As a confirmation, this paper extends IMP with an additional non-deterministic choice command, and proves compiler correctness, viz. the simulation of compiled code execution by source code, for such extended language.", "authors": [ "Pasquale Noce" ], "date": "2021-06-04", "id": 103, "link": "/entries/IMP_Compiler.html", "permalink": "/entries/IMP_Compiler.html", "shortname": "IMP_Compiler", "title": "A Shorter Compiler Correctness Proof for Language IMP", "topic_links": [ "computer-science/programming-languages/compiling" ], "topics": [ "Computer science/Programming languages/Compiling" ], "used_by": 0 }, { "abstract": "We formalize basics of Combinatorics on Words. This is an extension of existing theories on lists. We provide additional properties related to prefix, suffix, factor, length and rotation. The topics include prefix and suffix comparability, mismatch, word power, total and reversed morphisms, border, periods, primitivity and roots. We also formalize basic, mostly folklore results related to word equations: equidivisibility, commutation and conjugation. Slightly advanced properties include the Periodicity lemma (often cited as the Fine and Wilf theorem) and the variant of the Lyndon-SchĂŒtzenberger theorem for words. We support the algebraic point of view which sees words as generators of submonoids of a free monoid. This leads to the concepts of the (free) hull, the (free) basis (or code).", "authors": [ "Ć těpĂĄn Holub", "Martin RaĆĄka", "Ć těpĂĄn Starosta" ], "date": "2021-05-24", "id": 104, "link": "/entries/Combinatorics_Words.html", "permalink": "/entries/Combinatorics_Words.html", "shortname": "Combinatorics_Words", "title": "Combinatorics on Words Basics", "topic_links": [ "computer-science/automata-and-formal-languages" ], "topics": [ "Computer science/Automata and formal languages" ], "used_by": 2 }, { "abstract": "Graph lemma quantifies the defect effect of a system of word equations. That is, it provides an upper bound on the rank of the system. We formalize the proof based on the decomposition of a solution into its free basis. A direct application is an alternative proof of the fact that two noncommuting words form a code.", "authors": [ "Ć těpĂĄn Holub", "Ć těpĂĄn Starosta" ], "date": "2021-05-24", "id": 105, "link": "/entries/Combinatorics_Words_Graph_Lemma.html", "permalink": "/entries/Combinatorics_Words_Graph_Lemma.html", "shortname": "Combinatorics_Words_Graph_Lemma", "title": "Graph Lemma", "topic_links": [ "computer-science/automata-and-formal-languages" ], "topics": [ "Computer science/Automata and formal languages" ], "used_by": 0 }, { "abstract": "Lyndon words are words lexicographically minimal in their conjugacy class. We formalize their basic properties and characterizations, in particular the concepts of the longest Lyndon suffix and the Lyndon factorization. Most of the work assumes a fixed lexicographical order. Nevertheless we also define the smallest relation guaranteeing lexicographical minimality of a given word (in its conjugacy class).", "authors": [ "Ć těpĂĄn Holub", "Ć těpĂĄn Starosta" ], "date": "2021-05-24", "id": 106, "link": "/entries/Combinatorics_Words_Lyndon.html", "permalink": "/entries/Combinatorics_Words_Lyndon.html", "shortname": "Combinatorics_Words_Lyndon", "title": "Lyndon words", "topic_links": [ "computer-science/automata-and-formal-languages" ], "topics": [ "Computer science/Automata and formal languages" ], "used_by": 0 }, { "abstract": "This development provides a general definition for safe Regression Test Selection (RTS) algorithms. RTS algorithms select which tests to rerun on revised code, reducing the time required to check for newly introduced errors. An RTS algorithm is considered safe if and only if all deselected tests would have unchanged results. This definition is instantiated with two class-collection-based RTS algorithms run over the JVM as modeled by JinjaDCI. This is achieved with a general definition for Collection Semantics, small-step semantics instrumented to collect information during execution. As the RTS definition mandates safety, these instantiations include proofs of safety. This work is described in Mansky and Gunter's LSFA 2020 paper and Mansky's doctoral thesis (UIUC, 2020).", "authors": [ "Susannah Mansky" ], "date": "2021-04-30", "id": 107, "link": "/entries/Regression_Test_Selection.html", "permalink": "/entries/Regression_Test_Selection.html", "shortname": "Regression_Test_Selection", "title": "Regression Test Selection", "topic_links": [ "computer-science/algorithms" ], "topics": [ "Computer science/Algorithms" ], "used_by": 0 }, { "abstract": "In this entry we formalize Isabelle's metalogic in Isabelle/HOL. Furthermore, we define a language of proof terms and an executable proof checker and prove its soundness wrt. the metalogic. The formalization is intentionally kept close to the Isabelle implementation(for example using de Brujin indices) to enable easy integration of generated code with the Isabelle system without a complicated translation layer. The formalization is described in our \u003ca href=\"https://arxiv.org/pdf/2104.12224.pdf\"\u003eCADE 28 paper\u003c/a\u003e.", "authors": [ "Tobias Nipkow", "Simon Roßkopf" ], "date": "2021-04-27", "id": 108, "link": "/entries/Metalogic_ProofChecker.html", "permalink": "/entries/Metalogic_ProofChecker.html", "shortname": "Metalogic_ProofChecker", "title": "Isabelle's Metalogic: Formalization and Proof Checker", "topic_links": [ "logic/general-logic" ], "topics": [ "Logic/General logic" ], "used_by": 0 }, { "abstract": "We formalize the \u003ci\u003eLifting the Exponent Lemma\u003c/i\u003e, which shows how to find the largest power of $p$ dividing $a^n \\pm b^n$, for a prime $p$ and positive integers $a$ and $b$. The proof follows \u003ca href=\"https://s3.amazonaws.com/aops-cdn.artofproblemsolving.com/resources/articles/lifting-the-exponent.pdf\"\u003eAmir Hossein Parvardi's\u003c/a\u003e.", "authors": [ "Maya KądzioƂka" ], "date": "2021-04-27", "id": 109, "link": "/entries/Lifting_the_Exponent.html", "permalink": "/entries/Lifting_the_Exponent.html", "shortname": "Lifting_the_Exponent", "title": "Lifting the Exponent", "topic_links": [ "mathematics/number-theory" ], "topics": [ "Mathematics/Number theory" ], "used_by": 0 }, { "abstract": "We formalize the univariate case of Ben-Or, Kozen, and Reif's decision procedure for first-order real arithmetic (the BKR algorithm). We also formalize the univariate case of Renegar's variation of the BKR algorithm. The two formalizations differ mathematically in minor ways (that have significant impact on the multivariate case), but are quite similar in proof structure. Both rely on sign-determination (finding the set of consistent sign assignments for a set of polynomials). The method used for sign-determination is similar to Tarski's original quantifier elimination algorithm (it stores key information in a matrix equation), but with a reduction step to keep complexity low.", "authors": [ "Katherine Cordwell", "Yong Kiam Tan", "AndrĂ© Platzer" ], "date": "2021-04-24", "id": 110, "link": "/entries/BenOr_Kozen_Reif.html", "permalink": "/entries/BenOr_Kozen_Reif.html", "shortname": "BenOr_Kozen_Reif", "title": "The BKR Decision Procedure for Univariate Real Arithmetic", "topic_links": [ "computer-science/algorithms/mathematical" ], "topics": [ "Computer science/Algorithms/Mathematical" ], "used_by": 1 }, { "abstract": "This is a formalisation of the main result of Gale and Stewart from 1953, showing that closed finite games are determined. This property is now known as the Gale Stewart Theorem. While the original paper shows some additional theorems as well, we only formalize this main result, but do so in a somewhat general way. We formalize games of a fixed arbitrary length, including infinite length, using co-inductive lists, and show that defensive strategies exist unless the other player is winning. For closed games, defensive strategies are winning for the closed player, proving that such games are determined. For finite games, which are a special case in our formalisation, all games are closed.", "authors": [ "Sebastiaan J. C. Joosten" ], "date": "2021-04-23", "id": 111, "link": "/entries/GaleStewart_Games.html", "permalink": "/entries/GaleStewart_Games.html", "shortname": "GaleStewart_Games", "title": "Gale-Stewart Games", "topic_links": [ "mathematics/games-and-economics" ], "topics": [ "Mathematics/Games and economics" ], "used_by": 0 }, { "abstract": "Large-scale stream processing systems often follow the dataflow paradigm, which enforces a program structure that exposes a high degree of parallelism. The Timely Dataflow distributed system supports expressive cyclic dataflows for which it offers low-latency data- and pipeline-parallel stream processing. To achieve high expressiveness and performance, Timely Dataflow uses an intricate distributed protocol for tracking the computation’s progress. We formalize this progress tracking protocol and verify its safety. Our formalization is described in detail in our forthcoming \u003ca href=\"https://traytel.bitbucket.io/papers/itp21-progress_tracking/safe.pdf\"\u003eITP'21 paper\u003c/a\u003e.", "authors": [ "Matthias Brun", "SĂĄra Decova", "Andrea Lattuada", "Dmitriy Traytel" ], "date": "2021-04-13", "id": 112, "link": "/entries/Progress_Tracking.html", "permalink": "/entries/Progress_Tracking.html", "shortname": "Progress_Tracking", "title": "Formalization of Timely Dataflow's Progress Tracking Protocol", "topic_links": [ "computer-science/algorithms/distributed" ], "topics": [ "Computer science/Algorithms/Distributed" ], "used_by": 0 }, { "abstract": "We provide a characterisation of how information is propagated by program executions based on the tracking data and control dependencies within executions themselves. The characterisation might be used for deriving approximative safety properties to be targeted by static analyses or checked at runtime. We utilise a simple yet versatile control flow graph model as a program representation. As our model is not assumed to be finite it can be instantiated for a broad class of programs. The targeted security property is indistinguishable security where executions produce sequences of observations and only non-terminating executions are allowed to drop a tail of those. A very crude approximation of our characterisation is slicing based on program dependence graphs, which we use as a minimal example and derive a corresponding soundness result. For further details and applications refer to the authors upcoming dissertation.", "authors": [ "Benedikt Nordhoff" ], "date": "2021-04-01", "id": 113, "link": "/entries/IFC_Tracking.html", "permalink": "/entries/IFC_Tracking.html", "shortname": "IFC_Tracking", "title": "Information Flow Control via Dependency Tracking", "topic_links": [ "computer-science/security" ], "topics": [ "Computer science/Security" ], "used_by": 0 }, { "abstract": "We formalize mainstream structures in algebraic geometry culminating in Grothendieck's schemes: presheaves of rings, sheaves of rings, ringed spaces, locally ringed spaces, affine schemes and schemes. We prove that the spectrum of a ring is a locally ringed space, hence an affine scheme. Finally, we prove that any affine scheme is a scheme.", "authors": [ "Anthony Bordg", "Lawrence C. Paulson", "Wenda Li" ], "date": "2021-03-29", "id": 114, "link": "/entries/Grothendieck_Schemes.html", "permalink": "/entries/Grothendieck_Schemes.html", "shortname": "Grothendieck_Schemes", "title": "Grothendieck's Schemes in Algebraic Geometry", "topic_links": [ "mathematics/algebra", "mathematics/geometry" ], "topics": [ "Mathematics/Algebra", "Mathematics/Geometry" ], "used_by": 0 }, { "abstract": "We formalize the ring of \u003cem\u003ep\u003c/em\u003e-adic integers within the framework of the HOL-Algebra library. The carrier of the ring is formalized as the inverse limit of quotients of the integers by powers of a fixed prime \u003cem\u003ep\u003c/em\u003e. We define an integer-valued valuation, as well as an extended-integer valued valuation which sends 0 to the infinite element. Basic topological facts about the \u003cem\u003ep\u003c/em\u003e-adic integers are formalized, including completeness and sequential compactness. Taylor expansions of polynomials over a commutative ring are defined, culminating in the formalization of Hensel's Lemma based on a proof due to Keith Conrad.", "authors": [ "Aaron Crighton" ], "date": "2021-03-23", "id": 115, "link": "/entries/Padic_Ints.html", "permalink": "/entries/Padic_Ints.html", "shortname": "Padic_Ints", "title": "Hensel's Lemma for the p-adic Integers", "topic_links": [ "mathematics/number-theory" ], "topics": [ "Mathematics/Number theory" ], "used_by": 1 }, { "abstract": "Constructive Cryptography (CC) [\u003ca href=\"https://conference.iiis.tsinghua.edu.cn/ICS2011/content/papers/14.html\"\u003eICS 2011\u003c/a\u003e, \u003ca href=\"https://doi.org/10.1007/978-3-642-27375-9_3\"\u003eTOSCA 2011\u003c/a\u003e, \u003ca href=\"https://doi.org/10.1007/978-3-662-53641-4_1\"\u003eTCC 2016\u003c/a\u003e] introduces an abstract approach to composable security statements that allows one to focus on a particular aspect of security proofs at a time. Instead of proving the properties of concrete systems, CC studies system classes, i.e., the shared behavior of similar systems, and their transformations. Modeling of systems communication plays a crucial role in composability and reusability of security statements; yet, this aspect has not been studied in any of the existing CC results. We extend our previous CC formalization [\u003ca href=\"https://isa-afp.org/entries/Constructive_Cryptography.html\"\u003eConstructive_Cryptography\u003c/a\u003e, \u003ca href=\"https://doi.org/10.1109/CSF.2019.00018\"\u003eCSF 2019\u003c/a\u003e] with a new semantic domain called Fused Resource Templates (FRT) that abstracts over the systems communication patterns in CC proofs. This widens the scope of cryptography proof formalizations in the CryptHOL library [\u003ca href=\"https://isa-afp.org/entries/CryptHOL.html\"\u003eCryptHOL\u003c/a\u003e, \u003ca href=\"https://doi.org/10.1007/978-3-662-49498-1_20\"\u003eESOP 2016\u003c/a\u003e, \u003ca href=\"https://doi.org/10.1007/s00145-019-09341-z\"\u003eJ Cryptol 2020\u003c/a\u003e]. This formalization is described in \u003ca href=\"http://www.andreas-lochbihler.de/pub/basin2021.pdf\"\u003eAbstract Modeling of Systems Communication in Constructive Cryptography using CryptHOL\u003c/a\u003e.", "authors": [ "Andreas Lochbihler", "S. Reza Sefidgar" ], "date": "2021-03-17", "id": 116, "link": "/entries/Constructive_Cryptography_CM.html", "permalink": "/entries/Constructive_Cryptography_CM.html", "shortname": "Constructive_Cryptography_CM", "title": "Constructive Cryptography in HOL: the Communication Modeling Aspect", "topic_links": [ "computer-science/security/cryptography", "mathematics/probability-theory" ], "topics": [ "Computer science/Security/Cryptography", "Mathematics/Probability theory" ], "used_by": 0 }, { "abstract": "We verify two algorithms for which modular arithmetic plays an essential role: Storjohann's variant of the LLL lattice basis reduction algorithm and Kopparty's algorithm for computing the Hermite normal form of a matrix. To do this, we also formalize some facts about the modulo operation with symmetric range. Our implementations are based on the original papers, but are otherwise efficient. For basis reduction we formalize two versions: one that includes all of the optimizations/heuristics from Storjohann's paper, and one excluding a heuristic that we observed to often decrease efficiency. We also provide a fast, self-contained certifier for basis reduction, based on the efficient Hermite normal form algorithm.", "authors": [ "Ralph Bottesch", "Jose DivasĂłn", "RenĂ© Thiemann" ], "date": "2021-03-12", "id": 117, "link": "/entries/Modular_arithmetic_LLL_and_HNF_algorithms.html", "permalink": "/entries/Modular_arithmetic_LLL_and_HNF_algorithms.html", "shortname": "Modular_arithmetic_LLL_and_HNF_algorithms", "title": "Two algorithms based on modular arithmetic: lattice basis reduction and Hermite normal form computation", "topic_links": [ "computer-science/algorithms/mathematical" ], "topics": [ "Computer science/Algorithms/Mathematical" ], "used_by": 0 }, { "abstract": "This work contains a formalization of quantum projective measurements, also known as von Neumann measurements, which are based on elements of spectral theory. We also formalized the CHSH inequality, an inequality involving expectations in a probability space that is violated by quantum measurements, thus proving that quantum mechanics cannot be modeled with an underlying local hidden-variable theory.", "authors": [ "Mnacho Echenim" ], "date": "2021-03-03", "id": 118, "link": "/entries/Projective_Measurements.html", "permalink": "/entries/Projective_Measurements.html", "shortname": "Projective_Measurements", "title": "Quantum projective measurements and the CHSH inequality", "topic_links": [ "computer-science/algorithms/quantum-computing", "mathematics/physics/quantum-information" ], "topics": [ "Computer science/Algorithms/Quantum computing", "Mathematics/Physics/Quantum information" ], "used_by": 1 }, { "abstract": "\u003cp\u003eThis article provides a formalisation of the Hermite-Lindemann-Weierstraß Theorem (also known as simply Hermite-Lindemann or Lindemann-Weierstraß). This theorem is one of the crowning achievements of 19th century number theory.\u003c/p\u003e \u003cp\u003eThe theorem states that if $\\alpha_1, \\ldots, \\alpha_n\\in\\mathbb{C}$ are algebraic numbers that are linearly independent over $\\mathbb{Z}$, then $e^{\\alpha_1},\\ldots,e^{\\alpha_n}$ are algebraically independent over $\\mathbb{Q}$.\u003c/p\u003e \u003cp\u003eLike the \u003ca href=\"https://doi.org/10.1007/978-3-319-66107-0_5\"\u003eprevious formalisation in Coq by Bernard\u003c/a\u003e, I proceeded by formalising \u003ca href=\"https://doi.org/10.1017/CBO9780511565977\"\u003eBaker's version of the theorem and proof\u003c/a\u003e and then deriving the original one from that. Baker's version states that for any algebraic numbers $\\beta_1, \\ldots, \\beta_n\\in\\mathbb{C}$ and distinct algebraic numbers $\\alpha_i, \\ldots, \\alpha_n\\in\\mathbb{C}$, we have $\\beta_1 e^{\\alpha_1} + \\ldots + \\beta_n e^{\\alpha_n} = 0$ if and only if all the $\\beta_i$ are zero.\u003c/p\u003e \u003cp\u003eThis has a number of direct corollaries, e.g.:\u003c/p\u003e \u003cul\u003e \u003cli\u003e$e$ and $\\pi$ are transcendental\u003c/li\u003e \u003cli\u003e$e^z$, $\\sin z$, $\\tan z$, etc. are transcendental for algebraic $z\\in\\mathbb{C}\\setminus\\{0\\}$\u003c/li\u003e \u003cli\u003e$\\ln z$ is transcendental for algebraic $z\\in\\mathbb{C}\\setminus\\{0, 1\\}$\u003c/li\u003e \u003c/ul\u003e", "authors": [ "Manuel Eberl" ], "date": "2021-03-03", "id": 119, "link": "/entries/Hermite_Lindemann.html", "permalink": "/entries/Hermite_Lindemann.html", "shortname": "Hermite_Lindemann", "title": "The Hermite–Lindemann–Weierstraß Transcendence Theorem", "topic_links": [ "mathematics/number-theory" ], "topics": [ "Mathematics/Number theory" ], "used_by": 1 }, { "abstract": "We use Isabelle/HOL to verify elementary theorems and alternative axiomatizations of classical extensional mereology.", "authors": [ "Ben Blumson" ], "date": "2021-03-01", "id": 120, "link": "/entries/Mereology.html", "permalink": "/entries/Mereology.html", "shortname": "Mereology", "title": "Mereology", "topic_links": [ "logic/philosophical-aspects" ], "topics": [ "Logic/Philosophical aspects" ], "used_by": 0 }, { "abstract": "We formally define sunflowers and provide a formalization of the sunflower lemma of Erd\u0026odblac;s and Rado: whenever a set of size-\u003ci\u003ek\u003c/i\u003e-sets has a larger cardinality than \u003ci\u003e(r - 1)\u003csup\u003ek\u003c/sup\u003e \u0026middot; k!\u003c/i\u003e, then it contains a sunflower of cardinality \u003ci\u003er\u003c/i\u003e.", "authors": [ "RenĂ© Thiemann" ], "date": "2021-02-25", "id": 121, "link": "/entries/Sunflowers.html", "permalink": "/entries/Sunflowers.html", "shortname": "Sunflowers", "title": "The Sunflower Lemma of ErdƑs and Rado", "topic_links": [ "mathematics/combinatorics" ], "topics": [ "Mathematics/Combinatorics" ], "used_by": 1 }, { "abstract": "In this work, we use the interactive theorem prover Isabelle/HOL to verify an imperative implementation of the classical B-tree data structure invented by Bayer and McCreight [ACM 1970]. The implementation supports set membership, insertion and deletion queries with efficient binary search for intra-node navigation. This is accomplished by first specifying the structure abstractly in the functional modeling language HOL and proving functional correctness. Using manual refinement, we derive an imperative implementation in Imperative/HOL. We show the validity of this refinement using the separation logic utilities from the \u003ca href=\"https://www.isa-afp.org/entries/Refine_Imperative_HOL.html\"\u003e Isabelle Refinement Framework \u003c/a\u003e . The code can be exported to the programming languages SML, OCaml and Scala. We examine the runtime of all operations indirectly by reproducing results of the logarithmic relationship between height and the number of nodes. The results are discussed in greater detail in the corresponding \u003ca href=\"https://mediatum.ub.tum.de/1596550\"\u003eBachelor's Thesis\u003c/a\u003e.", "authors": [ "Niels MĂŒndler" ], "date": "2021-02-24", "id": 122, "link": "/entries/BTree.html", "permalink": "/entries/BTree.html", "shortname": "BTree", "title": "A Verified Imperative Implementation of B-Trees", "topic_links": [ + "computer-science/data-management-systems", "computer-science/data-structures" ], "topics": [ + "Computer science/Data management systems", "Computer science/Data structures" ], "used_by": 0 }, { "abstract": "\u003cp\u003eFormal Puiseux series are generalisations of formal power series and formal Laurent series that also allow for fractional exponents. They have the following general form: \\[\\sum_{i=N}^\\infty a_{i/d} X^{i/d}\\] where \u003cem\u003eN\u003c/em\u003e is an integer and \u003cem\u003ed\u003c/em\u003e is a positive integer.\u003c/p\u003e \u003cp\u003eThis entry defines these series including their basic algebraic properties. Furthermore, it proves the Newton–Puiseux Theorem, namely that the Puiseux series over an algebraically closed field of characteristic 0 are also algebraically closed.\u003c/p\u003e", "authors": [ "Manuel Eberl" ], "date": "2021-02-17", "id": 123, "link": "/entries/Formal_Puiseux_Series.html", "permalink": "/entries/Formal_Puiseux_Series.html", "shortname": "Formal_Puiseux_Series", "title": "Formal Puiseux Series", "topic_links": [ "mathematics/algebra" ], "topics": [ "Mathematics/Algebra" ], "used_by": 0 }, { "abstract": "\u003cp\u003eThe Law of Large Numbers states that, informally, if one performs a random experiment $X$ many times and takes the average of the results, that average will be very close to the expected value $E[X]$.\u003c/p\u003e \u003cp\u003e More formally, let $(X_i)_{i\\in\\mathbb{N}}$ be a sequence of independently identically distributed random variables whose expected value $E[X_1]$ exists. Denote the running average of $X_1, \\ldots, X_n$ as $\\overline{X}_n$. Then:\u003c/p\u003e \u003cul\u003e \u003cli\u003eThe Weak Law of Large Numbers states that $\\overline{X}_{n} \\longrightarrow E[X_1]$ in probability for $n\\to\\infty$, i.e. $\\mathcal{P}(|\\overline{X}_{n} - E[X_1]| \u003e \\varepsilon) \\longrightarrow 0$ as $n\\to\\infty$ for any $\\varepsilon \u003e 0$.\u003c/li\u003e \u003cli\u003eThe Strong Law of Large Numbers states that $\\overline{X}_{n} \\longrightarrow E[X_1]$ almost surely for $n\\to\\infty$, i.e. $\\mathcal{P}(\\overline{X}_{n} \\longrightarrow E[X_1]) = 1$.\u003c/li\u003e \u003c/ul\u003e \u003cp\u003eIn this entry, I formally prove the strong law and from it the weak law. The approach used for the proof of the strong law is a particularly quick and slick one based on ergodic theory, which was formalised by GouĂ«zel in another AFP entry.\u003c/p\u003e", "authors": [ "Manuel Eberl" ], "date": "2021-02-10", "id": 124, "link": "/entries/Laws_of_Large_Numbers.html", "permalink": "/entries/Laws_of_Large_Numbers.html", "shortname": "Laws_of_Large_Numbers", "title": "The Laws of Large Numbers", "topic_links": [ "mathematics/probability-theory" ], "topics": [ "Mathematics/Probability theory" ], "used_by": 0 }, { "abstract": "\u003cp\u003eThe \u003ca href=\"https://geocoq.github.io/GeoCoq/\"\u003eGeoCoq library\u003c/a\u003e contains a formalization of geometry using the Coq proof assistant. It contains both proofs about the foundations of geometry and high-level proofs in the same style as in high school. We port a part of the GeoCoq 2.4.0 library to Isabelle/HOL: more precisely, the files Chap02.v to Chap13_3.v, suma.v as well as the associated definitions and some useful files for the demonstration of certain parallel postulates. The synthetic approach of the demonstrations is directly inspired by those contained in GeoCoq. The names of the lemmas and theorems used are kept as far as possible as well as the definitions. \u003c/p\u003e \u003cp\u003eIt should be noted that T.J.M. Makarios has done \u003ca href=\"https://www.isa-afp.org/entries/Tarskis_Geometry.html\"\u003esome proofs in Tarski's Geometry\u003c/a\u003e. It uses a definition that does not quite coincide with the definition used in Geocoq and here. Furthermore, corresponding definitions in the \u003ca href=\"https://www.isa-afp.org/entries/Poincare_Disc.html\"\u003ePoincarĂ© Disc Model development\u003c/a\u003e are not identical to those defined in GeoCoq. \u003c/p\u003e \u003cp\u003eIn the last part, it is formalized that, in the neutral/absolute space, the axiom of the parallels of Tarski's system implies the Playfair axiom, the 5th postulate of Euclid and Euclid's original parallel postulate. These proofs, which are not constructive, are directly inspired by Pierre Boutry, Charly Gries, Julien Narboux and Pascal Schreck. \u003c/p\u003e", "authors": [ "Roland Coghetto" ], "date": "2021-01-31", "id": 125, "link": "/entries/IsaGeoCoq.html", "permalink": "/entries/IsaGeoCoq.html", "shortname": "IsaGeoCoq", "title": "Tarski's Parallel Postulate implies the 5th Postulate of Euclid, the Postulate of Playfair and the original Parallel Postulate of Euclid", "topic_links": [ "mathematics/geometry" ], "topics": [ "Mathematics/Geometry" ], "used_by": 0 }, { "abstract": "In a \u003ca href=\"https://xkcd.com/blue_eyes.html\"\u003epuzzle published by Randall Munroe\u003c/a\u003e, perfect logicians forbidden from communicating are stranded on an island, and may only leave once they have figured out their own eye color. We present a method of modeling the behavior of perfect logicians and formalize a solution of the puzzle.", "authors": [ "Maya KądzioƂka" ], "date": "2021-01-30", "id": 126, "link": "/entries/Blue_Eyes.html", "permalink": "/entries/Blue_Eyes.html", "shortname": "Blue_Eyes", "title": "Solution to the xkcd Blue Eyes puzzle", "topic_links": [ "logic/general-logic/logics-of-knowledge-and-belief" ], "topics": [ "Logic/General logic/Logics of knowledge and belief" ], "used_by": 0 }, { "abstract": "This is a verified implementation of a constant time queue. The original design is due to \u003ca href=\"https://doi.org/10.1016/0020-0190(81)90030-2\"\u003eHood and Melville\u003c/a\u003e. This formalization follows the presentation in \u003cem\u003ePurely Functional Data Structures\u003c/em\u003eby Okasaki.", "authors": [ "Alejandro GĂłmez-Londoño" ], "date": "2021-01-18", "id": 127, "link": "/entries/Hood_Melville_Queue.html", "permalink": "/entries/Hood_Melville_Queue.html", "shortname": "Hood_Melville_Queue", "title": "Hood-Melville Queue", "topic_links": [ "computer-science/data-structures" ], "topics": [ "Computer science/Data structures" ], "used_by": 0 }, { "abstract": "We extend Jinja to include static fields, methods, and instructions, and dynamic class initialization, based on the Java SE 8 specification. This includes extension of definitions and proofs. This work is partially described in Mansky and Gunter's paper at CPP 2019 and Mansky's doctoral thesis (UIUC, 2020).", "authors": [ "Susannah Mansky" ], "date": "2021-01-11", "id": 128, "link": "/entries/JinjaDCI.html", "permalink": "/entries/JinjaDCI.html", "shortname": "JinjaDCI", "title": "JinjaDCI: a Java semantics with dynamic class initialization", "topic_links": [ "computer-science/programming-languages/language-definitions" ], "topics": [ "Computer science/Programming languages/Language definitions" ], "used_by": 1 }, { "abstract": "We formalize the basic results on cofinality of linearly ordered sets and ordinals and Ć anin’s Lemma for uncountable families of finite sets. This last result is used to prove the countable chain condition for Cohen posets. We work in the set theory framework of Isabelle/ZF, using the Axiom of Choice as needed.", "authors": [ "Pedro SĂĄnchez Terraf" ], "date": "2020-12-27", "id": 129, "link": "/entries/Delta_System_Lemma.html", "permalink": "/entries/Delta_System_Lemma.html", "shortname": "Delta_System_Lemma", "title": "Cofinality and the Delta System Lemma", "topic_links": [ "mathematics/combinatorics", "logic/set-theory" ], "topics": [ "Mathematics/Combinatorics", "Logic/Set theory" ], "used_by": 1 }, { "abstract": "We introduce a generalized topological semantics for paraconsistent and paracomplete logics by drawing upon early works on topological Boolean algebras (cf. works by Kuratowski, Zarycki, McKinsey \u0026 Tarski, etc.). In particular, this work exemplarily illustrates the shallow semantical embeddings approach (\u003ca href=\"http://dx.doi.org/10.1007/s11787-012-0052-y\"\u003eSSE\u003c/a\u003e) employing the proof assistant Isabelle/HOL. By means of the SSE technique we can effectively harness theorem provers, model finders and 'hammers' for reasoning with quantified non-classical logics.", "authors": [ "David Fuenmayor" ], "date": "2020-12-17", "id": 130, "link": "/entries/Topological_Semantics.html", "permalink": "/entries/Topological_Semantics.html", "shortname": "Topological_Semantics", "title": "Topological semantics for paraconsistent and paracomplete logics", "topic_links": [ "logic/general-logic" ], "topics": [ "Logic/General logic" ], "used_by": 0 }, { "abstract": "We verify the correctness of Prim's, Kruskal's and BorĆŻvka's minimum spanning tree algorithms based on algebras for aggregation and minimisation.", "authors": [ "Walter Guttmann", "Nicolas Robinson-O'Brien" ], "date": "2020-12-08", "id": 131, "link": "/entries/Relational_Minimum_Spanning_Trees.html", "permalink": "/entries/Relational_Minimum_Spanning_Trees.html", "shortname": "Relational_Minimum_Spanning_Trees", "title": "Relational Minimum Spanning Tree Algorithms", "topic_links": [ "computer-science/algorithms/graph" ], "topics": [ "Computer science/Algorithms/Graph" ], "used_by": 0 }, { "abstract": "This Isabelle/HOL formalization builds on the \u003cem\u003eVeriComp\u003c/em\u003e entry of the \u003cem\u003eArchive of Formal Proofs\u003c/em\u003e to provide the following contributions: \u003cul\u003e \u003cli\u003ean operational semantics for a realistic virtual machine (Std) for dynamically typed programming languages;\u003c/li\u003e \u003cli\u003ethe formalization of an inline caching optimization (Inca), a proof of bisimulation with (Std), and a compilation function;\u003c/li\u003e \u003cli\u003ethe formalization of an unboxing optimization (Ubx), a proof of bisimulation with (Inca), and a simple compilation function.\u003c/li\u003e \u003c/ul\u003e This formalization was described in the CPP 2021 paper \u003cem\u003eTowards Efficient and Verified Virtual Machines for Dynamic Languages\u003c/em\u003e", "authors": [ "Martin Desharnais" ], "date": "2020-12-07", "id": 132, "link": "/entries/Interpreter_Optimizations.html", "permalink": "/entries/Interpreter_Optimizations.html", "shortname": "Interpreter_Optimizations", "title": "Inline Caching and Unboxing Optimization for Interpreters", "topic_links": [ "computer-science/programming-languages/misc" ], "topics": [ "Computer science/Programming languages/Misc" ], "used_by": 0 }, { "abstract": "This paper introduces a new method for the formal verification of cryptographic protocols, the relational method, derived from Paulson's inductive method by means of some enhancements aimed at streamlining formal definitions and proofs, specially for protocols using public key cryptography. Moreover, this paper proposes a method to formalize a further security property, message anonymity, in addition to message confidentiality and authenticity. The relational method, including message anonymity, is then applied to the verification of a sample authentication protocol, comprising Password Authenticated Connection Establishment (PACE) with Chip Authentication Mapping followed by the explicit verification of an additional password over the PACE secure channel.", "authors": [ "Pasquale Noce" ], "date": "2020-12-05", "id": 133, "link": "/entries/Relational_Method.html", "permalink": "/entries/Relational_Method.html", "shortname": "Relational_Method", "title": "The Relational Method with Message Anonymity for the Verification of Cryptographic Protocols", "topic_links": [ "computer-science/security" ], "topics": [ "Computer science/Security" ], "used_by": 0 }, { "abstract": "This work is an effort to formalise some quantum algorithms and results in quantum information theory. Formal methods being critical for the safety and security of algorithms and protocols, we foresee their widespread use for quantum computing in the future. We have developed a large library for quantum computing in Isabelle based on a matrix representation for quantum circuits, successfully formalising the no-cloning theorem, quantum teleportation, Deutsch's algorithm, the Deutsch-Jozsa algorithm and the quantum Prisoner's Dilemma.", "authors": [ "Anthony Bordg", "Hanna Lachnitt", "Yijun He" ], "date": "2020-11-22", "id": 134, "link": "/entries/Isabelle_Marries_Dirac.html", "permalink": "/entries/Isabelle_Marries_Dirac.html", "shortname": "Isabelle_Marries_Dirac", "title": "Isabelle Marries Dirac: a Library for Quantum Computation and Quantum Information", "topic_links": [ "computer-science/algorithms/quantum-computing", "mathematics/physics/quantum-information" ], "topics": [ "Computer science/Algorithms/Quantum computing", "Mathematics/Physics/Quantum information" ], "used_by": 1 }, { "abstract": "We use a formal development for CSP, called HOL-CSP2.0, to analyse a family of refinement notions, comprising classic and new ones. This analysis enables to derive a number of properties that allow to deepen the understanding of these notions, in particular with respect to specification decomposition principles for the case of infinite sets of events. The established relations between the refinement relations help to clarify some obscure points in the CSP literature, but also provide a weapon for shorter refinement proofs. Furthermore, we provide a framework for state-normalisation allowing to formally reason on parameterised process architectures. As a result, we have a modern environment for formal proofs of concurrent systems that allow for the combination of general infinite processes with locally finite ones in a logically safe way. We demonstrate these verification-techniques for classical, generalised examples: The CopyBuffer for arbitrary data and the Dijkstra's Dining Philosopher Problem of arbitrary size.", "authors": [ "Safouan Taha", "Burkhart Wolff", "Lina Ye" ], "date": "2020-11-19", "id": 135, "link": "/entries/CSP_RefTK.html", "permalink": "/entries/CSP_RefTK.html", "shortname": "CSP_RefTK", "title": "The HOL-CSP Refinement Toolkit", "topic_links": [ "computer-science/concurrency/process-calculi", "computer-science/semantics-and-reasoning" ], "topics": [ "Computer science/Concurrency/Process calculi", "Computer science/Semantics and reasoning" ], "used_by": 0 }, { "abstract": "This is an Isabelle/HOL formalisation of the semantics of the multi-valued planning tasks language that is used by the planning system Fast-Downward, the STRIPS fragment of the Planning Domain Definition Language (PDDL), and the STRIPS soundness meta-theory developed by Vladimir Lifschitz. It also contains formally verified checkers for checking the well-formedness of problems specified in either language as well the correctness of potential solutions. The formalisation in this entry was described in an earlier publication.", "authors": [ "Mohammad Abdulaziz", "Peter Lammich" ], "date": "2020-10-29", "id": 136, "link": "/entries/AI_Planning_Languages_Semantics.html", "permalink": "/entries/AI_Planning_Languages_Semantics.html", "shortname": "AI_Planning_Languages_Semantics", "title": "AI Planning Languages Semantics", "topic_links": [ "computer-science/artificial-intelligence" ], "topics": [ "Computer science/Artificial intelligence" ], "used_by": 1 }, { "abstract": "We present an executable formally verified SAT encoding of classical AI planning that is based on the encodings by Kautz and Selman and the one by Rintanen et al. The encoding was experimentally tested and shown to be usable for reasonably sized standard AI planning benchmarks. We also use it as a reference to test a state-of-the-art SAT-based planner, showing that it sometimes falsely claims that problems have no solutions of certain lengths. The formalisation in this submission was described in an independent publication.", "authors": [ "Mohammad Abdulaziz", "Friedrich Kurz" ], "date": "2020-10-29", "id": 137, "link": "/entries/Verified_SAT_Based_AI_Planning.html", "permalink": "/entries/Verified_SAT_Based_AI_Planning.html", "shortname": "Verified_SAT_Based_AI_Planning", "title": "Verified SAT-Based AI Planning", "topic_links": [ "computer-science/artificial-intelligence" ], "topics": [ "Computer science/Artificial intelligence" ], "used_by": 0 }, { "abstract": "The present Isabelle theory builds a formal model for both the International System of Quantities (ISQ) and the International System of Units (SI), which are both fundamental for physics and engineering. Both the ISQ and the SI are deeply integrated into Isabelle's type system. Quantities are parameterised by dimension types, which correspond to base vectors, and thus only quantities of the same dimension can be equated. Since the underlying \"algebra of quantities\" induces congruences on quantity and SI types, specific tactic support is developed to capture these. Our construction is validated by a test-set of known equivalences between both quantities and SI units. Moreover, the presented theory can be used for type-safe conversions between the SI system and others, like the British Imperial System (BIS).", "authors": [ "Simon Foster", "Burkhart Wolff" ], "date": "2020-10-20", "id": 138, "link": "/entries/Physical_Quantities.html", "permalink": "/entries/Physical_Quantities.html", "shortname": "Physical_Quantities", "title": "A Sound Type System for Physical Quantities, Units, and Measurements", "topic_links": [ "mathematics/physics", "computer-science/programming-languages/type-systems" ], "topics": [ "Mathematics/Physics", "Computer science/Programming languages/Type systems" ], "used_by": 0 }, { "abstract": "This entry includes useful syntactic sugar, new operators and functions, and their associated lemmas for finite maps which currently are not present in the standard Finite_Map theory.", "authors": [ "Javier DĂ­az" ], "date": "2020-10-12", "id": 139, "link": "/entries/Finite-Map-Extras.html", "permalink": "/entries/Finite-Map-Extras.html", "shortname": "Finite-Map-Extras", "title": "Finite Map Extras", "topic_links": [ "computer-science/data-structures" ], "topics": [ "Computer science/Data structures" ], "used_by": 0 }, { "abstract": "In this AFP entry, we extend our formalization of the core DOM with Shadow Roots. Shadow roots are a recent proposal of the web community to support a component-based development approach for client-side web applications. Shadow roots are a significant extension to the DOM standard and, as web standards are condemned to be backward compatible, such extensions often result in complex specification that may contain unwanted subtleties that can be detected by a formalization. Our Isabelle/HOL formalization is, in the sense of object-orientation, an extension of our formalization of the core DOM and enjoys the same basic properties, i.e., it is extensible, i.e., can be extended without the need of re-proving already proven properties and executable, i.e., we can generate executable code from our specification. We exploit the executability to show that our formalization complies to the official standard of the W3C, respectively, the WHATWG.", "authors": [ "Achim D. Brucker", "Michael Herzberg" ], "date": "2020-09-28", "id": 140, "link": "/entries/Shadow_DOM.html", "permalink": "/entries/Shadow_DOM.html", "shortname": "Shadow_DOM", "title": "A Formal Model of the Document Object Model with Shadow Roots", "topic_links": [ "computer-science/data-structures" ], "topics": [ "Computer science/Data structures" ], "used_by": 1 }, { "abstract": "In this AFP entry, we extend our formalization of the safely composable DOM with Shadow Roots. This is a proposal for Shadow Roots with stricter safety guarantess than the standard compliant formalization (see \"Shadow DOM\"). Shadow Roots are a recent proposal of the web community to support a component-based development approach for client-side web applications. Shadow roots are a significant extension to the DOM standard and, as web standards are condemned to be backward compatible, such extensions often result in complex specification that may contain unwanted subtleties that can be detected by a formalization. Our Isabelle/HOL formalization is, in the sense of object-orientation, an extension of our formalization of the core DOM and enjoys the same basic properties, i.e., it is extensible, i.e., can be extended without the need of re-proving already proven properties and executable, i.e., we can generate executable code from our specification. We exploit the executability to show that our formalization complies to the official standard of the W3C, respectively, the WHATWG.", "authors": [ "Achim D. Brucker", "Michael Herzberg" ], "date": "2020-09-28", "id": 141, "link": "/entries/Shadow_SC_DOM.html", "permalink": "/entries/Shadow_SC_DOM.html", "shortname": "Shadow_SC_DOM", "title": "A Formal Model of the Safely Composable Document Object Model with Shadow Roots", "topic_links": [ "computer-science/data-structures" ], "topics": [ "Computer science/Data structures" ], "used_by": 1 }, { "abstract": "While the (safely composable) DOM with shadow trees provide the technical basis for defining web components, it does neither defines the concept of web components nor specifies the safety properties that web components should guarantee. Consequently, the standard also does not discuss how or even if the methods for modifying the DOM respect component boundaries. In AFP entry, we present a formally verified model of safely composable web components and define safety properties which ensure that different web components can only interact with each other using well-defined interfaces. Moreover, our verification of the application programming interface (API) of the DOM revealed numerous invariants that implementations of the DOM API need to preserve to ensure the integrity of components. In comparison to the strict standard compliance formalization of Web Components in the AFP entry \"DOM_Components\", the notion of components in this entry (based on \"SC_DOM\" and \"Shadow_SC_DOM\") provides much stronger safety guarantees.", "authors": [ "Achim D. Brucker", "Michael Herzberg" ], "date": "2020-09-28", "id": 142, "link": "/entries/SC_DOM_Components.html", "permalink": "/entries/SC_DOM_Components.html", "shortname": "SC_DOM_Components", "title": "A Formalization of Safely Composable Web Components", "topic_links": [ "computer-science/data-structures" ], "topics": [ "Computer science/Data structures" ], "used_by": 0 }, { "abstract": "While the DOM with shadow trees provide the technical basis for defining web components, the DOM standard neither defines the concept of web components nor specifies the safety properties that web components should guarantee. Consequently, the standard also does not discuss how or even if the methods for modifying the DOM respect component boundaries. In AFP entry, we present a formally verified model of web components and define safety properties which ensure that different web components can only interact with each other using well-defined interfaces. Moreover, our verification of the application programming interface (API) of the DOM revealed numerous invariants that implementations of the DOM API need to preserve to ensure the integrity of components.", "authors": [ "Achim D. Brucker", "Michael Herzberg" ], "date": "2020-09-28", "id": 143, "link": "/entries/DOM_Components.html", "permalink": "/entries/DOM_Components.html", "shortname": "DOM_Components", "title": "A Formalization of Web Components", "topic_links": [ "computer-science/data-structures" ], "topics": [ "Computer science/Data structures" ], "used_by": 0 }, { "abstract": "In this AFP entry, we formalize the core of the Safely Composable Document Object Model (SC DOM). The SC DOM improve the standard DOM (as formalized in the AFP entry \"Core DOM\") by strengthening the tree boundaries set by shadow roots: in the SC DOM, the shadow root is a sub-class of the document class (instead of a base class). This modifications also results in changes to some API methods (e.g., getOwnerDocument) to return the nearest shadow root rather than the document root. As a result, many API methods that, when called on a node inside a shadow tree, would previously ``break out'' and return or modify nodes that are possibly outside the shadow tree, now stay within its boundaries. This change in behavior makes programs that operate on shadow trees more predictable for the developer and allows them to make more assumptions about other code accessing the DOM.", "authors": [ "Achim D. Brucker", "Michael Herzberg" ], "date": "2020-09-28", "id": 144, "link": "/entries/Core_SC_DOM.html", "permalink": "/entries/Core_SC_DOM.html", "shortname": "Core_SC_DOM", "title": "The Safely Composable DOM", "topic_links": [ "computer-science/data-structures" ], "topics": [ "Computer science/Data structures" ], "used_by": 1 }, { "abstract": "We present an abstract formalization of G\u0026ouml;del's incompleteness theorems. We analyze sufficient conditions for the theorems' applicability to a partially specified logic. Our abstract perspective enables a comparison between alternative approaches from the literature. These include Rosser's variation of the first theorem, Jeroslow's variation of the second theorem, and the Swierczkowski\u0026ndash;Paulson semantics-based approach. This AFP entry is the main entry point to the results described in our CADE-27 paper \u003ca href=\"https://dx.doi.org/10.1007/978-3-030-29436-6_26\"\u003eA Formally Verified Abstract Account of Gödel's Incompleteness Theorems\u003c/a\u003e. As part of our abstract formalization's validation, we instantiate our locales twice in the separate AFP entries \u003ca href=\"https://www.isa-afp.org/entries/Goedel_HFSet_Semantic.html\"\u003eGoedel_HFSet_Semantic\u003c/a\u003e and \u003ca href=\"https://www.isa-afp.org/entries/Goedel_HFSet_Semanticless.html\"\u003eGoedel_HFSet_Semanticless\u003c/a\u003e.", "authors": [ "Andrei Popescu", "Dmitriy Traytel" ], "date": "2020-09-16", "id": 145, "link": "/entries/Goedel_Incompleteness.html", "permalink": "/entries/Goedel_Incompleteness.html", "shortname": "Goedel_Incompleteness", "title": "An Abstract Formalization of G\u0026ouml;del's Incompleteness Theorems", "topic_links": [ "logic/proof-theory" ], "topics": [ "Logic/Proof theory" ], "used_by": 2 }, { "abstract": "We validate an abstract formulation of G\u0026ouml;del's First and Second Incompleteness Theorems from a \u003ca href=\"https://www.isa-afp.org/entries/Goedel_Incompleteness.html\"\u003eseparate AFP entry\u003c/a\u003e by instantiating them to the case of \u003ci\u003efinite sound extensions of the Hereditarily Finite (HF) Set theory\u003c/i\u003e, i.e., FOL theories extending the HF Set theory with a finite set of axioms that are sound in the standard model. The concrete results had been previously formalised in an \u003ca href=\"https://www.isa-afp.org/entries/Incompleteness.html\"\u003eAFP entry by Larry Paulson\u003c/a\u003e; our instantiation reuses the infrastructure developed in that entry.", "authors": [ "Andrei Popescu", "Dmitriy Traytel" ], "date": "2020-09-16", "id": 146, "link": "/entries/Goedel_HFSet_Semantic.html", "permalink": "/entries/Goedel_HFSet_Semantic.html", "shortname": "Goedel_HFSet_Semantic", "title": "From Abstract to Concrete G\u0026ouml;del's Incompleteness Theorems\u0026mdash;Part I", "topic_links": [ "logic/proof-theory" ], "topics": [ "Logic/Proof theory" ], "used_by": 0 }, { "abstract": "We validate an abstract formulation of G\u0026ouml;del's Second Incompleteness Theorem from a \u003ca href=\"https://www.isa-afp.org/entries/Goedel_Incompleteness.html\"\u003eseparate AFP entry\u003c/a\u003e by instantiating it to the case of \u003ci\u003efinite consistent extensions of the Hereditarily Finite (HF) Set theory\u003c/i\u003e, i.e., consistent FOL theories extending the HF Set theory with a finite set of axioms. The instantiation draws heavily on infrastructure previously developed by Larry Paulson in his \u003ca href=\"https://www.isa-afp.org/entries/Incompleteness.html\"\u003edirect formalisation of the concrete result\u003c/a\u003e. It strengthens Paulson's formalization of G\u0026ouml;del's Second from that entry by \u003ci\u003enot\u003c/i\u003e assuming soundness, and in fact not relying on any notion of model or semantic interpretation. The strengthening was obtained by first replacing some of Paulson’s semantic arguments with proofs within his HF calculus, and then plugging in some of Paulson's (modified) lemmas to instantiate our soundness-free G\u0026ouml;del's Second locale.", "authors": [ "Andrei Popescu", "Dmitriy Traytel" ], "date": "2020-09-16", "id": 147, "link": "/entries/Goedel_HFSet_Semanticless.html", "permalink": "/entries/Goedel_HFSet_Semanticless.html", "shortname": "Goedel_HFSet_Semanticless", "title": "From Abstract to Concrete G\u0026ouml;del's Incompleteness Theorems\u0026mdash;Part II", "topic_links": [ "logic/proof-theory" ], "topics": [ "Logic/Proof theory" ], "used_by": 0 }, { "abstract": "We instantiate our syntax-independent logic infrastructure developed in \u003ca href=\"https://www.isa-afp.org/entries/Syntax_Independent_Logic.html\"\u003ea separate AFP entry\u003c/a\u003e to the FOL theory of Robinson arithmetic (also known as Q). The latter was formalised using Nominal Isabelle by adapting \u003ca href=\"https://www.isa-afp.org/entries/Incompleteness.html\"\u003eLarry Paulson’s formalization of the Hereditarily Finite Set theory\u003c/a\u003e.", "authors": [ "Andrei Popescu", "Dmitriy Traytel" ], "date": "2020-09-16", "id": 148, "link": "/entries/Robinson_Arithmetic.html", "permalink": "/entries/Robinson_Arithmetic.html", "shortname": "Robinson_Arithmetic", "title": "Robinson Arithmetic", "topic_links": [ "logic/proof-theory" ], "topics": [ "Logic/Proof theory" ], "used_by": 0 }, { "abstract": "We formalize a notion of logic whose terms and formulas are kept abstract. In particular, logical connectives, substitution, free variables, and provability are not defined, but characterized by their general properties as locale assumptions. Based on this abstract characterization, we develop further reusable reasoning infrastructure. For example, we define parallel substitution (along with proving its characterizing theorems) from single-point substitution. Similarly, we develop a natural deduction style proof system starting from the abstract Hilbert-style one. These one-time efforts benefit different concrete logics satisfying our locales' assumptions. We instantiate the syntax-independent logic infrastructure to Robinson arithmetic (also known as Q) in the AFP entry \u003ca href=\"https://www.isa-afp.org/entries/Robinson_Arithmetic.html\"\u003eRobinson_Arithmetic\u003c/a\u003e and to hereditarily finite set theory in the AFP entries \u003ca href=\"https://www.isa-afp.org/entries/Goedel_HFSet_Semantic.html\"\u003eGoedel_HFSet_Semantic\u003c/a\u003e and \u003ca href=\"https://www.isa-afp.org/entries/Goedel_HFSet_Semanticless.html\"\u003eGoedel_HFSet_Semanticless\u003c/a\u003e, which are part of our formalization of G\u0026ouml;del's Incompleteness Theorems described in our CADE-27 paper \u003ca href=\"https://dx.doi.org/10.1007/978-3-030-29436-6_26\"\u003eA Formally Verified Abstract Account of Gödel's Incompleteness Theorems\u003c/a\u003e.", "authors": [ "Andrei Popescu", "Dmitriy Traytel" ], "date": "2020-09-16", "id": 149, "link": "/entries/Syntax_Independent_Logic.html", "permalink": "/entries/Syntax_Independent_Logic.html", "shortname": "Syntax_Independent_Logic", "title": "Syntax-Independent Logic Infrastructure", "topic_links": [ "logic/proof-theory" ], "topics": [ "Logic/Proof theory" ], "used_by": 2 }, { "abstract": "In this AFP entry, we provide a formalisation of extended finite state machines (EFSMs) where models are represented as finite sets of transitions between states. EFSMs execute traces to produce observable outputs. We also define various simulation and equality metrics for EFSMs in terms of traces and prove their strengths in relation to each other. Another key contribution is a framework of function definitions such that LTL properties can be phrased over EFSMs. Finally, we provide a simple example case study in the form of a drinks machine.", "authors": [ "Michael Foster", "Achim D. Brucker", "Ramsay G. Taylor", "John Derrick" ], "date": "2020-09-07", "id": 150, "link": "/entries/Extended_Finite_State_Machines.html", "permalink": "/entries/Extended_Finite_State_Machines.html", "shortname": "Extended_Finite_State_Machines", "title": "A Formal Model of Extended Finite State Machines", "topic_links": [ "computer-science/automata-and-formal-languages" ], "topics": [ "Computer science/Automata and formal languages" ], "used_by": 1 }, { "abstract": "In this AFP entry, we provide a formal implementation of a state-merging technique to infer extended finite state machines (EFSMs), complete with output and update functions, from black-box traces. In particular, we define the subsumption in context relation as a means of determining whether one transition is able to account for the behaviour of another. Building on this, we define the direct subsumption relation, which lifts the subsumption in context relation to EFSM level such that we can use it to determine whether it is safe to merge a given pair of transitions. Key proofs include the conditions necessary for subsumption to occur and that subsumption and direct subsumption are preorder relations. We also provide a number of different heuristics which can be used to abstract away concrete values into registers so that more states and transitions can be merged and provide proofs of the various conditions which must hold for these abstractions to subsume their ungeneralised counterparts. A Code Generator setup to create executable Scala code is also defined.", "authors": [ "Michael Foster", "Achim D. Brucker", "Ramsay G. Taylor", "John Derrick" ], "date": "2020-09-07", "id": 151, "link": "/entries/Extended_Finite_State_Machine_Inference.html", "permalink": "/entries/Extended_Finite_State_Machine_Inference.html", "shortname": "Extended_Finite_State_Machine_Inference", "title": "Inference of Extended Finite State Machines", "topic_links": [ "computer-science/automata-and-formal-languages" ], "topics": [ "Computer science/Automata and formal languages" ], "used_by": 0 }, { "abstract": "Generating and checking proof certificates is important to increase the trust in automated reasoning tools. In recent years formal verification using computer algebra became more important and is heavily used in automated circuit verification. An existing proof format which covers algebraic reasoning and allows efficient proof checking is the practical algebraic calculus (PAC). In this development, we present the verified checker PastĂšque that is obtained by synthesis via the Refinement Framework. This is the formalization going with our FMCAD'20 tool presentation.", "authors": [ "Mathias Fleury", "Daniela Kaufmann" ], "date": "2020-08-31", "id": 152, "link": "/entries/PAC_Checker.html", "permalink": "/entries/PAC_Checker.html", "shortname": "PAC_Checker", "title": "Practical Algebraic Calculus Checker", "topic_links": [ "computer-science/algorithms" ], "topics": [ "Computer science/Algorithms" ], "used_by": 0 }, { "abstract": "\u003cp\u003e This entry formalizes some classical concepts and results from inductive inference of recursive functions. In the basic setting a partial recursive function (\"strategy\") must identify (\"learn\") all functions from a set (\"class\") of recursive functions. To that end the strategy receives more and more values $f(0), f(1), f(2), \\ldots$ of some function $f$ from the given class and in turn outputs descriptions of partial recursive functions, for example, Gödel numbers. The strategy is considered successful if the sequence of outputs (\"hypotheses\") converges to a description of $f$. A class of functions learnable in this sense is called \"learnable in the limit\". The set of all these classes is denoted by LIM. \u003c/p\u003e \u003cp\u003e Other types of inference considered are finite learning (FIN), behaviorally correct learning in the limit (BC), and some variants of LIM with restrictions on the hypotheses: total learning (TOTAL), consistent learning (CONS), and class-preserving learning (CP). The main results formalized are the proper inclusions $\\mathrm{FIN} \\subset \\mathrm{CP} \\subset \\mathrm{TOTAL} \\subset \\mathrm{CONS} \\subset \\mathrm{LIM} \\subset \\mathrm{BC} \\subset 2^{\\mathcal{R}}$, where $\\mathcal{R}$ is the set of all total recursive functions. Further results show that for all these inference types except CONS, strategies can be assumed to be total recursive functions; that all inference types but CP are closed under the subset relation between classes; and that no inference type is closed under the union of classes. \u003c/p\u003e \u003cp\u003e The above is based on a formalization of recursive functions heavily inspired by the \u003ca href=\"https://www.isa-afp.org/entries/Universal_Turing_Machine.html\"\u003eUniversal Turing Machine\u003c/a\u003e entry by Xu et al., but different in that it models partial functions with codomain \u003cem\u003enat option\u003c/em\u003e. The formalization contains a construction of a universal partial recursive function, without resorting to Turing machines, introduces decidability and recursive enumerability, and proves some standard results: existence of a Kleene normal form, the \u003cem\u003es-m-n\u003c/em\u003e theorem, Rice's theorem, and assorted fixed-point theorems (recursion theorems) by Kleene, Rogers, and Smullyan. \u003c/p\u003e", "authors": [ "Frank J. Balbach" ], "date": "2020-08-31", "id": 153, "link": "/entries/Inductive_Inference.html", "permalink": "/entries/Inductive_Inference.html", "shortname": "Inductive_Inference", "title": "Some classical results in inductive inference of recursive functions", "topic_links": [ "logic/computability", "computer-science/machine-learning" ], "topics": [ "Logic/Computability", "Computer science/Machine learning" ], "used_by": 0 }, { "abstract": "We give a simple relation-algebraic semantics of read and write operations on associative arrays. The array operations seamlessly integrate with assignments in the Hoare-logic library. Using relation algebras and Kleene algebras we verify the correctness of an array-based implementation of disjoint-set forests with a naive union operation and a find operation with path compression.", "authors": [ "Walter Guttmann" ], "date": "2020-08-26", "id": 154, "link": "/entries/Relational_Disjoint_Set_Forests.html", "permalink": "/entries/Relational_Disjoint_Set_Forests.html", "shortname": "Relational_Disjoint_Set_Forests", "title": "Relational Disjoint-Set Forests", "topic_links": [ "computer-science/data-structures" ], "topics": [ "Computer science/Data structures" ], "used_by": 1 }, { "abstract": "This Isabelle/HOL formalization extends the AFP entry \u003cem\u003eSaturation_Framework\u003c/em\u003e with the following contributions: \u003cul\u003e \u003cli\u003ean application of the framework to prove Bachmair and Ganzinger's resolution prover RP refutationally complete, which was formalized in a more ad hoc fashion by Schlichtkrull et al. in the AFP entry \u003cem\u003eOrdered_Resultion_Prover\u003c/em\u003e;\u003c/li\u003e \u003cli\u003egeneralizations of various basic concepts formalized by Schlichtkrull et al., which were needed to verify RP and could be useful to formalize other calculi, such as superposition;\u003c/li\u003e \u003cli\u003ealternative proofs of fairness (and hence saturation and ultimately refutational completeness) for the given clause procedures GC and LGC, based on invariance.\u003c/li\u003e \u003c/ul\u003e", "authors": [ "Jasmin Christian Blanchette", "Sophie Tourret" ], "date": "2020-08-25", "id": 155, "link": "/entries/Saturation_Framework_Extensions.html", "permalink": "/entries/Saturation_Framework_Extensions.html", "shortname": "Saturation_Framework_Extensions", "title": "Extensions to the Comprehensive Framework for Saturation Theorem Proving", "topic_links": [ "logic/general-logic/mechanization-of-proofs" ], "topics": [ "Logic/General logic/Mechanization of proofs" ], "used_by": 0 }, { "abstract": "Richard Bird and collaborators have proposed a derivation of an intricate cyclic program that implements the Morris-Pratt string matching algorithm. Here we provide a proof of total correctness for Bird's derivation and complete it by adding Knuth's optimisation.", "authors": [ "Peter Gammie" ], "date": "2020-08-25", "id": 156, "link": "/entries/BirdKMP.html", "permalink": "/entries/BirdKMP.html", "shortname": "BirdKMP", "title": "Putting the `K' into Bird's derivation of Knuth-Morris-Pratt string matching", "topic_links": [ "computer-science/functional-programming" ], "topics": [ "Computer science/Functional programming" ], "used_by": 0 }, { "abstract": "This is a formalisation of Amicable Numbers, involving some relevant material including Euler's sigma function, some relevant definitions, results and examples as well as rules such as Th\u0026#257;bit ibn Qurra's Rule, Euler's Rule, te Riele's Rule and Borho's Rule with breeders.", "authors": [ "Angeliki Koutsoukou-Argyraki" ], "date": "2020-08-04", "id": 157, "link": "/entries/Amicable_Numbers.html", "permalink": "/entries/Amicable_Numbers.html", "shortname": "Amicable_Numbers", "title": "Amicable Numbers", "topic_links": [ "mathematics/number-theory" ], "topics": [ "Mathematics/Number theory" ], "used_by": 0 }, { "abstract": "The theory of partition relations concerns generalisations of Ramsey's theorem. For any ordinal $\\alpha$, write $\\alpha \\to (\\alpha, m)^2$ if for each function $f$ from unordered pairs of elements of $\\alpha$ into $\\{0,1\\}$, either there is a subset $X\\subseteq \\alpha$ order-isomorphic to $\\alpha$ such that $f\\{x,y\\}=0$ for all $\\{x,y\\}\\subseteq X$, or there is an $m$ element set $Y\\subseteq \\alpha$ such that $f\\{x,y\\}=1$ for all $\\{x,y\\}\\subseteq Y$. (In both cases, with $\\{x,y\\}$ we require $x\\not=y$.) In particular, the infinite Ramsey theorem can be written in this notation as $\\omega \\to (\\omega, \\omega)^2$, or if we restrict $m$ to the positive integers as above, then $\\omega \\to (\\omega, m)^2$ for all $m$. This entry formalises Larson's proof of $\\omega^\\omega \\to (\\omega^\\omega, m)^2$ along with a similar proof of a result due to Specker: $\\omega^2 \\to (\\omega^2, m)^2$. Also proved is a necessary result by ErdƑs and Milner: $\\omega^{1+\\alpha\\cdot n} \\to (\\omega^{1+\\alpha}, 2^n)^2$.", "authors": [ "Lawrence C. Paulson" ], "date": "2020-08-03", "id": 158, "link": "/entries/Ordinal_Partitions.html", "permalink": "/entries/Ordinal_Partitions.html", "shortname": "Ordinal_Partitions", "title": "Ordinal Partitions", "topic_links": [ "mathematics/combinatorics", "logic/set-theory" ], "topics": [ "Mathematics/Combinatorics", "Logic/Set theory" ], "used_by": 0 }, { "abstract": "We provide a suitable distributed system model and implementation of the Chandy--Lamport distributed snapshot algorithm [ACM Transactions on Computer Systems, 3, 63-75, 1985]. Our main result is a formal termination and correctness proof of the Chandy--Lamport algorithm and its use in stable property detection.", "authors": [ "Ben Fiedler", "Dmitriy Traytel" ], "date": "2020-07-21", "id": 159, "link": "/entries/Chandy_Lamport.html", "permalink": "/entries/Chandy_Lamport.html", "shortname": "Chandy_Lamport", "title": "A Formal Proof of The Chandy--Lamport Distributed Snapshot Algorithm", "topic_links": [ "computer-science/algorithms/distributed" ], "topics": [ "Computer science/Algorithms/Distributed" ], "used_by": 0 }, { "abstract": "Binary relations are one of the standard ways to encode, characterise and reason about graphs. Relation algebras provide equational axioms for a large fragment of the calculus of binary relations. Although relations are standard tools in many areas of mathematics and computing, researchers usually fall back to point-wise reasoning when it comes to arguments about paths in a graph. We present a purely algebraic way to specify different kinds of paths in Kleene relation algebras, which are relation algebras equipped with an operation for reflexive transitive closure. We study the relationship between paths with a designated root vertex and paths without such a vertex. Since we stay in first-order logic this development helps with mechanising proofs. To demonstrate the applicability of the algebraic framework we verify the correctness of three basic graph algorithms.", "authors": [ "Walter Guttmann", "Peter Höfner" ], "date": "2020-07-13", "id": 160, "link": "/entries/Relational_Paths.html", "permalink": "/entries/Relational_Paths.html", "shortname": "Relational_Paths", "title": "Relational Characterisations of Paths", "topic_links": [ "mathematics/graph-theory" ], "topics": [ "Mathematics/Graph theory" ], "used_by": 0 }, { "abstract": "The Vienna Convention on Road Traffic defines the safe distance traffic rules informally. This could make autonomous vehicle liable for safe-distance-related accidents because there is no clear definition of how large a safe distance is. We provide a formally proven prescriptive definition of a safe distance, and checkers which can decide whether an autonomous vehicle is obeying the safe distance rule. Not only does our work apply to the domain of law, but it also serves as a specification for autonomous vehicle manufacturers and for online verification of path planners.", "authors": [ "Albert Rizaldi", "Fabian Immler" ], "date": "2020-06-01", "id": 161, "link": "/entries/Safe_Distance.html", "permalink": "/entries/Safe_Distance.html", "shortname": "Safe_Distance", "title": "A Formally Verified Checker of the Safe Distance Traffic Rules for Autonomous Vehicles", "topic_links": [ "computer-science/algorithms/mathematical", "mathematics/physics" ], "topics": [ "Computer science/Algorithms/Mathematical", "Mathematics/Physics" ], "used_by": 0 }, { "abstract": "This work presents a formal proof in Isabelle/HOL of an algorithm to transform a matrix into its Smith normal form, a canonical matrix form, in a general setting: the algorithm is parameterized by operations to prove its existence over elementary divisor rings, while execution is guaranteed over Euclidean domains. We also provide a formal proof on some results about the generality of this algorithm as well as the uniqueness of the Smith normal form. Since Isabelle/HOL does not feature dependent types, the development is carried out switching conveniently between two different existing libraries: the Hermite normal form (based on HOL Analysis) and the Jordan normal form AFP entries. This permits to reuse results from both developments and it is done by means of the lifting and transfer package together with the use of local type definitions.", "authors": [ "Jose DivasĂłn" ], "date": "2020-05-23", "id": 162, "link": "/entries/Smith_Normal_Form.html", "permalink": "/entries/Smith_Normal_Form.html", "shortname": "Smith_Normal_Form", "title": "A verified algorithm for computing the Smith normal form of a matrix", "topic_links": [ "mathematics/algebra", "computer-science/algorithms/mathematical" ], "topics": [ "Mathematics/Algebra", "Computer science/Algorithms/Mathematical" ], "used_by": 1 }, { "abstract": "In 1965, Nash-Williams discovered a generalisation of the infinite form of Ramsey's theorem. Where the latter concerns infinite sets of n-element sets for some fixed n, the Nash-Williams theorem concerns infinite sets of finite sets (or lists) subject to a “no initial segment” condition. The present formalisation follows a monograph on Ramsey Spaces by Todorčević.", "authors": [ "Lawrence C. Paulson" ], "date": "2020-05-16", "id": 163, "link": "/entries/Nash_Williams.html", "permalink": "/entries/Nash_Williams.html", "shortname": "Nash_Williams", "title": "The Nash-Williams Partition Theorem", "topic_links": [ "mathematics/combinatorics" ], "topics": [ "Mathematics/Combinatorics" ], "used_by": 1 }, { "abstract": "We define a generalized version of Knuth\u0026ndash;Bendix orders, including subterm coefficient functions. For these orders we formalize several properties such as strong normalization, the subterm property, closure properties under substitutions and contexts, as well as ground totality.", "authors": [ "Christian Sternagel", "RenĂ© Thiemann" ], "date": "2020-05-13", "id": 164, "link": "/entries/Knuth_Bendix_Order.html", "permalink": "/entries/Knuth_Bendix_Order.html", "shortname": "Knuth_Bendix_Order", "title": "A Formalization of Knuth–Bendix Orders", "topic_links": [ "logic/rewriting" ], "topics": [ "Logic/Rewriting" ], "used_by": 3 }, { "abstract": "We formalise certain irrationality criteria for infinite series of the form: \\[\\sum_{n=1}^\\infty \\frac{b_n}{\\prod_{i=1}^n a_i} \\] where $\\{b_n\\}$ is a sequence of integers and $\\{a_n\\}$ a sequence of positive integers with $a_n \u003e1$ for all large n. The results are due to P. ErdƑs and E. G. Straus \u003ca href=\"https://projecteuclid.org/euclid.pjm/1102911140\"\u003e[1]\u003c/a\u003e. In particular, we formalise Theorem 2.1, Corollary 2.10 and Theorem 3.1. The latter is an application of Theorem 2.1 involving the prime numbers.", "authors": [ "Angeliki Koutsoukou-Argyraki", "Wenda Li" ], "date": "2020-05-12", "id": 165, "link": "/entries/Irrational_Series_Erdos_Straus.html", "permalink": "/entries/Irrational_Series_Erdos_Straus.html", "shortname": "Irrational_Series_Erdos_Straus", "title": "Irrationality Criteria for Series by ErdƑs and Straus", "topic_links": [ "mathematics/number-theory", "mathematics/analysis" ], "topics": [ "Mathematics/Number theory", "Mathematics/Analysis" ], "used_by": 0 }, { "abstract": "This document contains a proof of the recursion theorem. This is a mechanization of the proof of the recursion theorem from the text \u003ci\u003eIntroduction to Set Theory\u003c/i\u003e, by Karel Hrbacek and Thomas Jech. This implementation may be used as the basis for a model of Peano arithmetic in ZF. While recursion and the natural numbers are already available in Isabelle/ZF, this clean development is much easier to follow.", "authors": [ "Georgy Dunaev" ], "date": "2020-05-11", "id": 166, "link": "/entries/Recursion-Addition.html", "permalink": "/entries/Recursion-Addition.html", "shortname": "Recursion-Addition", "title": "Recursion Theorem in ZF", "topic_links": [ "logic/set-theory" ], "topics": [ "Logic/Set theory" ], "used_by": 0 }, { "abstract": "In the mid 80s, Lichtenstein, Pnueli, and Zuck proved a classical theorem stating that every formula of Past LTL (the extension of LTL with past operators) is equivalent to a formula of the form $\\bigwedge_{i=1}^n \\mathbf{G}\\mathbf{F} \\varphi_i \\vee \\mathbf{F}\\mathbf{G} \\psi_i$, where $\\varphi_i$ and $\\psi_i$ contain only past operators. Some years later, Chang, Manna, and Pnueli built on this result to derive a similar normal form for LTL. Both normalisation procedures have a non-elementary worst-case blow-up, and follow an involved path from formulas to counter-free automata to star-free regular expressions and back to formulas. We improve on both points. We present an executable formalisation of a direct and purely syntactic normalisation procedure for LTL yielding a normal form, comparable to the one by Chang, Manna, and Pnueli, that has only a single exponential blow-up.", "authors": [ "Salomon Sickert" ], "date": "2020-05-08", "id": 167, "link": "/entries/LTL_Normal_Form.html", "permalink": "/entries/LTL_Normal_Form.html", "shortname": "LTL_Normal_Form", "title": "An Efficient Normalisation Procedure for Linear Temporal Logic: Isabelle/HOL Formalisation", "topic_links": [ "computer-science/automata-and-formal-languages", "logic/general-logic/temporal-logic" ], "topics": [ "Computer science/Automata and formal languages", "Logic/General logic/Temporal logic" ], "used_by": 0 }, { "abstract": "We formalize the theory of forcing in the set theory framework of Isabelle/ZF. Under the assumption of the existence of a countable transitive model of ZFC, we construct a proper generic extension and show that the latter also satisfies ZFC.", "authors": [ "Emmanuel Gunther", "Miguel Pagano", "Pedro SĂĄnchez Terraf" ], "date": "2020-05-06", "id": 168, "link": "/entries/Forcing.html", "permalink": "/entries/Forcing.html", "shortname": "Forcing", "title": "Formalization of Forcing in Isabelle/ZF", "topic_links": [ "logic/set-theory" ], "topics": [ "Logic/Set theory" ], "used_by": 0 }, { "abstract": "We formalize in Isabelle/HOL a result due to S. Banach and H. Steinhaus known as the Banach-Steinhaus theorem or Uniform boundedness principle: a pointwise-bounded family of continuous linear operators from a Banach space to a normed space is uniformly bounded. Our approach is an adaptation to Isabelle/HOL of a proof due to A. Sokal.", "authors": [ "Dominique Unruh", "JosĂ© Manuel RodrĂ­guez Caballero" ], "date": "2020-05-02", "id": 169, "link": "/entries/Banach_Steinhaus.html", "permalink": "/entries/Banach_Steinhaus.html", "shortname": "Banach_Steinhaus", "title": "Banach-Steinhaus Theorem", "topic_links": [ "mathematics/analysis" ], "topics": [ "Mathematics/Analysis" ], "used_by": 1 }, { "abstract": "In this article, we present a proof theory for Attack Trees. Attack Trees are a well established and useful model for the construction of attacks on systems since they allow a stepwise exploration of high level attacks in application scenarios. Using the expressiveness of Higher Order Logic in Isabelle, we develop a generic theory of Attack Trees with a state-based semantics based on Kripke structures and CTL. The resulting framework allows mechanically supported logic analysis of the meta-theory of the proof calculus of Attack Trees and at the same time the developed proof theory enables application to case studies. A central correctness and completeness result proved in Isabelle establishes a connection between the notion of Attack Tree validity and CTL. The application is illustrated on the example of a healthcare IoT system and GDPR compliance verification.", "authors": [ "Florian KammĂŒller" ], "date": "2020-04-27", "id": 170, "link": "/entries/Attack_Trees.html", "permalink": "/entries/Attack_Trees.html", "shortname": "Attack_Trees", "title": "Attack Trees in Isabelle for GDPR compliance of IoT healthcare systems", "topic_links": [ "computer-science/security" ], "topics": [ "Computer science/Security" ], "used_by": 0 }, { "abstract": "\u003cp\u003eThe Gaussian integers are the subring \u0026#8484;[i] of the complex numbers, i. e. the ring of all complex numbers with integral real and imaginary part. This article provides a definition of this ring as well as proofs of various basic properties, such as that they form a Euclidean ring and a full classification of their primes. An executable (albeit not very efficient) factorisation algorithm is also provided.\u003c/p\u003e \u003cp\u003eLastly, this Gaussian integer formalisation is used in two short applications:\u003c/p\u003e \u003col\u003e \u003cli\u003e The characterisation of all positive integers that can be written as sums of two squares\u003c/li\u003e \u003cli\u003e Euclid's formula for primitive Pythagorean triples\u003c/li\u003e \u003c/ol\u003e \u003cp\u003eWhile elementary proofs for both of these are already available in the AFP, the theory of Gaussian integers provides more concise proofs and a more high-level view.\u003c/p\u003e", "authors": [ "Manuel Eberl" ], "date": "2020-04-24", "id": 171, "link": "/entries/Gaussian_Integers.html", "permalink": "/entries/Gaussian_Integers.html", "shortname": "Gaussian_Integers", "title": "Gaussian Integers", "topic_links": [ "mathematics/number-theory" ], "topics": [ "Mathematics/Number theory" ], "used_by": 0 }, { "abstract": "\u003cp\u003eThis article provides a formalisation of the symmetric multivariate polynomials known as \u003cem\u003epower sum polynomials\u003c/em\u003e. These are of the form p\u003csub\u003en\u003c/sub\u003e(\u003cem\u003eX\u003c/em\u003e\u003csub\u003e1\u003c/sub\u003e,\u0026hellip;, \u003cem\u003eX\u003c/em\u003e\u003csub\u003e\u003cem\u003ek\u003c/em\u003e\u003c/sub\u003e) = \u003cem\u003eX\u003c/em\u003e\u003csub\u003e1\u003c/sub\u003e\u003csup\u003en\u003c/sup\u003e + \u0026hellip; + X\u003csub\u003e\u003cem\u003ek\u003c/em\u003e\u003c/sub\u003e\u003csup\u003en\u003c/sup\u003e. A formal proof of the Girard–Newton Theorem is also given. This theorem relates the power sum polynomials to the elementary symmetric polynomials s\u003csub\u003e\u003cem\u003ek\u003c/em\u003e\u003c/sub\u003e in the form of a recurrence relation (-1)\u003csup\u003e\u003cem\u003ek\u003c/em\u003e\u003c/sup\u003e \u003cem\u003ek\u003c/em\u003e s\u003csub\u003e\u003cem\u003ek\u003c/em\u003e\u003c/sub\u003e = \u0026sum;\u003csub\u003ei\u0026isinv;[0,\u003cem\u003ek\u003c/em\u003e)\u003c/sub\u003e (-1)\u003csup\u003ei\u003c/sup\u003e s\u003csub\u003ei\u003c/sub\u003e p\u003csub\u003e\u003cem\u003ek\u003c/em\u003e-\u003cem\u003ei\u003c/em\u003e\u003c/sub\u003e\u0026thinsp;.\u003c/p\u003e \u003cp\u003eAs an application, this is then used to solve a generalised form of a puzzle given as an exercise in Dummit and Foote's \u003cem\u003eAbstract Algebra\u003c/em\u003e: For \u003cem\u003ek\u003c/em\u003e complex unknowns \u003cem\u003ex\u003c/em\u003e\u003csub\u003e1\u003c/sub\u003e, \u0026hellip;, \u003cem\u003ex\u003c/em\u003e\u003csub\u003e\u003cem\u003ek\u003c/em\u003e\u003c/sub\u003e, define p\u003csub\u003e\u003cem\u003ej\u003c/em\u003e\u003c/sub\u003e := \u003cem\u003ex\u003c/em\u003e\u003csub\u003e1\u003c/sub\u003e\u003csup\u003e\u003cem\u003ej\u003c/em\u003e\u003c/sup\u003e + \u0026hellip; + \u003cem\u003ex\u003c/em\u003e\u003csub\u003e\u003cem\u003ek\u003c/em\u003e\u003c/sub\u003e\u003csup\u003e\u003cem\u003ej\u003c/em\u003e\u003c/sup\u003e. Then for each vector \u003cem\u003ea\u003c/em\u003e \u0026isinv; \u0026#x2102;\u003csup\u003e\u003cem\u003ek\u003c/em\u003e\u003c/sup\u003e, show that there is exactly one solution to the system p\u003csub\u003e1\u003c/sub\u003e = a\u003csub\u003e1\u003c/sub\u003e, \u0026hellip;, p\u003csub\u003e\u003cem\u003ek\u003c/em\u003e\u003c/sub\u003e = a\u003csub\u003e\u003cem\u003ek\u003c/em\u003e\u003c/sub\u003e up to permutation of the \u003cem\u003ex\u003c/em\u003e\u003csub\u003e\u003cem\u003ei\u003c/em\u003e\u003c/sub\u003e and determine the value of p\u003csub\u003e\u003cem\u003ei\u003c/em\u003e\u003c/sub\u003e for i\u0026gt;k.\u003c/p\u003e", "authors": [ "Manuel Eberl" ], "date": "2020-04-24", "id": 172, "link": "/entries/Power_Sum_Polynomials.html", "permalink": "/entries/Power_Sum_Polynomials.html", "shortname": "Power_Sum_Polynomials", "title": "Power Sum Polynomials", "topic_links": [ "mathematics/algebra" ], "topics": [ "Mathematics/Algebra" ], "used_by": 1 }, { "abstract": "\u003cp\u003eThe Lambert \u003cem\u003eW\u003c/em\u003e function is a multi-valued function defined as the inverse function of \u003cem\u003ex\u003c/em\u003e \u0026#x21A6; \u003cem\u003ex\u003c/em\u003e e\u003csup\u003e\u003cem\u003ex\u003c/em\u003e\u003c/sup\u003e. Besides numerous applications in combinatorics, physics, and engineering, it also frequently occurs when solving equations containing both e\u003csup\u003e\u003cem\u003ex\u003c/em\u003e\u003c/sup\u003e and \u003cem\u003ex\u003c/em\u003e, or both \u003cem\u003ex\u003c/em\u003e and log \u003cem\u003ex\u003c/em\u003e.\u003c/p\u003e \u003cp\u003eThis article provides a definition of the two real-valued branches \u003cem\u003eW\u003c/em\u003e\u003csub\u003e0\u003c/sub\u003e(\u003cem\u003ex\u003c/em\u003e) and \u003cem\u003eW\u003c/em\u003e\u003csub\u003e-1\u003c/sub\u003e(\u003cem\u003ex\u003c/em\u003e) and proves various properties such as basic identities and inequalities, monotonicity, differentiability, asymptotic expansions, and the MacLaurin series of \u003cem\u003eW\u003c/em\u003e\u003csub\u003e0\u003c/sub\u003e(\u003cem\u003ex\u003c/em\u003e) at \u003cem\u003ex\u003c/em\u003e = 0.\u003c/p\u003e", "authors": [ "Manuel Eberl" ], "date": "2020-04-24", "id": 173, "link": "/entries/Lambert_W.html", "permalink": "/entries/Lambert_W.html", "shortname": "Lambert_W", "title": "The Lambert W Function on the Reals", "topic_links": [ "mathematics/analysis" ], "topics": [ "Mathematics/Analysis" ], "used_by": 0 }, { "abstract": "Our theories formalise various matrix properties that serve to establish existence, uniqueness and characterisation of the solution to affine systems of ordinary differential equations (ODEs). In particular, we formalise the operator and maximum norm of matrices. Then we use them to prove that square matrices form a Banach space, and in this setting, we show an instance of Picard-Lindelöf’s theorem for affine systems of ODEs. Finally, we use this formalisation to verify three simple hybrid programs.", "authors": [ "Jonathan Julian Huerta y Munive" ], "date": "2020-04-19", "id": 174, "link": "/entries/Matrices_for_ODEs.html", "permalink": "/entries/Matrices_for_ODEs.html", "shortname": "Matrices_for_ODEs", "title": "Matrices for ODEs", "topic_links": [ "mathematics/analysis", "mathematics/algebra" ], "topics": [ "Mathematics/Analysis", "Mathematics/Algebra" ], "used_by": 0 }, { "abstract": "Authenticated data structures allow several systems to convince each other that they are referring to the same data structure, even if each of them knows only a part of the data structure. Using inclusion proofs, knowledgeable systems can selectively share their knowledge with other systems and the latter can verify the authenticity of what is being shared. In this article, we show how to modularly define authenticated data structures, their inclusion proofs, and operations thereon as datatypes in Isabelle/HOL, using a shallow embedding. Modularity allows us to construct complicated trees from reusable building blocks, which we call Merkle functors. Merkle functors include sums, products, and function spaces and are closed under composition and least fixpoints. As a practical application, we model the hierarchical transactions of \u003ca href=\"https://www.canton.io\"\u003eCanton\u003c/a\u003e, a practical interoperability protocol for distributed ledgers, as authenticated data structures. This is a first step towards formalizing the Canton protocol and verifying its integrity and security guarantees.", "authors": [ "Andreas Lochbihler", "Ognjen Marić" ], "date": "2020-04-16", "id": 175, "link": "/entries/ADS_Functor.html", "permalink": "/entries/ADS_Functor.html", "shortname": "ADS_Functor", "title": "Authenticated Data Structures As Functors", "topic_links": [ "computer-science/data-structures" ], "topics": [ "Computer science/Data structures" ], "used_by": 0 }, { "abstract": "Basin et al.'s \u003ca href=\"https://doi.org/10.1016/j.ipl.2014.09.009\"\u003esliding window algorithm (SWA)\u003c/a\u003e is an algorithm for combining the elements of subsequences of a sequence with an associative operator. It is greedy and minimizes the number of operator applications. We formalize the algorithm and verify its functional correctness. We extend the algorithm with additional operations and provide an alternative interface to the slide operation that does not require the entire input sequence.", "authors": [ "Lukas Heimes", "Dmitriy Traytel", "Joshua Schneider" ], "date": "2020-04-10", "id": 176, "link": "/entries/Sliding_Window_Algorithm.html", "permalink": "/entries/Sliding_Window_Algorithm.html", "shortname": "Sliding_Window_Algorithm", "title": "Formalization of an Algorithm for Greedily Computing Associative Aggregations on Sliding Windows", "topic_links": [ "computer-science/algorithms" ], "topics": [ "Computer science/Algorithms" ], "used_by": 0 }, { "abstract": "This Isabelle/HOL formalization is the companion of the technical report “A comprehensive framework for saturation theorem proving”, itself companion of the eponym IJCAR 2020 paper, written by Uwe Waldmann, Sophie Tourret, Simon Robillard and Jasmin Blanchette. It verifies a framework for formal refutational completeness proofs of abstract provers that implement saturation calculi, such as ordered resolution or superposition, and allows to model entire prover architectures in such a way that the static refutational completeness of a calculus immediately implies the dynamic refutational completeness of a prover implementing the calculus using a variant of the given clause loop. The technical report “A comprehensive framework for saturation theorem proving” is available \u003ca href=\"http://matryoshka.gforge.inria.fr/pubs/satur_report.pdf\"\u003eon the Matryoshka website\u003c/a\u003e. The names of the Isabelle lemmas and theorems corresponding to the results in the report are indicated in the margin of the report.", "authors": [ "Sophie Tourret" ], "date": "2020-04-09", "id": 177, "link": "/entries/Saturation_Framework.html", "permalink": "/entries/Saturation_Framework.html", "shortname": "Saturation_Framework", "title": "A Comprehensive Framework for Saturation Theorem Proving", "topic_links": [ "logic/general-logic/mechanization-of-proofs" ], "topics": [ "Logic/General logic/Mechanization of proofs" ], "used_by": 1 }, { "abstract": "A monitor is a runtime verification tool that solves the following problem: Given a stream of time-stamped events and a policy formulated in a specification language, decide whether the policy is satisfied at every point in the stream. We verify the correctness of an executable monitor for specifications given as formulas in metric first-order dynamic logic (MFODL), which combines the features of metric first-order temporal logic (MFOTL) and metric dynamic logic. Thus, MFODL supports real-time constraints, first-order parameters, and regular expressions. Additionally, the monitor supports aggregation operations such as count and sum. This formalization, which is described in a \u003ca href=\"http://people.inf.ethz.ch/trayteld/papers/ijcar20-verimonplus/verimonplus.pdf\"\u003e forthcoming paper at IJCAR 2020\u003c/a\u003e, significantly extends \u003ca href=\"https://www.isa-afp.org/entries/MFOTL_Monitor.html\"\u003eprevious work on a verified monitor\u003c/a\u003e for MFOTL. Apart from the addition of regular expressions and aggregations, we implemented \u003ca href=\"https://www.isa-afp.org/entries/Generic_Join.html\"\u003emulti-way joins\u003c/a\u003e and a specialized sliding window algorithm to further optimize the monitor.", "authors": [ "Thibault Dardinier", "Lukas Heimes", "Martin Raszyk", "Joshua Schneider", "Dmitriy Traytel" ], "date": "2020-04-09", "id": 178, "link": "/entries/MFODL_Monitor_Optimized.html", "permalink": "/entries/MFODL_Monitor_Optimized.html", "shortname": "MFODL_Monitor_Optimized", "title": "Formalization of an Optimized Monitoring Algorithm for Metric First-Order Dynamic Logic with Aggregations", "topic_links": [ "computer-science/algorithms", "logic/general-logic/modal-logic", "computer-science/automata-and-formal-languages" ], "topics": [ "Computer science/Algorithms", "Logic/General logic/Modal logic", "Computer science/Automata and formal languages" ], "used_by": 0 }, { "abstract": "In protocol verification we observe a wide spectrum from fully automated methods to interactive theorem proving with proof assistants like Isabelle/HOL. In this AFP entry, we present a fully-automated approach for verifying stateful security protocols, i.e., protocols with mutable state that may span several sessions. The approach supports reachability goals like secrecy and authentication. We also include a simple user-friendly transaction-based protocol specification language that is embedded into Isabelle.", "authors": [ "Andreas V. Hess", "Sebastian Mödersheim", "Achim D. Brucker", "Anders Schlichtkrull" ], "date": "2020-04-08", "id": 179, "link": "/entries/Automated_Stateful_Protocol_Verification.html", "permalink": "/entries/Automated_Stateful_Protocol_Verification.html", "shortname": "Automated_Stateful_Protocol_Verification", "title": "Automated Stateful Protocol Verification", "topic_links": [ "computer-science/security", "tools" ], "topics": [ "Computer science/Security", "Tools" ], "used_by": 0 }, { "abstract": "We provide in this AFP entry several relative soundness results for security protocols. In particular, we prove typing and compositionality results for stateful protocols (i.e., protocols with mutable state that may span several sessions), and that focuses on reachability properties. Such results are useful to simplify protocol verification by reducing it to a simpler problem: Typing results give conditions under which it is safe to verify a protocol in a typed model where only \"well-typed\" attacks can occur whereas compositionality results allow us to verify a composed protocol by only verifying the component protocols in isolation. The conditions on the protocols under which the results hold are furthermore syntactic in nature allowing for full automation. The foundation presented here is used in another entry to provide fully automated and formalized security proofs of stateful protocols.", "authors": [ "Andreas V. Hess", "Sebastian Mödersheim", "Achim D. Brucker" ], "date": "2020-04-08", "id": 180, "link": "/entries/Stateful_Protocol_Composition_and_Typing.html", "permalink": "/entries/Stateful_Protocol_Composition_and_Typing.html", "shortname": "Stateful_Protocol_Composition_and_Typing", "title": "Stateful Protocol Composition and Typing", "topic_links": [ "computer-science/security" ], "topics": [ "Computer science/Security" ], "used_by": 1 }, { "abstract": "This work presents a formalisation of a generating function proof for Lucas's theorem. We first outline extensions to the existing Formal Power Series (FPS) library, including an equivalence relation for coefficients modulo \u003cem\u003en\u003c/em\u003e, an alternate binomial theorem statement, and a formalised proof of the Freshman's dream (mod \u003cem\u003ep\u003c/em\u003e) lemma. The second part of the work presents the formal proof of Lucas's Theorem. Working backwards, the formalisation first proves a well known corollary of the theorem which is easier to formalise, and then applies induction to prove the original theorem statement. The proof of the corollary aims to provide a good example of a formalised generating function equivalence proof using the FPS library. The final theorem statement is intended to be integrated into the formalised proof of Hilbert's 10th Problem.", "authors": [ "Chelsea Edmonds" ], "date": "2020-04-07", "id": 181, "link": "/entries/Lucas_Theorem.html", "permalink": "/entries/Lucas_Theorem.html", "shortname": "Lucas_Theorem", "title": "Lucas's Theorem", "topic_links": [ "mathematics/number-theory" ], "topics": [ "Mathematics/Number theory" ], "used_by": 1 }, { "abstract": "Commutative Replicated Data Types (CRDTs) are a promising new class of data structures for large-scale shared mutable content in applications that only require eventual consistency. The WithOut Operational Transforms (WOOT) framework is a CRDT for collaborative text editing introduced by Oster et al. (CSCW 2006) for which the eventual consistency property was verified only for a bounded model to date. We contribute a formal proof for WOOTs strong eventual consistency.", "authors": [ "Emin Karayel", "Edgar GonzĂ lez" ], "date": "2020-03-25", "id": 182, "link": "/entries/WOOT_Strong_Eventual_Consistency.html", "permalink": "/entries/WOOT_Strong_Eventual_Consistency.html", "shortname": "WOOT_Strong_Eventual_Consistency", "title": "Strong Eventual Consistency of the Collaborative Editing Framework WOOT", "topic_links": [ "computer-science/algorithms/distributed" ], "topics": [ "Computer science/Algorithms/Distributed" ], "used_by": 0 }, { "abstract": "\u003cp\u003eThis article gives a formal version of Furstenberg's topological proof of the infinitude of primes. He defines a topology on the integers based on arithmetic progressions (or, equivalently, residue classes). Using some fairly obvious properties of this topology, the infinitude of primes is then easily obtained.\u003c/p\u003e \u003cp\u003eApart from this, this topology is also fairly ‘nice’ in general: it is second countable, metrizable, and perfect. All of these (well-known) facts are formally proven, including an explicit metric for the topology given by Zulfeqarr.\u003c/p\u003e", "authors": [ "Manuel Eberl" ], "date": "2020-03-22", "id": 183, "link": "/entries/Furstenberg_Topology.html", "permalink": "/entries/Furstenberg_Topology.html", "shortname": "Furstenberg_Topology", "title": "Furstenberg's topology and his proof of the infinitude of primes", "topic_links": [ "mathematics/number-theory" ], "topics": [ "Mathematics/Number theory" ], "used_by": 0 }, { "abstract": "Recently, authors have proposed under-approximate logics for reasoning about programs. So far, all such logics have been confined to reasoning about individual program behaviours. Yet there exist many over-approximate relational logics for reasoning about pairs of programs and relating their behaviours. We present the first under-approximate relational logic, for the simple imperative language IMP. We prove our logic is both sound and complete. Additionally, we show how reasoning in this logic can be decomposed into non-relational reasoning in an under-approximate Hoare logic, mirroring Beringer’s result for over-approximate relational logics. We illustrate the application of our logic on some small examples in which we provably demonstrate the presence of insecurity.", "authors": [ "Toby Murray" ], "date": "2020-03-12", "id": 184, "link": "/entries/Relational-Incorrectness-Logic.html", "permalink": "/entries/Relational-Incorrectness-Logic.html", "shortname": "Relational-Incorrectness-Logic", "title": "An Under-Approximate Relational Logic", "topic_links": [ "computer-science/programming-languages/logics", "computer-science/security" ], "topics": [ "Computer science/Programming languages/Logics", "Computer science/Security" ], "used_by": 0 }, { "abstract": "In this article, we present a formalization of the well-known \"Hello, World!\" code, including a formal framework for reasoning about IO. Our model is inspired by the handling of IO in Haskell. We start by formalizing the 🌍 and embrace the IO monad afterwards. Then we present a sample main :: IO (), followed by its proof of correctness.", "authors": [ "Cornelius Diekmann", "Lars Hupel" ], "date": "2020-03-07", "id": 185, "link": "/entries/Hello_World.html", "permalink": "/entries/Hello_World.html", "shortname": "Hello_World", "title": "Hello World", "topic_links": [ "computer-science/functional-programming" ], "topics": [ "Computer science/Functional programming" ], "used_by": 0 }, { "abstract": "In this formalization, we develop an implementation of the Goodstein function G in plain \u0026lambda;-calculus, linked to a concise, self-contained specification. The implementation works on a Church-encoded representation of countable ordinals. The initial conversion to hereditary base 2 is not covered, but the material is sufficient to compute the particular value G(16), and easily extends to other fixed arguments.", "authors": [ "Bertram Felgenhauer" ], "date": "2020-02-21", "id": 186, "link": "/entries/Goodstein_Lambda.html", "permalink": "/entries/Goodstein_Lambda.html", "shortname": "Goodstein_Lambda", "title": "Implementing the Goodstein Function in \u0026lambda;-Calculus", "topic_links": [ "logic/rewriting" ], "topics": [ "Logic/Rewriting" ], "used_by": 0 }, { "abstract": "This is a generic framework for formalizing compiler transformations. It leverages Isabelle/HOL’s locales to abstract over concrete languages and transformations. It states common definitions for language semantics, program behaviours, forward and backward simulations, and compilers. We provide generic operations, such as simulation and compiler composition, and prove general (partial) correctness theorems, resulting in reusable proof components.", "authors": [ "Martin Desharnais" ], "date": "2020-02-10", "id": 187, "link": "/entries/VeriComp.html", "permalink": "/entries/VeriComp.html", "shortname": "VeriComp", "title": "A Generic Framework for Verified Compilers", "topic_links": [ "computer-science/programming-languages/compiling" ], "topics": [ "Computer science/Programming languages/Compiling" ], "used_by": 1 }, { "abstract": "This article provides a formalization of the solution obtained by the author of the Problem “ARITHMETIC PROGRESSIONS” from the \u003ca href=\"https://www.ocf.berkeley.edu/~wwu/riddles/putnam.shtml\"\u003e Putnam exam problems of 2002\u003c/a\u003e. The statement of the problem is as follows: For which integers \u003cem\u003en\u003c/em\u003e \u003e 1 does the set of positive integers less than and relatively prime to \u003cem\u003en\u003c/em\u003e constitute an arithmetic progression?", "authors": [ "JosĂ© Manuel RodrĂ­guez Caballero" ], "date": "2020-02-01", "id": 188, "link": "/entries/Arith_Prog_Rel_Primes.html", "permalink": "/entries/Arith_Prog_Rel_Primes.html", "shortname": "Arith_Prog_Rel_Primes", "title": "Arithmetic progressions and relative primes", "topic_links": [ "mathematics/number-theory" ], "topics": [ "Mathematics/Number theory" ], "used_by": 0 }, { "abstract": "We present a collection of axiom systems for the construction of Boolean subalgebras of larger overall algebras. The subalgebras are defined as the range of a complement-like operation on a semilattice. This technique has been used, for example, with the antidomain operation, dynamic negation and Stone algebras. We present a common ground for these constructions based on a new equational axiomatisation of Boolean algebras.", "authors": [ "Walter Guttmann", "Bernhard Möller" ], "date": "2020-01-31", "id": 189, "link": "/entries/Subset_Boolean_Algebras.html", "permalink": "/entries/Subset_Boolean_Algebras.html", "shortname": "Subset_Boolean_Algebras", "title": "A Hierarchy of Algebras for Boolean Subsets", "topic_links": [ "mathematics/algebra" ], "topics": [ "Mathematics/Algebra" ], "used_by": 1 }, { "abstract": "\u003cp\u003eThis article provides formal proofs of basic properties of Mersenne numbers, i. e. numbers of the form 2\u003csup\u003e\u003cem\u003en\u003c/em\u003e\u003c/sup\u003e - 1, and especially of Mersenne primes.\u003c/p\u003e \u003cp\u003eIn particular, an efficient, verified, and executable version of the Lucas\u0026ndash;Lehmer test is developed. This test decides primality for Mersenne numbers in time polynomial in \u003cem\u003en\u003c/em\u003e.\u003c/p\u003e", "authors": [ "Manuel Eberl" ], "date": "2020-01-17", "id": 190, "link": "/entries/Mersenne_Primes.html", "permalink": "/entries/Mersenne_Primes.html", "shortname": "Mersenne_Primes", "title": "Mersenne primes and the Lucas–Lehmer test", "topic_links": [ "mathematics/number-theory" ], "topics": [ "Mathematics/Number theory" ], "used_by": 0 }, { "abstract": "We present the first formal verification of approximation algorithms for NP-complete optimization problems: vertex cover, set cover, independent set, center selection, load balancing, and bin packing. The proofs correct incompletenesses in existing proofs and improve the approximation ratio in one case. A detailed description of our work (excluding center selection) has been published in the proceedings of \u003ca href=\"https://doi.org/10.1007/978-3-030-51054-1_17\"\u003eIJCAR 2020\u003c/a\u003e.", "authors": [ "Robin Eßmann", "Tobias Nipkow", "Simon Robillard", "Ujkan Sulejmani" ], "date": "2020-01-16", "id": 191, "link": "/entries/Approximation_Algorithms.html", "permalink": "/entries/Approximation_Algorithms.html", "shortname": "Approximation_Algorithms", "title": "Verified Approximation Algorithms", "topic_links": [ "computer-science/algorithms/approximation" ], "topics": [ "Computer science/Algorithms/Approximation" ], "used_by": 0 }, { "abstract": "This entry provides two related verified divide-and-conquer algorithms solving the fundamental \u003cem\u003eClosest Pair of Points\u003c/em\u003e problem in Computational Geometry. Functional correctness and the optimal running time of \u003cem\u003eO\u003c/em\u003e(\u003cem\u003en\u003c/em\u003e log \u003cem\u003en\u003c/em\u003e) are proved. Executable code is generated which is empirically competitive with handwritten reference implementations.", "authors": [ "Martin Rau", "Tobias Nipkow" ], "date": "2020-01-13", "id": 192, "link": "/entries/Closest_Pair_Points.html", "permalink": "/entries/Closest_Pair_Points.html", "shortname": "Closest_Pair_Points", "title": "Closest Pair of Points Algorithms", "topic_links": [ "computer-science/algorithms/geometry" ], "topics": [ "Computer science/Algorithms/Geometry" ], "used_by": 0 }, { "abstract": "\u003cp\u003e Skip lists are sorted linked lists enhanced with shortcuts and are an alternative to binary search trees. A skip lists consists of multiple levels of sorted linked lists where a list on level n is a subsequence of the list on level n − 1. In the ideal case, elements are skipped in such a way that a lookup in a skip lists takes O(log n) time. In a randomised skip list the skipped elements are choosen randomly. \u003c/p\u003e \u003cp\u003e This entry contains formalized proofs of the textbook results about the expected height and the expected length of a search path in a randomised skip list. \u003c/p\u003e", "authors": [ "Max W. Haslbeck", "Manuel Eberl" ], "date": "2020-01-09", "id": 193, "link": "/entries/Skip_Lists.html", "permalink": "/entries/Skip_Lists.html", "shortname": "Skip_Lists", "title": "Skip Lists", "topic_links": [ "computer-science/data-structures" ], "topics": [ "Computer science/Data structures" ], "used_by": 0 }, { "abstract": "\u003cp\u003e Taking as a starting point the author's previous work on developing aspects of category theory in Isabelle/HOL, this article gives a compatible formalization of the notion of \"bicategory\" and develops a framework within which formal proofs of facts about bicategories can be given. The framework includes a number of basic results, including the Coherence Theorem, the Strictness Theorem, pseudofunctors and biequivalence, and facts about internal equivalences and adjunctions in a bicategory. As a driving application and demonstration of the utility of the framework, it is used to give a formal proof of a theorem, due to Carboni, Kasangian, and Street, that characterizes up to biequivalence the bicategories of spans in a category with pullbacks. The formalization effort necessitated the filling-in of many details that were not evident from the brief presentation in the original paper, as well as identifying a few minor corrections along the way. \u003c/p\u003e\u003cp\u003e Revisions made subsequent to the first version of this article added additional material on pseudofunctors, pseudonatural transformations, modifications, and equivalence of bicategories; the main thrust being to give a proof that a pseudofunctor is a biequivalence if and only if it can be extended to an equivalence of bicategories. \u003c/p\u003e", "authors": [ "Eugene W. Stark" ], "date": "2020-01-06", "id": 194, "link": "/entries/Bicategory.html", "permalink": "/entries/Bicategory.html", "shortname": "Bicategory", "title": "Bicategories", "topic_links": [ "mathematics/category-theory" ], "topics": [ "Mathematics/Category theory" ], "used_by": 0 }, { "abstract": "\u003cp\u003eThis article provides a formalisation of Beukers's straightforward analytic proof that ζ(3) is irrational. This was first proven by ApĂ©ry (which is why this result is also often called ‘ApĂ©ry's Theorem’) using a more algebraic approach. This formalisation follows \u003ca href=\"http://people.math.sc.edu/filaseta/gradcourses/Math785/Math785Notes4.pdf\"\u003eFilaseta's presentation\u003c/a\u003e of Beukers's proof.\u003c/p\u003e", "authors": [ "Manuel Eberl" ], "date": "2019-12-27", "id": 195, "link": "/entries/Zeta_3_Irrational.html", "permalink": "/entries/Zeta_3_Irrational.html", "shortname": "Zeta_3_Irrational", "title": "The Irrationality of ζ(3)", "topic_links": [ "mathematics/number-theory" ], "topics": [ "Mathematics/Number theory" ], "used_by": 0 }, { "abstract": "This work is a formalization of soundness and completeness proofs for a Seligman-style tableau system for hybrid logic. The completeness result is obtained via a synthetic approach using maximally consistent sets of tableau blocks. The formalization differs from previous work in a few ways. First, to avoid the need to backtrack in the construction of a tableau, the formalized system has no unnamed initial segment, and therefore no Name rule. Second, I show that the full Bridge rule is admissible in the system. Third, I start from rules restricted to only extend the branch with new formulas, including only witnessing diamonds that are not already witnessed, and show that the unrestricted rules are admissible. Similarly, I start from simpler versions of the @-rules and show that these are sufficient. The GoTo rule is restricted using a notion of potential such that each application consumes potential and potential is earned through applications of the remaining rules. I show that if a branch can be closed then it can be closed starting from a single unit. Finally, Nom is restricted by a fixed set of allowed nominals. The resulting system should be terminating.", "authors": [ "Asta HalkjĂŠr From" ], "date": "2019-12-20", "id": 196, "link": "/entries/Hybrid_Logic.html", "permalink": "/entries/Hybrid_Logic.html", "shortname": "Hybrid_Logic", "title": "Formalizing a Seligman-Style Tableau System for Hybrid Logic", "topic_links": [ "logic/general-logic/modal-logic" ], "topics": [ "Logic/General logic/Modal logic" ], "used_by": 0 }, { "abstract": "The PoincarĂ©-Bendixson theorem is a classical result in the study of (continuous) dynamical systems. Colloquially, it restricts the possible behaviors of planar dynamical systems: such systems cannot be chaotic. In practice, it is a useful tool for proving the existence of (limiting) periodic behavior in planar systems. The theorem is an interesting and challenging benchmark for formalized mathematics because proofs in the literature rely on geometric sketches and only hint at symmetric cases. It also requires a substantial background of mathematical theories, e.g., the Jordan curve theorem, real analysis, ordinary differential equations, and limiting (long-term) behavior of dynamical systems.", "authors": [ "Fabian Immler", "Yong Kiam Tan" ], "date": "2019-12-18", "id": 197, "link": "/entries/Poincare_Bendixson.html", "permalink": "/entries/Poincare_Bendixson.html", "shortname": "Poincare_Bendixson", "title": "The PoincarĂ©-Bendixson Theorem", "topic_links": [ "mathematics/analysis" ], "topics": [ "Mathematics/Analysis" ], "used_by": 0 }, { "abstract": "A formalization of geometry of complex numbers is presented. Fundamental objects that are investigated are the complex plane extended by a single infinite point, its objects (points, lines and circles), and groups of transformations that act on them (e.g., inversions and Möbius transformations). Most objects are defined algebraically, but correspondence with classical geometric definitions is shown.", "authors": [ "Filip Marić", "Danijela Simić" ], "date": "2019-12-16", "id": 198, "link": "/entries/Complex_Geometry.html", "permalink": "/entries/Complex_Geometry.html", "shortname": "Complex_Geometry", "title": "Complex Geometry", "topic_links": [ "mathematics/geometry" ], "topics": [ "Mathematics/Geometry" ], "used_by": 2 }, { "abstract": "We describe formalization of the PoincarĂ© disc model of hyperbolic geometry within the Isabelle/HOL proof assistant. The model is defined within the extended complex plane (one dimensional complex projectives space \u0026#8450;P1), formalized in the AFP entry “Complex Geometry”. Points, lines, congruence of pairs of points, betweenness of triples of points, circles, and isometries are defined within the model. It is shown that the model satisfies all Tarski's axioms except the Euclid's axiom. It is shown that it satisfies its negation and the limiting parallels axiom (which proves it to be a model of hyperbolic geometry).", "authors": [ "Danijela Simić", "Filip Marić", "Pierre Boutry" ], "date": "2019-12-16", "id": 199, "link": "/entries/Poincare_Disc.html", "permalink": "/entries/Poincare_Disc.html", "shortname": "Poincare_Disc", "title": "PoincarĂ© Disc Model", "topic_links": [ "mathematics/geometry" ], "topics": [ "Mathematics/Geometry" ], "used_by": 0 }, { "abstract": "\u003cp\u003eThis article provides a full formalisation of Chapter 8 of Apostol's \u003cem\u003e\u003ca href=\"https://www.springer.com/de/book/9780387901633\"\u003eIntroduction to Analytic Number Theory\u003c/a\u003e\u003c/em\u003e. Subjects that are covered are:\u003c/p\u003e \u003cul\u003e \u003cli\u003eperiodic arithmetic functions and their finite Fourier series\u003c/li\u003e \u003cli\u003e(generalised) Ramanujan sums\u003c/li\u003e \u003cli\u003eGauss sums and separable characters\u003c/li\u003e \u003cli\u003einduced moduli and primitive characters\u003c/li\u003e \u003cli\u003ethe PĂłlya\u0026mdash;Vinogradov inequality\u003c/li\u003e \u003c/ul\u003e", "authors": [ "Rodrigo Raya", "Manuel Eberl" ], "date": "2019-12-10", "id": 200, "link": "/entries/Gauss_Sums.html", "permalink": "/entries/Gauss_Sums.html", "shortname": "Gauss_Sums", "title": "Gauss Sums and the PĂłlya–Vinogradov Inequality", "topic_links": [ "mathematics/number-theory" ], "topics": [ "Mathematics/Number theory" ], "used_by": 0 }, { "abstract": "Counting sort is a well-known algorithm that sorts objects of any kind mapped to integer keys, or else to keys in one-to-one correspondence with some subset of the integers (e.g. alphabet letters). However, it is suitable for direct use, viz. not just as a subroutine of another sorting algorithm (e.g. radix sort), only if the key range is not significantly larger than the number of the objects to be sorted. This paper describes a tail-recursive generalization of counting sort making use of a bounded number of counters, suitable for direct use in case of a large, or even infinite key range of any kind, subject to the only constraint of being a subset of an arbitrary linear order. After performing a pen-and-paper analysis of how such algorithm has to be designed to maximize its efficiency, this paper formalizes the resulting generalized counting sort (GCsort) algorithm and then formally proves its correctness properties, namely that (a) the counters' number is maximized never exceeding the fixed upper bound, (b) objects are conserved, (c) objects get sorted, and (d) the algorithm is stable.", "authors": [ "Pasquale Noce" ], "date": "2019-12-04", "id": 201, "link": "/entries/Generalized_Counting_Sort.html", "permalink": "/entries/Generalized_Counting_Sort.html", "shortname": "Generalized_Counting_Sort", "title": "An Efficient Generalization of Counting Sort for Large, possibly Infinite Key Ranges", "topic_links": [ "computer-science/algorithms", "computer-science/functional-programming" ], "topics": [ "Computer science/Algorithms", "Computer science/Functional programming" ], "used_by": 0 }, { "abstract": "Interval_Arithmetic implements conservative interval arithmetic computations, then uses this interval arithmetic to implement a simple programming language where all terms have 32-bit signed word values, with explicit infinities for terms outside the representable bounds. Our target use case is interpreters for languages that must have a well-understood low-level behavior. We include a formalization of bounded-length strings which are used for the identifiers of our language. Bounded-length identifiers are useful in some applications, for example the \u003ca href=\"https://www.isa-afp.org/entries/Differential_Dynamic_Logic.html\"\u003eDifferential_Dynamic_Logic\u003c/a\u003e article, where a Euclidean space indexed by identifiers demands that identifiers are finitely many.", "authors": [ "Rose Bohrer" ], "date": "2019-11-27", "id": 202, "link": "/entries/Interval_Arithmetic_Word32.html", "permalink": "/entries/Interval_Arithmetic_Word32.html", "shortname": "Interval_Arithmetic_Word32", "title": "Interval Arithmetic on 32-bit Words", "topic_links": [ "computer-science/data-structures" ], "topics": [ "Computer science/Data structures" ], "used_by": 0 }, { "abstract": "\u003cp\u003eThis entry is a new formalisation of ZFC set theory in Isabelle/HOL. It is logically equivalent to Obua's HOLZF; the point is to have the closest possible integration with the rest of Isabelle/HOL, minimising the amount of new notations and exploiting type classes.\u003c/p\u003e \u003cp\u003eThere is a type \u003cem\u003eV\u003c/em\u003e of sets and a function \u003cem\u003eelts :: V =\u0026gt; V set\u003c/em\u003e mapping a set to its elements. Classes simply have type \u003cem\u003eV set\u003c/em\u003e, and a predicate identifies the small classes: those that correspond to actual sets. Type classes connected with orders and lattices are used to minimise the amount of new notation for concepts such as the subset relation, union and intersection. Basic concepts — Cartesian products, disjoint sums, natural numbers, functions, etc. — are formalised.\u003c/p\u003e \u003cp\u003eMore advanced set-theoretic concepts, such as transfinite induction, ordinals, cardinals and the transitive closure of a set, are also provided. The definition of addition and multiplication for general sets (not just ordinals) follows Kirby.\u003c/p\u003e \u003cp\u003eThe theory provides two type classes with the aim of facilitating developments that combine \u003cem\u003eV\u003c/em\u003e with other Isabelle/HOL types: \u003cem\u003eembeddable\u003c/em\u003e, the class of types that can be injected into \u003cem\u003eV\u003c/em\u003e (including \u003cem\u003eV\u003c/em\u003e itself as well as \u003cem\u003eV*V\u003c/em\u003e, etc.), and \u003cem\u003esmall\u003c/em\u003e, the class of types that correspond to some ZF set.\u003c/p\u003e extra-history = Change history: [2020-01-28]: Generalisation of the \"small\" predicate and order types to arbitrary sets; ordinal exponentiation; introduction of the coercion ord_of_nat :: \"nat =\u003e V\"; numerous new lemmas. (revision 6081d5be8d08)", "authors": [ "Lawrence C. Paulson" ], "date": "2019-10-24", "id": 203, "link": "/entries/ZFC_in_HOL.html", "permalink": "/entries/ZFC_in_HOL.html", "shortname": "ZFC_in_HOL", "title": "Zermelo Fraenkel Set Theory in Higher-Order Logic", "topic_links": [ "logic/set-theory" ], "topics": [ "Logic/Set theory" ], "used_by": 3 }, { "abstract": "We present a framework for C code in C11 syntax deeply integrated into the Isabelle/PIDE development environment. Our framework provides an abstract interface for verification back-ends to be plugged-in independently. Thus, various techniques such as deductive program verification or white-box testing can be applied to the same source, which is part of an integrated PIDE document model. Semantic back-ends are free to choose the supported C fragment and its semantics. In particular, they can differ on the chosen memory model or the specification mechanism for framing conditions. Our framework supports semantic annotations of C sources in the form of comments. Annotations serve to locally control back-end settings, and can express the term focus to which an annotation refers. Both the logical and the syntactic context are available when semantic annotations are evaluated. As a consequence, a formula in an annotation can refer both to HOL or C variables. Our approach demonstrates the degree of maturity and expressive power the Isabelle/PIDE sub-system has achieved in recent years. Our integration technique employs Lex and Yacc style grammars to ensure efficient deterministic parsing. This is the core-module of Isabelle/C; the AFP package for Clean and Clean_wrapper as well as AutoCorres and AutoCorres_wrapper (available via git) are applications of this front-end.", "authors": [ "FrĂ©dĂ©ric Tuong", "Burkhart Wolff" ], "date": "2019-10-22", "id": 204, "link": "/entries/Isabelle_C.html", "permalink": "/entries/Isabelle_C.html", "shortname": "Isabelle_C", "title": "Isabelle/C", "topic_links": [ "computer-science/programming-languages/language-definitions", "computer-science/semantics-and-reasoning", "tools" ], "topics": [ "Computer science/Programming languages/Language definitions", "Computer science/Semantics and reasoning", "Tools" ], "used_by": 0 }, { "abstract": "VerifyThis 2019 (http://www.pm.inf.ethz.ch/research/verifythis.html) was a program verification competition associated with ETAPS 2019. It was the 8th event in the VerifyThis competition series. In this entry, we present polished and completed versions of our solutions that we created during the competition.", "authors": [ "Peter Lammich", "Simon Wimmer" ], "date": "2019-10-16", "id": 205, "link": "/entries/VerifyThis2019.html", "permalink": "/entries/VerifyThis2019.html", "shortname": "VerifyThis2019", "title": "VerifyThis 2019 -- Polished Isabelle Solutions", "topic_links": [ "computer-science/algorithms" ], "topics": [ "Computer science/Algorithms" ], "used_by": 0 }, { "abstract": "We formalise with Isabelle/HOL some basic elements of Aristotle's assertoric syllogistic following the \u003ca href=\"https://plato.stanford.edu/entries/aristotle-logic/\"\u003earticle from the Stanford Encyclopedia of Philosophy by Robin Smith.\u003c/a\u003e To this end, we use a set theoretic formulation (covering both individual and general predication). In particular, we formalise the deductions in the Figures and after that we present Aristotle's metatheoretical observation that all deductions in the Figures can in fact be reduced to either Barbara or Celarent. As the formal proofs prove to be straightforward, the interest of this entry lies in illustrating the functionality of Isabelle and high efficiency of Sledgehammer for simple exercises in philosophy.", "authors": [ "Angeliki Koutsoukou-Argyraki" ], "date": "2019-10-08", "id": 206, "link": "/entries/Aristotles_Assertoric_Syllogistic.html", "permalink": "/entries/Aristotles_Assertoric_Syllogistic.html", "shortname": "Aristotles_Assertoric_Syllogistic", "title": "Aristotle's Assertoric Syllogistic", "topic_links": [ "logic/philosophical-aspects" ], "topics": [ "Logic/Philosophical aspects" ], "used_by": 0 }, { "abstract": "We use CryptHOL to formalise commitment schemes and Sigma-protocols. Both are widely used fundamental two party cryptographic primitives. Security for commitment schemes is considered using game-based definitions whereas the security of Sigma-protocols is considered using both the game-based and simulation-based security paradigms. In this work, we first define security for both primitives and then prove secure multiple case studies: the Schnorr, Chaum-Pedersen and Okamoto Sigma-protocols as well as a construction that allows for compound (AND and OR statements) Sigma-protocols and the Pedersen and Rivest commitment schemes. We also prove that commitment schemes can be constructed from Sigma-protocols. We formalise this proof at an abstract level, only assuming the existence of a Sigma-protocol; consequently, the instantiations of this result for the concrete Sigma-protocols we consider come for free.", "authors": [ "David Butler", "Andreas Lochbihler" ], "date": "2019-10-07", "id": 207, "link": "/entries/Sigma_Commit_Crypto.html", "permalink": "/entries/Sigma_Commit_Crypto.html", "shortname": "Sigma_Commit_Crypto", "title": "Sigma Protocols and Commitment Schemes", "topic_links": [ "computer-science/security/cryptography" ], "topics": [ "Computer science/Security/Cryptography" ], "used_by": 1 }, { "abstract": "Clean is based on a simple, abstract execution model for an imperative target language. “Abstract” is understood in contrast to “Concrete Semantics”; alternatively, the term “shallow-style embedding” could be used. It strives for a type-safe notion of program-variables, an incremental construction of the typed state-space, support of incremental verification, and open-world extensibility of new type definitions being intertwined with the program definitions. Clean is based on a “no-frills” state-exception monad with the usual definitions of bind and unit for the compositional glue of state-based computations. Clean offers conditionals and loops supporting C-like control-flow operators such as break and return. The state-space construction is based on the extensible record package. Direct recursion of procedures is supported. Clean’s design strives for extreme simplicity. It is geared towards symbolic execution and proven correct verification tools. The underlying libraries of this package, however, deliberately restrict themselves to the most elementary infrastructure for these tasks. The package is intended to serve as demonstrator semantic backend for Isabelle/C, or for the test-generation techniques.", "authors": [ "FrĂ©dĂ©ric Tuong", "Burkhart Wolff" ], "date": "2019-10-04", "id": 208, "link": "/entries/Clean.html", "permalink": "/entries/Clean.html", "shortname": "Clean", "title": "Clean - An Abstract Imperative Programming Language and its Theory", "topic_links": [ "computer-science/programming-languages", "computer-science/semantics-and-reasoning" ], "topics": [ "Computer science/Programming languages", "Computer science/Semantics and reasoning" ], "used_by": 0 }, { "abstract": "Worst-case optimal multiway-join algorithms are recent seminal achievement of the database community. These algorithms compute the natural join of multiple relational databases and improve in the worst case over traditional query plan optimizations of nested binary joins. In 2014, \u003ca href=\"https://doi.org/10.1145/2590989.2590991\"\u003eNgo, RĂ©, and Rudra\u003c/a\u003e gave a unified presentation of different multi-way join algorithms. We formalized and proved correct their \"Generic Join\" algorithm and extended it to support negative joins.", "authors": [ "Thibault Dardinier" ], "date": "2019-09-16", "id": 209, "link": "/entries/Generic_Join.html", "permalink": "/entries/Generic_Join.html", "shortname": "Generic_Join", "title": "Formalization of Multiway-Join Algorithms", "topic_links": [ + "computer-science/data-management-systems", "computer-science/algorithms" ], "topics": [ + "Computer science/Data management systems", "Computer science/Algorithms" ], "used_by": 1 }, { "abstract": "These components formalise a semantic framework for the deductive verification of hybrid systems. They support reasoning about continuous evolutions of hybrid programs in the style of differential dynamics logic. Vector fields or flows model these evolutions, and their verification is done with invariants for the former or orbits for the latter. Laws of modal Kleene algebra or categorical predicate transformers implement the verification condition generation. Examples show the approach at work.", "authors": [ "Jonathan Julian Huerta y Munive" ], "date": "2019-09-10", "id": 210, "link": "/entries/Hybrid_Systems_VCs.html", "permalink": "/entries/Hybrid_Systems_VCs.html", "shortname": "Hybrid_Systems_VCs", "title": "Verification Components for Hybrid Systems", "topic_links": [ "mathematics/algebra", "mathematics/analysis" ], "topics": [ "Mathematics/Algebra", "Mathematics/Analysis" ], "used_by": 1 }, { "abstract": "This development formalises the square integrable functions over the reals and the basics of Fourier series. It culminates with a proof that every well-behaved periodic function can be approximated by a Fourier series. The material is ported from HOL Light: https://github.com/jrh13/hol-light/blob/master/100/fourier.ml", "authors": [ "Lawrence C. Paulson" ], "date": "2019-09-06", "id": 211, "link": "/entries/Fourier.html", "permalink": "/entries/Fourier.html", "shortname": "Fourier", "title": "Fourier Series", "topic_links": [ "mathematics/analysis" ], "topics": [ "Mathematics/Analysis" ], "used_by": 0 }, { "abstract": "The focus of this case study is re-use in abstract algebra. It contains locale-based formalisations of selected parts of set, group and ring theory from Jacobson's \u003ci\u003eBasic Algebra\u003c/i\u003e leading to the respective fundamental homomorphism theorems. The study is not intended as a library base for abstract algebra. It rather explores an approach towards abstract algebra in Isabelle.", "authors": [ "Clemens Ballarin" ], "date": "2019-08-30", "id": 212, "link": "/entries/Jacobson_Basic_Algebra.html", "permalink": "/entries/Jacobson_Basic_Algebra.html", "shortname": "Jacobson_Basic_Algebra", "title": "A Case Study in Basic Algebra", "topic_links": [ "mathematics/algebra" ], "topics": [ "Mathematics/Algebra" ], "used_by": 3 }, { "abstract": "This entry provides a formalisation of a refinement of an adaptive state counting algorithm, used to test for reduction between finite state machines. The algorithm has been originally presented by Hierons in the paper \u003ca href=\"https://doi.org/10.1109/TC.2004.85\"\u003eTesting from a Non-Deterministic Finite State Machine Using Adaptive State Counting\u003c/a\u003e. Definitions for finite state machines and adaptive test cases are given and many useful theorems are derived from these. The algorithm is formalised using mutually recursive functions, for which it is proven that the generated test suite is sufficient to test for reduction against finite state machines of a certain fault domain. Additionally, the algorithm is specified in a simple WHILE-language and its correctness is shown using Hoare-logic.", "authors": [ "Robert Sachtleben" ], "date": "2019-08-16", "id": 213, "link": "/entries/Adaptive_State_Counting.html", "permalink": "/entries/Adaptive_State_Counting.html", "shortname": "Adaptive_State_Counting", "title": "Formalisation of an Adaptive State Counting Algorithm", "topic_links": [ "computer-science/automata-and-formal-languages", "computer-science/algorithms" ], "topics": [ "Computer science/Automata and formal languages", "Computer science/Algorithms" ], "used_by": 0 }, { "abstract": "This entry formalizes the Laplace transform and concrete Laplace transforms for arithmetic functions, frequency shift, integration and (higher) differentiation in the time domain. It proves Lerch's lemma and uniqueness of the Laplace transform for continuous functions. In order to formalize the foundational assumptions, this entry contains a formalization of piecewise continuous functions and functions of exponential order.", "authors": [ "Fabian Immler" ], "date": "2019-08-14", "id": 214, "link": "/entries/Laplace_Transform.html", "permalink": "/entries/Laplace_Transform.html", "shortname": "Laplace_Transform", "title": "Laplace Transform", "topic_links": [ "mathematics/analysis" ], "topics": [ "Mathematics/Analysis" ], "used_by": 0 }, { "abstract": "Communicating Concurrent Kleene Algebra (CÂČKA) is a mathematical framework for capturing the communicating and concurrent behaviour of agents in distributed systems. It extends Hoare et al.'s Concurrent Kleene Algebra (CKA) with communication actions through the notions of stimuli and shared environments. CÂČKA has applications in studying system-level properties of distributed systems such as safety, security, and reliability. In this work, we formalize results about CÂČKA and its application for distributed systems specification. We first formalize the stimulus structure and behaviour structure (CKA). Next, we combine them to formalize CÂČKA and its properties. Then, we formalize notions and properties related to the topology of distributed systems and the potential for communication via stimuli and via shared environments of agents, all within the algebraic setting of CÂČKA.", "authors": [ "Maxime Buyse", "Jason Jaskolka" ], "date": "2019-08-06", "id": 215, "link": "/entries/C2KA_DistributedSystems.html", "permalink": "/entries/C2KA_DistributedSystems.html", "shortname": "C2KA_DistributedSystems", "title": "Communicating Concurrent Kleene Algebra for Distributed Systems Specification", "topic_links": [ "computer-science/automata-and-formal-languages", "mathematics/algebra" ], "topics": [ "Computer science/Automata and formal languages", "Mathematics/Algebra" ], "used_by": 0 }, { "abstract": "We use the previous formalization of the general simplex algorithm to formulate an algorithm for solving linear programs. We encode the linear programs using only linear constraints. Solving these constraints also solves the original linear program. This algorithm is proven to be sound by applying the weak duality theorem which is also part of this formalization.", "authors": [ "Julian Parsert", "Cezary Kaliszyk" ], "date": "2019-08-06", "id": 216, "link": "/entries/Linear_Programming.html", "permalink": "/entries/Linear_Programming.html", "shortname": "Linear_Programming", "title": "Linear Programming", "topic_links": [ "mathematics/algebra" ], "topics": [ "Mathematics/Algebra" ], "used_by": 0 }, { "abstract": "\u003cp\u003eThis entry contains formalisations of the answers to three of the six problem of the International Mathematical Olympiad 2019, namely Q1, Q4, and Q5.\u003c/p\u003e \u003cp\u003eThe reason why these problems were chosen is that they are particularly amenable to formalisation: they can be solved with minimal use of libraries. The remaining three concern geometry and graph theory, which, in the author's opinion, are more difficult to formalise resp. require a more complex library.\u003c/p\u003e", "authors": [ "Manuel Eberl" ], "date": "2019-08-05", "id": 217, "link": "/entries/IMO2019.html", "permalink": "/entries/IMO2019.html", "shortname": "IMO2019", "title": "Selected Problems from the International Mathematical Olympiad 2019", "topic_links": [ "mathematics/misc" ], "topics": [ "Mathematics/Misc" ], "used_by": 0 }, { "abstract": "We formalize the static properties of personal Byzantine quorum systems (PBQSs) and Stellar quorum systems, as described in the paper ``Stellar Consensus by Reduction'' (to appear at DISC 2019).", "authors": [ "Giuliano Losa" ], "date": "2019-08-01", "id": 218, "link": "/entries/Stellar_Quorums.html", "permalink": "/entries/Stellar_Quorums.html", "shortname": "Stellar_Quorums", "title": "Stellar Quorum Systems", "topic_links": [ "computer-science/algorithms/distributed" ], "topics": [ "Computer science/Algorithms/Distributed" ], "used_by": 0 }, { "abstract": "The design of complex systems involves different formalisms for modeling their different parts or aspects. The global model of a system may therefore consist of a coordination of concurrent sub-models that use different paradigms. We develop here a theory for a language used to specify the timed coordination of such heterogeneous subsystems by addressing the following issues: \u003cul\u003e\u003cli\u003ethe behavior of the sub-systems is observed only at a series of discrete instants,\u003c/li\u003e\u003cli\u003eevents may occur in different sub-systems at unrelated times, leading to polychronous systems, which do not necessarily have a common base clock,\u003c/li\u003e\u003cli\u003ecoordination between subsystems involves causality, so the occurrence of an event may enforce the occurrence of other events, possibly after a certain duration has elapsed or an event has occurred a given number of times,\u003c/li\u003e\u003cli\u003ethe domain of time (discrete, rational, continuous...) may be different in the subsystems, leading to polytimed systems,\u003c/li\u003e\u003cli\u003ethe time frames of different sub-systems may be related (for instance, time in a GPS satellite and in a GPS receiver on Earth are related although they are not the same).\u003c/li\u003e\u003c/ul\u003e Firstly, a denotational semantics of the language is defined. Then, in order to be able to incrementally check the behavior of systems, an operational semantics is given, with proofs of progress, soundness and completeness with regard to the denotational semantics. These proofs are made according to a setup that can scale up when new operators are added to the language. In order for specifications to be composed in a clean way, the language should be invariant by stuttering (i.e., adding observation instants at which nothing happens). The proof of this invariance is also given.", "authors": [ "Hai Nguyen Van", "FrĂ©dĂ©ric Boulanger", "Burkhart Wolff" ], "date": "2019-07-30", "id": 219, "link": "/entries/TESL_Language.html", "permalink": "/entries/TESL_Language.html", "shortname": "TESL_Language", "title": "A Formal Development of a Polychronous Polytimed Coordination Language", "topic_links": [ "computer-science/system-description-languages", "computer-science/semantics-and-reasoning", "computer-science/concurrency" ], "topics": [ "Computer science/System description languages", "Computer science/Semantics and reasoning", "Computer science/Concurrency" ], "used_by": 0 }, { "abstract": "This entry is concerned with the principle of order extension, i.e. the extension of an order relation to a total order relation. To this end, we prove a more general version of Szpilrajn's extension theorem employing terminology from the book \"Consistency, Choice, and Rationality\" by Bossert and Suzumura. We also formalize theorem 2.7 of their book.", "authors": [ "Peter Zeller", "Lukas Stevens" ], "date": "2019-07-27", "id": 220, "link": "/entries/Szpilrajn.html", "permalink": "/entries/Szpilrajn.html", "shortname": "Szpilrajn", "title": "Order Extension and Szpilrajn's Extension Theorem", "topic_links": [ "mathematics/order" ], "topics": [ "Mathematics/Order" ], "used_by": 1 }, { "abstract": "This work formalizes soundness and completeness of a one-sided sequent calculus for first-order logic. The completeness is shown via a translation from a complete semantic tableau calculus, the proof of which is based on the First-Order Logic According to Fitting theory. The calculi and proof techniques are taken from Ben-Ari's Mathematical Logic for Computer Science. Paper: \u003ca href=\"http://ceur-ws.org/Vol-3002/paper7.pdf\"\u003ehttp://ceur-ws.org/Vol-3002/paper7.pdf\u003c/a\u003e.", "authors": [ "Asta HalkjĂŠr From" ], "date": "2019-07-18", "id": 221, "link": "/entries/FOL_Seq_Calc1.html", "permalink": "/entries/FOL_Seq_Calc1.html", "shortname": "FOL_Seq_Calc1", "title": "A Sequent Calculus for First-Order Logic", "topic_links": [ "logic/proof-theory" ], "topics": [ "Logic/Proof theory" ], "used_by": 1 }, { "abstract": "This entry contains the formalization that accompanies my PhD thesis (see https://lars.hupel.info/research/codegen/). I develop a verified compilation toolchain from executable specifications in Isabelle/HOL to CakeML abstract syntax trees. This improves over the state-of-the-art in Isabelle by providing a trustworthy procedure for code generation.", "authors": [ "Lars Hupel" ], "date": "2019-07-08", "id": 222, "link": "/entries/CakeML_Codegen.html", "permalink": "/entries/CakeML_Codegen.html", "shortname": "CakeML_Codegen", "title": "A Verified Code Generator from Isabelle/HOL to CakeML", "topic_links": [ "computer-science/programming-languages/compiling", "logic/rewriting" ], "topics": [ "Computer science/Programming languages/Compiling", "Logic/Rewriting" ], "used_by": 0 }, { "abstract": "A monitor is a runtime verification tool that solves the following problem: Given a stream of time-stamped events and a policy formulated in a specification language, decide whether the policy is satisfied at every point in the stream. We verify the correctness of an executable monitor for specifications given as formulas in metric first-order temporal logic (MFOTL), an expressive extension of linear temporal logic with real-time constraints and first-order quantification. The verified monitor implements a simplified variant of the algorithm used in the efficient MonPoly monitoring tool. The formalization is presented in a \u003ca href=\"https://doi.org/10.1007/978-3-030-32079-9_18\"\u003eRV 2019 paper\u003c/a\u003e, which also compares the output of the verified monitor to that of other monitoring tools on randomly generated inputs. This case study revealed several errors in the optimized but unverified tools.", "authors": [ "Joshua Schneider", "Dmitriy Traytel" ], "date": "2019-07-04", "id": 223, "link": "/entries/MFOTL_Monitor.html", "permalink": "/entries/MFOTL_Monitor.html", "shortname": "MFOTL_Monitor", "title": "Formalization of a Monitoring Algorithm for Metric First-Order Temporal Logic", "topic_links": [ "computer-science/algorithms", "logic/general-logic/temporal-logic", "computer-science/automata-and-formal-languages" ], "topics": [ "Computer science/Algorithms", "Logic/General logic/Temporal logic", "Computer science/Automata and formal languages" ], "used_by": 2 }, { "abstract": "We develop an Isabelle/HOL library of order-theoretic concepts, such as various completeness conditions and fixed-point theorems. We keep our formalization as general as possible: we reprove several well-known results about complete orders, often without any properties of ordering, thus complete non-orders. In particular, we generalize the Knaster–Tarski theorem so that we ensure the existence of a quasi-fixed point of monotone maps over complete non-orders, and show that the set of quasi-fixed points is complete under a mild condition—attractivity—which is implied by either antisymmetry or transitivity. This result generalizes and strengthens a result by Stauti and Maaden. Finally, we recover Kleene’s fixed-point theorem for omega-complete non-orders, again using attractivity to prove that Kleene’s fixed points are least quasi-fixed points.", "authors": [ "Akihisa Yamada", "JĂ©rĂ©my Dubut" ], "date": "2019-06-27", "id": 224, "link": "/entries/Complete_Non_Orders.html", "permalink": "/entries/Complete_Non_Orders.html", "shortname": "Complete_Non_Orders", "title": "Complete Non-Orders and Fixed Points", "topic_links": [ "mathematics/order" ], "topics": [ "Mathematics/Order" ], "used_by": 0 }, { "abstract": "We present a new, purely functional, simple and efficient data structure combining a search tree and a priority queue, which we call a \u003cem\u003epriority search tree\u003c/em\u003e. The salient feature of priority search trees is that they offer a decrease-key operation, something that is missing from other simple, purely functional priority queue implementations. Priority search trees can be implemented on top of any search tree. This entry does the implementation for red-black trees. This entry formalizes the first part of our ITP-2019 proof pearl \u003cem\u003ePurely Functional, Simple and Efficient Priority Search Trees and Applications to Prim and Dijkstra\u003c/em\u003e.", "authors": [ "Peter Lammich", "Tobias Nipkow" ], "date": "2019-06-25", "id": 225, "link": "/entries/Priority_Search_Trees.html", "permalink": "/entries/Priority_Search_Trees.html", "shortname": "Priority_Search_Trees", "title": "Priority Search Trees", "topic_links": [ "computer-science/data-structures" ], "topics": [ "Computer science/Data structures" ], "used_by": 1 }, { "abstract": "We verify purely functional, simple and efficient implementations of Prim's and Dijkstra's algorithms. This constitutes the first verification of an executable and even efficient version of Prim's algorithm. This entry formalizes the second part of our ITP-2019 proof pearl \u003cem\u003ePurely Functional, Simple and Efficient Priority Search Trees and Applications to Prim and Dijkstra\u003c/em\u003e.", "authors": [ "Peter Lammich", "Tobias Nipkow" ], "date": "2019-06-25", "id": 226, "link": "/entries/Prim_Dijkstra_Simple.html", "permalink": "/entries/Prim_Dijkstra_Simple.html", "shortname": "Prim_Dijkstra_Simple", "title": "Purely Functional, Simple, and Efficient Implementation of Prim and Dijkstra", "topic_links": [ "computer-science/algorithms/graph" ], "topics": [ "Computer science/Algorithms/Graph" ], "used_by": 0 }, { "abstract": "We formalize results about linear inqualities, mainly from Schrijver's book. The main results are the proof of the fundamental theorem on linear inequalities, Farkas' lemma, CarathĂ©odory's theorem, the Farkas-Minkowsky-Weyl theorem, the decomposition theorem of polyhedra, and Meyer's result that the integer hull of a polyhedron is a polyhedron itself. Several theorems include bounds on the appearing numbers, and in particular we provide an a-priori bound on mixed-integer solutions of linear inequalities.", "authors": [ "Ralph Bottesch", "Alban Reynaud", "RenĂ© Thiemann" ], "date": "2019-06-21", "id": 227, "link": "/entries/Linear_Inequalities.html", "permalink": "/entries/Linear_Inequalities.html", "shortname": "Linear_Inequalities", "title": "Linear Inequalities", "topic_links": [ "mathematics/algebra" ], "topics": [ "Mathematics/Algebra" ], "used_by": 2 }, { "abstract": "This entry formalizes Hilbert's Nullstellensatz, an important theorem in algebraic geometry that can be viewed as the generalization of the Fundamental Theorem of Algebra to multivariate polynomials: If a set of (multivariate) polynomials over an algebraically closed field has no common zero, then the ideal it generates is the entire polynomial ring. The formalization proves several equivalent versions of this celebrated theorem: the weak Nullstellensatz, the strong Nullstellensatz (connecting algebraic varieties and radical ideals), and the field-theoretic Nullstellensatz. The formalization follows Chapter 4.1. of \u003ca href=\"https://link.springer.com/book/10.1007/978-0-387-35651-8\"\u003eIdeals, Varieties, and Algorithms\u003c/a\u003e by Cox, Little and O'Shea.", "authors": [ "Alexander Maletzky" ], "date": "2019-06-16", "id": 228, "link": "/entries/Nullstellensatz.html", "permalink": "/entries/Nullstellensatz.html", "shortname": "Nullstellensatz", "title": "Hilbert's Nullstellensatz", "topic_links": [ "mathematics/algebra", "mathematics/geometry" ], "topics": [ "Mathematics/Algebra", "Mathematics/Geometry" ], "used_by": 0 }, { "abstract": "This entry formalizes the connection between Gröbner bases and Macaulay matrices (sometimes also referred to as `generalized Sylvester matrices'). In particular, it contains a method for computing Gröbner bases, which proceeds by first constructing some Macaulay matrix of the initial set of polynomials, then row-reducing this matrix, and finally converting the result back into a set of polynomials. The output is shown to be a Gröbner basis if the Macaulay matrix constructed in the first step is sufficiently large. In order to obtain concrete upper bounds on the size of the matrix (and hence turn the method into an effectively executable algorithm), DubĂ©'s degree bounds on Gröbner bases are utilized; consequently, they are also part of the formalization.", "authors": [ "Alexander Maletzky" ], "date": "2019-06-15", "id": 229, "link": "/entries/Groebner_Macaulay.html", "permalink": "/entries/Groebner_Macaulay.html", "shortname": "Groebner_Macaulay", "title": "Gröbner Bases, Macaulay Matrices and DubĂ©'s Degree Bounds", "topic_links": [ "mathematics/algebra" ], "topics": [ "Mathematics/Algebra" ], "used_by": 0 }, { "abstract": "In this submission array-based binary minimum heaps are formalized. The correctness of the following heap operations is proved: insert, get-min, delete-min and make-heap. These are then used to verify an in-place heapsort. The formalization is based on IMP2, an imperative program verification framework implemented in Isabelle/HOL. The verified heap functions are iterative versions of the partly recursive functions found in \"Algorithms and Data Structures – The Basic Toolbox\" by K. Mehlhorn and P. Sanders and \"Introduction to Algorithms\" by T. H. Cormen, C. E. Leiserson, R. L. Rivest and C. Stein.", "authors": [ "Simon Griebel" ], "date": "2019-06-13", "id": 230, "link": "/entries/IMP2_Binary_Heap.html", "permalink": "/entries/IMP2_Binary_Heap.html", "shortname": "IMP2_Binary_Heap", "title": "Binary Heaps for IMP2", "topic_links": [ "computer-science/data-structures", "computer-science/algorithms" ], "topics": [ "Computer science/Data structures", "Computer science/Algorithms" ], "used_by": 0 }, { "abstract": "This formalization provides differential game logic (dGL), a logic for proving properties of hybrid game. In addition to the syntax and semantics, it formalizes a uniform substitution calculus for dGL. Church's uniform substitutions substitute a term or formula for a function or predicate symbol everywhere. The uniform substitutions for dGL also substitute hybrid games for a game symbol everywhere. We prove soundness of one-pass uniform substitutions and the axioms of differential game logic with respect to their denotational semantics. One-pass uniform substitutions are faster by postponing soundness-critical admissibility checks with a linear pass homomorphic application and regain soundness by a variable condition at the replacements. The formalization is based on prior non-mechanized soundness proofs for dGL.", "authors": [ "AndrĂ© Platzer" ], "date": "2019-06-03", "id": 231, "link": "/entries/Differential_Game_Logic.html", "permalink": "/entries/Differential_Game_Logic.html", "shortname": "Differential_Game_Logic", "title": "Differential Game Logic", "topic_links": [ "computer-science/programming-languages/logics" ], "topics": [ "Computer science/Programming languages/Logics" ], "used_by": 0 }, { "abstract": "This entry provides a formalization of multidimensional binary trees, also known as k-d trees. It includes a balanced build algorithm as well as the nearest neighbor algorithm and the range search algorithm. It is based on the papers \u003ca href=\"https://dl.acm.org/citation.cfm?doid=361002.361007\"\u003eMultidimensional binary search trees used for associative searching\u003c/a\u003e and \u003ca href=\"https://dl.acm.org/citation.cfm?doid=355744.355745\"\u003e An Algorithm for Finding Best Matches in Logarithmic Expected Time\u003c/a\u003e.", "authors": [ "Martin Rau" ], "date": "2019-05-30", "id": 232, "link": "/entries/KD_Tree.html", "permalink": "/entries/KD_Tree.html", "shortname": "KD_Tree", "title": "Multidimensional Binary Search Trees", "topic_links": [ "computer-science/data-structures" ], "topics": [ "Computer science/Data structures" ], "used_by": 0 }, { "abstract": "Authenticated data structures are a technique for outsourcing data storage and maintenance to an untrusted server. The server is required to produce an efficiently checkable and cryptographically secure proof that it carried out precisely the requested computation. \u003ca href=\"https://doi.org/10.1145/2535838.2535851\"\u003eMiller et al.\u003c/a\u003e introduced \u0026lambda;\u0026bull; (pronounced \u003ci\u003elambda auth\u003c/i\u003e)\u0026mdash;a functional programming language with a built-in primitive authentication construct, which supports a wide range of user-specified authenticated data structures while guaranteeing certain correctness and security properties for all well-typed programs. We formalize \u0026lambda;\u0026bull; and prove its correctness and security properties. With Isabelle's help, we uncover and repair several mistakes in the informal proofs and lemma statements. Our findings are summarized in an \u003ca href=\"https://doi.org/10.4230/LIPIcs.ITP.2019.10\"\u003eITP'19 paper\u003c/a\u003e.", "authors": [ "Matthias Brun", "Dmitriy Traytel" ], "date": "2019-05-14", "id": 233, "link": "/entries/LambdaAuth.html", "permalink": "/entries/LambdaAuth.html", "shortname": "LambdaAuth", "title": "Formalization of Generic Authenticated Data Structures", "topic_links": [ "computer-science/security", "computer-science/programming-languages/lambda-calculi" ], "topics": [ "Computer science/Security", "Computer science/Programming languages/Lambda calculi" ], "used_by": 0 }, { "abstract": "We use CryptHOL to consider Multi-Party Computation (MPC) protocols. MPC was first considered by Yao in 1983 and recent advances in efficiency and an increased demand mean it is now deployed in the real world. Security is considered using the real/ideal world paradigm. We first define security in the semi-honest security setting where parties are assumed not to deviate from the protocol transcript. In this setting we prove multiple Oblivious Transfer (OT) protocols secure and then show security for the gates of the GMW protocol. We then define malicious security, this is a stronger notion of security where parties are assumed to be fully corrupted by an adversary. In this setting we again consider OT, as it is a fundamental building block of almost all MPC protocols.", "authors": [ "David Aspinall", "David Butler" ], "date": "2019-05-09", "id": 234, "link": "/entries/Multi_Party_Computation.html", "permalink": "/entries/Multi_Party_Computation.html", "shortname": "Multi_Party_Computation", "title": "Multi-Party Computation", "topic_links": [ "computer-science/security" ], "topics": [ "Computer science/Security" ], "used_by": 0 }, { "abstract": "This is a complete formalization of the work of Hoare and Roscoe on the denotational semantics of the Failure/Divergence Model of CSP. It follows essentially the presentation of CSP in Roscoe’s Book ”Theory and Practice of Concurrency” [8] and the semantic details in a joint Paper of Roscoe and Brooks ”An improved failures model for communicating processes\". The present work is based on a prior formalization attempt, called HOL-CSP 1.0, done in 1997 by H. Tej and B. Wolff with the Isabelle proof technology available at that time. This work revealed minor, but omnipresent foundational errors in key concepts like the process invariant. The present version HOL-CSP profits from substantially improved libraries (notably HOLCF), improved automated proof techniques, and structured proof techniques in Isar and is substantially shorter but more complete.", "authors": [ "Safouan Taha", "Lina Ye", "Burkhart Wolff" ], "date": "2019-04-26", "id": 235, "link": "/entries/HOL-CSP.html", "permalink": "/entries/HOL-CSP.html", "shortname": "HOL-CSP", "title": "HOL-CSP Version 2.0", "topic_links": [ "computer-science/concurrency/process-calculi", "computer-science/semantics-and-reasoning" ], "topics": [ "Computer science/Concurrency/Process calculi", "Computer science/Semantics and reasoning" ], "used_by": 1 }, { "abstract": "We present a formalisation of the unified translation approach of linear temporal logic (LTL) into ω-automata from [1]. This approach decomposes LTL formulas into ``simple'' languages and allows a clear separation of concerns: first, we formalise the purely logical result yielding this decomposition; second, we instantiate this generic theory to obtain a construction for deterministic (state-based) Rabin automata (DRA). We extract from this particular instantiation an executable tool translating LTL to DRAs. To the best of our knowledge this is the first verified translation from LTL to DRAs that is proven to be double exponential in the worst case which asymptotically matches the known lower bound. \u003cp\u003e [1] Javier Esparza, Jan KretĂ­nskĂœ, Salomon Sickert. One Theorem to Rule Them All: A Unified Translation of LTL into ω-Automata. LICS 2018", "authors": [ "Benedikt Seidl", "Salomon Sickert" ], "date": "2019-04-16", "id": 236, "link": "/entries/LTL_Master_Theorem.html", "permalink": "/entries/LTL_Master_Theorem.html", "shortname": "LTL_Master_Theorem", "title": "A Compositional and Unified Translation of LTL into ω-Automata", "topic_links": [ "computer-science/automata-and-formal-languages" ], "topics": [ "Computer science/Automata and formal languages" ], "used_by": 1 }, { "abstract": "We formalize a theory of syntax with bindings that has been developed and refined over the last decade to support several large formalization efforts. Terms are defined for an arbitrary number of constructors of varying numbers of inputs, quotiented to alpha-equivalence and sorted according to a binding signature. The theory includes many properties of the standard operators on terms: substitution, swapping and freshness. It also includes bindings-aware induction and recursion principles and support for semantic interpretation. This work has been presented in the ITP 2017 paper “A Formalized General Theory of Syntax with Bindings”.", "authors": [ "Lorenzo Gheri", "Andrei Popescu" ], "date": "2019-04-06", "id": 237, "link": "/entries/Binding_Syntax_Theory.html", "permalink": "/entries/Binding_Syntax_Theory.html", "shortname": "Binding_Syntax_Theory", "title": "A General Theory of Syntax with Bindings", "topic_links": [ "computer-science/programming-languages/lambda-calculi", "computer-science/functional-programming", "logic/general-logic/mechanization-of-proofs" ], "topics": [ "Computer science/Programming languages/Lambda calculi", "Computer science/Functional programming", "Logic/General logic/Mechanization of proofs" ], "used_by": 0 }, { "abstract": "We formalize the proofs of two transcendence criteria by J. Hančl and P. Rucki that assert the transcendence of the sums of certain infinite series built up by sequences that fulfil certain properties. Both proofs make use of Roth's celebrated theorem on diophantine approximations to algebraic numbers from 1955 which we implement as an assumption without having formalised its proof.", "authors": [ "Angeliki Koutsoukou-Argyraki", "Wenda Li" ], "date": "2019-03-27", "id": 238, "link": "/entries/Transcendence_Series_Hancl_Rucki.html", "permalink": "/entries/Transcendence_Series_Hancl_Rucki.html", "shortname": "Transcendence_Series_Hancl_Rucki", "title": "The Transcendence of Certain Infinite Series", "topic_links": [ "mathematics/analysis", "mathematics/number-theory" ], "topics": [ "Mathematics/Analysis", "Mathematics/Number theory" ], "used_by": 0 }, { "abstract": "We formalize quantum Hoare logic as given in [1]. In particular, we specify the syntax and denotational semantics of a simple model of quantum programs. Then, we write down the rules of quantum Hoare logic for partial correctness, and show the soundness and completeness of the resulting proof system. As an application, we verify the correctness of Grover’s algorithm.", "authors": [ "Junyi Liu", "Bohua Zhan", "Shuling Wang", "Shenggang Ying", "Tao Liu", "Yangjia Li", "Mingsheng Ying", "Naijun Zhan" ], "date": "2019-03-24", "id": 239, "link": "/entries/QHLProver.html", "permalink": "/entries/QHLProver.html", "shortname": "QHLProver", "title": "Quantum Hoare Logic", "topic_links": [ "computer-science/programming-languages/logics", "computer-science/semantics-and-reasoning" ], "topics": [ "Computer science/Programming languages/Logics", "Computer science/Semantics and reasoning" ], "used_by": 1 }, { "abstract": "\u003cp\u003eThe theory is a formalization of the \u003ca href=\"https://www.omg.org/spec/OCL/\"\u003eOCL\u003c/a\u003e type system, its abstract syntax and expression typing rules. The theory does not define a concrete syntax and a semantics. In contrast to \u003ca href=\"https://www.isa-afp.org/entries/Featherweight_OCL.html\"\u003eFeatherweight OCL\u003c/a\u003e, it is based on a deep embedding approach. The type system is defined from scratch, it is not based on the Isabelle HOL type system.\u003c/p\u003e \u003cp\u003eThe Safe OCL distincts nullable and non-nullable types. Also the theory gives a formal definition of \u003ca href=\"http://ceur-ws.org/Vol-1512/paper07.pdf\"\u003esafe navigation operations\u003c/a\u003e. The Safe OCL typing rules are much stricter than rules given in the OCL specification. It allows one to catch more errors on a type checking phase.\u003c/p\u003e \u003cp\u003eThe type theory presented is four-layered: classes, basic types, generic types, errorable types. We introduce the following new types: non-nullable types (T[1]), nullable types (T[?]), OclSuper. OclSuper is a supertype of all other types (basic types, collections, tuples). This type allows us to define a total supremum function, so types form an upper semilattice. It allows us to define rich expression typing rules in an elegant manner.\u003c/p\u003e \u003cp\u003eThe Preliminaries Chapter of the theory defines a number of helper lemmas for transitive closures and tuples. It defines also a generic object model independent from OCL. It allows one to use the theory as a reference for formalization of analogous languages.\u003c/p\u003e", "authors": [ "Denis Nikiforov" ], "date": "2019-03-09", "id": 240, "link": "/entries/Safe_OCL.html", "permalink": "/entries/Safe_OCL.html", "shortname": "Safe_OCL", "title": "Safe OCL", "topic_links": [ "computer-science/programming-languages/language-definitions" ], "topics": [ "Computer science/Programming languages/Language definitions" ], "used_by": 0 }, { "abstract": "\u003cp\u003eThis entry is a formalisation of Chapter 4 (and parts of Chapter 3) of Apostol's \u003ca href=\"https://www.springer.com/de/book/9780387901633\"\u003e\u003cem\u003eIntroduction to Analytic Number Theory\u003c/em\u003e\u003c/a\u003e. The main topics that are addressed are properties of the distribution of prime numbers that can be shown in an elementary way (i.\u0026thinsp;e. without the Prime Number Theorem), the various equivalent forms of the PNT (which imply each other in elementary ways), and consequences that follow from the PNT in elementary ways. The latter include, most notably, asymptotic bounds for the number of distinct prime factors of \u003cem\u003en\u003c/em\u003e, the divisor function \u003cem\u003ed(n)\u003c/em\u003e, Euler's totient function \u003cem\u003e\u0026phi;(n)\u003c/em\u003e, and lcm(1,\u0026hellip;,\u003cem\u003en\u003c/em\u003e).\u003c/p\u003e", "authors": [ "Manuel Eberl" ], "date": "2019-02-21", "id": 241, "link": "/entries/Prime_Distribution_Elementary.html", "permalink": "/entries/Prime_Distribution_Elementary.html", "shortname": "Prime_Distribution_Elementary", "title": "Elementary Facts About the Distribution of Primes", "topic_links": [ "mathematics/number-theory" ], "topics": [ "Mathematics/Number theory" ], "used_by": 3 }, { "abstract": "This Isabelle/HOL formalization defines a greedy algorithm for finding a minimum weight basis on a weighted matroid and proves its correctness. This algorithm is an abstract version of Kruskal's algorithm. We interpret the abstract algorithm for the cycle matroid (i.e. forests in a graph) and refine it to imperative executable code using an efficient union-find data structure. Our formalization can be instantiated for different graph representations. We provide instantiations for undirected graphs and symmetric directed graphs.", "authors": [ "Maximilian P. L. Haslbeck", "Peter Lammich", "Julian Biendarra" ], "date": "2019-02-14", "id": 242, "link": "/entries/Kruskal.html", "permalink": "/entries/Kruskal.html", "shortname": "Kruskal", "title": "Kruskal's Algorithm for Minimum Spanning Forest", "topic_links": [ "computer-science/algorithms/graph" ], "topics": [ "Computer science/Algorithms/Graph" ], "used_by": 0 }, { "abstract": "\u003cp\u003eThe most efficient known primality tests are \u003cem\u003eprobabilistic\u003c/em\u003e in the sense that they use randomness and may, with some probability, mistakenly classify a composite number as prime \u0026ndash; but never a prime number as composite. Examples of this are the Miller\u0026ndash;Rabin test, the Solovay\u0026ndash;Strassen test, and (in most cases) Fermat's test.\u003c/p\u003e \u003cp\u003eThis entry defines these three tests and proves their correctness. It also develops some of the number-theoretic foundations, such as Carmichael numbers and the Jacobi symbol with an efficient executable algorithm to compute it.\u003c/p\u003e", "authors": [ "Daniel StĂŒwe", "Manuel Eberl" ], "date": "2019-02-11", "id": 243, "link": "/entries/Probabilistic_Prime_Tests.html", "permalink": "/entries/Probabilistic_Prime_Tests.html", "shortname": "Probabilistic_Prime_Tests", "title": "Probabilistic Primality Testing", "topic_links": [ "mathematics/number-theory" ], "topics": [ "Mathematics/Number theory" ], "used_by": 1 }, { "abstract": "We formalise results from computability theory: recursive functions, undecidability of the halting problem, and the existence of a universal Turing machine. This formalisation is the AFP entry corresponding to the paper Mechanising Turing Machines and Computability Theory in Isabelle/HOL, ITP 2013.", "authors": [ "Jian Xu", "Xingyuan Zhang", "Christian Urban", "Sebastiaan J. C. Joosten" ], "date": "2019-02-08", "id": 244, "link": "/entries/Universal_Turing_Machine.html", "permalink": "/entries/Universal_Turing_Machine.html", "shortname": "Universal_Turing_Machine", "title": "Universal Turing Machine", "topic_links": [ "logic/computability", "computer-science/automata-and-formal-languages" ], "topics": [ "Logic/Computability", "Computer science/Automata and formal languages" ], "used_by": 0 }, { "abstract": "Isabelle/UTP is a mechanised theory engineering toolkit based on Hoare and He’s Unifying Theories of Programming (UTP). UTP enables the creation of denotational, algebraic, and operational semantics for different programming languages using an alphabetised relational calculus. We provide a semantic embedding of the alphabetised relational calculus in Isabelle/HOL, including new type definitions, relational constructors, automated proof tactics, and accompanying algebraic laws. Isabelle/UTP can be used to both capture laws of programming for different languages, and put these fundamental theorems to work in the creation of associated verification tools, using calculi like Hoare logics. This document describes the relational core of the UTP in Isabelle/HOL.", "authors": [ "Simon Foster", "Frank Zeyda", "Yakoub Nemouchi", "Pedro Ribeiro", "Burkhart Wolff" ], "date": "2019-02-01", "id": 245, "link": "/entries/UTP.html", "permalink": "/entries/UTP.html", "shortname": "UTP", "title": "Isabelle/UTP: Mechanised Theory Engineering for Unifying Theories of Programming", "topic_links": [ "computer-science/programming-languages/logics" ], "topics": [ "Computer science/Programming languages/Logics" ], "used_by": 0 }, { "abstract": "\u003cp\u003eThis entry defines the set of \u003cem\u003einversions\u003c/em\u003e of a list, i.e. the pairs of indices that violate sortedness. It also proves the correctness of the well-known \u003cem\u003eO\u003c/em\u003e(\u003cem\u003en log n\u003c/em\u003e) divide-and-conquer algorithm to compute the number of inversions.\u003c/p\u003e", "authors": [ "Manuel Eberl" ], "date": "2019-02-01", "id": 246, "link": "/entries/List_Inversions.html", "permalink": "/entries/List_Inversions.html", "shortname": "List_Inversions", "title": "The Inversions of a List", "topic_links": [ "computer-science/algorithms" ], "topics": [ "Computer science/Algorithms" ], "used_by": 0 }, { "abstract": "We formalize a proof of Motzkin's transposition theorem and Farkas' lemma in Isabelle/HOL. Our proof is based on the formalization of the simplex algorithm which, given a set of linear constraints, either returns a satisfying assignment to the problem or detects unsatisfiability. By reusing facts about the simplex algorithm we show that a set of linear constraints is unsatisfiable if and only if there is a linear combination of the constraints which evaluates to a trivially unsatisfiable inequality.", "authors": [ "Ralph Bottesch", "Max W. Haslbeck", "RenĂ© Thiemann" ], "date": "2019-01-17", "id": 247, "link": "/entries/Farkas.html", "permalink": "/entries/Farkas.html", "shortname": "Farkas", "title": "Farkas' Lemma and Motzkin's Transposition Theorem", "topic_links": [ "mathematics/algebra" ], "topics": [ "Mathematics/Algebra" ], "used_by": 1 }, { "abstract": "In this formalization, I introduce a higher-order term algebra, generalizing the notions of free variables, matching, and substitution. The need arose from the work on a \u003ca href=\"http://dx.doi.org/10.1007/978-3-319-89884-1_35\"\u003everified compiler from Isabelle to CakeML\u003c/a\u003e. Terms can be thought of as consisting of a generic (free variables, constants, application) and a specific part. As example applications, this entry provides instantiations for de-Bruijn terms, terms with named variables, and \u003ca href=\"https://www.isa-afp.org/entries/Lambda_Free_RPOs.html\"\u003eBlanchette’s \u0026lambda;-free higher-order terms\u003c/a\u003e. Furthermore, I implement translation functions between de-Bruijn terms and named terms and prove their correctness.", "authors": [ "Lars Hupel" ], "date": "2019-01-15", "id": 248, "link": "/entries/Higher_Order_Terms.html", "permalink": "/entries/Higher_Order_Terms.html", "shortname": "Higher_Order_Terms", "title": "An Algebra for Higher-Order Terms", "topic_links": [ "computer-science/programming-languages/lambda-calculi" ], "topics": [ "Computer science/Programming languages/Lambda calculi" ], "used_by": 1 }, { "abstract": "IMP2 is a simple imperative language together with Isabelle tooling to create a program verification environment in Isabelle/HOL. The tools include a C-like syntax, a verification condition generator, and Isabelle commands for the specification of programs. The framework is modular, i.e., it allows easy reuse of already proved programs within larger programs. This entry comes with a quickstart guide and a large collection of examples, spanning basic algorithms with simple proofs to more advanced algorithms and proof techniques like data refinement. Some highlights from the examples are: \u003cul\u003e \u003cli\u003eBisection Square Root, \u003c/li\u003e \u003cli\u003eExtended Euclid, \u003c/li\u003e \u003cli\u003eExponentiation by Squaring, \u003c/li\u003e \u003cli\u003eBinary Search, \u003c/li\u003e \u003cli\u003eInsertion Sort, \u003c/li\u003e \u003cli\u003eQuicksort, \u003c/li\u003e \u003cli\u003eDepth First Search. \u003c/li\u003e \u003c/ul\u003e The abstract syntax and semantics are very simple and well-documented. They are suitable to be used in a course, as extension to the IMP language which comes with the Isabelle distribution. While this entry is limited to a simple imperative language, the ideas could be extended to more sophisticated languages.", "authors": [ "Peter Lammich", "Simon Wimmer" ], "date": "2019-01-15", "id": 249, "link": "/entries/IMP2.html", "permalink": "/entries/IMP2.html", "shortname": "IMP2", "title": "IMP2 – Simple Program Verification in Isabelle/HOL", "topic_links": [ "computer-science/programming-languages/logics", "computer-science/algorithms" ], "topics": [ "Computer science/Programming languages/Logics", "Computer science/Algorithms" ], "used_by": 1 }, { "abstract": "When verifying a concurrent program, it is usual to assume that memory is sequentially consistent. However, most modern multiprocessors depend on store buffering for efficiency, and provide native sequential consistency only at a substantial performance penalty. To regain sequential consistency, a programmer has to follow an appropriate programming discipline. However, na\u0026iuml;ve disciplines, such as protecting all shared accesses with locks, are not flexible enough for building high-performance multiprocessor software. We present a new discipline for concurrent programming under TSO (total store order, with store buffer forwarding). It does not depend on concurrency primitives, such as locks. Instead, threads use ghost operations to acquire and release ownership of memory addresses. A thread can write to an address only if no other thread owns it, and can read from an address only if it owns it or it is shared and the thread has flushed its store buffer since it last wrote to an address it did not own. This discipline covers both coarse-grained concurrency (where data is protected by locks) as well as fine-grained concurrency (where atomic operations race to memory). We formalize this discipline in Isabelle/HOL, and prove that if every execution of a program in a system without store buffers follows the discipline, then every execution of the program with store buffers is sequentially consistent. Thus, we can show sequential consistency under TSO by ordinary assertional reasoning about the program, without having to consider store buffers at all.", "authors": [ "Ernie Cohen", "Norbert Schirmer" ], "date": "2019-01-07", "id": 250, "link": "/entries/Store_Buffer_Reduction.html", "permalink": "/entries/Store_Buffer_Reduction.html", "shortname": "Store_Buffer_Reduction", "title": "A Reduction Theorem for Store Buffers", "topic_links": [ "computer-science/concurrency" ], "topics": [ "Computer science/Concurrency" ], "used_by": 0 }, { "abstract": "In this AFP entry, we formalize the core of the Document Object Model (DOM). At its core, the DOM defines a tree-like data structure for representing documents in general and HTML documents in particular. It is the heart of any modern web browser. Formalizing the key concepts of the DOM is a prerequisite for the formal reasoning over client-side JavaScript programs and for the analysis of security concepts in modern web browsers. We present a formalization of the core DOM, with focus on the node-tree and the operations defined on node-trees, in Isabelle/HOL. We use the formalization to verify the functional correctness of the most important functions defined in the DOM standard. Moreover, our formalization is 1) extensible, i.e., can be extended without the need of re-proving already proven properties and 2) executable, i.e., we can generate executable code from our specification.", "authors": [ "Achim D. Brucker", "Michael Herzberg" ], "date": "2018-12-26", "id": 251, "link": "/entries/Core_DOM.html", "permalink": "/entries/Core_DOM.html", "shortname": "Core_DOM", "title": "A Formal Model of the Document Object Model", "topic_links": [ "computer-science/data-structures" ], "topics": [ "Computer science/Data structures" ], "used_by": 1 }, { "abstract": "Concurrent revisions is a concurrency control model developed by Microsoft Research. It has many interesting properties that distinguish it from other well-known models such as transactional memory. One of these properties is \u003cem\u003edeterminacy\u003c/em\u003e: programs written within the model always produce the same outcome, independent of scheduling activity. The concurrent revisions model has an operational semantics, with an informal proof of determinacy. This document contains an Isabelle/HOL formalization of this semantics and the proof of determinacy.", "authors": [ "Roy Overbeek" ], "date": "2018-12-25", "id": 252, "link": "/entries/Concurrent_Revisions.html", "permalink": "/entries/Concurrent_Revisions.html", "shortname": "Concurrent_Revisions", "title": "Formalization of Concurrent Revisions", "topic_links": [ "computer-science/concurrency" ], "topics": [ "Computer science/Concurrency" ], "used_by": 0 }, { "abstract": "This entry contains the application of auto2 to verifying functional and imperative programs. Algorithms and data structures that are verified include linked lists, binary search trees, red-black trees, interval trees, priority queue, quicksort, union-find, Dijkstra's algorithm, and a sweep-line algorithm for detecting rectangle intersection. The imperative verification is based on Imperative HOL and its separation logic framework. A major goal of this work is to set up automation in order to reduce the length of proof that the user needs to provide, both for verifying functional programs and for working with separation logic.", "authors": [ "Bohua Zhan" ], "date": "2018-12-21", "id": 253, "link": "/entries/Auto2_Imperative_HOL.html", "permalink": "/entries/Auto2_Imperative_HOL.html", "shortname": "Auto2_Imperative_HOL", "title": "Verifying Imperative Programs using Auto2", "topic_links": [ "computer-science/algorithms", "computer-science/data-structures" ], "topics": [ "Computer science/Algorithms", "Computer science/Data structures" ], "used_by": 0 }, { "abstract": "Inspired by Abstract Cryptography, we extend CryptHOL, a framework for formalizing game-based proofs, with an abstract model of Random Systems and provide proof rules about their composition and equality. This foundation facilitates the formalization of Constructive Cryptography proofs, where the security of a cryptographic scheme is realized as a special form of construction in which a complex random system is built from simpler ones. This is a first step towards a fully-featured compositional framework, similar to Universal Composability framework, that supports formalization of simulation-based proofs.", "authors": [ "Andreas Lochbihler", "S. Reza Sefidgar" ], "date": "2018-12-17", "id": 254, "link": "/entries/Constructive_Cryptography.html", "permalink": "/entries/Constructive_Cryptography.html", "shortname": "Constructive_Cryptography", "title": "Constructive Cryptography in HOL", "topic_links": [ "computer-science/security/cryptography", "mathematics/probability-theory" ], "topics": [ "Computer science/Security/Cryptography", "Mathematics/Probability theory" ], "used_by": 1 }, { "abstract": "These components add further fundamental order and lattice-theoretic concepts and properties to Isabelle's libraries. They follow by and large the introductory sections of the Compendium of Continuous Lattices, covering directed and filtered sets, down-closed and up-closed sets, ideals and filters, Galois connections, closure and co-closure operators. Some emphasis is on duality and morphisms between structures, as in the Compendium. To this end, three ad-hoc approaches to duality are compared.", "authors": [ "Georg Struth" ], "date": "2018-12-11", "id": 255, "link": "/entries/Order_Lattice_Props.html", "permalink": "/entries/Order_Lattice_Props.html", "shortname": "Order_Lattice_Props", "title": "Properties of Orderings and Lattices", "topic_links": [ "mathematics/order" ], "topics": [ "Mathematics/Order" ], "used_by": 2 }, { "abstract": "These mathematical components formalise basic properties of quantales, together with some important models, constructions, and concepts, including quantic nuclei and conuclei.", "authors": [ "Georg Struth" ], "date": "2018-12-11", "id": 256, "link": "/entries/Quantales.html", "permalink": "/entries/Quantales.html", "shortname": "Quantales", "title": "Quantales", "topic_links": [ "mathematics/algebra" ], "topics": [ "Mathematics/Algebra" ], "used_by": 1 }, { "abstract": "These mathematical components formalise predicate transformer semantics for programs, yet currently only for partial correctness and in the absence of faults. A first part for isotone (or monotone), Sup-preserving and Inf-preserving transformers follows Back and von Wright's approach, with additional emphasis on the quantalic structure of algebras of transformers. The second part develops Sup-preserving and Inf-preserving predicate transformers from the powerset monad, via its Kleisli category and Eilenberg-Moore algebras, with emphasis on adjunctions and dualities, as well as isomorphisms between relations, state transformers and predicate transformers.", "authors": [ "Georg Struth" ], "date": "2018-12-11", "id": 257, "link": "/entries/Transformer_Semantics.html", "permalink": "/entries/Transformer_Semantics.html", "shortname": "Transformer_Semantics", "title": "Transformer Semantics", "topic_links": [ "mathematics/algebra", "computer-science/semantics-and-reasoning" ], "topics": [ "Mathematics/Algebra", "Computer science/Semantics and reasoning" ], "used_by": 1 }, { "abstract": "This Isabelle/HOL formalization refines the abstract ordered resolution prover presented in Section 4.3 of Bachmair and Ganzinger's \"Resolution Theorem Proving\" chapter in the \u003ci\u003eHandbook of Automated Reasoning\u003c/i\u003e. The result is a functional implementation of a first-order prover.", "authors": [ "Anders Schlichtkrull", "Jasmin Christian Blanchette", "Dmitriy Traytel" ], "date": "2018-11-23", "id": 258, "link": "/entries/Functional_Ordered_Resolution_Prover.html", "permalink": "/entries/Functional_Ordered_Resolution_Prover.html", "shortname": "Functional_Ordered_Resolution_Prover", "title": "A Verified Functional Implementation of Bachmair and Ganzinger's Ordered Resolution Prover", "topic_links": [ "logic/general-logic/mechanization-of-proofs" ], "topics": [ "Logic/General logic/Mechanization of proofs" ], "used_by": 0 }, { "abstract": "This is an Isabelle/HOL formalisation of graph saturation, closely following a \u003ca href=\"https://doi.org/10.1016/j.jlamp.2018.06.005\"\u003epaper by the author\u003c/a\u003e on graph saturation. Nine out of ten lemmas of the original paper are proven in this formalisation. The formalisation additionally includes two theorems that show the main premise of the paper: that consistency and entailment are decided through graph saturation. This formalisation does not give executable code, and it did not implement any of the optimisations suggested in the paper.", "authors": [ "Sebastiaan J. C. Joosten" ], "date": "2018-11-23", "id": 259, "link": "/entries/Graph_Saturation.html", "permalink": "/entries/Graph_Saturation.html", "shortname": "Graph_Saturation", "title": "Graph Saturation", "topic_links": [ "logic/rewriting", "mathematics/graph-theory" ], "topics": [ "Logic/Rewriting", "Mathematics/Graph theory" ], "used_by": 0 }, { "abstract": "Auto2 is a saturation-based heuristic prover for higher-order logic, implemented as a tactic in Isabelle. This entry contains the instantiation of auto2 for Isabelle/HOL, along with two basic examples: solutions to some of the Pelletier’s problems, and elementary number theory of primes.", "authors": [ "Bohua Zhan" ], "date": "2018-11-20", "id": 260, "link": "/entries/Auto2_HOL.html", "permalink": "/entries/Auto2_HOL.html", "shortname": "Auto2_HOL", "title": "Auto2 Prover", "topic_links": [ "tools" ], "topics": [ "Tools" ], "used_by": 1 }, { "abstract": "\u003cp\u003eThis article defines the combinatorial structures known as \u003cem\u003eIndependence Systems\u003c/em\u003e and \u003cem\u003eMatroids\u003c/em\u003e and provides basic concepts and theorems related to them. These structures play an important role in combinatorial optimisation, e. g. greedy algorithms such as Kruskal's algorithm. The development is based on Oxley's \u003ca href=\"http://www.math.lsu.edu/~oxley/survey4.pdf\"\u003e`What is a Matroid?'\u003c/a\u003e.\u003c/p\u003e", "authors": [ "Jonas Keinholz" ], "date": "2018-11-16", "id": 261, "link": "/entries/Matroids.html", "permalink": "/entries/Matroids.html", "shortname": "Matroids", "title": "Matroids", "topic_links": [ "mathematics/combinatorics" ], "topics": [ "Mathematics/Combinatorics" ], "used_by": 1 }, { "abstract": "\u003cp\u003eWe provide a framework for automatically deriving instances for generic type classes. Our approach is inspired by Haskell's \u003ci\u003egeneric-deriving\u003c/i\u003e package and Scala's \u003ci\u003eshapeless\u003c/i\u003e library. In addition to generating the code for type class functions, we also attempt to automatically prove type class laws for these instances. As of now, however, some manual proofs are still required for recursive datatypes.\u003c/p\u003e \u003cp\u003eNote: There are already articles in the AFP that provide automatic instantiation for a number of classes. Concretely, \u003ca href=\"https://www.isa-afp.org/entries/Deriving.html\"\u003eDeriving\u003c/a\u003e allows the automatic instantiation of comparators, linear orders, equality, and hashing. \u003ca href=\"https://www.isa-afp.org/entries/Show.html\"\u003eShow\u003c/a\u003e instantiates a Haskell-style \u003ci\u003eshow\u003c/i\u003e class.\u003c/p\u003e\u003cp\u003eOur approach works for arbitrary classes (with some Isabelle/HOL overhead for each class), but a smaller set of datatypes.\u003c/p\u003e", "authors": [ "Jonas RĂ€dle", "Lars Hupel" ], "date": "2018-11-06", "id": 262, "link": "/entries/Generic_Deriving.html", "permalink": "/entries/Generic_Deriving.html", "shortname": "Generic_Deriving", "title": "Deriving generic class instances for datatypes", "topic_links": [ "computer-science/data-structures" ], "topics": [ "Computer science/Data structures" ], "used_by": 0 }, { "abstract": "An ambitious ethical theory ---Alan Gewirth's \"Principle of Generic Consistency\"--- is encoded and analysed in Isabelle/HOL. Gewirth's theory has stirred much attention in philosophy and ethics and has been proposed as a potential means to bound the impact of artificial general intelligence.", "authors": [ "David Fuenmayor", "Christoph BenzmĂŒller" ], "date": "2018-10-30", "id": 263, "link": "/entries/GewirthPGCProof.html", "permalink": "/entries/GewirthPGCProof.html", "shortname": "GewirthPGCProof", "title": "Formalisation and Evaluation of Alan Gewirth's Proof for the Principle of Generic Consistency in Isabelle/HOL", "topic_links": [ "logic/philosophical-aspects" ], "topics": [ "Logic/Philosophical aspects" ], "used_by": 0 }, { "abstract": "This work is a formalization of epistemic logic with countably many agents. It includes proofs of soundness and completeness for the axiom system K. The completeness proof is based on the textbook \"Reasoning About Knowledge\" by Fagin, Halpern, Moses and Vardi (MIT Press 1995). The extensions of system K (T, KB, K4, S4, S5) and their completeness proofs are based on the textbook \"Modal Logic\" by Blackburn, de Rijke and Venema (Cambridge University Press 2001). Papers: \u003ca href=\"https://doi.org/10.1007/978-3-030-88853-4_1\"\u003ehttps://doi.org/10.1007/978-3-030-88853-4_1\u003c/a\u003e, \u003ca href=\"https://doi.org/10.1007/978-3-030-90138-7_2\"\u003ehttps://doi.org/10.1007/978-3-030-90138-7_2\u003c/a\u003e.", "authors": [ "Asta HalkjĂŠr From" ], "date": "2018-10-29", "id": 264, "link": "/entries/Epistemic_Logic.html", "permalink": "/entries/Epistemic_Logic.html", "shortname": "Epistemic_Logic", "title": "Epistemic Logic: Completeness of Modal Logics", "topic_links": [ "logic/general-logic/logics-of-knowledge-and-belief" ], "topics": [ "Logic/General logic/Logics of knowledge and belief" ], "used_by": 2 }, { "abstract": "We formalize the definition and basic properties of smooth manifolds in Isabelle/HOL. Concepts covered include partition of unity, tangent and cotangent spaces, and the fundamental theorem of path integrals. We also examine some concrete manifolds such as spheres and projective spaces. The formalization makes extensive use of the analysis and linear algebra libraries in Isabelle/HOL, in particular its “types-to-sets” mechanism.", "authors": [ "Fabian Immler", "Bohua Zhan" ], "date": "2018-10-22", "id": 265, "link": "/entries/Smooth_Manifolds.html", "permalink": "/entries/Smooth_Manifolds.html", "shortname": "Smooth_Manifolds", "title": "Smooth Manifolds", "topic_links": [ "mathematics/analysis", "mathematics/topology" ], "topics": [ "Mathematics/Analysis", "Mathematics/Topology" ], "used_by": 0 }, { "abstract": "This Isabelle/HOL formalization defines the Embedding Path Order (EPO) for higher-order terms without lambda-abstraction and proves many useful properties about it. In contrast to the lambda-free recursive path orders, it does not fully coincide with RPO on first-order terms, but it is compatible with arbitrary higher-order contexts.", "authors": [ "Alexander Bentkamp" ], "date": "2018-10-19", "id": 266, "link": "/entries/Lambda_Free_EPO.html", "permalink": "/entries/Lambda_Free_EPO.html", "shortname": "Lambda_Free_EPO", "title": "Formalization of the Embedding Path Order for Lambda-Free Higher-Order Terms", "topic_links": [ "logic/rewriting" ], "topics": [ "Logic/Rewriting" ], "used_by": 0 }, { "abstract": "\u003cp\u003eThis work is a formalisation of the Randomised Binary Search Trees introduced by MartĂ­nez and Roura, including definitions and correctness proofs.\u003c/p\u003e \u003cp\u003eLike randomised treaps, they are a probabilistic data structure that behaves exactly as if elements were inserted into a non-balancing BST in random order. However, unlike treaps, they only use discrete probability distributions, but their use of randomness is more complicated.\u003c/p\u003e", "authors": [ "Manuel Eberl" ], "date": "2018-10-19", "id": 267, "link": "/entries/Randomised_BSTs.html", "permalink": "/entries/Randomised_BSTs.html", "shortname": "Randomised_BSTs", "title": "Randomised Binary Search Trees", "topic_links": [ "computer-science/data-structures" ], "topics": [ "Computer science/Data structures" ], "used_by": 0 }, { "abstract": "A completeness threshold is required to guarantee the completeness of planning as satisfiability, and bounded model checking of safety properties. One valid completeness threshold is the diameter of the underlying transition system. The diameter is the maximum element in the set of lengths of all shortest paths between pairs of states. The diameter is not calculated exactly in our setting, where the transition system is succinctly described using a (propositionally) factored representation. Rather, an upper bound on the diameter is calculated compositionally, by bounding the diameters of small abstract subsystems, and then composing those. We port a HOL4 formalisation of a compositional algorithm for computing a relatively tight upper bound on the system diameter. This compositional algorithm exploits acyclicity in the state space to achieve compositionality, and it was introduced by Abdulaziz et. al. The formalisation that we port is described as a part of another paper by Abdulaziz et. al. As a part of this porting we developed a libray about transition systems, which shall be of use in future related mechanisation efforts.", "authors": [ "Friedrich Kurz", "Mohammad Abdulaziz" ], "date": "2018-10-12", "id": 268, "link": "/entries/Factored_Transition_System_Bounding.html", "permalink": "/entries/Factored_Transition_System_Bounding.html", "shortname": "Factored_Transition_System_Bounding", "title": "Upper Bounding Diameters of State Spaces of Factored Transition Systems", "topic_links": [ "computer-science/automata-and-formal-languages", "mathematics/graph-theory" ], "topics": [ "Computer science/Automata and formal languages", "Mathematics/Graph theory" ], "used_by": 0 }, { "abstract": "\u003cp\u003eThis entry shows the transcendence of \u0026pi; based on the classic proof using the fundamental theorem of symmetric polynomials first given by von Lindemann in 1882, but the formalisation mostly follows the version by Niven. The proof reuses much of the machinery developed in the AFP entry on the transcendence of \u003cem\u003ee\u003c/em\u003e.\u003c/p\u003e", "authors": [ "Manuel Eberl" ], "date": "2018-09-28", "id": 269, "link": "/entries/Pi_Transcendental.html", "permalink": "/entries/Pi_Transcendental.html", "shortname": "Pi_Transcendental", "title": "The Transcendence of π", "topic_links": [ "mathematics/number-theory" ], "topics": [ "Mathematics/Number theory" ], "used_by": 1 }, { "abstract": "\u003cp\u003eA symmetric polynomial is a polynomial in variables \u003cem\u003eX\u003c/em\u003e\u003csub\u003e1\u003c/sub\u003e,\u0026hellip;,\u003cem\u003eX\u003c/em\u003e\u003csub\u003en\u003c/sub\u003e that does not discriminate between its variables, i.\u0026thinsp;e. it is invariant under any permutation of them. These polynomials are important in the study of the relationship between the coefficients of a univariate polynomial and its roots in its algebraic closure.\u003c/p\u003e \u003cp\u003eThis article provides a definition of symmetric polynomials and the elementary symmetric polynomials e\u003csub\u003e1\u003c/sub\u003e,\u0026hellip;,e\u003csub\u003en\u003c/sub\u003e and proofs of their basic properties, including three notable ones:\u003c/p\u003e \u003cul\u003e \u003cli\u003e Vieta's formula, which gives an explicit expression for the \u003cem\u003ek\u003c/em\u003e-th coefficient of a univariate monic polynomial in terms of its roots \u003cem\u003ex\u003c/em\u003e\u003csub\u003e1\u003c/sub\u003e,\u0026hellip;,\u003cem\u003ex\u003c/em\u003e\u003csub\u003en\u003c/sub\u003e, namely \u003cem\u003ec\u003c/em\u003e\u003csub\u003e\u003cem\u003ek\u003c/em\u003e\u003c/sub\u003e = (-1)\u003csup\u003e\u003cem\u003en\u003c/em\u003e-\u003cem\u003ek\u003c/em\u003e\u003c/sup\u003e\u0026thinsp;e\u003csub\u003e\u003cem\u003en\u003c/em\u003e-\u003cem\u003ek\u003c/em\u003e\u003c/sub\u003e(\u003cem\u003ex\u003c/em\u003e\u003csub\u003e1\u003c/sub\u003e,\u0026hellip;,\u003cem\u003ex\u003c/em\u003e\u003csub\u003en\u003c/sub\u003e).\u003c/li\u003e \u003cli\u003eSecond, the Fundamental Theorem of Symmetric Polynomials, which states that any symmetric polynomial is itself a uniquely determined polynomial combination of the elementary symmetric polynomials.\u003c/li\u003e \u003cli\u003eThird, as a corollary of the previous two, that given a polynomial over some ring \u003cem\u003eR\u003c/em\u003e, any symmetric polynomial combination of its roots is also in \u003cem\u003eR\u003c/em\u003e even when the roots are not. \u003c/ul\u003e \u003cp\u003e Both the symmetry property itself and the witness for the Fundamental Theorem are executable. \u003c/p\u003e", "authors": [ "Manuel Eberl" ], "date": "2018-09-25", "id": 270, "link": "/entries/Symmetric_Polynomials.html", "permalink": "/entries/Symmetric_Polynomials.html", "shortname": "Symmetric_Polynomials", "title": "Symmetric Polynomials", "topic_links": [ "mathematics/algebra" ], "topics": [ "Mathematics/Algebra" ], "used_by": 2 }, { "abstract": "\u003cp\u003eThis article formalizes signature-based algorithms for computing Gr\u0026ouml;bner bases. Such algorithms are, in general, superior to other algorithms in terms of efficiency, and have not been formalized in any proof assistant so far. The present development is both generic, in the sense that most known variants of signature-based algorithms are covered by it, and effectively executable on concrete input thanks to Isabelle's code generator. Sample computations of benchmark problems show that the verified implementation of signature-based algorithms indeed outperforms the existing implementation of Buchberger's algorithm in Isabelle/HOL.\u003c/p\u003e \u003cp\u003eBesides total correctness of the algorithms, the article also proves that under certain conditions they a-priori detect and avoid all useless zero-reductions, and always return 'minimal' (in some sense) Gr\u0026ouml;bner bases if an input parameter is chosen in the right way.\u003c/p\u003e\u003cp\u003eThe formalization follows the recent survey article by Eder and Faug\u0026egrave;re.\u003c/p\u003e", "authors": [ "Alexander Maletzky" ], "date": "2018-09-20", "id": 271, "link": "/entries/Signature_Groebner.html", "permalink": "/entries/Signature_Groebner.html", "shortname": "Signature_Groebner", "title": "Signature-Based Gröbner Basis Algorithms", "topic_links": [ "mathematics/algebra", "computer-science/algorithms/mathematical" ], "topics": [ "Mathematics/Algebra", "Computer science/Algorithms/Mathematical" ], "used_by": 0 }, { "abstract": "\u003cp\u003eThis article provides a short proof of the Prime Number Theorem in several equivalent forms, most notably \u0026pi;(\u003cem\u003ex\u003c/em\u003e) ~ \u003cem\u003ex\u003c/em\u003e/ln \u003cem\u003ex\u003c/em\u003e where \u0026pi;(\u003cem\u003ex\u003c/em\u003e) is the number of primes no larger than \u003cem\u003ex\u003c/em\u003e. It also defines other basic number-theoretic functions related to primes like Chebyshev's functions \u0026thetasym; and \u0026psi; and the \u0026ldquo;\u003cem\u003en\u003c/em\u003e-th prime number\u0026rdquo; function p\u003csub\u003e\u003cem\u003en\u003c/em\u003e\u003c/sub\u003e. We also show various bounds and relationship between these functions are shown. Lastly, we derive Mertens' First and Second Theorem, i.\u0026thinsp;e. \u0026sum;\u003csub\u003e\u003cem\u003ep\u003c/em\u003e\u0026le;\u003cem\u003ex\u003c/em\u003e\u003c/sub\u003e ln \u003cem\u003ep\u003c/em\u003e/\u003cem\u003ep\u003c/em\u003e = ln \u003cem\u003ex\u003c/em\u003e + \u003cem\u003eO\u003c/em\u003e(1) and \u0026sum;\u003csub\u003e\u003cem\u003ep\u003c/em\u003e\u0026le;\u003cem\u003ex\u003c/em\u003e\u003c/sub\u003e 1/\u003cem\u003ep\u003c/em\u003e = ln ln \u003cem\u003ex\u003c/em\u003e + M + \u003cem\u003eO\u003c/em\u003e(1/ln \u003cem\u003ex\u003c/em\u003e). We also give explicit bounds for the remainder terms.\u003c/p\u003e \u003cp\u003eThe proof of the Prime Number Theorem builds on a library of Dirichlet series and analytic combinatorics. We essentially follow the presentation by Newman. The core part of the proof is a Tauberian theorem for Dirichlet series, which is proven using complex analysis and then used to strengthen Mertens' First Theorem to \u0026sum;\u003csub\u003e\u003cem\u003ep\u003c/em\u003e\u0026le;\u003cem\u003ex\u003c/em\u003e\u003c/sub\u003e ln \u003cem\u003ep\u003c/em\u003e/\u003cem\u003ep\u003c/em\u003e = ln \u003cem\u003ex\u003c/em\u003e + c + \u003cem\u003eo\u003c/em\u003e(1).\u003c/p\u003e \u003cp\u003eA variant of this proof has been formalised before by Harrison in HOL Light, and formalisations of Selberg's elementary proof exist both by Avigad \u003cem\u003eet al.\u003c/em\u003e in Isabelle and by Carneiro in Metamath. The advantage of the analytic proof is that, while it requires more powerful mathematical tools, it is considerably shorter and clearer. This article attempts to provide a short and clear formalisation of all components of that proof using the full range of mathematical machinery available in Isabelle, staying as close as possible to Newman's simple paper proof.\u003c/p\u003e", "authors": [ "Manuel Eberl", "Lawrence C. Paulson" ], "date": "2018-09-19", "id": 272, "link": "/entries/Prime_Number_Theorem.html", "permalink": "/entries/Prime_Number_Theorem.html", "shortname": "Prime_Number_Theorem", "title": "The Prime Number Theorem", "topic_links": [ "mathematics/number-theory" ], "topics": [ "Mathematics/Number theory" ], "used_by": 4 }, { "abstract": "We develop algebras for aggregation and minimisation for weight matrices and for edge weights in graphs. We verify the correctness of Prim's and Kruskal's minimum spanning tree algorithms based on these algebras. We also show numerous instances of these algebras based on linearly ordered commutative semigroups.", "authors": [ "Walter Guttmann" ], "date": "2018-09-15", "id": 273, "link": "/entries/Aggregation_Algebras.html", "permalink": "/entries/Aggregation_Algebras.html", "shortname": "Aggregation_Algebras", "title": "Aggregation Algebras", "topic_links": [ "mathematics/algebra" ], "topics": [ "Mathematics/Algebra" ], "used_by": 1 }, { "abstract": "We develop the basic theory of Octonions, including various identities and properties of the octonions and of the octonionic product, a description of 7D isometries and representations of orthogonal transformations. To this end we first develop the theory of the vector cross product in 7 dimensions. The development of the theory of Octonions is inspired by that of the theory of Quaternions by Lawrence Paulson. However, we do not work within the type class real_algebra_1 because the octonionic product is not associative.", "authors": [ "Angeliki Koutsoukou-Argyraki" ], "date": "2018-09-14", "id": 274, "link": "/entries/Octonions.html", "permalink": "/entries/Octonions.html", "shortname": "Octonions", "title": "Octonions", "topic_links": [ "mathematics/algebra", "mathematics/geometry" ], "topics": [ "Mathematics/Algebra", "Mathematics/Geometry" ], "used_by": 0 }, { "abstract": "This theory is inspired by the HOL Light development of quaternions, but follows its own route. Quaternions are developed coinductively, as in the existing formalisation of the complex numbers. Quaternions are quickly shown to belong to the type classes of real normed division algebras and real inner product spaces. And therefore they inherit a great body of facts involving algebraic laws, limits, continuity, etc., which must be proved explicitly in the HOL Light version. The development concludes with the geometric interpretation of the product of imaginary quaternions.", "authors": [ "Lawrence C. Paulson" ], "date": "2018-09-05", "id": 275, "link": "/entries/Quaternions.html", "permalink": "/entries/Quaternions.html", "shortname": "Quaternions", "title": "Quaternions", "topic_links": [ "mathematics/algebra", "mathematics/geometry" ], "topics": [ "Mathematics/Algebra", "Mathematics/Geometry" ], "used_by": 0 }, { "abstract": "This entry is mainly about counting and approximating real roots (of a polynomial) with multiplicity. We have first formalised the Budan-Fourier theorem: given a polynomial with real coefficients, we can calculate sign variations on Fourier sequences to over-approximate the number of real roots (counting multiplicity) within an interval. When all roots are known to be real, the over-approximation becomes tight: we can utilise this theorem to count real roots exactly. It is also worth noting that Descartes' rule of sign is a direct consequence of the Budan-Fourier theorem, and has been included in this entry. In addition, we have extended previous formalised Sturm's theorem to count real roots with multiplicity, while the original Sturm's theorem only counts distinct real roots. Compared to the Budan-Fourier theorem, our extended Sturm's theorem always counts roots exactly but may suffer from greater computational cost.", "authors": [ "Wenda Li" ], "date": "2018-09-02", "id": 276, "link": "/entries/Budan_Fourier.html", "permalink": "/entries/Budan_Fourier.html", "shortname": "Budan_Fourier", "title": "The Budan-Fourier Theorem and Counting Real Roots with Multiplicity", "topic_links": [ "mathematics/analysis" ], "topics": [ "Mathematics/Analysis" ], "used_by": 2 }, { "abstract": "We present an Isabelle/HOL formalization and total correctness proof for the incremental version of the Simplex algorithm which is used in most state-of-the-art SMT solvers. It supports extraction of satisfying assignments, extraction of minimal unsatisfiable cores, incremental assertion of constraints and backtracking. The formalization relies on stepwise program refinement, starting from a simple specification, going through a number of refinement steps, and ending up in a fully executable functional implementation. Symmetries present in the algorithm are handled with special care.", "authors": [ "Filip Marić", "Mirko Spasić", "RenĂ© Thiemann" ], "date": "2018-08-24", "id": 277, "link": "/entries/Simplex.html", "permalink": "/entries/Simplex.html", "shortname": "Simplex", "title": "An Incremental Simplex Algorithm with Unsatisfiable Core Generation", "topic_links": [ "computer-science/algorithms/optimization" ], "topics": [ "Computer science/Algorithms/Optimization" ], "used_by": 1 }, { "abstract": "\u003cp\u003e We formalize undecidablity results for Minsky machines. To this end, we also formalize recursive inseparability. \u003c/p\u003e\u003cp\u003e We start by proving that Minsky machines can compute arbitrary primitive recursive and recursive functions. We then show that there is a deterministic Minsky machine with one argument and two final states such that the set of inputs that are accepted in one state is recursively inseparable from the set of inputs that are accepted in the other state. \u003c/p\u003e\u003cp\u003e As a corollary, the set of Minsky configurations that reach the first state but not the second recursively inseparable from the set of Minsky configurations that reach the second state but not the first. In particular both these sets are undecidable. \u003c/p\u003e\u003cp\u003e We do \u003cem\u003enot\u003c/em\u003e prove that recursive functions can simulate Minsky machines. \u003c/p\u003e", "authors": [ "Bertram Felgenhauer" ], "date": "2018-08-14", "id": 278, "link": "/entries/Minsky_Machines.html", "permalink": "/entries/Minsky_Machines.html", "shortname": "Minsky_Machines", "title": "Minsky Machines", "topic_links": [ "logic/computability" ], "topics": [ "Logic/Computability" ], "used_by": 0 }, { "abstract": "We have formalized the computation of fair prices for derivative products in discrete financial models. As an application, we derive a way to compute fair prices of derivative products in the Cox-Ross-Rubinstein model of a financial market, thus completing the work that was presented in this \u003ca href=\"https://hal.archives-ouvertes.fr/hal-01562944\"\u003epaper\u003c/a\u003e.", "authors": [ "Mnacho Echenim" ], "date": "2018-07-16", "id": 279, "link": "/entries/DiscretePricing.html", "permalink": "/entries/DiscretePricing.html", "shortname": "DiscretePricing", "title": "Pricing in discrete financial models", "topic_links": [ "mathematics/probability-theory", "mathematics/games-and-economics" ], "topics": [ "Mathematics/Probability theory", "Mathematics/Games and economics" ], "used_by": 0 }, { "abstract": "Utility functions form an essential part of game theory and economics. In order to guarantee the existence of utility functions most of the time sufficient properties are assumed in an axiomatic manner. One famous and very common set of such assumptions is that of expected utility theory. Here, the rationality, continuity, and independence of preferences is assumed. The von-Neumann-Morgenstern Utility theorem shows that these assumptions are necessary and sufficient for an expected utility function to exists. This theorem was proven by Neumann and Morgenstern in ``Theory of Games and Economic Behavior'' which is regarded as one of the most influential works in game theory. The formalization includes formal definitions of the underlying concepts including continuity and independence of preferences.", "authors": [ "Julian Parsert", "Cezary Kaliszyk" ], "date": "2018-07-04", "id": 280, "link": "/entries/Neumann_Morgenstern_Utility.html", "permalink": "/entries/Neumann_Morgenstern_Utility.html", "shortname": "Neumann_Morgenstern_Utility", "title": "Von-Neumann-Morgenstern Utility Theorem", "topic_links": [ "mathematics/games-and-economics" ], "topics": [ "Mathematics/Games and economics" ], "used_by": 0 }, { "abstract": "\u003cp\u003e This article gives the basic theory of Pell's equation \u003cem\u003ex\u003c/em\u003e\u003csup\u003e2\u003c/sup\u003e = 1 + \u003cem\u003eD\u003c/em\u003e\u0026thinsp;\u003cem\u003ey\u003c/em\u003e\u003csup\u003e2\u003c/sup\u003e, where \u003cem\u003eD\u003c/em\u003e\u0026thinsp;\u0026isin;\u0026thinsp;\u0026#8469; is a parameter and \u003cem\u003ex\u003c/em\u003e, \u003cem\u003ey\u003c/em\u003e are integer variables. \u003c/p\u003e \u003cp\u003e The main result that is proven is the following: If \u003cem\u003eD\u003c/em\u003e is not a perfect square, then there exists a \u003cem\u003efundamental solution\u003c/em\u003e (\u003cem\u003ex\u003c/em\u003e\u003csub\u003e0\u003c/sub\u003e, \u003cem\u003ey\u003c/em\u003e\u003csub\u003e0\u003c/sub\u003e) that is not the trivial solution (1, 0) and which generates all other solutions (\u003cem\u003ex\u003c/em\u003e, \u003cem\u003ey\u003c/em\u003e) in the sense that there exists some \u003cem\u003en\u003c/em\u003e\u0026thinsp;\u0026isin;\u0026thinsp;\u0026#8469; such that |\u003cem\u003ex\u003c/em\u003e| + |\u003cem\u003ey\u003c/em\u003e|\u0026thinsp;\u0026radic;\u003cspan style=\"text-decoration: overline\"\u003e\u003cem\u003eD\u003c/em\u003e\u003c/span\u003e = (\u003cem\u003ex\u003c/em\u003e\u003csub\u003e0\u003c/sub\u003e + \u003cem\u003ey\u003c/em\u003e\u003csub\u003e0\u003c/sub\u003e\u0026thinsp;\u0026radic;\u003cspan style=\"text-decoration: overline\"\u003e\u003cem\u003eD\u003c/em\u003e\u003c/span\u003e)\u003csup\u003e\u003cem\u003en\u003c/em\u003e\u003c/sup\u003e. This also implies that the set of solutions is infinite, and it gives us an explicit and executable characterisation of all the solutions. \u003c/p\u003e \u003cp\u003e Based on this, simple executable algorithms for computing the fundamental solution and the infinite sequence of all non-negative solutions are also provided. \u003c/p\u003e", "authors": [ "Manuel Eberl" ], "date": "2018-06-23", "id": 281, "link": "/entries/Pell.html", "permalink": "/entries/Pell.html", "shortname": "Pell", "title": "Pell's Equation", "topic_links": [ "mathematics/number-theory" ], "topics": [ "Mathematics/Number theory" ], "used_by": 1 }, { "abstract": "We formalize the basics of projective geometry. In particular, we give a proof of the so-called Hessenberg's theorem in projective plane geometry. We also provide a proof of the so-called Desargues's theorem based on an axiomatization of (higher) projective space geometry using the notion of rank of a matroid. This last approach allows to handle incidence relations in an homogeneous way dealing only with points and without the need of talking explicitly about lines, planes or any higher entity.", "authors": [ "Anthony Bordg" ], "date": "2018-06-14", "id": 282, "link": "/entries/Projective_Geometry.html", "permalink": "/entries/Projective_Geometry.html", "shortname": "Projective_Geometry", "title": "Projective Geometry", "topic_links": [ "mathematics/geometry" ], "topics": [ "Mathematics/Geometry" ], "used_by": 0 }, { "abstract": "We formalize the localization of a commutative ring R with respect to a multiplicative subset (i.e. a submonoid of R seen as a multiplicative monoid). This localization is itself a commutative ring and we build the natural homomorphism of rings from R to its localization.", "authors": [ "Anthony Bordg" ], "date": "2018-06-14", "id": 283, "link": "/entries/Localization_Ring.html", "permalink": "/entries/Localization_Ring.html", "shortname": "Localization_Ring", "title": "The Localization of a Commutative Ring", "topic_links": [ "mathematics/algebra" ], "topics": [ "Mathematics/Algebra" ], "used_by": 1 }, { "abstract": "This entry provides a formalization of the abstract theory of ample set partial order reduction. The formalization includes transition systems with actions, trace theory, as well as basics on finite, infinite, and lazy sequences. We also provide a basic framework for static analysis on concurrent systems with respect to the ample set condition.", "authors": [ "Julian Brunner" ], "date": "2018-06-05", "id": 284, "link": "/entries/Partial_Order_Reduction.html", "permalink": "/entries/Partial_Order_Reduction.html", "shortname": "Partial_Order_Reduction", "title": "Partial Order Reduction", "topic_links": [ "computer-science/automata-and-formal-languages" ], "topics": [ "Computer science/Automata and formal languages" ], "used_by": 1 }, { "abstract": "This article formalizes recursive algorithms for the construction of optimal binary search trees given fixed access frequencies. We follow Knuth (1971), Yao (1980) and Mehlhorn (1984). The algorithms are memoized with the help of the AFP article \u003ca href=\"Monad_Memo_DP.html\"\u003eMonadification, Memoization and Dynamic Programming\u003c/a\u003e, thus yielding dynamic programming algorithms.", "authors": [ "Tobias Nipkow", "DĂĄniel Somogyi" ], "date": "2018-05-27", "id": 285, "link": "/entries/Optimal_BST.html", "permalink": "/entries/Optimal_BST.html", "shortname": "Optimal_BST", "title": "Optimal Binary Search Trees", "topic_links": [ "computer-science/algorithms", "computer-science/data-structures" ], "topics": [ "Computer science/Algorithms", "Computer science/Data structures" ], "used_by": 0 }, { "abstract": "This entry contains a formalization of hidden Markov models [3] based on Johannes Hölzl's formalization of discrete time Markov chains [1]. The basic definitions are provided and the correctness of two main (dynamic programming) algorithms for hidden Markov models is proved: the forward algorithm for computing the likelihood of an observed sequence, and the Viterbi algorithm for decoding the most probable hidden state sequence. The Viterbi algorithm is made executable including memoization. Hidden markov models have various applications in natural language processing. For an introduction see Jurafsky and Martin [2].", "authors": [ "Simon Wimmer" ], "date": "2018-05-25", "id": 286, "link": "/entries/Hidden_Markov_Models.html", "permalink": "/entries/Hidden_Markov_Models.html", "shortname": "Hidden_Markov_Models", "title": "Hidden Markov Models", "topic_links": [ "mathematics/probability-theory", "computer-science/algorithms" ], "topics": [ "Mathematics/Probability theory", "Computer science/Algorithms" ], "used_by": 0 }, { "abstract": "We present a formalization of probabilistic timed automata (PTA) for which we try to follow the formula MDP + TA = PTA as far as possible: our work starts from our existing formalizations of Markov decision processes (MDP) and timed automata (TA) and combines them modularly. We prove the fundamental result for probabilistic timed automata: the region construction that is known from timed automata carries over to the probabilistic setting. In particular, this allows us to prove that minimum and maximum reachability probabilities can be computed via a reduction to MDP model checking, including the case where one wants to disregard unrealizable behavior. Further information can be found in our ITP paper [2].", "authors": [ "Simon Wimmer", "Johannes Hölzl" ], "date": "2018-05-24", "id": 287, "link": "/entries/Probabilistic_Timed_Automata.html", "permalink": "/entries/Probabilistic_Timed_Automata.html", "shortname": "Probabilistic_Timed_Automata", "title": "Probabilistic Timed Automata", "topic_links": [ "mathematics/probability-theory", "computer-science/automata-and-formal-languages" ], "topics": [ "Mathematics/Probability theory", "Computer science/Automata and formal languages" ], "used_by": 0 }, { "abstract": "This document provides a concise overview on the core results of our previous work on the exploration of axioms systems for category theory. Extending the previous studies (http://arxiv.org/abs/1609.01493) we include one further axiomatic theory in our experiments. This additional theory has been suggested by Mac Lane in 1948. We show that the axioms proposed by Mac Lane are equivalent to the ones we studied before, which includes an axioms set suggested by Scott in the 1970s and another axioms set proposed by Freyd and Scedrov in 1990, which we slightly modified to remedy a minor technical issue.", "authors": [ "Christoph BenzmĂŒller", "Dana Scott" ], "date": "2018-05-23", "id": 288, "link": "/entries/AxiomaticCategoryTheory.html", "permalink": "/entries/AxiomaticCategoryTheory.html", "shortname": "AxiomaticCategoryTheory", "title": "Axiom Systems for Category Theory in Free Logic", "topic_links": [ "mathematics/category-theory" ], "topics": [ "Mathematics/Category theory" ], "used_by": 0 }, { "abstract": "We formalize with Isabelle/HOL a proof of a theorem by J. Hancl asserting the irrationality of the sum of a series consisting of rational numbers, built up by sequences that fulfill certain properties. Even though the criterion is a number theoretic result, the proof makes use only of analytical arguments. We also formalize a corollary of the theorem for a specific series fulfilling the assumptions of the theorem.", "authors": [ "Angeliki Koutsoukou-Argyraki", "Wenda Li" ], "date": "2018-05-23", "id": 289, "link": "/entries/Irrationality_J_Hancl.html", "permalink": "/entries/Irrationality_J_Hancl.html", "shortname": "Irrationality_J_Hancl", "title": "Irrational Rapidly Convergent Series", "topic_links": [ "mathematics/number-theory", "mathematics/analysis" ], "topics": [ "Mathematics/Number theory", "Mathematics/Analysis" ], "used_by": 0 }, { "abstract": "We present a lightweight framework for the automatic verified (functional or imperative) memoization of recursive functions. Our tool can turn a pure Isabelle/HOL function definition into a monadified version in a state monad or the Imperative HOL heap monad, and prove a correspondence theorem. We provide a variety of memory implementations for the two types of monads. A number of simple techniques allow us to achieve bottom-up computation and space-efficient memoization. The framework’s utility is demonstrated on a number of representative dynamic programming problems. A detailed description of our work can be found in the accompanying paper [2].", "authors": [ "Simon Wimmer", "Shuwei Hu", "Tobias Nipkow" ], "date": "2018-05-22", "id": 290, "link": "/entries/Monad_Memo_DP.html", "permalink": "/entries/Monad_Memo_DP.html", "shortname": "Monad_Memo_DP", "title": "Monadification, Memoization and Dynamic Programming", "topic_links": [ "computer-science/algorithms", "computer-science/functional-programming" ], "topics": [ "Computer science/Algorithms", "Computer science/Functional programming" ], "used_by": 2 }, { "abstract": "We introduce OpSets, an executable framework for specifying and reasoning about the semantics of replicated datatypes that provide eventual consistency in a distributed system, and for mechanically verifying algorithms that implement these datatypes. Our approach is simple but expressive, allowing us to succinctly specify a variety of abstract datatypes, including maps, sets, lists, text, graphs, trees, and registers. Our datatypes are also composable, enabling the construction of complex data structures. To demonstrate the utility of OpSets for analysing replication algorithms, we highlight an important correctness property for collaborative text editing that has traditionally been overlooked; algorithms that do not satisfy this property can exhibit awkward interleaving of text. We use OpSets to specify this correctness property and prove that although one existing replication algorithm satisfies this property, several other published algorithms do not.", "authors": [ "Martin Kleppmann", "Victor B. F. Gomes", "Dominic P. Mulligan", "Alastair R. Beresford" ], "date": "2018-05-10", "id": 291, "link": "/entries/OpSets.html", "permalink": "/entries/OpSets.html", "shortname": "OpSets", "title": "OpSets: Sequential Specifications for Replicated Datatypes", "topic_links": [ "computer-science/algorithms/distributed", "computer-science/data-structures" ], "topics": [ "Computer science/Algorithms/Distributed", "Computer science/Data structures" ], "used_by": 0 }, { "abstract": "The \"Modular Assembly Kit for Security Properties\" (MAKS) is a framework for both the definition and verification of possibilistic information-flow security properties at the specification-level. MAKS supports the uniform representation of a wide range of possibilistic information-flow properties and provides support for the verification of such properties via unwinding results and compositionality results. We provide a formalization of this framework in Isabelle/HOL.", "authors": [ "Oliver Bračevac", "Richard Gay", "Sylvia Grewe", "Heiko Mantel", "Henning Sudbrock", "Markus Tasch" ], "date": "2018-05-07", "id": 292, "link": "/entries/Modular_Assembly_Kit_Security.html", "permalink": "/entries/Modular_Assembly_Kit_Security.html", "shortname": "Modular_Assembly_Kit_Security", "title": "An Isabelle/HOL Formalization of the Modular Assembly Kit for Security Properties", "topic_links": [ "computer-science/security" ], "topics": [ "Computer science/Security" ], "used_by": 0 }, { "abstract": "This is a mechanised specification of the WebAssembly language, drawn mainly from the previously published paper formalisation of Haas et al. Also included is a full proof of soundness of the type system, together with a verified type checker and interpreter. We include only a partial procedure for the extraction of the type checker and interpreter here. For more details, please see our paper in CPP 2018.", "authors": [ "Conrad Watt" ], "date": "2018-04-29", "id": 293, "link": "/entries/WebAssembly.html", "permalink": "/entries/WebAssembly.html", "shortname": "WebAssembly", "title": "WebAssembly", "topic_links": [ "computer-science/programming-languages/language-definitions" ], "topics": [ "Computer science/Programming languages/Language definitions" ], "used_by": 0 }, { "abstract": "\u003ca href=\"http://www.pm.inf.ethz.ch/research/verifythis.html\"\u003eVerifyThis 2018\u003c/a\u003e was a program verification competition associated with ETAPS 2018. It was the 7th event in the VerifyThis competition series. In this entry, we present polished and completed versions of our solutions that we created during the competition.", "authors": [ "Peter Lammich", "Simon Wimmer" ], "date": "2018-04-27", "id": 294, "link": "/entries/VerifyThis2018.html", "permalink": "/entries/VerifyThis2018.html", "shortname": "VerifyThis2018", "title": "VerifyThis 2018 - Polished Isabelle Solutions", "topic_links": [ "computer-science/algorithms" ], "topics": [ "Computer science/Algorithms" ], "used_by": 0 }, { "abstract": "Bounded natural functors (BNFs) provide a modular framework for the construction of (co)datatypes in higher-order logic. Their functorial operations, the mapper and relator, are restricted to a subset of the parameters, namely those where recursion can take place. For certain applications, such as free theorems, data refinement, quotients, and generalised rewriting, it is desirable that these operations do not ignore the other parameters. In this article, we formalise the generalisation BNF\u003csub\u003eCC\u003c/sub\u003e that extends the mapper and relator to covariant and contravariant parameters. We show that \u003col\u003e \u003cli\u003e BNF\u003csub\u003eCC\u003c/sub\u003es are closed under functor composition and least and greatest fixpoints,\u003c/li\u003e \u003cli\u003e subtypes inherit the BNF\u003csub\u003eCC\u003c/sub\u003e structure under conditions that generalise those for the BNF case, and\u003c/li\u003e \u003cli\u003e BNF\u003csub\u003eCC\u003c/sub\u003es preserve quotients under mild conditions.\u003c/li\u003e \u003c/ol\u003e These proofs are carried out for abstract BNF\u003csub\u003eCC\u003c/sub\u003es similar to the AFP entry BNF Operations. In addition, we apply the BNF\u003csub\u003eCC\u003c/sub\u003e theory to several concrete functors.", "authors": [ "Andreas Lochbihler", "Joshua Schneider" ], "date": "2018-04-24", "id": 295, "link": "/entries/BNF_CC.html", "permalink": "/entries/BNF_CC.html", "shortname": "BNF_CC", "title": "Bounded Natural Functors with Covariance and Contravariance", "topic_links": [ "computer-science/functional-programming", "tools" ], "topics": [ "Computer science/Functional programming", "Tools" ], "used_by": 0 }, { "abstract": "\u003cp\u003eThis formalisation contains the proof that there is no anonymous Social Choice Function for at least three agents and alternatives that fulfils both Pareto-Efficiency and Fishburn-Strategyproofness. It was derived from a proof of \u003ca href=\"http://dss.in.tum.de/files/brandt-research/stratset.pdf\"\u003eBrandt \u003cem\u003eet al.\u003c/em\u003e\u003c/a\u003e, which relies on an unverified translation of a fixed finite instance of the original problem to SAT. This Isabelle proof contains a machine-checked version of both the statement for exactly three agents and alternatives and the lifting to the general case.\u003c/p\u003e", "authors": [ "Felix Brandt", "Manuel Eberl", "Christian Saile", "Christian Stricker" ], "date": "2018-03-22", "id": 296, "link": "/entries/Fishburn_Impossibility.html", "permalink": "/entries/Fishburn_Impossibility.html", "shortname": "Fishburn_Impossibility", "title": "The Incompatibility of Fishburn-Strategyproofness and Pareto-Efficiency", "topic_links": [ "mathematics/games-and-economics" ], "topics": [ "Mathematics/Games and economics" ], "used_by": 0 }, { "abstract": "This theory provides a verified implementation of weight-balanced trees following the work of \u003ca href=\"https://doi.org/10.1017/S0956796811000104\"\u003eHirai and Yamamoto\u003c/a\u003e who proved that all parameters in a certain range are valid, i.e. guarantee that insertion and deletion preserve weight-balance. Instead of a general theorem we provide parameterized proofs of preservation of the invariant that work for many (all?) valid parameters.", "authors": [ "Tobias Nipkow", "Stefan Dirix" ], "date": "2018-03-13", "id": 297, "link": "/entries/Weight_Balanced_Trees.html", "permalink": "/entries/Weight_Balanced_Trees.html", "shortname": "Weight_Balanced_Trees", "title": "Weight-Balanced Trees", "topic_links": [ "computer-science/data-structures" ], "topics": [ "Computer science/Data structures" ], "used_by": 0 }, { "abstract": "CakeML is a functional programming language with a proven-correct compiler and runtime system. This entry contains an unofficial version of the CakeML semantics that has been exported from the Lem specifications to Isabelle. Additionally, there are some hand-written theory files that adapt the exported code to Isabelle and port proofs from the HOL4 formalization, e.g. termination and equivalence proofs.", "authors": [ "Lars Hupel", "Yu Zhang" ], "date": "2018-03-12", "id": 298, "link": "/entries/CakeML.html", "permalink": "/entries/CakeML.html", "shortname": "CakeML", "title": "CakeML", "topic_links": [ "computer-science/programming-languages/language-definitions" ], "topics": [ "Computer science/Programming languages/Language definitions" ], "used_by": 1 }, { "abstract": "The following document formalizes and verifies several architectural design patterns. Each pattern specification is formalized in terms of a locale where the locale assumptions correspond to the assumptions which a pattern poses on an architecture. Thus, pattern specifications may build on top of each other by interpreting the corresponding locale. A pattern is verified using the framework provided by the AFP entry Dynamic Architectures. Currently, the document consists of formalizations of 4 different patterns: the singleton, the publisher subscriber, the blackboard pattern, and the blockchain pattern. Thereby, the publisher component of the publisher subscriber pattern is modeled as an instance of the singleton pattern and the blackboard pattern is modeled as an instance of the publisher subscriber pattern. In general, this entry provides the first steps towards an overall theory of architectural design patterns.", "authors": [ "Diego Marmsoler" ], "date": "2018-03-01", "id": 299, "link": "/entries/Architectural_Design_Patterns.html", "permalink": "/entries/Architectural_Design_Patterns.html", "shortname": "Architectural_Design_Patterns", "title": "A Theory of Architectural Design Patterns", "topic_links": [ "computer-science/system-description-languages" ], "topics": [ "Computer science/System description languages" ], "used_by": 0 }, { "abstract": "We study three different Hoare logics for reasoning about time bounds of imperative programs and formalize them in Isabelle/HOL: a classical Hoare like logic due to Nielson, a logic with potentials due to Carbonneaux \u003ci\u003eet al.\u003c/i\u003e and a \u003ci\u003eseparation logic\u003c/i\u003e following work by Atkey, ChaguĂ©rand and Pottier. These logics are formally shown to be sound and complete. Verification condition generators are developed and are shown sound and complete too. We also consider variants of the systems where we abstract from multiplicative constants in the running time bounds, thus supporting a big-O style of reasoning. Finally we compare the expressive power of the three systems.", "authors": [ "Maximilian P. L. Haslbeck", "Tobias Nipkow" ], "date": "2018-02-26", "id": 300, "link": "/entries/Hoare_Time.html", "permalink": "/entries/Hoare_Time.html", "shortname": "Hoare_Time", "title": "Hoare Logics for Time Bounds", "topic_links": [ "computer-science/programming-languages/logics" ], "topics": [ "Computer science/Programming languages/Logics" ], "used_by": 0 }, { "abstract": "Short vectors in lattices and factors of integer polynomials are related. Each factor of an integer polynomial belongs to a certain lattice. When factoring polynomials, the condition that we are looking for an irreducible polynomial means that we must look for a small element in a lattice, which can be done by a basis reduction algorithm. In this development we formalize this connection and thereby one main application of the LLL basis reduction algorithm: an algorithm to factor square-free integer polynomials which runs in polynomial time. The work is based on our previous Berlekamp–Zassenhaus development, where the exponential reconstruction phase has been replaced by the polynomial-time basis reduction algorithm. Thanks to this formalization we found a serious flaw in a textbook.", "authors": [ "Jose DivasĂłn", "Sebastiaan J. C. Joosten", "RenĂ© Thiemann", "Akihisa Yamada" ], "date": "2018-02-06", "id": 301, "link": "/entries/LLL_Factorization.html", "permalink": "/entries/LLL_Factorization.html", "shortname": "LLL_Factorization", "title": "A verified factorization algorithm for integer polynomials with polynomial complexity", "topic_links": [ "mathematics/algebra" ], "topics": [ "Mathematics/Algebra" ], "used_by": 0 }, { "abstract": "We formalize basic results on first-order terms, including matching and a first-order unification algorithm, as well as well-foundedness of the subsumption order. This entry is part of the \u003ci\u003eIsabelle Formalization of Rewriting\u003c/i\u003e \u003ca href=\"http://cl-informatik.uibk.ac.at/isafor\"\u003eIsaFoR\u003c/a\u003e, where first-order terms are omni-present: the unification algorithm is used to certify several confluence and termination techniques, like critical-pair computation and dependency graph approximations; and the subsumption order is a crucial ingredient for completion.", "authors": [ "Christian Sternagel", "RenĂ© Thiemann" ], "date": "2018-02-06", "id": 302, "link": "/entries/First_Order_Terms.html", "permalink": "/entries/First_Order_Terms.html", "shortname": "First_Order_Terms", "title": "First-Order Terms", "topic_links": [ "logic/rewriting", "computer-science/algorithms" ], "topics": [ "Logic/Rewriting", "Computer science/Algorithms" ], "used_by": 5 }, { "abstract": "\u003cp\u003e This entry provides the definitions and basic properties of the complex and real error function erf and the complementary error function erfc. Additionally, it gives their full asymptotic expansions. \u003c/p\u003e", "authors": [ "Manuel Eberl" ], "date": "2018-02-06", "id": 303, "link": "/entries/Error_Function.html", "permalink": "/entries/Error_Function.html", "shortname": "Error_Function", "title": "The Error Function", "topic_links": [ "mathematics/analysis" ], "topics": [ "Mathematics/Analysis" ], "used_by": 0 }, { "abstract": "\u003cp\u003e A Treap is a binary tree whose nodes contain pairs consisting of some payload and an associated priority. It must have the search-tree property w.r.t. the payloads and the heap property w.r.t. the priorities. Treaps are an interesting data structure that is related to binary search trees (BSTs) in the following way: if one forgets all the priorities of a treap, the resulting BST is exactly the same as if one had inserted the elements into an empty BST in order of ascending priority. This means that a treap behaves like a BST where we can pretend the elements were inserted in a different order from the one in which they were actually inserted. \u003c/p\u003e \u003cp\u003e In particular, by choosing these priorities at random upon insertion of an element, we can pretend that we inserted the elements in \u003cem\u003erandom order\u003c/em\u003e, so that the shape of the resulting tree is that of a random BST no matter in what order we insert the elements. This is the main result of this formalisation.\u003c/p\u003e", "authors": [ "Max W. Haslbeck", "Manuel Eberl", "Tobias Nipkow" ], "date": "2018-02-06", "id": 304, "link": "/entries/Treaps.html", "permalink": "/entries/Treaps.html", "shortname": "Treaps", "title": "Treaps", "topic_links": [ "computer-science/data-structures" ], "topics": [ "Computer science/Data structures" ], "used_by": 0 }, { "abstract": "The Lenstra-Lenstra-LovĂĄsz basis reduction algorithm, also known as LLL algorithm, is an algorithm to find a basis with short, nearly orthogonal vectors of an integer lattice. Thereby, it can also be seen as an approximation to solve the shortest vector problem (SVP), which is an NP-hard problem, where the approximation quality solely depends on the dimension of the lattice, but not the lattice itself. The algorithm also possesses many applications in diverse fields of computer science, from cryptanalysis to number theory, but it is specially well-known since it was used to implement the first polynomial-time algorithm to factor polynomials. In this work we present the first mechanized soundness proof of the LLL algorithm to compute short vectors in lattices. The formalization follows a textbook by von zur Gathen and Gerhard.", "authors": [ "Ralph Bottesch", "Jose DivasĂłn", "Max W. Haslbeck", "Sebastiaan J. C. Joosten", "RenĂ© Thiemann", "Akihisa Yamada" ], "date": "2018-02-02", "id": 305, "link": "/entries/LLL_Basis_Reduction.html", "permalink": "/entries/LLL_Basis_Reduction.html", "shortname": "LLL_Basis_Reduction", "title": "A verified LLL algorithm", "topic_links": [ "computer-science/algorithms/mathematical", "mathematics/algebra" ], "topics": [ "Computer science/Algorithms/Mathematical", "Mathematics/Algebra" ], "used_by": 3 }, { "abstract": "This Isabelle/HOL formalization covers Sections 2 to 4 of Bachmair and Ganzinger's \"Resolution Theorem Proving\" chapter in the \u003cem\u003eHandbook of Automated Reasoning\u003c/em\u003e. This includes soundness and completeness of unordered and ordered variants of ground resolution with and without literal selection, the standard redundancy criterion, a general framework for refutational theorem proving, and soundness and completeness of an abstract first-order prover.", "authors": [ "Anders Schlichtkrull", "Jasmin Christian Blanchette", "Dmitriy Traytel", "Uwe Waldmann" ], "date": "2018-01-18", "id": 306, "link": "/entries/Ordered_Resolution_Prover.html", "permalink": "/entries/Ordered_Resolution_Prover.html", "shortname": "Ordered_Resolution_Prover", "title": "Formalization of Bachmair and Ganzinger's Ordered Resolution Prover", "topic_links": [ "logic/general-logic/mechanization-of-proofs" ], "topics": [ "Logic/General logic/Mechanization of proofs" ], "used_by": 4 }, { "abstract": "A geodesic metric space is Gromov hyperbolic if all its geodesic triangles are thin, i.e., every side is contained in a fixed thickening of the two other sides. While this definition looks innocuous, it has proved extremely important and versatile in modern geometry since its introduction by Gromov. We formalize the basic classical properties of Gromov hyperbolic spaces, notably the Morse lemma asserting that quasigeodesics are close to geodesics, the invariance of hyperbolicity under quasi-isometries, we define and study the Gromov boundary and its associated distance, and prove that a quasi-isometry between Gromov hyperbolic spaces extends to a homeomorphism of the boundaries. We also prove a less classical theorem, by Bonk and Schramm, asserting that a Gromov hyperbolic space embeds isometrically in a geodesic Gromov-hyperbolic space. As the original proof uses a transfinite sequence of Cauchy completions, this is an interesting formalization exercise. Along the way, we introduce basic material on isometries, quasi-isometries, Lipschitz maps, geodesic spaces, the Hausdorff distance, the Cauchy completion of a metric space, and the exponential on extended real numbers.", "authors": [ "Sebastien Gouezel" ], "date": "2018-01-16", "id": 307, "link": "/entries/Gromov_Hyperbolicity.html", "permalink": "/entries/Gromov_Hyperbolicity.html", "shortname": "Gromov_Hyperbolicity", "title": "Gromov Hyperbolicity", "topic_links": [ "mathematics/geometry" ], "topics": [ "Mathematics/Geometry" ], "used_by": 0 }, { "abstract": "We formalise a statement of Green’s theorem—the first formalisation to our knowledge—in Isabelle/HOL. The theorem statement that we formalise is enough for most applications, especially in physics and engineering. Our formalisation is made possible by a novel proof that avoids the ubiquitous line integral cancellation argument. This eliminates the need to formalise orientations and region boundaries explicitly with respect to the outwards-pointing normal vector. Instead we appeal to a homological argument about equivalences between paths.", "authors": [ "Mohammad Abdulaziz", "Lawrence C. Paulson" ], "date": "2018-01-11", "id": 308, "link": "/entries/Green.html", "permalink": "/entries/Green.html", "shortname": "Green", "title": "An Isabelle/HOL formalisation of Green's Theorem", "topic_links": [ "mathematics/analysis" ], "topics": [ "Mathematics/Analysis" ], "used_by": 0 }, { "abstract": "We present a formally verified implementation of multivariate Taylor models. Taylor models are a form of rigorous polynomial approximation, consisting of an approximation polynomial based on Taylor expansions, combined with a rigorous bound on the approximation error. Taylor models were introduced as a tool to mitigate the dependency problem of interval arithmetic. Our implementation automatically computes Taylor models for the class of elementary functions, expressed by composition of arithmetic operations and basic functions like exp, sin, or square root.", "authors": [ "Christoph Traut", "Fabian Immler" ], "date": "2018-01-08", "id": 309, "link": "/entries/Taylor_Models.html", "permalink": "/entries/Taylor_Models.html", "shortname": "Taylor_Models", "title": "Taylor Models", "topic_links": [ "computer-science/algorithms/mathematical", "computer-science/data-structures", "mathematics/analysis", "mathematics/algebra" ], "topics": [ "Computer science/Algorithms/Mathematical", "Computer science/Data structures", "Mathematics/Analysis", "Mathematics/Algebra" ], "used_by": 0 }, { "abstract": "This entry shows that the falling factorial of a sum can be computed with an expression using binomial coefficients and the falling factorial of its summands. The entry provides three different proofs: a combinatorial proof, an induction proof and an algebraic proof using the Vandermonde identity. The three formalizations try to follow their informal presentations from a Mathematics Stack Exchange page as close as possible. The induction and algebraic formalization end up to be very close to their informal presentation, whereas the combinatorial proof first requires the introduction of list interleavings, and significant more detail than its informal presentation.", "authors": [ "Lukas Bulwahn" ], "date": "2017-12-22", "id": 310, "link": "/entries/Falling_Factorial_Sum.html", "permalink": "/entries/Falling_Factorial_Sum.html", "shortname": "Falling_Factorial_Sum", "title": "The Falling Factorial of a Sum", "topic_links": [ "mathematics/combinatorics" ], "topics": [ "Mathematics/Combinatorics" ], "used_by": 0 }, { "abstract": "\u003cp\u003eThis article provides a formalisation of Dirichlet characters and Dirichlet \u003cem\u003eL\u003c/em\u003e-functions including proofs of their basic properties \u0026ndash; most notably their analyticity, their areas of convergence, and their non-vanishing for \u0026Re;(s) \u0026ge; 1. All of this is built in a very high-level style using Dirichlet series. The proof of the non-vanishing follows a very short and elegant proof by Newman, which we attempt to reproduce faithfully in a similar level of abstraction in Isabelle.\u003c/p\u003e \u003cp\u003eThis also leads to a relatively short proof of Dirichlet’s Theorem, which states that, if \u003cem\u003eh\u003c/em\u003e and \u003cem\u003en\u003c/em\u003e are coprime, there are infinitely many primes \u003cem\u003ep\u003c/em\u003e with \u003cem\u003ep\u003c/em\u003e \u0026equiv; \u003cem\u003eh\u003c/em\u003e (mod \u003cem\u003en\u003c/em\u003e).\u003c/p\u003e", "authors": [ "Manuel Eberl" ], "date": "2017-12-21", "id": 311, "link": "/entries/Dirichlet_L.html", "permalink": "/entries/Dirichlet_L.html", "shortname": "Dirichlet_L", "title": "Dirichlet L-Functions and Dirichlet's Theorem", "topic_links": [ "mathematics/number-theory", "mathematics/algebra" ], "topics": [ "Mathematics/Number theory", "Mathematics/Algebra" ], "used_by": 1 }, { "abstract": "\u003cp\u003eThis article provides a formalisation of Snyder’s simple and elegant proof of the Mason\u0026ndash;Stothers theorem, which is the polynomial analogue of the famous abc Conjecture for integers. Remarkably, Snyder found this very elegant proof when he was still a high-school student.\u003c/p\u003e \u003cp\u003eIn short, the statement of the theorem is that three non-zero coprime polynomials \u003cem\u003eA\u003c/em\u003e, \u003cem\u003eB\u003c/em\u003e, \u003cem\u003eC\u003c/em\u003e over a field which sum to 0 and do not all have vanishing derivatives fulfil max{deg(\u003cem\u003eA\u003c/em\u003e), deg(\u003cem\u003eB\u003c/em\u003e), deg(\u003cem\u003eC\u003c/em\u003e)} \u003c deg(rad(\u003cem\u003eABC\u003c/em\u003e)) where the rad(\u003cem\u003eP\u003c/em\u003e) denotes the \u003cem\u003eradical\u003c/em\u003e of \u003cem\u003eP\u003c/em\u003e, i.\u0026thinsp;e. the product of all unique irreducible factors of \u003cem\u003eP\u003c/em\u003e.\u003c/p\u003e \u003cp\u003eThis theorem also implies a kind of polynomial analogue of Fermat’s Last Theorem for polynomials: except for trivial cases, \u003cem\u003eA\u003csup\u003en\u003c/sup\u003e\u003c/em\u003e + \u003cem\u003eB\u003csup\u003en\u003c/sup\u003e\u003c/em\u003e + \u003cem\u003eC\u003csup\u003en\u003c/sup\u003e\u003c/em\u003e = 0 implies n\u0026nbsp;\u0026le;\u0026nbsp;2 for coprime polynomials \u003cem\u003eA\u003c/em\u003e, \u003cem\u003eB\u003c/em\u003e, \u003cem\u003eC\u003c/em\u003e over a field.\u003c/em\u003e\u003c/p\u003e", "authors": [ "Manuel Eberl" ], "date": "2017-12-21", "id": 312, "link": "/entries/Mason_Stothers.html", "permalink": "/entries/Mason_Stothers.html", "shortname": "Mason_Stothers", "title": "The Mason–Stothers Theorem", "topic_links": [ "mathematics/algebra" ], "topics": [ "Mathematics/Algebra" ], "used_by": 0 }, { "abstract": "\u003cp\u003eThis entry provides an executable functional implementation of the Median-of-Medians algorithm for selecting the \u003cem\u003ek\u003c/em\u003e-th smallest element of an unsorted list deterministically in linear time. The size bounds for the recursive call that lead to the linear upper bound on the run-time of the algorithm are also proven. \u003c/p\u003e", "authors": [ "Manuel Eberl" ], "date": "2017-12-21", "id": 313, "link": "/entries/Median_Of_Medians_Selection.html", "permalink": "/entries/Median_Of_Medians_Selection.html", "shortname": "Median_Of_Medians_Selection", "title": "The Median-of-Medians Selection Algorithm", "topic_links": [ "computer-science/algorithms" ], "topics": [ "Computer science/Algorithms" ], "used_by": 1 }, { "abstract": "This entry formalizes the closure property of bounded natural functors (BNFs) under seven operations. These operations and the corresponding proofs constitute the core of Isabelle's (co)datatype package. To be close to the implemented tactics, the proofs are deliberately formulated as detailed apply scripts. The (co)datatypes together with (co)induction principles and (co)recursors are byproducts of the fixpoint operations LFP and GFP. Composition of BNFs is subdivided into four simpler operations: Compose, Kill, Lift, and Permute. The N2M operation provides mutual (co)induction principles and (co)recursors for nested (co)datatypes.", "authors": [ "Jasmin Christian Blanchette", "Andrei Popescu", "Dmitriy Traytel" ], "date": "2017-12-19", "id": 314, "link": "/entries/BNF_Operations.html", "permalink": "/entries/BNF_Operations.html", "shortname": "BNF_Operations", "title": "Operations on Bounded Natural Functors", "topic_links": [ "tools" ], "topics": [ "Tools" ], "used_by": 0 }, { "abstract": "The Knuth-Morris-Pratt algorithm is often used to show that the problem of finding a string \u003ci\u003es\u003c/i\u003e in a text \u003ci\u003et\u003c/i\u003e can be solved deterministically in \u003ci\u003eO(|s| + |t|)\u003c/i\u003e time. We use the Isabelle Refinement Framework to formulate and verify the algorithm. Via refinement, we apply some optimisations and finally use the \u003cem\u003eSepref\u003c/em\u003e tool to obtain executable code in \u003cem\u003eImperative/HOL\u003c/em\u003e.", "authors": [ "Fabian Hellauer", "Peter Lammich" ], "date": "2017-12-18", "id": 315, "link": "/entries/Knuth_Morris_Pratt.html", "permalink": "/entries/Knuth_Morris_Pratt.html", "shortname": "Knuth_Morris_Pratt", "title": "The string search algorithm by Knuth, Morris and Pratt", "topic_links": [ "computer-science/algorithms" ], "topics": [ "Computer science/Algorithms" ], "used_by": 0 }, { "abstract": "Stochastic matrices are a convenient way to model discrete-time and finite state Markov chains. The Perron\u0026ndash;Frobenius theorem tells us something about the existence and uniqueness of non-negative eigenvectors of a stochastic matrix. In this entry, we formalize stochastic matrices, link the formalization to the existing AFP-entry on Markov chains, and apply the Perron\u0026ndash;Frobenius theorem to prove that stationary distributions always exist, and they are unique if the stochastic matrix is irreducible.", "authors": [ "RenĂ© Thiemann" ], "date": "2017-11-22", "id": 316, "link": "/entries/Stochastic_Matrices.html", "permalink": "/entries/Stochastic_Matrices.html", "shortname": "Stochastic_Matrices", "title": "Stochastic Matrices and the Perron-Frobenius Theorem", "topic_links": [ "mathematics/algebra", "computer-science/automata-and-formal-languages" ], "topics": [ "Mathematics/Algebra", "Computer science/Automata and formal languages" ], "used_by": 0 }, { "abstract": "We provide our Isabelle/HOL formalization of a Conflict-free Replicated Datatype for Internet Message Access Protocol commands. We show that Strong Eventual Consistency (SEC) is guaranteed by proving the commutativity of concurrent operations. We base our formalization on the recently proposed \"framework for establishing Strong Eventual Consistency for Conflict-free Replicated Datatypes\" (AFP.CRDT) from Gomes et al. Hence, we provide an additional example of how the recently proposed framework can be used to design and prove CRDTs.", "authors": [ "Tim Jungnickel", "Lennart Oldenburg", "Matthias Loibl" ], "date": "2017-11-09", "id": 317, "link": "/entries/IMAP-CRDT.html", "permalink": "/entries/IMAP-CRDT.html", "shortname": "IMAP-CRDT", "title": "The IMAP CmRDT", "topic_links": [ "computer-science/algorithms/distributed", "computer-science/data-structures" ], "topics": [ "Computer science/Algorithms/Distributed", "Computer science/Data structures" ], "used_by": 0 }, { "abstract": "We present a semantic embedding of a spatio-temporal multi-modal logic, specifically defined to reason about motorway traffic, into Isabelle/HOL. The semantic model is an abstraction of a motorway, emphasising local spatial properties, and parameterised by the types of sensors deployed in the vehicles. We use the logic to define controller constraints to ensure safety, i.e., the absence of collisions on the motorway. After proving safety with a restrictive definition of sensors, we relax these assumptions and show how to amend the controller constraints to still guarantee safety.", "authors": [ "Sven Linker" ], "date": "2017-11-06", "id": 318, "link": "/entries/Hybrid_Multi_Lane_Spatial_Logic.html", "permalink": "/entries/Hybrid_Multi_Lane_Spatial_Logic.html", "shortname": "Hybrid_Multi_Lane_Spatial_Logic", "title": "Hybrid Multi-Lane Spatial Logic", "topic_links": [ "logic/general-logic/modal-logic" ], "topics": [ "Logic/General logic/Modal logic" ], "used_by": 0 }, { "abstract": "We discuss a topological curiosity discovered by Kuratowski (1922): the fact that the number of distinct operators on a topological space generated by compositions of closure and complement never exceeds 14, and is exactly 14 in the case of R. In addition, we prove a theorem due to Chagrov (1982) that classifies topological spaces according to the number of such operators they support.", "authors": [ "Peter Gammie", "Gianpaolo Gioiosa" ], "date": "2017-10-26", "id": 319, "link": "/entries/Kuratowski_Closure_Complement.html", "permalink": "/entries/Kuratowski_Closure_Complement.html", "shortname": "Kuratowski_Closure_Complement", "title": "The Kuratowski Closure-Complement Theorem", "topic_links": [ "mathematics/topology" ], "topics": [ "Mathematics/Topology" ], "used_by": 0 }, { "abstract": "This entry provides a verified implementation of rank-based BĂŒchi Complementation. The verification is done in three steps: \u003col\u003e \u003cli\u003eDefinition of odd rankings and proof that an automaton rejects a word iff there exists an odd ranking for it.\u003c/li\u003e \u003cli\u003eDefinition of the complement automaton and proof that it accepts exactly those words for which there is an odd ranking.\u003c/li\u003e \u003cli\u003eVerified implementation of the complement automaton using the Isabelle Collections Framework.\u003c/li\u003e \u003c/ol\u003e", "authors": [ "Julian Brunner" ], "date": "2017-10-19", "id": 320, "link": "/entries/Buchi_Complementation.html", "permalink": "/entries/Buchi_Complementation.html", "shortname": "Buchi_Complementation", "title": "BĂŒchi Complementation", "topic_links": [ "computer-science/automata-and-formal-languages" ], "topics": [ "Computer science/Automata and formal languages" ], "used_by": 0 }, { "abstract": "This entry provides a very abstract theory of transition systems that can be instantiated to express various types of automata. A transition system is typically instantiated by providing a set of initial states, a predicate for enabled transitions, and a transition execution function. From this, it defines the concepts of finite and infinite paths as well as the set of reachable states, among other things. Many useful theorems, from basic path manipulation rules to coinduction and run construction rules, are proven in this abstract transition system context. The library comes with instantiations for DFAs, NFAs, and BĂŒchi automata.", "authors": [ "Julian Brunner" ], "date": "2017-10-19", "id": 321, "link": "/entries/Transition_Systems_and_Automata.html", "permalink": "/entries/Transition_Systems_and_Automata.html", "shortname": "Transition_Systems_and_Automata", "title": "Transition Systems and Automata", "topic_links": [ "computer-science/automata-and-formal-languages" ], "topics": [ "Computer science/Automata and formal languages" ], "used_by": 4 }, { "abstract": "Based on evaluating Cauchy indices through remainder sequences, this entry provides an effective procedure to count the number of complex roots (with multiplicity) of a polynomial within various shapes (e.g., rectangle, circle and half-plane). Potential applications of this entry include certified complex root isolation (of a polynomial) and testing the Routh-Hurwitz stability criterion (i.e., to check whether all the roots of some characteristic polynomial have negative real parts).", "authors": [ "Wenda Li" ], "date": "2017-10-17", "id": 322, "link": "/entries/Count_Complex_Roots.html", "permalink": "/entries/Count_Complex_Roots.html", "shortname": "Count_Complex_Roots", "title": "Count the Number of Complex Roots", "topic_links": [ "mathematics/analysis" ], "topics": [ "Mathematics/Analysis" ], "used_by": 1 }, { "abstract": "In complex analysis, the winding number measures the number of times a path (counterclockwise) winds around a point, while the Cauchy index can approximate how the path winds. This entry provides a formalisation of the Cauchy index, which is then shown to be related to the winding number. In addition, this entry also offers a tactic that enables users to evaluate the winding number by calculating Cauchy indices.", "authors": [ "Wenda Li" ], "date": "2017-10-17", "id": 323, "link": "/entries/Winding_Number_Eval.html", "permalink": "/entries/Winding_Number_Eval.html", "shortname": "Winding_Number_Eval", "title": "Evaluate Winding Numbers through Cauchy Indices", "topic_links": [ "mathematics/analysis" ], "topics": [ "Mathematics/Analysis" ], "used_by": 2 }, { "abstract": "We formalize the theory of homogeneous linear diophantine equations, focusing on two main results: (1) an abstract characterization of minimal complete sets of solutions, and (2) an algorithm computing them. Both, the characterization and the algorithm are based on previous work by Huet. Our starting point is a simple but inefficient variant of Huet's lexicographic algorithm incorporating improved bounds due to Clausen and Fortenbacher. We proceed by proving its soundness and completeness. Finally, we employ code equations to obtain a reasonably efficient implementation. Thus, we provide a formally verified solver for homogeneous linear diophantine equations.", "authors": [ "Florian Messner", "Julian Parsert", "Jonas Schöpf", "Christian Sternagel" ], "date": "2017-10-14", "id": 324, "link": "/entries/Diophantine_Eqns_Lin_Hom.html", "permalink": "/entries/Diophantine_Eqns_Lin_Hom.html", "shortname": "Diophantine_Eqns_Lin_Hom", "title": "Homogeneous Linear Diophantine Equations", "topic_links": [ "computer-science/algorithms/mathematical", "mathematics/number-theory", "tools" ], "topics": [ "Computer science/Algorithms/Mathematical", "Mathematics/Number theory", "Tools" ], "used_by": 0 }, { "abstract": "This entry is a formalisation of much of Chapters 2, 3, and 11 of Apostol's \u0026ldquo;Introduction to Analytic Number Theory\u0026rdquo;. This includes: \u003cul\u003e \u003cli\u003eDefinitions and basic properties for several number-theoretic functions (Euler's \u0026phi;, M\u0026ouml;bius \u0026mu;, Liouville's \u0026lambda;, the divisor function \u0026sigma;, von Mangoldt's \u0026Lambda;)\u003c/li\u003e \u003cli\u003eExecutable code for most of these functions, the most efficient implementations using the factoring algorithm by Thiemann \u003ci\u003eet al.\u003c/i\u003e\u003c/li\u003e \u003cli\u003eDirichlet products and formal Dirichlet series\u003c/li\u003e \u003cli\u003eAnalytic results connecting convergent formal Dirichlet series to complex functions\u003c/li\u003e \u003cli\u003eEuler product expansions\u003c/li\u003e \u003cli\u003eAsymptotic estimates of number-theoretic functions including the density of squarefree integers and the average number of divisors of a natural number\u003c/li\u003e \u003c/ul\u003e These results are useful as a basis for developing more number-theoretic results, such as the Prime Number Theorem.", "authors": [ "Manuel Eberl" ], "date": "2017-10-12", "id": 325, "link": "/entries/Dirichlet_Series.html", "permalink": "/entries/Dirichlet_Series.html", "shortname": "Dirichlet_Series", "title": "Dirichlet Series", "topic_links": [ "mathematics/number-theory" ], "topics": [ "Mathematics/Number theory" ], "used_by": 4 }, { "abstract": "\u003cp\u003e Linear recurrences with constant coefficients are an interesting class of recurrence equations that can be solved explicitly. The most famous example are certainly the Fibonacci numbers with the equation \u003ci\u003ef\u003c/i\u003e(\u003ci\u003en\u003c/i\u003e) = \u003ci\u003ef\u003c/i\u003e(\u003ci\u003en\u003c/i\u003e-1) + \u003ci\u003ef\u003c/i\u003e(\u003ci\u003en\u003c/i\u003e - 2) and the quite non-obvious closed form (\u003ci\u003e\u0026phi;\u003c/i\u003e\u003csup\u003e\u003ci\u003en\u003c/i\u003e\u003c/sup\u003e - (-\u003ci\u003e\u0026phi;\u003c/i\u003e)\u003csup\u003e-\u003ci\u003en\u003c/i\u003e\u003c/sup\u003e) / \u0026radic;\u003cspan style=\"text-decoration: overline\"\u003e5\u003c/span\u003e where \u0026phi; is the golden ratio. \u003c/p\u003e \u003cp\u003e In this work, I build on existing tools in Isabelle \u0026ndash; such as formal power series and polynomial factorisation algorithms \u0026ndash; to develop a theory of these recurrences and derive a fully executable solver for them that can be exported to programming languages like Haskell. \u003c/p\u003e", "authors": [ "Manuel Eberl" ], "date": "2017-10-12", "id": 326, "link": "/entries/Linear_Recurrences.html", "permalink": "/entries/Linear_Recurrences.html", "shortname": "Linear_Recurrences", "title": "Linear Recurrences", "topic_links": [ "mathematics/analysis" ], "topics": [ "Mathematics/Analysis" ], "used_by": 1 }, { "abstract": "\u003cp\u003eThis entry builds upon the results about formal and analytic Dirichlet series to define the Hurwitz \u0026zeta; function \u0026zeta;(\u003cem\u003ea\u003c/em\u003e,\u003cem\u003es\u003c/em\u003e) and, based on that, the Riemann \u0026zeta; function \u0026zeta;(\u003cem\u003es\u003c/em\u003e). This is done by first defining them for \u0026real;(\u003cem\u003ez\u003c/em\u003e) \u003e 1 and then successively extending the domain to the left using the Euler\u0026ndash;MacLaurin formula.\u003c/p\u003e \u003cp\u003eApart from the most basic facts such as analyticity, the following results are provided:\u003c/p\u003e \u003cul\u003e \u003cli\u003ethe Stieltjes constants and the Laurent expansion of \u0026zeta;(\u003cem\u003es\u003c/em\u003e) at \u003cem\u003es\u003c/em\u003e = 1\u003c/li\u003e \u003cli\u003ethe non-vanishing of \u0026zeta;(\u003cem\u003es\u003c/em\u003e) for \u0026real;(\u003cem\u003ez\u003c/em\u003e) \u0026ge; 1\u003c/li\u003e \u003cli\u003ethe relationship between \u0026zeta;(\u003cem\u003ea\u003c/em\u003e,\u003cem\u003es\u003c/em\u003e) and \u0026Gamma;\u003c/li\u003e \u003cli\u003ethe special values at negative integers and positive even integers\u003c/li\u003e \u003cli\u003eHurwitz's formula and the reflection formula for \u0026zeta;(\u003cem\u003es\u003c/em\u003e)\u003c/li\u003e \u003cli\u003ethe \u003ca href=\"https://arxiv.org/abs/math/0405478\"\u003e Hadjicostas\u0026ndash;Chapman formula\u003c/a\u003e\u003c/li\u003e \u003c/ul\u003e \u003cp\u003eThe entry also contains Euler's analytic proof of the infinitude of primes, based on the fact that \u0026zeta;(\u003ci\u003es\u003c/i\u003e) has a pole at \u003ci\u003es\u003c/i\u003e = 1.\u003c/p\u003e", "authors": [ "Manuel Eberl" ], "date": "2017-10-12", "id": 327, "link": "/entries/Zeta_Function.html", "permalink": "/entries/Zeta_Function.html", "shortname": "Zeta_Function", "title": "The Hurwitz and Riemann ζ Functions", "topic_links": [ "mathematics/number-theory", "mathematics/analysis" ], "topics": [ "Mathematics/Number theory", "Mathematics/Analysis" ], "used_by": 3 }, { "abstract": "Computers may help us to understand --not just verify-- philosophical arguments. By utilizing modern proof assistants in an iterative interpretive process, we can reconstruct and assess an argument by fully formal means. Through the mechanization of a variant of St. Anselm's ontological argument by E. J. Lowe, which is a paradigmatic example of a natural-language argument with strong ties to metaphysics and religion, we offer an ideal showcase for our computer-assisted interpretive method.", "authors": [ "David Fuenmayor", "Christoph BenzmĂŒller" ], "date": "2017-09-21", "id": 328, "link": "/entries/Lowe_Ontological_Argument.html", "permalink": "/entries/Lowe_Ontological_Argument.html", "shortname": "Lowe_Ontological_Argument", "title": "Computer-assisted Reconstruction and Assessment of E. J. Lowe's Modal Ontological Argument", "topic_links": [ "logic/philosophical-aspects" ], "topics": [ "Logic/Philosophical aspects" ], "used_by": 0 }, { "abstract": "\u003cp\u003e We present an embedding of the second-order fragment of the Theory of Abstract Objects as described in Edward Zalta's upcoming work \u003ca href=\"https://mally.stanford.edu/principia.pdf\"\u003ePrincipia Logico-Metaphysica (PLM)\u003c/a\u003e in the automated reasoning framework Isabelle/HOL. The Theory of Abstract Objects is a metaphysical theory that reifies property patterns, as they for example occur in the abstract reasoning of mathematics, as \u003cb\u003eabstract objects\u003c/b\u003e and provides an axiomatic framework that allows to reason about these objects. It thereby serves as a fundamental metaphysical theory that can be used to axiomatize and describe a wide range of philosophical objects, such as Platonic forms or Leibniz' concepts, and has the ambition to function as a foundational theory of mathematics. The target theory of our embedding as described in chapters 7-9 of PLM employs a modal relational type theory as logical foundation for which a representation in functional type theory is \u003ca href=\"https://mally.stanford.edu/Papers/rtt.pdf\"\u003eknown to be challenging\u003c/a\u003e. \u003c/p\u003e \u003cp\u003e Nevertheless we arrive at a functioning representation of the theory in the functional logic of Isabelle/HOL based on a semantical representation of an Aczel-model of the theory. Based on this representation we construct an implementation of the deductive system of PLM which allows to automatically and interactively find and verify theorems of PLM. \u003c/p\u003e \u003cp\u003e Our work thereby supports the concept of shallow semantical embeddings of logical systems in HOL as a universal tool for logical reasoning \u003ca href=\"http://www.mi.fu-berlin.de/inf/groups/ag-ki/publications/Universal-Reasoning/1703_09620_pd.pdf\"\u003eas promoted by Christoph Benzm\u0026uuml;ller\u003c/a\u003e. \u003c/p\u003e \u003cp\u003e The most notable result of the presented work is the discovery of a previously unknown paradox in the formulation of the Theory of Abstract Objects. The embedding of the theory in Isabelle/HOL played a vital part in this discovery. Furthermore it was possible to immediately offer several options to modify the theory to guarantee its consistency. Thereby our work could provide a significant contribution to the development of a proper grounding for object theory. \u003c/p\u003e", "authors": [ "Daniel Kirchner" ], "date": "2017-09-17", "id": 329, "link": "/entries/PLM.html", "permalink": "/entries/PLM.html", "shortname": "PLM", "title": "Representation and Partial Automation of the Principia Logico-Metaphysica in Isabelle/HOL", "topic_links": [ "logic/philosophical-aspects" ], "topics": [ "Logic/Philosophical aspects" ], "used_by": 0 }, { "abstract": "Paul Oppenheimer and Edward Zalta's formalisation of Anselm's ontological argument for the existence of God is automated by embedding a free logic for definite descriptions within Isabelle/HOL.", "authors": [ "Ben Blumson" ], "date": "2017-09-06", "id": 330, "link": "/entries/AnselmGod.html", "permalink": "/entries/AnselmGod.html", "shortname": "AnselmGod", "title": "Anselm's God in Isabelle/HOL", "topic_links": [ "logic/philosophical-aspects" ], "topics": [ "Logic/Philosophical aspects" ], "used_by": 0 }, { "abstract": "Economic activity has always been a fundamental part of society. Due to modern day politics, economic theory has gained even more influence on our lives. Thus we want models and theories to be as precise as possible. This can be achieved using certification with the help of formal proof technology. Hence we will use Isabelle/HOL to construct two economic models, that of the the pure exchange economy and a version of the Arrow-Debreu Model. We will prove that the \u003ci\u003eFirst Theorem of Welfare Economics\u003c/i\u003e holds within both. The theorem is the mathematical formulation of Adam Smith's famous \u003ci\u003einvisible hand\u003c/i\u003e and states that a group of self-interested and rational actors will eventually achieve an efficient allocation of goods and services.", "authors": [ "Julian Parsert", "Cezary Kaliszyk" ], "date": "2017-09-01", "id": 331, "link": "/entries/First_Welfare_Theorem.html", "permalink": "/entries/First_Welfare_Theorem.html", "shortname": "First_Welfare_Theorem", "title": "Microeconomics and the First Welfare Theorem", "topic_links": [ "mathematics/games-and-economics" ], "topics": [ "Mathematics/Games and economics" ], "used_by": 1 }, { "abstract": "The Orbit-Stabiliser theorem is a basic result in the algebra of groups that factors the order of a group into the sizes of its orbits and stabilisers. We formalize the notion of a group action and the related concepts of orbits and stabilisers. This allows us to prove the orbit-stabiliser theorem. In the second part of this work, we formalize the tetrahedral group and use the orbit-stabiliser theorem to prove that there are twelve (orientation-preserving) rotations of the tetrahedron.", "authors": [ "Jonas RĂ€dle" ], "date": "2017-08-20", "id": 332, "link": "/entries/Orbit_Stabiliser.html", "permalink": "/entries/Orbit_Stabiliser.html", "shortname": "Orbit_Stabiliser", "title": "Orbit-Stabiliser Theorem with Application to Rotational Symmetries", "topic_links": [ "mathematics/algebra" ], "topics": [ "Mathematics/Algebra" ], "used_by": 0 }, { "abstract": "\u003cp\u003e Andersson introduced \u003cem\u003egeneral balanced trees\u003c/em\u003e, search trees based on the design principle of partial rebuilding: perform update operations naively until the tree becomes too unbalanced, at which point a whole subtree is rebalanced. This article defines and analyzes a functional version of general balanced trees, which we call \u003cem\u003eroot-balanced trees\u003c/em\u003e. Using a lightweight model of execution time, amortized logarithmic complexity is verified in the theorem prover Isabelle. \u003c/p\u003e \u003cp\u003e This is the Isabelle formalization of the material decribed in the APLAS 2017 article \u003ca href=\"http://www21.in.tum.de/~nipkow/pubs/aplas17.html\"\u003eVerified Root-Balanced Trees\u003c/a\u003e by the same author, which also presents experimental results that show competitiveness of root-balanced with AVL and red-black trees. \u003c/p\u003e", "authors": [ "Tobias Nipkow" ], "date": "2017-08-20", "id": 333, "link": "/entries/Root_Balanced_Tree.html", "permalink": "/entries/Root_Balanced_Tree.html", "shortname": "Root_Balanced_Tree", "title": "Root-Balanced Tree", "topic_links": [ "computer-science/data-structures" ], "topics": [ "Computer science/Data structures" ], "used_by": 2 }, { "abstract": "The propositions-as-types correspondence is ordinarily presented as linking the metatheory of typed λ-calculi and the proof theory of intuitionistic logic. Griffin observed that this correspondence could be extended to classical logic through the use of control operators. This observation set off a flurry of further research, leading to the development of Parigots λΌ-calculus. In this work, we formalise λΌ- calculus in Isabelle/HOL and prove several metatheoretical properties such as type preservation and progress.", "authors": [ "Cristina Matache", "Victor B. F. Gomes", "Dominic P. Mulligan" ], "date": "2017-08-16", "id": 334, "link": "/entries/LambdaMu.html", "permalink": "/entries/LambdaMu.html", "shortname": "LambdaMu", "title": "The LambdaMu-calculus", "topic_links": [ "computer-science/programming-languages/lambda-calculi" ], "topics": [ "Computer science/Programming languages/Lambda calculi" ], "used_by": 0 }, { "abstract": "This entry formalizes the two geometric theorems, Stewart's and Apollonius' theorem. Stewart's Theorem relates the length of a triangle's cevian to the lengths of the triangle's two sides. Apollonius' Theorem is a specialisation of Stewart's theorem, restricting the cevian to be the median. The proof applies the law of cosines, some basic geometric facts about triangles and then simply transforms the terms algebraically to yield the conjectured relation. The formalization in Isabelle can closely follow the informal proofs described in the Wikipedia articles of those two theorems.", "authors": [ "Lukas Bulwahn" ], "date": "2017-07-31", "id": 335, "link": "/entries/Stewart_Apollonius.html", "permalink": "/entries/Stewart_Apollonius.html", "shortname": "Stewart_Apollonius", "title": "Stewart's Theorem and Apollonius' Theorem", "topic_links": [ "mathematics/geometry" ], "topics": [ "Mathematics/Geometry" ], "used_by": 0 }, { "abstract": "The architecture of a system describes the system's overall organization into components and connections between those components. With the emergence of mobile computing, dynamic architectures have become increasingly important. In such architectures, components may appear or disappear, and connections may change over time. In the following we mechanize a theory of dynamic architectures and verify the soundness of a corresponding calculus. Therefore, we first formalize the notion of configuration traces as a model for dynamic architectures. Then, the behavior of single components is formalized in terms of behavior traces and an operator is introduced and studied to extract the behavior of a single component out of a given configuration trace. Then, behavior trace assertions are introduced as a temporal specification technique to specify behavior of components. Reasoning about component behavior in a dynamic context is formalized in terms of a calculus for dynamic architectures. Finally, the soundness of the calculus is verified by introducing an alternative interpretation for behavior trace assertions over configuration traces and proving the rules of the calculus. Since projection may lead to finite as well as infinite behavior traces, they are formalized in terms of coinductive lists. Thus, our theory is based on Lochbihler's formalization of coinductive lists. The theory may be applied to verify properties for dynamic architectures.", "authors": [ "Diego Marmsoler" ], "date": "2017-07-28", "id": 336, "link": "/entries/DynamicArchitectures.html", "permalink": "/entries/DynamicArchitectures.html", "shortname": "DynamicArchitectures", "title": "Dynamic Architectures", "topic_links": [ "computer-science/system-description-languages" ], "topics": [ "Computer science/System description languages" ], "used_by": 1 }, { "abstract": "We present a semantics for an applied call-by-value lambda-calculus that is compositional, extensional, and elementary. We present four different views of the semantics: 1) as a relational (big-step) semantics that is not operational but instead declarative, 2) as a denotational semantics that does not use domain theory, 3) as a non-deterministic interpreter, and 4) as a variant of the intersection type systems of the Torino group. We prove that the semantics is correct by showing that it is sound and complete with respect to operational semantics on programs and that is sound with respect to contextual equivalence. We have not yet investigated whether it is fully abstract. We demonstrate that this approach to semantics is useful with three case studies. First, we use the semantics to prove correctness of a compiler optimization that inlines function application. Second, we adapt the semantics to the polymorphic lambda-calculus extended with general recursion and prove semantic type soundness. Third, we adapt the semantics to the call-by-value lambda-calculus with mutable references. \u003cbr\u003e The paper that accompanies these Isabelle theories is \u003ca href=\"https://arxiv.org/abs/1707.03762\"\u003eavailable on arXiv\u003c/a\u003e.", "authors": [ "Jeremy Siek" ], "date": "2017-07-21", "id": 337, "link": "/entries/Decl_Sem_Fun_PL.html", "permalink": "/entries/Decl_Sem_Fun_PL.html", "shortname": "Decl_Sem_Fun_PL", "title": "Declarative Semantics for Functional Languages", "topic_links": [ "computer-science/programming-languages" ], "topics": [ "Computer science/Programming languages" ], "used_by": 0 }, { "abstract": "The Isabelle/HOLCF-Prelude is a formalization of a large part of Haskell's standard prelude in Isabelle/HOLCF. We use it to prove the correctness of the Eratosthenes' Sieve, in its self-referential implementation commonly used to showcase Haskell's laziness; prove correctness of GHC's \"fold/build\" rule and related rewrite rules; and certify a number of hints suggested by HLint.", "authors": [ "Joachim Breitner", "Brian Huffman", "Neil Mitchell", "Christian Sternagel" ], "date": "2017-07-15", "id": 338, "link": "/entries/HOLCF-Prelude.html", "permalink": "/entries/HOLCF-Prelude.html", "shortname": "HOLCF-Prelude", "title": "HOLCF-Prelude", "topic_links": [ "computer-science/functional-programming" ], "topics": [ "Computer science/Functional programming" ], "used_by": 1 }, { "abstract": "\u003cp\u003eMinkowski's theorem relates a subset of \u0026#8477;\u003csup\u003en\u003c/sup\u003e, the Lebesgue measure, and the integer lattice \u0026#8484;\u003csup\u003en\u003c/sup\u003e: It states that any convex subset of \u0026#8477;\u003csup\u003en\u003c/sup\u003e with volume greater than 2\u003csup\u003en\u003c/sup\u003e contains at least one lattice point from \u0026#8484;\u003csup\u003en\u003c/sup\u003e\\{0}, i.\u0026thinsp;e. a non-zero point with integer coefficients.\u003c/p\u003e \u003cp\u003eA related theorem which directly implies this is Blichfeldt's theorem, which states that any subset of \u0026#8477;\u003csup\u003en\u003c/sup\u003e with a volume greater than 1 contains two different points whose difference vector has integer components.\u003c/p\u003e \u003cp\u003eThe entry contains a proof of both theorems.\u003c/p\u003e", "authors": [ "Manuel Eberl" ], "date": "2017-07-13", "id": 339, "link": "/entries/Minkowskis_Theorem.html", "permalink": "/entries/Minkowskis_Theorem.html", "shortname": "Minkowskis_Theorem", "title": "Minkowski's Theorem", "topic_links": [ "mathematics/geometry", "mathematics/number-theory" ], "topics": [ "Mathematics/Geometry", "Mathematics/Number theory" ], "used_by": 0 }, { "abstract": "I formalise a Church-style simply-typed \\(\\lambda\\)-calculus, extended with pairs, a unit value, and projection functions, and show some metatheory of the calculus, such as the subject reduction property. Particular attention is paid to the treatment of names in the calculus. A nominal style of binding is used, but I use a manual approach over Nominal Isabelle in order to extract an executable type inference algorithm. More information can be found in my \u003ca href=\"http://www.openthesis.org/documents/Verified-Metatheory-Type-Inference-Simply-603182.html\"\u003eundergraduate dissertation\u003c/a\u003e.", "authors": [ "Michael Rawson" ], "date": "2017-07-09", "id": 340, "link": "/entries/Name_Carrying_Type_Inference.html", "permalink": "/entries/Name_Carrying_Type_Inference.html", "shortname": "Name_Carrying_Type_Inference", "title": "Verified Metatheory and Type Inference for a Name-Carrying Simply-Typed Lambda Calculus", "topic_links": [ "computer-science/programming-languages/type-systems" ], "topics": [ "Computer science/Programming languages/Type systems" ], "used_by": 0 }, { "abstract": "In this work, we focus on the correctness of Conflict-free Replicated Data Types (CRDTs), a class of algorithm that provides strong eventual consistency guarantees for replicated data. We develop a modular and reusable framework for verifying the correctness of CRDT algorithms. We avoid correctness issues that have dogged previous mechanised proofs in this area by including a network model in our formalisation, and proving that our theorems hold in all possible network behaviours. Our axiomatic network model is a standard abstraction that accurately reflects the behaviour of real-world computer networks. Moreover, we identify an abstract convergence theorem, a property of order relations, which provides a formal definition of strong eventual consistency. We then obtain the first machine-checked correctness theorems for three concrete CRDTs: the Replicated Growable Array, the Observed-Remove Set, and an Increment-Decrement Counter.", "authors": [ "Victor B. F. Gomes", "Martin Kleppmann", "Dominic P. Mulligan", "Alastair R. Beresford" ], "date": "2017-07-07", "id": 341, "link": "/entries/CRDT.html", "permalink": "/entries/CRDT.html", "shortname": "CRDT", "title": "A framework for establishing Strong Eventual Consistency for Conflict-free Replicated Datatypes", "topic_links": [ "computer-science/algorithms/distributed", "computer-science/data-structures" ], "topics": [ "Computer science/Algorithms/Distributed", "Computer science/Data structures" ], "used_by": 1 }, { "abstract": "We develop Stone-Kleene relation algebras, which expand Stone relation algebras with a Kleene star operation to describe reachability in weighted graphs. Many properties of the Kleene star arise as a special case of a more general theory of iteration based on Conway semirings extended by simulation axioms. This includes several theorems representing complex program transformations. We formally prove the correctness of Conway's automata-based construction of the Kleene star of a matrix. We prove numerous results useful for reasoning about weighted graphs.", "authors": [ "Walter Guttmann" ], "date": "2017-07-06", "id": 342, "link": "/entries/Stone_Kleene_Relation_Algebras.html", "permalink": "/entries/Stone_Kleene_Relation_Algebras.html", "shortname": "Stone_Kleene_Relation_Algebras", "title": "Stone-Kleene Relation Algebras", "topic_links": [ "mathematics/algebra" ], "topics": [ "Mathematics/Algebra" ], "used_by": 4 }, { "abstract": "We formalize a range of proof systems for classical propositional logic (sequent calculus, natural deduction, Hilbert systems, resolution) and prove the most important meta-theoretic results about semantics and proofs: compactness, soundness, completeness, translations between proof systems, cut-elimination, interpolation and model existence.", "authors": [ "Julius Michaelis", "Tobias Nipkow" ], "date": "2017-06-21", "id": 343, "link": "/entries/Propositional_Proof_Systems.html", "permalink": "/entries/Propositional_Proof_Systems.html", "shortname": "Propositional_Proof_Systems", "title": "Propositional Proof Systems", "topic_links": [ "logic/proof-theory" ], "topics": [ "Logic/Proof theory" ], "used_by": 2 }, { "abstract": "Partial Semigroups are relevant to the foundations of quantum mechanics and combinatorics as well as to interval and separation logics. Convolution algebras can be understood either as algebras of generalised binary modalities over ternary Kripke frames, in particular over partial semigroups, or as algebras of quantale-valued functions which are equipped with a convolution-style operation of multiplication that is parametrised by a ternary relation. Convolution algebras provide algebraic semantics for various substructural logics, including categorial, relevance and linear logics, for separation logic and for interval logics; they cover quantitative and qualitative applications. These mathematical components for partial semigroups and convolution algebras provide uniform foundations from which models of computation based on relations, program traces or pomsets, and verification components for separation or interval temporal logics can be built with little effort.", "authors": [ "Brijesh Dongol", "Victor B. F. Gomes", "Ian J. Hayes", "Georg Struth" ], "date": "2017-06-13", "id": 344, "link": "/entries/PSemigroupsConvolution.html", "permalink": "/entries/PSemigroupsConvolution.html", "shortname": "PSemigroupsConvolution", "title": "Partial Semigroups and Convolution Algebras", "topic_links": [ "mathematics/algebra" ], "topics": [ "Mathematics/Algebra" ], "used_by": 0 }, { "abstract": "In the 18th century, Georges-Louis Leclerc, Comte de Buffon posed and later solved the following problem, which is often called the first problem ever solved in geometric probability: Given a floor divided into vertical strips of the same width, what is the probability that a needle thrown onto the floor randomly will cross two strips? This entry formally defines the problem in the case where the needle's position is chosen uniformly at random in a single strip around the origin (which is equivalent to larger arrangements due to symmetry). It then provides proofs of the simple solution in the case where the needle's length is no greater than the width of the strips and the more complicated solution in the opposite case.", "authors": [ "Manuel Eberl" ], "date": "2017-06-06", "id": 345, "link": "/entries/Buffons_Needle.html", "permalink": "/entries/Buffons_Needle.html", "shortname": "Buffons_Needle", "title": "Buffon's Needle Problem", "topic_links": [ "mathematics/probability-theory", "mathematics/geometry" ], "topics": [ "Mathematics/Probability theory", "Mathematics/Geometry" ], "used_by": 0 }, { "abstract": "We present a formalization of flow networks and the Min-Cut-Max-Flow theorem. Our formal proof closely follows a standard textbook proof, and is accessible even without being an expert in Isabelle/HOL, the interactive theorem prover used for the formalization.", "authors": [ "Peter Lammich", "S. Reza Sefidgar" ], "date": "2017-06-01", "id": 346, "link": "/entries/Flow_Networks.html", "permalink": "/entries/Flow_Networks.html", "shortname": "Flow_Networks", "title": "Flow Networks and the Min-Cut-Max-Flow Theorem", "topic_links": [ "mathematics/graph-theory" ], "topics": [ "Mathematics/Graph theory" ], "used_by": 2 }, { "abstract": "We present a formalization of push-relabel algorithms for computing the maximum flow in a network. We start with Goldberg's et al.~generic push-relabel algorithm, for which we show correctness and the time complexity bound of O(V^2E). We then derive the relabel-to-front and FIFO implementation. Using stepwise refinement techniques, we derive an efficient verified implementation. Our formal proof of the abstract algorithms closely follows a standard textbook proof. It is accessible even without being an expert in Isabelle/HOL, the interactive theorem prover used for the formalization.", "authors": [ "Peter Lammich", "S. Reza Sefidgar" ], "date": "2017-06-01", "id": 347, "link": "/entries/Prpu_Maxflow.html", "permalink": "/entries/Prpu_Maxflow.html", "shortname": "Prpu_Maxflow", "title": "Formalizing Push-Relabel Algorithms", "topic_links": [ "computer-science/algorithms/graph", "mathematics/graph-theory" ], "topics": [ "Computer science/Algorithms/Graph", "Mathematics/Graph theory" ], "used_by": 0 }, { "abstract": "Lenses provide an abstract interface for manipulating data types through spatially-separated views. They are defined abstractly in terms of two functions, \u003cem\u003eget\u003c/em\u003e, the return a value from the source type, and \u003cem\u003eput\u003c/em\u003e that updates the value. We mechanise the underlying theory of lenses, in terms of an algebraic hierarchy of lenses, including well-behaved and very well-behaved lenses, each lens class being characterised by a set of lens laws. We also mechanise a lens algebra in Isabelle that enables their composition and comparison, so as to allow construction of complex lenses. This is accompanied by a large library of algebraic laws. Moreover we also show how the lens classes can be applied by instantiating them with a number of Isabelle data types.", "authors": [ "Simon Foster", "Frank Zeyda" ], "date": "2017-05-25", "id": 348, "link": "/entries/Optics.html", "permalink": "/entries/Optics.html", "shortname": "Optics", "title": "Optics", "topic_links": [ "computer-science/functional-programming", "mathematics/algebra" ], "topics": [ "Computer science/Functional programming", "Mathematics/Algebra" ], "used_by": 1 }, { "abstract": "We propose a development method for security protocols based on stepwise refinement. Our refinement strategy transforms abstract security goals into protocols that are secure when operating over an insecure channel controlled by a Dolev-Yao-style intruder. As intermediate levels of abstraction, we employ messageless guard protocols and channel protocols communicating over channels with security properties. These abstractions provide insights on why protocols are secure and foster the development of families of protocols sharing common structure and properties. We have implemented our method in Isabelle/HOL and used it to develop different entity authentication and key establishment protocols, including realistic features such as key confirmation, replay caches, and encrypted tickets. Our development highlights that guard protocols and channel protocols provide fundamental abstractions for bridging the gap between security properties and standard protocol descriptions based on cryptographic messages. It also shows that our refinement approach scales to protocols of nontrivial size and complexity.", "authors": [ "Christoph Sprenger", "Ivano Somaini" ], "date": "2017-05-24", "id": 349, "link": "/entries/Security_Protocol_Refinement.html", "permalink": "/entries/Security_Protocol_Refinement.html", "shortname": "Security_Protocol_Refinement", "title": "Developing Security Protocols by Refinement", "topic_links": [ "computer-science/security" ], "topics": [ "Computer science/Security" ], "used_by": 0 }, { "abstract": "Isabelle's code generator natively supports type classes. For targets that do not have language support for classes and instances, it performs the well-known dictionary translation, as described by Haftmann and Nipkow. This translation happens outside the logic, i.e., there is no guarantee that it is correct, besides the pen-and-paper proof. This work implements a certified dictionary translation that produces new class-free constants and derives equality theorems.", "authors": [ "Lars Hupel" ], "date": "2017-05-24", "id": 350, "link": "/entries/Dict_Construction.html", "permalink": "/entries/Dict_Construction.html", "shortname": "Dict_Construction", "title": "Dictionary Construction", "topic_links": [ "tools" ], "topics": [ "Tools" ], "used_by": 1 }, { "abstract": "The Floyd-Warshall algorithm [Flo62, Roy59, War62] is a classic dynamic programming algorithm to compute the length of all shortest paths between any two vertices in a graph (i.e. to solve the all-pairs shortest path problem, or APSP for short). Given a representation of the graph as a matrix of weights M, it computes another matrix M' which represents a graph with the same path lengths and contains the length of the shortest path between any two vertices i and j. This is only possible if the graph does not contain any negative cycles. However, in this case the Floyd-Warshall algorithm will detect the situation by calculating a negative diagonal entry. This entry includes a formalization of the algorithm and of these key properties. The algorithm is refined to an efficient imperative version using the Imperative Refinement Framework.", "authors": [ "Simon Wimmer", "Peter Lammich" ], "date": "2017-05-08", "id": 351, "link": "/entries/Floyd_Warshall.html", "permalink": "/entries/Floyd_Warshall.html", "shortname": "Floyd_Warshall", "title": "The Floyd-Warshall Algorithm for Shortest Paths", "topic_links": [ "computer-science/algorithms/graph" ], "topics": [ "Computer science/Algorithms/Graph" ], "used_by": 0 }, { "abstract": "\u003cp\u003eCryptHOL provides a framework for formalising cryptographic arguments in Isabelle/HOL. It shallowly embeds a probabilistic functional programming language in higher order logic. The language features monadic sequencing, recursion, random sampling, failures and failure handling, and black-box access to oracles. Oracles are probabilistic functions which maintain hidden state between different invocations. All operators are defined in the new semantic domain of generative probabilistic values, a codatatype. We derive proof rules for the operators and establish a connection with the theory of relational parametricity. Thus, the resuting proofs are trustworthy and comprehensible, and the framework is extensible and widely applicable. \u003c/p\u003e\u003cp\u003e The framework is used in the accompanying AFP entry \"Game-based Cryptography in HOL\". There, we show-case our framework by formalizing different game-based proofs from the literature. This formalisation continues the work described in the author's ESOP 2016 paper.\u003c/p\u003e", "authors": [ "Andreas Lochbihler" ], "date": "2017-05-05", "id": 352, "link": "/entries/CryptHOL.html", "permalink": "/entries/CryptHOL.html", "shortname": "CryptHOL", "title": "CryptHOL", "topic_links": [ "computer-science/security/cryptography", "computer-science/functional-programming", "mathematics/probability-theory" ], "topics": [ "Computer science/Security/Cryptography", "Computer science/Functional programming", "Mathematics/Probability theory" ], "used_by": 3 }, { "abstract": "The notion of a monad cannot be expressed within higher-order logic (HOL) due to type system restrictions. We show that if a monad is used with values of only one type, this notion can be formalised in HOL. Based on this idea, we develop a library of effect specifications and implementations of monads and monad transformers. Hence, we can abstract over the concrete monad in HOL definitions and thus use the same definition for different (combinations of) effects. We illustrate the usefulness of effect polymorphism with a monadic interpreter for a simple language.", "authors": [ "Andreas Lochbihler" ], "date": "2017-05-05", "id": 353, "link": "/entries/Monomorphic_Monad.html", "permalink": "/entries/Monomorphic_Monad.html", "shortname": "Monomorphic_Monad", "title": "Effect polymorphism in higher-order logic", "topic_links": [ "computer-science/functional-programming" ], "topics": [ "Computer science/Functional programming" ], "used_by": 1 }, { "abstract": "\u003cp\u003eIn this AFP entry, we show how to specify game-based cryptographic security notions and formally prove secure several cryptographic constructions from the literature using the CryptHOL framework. Among others, we formalise the notions of a random oracle, a pseudo-random function, an unpredictable function, and of encryption schemes that are indistinguishable under chosen plaintext and/or ciphertext attacks. We prove the random-permutation/random-function switching lemma, security of the Elgamal and hashed Elgamal public-key encryption scheme and correctness and security of several constructions with pseudo-random functions. \u003c/p\u003e\u003cp\u003eOur proofs follow the game-hopping style advocated by Shoup and Bellare and Rogaway, from which most of the examples have been taken. We generalise some of their results such that they can be reused in other proofs. Thanks to CryptHOL's integration with Isabelle's parametricity infrastructure, many simple hops are easily justified using the theory of representation independence.\u003c/p\u003e", "authors": [ "Andreas Lochbihler", "S. Reza Sefidgar", "Bhargav Bhatt" ], "date": "2017-05-05", "id": 354, "link": "/entries/Game_Based_Crypto.html", "permalink": "/entries/Game_Based_Crypto.html", "shortname": "Game_Based_Crypto", "title": "Game-based cryptography in HOL", "topic_links": [ "computer-science/security/cryptography" ], "topics": [ "Computer science/Security/Cryptography" ], "used_by": 2 }, { "abstract": "The usual monad laws can directly be used as rewrite rules for Isabelle’s simplifier to normalise monadic HOL terms and decide equivalences. In a commutative monad, however, the commutativity law is a higher-order permutative rewrite rule that makes the simplifier loop. This AFP entry implements a simproc that normalises monadic expressions in commutative monads using ordered rewriting. The simproc can also permute computations across control operators like if and case.", "authors": [ "Joshua Schneider", "Manuel Eberl", "Andreas Lochbihler" ], "date": "2017-05-05", "id": 355, "link": "/entries/Monad_Normalisation.html", "permalink": "/entries/Monad_Normalisation.html", "shortname": "Monad_Normalisation", "title": "Monad normalisation", "topic_links": [ "tools", "computer-science/functional-programming", "logic/rewriting" ], "topics": [ "Tools", "Computer science/Functional programming", "Logic/Rewriting" ], "used_by": 3 }, { "abstract": "This AFP entry defines a probabilistic while operator based on sub-probability mass functions and formalises zero-one laws and variant rules for probabilistic loop termination. As applications, we implement probabilistic algorithms for the Bernoulli, geometric and arbitrary uniform distributions that only use fair coin flips, and prove them correct and terminating with probability 1.", "authors": [ "Andreas Lochbihler" ], "date": "2017-05-05", "id": 356, "link": "/entries/Probabilistic_While.html", "permalink": "/entries/Probabilistic_While.html", "shortname": "Probabilistic_While", "title": "Probabilistic while loop", "topic_links": [ "computer-science/functional-programming", "mathematics/probability-theory", "computer-science/algorithms" ], "topics": [ "Computer science/Functional programming", "Mathematics/Probability theory", "Computer science/Algorithms" ], "used_by": 1 }, { "abstract": "\u003cp\u003e Building on the formalization of basic category theory set out in the author's previous AFP article, the present article formalizes some basic aspects of the theory of monoidal categories. Among the notions defined here are monoidal category, monoidal functor, and equivalence of monoidal categories. The main theorems formalized are MacLane's coherence theorem and the constructions of the free monoidal category and free strict monoidal category generated by a given category. The coherence theorem is proved syntactically, using a structurally recursive approach to reduction of terms that might have some novel aspects. We also give proofs of some results given by Etingof et al, which may prove useful in a formal setting. In particular, we show that the left and right unitors need not be taken as given data in the definition of monoidal category, nor does the definition of monoidal functor need to take as given a specific isomorphism expressing the preservation of the unit object. Our definitions of monoidal category and monoidal functor are stated so as to take advantage of the economy afforded by these facts. \u003c/p\u003e\u003cp\u003e Revisions made subsequent to the first version of this article added material on cartesian monoidal categories; showing that the underlying category of a cartesian monoidal category is a cartesian category, and that every cartesian category extends to a cartesian monoidal category. \u003c/p\u003e", "authors": [ "Eugene W. Stark" ], "date": "2017-05-04", "id": 357, "link": "/entries/MonoidalCategory.html", "permalink": "/entries/MonoidalCategory.html", "shortname": "MonoidalCategory", "title": "Monoidal Categories", "topic_links": [ "mathematics/category-theory" ], "topics": [ "Mathematics/Category theory" ], "used_by": 1 }, { "abstract": "A computer-formalisation of the essential parts of Fitting's textbook \"Types, Tableaus and Gödel's God\" in Isabelle/HOL is presented. In particular, Fitting's (and Anderson's) variant of the ontological argument is verified and confirmed. This variant avoids the modal collapse, which has been criticised as an undesirable side-effect of Kurt Gödel's (and Dana Scott's) versions of the ontological argument. Fitting's work is employing an intensional higher-order modal logic, which we shallowly embed here in classical higher-order logic. We then utilize the embedded logic for the formalisation of Fitting's argument. (See also the earlier AFP entry ``Gödel's God in Isabelle/HOL''.)", "authors": [ "David Fuenmayor", "Christoph BenzmĂŒller" ], "date": "2017-05-01", "id": 358, "link": "/entries/Types_Tableaus_and_Goedels_God.html", "permalink": "/entries/Types_Tableaus_and_Goedels_God.html", "shortname": "Types_Tableaus_and_Goedels_God", "title": "Types, Tableaus and Gödel’s God in Isabelle/HOL", "topic_links": [ "logic/philosophical-aspects" ], "topics": [ "Logic/Philosophical aspects" ], "used_by": 0 }, { "abstract": "This formalisation accompanies the paper \u003ca href=\"https://arxiv.org/abs/1702.03277\"\u003eLocal Lexing\u003c/a\u003e which introduces a novel parsing concept of the same name. The paper also gives a high-level algorithm for local lexing as an extension of Earley's algorithm. This formalisation proves the algorithm to be correct with respect to its local lexing semantics. As a special case, this formalisation thus also contains a proof of the correctness of Earley's algorithm. The paper contains a short outline of how this formalisation is organised.", "authors": [ "Steven Obua" ], "date": "2017-04-28", "id": 359, "link": "/entries/LocalLexing.html", "permalink": "/entries/LocalLexing.html", "shortname": "LocalLexing", "title": "Local Lexing", "topic_links": [ "computer-science/automata-and-formal-languages" ], "topics": [ "Computer science/Automata and formal languages" ], "used_by": 0 }, { "abstract": "Isabelle's code generator performs various adaptations for target languages. Among others, constructor applications have to be fully saturated. That means that for constructor calls occuring as arguments to higher-order functions, synthetic lambdas have to be inserted. This entry provides tooling to avoid this construction altogether by introducing constructor functions.", "authors": [ "Lars Hupel" ], "date": "2017-04-19", "id": 360, "link": "/entries/Constructor_Funs.html", "permalink": "/entries/Constructor_Funs.html", "shortname": "Constructor_Funs", "title": "Constructor Functions", "topic_links": [ "tools" ], "topics": [ "Tools" ], "used_by": 1 }, { "abstract": "Isabelle's code generator performs various adaptations for target languages. Among others, case statements are printed as match expressions. Internally, this is a sophisticated procedure, because in HOL, case statements are represented as nested calls to the case combinators as generated by the datatype package. Furthermore, the procedure relies on laziness of match expressions in the target language, i.e., that branches guarded by patterns that fail to match are not evaluated. Similarly, \u003ctt\u003eif-then-else\u003c/tt\u003e is printed to the corresponding construct in the target language. This entry provides tooling to replace these special cases in the code generator by ignoring these target language features, instead printing case expressions and \u003ctt\u003eif-then-else\u003c/tt\u003e as functions.", "authors": [ "Lars Hupel" ], "date": "2017-04-18", "id": 361, "link": "/entries/Lazy_Case.html", "permalink": "/entries/Lazy_Case.html", "shortname": "Lazy_Case", "title": "Lazifying case constants", "topic_links": [ "tools" ], "topics": [ "Tools" ], "used_by": 1 }, { "abstract": "We formalize the theory of subresultants and the subresultant polynomial remainder sequence as described by Brown and Traub. As a result, we obtain efficient certified algorithms for computing the resultant and the greatest common divisor of polynomials.", "authors": [ "Sebastiaan J. C. Joosten", "RenĂ© Thiemann", "Akihisa Yamada" ], "date": "2017-04-06", "id": 362, "link": "/entries/Subresultants.html", "permalink": "/entries/Subresultants.html", "shortname": "Subresultants", "title": "Subresultants", "topic_links": [ "mathematics/algebra" ], "topics": [ "Mathematics/Algebra" ], "used_by": 1 }, { "abstract": "\u003cp\u003eThis entry contains proofs for the textbook results about the distributions of the height and internal path length of random binary search trees (BSTs), i.\u0026thinsp;e. BSTs that are formed by taking an empty BST and inserting elements from a fixed set in random order.\u003c/p\u003e \u003cp\u003eIn particular, we prove a logarithmic upper bound on the expected height and the \u003cem\u003eΘ(n log n)\u003c/em\u003e closed-form solution for the expected internal path length in terms of the harmonic numbers. We also show how the internal path length relates to the average-case cost of a lookup in a BST.\u003c/p\u003e", "authors": [ "Manuel Eberl" ], "date": "2017-04-04", "id": 363, "link": "/entries/Random_BSTs.html", "permalink": "/entries/Random_BSTs.html", "shortname": "Random_BSTs", "title": "Expected Shape of Random Binary Search Trees", "topic_links": [ "computer-science/data-structures" ], "topics": [ "Computer science/Data structures" ], "used_by": 2 }, { "abstract": "\u003cp\u003eThis article contains a formal proof of the well-known fact that number of comparisons that a comparison-based sorting algorithm needs to perform to sort a list of length \u003cem\u003en\u003c/em\u003e is at least \u003cem\u003elog\u003csub\u003e2\u003c/sub\u003e\u0026nbsp;(n!)\u003c/em\u003e in the worst case, i.\u0026thinsp;e.\u0026nbsp;\u003cem\u003eΩ(n log n)\u003c/em\u003e.\u003c/p\u003e \u003cp\u003eFor this purpose, a shallow embedding for comparison-based sorting algorithms is defined: a sorting algorithm is a recursive datatype containing either a HOL function or a query of a comparison oracle with a continuation containing the remaining computation. This makes it possible to force the algorithm to use only comparisons and to track the number of comparisons made.\u003c/p\u003e", "authors": [ "Manuel Eberl" ], "date": "2017-03-15", "id": 364, "link": "/entries/Comparison_Sort_Lower_Bound.html", "permalink": "/entries/Comparison_Sort_Lower_Bound.html", "shortname": "Comparison_Sort_Lower_Bound", "title": "Lower bound on comparison-based sorting algorithms", "topic_links": [ "computer-science/algorithms" ], "topics": [ "Computer science/Algorithms" ], "used_by": 2 }, { "abstract": "\u003cp\u003eWe give a formal proof of the well-known results about the number of comparisons performed by two variants of QuickSort: first, the expected number of comparisons of randomised QuickSort (i.\u0026thinsp;e.\u0026nbsp;QuickSort with random pivot choice) is \u003cem\u003e2\u0026thinsp;(n+1)\u0026thinsp;H\u003csub\u003en\u003c/sub\u003e - 4\u0026thinsp;n\u003c/em\u003e, which is asymptotically equivalent to \u003cem\u003e2\u0026thinsp;n ln n\u003c/em\u003e; second, the number of comparisons performed by the classic non-randomised QuickSort has the same distribution in the average case as the randomised one.\u003c/p\u003e", "authors": [ "Manuel Eberl" ], "date": "2017-03-15", "id": 365, "link": "/entries/Quick_Sort_Cost.html", "permalink": "/entries/Quick_Sort_Cost.html", "shortname": "Quick_Sort_Cost", "title": "The number of comparisons in QuickSort", "topic_links": [ "computer-science/algorithms" ], "topics": [ "Computer science/Algorithms" ], "used_by": 1 }, { "abstract": "\u003cp\u003eThe Euler-MacLaurin formula relates the value of a discrete sum to that of the corresponding integral in terms of the derivatives at the borders of the summation and a remainder term. Since the remainder term is often very small as the summation bounds grow, this can be used to compute asymptotic expansions for sums.\u003c/p\u003e \u003cp\u003eThis entry contains a proof of this formula for functions from the reals to an arbitrary Banach space. Two variants of the formula are given: the standard textbook version and a variant outlined in \u003cem\u003eConcrete Mathematics\u003c/em\u003e that is more useful for deriving asymptotic estimates.\u003c/p\u003e \u003cp\u003eAs example applications, we use that formula to derive the full asymptotic expansion of the harmonic numbers and the sum of inverse squares.\u003c/p\u003e", "authors": [ "Manuel Eberl" ], "date": "2017-03-10", "id": 366, "link": "/entries/Euler_MacLaurin.html", "permalink": "/entries/Euler_MacLaurin.html", "shortname": "Euler_MacLaurin", "title": "The Euler–MacLaurin Formula", "topic_links": [ "mathematics/analysis" ], "topics": [ "Mathematics/Analysis" ], "used_by": 2 }, { "abstract": "We prove the group law for elliptic curves in Weierstrass form over fields of characteristic greater than 2. In addition to affine coordinates, we also formalize projective coordinates, which allow for more efficient computations. By specializing the abstract formalization to prime fields, we can apply the curve operations to parameters used in standard security protocols.", "authors": [ "Stefan Berghofer" ], "date": "2017-02-28", "id": 367, "link": "/entries/Elliptic_Curves_Group_Law.html", "permalink": "/entries/Elliptic_Curves_Group_Law.html", "shortname": "Elliptic_Curves_Group_Law", "title": "The Group Law for Elliptic Curves", "topic_links": [ "computer-science/security/cryptography" ], "topics": [ "Computer science/Security/Cryptography" ], "used_by": 0 }, { "abstract": "We present a formalization of Menger's Theorem for directed and undirected graphs in Isabelle/HOL. This well-known result shows that if two non-adjacent distinct vertices u, v in a directed graph have no separator smaller than n, then there exist n internally vertex-disjoint paths from u to v. The version for undirected graphs follows immediately because undirected graphs are a special case of directed graphs.", "authors": [ "Christoph Dittmann" ], "date": "2017-02-26", "id": 368, "link": "/entries/Menger.html", "permalink": "/entries/Menger.html", "shortname": "Menger", "title": "Menger's Theorem", "topic_links": [ "mathematics/graph-theory" ], "topics": [ "Mathematics/Graph theory" ], "used_by": 0 }, { "abstract": "We formalize differential dynamic logic, a logic for proving properties of hybrid systems. The proof calculus in this formalization is based on the uniform substitution principle. We show it is sound with respect to our denotational semantics, which provides increased confidence in the correctness of the KeYmaera X theorem prover based on this calculus. As an application, we include a proof term checker embedded in Isabelle/HOL with several example proofs. Published in: Rose Bohrer, Vincent Rahli, Ivana Vukotic, Marcus Völp, AndrĂ© Platzer: Formally verified differential dynamic logic. CPP 2017.", "authors": [ "Rose Bohrer" ], "date": "2017-02-13", "id": 369, "link": "/entries/Differential_Dynamic_Logic.html", "permalink": "/entries/Differential_Dynamic_Logic.html", "shortname": "Differential_Dynamic_Logic", "title": "Differential Dynamic Logic", "topic_links": [ "logic/general-logic/modal-logic", "computer-science/programming-languages/logics" ], "topics": [ "Logic/General logic/Modal logic", "Computer science/Programming languages/Logics" ], "used_by": 0 }, { "abstract": "A formalized coinductive account of the abstract development of Brotherston, Gorogiannis, and Petersen [APLAS 2012], in a slightly more general form since we work with arbitrary infinite proofs, which may be acyclic. This work is described in detail in an article by the authors, published in 2017 in the \u003cem\u003eJournal of Automated Reasoning\u003c/em\u003e. The abstract proof can be instantiated for various formalisms, including first-order logic with inductive predicates.", "authors": [ "Jasmin Christian Blanchette", "Andrei Popescu", "Dmitriy Traytel" ], "date": "2017-02-10", "id": 370, "link": "/entries/Abstract_Soundness.html", "permalink": "/entries/Abstract_Soundness.html", "shortname": "Abstract_Soundness", "title": "Abstract Soundness", "topic_links": [ "logic/proof-theory" ], "topics": [ "Logic/Proof theory" ], "used_by": 2 }, { "abstract": "We develop Stone relation algebras, which generalise relation algebras by replacing the underlying Boolean algebra structure with a Stone algebra. We show that finite matrices over extended real numbers form an instance. As a consequence, relation-algebraic concepts and methods can be used for reasoning about weighted graphs. We also develop a fixpoint calculus and apply it to compare different definitions of reflexive-transitive closures in semirings.", "authors": [ "Walter Guttmann" ], "date": "2017-02-07", "id": 371, "link": "/entries/Stone_Relation_Algebras.html", "permalink": "/entries/Stone_Relation_Algebras.html", "shortname": "Stone_Relation_Algebras", "title": "Stone Relation Algebras", "topic_links": [ "mathematics/algebra" ], "topics": [ "Mathematics/Algebra" ], "used_by": 1 }, { "abstract": "We develop a family of key agreement protocols that are correct by construction. Our work substantially extends prior work on developing security protocols by refinement. First, we strengthen the adversary by allowing him to compromise different resources of protocol participants, such as their long-term keys or their session keys. This enables the systematic development of protocols that ensure strong properties such as perfect forward secrecy. Second, we broaden the class of protocols supported to include those with non-atomic keys and equationally defined cryptographic operators. We use these extensions to develop key agreement protocols including signed Diffie-Hellman and the core of IKEv1 and SKEME.", "authors": [ "Joseph Lallemand", "Christoph Sprenger" ], "date": "2017-01-31", "id": 372, "link": "/entries/Key_Agreement_Strong_Adversaries.html", "permalink": "/entries/Key_Agreement_Strong_Adversaries.html", "shortname": "Key_Agreement_Strong_Adversaries", "title": "Refining Authenticated Key Agreement with Strong Adversaries", "topic_links": [ "computer-science/security" ], "topics": [ "Computer science/Security" ], "used_by": 0 }, { "abstract": "\u003cp\u003eBernoulli numbers were first discovered in the closed-form expansion of the sum 1\u003csup\u003em\u003c/sup\u003e + 2\u003csup\u003em\u003c/sup\u003e + \u0026hellip; + n\u003csup\u003em\u003c/sup\u003e for a fixed m and appear in many other places. This entry provides three different definitions for them: a recursive one, an explicit one, and one through their exponential generating function.\u003c/p\u003e \u003cp\u003eIn addition, we prove some basic facts, e.g. their relation to sums of powers of integers and that all odd Bernoulli numbers except the first are zero, and some advanced facts like their relationship to the Riemann zeta function on positive even integers.\u003c/p\u003e \u003cp\u003eWe also prove the correctness of the Akiyama\u0026ndash;Tanigawa algorithm for computing Bernoulli numbers with reasonable efficiency, and we define the periodic Bernoulli polynomials (which appear e.g. in the Euler\u0026ndash;MacLaurin summation formula and the expansion of the log-Gamma function) and prove their basic properties.\u003c/p\u003e", "authors": [ "Lukas Bulwahn", "Manuel Eberl" ], "date": "2017-01-24", "id": 373, "link": "/entries/Bernoulli.html", "permalink": "/entries/Bernoulli.html", "shortname": "Bernoulli", "title": "Bernoulli Numbers", "topic_links": [ "mathematics/analysis", "mathematics/number-theory" ], "topics": [ "Mathematics/Analysis", "Mathematics/Number theory" ], "used_by": 5 }, { "abstract": "\u003cp\u003eBertrand's postulate is an early result on the distribution of prime numbers: For every positive integer n, there exists a prime number that lies strictly between n and 2n. The proof is ported from John Harrison's formalisation in HOL Light. It proceeds by first showing that the property is true for all n greater than or equal to 600 and then showing that it also holds for all n below 600 by case distinction. \u003c/p\u003e", "authors": [ "Julian Biendarra", "Manuel Eberl" ], "date": "2017-01-17", "id": 374, "link": "/entries/Bertrands_Postulate.html", "permalink": "/entries/Bertrands_Postulate.html", "shortname": "Bertrands_Postulate", "title": "Bertrand's postulate", "topic_links": [ "mathematics/number-theory" ], "topics": [ "Mathematics/Number theory" ], "used_by": 2 }, { "abstract": "\u003cp\u003eThis formalization is an extension to \u003ca href=\"https://www.isa-afp.org/entries/Formal_SSA.html\"\u003e\"Verified Construction of Static Single Assignment Form\"\u003c/a\u003e. In their work, the authors have shown that \u003ca href=\"https://doi.org/10.1007/978-3-642-37051-9_6\"\u003eBraun et al.'s static single assignment (SSA) construction algorithm\u003c/a\u003e produces minimal SSA form for input programs with a reducible control flow graph (CFG). However Braun et al. also proposed an extension to their algorithm that they claim produces minimal SSA form even for irreducible CFGs.\u003cbr\u003e In this formalization we support that claim by giving a mechanized proof. \u003c/p\u003e \u003cp\u003eAs the extension of Braun et al.'s algorithm aims for removing so-called redundant strongly connected components of phi functions, we show that this suffices to guarantee minimality according to \u003ca href=\"https://doi.org/10.1145/115372.115320\"\u003eCytron et al.\u003c/a\u003e.\u003c/p\u003e", "authors": [ "Max Wagner", "Denis Lohner" ], "date": "2017-01-17", "id": 375, "link": "/entries/Minimal_SSA.html", "permalink": "/entries/Minimal_SSA.html", "shortname": "Minimal_SSA", "title": "Minimal Static Single Assignment Form", "topic_links": [ "computer-science/programming-languages/compiling" ], "topics": [ "Computer science/Programming languages/Compiling" ], "used_by": 0 }, { "abstract": "\u003cp\u003eThis work contains a proof that Euler's number e is transcendental. The proof follows the standard approach of assuming that e is algebraic and then using a specific integer polynomial to derive two inconsistent bounds, leading to a contradiction.\u003c/p\u003e \u003cp\u003eThis kind of approach can be found in many different sources; this formalisation mostly follows a \u003ca href=\"http://planetmath.org/proofoflindemannweierstrasstheoremandthateandpiaretranscendental\"\u003ePlanetMath article\u003c/a\u003e by Roger Lipsett.\u003c/p\u003e", "authors": [ "Manuel Eberl" ], "date": "2017-01-12", "id": 376, "link": "/entries/E_Transcendental.html", "permalink": "/entries/E_Transcendental.html", "shortname": "E_Transcendental", "title": "The Transcendence of e", "topic_links": [ "mathematics/analysis", "mathematics/number-theory" ], "topics": [ "Mathematics/Analysis", "Mathematics/Number theory" ], "used_by": 2 }, { "abstract": "We present a formal model of network protocols and their application to modeling firewall policies. The formalization is based on the Unified Policy Framework (UPF). The formalization was originally developed with for generating test cases for testing the security configuration actual firewall and router (middle-boxes) using HOL-TestGen. Our work focuses on modeling application level protocols on top of tcp/ip.", "authors": [ "Achim D. Brucker", "Lukas BrĂŒgger", "Burkhart Wolff" ], "date": "2017-01-08", "id": 377, "link": "/entries/UPF_Firewall.html", "permalink": "/entries/UPF_Firewall.html", "shortname": "UPF_Firewall", "title": "Formal Network Models and Their Application to Firewall Policies", "topic_links": [ "computer-science/security", "computer-science/networks" ], "topics": [ "Computer science/Security", "Computer science/Networks" ], "used_by": 0 }, { "abstract": "This paper constructs a formal model of a Diffie-Hellman password-based authentication protocol between a user and a smart card, and proves its security. The protocol provides for the dispatch of the user's password to the smart card on a secure messaging channel established by means of Password Authenticated Connection Establishment (PACE), where the mapping method being used is Chip Authentication Mapping. By applying and suitably extending Paulson's Inductive Method, this paper proves that the protocol establishes trustworthy secure messaging channels, preserves the secrecy of users' passwords, and provides an effective mutual authentication service. What is more, these security properties turn out to hold independently of the secrecy of the PACE authentication key.", "authors": [ "Pasquale Noce" ], "date": "2017-01-03", "id": 378, "link": "/entries/Password_Authentication_Protocol.html", "permalink": "/entries/Password_Authentication_Protocol.html", "shortname": "Password_Authentication_Protocol", "title": "Verification of a Diffie-Hellman Password-based Authentication Protocol by Extending the Inductive Method", "topic_links": [ "computer-science/security" ], "topics": [ "Computer science/Security" ], "used_by": 0 }, { "abstract": "\u003cp\u003eWe present a certified declarative first-order prover with equality based on John Harrison's Handbook of Practical Logic and Automated Reasoning, Cambridge University Press, 2009. ML code reflection is used such that the entire prover can be executed within Isabelle as a very simple interactive proof assistant. As examples we consider Pelletier's problems 1-46.\u003c/p\u003e \u003cp\u003eReference: Programming and Verifying a Declarative First-Order Prover in Isabelle/HOL. Alexander Birch Jensen, John Bruntse Larsen, Anders Schlichtkrull \u0026 JĂžrgen Villadsen. AI Communications 31:281-299 2018. \u003ca href=\"https://content.iospress.com/articles/ai-communications/aic764\"\u003e https://content.iospress.com/articles/ai-communications/aic764\u003c/a\u003e\u003c/p\u003e \u003cp\u003eSee also: Students' Proof Assistant (SPA). \u003ca href=https://github.com/logic-tools/spa\u003e https://github.com/logic-tools/spa\u003c/a\u003e\u003c/p\u003e", "authors": [ "Alexander Birch Jensen", "Anders Schlichtkrull", "JĂžrgen Villadsen" ], "date": "2017-01-01", "id": 379, "link": "/entries/FOL_Harrison.html", "permalink": "/entries/FOL_Harrison.html", "shortname": "FOL_Harrison", "title": "First-Order Logic According to Harrison", "topic_links": [ "logic/general-logic/mechanization-of-proofs" ], "topics": [ "Logic/General logic/Mechanization of proofs" ], "used_by": 0 }, { "abstract": "The concurrent refinement algebra developed here is designed to provide a foundation for rely/guarantee reasoning about concurrent programs. The algebra builds on a complete lattice of commands by providing sequential composition, parallel composition and a novel weak conjunction operator. The weak conjunction operator coincides with the lattice supremum providing its arguments are non-aborting, but aborts if either of its arguments do. Weak conjunction provides an abstract version of a guarantee condition as a guarantee process. We distinguish between models that distribute sequential composition over non-deterministic choice from the left (referred to as being conjunctive in the refinement calculus literature) and those that don't. Least and greatest fixed points of monotone functions are provided to allow recursion and iteration operators to be added to the language. Additional iteration laws are available for conjunctive models. The rely quotient of processes \u003ci\u003ec\u003c/i\u003e and \u003ci\u003ei\u003c/i\u003e is the process that, if executed in parallel with \u003ci\u003ei\u003c/i\u003e implements \u003ci\u003ec\u003c/i\u003e. It represents an abstract version of a rely condition generalised to a process.", "authors": [ "Julian Fell", "Ian J. Hayes", "Andrius Velykis" ], "date": "2016-12-30", "id": 380, "link": "/entries/Concurrent_Ref_Alg.html", "permalink": "/entries/Concurrent_Ref_Alg.html", "shortname": "Concurrent_Ref_Alg", "title": "Concurrent Refinement Algebra and Rely Quotients", "topic_links": [ "computer-science/concurrency" ], "topics": [ "Computer science/Concurrency" ], "used_by": 0 }, { "abstract": "This entry provides all cardinality theorems of the Twelvefold Way. The Twelvefold Way systematically classifies twelve related combinatorial problems concerning two finite sets, which include counting permutations, combinations, multisets, set partitions and number partitions. This development builds upon the existing formal developments with cardinality theorems for those structures. It provides twelve bijections from the various structures to different equivalence classes on finite functions, and hence, proves cardinality formulae for these equivalence classes on finite functions.", "authors": [ "Lukas Bulwahn" ], "date": "2016-12-29", "id": 381, "link": "/entries/Twelvefold_Way.html", "permalink": "/entries/Twelvefold_Way.html", "shortname": "Twelvefold_Way", "title": "The Twelvefold Way", "topic_links": [ "mathematics/combinatorics" ], "topics": [ "Mathematics/Combinatorics" ], "used_by": 0 }, { "abstract": "Isabelle includes various automatic tools for finding proofs under certain conditions. However, for each conjecture, knowing which automation to use, and how to tweak its parameters, is currently labour intensive. We have developed a language, PSL, designed to capture high level proof strategies. PSL offloads the construction of human-readable fast-to-replay proof scripts to automatic search, making use of search-time information about each conjecture. Our preliminary evaluations show that PSL reduces the labour cost of interactive theorem proving. This submission contains the implementation of PSL and an example theory file, Example.thy, showing how to write poof strategies in PSL.", "authors": [ "Yutaka Nagashima" ], "date": "2016-12-20", "id": 382, "link": "/entries/Proof_Strategy_Language.html", "permalink": "/entries/Proof_Strategy_Language.html", "shortname": "Proof_Strategy_Language", "title": "Proof Strategy Language", "topic_links": [ "tools" ], "topics": [ "Tools" ], "used_by": 0 }, { "abstract": "Paraconsistency is about handling inconsistency in a coherent way. In classical and intuitionistic logic everything follows from an inconsistent theory. A paraconsistent logic avoids the explosion. Quite a few applications in computer science and engineering are discussed in the Intelligent Systems Reference Library Volume 110: Towards Paraconsistent Engineering (Springer 2016). We formalize a paraconsistent many-valued logic that we motivated and described in a special issue on logical approaches to paraconsistency (Journal of Applied Non-Classical Logics 2005). We limit ourselves to the propositional fragment of the higher-order logic. The logic is based on so-called key equalities and has a countably infinite number of truth values. We prove theorems in the logic using the definition of validity. We verify truth tables and also counterexamples for non-theorems. We prove meta-theorems about the logic and finally we investigate a case study.", "authors": [ "Anders Schlichtkrull", "JĂžrgen Villadsen" ], "date": "2016-12-07", "id": 383, "link": "/entries/Paraconsistency.html", "permalink": "/entries/Paraconsistency.html", "shortname": "Paraconsistency", "title": "Paraconsistency", "topic_links": [ "logic/general-logic/paraconsistent-logics" ], "topics": [ "Logic/General logic/Paraconsistent logics" ], "used_by": 0 }, { "abstract": "We propose a concurrency reasoning framework for imperative programs, based on the Owicki-Gries (OG) foundational shared-variable concurrency method. Our framework combines the approaches of Hoare-Parallel, a formalisation of OG in Isabelle/HOL for a simple while-language, and Simpl, a generic imperative language embedded in Isabelle/HOL, allowing formal reasoning on C programs. We define the Complx language, extending the syntax and semantics of Simpl with support for parallel composition and synchronisation. We additionally define an OG logic, which we prove sound w.r.t. the semantics, and a verification condition generator, both supporting involved low-level imperative constructs such as function calls and abrupt termination. We illustrate our framework on an example that features exceptions, guards and function calls. We aim to then target concurrent operating systems, such as the interruptible eChronos embedded operating system for which we already have a model-level OG proof using Hoare-Parallel.", "authors": [ "Sidney Amani", "June Andronick", "Maksym Bortin", "Corey Lewis", "Christine Rizkallah", "Joseph Tuong" ], "date": "2016-11-29", "id": 384, "link": "/entries/Complx.html", "permalink": "/entries/Complx.html", "shortname": "Complx", "title": "COMPLX: A Verification Framework for Concurrent Imperative Programs", "topic_links": [ "computer-science/programming-languages/logics", "computer-science/programming-languages/language-definitions" ], "topics": [ "Computer science/Programming languages/Logics", "Computer science/Programming languages/Language definitions" ], "used_by": 0 }, { "abstract": "This is the Isabelle formalization of the material decribed in the eponymous \u003ca href=\"https://doi.org/10.1007/978-3-642-32347-8_9\"\u003eITP 2012 paper\u003c/a\u003e. It develops a generic abstract interpreter for a while-language, including widening and narrowing. The collecting semantics and the abstract interpreter operate on annotated commands: the program is represented as a syntax tree with the semantic information directly embedded, without auxiliary labels. The aim of the formalization is simplicity, not efficiency or precision. This is motivated by the inclusion of the material in a theorem prover based course on semantics. A similar (but more polished) development is covered in the book \u003ca href=\"https://doi.org/10.1007/978-3-319-10542-0\"\u003eConcrete Semantics\u003c/a\u003e.", "authors": [ "Tobias Nipkow" ], "date": "2016-11-23", "id": 385, "link": "/entries/Abs_Int_ITP2012.html", "permalink": "/entries/Abs_Int_ITP2012.html", "shortname": "Abs_Int_ITP2012", "title": "Abstract Interpretation of Annotated Commands", "topic_links": [ "computer-science/programming-languages/static-analysis" ], "topics": [ "Computer science/Programming languages/Static analysis" ], "used_by": 0 }, { "abstract": "We bring the labelled sequent calculus $LS_{PASL}$ for propositional abstract separation logic to Isabelle. The tactics given here are directly applied on an extension of the Separation Algebra in the AFP. In addition to the cancellative separation algebra, we further consider some useful properties in the heap model of separation logic, such as indivisible unit, disjointness, and cross-split. The tactics are essentially a proof search procedure for the calculus $LS_{PASL}$. We wrap the tactics in an Isabelle method called separata, and give a few examples of separation logic formulae which are provable by separata.", "authors": [ "Zhe Hou", "David Sanan", "Alwen Tiu", "Rajeev Gore", "Ranald Clouston" ], "date": "2016-11-16", "id": 386, "link": "/entries/Separata.html", "permalink": "/entries/Separata.html", "shortname": "Separata", "title": "Separata: Isabelle tactics for Separation Algebra", "topic_links": [ "computer-science/programming-languages/logics", "tools" ], "topics": [ "Computer science/Programming languages/Logics", "Tools" ], "used_by": 0 }, { "abstract": "This Isabelle/HOL formalization defines Knuth–Bendix orders for higher-order terms without lambda-abstraction and proves many useful properties about them. The main order fully coincides with the standard transfinite KBO with subterm coefficients on first-order terms. It appears promising as the basis of a higher-order superposition calculus.", "authors": [ "Heiko Becker", "Jasmin Christian Blanchette", "Uwe Waldmann", "Daniel Wand" ], "date": "2016-11-12", "id": 387, "link": "/entries/Lambda_Free_KBOs.html", "permalink": "/entries/Lambda_Free_KBOs.html", "shortname": "Lambda_Free_KBOs", "title": "Formalization of Knuth–Bendix Orders for Lambda-Free Higher-Order Terms", "topic_links": [ "logic/rewriting" ], "topics": [ "Logic/Rewriting" ], "used_by": 0 }, { "abstract": "This Isabelle/HOL formalization introduces a nested multiset datatype and defines Dershowitz and Manna's nested multiset order. The order is proved well founded and linear. By removing one constructor, we transform the nested multisets into hereditary multisets. These are isomorphic to the syntactic ordinals—the ordinals can be recursively expressed in Cantor normal form. Addition, subtraction, multiplication, and linear orders are provided on this type.", "authors": [ "Jasmin Christian Blanchette", "Mathias Fleury", "Dmitriy Traytel" ], "date": "2016-11-12", "id": 388, "link": "/entries/Nested_Multisets_Ordinals.html", "permalink": "/entries/Nested_Multisets_Ordinals.html", "shortname": "Nested_Multisets_Ordinals", "title": "Formalization of Nested Multisets, Hereditary Multisets, and Syntactic Ordinals", "topic_links": [ "logic/rewriting" ], "topics": [ "Logic/Rewriting" ], "used_by": 7 }, { "abstract": "Deep learning has had a profound impact on computer science in recent years, with applications to search engines, image recognition and language processing, bioinformatics, and more. Recently, Cohen et al. provided theoretical evidence for the superiority of deep learning over shallow learning. This formalization of their work simplifies and generalizes the original proof, while working around the limitations of the Isabelle type system. To support the formalization, I developed reusable libraries of formalized mathematics, including results about the matrix rank, the Lebesgue measure, and multivariate polynomials, as well as a library for tensor analysis.", "authors": [ "Alexander Bentkamp" ], "date": "2016-11-10", "id": 389, "link": "/entries/Deep_Learning.html", "permalink": "/entries/Deep_Learning.html", "shortname": "Deep_Learning", "title": "Expressiveness of Deep Learning", "topic_links": [ "computer-science/machine-learning", "mathematics/analysis" ], "topics": [ "Computer science/Machine learning", "Mathematics/Analysis" ], "used_by": 1 }, { "abstract": "We formalize a uniform semantic substrate for a wide variety of process calculi where states and action labels can be from arbitrary nominal sets. A Hennessy-Milner logic for these systems is defined, and proved adequate for bisimulation equivalence. A main novelty is the construction of an infinitary nominal data type to model formulas with (finitely supported) infinite conjunctions and actions that may contain binding names. The logic is generalized to treat different bisimulation variants such as early, late and open in a systematic way.", "authors": [ "Tjark Weber", "Lars-Henrik Eriksson", "Joachim Parrow", "Johannes Borgström", "Ramunas Gutkovas" ], "date": "2016-10-25", "id": 390, "link": "/entries/Modal_Logics_for_NTS.html", "permalink": "/entries/Modal_Logics_for_NTS.html", "shortname": "Modal_Logics_for_NTS", "title": "Modal Logics for Nominal Transition Systems", "topic_links": [ "computer-science/concurrency/process-calculi", "logic/general-logic/modal-logic" ], "topics": [ "Computer science/Concurrency/Process calculi", "Logic/General logic/Modal logic" ], "used_by": 0 }, { "abstract": "We mechanize proofs of several results from the matching with contracts literature, which generalize those of the classical two-sided matching scenarios that go by the name of stable marriage. Our focus is on game theoretic issues. Along the way we develop executable algorithms for computing optimal stable matches.", "authors": [ "Peter Gammie" ], "date": "2016-10-24", "id": 391, "link": "/entries/Stable_Matching.html", "permalink": "/entries/Stable_Matching.html", "shortname": "Stable_Matching", "title": "Stable Matching", "topic_links": [ "mathematics/games-and-economics" ], "topics": [ "Mathematics/Games and economics" ], "used_by": 0 }, { "abstract": "We present LOFT — Linux firewall OpenFlow Translator, a system that transforms the main routing table and FORWARD chain of iptables of a Linux-based firewall into a set of static OpenFlow rules. Our implementation is verified against a model of a simplified Linux-based router and we can directly show how much of the original functionality is preserved.", "authors": [ "Julius Michaelis", "Cornelius Diekmann" ], "date": "2016-10-21", "id": 392, "link": "/entries/LOFT.html", "permalink": "/entries/LOFT.html", "shortname": "LOFT", "title": "LOFT — Verified Migration of Linux Firewalls to SDN", "topic_links": [ "computer-science/networks" ], "topics": [ "Computer science/Networks" ], "used_by": 0 }, { "abstract": "We formalise the SPARCv8 instruction set architecture (ISA) which is used in processors such as LEON3. Our formalisation can be specialised to any SPARCv8 CPU, here we use LEON3 as a running example. Our model covers the operational semantics for all the instructions in the integer unit of the SPARCv8 architecture and it supports Isabelle code export, which effectively turns the Isabelle model into a SPARCv8 CPU simulator. We prove the language-based non-interference property for the LEON3 processor. Our model is based on deterministic monad, which is a modified version of the non-deterministic monad from NICTA/l4v.", "authors": [ "Zhe Hou", "David Sanan", "Alwen Tiu", "Yang Liu" ], "date": "2016-10-19", "id": 393, "link": "/entries/SPARCv8.html", "permalink": "/entries/SPARCv8.html", "shortname": "SPARCv8", "title": "A formal model for the SPARCv8 ISA and a proof of non-interference for the LEON3 processor", "topic_links": [ "computer-science/security", "computer-science/hardware" ], "topics": [ "Computer science/Security", "Computer science/Hardware" ], "used_by": 0 }, { "abstract": "This document contains a proof of the necessary condition on the code rate of a source code, namely that this code rate is bounded by the entropy of the source. This represents one half of Shannon's source coding theorem, which is itself an equivalence.", "authors": [ "Quentin Hibon", "Lawrence C. Paulson" ], "date": "2016-10-19", "id": 394, "link": "/entries/Source_Coding_Theorem.html", "permalink": "/entries/Source_Coding_Theorem.html", "shortname": "Source_Coding_Theorem", "title": "Source Coding Theorem", "topic_links": [ "mathematics/probability-theory" ], "topics": [ "Mathematics/Probability theory" ], "used_by": 0 }, { "abstract": "\u003cp\u003eWe formalize the Berlekamp-Zassenhaus algorithm for factoring square-free integer polynomials in Isabelle/HOL. We further adapt an existing formalization of Yun’s square-free factorization algorithm to integer polynomials, and thus provide an efficient and certified factorization algorithm for arbitrary univariate polynomials. \u003c/p\u003e \u003cp\u003eThe algorithm first performs a factorization in the prime field GF(p) and then performs computations in the integer ring modulo p^k, where both p and k are determined at runtime. Since a natural modeling of these structures via dependent types is not possible in Isabelle/HOL, we formalize the whole algorithm using Isabelle’s recent addition of local type definitions. \u003c/p\u003e \u003cp\u003eThrough experiments we verify that our algorithm factors polynomials of degree 100 within seconds. \u003c/p\u003e", "authors": [ "Jose DivasĂłn", "Sebastiaan J. C. Joosten", "RenĂ© Thiemann", "Akihisa Yamada" ], "date": "2016-10-14", "id": 395, "link": "/entries/Berlekamp_Zassenhaus.html", "permalink": "/entries/Berlekamp_Zassenhaus.html", "shortname": "Berlekamp_Zassenhaus", "title": "The Factorization Algorithm of Berlekamp and Zassenhaus", "topic_links": [ "mathematics/algebra" ], "topics": [ "Mathematics/Algebra" ], "used_by": 7 }, { "abstract": "This entry provides a geometric proof of the intersecting chords theorem. The theorem states that when two chords intersect each other inside a circle, the products of their segments are equal. After a short review of existing proofs in the literature, I decided to use a proof approach that employs reasoning about lengths of line segments, the orthogonality of two lines and the Pythagoras Law. Hence, one can understand the formalized proof easily with the knowledge of a few general geometric facts that are commonly taught in high-school. This theorem is the 55th theorem of the Top 100 Theorems list.", "authors": [ "Lukas Bulwahn" ], "date": "2016-10-11", "id": 396, "link": "/entries/Chord_Segments.html", "permalink": "/entries/Chord_Segments.html", "shortname": "Chord_Segments", "title": "Intersecting Chords Theorem", "topic_links": [ "mathematics/geometry" ], "topics": [ "Mathematics/Geometry" ], "used_by": 0 }, { "abstract": "Lp is the space of functions whose p-th power is integrable. It is one of the most fundamental Banach spaces that is used in analysis and probability. We develop a framework for function spaces, and then implement the Lp spaces in this framework using the existing integration theory in Isabelle/HOL. Our development contains most fundamental properties of Lp spaces, notably the Hölder and Minkowski inequalities, completeness of Lp, duality, stability under almost sure convergence, multiplication of functions in Lp and Lq, stability under conditional expectation.", "authors": [ "Sebastien Gouezel" ], "date": "2016-10-05", "id": 397, "link": "/entries/Lp.html", "permalink": "/entries/Lp.html", "shortname": "Lp", "title": "Lp spaces", "topic_links": [ "mathematics/analysis" ], "topics": [ "Mathematics/Analysis" ], "used_by": 2 }, { "abstract": "\u003cp\u003eThis work defines and proves the correctness of the Fisher–Yates algorithm for shuffling – i.e. producing a random permutation – of a list. The algorithm proceeds by traversing the list and in each step swapping the current element with a random element from the remaining list.\u003c/p\u003e", "authors": [ "Manuel Eberl" ], "date": "2016-09-30", "id": 398, "link": "/entries/Fisher_Yates.html", "permalink": "/entries/Fisher_Yates.html", "shortname": "Fisher_Yates", "title": "Fisher–Yates shuffle", "topic_links": [ "computer-science/algorithms" ], "topics": [ "Computer science/Algorithms" ], "used_by": 0 }, { "abstract": "Allen’s interval calculus is a qualitative temporal representation of time events. Allen introduced 13 binary relations that describe all the possible arrangements between two events, i.e. intervals with non-zero finite length. The compositions are pertinent to reasoning about knowledge of time. In particular, a consistency problem of relation constraints is commonly solved with a guideline from these compositions. We formalize the relations together with an axiomatic system. We proof the validity of the 169 compositions of these relations. We also define nests as the sets of intervals that share a meeting point. We prove that nests give the ordering properties of points without introducing a new datatype for points. [1] J.F. Allen. Maintaining Knowledge about Temporal Intervals. In Commun. ACM, volume 26, pages 832–843, 1983. [2] J. F. Allen and P. J. Hayes. A Common-sense Theory of Time. In Proceedings of the 9th International Joint Conference on Artificial Intelligence (IJCAI’85), pages 528–531, 1985.", "authors": [ "Fadoua Ghourabi" ], "date": "2016-09-29", "id": 399, "link": "/entries/Allen_Calculus.html", "permalink": "/entries/Allen_Calculus.html", "shortname": "Allen_Calculus", "title": "Allen's Interval Calculus", "topic_links": [ "logic/general-logic/temporal-logic", "mathematics/order" ], "topics": [ "Logic/General logic/Temporal logic", "Mathematics/Order" ], "used_by": 0 }, { "abstract": "This Isabelle/HOL formalization defines recursive path orders (RPOs) for higher-order terms without lambda-abstraction and proves many useful properties about them. The main order fully coincides with the standard RPO on first-order terms also in the presence of currying, distinguishing it from previous work. An optimized variant is formalized as well. It appears promising as the basis of a higher-order superposition calculus.", "authors": [ "Jasmin Christian Blanchette", "Uwe Waldmann", "Daniel Wand" ], "date": "2016-09-23", "id": 400, "link": "/entries/Lambda_Free_RPOs.html", "permalink": "/entries/Lambda_Free_RPOs.html", "shortname": "Lambda_Free_RPOs", "title": "Formalization of Recursive Path Orders for Lambda-Free Higher-Order Terms", "topic_links": [ "logic/rewriting" ], "topics": [ "Logic/Rewriting" ], "used_by": 5 }, { "abstract": "We present a big step semantics of the filtering behavior of the Linux/netfilter iptables firewall. We provide algorithms to simplify complex iptables rulests to a simple firewall model (c.f. AFP entry \u003ca href=\"https://www.isa-afp.org/entries/Simple_Firewall.html\"\u003eSimple_Firewall\u003c/a\u003e) and to verify spoofing protection of a ruleset. Internally, we embed our semantics into ternary logic, ultimately supporting every iptables match condition by abstracting over unknowns. Using this AFP entry and all entries it depends on, we created an easy-to-use, stand-alone haskell tool called \u003ca href=\"http://iptables.isabelle.systems\"\u003efffuu\u003c/a\u003e. The tool does not require any input \u0026mdash;except for the \u003ctt\u003eiptables-save\u003c/tt\u003e dump of the analyzed firewall\u0026mdash; and presents interesting results about the user's ruleset. Real-Word firewall errors have been uncovered, and the correctness of rulesets has been proved, with the help of our tool.", "authors": [ "Cornelius Diekmann", "Lars Hupel" ], "date": "2016-09-09", "id": 401, "link": "/entries/Iptables_Semantics.html", "permalink": "/entries/Iptables_Semantics.html", "shortname": "Iptables_Semantics", "title": "Iptables Semantics", "topic_links": [ "computer-science/networks" ], "topics": [ "Computer science/Networks" ], "used_by": 2 }, { "abstract": "We provide a formalization of a variant of the superposition calculus, together with formal proofs of soundness and refutational completeness (w.r.t. the usual redundancy criteria based on clause ordering). This version of the calculus uses all the standard restrictions of the superposition rules, together with the following refinement, inspired by the basic superposition calculus: each clause is associated with a set of terms which are assumed to be in normal form -- thus any application of the replacement rule on these terms is blocked. The set is initially empty and terms may be added or removed at each inference step. The set of terms that are assumed to be in normal form includes any term introduced by previous unifiers as well as any term occurring in the parent clauses at a position that is smaller (according to some given ordering on positions) than a previously replaced term. The standard superposition calculus corresponds to the case where the set of irreducible terms is always empty.", "authors": [ "Nicolas Peltier" ], "date": "2016-09-06", "id": 402, "link": "/entries/SuperCalc.html", "permalink": "/entries/SuperCalc.html", "shortname": "SuperCalc", "title": "A Variant of the Superposition Calculus", "topic_links": [ "logic/proof-theory" ], "topics": [ "Logic/Proof theory" ], "used_by": 0 }, { "abstract": "A range of algebras between lattices and Boolean algebras generalise the notion of a complement. We develop a hierarchy of these pseudo-complemented algebras that includes Stone algebras. Independently of this theory we study filters based on partial orders. Both theories are combined to prove Chen and GrĂ€tzer's construction theorem for Stone algebras. The latter involves extensive reasoning about algebraic structures in addition to reasoning in algebraic structures.", "authors": [ "Walter Guttmann" ], "date": "2016-09-06", "id": 403, "link": "/entries/Stone_Algebras.html", "permalink": "/entries/Stone_Algebras.html", "shortname": "Stone_Algebras", "title": "Stone Algebras", "topic_links": [ "mathematics/order" ], "topics": [ "Mathematics/Order" ], "used_by": 2 }, { "abstract": "\u003cp\u003eThis work contains a proof of Stirling's formula both for the factorial $n! \\sim \\sqrt{2\\pi n} (n/e)^n$ on natural numbers and the real Gamma function $\\Gamma(x)\\sim \\sqrt{2\\pi/x} (x/e)^x$. The proof is based on work by \u003ca href=\"http://www.maths.lancs.ac.uk/~jameson/stirlgamma.pdf\"\u003eGraham Jameson\u003c/a\u003e.\u003c/p\u003e \u003cp\u003eThis is then extended to the full asymptotic expansion $$\\log\\Gamma(z) = \\big(z - \\tfrac{1}{2}\\big)\\log z - z + \\tfrac{1}{2}\\log(2\\pi) + \\sum_{k=1}^{n-1} \\frac{B_{k+1}}{k(k+1)} z^{-k}\\\\ {} - \\frac{1}{n} \\int_0^\\infty B_n([t])(t + z)^{-n}\\,\\text{d}t$$ uniformly for all complex $z\\neq 0$ in the cone $\\text{arg}(z)\\leq \\alpha$ for any $\\alpha\\in(0,\\pi)$, with which the above asymptotic relation for \u0026Gamma; is also extended to complex arguments.\u003c/p\u003e", "authors": [ "Manuel Eberl" ], "date": "2016-09-01", "id": 404, "link": "/entries/Stirling_Formula.html", "permalink": "/entries/Stirling_Formula.html", "shortname": "Stirling_Formula", "title": "Stirling's formula", "topic_links": [ "mathematics/analysis" ], "topics": [ "Mathematics/Analysis" ], "used_by": 5 }, { "abstract": "This entry contains definitions for routing with routing tables/longest prefix matching. A routing table entry is modelled as a record of a prefix match, a metric, an output port, and an optional next hop. A routing table is a list of entries, sorted by prefix length and metric. Additionally, a parser and serializer for the output of the ip-route command, a function to create a relation from output port to corresponding destination IP space, and a model of a Linux-style router are included.", "authors": [ "Julius Michaelis", "Cornelius Diekmann" ], "date": "2016-08-31", "id": 405, "link": "/entries/Routing.html", "permalink": "/entries/Routing.html", "shortname": "Routing", "title": "Routing", "topic_links": [ "computer-science/networks" ], "topics": [ "Computer science/Networks" ], "used_by": 1 }, { "abstract": "We present a simple model of a firewall. The firewall can accept or drop a packet and can match on interfaces, IP addresses, protocol, and ports. It was designed to feature nice mathematical properties: The type of match expressions was carefully crafted such that the conjunction of two match expressions is only one match expression. This model is too simplistic to mirror all aspects of the real world. In the upcoming entry \"Iptables Semantics\", we will translate the Linux firewall iptables to this model. For a fixed service (e.g. ssh, http), we provide an algorithm to compute an overview of the firewall's filtering behavior. The algorithm computes minimal service matrices, i.e. graphs which partition the complete IPv4 and IPv6 address space and visualize the allowed accesses between partitions. For a detailed description, see \u003ca href=\"http://dl.ifip.org/db/conf/networking/networking2016/1570232858.pdf\"\u003eVerified iptables Firewall Analysis\u003c/a\u003e, IFIP Networking 2016.", "authors": [ "Cornelius Diekmann", "Julius Michaelis", "Max W. Haslbeck" ], "date": "2016-08-24", "id": 406, "link": "/entries/Simple_Firewall.html", "permalink": "/entries/Simple_Firewall.html", "shortname": "Simple_Firewall", "title": "Simple Firewall", "topic_links": [ "computer-science/networks" ], "topics": [ "Computer science/Networks" ], "used_by": 1 }, { "abstract": "TRACER is a tool for verifying safety properties of sequential C programs. TRACER attempts at building a finite symbolic execution graph which over-approximates the set of all concrete reachable states and the set of feasible paths. We present an abstract framework for TRACER and similar CEGAR-like systems. The framework provides 1) a graph- transformation based method for reducing the feasible paths in control-flow graphs, 2) a model for symbolic execution, subsumption, predicate abstraction and invariant generation. In this framework we formally prove two key properties: correct construction of the symbolic states and preservation of feasible paths. The framework focuses on core operations, leaving to concrete prototypes to “fit in” heuristics for combining them. The accompanying paper (published in ITP 2016) can be found at https://www.lri.fr/∌wolff/papers/conf/2016-itp-InfPathsNSE.pdf.", "authors": [ "Romain Aissat", "Frederic Voisin", "Burkhart Wolff" ], "date": "2016-08-18", "id": 407, "link": "/entries/InfPathElimination.html", "permalink": "/entries/InfPathElimination.html", "shortname": "InfPathElimination", "title": "Infeasible Paths Elimination by Symbolic Execution Techniques: Proof of Correctness and Preservation of Paths", "topic_links": [ "computer-science/programming-languages/static-analysis" ], "topics": [ "Computer science/Programming languages/Static analysis" ], "used_by": 0 }, { "abstract": "We present a formalization of the Ford-Fulkerson method for computing the maximum flow in a network. Our formal proof closely follows a standard textbook proof, and is accessible even without being an expert in Isabelle/HOL--- the interactive theorem prover used for the formalization. We then use stepwise refinement to obtain the Edmonds-Karp algorithm, and formally prove a bound on its complexity. Further refinement yields a verified implementation, whose execution time compares well to an unverified reference implementation in Java. This entry is based on our ITP-2016 paper with the same title.", "authors": [ "Peter Lammich", "S. Reza Sefidgar" ], "date": "2016-08-12", "id": 408, "link": "/entries/EdmondsKarp_Maxflow.html", "permalink": "/entries/EdmondsKarp_Maxflow.html", "shortname": "EdmondsKarp_Maxflow", "title": "Formalizing the Edmonds-Karp Algorithm", "topic_links": [ "computer-science/algorithms/graph" ], "topics": [ "Computer science/Algorithms/Graph" ], "used_by": 1 }, { "abstract": "We present the Imperative Refinement Framework (IRF), a tool that supports a stepwise refinement based approach to imperative programs. This entry is based on the material we presented in [ITP-2015, CPP-2016]. It uses the Monadic Refinement Framework as a frontend for the specification of the abstract programs, and Imperative/HOL as a backend to generate executable imperative programs. The IRF comes with tool support to synthesize imperative programs from more abstract, functional ones, using efficient imperative implementations for the abstract data structures. This entry also includes the Imperative Isabelle Collection Framework (IICF), which provides a library of re-usable imperative collection data structures. Moreover, this entry contains a quickstart guide and a reference manual, which provide an introduction to using the IRF for Isabelle/HOL experts. It also provids a collection of (partly commented) practical examples, some highlights being Dijkstra's Algorithm, Nested-DFS, and a generic worklist algorithm with subsumption. Finally, this entry contains benchmark scripts that compare the runtime of some examples against reference implementations of the algorithms in Java and C++. [ITP-2015] Peter Lammich: Refinement to Imperative/HOL. ITP 2015: 253--269 [CPP-2016] Peter Lammich: Refinement based verification of imperative data structures. CPP 2016: 27--36", "authors": [ "Peter Lammich" ], "date": "2016-08-08", "id": 409, "link": "/entries/Refine_Imperative_HOL.html", "permalink": "/entries/Refine_Imperative_HOL.html", "shortname": "Refine_Imperative_HOL", "title": "The Imperative Refinement Framework", "topic_links": [ "computer-science/semantics-and-reasoning", "computer-science/data-structures" ], "topics": [ "Computer science/Semantics and reasoning", "Computer science/Data structures" ], "used_by": 5 }, { "abstract": "This entry provides an analytic proof to Ptolemy's Theorem using polar form transformation and trigonometric identities. In this formalization, we use ideas from John Harrison's HOL Light formalization and the proof sketch on the Wikipedia entry of Ptolemy's Theorem. This theorem is the 95th theorem of the Top 100 Theorems list.", "authors": [ "Lukas Bulwahn" ], "date": "2016-08-07", "id": 410, "link": "/entries/Ptolemys_Theorem.html", "permalink": "/entries/Ptolemys_Theorem.html", "shortname": "Ptolemys_Theorem", "title": "Ptolemy's Theorem", "topic_links": [ "mathematics/geometry" ], "topics": [ "Mathematics/Geometry" ], "used_by": 0 }, { "abstract": "In 1964, Fitch showed that the paradox of the surprise hanging can be resolved by showing that the judge’s verdict is inconsistent. His formalization builds on Gödel’s coding of provability. In this theory, we reproduce his proof in Isabelle, building on Paulson’s formalisation of Gödel’s incompleteness theorems.", "authors": [ "Joachim Breitner" ], "date": "2016-07-17", "id": 411, "link": "/entries/Surprise_Paradox.html", "permalink": "/entries/Surprise_Paradox.html", "shortname": "Surprise_Paradox", "title": "Surprise Paradox", "topic_links": [ "logic/proof-theory" ], "topics": [ "Logic/Proof theory" ], "used_by": 0 }, { "abstract": "This library defines three different versions of pairing heaps: a functional version of the original design based on binary trees [Fredman et al. 1986], the version by Okasaki [1998] and a modified version of the latter that is free of structural invariants. \u003cp\u003e The amortized complexity of pairing heaps is analyzed in the AFP article \u003ca href=\"http://isa-afp.org/entries/Amortized_Complexity.html\"\u003eAmortized Complexity\u003c/a\u003e.", "authors": [ "Hauke Brinkop", "Tobias Nipkow" ], "date": "2016-07-14", "id": 412, "link": "/entries/Pairing_Heap.html", "permalink": "/entries/Pairing_Heap.html", "shortname": "Pairing_Heap", "title": "Pairing Heap", "topic_links": [ "computer-science/data-structures" ], "topics": [ "Computer science/Data structures" ], "used_by": 2 }, { "abstract": "\u003cp\u003e This entry presents a framework for the modular verification of DFS-based algorithms, which is described in our [CPP-2015] paper. It provides a generic DFS algorithm framework, that can be parameterized with user-defined actions on certain events (e.g. discovery of new node). It comes with an extensible library of invariants, which can be used to derive invariants of a specific parameterization. Using refinement techniques, efficient implementations of the algorithms can easily be derived. Here, the framework comes with templates for a recursive and a tail-recursive implementation, and also with several templates for implementing the data structures required by the DFS algorithm. Finally, this entry contains a set of re-usable DFS-based algorithms, which illustrate the application of the framework. \u003c/p\u003e\u003cp\u003e [CPP-2015] Peter Lammich, RenĂ© Neumann: A Framework for Verifying Depth-First Search Algorithms. CPP 2015: 137-146\u003c/p\u003e", "authors": [ "Peter Lammich", "RenĂ© Neumann" ], "date": "2016-07-05", "id": 413, "link": "/entries/DFS_Framework.html", "permalink": "/entries/DFS_Framework.html", "shortname": "DFS_Framework", "title": "A Framework for Verifying Depth-First Search Algorithms", "topic_links": [ "computer-science/algorithms/graph" ], "topics": [ "Computer science/Algorithms/Graph" ], "used_by": 4 }, { "abstract": "We provide a basic formal framework for the theory of chamber complexes and Coxeter systems, and for buildings as thick chamber complexes endowed with a system of apartments. Along the way, we develop some of the general theory of abstract simplicial complexes and of groups (relying on the \u003ci\u003egroup_add\u003c/i\u003e class for the basics), including free groups and group presentations, and their universal properties. The main results verified are that the deletion condition is both necessary and sufficient for a group with a set of generators of order two to be a Coxeter system, and that the apartments in a (thick) building are all uniformly Coxeter.", "authors": [ "Jeremy Sylvestre" ], "date": "2016-07-01", "id": 414, "link": "/entries/Buildings.html", "permalink": "/entries/Buildings.html", "shortname": "Buildings", "title": "Chamber Complexes, Coxeter Systems, and Buildings", "topic_links": [ "mathematics/algebra", "mathematics/geometry" ], "topics": [ "Mathematics/Algebra", "Mathematics/Geometry" ], "used_by": 0 }, { "abstract": "This theory is a formalization of the resolution calculus for first-order logic. It is proven sound and complete. The soundness proof uses the substitution lemma, which shows a correspondence between substitutions and updates to an environment. The completeness proof uses semantic trees, i.e. trees whose paths are partial Herbrand interpretations. It employs Herbrand's theorem in a formulation which states that an unsatisfiable set of clauses has a finite closed semantic tree. It also uses the lifting lemma which lifts resolution derivation steps from the ground world up to the first-order world. The theory is presented in a paper in the Journal of Automated Reasoning [Sch18] which extends a paper presented at the International Conference on Interactive Theorem Proving [Sch16]. An earlier version was presented in an MSc thesis [Sch15]. The formalization mostly follows textbooks by Ben-Ari [BA12], Chang and Lee [CL73], and Leitsch [Lei97]. The theory is part of the IsaFoL project [IsaFoL]. \u003cp\u003e \u003ca name=\"Sch18\"\u003e\u003c/a\u003e[Sch18] Anders Schlichtkrull. \"Formalization of the Resolution Calculus for First-Order Logic\". Journal of Automated Reasoning, 2018.\u003cbr\u003e \u003ca name=\"Sch16\"\u003e\u003c/a\u003e[Sch16] Anders Schlichtkrull. \"Formalization of the Resolution Calculus for First-Order Logic\". In: ITP 2016. Vol. 9807. LNCS. Springer, 2016.\u003cbr\u003e \u003ca name=\"Sch15\"\u003e\u003c/a\u003e[Sch15] Anders Schlichtkrull. \u003ca href=\"https://people.compute.dtu.dk/andschl/Thesis.pdf\"\u003e \"Formalization of Resolution Calculus in Isabelle\"\u003c/a\u003e. \u003ca href=\"https://people.compute.dtu.dk/andschl/Thesis.pdf\"\u003ehttps://people.compute.dtu.dk/andschl/Thesis.pdf\u003c/a\u003e. MSc thesis. Technical University of Denmark, 2015.\u003cbr\u003e \u003ca name=\"BA12\"\u003e\u003c/a\u003e[BA12] Mordechai Ben-Ari. \u003ci\u003eMathematical Logic for Computer Science\u003c/i\u003e. 3rd. Springer, 2012.\u003cbr\u003e \u003ca name=\"CL73\"\u003e\u003c/a\u003e[CL73] Chin-Liang Chang and Richard Char-Tung Lee. \u003ci\u003eSymbolic Logic and Mechanical Theorem Proving\u003c/i\u003e. 1st. Academic Press, Inc., 1973.\u003cbr\u003e \u003ca name=\"Lei97\"\u003e\u003c/a\u003e[Lei97] Alexander Leitsch. \u003ci\u003eThe Resolution Calculus\u003c/i\u003e. Texts in theoretical computer science. Springer, 1997.\u003cbr\u003e \u003ca name=\"IsaFoL\"\u003e\u003c/a\u003e[IsaFoL] IsaFoL authors. \u003ca href=\"https://bitbucket.org/jasmin_blanchette/isafol\"\u003e IsaFoL: Isabelle Formalization of Logic\u003c/a\u003e. \u003ca href=\"https://bitbucket.org/jasmin_blanchette/isafol\"\u003ehttps://bitbucket.org/jasmin_blanchette/isafol\u003c/a\u003e.", "authors": [ "Anders Schlichtkrull" ], "date": "2016-06-30", "id": 415, "link": "/entries/Resolution_FOL.html", "permalink": "/entries/Resolution_FOL.html", "shortname": "Resolution_FOL", "title": "The Resolution Calculus for First-Order Logic", "topic_links": [ "logic/general-logic/mechanization-of-proofs" ], "topics": [ "Logic/General logic/Mechanization of proofs" ], "used_by": 0 }, { "abstract": "We formalize the Z property introduced by Dehornoy and van Oostrom. First we show that for any abstract rewrite system, Z implies confluence. Then we give two examples of proofs using Z: confluence of lambda-calculus with respect to beta-reduction and confluence of combinatory logic.", "authors": [ "Bertram Felgenhauer", "Julian Nagele", "Vincent van Oostrom", "Christian Sternagel" ], "date": "2016-06-30", "id": 416, "link": "/entries/Rewriting_Z.html", "permalink": "/entries/Rewriting_Z.html", "shortname": "Rewriting_Z", "title": "The Z Property", "topic_links": [ "logic/rewriting" ], "topics": [ "Logic/Rewriting" ], "used_by": 0 }, { "abstract": "The paper \"Compositional Verification and Refinement of Concurrent Value-Dependent Noninterference\" by Murray et. al. (CSF 2016) presents a compositional theory of refinement for a value-dependent noninterference property, defined in (Murray, PLAS 2015), for concurrent programs. This development formalises that refinement theory, and demonstrates its application on some small examples.", "authors": [ "Toby Murray", "Robert Sison", "Edward Pierzchalski", "Christine Rizkallah" ], "date": "2016-06-28", "id": 417, "link": "/entries/Dependent_SIFUM_Refinement.html", "permalink": "/entries/Dependent_SIFUM_Refinement.html", "shortname": "Dependent_SIFUM_Refinement", "title": "Compositional Security-Preserving Refinement for Concurrent Imperative Programs", "topic_links": [ "computer-science/security" ], "topics": [ "Computer science/Security" ], "used_by": 0 }, { "abstract": "This entry contains a definition of IP addresses and a library to work with them. Generic IP addresses are modeled as machine words of arbitrary length. Derived from this generic definition, IPv4 addresses are 32bit machine words, IPv6 addresses are 128bit words. Additionally, IPv4 addresses can be represented in dot-decimal notation and IPv6 addresses in (compressed) colon-separated notation. We support toString functions and parsers for both notations. Sets of IP addresses can be represented with a netmask (e.g. 192.168.0.0/255.255.0.0) or in CIDR notation (e.g. 192.168.0.0/16). To provide executable code for set operations on IP address ranges, the library includes a datatype to work on arbitrary intervals of machine words.", "authors": [ "Cornelius Diekmann", "Julius Michaelis", "Lars Hupel" ], "date": "2016-06-28", "id": 418, "link": "/entries/IP_Addresses.html", "permalink": "/entries/IP_Addresses.html", "shortname": "IP_Addresses", "title": "IP Addresses", "topic_links": [ "computer-science/networks" ], "topics": [ "Computer science/Networks" ], "used_by": 1 }, { "abstract": "\u003cp\u003eThis entry provides three lemmas to count the number of multisets of a given size and finite carrier set. The first lemma provides a cardinality formula assuming that the multiset's elements are chosen from the given carrier set. The latter two lemmas provide formulas assuming that the multiset's elements also cover the given carrier set, i.e., each element of the carrier set occurs in the multiset at least once.\u003c/p\u003e \u003cp\u003eThe proof of the first lemma uses the argument of the recurrence relation for counting multisets. The proof of the second lemma is straightforward, and the proof of the third lemma is easily obtained using the first cardinality lemma. A challenge for the formalization is the derivation of the required induction rule, which is a special combination of the induction rules for finite sets and natural numbers. The induction rule is derived by defining a suitable inductive predicate and transforming the predicate's induction rule.\u003c/p\u003e", "authors": [ "Lukas Bulwahn" ], "date": "2016-06-26", "id": 419, "link": "/entries/Card_Multisets.html", "permalink": "/entries/Card_Multisets.html", "shortname": "Card_Multisets", "title": "Cardinality of Multisets", "topic_links": [ "mathematics/combinatorics" ], "topics": [ "Mathematics/Combinatorics" ], "used_by": 1 }, { "abstract": "\u003cp\u003e This article attempts to develop a usable framework for doing category theory in Isabelle/HOL. Our point of view, which to some extent differs from that of the previous AFP articles on the subject, is to try to explore how category theory can be done efficaciously within HOL, rather than trying to match exactly the way things are done using a traditional approach. To this end, we define the notion of category in an \"object-free\" style, in which a category is represented by a single partial composition operation on arrows. This way of defining categories provides some advantages in the context of HOL, including the ability to avoid the use of records and the possibility of defining functors and natural transformations simply as certain functions on arrows, rather than as composite objects. We define various constructions associated with the basic notions, including: dual category, product category, functor category, discrete category, free category, functor composition, and horizontal and vertical composite of natural transformations. A \"set category\" locale is defined that axiomatizes the notion \"category of all sets at a type and all functions between them,\" and a fairly extensive set of properties of set categories is derived from the locale assumptions. The notion of a set category is used to prove the Yoneda Lemma in a general setting of a category equipped with a \"hom embedding,\" which maps arrows of the category to the \"universe\" of the set category. We also give a treatment of adjunctions, defining adjunctions via left and right adjoint functors, natural bijections between hom-sets, and unit and counit natural transformations, and showing the equivalence of these definitions. We also develop the theory of limits, including representations of functors, diagrams and cones, and diagonal functors. We show that right adjoint functors preserve limits, and that limits can be constructed via products and equalizers. We characterize the conditions under which limits exist in a set category. We also examine the case of limits in a functor category, ultimately culminating in a proof that the Yoneda embedding preserves limits. \u003c/p\u003e\u003cp\u003e Revisions made subsequent to the first version of this article added material on equivalence of categories, cartesian categories, categories with pullbacks, categories with finite limits, and cartesian closed categories. A construction was given of the category of hereditarily finite sets and functions between them, and it was shown that this category is cartesian closed. \u003c/p\u003e", "authors": [ "Eugene W. Stark" ], "date": "2016-06-26", "id": 420, "link": "/entries/Category3.html", "permalink": "/entries/Category3.html", "shortname": "Category3", "title": "Category Theory with Adjunctions and Limits", "topic_links": [ "mathematics/category-theory" ], "topics": [ "Mathematics/Category theory" ], "used_by": 1 }, { "abstract": "The paper \"Compositional Verification and Refinement of Concurrent Value-Dependent Noninterference\" by Murray et. al. (CSF 2016) presents a dependent security type system for compositionally verifying a value-dependent noninterference property, defined in (Murray, PLAS 2015), for concurrent programs. This development formalises that security definition, the type system and its soundness proof, and demonstrates its application on some small examples. It was derived from the SIFUM_Type_Systems AFP entry, by Sylvia Grewe, Heiko Mantel and Daniel Schoepe, and whose structure it inherits.", "authors": [ "Toby Murray", "Robert Sison", "Edward Pierzchalski", "Christine Rizkallah" ], "date": "2016-06-25", "id": 421, "link": "/entries/Dependent_SIFUM_Type_Systems.html", "permalink": "/entries/Dependent_SIFUM_Type_Systems.html", "shortname": "Dependent_SIFUM_Type_Systems", "title": "A Dependent Security Type System for Concurrent Imperative Programs", "topic_links": [ "computer-science/security", "computer-science/programming-languages/type-systems" ], "topics": [ "Computer science/Security", "Computer science/Programming languages/Type systems" ], "used_by": 1 }, { "abstract": "\u003cp\u003eIn this work, we define the Catalan numbers \u003cem\u003eC\u003csub\u003en\u003c/sub\u003e\u003c/em\u003e and prove several equivalent definitions (including some closed-form formulae). We also show one of their applications (counting the number of binary trees of size \u003cem\u003en\u003c/em\u003e), prove the asymptotic growth approximation \u003cem\u003eC\u003csub\u003en\u003c/sub\u003e \u0026sim; 4\u003csup\u003en\u003c/sup\u003e / (\u0026radic;\u003cspan style=\"text-decoration: overline\"\u003e\u0026pi;\u003c/span\u003e \u0026middot; n\u003csup\u003e1.5\u003c/sup\u003e)\u003c/em\u003e, and provide reasonably efficient executable code to compute them.\u003c/p\u003e \u003cp\u003eThe derivation of the closed-form formulae uses algebraic manipulations of the ordinary generating function of the Catalan numbers, and the asymptotic approximation is then done using generalised binomial coefficients and the Gamma function. Thanks to these highly non-elementary mathematical tools, the proofs are very short and simple.\u003c/p\u003e", "authors": [ "Manuel Eberl" ], "date": "2016-06-21", "id": 422, "link": "/entries/Catalan_Numbers.html", "permalink": "/entries/Catalan_Numbers.html", "shortname": "Catalan_Numbers", "title": "Catalan Numbers", "topic_links": [ "mathematics/combinatorics" ], "topics": [ "Mathematics/Combinatorics" ], "used_by": 0 }, { "abstract": "Variants of Kleene algebra support program construction and verification by algebraic reasoning. This entry provides a verification component for Hoare logic based on Kleene algebra with tests, verification components for weakest preconditions and strongest postconditions based on Kleene algebra with domain and a component for step-wise refinement based on refinement Kleene algebra with tests. In addition to these components for the partial correctness of while programs, a verification component for total correctness based on divergence Kleene algebras and one for (partial correctness) of recursive programs based on domain quantales are provided. Finally we have integrated memory models for programs with pointers and a program trace semantics into the weakest precondition component.", "authors": [ "Victor B. F. Gomes", "Georg Struth" ], "date": "2016-06-18", "id": 423, "link": "/entries/Algebraic_VCs.html", "permalink": "/entries/Algebraic_VCs.html", "shortname": "Algebraic_VCs", "title": "Program Construction and Verification Components Based on Kleene Algebra", "topic_links": [ "mathematics/algebra" ], "topics": [ "Mathematics/Algebra" ], "used_by": 0 }, { "abstract": "\u003cp\u003eIn his outstanding work on Communicating Sequential Processes, Hoare has defined two fundamental binary operations allowing to compose the input processes into another, typically more complex, process: sequential composition and concurrent composition. Particularly, the output of the latter operation is a process in which any event not shared by both operands can occur whenever the operand that admits the event can engage in it, whereas any event shared by both operands can occur just in case both can engage in it.\u003c/p\u003e \u003cp\u003eThis paper formalizes Hoare's definition of concurrent composition and proves, in the general case of a possibly intransitive policy, that CSP noninterference security is conserved under this operation. This result, along with the previous analogous one concerning sequential composition, enables the construction of more and more complex processes enforcing noninterference security by composing, sequentially or concurrently, simpler secure processes, whose security can in turn be proven using either the definition of security, or unwinding theorems.\u003c/p\u003e", "authors": [ "Pasquale Noce" ], "date": "2016-06-13", "id": 424, "link": "/entries/Noninterference_Concurrent_Composition.html", "permalink": "/entries/Noninterference_Concurrent_Composition.html", "shortname": "Noninterference_Concurrent_Composition", "title": "Conservation of CSP Noninterference Security under Concurrent Composition", "topic_links": [ "computer-science/security", "computer-science/concurrency/process-calculi" ], "topics": [ "Computer science/Security", "Computer science/Concurrency/Process calculi" ], "used_by": 0 }, { "abstract": "This entry contains an extension to the Isabelle library for fixed-width machine words. In particular, the entry adds quickcheck setup for words, printing as hexadecimals, additional operations, reasoning about alignment, signed words, enumerations of words, normalisation of word numerals, and an extensive library of properties about generic fixed-width words, as well as an instantiation of many of these to the commonly used 32 and 64-bit bases.", "authors": [ "Joel Beeren", "Matthew Fernandez", "Xin Gao", "Gerwin Klein", "Rafal Kolanski", "Japheth Lim", "Corey Lewis", "Daniel Matichuk", "Thomas Sewell" ], "date": "2016-06-09", "id": 425, "link": "/entries/Word_Lib.html", "permalink": "/entries/Word_Lib.html", "shortname": "Word_Lib", "title": "Finite Machine Word Library", "topic_links": [ "computer-science/data-structures" ], "topics": [ "Computer science/Data structures" ], "used_by": 8 }, { "abstract": "We formalize tree decompositions and tree width in Isabelle/HOL, proving that trees have treewidth 1. We also show that every edge of a tree decomposition is a separation of the underlying graph. As an application of this theorem we prove that complete graphs of size n have treewidth n-1.", "authors": [ "Christoph Dittmann" ], "date": "2016-05-31", "id": 426, "link": "/entries/Tree_Decomposition.html", "permalink": "/entries/Tree_Decomposition.html", "shortname": "Tree_Decomposition", "title": "Tree Decomposition", "topic_links": [ "mathematics/graph-theory" ], "topics": [ "Mathematics/Graph theory" ], "used_by": 0 }, { "abstract": "This entry provides formulae for counting the number of equivalence relations and partial equivalence relations over a finite carrier set with given cardinality. To count the number of equivalence relations, we provide bijections between equivalence relations and set partitions, and then transfer the main results of the two AFP entries, Cardinality of Set Partitions and Spivey's Generalized Recurrence for Bell Numbers, to theorems on equivalence relations. To count the number of partial equivalence relations, we observe that counting partial equivalence relations over a set A is equivalent to counting all equivalence relations over all subsets of the set A. From this observation and the results on equivalence relations, we show that the cardinality of partial equivalence relations over a finite set of cardinality n is equal to the n+1-th Bell number.", "authors": [ "Lukas Bulwahn" ], "date": "2016-05-24", "id": 427, "link": "/entries/Card_Equiv_Relations.html", "permalink": "/entries/Card_Equiv_Relations.html", "shortname": "Card_Equiv_Relations", "title": "Cardinality of Equivalence Relations", "topic_links": [ "mathematics/combinatorics" ], "topics": [ "Mathematics/Combinatorics" ], "used_by": 1 }, { "abstract": "Brzozowski introduced the notion of derivatives for regular expressions. They can be used for a very simple regular expression matching algorithm. Sulzmann and Lu cleverly extended this algorithm in order to deal with POSIX matching, which is the underlying disambiguation strategy for regular expressions needed in lexers. In this entry we give our inductive definition of what a POSIX value is and show (i) that such a value is unique (for given regular expression and string being matched) and (ii) that Sulzmann and Lu's algorithm always generates such a value (provided that the regular expression matches the string). We also prove the correctness of an optimised version of the POSIX matching algorithm.", "authors": [ "Fahad Ausaf", "Roy Dyckhoff", "Christian Urban" ], "date": "2016-05-24", "id": 428, "link": "/entries/Posix-Lexing.html", "permalink": "/entries/Posix-Lexing.html", "shortname": "Posix-Lexing", "title": "POSIX Lexing with Derivatives of Regular Expressions", "topic_links": [ "computer-science/automata-and-formal-languages" ], "topics": [ "Computer science/Automata and formal languages" ], "used_by": 0 }, { "abstract": "\u003cp\u003eThe spectral radius of a matrix A is the maximum norm of all eigenvalues of A. In previous work we already formalized that for a complex matrix A, the values in A\u003csup\u003en\u003c/sup\u003e grow polynomially in n if and only if the spectral radius is at most one. One problem with the above characterization is the determination of all \u003cem\u003ecomplex\u003c/em\u003e eigenvalues. In case A contains only non-negative real values, a simplification is possible with the help of the Perron\u0026ndash;Frobenius theorem, which tells us that it suffices to consider only the \u003cem\u003ereal\u003c/em\u003e eigenvalues of A, i.e., applying Sturm's method can decide the polynomial growth of A\u003csup\u003en\u003c/sup\u003e. \u003c/p\u003e\u003cp\u003e We formalize the Perron\u0026ndash;Frobenius theorem based on a proof via Brouwer's fixpoint theorem, which is available in the HOL multivariate analysis (HMA) library. Since the results on the spectral radius is based on matrices in the Jordan normal form (JNF) library, we further develop a connection which allows us to easily transfer theorems between HMA and JNF. With this connection we derive the combined result: if A is a non-negative real matrix, and no real eigenvalue of A is strictly larger than one, then A\u003csup\u003en\u003c/sup\u003e is polynomially bounded in n. \u003c/p\u003e", "authors": [ "Jose DivasĂłn", "Ondƙej Kunčar", "RenĂ© Thiemann", "Akihisa Yamada" ], "date": "2016-05-20", "id": 429, "link": "/entries/Perron_Frobenius.html", "permalink": "/entries/Perron_Frobenius.html", "shortname": "Perron_Frobenius", "title": "Perron-Frobenius Theorem for Spectral Radius Analysis", "topic_links": [ "mathematics/algebra" ], "topics": [ "Mathematics/Algebra" ], "used_by": 3 }, { "abstract": "The \u003ca href=\"http://incredible.pm\"\u003eIncredible Proof Machine\u003c/a\u003e is an interactive visual theorem prover which represents proofs as port graphs. We model this proof representation in Isabelle, and prove that it is just as powerful as natural deduction.", "authors": [ "Joachim Breitner", "Denis Lohner" ], "date": "2016-05-20", "id": 430, "link": "/entries/Incredible_Proof_Machine.html", "permalink": "/entries/Incredible_Proof_Machine.html", "shortname": "Incredible_Proof_Machine", "title": "The meta theory of the Incredible Proof Machine", "topic_links": [ "logic/proof-theory" ], "topics": [ "Logic/Proof theory" ], "used_by": 0 }, { "abstract": "The impossibility of distributed consensus with one faulty process is a result with important consequences for real world distributed systems e.g., commits in replicated databases. Since proofs are not immune to faults and even plausible proofs with a profound formalism can conclude wrong results, we validate the fundamental result named FLP after Fischer, Lynch and Paterson. We present a formalization of distributed systems and the aforementioned consensus problem. Our proof is based on Hagen Völzer's paper \"A constructive proof for FLP\". In addition to the enhanced confidence in the validity of Völzer's proof, we contribute the missing gaps to show the correctness in Isabelle/HOL. We clarify the proof details and even prove fairness of the infinite execution that contradicts consensus. Our Isabelle formalization can also be reused for further proofs of properties of distributed systems.", "authors": [ "Benjamin Bisping", "Paul-David Brodmann", "Tim Jungnickel", "Christina Rickmann", "Henning Seidler", "Anke StĂŒber", "Arno Wilhelm-Weidner", "Kirstin Peters", "Uwe Nestmann" ], "date": "2016-05-18", "id": 431, "link": "/entries/FLP.html", "permalink": "/entries/FLP.html", "shortname": "FLP", "title": "A Constructive Proof for FLP", "topic_links": [ "computer-science/concurrency" ], "topics": [ "Computer science/Concurrency" ], "used_by": 0 }, { "abstract": "This article formalises a proof of the maximum-flow minimal-cut theorem for networks with countably many edges. A network is a directed graph with non-negative real-valued edge labels and two dedicated vertices, the source and the sink. A flow in a network assigns non-negative real numbers to the edges such that for all vertices except for the source and the sink, the sum of values on incoming edges equals the sum of values on outgoing edges. A cut is a subset of the vertices which contains the source, but not the sink. Our theorem states that in every network, there is a flow and a cut such that the flow saturates all the edges going out of the cut and is zero on all the incoming edges. The proof is based on the paper \u003cemph\u003eThe Max-Flow Min-Cut theorem for countable networks\u003c/emph\u003e by Aharoni et al. Additionally, we prove a characterisation of the lifting operation for relations on discrete probability distributions, which leads to a concise proof of its distributivity over relation composition.", "authors": [ "Andreas Lochbihler" ], "date": "2016-05-09", "id": 432, "link": "/entries/MFMC_Countable.html", "permalink": "/entries/MFMC_Countable.html", "shortname": "MFMC_Countable", "title": "A Formal Proof of the Max-Flow Min-Cut Theorem for Countable Networks", "topic_links": [ "mathematics/graph-theory" ], "topics": [ "Mathematics/Graph theory" ], "used_by": 1 }, { "abstract": "This work contains a formalisation of basic Randomised Social Choice, including Stochastic Dominance and Social Decision Schemes (SDSs) along with some of their most important properties (Anonymity, Neutrality, ex-post- and SD-Efficiency, SD-Strategy-Proofness) and two particular SDSs – Random Dictatorship and Random Serial Dictatorship (with proofs of the properties that they satisfy). Many important properties of these concepts are also proven – such as the two equivalent characterisations of Stochastic Dominance and the fact that SD-efficiency of a lottery only depends on the support. The entry also provides convenient commands to define Preference Profiles, prove their well-formedness, and automatically derive restrictions that sufficiently nice SDSs need to satisfy on the defined profiles. Currently, the formalisation focuses on weak preferences and Stochastic Dominance, but it should be easy to extend it to other domains – such as strict preferences – or other lottery extensions – such as Bilinear Dominance or Pairwise Comparison.", "authors": [ "Manuel Eberl" ], "date": "2016-05-05", "id": 433, "link": "/entries/Randomised_Social_Choice.html", "permalink": "/entries/Randomised_Social_Choice.html", "shortname": "Randomised_Social_Choice", "title": "Randomised Social Choice Theory", "topic_links": [ "mathematics/games-and-economics" ], "topics": [ "Mathematics/Games and economics" ], "used_by": 2 }, { "abstract": "This entry defines the Bell numbers as the cardinality of set partitions for a carrier set of given size, and derives Spivey's generalized recurrence relation for Bell numbers following his elegant and intuitive combinatorial proof. \u003cp\u003e As the set construction for the combinatorial proof requires construction of three intermediate structures, the main difficulty of the formalization is handling the overall combinatorial argument in a structured way. The introduced proof structure allows us to compose the combinatorial argument from its subparts, and supports to keep track how the detailed proof steps are related to the overall argument. To obtain this structure, this entry uses set monad notation for the set construction's definition, introduces suitable predicates and rules, and follows a repeating structure in its Isar proof.", "authors": [ "Lukas Bulwahn" ], "date": "2016-05-04", "id": 434, "link": "/entries/Bell_Numbers_Spivey.html", "permalink": "/entries/Bell_Numbers_Spivey.html", "shortname": "Bell_Numbers_Spivey", "title": "Spivey's Generalized Recurrence for Bell Numbers", "topic_links": [ "mathematics/combinatorics" ], "topics": [ "Mathematics/Combinatorics" ], "used_by": 2 }, { "abstract": "This formalisation contains the proof that there is no anonymous and neutral Social Decision Scheme for at least four voters and alternatives that fulfils both SD-Efficiency and SD-Strategy- Proofness. The proof is a fully structured and quasi-human-redable one. It was derived from the (unstructured) SMT proof of the case for exactly four voters and alternatives by Brandl et al. Their proof relies on an unverified translation of the original problem to SMT, and the proof that lifts the argument for exactly four voters and alternatives to the general case is also not machine-checked. In this Isabelle proof, on the other hand, all of these steps are fully proven and machine-checked. This is particularly important seeing as a previously published informal proof of a weaker statement contained a mistake in precisely this lifting step.", "authors": [ "Manuel Eberl" ], "date": "2016-05-04", "id": 435, "link": "/entries/SDS_Impossibility.html", "permalink": "/entries/SDS_Impossibility.html", "shortname": "SDS_Impossibility", "title": "The Incompatibility of SD-Efficiency and SD-Strategy-Proofness", "topic_links": [ "mathematics/games-and-economics" ], "topics": [ "Mathematics/Games and economics" ], "used_by": 0 }, { "abstract": "This formalization is concerned with the theory of Gröbner bases in (commutative) multivariate polynomial rings over fields, originally developed by Buchberger in his 1965 PhD thesis. Apart from the statement and proof of the main theorem of the theory, the formalization also implements Buchberger's algorithm for actually computing Gröbner bases as a tail-recursive function, thus allowing to effectively decide ideal membership in finitely generated polynomial ideals. Furthermore, all functions can be executed on a concrete representation of multivariate polynomials as association lists.", "authors": [ "Fabian Immler", "Alexander Maletzky" ], "date": "2016-05-02", "id": 436, "link": "/entries/Groebner_Bases.html", "permalink": "/entries/Groebner_Bases.html", "shortname": "Groebner_Bases", "title": "Gröbner Bases Theory", "topic_links": [ "mathematics/algebra", "computer-science/algorithms/mathematical" ], "topics": [ "Mathematics/Algebra", "Computer science/Algorithms/Mathematical" ], "used_by": 4 }, { "abstract": "We provide a formal proof within First Order Relativity Theory that no observer can travel faster than the speed of light. Originally reported in Stannett \u0026 NĂ©meti (2014) \"Using Isabelle/HOL to verify first-order relativity theory\", Journal of Automated Reasoning 52(4), pp. 361-378.", "authors": [ "Mike Stannett", "IstvĂĄn NĂ©meti" ], "date": "2016-04-28", "id": 437, "link": "/entries/No_FTL_observers.html", "permalink": "/entries/No_FTL_observers.html", "shortname": "No_FTL_observers", "title": "No Faster-Than-Light Observers", "topic_links": [ "mathematics/physics" ], "topics": [ "Mathematics/Physics" ], "used_by": 0 }, { "abstract": "The theory provides a formalisation of the Cocke-Younger-Kasami algorithm (CYK for short), an approach to solving the word problem for context-free languages. CYK decides if a word is in the languages generated by a context-free grammar in Chomsky normal form. The formalized algorithm is executable.", "authors": [ "Maksym Bortin" ], "date": "2016-04-27", "id": 438, "link": "/entries/CYK.html", "permalink": "/entries/CYK.html", "shortname": "CYK", "title": "A formalisation of the Cocke-Younger-Kasami algorithm", "topic_links": [ "computer-science/algorithms", "computer-science/automata-and-formal-languages" ], "topics": [ "Computer science/Algorithms", "Computer science/Automata and formal languages" ], "used_by": 0 }, { "abstract": "We present a verified and executable implementation of ROBDDs in Isabelle/HOL. Our implementation relates pointer-based computation in the Heap monad to operations on an abstract definition of boolean functions. Internally, we implemented the if-then-else combinator in a recursive fashion, following the Shannon decomposition of the argument functions. The implementation mixes and adapts known techniques and is built with efficiency in mind.", "authors": [ "Julius Michaelis", "Max W. Haslbeck", "Peter Lammich", "Lars Hupel" ], "date": "2016-04-27", "id": 439, "link": "/entries/ROBDD.html", "permalink": "/entries/ROBDD.html", "shortname": "ROBDD", "title": "Algorithms for Reduced Ordered Binary Decision Diagrams", "topic_links": [ "computer-science/algorithms", "computer-science/data-structures" ], "topics": [ "Computer science/Algorithms", "Computer science/Data structures" ], "used_by": 1 }, { "abstract": "\u003cp\u003eIn his outstanding work on Communicating Sequential Processes, Hoare has defined two fundamental binary operations allowing to compose the input processes into another, typically more complex, process: sequential composition and concurrent composition. Particularly, the output of the former operation is a process that initially behaves like the first operand, and then like the second operand once the execution of the first one has terminated successfully, as long as it does.\u003c/p\u003e \u003cp\u003eThis paper formalizes Hoare's definition of sequential composition and proves, in the general case of a possibly intransitive policy, that CSP noninterference security is conserved under this operation, provided that successful termination cannot be affected by confidential events and cannot occur as an alternative to other events in the traces of the first operand. Both of these assumptions are shown, by means of counterexamples, to be necessary for the theorem to hold.\u003c/p\u003e", "authors": [ "Pasquale Noce" ], "date": "2016-04-26", "id": 440, "link": "/entries/Noninterference_Sequential_Composition.html", "permalink": "/entries/Noninterference_Sequential_Composition.html", "shortname": "Noninterference_Sequential_Composition", "title": "Conservation of CSP Noninterference Security under Sequential Composition", "topic_links": [ "computer-science/security", "computer-science/concurrency/process-calculi" ], "topics": [ "Computer science/Security", "Computer science/Concurrency/Process calculi" ], "used_by": 1 }, { "abstract": "Kleene algebras with domain are Kleene algebras endowed with an operation that maps each element of the algebra to its domain of definition (or its complement) in abstract fashion. They form a simple algebraic basis for Hoare logics, dynamic logics or predicate transformer semantics. We formalise a modular hierarchy of algebras with domain and antidomain (domain complement) operations in Isabelle/HOL that ranges from domain and antidomain semigroups to modal Kleene algebras and divergence Kleene algebras. We link these algebras with models of binary relations and program traces. We include some examples from modal logics, termination and program analysis.", "authors": [ "Victor B. F. Gomes", "Walter Guttmann", "Peter Höfner", "Georg Struth", "Tjark Weber" ], "date": "2016-04-12", "id": 441, "link": "/entries/KAD.html", "permalink": "/entries/KAD.html", "shortname": "KAD", "title": "Kleene Algebras with Domain", "topic_links": [ "computer-science/programming-languages/logics", "computer-science/automata-and-formal-languages", "mathematics/algebra" ], "topics": [ "Computer science/Programming languages/Logics", "Computer science/Automata and formal languages", "Mathematics/Algebra" ], "used_by": 2 }, { "abstract": "We provide formal proofs in Isabelle-HOL (using mostly structured Isar proofs) of the soundness and completeness of the Resolution rule in propositional logic. The completeness proofs take into account the usual redundancy elimination rules (tautology elimination and subsumption), and several refinements of the Resolution rule are considered: ordered resolution (with selection functions), positive and negative resolution, semantic resolution and unit resolution (the latter refinement is complete only for clause sets that are Horn- renamable). We also define a concrete procedure for computing saturated sets and establish its soundness and completeness. The clause sets are not assumed to be finite, so that the results can be applied to formulas obtained by grounding sets of first-order clauses (however, a total ordering among atoms is assumed to be given). Next, we show that the unrestricted Resolution rule is deductive- complete, in the sense that it is able to generate all (prime) implicates of any set of propositional clauses (i.e., all entailment- minimal, non-valid, clausal consequences of the considered set). The generation of prime implicates is an important problem, with many applications in artificial intelligence and verification (for abductive reasoning, knowledge compilation, diagnosis, debugging etc.). We also show that implicates can be computed in an incremental way, by fixing an ordering among all the atoms in the considered sets and resolving upon these atoms one by one in the considered order (with no backtracking). This feature is critical for the efficient computation of prime implicates. Building on these results, we provide a procedure for computing such implicates and establish its soundness and completeness.", "authors": [ "Nicolas Peltier" ], "date": "2016-03-11", "id": 442, "link": "/entries/PropResPI.html", "permalink": "/entries/PropResPI.html", "shortname": "PropResPI", "title": "Propositional Resolution and Prime Implicates Generation", "topic_links": [ "logic/general-logic/mechanization-of-proofs" ], "topics": [ "Logic/General logic/Mechanization of proofs" ], "used_by": 0 }, { "abstract": "The Cartan fixed point theorems concern the group of holomorphic automorphisms on a connected open set of C\u003csup\u003en\u003c/sup\u003e. Ciolli et al. have formalised the one-dimensional case of these theorems in HOL Light. This entry contains their proofs, ported to Isabelle/HOL. Thus it addresses the authors' remark that \"it would be important to write a formal proof in a language that can be read by both humans and machines\".", "authors": [ "Lawrence C. Paulson" ], "date": "2016-03-08", "id": 443, "link": "/entries/Cartan_FP.html", "permalink": "/entries/Cartan_FP.html", "shortname": "Cartan_FP", "title": "The Cartan Fixed Point Theorems", "topic_links": [ "mathematics/analysis" ], "topics": [ "Mathematics/Analysis" ], "used_by": 0 }, { "abstract": "Timed automata are a widely used formalism for modeling real-time systems, which is employed in a class of successful model checkers such as UPPAAL [LPY97], HyTech [HHWt97] or Kronos [Yov97]. This work formalizes the theory for the subclass of diagonal-free timed automata, which is sufficient to model many interesting problems. We first define the basic concepts and semantics of diagonal-free timed automata. Based on this, we prove two types of decidability results for the language emptiness problem. The first is the classic result of Alur and Dill [AD90, AD94], which uses a finite partitioning of the state space into so-called `regions`. Our second result focuses on an approach based on `Difference Bound Matrices (DBMs)`, which is practically used by model checkers. We prove the correctness of the basic forward analysis operations on DBMs. One of these operations is the Floyd-Warshall algorithm for the all-pairs shortest paths problem. To obtain a finite search space, a widening operation has to be used for this kind of analysis. We use Patricia Bouyer's [Bou04] approach to prove that this widening operation is correct in the sense that DBM-based forward analysis in combination with the widening operation also decides language emptiness. The interesting property of this proof is that the first decidability result is reused to obtain the second one.", "authors": [ "Simon Wimmer" ], "date": "2016-03-08", "id": 444, "link": "/entries/Timed_Automata.html", "permalink": "/entries/Timed_Automata.html", "shortname": "Timed_Automata", "title": "Timed Automata", "topic_links": [ "computer-science/automata-and-formal-languages" ], "topics": [ "Computer science/Automata and formal languages" ], "used_by": 1 }, { "abstract": "This theory provides a formalisation of linear temporal logic (LTL) and unifies previous formalisations within the AFP. This entry establishes syntax and semantics for this logic and decouples it from existing entries, yielding a common environment for theories reasoning about LTL. Furthermore a parser written in SML and an executable simplifier are provided.", "authors": [ "Salomon Sickert" ], "date": "2016-03-01", "id": 445, "link": "/entries/LTL.html", "permalink": "/entries/LTL.html", "shortname": "LTL", "title": "Linear Temporal Logic", "topic_links": [ "logic/general-logic/temporal-logic", "computer-science/automata-and-formal-languages" ], "topics": [ "Logic/General logic/Temporal logic", "Computer science/Automata and formal languages" ], "used_by": 6 }, { "abstract": "\u003cp\u003e These theories formalize the quantitative analysis of a number of classical algorithms for the list update problem: 2-competitiveness of move-to-front, the lower bound of 2 for the competitiveness of deterministic list update algorithms and 1.6-competitiveness of the randomized COMB algorithm, the best randomized list update algorithm known to date. The material is based on the first two chapters of \u003ci\u003eOnline Computation and Competitive Analysis\u003c/i\u003e by Borodin and El-Yaniv. \u003c/p\u003e \u003cp\u003e For an informal description see the FSTTCS 2016 publication \u003ca href=\"http://www21.in.tum.de/~nipkow/pubs/fsttcs16.html\"\u003eVerified Analysis of List Update Algorithms\u003c/a\u003e by Haslbeck and Nipkow. \u003c/p\u003e", "authors": [ "Maximilian P. L. Haslbeck", "Tobias Nipkow" ], "date": "2016-02-17", "id": 446, "link": "/entries/List_Update.html", "permalink": "/entries/List_Update.html", "shortname": "List_Update", "title": "Analysis of List Update Algorithms", "topic_links": [ "computer-science/algorithms/online" ], "topics": [ "Computer science/Algorithms/Online" ], "used_by": 0 }, { "abstract": "\u003cp\u003e We define a functional variant of the static single assignment (SSA) form construction algorithm described by \u003ca href=\"https://doi.org/10.1007/978-3-642-37051-9_6\"\u003eBraun et al.\u003c/a\u003e, which combines simplicity and efficiency. The definition is based on a general, abstract control flow graph representation using Isabelle locales. \u003c/p\u003e \u003cp\u003e We prove that the algorithm's output is semantically equivalent to the input according to a small-step semantics, and that it is in minimal SSA form for the common special case of reducible inputs. We then show the satisfiability of the locale assumptions by giving instantiations for a simple While language. \u003c/p\u003e \u003cp\u003e Furthermore, we use a generic instantiation based on typedefs in order to extract OCaml code and replace the unverified SSA construction algorithm of the \u003ca href=\"https://doi.org/10.1145/2579080\"\u003eCompCertSSA project\u003c/a\u003e with it. \u003c/p\u003e \u003cp\u003e A more detailed description of the verified SSA construction can be found in the paper \u003ca href=\"https://doi.org/10.1145/2892208.2892211\"\u003eVerified Construction of Static Single Assignment Form\u003c/a\u003e, CC 2016. \u003c/p\u003e", "authors": [ "Sebastian Ullrich", "Denis Lohner" ], "date": "2016-02-05", "id": 447, "link": "/entries/Formal_SSA.html", "permalink": "/entries/Formal_SSA.html", "shortname": "Formal_SSA", "title": "Verified Construction of Static Single Assignment Form", "topic_links": [ "computer-science/programming-languages/compiling" ], "topics": [ "Computer science/Programming languages/Compiling" ], "used_by": 1 }, { "abstract": "Based on existing libraries for polynomial interpolation and matrices, we formalized several factorization algorithms for polynomials, including Kronecker's algorithm for integer polynomials, Yun's square-free factorization algorithm for field polynomials, and Berlekamp's algorithm for polynomials over finite fields. By combining the last one with Hensel's lifting, we derive an efficient factorization algorithm for the integer polynomials, which is then lifted for rational polynomials by mechanizing Gauss' lemma. Finally, we assembled a combined factorization algorithm for rational polynomials, which combines all the mentioned algorithms and additionally uses the explicit formula for roots of quadratic polynomials and a rational root test. \u003cp\u003e As side products, we developed division algorithms for polynomials over integral domains, as well as primality-testing and prime-factorization algorithms for integers.", "authors": [ "RenĂ© Thiemann", "Akihisa Yamada" ], "date": "2016-01-29", "id": 448, "link": "/entries/Polynomial_Factorization.html", "permalink": "/entries/Polynomial_Factorization.html", "shortname": "Polynomial_Factorization", "title": "Polynomial Factorization", "topic_links": [ "mathematics/algebra" ], "topics": [ "Mathematics/Algebra" ], "used_by": 12 }, { "abstract": "We formalized three algorithms for polynomial interpolation over arbitrary fields: Lagrange's explicit expression, the recursive algorithm of Neville and Aitken, and the Newton interpolation in combination with an efficient implementation of divided differences. Variants of these algorithms for integer polynomials are also available, where sometimes the interpolation can fail; e.g., there is no linear integer polynomial \u003ci\u003ep\u003c/i\u003e such that \u003ci\u003ep(0) = 0\u003c/i\u003e and \u003ci\u003ep(2) = 1\u003c/i\u003e. Moreover, for the Newton interpolation for integer polynomials, we proved that all intermediate results that are computed during the algorithm must be integers. This admits an early failure detection in the implementation. Finally, we proved the uniqueness of polynomial interpolation. \u003cp\u003e The development also contains improved code equations to speed up the division of integers in target languages.", "authors": [ "RenĂ© Thiemann", "Akihisa Yamada" ], "date": "2016-01-29", "id": 449, "link": "/entries/Polynomial_Interpolation.html", "permalink": "/entries/Polynomial_Interpolation.html", "shortname": "Polynomial_Interpolation", "title": "Polynomial Interpolation", "topic_links": [ "mathematics/algebra" ], "topics": [ "Mathematics/Algebra" ], "used_by": 7 }, { "abstract": "This work contains a formalization of some topics in knot theory. The concepts that were formalized include definitions of tangles, links, framed links and link/tangle equivalence. The formalization is based on a formulation of links in terms of tangles. We further construct and prove the invariance of the Bracket polynomial. Bracket polynomial is an invariant of framed links closely linked to the Jones polynomial. This is perhaps the first attempt to formalize any aspect of knot theory in an interactive proof assistant.", "authors": [ "T.V.H. Prathamesh" ], "date": "2016-01-20", "id": 450, "link": "/entries/Knot_Theory.html", "permalink": "/entries/Knot_Theory.html", "shortname": "Knot_Theory", "title": "Knot Theory", "topic_links": [ "mathematics/topology" ], "topics": [ "Mathematics/Topology" ], "used_by": 0 }, { "abstract": "In this work, the Kronecker tensor product of matrices and the proofs of some of its properties are formalized. Properties which have been formalized include associativity of the tensor product and the mixed-product property.", "authors": [ "T.V.H. Prathamesh" ], "date": "2016-01-18", "id": 451, "link": "/entries/Matrix_Tensor.html", "permalink": "/entries/Matrix_Tensor.html", "shortname": "Matrix_Tensor", "title": "Tensor Product of Matrices", "topic_links": [ "computer-science/data-structures", "mathematics/algebra" ], "topics": [ "Computer science/Data structures", "Mathematics/Algebra" ], "used_by": 2 }, { "abstract": "This entry provides a basic library for number partitions, defines the two-argument partition function through its recurrence relation and relates this partition function to the cardinality of number partitions. The main proof shows that the recursively-defined partition function with arguments n and k equals the cardinality of number partitions of n with exactly k parts. The combinatorial proof follows the proof sketch of Theorem 2.4.1 in Mazur's textbook `Combinatorics: A Guided Tour`. This entry can serve as starting point for various more intrinsic properties about number partitions, the partition function and related recurrence relations.", "authors": [ "Lukas Bulwahn" ], "date": "2016-01-14", "id": 452, "link": "/entries/Card_Number_Partitions.html", "permalink": "/entries/Card_Number_Partitions.html", "shortname": "Card_Number_Partitions", "title": "Cardinality of Number Partitions", "topic_links": [ "mathematics/combinatorics" ], "topics": [ "Mathematics/Combinatorics" ], "used_by": 2 }, { "abstract": "\u003cp\u003e This entry contains a definition of angles between vectors and between three points. Building on this, we prove basic geometric properties of triangles, such as the Isosceles Triangle Theorem, the Law of Sines and the Law of Cosines, that the sum of the angles of a triangle is π, and the congruence theorems for triangles. \u003c/p\u003e\u003cp\u003e The definitions and proofs were developed following those by John Harrison in HOL Light. However, due to Isabelle's type class system, all definitions and theorems in the Isabelle formalisation hold for all real inner product spaces. \u003c/p\u003e", "authors": [ "Manuel Eberl" ], "date": "2015-12-28", "id": 453, "link": "/entries/Triangle.html", "permalink": "/entries/Triangle.html", "shortname": "Triangle", "title": "Basic Geometric Properties of Triangles", "topic_links": [ "mathematics/geometry" ], "topics": [ "Mathematics/Geometry" ], "used_by": 3 }, { "abstract": "\u003cp\u003e Descartes' Rule of Signs relates the number of positive real roots of a polynomial with the number of sign changes in its coefficient sequence. \u003c/p\u003e\u003cp\u003e Our proof follows the simple inductive proof given by Rob Arthan, which was also used by John Harrison in his HOL Light formalisation. We proved most of the lemmas for arbitrary linearly-ordered integrity domains (e.g. integers, rationals, reals); the main result, however, requires the intermediate value theorem and was therefore only proven for real polynomials. \u003c/p\u003e", "authors": [ "Manuel Eberl" ], "date": "2015-12-28", "id": 454, "link": "/entries/Descartes_Sign_Rule.html", "permalink": "/entries/Descartes_Sign_Rule.html", "shortname": "Descartes_Sign_Rule", "title": "Descartes' Rule of Signs", "topic_links": [ "mathematics/analysis" ], "topics": [ "Mathematics/Analysis" ], "used_by": 0 }, { "abstract": "\u003cp\u003e Liouville numbers are a class of transcendental numbers that can be approximated particularly well with rational numbers. Historically, they were the first numbers whose transcendence was proven. \u003c/p\u003e\u003cp\u003e In this entry, we define the concept of Liouville numbers as well as the standard construction to obtain Liouville numbers (including Liouville's constant) and we prove their most important properties: irrationality and transcendence. \u003c/p\u003e\u003cp\u003e The proof is very elementary and requires only standard arithmetic, the Mean Value Theorem for polynomials, and the boundedness of polynomials on compact intervals. \u003c/p\u003e", "authors": [ "Manuel Eberl" ], "date": "2015-12-28", "id": 455, "link": "/entries/Liouville_Numbers.html", "permalink": "/entries/Liouville_Numbers.html", "shortname": "Liouville_Numbers", "title": "Liouville numbers", "topic_links": [ "mathematics/analysis", "mathematics/number-theory" ], "topics": [ "Mathematics/Analysis", "Mathematics/Number theory" ], "used_by": 0 }, { "abstract": "\u003cp\u003e In this work, we prove the lower bound \u003cspan class=\"nobr\"\u003eln(H_n) - ln(5/3)\u003c/span\u003e for the partial sum of the Prime Harmonic series and, based on this, the divergence of the Prime Harmonic Series \u003cspan class=\"nobr\"\u003e∑[p\u0026thinsp;prime]\u0026thinsp;·\u0026thinsp;1/p.\u003c/span\u003e \u003c/p\u003e\u003cp\u003e The proof relies on the unique squarefree decomposition of natural numbers. This is similar to Euler's original proof (which was highly informal and morally questionable). Its advantage over proofs by contradiction, like the famous one by Paul ErdƑs, is that it provides a relatively good lower bound for the partial sums. \u003c/p\u003e", "authors": [ "Manuel Eberl" ], "date": "2015-12-28", "id": 456, "link": "/entries/Prime_Harmonic_Series.html", "permalink": "/entries/Prime_Harmonic_Series.html", "shortname": "Prime_Harmonic_Series", "title": "The Divergence of the Prime Harmonic Series", "topic_links": [ "mathematics/number-theory" ], "topics": [ "Mathematics/Number theory" ], "used_by": 0 }, { "abstract": "Based on existing libraries for matrices, factorization of rational polynomials, and Sturm's theorem, we formalized algebraic numbers in Isabelle/HOL. Our development serves as an implementation for real and complex numbers, and it admits to compute roots and completely factorize real and complex polynomials, provided that all coefficients are rational numbers. Moreover, we provide two implementations to display algebraic numbers, an injective and expensive one, or a faster but approximative version. \u003c/p\u003e\u003cp\u003e To this end, we mechanized several results on resultants, which also required us to prove that polynomials over a unique factorization domain form again a unique factorization domain. \u003c/p\u003e", "authors": [ "RenĂ© Thiemann", "Akihisa Yamada", "Sebastiaan J. C. Joosten" ], "date": "2015-12-22", "id": 457, "link": "/entries/Algebraic_Numbers.html", "permalink": "/entries/Algebraic_Numbers.html", "shortname": "Algebraic_Numbers", "title": "Algebraic Numbers in Isabelle/HOL", "topic_links": [ "mathematics/algebra" ], "topics": [ "Mathematics/Algebra" ], "used_by": 6 }, { "abstract": "Applicative functors augment computations with effects by lifting function application to types which model the effects. As the structure of the computation cannot depend on the effects, applicative expressions can be analysed statically. This allows us to lift universally quantified equations to the effectful types, as observed by Hinze. Thus, equational reasoning over effectful computations can be reduced to pure types. \u003c/p\u003e\u003cp\u003e This entry provides a package for registering applicative functors and two proof methods for lifting of equations over applicative functors. The first method normalises applicative expressions according to the laws of applicative functors. This way, equations whose two sides contain the same list of variables can be lifted to every applicative functor. \u003c/p\u003e\u003cp\u003e To lift larger classes of equations, the second method exploits a number of additional properties (e.g., commutativity of effects) provided the properties have been declared for the concrete applicative functor at hand upon registration. \u003c/p\u003e\u003cp\u003e We declare several types from the Isabelle library as applicative functors and illustrate the use of the methods with two examples: the lifting of the arithmetic type class hierarchy to streams and the verification of a relabelling function on binary trees. We also formalise and verify the normalisation algorithm used by the first proof method. \u003c/p\u003e", "authors": [ "Andreas Lochbihler", "Joshua Schneider" ], "date": "2015-12-22", "id": 458, "link": "/entries/Applicative_Lifting.html", "permalink": "/entries/Applicative_Lifting.html", "shortname": "Applicative_Lifting", "title": "Applicative Lifting", "topic_links": [ "computer-science/functional-programming" ], "topics": [ "Computer science/Functional programming" ], "used_by": 4 }, { "abstract": "The Stern-Brocot tree contains all rational numbers exactly once and in their lowest terms. We formalise the Stern-Brocot tree as a coinductive tree using recursive and iterative specifications, which we have proven equivalent, and show that it indeed contains all the numbers as stated. Following Hinze, we prove that the Stern-Brocot tree can be linearised looplessly into Stern's diatonic sequence (also known as Dijkstra's fusc function) and that it is a permutation of the Bird tree. \u003c/p\u003e\u003cp\u003e The reasoning stays at an abstract level by appealing to the uniqueness of solutions of guarded recursive equations and lifting algebraic laws point-wise to trees and streams using applicative functors. \u003c/p\u003e", "authors": [ "Peter Gammie", "Andreas Lochbihler" ], "date": "2015-12-22", "id": 459, "link": "/entries/Stern_Brocot.html", "permalink": "/entries/Stern_Brocot.html", "shortname": "Stern_Brocot", "title": "The Stern-Brocot Tree", "topic_links": [ "mathematics/number-theory" ], "topics": [ "Mathematics/Number theory" ], "used_by": 0 }, { "abstract": "The theory's main theorem states that the cardinality of set partitions of size k on a carrier set of size n is expressed by Stirling numbers of the second kind. In Isabelle, Stirling numbers of the second kind are defined in the AFP entry `Discrete Summation` through their well-known recurrence relation. The main theorem relates them to the alternative definition as cardinality of set partitions. The proof follows the simple and short explanation in Richard P. Stanley's `Enumerative Combinatorics: Volume 1` and Wikipedia, and unravels the full details and implicit reasoning steps of these explanations.", "authors": [ "Lukas Bulwahn" ], "date": "2015-12-12", "id": 460, "link": "/entries/Card_Partitions.html", "permalink": "/entries/Card_Partitions.html", "shortname": "Card_Partitions", "title": "Cardinality of Set Partitions", "topic_links": [ "mathematics/combinatorics" ], "topics": [ "Mathematics/Combinatorics" ], "used_by": 4 }, { "abstract": "A Latin Square is a n x n table filled with integers from 1 to n where each number appears exactly once in each row and each column. A Latin Rectangle is a partially filled n x n table with r filled rows and n-r empty rows, such that each number appears at most once in each row and each column. The main result of this theory is that any Latin Rectangle can be completed to a Latin Square.", "authors": [ "Alexander Bentkamp" ], "date": "2015-12-02", "id": 461, "link": "/entries/Latin_Square.html", "permalink": "/entries/Latin_Square.html", "shortname": "Latin_Square", "title": "Latin Square", "topic_links": [ "mathematics/combinatorics" ], "topics": [ "Mathematics/Combinatorics" ], "used_by": 0 }, { "abstract": "Ergodic theory is the branch of mathematics that studies the behaviour of measure preserving transformations, in finite or infinite measure. It interacts both with probability theory (mainly through measure theory) and with geometry as a lot of interesting examples are from geometric origin. We implement the first definitions and theorems of ergodic theory, including notably PoicarĂ© recurrence theorem for finite measure preserving systems (together with the notion of conservativity in general), induced maps, Kac's theorem, Birkhoff theorem (arguably the most important theorem in ergodic theory), and variations around it such as conservativity of the corresponding skew product, or Atkinson lemma.", "authors": [ "Sebastien Gouezel" ], "date": "2015-12-01", "id": 462, "link": "/entries/Ergodic_Theory.html", "permalink": "/entries/Ergodic_Theory.html", "shortname": "Ergodic_Theory", "title": "Ergodic Theory", "topic_links": [ "mathematics/probability-theory" ], "topics": [ "Mathematics/Probability theory" ], "used_by": 4 }, { "abstract": "Euler's Partition Theorem states that the number of partitions with only distinct parts is equal to the number of partitions with only odd parts. The combinatorial proof follows John Harrison's HOL Light formalization. This theorem is the 45th theorem of the Top 100 Theorems list.", "authors": [ "Lukas Bulwahn" ], "date": "2015-11-19", "id": 463, "link": "/entries/Euler_Partition.html", "permalink": "/entries/Euler_Partition.html", "shortname": "Euler_Partition", "title": "Euler's Partition Theorem", "topic_links": [ "mathematics/combinatorics" ], "topics": [ "Mathematics/Combinatorics" ], "used_by": 0 }, { "abstract": "We formalize the Tortoise and Hare cycle-finding algorithm ascribed to Floyd by Knuth, and an improved version due to Brent.", "authors": [ "Peter Gammie" ], "date": "2015-11-18", "id": 464, "link": "/entries/TortoiseHare.html", "permalink": "/entries/TortoiseHare.html", "shortname": "TortoiseHare", "title": "The Tortoise and Hare Algorithm", "topic_links": [ "computer-science/algorithms" ], "topics": [ "Computer science/Algorithms" ], "used_by": 0 }, { "abstract": "This development provides a formalization of planarity based on combinatorial maps and proves that Kuratowski's theorem implies combinatorial planarity. Moreover, it contains verified implementations of programs checking certificates for planarity (i.e., a combinatorial map) or non-planarity (i.e., a Kuratowski subgraph).", "authors": [ "Lars Noschinski" ], "date": "2015-11-11", "id": 465, "link": "/entries/Planarity_Certificates.html", "permalink": "/entries/Planarity_Certificates.html", "shortname": "Planarity_Certificates", "title": "Planarity Certificates", "topic_links": [ "mathematics/graph-theory" ], "topics": [ "Mathematics/Graph theory" ], "used_by": 0 }, { "abstract": "We present a formalization of parity games (a two-player game on directed graphs) and a proof of their positional determinacy in Isabelle/HOL. This proof works for both finite and infinite games.", "authors": [ "Christoph Dittmann" ], "date": "2015-11-02", "id": 466, "link": "/entries/Parity_Game.html", "permalink": "/entries/Parity_Game.html", "shortname": "Parity_Game", "title": "Positional Determinacy of Parity Games", "topic_links": [ "mathematics/games-and-economics", "mathematics/graph-theory" ], "topics": [ "Mathematics/Games and economics", "Mathematics/Graph theory" ], "used_by": 1 }, { "abstract": "We represent a theory \u003ci\u003eof\u003c/i\u003e (a fragment of) Isabelle/HOL \u003ci\u003ein\u003c/i\u003e Isabelle/HOL. The purpose of this exercise is to write packages for domain-specific specifications such as class models, B-machines, ..., and generally speaking, any domain-specific languages whose abstract syntax can be defined by a HOL \"datatype\". On this basis, the Isabelle code-generator can then be used to generate code for global context transformations as well as tactic code. \u003cp\u003e Consequently the package is geared towards parsing, printing and code-generation to the Isabelle API. It is at the moment not sufficiently rich for doing meta theory on Isabelle itself. Extensions in this direction are possible though. \u003cp\u003e Moreover, the chosen fragment is fairly rudimentary. However it should be easily adapted to one's needs if a package is written on top of it. The supported API contains types, terms, transformation of global context like definitions and data-type declarations as well as infrastructure for Isar-setups. \u003cp\u003e This theory is drawn from the \u003ca href=\"http://isa-afp.org/entries/Featherweight_OCL.html\"\u003eFeatherweight OCL\u003c/a\u003e project where it is used to construct a package for object-oriented data-type theories generated from UML class diagrams. The Featherweight OCL, for example, allows for both the direct execution of compiled tactic code by the Isabelle API as well as the generation of \".thy\"-files for debugging purposes. \u003cp\u003e Gained experience from this project shows that the compiled code is sufficiently efficient for practical purposes while being based on a formal \u003ci\u003emodel\u003c/i\u003e on which properties of the package can be proven such as termination of certain transformations, correctness, etc.", "authors": [ "FrĂ©dĂ©ric Tuong", "Burkhart Wolff" ], "date": "2015-09-16", "id": 467, "link": "/entries/Isabelle_Meta_Model.html", "permalink": "/entries/Isabelle_Meta_Model.html", "shortname": "Isabelle_Meta_Model", "title": "A Meta-Model for the Isabelle API", "topic_links": [ "computer-science/programming-languages/language-definitions" ], "topics": [ "Computer science/Programming languages/Language definitions" ], "used_by": 0 }, { "abstract": "Recently, Javier Esparza and Jan Kretinsky proposed a new method directly translating linear temporal logic (LTL) formulas to deterministic (generalized) Rabin automata. Compared to the existing approaches of constructing a non-deterministic Buechi-automaton in the first step and then applying a determinization procedure (e.g. some variant of Safra's construction) in a second step, this new approach preservers a relation between the formula and the states of the resulting automaton. While the old approach produced a monolithic structure, the new method is compositional. Furthermore, in some cases the resulting automata are much smaller than the automata generated by existing approaches. In order to ensure the correctness of the construction, this entry contains a complete formalisation and verification of the translation. Furthermore from this basis executable code is generated.", "authors": [ "Salomon Sickert" ], "date": "2015-09-04", "id": 468, "link": "/entries/LTL_to_DRA.html", "permalink": "/entries/LTL_to_DRA.html", "shortname": "LTL_to_DRA", "title": "Converting Linear Temporal Logic to Deterministic (Generalized) Rabin Automata", "topic_links": [ "computer-science/automata-and-formal-languages" ], "topics": [ "Computer science/Automata and formal languages" ], "used_by": 0 }, { "abstract": "\u003cp\u003e Matrix interpretations are useful as measure functions in termination proving. In order to use these interpretations also for complexity analysis, the growth rate of matrix powers has to examined. Here, we formalized a central result of spectral radius theory, namely that the growth rate is polynomially bounded if and only if the spectral radius of a matrix is at most one. \u003c/p\u003e\u003cp\u003e To formally prove this result we first studied the growth rates of matrices in Jordan normal form, and prove the result that every complex matrix has a Jordan normal form using a constructive prove via Schur decomposition. \u003c/p\u003e\u003cp\u003e The whole development is based on a new abstract type for matrices, which is also executable by a suitable setup of the code generator. It completely subsumes our former AFP-entry on executable matrices, and its main advantage is its close connection to the HMA-representation which allowed us to easily adapt existing proofs on determinants. \u003c/p\u003e\u003cp\u003e All the results have been applied to improve CeTA, our certifier to validate termination and complexity proof certificates. \u003c/p\u003e", "authors": [ "RenĂ© Thiemann", "Akihisa Yamada" ], "date": "2015-08-21", "id": 469, "link": "/entries/Jordan_Normal_Form.html", "permalink": "/entries/Jordan_Normal_Form.html", "shortname": "Jordan_Normal_Form", "title": "Matrices, Jordan Normal Forms, and Spectral Radius Theory", "topic_links": [ "mathematics/algebra" ], "topics": [ "Mathematics/Algebra" ], "used_by": 12 }, { "abstract": "This theory formalizes the commutation version of decreasing diagrams for Church-Rosser modulo. The proof follows Felgenhauer and van Oostrom (RTA 2013). The theory also provides important specializations, in particular van Oostrom’s conversion version (TCS 2008) of decreasing diagrams.", "authors": [ "Bertram Felgenhauer" ], "date": "2015-08-20", "id": 470, "link": "/entries/Decreasing-Diagrams-II.html", "permalink": "/entries/Decreasing-Diagrams-II.html", "shortname": "Decreasing-Diagrams-II", "title": "Decreasing Diagrams II", "topic_links": [ "logic/rewriting" ], "topics": [ "Logic/Rewriting" ], "used_by": 0 }, { "abstract": "\u003cp\u003e The necessary and sufficient condition for CSP noninterference security stated by the Ipurge Unwinding Theorem is expressed in terms of a pair of event lists varying over the set of process traces. This does not render it suitable for the subsequent application of rule induction in the case of a process defined inductively, since rule induction may rather be applied to a single variable ranging over an inductively defined set. \u003c/p\u003e\u003cp\u003e Starting from the Ipurge Unwinding Theorem, this paper derives a necessary and sufficient condition for CSP noninterference security that involves a single event list varying over the set of process traces, and is thus suitable for rule induction; hence its name, Inductive Unwinding Theorem. Similarly to the Ipurge Unwinding Theorem, the new theorem only requires to consider individual accepted and refused events for each process trace, and applies to the general case of a possibly intransitive noninterference policy. Specific variants of this theorem are additionally proven for deterministic processes and trace set processes. \u003c/p\u003e", "authors": [ "Pasquale Noce" ], "date": "2015-08-18", "id": 471, "link": "/entries/Noninterference_Inductive_Unwinding.html", "permalink": "/entries/Noninterference_Inductive_Unwinding.html", "shortname": "Noninterference_Inductive_Unwinding", "title": "The Inductive Unwinding Theorem for CSP Noninterference Security", "topic_links": [ "computer-science/security" ], "topics": [ "Computer science/Security" ], "used_by": 0 }, { "abstract": "We provide a formal framework for the theory of representations of finite groups, as modules over the group ring. Along the way, we develop the general theory of groups (relying on the group_add class for the basics), modules, and vector spaces, to the extent required for theory of group representations. We then provide formal proofs of several important introductory theorems in the subject, including Maschke's theorem, Schur's lemma, and Frobenius reciprocity. We also prove that every irreducible representation is isomorphic to a submodule of the group ring, leading to the fact that for a finite group there are only finitely many isomorphism classes of irreducible representations. In all of this, no restriction is made on the characteristic of the ring or field of scalars until the definition of a group representation, and then the only restriction made is that the characteristic must not divide the order of the group.", "authors": [ "Jeremy Sylvestre" ], "date": "2015-08-12", "id": 472, "link": "/entries/Rep_Fin_Groups.html", "permalink": "/entries/Rep_Fin_Groups.html", "shortname": "Rep_Fin_Groups", "title": "Representations of Finite Groups", "topic_links": [ "mathematics/algebra" ], "topics": [ "Mathematics/Algebra" ], "used_by": 0 }, { "abstract": "Encodings or the proof of their absence are the main way to compare process calculi. To analyse the quality of encodings and to rule out trivial or meaningless encodings, they are augmented with quality criteria. There exists a bunch of different criteria and different variants of criteria in order to reason in different settings. This leads to incomparable results. Moreover it is not always clear whether the criteria used to obtain a result in a particular setting do indeed fit to this setting. We show how to formally reason about and compare encodability criteria by mapping them on requirements on a relation between source and target terms that is induced by the encoding function. In particular we analyse the common criteria full abstraction, operational correspondence, divergence reflection, success sensitiveness, and respect of barbs; e.g. we analyse the exact nature of the simulation relation (coupled simulation versus bisimulation) that is induced by different variants of operational correspondence. This way we reduce the problem of analysing or comparing encodability criteria to the better understood problem of comparing relations on processes.", "authors": [ "Kirstin Peters", "Rob van Glabbeek" ], "date": "2015-08-10", "id": 473, "link": "/entries/Encodability_Process_Calculi.html", "permalink": "/entries/Encodability_Process_Calculi.html", "shortname": "Encodability_Process_Calculi", "title": "Analysing and Comparing Encodability Criteria for Process Calculi", "topic_links": [ "computer-science/concurrency/process-calculi" ], "topics": [ "Computer science/Concurrency/Process calculi" ], "used_by": 0 }, { "abstract": "Isabelle/Isar provides named cases to structure proofs. This article contains an implementation of a proof method \u003ctt\u003ecasify\u003c/tt\u003e, which can be used to easily extend proof tools with support for named cases. Such a proof tool must produce labeled subgoals, which are then interpreted by \u003ctt\u003ecasify\u003c/tt\u003e. \u003cp\u003e As examples, this work contains verification condition generators producing named cases for three languages: The Hoare language from \u003ctt\u003eHOL/Library\u003c/tt\u003e, a monadic language for computations with failure (inspired by the AutoCorres tool), and a language of conditional expressions. These VCGs are demonstrated by a number of example programs.", "authors": [ "Lars Noschinski" ], "date": "2015-07-21", "id": 474, "link": "/entries/Case_Labeling.html", "permalink": "/entries/Case_Labeling.html", "shortname": "Case_Labeling", "title": "Generating Cases from Labeled Subgoals", "topic_links": [ "tools", "computer-science/programming-languages/misc" ], "topics": [ "Tools", "Computer science/Programming languages/Misc" ], "used_by": 1 }, { "abstract": "This entry provides Landau symbols to describe and reason about the asymptotic growth of functions for sufficiently large inputs. A number of simplification procedures are provided for additional convenience: cancelling of dominated terms in sums under a Landau symbol, cancelling of common factors in products, and a decision procedure for Landau expressions containing products of powers of functions like x, ln(x), ln(ln(x)) etc.", "authors": [ "Manuel Eberl" ], "date": "2015-07-14", "id": 475, "link": "/entries/Landau_Symbols.html", "permalink": "/entries/Landau_Symbols.html", "shortname": "Landau_Symbols", "title": "Landau Symbols", "topic_links": [ "mathematics/analysis" ], "topics": [ "Mathematics/Analysis" ], "used_by": 11 }, { "abstract": "This article contains a formalisation of the Akra-Bazzi method based on a proof by Leighton. It is a generalisation of the well-known Master Theorem for analysing the complexity of Divide \u0026 Conquer algorithms. We also include a generalised version of the Master theorem based on the Akra-Bazzi theorem, which is easier to apply than the Akra-Bazzi theorem itself. \u003cp\u003e Some proof methods that facilitate applying the Master theorem are also included. For a more detailed explanation of the formalisation and the proof methods, see the accompanying paper (publication forthcoming).", "authors": [ "Manuel Eberl" ], "date": "2015-07-14", "id": 476, "link": "/entries/Akra_Bazzi.html", "permalink": "/entries/Akra_Bazzi.html", "shortname": "Akra_Bazzi", "title": "The Akra-Bazzi theorem and the Master theorem", "topic_links": [ "mathematics/analysis" ], "topics": [ "Mathematics/Analysis" ], "used_by": 1 }, { "abstract": "Hermite Normal Form is a canonical matrix analogue of Reduced Echelon Form, but involving matrices over more general rings. In this work we formalise an algorithm to compute the Hermite Normal Form of a matrix by means of elementary row operations, taking advantage of the Echelon Form AFP entry. We have proven the correctness of such an algorithm and refined it to immutable arrays. Furthermore, we have also formalised the uniqueness of the Hermite Normal Form of a matrix. Code can be exported and some examples of execution involving integer matrices and polynomial matrices are presented as well.", "authors": [ "Jose DivasĂłn", "JesĂșs Aransay" ], "date": "2015-07-07", "id": 477, "link": "/entries/Hermite.html", "permalink": "/entries/Hermite.html", "shortname": "Hermite", "title": "Hermite Normal Form", "topic_links": [ "computer-science/algorithms/mathematical", "mathematics/algebra" ], "topics": [ "Computer science/Algorithms/Mathematical", "Mathematics/Algebra" ], "used_by": 2 }, { "abstract": "The Derangements Formula describes the number of fixpoint-free permutations as a closed formula. This theorem is the 88th theorem in a list of the ``\u003ca href=\"http://www.cs.ru.nl/~freek/100/\"\u003eTop 100 Mathematical Theorems\u003c/a\u003e''.", "authors": [ "Lukas Bulwahn" ], "date": "2015-06-27", "id": 478, "link": "/entries/Derangements.html", "permalink": "/entries/Derangements.html", "shortname": "Derangements", "title": "Derangements Formula", "topic_links": [ "mathematics/combinatorics" ], "topics": [ "Mathematics/Combinatorics" ], "used_by": 0 }, { "abstract": "Binary multirelations associate elements of a set with its subsets; hence they are binary relations from a set to its power set. Applications include alternating automata, models and logics for games, program semantics with dual demonic and angelic nondeterministic choices and concurrent dynamic logics. This proof document supports an arXiv article that formalises the basic algebra of multirelations and proposes axiom systems for them, ranging from weak bi-monoids to weak bi-quantales.", "authors": [ "Hitoshi Furusawa", "Georg Struth" ], "date": "2015-06-11", "id": 479, "link": "/entries/Multirelations.html", "permalink": "/entries/Multirelations.html", "shortname": "Multirelations", "title": "Binary Multirelations", "topic_links": [ "mathematics/algebra" ], "topics": [ "Mathematics/Algebra" ], "used_by": 0 }, { "abstract": "\u003cp\u003e Among the various mathematical tools introduced in his outstanding work on Communicating Sequential Processes, Hoare has defined \"interleaves\" as the predicate satisfied by any three lists such that the first list may be split into sublists alternately extracted from the other two ones, whatever is the criterion for extracting an item from either one list or the other in each step. \u003c/p\u003e\u003cp\u003e This paper enriches Hoare's definition by identifying such criterion with the truth value of a predicate taking as inputs the head and the tail of the first list. This enhanced \"interleaves\" predicate turns out to permit the proof of equalities between lists without the need of an induction. Some rules that allow to infer \"interleaves\" statements without induction, particularly applying to the addition or removal of a prefix to the input lists, are also proven. Finally, a stronger version of the predicate, named \"Interleaves\", is shown to fulfil further rules applying to the addition or removal of a suffix to the input lists. \u003c/p\u003e", "authors": [ "Pasquale Noce" ], "date": "2015-06-11", "id": 480, "link": "/entries/List_Interleaving.html", "permalink": "/entries/List_Interleaving.html", "shortname": "List_Interleaving", "title": "Reasoning about Lists via List Interleaving", "topic_links": [ "computer-science/data-structures" ], "topics": [ "Computer science/Data structures" ], "used_by": 1 }, { "abstract": "\u003cp\u003e The classical definition of noninterference security for a deterministic state machine with outputs requires to consider the outputs produced by machine actions after any trace, i.e. any indefinitely long sequence of actions, of the machine. In order to render the verification of the security of such a machine more straightforward, there is a need of some sufficient condition for security such that just individual actions, rather than unbounded sequences of actions, have to be considered. \u003c/p\u003e\u003cp\u003e By extending previous results applying to transitive noninterference policies, Rushby has proven an unwinding theorem that provides a sufficient condition of this kind in the general case of a possibly intransitive policy. This condition has to be satisfied by a generic function mapping security domains into equivalence relations over machine states. \u003c/p\u003e\u003cp\u003e An analogous problem arises for CSP noninterference security, whose definition requires to consider any possible future, i.e. any indefinitely long sequence of subsequent events and any indefinitely large set of refused events associated to that sequence, for each process trace. \u003c/p\u003e\u003cp\u003e This paper provides a sufficient condition for CSP noninterference security, which indeed requires to just consider individual accepted and refused events and applies to the general case of a possibly intransitive policy. This condition follows Rushby's one for classical noninterference security, and has to be satisfied by a generic function mapping security domains into equivalence relations over process traces; hence its name, Generic Unwinding Theorem. Variants of this theorem applying to deterministic processes and trace set processes are also proven. Finally, the sufficient condition for security expressed by the theorem is shown not to be a necessary condition as well, viz. there exists a secure process such that no domain-relation map satisfying the condition exists. \u003c/p\u003e", "authors": [ "Pasquale Noce" ], "date": "2015-06-11", "id": 481, "link": "/entries/Noninterference_Generic_Unwinding.html", "permalink": "/entries/Noninterference_Generic_Unwinding.html", "shortname": "Noninterference_Generic_Unwinding", "title": "The Generic Unwinding Theorem for CSP Noninterference Security", "topic_links": [ "computer-science/security", "computer-science/concurrency/process-calculi" ], "topics": [ "Computer science/Security", "Computer science/Concurrency/Process calculi" ], "used_by": 0 }, { "abstract": "\u003cp\u003e The definition of noninterference security for Communicating Sequential Processes requires to consider any possible future, i.e. any indefinitely long sequence of subsequent events and any indefinitely large set of refused events associated to that sequence, for each process trace. In order to render the verification of the security of a process more straightforward, there is a need of some sufficient condition for security such that just individual accepted and refused events, rather than unbounded sequences and sets of events, have to be considered. \u003c/p\u003e\u003cp\u003e Of course, if such a sufficient condition were necessary as well, it would be even more valuable, since it would permit to prove not only that a process is secure by verifying that the condition holds, but also that a process is not secure by verifying that the condition fails to hold. \u003c/p\u003e\u003cp\u003e This paper provides a necessary and sufficient condition for CSP noninterference security, which indeed requires to just consider individual accepted and refused events and applies to the general case of a possibly intransitive policy. This condition follows Rushby's output consistency for deterministic state machines with outputs, and has to be satisfied by a specific function mapping security domains into equivalence relations over process traces. The definition of this function makes use of an intransitive purge function following Rushby's one; hence the name given to the condition, Ipurge Unwinding Theorem. \u003c/p\u003e\u003cp\u003e Furthermore, in accordance with Hoare's formal definition of deterministic processes, it is shown that a process is deterministic just in case it is a trace set process, i.e. it may be identified by means of a trace set alone, matching the set of its traces, in place of a failures-divergences pair. Then, variants of the Ipurge Unwinding Theorem are proven for deterministic processes and trace set processes. \u003c/p\u003e", "authors": [ "Pasquale Noce" ], "date": "2015-06-11", "id": 482, "link": "/entries/Noninterference_Ipurge_Unwinding.html", "permalink": "/entries/Noninterference_Ipurge_Unwinding.html", "shortname": "Noninterference_Ipurge_Unwinding", "title": "The Ipurge Unwinding Theorem for CSP Noninterference Security", "topic_links": [ "computer-science/security" ], "topics": [ "Computer science/Security" ], "used_by": 3 }, { "abstract": "This article formalizes the amortized analysis of dynamic tables parameterized with their minimal and maximal load factors and the expansion and contraction factors. \u003cP\u003e A full description is found in a \u003ca href=\"http://www21.in.tum.de/~nipkow/pubs\"\u003ecompanion paper\u003c/a\u003e.", "authors": [ "Tobias Nipkow" ], "date": "2015-06-07", "id": 483, "link": "/entries/Dynamic_Tables.html", "permalink": "/entries/Dynamic_Tables.html", "shortname": "Dynamic_Tables", "title": "Parameterized Dynamic Tables", "topic_links": [ "computer-science/data-structures" ], "topics": [ "Computer science/Data structures" ], "used_by": 0 }, { "abstract": "We formalize new decision procedures for WS1S, M2L(Str), and Presburger Arithmetics. Formulas of these logics denote regular languages. Unlike traditional decision procedures, we do \u003cem\u003enot\u003c/em\u003e translate formulas into automata (nor into regular expressions), at least not explicitly. Instead we devise notions of derivatives (inspired by Brzozowski derivatives for regular expressions) that operate on formulas directly and compute a syntactic bisimulation using these derivatives. The treatment of Boolean connectives and quantifiers is uniform for all mentioned logics and is abstracted into a locale. This locale is then instantiated by different atomic formulas and their derivatives (which may differ even for the same logic under different encodings of interpretations as formal words). \u003cp\u003e The WS1S instance is described in the draft paper \u003ca href=\"https://people.inf.ethz.ch/trayteld/papers/csl15-ws1s_derivatives/index.html\"\u003eA Coalgebraic Decision Procedure for WS1S\u003c/a\u003e by the author.", "authors": [ "Dmitriy Traytel" ], "date": "2015-05-28", "id": 484, "link": "/entries/Formula_Derivatives.html", "permalink": "/entries/Formula_Derivatives.html", "shortname": "Formula_Derivatives", "title": "Derivatives of Logical Formulas", "topic_links": [ "computer-science/automata-and-formal-languages", "logic/general-logic/decidability-of-theories" ], "topics": [ "Computer science/Automata and formal languages", "Logic/General logic/Decidability of theories" ], "used_by": 1 }, { "abstract": "Numerous models of probabilistic systems are studied in the literature. Coalgebra has been used to classify them into system types and compare their expressiveness. We formalize the resulting hierarchy of probabilistic system types by modeling the semantics of the different systems as codatatypes. This approach yields simple and concise proofs, as bisimilarity coincides with equality for codatatypes. \u003cp\u003e This work is described in detail in the ITP 2015 publication by the authors.", "authors": [ "Johannes Hölzl", "Andreas Lochbihler", "Dmitriy Traytel" ], "date": "2015-05-27", "id": 485, "link": "/entries/Probabilistic_System_Zoo.html", "permalink": "/entries/Probabilistic_System_Zoo.html", "shortname": "Probabilistic_System_Zoo", "title": "A Zoo of Probabilistic Systems", "topic_links": [ "computer-science/automata-and-formal-languages" ], "topics": [ "Computer science/Automata and formal languages" ], "used_by": 0 }, { "abstract": "A VCG auction (named after their inventors Vickrey, Clarke, and Groves) is a generalization of the single-good, second price Vickrey auction to the case of a combinatorial auction (multiple goods, from which any participant can bid on each possible combination). We formalize in this entry VCG auctions, including tie-breaking and prove that the functions for the allocation and the price determination are well-defined. Furthermore we show that the allocation function allocates goods only to participants, only goods in the auction are allocated, and no good is allocated twice. We also show that the price function is non-negative. These properties also hold for the automatically extracted Scala code.", "authors": [ "Marco B. Caminati", "Manfred Kerber", "Christoph Lange", "Colin Rowat" ], "date": "2015-04-30", "id": 486, "link": "/entries/Vickrey_Clarke_Groves.html", "permalink": "/entries/Vickrey_Clarke_Groves.html", "shortname": "Vickrey_Clarke_Groves", "title": "VCG - Combinatorial Vickrey-Clarke-Groves Auctions", "topic_links": [ "mathematics/games-and-economics" ], "topics": [ "Mathematics/Games and economics" ], "used_by": 0 }, { "abstract": "The theory of residuated lattices, first proposed by Ward and Dilworth, is formalised in Isabelle/HOL. This includes concepts of residuated functions; their adjoints and conjugates. It also contains necessary and sufficient conditions for the existence of these operations in an arbitrary lattice. The mathematical components for residuated lattices are linked to the AFP entry for relation algebra. In particular, we prove Jonsson and Tsinakis conditions for a residuated boolean algebra to form a relation algebra.", "authors": [ "Victor B. F. Gomes", "Georg Struth" ], "date": "2015-04-15", "id": 487, "link": "/entries/Residuated_Lattices.html", "permalink": "/entries/Residuated_Lattices.html", "shortname": "Residuated_Lattices", "title": "Residuated Lattices", "topic_links": [ "mathematics/algebra" ], "topics": [ "Mathematics/Algebra" ], "used_by": 0 }, { "abstract": "ConcurrentIMP extends the small imperative language IMP with control non-determinism and constructs for synchronous message passing.", "authors": [ "Peter Gammie" ], "date": "2015-04-13", "id": 488, "link": "/entries/ConcurrentIMP.html", "permalink": "/entries/ConcurrentIMP.html", "shortname": "ConcurrentIMP", "title": "Concurrent IMP", "topic_links": [ "computer-science/programming-languages/logics" ], "topics": [ "Computer science/Programming languages/Logics" ], "used_by": 1 }, { "abstract": "\u003cp\u003e We use ConcurrentIMP to model Schism, a state-of-the-art real-time garbage collection scheme for weak memory, and show that it is safe on x86-TSO.\u003c/p\u003e \u003cp\u003e This development accompanies the PLDI 2015 paper of the same name. \u003c/p\u003e", "authors": [ "Peter Gammie", "Tony Hosking", "Kai Engelhardt" ], "date": "2015-04-13", "id": 489, "link": "/entries/ConcurrentGC.html", "permalink": "/entries/ConcurrentGC.html", "shortname": "ConcurrentGC", "title": "Relaxing Safely: Verified On-the-Fly Garbage Collection for x86-TSO", "topic_links": [ "computer-science/algorithms/concurrent" ], "topics": [ "Computer science/Algorithms/Concurrent" ], "used_by": 0 }, { "abstract": "This article formalizes the ``trie'' data structure invented by Fredkin [CACM 1960]. It also provides a specialization where the entries in the trie are lists.", "authors": [ "Andreas Lochbihler", "Tobias Nipkow" ], "date": "2015-03-30", "id": 490, "link": "/entries/Trie.html", "permalink": "/entries/Trie.html", "shortname": "Trie", "title": "Trie", "topic_links": [ "computer-science/data-structures" ], "topics": [ "Computer science/Data structures" ], "used_by": 5 }, { "abstract": "Algorithms for solving the consensus problem are fundamental to distributed computing. Despite their brevity, their ability to operate in concurrent, asynchronous and failure-prone environments comes at the cost of complex and subtle behaviors. Accordingly, understanding how they work and proving their correctness is a non-trivial endeavor where abstraction is immensely helpful. Moreover, research on consensus has yielded a large number of algorithms, many of which appear to share common algorithmic ideas. A natural question is whether and how these similarities can be distilled and described in a precise, unified way. In this work, we combine stepwise refinement and lockstep models to provide an abstract and unified view of a sizeable family of consensus algorithms. Our models provide insights into the design choices underlying the different algorithms, and classify them based on those choices.", "authors": [ "Ognjen Marić", "Christoph Sprenger" ], "date": "2015-03-18", "id": 491, "link": "/entries/Consensus_Refined.html", "permalink": "/entries/Consensus_Refined.html", "shortname": "Consensus_Refined", "title": "Consensus Refined", "topic_links": [ "computer-science/algorithms/distributed" ], "topics": [ "Computer science/Algorithms/Distributed" ], "used_by": 0 }, { "abstract": "\u003cp\u003eWe provide a framework for registering automatic methods to derive class instances of datatypes, as it is possible using Haskell's ``deriving Ord, Show, ...'' feature.\u003c/p\u003e \u003cp\u003eWe further implemented such automatic methods to derive comparators, linear orders, parametrizable equality functions, and hash-functions which are required in the Isabelle Collection Framework and the Container Framework. Moreover, for the tactic of Blanchette to show that a datatype is countable, we implemented a wrapper so that this tactic becomes accessible in our framework. All of the generators are based on the infrastructure that is provided by the BNF-based datatype package.\u003c/p\u003e \u003cp\u003eOur formalization was performed as part of the \u003ca href=\"http://cl-informatik.uibk.ac.at/software/ceta\"\u003eIsaFoR/CeTA\u003c/a\u003e project. With our new tactics we could remove several tedious proofs for (conditional) linear orders, and conditional equality operators within IsaFoR and the Container Framework.\u003c/p\u003e", "authors": [ "Christian Sternagel", "RenĂ© Thiemann" ], "date": "2015-03-11", "id": 492, "link": "/entries/Deriving.html", "permalink": "/entries/Deriving.html", "shortname": "Deriving", "title": "Deriving class instances for datatypes", "topic_links": [ "computer-science/data-structures" ], "topics": [ "Computer science/Data structures" ], "used_by": 13 }, { "abstract": "We formalize the Call Arity analysis, as implemented in GHC, and prove both functional correctness and, more interestingly, safety (i.e. the transformation does not increase allocation). \u003cp\u003e We use syntax and the denotational semantics from the entry \"Launchbury\", where we formalized Launchbury's natural semantics for lazy evaluation. \u003cp\u003e The functional correctness of Call Arity is proved with regard to that denotational semantics. The operational properties are shown with regard to a small-step semantics akin to Sestoft's mark 1 machine, which we prove to be equivalent to Launchbury's semantics. \u003cp\u003e We use Christian Urban's Nominal2 package to define our terms and make use of Brian Huffman's HOLCF package for the domain-theoretical aspects of the development.", "authors": [ "Joachim Breitner" ], "date": "2015-02-20", "id": 493, "link": "/entries/Call_Arity.html", "permalink": "/entries/Call_Arity.html", "shortname": "Call_Arity", "title": "The Safety of Call Arity", "topic_links": [ "computer-science/programming-languages/static-analysis" ], "topics": [ "Computer science/Programming languages/Static analysis" ], "used_by": 0 }, { "abstract": "We formalize an algorithm to compute the Echelon Form of a matrix. We have proved its existence over BĂ©zout domains and made it executable over Euclidean domains, such as the integer ring and the univariate polynomials over a field. This allows us to compute determinants, inverses and characteristic polynomials of matrices. The work is based on the HOL-Multivariate Analysis library, and on both the Gauss-Jordan and Cayley-Hamilton AFP entries. As a by-product, some algebraic structures have been implemented (principal ideal domains, BĂ©zout domains...). The algorithm has been refined to immutable arrays and code can be generated to functional languages as well.", "authors": [ "Jose DivasĂłn", "JesĂșs Aransay" ], "date": "2015-02-12", "id": 494, "link": "/entries/Echelon_Form.html", "permalink": "/entries/Echelon_Form.html", "shortname": "Echelon_Form", "title": "Echelon Form", "topic_links": [ "computer-science/algorithms/mathematical", "mathematics/algebra" ], "topics": [ "Computer science/Algorithms/Mathematical", "Mathematics/Algebra" ], "used_by": 1 }, { "abstract": "QR decomposition is an algorithm to decompose a real matrix A into the product of two other matrices Q and R, where Q is orthogonal and R is invertible and upper triangular. The algorithm is useful for the least squares problem; i.e., the computation of the best approximation of an unsolvable system of linear equations. As a side-product, the Gram-Schmidt process has also been formalized. A refinement using immutable arrays is presented as well. The development relies, among others, on the AFP entry \"Implementing field extensions of the form Q[sqrt(b)]\" by RenĂ© Thiemann, which allows execution of the algorithm using symbolic computations. Verified code can be generated and executed using floats as well.", "authors": [ "Jose DivasĂłn", "JesĂșs Aransay" ], "date": "2015-02-12", "id": 495, "link": "/entries/QR_Decomposition.html", "permalink": "/entries/QR_Decomposition.html", "shortname": "QR_Decomposition", "title": "QR Decomposition", "topic_links": [ "computer-science/algorithms/mathematical", "mathematics/algebra" ], "topics": [ "Computer science/Algorithms/Mathematical", "Mathematics/Algebra" ], "used_by": 0 }, { "abstract": "Finite Automata, both deterministic and non-deterministic, for regular languages. The Myhill-Nerode Theorem. Closure under intersection, concatenation, etc. Regular expressions define regular languages. Closure under reversal; the powerset construction mapping NFAs to DFAs. Left and right languages; minimal DFAs. Brzozowski's minimization algorithm. Uniqueness up to isomorphism of minimal DFAs.", "authors": [ "Lawrence C. Paulson" ], "date": "2015-02-05", "id": 496, "link": "/entries/Finite_Automata_HF.html", "permalink": "/entries/Finite_Automata_HF.html", "shortname": "Finite_Automata_HF", "title": "Finite Automata in Hereditarily Finite Set Theory", "topic_links": [ "computer-science/automata-and-formal-languages" ], "topics": [ "Computer science/Automata and formal languages" ], "used_by": 0 }, { "abstract": "The UpDown scheme is a recursive scheme used to compute the stiffness matrix on a special form of sparse grids. Usually, when discretizing a Euclidean space of dimension d we need O(n^d) points, for n points along each dimension. Sparse grids are a hierarchical representation where the number of points is reduced to O(n * log(n)^d). One disadvantage of such sparse grids is that the algorithm now operate recursively in the dimensions and levels of the sparse grid. \u003cp\u003e The UpDown scheme allows us to compute the stiffness matrix on such a sparse grid. The stiffness matrix represents the influence of each representation function on the L^2 scalar product. For a detailed description see Dirk PflĂŒger's PhD thesis. This formalization was developed as an interdisciplinary project (IDP) at the Technische UniversitĂ€t MĂŒnchen.", "authors": [ "Johannes Hölzl" ], "date": "2015-01-28", "id": 497, "link": "/entries/UpDown_Scheme.html", "permalink": "/entries/UpDown_Scheme.html", "shortname": "UpDown_Scheme", "title": "Verification of the UpDown Scheme", "topic_links": [ "computer-science/algorithms/mathematical" ], "topics": [ "Computer science/Algorithms/Mathematical" ], "used_by": 0 }, { "abstract": "We present the Unified Policy Framework (UPF), a generic framework for modelling security (access-control) policies. UPF emphasizes the view that a policy is a policy decision function that grants or denies access to resources, permissions, etc. In other words, instead of modelling the relations of permitted or prohibited requests directly, we model the concrete function that implements the policy decision point in a system. In more detail, UPF is based on the following four principles: 1) Functional representation of policies, 2) No conflicts are possible, 3) Three-valued decision type (allow, deny, undefined), 4) Output type not containing the decision only.", "authors": [ "Achim D. Brucker", "Lukas BrĂŒgger", "Burkhart Wolff" ], "date": "2014-11-28", "id": 498, "link": "/entries/UPF.html", "permalink": "/entries/UPF.html", "shortname": "UPF", "title": "The Unified Policy Framework (UPF)", "topic_links": [ "computer-science/security" ], "topics": [ "Computer science/Security" ], "used_by": 1 }, { "abstract": "\u003cp\u003e The Ad hoc On-demand Distance Vector (AODV) routing protocol allows the nodes in a Mobile Ad hoc Network (MANET) or a Wireless Mesh Network (WMN) to know where to forward data packets. Such a protocol is ‘loop free’ if it never leads to routing decisions that forward packets in circles. \u003cp\u003e This development mechanises an existing pen-and-paper proof of loop freedom of AODV. The protocol is modelled in the Algebra of Wireless Networks (AWN), which is the subject of an earlier paper and AFP mechanization. The proof relies on a novel compositional approach for lifting invariants to networks of nodes. \u003c/p\u003e\u003cp\u003e We exploit the mechanization to analyse several variants of AODV and show that Isabelle/HOL can re-establish most proof obligations automatically and identify exactly the steps that are no longer valid. \u003c/p\u003e", "authors": [ "Timothy Bourke", "Peter Höfner" ], "date": "2014-10-23", "id": 499, "link": "/entries/AODV.html", "permalink": "/entries/AODV.html", "shortname": "AODV", "title": "Loop freedom of the (untimed) AODV routing protocol", "topic_links": [ "computer-science/concurrency/process-calculi" ], "topics": [ "Computer science/Concurrency/Process calculi" ], "used_by": 0 }, { "abstract": "We implemented a command that can be used to easily generate elements of a restricted type \u003ctt\u003e{x :: 'a. P x}\u003c/tt\u003e, provided the definition is of the form \u003ctt\u003ef ys = (if check ys then Some(generate ys :: 'a) else None)\u003c/tt\u003e where \u003ctt\u003eys\u003c/tt\u003e is a list of variables \u003ctt\u003ey1 ... yn\u003c/tt\u003e and \u003ctt\u003echeck ys ==\u003e P(generate ys)\u003c/tt\u003e can be proved. \u003cp\u003e In principle, such a definition is also directly possible using the \u003ctt\u003elift_definition\u003c/tt\u003e command. However, then this definition will not be suitable for code-generation. To this end, we automated a more complex construction of Joachim Breitner which is amenable for code-generation, and where the test \u003ctt\u003echeck ys\u003c/tt\u003e will only be performed once. In the automation, one auxiliary type is created, and Isabelle's lifting- and transfer-package is invoked several times.", "authors": [ "RenĂ© Thiemann" ], "date": "2014-10-13", "id": 500, "link": "/entries/Lifting_Definition_Option.html", "permalink": "/entries/Lifting_Definition_Option.html", "shortname": "Lifting_Definition_Option", "title": "Lifting Definition Option", "topic_links": [ "computer-science/functional-programming" ], "topics": [ "Computer science/Functional programming" ], "used_by": 0 }, { "abstract": "Stream Fusion is a system for removing intermediate list data structures from functional programs, in particular Haskell. This entry adapts stream fusion to Isabelle/HOL and its code generator. We define stream types for finite and possibly infinite lists and stream versions for most of the fusible list functions in the theories List and Coinductive_List, and prove them correct with respect to the conversion functions between lists and streams. The Stream Fusion transformation itself is implemented as a simproc in the preprocessor of the code generator. [Brian Huffman's \u003ca href=\"http://isa-afp.org/entries/Stream-Fusion.html\"\u003eAFP entry\u003c/a\u003e formalises stream fusion in HOLCF for the domain of lazy lists to prove the GHC compiler rewrite rules correct. In contrast, this work enables Isabelle's code generator to perform stream fusion itself. To that end, it covers both finite and coinductive lists from the HOL library and the Coinductive entry. The fusible list functions require specification and proof principles different from Huffman's.]", "authors": [ "Andreas Lochbihler", "Alexandra Maximova" ], "date": "2014-10-10", "id": 501, "link": "/entries/Stream_Fusion_Code.html", "permalink": "/entries/Stream_Fusion_Code.html", "shortname": "Stream_Fusion_Code", "title": "Stream Fusion in HOL with Code Generation", "topic_links": [ "computer-science/functional-programming" ], "topics": [ "Computer science/Functional programming" ], "used_by": 0 }, { "abstract": "\u003ca href=\"https://doi.org/10.1007/978-3-642-36742-7_35\"\u003eBhat et al. [TACAS 2013]\u003c/a\u003e developed an inductive compiler that computes density functions for probability spaces described by programs in a probabilistic functional language. In this work, we implement such a compiler for a modified version of this language within the theorem prover Isabelle and give a formal proof of its soundness w.r.t. the semantics of the source and target language. Together with Isabelle's code generation for inductive predicates, this yields a fully verified, executable density compiler. The proof is done in two steps: First, an abstract compiler working with abstract functions modelled directly in the theorem prover's logic is defined and proved sound. Then, this compiler is refined to a concrete version that returns a target-language expression. \u003cp\u003e An article with the same title and authors is published in the proceedings of ESOP 2015. A detailed presentation of this work can be found in the first author's master's thesis.", "authors": [ "Manuel Eberl", "Johannes Hölzl", "Tobias Nipkow" ], "date": "2014-10-09", "id": 502, "link": "/entries/Density_Compiler.html", "permalink": "/entries/Density_Compiler.html", "shortname": "Density_Compiler", "title": "A Verified Compiler for Probability Density Functions", "topic_links": [ "mathematics/probability-theory", "computer-science/programming-languages/compiling" ], "topics": [ "Mathematics/Probability theory", "Computer science/Programming languages/Compiling" ], "used_by": 0 }, { "abstract": "We present a formalization of refinement calculus for reactive systems. Refinement calculus is based on monotonic predicate transformers (monotonic functions from sets of post-states to sets of pre-states), and it is a powerful formalism for reasoning about imperative programs. We model reactive systems as monotonic property transformers that transform sets of output infinite sequences into sets of input infinite sequences. Within this semantics we can model refinement of reactive systems, (unbounded) angelic and demonic nondeterminism, sequential composition, and other semantic properties. We can model systems that may fail for some inputs, and we can model compatibility of systems. We can specify systems that have liveness properties using linear temporal logic, and we can refine system specifications into systems based on symbolic transitions systems, suitable for implementations.", "authors": [ "Viorel Preoteasa" ], "date": "2014-10-08", "id": 503, "link": "/entries/RefinementReactive.html", "permalink": "/entries/RefinementReactive.html", "shortname": "RefinementReactive", "title": "Formalization of Refinement Calculus for Reactive Systems", "topic_links": [ "computer-science/programming-languages/logics" ], "topics": [ "Computer science/Programming languages/Logics" ], "used_by": 0 }, { "abstract": "This entry provides several monads intended for the development of stand-alone certifiers via code generation from Isabelle/HOL. More specifically, there are three flavors of error monads (the sum type, for the case where all monadic functions are total; an instance of the former, the so called check monad, yielding either success without any further information or an error message; as well as a variant of the sum type that accommodates partial functions by providing an explicit bottom element) and a parser monad built on top. All of this monads are heavily used in the IsaFoR/CeTA project which thus provides many examples of their usage.", "authors": [ "Christian Sternagel", "RenĂ© Thiemann" ], "date": "2014-10-03", "id": 504, "link": "/entries/Certification_Monads.html", "permalink": "/entries/Certification_Monads.html", "shortname": "Certification_Monads", "title": "Certification Monads", "topic_links": [ "computer-science/functional-programming" ], "topics": [ "Computer science/Functional programming" ], "used_by": 3 }, { "abstract": "This entry provides an XML library for Isabelle/HOL. This includes parsing and pretty printing of XML trees as well as combinators for transforming XML trees into arbitrary user-defined data. The main contribution of this entry is an interface (fit for code generation) that allows for communication between verified programs formalized in Isabelle/HOL and the outside world via XML. This library was developed as part of the IsaFoR/CeTA project to which we refer for examples of its usage.", "authors": [ "Christian Sternagel", "RenĂ© Thiemann" ], "date": "2014-10-03", "id": 505, "link": "/entries/XML.html", "permalink": "/entries/XML.html", "shortname": "XML", "title": "XML", "topic_links": [ "computer-science/functional-programming", "computer-science/data-structures" ], "topics": [ "Computer science/Functional programming", "Computer science/Data structures" ], "used_by": 0 }, { "abstract": "The insertion sort algorithm of Cormen et al. (Introduction to Algorithms) is expressed in Imperative HOL and proved to be correct and terminating. For this purpose we also provide a theory about imperative loop constructs with accompanying induction/invariant rules for proving partial and total correctness. Furthermore, the formalized algorithm is fit for code generation.", "authors": [ "Christian Sternagel" ], "date": "2014-09-25", "id": 506, "link": "/entries/Imperative_Insertion_Sort.html", "permalink": "/entries/Imperative_Insertion_Sort.html", "shortname": "Imperative_Insertion_Sort", "title": "Imperative Insertion Sort", "topic_links": [ "computer-science/algorithms" ], "topics": [ "Computer science/Algorithms" ], "used_by": 0 }, { "abstract": "We have formalized the Sturm-Tarski theorem (also referred as the Tarski theorem), which generalizes Sturm's theorem. Sturm's theorem is usually used as a way to count distinct real roots, while the Sturm-Tarksi theorem forms the basis for Tarski's classic quantifier elimination for real closed field.", "authors": [ "Wenda Li" ], "date": "2014-09-19", "id": 507, "link": "/entries/Sturm_Tarski.html", "permalink": "/entries/Sturm_Tarski.html", "shortname": "Sturm_Tarski", "title": "The Sturm-Tarski Theorem", "topic_links": [ "mathematics/analysis" ], "topics": [ "Mathematics/Analysis" ], "used_by": 4 }, { "abstract": "This document contains a proof of the Cayley-Hamilton theorem based on the development of matrices in HOL/Multivariate Analysis.", "authors": [ "Stephan Adelsberger", "Stefan Hetzl", "Florian Pollak" ], "date": "2014-09-15", "id": 508, "link": "/entries/Cayley_Hamilton.html", "permalink": "/entries/Cayley_Hamilton.html", "shortname": "Cayley_Hamilton", "title": "The Cayley-Hamilton Theorem", "topic_links": [ "mathematics/algebra" ], "topics": [ "Mathematics/Algebra" ], "used_by": 1 }, { "abstract": "This submission contains theories that lead to a formalization of the proof of the Jordan-Hölder theorem about composition series of finite groups. The theories formalize the notions of isomorphism classes of groups, simple groups, normal series, composition series, maximal normal subgroups. Furthermore, they provide proofs of the second isomorphism theorem for groups, the characterization theorem for maximal normal subgroups as well as many useful lemmas about normal subgroups and factor groups. The proof is inspired by course notes of Stuart Rankin.", "authors": [ "Jakob von Raumer" ], "date": "2014-09-09", "id": 509, "link": "/entries/Jordan_Hoelder.html", "permalink": "/entries/Jordan_Hoelder.html", "shortname": "Jordan_Hoelder", "title": "The Jordan-Hölder Theorem", "topic_links": [ "mathematics/algebra" ], "topics": [ "Mathematics/Algebra" ], "used_by": 0 }, { "abstract": "This entry verifies priority queues based on Braun trees. Insertion and deletion take logarithmic time and preserve the balanced nature of Braun trees. Two implementations of deletion are provided.", "authors": [ "Tobias Nipkow" ], "date": "2014-09-04", "id": 510, "link": "/entries/Priority_Queue_Braun.html", "permalink": "/entries/Priority_Queue_Braun.html", "shortname": "Priority_Queue_Braun", "title": "Priority Queues Based on Braun Trees", "topic_links": [ "computer-science/data-structures" ], "topics": [ "Computer science/Data structures" ], "used_by": 0 }, { "abstract": "The Gauss-Jordan algorithm states that any matrix over a field can be transformed by means of elementary row operations to a matrix in reduced row echelon form. The formalization is based on the Rank Nullity Theorem entry of the AFP and on the HOL-Multivariate-Analysis session of Isabelle, where matrices are represented as functions over finite types. We have set up the code generator to make this representation executable. In order to improve the performance, a refinement to immutable arrays has been carried out. We have formalized some of the applications of the Gauss-Jordan algorithm. Thanks to this development, the following facts can be computed over matrices whose elements belong to a field: Ranks, Determinants, Inverses, Bases and dimensions and Solutions of systems of linear equations. Code can be exported to SML and Haskell.", "authors": [ "Jose DivasĂłn", "JesĂșs Aransay" ], "date": "2014-09-03", "id": 511, "link": "/entries/Gauss_Jordan.html", "permalink": "/entries/Gauss_Jordan.html", "shortname": "Gauss_Jordan", "title": "Gauss-Jordan Algorithm and Its Applications", "topic_links": [ "computer-science/algorithms/mathematical" ], "topics": [ "Computer science/Algorithms/Mathematical" ], "used_by": 4 }, { "abstract": "This development proves upper and lower bounds for several familiar real-valued functions. For sin, cos, exp and sqrt, it defines and verifies infinite families of upper and lower bounds, mostly based on Taylor series expansions. For arctan, ln and exp, it verifies a finite collection of upper and lower bounds, originally obtained from the functions' continued fraction expansions using the computer algebra system Maple. A common theme in these proofs is to take the difference between a function and its approximation, which should be zero at one point, and then consider the sign of the derivative. The immediate purpose of this development is to verify axioms used by MetiTarski, an automatic theorem prover for real-valued special functions. Crucial to MetiTarski's operation is the provision of upper and lower bounds for each function of interest.", "authors": [ "Lawrence C. Paulson" ], "date": "2014-08-29", "id": 512, "link": "/entries/Special_Function_Bounds.html", "permalink": "/entries/Special_Function_Bounds.html", "shortname": "Special_Function_Bounds", "title": "Real-Valued Special Functions: Upper and Lower Bounds", "topic_links": [ "mathematics/analysis" ], "topics": [ "Mathematics/Analysis" ], "used_by": 0 }, { "abstract": "This formalisation of basic linear algebra is based completely on locales, building off HOL-Algebra. It includes basic definitions: linear combinations, span, linear independence; linear transformations; interpretation of function spaces as vector spaces; the direct sum of vector spaces, sum of subspaces; the replacement theorem; existence of bases in finite-dimensional; vector spaces, definition of dimension; the rank-nullity theorem. Some concepts are actually defined and proved for modules as they also apply there. Infinite-dimensional vector spaces are supported, but dimension is only supported for finite-dimensional vector spaces. The proofs are standard; the proofs of the replacement theorem and rank-nullity theorem roughly follow the presentation in Linear Algebra by Friedberg, Insel, and Spence. The rank-nullity theorem generalises the existing development in the Archive of Formal Proof (originally using type classes, now using a mix of type classes and locales).", "authors": [ "Holden Lee" ], "date": "2014-08-29", "id": 513, "link": "/entries/VectorSpace.html", "permalink": "/entries/VectorSpace.html", "shortname": "VectorSpace", "title": "Vector Spaces", "topic_links": [ "mathematics/algebra" ], "topics": [ "Mathematics/Algebra" ], "used_by": 3 }, { "abstract": "Skew heaps are an amazingly simple and lightweight implementation of priority queues. They were invented by Sleator and Tarjan [SIAM 1986] and have logarithmic amortized complexity. This entry provides executable and verified functional skew heaps. \u003cp\u003e The amortized complexity of skew heaps is analyzed in the AFP entry \u003ca href=\"http://isa-afp.org/entries/Amortized_Complexity.html\"\u003eAmortized Complexity\u003c/a\u003e.", "authors": [ "Tobias Nipkow" ], "date": "2014-08-13", "id": 514, "link": "/entries/Skew_Heap.html", "permalink": "/entries/Skew_Heap.html", "shortname": "Skew_Heap", "title": "Skew Heap", "topic_links": [ "computer-science/data-structures" ], "topics": [ "Computer science/Data structures" ], "used_by": 1 }, { "abstract": "Splay trees are self-adjusting binary search trees which were invented by Sleator and Tarjan [JACM 1985]. This entry provides executable and verified functional splay trees as well as the related splay heaps (due to Okasaki). \u003cp\u003e The amortized complexity of splay trees and heaps is analyzed in the AFP entry \u003ca href=\"http://isa-afp.org/entries/Amortized_Complexity.html\"\u003eAmortized Complexity\u003c/a\u003e.", "authors": [ "Tobias Nipkow" ], "date": "2014-08-12", "id": 515, "link": "/entries/Splay_Tree.html", "permalink": "/entries/Splay_Tree.html", "shortname": "Splay_Tree", "title": "Splay Tree", "topic_links": [ "computer-science/data-structures" ], "topics": [ "Computer science/Data structures" ], "used_by": 1 }, { "abstract": "We implemented a type class for \"to-string\" functions, similar to Haskell's Show class. Moreover, we provide instantiations for Isabelle/HOL's standard types like bool, prod, sum, nats, ints, and rats. It is further possible, to automatically derive show functions for arbitrary user defined datatypes similar to Haskell's \"deriving Show\".", "authors": [ "Christian Sternagel", "RenĂ© Thiemann" ], "date": "2014-07-29", "id": 516, "link": "/entries/Show.html", "permalink": "/entries/Show.html", "shortname": "Show", "title": "Haskell's Show Class in Isabelle/HOL", "topic_links": [ "computer-science/functional-programming" ], "topics": [ "Computer science/Functional programming" ], "used_by": 16 }, { "abstract": "\u003cp\u003eIntransitive noninterference has been a widely studied topic in the last few decades. Several well-established methodologies apply interactive theorem proving to formulate a noninterference theorem over abstract academic models. In joint work with several industrial and academic partners throughout Europe, we are helping in the certification process of PikeOS, an industrial separation kernel developed at SYSGO. In this process, established theories could not be applied. We present a new generic model of separation kernels and a new theory of intransitive noninterference. The model is rich in detail, making it suitable for formal verification of realistic and industrial systems such as PikeOS. Using a refinement-based theorem proving approach, we ensure that proofs remain manageable.\u003c/p\u003e \u003cp\u003e This document corresponds to the deliverable D31.1 of the EURO-MILS Project \u003ca href=\"http://www.euromils.eu\"\u003ehttp://www.euromils.eu\u003c/a\u003e.\u003c/p\u003e", "authors": [ "Freek Verbeek", "Sergey Tverdyshev", "Oto Havle", "Holger Blasum", "Bruno Langenstein", "Werner Stephan", "Yakoub Nemouchi", "Abderrahmane Feliachi", "Burkhart Wolff", "Julien Schmaltz" ], "date": "2014-07-18", "id": 517, "link": "/entries/CISC-Kernel.html", "permalink": "/entries/CISC-Kernel.html", "shortname": "CISC-Kernel", "title": "Formal Specification of a Generic Separation Kernel", "topic_links": [ "computer-science/security" ], "topics": [ "Computer science/Security" ], "used_by": 0 }, { "abstract": "\u003cp\u003epGCL is both a programming language and a specification language that incorporates both probabilistic and nondeterministic choice, in a unified manner. Program verification is by refinement or annotation (or both), using either Hoare triples, or weakest-precondition entailment, in the style of GCL.\u003c/p\u003e \u003cp\u003e This package provides both a shallow embedding of the language primitives, and an annotation and refinement framework. The generated document includes a brief tutorial.\u003c/p\u003e", "authors": [ "David Cock" ], "date": "2014-07-13", "id": 518, "link": "/entries/pGCL.html", "permalink": "/entries/pGCL.html", "shortname": "pGCL", "title": "pGCL for Isabelle", "topic_links": [ "computer-science/programming-languages/language-definitions" ], "topics": [ "Computer science/Programming languages/Language definitions" ], "used_by": 0 }, { "abstract": "A framework for the analysis of the amortized complexity of functional data structures is formalized in Isabelle/HOL and applied to a number of standard examples and to the folowing non-trivial ones: skew heaps, splay trees, splay heaps and pairing heaps. \u003cp\u003e A preliminary version of this work (without pairing heaps) is described in a \u003ca href=\"http://www21.in.tum.de/~nipkow/pubs/itp15.html\"\u003epaper\u003c/a\u003e published in the proceedings of the conference on Interactive Theorem Proving ITP 2015. An extended version of this publication is available \u003ca href=\"http://www21.in.tum.de/~nipkow/pubs/jfp16.html\"\u003ehere\u003c/a\u003e.", "authors": [ "Tobias Nipkow" ], "date": "2014-07-07", "id": 519, "link": "/entries/Amortized_Complexity.html", "permalink": "/entries/Amortized_Complexity.html", "shortname": "Amortized_Complexity", "title": "Amortized Complexity Verified", "topic_links": [ "computer-science/data-structures" ], "topics": [ "Computer science/Data structures" ], "used_by": 2 }, { "abstract": "We present a unified theory for verifying network security policies. A security policy is represented as directed graph. To check high-level security goals, security invariants over the policy are expressed. We cover monotonic security invariants, i.e. prohibiting more does not harm security. We provide the following contributions for the security invariant theory. \u003cul\u003e \u003cli\u003eSecure auto-completion of scenario-specific knowledge, which eases usability.\u003c/li\u003e \u003cli\u003eSecurity violations can be repaired by tightening the policy iff the security invariants hold for the deny-all policy.\u003c/li\u003e \u003cli\u003eAn algorithm to compute a security policy.\u003c/li\u003e \u003cli\u003eA formalization of stateful connection semantics in network security mechanisms.\u003c/li\u003e \u003cli\u003eAn algorithm to compute a secure stateful implementation of a policy.\u003c/li\u003e \u003cli\u003eAn executable implementation of all the theory.\u003c/li\u003e \u003cli\u003eExamples, ranging from an aircraft cabin data network to the analysis of a large real-world firewall.\u003c/li\u003e \u003cli\u003eMore examples: A fully automated translation of high-level security goals to both firewall and SDN configurations (see Examples/Distributed_WebApp.thy).\u003c/li\u003e \u003c/ul\u003e For a detailed description, see \u003cul\u003e \u003cli\u003eC. Diekmann, A. Korsten, and G. Carle. \u003ca href=\"http://www.net.in.tum.de/fileadmin/bibtex/publications/papers/diekmann2015mansdnnfv.pdf\"\u003eDemonstrating topoS: Theorem-prover-based synthesis of secure network configurations.\u003c/a\u003e In 2nd International Workshop on Management of SDN and NFV Systems, manSDN/NFV, Barcelona, Spain, November 2015.\u003c/li\u003e \u003cli\u003eC. Diekmann, S.-A. Posselt, H. Niedermayer, H. Kinkelin, O. Hanka, and G. Carle. \u003ca href=\"http://www.net.in.tum.de/pub/diekmann/forte14.pdf\"\u003eVerifying Security Policies using Host Attributes.\u003c/a\u003e In FORTE, 34th IFIP International Conference on Formal Techniques for Distributed Objects, Components and Systems, Berlin, Germany, June 2014.\u003c/li\u003e \u003cli\u003eC. Diekmann, L. Hupel, and G. Carle. Directed Security Policies: \u003ca href=\"http://rvg.web.cse.unsw.edu.au/eptcs/paper.cgi?ESSS2014.3\"\u003eA Stateful Network Implementation.\u003c/a\u003e In J. Pang and Y. Liu, editors, Engineering Safety and Security Systems, volume 150 of Electronic Proceedings in Theoretical Computer Science, pages 20-34, Singapore, May 2014. Open Publishing Association.\u003c/li\u003e \u003c/ul\u003e", "authors": [ "Cornelius Diekmann" ], "date": "2014-07-04", "id": 520, "link": "/entries/Network_Security_Policy_Verification.html", "permalink": "/entries/Network_Security_Policy_Verification.html", "shortname": "Network_Security_Policy_Verification", "title": "Network Security Policy Verification", "topic_links": [ "computer-science/security" ], "topics": [ "Computer science/Security" ], "used_by": 0 }, { "abstract": "Pop-refinement is an approach to stepwise refinement, carried out inside an interactive theorem prover by constructing a monotonically decreasing sequence of predicates over deeply embedded target programs. The sequence starts with a predicate that characterizes the possible implementations, and ends with a predicate that characterizes a unique program in explicit syntactic form. Pop-refinement enables more requirements (e.g. program-level and non-functional) to be captured in the initial specification and preserved through refinement. Security requirements expressed as hyperproperties (i.e. predicates over sets of traces) are always preserved by pop-refinement, unlike the popular notion of refinement as trace set inclusion. Two simple examples in Isabelle/HOL are presented, featuring program-level requirements, non-functional requirements, and hyperproperties.", "authors": [ "Alessandro Coglio" ], "date": "2014-07-03", "id": 521, "link": "/entries/Pop_Refinement.html", "permalink": "/entries/Pop_Refinement.html", "shortname": "Pop_Refinement", "title": "Pop-Refinement", "topic_links": [ "computer-science/programming-languages/misc" ], "topics": [ "Computer science/Programming languages/Misc" ], "used_by": 0 }, { "abstract": "Monadic second-order logic on finite words (MSO) is a decidable yet expressive logic into which many decision problems can be encoded. Since MSO formulas correspond to regular languages, equivalence of MSO formulas can be reduced to the equivalence of some regular structures (e.g. automata). We verify an executable decision procedure for MSO formulas that is not based on automata but on regular expressions. \u003cp\u003e Decision procedures for regular expression equivalence have been formalized before, usually based on Brzozowski derivatives. Yet, for a straightforward embedding of MSO formulas into regular expressions an extension of regular expressions with a projection operation is required. We prove total correctness and completeness of an equivalence checker for regular expressions extended in that way. We also define a language-preserving translation of formulas into regular expressions with respect to two different semantics of MSO. \u003cp\u003e The formalization is described in this \u003ca href=\"http://www21.in.tum.de/~nipkow/pubs/icfp13.html\"\u003eICFP 2013 functional pearl\u003c/a\u003e.", "authors": [ "Dmitriy Traytel", "Tobias Nipkow" ], "date": "2014-06-12", "id": 522, "link": "/entries/MSO_Regex_Equivalence.html", "permalink": "/entries/MSO_Regex_Equivalence.html", "shortname": "MSO_Regex_Equivalence", "title": "Decision Procedures for MSO on Words Based on Derivatives of Regular Expressions", "topic_links": [ "computer-science/automata-and-formal-languages", "logic/general-logic/decidability-of-theories" ], "topics": [ "Computer science/Automata and formal languages", "Logic/General logic/Decidability of theories" ], "used_by": 0 }, { "abstract": "This entry provides executable checkers for the following properties of boolean expressions: satisfiability, tautology and equivalence. Internally, the checkers operate on binary decision trees and are reasonably efficient (for purely functional algorithms).", "authors": [ "Tobias Nipkow" ], "date": "2014-06-08", "id": 523, "link": "/entries/Boolean_Expression_Checkers.html", "permalink": "/entries/Boolean_Expression_Checkers.html", "shortname": "Boolean_Expression_Checkers", "title": "Boolean Expression Checkers", "topic_links": [ "computer-science/algorithms", "logic/general-logic/mechanization-of-proofs" ], "topics": [ "Computer science/Algorithms", "Logic/General logic/Mechanization of proofs" ], "used_by": 2 }, { "abstract": "We present an LTL model checker whose code has been completely verified using the Isabelle theorem prover. The checker consists of over 4000 lines of ML code. The code is produced using the Isabelle Refinement Framework, which allows us to split its correctness proof into (1) the proof of an abstract version of the checker, consisting of a few hundred lines of ``formalized pseudocode'', and (2) a verified refinement step in which mathematical sets and other abstract structures are replaced by implementations of efficient structures like red-black trees and functional arrays. This leads to a checker that, while still slower than unverified checkers, can already be used as a trusted reference implementation against which advanced implementations can be tested. \u003cp\u003e An early version of this model checker is described in the \u003ca href=\"http://www21.in.tum.de/~nipkow/pubs/cav13.html\"\u003eCAV 2013 paper\u003c/a\u003e with the same title.", "authors": [ "Javier Esparza", "Peter Lammich", "RenĂ© Neumann", "Tobias Nipkow", "Alexander Schimpf", "Jan-Georg Smaus" ], "date": "2014-05-28", "id": 524, "link": "/entries/CAVA_LTL_Modelchecker.html", "permalink": "/entries/CAVA_LTL_Modelchecker.html", "shortname": "CAVA_LTL_Modelchecker", "title": "A Fully Verified Executable LTL Model Checker", "topic_links": [ "computer-science/automata-and-formal-languages" ], "topics": [ "Computer science/Automata and formal languages" ], "used_by": 0 }, { "abstract": "We formalize linear-time temporal logic (LTL) and the algorithm by Gerth et al. to convert LTL formulas to generalized BĂŒchi automata. We also formalize some syntactic rewrite rules that can be applied to optimize the LTL formula before conversion. Moreover, we integrate the Stuttering Equivalence AFP-Entry by Stefan Merz, adapting the lemma that next-free LTL formula cannot distinguish between stuttering equivalent runs to our setting. \u003cp\u003e We use the Isabelle Refinement and Collection framework, as well as the Autoref tool, to obtain a refined version of our algorithm, from which efficiently executable code can be extracted.", "authors": [ "Alexander Schimpf", "Peter Lammich" ], "date": "2014-05-28", "id": 525, "link": "/entries/LTL_to_GBA.html", "permalink": "/entries/LTL_to_GBA.html", "shortname": "LTL_to_GBA", "title": "Converting Linear-Time Temporal Logic to Generalized BĂŒchi Automata", "topic_links": [ "computer-science/automata-and-formal-languages" ], "topics": [ "Computer science/Automata and formal languages" ], "used_by": 1 }, { "abstract": "We present an executable formalization of the language Promela, the description language for models of the model checker SPIN. This formalization is part of the work for a completely verified model checker (CAVA), but also serves as a useful (and executable!) description of the semantics of the language itself, something that is currently missing. The formalization uses three steps: It takes an abstract syntax tree generated from an SML parser, removes syntactic sugar and enriches it with type information. This further gets translated into a transition system, on which the semantic engine (read: successor function) operates.", "authors": [ "RenĂ© Neumann" ], "date": "2014-05-28", "id": 526, "link": "/entries/Promela.html", "permalink": "/entries/Promela.html", "shortname": "Promela", "title": "Promela Formalization", "topic_links": [ "computer-science/system-description-languages" ], "topics": [ "Computer science/System description languages" ], "used_by": 1 }, { "abstract": "We report on the graph and automata library that is used in the fully verified LTL model checker CAVA. As most components of CAVA use some type of graphs or automata, a common automata library simplifies assembly of the components and reduces redundancy. \u003cp\u003e The CAVA Automata Library provides a hierarchy of graph and automata classes, together with some standard algorithms. Its object oriented design allows for sharing of algorithms, theorems, and implementations between its classes, and also simplifies extensions of the library. Moreover, it is integrated into the Automatic Refinement Framework, supporting automatic refinement of the abstract automata types to efficient data structures. \u003cp\u003e Note that the CAVA Automata Library is work in progress. Currently, it is very specifically tailored towards the requirements of the CAVA model checker. Nevertheless, the formalization techniques presented here allow an extension of the library to a wider scope. Moreover, they are not limited to graph libraries, but apply to class hierarchies in general. \u003cp\u003e The CAVA Automata Library is described in the paper: Peter Lammich, The CAVA Automata Library, Isabelle Workshop 2014.", "authors": [ "Peter Lammich" ], "date": "2014-05-28", "id": 527, "link": "/entries/CAVA_Automata.html", "permalink": "/entries/CAVA_Automata.html", "shortname": "CAVA_Automata", "title": "The CAVA Automata Library", "topic_links": [ "computer-science/automata-and-formal-languages" ], "topics": [ "Computer science/Automata and formal languages" ], "used_by": 8 }, { "abstract": "We present an Isabelle/HOL formalization of Gabow's algorithm for finding the strongly connected components of a directed graph. Using data refinement techniques, we extract efficient code that performs comparable to a reference implementation in Java. Our style of formalization allows for re-using large parts of the proofs when defining variants of the algorithm. We demonstrate this by verifying an algorithm for the emptiness check of generalized BĂŒchi automata, re-using most of the existing proofs.", "authors": [ "Peter Lammich" ], "date": "2014-05-28", "id": 528, "link": "/entries/Gabow_SCC.html", "permalink": "/entries/Gabow_SCC.html", "shortname": "Gabow_SCC", "title": "Verified Efficient Implementation of Gabow's Strongly Connected Components Algorithm", "topic_links": [ "computer-science/algorithms/graph", "mathematics/graph-theory" ], "topics": [ "Computer science/Algorithms/Graph", "Mathematics/Graph theory" ], "used_by": 2 }, { "abstract": "\u003cp\u003e An extension of classical noninterference security for deterministic state machines, as introduced by Goguen and Meseguer and elegantly formalized by Rushby, to nondeterministic systems should satisfy two fundamental requirements: it should be based on a mathematically precise theory of nondeterminism, and should be equivalent to (or at least not weaker than) the classical notion in the degenerate deterministic case. \u003c/p\u003e \u003cp\u003e This paper proposes a definition of noninterference security applying to Hoare's Communicating Sequential Processes (CSP) in the general case of a possibly intransitive noninterference policy, and proves the equivalence of this security property to classical noninterference security for processes representing deterministic state machines. \u003c/p\u003e \u003cp\u003e Furthermore, McCullough's generalized noninterference security is shown to be weaker than both the proposed notion of CSP noninterference security for a generic process, and classical noninterference security for processes representing deterministic state machines. This renders CSP noninterference security preferable as an extension of classical noninterference security to nondeterministic systems. \u003c/p\u003e", "authors": [ "Pasquale Noce" ], "date": "2014-05-23", "id": 529, "link": "/entries/Noninterference_CSP.html", "permalink": "/entries/Noninterference_CSP.html", "shortname": "Noninterference_CSP", "title": "Noninterference Security in Communicating Sequential Processes", "topic_links": [ "computer-science/security" ], "topics": [ "Computer science/Security" ], "used_by": 1 }, { "abstract": "This formulation of the Roy-Floyd-Warshall algorithm for the transitive closure bypasses matrices and arrays, but uses a more direct mathematical model with adjacency functions for immediate predecessors and successors. This can be implemented efficiently in functional programming languages and is particularly adequate for sparse relations.", "authors": [ "Makarius Wenzel" ], "date": "2014-05-23", "id": 530, "link": "/entries/Roy_Floyd_Warshall.html", "permalink": "/entries/Roy_Floyd_Warshall.html", "shortname": "Roy_Floyd_Warshall", "title": "Transitive closure according to Roy-Floyd-Warshall", "topic_links": [ "computer-science/algorithms/graph" ], "topics": [ "Computer science/Algorithms/Graph" ], "used_by": 0 }, { "abstract": "Regular algebras axiomatise the equational theory of regular expressions as induced by regular language identity. We use Isabelle/HOL for a detailed systematic study of regular algebras given by Boffa, Conway, Kozen and Salomaa. We investigate the relationships between these classes, formalise a soundness proof for the smallest class (Salomaa's) and obtain completeness of the largest one (Boffa's) relative to a deep result by Krob. In addition we provide a large collection of regular identities in the general setting of Boffa's axiom. Our regular algebra hierarchy is orthogonal to the Kleene algebra hierarchy in the Archive of Formal Proofs; we have not aimed at an integration for pragmatic reasons.", "authors": [ "Simon Foster", "Georg Struth" ], "date": "2014-05-21", "id": 531, "link": "/entries/Regular_Algebras.html", "permalink": "/entries/Regular_Algebras.html", "shortname": "Regular_Algebras", "title": "Regular Algebras", "topic_links": [ "computer-science/automata-and-formal-languages", "mathematics/algebra" ], "topics": [ "Computer science/Automata and formal languages", "Mathematics/Algebra" ], "used_by": 0 }, { "abstract": "This set of theories presents a formalisation in Isabelle/HOL of data dependencies between components. The approach allows to analyse system structure oriented towards efficient checking of system: it aims at elaborating for a concrete system, which parts of the system are necessary to check a given property.", "authors": [ "Maria Spichkova" ], "date": "2014-04-28", "id": 532, "link": "/entries/ComponentDependencies.html", "permalink": "/entries/ComponentDependencies.html", "shortname": "ComponentDependencies", "title": "Formalisation and Analysis of Component Dependencies", "topic_links": [ "computer-science/system-description-languages" ], "topics": [ "Computer science/System description languages" ], "used_by": 0 }, { "abstract": "Research in information-flow security aims at developing methods to identify undesired information leaks within programs from private (high) sources to public (low) sinks. For a concurrent system, it is desirable to have compositional analysis methods that allow for analyzing each thread independently and that nevertheless guarantee that the parallel composition of successfully analyzed threads satisfies a global security guarantee. However, such a compositional analysis should not be overly pessimistic about what an environment might do with shared resources. Otherwise, the analysis will reject many intuitively secure programs. \u003cp\u003e The paper \"Assumptions and Guarantees for Compositional Noninterference\" by Mantel et. al. presents one solution for this problem: an approach for compositionally reasoning about non-interference in concurrent programs via rely-guarantee-style reasoning. We present an Isabelle/HOL formalization of the concepts and proofs of this approach.", "authors": [ "Sylvia Grewe", "Heiko Mantel", "Daniel Schoepe" ], "date": "2014-04-23", "id": 533, "link": "/entries/SIFUM_Type_Systems.html", "permalink": "/entries/SIFUM_Type_Systems.html", "shortname": "SIFUM_Type_Systems", "title": "A Formalization of Assumptions and Guarantees for Compositional Noninterference", "topic_links": [ "computer-science/security", "computer-science/programming-languages/type-systems" ], "topics": [ "Computer science/Security", "Computer science/Programming languages/Type systems" ], "used_by": 0 }, { "abstract": "Research in information-flow security aims at developing methods to identify undesired information leaks within programs from private sources to public sinks. Noninterference captures this intuition by requiring that no information whatsoever flows from private sources to public sinks. However, in practice this definition is often too strict: Depending on the intuitive desired security policy, the controlled declassification of certain private information (WHAT) at certain points in the program (WHERE) might not result in an undesired information leak. \u003cp\u003e We present an Isabelle/HOL formalization of such a security property for controlled declassification, namely WHAT\u0026WHERE-security from \"Scheduler-Independent Declassification\" by Lux, Mantel, and Perner. The formalization includes compositionality proofs for and a soundness proof for a security type system that checks for programs in a simple while language with dynamic thread creation. \u003cp\u003e Our formalization of the security type system is abstract in the language for expressions and in the semantic side conditions for expressions. It can easily be instantiated with different syntactic approximations for these side conditions. The soundness proof of such an instantiation boils down to showing that these syntactic approximations imply the semantic side conditions. \u003cp\u003e This Isabelle/HOL formalization uses theories from the entry Strong Security.", "authors": [ "Sylvia Grewe", "Alexander Lux", "Heiko Mantel", "Jens Sauer" ], "date": "2014-04-23", "id": 534, "link": "/entries/WHATandWHERE_Security.html", "permalink": "/entries/WHATandWHERE_Security.html", "shortname": "WHATandWHERE_Security", "title": "A Formalization of Declassification with WHAT-and-WHERE-Security", "topic_links": [ "computer-science/security", "computer-science/programming-languages/type-systems" ], "topics": [ "Computer science/Security", "Computer science/Programming languages/Type systems" ], "used_by": 0 }, { "abstract": "Research in information-flow security aims at developing methods to identify undesired information leaks within programs from private sources to public sinks. Noninterference captures this intuition. Strong security from Sabelfeld and Sands formalizes noninterference for concurrent systems. \u003cp\u003e We present an Isabelle/HOL formalization of strong security for arbitrary security lattices (Sabelfeld and Sands use a two-element security lattice in the original publication). The formalization includes compositionality proofs for strong security and a soundness proof for a security type system that checks strong security for programs in a simple while language with dynamic thread creation. \u003cp\u003e Our formalization of the security type system is abstract in the language for expressions and in the semantic side conditions for expressions. It can easily be instantiated with different syntactic approximations for these side conditions. The soundness proof of such an instantiation boils down to showing that these syntactic approximations imply the semantic side conditions.", "authors": [ "Sylvia Grewe", "Alexander Lux", "Heiko Mantel", "Jens Sauer" ], "date": "2014-04-23", "id": 535, "link": "/entries/Strong_Security.html", "permalink": "/entries/Strong_Security.html", "shortname": "Strong_Security", "title": "A Formalization of Strong Security", "topic_links": [ "computer-science/security", "computer-science/programming-languages/type-systems" ], "topics": [ "Computer science/Security", "Computer science/Programming languages/Type systems" ], "used_by": 1 }, { "abstract": "This is a formalization of bounded-deducibility security (BD security), a flexible notion of information-flow security applicable to arbitrary transition systems. It generalizes Sutherland's classic notion of nondeducibility by factoring in declassification bounds and trigger, whereas nondeducibility states that, in a system, information cannot flow between specified sources and sinks, BD security indicates upper bounds for the flow and triggers under which these upper bounds are no longer guaranteed.", "authors": [ "Andrei Popescu", "Peter Lammich", "Thomas Bauereiss" ], "date": "2014-04-22", "id": 536, "link": "/entries/Bounded_Deducibility_Security.html", "permalink": "/entries/Bounded_Deducibility_Security.html", "shortname": "Bounded_Deducibility_Security", "title": "Bounded-Deducibility Security", "topic_links": [ "computer-science/security" ], "topics": [ "Computer science/Security" ], "used_by": 3 }, { "abstract": "We formalize HyperCTL*, a temporal logic for expressing security properties. We first define a shallow embedding of HyperCTL*, within which we prove inductive and coinductive rules for the operators. Then we show that a HyperCTL* formula captures Goguen-Meseguer noninterference, a landmark information flow property. We also define a deep embedding and connect it to the shallow embedding by a denotational semantics, for which we prove sanity w.r.t. dependence on the free variables. Finally, we show that under some finiteness assumptions about the model, noninterference is given by a (finitary) syntactic formula.", "authors": [ "Markus N. Rabe", "Peter Lammich", "Andrei Popescu" ], "date": "2014-04-16", "id": 537, "link": "/entries/HyperCTL.html", "permalink": "/entries/HyperCTL.html", "shortname": "HyperCTL", "title": "A shallow embedding of HyperCTL*", "topic_links": [ "computer-science/security", "logic/general-logic/temporal-logic" ], "topics": [ "Computer science/Security", "Logic/General logic/Temporal logic" ], "used_by": 0 }, { "abstract": "A formalization of an abstract property of possibly infinite derivation trees (modeled by a codatatype), representing the core of a proof (in Beth/Hintikka style) of the first-order logic completeness theorem, independent of the concrete syntax or inference rules. This work is described in detail in the IJCAR 2014 publication by the authors. The abstract proof can be instantiated for a wide range of Gentzen and tableau systems as well as various flavors of FOL---e.g., with or without predicates, equality, or sorts. Here, we give only a toy example instantiation with classical propositional logic. A more serious instance---many-sorted FOL with equality---is described elsewhere [Blanchette and Popescu, FroCoS 2013].", "authors": [ "Jasmin Christian Blanchette", "Andrei Popescu", "Dmitriy Traytel" ], "date": "2014-04-16", "id": 538, "link": "/entries/Abstract_Completeness.html", "permalink": "/entries/Abstract_Completeness.html", "shortname": "Abstract_Completeness", "title": "Abstract Completeness", "topic_links": [ "logic/proof-theory" ], "topics": [ "Logic/Proof theory" ], "used_by": 4 }, { "abstract": "These theories introduce basic concepts and proofs about discrete summation: shifts, formal summation, falling factorials and stirling numbers. As proof of concept, a simple summation conversion is provided.", "authors": [ "Florian Haftmann" ], "date": "2014-04-13", "id": 539, "link": "/entries/Discrete_Summation.html", "permalink": "/entries/Discrete_Summation.html", "shortname": "Discrete_Summation", "title": "Discrete Summation", "topic_links": [ "mathematics/combinatorics" ], "topics": [ "Mathematics/Combinatorics" ], "used_by": 2 }, { "abstract": "This document accompanies the article \"The Design and Implementation of a Verification Technique for GPU Kernels\" by Adam Betts, Nathan Chong, Alastair F. Donaldson, Jeroen Ketema, Shaz Qadeer, Paul Thomson and John Wickerson. It formalises all of the definitions provided in Sections 3 and 4 of the article.", "authors": [ "John Wickerson" ], "date": "2014-04-03", "id": 540, "link": "/entries/GPU_Kernel_PL.html", "permalink": "/entries/GPU_Kernel_PL.html", "shortname": "GPU_Kernel_PL", "title": "Syntax and semantics of a GPU kernel programming language", "topic_links": [ "computer-science/programming-languages/language-definitions" ], "topics": [ "Computer science/Programming languages/Language definitions" ], "used_by": 0 }, { "abstract": "We formalize a probabilistic noninterference for a multi-threaded language with uniform scheduling, where probabilistic behaviour comes from both the scheduler and the individual threads. We define notions probabilistic noninterference in two variants: resumption-based and trace-based. For the resumption-based notions, we prove compositionality w.r.t. the language constructs and establish sound type-system-like syntactic criteria. This is a formalization of the mathematical development presented at CPP 2013 and CALCO 2013. It is the probabilistic variant of the Possibilistic Noninterference AFP entry.", "authors": [ "Andrei Popescu", "Johannes Hölzl" ], "date": "2014-03-11", "id": 541, "link": "/entries/Probabilistic_Noninterference.html", "permalink": "/entries/Probabilistic_Noninterference.html", "shortname": "Probabilistic_Noninterference", "title": "Probabilistic Noninterference", "topic_links": [ "computer-science/security" ], "topics": [ "Computer science/Security" ], "used_by": 0 }, { "abstract": "\u003cp\u003e AWN is a process algebra developed for modelling and analysing protocols for Mobile Ad hoc Networks (MANETs) and Wireless Mesh Networks (WMNs). AWN models comprise five distinct layers: sequential processes, local parallel compositions, nodes, partial networks, and complete networks.\u003c/p\u003e \u003cp\u003e This development mechanises the original operational semantics of AWN and introduces a variant 'open' operational semantics that enables the compositional statement and proof of invariants across distinct network nodes. It supports labels (for weakening invariants) and (abstract) data state manipulations. A framework for compositional invariant proofs is developed, including a tactic (inv_cterms) for inductive invariant proofs of sequential processes, lifting rules for the open versions of the higher layers, and a rule for transferring lifted properties back to the standard semantics. A notion of 'control terms' reduces proof obligations to the subset of subterms that act directly (in contrast to operators for combining terms and joining processes).\u003c/p\u003e", "authors": [ "Timothy Bourke" ], "date": "2014-03-08", "id": 542, "link": "/entries/AWN.html", "permalink": "/entries/AWN.html", "shortname": "AWN", "title": "Mechanization of the Algebra for Wireless Networks (AWN)", "topic_links": [ "computer-science/concurrency/process-calculi" ], "topics": [ "Computer science/Concurrency/Process calculi" ], "used_by": 1 }, { "abstract": "We provide a wrapper around the partial-function command that supports mutual recursion.", "authors": [ "RenĂ© Thiemann" ], "date": "2014-02-18", "id": 543, "link": "/entries/Partial_Function_MR.html", "permalink": "/entries/Partial_Function_MR.html", "shortname": "Partial_Function_MR", "title": "Mutually Recursive Partial Functions", "topic_links": [ "computer-science/functional-programming" ], "topics": [ "Computer science/Functional programming" ], "used_by": 2 }, { "abstract": "Random graphs are graphs with a fixed number of vertices, where each edge is present with a fixed probability. We are interested in the probability that a random graph contains a certain pattern, for example a cycle or a clique. A very high edge probability gives rise to perhaps too many edges (which degrades performance for many algorithms), whereas a low edge probability might result in a disconnected graph. We prove a theorem about a threshold probability such that a higher edge probability will asymptotically almost surely produce a random graph with the desired subgraph.", "authors": [ "Lars Hupel" ], "date": "2014-02-13", "id": 544, "link": "/entries/Random_Graph_Subgraph_Threshold.html", "permalink": "/entries/Random_Graph_Subgraph_Threshold.html", "shortname": "Random_Graph_Subgraph_Threshold", "title": "Properties of Random Graphs -- Subgraph Containment", "topic_links": [ "mathematics/graph-theory", "mathematics/probability-theory" ], "topics": [ "Mathematics/Graph theory", "Mathematics/Probability theory" ], "used_by": 1 }, { "abstract": "Stepwise program refinement techniques can be used to simplify program verification. Programs are better understood since their main properties are clearly stated, and verification of rather complex algorithms is reduced to proving simple statements connecting successive program specifications. Additionally, it is easy to analyze similar algorithms and to compare their properties within a single formalization. Usually, formal analysis is not done in educational setting due to complexity of verification and a lack of tools and procedures to make comparison easy. Verification of an algorithm should not only give correctness proof, but also better understanding of an algorithm. If the verification is based on small step program refinement, it can become simple enough to be demonstrated within the university-level computer science curriculum. In this paper we demonstrate this and give a formal analysis of two well known algorithms (Selection Sort and Heap Sort) using proof assistant Isabelle/HOL and program refinement techniques.", "authors": [ "Danijela Petrovic" ], "date": "2014-02-11", "id": 545, "link": "/entries/Selection_Heap_Sort.html", "permalink": "/entries/Selection_Heap_Sort.html", "shortname": "Selection_Heap_Sort", "title": "Verification of Selection and Heap Sort Using Locales", "topic_links": [ "computer-science/algorithms" ], "topics": [ "Computer science/Algorithms" ], "used_by": 0 }, { "abstract": "We give a formalization of affine forms as abstract representations of zonotopes. We provide affine operations as well as overapproximations of some non-affine operations like multiplication and division. Expressions involving those operations can automatically be turned into (executable) functions approximating the original expression in affine arithmetic.", "authors": [ "Fabian Immler" ], "date": "2014-02-07", "id": 546, "link": "/entries/Affine_Arithmetic.html", "permalink": "/entries/Affine_Arithmetic.html", "shortname": "Affine_Arithmetic", "title": "Affine Arithmetic", "topic_links": [ "mathematics/analysis" ], "topics": [ "Mathematics/Analysis" ], "used_by": 2 }, { "abstract": "We apply data refinement to implement the real numbers, where we support all numbers in the field extension Q[sqrt(b)], i.e., all numbers of the form p + q * sqrt(b) for rational numbers p and q and some fixed natural number b. To this end, we also developed algorithms to precisely compute roots of a rational number, and to perform a factorization of natural numbers which eliminates duplicate prime factors. \u003cp\u003e Our results have been used to certify termination proofs which involve polynomial interpretations over the reals.", "authors": [ "RenĂ© Thiemann" ], "date": "2014-02-06", "id": 547, "link": "/entries/Real_Impl.html", "permalink": "/entries/Real_Impl.html", "shortname": "Real_Impl", "title": "Implementing field extensions of the form Q[sqrt(b)]", "topic_links": [ "mathematics/analysis" ], "topics": [ "Mathematics/Analysis" ], "used_by": 2 }, { "abstract": "We formalize a unified framework for verified decision procedures for regular expression equivalence. Five recently published formalizations of such decision procedures (three based on derivatives, two on marked regular expressions) can be obtained as instances of the framework. We discover that the two approaches based on marked regular expressions, which were previously thought to be the same, are different, and one seems to produce uniformly smaller automata. The common framework makes it possible to compare the performance of the different decision procedures in a meaningful way. \u003ca href=\"http://www21.in.tum.de/~nipkow/pubs/itp14.html\"\u003e The formalization is described in a paper of the same name presented at Interactive Theorem Proving 2014\u003c/a\u003e.", "authors": [ "Tobias Nipkow", "Dmitriy Traytel" ], "date": "2014-01-30", "id": 548, "link": "/entries/Regex_Equivalence.html", "permalink": "/entries/Regex_Equivalence.html", "shortname": "Regex_Equivalence", "title": "Unified Decision Procedures for Regular Expression Equivalence", "topic_links": [ "computer-science/automata-and-formal-languages" ], "topics": [ "Computer science/Automata and formal languages" ], "used_by": 0 }, { "abstract": "These theories extend the existing proof of the first Sylow theorem (written by Florian Kammueller and L. C. Paulson) by what are often called the second, third and fourth Sylow theorems. These theorems state propositions about the number of Sylow p-subgroups of a group and the fact that they are conjugate to each other. The proofs make use of an implementation of group actions and their properties.", "authors": [ "Jakob von Raumer" ], "date": "2014-01-28", "id": 549, "link": "/entries/Secondary_Sylow.html", "permalink": "/entries/Secondary_Sylow.html", "shortname": "Secondary_Sylow", "title": "Secondary Sylow Theorems", "topic_links": [ "mathematics/algebra" ], "topics": [ "Mathematics/Algebra" ], "used_by": 1 }, { "abstract": "Tarski's algebra of binary relations is formalised along the lines of the standard textbooks of Maddux and Schmidt and Ströhlein. This includes relation-algebraic concepts such as subidentities, vectors and a domain operation as well as various notions associated to functions. Relation algebras are also expanded by a reflexive transitive closure operation, and they are linked with Kleene algebras and models of binary relations and Boolean matrices.", "authors": [ "Alasdair Armstrong", "Simon Foster", "Georg Struth", "Tjark Weber" ], "date": "2014-01-25", "id": 550, "link": "/entries/Relation_Algebra.html", "permalink": "/entries/Relation_Algebra.html", "shortname": "Relation_Algebra", "title": "Relation Algebra", "topic_links": [ "mathematics/algebra" ], "topics": [ "Mathematics/Algebra" ], "used_by": 2 }, { "abstract": "We formalise Kleene algebra with tests (KAT) and demonic refinement algebra (DRA) in Isabelle/HOL. KAT is relevant for program verification and correctness proofs in the partial correctness setting. While DRA targets similar applications in the context of total correctness. Our formalisation contains the two most important models of these algebras: binary relations in the case of KAT and predicate transformers in the case of DRA. In addition, we derive the inference rules for Hoare logic in KAT and its relational model and present a simple formally verified program verification tool prototype based on the algebraic approach.", "authors": [ "Alasdair Armstrong", "Victor B. F. Gomes", "Georg Struth" ], "date": "2014-01-23", "id": 551, "link": "/entries/KAT_and_DRA.html", "permalink": "/entries/KAT_and_DRA.html", "shortname": "KAT_and_DRA", "title": "Kleene Algebra with Tests and Demonic Refinement Algebras", "topic_links": [ "computer-science/programming-languages/logics", "computer-science/automata-and-formal-languages", "mathematics/algebra" ], "topics": [ "Computer science/Programming languages/Logics", "Computer science/Automata and formal languages", "Mathematics/Algebra" ], "used_by": 2 }, { "abstract": "The Unified Modeling Language (UML) is one of the few modeling languages that is widely used in industry. While UML is mostly known as diagrammatic modeling language (e.g., visualizing class models), it is complemented by a textual language, called Object Constraint Language (OCL). The current version of OCL is based on a four-valued logic that turns UML into a formal language. Any type comprises the elements \"invalid\" and \"null\" which are propagated as strict and non-strict, respectively. Unfortunately, the former semi-formal semantics of this specification language, captured in the \"Annex A\" of the OCL standard, leads to different interpretations of corner cases. We formalize the core of OCL: denotational definitions, a logical calculus and operational rules that allow for the execution of OCL expressions by a mixture of term rewriting and code compilation. Our formalization reveals several inconsistencies and contradictions in the current version of the OCL standard. Overall, this document is intended to provide the basis for a machine-checked text \"Annex A\" of the OCL standard targeting at tool implementors.", "authors": [ "Achim D. Brucker", "FrĂ©dĂ©ric Tuong", "Burkhart Wolff" ], "date": "2014-01-16", "id": 552, "link": "/entries/Featherweight_OCL.html", "permalink": "/entries/Featherweight_OCL.html", "shortname": "Featherweight_OCL", "title": "Featherweight OCL: A Proposal for a Machine-Checked Formal Semantics for OCL 2.5", "topic_links": [ "computer-science/system-description-languages" ], "topics": [ "Computer science/System description languages" ], "used_by": 0 }, { "abstract": "This paper presents an Isabelle/HOL set of theories which allows the specification of crypto-based components and the verification of their composition properties wrt. cryptographic aspects. We introduce a formalisation of the security property of data secrecy, the corresponding definitions and proofs. Please note that here we import the Isabelle/HOL theory ListExtras.thy, presented in the AFP entry FocusStreamsCaseStudies-AFP.", "authors": [ "Maria Spichkova" ], "date": "2014-01-11", "id": 553, "link": "/entries/CryptoBasedCompositionalProperties.html", "permalink": "/entries/CryptoBasedCompositionalProperties.html", "shortname": "CryptoBasedCompositionalProperties", "title": "Compositional Properties of Crypto-Based Components", "topic_links": [ "computer-science/security" ], "topics": [ "Computer science/Security" ], "used_by": 0 }, { "abstract": "Sturm's Theorem states that polynomial sequences with certain properties, so-called Sturm sequences, can be used to count the number of real roots of a real polynomial. This work contains a proof of Sturm's Theorem and code for constructing Sturm sequences efficiently. It also provides the “sturm” proof method, which can decide certain statements about the roots of real polynomials, such as “the polynomial P has exactly n roots in the interval I” or “P(x) \u003e Q(x) for all x \u0026#8712; \u0026#8477;”.", "authors": [ "Manuel Eberl" ], "date": "2014-01-11", "id": 554, "link": "/entries/Sturm_Sequences.html", "permalink": "/entries/Sturm_Sequences.html", "shortname": "Sturm_Sequences", "title": "Sturm's Theorem", "topic_links": [ "mathematics/analysis" ], "topics": [ "Mathematics/Analysis" ], "used_by": 4 }, { "abstract": "\u003cp\u003e Tail-recursive function definitions are sometimes more straightforward than alternatives, but proving theorems on them may be roundabout because of the peculiar form of the resulting recursion induction rules. \u003c/p\u003e\u003cp\u003e This paper describes a proof method that provides a general solution to this problem by means of suitable invariants over inductive sets, and illustrates the application of such method by examining two case studies. \u003c/p\u003e", "authors": [ "Pasquale Noce" ], "date": "2013-12-01", "id": 555, "link": "/entries/Tail_Recursive_Functions.html", "permalink": "/entries/Tail_Recursive_Functions.html", "shortname": "Tail_Recursive_Functions", "title": "A General Method for the Proof of Theorems on Tail-recursive Functions", "topic_links": [ "computer-science/functional-programming" ], "topics": [ "Computer science/Functional programming" ], "used_by": 0 }, { "abstract": "Gödel's two incompleteness theorems are formalised, following a careful \u003ca href=\"http://journals.impan.gov.pl/dm/Inf/422-0-1.html\"\u003epresentation\u003c/a\u003e by Swierczkowski, in the theory of \u003ca href=\"HereditarilyFinite.html\"\u003ehereditarily finite sets\u003c/a\u003e. This represents the first ever machine-assisted proof of the second incompleteness theorem. Compared with traditional formalisations using Peano arithmetic (see e.g. Boolos), coding is simpler, with no need to formalise the notion of multiplication (let alone that of a prime number) in the formalised calculus upon which the theorem is based. However, other technical problems had to be solved in order to complete the argument.", "authors": [ "Lawrence C. Paulson" ], "date": "2013-11-17", "id": 556, "link": "/entries/Incompleteness.html", "permalink": "/entries/Incompleteness.html", "shortname": "Incompleteness", "title": "Gödel's Incompleteness Theorems", "topic_links": [ "logic/proof-theory" ], "topics": [ "Logic/Proof theory" ], "used_by": 2 }, { "abstract": "The theory of hereditarily finite sets is formalised, following the \u003ca href=\"http://journals.impan.gov.pl/dm/Inf/422-0-1.html\"\u003edevelopment\u003c/a\u003e of Swierczkowski. An HF set is a finite collection of other HF sets; they enjoy an induction principle and satisfy all the axioms of ZF set theory apart from the axiom of infinity, which is negated. All constructions that are possible in ZF set theory (Cartesian products, disjoint sums, natural numbers, functions) without using infinite sets are possible here. The definition of addition for the HF sets follows Kirby. This development forms the foundation for the Isabelle proof of Gödel's incompleteness theorems, which has been \u003ca href=\"Incompleteness.html\"\u003eformalised separately\u003c/a\u003e.", "authors": [ "Lawrence C. Paulson" ], "date": "2013-11-17", "id": 557, "link": "/entries/HereditarilyFinite.html", "permalink": "/entries/HereditarilyFinite.html", "shortname": "HereditarilyFinite", "title": "The Hereditarily Finite Sets", "topic_links": [ "logic/set-theory" ], "topics": [ "Logic/Set theory" ], "used_by": 4 }, { "abstract": "\u003cp\u003eWe define formal languages as a codataype of infinite trees branching over the alphabet. Each node in such a tree indicates whether the path to this node constitutes a word inside or outside of the language. This codatatype is isormorphic to the set of lists representation of languages, but caters for definitions by corecursion and proofs by coinduction.\u003c/p\u003e \u003cp\u003eRegular operations on languages are then defined by primitive corecursion. A difficulty arises here, since the standard definitions of concatenation and iteration from the coalgebraic literature are not primitively corecursive-they require guardedness up-to union/concatenation. Without support for up-to corecursion, these operation must be defined as a composition of primitive ones (and proved being equal to the standard definitions). As an exercise in coinduction we also prove the axioms of Kleene algebra for the defined regular operations.\u003c/p\u003e \u003cp\u003eFurthermore, a language for context-free grammars given by productions in Greibach normal form and an initial nonterminal is constructed by primitive corecursion, yielding an executable decision procedure for the word problem without further ado.\u003c/p\u003e", "authors": [ "Dmitriy Traytel" ], "date": "2013-11-15", "id": 558, "link": "/entries/Coinductive_Languages.html", "permalink": "/entries/Coinductive_Languages.html", "shortname": "Coinductive_Languages", "title": "A Codatatype of Formal Languages", "topic_links": [ "computer-science/automata-and-formal-languages" ], "topics": [ "Computer science/Automata and formal languages" ], "used_by": 1 }, { "abstract": "This set of theories presents an Isabelle/HOL formalisation of stream processing components introduced in Focus, a framework for formal specification and development of interactive systems. This is an extended and updated version of the formalisation, which was elaborated within the methodology \"Focus on Isabelle\". In addition, we also applied the formalisation on three case studies that cover different application areas: process control (Steam Boiler System), data transmission (FlexRay communication protocol), memory and processing components (Automotive-Gateway System).", "authors": [ "Maria Spichkova" ], "date": "2013-11-14", "id": 559, "link": "/entries/FocusStreamsCaseStudies.html", "permalink": "/entries/FocusStreamsCaseStudies.html", "shortname": "FocusStreamsCaseStudies", "title": "Stream Processing Components: Isabelle/HOL Formalisation and Case Studies", "topic_links": [ "computer-science/programming-languages/language-definitions" ], "topics": [ "Computer science/Programming languages/Language definitions" ], "used_by": 0 }, { "abstract": "Dana Scott's version of Gödel's proof of God's existence is formalized in quantified modal logic KB (QML KB). QML KB is modeled as a fragment of classical higher-order logic (HOL); thus, the formalization is essentially a formalization in HOL.", "authors": [ "Christoph BenzmĂŒller", "Bruno Woltzenlogel Paleo" ], "date": "2013-11-12", "id": 560, "link": "/entries/GoedelGod.html", "permalink": "/entries/GoedelGod.html", "shortname": "GoedelGod", "title": "Gödel's God in Isabelle/HOL", "topic_links": [ "logic/philosophical-aspects" ], "topics": [ "Logic/Philosophical aspects" ], "used_by": 0 }, { "abstract": "This theory contains a formalization of decreasing diagrams showing that any locally decreasing abstract rewrite system is confluent. We consider the valley (van Oostrom, TCS 1994) and the conversion version (van Oostrom, RTA 2008) and closely follow the original proofs. As an application we prove Newman's lemma.", "authors": [ "Harald Zankl" ], "date": "2013-11-01", "id": 561, "link": "/entries/Decreasing-Diagrams.html", "permalink": "/entries/Decreasing-Diagrams.html", "shortname": "Decreasing-Diagrams", "title": "Decreasing Diagrams", "topic_links": [ "logic/rewriting" ], "topics": [ "Logic/Rewriting" ], "used_by": 0 }, { "abstract": "We present the Autoref tool for Isabelle/HOL, which automatically refines algorithms specified over abstract concepts like maps and sets to algorithms over concrete implementations like red-black-trees, and produces a refinement theorem. It is based on ideas borrowed from relational parametricity due to Reynolds and Wadler. The tool allows for rapid prototyping of verified, executable algorithms. Moreover, it can be configured to fine-tune the result to the user~s needs. Our tool is able to automatically instantiate generic algorithms, which greatly simplifies the implementation of executable data structures. \u003cp\u003e This AFP-entry provides the basic tool, which is then used by the Refinement and Collection Framework to provide automatic data refinement for the nondeterminism monad and various collection datastructures.", "authors": [ "Peter Lammich" ], "date": "2013-10-02", "id": 562, "link": "/entries/Automatic_Refinement.html", "permalink": "/entries/Automatic_Refinement.html", "shortname": "Automatic_Refinement", "title": "Automatic Data Refinement", "topic_links": [ "computer-science/programming-languages/logics" ], "topics": [ "Computer science/Programming languages/Logics" ], "used_by": 10 }, { "abstract": "This entry makes machine words and machine arithmetic available for code generation from Isabelle/HOL. It provides a common abstraction that hides the differences between the different target languages. The code generator maps these operations to the APIs of the target languages. Apart from that, we extend the available bit operations on types int and integer, and map them to the operations in the target languages.", "authors": [ "Andreas Lochbihler" ], "date": "2013-09-17", "id": 563, "link": "/entries/Native_Word.html", "permalink": "/entries/Native_Word.html", "shortname": "Native_Word", "title": "Native Word", "topic_links": [ "computer-science/data-structures" ], "topics": [ "Computer science/Data structures" ], "used_by": 10 }, { "abstract": "This development provides a formal model of IEEE-754 floating-point arithmetic. This formalization, including formal specification of the standard and proofs of important properties of floating-point arithmetic, forms the foundation for verifying programs with floating-point computation. There is also a code generation setup for floats so that we can execute programs using this formalization in functional programming languages.", "authors": [ "Lei Yu" ], "date": "2013-07-27", "id": 564, "link": "/entries/IEEE_Floating_Point.html", "permalink": "/entries/IEEE_Floating_Point.html", "shortname": "IEEE_Floating_Point", "title": "A Formal Model of IEEE Floating Point Arithmetic", "topic_links": [ "computer-science/data-structures" ], "topics": [ "Computer science/Data structures" ], "used_by": 2 }, { "abstract": "In 1927, Lehmer presented criterions for primality, based on the converse of Fermat's litte theorem. This work formalizes the second criterion from Lehmer's paper, a necessary and sufficient condition for primality. \u003cp\u003e As a side product we formalize some properties of Euler's phi-function, the notion of the order of an element of a group, and the cyclicity of the multiplicative group of a finite field.", "authors": [ "Simon Wimmer", "Lars Noschinski" ], "date": "2013-07-22", "id": 565, "link": "/entries/Lehmer.html", "permalink": "/entries/Lehmer.html", "shortname": "Lehmer", "title": "Lehmer's Theorem", "topic_links": [ "mathematics/number-theory" ], "topics": [ "Mathematics/Number theory" ], "used_by": 1 }, { "abstract": "In 1975, Pratt introduced a proof system for certifying primes. He showed that a number \u003ci\u003ep\u003c/i\u003e is prime iff a primality certificate for \u003ci\u003ep\u003c/i\u003e exists. By showing a logarithmic upper bound on the length of the certificates in size of the prime number, he concluded that the decision problem for prime numbers is in NP. This work formalizes soundness and completeness of Pratt's proof system as well as an upper bound for the size of the certificate.", "authors": [ "Simon Wimmer", "Lars Noschinski" ], "date": "2013-07-22", "id": 566, "link": "/entries/Pratt_Certificate.html", "permalink": "/entries/Pratt_Certificate.html", "shortname": "Pratt_Certificate", "title": "Pratt's Primality Certificates", "topic_links": [ "mathematics/number-theory" ], "topics": [ "Mathematics/Number theory" ], "used_by": 2 }, { "abstract": "This development provides a formalization of undirected graphs and simple graphs, which are based on Benedikt Nordhoff and Peter Lammich's simple formalization of labelled directed graphs in the archive. Then, with our formalization of graphs, we show both necessary and sufficient conditions for Eulerian trails and circuits as well as the fact that the Königsberg Bridge Problem does not have a solution. In addition, we show the Friendship Theorem in simple graphs.", "authors": [ "Wenda Li" ], "date": "2013-07-19", "id": 567, "link": "/entries/Koenigsberg_Friendship.html", "permalink": "/entries/Koenigsberg_Friendship.html", "shortname": "Koenigsberg_Friendship", "title": "The Königsberg Bridge Problem and the Friendship Theorem", "topic_links": [ "mathematics/graph-theory" ], "topics": [ "Mathematics/Graph theory" ], "used_by": 0 }, { "abstract": "This is a formalization of the soundness and completeness properties for various efficient encodings of sorts in unsorted first-order logic used by Isabelle's Sledgehammer tool. \u003cp\u003e Essentially, the encodings proceed as follows: a many-sorted problem is decorated with (as few as possible) tags or guards that make the problem monotonic; then sorts can be soundly erased. \u003cp\u003e The development employs a formalization of many-sorted first-order logic in clausal form (clauses, structures and the basic properties of the satisfaction relation), which could be of interest as the starting point for other formalizations of first-order logic metatheory.", "authors": [ "Jasmin Christian Blanchette", "Andrei Popescu" ], "date": "2013-06-27", "id": 568, "link": "/entries/Sort_Encodings.html", "permalink": "/entries/Sort_Encodings.html", "shortname": "Sort_Encodings", "title": "Sound and Complete Sort Encodings for First-Order Logic", "topic_links": [ "logic/general-logic/mechanization-of-proofs" ], "topics": [ "Logic/General logic/Mechanization of proofs" ], "used_by": 0 }, { "abstract": "This theory is split into two sections. In the first section, we give a formal proof that a well-known axiomatic characterization of the single-source shortest path problem is correct. Namely, we prove that in a directed graph with a non-negative cost function on the edges the single-source shortest path function is the only function that satisfies a set of four axioms. In the second section, we give a formal proof of the correctness of an axiomatic characterization of the single-source shortest path problem for directed graphs with general cost functions. The axioms here are more involved because we have to account for potential negative cycles in the graph. The axioms are summarized in three Isabelle locales.", "authors": [ "Christine Rizkallah" ], "date": "2013-05-22", "id": 569, "link": "/entries/ShortestPath.html", "permalink": "/entries/ShortestPath.html", "shortname": "ShortestPath", "title": "An Axiomatic Characterization of the Single-Source Shortest Path Problem", "topic_links": [ "mathematics/graph-theory" ], "topics": [ "Mathematics/Graph theory" ], "used_by": 0 }, { "abstract": "This development provides a formalization of directed graphs, supporting (labelled) multi-edges and infinite graphs. A polymorphic edge type allows edges to be treated as pairs of vertices, if multi-edges are not required. Formalized properties are i.a. walks (and related concepts), connectedness and subgraphs and basic properties of isomorphisms. \u003cp\u003e This formalization is used to prove characterizations of Euler Trails, Shortest Paths and Kuratowski subgraphs.", "authors": [ "Lars Noschinski" ], "date": "2013-04-28", "id": 570, "link": "/entries/Graph_Theory.html", "permalink": "/entries/Graph_Theory.html", "shortname": "Graph_Theory", "title": "Graph Theory", "topic_links": [ "mathematics/graph-theory" ], "topics": [ "Mathematics/Graph theory" ], "used_by": 4 }, { "abstract": "This development provides a framework for container types like sets and maps such that generated code implements these containers with different (efficient) data structures. Thanks to type classes and refinement during code generation, this light-weight approach can seamlessly replace Isabelle's default setup for code generation. Heuristics automatically pick one of the available data structures depending on the type of elements to be stored, but users can also choose on their own. The extensible design permits to add more implementations at any time. \u003cp\u003e To support arbitrary nesting of sets, we define a linear order on sets based on a linear order of the elements and provide efficient implementations. It even allows to compare complements with non-complements.", "authors": [ "Andreas Lochbihler" ], "date": "2013-04-15", "id": 571, "link": "/entries/Containers.html", "permalink": "/entries/Containers.html", "shortname": "Containers", "title": "Light-weight Containers", "topic_links": [ "computer-science/data-structures" ], "topics": [ "Computer science/Data structures" ], "used_by": 8 }, { "abstract": "\u003cp\u003eDealing with binders, renaming of bound variables, capture-avoiding substitution, etc., is very often a major problem in formal proofs, especially in proofs by structural and rule induction. Nominal Isabelle is designed to make such proofs easy to formalise: it provides an infrastructure for declaring nominal datatypes (that is alpha-equivalence classes) and for defining functions over them by structural recursion. It also provides induction principles that have Barendregt’s variable convention already built in. \u003c/p\u003e\u003cp\u003e This entry can be used as a more advanced replacement for HOL/Nominal in the Isabelle distribution. \u003c/p\u003e", "authors": [ "Christian Urban", "Stefan Berghofer", "Cezary Kaliszyk" ], "date": "2013-02-21", "id": 572, "link": "/entries/Nominal2.html", "permalink": "/entries/Nominal2.html", "shortname": "Nominal2", "title": "Nominal 2", "topic_links": [ "tools" ], "topics": [ "Tools" ], "used_by": 8 }, { "abstract": "In his seminal paper \"Natural Semantics for Lazy Evaluation\", John Launchbury proves his semantics correct with respect to a denotational semantics, and outlines an adequacy proof. We have formalized both semantics and machine-checked the correctness proof, clarifying some details. Furthermore, we provide a new and more direct adequacy proof that does not require intermediate operational semantics.", "authors": [ "Joachim Breitner" ], "date": "2013-01-31", "id": 573, "link": "/entries/Launchbury.html", "permalink": "/entries/Launchbury.html", "shortname": "Launchbury", "title": "The Correctness of Launchbury's Natural Semantics for Lazy Evaluation", "topic_links": [ "computer-science/programming-languages/lambda-calculi", "computer-science/semantics-and-reasoning" ], "topics": [ "Computer science/Programming languages/Lambda calculi", "Computer science/Semantics and reasoning" ], "used_by": 1 }, { "abstract": "This document concerns the theory of ribbon proofs: a diagrammatic proof system, based on separation logic, for verifying program correctness. We include the syntax, proof rules, and soundness results for two alternative formalisations of ribbon proofs. \u003cp\u003e Compared to traditional proof outlines, ribbon proofs emphasise the structure of a proof, so are intelligible and pedagogical. Because they contain less redundancy than proof outlines, and allow each proof step to be checked locally, they may be more scalable. Where proof outlines are cumbersome to modify, ribbon proofs can be visually manoeuvred to yield proofs of variant programs.", "authors": [ "John Wickerson" ], "date": "2013-01-19", "id": 574, "link": "/entries/Ribbon_Proofs.html", "permalink": "/entries/Ribbon_Proofs.html", "shortname": "Ribbon_Proofs", "title": "Ribbon Proofs", "topic_links": [ "computer-science/programming-languages/logics" ], "topics": [ "Computer science/Programming languages/Logics" ], "used_by": 0 }, { "abstract": "In this contribution, we present some formalizations based on the HOL-Multivariate-Analysis session of Isabelle. Firstly, a generalization of several theorems of such library are presented. Secondly, some definitions and proofs involving Linear Algebra and the four fundamental subspaces of a matrix are shown. Finally, we present a proof of the result known in Linear Algebra as the ``Rank-Nullity Theorem'', which states that, given any linear map f from a finite dimensional vector space V to a vector space W, then the dimension of V is equal to the dimension of the kernel of f (which is a subspace of V) and the dimension of the range of f (which is a subspace of W). The proof presented here is based on the one given by Sheldon Axler in his book \u003ci\u003eLinear Algebra Done Right\u003c/i\u003e. As a corollary of the previous theorem, and taking advantage of the relationship between linear maps and matrices, we prove that, for every matrix A (which has associated a linear map between finite dimensional vector spaces), the sum of its null space and its column space (which is equal to the range of the linear map) is equal to the number of columns of A.", "authors": [ "Jose DivasĂłn", "JesĂșs Aransay" ], "date": "2013-01-16", "id": 575, "link": "/entries/Rank_Nullity_Theorem.html", "permalink": "/entries/Rank_Nullity_Theorem.html", "shortname": "Rank_Nullity_Theorem", "title": "Rank-Nullity Theorem in Linear Algebra", "topic_links": [ "mathematics/algebra" ], "topics": [ "Mathematics/Algebra" ], "used_by": 4 }, { "abstract": "These files contain a formalisation of variants of Kleene algebras and their most important models as axiomatic type classes in Isabelle/HOL. Kleene algebras are foundational structures in computing with applications ranging from automata and language theory to computational modeling, program construction and verification. \u003cp\u003e We start with formalising dioids, which are additively idempotent semirings, and expand them by axiomatisations of the Kleene star for finite iteration and an omega operation for infinite iteration. We show that powersets over a given monoid, (regular) languages, sets of paths in a graph, sets of computation traces, binary relations and formal power series form Kleene algebras, and consider further models based on lattices, max-plus semirings and min-plus semirings. We also demonstrate that dioids are closed under the formation of matrices (proofs for Kleene algebras remain to be completed). \u003cp\u003e On the one hand we have aimed at a reference formalisation of variants of Kleene algebras that covers a wide range of variants and the core theorems in a structured and modular way and provides readable proofs at text book level. On the other hand, we intend to use this algebraic hierarchy and its models as a generic algebraic middle-layer from which programming applications can quickly be explored, implemented and verified.", "authors": [ "Alasdair Armstrong", "Georg Struth", "Tjark Weber" ], "date": "2013-01-15", "id": 576, "link": "/entries/Kleene_Algebra.html", "permalink": "/entries/Kleene_Algebra.html", "shortname": "Kleene_Algebra", "title": "Kleene Algebra", "topic_links": [ "computer-science/programming-languages/logics", "computer-science/automata-and-formal-languages", "mathematics/algebra" ], "topics": [ "Computer science/Programming languages/Logics", "Computer science/Automata and formal languages", "Mathematics/Algebra" ], "used_by": 6 }, { "abstract": "We implement the Babylonian method to compute n-th roots of numbers. We provide precise algorithms for naturals, integers and rationals, and offer an approximation algorithm for square roots over linear ordered fields. Moreover, there are precise algorithms to compute the floor and the ceiling of n-th roots.", "authors": [ "RenĂ© Thiemann" ], "date": "2013-01-03", "id": 577, "link": "/entries/Sqrt_Babylonian.html", "permalink": "/entries/Sqrt_Babylonian.html", "shortname": "Sqrt_Babylonian", "title": "Computing N-th Roots using the Babylonian Method", "topic_links": [ "mathematics/analysis" ], "topics": [ "Mathematics/Analysis" ], "used_by": 4 }, { "abstract": "We provide a framework for separation-logic based correctness proofs of Imperative HOL programs. Our framework comes with a set of proof methods to automate canonical tasks such as verification condition generation and frame inference. Moreover, we provide a set of examples that show the applicability of our framework. The examples include algorithms on lists, hash-tables, and union-find trees. We also provide abstract interfaces for lists, maps, and sets, that allow to develop generic imperative algorithms and use data-refinement techniques. \u003cbr\u003e As we target Imperative HOL, our programs can be translated to efficiently executable code in various target languages, including ML, OCaml, Haskell, and Scala.", "authors": [ "Peter Lammich", "Rene Meis" ], "date": "2012-11-14", "id": 578, "link": "/entries/Separation_Logic_Imperative_HOL.html", "permalink": "/entries/Separation_Logic_Imperative_HOL.html", "shortname": "Separation_Logic_Imperative_HOL", "title": "A Separation Logic Framework for Imperative HOL", "topic_links": [ "computer-science/programming-languages/logics" ], "topics": [ "Computer science/Programming languages/Logics" ], "used_by": 2 }, { "abstract": "A proof of the open induction schema based on J.-C. Raoult, Proving open properties by induction, \u003ci\u003eInformation Processing Letters\u003c/i\u003e 29, 1988, pp.19-23. \u003cp\u003eThis research was supported by the Austrian Science Fund (FWF): J3202.\u003c/p\u003e", "authors": [ "Mizuhito Ogawa", "Christian Sternagel" ], "date": "2012-11-02", "id": 579, "link": "/entries/Open_Induction.html", "permalink": "/entries/Open_Induction.html", "shortname": "Open_Induction", "title": "Open Induction", "topic_links": [ "mathematics/combinatorics" ], "topics": [ "Mathematics/Combinatorics" ], "used_by": 4 }, { "abstract": "Tarski's axioms of plane geometry are formalized and, using the standard real Cartesian model, shown to be consistent. A substantial theory of the projective plane is developed. Building on this theory, the Klein-Beltrami model of the hyperbolic plane is defined and shown to satisfy all of Tarski's axioms except his Euclidean axiom; thus Tarski's Euclidean axiom is shown to be independent of his other axioms of plane geometry. \u003cp\u003e An earlier version of this work was the subject of the author's \u003ca href=\"http://researcharchive.vuw.ac.nz/handle/10063/2315\"\u003eMSc thesis\u003c/a\u003e, which contains natural-language explanations of some of the more interesting proofs.", "authors": [ "T. J. M. Makarios" ], "date": "2012-10-30", "id": 580, "link": "/entries/Tarskis_Geometry.html", "permalink": "/entries/Tarskis_Geometry.html", "shortname": "Tarskis_Geometry", "title": "The independence of Tarski's Euclidean axiom", "topic_links": [ "mathematics/geometry" ], "topics": [ "Mathematics/Geometry" ], "used_by": 0 }, { "abstract": "A proof of Bondy's theorem following B. Bollabas, Combinatorics, 1986, Cambridge University Press.", "authors": [ "Jeremy Avigad", "Stefan Hetzl" ], "date": "2012-10-27", "id": 581, "link": "/entries/Bondy.html", "permalink": "/entries/Bondy.html", "shortname": "Bondy", "title": "Bondy's Theorem", "topic_links": [ "mathematics/combinatorics" ], "topics": [ "Mathematics/Combinatorics" ], "used_by": 0 }, { "abstract": "We formalize a wide variety of Volpano/Smith-style noninterference notions for a while language with parallel composition. We systematize and classify these notions according to compositionality w.r.t. the language constructs. Compositionality yields sound syntactic criteria (a.k.a. type systems) in a uniform way. \u003cp\u003e An \u003ca href=\"http://www21.in.tum.de/~nipkow/pubs/cpp12.html\"\u003earticle\u003c/a\u003e about these proofs is published in the proceedings of the conference Certified Programs and Proofs 2012.", "authors": [ "Andrei Popescu", "Johannes Hölzl" ], "date": "2012-09-10", "id": 582, "link": "/entries/Possibilistic_Noninterference.html", "permalink": "/entries/Possibilistic_Noninterference.html", "shortname": "Possibilistic_Noninterference", "title": "Possibilistic Noninterference", "topic_links": [ "computer-science/security", "computer-science/programming-languages/type-systems" ], "topics": [ "Computer science/Security", "Computer science/Programming languages/Type systems" ], "used_by": 0 }, { "abstract": "We provide a framework for registering automatic methods to derive class instances of datatypes, as it is possible using Haskell's ``deriving Ord, Show, ...'' feature. \u003cp\u003e We further implemented such automatic methods to derive (linear) orders or hash-functions which are required in the Isabelle Collection Framework. Moreover, for the tactic of Huffman and Krauss to show that a datatype is countable, we implemented a wrapper so that this tactic becomes accessible in our framework. \u003cp\u003e Our formalization was performed as part of the \u003ca href=\"http://cl-informatik.uibk.ac.at/software/ceta\"\u003eIsaFoR/CeTA\u003c/a\u003e project. With our new tactic we could completely remove tedious proofs for linear orders of two datatypes. \u003cp\u003e This development is aimed at datatypes generated by the \"old_datatype\" command.", "authors": [ "RenĂ© Thiemann" ], "date": "2012-08-07", "id": 583, "link": "/entries/Datatype_Order_Generator.html", "permalink": "/entries/Datatype_Order_Generator.html", "shortname": "Datatype_Order_Generator", "title": "Generating linear orders for datatypes", "topic_links": [ "computer-science/data-structures" ], "topics": [ "Computer science/Data structures" ], "used_by": 4 }, { "abstract": "Squaring the circle, doubling the cube and trisecting an angle, using a compass and straightedge alone, are classic unsolved problems first posed by the ancient Greeks. All three problems were proved to be impossible in the 19th century. The following document presents the proof of the impossibility of solving the latter two problems using Isabelle/HOL, following a proof by Carrega. The proof uses elementary methods: no Galois theory or field extensions. The set of points constructible using a compass and straightedge is defined inductively. Radical expressions, which involve only square roots and arithmetic of rational numbers, are defined, and we find that all constructive points have radical coordinates. Finally, doubling the cube and trisecting certain angles requires solving certain cubic equations that can be proved to have no rational roots. The Isabelle proofs require a great many detailed calculations.", "authors": [ "Ralph Romanos", "Lawrence C. Paulson" ], "date": "2012-08-05", "id": 584, "link": "/entries/Impossible_Geometry.html", "permalink": "/entries/Impossible_Geometry.html", "shortname": "Impossible_Geometry", "title": "Proving the Impossibility of Trisecting an Angle and Doubling the Cube", "topic_links": [ "mathematics/algebra", "mathematics/geometry" ], "topics": [ "Mathematics/Algebra", "Mathematics/Geometry" ], "used_by": 0 }, { "abstract": "Distributed computing is inherently based on replication, promising increased tolerance to failures of individual computing nodes or communication channels. Realizing this promise, however, involves quite subtle algorithmic mechanisms, and requires precise statements about the kinds and numbers of faults that an algorithm tolerates (such as process crashes, communication faults or corrupted values). The landmark theorem due to Fischer, Lynch, and Paterson shows that it is impossible to achieve Consensus among N asynchronously communicating nodes in the presence of even a single permanent failure. Existing solutions must rely on assumptions of \"partial synchrony\". \u003cp\u003e Indeed, there have been numerous misunderstandings on what exactly a given algorithm is supposed to realize in what kinds of environments. Moreover, the abundance of subtly different computational models complicates comparisons between different algorithms. Charron-Bost and Schiper introduced the Heard-Of model for representing algorithms and failure assumptions in a uniform framework, simplifying comparisons between algorithms. \u003cp\u003e In this contribution, we represent the Heard-Of model in Isabelle/HOL. We define two semantics of runs of algorithms with different unit of atomicity and relate these through a reduction theorem that allows us to verify algorithms in the coarse-grained semantics (where proofs are easier) and infer their correctness for the fine-grained one (which corresponds to actual executions). We instantiate the framework by verifying six Consensus algorithms that differ in the underlying algorithmic mechanisms and the kinds of faults they tolerate.", "authors": [ "Henri Debrat", "Stephan Merz" ], "date": "2012-07-27", "id": 585, "link": "/entries/Heard_Of.html", "permalink": "/entries/Heard_Of.html", "shortname": "Heard_Of", "title": "Verifying Fault-Tolerant Distributed Algorithms in the Heard-Of Model", "topic_links": [ "computer-science/algorithms/distributed" ], "topics": [ "Computer science/Algorithms/Distributed" ], "used_by": 1 }, { "abstract": "We apply Andy Pitts's methods of defining relations over domains to several classical results in the literature. We show that the Y combinator coincides with the domain-theoretic fixpoint operator, that parallel-or and the Plotkin existential are not definable in PCF, that the continuation semantics for PCF coincides with the direct semantics, and that our domain-theoretic semantics for PCF is adequate for reasoning about contextual equivalence in an operational semantics. Our version of PCF is untyped and has both strict and non-strict function abstractions. The development is carried out in HOLCF.", "authors": [ "Peter Gammie" ], "date": "2012-07-01", "id": 586, "link": "/entries/PCF.html", "permalink": "/entries/PCF.html", "shortname": "PCF", "title": "Logical Relations for PCF", "topic_links": [ "computer-science/programming-languages/lambda-calculi" ], "topics": [ "Computer science/Programming languages/Lambda calculi" ], "used_by": 0 }, { "abstract": "These theories contain a formalization of first class type constructors and axiomatic constructor classes for HOLCF. This work is described in detail in the ICFP 2012 paper \u003ci\u003eFormal Verification of Monad Transformers\u003c/i\u003e by the author. The formalization is a revised and updated version of earlier joint work with Matthews and White. \u003cP\u003e Based on the hierarchy of type classes in Haskell, we define classes for functors, monads, monad-plus, etc. Each one includes all the standard laws as axioms. We also provide a new user command, tycondef, for defining new type constructors in HOLCF. Using tycondef, we instantiate the type class hierarchy with various monads and monad transformers.", "authors": [ "Brian Huffman" ], "date": "2012-06-26", "id": 587, "link": "/entries/Tycon.html", "permalink": "/entries/Tycon.html", "shortname": "Tycon", "title": "Type Constructor Classes and Monad Transformers", "topic_links": [ "computer-science/functional-programming" ], "topics": [ "Computer science/Functional programming" ], "used_by": 0 }, { "abstract": "We formalise a large portion of CCS as described in Milner's book 'Communication and Concurrency' using the nominal datatype package in Isabelle. Our results include many of the standard theorems of bisimulation equivalence and congruence, for both weak and strong versions. One main goal of this formalisation is to keep the machine-checked proofs as close to their pen-and-paper counterpart as possible. \u003cp\u003e This entry is described in detail in \u003ca href=\"http://www.itu.dk/people/jebe/files/thesis.pdf\"\u003eBengtson's thesis\u003c/a\u003e.", "authors": [ "Jesper Bengtson" ], "date": "2012-05-29", "id": 588, "link": "/entries/CCS.html", "permalink": "/entries/CCS.html", "shortname": "CCS", "title": "CCS in nominal logic", "topic_links": [ "computer-science/concurrency/process-calculi" ], "topics": [ "Computer science/Concurrency/Process calculi" ], "used_by": 0 }, { "abstract": "Psi-calculi are extensions of the pi-calculus, accommodating arbitrary nominal datatypes to represent not only data but also communication channels, assertions and conditions, giving it an expressive power beyond the applied pi-calculus and the concurrent constraint pi-calculus. \u003cp\u003e We have formalised psi-calculi in the interactive theorem prover Isabelle using its nominal datatype package. One distinctive feature is that the framework needs to treat binding sequences, as opposed to single binders, in an efficient way. While different methods for formalising single binder calculi have been proposed over the last decades, representations for such binding sequences are not very well explored. \u003cp\u003e The main effort in the formalisation is to keep the machine checked proofs as close to their pen-and-paper counterparts as possible. This includes treating all binding sequences as atomic elements, and creating custom induction and inversion rules that to remove the bulk of manual alpha-conversions. \u003cp\u003e This entry is described in detail in \u003ca href=\"http://www.itu.dk/people/jebe/files/thesis.pdf\"\u003eBengtson's thesis\u003c/a\u003e.", "authors": [ "Jesper Bengtson" ], "date": "2012-05-29", "id": 589, "link": "/entries/Psi_Calculi.html", "permalink": "/entries/Psi_Calculi.html", "shortname": "Psi_Calculi", "title": "Psi-calculi in Isabelle", "topic_links": [ "computer-science/concurrency/process-calculi" ], "topics": [ "Computer science/Concurrency/Process calculi" ], "used_by": 0 }, { "abstract": "We formalise the pi-calculus using the nominal datatype package, based on ideas from the nominal logic by Pitts et al., and demonstrate an implementation in Isabelle/HOL. The purpose is to derive powerful induction rules for the semantics in order to conduct machine checkable proofs, closely following the intuitive arguments found in manual proofs. In this way we have covered many of the standard theorems of bisimulation equivalence and congruence, both late and early, and both strong and weak in a uniform manner. We thus provide one of the most extensive formalisations of a the pi-calculus ever done inside a theorem prover. \u003cp\u003e A significant gain in our formulation is that agents are identified up to alpha-equivalence, thereby greatly reducing the arguments about bound names. This is a normal strategy for manual proofs about the pi-calculus, but that kind of hand waving has previously been difficult to incorporate smoothly in an interactive theorem prover. We show how the nominal logic formalism and its support in Isabelle accomplishes this and thus significantly reduces the tedium of conducting completely formal proofs. This improves on previous work using weak higher order abstract syntax since we do not need extra assumptions to filter out exotic terms and can keep all arguments within a familiar first-order logic. \u003cp\u003e This entry is described in detail in \u003ca href=\"http://www.itu.dk/people/jebe/files/thesis.pdf\"\u003eBengtson's thesis\u003c/a\u003e.", "authors": [ "Jesper Bengtson" ], "date": "2012-05-29", "id": 590, "link": "/entries/Pi_Calculus.html", "permalink": "/entries/Pi_Calculus.html", "shortname": "Pi_Calculus", "title": "The pi-calculus in nominal logic", "topic_links": [ "computer-science/concurrency/process-calculi" ], "topics": [ "Computer science/Concurrency/Process calculi" ], "used_by": 0 }, { "abstract": "The Circus specification language combines elements for complex data and behavior specifications, using an integration of Z and CSP with a refinement calculus. Its semantics is based on Hoare and He's Unifying Theories of Programming (UTP). Isabelle/Circus is a formalization of the UTP and the Circus language in Isabelle/HOL. It contains proof rules and tactic support that allows for proofs of refinement for Circus processes (involving both data and behavioral aspects). \u003cp\u003e The Isabelle/Circus environment supports a syntax for the semantic definitions which is close to textbook presentations of Circus. This article contains an extended version of corresponding VSTTE Paper together with the complete formal development of its underlying commented theories.", "authors": [ "Abderrahmane Feliachi", "Burkhart Wolff", "Marie-Claude Gaudel" ], "date": "2012-05-27", "id": 591, "link": "/entries/Circus.html", "permalink": "/entries/Circus.html", "shortname": "Circus", "title": "Isabelle/Circus", "topic_links": [ "computer-science/concurrency/process-calculi", "computer-science/system-description-languages" ], "topics": [ "Computer science/Concurrency/Process calculi", "Computer science/System description languages" ], "used_by": 0 }, { "abstract": "We present a generic type class implementation of separation algebra for Isabelle/HOL as well as lemmas and generic tactics which can be used directly for any instantiation of the type class. \u003cP\u003e The ex directory contains example instantiations that include structures such as a heap or virtual memory. \u003cP\u003e The abstract separation algebra is based upon \"Abstract Separation Logic\" by Calcagno et al. These theories are also the basis of the ITP 2012 rough diamond \"Mechanised Separation Algebra\" by the authors. \u003cP\u003e The aim of this work is to support and significantly reduce the effort for future separation logic developments in Isabelle/HOL by factoring out the part of separation logic that can be treated abstractly once and for all. This includes developing typical default rule sets for reasoning as well as automated tactic support for separation logic.", "authors": [ "Gerwin Klein", "Rafal Kolanski", "Andrew Boyton" ], "date": "2012-05-11", "id": 592, "link": "/entries/Separation_Algebra.html", "permalink": "/entries/Separation_Algebra.html", "shortname": "Separation_Algebra", "title": "Separation Algebra", "topic_links": [ "computer-science/programming-languages/logics" ], "topics": [ "Computer science/Programming languages/Logics" ], "used_by": 2 }, { "abstract": "\u003cp\u003eTwo omega-sequences are stuttering equivalent if they differ only by finite repetitions of elements. Stuttering equivalence is a fundamental concept in the theory of concurrent and distributed systems. Notably, Lamport argues that refinement notions for such systems should be insensitive to finite stuttering. Peled and Wilke showed that all PLTL (propositional linear-time temporal logic) properties that are insensitive to stuttering equivalence can be expressed without the next-time operator. Stuttering equivalence is also important for certain verification techniques such as partial-order reduction for model checking.\u003c/p\u003e \u003cp\u003eWe formalize stuttering equivalence in Isabelle/HOL. Our development relies on the notion of stuttering sampling functions that may skip blocks of identical sequence elements. We also encode PLTL and prove the theorem due to Peled and Wilke.\u003c/p\u003e", "authors": [ "Stephan Merz" ], "date": "2012-05-07", "id": 593, "link": "/entries/Stuttering_Equivalence.html", "permalink": "/entries/Stuttering_Equivalence.html", "shortname": "Stuttering_Equivalence", "title": "Stuttering Equivalence", "topic_links": [ "computer-science/automata-and-formal-languages" ], "topics": [ "Computer science/Automata and formal languages" ], "used_by": 5 }, { "abstract": "This document contains the full theory files accompanying article \u003ci\u003eInductive Study of Confidentiality --- for Everyone\u003c/i\u003e in \u003ci\u003eFormal Aspects of Computing\u003c/i\u003e. They aim at an illustrative and didactic presentation of the Inductive Method of protocol analysis, focusing on the treatment of one of the main goals of security protocols: confidentiality against a threat model. The treatment of confidentiality, which in fact forms a key aspect of all protocol analysis tools, has been found cryptic by many learners of the Inductive Method, hence the motivation for this work. The theory files in this document guide the reader step by step towards design and proof of significant confidentiality theorems. These are developed against two threat models, the standard Dolev-Yao and a more audacious one, the General Attacker, which turns out to be particularly useful also for teaching purposes.", "authors": [ "Giampaolo Bella" ], "date": "2012-05-02", "id": 594, "link": "/entries/Inductive_Confidentiality.html", "permalink": "/entries/Inductive_Confidentiality.html", "shortname": "Inductive_Confidentiality", "title": "Inductive Study of Confidentiality", "topic_links": [ "computer-science/security" ], "topics": [ "Computer science/Security" ], "used_by": 0 }, { "abstract": "\u003cp\u003eSession Ordinary-Differential-Equations formalizes ordinary differential equations (ODEs) and initial value problems. This work comprises proofs for local and global existence of unique solutions (Picard-Lindelöf theorem). Moreover, it contains a formalization of the (continuous or even differentiable) dependency of the flow on initial conditions as the \u003ci\u003eflow\u003c/i\u003e of ODEs.\u003c/p\u003e \u003cp\u003e Not in the generated document are the following sessions: \u003cul\u003e \u003cli\u003e HOL-ODE-Numerics: Rigorous numerical algorithms for computing enclosures of solutions based on Runge-Kutta methods and affine arithmetic. Reachability analysis with splitting and reduction at hyperplanes.\u003c/li\u003e \u003cli\u003e HOL-ODE-Examples: Applications of the numerical algorithms to concrete systems of ODEs.\u003c/li\u003e \u003cli\u003e Lorenz_C0, Lorenz_C1: Verified algorithms for checking C1-information according to Tucker's proof, computation of C0-information.\u003c/li\u003e \u003c/ul\u003e \u003c/p\u003e", "authors": [ "Fabian Immler", "Johannes Hölzl" ], "date": "2012-04-26", "id": 595, "link": "/entries/Ordinary_Differential_Equations.html", "permalink": "/entries/Ordinary_Differential_Equations.html", "shortname": "Ordinary_Differential_Equations", "title": "Ordinary Differential Equations", "topic_links": [ "mathematics/analysis" ], "topics": [ "Mathematics/Analysis" ], "used_by": 3 }, { "abstract": "Based on Isabelle/HOL's type class for preorders, we introduce a type class for well-quasi-orders (wqo) which is characterized by the absence of \"bad\" sequences (our proofs are along the lines of the proof of Nash-Williams, from which we also borrow terminology). Our main results are instantiations for the product type, the list type, and a type of finite trees, which (almost) directly follow from our proofs of (1) Dickson's Lemma, (2) Higman's Lemma, and (3) Kruskal's Tree Theorem. More concretely: \u003cul\u003e \u003cli\u003eIf the sets A and B are wqo then their Cartesian product is wqo.\u003c/li\u003e \u003cli\u003eIf the set A is wqo then the set of finite lists over A is wqo.\u003c/li\u003e \u003cli\u003eIf the set A is wqo then the set of finite trees over A is wqo.\u003c/li\u003e \u003c/ul\u003e The research was funded by the Austrian Science Fund (FWF): J3202.", "authors": [ "Christian Sternagel" ], "date": "2012-04-13", "id": 596, "link": "/entries/Well_Quasi_Orders.html", "permalink": "/entries/Well_Quasi_Orders.html", "shortname": "Well_Quasi_Orders", "title": "Well-Quasi-Orders", "topic_links": [ "mathematics/combinatorics" ], "topics": [ "Mathematics/Combinatorics" ], "used_by": 5 }, { "abstract": "We define the Abortable Linearizable Module automaton (ALM for short) and prove its key composition property using the IOA theory of HOLCF. The ALM is at the heart of the Speculative Linearizability framework. This framework simplifies devising correct speculative algorithms by enabling their decomposition into independent modules that can be analyzed and proved correct in isolation. It is particularly useful when working in a distributed environment, where the need to tolerate faults and asynchrony has made current monolithic protocols so intricate that it is no longer tractable to check their correctness. Our theory contains a typical example of a refinement proof in the I/O-automata framework of Lynch and Tuttle.", "authors": [ "Rachid Guerraoui", "Viktor Kuncak", "Giuliano Losa" ], "date": "2012-03-01", "id": 597, "link": "/entries/Abortable_Linearizable_Modules.html", "permalink": "/entries/Abortable_Linearizable_Modules.html", "shortname": "Abortable_Linearizable_Modules", "title": "Abortable Linearizable Modules", "topic_links": [ "computer-science/algorithms/distributed" ], "topics": [ "Computer science/Algorithms/Distributed" ], "used_by": 0 }, { "abstract": "\u003cp\u003e We provide a generic work-list algorithm to compute the (reflexive-)transitive closure of relations where only successors of newly detected states are generated. In contrast to our previous work, the relations do not have to be finite, but each element must only have finitely many (indirect) successors. Moreover, a subsumption relation can be used instead of pure equality. An executable variant of the algorithm is available where the generic operations are instantiated with list operations. \u003c/p\u003e\u003cp\u003e This formalization was performed as part of the IsaFoR/CeTA project, and it has been used to certify size-change termination proofs where large transitive closures have to be computed. \u003c/p\u003e", "authors": [ "RenĂ© Thiemann" ], "date": "2012-02-29", "id": 598, "link": "/entries/Transitive-Closure-II.html", "permalink": "/entries/Transitive-Closure-II.html", "shortname": "Transitive-Closure-II", "title": "Executable Transitive Closures", "topic_links": [ "computer-science/algorithms/graph" ], "topics": [ "Computer science/Algorithms/Graph" ], "used_by": 0 }, { "abstract": "This works presents a formalization of the Girth-Chromatic number theorem in graph theory, stating that graphs with arbitrarily large girth and chromatic number exist. The proof uses the theory of Random Graphs to prove the existence with probabilistic arguments.", "authors": [ "Lars Noschinski" ], "date": "2012-02-06", "id": 599, "link": "/entries/Girth_Chromatic.html", "permalink": "/entries/Girth_Chromatic.html", "shortname": "Girth_Chromatic", "title": "A Probabilistic Proof of the Girth-Chromatic Number Theorem", "topic_links": [ "mathematics/graph-theory" ], "topics": [ "Mathematics/Graph theory" ], "used_by": 3 }, { "abstract": "We implement and prove correct Dijkstra's algorithm for the single source shortest path problem, conceived in 1956 by E. Dijkstra. The algorithm is implemented using the data refinement framework for monadic, nondeterministic programs. An efficient implementation is derived using data structures from the Isabelle Collection Framework.", "authors": [ "Benedikt Nordhoff", "Peter Lammich" ], "date": "2012-01-30", "id": 600, "link": "/entries/Dijkstra_Shortest_Path.html", "permalink": "/entries/Dijkstra_Shortest_Path.html", "shortname": "Dijkstra_Shortest_Path", "title": "Dijkstra's Shortest Path Algorithm", "topic_links": [ "computer-science/algorithms/graph" ], "topics": [ "Computer science/Algorithms/Graph" ], "used_by": 3 }, { "abstract": "We provide a framework for program and data refinement in Isabelle/HOL. The framework is based on a nondeterminism-monad with assertions, i.e., the monad carries a set of results or an assertion failure. Recursion is expressed by fixed points. For convenience, we also provide while and foreach combinators. \u003cp\u003e The framework provides tools to automatize canonical tasks, such as verification condition generation, finding appropriate data refinement relations, and refine an executable program to a form that is accepted by the Isabelle/HOL code generator. \u003cp\u003e This submission comes with a collection of examples and a user-guide, illustrating the usage of the framework.", "authors": [ "Peter Lammich" ], "date": "2012-01-30", "id": 601, "link": "/entries/Refine_Monadic.html", "permalink": "/entries/Refine_Monadic.html", "shortname": "Refine_Monadic", "title": "Refinement for Monadic Programs", "topic_links": [ "computer-science/semantics-and-reasoning" ], "topics": [ "Computer science/Semantics and reasoning" ], "used_by": 3 }, { "abstract": "This is a formalization of Markov models in Isabelle/HOL. It builds on Isabelle's probability theory. The available models are currently Discrete-Time Markov Chains and a extensions of them with rewards. \u003cp\u003e As application of these models we formalize probabilistic model checking of pCTL formulas, analysis of IPv4 address allocation in ZeroConf and an analysis of the anonymity of the Crowds protocol. \u003ca href=\"http://arxiv.org/abs/1212.3870\"\u003eSee here for the corresponding paper.\u003c/a\u003e", "authors": [ "Johannes Hölzl", "Tobias Nipkow" ], "date": "2012-01-03", "id": 602, "link": "/entries/Markov_Models.html", "permalink": "/entries/Markov_Models.html", "shortname": "Markov_Models", "title": "Markov Models", "topic_links": [ "mathematics/probability-theory", "computer-science/automata-and-formal-languages" ], "topics": [ "Mathematics/Probability theory", "Computer science/Automata and formal languages" ], "used_by": 4 }, { "abstract": "We mechanise the logic TLA* \u003ca href=\"http://www.springerlink.com/content/ax3qk557qkdyt7n6/\"\u003e[Merz 1999]\u003c/a\u003e, an extension of Lamport's Temporal Logic of Actions (TLA) \u003ca href=\"http://dl.acm.org/citation.cfm?doid=177492.177726\"\u003e[Lamport 1994]\u003c/a\u003e for specifying and reasoning about concurrent and reactive systems. Aiming at a framework for mechanising] the verification of TLA (or TLA*) specifications, this contribution reuses some elements from a previous axiomatic encoding of TLA in Isabelle/HOL by the second author [Merz 1998], which has been part of the Isabelle distribution. In contrast to that previous work, we give here a shallow, definitional embedding, with the following highlights: \u003cul\u003e \u003cli\u003ea theory of infinite sequences, including a formalisation of the concepts of stuttering invariance central to TLA and TLA*; \u003cli\u003ea definition of the semantics of TLA*, which extends TLA by a mutually-recursive definition of formulas and pre-formulas, generalising TLA action formulas; \u003cli\u003ea substantial set of derived proof rules, including the TLA* axioms and Lamport's proof rules for system verification; \u003cli\u003ea set of examples illustrating the usage of Isabelle/TLA* for reasoning about systems. \u003c/ul\u003e Note that this work is unrelated to the ongoing development of a proof system for the specification language TLA+, which includes an encoding of TLA+ as a new Isabelle object logic \u003ca href=\"http://www.springerlink.com/content/354026160p14j175/\"\u003e[Chaudhuri et al 2010]\u003c/a\u003e.", "authors": [ "Gudmund Grov", "Stephan Merz" ], "date": "2011-11-19", "id": 603, "link": "/entries/TLA.html", "permalink": "/entries/TLA.html", "shortname": "TLA", "title": "A Definitional Encoding of TLA* in Isabelle/HOL", "topic_links": [ "computer-science/programming-languages/logics" ], "topics": [ "Computer science/Programming languages/Logics" ], "used_by": 0 }, { "abstract": "We provide a formalization of the mergesort algorithm as used in GHC's Data.List module, proving correctness and stability. Furthermore, experimental data suggests that generated (Haskell-)code for this algorithm is much faster than for previous algorithms available in the Isabelle distribution.", "authors": [ "Christian Sternagel" ], "date": "2011-11-09", "id": 604, "link": "/entries/Efficient-Mergesort.html", "permalink": "/entries/Efficient-Mergesort.html", "shortname": "Efficient-Mergesort", "title": "Efficient Mergesort", "topic_links": [ "computer-science/algorithms" ], "topics": [ "Computer science/Algorithms" ], "used_by": 2 }, { "abstract": "Algebras of imperative programming languages have been successful in reasoning about programs. In general an algebra of programs is an algebraic structure with programs as elements and with program compositions (sequential composition, choice, skip) as algebra operations. Various versions of these algebras were introduced to model partial correctness, total correctness, refinement, demonic choice, and other aspects. We formalize here an algebra which can be used to model total correctness, refinement, demonic and angelic choice. The basic model of this algebra are monotonic Boolean transformers (monotonic functions from a Boolean algebra to itself).", "authors": [ "Viorel Preoteasa" ], "date": "2011-09-22", "id": 605, "link": "/entries/MonoBoolTranAlgebra.html", "permalink": "/entries/MonoBoolTranAlgebra.html", "shortname": "MonoBoolTranAlgebra", "title": "Algebra of Monotonic Boolean Transformers", "topic_links": [ "computer-science/programming-languages/logics" ], "topics": [ "Computer science/Programming languages/Logics" ], "used_by": 1 }, { "abstract": "This formalization introduces and collects some algebraic structures based on lattices and complete lattices for use in other developments. The structures introduced are modular, and lattice ordered groups. In addition to the results proved for the new lattices, this formalization also introduces theorems about latices and complete lattices in general.", "authors": [ "Viorel Preoteasa" ], "date": "2011-09-22", "id": 606, "link": "/entries/LatticeProperties.html", "permalink": "/entries/LatticeProperties.html", "shortname": "LatticeProperties", "title": "Lattice Properties", "topic_links": [ "mathematics/order" ], "topics": [ "Mathematics/Order" ], "used_by": 3 }, { "abstract": "Pseudo-hoops are algebraic structures introduced by B. Bosbach under the name of complementary semigroups. In this formalization we prove some properties of pseudo-hoops and we define the basic concepts of filter and normal filter. The lattice of normal filters is isomorphic with the lattice of congruences of a pseudo-hoop. We also study some important classes of pseudo-hoops. Bounded Wajsberg pseudo-hoops are equivalent to pseudo-Wajsberg algebras and bounded basic pseudo-hoops are equivalent to pseudo-BL algebras. Some examples of pseudo-hoops are given in the last section of the formalization.", "authors": [ "George Georgescu", "Laurentiu Leustean", "Viorel Preoteasa" ], "date": "2011-09-22", "id": 607, "link": "/entries/PseudoHoops.html", "permalink": "/entries/PseudoHoops.html", "shortname": "PseudoHoops", "title": "Pseudo Hoops", "topic_links": [ "mathematics/algebra" ], "topics": [ "Mathematics/Algebra" ], "used_by": 0 }, { "abstract": "There are many proofs of the Myhill-Nerode theorem using automata. In this library we give a proof entirely based on regular expressions, since regularity of languages can be conveniently defined using regular expressions (it is more painful in HOL to define regularity in terms of automata). We prove the first direction of the Myhill-Nerode theorem by solving equational systems that involve regular expressions. For the second direction we give two proofs: one using tagging-functions and another using partial derivatives. We also establish various closure properties of regular languages. Most details of the theories are described in our ITP 2011 paper.", "authors": [ "Chunhan Wu", "Xingyuan Zhang", "Christian Urban" ], "date": "2011-08-26", "id": 608, "link": "/entries/Myhill-Nerode.html", "permalink": "/entries/Myhill-Nerode.html", "shortname": "Myhill-Nerode", "title": "The Myhill-Nerode Theorem Based on Regular Expressions", "topic_links": [ "computer-science/automata-and-formal-languages" ], "topics": [ "Computer science/Automata and formal languages" ], "used_by": 0 }, { "abstract": "This theory provides a compact formulation of Gauss-Jordan elimination for matrices represented as functions. Its distinctive feature is succinctness. It is not meant for large computations.", "authors": [ "Tobias Nipkow" ], "date": "2011-08-19", "id": 609, "link": "/entries/Gauss-Jordan-Elim-Fun.html", "permalink": "/entries/Gauss-Jordan-Elim-Fun.html", "shortname": "Gauss-Jordan-Elim-Fun", "title": "Gauss-Jordan Elimination for Matrices Represented as Functions", "topic_links": [ "computer-science/algorithms/mathematical", "mathematics/algebra" ], "topics": [ "Computer science/Algorithms/Mathematical", "Mathematics/Algebra" ], "used_by": 1 }, { "abstract": "\u003cp\u003e A \u003cem\u003ematching\u003c/em\u003e in a graph \u003ci\u003eG\u003c/i\u003e is a subset \u003ci\u003eM\u003c/i\u003e of the edges of \u003ci\u003eG\u003c/i\u003e such that no two share an endpoint. A matching has maximum cardinality if its cardinality is at least as large as that of any other matching. An \u003cem\u003eodd-set cover\u003c/em\u003e \u003ci\u003eOSC\u003c/i\u003e of a graph \u003ci\u003eG\u003c/i\u003e is a labeling of the nodes of \u003ci\u003eG\u003c/i\u003e with integers such that every edge of \u003ci\u003eG\u003c/i\u003e is either incident to a node labeled 1 or connects two nodes labeled with the same number \u003ci\u003ei \u0026ge; 2\u003c/i\u003e. \u003c/p\u003e\u003cp\u003e This article proves Edmonds theorem:\u003cbr\u003e Let \u003ci\u003eM\u003c/i\u003e be a matching in a graph \u003ci\u003eG\u003c/i\u003e and let \u003ci\u003eOSC\u003c/i\u003e be an odd-set cover of \u003ci\u003eG\u003c/i\u003e. For any \u003ci\u003ei \u0026ge; 0\u003c/i\u003e, let \u003cvar\u003en(i)\u003c/var\u003e be the number of nodes labeled \u003ci\u003ei\u003c/i\u003e. If \u003ci\u003e|M| = n(1) + \u0026sum;\u003csub\u003ei \u0026ge; 2\u003c/sub\u003e(n(i) div 2)\u003c/i\u003e, then \u003ci\u003eM\u003c/i\u003e is a maximum cardinality matching. \u003c/p\u003e", "authors": [ "Christine Rizkallah" ], "date": "2011-07-21", "id": 610, "link": "/entries/Max-Card-Matching.html", "permalink": "/entries/Max-Card-Matching.html", "shortname": "Max-Card-Matching", "title": "Maximum Cardinality Matching", "topic_links": [ "mathematics/graph-theory" ], "topics": [ "Mathematics/Graph theory" ], "used_by": 0 }, { "abstract": "Knowledge-based programs (KBPs) are a formalism for directly relating agents' knowledge and behaviour. Here we present a general scheme for compiling KBPs to executable automata with a proof of correctness in Isabelle/HOL. We develop the algorithm top-down, using Isabelle's locale mechanism to structure these proofs, and show that two classic examples can be synthesised using Isabelle's code generator.", "authors": [ "Peter Gammie" ], "date": "2011-05-17", "id": 611, "link": "/entries/KBPs.html", "permalink": "/entries/KBPs.html", "shortname": "KBPs", "title": "Knowledge-based programs", "topic_links": [ "computer-science/automata-and-formal-languages" ], "topics": [ "Computer science/Automata and formal languages" ], "used_by": 1 }, { "abstract": "Some acute-angled triangles are special, e.g. right-angled or isoscele triangles. Some are not of this kind, but, without measuring angles, look as if they were. In that sense, there is exactly one general triangle. This well-known fact is proven here formally.", "authors": [ "Joachim Breitner" ], "date": "2011-04-01", "id": 612, "link": "/entries/General-Triangle.html", "permalink": "/entries/General-Triangle.html", "shortname": "General-Triangle", "title": "The General Triangle Is Unique", "topic_links": [ "mathematics/geometry" ], "topics": [ "Mathematics/Geometry" ], "used_by": 0 }, { "abstract": "We provide a generic work-list algorithm to compute the transitive closure of finite relations where only successors of newly detected states are generated. This algorithm is then instantiated for lists over arbitrary carriers and red black trees (which are faster but require a linear order on the carrier), respectively. Our formalization was performed as part of the IsaFoR/CeTA project where reflexive transitive closures of large tree automata have to be computed.", "authors": [ "Christian Sternagel", "RenĂ© Thiemann" ], "date": "2011-03-14", "id": 613, "link": "/entries/Transitive-Closure.html", "permalink": "/entries/Transitive-Closure.html", "shortname": "Transitive-Closure", "title": "Executable Transitive Closures of Finite Relations", "topic_links": [ "computer-science/algorithms/graph" ], "topics": [ "Computer science/Algorithms/Graph" ], "used_by": 3 }, { "abstract": "We formalize the AutoFocus Semantics (a time-synchronous subset of the Focus formalism) as stream processing functions on finite and infinite message streams represented as finite/infinite lists. The formalization comprises both the conventional single-clocking semantics (uniform global clock for all components and communications channels) and its extension to multi-clocking semantics (internal execution clocking of a component may be a multiple of the external communication clocking). The semantics is defined by generic stream processing functions making it suitable for simulation/code generation in Isabelle/HOL. Furthermore, a number of AutoFocus semantics properties are formalized using definitions from the IntervalLogic theories.", "authors": [ "David Trachtenherz" ], "date": "2011-02-23", "id": 614, "link": "/entries/AutoFocus-Stream.html", "permalink": "/entries/AutoFocus-Stream.html", "shortname": "AutoFocus-Stream", "title": "AutoFocus Stream Processing for Single-Clocking and Multi-Clocking Semantics", "topic_links": [ "computer-science/programming-languages/language-definitions" ], "topics": [ "Computer science/Programming languages/Language definitions" ], "used_by": 0 }, { "abstract": "We introduce a theory of infinite lists in HOL formalized as functions over naturals (folder ListInf, theories ListInf and ListInf_Prefix). It also provides additional results for finite lists (theory ListInf/List2), natural numbers (folder CommonArith, esp. division/modulo, naturals with infinity), sets (folder CommonSet, esp. cutting/truncating sets, traversing sets of naturals).", "authors": [ "David Trachtenherz" ], "date": "2011-02-23", "id": 615, "link": "/entries/List-Infinite.html", "permalink": "/entries/List-Infinite.html", "shortname": "List-Infinite", "title": "Infinite Lists", "topic_links": [ "computer-science/data-structures" ], "topics": [ "Computer science/Data structures" ], "used_by": 1 }, { "abstract": "We introduce a theory of temporal logic operators using sets of natural numbers as time domain, formalized in a shallow embedding manner. The theory comprises special natural intervals (theory IL_Interval: open and closed intervals, continuous and modulo intervals, interval traversing results), operators for shifting intervals to left/right on the number axis as well as expanding/contracting intervals by constant factors (theory IL_IntervalOperators.thy), and ultimately definitions and results for unary and binary temporal operators on arbitrary natural sets (theory IL_TemporalOperators).", "authors": [ "David Trachtenherz" ], "date": "2011-02-23", "id": 616, "link": "/entries/Nat-Interval-Logic.html", "permalink": "/entries/Nat-Interval-Logic.html", "shortname": "Nat-Interval-Logic", "title": "Interval Temporal Logic on Natural Numbers", "topic_links": [ "logic/general-logic/temporal-logic" ], "topics": [ "Logic/General logic/Temporal logic" ], "used_by": 1 }, { "abstract": "A fully-formalized and extensible minimal imperative fragment of Java.", "authors": [ "Rok StrniĆĄa", "Matthew Parkinson" ], "date": "2011-02-07", "id": 617, "link": "/entries/LightweightJava.html", "permalink": "/entries/LightweightJava.html", "shortname": "LightweightJava", "title": "Lightweight Java", "topic_links": [ "computer-science/programming-languages/language-definitions" ], "topics": [ "Computer science/Programming languages/Language definitions" ], "used_by": 0 }, { "abstract": "This work presents a verification of an implementation in SPARK/ADA of the cryptographic hash-function RIPEMD-160. A functional specification of RIPEMD-160 is given in Isabelle/HOL. Proofs for the verification conditions generated by the static-analysis toolset of SPARK certify the functional correctness of the implementation.", "authors": [ "Fabian Immler" ], "date": "2011-01-10", "id": 618, "link": "/entries/RIPEMD-160-SPARK.html", "permalink": "/entries/RIPEMD-160-SPARK.html", "shortname": "RIPEMD-160-SPARK", "title": "RIPEMD-160", "topic_links": [ "computer-science/programming-languages/static-analysis" ], "topics": [ "Computer science/Programming languages/Static analysis" ], "used_by": 0 }, { "abstract": "We define the notions of lower and upper semicontinuity for functions from a metric space to the extended real line. We prove that a function is both lower and upper semicontinuous if and only if it is continuous. We also give several equivalent characterizations of lower semicontinuity. In particular, we prove that a function is lower semicontinuous if and only if its epigraph is a closed set. Also, we introduce the notion of the lower semicontinuous hull of an arbitrary function and prove its basic properties.", "authors": [ "Bogdan Grechuk" ], "date": "2011-01-08", "id": 619, "link": "/entries/Lower_Semicontinuous.html", "permalink": "/entries/Lower_Semicontinuous.html", "shortname": "Lower_Semicontinuous", "title": "Lower Semicontinuous Functions", "topic_links": [ "mathematics/analysis" ], "topics": [ "Mathematics/Analysis" ], "used_by": 0 }, { "abstract": "Two proofs of Hall's Marriage Theorem: one due to Halmos and Vaughan, one due to Rado.", "authors": [ "Dongchen Jiang", "Tobias Nipkow" ], "date": "2010-12-17", "id": 620, "link": "/entries/Marriage.html", "permalink": "/entries/Marriage.html", "shortname": "Marriage", "title": "Hall's Marriage Theorem", "topic_links": [ "mathematics/combinatorics" ], "topics": [ "Mathematics/Combinatorics" ], "used_by": 1 }, { "abstract": "In his dissertation, Olin Shivers introduces a concept of control flow graphs for functional languages, provides an algorithm to statically derive a safe approximation of the control flow graph and proves this algorithm correct. In this research project, Shivers' algorithms and proofs are formalized in the HOLCF extension of HOL.", "authors": [ "Joachim Breitner" ], "date": "2010-11-16", "id": 621, "link": "/entries/Shivers-CFA.html", "permalink": "/entries/Shivers-CFA.html", "shortname": "Shivers-CFA", "title": "Shivers' Control Flow Analysis", "topic_links": [ "computer-science/programming-languages/static-analysis" ], "topics": [ "Computer science/Programming languages/Static analysis" ], "used_by": 0 }, { "abstract": "We implement and prove correct binomial heaps and skew binomial heaps. Both are data-structures for priority queues. While binomial heaps have logarithmic \u003cem\u003efindMin\u003c/em\u003e, \u003cem\u003edeleteMin\u003c/em\u003e, \u003cem\u003einsert\u003c/em\u003e, and \u003cem\u003emeld\u003c/em\u003e operations, skew binomial heaps have constant time \u003cem\u003efindMin\u003c/em\u003e, \u003cem\u003einsert\u003c/em\u003e, and \u003cem\u003emeld\u003c/em\u003e operations, and only the \u003cem\u003edeleteMin\u003c/em\u003e-operation is logarithmic. This is achieved by using \u003cem\u003eskew links\u003c/em\u003e to avoid cascading linking on \u003cem\u003einsert\u003c/em\u003e-operations, and \u003cem\u003edata-structural bootstrapping\u003c/em\u003e to get constant-time \u003cem\u003efindMin\u003c/em\u003e and \u003cem\u003emeld\u003c/em\u003e operations. Our implementation follows the paper by Brodal and Okasaki.", "authors": [ "Rene Meis", "Finn Nielsen", "Peter Lammich" ], "date": "2010-10-28", "id": 622, "link": "/entries/Binomial-Heaps.html", "permalink": "/entries/Binomial-Heaps.html", "shortname": "Binomial-Heaps", "title": "Binomial Heaps and Skew Binomial Heaps", "topic_links": [ "computer-science/data-structures" ], "topics": [ "Computer science/Data structures" ], "used_by": 2 }, { "abstract": "We implement and prove correct 2-3 finger trees. Finger trees are a general purpose data structure, that can be used to efficiently implement other data structures, such as priority queues. Intuitively, a finger tree is an annotated sequence, where the annotations are elements of a monoid. Apart from operations to access the ends of the sequence, the main operation is to split the sequence at the point where a \u003cem\u003emonotone predicate\u003c/em\u003e over the sum of the left part of the sequence becomes true for the first time. The implementation follows the paper of Hinze and Paterson. The code generator can be used to get efficient, verified code.", "authors": [ "Benedikt Nordhoff", "Stefan Körner", "Peter Lammich" ], "date": "2010-10-28", "id": 623, "link": "/entries/Finger-Trees.html", "permalink": "/entries/Finger-Trees.html", "shortname": "Finger-Trees", "title": "Finger Trees", "topic_links": [ "computer-science/data-structures" ], "topics": [ "Computer science/Data structures" ], "used_by": 3 }, { "abstract": "Priority queues are an important data structure and efficient implementations of them are crucial. We implement a functional variant of binomial queues in Isabelle/HOL and show its functional correctness. A verification against an abstract reference specification of priority queues has also been attempted, but could not be achieved to the full extent.", "authors": [ "RenĂ© Neumann" ], "date": "2010-10-28", "id": 624, "link": "/entries/Binomial-Queues.html", "permalink": "/entries/Binomial-Queues.html", "shortname": "Binomial-Queues", "title": "Functional Binomial Queues", "topic_links": [ "computer-science/data-structures" ], "topics": [ "Computer science/Data structures" ], "used_by": 0 }, { "abstract": "Handling variable binding is one of the main difficulties in formal proofs. In this context, Moggi's computational metalanguage serves as an interesting case study. It features monadic types and a commuting conversion rule that rearranges the binding structure. Lindley and Stark have given an elegant proof of strong normalization for this calculus. The key construction in their proof is a notion of relational TT-lifting, using stacks of elimination contexts to obtain a Girard-Tait style logical relation. I give a formalization of their proof in Isabelle/HOL-Nominal with a particular emphasis on the treatment of bound variables.", "authors": [ "Christian Doczkal" ], "date": "2010-08-29", "id": 625, "link": "/entries/Lam-ml-Normalization.html", "permalink": "/entries/Lam-ml-Normalization.html", "shortname": "Lam-ml-Normalization", "title": "Strong Normalization of Moggis's Computational Metalanguage", "topic_links": [ "computer-science/programming-languages/lambda-calculi" ], "topics": [ "Computer science/Programming languages/Lambda calculi" ], "used_by": 0 }, { "abstract": "We define multivariate polynomials over arbitrary (ordered) semirings in combination with (executable) operations like addition, multiplication, and substitution. We also define (weak) monotonicity of polynomials and comparison of polynomials where we provide standard estimations like absolute positiveness or the more recent approach of Neurauter, Zankl, and Middeldorp. Moreover, it is proven that strongly normalizing (monotone) orders can be lifted to strongly normalizing (monotone) orders over polynomials. Our formalization was performed as part of the \u003ca href=\"http://cl-informatik.uibk.ac.at/software/ceta\"\u003eIsaFoR/CeTA-system\u003c/a\u003e which contains several termination techniques. The provided theories have been essential to formalize polynomial interpretations. \u003cp\u003e This formalization also contains an abstract representation as coefficient functions with finite support and a type of power-products. If this type is ordered by a linear (term) ordering, various additional notions, such as leading power-product, leading coefficient etc., are introduced as well. Furthermore, a lot of generic properties of, and functions on, multivariate polynomials are formalized, including the substitution and evaluation homomorphisms, embeddings of polynomial rings into larger rings (i.e. with one additional indeterminate), homogenization and dehomogenization of polynomials, and the canonical isomorphism between R[X,Y] and R[X][Y].", "authors": [ "Christian Sternagel", "RenĂ© Thiemann", "Alexander Maletzky", "Fabian Immler", "Florian Haftmann", "Andreas Lochbihler", "Alexander Bentkamp" ], "date": "2010-08-10", "id": 626, "link": "/entries/Polynomials.html", "permalink": "/entries/Polynomials.html", "shortname": "Polynomials", "title": "Executable Multivariate Polynomials", "topic_links": [ "mathematics/analysis", "mathematics/algebra", "computer-science/algorithms/mathematical" ], "topics": [ "Mathematics/Analysis", "Mathematics/Algebra", "Computer science/Algorithms/Mathematical" ], "used_by": 7 }, { "abstract": "We formalize in Isabelle/HOL the abtract syntax and a synchronous step semantics for the specification language Statecharts. The formalization is based on Hierarchical Automata which allow a structural decomposition of Statecharts into Sequential Automata. To support the composition of Statecharts, we introduce calculating operators to construct a Hierarchical Automaton in a stepwise manner. Furthermore, we present a complete semantics of Statecharts including a theory of data spaces, which enables the modelling of racing effects. We also adapt CTL for Statecharts to build a bridge for future combinations with model checking. However the main motivation of this work is to provide a sound and complete basis for reasoning on Statecharts. As a central meta theorem we prove that the well-formedness of a Statechart is preserved by the semantics.", "authors": [ "Steffen Helke", "Florian KammĂŒller" ], "date": "2010-08-08", "id": 627, "link": "/entries/Statecharts.html", "permalink": "/entries/Statecharts.html", "shortname": "Statecharts", "title": "Formalizing Statecharts using Hierarchical Automata", "topic_links": [ "computer-science/automata-and-formal-languages" ], "topics": [ "Computer science/Automata and formal languages" ], "used_by": 0 }, { "abstract": "Free Groups are, in a sense, the most generic kind of group. They are defined over a set of generators with no additional relations in between them. They play an important role in the definition of group presentations and in other fields. This theory provides the definition of Free Group as the set of fully canceled words in the generators. The universal property is proven, as well as some isomorphisms results about Free Groups.", "authors": [ "Joachim Breitner" ], "date": "2010-06-24", "id": 628, "link": "/entries/Free-Groups.html", "permalink": "/entries/Free-Groups.html", "shortname": "Free-Groups", "title": "Free Groups", "topic_links": [ "mathematics/algebra" ], "topics": [ "Mathematics/Algebra" ], "used_by": 0 }, { "abstract": "This article presents a development of Category Theory in Isabelle/HOL. A Category is defined using records and locales. Functors and Natural Transformations are also defined. The main result that has been formalized is that the Yoneda functor is a full and faithful embedding. We also formalize the completeness of many sorted monadic equational logic. Extensive use is made of the HOLZF theory in both cases. For an informal description see \u003ca href=\"http://www.srcf.ucam.org/~apk32/Isabelle/Category/Cat.pdf\"\u003ehere [pdf]\u003c/a\u003e.", "authors": [ "Alexander Katovsky" ], "date": "2010-06-20", "id": 629, "link": "/entries/Category2.html", "permalink": "/entries/Category2.html", "shortname": "Category2", "title": "Category Theory", "topic_links": [ "mathematics/category-theory" ], "topics": [ "Mathematics/Category theory" ], "used_by": 0 }, { "abstract": "We provide the operations of matrix addition, multiplication, transposition, and matrix comparisons as executable functions over ordered semirings. Moreover, it is proven that strongly normalizing (monotone) orders can be lifted to strongly normalizing (monotone) orders over matrices. We further show that the standard semirings over the naturals, integers, and rationals, as well as the arctic semirings satisfy the axioms that are required by our matrix theory. Our formalization is part of the \u003ca href=\"http://cl-informatik.uibk.ac.at/software/ceta\"\u003eCeTA\u003c/a\u003e system which contains several termination techniques. The provided theories have been essential to formalize matrix-interpretations and arctic interpretations.", "authors": [ "Christian Sternagel", "RenĂ© Thiemann" ], "date": "2010-06-17", "id": 630, "link": "/entries/Matrix.html", "permalink": "/entries/Matrix.html", "shortname": "Matrix", "title": "Executable Matrix Operations on Matrices of Arbitrary Dimensions", "topic_links": [ "computer-science/data-structures" ], "topics": [ "Computer science/Data structures" ], "used_by": 5 }, { "abstract": "We present an Isabelle formalization of abstract rewriting (see, e.g., the book by Baader and Nipkow). First, we define standard relations like \u003ci\u003ejoinability\u003c/i\u003e, \u003ci\u003emeetability\u003c/i\u003e, \u003ci\u003econversion\u003c/i\u003e, etc. Then, we formalize important properties of abstract rewrite systems, e.g., confluence and strong normalization. Our main concern is on strong normalization, since this formalization is the basis of \u003ca href=\"http://cl-informatik.uibk.ac.at/software/ceta\"\u003eCeTA\u003c/a\u003e (which is mainly about strong normalization of term rewrite systems). Hence lemmas involving strong normalization constitute by far the biggest part of this theory. One of those is Newman's lemma.", "authors": [ "Christian Sternagel", "RenĂ© Thiemann" ], "date": "2010-06-14", "id": 631, "link": "/entries/Abstract-Rewriting.html", "permalink": "/entries/Abstract-Rewriting.html", "shortname": "Abstract-Rewriting", "title": "Abstract Rewriting", "topic_links": [ "logic/rewriting" ], "topics": [ "Logic/Rewriting" ], "used_by": 10 }, { "abstract": "The invariant based programming is a technique of constructing correct programs by first identifying the basic situations (pre- and post-conditions and invariants) that can occur during the execution of the program, and then defining the transitions and proving that they preserve the invariants. Data refinement is a technique of building correct programs working on concrete datatypes as refinements of more abstract programs. In the theories presented here we formalize the predicate transformer semantics for invariant based programs and their data refinement.", "authors": [ "Viorel Preoteasa", "Ralph-Johan Back" ], "date": "2010-05-28", "id": 632, "link": "/entries/DataRefinementIBP.html", "permalink": "/entries/DataRefinementIBP.html", "shortname": "DataRefinementIBP", "title": "Semantics and Data Refinement of Invariant Based Programs", "topic_links": [ "computer-science/programming-languages/logics" ], "topics": [ "Computer science/Programming languages/Logics" ], "used_by": 1 }, { "abstract": "The verification of the Deutsch-Schorr-Waite graph marking algorithm is used as a benchmark in many formalizations of pointer programs. The main purpose of this mechanization is to show how data refinement of invariant based programs can be used in verifying practical algorithms. The verification starts with an abstract algorithm working on a graph given by a relation \u003ci\u003enext\u003c/i\u003e on nodes. Gradually the abstract program is refined into Deutsch-Schorr-Waite graph marking algorithm where only one bit per graph node of additional memory is used for marking.", "authors": [ "Viorel Preoteasa", "Ralph-Johan Back" ], "date": "2010-05-28", "id": 633, "link": "/entries/GraphMarkingIBP.html", "permalink": "/entries/GraphMarkingIBP.html", "shortname": "GraphMarkingIBP", "title": "Verification of the Deutsch-Schorr-Waite Graph Marking Algorithm using Data Refinement", "topic_links": [ "computer-science/algorithms/graph" ], "topics": [ "Computer science/Algorithms/Graph" ], "used_by": 0 }, { "abstract": "This document gives a formalization of the proof of the Robbins conjecture, following A. Mann, \u003ci\u003eA Complete Proof of the Robbins Conjecture\u003c/i\u003e, 2003.", "authors": [ "Matthew Doty" ], "date": "2010-05-22", "id": 634, "link": "/entries/Robbins-Conjecture.html", "permalink": "/entries/Robbins-Conjecture.html", "shortname": "Robbins-Conjecture", "title": "A Complete Proof of the Robbins Conjecture", "topic_links": [ "mathematics/algebra" ], "topics": [ "Mathematics/Algebra" ], "used_by": 0 }, { "abstract": "This is a library of constructions on regular expressions and languages. It provides the operations of concatenation, Kleene star and derivative on languages. Regular expressions and their meaning are defined. An executable equivalence checker for regular expressions is verified; it does not need automata but works directly on regular expressions. \u003ci\u003eBy mapping regular expressions to binary relations, an automatic and complete proof method for (in)equalities of binary relations over union, concatenation and (reflexive) transitive closure is obtained.\u003c/i\u003e \u003cP\u003e Extended regular expressions with complement and intersection are also defined and an equivalence checker is provided.", "authors": [ "Alexander Krauss", "Tobias Nipkow" ], "date": "2010-05-12", "id": 635, "link": "/entries/Regular-Sets.html", "permalink": "/entries/Regular-Sets.html", "shortname": "Regular-Sets", "title": "Regular Sets and Expressions", "topic_links": [ "computer-science/automata-and-formal-languages" ], "topics": [ "Computer science/Automata and formal languages" ], "used_by": 12 }, { "abstract": "We present a Theory of Objects based on the original functional sigma-calculus by Abadi and Cardelli but with an additional parameter to methods. We prove confluence of the operational semantics following the outline of Nipkow's proof of confluence for the lambda-calculus reusing his theory Commutation, a generic diamond lemma reduction. We furthermore formalize a simple type system for our sigma-calculus including a proof of type safety. The entire development uses the concept of Locally Nameless representation for binders. We reuse an earlier proof of confluence for a simpler sigma-calculus based on de Bruijn indices and lists to represent objects.", "authors": [ "Ludovic Henrio", "Florian KammĂŒller", "Bianca Lutz", "Henry Sudhof" ], "date": "2010-04-30", "id": 636, "link": "/entries/Locally-Nameless-Sigma.html", "permalink": "/entries/Locally-Nameless-Sigma.html", "shortname": "Locally-Nameless-Sigma", "title": "Locally Nameless Sigma Calculus", "topic_links": [ "computer-science/programming-languages/language-definitions" ], "topics": [ "Computer science/Programming languages/Language definitions" ], "used_by": 0 }, { "abstract": "This theory defines a type constructor representing the free Boolean algebra over a set of generators. Values of type (α)\u003ci\u003eformula\u003c/i\u003e represent propositional formulas with uninterpreted variables from type α, ordered by implication. In addition to all the standard Boolean algebra operations, the library also provides a function for building homomorphisms to any other Boolean algebra type.", "authors": [ "Brian Huffman" ], "date": "2010-03-29", "id": 637, "link": "/entries/Free-Boolean-Algebra.html", "permalink": "/entries/Free-Boolean-Algebra.html", "shortname": "Free-Boolean-Algebra", "title": "Free Boolean Algebra", "topic_links": [ "logic/general-logic/classical-propositional-logic" ], "topics": [ "Logic/General logic/Classical propositional logic" ], "used_by": 0 }, { "abstract": "\u003cp\u003e In this contribution, we show how correctness proofs for \u003ca href=\"Slicing.html\"\u003eintra-\u003c/a\u003e and \u003ca href=\"HRB-Slicing.html\"\u003einterprocedural slicing\u003c/a\u003e can be used to prove that slicing is able to guarantee information flow noninterference. Moreover, we also illustrate how to lift the control flow graphs of the respective frameworks such that they fulfil the additional assumptions needed in the noninterference proofs. A detailed description of the intraprocedural proof and its interplay with the slicing framework can be found in the PLAS'09 paper by Wasserrab et al. \u003c/p\u003e \u003cp\u003e This entry contains the part for intra-procedural slicing. See entry \u003ca href=\"InformationFlowSlicing_Inter.html\"\u003eInformationFlowSlicing_Inter\u003c/a\u003e for the inter-procedural part. \u003c/p\u003e", "authors": [ "Daniel Wasserrab" ], "date": "2010-03-23", "id": 638, "link": "/entries/InformationFlowSlicing.html", "permalink": "/entries/InformationFlowSlicing.html", "shortname": "InformationFlowSlicing", "title": "Information Flow Noninterference via Slicing", "topic_links": [ "computer-science/security" ], "topics": [ "Computer science/Security" ], "used_by": 0 }, { "abstract": "\u003cp\u003e In this contribution, we show how correctness proofs for \u003ca href=\"Slicing.html\"\u003eintra-\u003c/a\u003e and \u003ca href=\"HRB-Slicing.html\"\u003einterprocedural slicing\u003c/a\u003e can be used to prove that slicing is able to guarantee information flow noninterference. Moreover, we also illustrate how to lift the control flow graphs of the respective frameworks such that they fulfil the additional assumptions needed in the noninterference proofs. A detailed description of the intraprocedural proof and its interplay with the slicing framework can be found in the PLAS'09 paper by Wasserrab et al. \u003c/p\u003e \u003cp\u003e This entry contains the part for inter-procedural slicing. See entry \u003ca href=\"InformationFlowSlicing.html\"\u003eInformationFlowSlicing\u003c/a\u003e for the intra-procedural part. \u003c/p\u003e", "authors": [ "Daniel Wasserrab" ], "date": "2010-03-23", "id": 639, "link": "/entries/InformationFlowSlicing_Inter.html", "permalink": "/entries/InformationFlowSlicing_Inter.html", "shortname": "InformationFlowSlicing_Inter", "title": "Inter-Procedural Information Flow Noninterference via Slicing", "topic_links": [ "computer-science/security" ], "topics": [ "Computer science/Security" ], "used_by": 0 }, { "abstract": "This theory provides functions for finding the index of an element in a list, by predicate and by value.", "authors": [ "Tobias Nipkow" ], "date": "2010-02-20", "id": 640, "link": "/entries/List-Index.html", "permalink": "/entries/List-Index.html", "shortname": "List-Index", "title": "List Index", "topic_links": [ "computer-science/data-structures" ], "topics": [ "Computer science/Data structures" ], "used_by": 22 }, { "abstract": "This article collects formalisations of general-purpose coinductive data types and sets. Currently, it contains coinductive natural numbers, coinductive lists, i.e. lazy lists or streams, infinite streams, coinductive terminated lists, coinductive resumptions, a library of operations on coinductive lists, and a version of König's lemma as an application for coinductive lists.\u003cbr\u003eThe initial theory was contributed by Paulson and Wenzel. Extensions and other coinductive formalisations of general interest are welcome.", "authors": [ "Andreas Lochbihler" ], "date": "2010-02-12", "id": 641, "link": "/entries/Coinductive.html", "permalink": "/entries/Coinductive.html", "shortname": "Coinductive", "title": "Coinductive", "topic_links": [ "computer-science/functional-programming" ], "topics": [ "Computer science/Functional programming" ], "used_by": 12 }, { "abstract": "This contribution contains a fast SAT solver for Isabelle written in Standard ML. By loading the theory \u003ctt\u003eDPT_SAT_Solver\u003c/tt\u003e, the SAT solver installs itself (under the name ``dptsat'') and certain Isabelle tools like Refute will start using it automatically. This is a port of the DPT (Decision Procedure Toolkit) SAT Solver written in OCaml.", "authors": [ "Armin Heller" ], "date": "2009-12-09", "id": 642, "link": "/entries/DPT-SAT-Solver.html", "permalink": "/entries/DPT-SAT-Solver.html", "shortname": "DPT-SAT-Solver", "title": "A Fast SAT Solver for Isabelle in Standard ML", "topic_links": [ "tools" ], "topics": [ "Tools" ], "used_by": 0 }, { "abstract": "This work presents a formalization of a library for automata on bit strings. It forms the basis of a reflection-based decision procedure for Presburger arithmetic, which is efficiently executable thanks to Isabelle's code generator. With this work, we therefore provide a mechanized proof of a well-known connection between logic and automata theory. The formalization is also described in a publication [TPHOLs 2009].", "authors": [ "Stefan Berghofer", "Markus Reiter" ], "date": "2009-12-03", "id": 643, "link": "/entries/Presburger-Automata.html", "permalink": "/entries/Presburger-Automata.html", "shortname": "Presburger-Automata", "title": "Formalizing the Logic-Automaton Connection", "topic_links": [ "computer-science/automata-and-formal-languages", "logic/general-logic/decidability-of-theories" ], "topics": [ "Computer science/Automata and formal languages", "Logic/General logic/Decidability of theories" ], "used_by": 0 }, { "abstract": "This development provides an efficient, extensible, machine checked collections framework. The library adopts the concepts of interface, implementation and generic algorithm from object-oriented programming and implements them in Isabelle/HOL. The framework features the use of data refinement techniques to refine an abstract specification (using high-level concepts like sets) to a more concrete implementation (using collection datastructures, like red-black-trees). The code-generator of Isabelle/HOL can be used to generate efficient code.", "authors": [ "Peter Lammich" ], "date": "2009-11-25", "id": 644, "link": "/entries/Collections.html", "permalink": "/entries/Collections.html", "shortname": "Collections", "title": "Collections Framework", "topic_links": [ "computer-science/data-structures" ], "topics": [ "Computer science/Data structures" ], "used_by": 19 }, { "abstract": "This work presents a machine-checked tree automata library for Standard-ML, OCaml and Haskell. The algorithms are efficient by using appropriate data structures like RB-trees. The available algorithms for non-deterministic automata include membership query, reduction, intersection, union, and emptiness check with computation of a witness for non-emptiness. The executable algorithms are derived from less-concrete, non-executable algorithms using data-refinement techniques. The concrete data structures are from the Isabelle Collections Framework. Moreover, this work contains a formalization of the class of tree-regular languages and its closure properties under set operations.", "authors": [ "Peter Lammich" ], "date": "2009-11-25", "id": 645, "link": "/entries/Tree-Automata.html", "permalink": "/entries/Tree-Automata.html", "shortname": "Tree-Automata", "title": "Tree Automata", "topic_links": [ "computer-science/automata-and-formal-languages" ], "topics": [ "Computer science/Automata and formal languages" ], "used_by": 0 }, { "abstract": "These theories present the mechanised proof of the Perfect Number Theorem.", "authors": [ "Mark Ijbema" ], "date": "2009-11-22", "id": 646, "link": "/entries/Perfect-Number-Thm.html", "permalink": "/entries/Perfect-Number-Thm.html", "shortname": "Perfect-Number-Thm", "title": "Perfect Number Theorem", "topic_links": [ "mathematics/number-theory" ], "topics": [ "Mathematics/Number theory" ], "used_by": 0 }, { "abstract": "After verifying \u003ca href=\"Slicing.html\"\u003edynamic and static interprocedural slicing\u003c/a\u003e, we present a modular framework for static interprocedural slicing. To this end, we formalized the standard two-phase slicer from Horwitz, Reps and Binkley (see their TOPLAS 12(1) 1990 paper) together with summary edges as presented by Reps et al. (see FSE 1994). The framework is again modular in the programming language by using an abstract CFG, defined via structural and well-formedness properties. Using a weak simulation between the original and sliced graph, we were able to prove the correctness of static interprocedural slicing. We also instantiate our framework with a simple While language with procedures. This shows that the chosen abstractions are indeed valid.", "authors": [ "Daniel Wasserrab" ], "date": "2009-11-13", "id": 647, "link": "/entries/HRB-Slicing.html", "permalink": "/entries/HRB-Slicing.html", "shortname": "HRB-Slicing", "title": "Backing up Slicing: Verifying the Interprocedural Two-Phase Horwitz-Reps-Binkley Slicer", "topic_links": [ "computer-science/programming-languages/static-analysis" ], "topics": [ "Computer science/Programming languages/Static analysis" ], "used_by": 1 }, { "abstract": "Gill and Hutton formalise the worker/wrapper transformation, building on the work of Launchbury and Peyton-Jones who developed it as a way of changing the type at which a recursive function operates. This development establishes the soundness of the technique and several examples of its use.", "authors": [ "Peter Gammie" ], "date": "2009-10-30", "id": 648, "link": "/entries/WorkerWrapper.html", "permalink": "/entries/WorkerWrapper.html", "shortname": "WorkerWrapper", "title": "The Worker/Wrapper Transformation", "topic_links": [ "computer-science/functional-programming" ], "topics": [ "Computer science/Functional programming" ], "used_by": 0 }, { "abstract": "We develop a basic theory of ordinals and cardinals in Isabelle/HOL, up to the point where some cardinality facts relevant for the ``working mathematician\" become available. Unlike in set theory, here we do not have at hand canonical notions of ordinal and cardinal. Therefore, here an ordinal is merely a well-order relation and a cardinal is an ordinal minim w.r.t. order embedding on its field.", "authors": [ "Andrei Popescu" ], "date": "2009-09-01", "id": 649, "link": "/entries/Ordinals_and_Cardinals.html", "permalink": "/entries/Ordinals_and_Cardinals.html", "shortname": "Ordinals_and_Cardinals", "title": "Ordinals and Cardinals", "topic_links": [ "logic/set-theory" ], "topics": [ "Logic/Set theory" ], "used_by": 0 }, { "abstract": "The invertibility of the rules of a sequent calculus is important for guiding proof search and can be used in some formalised proofs of Cut admissibility. We present sufficient conditions for when a rule is invertible with respect to a calculus. We illustrate the conditions with examples. It must be noted we give purely syntactic criteria; no guarantees are given as to the suitability of the rules.", "authors": [ "Peter Chapman" ], "date": "2009-08-28", "id": 650, "link": "/entries/SequentInvertibility.html", "permalink": "/entries/SequentInvertibility.html", "shortname": "SequentInvertibility", "title": "Invertibility in Sequent Calculi", "topic_links": [ "logic/proof-theory" ], "topics": [ "Logic/Proof theory" ], "used_by": 0 }, { "abstract": "We formalize the usual proof that the group generated by the function k -\u003e k + 1 on the integers gives rise to a cofinitary group.", "authors": [ "Bart Kastermans" ], "date": "2009-08-04", "id": 651, "link": "/entries/CofGroups.html", "permalink": "/entries/CofGroups.html", "shortname": "CofGroups", "title": "An Example of a Cofinitary Group in Isabelle/HOL", "topic_links": [ "mathematics/algebra" ], "topics": [ "Mathematics/Algebra" ], "used_by": 0 }, { "abstract": "FinFuns are total functions that are constant except for a finite set of points, i.e. a generalisation of finite maps. They are formalised as a new type in Isabelle/HOL such that the code generator can handle equality tests and quantification on FinFuns. On the code output level, FinFuns are explicitly represented by constant functions and pointwise updates, similarly to associative lists. Inside the logic, they behave like ordinary functions with extensionality. Via the update/constant pattern, a recursion combinator and an induction rule for FinFuns allow for defining and reasoning about operators on FinFun that are also executable.", "authors": [ "Andreas Lochbihler" ], "date": "2009-05-06", "id": 652, "link": "/entries/FinFun.html", "permalink": "/entries/FinFun.html", "shortname": "FinFun", "title": "Code Generation for Functions as Data", "topic_links": [ "computer-science/data-structures" ], "topics": [ "Computer science/Data structures" ], "used_by": 4 }, { "abstract": "Stream Fusion is a system for removing intermediate list structures from Haskell programs; it consists of a Haskell library along with several compiler rewrite rules. (The library is available \u003ca href=\"http://hackage.haskell.org/package/stream-fusion\"\u003eonline\u003c/a\u003e.)\u003cbr\u003e\u003cbr\u003eThese theories contain a formalization of much of the Stream Fusion library in HOLCF. Lazy list and stream types are defined, along with coercions between the two types, as well as an equivalence relation for streams that generate the same list. List and stream versions of map, filter, foldr, enumFromTo, append, zipWith, and concatMap are defined, and the stream versions are shown to respect stream equivalence.", "authors": [ "Brian Huffman" ], "date": "2009-04-29", "id": 653, "link": "/entries/Stream-Fusion.html", "permalink": "/entries/Stream-Fusion.html", "shortname": "Stream-Fusion", "title": "Stream Fusion", "topic_links": [ "computer-science/functional-programming" ], "topics": [ "Computer science/Functional programming" ], "used_by": 0 }, { "abstract": "This document contains the Isabelle/HOL sources underlying the paper \u003ci\u003eA bytecode logic for JML and types\u003c/i\u003e by Beringer and Hofmann, updated to Isabelle 2008. We present a program logic for a subset of sequential Java bytecode that is suitable for representing both, features found in high-level specification language JML as well as interpretations of high-level type systems. To this end, we introduce a fine-grained collection of assertions, including strong invariants, local annotations and VDM-reminiscent partial-correctness specifications. Thanks to a goal-oriented structure and interpretation of judgements, verification may proceed without recourse to an additional control flow analysis. The suitability for interpreting intensional type systems is illustrated by the proof-carrying-code style encoding of a type system for a first-order functional language which guarantees a constant upper bound on the number of objects allocated throughout an execution, be the execution terminating or non-terminating. Like the published paper, the formal development is restricted to a comparatively small subset of the JVML, lacking (among other features) exceptions, arrays, virtual methods, and static fields. This shortcoming has been overcome meanwhile, as our paper has formed the basis of the Mobius base logic, a program logic for the full sequential fragment of the JVML. Indeed, the present formalisation formed the basis of a subsequent formalisation of the Mobius base logic in the proof assistant Coq, which includes a proof of soundness with respect to the Bicolano operational semantics by Pichardie.", "authors": [ "Lennart Beringer", "Martin Hofmann" ], "date": "2008-12-12", "id": 654, "link": "/entries/BytecodeLogicJmlTypes.html", "permalink": "/entries/BytecodeLogicJmlTypes.html", "shortname": "BytecodeLogicJmlTypes", "title": "A Bytecode Logic for JML and Types", "topic_links": [ "computer-science/programming-languages/logics" ], "topics": [ "Computer science/Programming languages/Logics" ], "used_by": 0 }, { "abstract": "We present interpretations of type systems for secure information flow in Hoare logic, complementing previous encodings in relational program logics. We first treat the imperative language IMP, extended by a simple procedure call mechanism. For this language we consider base-line non-interference in the style of Volpano et al. and the flow-sensitive type system by Hunt and Sands. In both cases, we show how typing derivations may be used to automatically generate proofs in the program logic that certify the absence of illicit flows. We then add instructions for object creation and manipulation, and derive appropriate proof rules for base-line non-interference. As a consequence of our work, standard verification technology may be used for verifying that a concrete program satisfies the non-interference property.\u003cbr\u003e\u003cbr\u003eThe present proof development represents an update of the formalisation underlying our paper [CSF 2007] and is intended to resolve any ambiguities that may be present in the paper.", "authors": [ "Lennart Beringer", "Martin Hofmann" ], "date": "2008-11-10", "id": 655, "link": "/entries/SIFPL.html", "permalink": "/entries/SIFPL.html", "shortname": "SIFPL", "title": "Secure information flow and program logics", "topic_links": [ "computer-science/programming-languages/logics", "computer-science/security" ], "topics": [ "Computer science/Programming languages/Logics", "Computer science/Security" ], "used_by": 0 }, { "abstract": "Drawing on Sen's landmark work \"Collective Choice and Social Welfare\" (1970), this development proves Arrow's General Possibility Theorem, Sen's Liberal Paradox and May's Theorem in a general setting. The goal was to make precise the classical statements and proofs of these results, and to provide a foundation for more recent results such as the Gibbard-Satterthwaite and Duggan-Schwartz theorems.", "authors": [ "Peter Gammie" ], "date": "2008-11-09", "id": 656, "link": "/entries/SenSocialChoice.html", "permalink": "/entries/SenSocialChoice.html", "shortname": "SenSocialChoice", "title": "Some classical results in Social Choice Theory", "topic_links": [ "mathematics/games-and-economics" ], "topics": [ "Mathematics/Games and economics" ], "used_by": 0 }, { "abstract": "Tilings are defined inductively. It is shown that one form of mutilated chess board cannot be tiled with dominoes, while another one can be tiled with L-shaped tiles. Please add further fun examples of this kind!", "authors": [ "Tobias Nipkow", "Lawrence C. Paulson" ], "date": "2008-11-07", "id": 657, "link": "/entries/FunWithTilings.html", "permalink": "/entries/FunWithTilings.html", "shortname": "FunWithTilings", "title": "Fun With Tilings", "topic_links": [ "mathematics/misc" ], "topics": [ "Mathematics/Misc" ], "used_by": 0 }, { "abstract": "Huffman's algorithm is a procedure for constructing a binary tree with minimum weighted path length. This report presents a formal proof of the correctness of Huffman's algorithm written using Isabelle/HOL. Our proof closely follows the sketches found in standard algorithms textbooks, uncovering a few snags in the process. Another distinguishing feature of our formalization is the use of custom induction rules to help Isabelle's automatic tactics, leading to very short proofs for most of the lemmas.", "authors": [ "Jasmin Christian Blanchette" ], "date": "2008-10-15", "id": 658, "link": "/entries/Huffman.html", "permalink": "/entries/Huffman.html", "shortname": "Huffman", "title": "The Textbook Proof of Huffman's Algorithm", "topic_links": [ "computer-science/data-structures" ], "topics": [ "Computer science/Data structures" ], "used_by": 1 }, { "abstract": "Slicing is a widely-used technique with applications in e.g. compiler technology and software security. Thus verification of algorithms in these areas is often based on the correctness of slicing, which should ideally be proven independent of concrete programming languages and with the help of well-known verifying techniques such as proof assistants. As a first step in this direction, this contribution presents a framework for dynamic and static intraprocedural slicing based on control flow and program dependence graphs. Abstracting from concrete syntax we base the framework on a graph representation of the program fulfilling certain structural and well-formedness properties.\u003cbr\u003e\u003cbr\u003eThe formalization consists of the basic framework (in subdirectory Basic/), the correctness proof for dynamic slicing (in subdirectory Dynamic/), the correctness proof for static intraprocedural slicing (in subdirectory StaticIntra/) and instantiations of the framework with a simple While language (in subdirectory While/) and the sophisticated object-oriented bytecode language of Jinja (in subdirectory JinjaVM/). For more information on the framework, see the TPHOLS 2008 paper by Wasserrab and Lochbihler and the PLAS 2009 paper by Wasserrab et al.", "authors": [ "Daniel Wasserrab" ], "date": "2008-09-16", "id": 659, "link": "/entries/Slicing.html", "permalink": "/entries/Slicing.html", "shortname": "Slicing", "title": "Towards Certified Slicing", "topic_links": [ "computer-science/programming-languages/static-analysis" ], "topics": [ "Computer science/Programming languages/Static analysis" ], "used_by": 2 }, { "abstract": "The Volpano/Smith/Irvine security type systems requires that variables are annotated as high (secret) or low (public), and provides typing rules which guarantee that secret values cannot leak to public output ports. This property of a program is called confidentiality. For a simple while-language without threads, our proof shows that typeability in the Volpano/Smith system guarantees noninterference. Noninterference means that if two initial states for program execution are low-equivalent, then the final states are low-equivalent as well. This indeed implies that secret values cannot leak to public ports. The proof defines an abstract syntax and operational semantics for programs, formalizes noninterference, and then proceeds by rule induction on the operational semantics. The mathematically most intricate part is the treatment of implicit flows. Note that the Volpano/Smith system is not flow-sensitive and thus quite unprecise, resulting in false alarms. However, due to the correctness property, all potential breaks of confidentiality are discovered.", "authors": [ "Gregor Snelting", "Daniel Wasserrab" ], "date": "2008-09-02", "id": 660, "link": "/entries/VolpanoSmith.html", "permalink": "/entries/VolpanoSmith.html", "shortname": "VolpanoSmith", "title": "A Correctness Proof for the Volpano/Smith Security Typing System", "topic_links": [ "computer-science/programming-languages/type-systems", "computer-science/security" ], "topics": [ "Computer science/Programming languages/Type systems", "Computer science/Security" ], "used_by": 0 }, { "abstract": "This article formalizes two proofs of Arrow's impossibility theorem due to Geanakoplos and derives the Gibbard-Satterthwaite theorem as a corollary. One formalization is based on utility functions, the other one on strict partial orders.\u003cbr\u003e\u003cbr\u003eAn article about these proofs is found \u003ca href=\"http://www21.in.tum.de/~nipkow/pubs/arrow.html\"\u003ehere\u003c/a\u003e.", "authors": [ "Tobias Nipkow" ], "date": "2008-09-01", "id": 661, "link": "/entries/ArrowImpossibilityGS.html", "permalink": "/entries/ArrowImpossibilityGS.html", "shortname": "ArrowImpossibilityGS", "title": "Arrow and Gibbard-Satterthwaite", "topic_links": [ "mathematics/games-and-economics" ], "topics": [ "Mathematics/Games and economics" ], "used_by": 0 }, { "abstract": "This is a collection of cute puzzles of the form ``Show that if a function satisfies the following constraints, it must be ...'' Please add further examples to this collection!", "authors": [ "Tobias Nipkow" ], "date": "2008-08-26", "id": 662, "link": "/entries/FunWithFunctions.html", "permalink": "/entries/FunWithFunctions.html", "shortname": "FunWithFunctions", "title": "Fun With Functions", "topic_links": [ "mathematics/misc" ], "topics": [ "Mathematics/Misc" ], "used_by": 0 }, { "abstract": "This document contains formal correctness proofs of modern SAT solvers. Following (Krstic et al, 2007) and (Nieuwenhuis et al., 2006), solvers are described using state-transition systems. Several different SAT solver descriptions are given and their partial correctness and termination is proved. These include: \u003cul\u003e \u003cli\u003e a solver based on classical DPLL procedure (using only a backtrack-search with unit propagation),\u003c/li\u003e \u003cli\u003e a very general solver with backjumping and learning (similar to the description given in (Nieuwenhuis et al., 2006)), and\u003c/li\u003e \u003cli\u003e a solver with a specific conflict analysis algorithm (similar to the description given in (Krstic et al., 2007)).\u003c/li\u003e \u003c/ul\u003e Within the SAT solver correctness proofs, a large number of lemmas about propositional logic and CNF formulae are proved. This theory is self-contained and could be used for further exploring of properties of CNF based SAT algorithms.", "authors": [ "Filip Marić" ], "date": "2008-07-23", "id": 663, "link": "/entries/SATSolverVerification.html", "permalink": "/entries/SATSolverVerification.html", "shortname": "SATSolverVerification", "title": "Formal Verification of Modern SAT Solvers", "topic_links": [ "computer-science/algorithms" ], "topics": [ "Computer science/Algorithms" ], "used_by": 0 }, { "abstract": "This document presents the formalization of introductory material from recursion theory --- definitions and basic properties of primitive recursive functions, Cantor pairing function and computably enumerable sets (including a proof of existence of a one-complete computably enumerable set and a proof of the Rice's theorem).", "authors": [ "Michael Nedzelsky" ], "date": "2008-04-05", "id": 664, "link": "/entries/Recursion-Theory-I.html", "permalink": "/entries/Recursion-Theory-I.html", "shortname": "Recursion-Theory-I", "title": "Recursion Theory I", "topic_links": [ "logic/computability" ], "topics": [ "Logic/Computability" ], "used_by": 1 }, { "abstract": "We present the theory of Simpl, a sequential imperative programming language. We introduce its syntax, its semantics (big and small-step operational semantics) and Hoare logics for both partial as well as total correctness. We prove soundness and completeness of the Hoare logic. We integrate and automate the Hoare logic in Isabelle/HOL to obtain a practically usable verification environment for imperative programs. Simpl is independent of a concrete programming language but expressive enough to cover all common language features: mutually recursive procedures, abrupt termination and exceptions, runtime faults, local and global variables, pointers and heap, expressions with side effects, pointers to procedures, partial application and closures, dynamic method invocation and also unbounded nondeterminism.", "authors": [ "Norbert Schirmer" ], "date": "2008-02-29", "id": 665, "link": "/entries/Simpl.html", "permalink": "/entries/Simpl.html", "shortname": "Simpl", "title": "A Sequential Imperative Programming Language Syntax, Semantics, Hoare Logics and Verification Environment", "topic_links": [ "computer-science/programming-languages/language-definitions", "computer-science/programming-languages/logics" ], "topics": [ "Computer science/Programming languages/Language definitions", "Computer science/Programming languages/Logics" ], "used_by": 2 }, { "abstract": "We present the verification of the normalisation of a binary decision diagram (BDD). The normalisation follows the original algorithm presented by Bryant in 1986 and transforms an ordered BDD in a reduced, ordered and shared BDD. The verification is based on Hoare logics.", "authors": [ "Veronika Ortner", "Norbert Schirmer" ], "date": "2008-02-29", "id": 666, "link": "/entries/BDD.html", "permalink": "/entries/BDD.html", "shortname": "BDD", "title": "BDD Normalisation", "topic_links": [ "computer-science/data-structures" ], "topics": [ "Computer science/Data structures" ], "used_by": 0 }, { "abstract": "This article formalizes normalization by evaluation as implemented in Isabelle. Lambda calculus plus term rewriting is compiled into a functional program with pattern matching. It is proved that the result of a successful evaluation is a) correct, i.e. equivalent to the input, and b) in normal form.", "authors": [ "Klaus Aehlig", "Tobias Nipkow" ], "date": "2008-02-18", "id": 667, "link": "/entries/NormByEval.html", "permalink": "/entries/NormByEval.html", "shortname": "NormByEval", "title": "Normalization by Evaluation", "topic_links": [ "computer-science/programming-languages/compiling" ], "topics": [ "Computer science/Programming languages/Compiling" ], "used_by": 0 }, { "abstract": "This article formalizes quantifier elimination procedures for dense linear orders, linear real arithmetic and Presburger arithmetic. In each case both a DNF-based non-elementary algorithm and one or more (doubly) exponential NNF-based algorithms are formalized, including the well-known algorithms by Ferrante and Rackoff and by Cooper. The NNF-based algorithms for dense linear orders are new but based on Ferrante and Rackoff and on an algorithm by Loos and Weisspfenning which simulates infenitesimals. All algorithms are directly executable. In particular, they yield reflective quantifier elimination procedures for HOL itself. The formalization makes heavy use of locales and is therefore highly modular.", "authors": [ "Tobias Nipkow" ], "date": "2008-01-11", "id": 668, "link": "/entries/LinearQuantifierElim.html", "permalink": "/entries/LinearQuantifierElim.html", "shortname": "LinearQuantifierElim", "title": "Quantifier Elimination for Linear Arithmetic", "topic_links": [ "logic/general-logic/decidability-of-theories" ], "topics": [ "Logic/General logic/Decidability of theories" ], "used_by": 0 }, { "abstract": "In this work we formally verify the soundness and precision of a static program analysis that detects conflicts (e. g. data races) in programs with procedures, thread creation and monitors with the Isabelle theorem prover. As common in static program analysis, our program model abstracts guarded branching by nondeterministic branching, but completely interprets the call-/return behavior of procedures, synchronization by monitors, and thread creation. The analysis is based on the observation that all conflicts already occur in a class of particularly restricted schedules. These restricted schedules are suited to constraint-system-based program analysis. The formalization is based upon a flowgraph-based program model with an operational semantics as reference point.", "authors": [ "Peter Lammich", "Markus MĂŒller-Olm" ], "date": "2007-12-14", "id": 669, "link": "/entries/Program-Conflict-Analysis.html", "permalink": "/entries/Program-Conflict-Analysis.html", "shortname": "Program-Conflict-Analysis", "title": "Formalization of Conflict Analysis of Programs with Procedures, Thread Creation, and Monitors", "topic_links": [ "computer-science/programming-languages/static-analysis" ], "topics": [ "Computer science/Programming languages/Static analysis" ], "used_by": 1 }, { "abstract": "We extend the Jinja source code semantics by Klein and Nipkow with Java-style arrays and threads. Concurrency is captured in a generic framework semantics for adding concurrency through interleaving to a sequential semantics, which features dynamic thread creation, inter-thread communication via shared memory, lock synchronisation and joins. Also, threads can suspend themselves and be notified by others. We instantiate the framework with the adapted versions of both Jinja source and byte code and show type safety for the multithreaded case. Equally, the compiler from source to byte code is extended, for which we prove weak bisimilarity between the source code small step semantics and the defensive Jinja virtual machine. On top of this, we formalise the JMM and show the DRF guarantee and consistency. For description of the different parts, see Lochbihler's papers at FOOL 2008, ESOP 2010, ITP 2011, and ESOP 2012.", "authors": [ "Andreas Lochbihler" ], "date": "2007-12-03", "id": 670, "link": "/entries/JinjaThreads.html", "permalink": "/entries/JinjaThreads.html", "shortname": "JinjaThreads", "title": "Jinja with Threads", "topic_links": [ "computer-science/programming-languages/language-definitions" ], "topics": [ "Computer science/Programming languages/Language definitions" ], "used_by": 0 }, { "abstract": "This article is an Isabelle formalisation of a paper with the same title. In a similar way as Knuth's 0-1-principle for sorting algorithms, that paper develops a 0-1-2-principle for parallel prefix computations.", "authors": [ "Sascha Böhme" ], "date": "2007-11-06", "id": 671, "link": "/entries/MuchAdoAboutTwo.html", "permalink": "/entries/MuchAdoAboutTwo.html", "shortname": "MuchAdoAboutTwo", "title": "Much Ado About Two", "topic_links": [ "computer-science/algorithms" ], "topics": [ "Computer science/Algorithms" ], "used_by": 0 }, { "abstract": "This document presents the mechanised proofs of\u003cul\u003e\u003cli\u003eFermat's Last Theorem for exponents 3 and 4 and\u003c/li\u003e\u003cli\u003ethe parametrisation of Pythagorean Triples.\u003c/li\u003e\u003c/ul\u003e", "authors": [ "Roelof Oosterhuis" ], "date": "2007-08-12", "id": 672, "link": "/entries/Fermat3_4.html", "permalink": "/entries/Fermat3_4.html", "shortname": "Fermat3_4", "title": "Fermat's Last Theorem for Exponents 3 and 4 and the Parametrisation of Pythagorean Triples", "topic_links": [ "mathematics/number-theory" ], "topics": [ "Mathematics/Number theory" ], "used_by": 0 }, { "abstract": "This document presents the mechanised proofs of the following results:\u003cul\u003e\u003cli\u003eany prime number of the form 4m+1 can be written as the sum of two squares;\u003c/li\u003e\u003cli\u003eany natural number can be written as the sum of four squares\u003c/li\u003e\u003c/ul\u003e", "authors": [ "Roelof Oosterhuis" ], "date": "2007-08-12", "id": 673, "link": "/entries/SumSquares.html", "permalink": "/entries/SumSquares.html", "shortname": "SumSquares", "title": "Sums of Two and Four Squares", "topic_links": [ "mathematics/number-theory" ], "topics": [ "Mathematics/Number theory" ], "used_by": 0 }, { "abstract": "Convergence with respect to a valuation is discussed as convergence of a Cauchy sequence. Cauchy sequences of polynomials are defined. They are used to formalize Hensel's lemma.", "authors": [ "Hidetsune Kobayashi" ], "date": "2007-08-08", "id": 674, "link": "/entries/Valuation.html", "permalink": "/entries/Valuation.html", "shortname": "Valuation", "title": "Fundamental Properties of Valuation Theory and Hensel's Lemma", "topic_links": [ "mathematics/algebra" ], "topics": [ "Mathematics/Algebra" ], "used_by": 0 }, { "abstract": "We present a formalization of parts of Melvin Fitting's book \"First-Order Logic and Automated Theorem Proving\". The formalization covers the syntax of first-order logic, its semantics, the model existence theorem, a natural deduction proof calculus together with a proof of correctness and completeness, as well as the Löwenheim-Skolem theorem.", "authors": [ "Stefan Berghofer" ], "date": "2007-08-02", "id": 675, "link": "/entries/FOL-Fitting.html", "permalink": "/entries/FOL-Fitting.html", "shortname": "FOL-Fitting", "title": "First-Order Logic According to Fitting", "topic_links": [ "logic/general-logic/classical-first-order-logic" ], "topics": [ "Logic/General logic/Classical first-order logic" ], "used_by": 2 }, { "abstract": "We present a solution to the POPLmark challenge designed by Aydemir et al., which has as a goal the formalization of the meta-theory of System F\u003csub\u003e\u0026lt;:\u003c/sub\u003e. The formalization is carried out in the theorem prover Isabelle/HOL using an encoding based on de Bruijn indices. We start with a relatively simple formalization covering only the basic features of System F\u003csub\u003e\u0026lt;:\u003c/sub\u003e, and explain how it can be extended to also cover records and more advanced binding constructs.", "authors": [ "Stefan Berghofer" ], "date": "2007-08-02", "id": 676, "link": "/entries/POPLmark-deBruijn.html", "permalink": "/entries/POPLmark-deBruijn.html", "shortname": "POPLmark-deBruijn", "title": "POPLmark Challenge Via de Bruijn Indices", "topic_links": [ "computer-science/programming-languages/lambda-calculi" ], "topics": [ "Computer science/Programming languages/Lambda calculi" ], "used_by": 0 }, { "abstract": "Two models of an electronic hotel key card system are contrasted: a state based and a trace based one. Both are defined, verified, and proved equivalent in the theorem prover Isabelle/HOL. It is shown that if a guest follows a certain safety policy regarding her key cards, she can be sure that nobody but her can enter her room.", "authors": [ "Tobias Nipkow" ], "date": "2006-09-09", "id": 677, "link": "/entries/HotelKeyCards.html", "permalink": "/entries/HotelKeyCards.html", "shortname": "HotelKeyCards", "title": "Hotel Key Card System", "topic_links": [ "computer-science/security" ], "topics": [ "Computer science/Security" ], "used_by": 0 }, { "abstract": "These therories describe Hoare logics for a number of imperative language constructs, from while-loops to mutually recursive procedures. Both partial and total correctness are treated. In particular a proof system for total correctness of recursive procedures in the presence of unbounded nondeterminism is presented.", "authors": [ "Tobias Nipkow" ], "date": "2006-08-08", "id": 678, "link": "/entries/Abstract-Hoare-Logics.html", "permalink": "/entries/Abstract-Hoare-Logics.html", "shortname": "Abstract-Hoare-Logics", "title": "Abstract Hoare Logics", "topic_links": [ "computer-science/programming-languages/logics" ], "topics": [ "Computer science/Programming languages/Logics" ], "used_by": 0 }, { "abstract": "These theories present the verified enumeration of \u003ci\u003etame\u003c/i\u003e plane graphs as defined by Thomas C. Hales in his proof of the Kepler Conjecture in his book \u003ci\u003eDense Sphere Packings. A Blueprint for Formal Proofs.\u003c/i\u003e [CUP 2012]. The values of the constants in the definition of tameness are identical to those in the \u003ca href=\"https://code.google.com/p/flyspeck/\"\u003eFlyspeck project\u003c/a\u003e. The \u003ca href=\"http://www21.in.tum.de/~nipkow/pubs/Flyspeck/\"\u003eIJCAR 2006 paper by Nipkow, Bauer and Schultz\u003c/a\u003e refers to the original version of Hales' proof, the \u003ca href=\"http://www21.in.tum.de/~nipkow/pubs/itp11.html\"\u003eITP 2011 paper by Nipkow\u003c/a\u003e refers to the Blueprint version of the proof.", "authors": [ "Gertrud Bauer", "Tobias Nipkow" ], "date": "2006-05-22", "id": 679, "link": "/entries/Flyspeck-Tame.html", "permalink": "/entries/Flyspeck-Tame.html", "shortname": "Flyspeck-Tame", "title": "Flyspeck I: Tame Graphs", "topic_links": [ "mathematics/graph-theory" ], "topics": [ "Mathematics/Graph theory" ], "used_by": 1 }, { "abstract": "We present an operational semantics and type safety proof for multiple inheritance in C++. The semantics models the behavior of method calls, field accesses, and two forms of casts in C++ class hierarchies. For explanations see the OOPSLA 2006 paper by Wasserrab, Nipkow, Snelting and Tip.", "authors": [ "Daniel Wasserrab" ], "date": "2006-05-15", "id": 680, "link": "/entries/CoreC++.html", "permalink": "/entries/CoreC++.html", "shortname": "CoreC++", "title": "CoreC++", "topic_links": [ "computer-science/programming-languages/language-definitions" ], "topics": [ "Computer science/Programming languages/Language definitions" ], "used_by": 0 }, { "abstract": "We formalize the type system, small-step operational semantics, and type soundness proof for Featherweight Java, a simple object calculus, in Isabelle/HOL.", "authors": [ "J. Nathan Foster", "Dimitrios Vytiniotis" ], "date": "2006-03-31", "id": 681, "link": "/entries/FeatherweightJava.html", "permalink": "/entries/FeatherweightJava.html", "shortname": "FeatherweightJava", "title": "A Theory of Featherweight Java in Isabelle/HOL", "topic_links": [ "computer-science/programming-languages/language-definitions" ], "topics": [ "Computer science/Programming languages/Language definitions" ], "used_by": 0 }, { "abstract": "F. B. Schneider (\"Understanding protocols for Byzantine clock synchronization\") generalizes a number of protocols for Byzantine fault-tolerant clock synchronization and presents a uniform proof for their correctness. In Schneider's schema, each processor maintains a local clock by periodically adjusting each value to one computed by a convergence function applied to the readings of all the clocks. Then, correctness of an algorithm, i.e. that the readings of two clocks at any time are within a fixed bound of each other, is based upon some conditions on the convergence function. To prove that a particular clock synchronization algorithm is correct it suffices to show that the convergence function used by the algorithm meets Schneider's conditions. Using the theorem prover Isabelle, we formalize the proofs that the convergence functions of two algorithms, namely, the Interactive Convergence Algorithm (ICA) of Lamport and Melliar-Smith and the Fault-tolerant Midpoint algorithm of Lundelius-Lynch, meet Schneider's conditions. Furthermore, we experiment on handling some parts of the proofs with fully automatic tools like ICS and CVC-lite. These theories are part of a joint work with Alwen Tiu and Leonor P. Nieto \u003ca href=\"http://users.rsise.anu.edu.au/~tiu/clocksync.pdf\"\u003e\"Verification of Clock Synchronization Algorithms: Experiments on a combination of deductive tools\"\u003c/a\u003e in proceedings of AVOCS 2005. In this work the correctness of Schneider schema was also verified using Isabelle (entry \u003ca href=\"GenClock.html\"\u003eGenClock\u003c/a\u003e in AFP).", "authors": [ "DamiĂĄn Barsotti" ], "date": "2006-03-15", "id": 682, "link": "/entries/ClockSynchInst.html", "permalink": "/entries/ClockSynchInst.html", "shortname": "ClockSynchInst", "title": "Instances of Schneider's generalized protocol of clock synchronization", "topic_links": [ "computer-science/algorithms/distributed" ], "topics": [ "Computer science/Algorithms/Distributed" ], "used_by": 0 }, { "abstract": "This document presents the mechanised proofs of two popular theorems attributed to Augustin Louis Cauchy - Cauchy's Mean Theorem and the Cauchy-Schwarz Inequality.", "authors": [ "Benjamin Porter" ], "date": "2006-03-14", "id": 683, "link": "/entries/Cauchy.html", "permalink": "/entries/Cauchy.html", "shortname": "Cauchy", "title": "Cauchy's Mean Theorem and the Cauchy-Schwarz Inequality", "topic_links": [ "mathematics/analysis" ], "topics": [ "Mathematics/Analysis" ], "used_by": 1 }, { "abstract": "This development defines a well-ordered type of countable ordinals. It includes notions of continuous and normal functions, recursively defined functions over ordinals, least fixed-points, and derivatives. Much of ordinal arithmetic is formalized, including exponentials and logarithms. The development concludes with formalizations of Cantor Normal Form and Veblen hierarchies over normal functions.", "authors": [ "Brian Huffman" ], "date": "2005-11-11", "id": 684, "link": "/entries/Ordinal.html", "permalink": "/entries/Ordinal.html", "shortname": "Ordinal", "title": "Countable Ordinals", "topic_links": [ "logic/set-theory" ], "topics": [ "Logic/Set theory" ], "used_by": 1 }, { "abstract": "We formalise a functional implementation of the FFT algorithm over the complex numbers, and its inverse. Both are shown equivalent to the usual definitions of these operations through Vandermonde matrices. They are also shown to be inverse to each other, more precisely, that composition of the inverse and the transformation yield the identity up to a scalar.", "authors": [ "Clemens Ballarin" ], "date": "2005-10-12", "id": 685, "link": "/entries/FFT.html", "permalink": "/entries/FFT.html", "shortname": "FFT", "title": "Fast Fourier Transform", "topic_links": [ "computer-science/algorithms/mathematical" ], "topics": [ "Computer science/Algorithms/Mathematical" ], "used_by": 0 }, { "abstract": "We formalize the generalized Byzantine fault-tolerant clock synchronization protocol of Schneider. This protocol abstracts from particular algorithms or implementations for clock synchronization. This abstraction includes several assumptions on the behaviors of physical clocks and on general properties of concrete algorithms/implementations. Based on these assumptions the correctness of the protocol is proved by Schneider. His proof was later verified by Shankar using the theorem prover EHDM (precursor to PVS). Our formalization in Isabelle/HOL is based on Shankar's formalization.", "authors": [ "Alwen Tiu" ], "date": "2005-06-24", "id": 686, "link": "/entries/GenClock.html", "permalink": "/entries/GenClock.html", "shortname": "GenClock", "title": "Formalization of a Generalized Protocol for Clock Synchronization", "topic_links": [ "computer-science/algorithms/distributed" ], "topics": [ "Computer science/Algorithms/Distributed" ], "used_by": 0 }, { "abstract": "Disk Paxos is an algorithm for building arbitrary fault-tolerant distributed systems. The specification of Disk Paxos has been proved correct informally and tested using the TLC model checker, but up to now, it has never been fully formally verified. In this work we have formally verified its correctness using the Isabelle theorem prover and the HOL logic system, showing that Isabelle is a practical tool for verifying properties of TLA+ specifications.", "authors": [ "Mauro Jaskelioff", "Stephan Merz" ], "date": "2005-06-22", "id": 687, "link": "/entries/DiskPaxos.html", "permalink": "/entries/DiskPaxos.html", "shortname": "DiskPaxos", "title": "Proving the Correctness of Disk Paxos", "topic_links": [ "computer-science/algorithms/distributed" ], "topics": [ "Computer science/Algorithms/Distributed" ], "used_by": 0 }, { "abstract": "This document presents the formalization of an object-oriented data and store model in Isabelle/HOL. This model is being used in the Java Interactive Verification Environment, Jive.", "authors": [ "Nicole Rauch", "Norbert Schirmer" ], "date": "2005-06-20", "id": 688, "link": "/entries/JiveDataStoreModel.html", "permalink": "/entries/JiveDataStoreModel.html", "shortname": "JiveDataStoreModel", "title": "Jive Data and Store Model", "topic_links": [ "computer-science/programming-languages/misc" ], "topics": [ "Computer science/Programming languages/Misc" ], "used_by": 0 }, { "abstract": "We introduce Jinja, a Java-like programming language with a formal semantics designed to exhibit core features of the Java language architecture. Jinja is a compromise between realism of the language and tractability and clarity of the formal semantics. The following aspects are formalised: a big and a small step operational semantics for Jinja and a proof of their equivalence; a type system and a definite initialisation analysis; a type safety proof of the small step semantics; a virtual machine (JVM), its operational semantics and its type system; a type safety proof for the JVM; a bytecode verifier, i.e. data flow analyser for the JVM; a correctness proof of the bytecode verifier w.r.t. the type system; a compiler and a proof that it preserves semantics and well-typedness. The emphasis of this work is not on particular language features but on providing a unified model of the source language, the virtual machine and the compiler. The whole development has been carried out in the theorem prover Isabelle/HOL.", "authors": [ "Gerwin Klein", "Tobias Nipkow" ], "date": "2005-06-01", "id": 689, "link": "/entries/Jinja.html", "permalink": "/entries/Jinja.html", "shortname": "Jinja", "title": "Jinja is not Java", "topic_links": [ "computer-science/programming-languages/language-definitions" ], "topics": [ "Computer science/Programming languages/Language definitions" ], "used_by": 4 }, { "abstract": "Formal verification is getting more and more important in computer science. However the state of the art formal verification methods in cryptography are very rudimentary. These theories are one step to provide a tool box allowing the use of formal methods in every aspect of cryptography. Moreover we present a proof of concept for the feasibility of verification techniques to a standard signature algorithm.", "authors": [ "Christina Lindenberg", "Kai Wirt" ], "date": "2005-05-02", "id": 690, "link": "/entries/RSAPSS.html", "permalink": "/entries/RSAPSS.html", "shortname": "RSAPSS", "title": "SHA1, RSA, PSS and more", "topic_links": [ "computer-science/security/cryptography" ], "topics": [ "Computer science/Security/Cryptography" ], "used_by": 0 }, { "abstract": "This development proves Yoneda's lemma and aims to be readable by humans. It only defines what is needed for the lemma: categories, functors and natural transformations. Limits, adjunctions and other important concepts are not included.", "authors": [ "Greg O'Keefe" ], "date": "2005-04-21", "id": 691, "link": "/entries/Category.html", "permalink": "/entries/Category.html", "shortname": "Category", "title": "Category Theory to Yoneda's Lemma", "topic_links": [ "mathematics/category-theory" ], "topics": [ "Mathematics/Category theory" ], "used_by": 0 }, { "abstract": "These theories illustrates the verification of basic file operations (file creation, file read and file write) in the Isabelle theorem prover. We describe a file at two levels of abstraction: an abstract file represented as a resizable array, and a concrete file represented using data blocks.", "authors": [ "Karen Zee", "Viktor Kuncak" ], "date": "2004-12-09", "id": 692, "link": "/entries/FileRefinement.html", "permalink": "/entries/FileRefinement.html", "shortname": "FileRefinement", "title": "File Refinement", "topic_links": [ "computer-science/data-structures" ], "topics": [ "Computer science/Data structures" ], "used_by": 0 }, { "abstract": "Lebesgue-style integration plays a major role in advanced probability. We formalize concepts of elementary measure theory, real-valued random variables as Borel-measurable functions, and a stepwise inductive definition of the integral itself. All proofs are carried out in human readable style using the Isar language.", "authors": [ "Stefan Richter" ], "date": "2004-11-19", "id": 693, "link": "/entries/Integration.html", "permalink": "/entries/Integration.html", "shortname": "Integration", "title": "Integration theory and random variables", "topic_links": [ "mathematics/analysis" ], "topics": [ "Mathematics/Analysis" ], "used_by": 0 }, { "abstract": "Soundness and completeness for a system of first order logic are formally proved, building on James Margetson's formalization of work by Wainer and Wallen. The completeness proofs naturally suggest an algorithm to derive proofs. This algorithm, which can be implemented tail recursively, is formalized in Isabelle/HOL. The algorithm can be executed via the rewriting tactics of Isabelle. Alternatively, the definitions can be exported to OCaml, yielding a directly executable program.", "authors": [ "Tom Ridge" ], "date": "2004-09-28", "id": 694, "link": "/entries/Verified-Prover.html", "permalink": "/entries/Verified-Prover.html", "shortname": "Verified-Prover", "title": "A Mechanically Verified, Efficient, Sound and Complete Theorem Prover For First Order Logic", "topic_links": [ "logic/general-logic/mechanization-of-proofs" ], "topics": [ "Logic/General logic/Mechanization of proofs" ], "used_by": 0 }, { "abstract": "The completeness of first-order logic is proved, following the first five pages of Wainer and Wallen's chapter of the book \u003ci\u003eProof Theory\u003c/i\u003e by Aczel et al., CUP, 1992. Their presentation of formulas allows the proofs to use symmetry arguments. Margetson formalized this theorem by early 2000. The Isar conversion is thanks to Tom Ridge. A paper describing the formalization is available \u003ca href=\"Completeness-paper.pdf\"\u003e[pdf]\u003c/a\u003e.", "authors": [ "James Margetson", "Tom Ridge" ], "date": "2004-09-20", "id": 695, "link": "/entries/Completeness.html", "permalink": "/entries/Completeness.html", "shortname": "Completeness", "title": "Completeness theorem", "topic_links": [ "logic/proof-theory" ], "topics": [ "Logic/Proof theory" ], "used_by": 0 }, { "abstract": "This formalization of Ramsey's theorem (infinitary version) is taken from Boolos and Jeffrey, \u003ci\u003eComputability and Logic\u003c/i\u003e, 3rd edition, Chapter 26. It differs slightly from the text by assuming a slightly stronger hypothesis. In particular, the induction hypothesis is stronger, holding for any infinite subset of the naturals. This avoids the rather peculiar mapping argument between kj and aikj on p.263, which is unnecessary and slightly mars this really beautiful result.", "authors": [ "Tom Ridge" ], "date": "2004-09-20", "id": 696, "link": "/entries/Ramsey-Infinite.html", "permalink": "/entries/Ramsey-Infinite.html", "shortname": "Ramsey-Infinite", "title": "Ramsey's theorem, infinitary version", "topic_links": [ "mathematics/combinatorics" ], "topics": [ "Mathematics/Combinatorics" ], "used_by": 0 }, { "abstract": "An exception compilation scheme that dynamically creates and removes exception handler entries on the stack. A formalization of an article of the same name by \u003ca href=\"http://www.cs.nott.ac.uk/~gmh/\"\u003eHutton\u003c/a\u003e and Wright.", "authors": [ "Tobias Nipkow" ], "date": "2004-07-09", "id": 697, "link": "/entries/Compiling-Exceptions-Correctly.html", "permalink": "/entries/Compiling-Exceptions-Correctly.html", "shortname": "Compiling-Exceptions-Correctly", "title": "Compiling Exceptions Correctly", "topic_links": [ "computer-science/programming-languages/compiling" ], "topics": [ "Computer science/Programming languages/Compiling" ], "used_by": 0 }, { "abstract": "Depth-first search of a graph is formalized with recdef. It is shown that it visits all of the reachable nodes from a given list of nodes. Executable ML code of depth-first search is obtained using the code generation feature of Isabelle/HOL.", "authors": [ "Toshiaki Nishihara", "Yasuhiko Minamide" ], "date": "2004-06-24", "id": 698, "link": "/entries/Depth-First-Search.html", "permalink": "/entries/Depth-First-Search.html", "shortname": "Depth-First-Search", "title": "Depth First Search", "topic_links": [ "computer-science/algorithms/graph" ], "topics": [ "Computer science/Algorithms/Graph" ], "used_by": 0 }, { "abstract": "The theory of groups, rings and modules is developed to a great depth. Group theory results include Zassenhaus's theorem and the Jordan-Hoelder theorem. The ring theory development includes ideals, quotient rings and the Chinese remainder theorem. The module development includes the Nakayama lemma, exact sequences and Tensor products.", "authors": [ "Hidetsune Kobayashi", "L. Chen", "H. Murao" ], "date": "2004-05-18", "id": 699, "link": "/entries/Group-Ring-Module.html", "permalink": "/entries/Group-Ring-Module.html", "shortname": "Group-Ring-Module", "title": "Groups, Rings and Modules", "topic_links": [ "mathematics/algebra" ], "topics": [ "Mathematics/Algebra" ], "used_by": 1 }, { "abstract": "This theory contains some useful extensions to the LList (lazy list) theory by \u003ca href=\"http://www.cl.cam.ac.uk/~lp15/\"\u003eLarry Paulson\u003c/a\u003e, including finite, infinite, and positive llists over an alphabet, as well as the new constants take and drop and the prefix order of llists. Finally, the notions of safety and liveness in the sense of Alpern and Schneider (1985) are defined.", "authors": [ "Stefan Friedrich" ], "date": "2004-04-26", "id": 700, "link": "/entries/Lazy-Lists-II.html", "permalink": "/entries/Lazy-Lists-II.html", "shortname": "Lazy-Lists-II", "title": "Lazy Lists II", "topic_links": [ "computer-science/data-structures" ], "topics": [ "Computer science/Data structures" ], "used_by": 1 }, { "abstract": "This entry contains two theories. The first, \u003ctt\u003eTopology\u003c/tt\u003e, develops the basic notions of general topology. The second, which can be viewed as a demonstration of the first, is called \u003ctt\u003eLList_Topology\u003c/tt\u003e. It develops the topology of lazy lists.", "authors": [ "Stefan Friedrich" ], "date": "2004-04-26", "id": 701, "link": "/entries/Topology.html", "permalink": "/entries/Topology.html", "shortname": "Topology", "title": "Topology", "topic_links": [ "mathematics/topology" ], "topics": [ "Mathematics/Topology" ], "used_by": 0 }, { "abstract": "The correctness is shown of binary search tree operations (lookup, insert and remove) implementing a set. Two versions are given, for both structured and linear (tactic-style) proofs. An implementation of integer-indexed maps is also verified.", "authors": [ "Viktor Kuncak" ], "date": "2004-04-05", "id": 702, "link": "/entries/BinarySearchTree.html", "permalink": "/entries/BinarySearchTree.html", "shortname": "BinarySearchTree", "title": "Binary Search Trees", "topic_links": [ "computer-science/data-structures" ], "topics": [ "Computer science/Data structures" ], "used_by": 0 }, { "abstract": "This theory defines deterministic and nondeterministic automata in a functional representation: the transition function/relation and the finality predicate are just functions. Hence the state space may be infinite. It is shown how to convert regular expressions into such automata. A scanner (generator) is implemented with the help of functional automata: the scanner chops the input up into longest recognized substrings. Finally we also show how to convert a certain subclass of functional automata (essentially the finite deterministic ones) into regular sets.", "authors": [ "Tobias Nipkow" ], "date": "2004-03-30", "id": 703, "link": "/entries/Functional-Automata.html", "permalink": "/entries/Functional-Automata.html", "shortname": "Functional-Automata", "title": "Functional Automata", "topic_links": [ "computer-science/automata-and-formal-languages" ], "topics": [ "Computer science/Automata and formal languages" ], "used_by": 0 }, { "abstract": "Two formalizations of AVL trees with room for extensions. The first formalization is monolithic and shorter, the second one in two stages, longer and a bit simpler. The final implementation is the same. If you are interested in developing this further, please contact \u003ctt\u003egerwin.klein@nicta.com.au\u003c/tt\u003e.", "authors": [ "Tobias Nipkow", "Cornelia Pusch" ], "date": "2004-03-19", "id": 704, "link": "/entries/AVL-Trees.html", "permalink": "/entries/AVL-Trees.html", "shortname": "AVL-Trees", "title": "AVL Trees", "topic_links": [ "computer-science/data-structures" ], "topics": [ "Computer science/Data structures" ], "used_by": 0 }, { "abstract": "This theory defines the type inference rules and the type inference algorithm \u003ci\u003eW\u003c/i\u003e for MiniML (simply-typed lambda terms with \u003ctt\u003elet\u003c/tt\u003e) due to Milner. It proves the soundness and completeness of \u003ci\u003eW\u003c/i\u003e w.r.t. the rules.", "authors": [ "Wolfgang Naraschewski", "Tobias Nipkow" ], "date": "2004-03-19", "id": 705, "link": "/entries/MiniML.html", "permalink": "/entries/MiniML.html", "shortname": "MiniML", "title": "Mini ML", "topic_links": [ "computer-science/programming-languages/type-systems" ], "topics": [ "Computer science/Programming languages/Type systems" ], "used_by": 0 } ] \ No newline at end of file diff --git a/web/sitemap.xml b/web/sitemap.xml --- a/web/sitemap.xml +++ b/web/sitemap.xml @@ -1,5867 +1,5869 @@ / 2022-09-28T00:00:00+00:00 /authors/ 2022-09-28T00:00:00+00:00 /dependencies/collections/ 2022-09-28T00:00:00+00:00 /dependencies/ 2022-09-28T00:00:00+00:00 /dependencies/deriving/ 2022-09-28T00:00:00+00:00 /entries/ 2022-09-28T00:00:00+00:00 /dependencies/list-index/ 2022-09-28T00:00:00+00:00 /entries/Safe_Range_RC.html 2022-09-28T00:00:00+00:00 /authors/raszyk/ 2022-09-28T00:00:00+00:00 /authors/traytel/ 2022-09-28T00:00:00+00:00 /dependencies/epistemic_logic/ 2022-09-23T00:00:00+00:00 /authors/guzman/ 2022-09-23T00:00:00+00:00 /entries/Stalnaker_Logic.html 2022-09-23T00:00:00+00:00 /authors/crighton/ 2022-09-22T00:00:00+00:00 /dependencies/localization_ring/ 2022-09-22T00:00:00+00:00 /entries/Padic_Field.html 2022-09-22T00:00:00+00:00 /dependencies/padic_ints/ 2022-09-22T00:00:00+00:00 /authors/doty/ 2022-09-18T00:00:00+00:00 /entries/Risk_Free_Lending.html 2022-09-18T00:00:00+00:00 /authors/from/ 2022-09-13T00:00:00+00:00 /entries/Implicational_Logic.html 2022-09-13T00:00:00+00:00 /authors/villadsen/ 2022-09-13T00:00:00+00:00 /dependencies/berlekamp_zassenhaus/ 2022-09-08T00:00:00+00:00 /entries/CRYSTALS-Kyber.html 2022-09-08T00:00:00+00:00 /authors/kreuzer/ 2022-09-08T00:00:00+00:00 /dependencies/number_theoretic_transform/ 2022-09-08T00:00:00+00:00 /authors/dardinier/ 2022-09-05T00:00:00+00:00 /entries/Separation_Logic_Unbounded.html 2022-09-05T00:00:00+00:00 /authors/argyraki/ 2022-09-02T00:00:00+00:00 /dependencies/bernoulli/ 2022-09-02T00:00:00+00:00 /authors/eberl/ 2022-09-02T00:00:00+00:00 /dependencies/jacobson_basic_algebra/ 2022-09-02T00:00:00+00:00 /entries/Khovanskii_Theorem.html 2022-09-02T00:00:00+00:00 /authors/paulson/ 2022-09-02T00:00:00+00:00 /dependencies/pluennecke_ruzsa_inequality/ 2022-09-02T00:00:00+00:00 /authors/sulejmani/ 2022-09-02T00:00:00+00:00 /entries/Hales_Jewett.html 2022-09-02T00:00:00+00:00 /authors/ammer/ 2022-08-18T00:00:00+00:00 /entries/Number_Theoretic_Transform.html 2022-08-18T00:00:00+00:00 /entries/SCC_Bloemen_Sequential.html 2022-08-17T00:00:00+00:00 /authors/merz/ 2022-08-17T00:00:00+00:00 /authors/trelat/ 2022-08-17T00:00:00+00:00 /authors/bortin/ 2022-08-15T00:00:00+00:00 /entries/Involutions2Squares.html 2022-08-15T00:00:00+00:00 /dependencies/containers/ 2022-08-09T00:00:00+00:00 /dependencies/datatype_order_generator/ 2022-08-09T00:00:00+00:00 /dependencies/native_word/ 2022-08-09T00:00:00+00:00 /authors/sachtleben/ 2022-08-09T00:00:00+00:00 /entries/FSM_Tests.html 2022-08-09T00:00:00+00:00 /authors/brucker/ 2022-07-29T00:00:00+00:00 /entries/Nano_JSON.html 2022-07-29T00:00:00+00:00 /topics/tools/ 2022-07-29T00:00:00+00:00 /topics/ 2022-07-29T00:00:00+00:00 /authors/echenim/ 2022-07-18T00:00:00+00:00 /entries/Solidity.html 2022-07-18T00:00:00+00:00 /authors/marmsoler/ 2022-07-18T00:00:00+00:00 /dependencies/projective_measurements/ 2022-07-18T00:00:00+00:00 /entries/Commuting_Hermitian.html 2022-07-18T00:00:00+00:00 /entries/Weighted_Arithmetic_Geometric_Mean.html 2022-07-11T00:00:00+00:00 /entries/IMP_Compiler_Reuse.html 2022-07-10T00:00:00+00:00 /authors/noce/ 2022-07-10T00:00:00+00:00 /authors/nipkow/ 2022-06-23T00:00:00+00:00 /entries/Real_Time_Deque.html 2022-06-23T00:00:00+00:00 /authors/toth/ 2022-06-23T00:00:00+00:00 /entries/Boolos_Curious_Inference.html 2022-06-20T00:00:00+00:00 /authors/ketland/ 2022-06-20T00:00:00+00:00 /dependencies/dirichlet_series/ 2022-06-08T00:00:00+00:00 /entries/Finite_Fields.html 2022-06-08T00:00:00+00:00 /entries/IsaNet.html 2022-06-08T00:00:00+00:00 /authors/karayel/ 2022-06-08T00:00:00+00:00 /authors/klenze/ 2022-06-08T00:00:00+00:00 /authors/sprenger/ 2022-06-08T00:00:00+00:00 /authors/bayer/ 2022-06-06T00:00:00+00:00 /authors/david/ 2022-06-06T00:00:00+00:00 /dependencies/digit_expansions/ 2022-06-06T00:00:00+00:00 /entries/DPRM_Theorem.html 2022-06-06T00:00:00+00:00 /dependencies/lucas_theorem/ 2022-06-06T00:00:00+00:00 /authors/matiyasevich/ 2022-06-06T00:00:00+00:00 /authors/pal/ 2022-06-06T00:00:00+00:00 /authors/schleicher/ 2022-06-06T00:00:00+00:00 /authors/stock/ 2022-06-06T00:00:00+00:00 /authors/lochmann/ 2022-06-02T00:00:00+00:00 /entries/Rewrite_Properties_Reduction.html 2022-06-02T00:00:00+00:00 /dependencies/regular_tree_relations/ 2022-06-02T00:00:00+00:00 /entries/Combinable_Wands.html 2022-05-30T00:00:00+00:00 /dependencies/package_logic/ 2022-05-30T00:00:00+00:00 /entries/Pluennecke_Ruzsa_Inequality.html 2022-05-26T00:00:00+00:00 /entries/Package_logic.html 2022-05-18T00:00:00+00:00 /entries/Clique_and_Monotone_Circuits.html 2022-05-08T00:00:00+00:00 /dependencies/stirling_formula/ 2022-05-08T00:00:00+00:00 /dependencies/sunflowers/ 2022-05-08T00:00:00+00:00 /authors/thiemann/ 2022-05-08T00:00:00+00:00 /dependencies/benor_kozen_reif/ 2022-04-21T00:00:00+00:00 /dependencies/design_theory/ 2022-04-21T00:00:00+00:00 /authors/edmonds/ 2022-04-21T00:00:00+00:00 /entries/Fishers_Inequality.html 2022-04-21T00:00:00+00:00 /dependencies/groebner_bases/ 2022-04-21T00:00:00+00:00 /dependencies/polynomial_factorization/ 2022-04-21T00:00:00+00:00 /entries/Digit_Expansions.html 2022-04-20T00:00:00+00:00 /authors/schmidinger/ 2022-04-20T00:00:00+00:00 /entries/Multiset_Ordering_NPC.html 2022-04-20T00:00:00+00:00 /dependencies/weighted_path_order/ 2022-04-20T00:00:00+00:00 /entries/Sophomores_Dream.html 2022-04-10T00:00:00+00:00 /entries/Prefix_Free_Code_Combinators.html 2022-04-08T00:00:00+00:00 /dependencies/bertrands_postulate/ 2022-04-08T00:00:00+00:00 /dependencies/equivalence_relation_enumeration/ 2022-04-08T00:00:00+00:00 /entries/Frequency_Moments.html 2022-04-08T00:00:00+00:00 /dependencies/interpolation_polynomials_hol_algebra/ 2022-04-08T00:00:00+00:00 /dependencies/lp/ 2022-04-08T00:00:00+00:00 /dependencies/median_method/ 2022-04-08T00:00:00+00:00 /dependencies/prefix_free_code_combinators/ 2022-04-08T00:00:00+00:00 /dependencies/universal_hash_families/ 2022-04-08T00:00:00+00:00 /entries/Dedekind_Real.html 2022-03-24T00:00:00+00:00 /authors/fleuriot/ 2022-03-24T00:00:00+00:00 /entries/Ackermanns_not_PR.html 2022-03-23T00:00:00+00:00 /entries/FOL_Seq_Calc3.html 2022-03-22T00:00:00+00:00 /dependencies/abstract_completeness/ 2022-03-22T00:00:00+00:00 /dependencies/abstract_soundness/ 2022-03-22T00:00:00+00:00 /entries/Cotangent_PFD_Formula.html 2022-03-15T00:00:00+00:00 /authors/gunther/ 2022-03-06T00:00:00+00:00 /authors/pagano/ 2022-03-06T00:00:00+00:00 /authors/steinberg/ 2022-03-06T00:00:00+00:00 /authors/terraf/ 2022-03-06T00:00:00+00:00 /entries/Independence_CH.html 2022-03-06T00:00:00+00:00 /dependencies/transitive_models/ 2022-03-06T00:00:00+00:00 /dependencies/delta_system_lemma/ 2022-03-03T00:00:00+00:00 /entries/Transitive_Models.html 2022-03-03T00:00:00+00:00 /entries/ResiduatedTransitionSystem.html 2022-02-28T00:00:00+00:00 /authors/stark/ 2022-02-28T00:00:00+00:00 /entries/Universal_Hash_Families.html 2022-02-20T00:00:00+00:00 /entries/Wetzels_Problem.html 2022-02-18T00:00:00+00:00 /dependencies/zfc_in_hol/ 2022-02-18T00:00:00+00:00 /entries/Eval_FO.html 2022-02-15T00:00:00+00:00 /entries/VYDRA_MDL.html 2022-02-13T00:00:00+00:00 /dependencies/card_equiv_relations/ 2022-02-04T00:00:00+00:00 /entries/Equivalence_Relation_Enumeration.html 2022-02-04T00:00:00+00:00 /entries/LP_Duality.html 2022-02-03T00:00:00+00:00 /authors/hirata/ 2022-02-03T00:00:00+00:00 /dependencies/linear_inequalities/ 2022-02-03T00:00:00+00:00 /authors/minamide/ 2022-02-03T00:00:00+00:00 /entries/Quasi_Borel_Spaces.html 2022-02-03T00:00:00+00:00 /authors/sato/ 2022-02-03T00:00:00+00:00 /authors/felgenhauer/ 2022-02-02T00:00:00+00:00 /entries/FO_Theory_Rewriting.html 2022-02-02T00:00:00+00:00 /dependencies/fol-fitting/ 2022-02-02T00:00:00+00:00 /entries/FOL_Seq_Calc2.html 2022-01-31T00:00:00+00:00 /dependencies/fol_seq_calc1/ 2022-01-31T00:00:00+00:00 /authors/jacobsen/ 2022-01-31T00:00:00+00:00 /entries/Youngs_Inequality.html 2022-01-31T00:00:00+00:00 /entries/Interpolation_Polynomials_HOL_Algebra.html 2022-01-29T00:00:00+00:00 /entries/Median_Method.html 2022-01-25T00:00:00+00:00 /entries/Actuarial_Mathematics.html 2022-01-23T00:00:00+00:00 /authors/ito/ 2022-01-23T00:00:00+00:00 /entries/Irrationals_From_THEBOOK.html 2022-01-08T00:00:00+00:00 /entries/Knights_Tour.html 2022-01-04T00:00:00+00:00 /authors/koller/ 2022-01-04T00:00:00+00:00 /entries/Hyperdual.html 2021-12-31T00:00:00+00:00 /authors/smola/ 2021-12-31T00:00:00+00:00 /entries/Gale_Shapley.html 2021-12-29T00:00:00+00:00 /dependencies/ergodic_theory/ 2021-12-28T00:00:00+00:00 /dependencies/girth_chromatic/ 2021-12-28T00:00:00+00:00 /dependencies/random_graph_subgraph_threshold/ 2021-12-28T00:00:00+00:00 /entries/Roth_Arithmetic_Progressions.html 2021-12-28T00:00:00+00:00 /dependencies/szemeredi_regularity/ 2021-12-28T00:00:00+00:00 /authors/abdulaziz/ 2021-12-16T00:00:00+00:00 /dependencies/gauss_jordan/ 2021-12-16T00:00:00+00:00 /entries/MDP-Rewards.html 2021-12-16T00:00:00+00:00 /dependencies/mdp-rewards/ 2021-12-16T00:00:00+00:00 /authors/schaeffeler/ 2021-12-16T00:00:00+00:00 /entries/MDP-Algorithms.html 2021-12-16T00:00:00+00:00 /dependencies/knuth_bendix_order/ 2021-12-15T00:00:00+00:00 /entries/Regular_Tree_Relations.html 2021-12-15T00:00:00+00:00 /authors/sternagel/ 2021-12-15T00:00:00+00:00 /authors/sternagelt/ 2021-12-15T00:00:00+00:00 /authors/aransay/ 2021-11-29T00:00:00+00:00 /authors/campo/ 2021-11-29T00:00:00+00:00 /dependencies/jordan_normal_form/ 2021-11-29T00:00:00+00:00 /authors/michaelis/ 2021-11-29T00:00:00+00:00 /dependencies/robdd/ 2021-11-29T00:00:00+00:00 /dependencies/sepref_prereq/ 2021-11-29T00:00:00+00:00 /entries/Simplicial_complexes_and_boolean_functions.html 2021-11-29T00:00:00+00:00 /dependencies/automatic_refinement/ 2021-11-23T00:00:00+00:00 /authors/lammich/ 2021-11-23T00:00:00+00:00 /entries/Van_Emde_Boas_Trees.html 2021-11-23T00:00:00+00:00 /entries/Foundation_of_geometry.html 2021-11-22T00:00:00+00:00 /authors/iwama/ 2021-11-22T00:00:00+00:00 /authors/cousin/ 2021-11-19T00:00:00+00:00 /authors/guiol/ 2021-11-19T00:00:00+00:00 /entries/Hahn_Jordan_Decomposition.html 2021-11-19T00:00:00+00:00 /dependencies/algebraic_numbers/ 2021-11-08T00:00:00+00:00 /entries/PAL.html 2021-11-08T00:00:00+00:00 /authors/benzmueller/ 2021-11-08T00:00:00+00:00 /entries/SimplifiedOntologicalArgument.html 2021-11-08T00:00:00+00:00 /entries/Factor_Algebraic_Polynomial.html 2021-11-08T00:00:00+00:00 /dependencies/hermite_lindemann/ 2021-11-08T00:00:00+00:00 /dependencies/polynomials/ 2021-11-08T00:00:00+00:00 /entries/Real_Power.html 2021-11-08T00:00:00+00:00 /authors/reiche/ 2021-11-08T00:00:00+00:00 /entries/Szemeredi_Regularity.html 2021-11-05T00:00:00+00:00 /dependencies/complex_bounded_operators/ 2021-10-28T00:00:00+00:00 /entries/Registers.html 2021-10-28T00:00:00+00:00 /authors/unruh/ 2021-10-28T00:00:00+00:00 /entries/Belief_Revision.html 2021-10-19T00:00:00+00:00 /authors/boulanger/ 2021-10-19T00:00:00+00:00 /authors/fouillard/ 2021-10-19T00:00:00+00:00 /authors/sabouret/ 2021-10-19T00:00:00+00:00 /authors/taha/ 2021-10-19T00:00:00+00:00 /authors/bharadwaj/ 2021-10-13T00:00:00+00:00 /authors/bockenek/ 2021-10-13T00:00:00+00:00 /authors/ravindran/ 2021-10-13T00:00:00+00:00 /authors/roessle/ 2021-10-13T00:00:00+00:00 /authors/verbeek/ 2021-10-13T00:00:00+00:00 /authors/weerwag/ 2021-10-13T00:00:00+00:00 /dependencies/word_lib/ 2021-10-13T00:00:00+00:00 /entries/X86_Semantics.html 2021-10-13T00:00:00+00:00 /entries/Correctness_Algebras.html 2021-10-12T00:00:00+00:00 /authors/guttmann/ 2021-10-12T00:00:00+00:00 /dependencies/monobooltranalgebra/ 2021-10-12T00:00:00+00:00 /dependencies/stone_kleene_relation_algebras/ 2021-10-12T00:00:00+00:00 /dependencies/subset_boolean_algebras/ 2021-10-12T00:00:00+00:00 /authors/cordwell/ 2021-10-02T00:00:00+00:00 /authors/mitsch/ 2021-10-02T00:00:00+00:00 /authors/platzer/ 2021-10-02T00:00:00+00:00 /authors/scharager/ 2021-10-02T00:00:00+00:00 /entries/Virtual_Substitution.html 2021-10-02T00:00:00+00:00 /entries/FOL_Axiomatic.html 2021-09-24T00:00:00+00:00 /dependencies/banach_steinhaus/ 2021-09-18T00:00:00+00:00 /authors/caballero/ 2021-09-18T00:00:00+00:00 /entries/Complex_Bounded_Operators.html 2021-09-18T00:00:00+00:00 /dependencies/real_impl/ 2021-09-18T00:00:00+00:00 /entries/Weighted_Path_Order.html 2021-09-16T00:00:00+00:00 /authors/yamada/ 2021-09-16T00:00:00+00:00 /entries/CZH_Foundations.html 2021-09-06T00:00:00+00:00 /entries/CZH_Elementary_Categories.html 2021-09-06T00:00:00+00:00 /entries/CZH_Universal_Constructions.html 2021-09-06T00:00:00+00:00 /entries/Conditional_Simplification.html 2021-09-06T00:00:00+00:00 /entries/Conditional_Transfer_Rule.html 2021-09-06T00:00:00+00:00 /dependencies/conditional_simplification/ 2021-09-06T00:00:00+00:00 /dependencies/conditional_transfer_rule/ 2021-09-06T00:00:00+00:00 /dependencies/czh_elementary_categories/ 2021-09-06T00:00:00+00:00 /dependencies/czh_foundations/ 2021-09-06T00:00:00+00:00 /entries/Types_To_Sets_Extension.html 2021-09-06T00:00:00+00:00 /entries/Intro_Dest_Elim.html 2021-09-06T00:00:00+00:00 /dependencies/intro_dest_elim/ 2021-09-06T00:00:00+00:00 /authors/milehins/ 2021-09-06T00:00:00+00:00 /dependencies/speccheck/ 2021-09-06T00:00:00+00:00 /entries/Dominance_CHK.html 2021-09-05T00:00:00+00:00 /authors/jiang/ 2021-09-05T00:00:00+00:00 /dependencies/jinja/ 2021-09-05T00:00:00+00:00 /dependencies/complex_geometry/ 2021-09-03T00:00:00+00:00 /dependencies/factor_algebraic_polynomial/ 2021-09-03T00:00:00+00:00 /entries/Cubic_Quartic_Equations.html 2021-09-03T00:00:00+00:00 /entries/Logging_Independent_Anonymity.html 2021-08-26T00:00:00+00:00 /dependencies/budan_fourier/ 2021-08-21T00:00:00+00:00 /authors/li/ 2021-08-21T00:00:00+00:00 /dependencies/polynomial_interpolation/ 2021-08-21T00:00:00+00:00 /entries/Three_Circles.html 2021-08-21T00:00:00+00:00 /authors/thomson/ 2021-08-21T00:00:00+00:00 /authors/bauereiss/ 2021-08-16T00:00:00+00:00 /dependencies/bd_security_compositional/ 2021-08-16T00:00:00+00:00 /dependencies/bounded_deducibility_security/ 2021-08-16T00:00:00+00:00 /entries/CoCon.html 2021-08-16T00:00:00+00:00 /entries/BD_Security_Compositional.html 2021-08-16T00:00:00+00:00 /entries/CoSMed.html 2021-08-16T00:00:00+00:00 /entries/CoSMeDis.html 2021-08-16T00:00:00+00:00 /entries/Fresh_Identifiers.html 2021-08-16T00:00:00+00:00 /dependencies/fresh_identifiers/ 2021-08-16T00:00:00+00:00 /authors/popescu/ 2021-08-16T00:00:00+00:00 /dependencies/card_partitions/ 2021-08-13T00:00:00+00:00 /entries/Design_Theory.html 2021-08-13T00:00:00+00:00 /dependencies/graph_theory/ 2021-08-13T00:00:00+00:00 /dependencies/nested_multisets_ordinals/ 2021-08-13T00:00:00+00:00 /entries/Relational_Forests.html 2021-08-03T00:00:00+00:00 /authors/palmer/ 2021-07-27T00:00:00+00:00 /authors/schmoetten/ 2021-07-27T00:00:00+00:00 /entries/Schutz_Spacetime.html 2021-07-27T00:00:00+00:00 /entries/Finitely_Generated_Abelian_Groups.html 2021-07-07T00:00:00+00:00 /authors/thommes/ 2021-07-07T00:00:00+00:00 /authors/bulwahn/ 2021-07-01T00:00:00+00:00 /authors/kappelmann/ 2021-07-01T00:00:00+00:00 /entries/SpecCheck.html 2021-07-01T00:00:00+00:00 /authors/willenbrink/ 2021-07-01T00:00:00+00:00 /entries/Van_der_Waerden.html 2021-06-22T00:00:00+00:00 /entries/MiniSail.html 2021-06-18T00:00:00+00:00 /dependencies/nominal2/ 2021-06-18T00:00:00+00:00 /dependencies/show/ 2021-06-18T00:00:00+00:00 /authors/wassell/ 2021-06-18T00:00:00+00:00 /entries/Public_Announcement_Logic.html 2021-06-17T00:00:00+00:00 /entries/IMP_Compiler.html 2021-06-04T00:00:00+00:00 /entries/Combinatorics_Words.html 2021-05-24T00:00:00+00:00 /dependencies/combinatorics_words/ 2021-05-24T00:00:00+00:00 /entries/Combinatorics_Words_Graph_Lemma.html 2021-05-24T00:00:00+00:00 /authors/holub/ 2021-05-24T00:00:00+00:00 /entries/Combinatorics_Words_Lyndon.html 2021-05-24T00:00:00+00:00 /authors/raska/ 2021-05-24T00:00:00+00:00 /authors/starosta/ 2021-05-24T00:00:00+00:00 /dependencies/szpilrajn/ 2021-05-24T00:00:00+00:00 /dependencies/jinjadci/ 2021-04-30T00:00:00+00:00 /authors/mansky/ 2021-04-30T00:00:00+00:00 /entries/Regression_Test_Selection.html 2021-04-30T00:00:00+00:00 /entries/Metalogic_ProofChecker.html 2021-04-27T00:00:00+00:00 /authors/kadzioka/ 2021-04-27T00:00:00+00:00 /entries/Lifting_the_Exponent.html 2021-04-27T00:00:00+00:00 /authors/rosskopf/ 2021-04-27T00:00:00+00:00 /dependencies/sturm_tarski/ 2021-04-24T00:00:00+00:00 /authors/tan/ 2021-04-24T00:00:00+00:00 /entries/BenOr_Kozen_Reif.html 2021-04-24T00:00:00+00:00 /entries/GaleStewart_Games.html 2021-04-23T00:00:00+00:00 /authors/joosten/ 2021-04-23T00:00:00+00:00 /dependencies/parity_game/ 2021-04-23T00:00:00+00:00 /authors/brun/ 2021-04-13T00:00:00+00:00 /authors/decova/ 2021-04-13T00:00:00+00:00 /entries/Progress_Tracking.html 2021-04-13T00:00:00+00:00 /authors/lattuada/ 2021-04-13T00:00:00+00:00 /entries/IFC_Tracking.html 2021-04-01T00:00:00+00:00 /authors/nordhoff/ 2021-04-01T00:00:00+00:00 /authors/bordg/ 2021-03-29T00:00:00+00:00 /entries/Grothendieck_Schemes.html 2021-03-29T00:00:00+00:00 /entries/Padic_Ints.html 2021-03-23T00:00:00+00:00 /entries/Constructive_Cryptography_CM.html 2021-03-17T00:00:00+00:00 /dependencies/constructive_cryptography/ 2021-03-17T00:00:00+00:00 /dependencies/game_based_crypto/ 2021-03-17T00:00:00+00:00 /authors/lochbihler/ 2021-03-17T00:00:00+00:00 /authors/sefidgar/ 2021-03-17T00:00:00+00:00 /dependencies/sigma_commit_crypto/ 2021-03-17T00:00:00+00:00 /authors/bottesch/ 2021-03-12T00:00:00+00:00 /authors/divason/ 2021-03-12T00:00:00+00:00 /dependencies/hermite/ 2021-03-12T00:00:00+00:00 /dependencies/lll_basis_reduction/ 2021-03-12T00:00:00+00:00 /dependencies/smith_normal_form/ 2021-03-12T00:00:00+00:00 /entries/Modular_arithmetic_LLL_and_HNF_algorithms.html 2021-03-12T00:00:00+00:00 /dependencies/isabelle_marries_dirac/ 2021-03-03T00:00:00+00:00 /dependencies/pi_transcendental/ 2021-03-03T00:00:00+00:00 /dependencies/power_sum_polynomials/ 2021-03-03T00:00:00+00:00 /dependencies/qhlprover/ 2021-03-03T00:00:00+00:00 /entries/Projective_Measurements.html 2021-03-03T00:00:00+00:00 /entries/Hermite_Lindemann.html 2021-03-03T00:00:00+00:00 /authors/blumson/ 2021-03-01T00:00:00+00:00 /entries/Mereology.html 2021-03-01T00:00:00+00:00 /entries/Sunflowers.html 2021-02-25T00:00:00+00:00 /entries/BTree.html 2021-02-24T00:00:00+00:00 /authors/muendler/ 2021-02-24T00:00:00+00:00 /dependencies/refine_imperative_hol/ 2021-02-24T00:00:00+00:00 /entries/Formal_Puiseux_Series.html 2021-02-17T00:00:00+00:00 /entries/Laws_of_Large_Numbers.html 2021-02-10T00:00:00+00:00 /authors/coghetto/ 2021-01-31T00:00:00+00:00 /entries/IsaGeoCoq.html 2021-01-31T00:00:00+00:00 /entries/Blue_Eyes.html 2021-01-30T00:00:00+00:00 /entries/Hood_Melville_Queue.html 2021-01-18T00:00:00+00:00 /authors/londono/ 2021-01-18T00:00:00+00:00 /entries/JinjaDCI.html 2021-01-11T00:00:00+00:00 /entries/Delta_System_Lemma.html 2020-12-27T00:00:00+00:00 /authors/fuenmayor/ 2020-12-17T00:00:00+00:00 /entries/Topological_Semantics.html 2020-12-17T00:00:00+00:00 /dependencies/aggregation_algebras/ 2020-12-08T00:00:00+00:00 /authors/brien/ 2020-12-08T00:00:00+00:00 /entries/Relational_Minimum_Spanning_Trees.html 2020-12-08T00:00:00+00:00 /dependencies/relational_disjoint_set_forests/ 2020-12-08T00:00:00+00:00 /authors/desharnais/ 2020-12-07T00:00:00+00:00 /entries/Interpreter_Optimizations.html 2020-12-07T00:00:00+00:00 /dependencies/vericomp/ 2020-12-07T00:00:00+00:00 /entries/Relational_Method.html 2020-12-05T00:00:00+00:00 /authors/he/ 2020-11-22T00:00:00+00:00 /entries/Isabelle_Marries_Dirac.html 2020-11-22T00:00:00+00:00 /authors/lachnitt/ 2020-11-22T00:00:00+00:00 /dependencies/matrix_tensor/ 2020-11-22T00:00:00+00:00 /dependencies/vectorspace/ 2020-11-22T00:00:00+00:00 /dependencies/hol-csp/ 2020-11-19T00:00:00+00:00 /entries/CSP_RefTK.html 2020-11-19T00:00:00+00:00 /authors/wolff/ 2020-11-19T00:00:00+00:00 /authors/ye/ 2020-11-19T00:00:00+00:00 /entries/AI_Planning_Languages_Semantics.html 2020-10-29T00:00:00+00:00 /dependencies/ai_planning_languages_semantics/ 2020-10-29T00:00:00+00:00 /dependencies/certification_monads/ 2020-10-29T00:00:00+00:00 /authors/kurz/ 2020-10-29T00:00:00+00:00 /dependencies/propositional_proof_systems/ 2020-10-29T00:00:00+00:00 /entries/Verified_SAT_Based_AI_Planning.html 2020-10-29T00:00:00+00:00 /entries/Physical_Quantities.html 2020-10-20T00:00:00+00:00 /authors/fosters/ 2020-10-20T00:00:00+00:00 /authors/diaz/ 2020-10-12T00:00:00+00:00 /entries/Finite-Map-Extras.html 2020-10-12T00:00:00+00:00 /entries/Shadow_DOM.html 2020-09-28T00:00:00+00:00 /entries/Shadow_SC_DOM.html 2020-09-28T00:00:00+00:00 /entries/SC_DOM_Components.html 2020-09-28T00:00:00+00:00 /entries/DOM_Components.html 2020-09-28T00:00:00+00:00 /dependencies/core_dom/ 2020-09-28T00:00:00+00:00 /dependencies/core_sc_dom/ 2020-09-28T00:00:00+00:00 /authors/herzberg/ 2020-09-28T00:00:00+00:00 /dependencies/shadow_dom/ 2020-09-28T00:00:00+00:00 /dependencies/shadow_sc_dom/ 2020-09-28T00:00:00+00:00 /entries/Core_SC_DOM.html 2020-09-28T00:00:00+00:00 /entries/Goedel_Incompleteness.html 2020-09-16T00:00:00+00:00 /entries/Goedel_HFSet_Semantic.html 2020-09-16T00:00:00+00:00 /entries/Goedel_HFSet_Semanticless.html 2020-09-16T00:00:00+00:00 /dependencies/goedel_incompleteness/ 2020-09-16T00:00:00+00:00 /dependencies/hereditarilyfinite/ 2020-09-16T00:00:00+00:00 /dependencies/incompleteness/ 2020-09-16T00:00:00+00:00 /entries/Robinson_Arithmetic.html 2020-09-16T00:00:00+00:00 /entries/Syntax_Independent_Logic.html 2020-09-16T00:00:00+00:00 /dependencies/syntax_independent_logic/ 2020-09-16T00:00:00+00:00 /entries/Extended_Finite_State_Machines.html 2020-09-07T00:00:00+00:00 /authors/derrick/ 2020-09-07T00:00:00+00:00 /dependencies/extended_finite_state_machines/ 2020-09-07T00:00:00+00:00 /dependencies/finfun/ 2020-09-07T00:00:00+00:00 /authors/foster/ 2020-09-07T00:00:00+00:00 /entries/Extended_Finite_State_Machine_Inference.html 2020-09-07T00:00:00+00:00 /authors/taylor/ 2020-09-07T00:00:00+00:00 /authors/balbach/ 2020-08-31T00:00:00+00:00 /authors/fleury/ 2020-08-31T00:00:00+00:00 /authors/kaufmann/ 2020-08-31T00:00:00+00:00 /entries/PAC_Checker.html 2020-08-31T00:00:00+00:00 /dependencies/sepref_iicf/ 2020-08-31T00:00:00+00:00 /entries/Inductive_Inference.html 2020-08-31T00:00:00+00:00 /entries/Relational_Disjoint_Set_Forests.html 2020-08-26T00:00:00+00:00 /authors/blanchette/ 2020-08-25T00:00:00+00:00 /entries/Saturation_Framework_Extensions.html 2020-08-25T00:00:00+00:00 /dependencies/first_order_terms/ 2020-08-25T00:00:00+00:00 /authors/gammie/ 2020-08-25T00:00:00+00:00 /dependencies/holcf-prelude/ 2020-08-25T00:00:00+00:00 /dependencies/ordered_resolution_prover/ 2020-08-25T00:00:00+00:00 /entries/BirdKMP.html 2020-08-25T00:00:00+00:00 /dependencies/saturation_framework/ 2020-08-25T00:00:00+00:00 /authors/tourret/ 2020-08-25T00:00:00+00:00 /dependencies/well_quasi_orders/ 2020-08-25T00:00:00+00:00 /entries/Amicable_Numbers.html 2020-08-04T00:00:00+00:00 /dependencies/pratt_certificate/ 2020-08-04T00:00:00+00:00 /dependencies/nash_williams/ 2020-08-03T00:00:00+00:00 /entries/Ordinal_Partitions.html 2020-08-03T00:00:00+00:00 /entries/Chandy_Lamport.html 2020-07-21T00:00:00+00:00 /authors/fiedler/ 2020-07-21T00:00:00+00:00 /authors/hoefner/ 2020-07-13T00:00:00+00:00 /dependencies/relation_algebra/ 2020-07-13T00:00:00+00:00 /entries/Relational_Paths.html 2020-07-13T00:00:00+00:00 /entries/Safe_Distance.html 2020-06-01T00:00:00+00:00 /authors/immler/ 2020-06-01T00:00:00+00:00 /authors/rizaldi/ 2020-06-01T00:00:00+00:00 /dependencies/sturm_sequences/ 2020-06-01T00:00:00+00:00 /entries/Smith_Normal_Form.html 2020-05-23T00:00:00+00:00 /dependencies/perron_frobenius/ 2020-05-23T00:00:00+00:00 /entries/Nash_Williams.html 2020-05-16T00:00:00+00:00 /entries/Knuth_Bendix_Order.html 2020-05-13T00:00:00+00:00 /dependencies/matrix/ 2020-05-13T00:00:00+00:00 /entries/Irrational_Series_Erdos_Straus.html 2020-05-12T00:00:00+00:00 /dependencies/prime_distribution_elementary/ 2020-05-12T00:00:00+00:00 /dependencies/prime_number_theorem/ 2020-05-12T00:00:00+00:00 /authors/dunaev/ 2020-05-11T00:00:00+00:00 /entries/Recursion-Addition.html 2020-05-11T00:00:00+00:00 /entries/LTL_Normal_Form.html 2020-05-08T00:00:00+00:00 /dependencies/ltl/ 2020-05-08T00:00:00+00:00 /dependencies/ltl_master_theorem/ 2020-05-08T00:00:00+00:00 /authors/sickert/ 2020-05-08T00:00:00+00:00 /entries/Forcing.html 2020-05-06T00:00:00+00:00 /entries/Banach_Steinhaus.html 2020-05-02T00:00:00+00:00 /entries/Attack_Trees.html 2020-04-27T00:00:00+00:00 /authors/kammueller/ 2020-04-27T00:00:00+00:00 /entries/Gaussian_Integers.html 2020-04-24T00:00:00+00:00 /entries/Power_Sum_Polynomials.html 2020-04-24T00:00:00+00:00 /dependencies/symmetric_polynomials/ 2020-04-24T00:00:00+00:00 /entries/Lambert_W.html 2020-04-24T00:00:00+00:00 /dependencies/hybrid_systems_vcs/ 2020-04-19T00:00:00+00:00 /entries/Matrices_for_ODEs.html 2020-04-19T00:00:00+00:00 /authors/munive/ 2020-04-19T00:00:00+00:00 /entries/ADS_Functor.html 2020-04-16T00:00:00+00:00 /authors/maric/ 2020-04-16T00:00:00+00:00 /entries/Sliding_Window_Algorithm.html 2020-04-10T00:00:00+00:00 /authors/heimes/ 2020-04-10T00:00:00+00:00 /authors/schneider/ 2020-04-10T00:00:00+00:00 /entries/Saturation_Framework.html 2020-04-09T00:00:00+00:00 /entries/MFODL_Monitor_Optimized.html 2020-04-09T00:00:00+00:00 /dependencies/generic_join/ 2020-04-09T00:00:00+00:00 /dependencies/ieee_floating_point/ 2020-04-09T00:00:00+00:00 /dependencies/lambda_free_rpos/ 2020-04-09T00:00:00+00:00 /dependencies/mfotl_monitor/ 2020-04-09T00:00:00+00:00 /entries/Automated_Stateful_Protocol_Verification.html 2020-04-08T00:00:00+00:00 /authors/hess/ 2020-04-08T00:00:00+00:00 /authors/moedersheim/ 2020-04-08T00:00:00+00:00 /authors/schlichtkrull/ 2020-04-08T00:00:00+00:00 /entries/Stateful_Protocol_Composition_and_Typing.html 2020-04-08T00:00:00+00:00 /dependencies/stateful_protocol_composition_and_typing/ 2020-04-08T00:00:00+00:00 /entries/Lucas_Theorem.html 2020-04-07T00:00:00+00:00 /authors/gonzalez/ 2020-03-25T00:00:00+00:00 /entries/WOOT_Strong_Eventual_Consistency.html 2020-03-25T00:00:00+00:00 /entries/Furstenberg_Topology.html 2020-03-22T00:00:00+00:00 /entries/Relational-Incorrectness-Logic.html 2020-03-12T00:00:00+00:00 /authors/murray/ 2020-03-12T00:00:00+00:00 /authors/diekmann/ 2020-03-07T00:00:00+00:00 /entries/Hello_World.html 2020-03-07T00:00:00+00:00 /authors/hupel/ 2020-03-07T00:00:00+00:00 /entries/Goodstein_Lambda.html 2020-02-21T00:00:00+00:00 /entries/VeriComp.html 2020-02-10T00:00:00+00:00 /entries/Arith_Prog_Rel_Primes.html 2020-02-01T00:00:00+00:00 /entries/Subset_Boolean_Algebras.html 2020-01-31T00:00:00+00:00 /authors/moeller/ 2020-01-31T00:00:00+00:00 /dependencies/stone_algebras/ 2020-01-31T00:00:00+00:00 /entries/Mersenne_Primes.html 2020-01-17T00:00:00+00:00 /dependencies/pell/ 2020-01-17T00:00:00+00:00 /dependencies/probabilistic_prime_tests/ 2020-01-17T00:00:00+00:00 /authors/essmann/ 2020-01-16T00:00:00+00:00 /authors/robillard/ 2020-01-16T00:00:00+00:00 /entries/Approximation_Algorithms.html 2020-01-16T00:00:00+00:00 /dependencies/akra_bazzi/ 2020-01-13T00:00:00+00:00 /entries/Closest_Pair_Points.html 2020-01-13T00:00:00+00:00 /authors/rau/ 2020-01-13T00:00:00+00:00 /dependencies/root_balanced_tree/ 2020-01-13T00:00:00+00:00 /authors/haslbeck/ 2020-01-09T00:00:00+00:00 /dependencies/monad_normalisation/ 2020-01-09T00:00:00+00:00 /entries/Skip_Lists.html 2020-01-09T00:00:00+00:00 /entries/Bicategory.html 2020-01-06T00:00:00+00:00 /dependencies/monoidalcategory/ 2020-01-06T00:00:00+00:00 /dependencies/e_transcendental/ 2019-12-27T00:00:00+00:00 /entries/Zeta_3_Irrational.html 2019-12-27T00:00:00+00:00 /entries/Hybrid_Logic.html 2019-12-20T00:00:00+00:00 /dependencies/hol-ode-numerics/ 2019-12-18T00:00:00+00:00 /entries/Poincare_Bendixson.html 2019-12-18T00:00:00+00:00 /authors/boutry/ 2019-12-16T00:00:00+00:00 /entries/Complex_Geometry.html 2019-12-16T00:00:00+00:00 /authors/maricf/ 2019-12-16T00:00:00+00:00 /entries/Poincare_Disc.html 2019-12-16T00:00:00+00:00 /authors/simic/ 2019-12-16T00:00:00+00:00 /dependencies/dirichlet_l/ 2019-12-10T00:00:00+00:00 /entries/Gauss_Sums.html 2019-12-10T00:00:00+00:00 /authors/raya/ 2019-12-10T00:00:00+00:00 /entries/Generalized_Counting_Sort.html 2019-12-04T00:00:00+00:00 /authors/bohrer/ 2019-11-27T00:00:00+00:00 /entries/Interval_Arithmetic_Word32.html 2019-11-27T00:00:00+00:00 /entries/ZFC_in_HOL.html 2019-10-24T00:00:00+00:00 /entries/Isabelle_C.html 2019-10-22T00:00:00+00:00 /authors/tuong/ 2019-10-22T00:00:00+00:00 /entries/VerifyThis2019.html 2019-10-16T00:00:00+00:00 /authors/wimmer/ 2019-10-16T00:00:00+00:00 /entries/Aristotles_Assertoric_Syllogistic.html 2019-10-08T00:00:00+00:00 /authors/butler/ 2019-10-07T00:00:00+00:00 /dependencies/crypthol/ 2019-10-07T00:00:00+00:00 /entries/Sigma_Commit_Crypto.html 2019-10-07T00:00:00+00:00 /entries/Clean.html 2019-10-04T00:00:00+00:00 /entries/Generic_Join.html 2019-09-16T00:00:00+00:00 /dependencies/kad/ 2019-09-10T00:00:00+00:00 /dependencies/kat_and_dra/ 2019-09-10T00:00:00+00:00 /dependencies/ordinary_differential_equations/ 2019-09-10T00:00:00+00:00 /dependencies/transformer_semantics/ 2019-09-10T00:00:00+00:00 /entries/Hybrid_Systems_VCs.html 2019-09-10T00:00:00+00:00 /entries/Fourier.html 2019-09-06T00:00:00+00:00 /entries/Jacobson_Basic_Algebra.html 2019-08-30T00:00:00+00:00 /authors/ballarin/ 2019-08-30T00:00:00+00:00 /entries/Adaptive_State_Counting.html 2019-08-16T00:00:00+00:00 /dependencies/transition_systems_and_automata/ 2019-08-16T00:00:00+00:00 /entries/Laplace_Transform.html 2019-08-14T00:00:00+00:00 /authors/buyse/ 2019-08-06T00:00:00+00:00 /entries/C2KA_DistributedSystems.html 2019-08-06T00:00:00+00:00 /dependencies/farkas/ 2019-08-06T00:00:00+00:00 /authors/jaskolka/ 2019-08-06T00:00:00+00:00 /authors/kaliszyk/ 2019-08-06T00:00:00+00:00 /entries/Linear_Programming.html 2019-08-06T00:00:00+00:00 /authors/parsert/ 2019-08-06T00:00:00+00:00 /entries/IMO2019.html 2019-08-05T00:00:00+00:00 /authors/losa/ 2019-08-01T00:00:00+00:00 /entries/Stellar_Quorums.html 2019-08-01T00:00:00+00:00 /entries/TESL_Language.html 2019-07-30T00:00:00+00:00 /authors/van/ 2019-07-30T00:00:00+00:00 /entries/Szpilrajn.html 2019-07-27T00:00:00+00:00 /authors/stevens/ 2019-07-27T00:00:00+00:00 /authors/zeller/ 2019-07-27T00:00:00+00:00 /entries/FOL_Seq_Calc1.html 2019-07-18T00:00:00+00:00 /entries/CakeML_Codegen.html 2019-07-08T00:00:00+00:00 /dependencies/cakeml/ 2019-07-08T00:00:00+00:00 /dependencies/constructor_funs/ 2019-07-08T00:00:00+00:00 /dependencies/dict_construction/ 2019-07-08T00:00:00+00:00 /dependencies/higher_order_terms/ 2019-07-08T00:00:00+00:00 /dependencies/huffman/ 2019-07-08T00:00:00+00:00 /dependencies/pairing_heap/ 2019-07-08T00:00:00+00:00 /entries/MFOTL_Monitor.html 2019-07-04T00:00:00+00:00 /entries/Complete_Non_Orders.html 2019-06-27T00:00:00+00:00 /authors/dubut/ 2019-06-27T00:00:00+00:00 /entries/Priority_Search_Trees.html 2019-06-25T00:00:00+00:00 /dependencies/priority_search_trees/ 2019-06-25T00:00:00+00:00 /entries/Prim_Dijkstra_Simple.html 2019-06-25T00:00:00+00:00 /entries/Linear_Inequalities.html 2019-06-21T00:00:00+00:00 /authors/reynaud/ 2019-06-21T00:00:00+00:00 /entries/Nullstellensatz.html 2019-06-16T00:00:00+00:00 /authors/maletzky/ 2019-06-16T00:00:00+00:00 /entries/Groebner_Macaulay.html 2019-06-15T00:00:00+00:00 /entries/IMP2_Binary_Heap.html 2019-06-13T00:00:00+00:00 /authors/griebel/ 2019-06-13T00:00:00+00:00 /dependencies/imp2/ 2019-06-13T00:00:00+00:00 /entries/Differential_Game_Logic.html 2019-06-03T00:00:00+00:00 /dependencies/median_of_medians_selection/ 2019-05-30T00:00:00+00:00 /entries/KD_Tree.html 2019-05-30T00:00:00+00:00 /entries/LambdaAuth.html 2019-05-14T00:00:00+00:00 /authors/aspinall/ 2019-05-09T00:00:00+00:00 /entries/Multi_Party_Computation.html 2019-05-09T00:00:00+00:00 /entries/HOL-CSP.html 2019-04-26T00:00:00+00:00 /entries/LTL_Master_Theorem.html 2019-04-16T00:00:00+00:00 /authors/seidl/ 2019-04-16T00:00:00+00:00 /entries/Binding_Syntax_Theory.html 2019-04-06T00:00:00+00:00 /authors/gheri/ 2019-04-06T00:00:00+00:00 /entries/Transcendence_Series_Hancl_Rucki.html 2019-03-27T00:00:00+00:00 /dependencies/deep_learning/ 2019-03-24T00:00:00+00:00 /authors/liu/ 2019-03-24T00:00:00+00:00 /authors/liut/ 2019-03-24T00:00:00+00:00 /authors/liy/ 2019-03-24T00:00:00+00:00 /entries/QHLProver.html 2019-03-24T00:00:00+00:00 /authors/wang/ 2019-03-24T00:00:00+00:00 /authors/ying/ 2019-03-24T00:00:00+00:00 /authors/yingm/ 2019-03-24T00:00:00+00:00 /authors/zhan/ 2019-03-24T00:00:00+00:00 /authors/zhann/ 2019-03-24T00:00:00+00:00 /authors/nikiforov/ 2019-03-09T00:00:00+00:00 /entries/Safe_OCL.html 2019-03-09T00:00:00+00:00 /entries/Prime_Distribution_Elementary.html 2019-02-21T00:00:00+00:00 /dependencies/zeta_function/ 2019-02-21T00:00:00+00:00 /authors/biendarra/ 2019-02-14T00:00:00+00:00 /authors/haslbeckm/ 2019-02-14T00:00:00+00:00 /entries/Kruskal.html 2019-02-14T00:00:00+00:00 /dependencies/matroids/ 2019-02-14T00:00:00+00:00 /dependencies/refine_monadic/ 2019-02-14T00:00:00+00:00 /entries/Probabilistic_Prime_Tests.html 2019-02-11T00:00:00+00:00 /authors/stuewe/ 2019-02-11T00:00:00+00:00 /entries/Universal_Turing_Machine.html 2019-02-08T00:00:00+00:00 /authors/urban/ 2019-02-08T00:00:00+00:00 /authors/xu/ 2019-02-08T00:00:00+00:00 /authors/zhangx/ 2019-02-08T00:00:00+00:00 /entries/UTP.html 2019-02-01T00:00:00+00:00 /authors/nemouchi/ 2019-02-01T00:00:00+00:00 /dependencies/optics/ 2019-02-01T00:00:00+00:00 /authors/ribeiro/ 2019-02-01T00:00:00+00:00 /entries/List_Inversions.html 2019-02-01T00:00:00+00:00 /dependencies/utp-toolkit/ 2019-02-01T00:00:00+00:00 /authors/zeyda/ 2019-02-01T00:00:00+00:00 /entries/Farkas.html 2019-01-17T00:00:00+00:00 /dependencies/simplex/ 2019-01-17T00:00:00+00:00 /entries/Higher_Order_Terms.html 2019-01-15T00:00:00+00:00 /entries/IMP2.html 2019-01-15T00:00:00+00:00 /entries/Store_Buffer_Reduction.html 2019-01-07T00:00:00+00:00 /authors/cohen/ 2019-01-07T00:00:00+00:00 /authors/schirmer/ 2019-01-07T00:00:00+00:00 /entries/Core_DOM.html 2018-12-26T00:00:00+00:00 /entries/Concurrent_Revisions.html 2018-12-25T00:00:00+00:00 /authors/overbeek/ 2018-12-25T00:00:00+00:00 /dependencies/auto2_hol/ 2018-12-21T00:00:00+00:00 /entries/Auto2_Imperative_HOL.html 2018-12-21T00:00:00+00:00 /entries/Constructive_Cryptography.html 2018-12-17T00:00:00+00:00 /dependencies/kleene_algebra/ 2018-12-11T00:00:00+00:00 /dependencies/order_lattice_props/ 2018-12-11T00:00:00+00:00 /entries/Order_Lattice_Props.html 2018-12-11T00:00:00+00:00 /dependencies/quantales/ 2018-12-11T00:00:00+00:00 /entries/Quantales.html 2018-12-11T00:00:00+00:00 /authors/struth/ 2018-12-11T00:00:00+00:00 /entries/Transformer_Semantics.html 2018-12-11T00:00:00+00:00 /entries/Functional_Ordered_Resolution_Prover.html 2018-11-23T00:00:00+00:00 /entries/Graph_Saturation.html 2018-11-23T00:00:00+00:00 /dependencies/open_induction/ 2018-11-23T00:00:00+00:00 /entries/Auto2_HOL.html 2018-11-20T00:00:00+00:00 /authors/keinholz/ 2018-11-16T00:00:00+00:00 /entries/Matroids.html 2018-11-16T00:00:00+00:00 /entries/Generic_Deriving.html 2018-11-06T00:00:00+00:00 /authors/raedle/ 2018-11-06T00:00:00+00:00 /entries/GewirthPGCProof.html 2018-10-30T00:00:00+00:00 /entries/Epistemic_Logic.html 2018-10-29T00:00:00+00:00 /entries/Smooth_Manifolds.html 2018-10-22T00:00:00+00:00 /authors/bentkamp/ 2018-10-19T00:00:00+00:00 /entries/Lambda_Free_EPO.html 2018-10-19T00:00:00+00:00 /dependencies/random_bsts/ 2018-10-19T00:00:00+00:00 /entries/Randomised_BSTs.html 2018-10-19T00:00:00+00:00 /entries/Factored_Transition_System_Bounding.html 2018-10-12T00:00:00+00:00 /entries/Pi_Transcendental.html 2018-09-28T00:00:00+00:00 /entries/Symmetric_Polynomials.html 2018-09-25T00:00:00+00:00 /entries/Signature_Groebner.html 2018-09-20T00:00:00+00:00 /entries/Prime_Number_Theorem.html 2018-09-19T00:00:00+00:00 /entries/Aggregation_Algebras.html 2018-09-15T00:00:00+00:00 /entries/Octonions.html 2018-09-14T00:00:00+00:00 /entries/Quaternions.html 2018-09-05T00:00:00+00:00 /entries/Budan_Fourier.html 2018-09-02T00:00:00+00:00 /entries/Simplex.html 2018-08-24T00:00:00+00:00 /authors/spasic/ 2018-08-24T00:00:00+00:00 /dependencies/abstract-rewriting/ 2018-08-14T00:00:00+00:00 /entries/Minsky_Machines.html 2018-08-14T00:00:00+00:00 /dependencies/recursion-theory-i/ 2018-08-14T00:00:00+00:00 /entries/DiscretePricing.html 2018-07-16T00:00:00+00:00 /dependencies/first_welfare_theorem/ 2018-07-04T00:00:00+00:00 /entries/Neumann_Morgenstern_Utility.html 2018-07-04T00:00:00+00:00 /entries/Pell.html 2018-06-23T00:00:00+00:00 /entries/Projective_Geometry.html 2018-06-14T00:00:00+00:00 /entries/Localization_Ring.html 2018-06-14T00:00:00+00:00 /authors/brunner/ 2018-06-05T00:00:00+00:00 /dependencies/coinductive/ 2018-06-05T00:00:00+00:00 /entries/Partial_Order_Reduction.html 2018-06-05T00:00:00+00:00 /dependencies/stuttering_equivalence/ 2018-06-05T00:00:00+00:00 /dependencies/monad_memo_dp/ 2018-05-27T00:00:00+00:00 /entries/Optimal_BST.html 2018-05-27T00:00:00+00:00 /authors/somogyi/ 2018-05-27T00:00:00+00:00 /entries/Hidden_Markov_Models.html 2018-05-25T00:00:00+00:00 /dependencies/markov_models/ 2018-05-25T00:00:00+00:00 /authors/hoelzl/ 2018-05-24T00:00:00+00:00 /entries/Probabilistic_Timed_Automata.html 2018-05-24T00:00:00+00:00 /dependencies/timed_automata/ 2018-05-24T00:00:00+00:00 /entries/AxiomaticCategoryTheory.html 2018-05-23T00:00:00+00:00 /entries/Irrationality_J_Hancl.html 2018-05-23T00:00:00+00:00 /authors/scott/ 2018-05-23T00:00:00+00:00 /authors/hu/ 2018-05-22T00:00:00+00:00 /entries/Monad_Memo_DP.html 2018-05-22T00:00:00+00:00 /authors/beresford/ 2018-05-10T00:00:00+00:00 /authors/gomes/ 2018-05-10T00:00:00+00:00 /authors/kleppmann/ 2018-05-10T00:00:00+00:00 /authors/mulligan/ 2018-05-10T00:00:00+00:00 /entries/OpSets.html 2018-05-10T00:00:00+00:00 /entries/Modular_Assembly_Kit_Security.html 2018-05-07T00:00:00+00:00 /authors/bracevac/ 2018-05-07T00:00:00+00:00 /authors/gay/ 2018-05-07T00:00:00+00:00 /authors/grewe/ 2018-05-07T00:00:00+00:00 /authors/mantel/ 2018-05-07T00:00:00+00:00 /authors/sudbrock/ 2018-05-07T00:00:00+00:00 /authors/tasch/ 2018-05-07T00:00:00+00:00 /authors/watt/ 2018-04-29T00:00:00+00:00 /entries/WebAssembly.html 2018-04-29T00:00:00+00:00 /entries/VerifyThis2018.html 2018-04-27T00:00:00+00:00 /entries/BNF_CC.html 2018-04-24T00:00:00+00:00 /authors/brandt/ 2018-03-22T00:00:00+00:00 /dependencies/randomised_social_choice/ 2018-03-22T00:00:00+00:00 /authors/saile/ 2018-03-22T00:00:00+00:00 /authors/stricker/ 2018-03-22T00:00:00+00:00 /entries/Fishburn_Impossibility.html 2018-03-22T00:00:00+00:00 /authors/dirix/ 2018-03-13T00:00:00+00:00 /entries/Weight_Balanced_Trees.html 2018-03-13T00:00:00+00:00 /entries/CakeML.html 2018-03-12T00:00:00+00:00 /dependencies/lem/ 2018-03-12T00:00:00+00:00 /authors/zhang/ 2018-03-12T00:00:00+00:00 /entries/Architectural_Design_Patterns.html 2018-03-01T00:00:00+00:00 /dependencies/dynamicarchitectures/ 2018-03-01T00:00:00+00:00 /entries/Hoare_Time.html 2018-02-26T00:00:00+00:00 /dependencies/separation_algebra/ 2018-02-26T00:00:00+00:00 /entries/LLL_Factorization.html 2018-02-06T00:00:00+00:00 /dependencies/comparison_sort_lower_bound/ 2018-02-06T00:00:00+00:00 /entries/First_Order_Terms.html 2018-02-06T00:00:00+00:00 /dependencies/landau_symbols/ 2018-02-06T00:00:00+00:00 /entries/Error_Function.html 2018-02-06T00:00:00+00:00 /entries/Treaps.html 2018-02-06T00:00:00+00:00 /entries/LLL_Basis_Reduction.html 2018-02-02T00:00:00+00:00 /entries/Ordered_Resolution_Prover.html 2018-01-18T00:00:00+00:00 /authors/waldmann/ 2018-01-18T00:00:00+00:00 /authors/gouezel/ 2018-01-16T00:00:00+00:00 /entries/Gromov_Hyperbolicity.html 2018-01-16T00:00:00+00:00 /entries/Green.html 2018-01-11T00:00:00+00:00 /dependencies/affine_arithmetic/ 2018-01-08T00:00:00+00:00 /entries/Taylor_Models.html 2018-01-08T00:00:00+00:00 /authors/traut/ 2018-01-08T00:00:00+00:00 /dependencies/discrete_summation/ 2017-12-22T00:00:00+00:00 /entries/Falling_Factorial_Sum.html 2017-12-22T00:00:00+00:00 /entries/Dirichlet_L.html 2017-12-21T00:00:00+00:00 /dependencies/finitely_generated_abelian_groups/ 2017-12-21T00:00:00+00:00 /entries/Mason_Stothers.html 2017-12-21T00:00:00+00:00 /entries/Median_Of_Medians_Selection.html 2017-12-21T00:00:00+00:00 /entries/BNF_Operations.html 2017-12-19T00:00:00+00:00 /authors/hellauer/ 2017-12-18T00:00:00+00:00 /entries/Knuth_Morris_Pratt.html 2017-12-18T00:00:00+00:00 /entries/Stochastic_Matrices.html 2017-11-22T00:00:00+00:00 /dependencies/crdt/ 2017-11-09T00:00:00+00:00 /authors/jungnickel/ 2017-11-09T00:00:00+00:00 /authors/loibl/ 2017-11-09T00:00:00+00:00 /authors/oldenburg/ 2017-11-09T00:00:00+00:00 /entries/IMAP-CRDT.html 2017-11-09T00:00:00+00:00 /entries/Hybrid_Multi_Lane_Spatial_Logic.html 2017-11-06T00:00:00+00:00 /authors/linker/ 2017-11-06T00:00:00+00:00 /authors/gioiosa/ 2017-10-26T00:00:00+00:00 /entries/Kuratowski_Closure_Complement.html 2017-10-26T00:00:00+00:00 /entries/Buchi_Complementation.html 2017-10-19T00:00:00+00:00 /dependencies/dfs_framework/ 2017-10-19T00:00:00+00:00 /dependencies/gabow_scc/ 2017-10-19T00:00:00+00:00 /entries/Transition_Systems_and_Automata.html 2017-10-19T00:00:00+00:00 /entries/Count_Complex_Roots.html 2017-10-17T00:00:00+00:00 /entries/Winding_Number_Eval.html 2017-10-17T00:00:00+00:00 /dependencies/winding_number_eval/ 2017-10-17T00:00:00+00:00 /entries/Diophantine_Eqns_Lin_Hom.html 2017-10-14T00:00:00+00:00 /authors/messner/ 2017-10-14T00:00:00+00:00 /authors/schoepf/ 2017-10-14T00:00:00+00:00 /dependencies/count_complex_roots/ 2017-10-12T00:00:00+00:00 /entries/Dirichlet_Series.html 2017-10-12T00:00:00+00:00 /dependencies/euler_maclaurin/ 2017-10-12T00:00:00+00:00 /entries/Linear_Recurrences.html 2017-10-12T00:00:00+00:00 /dependencies/linear_recurrences/ 2017-10-12T00:00:00+00:00 /entries/Zeta_Function.html 2017-10-12T00:00:00+00:00 /entries/Lowe_Ontological_Argument.html 2017-09-21T00:00:00+00:00 /authors/kirchner/ 2017-09-17T00:00:00+00:00 /entries/PLM.html 2017-09-17T00:00:00+00:00 /entries/AnselmGod.html 2017-09-06T00:00:00+00:00 /entries/First_Welfare_Theorem.html 2017-09-01T00:00:00+00:00 /dependencies/amortized_complexity/ 2017-08-20T00:00:00+00:00 /entries/Orbit_Stabiliser.html 2017-08-20T00:00:00+00:00 /entries/Root_Balanced_Tree.html 2017-08-20T00:00:00+00:00 /authors/matache/ 2017-08-16T00:00:00+00:00 /entries/LambdaMu.html 2017-08-16T00:00:00+00:00 /entries/Stewart_Apollonius.html 2017-07-31T00:00:00+00:00 /dependencies/triangle/ 2017-07-31T00:00:00+00:00 /entries/DynamicArchitectures.html 2017-07-28T00:00:00+00:00 /entries/Decl_Sem_Fun_PL.html 2017-07-21T00:00:00+00:00 /authors/siek/ 2017-07-21T00:00:00+00:00 /authors/breitner/ 2017-07-15T00:00:00+00:00 /entries/HOLCF-Prelude.html 2017-07-15T00:00:00+00:00 /authors/huffman/ 2017-07-15T00:00:00+00:00 /authors/mitchell/ 2017-07-15T00:00:00+00:00 /entries/Minkowskis_Theorem.html 2017-07-13T00:00:00+00:00 /authors/rawson/ 2017-07-09T00:00:00+00:00 /entries/Name_Carrying_Type_Inference.html 2017-07-09T00:00:00+00:00 /entries/CRDT.html 2017-07-07T00:00:00+00:00 /entries/Stone_Kleene_Relation_Algebras.html 2017-07-06T00:00:00+00:00 /dependencies/stone_relation_algebras/ 2017-07-06T00:00:00+00:00 /entries/Propositional_Proof_Systems.html 2017-06-21T00:00:00+00:00 /authors/dongol/ 2017-06-13T00:00:00+00:00 /authors/hayes/ 2017-06-13T00:00:00+00:00 /entries/PSemigroupsConvolution.html 2017-06-13T00:00:00+00:00 /entries/Buffons_Needle.html 2017-06-06T00:00:00+00:00 /dependencies/cava_automata/ 2017-06-01T00:00:00+00:00 /entries/Flow_Networks.html 2017-06-01T00:00:00+00:00 /dependencies/flow_networks/ 2017-06-01T00:00:00+00:00 /entries/Prpu_Maxflow.html 2017-06-01T00:00:00+00:00 /dependencies/program-conflict-analysis/ 2017-06-01T00:00:00+00:00 /entries/Optics.html 2017-05-25T00:00:00+00:00 /entries/Security_Protocol_Refinement.html 2017-05-24T00:00:00+00:00 /entries/Dict_Construction.html 2017-05-24T00:00:00+00:00 /dependencies/lazy_case/ 2017-05-24T00:00:00+00:00 /authors/somaini/ 2017-05-24T00:00:00+00:00 /entries/Floyd_Warshall.html 2017-05-08T00:00:00+00:00 /dependencies/applicative_lifting/ 2017-05-05T00:00:00+00:00 /authors/bhatt/ 2017-05-05T00:00:00+00:00 /entries/CryptHOL.html 2017-05-05T00:00:00+00:00 /entries/Monomorphic_Monad.html 2017-05-05T00:00:00+00:00 /entries/Game_Based_Crypto.html 2017-05-05T00:00:00+00:00 /dependencies/mfmc_countable/ 2017-05-05T00:00:00+00:00 /entries/Monad_Normalisation.html 2017-05-05T00:00:00+00:00 /dependencies/monomorphic_monad/ 2017-05-05T00:00:00+00:00 /entries/Probabilistic_While.html 2017-05-05T00:00:00+00:00 /dependencies/probabilistic_while/ 2017-05-05T00:00:00+00:00 /dependencies/category3/ 2017-05-04T00:00:00+00:00 /entries/MonoidalCategory.html 2017-05-04T00:00:00+00:00 /entries/Types_Tableaus_and_Goedels_God.html 2017-05-01T00:00:00+00:00 /entries/LocalLexing.html 2017-04-28T00:00:00+00:00 /authors/obua/ 2017-04-28T00:00:00+00:00 /entries/Constructor_Funs.html 2017-04-19T00:00:00+00:00 /entries/Lazy_Case.html 2017-04-18T00:00:00+00:00 /entries/Subresultants.html 2017-04-06T00:00:00+00:00 /entries/Random_BSTs.html 2017-04-04T00:00:00+00:00 /dependencies/quick_sort_cost/ 2017-04-04T00:00:00+00:00 /entries/Comparison_Sort_Lower_Bound.html 2017-03-15T00:00:00+00:00 /dependencies/regular-sets/ 2017-03-15T00:00:00+00:00 /entries/Quick_Sort_Cost.html 2017-03-15T00:00:00+00:00 /entries/Euler_MacLaurin.html 2017-03-10T00:00:00+00:00 /authors/berghofer/ 2017-02-28T00:00:00+00:00 /entries/Elliptic_Curves_Group_Law.html 2017-02-28T00:00:00+00:00 /authors/dittmann/ 2017-02-26T00:00:00+00:00 /entries/Menger.html 2017-02-26T00:00:00+00:00 /entries/Differential_Dynamic_Logic.html 2017-02-13T00:00:00+00:00 /entries/Abstract_Soundness.html 2017-02-10T00:00:00+00:00 /entries/Stone_Relation_Algebras.html 2017-02-07T00:00:00+00:00 /authors/lallemand/ 2017-01-31T00:00:00+00:00 /entries/Key_Agreement_Strong_Adversaries.html 2017-01-31T00:00:00+00:00 /entries/Bernoulli.html 2017-01-24T00:00:00+00:00 /entries/Bertrands_Postulate.html 2017-01-17T00:00:00+00:00 /dependencies/formal_ssa/ 2017-01-17T00:00:00+00:00 /authors/lohner/ 2017-01-17T00:00:00+00:00 /entries/Minimal_SSA.html 2017-01-17T00:00:00+00:00 /authors/wagner/ 2017-01-17T00:00:00+00:00 /entries/E_Transcendental.html 2017-01-12T00:00:00+00:00 /authors/bruegger/ 2017-01-08T00:00:00+00:00 /entries/UPF_Firewall.html 2017-01-08T00:00:00+00:00 /dependencies/upf/ 2017-01-08T00:00:00+00:00 /entries/Password_Authentication_Protocol.html 2017-01-03T00:00:00+00:00 /entries/FOL_Harrison.html 2017-01-01T00:00:00+00:00 /authors/jensen/ 2017-01-01T00:00:00+00:00 /entries/Concurrent_Ref_Alg.html 2016-12-30T00:00:00+00:00 /authors/fell/ 2016-12-30T00:00:00+00:00 /authors/velykis/ 2016-12-30T00:00:00+00:00 /dependencies/bell_numbers_spivey/ 2016-12-29T00:00:00+00:00 /dependencies/card_multisets/ 2016-12-29T00:00:00+00:00 /dependencies/card_number_partitions/ 2016-12-29T00:00:00+00:00 /entries/Twelvefold_Way.html 2016-12-29T00:00:00+00:00 /authors/nagashima/ 2016-12-20T00:00:00+00:00 /entries/Proof_Strategy_Language.html 2016-12-20T00:00:00+00:00 /entries/Paraconsistency.html 2016-12-07T00:00:00+00:00 /authors/amani/ 2016-11-29T00:00:00+00:00 /authors/andronick/ 2016-11-29T00:00:00+00:00 /entries/Complx.html 2016-11-29T00:00:00+00:00 /authors/lewis/ 2016-11-29T00:00:00+00:00 /authors/rizkallah/ 2016-11-29T00:00:00+00:00 /authors/tuongj/ 2016-11-29T00:00:00+00:00 /entries/Abs_Int_ITP2012.html 2016-11-23T00:00:00+00:00 /authors/clouston/ 2016-11-16T00:00:00+00:00 /authors/gore/ 2016-11-16T00:00:00+00:00 /authors/hou/ 2016-11-16T00:00:00+00:00 /authors/sanan/ 2016-11-16T00:00:00+00:00 /entries/Separata.html 2016-11-16T00:00:00+00:00 /authors/tiu/ 2016-11-16T00:00:00+00:00 /authors/becker/ 2016-11-12T00:00:00+00:00 /entries/Lambda_Free_KBOs.html 2016-11-12T00:00:00+00:00 /entries/Nested_Multisets_Ordinals.html 2016-11-12T00:00:00+00:00 /dependencies/ordinal/ 2016-11-12T00:00:00+00:00 /authors/wand/ 2016-11-12T00:00:00+00:00 /entries/Deep_Learning.html 2016-11-10T00:00:00+00:00 /authors/borgstroem/ 2016-10-25T00:00:00+00:00 /authors/eriksson/ 2016-10-25T00:00:00+00:00 /authors/gutkovas/ 2016-10-25T00:00:00+00:00 /entries/Modal_Logics_for_NTS.html 2016-10-25T00:00:00+00:00 /authors/parrow/ 2016-10-25T00:00:00+00:00 /authors/weber/ 2016-10-25T00:00:00+00:00 /entries/Stable_Matching.html 2016-10-24T00:00:00+00:00 /dependencies/iptables_semantics/ 2016-10-21T00:00:00+00:00 /entries/LOFT.html 2016-10-21T00:00:00+00:00 /entries/SPARCv8.html 2016-10-19T00:00:00+00:00 /authors/hibon/ 2016-10-19T00:00:00+00:00 /authors/liuy/ 2016-10-19T00:00:00+00:00 /entries/Source_Coding_Theorem.html 2016-10-19T00:00:00+00:00 /dependencies/efficient-mergesort/ 2016-10-14T00:00:00+00:00 /dependencies/subresultants/ 2016-10-14T00:00:00+00:00 /entries/Berlekamp_Zassenhaus.html 2016-10-14T00:00:00+00:00 /entries/Chord_Segments.html 2016-10-11T00:00:00+00:00 /entries/Lp.html 2016-10-05T00:00:00+00:00 /entries/Fisher_Yates.html 2016-09-30T00:00:00+00:00 /entries/Allen_Calculus.html 2016-09-29T00:00:00+00:00 /authors/ghourabi/ 2016-09-29T00:00:00+00:00 /entries/Lambda_Free_RPOs.html 2016-09-23T00:00:00+00:00 /entries/Iptables_Semantics.html 2016-09-09T00:00:00+00:00 /dependencies/iptables_semantics_examples/ 2016-09-09T00:00:00+00:00 /dependencies/routing/ 2016-09-09T00:00:00+00:00 /entries/SuperCalc.html 2016-09-06T00:00:00+00:00 /authors/peltier/ 2016-09-06T00:00:00+00:00 /entries/Stone_Algebras.html 2016-09-06T00:00:00+00:00 /entries/Stirling_Formula.html 2016-09-01T00:00:00+00:00 /entries/Routing.html 2016-08-31T00:00:00+00:00 /dependencies/simple_firewall/ 2016-08-31T00:00:00+00:00 /dependencies/ip_addresses/ 2016-08-24T00:00:00+00:00 /entries/Simple_Firewall.html 2016-08-24T00:00:00+00:00 /authors/aissat/ 2016-08-18T00:00:00+00:00 /entries/InfPathElimination.html 2016-08-18T00:00:00+00:00 /authors/voisin/ 2016-08-18T00:00:00+00:00 /entries/EdmondsKarp_Maxflow.html 2016-08-12T00:00:00+00:00 /dependencies/collections_examples/ 2016-08-08T00:00:00+00:00 /dependencies/dijkstra_shortest_path/ 2016-08-08T00:00:00+00:00 /dependencies/separation_logic_imperative_hol/ 2016-08-08T00:00:00+00:00 /dependencies/sepref_basic/ 2016-08-08T00:00:00+00:00 /entries/Refine_Imperative_HOL.html 2016-08-08T00:00:00+00:00 /entries/Ptolemys_Theorem.html 2016-08-07T00:00:00+00:00 /entries/Surprise_Paradox.html 2016-07-17T00:00:00+00:00 /authors/brinkop/ 2016-07-14T00:00:00+00:00 /entries/Pairing_Heap.html 2016-07-14T00:00:00+00:00 /entries/DFS_Framework.html 2016-07-05T00:00:00+00:00 /authors/neumann/ 2016-07-05T00:00:00+00:00 /entries/Buildings.html 2016-07-01T00:00:00+00:00 /authors/sylvestre/ 2016-07-01T00:00:00+00:00 /authors/nagele/ 2016-06-30T00:00:00+00:00 /authors/oostrom/ 2016-06-30T00:00:00+00:00 /entries/Resolution_FOL.html 2016-06-30T00:00:00+00:00 /entries/Rewriting_Z.html 2016-06-30T00:00:00+00:00 /entries/Dependent_SIFUM_Refinement.html 2016-06-28T00:00:00+00:00 /dependencies/dependent_sifum_type_systems/ 2016-06-28T00:00:00+00:00 /entries/IP_Addresses.html 2016-06-28T00:00:00+00:00 /authors/pierzchalski/ 2016-06-28T00:00:00+00:00 /authors/sison/ 2016-06-28T00:00:00+00:00 /entries/Card_Multisets.html 2016-06-26T00:00:00+00:00 /entries/Category3.html 2016-06-26T00:00:00+00:00 /entries/Dependent_SIFUM_Type_Systems.html 2016-06-25T00:00:00+00:00 /entries/Catalan_Numbers.html 2016-06-21T00:00:00+00:00 /entries/Algebraic_VCs.html 2016-06-18T00:00:00+00:00 /entries/Noninterference_Concurrent_Composition.html 2016-06-13T00:00:00+00:00 /dependencies/noninterference_sequential_composition/ 2016-06-13T00:00:00+00:00 /authors/beeren/ 2016-06-09T00:00:00+00:00 /authors/fernandez/ 2016-06-09T00:00:00+00:00 /entries/Word_Lib.html 2016-06-09T00:00:00+00:00 /authors/gao/ 2016-06-09T00:00:00+00:00 /authors/klein/ 2016-06-09T00:00:00+00:00 /authors/kolanski/ 2016-06-09T00:00:00+00:00 /authors/lim/ 2016-06-09T00:00:00+00:00 /authors/matichuk/ 2016-06-09T00:00:00+00:00 /authors/sewell/ 2016-06-09T00:00:00+00:00 /entries/Tree_Decomposition.html 2016-05-31T00:00:00+00:00 /authors/ausaf/ 2016-05-24T00:00:00+00:00 /entries/Card_Equiv_Relations.html 2016-05-24T00:00:00+00:00 /authors/dyckhoff/ 2016-05-24T00:00:00+00:00 /entries/Posix-Lexing.html 2016-05-24T00:00:00+00:00 /authors/kuncar/ 2016-05-20T00:00:00+00:00 /entries/Perron_Frobenius.html 2016-05-20T00:00:00+00:00 /dependencies/rank_nullity_theorem/ 2016-05-20T00:00:00+00:00 /entries/Incredible_Proof_Machine.html 2016-05-20T00:00:00+00:00 /entries/FLP.html 2016-05-18T00:00:00+00:00 /authors/bisping/ 2016-05-18T00:00:00+00:00 /authors/brodmann/ 2016-05-18T00:00:00+00:00 /authors/nestmann/ 2016-05-18T00:00:00+00:00 /authors/peters/ 2016-05-18T00:00:00+00:00 /authors/rickmann/ 2016-05-18T00:00:00+00:00 /authors/seidler/ 2016-05-18T00:00:00+00:00 /authors/stueber/ 2016-05-18T00:00:00+00:00 /authors/weidner/ 2016-05-18T00:00:00+00:00 /entries/MFMC_Countable.html 2016-05-09T00:00:00+00:00 /dependencies/edmondskarp_maxflow/ 2016-05-09T00:00:00+00:00 /entries/Randomised_Social_Choice.html 2016-05-05T00:00:00+00:00 /entries/Bell_Numbers_Spivey.html 2016-05-04T00:00:00+00:00 /entries/SDS_Impossibility.html 2016-05-04T00:00:00+00:00 /entries/Groebner_Bases.html 2016-05-02T00:00:00+00:00 /authors/nemeti/ 2016-04-28T00:00:00+00:00 /entries/No_FTL_observers.html 2016-04-28T00:00:00+00:00 /authors/stannett/ 2016-04-28T00:00:00+00:00 /entries/CYK.html 2016-04-27T00:00:00+00:00 /entries/ROBDD.html 2016-04-27T00:00:00+00:00 /entries/Noninterference_Sequential_Composition.html 2016-04-26T00:00:00+00:00 /dependencies/noninterference_ipurge_unwinding/ 2016-04-26T00:00:00+00:00 /entries/KAD.html 2016-04-12T00:00:00+00:00 /entries/PropResPI.html 2016-03-11T00:00:00+00:00 /entries/Cartan_FP.html 2016-03-08T00:00:00+00:00 /entries/Timed_Automata.html 2016-03-08T00:00:00+00:00 /dependencies/boolean_expression_checkers/ 2016-03-01T00:00:00+00:00 /entries/LTL.html 2016-03-01T00:00:00+00:00 /entries/List_Update.html 2016-02-17T00:00:00+00:00 /dependencies/slicing/ 2016-02-05T00:00:00+00:00 /authors/ullrich/ 2016-02-05T00:00:00+00:00 /entries/Formal_SSA.html 2016-02-05T00:00:00+00:00 /dependencies/partial_function_mr/ 2016-01-29T00:00:00+00:00 /entries/Polynomial_Factorization.html 2016-01-29T00:00:00+00:00 /entries/Polynomial_Interpolation.html 2016-01-29T00:00:00+00:00 /dependencies/sqrt_babylonian/ 2016-01-29T00:00:00+00:00 /entries/Knot_Theory.html 2016-01-20T00:00:00+00:00 /authors/prathamesh/ 2016-01-20T00:00:00+00:00 /entries/Matrix_Tensor.html 2016-01-18T00:00:00+00:00 /entries/Card_Number_Partitions.html 2016-01-14T00:00:00+00:00 /entries/Triangle.html 2015-12-28T00:00:00+00:00 /entries/Descartes_Sign_Rule.html 2015-12-28T00:00:00+00:00 /entries/Liouville_Numbers.html 2015-12-28T00:00:00+00:00 /entries/Prime_Harmonic_Series.html 2015-12-28T00:00:00+00:00 /entries/Algebraic_Numbers.html 2015-12-22T00:00:00+00:00 /entries/Applicative_Lifting.html 2015-12-22T00:00:00+00:00 /entries/Stern_Brocot.html 2015-12-22T00:00:00+00:00 /entries/Card_Partitions.html 2015-12-12T00:00:00+00:00 /entries/Latin_Square.html 2015-12-02T00:00:00+00:00 /dependencies/marriage/ 2015-12-02T00:00:00+00:00 /entries/Ergodic_Theory.html 2015-12-01T00:00:00+00:00 /entries/Euler_Partition.html 2015-11-19T00:00:00+00:00 /entries/TortoiseHare.html 2015-11-18T00:00:00+00:00 /dependencies/case_labeling/ 2015-11-11T00:00:00+00:00 /authors/noschinski/ 2015-11-11T00:00:00+00:00 /entries/Planarity_Certificates.html 2015-11-11T00:00:00+00:00 /dependencies/simpl/ 2015-11-11T00:00:00+00:00 /dependencies/transitive-closure/ 2015-11-11T00:00:00+00:00 /entries/Parity_Game.html 2015-11-02T00:00:00+00:00 /entries/Isabelle_Meta_Model.html 2015-09-16T00:00:00+00:00 /entries/LTL_to_DRA.html 2015-09-04T00:00:00+00:00 /dependencies/kbps/ 2015-09-04T00:00:00+00:00 /entries/Jordan_Normal_Form.html 2015-08-21T00:00:00+00:00 /entries/Decreasing-Diagrams-II.html 2015-08-20T00:00:00+00:00 /entries/Noninterference_Inductive_Unwinding.html 2015-08-18T00:00:00+00:00 /entries/Rep_Fin_Groups.html 2015-08-12T00:00:00+00:00 /entries/Encodability_Process_Calculi.html 2015-08-10T00:00:00+00:00 /authors/glabbeek/ 2015-08-10T00:00:00+00:00 /entries/Case_Labeling.html 2015-07-21T00:00:00+00:00 /entries/Landau_Symbols.html 2015-07-14T00:00:00+00:00 /entries/Akra_Bazzi.html 2015-07-14T00:00:00+00:00 /dependencies/echelon_form/ 2015-07-07T00:00:00+00:00 /entries/Hermite.html 2015-07-07T00:00:00+00:00 /entries/Derangements.html 2015-06-27T00:00:00+00:00 /entries/Multirelations.html 2015-06-11T00:00:00+00:00 /authors/furusawa/ 2015-06-11T00:00:00+00:00 /dependencies/list_interleaving/ 2015-06-11T00:00:00+00:00 /dependencies/noninterference_csp/ 2015-06-11T00:00:00+00:00 /entries/List_Interleaving.html 2015-06-11T00:00:00+00:00 /entries/Noninterference_Generic_Unwinding.html 2015-06-11T00:00:00+00:00 /entries/Noninterference_Ipurge_Unwinding.html 2015-06-11T00:00:00+00:00 /entries/Dynamic_Tables.html 2015-06-07T00:00:00+00:00 /dependencies/coinductive_languages/ 2015-05-28T00:00:00+00:00 /entries/Formula_Derivatives.html 2015-05-28T00:00:00+00:00 /dependencies/formula_derivatives/ 2015-05-28T00:00:00+00:00 /entries/Probabilistic_System_Zoo.html 2015-05-27T00:00:00+00:00 /authors/caminati/ 2015-04-30T00:00:00+00:00 /authors/kerber/ 2015-04-30T00:00:00+00:00 /authors/lange/ 2015-04-30T00:00:00+00:00 /authors/rowat/ 2015-04-30T00:00:00+00:00 /entries/Vickrey_Clarke_Groves.html 2015-04-30T00:00:00+00:00 /entries/Residuated_Lattices.html 2015-04-15T00:00:00+00:00 /entries/ConcurrentIMP.html 2015-04-13T00:00:00+00:00 /dependencies/concurrentimp/ 2015-04-13T00:00:00+00:00 /authors/engelhardt/ 2015-04-13T00:00:00+00:00 /authors/hosking/ 2015-04-13T00:00:00+00:00 /entries/ConcurrentGC.html 2015-04-13T00:00:00+00:00 /entries/Trie.html 2015-03-30T00:00:00+00:00 /entries/Consensus_Refined.html 2015-03-18T00:00:00+00:00 /dependencies/heard_of/ 2015-03-18T00:00:00+00:00 /entries/Deriving.html 2015-03-11T00:00:00+00:00 /dependencies/launchbury/ 2015-02-20T00:00:00+00:00 /entries/Call_Arity.html 2015-02-20T00:00:00+00:00 /dependencies/cayley_hamilton/ 2015-02-12T00:00:00+00:00 /entries/Echelon_Form.html 2015-02-12T00:00:00+00:00 /entries/QR_Decomposition.html 2015-02-12T00:00:00+00:00 /entries/Finite_Automata_HF.html 2015-02-05T00:00:00+00:00 /entries/UpDown_Scheme.html 2015-01-28T00:00:00+00:00 /entries/UPF.html 2014-11-28T00:00:00+00:00 /dependencies/awn/ 2014-10-23T00:00:00+00:00 /authors/bourke/ 2014-10-23T00:00:00+00:00 /entries/AODV.html 2014-10-23T00:00:00+00:00 /entries/Lifting_Definition_Option.html 2014-10-13T00:00:00+00:00 /authors/maximova/ 2014-10-10T00:00:00+00:00 /entries/Stream_Fusion_Code.html 2014-10-10T00:00:00+00:00 /entries/Density_Compiler.html 2014-10-09T00:00:00+00:00 /entries/RefinementReactive.html 2014-10-08T00:00:00+00:00 /authors/preoteasa/ 2014-10-08T00:00:00+00:00 /entries/Certification_Monads.html 2014-10-03T00:00:00+00:00 /entries/XML.html 2014-10-03T00:00:00+00:00 /entries/Imperative_Insertion_Sort.html 2014-09-25T00:00:00+00:00 /entries/Sturm_Tarski.html 2014-09-19T00:00:00+00:00 /authors/adelsberger/ 2014-09-15T00:00:00+00:00 /authors/hetzl/ 2014-09-15T00:00:00+00:00 /authors/pollak/ 2014-09-15T00:00:00+00:00 /entries/Cayley_Hamilton.html 2014-09-15T00:00:00+00:00 /authors/raumer/ 2014-09-09T00:00:00+00:00 /dependencies/secondary_sylow/ 2014-09-09T00:00:00+00:00 /entries/Jordan_Hoelder.html 2014-09-09T00:00:00+00:00 /entries/Priority_Queue_Braun.html 2014-09-04T00:00:00+00:00 /entries/Gauss_Jordan.html 2014-09-03T00:00:00+00:00 /authors/lee/ 2014-08-29T00:00:00+00:00 /entries/Special_Function_Bounds.html 2014-08-29T00:00:00+00:00 /entries/VectorSpace.html 2014-08-29T00:00:00+00:00 /entries/Skew_Heap.html 2014-08-13T00:00:00+00:00 /entries/Splay_Tree.html 2014-08-12T00:00:00+00:00 /entries/Show.html 2014-07-29T00:00:00+00:00 /authors/blasum/ 2014-07-18T00:00:00+00:00 /authors/feliachi/ 2014-07-18T00:00:00+00:00 /entries/CISC-Kernel.html 2014-07-18T00:00:00+00:00 /authors/havle/ 2014-07-18T00:00:00+00:00 /authors/langenstein/ 2014-07-18T00:00:00+00:00 /authors/schmaltz/ 2014-07-18T00:00:00+00:00 /authors/stephan/ 2014-07-18T00:00:00+00:00 /authors/tverdyshev/ 2014-07-18T00:00:00+00:00 /authors/cock/ 2014-07-13T00:00:00+00:00 /entries/pGCL.html 2014-07-13T00:00:00+00:00 /entries/Amortized_Complexity.html 2014-07-07T00:00:00+00:00 /dependencies/skew_heap/ 2014-07-07T00:00:00+00:00 /dependencies/splay_tree/ 2014-07-07T00:00:00+00:00 /entries/Network_Security_Policy_Verification.html 2014-07-04T00:00:00+00:00 /authors/coglio/ 2014-07-03T00:00:00+00:00 /entries/Pop_Refinement.html 2014-07-03T00:00:00+00:00 /entries/MSO_Regex_Equivalence.html 2014-06-12T00:00:00+00:00 /entries/Boolean_Expression_Checkers.html 2014-06-08T00:00:00+00:00 /entries/CAVA_LTL_Modelchecker.html 2014-05-28T00:00:00+00:00 /dependencies/cava_base/ 2014-05-28T00:00:00+00:00 /dependencies/cava_setup/ 2014-05-28T00:00:00+00:00 /entries/LTL_to_GBA.html 2014-05-28T00:00:00+00:00 /authors/esparza/ 2014-05-28T00:00:00+00:00 /dependencies/ltl_to_gba/ 2014-05-28T00:00:00+00:00 /dependencies/partial_order_reduction/ 2014-05-28T00:00:00+00:00 /dependencies/promela/ 2014-05-28T00:00:00+00:00 /entries/Promela.html 2014-05-28T00:00:00+00:00 /authors/schimpf/ 2014-05-28T00:00:00+00:00 /dependencies/sm/ 2014-05-28T00:00:00+00:00 /dependencies/sm_base/ 2014-05-28T00:00:00+00:00 /authors/smaus/ 2014-05-28T00:00:00+00:00 /entries/CAVA_Automata.html 2014-05-28T00:00:00+00:00 /entries/Gabow_SCC.html 2014-05-28T00:00:00+00:00 /entries/Noninterference_CSP.html 2014-05-23T00:00:00+00:00 /entries/Roy_Floyd_Warshall.html 2014-05-23T00:00:00+00:00 /authors/wenzel/ 2014-05-23T00:00:00+00:00 /entries/Regular_Algebras.html 2014-05-21T00:00:00+00:00 /entries/ComponentDependencies.html 2014-04-28T00:00:00+00:00 /authors/spichkova/ 2014-04-28T00:00:00+00:00 /entries/SIFUM_Type_Systems.html 2014-04-23T00:00:00+00:00 /entries/WHATandWHERE_Security.html 2014-04-23T00:00:00+00:00 /entries/Strong_Security.html 2014-04-23T00:00:00+00:00 /authors/lux/ 2014-04-23T00:00:00+00:00 /authors/sauer/ 2014-04-23T00:00:00+00:00 /authors/schoepe/ 2014-04-23T00:00:00+00:00 /dependencies/strong_security/ 2014-04-23T00:00:00+00:00 /entries/Bounded_Deducibility_Security.html 2014-04-22T00:00:00+00:00 /entries/HyperCTL.html 2014-04-16T00:00:00+00:00 /entries/Abstract_Completeness.html 2014-04-16T00:00:00+00:00 /authors/rabe/ 2014-04-16T00:00:00+00:00 /entries/Discrete_Summation.html 2014-04-13T00:00:00+00:00 /authors/haftmann/ 2014-04-13T00:00:00+00:00 /entries/GPU_Kernel_PL.html 2014-04-03T00:00:00+00:00 /authors/wickerson/ 2014-04-03T00:00:00+00:00 /entries/Probabilistic_Noninterference.html 2014-03-11T00:00:00+00:00 /entries/AWN.html 2014-03-08T00:00:00+00:00 /entries/Partial_Function_MR.html 2014-02-18T00:00:00+00:00 /entries/Random_Graph_Subgraph_Threshold.html 2014-02-13T00:00:00+00:00 /authors/petrovic/ 2014-02-11T00:00:00+00:00 /entries/Selection_Heap_Sort.html 2014-02-11T00:00:00+00:00 /entries/Affine_Arithmetic.html 2014-02-07T00:00:00+00:00 /entries/Real_Impl.html 2014-02-06T00:00:00+00:00 /entries/Regex_Equivalence.html 2014-01-30T00:00:00+00:00 /entries/Secondary_Sylow.html 2014-01-28T00:00:00+00:00 /authors/armstrong/ 2014-01-25T00:00:00+00:00 /entries/Relation_Algebra.html 2014-01-25T00:00:00+00:00 /entries/KAT_and_DRA.html 2014-01-23T00:00:00+00:00 /entries/Featherweight_OCL.html 2014-01-16T00:00:00+00:00 /entries/CryptoBasedCompositionalProperties.html 2014-01-11T00:00:00+00:00 /entries/Sturm_Sequences.html 2014-01-11T00:00:00+00:00 /entries/Tail_Recursive_Functions.html 2013-12-01T00:00:00+00:00 /entries/Incompleteness.html 2013-11-17T00:00:00+00:00 /entries/HereditarilyFinite.html 2013-11-17T00:00:00+00:00 /entries/Coinductive_Languages.html 2013-11-15T00:00:00+00:00 /entries/FocusStreamsCaseStudies.html 2013-11-14T00:00:00+00:00 /entries/GoedelGod.html 2013-11-12T00:00:00+00:00 /authors/paleo/ 2013-11-12T00:00:00+00:00 /entries/Decreasing-Diagrams.html 2013-11-01T00:00:00+00:00 /authors/zankl/ 2013-11-01T00:00:00+00:00 /entries/Automatic_Refinement.html 2013-10-02T00:00:00+00:00 /entries/Native_Word.html 2013-09-17T00:00:00+00:00 /entries/IEEE_Floating_Point.html 2013-07-27T00:00:00+00:00 /authors/yu/ 2013-07-27T00:00:00+00:00 /dependencies/lehmer/ 2013-07-22T00:00:00+00:00 /entries/Lehmer.html 2013-07-22T00:00:00+00:00 /entries/Pratt_Certificate.html 2013-07-22T00:00:00+00:00 /entries/Koenigsberg_Friendship.html 2013-07-19T00:00:00+00:00 /entries/Sort_Encodings.html 2013-06-27T00:00:00+00:00 /entries/ShortestPath.html 2013-05-22T00:00:00+00:00 /entries/Graph_Theory.html 2013-04-28T00:00:00+00:00 /dependencies/finger-trees/ 2013-04-15T00:00:00+00:00 /entries/Containers.html 2013-04-15T00:00:00+00:00 /dependencies/trie/ 2013-04-15T00:00:00+00:00 /entries/Nominal2.html 2013-02-21T00:00:00+00:00 /entries/Launchbury.html 2013-01-31T00:00:00+00:00 /entries/Ribbon_Proofs.html 2013-01-19T00:00:00+00:00 /entries/Rank_Nullity_Theorem.html 2013-01-16T00:00:00+00:00 /entries/Kleene_Algebra.html 2013-01-15T00:00:00+00:00 /dependencies/cauchy/ 2013-01-03T00:00:00+00:00 /entries/Sqrt_Babylonian.html 2013-01-03T00:00:00+00:00 /entries/Separation_Logic_Imperative_HOL.html 2012-11-14T00:00:00+00:00 /authors/meis/ 2012-11-14T00:00:00+00:00 /authors/ogawa/ 2012-11-02T00:00:00+00:00 /entries/Open_Induction.html 2012-11-02T00:00:00+00:00 /authors/makarios/ 2012-10-30T00:00:00+00:00 /entries/Tarskis_Geometry.html 2012-10-30T00:00:00+00:00 /authors/avigad/ 2012-10-27T00:00:00+00:00 /entries/Bondy.html 2012-10-27T00:00:00+00:00 /entries/Possibilistic_Noninterference.html 2012-09-10T00:00:00+00:00 /entries/Datatype_Order_Generator.html 2012-08-07T00:00:00+00:00 /entries/Impossible_Geometry.html 2012-08-05T00:00:00+00:00 /authors/romanos/ 2012-08-05T00:00:00+00:00 /authors/debrat/ 2012-07-27T00:00:00+00:00 /entries/Heard_Of.html 2012-07-27T00:00:00+00:00 /entries/PCF.html 2012-07-01T00:00:00+00:00 /entries/Tycon.html 2012-06-26T00:00:00+00:00 /authors/bengtson/ 2012-05-29T00:00:00+00:00 /entries/CCS.html 2012-05-29T00:00:00+00:00 /entries/Psi_Calculi.html 2012-05-29T00:00:00+00:00 /entries/Pi_Calculus.html 2012-05-29T00:00:00+00:00 /authors/gaudel/ 2012-05-27T00:00:00+00:00 /entries/Circus.html 2012-05-27T00:00:00+00:00 /authors/boyton/ 2012-05-11T00:00:00+00:00 /entries/Separation_Algebra.html 2012-05-11T00:00:00+00:00 /entries/Stuttering_Equivalence.html 2012-05-07T00:00:00+00:00 /authors/bella/ 2012-05-02T00:00:00+00:00 /entries/Inductive_Confidentiality.html 2012-05-02T00:00:00+00:00 /dependencies/lorenz_approximation/ 2012-04-26T00:00:00+00:00 /entries/Ordinary_Differential_Equations.html 2012-04-26T00:00:00+00:00 /entries/Well_Quasi_Orders.html 2012-04-13T00:00:00+00:00 /entries/Abortable_Linearizable_Modules.html 2012-03-01T00:00:00+00:00 /authors/guerraoui/ 2012-03-01T00:00:00+00:00 /authors/kuncak/ 2012-03-01T00:00:00+00:00 /entries/Transitive-Closure-II.html 2012-02-29T00:00:00+00:00 /entries/Girth_Chromatic.html 2012-02-06T00:00:00+00:00 /entries/Dijkstra_Shortest_Path.html 2012-01-30T00:00:00+00:00 /entries/Refine_Monadic.html 2012-01-30T00:00:00+00:00 /dependencies/gauss-jordan-elim-fun/ 2012-01-03T00:00:00+00:00 /entries/Markov_Models.html 2012-01-03T00:00:00+00:00 /entries/TLA.html 2011-11-19T00:00:00+00:00 /authors/grov/ 2011-11-19T00:00:00+00:00 /entries/Efficient-Mergesort.html 2011-11-09T00:00:00+00:00 /entries/MonoBoolTranAlgebra.html 2011-09-22T00:00:00+00:00 /authors/georgescu/ 2011-09-22T00:00:00+00:00 /entries/LatticeProperties.html 2011-09-22T00:00:00+00:00 /dependencies/latticeproperties/ 2011-09-22T00:00:00+00:00 /authors/leustean/ 2011-09-22T00:00:00+00:00 /entries/PseudoHoops.html 2011-09-22T00:00:00+00:00 /entries/Myhill-Nerode.html 2011-08-26T00:00:00+00:00 /authors/wu/ 2011-08-26T00:00:00+00:00 /entries/Gauss-Jordan-Elim-Fun.html 2011-08-19T00:00:00+00:00 /entries/Max-Card-Matching.html 2011-07-21T00:00:00+00:00 /entries/KBPs.html 2011-05-17T00:00:00+00:00 /entries/General-Triangle.html 2011-04-01T00:00:00+00:00 /entries/Transitive-Closure.html 2011-03-14T00:00:00+00:00 /entries/AutoFocus-Stream.html 2011-02-23T00:00:00+00:00 /entries/List-Infinite.html 2011-02-23T00:00:00+00:00 /entries/Nat-Interval-Logic.html 2011-02-23T00:00:00+00:00 /dependencies/list-infinite/ 2011-02-23T00:00:00+00:00 /dependencies/nat-interval-logic/ 2011-02-23T00:00:00+00:00 /authors/trachtenherz/ 2011-02-23T00:00:00+00:00 /entries/LightweightJava.html 2011-02-07T00:00:00+00:00 /authors/parkinson/ 2011-02-07T00:00:00+00:00 /authors/strnisa/ 2011-02-07T00:00:00+00:00 /entries/RIPEMD-160-SPARK.html 2011-01-10T00:00:00+00:00 /authors/grechuk/ 2011-01-08T00:00:00+00:00 /entries/Lower_Semicontinuous.html 2011-01-08T00:00:00+00:00 /entries/Marriage.html 2010-12-17T00:00:00+00:00 /authors/jiangd/ 2010-12-17T00:00:00+00:00 /entries/Shivers-CFA.html 2010-11-16T00:00:00+00:00 /entries/Binomial-Heaps.html 2010-10-28T00:00:00+00:00 /entries/Finger-Trees.html 2010-10-28T00:00:00+00:00 /entries/Binomial-Queues.html 2010-10-28T00:00:00+00:00 /authors/koerner/ 2010-10-28T00:00:00+00:00 /authors/nielsen/ 2010-10-28T00:00:00+00:00 /authors/doczkal/ 2010-08-29T00:00:00+00:00 /entries/Lam-ml-Normalization.html 2010-08-29T00:00:00+00:00 /entries/Polynomials.html 2010-08-10T00:00:00+00:00 /entries/Statecharts.html 2010-08-08T00:00:00+00:00 /authors/helke/ 2010-08-08T00:00:00+00:00 /entries/Free-Groups.html 2010-06-24T00:00:00+00:00 /entries/Category2.html 2010-06-20T00:00:00+00:00 /authors/katovsky/ 2010-06-20T00:00:00+00:00 /entries/Matrix.html 2010-06-17T00:00:00+00:00 /entries/Abstract-Rewriting.html 2010-06-14T00:00:00+00:00 /authors/back/ 2010-05-28T00:00:00+00:00 /dependencies/datarefinementibp/ 2010-05-28T00:00:00+00:00 /entries/DataRefinementIBP.html 2010-05-28T00:00:00+00:00 /entries/GraphMarkingIBP.html 2010-05-28T00:00:00+00:00 /entries/Robbins-Conjecture.html 2010-05-22T00:00:00+00:00 /authors/krauss/ 2010-05-12T00:00:00+00:00 /entries/Regular-Sets.html 2010-05-12T00:00:00+00:00 /authors/henrio/ 2010-04-30T00:00:00+00:00 /entries/Locally-Nameless-Sigma.html 2010-04-30T00:00:00+00:00 /authors/lutz/ 2010-04-30T00:00:00+00:00 /authors/sudhof/ 2010-04-30T00:00:00+00:00 /entries/Free-Boolean-Algebra.html 2010-03-29T00:00:00+00:00 /dependencies/hrb-slicing/ 2010-03-23T00:00:00+00:00 /entries/InformationFlowSlicing.html 2010-03-23T00:00:00+00:00 /entries/InformationFlowSlicing_Inter.html 2010-03-23T00:00:00+00:00 /authors/wasserrab/ 2010-03-23T00:00:00+00:00 /entries/List-Index.html 2010-02-20T00:00:00+00:00 /entries/Coinductive.html 2010-02-12T00:00:00+00:00 /entries/DPT-SAT-Solver.html 2009-12-09T00:00:00+00:00 /authors/heller/ 2009-12-09T00:00:00+00:00 /entries/Presburger-Automata.html 2009-12-03T00:00:00+00:00 /authors/reiter/ 2009-12-03T00:00:00+00:00 /dependencies/binomial-heaps/ 2009-11-25T00:00:00+00:00 /entries/Collections.html 2009-11-25T00:00:00+00:00 /entries/Tree-Automata.html 2009-11-25T00:00:00+00:00 /authors/ijbema/ 2009-11-22T00:00:00+00:00 /entries/Perfect-Number-Thm.html 2009-11-22T00:00:00+00:00 /entries/HRB-Slicing.html 2009-11-13T00:00:00+00:00 /entries/WorkerWrapper.html 2009-10-30T00:00:00+00:00 /entries/Ordinals_and_Cardinals.html 2009-09-01T00:00:00+00:00 /authors/chapman/ 2009-08-28T00:00:00+00:00 /entries/SequentInvertibility.html 2009-08-28T00:00:00+00:00 /entries/CofGroups.html 2009-08-04T00:00:00+00:00 /authors/kastermans/ 2009-08-04T00:00:00+00:00 /entries/FinFun.html 2009-05-06T00:00:00+00:00 /entries/Stream-Fusion.html 2009-04-29T00:00:00+00:00 /entries/BytecodeLogicJmlTypes.html 2008-12-12T00:00:00+00:00 /authors/beringer/ 2008-12-12T00:00:00+00:00 /authors/hofmann/ 2008-12-12T00:00:00+00:00 /entries/SIFPL.html 2008-11-10T00:00:00+00:00 /entries/SenSocialChoice.html 2008-11-09T00:00:00+00:00 /entries/FunWithTilings.html 2008-11-07T00:00:00+00:00 /entries/Huffman.html 2008-10-15T00:00:00+00:00 /entries/Slicing.html 2008-09-16T00:00:00+00:00 /entries/VolpanoSmith.html 2008-09-02T00:00:00+00:00 /authors/snelting/ 2008-09-02T00:00:00+00:00 /entries/ArrowImpossibilityGS.html 2008-09-01T00:00:00+00:00 /entries/FunWithFunctions.html 2008-08-26T00:00:00+00:00 /entries/SATSolverVerification.html 2008-07-23T00:00:00+00:00 /authors/nedzelsky/ 2008-04-05T00:00:00+00:00 /entries/Recursion-Theory-I.html 2008-04-05T00:00:00+00:00 /entries/Simpl.html 2008-02-29T00:00:00+00:00 /entries/BDD.html 2008-02-29T00:00:00+00:00 /authors/ortner/ 2008-02-29T00:00:00+00:00 /authors/aehlig/ 2008-02-18T00:00:00+00:00 /entries/NormByEval.html 2008-02-18T00:00:00+00:00 /entries/LinearQuantifierElim.html 2008-01-11T00:00:00+00:00 /entries/Program-Conflict-Analysis.html 2007-12-14T00:00:00+00:00 /authors/olm/ 2007-12-14T00:00:00+00:00 /entries/JinjaThreads.html 2007-12-03T00:00:00+00:00 /authors/boehme/ 2007-11-06T00:00:00+00:00 /entries/MuchAdoAboutTwo.html 2007-11-06T00:00:00+00:00 /entries/Fermat3_4.html 2007-08-12T00:00:00+00:00 /authors/oosterhuis/ 2007-08-12T00:00:00+00:00 /entries/SumSquares.html 2007-08-12T00:00:00+00:00 /entries/Valuation.html 2007-08-08T00:00:00+00:00 /dependencies/group-ring-module/ 2007-08-08T00:00:00+00:00 /authors/kobayashi/ 2007-08-08T00:00:00+00:00 /entries/FOL-Fitting.html 2007-08-02T00:00:00+00:00 /entries/POPLmark-deBruijn.html 2007-08-02T00:00:00+00:00 /entries/HotelKeyCards.html 2006-09-09T00:00:00+00:00 /entries/Abstract-Hoare-Logics.html 2006-08-08T00:00:00+00:00 /authors/bauer/ 2006-05-22T00:00:00+00:00 /entries/Flyspeck-Tame.html 2006-05-22T00:00:00+00:00 /dependencies/flyspeck-tame/ 2006-05-22T00:00:00+00:00 /entries/CoreC++.html 2006-05-15T00:00:00+00:00 /entries/FeatherweightJava.html 2006-03-31T00:00:00+00:00 /authors/fosterj/ 2006-03-31T00:00:00+00:00 /authors/vytiniotis/ 2006-03-31T00:00:00+00:00 /authors/barsotti/ 2006-03-15T00:00:00+00:00 /entries/ClockSynchInst.html 2006-03-15T00:00:00+00:00 /entries/Cauchy.html 2006-03-14T00:00:00+00:00 /authors/porter/ 2006-03-14T00:00:00+00:00 /entries/Ordinal.html 2005-11-11T00:00:00+00:00 /entries/FFT.html 2005-10-12T00:00:00+00:00 /entries/GenClock.html 2005-06-24T00:00:00+00:00 /authors/jaskelioff/ 2005-06-22T00:00:00+00:00 /entries/DiskPaxos.html 2005-06-22T00:00:00+00:00 /entries/JiveDataStoreModel.html 2005-06-20T00:00:00+00:00 /authors/rauch/ 2005-06-20T00:00:00+00:00 /entries/Jinja.html 2005-06-01T00:00:00+00:00 /authors/lindenberg/ 2005-05-02T00:00:00+00:00 /entries/RSAPSS.html 2005-05-02T00:00:00+00:00 /authors/wirt/ 2005-05-02T00:00:00+00:00 /entries/Category.html 2005-04-21T00:00:00+00:00 /authors/keefe/ 2005-04-21T00:00:00+00:00 /entries/FileRefinement.html 2004-12-09T00:00:00+00:00 /authors/zee/ 2004-12-09T00:00:00+00:00 /entries/Integration.html 2004-11-19T00:00:00+00:00 /authors/richter/ 2004-11-19T00:00:00+00:00 /entries/Verified-Prover.html 2004-09-28T00:00:00+00:00 /authors/ridge/ 2004-09-28T00:00:00+00:00 /entries/Completeness.html 2004-09-20T00:00:00+00:00 /authors/margetson/ 2004-09-20T00:00:00+00:00 /entries/Ramsey-Infinite.html 2004-09-20T00:00:00+00:00 /entries/Compiling-Exceptions-Correctly.html 2004-07-09T00:00:00+00:00 /entries/Depth-First-Search.html 2004-06-24T00:00:00+00:00 /authors/nishihara/ 2004-06-24T00:00:00+00:00 /authors/chen/ 2004-05-18T00:00:00+00:00 /entries/Group-Ring-Module.html 2004-05-18T00:00:00+00:00 /authors/murao/ 2004-05-18T00:00:00+00:00 /authors/friedrich/ 2004-04-26T00:00:00+00:00 /entries/Lazy-Lists-II.html 2004-04-26T00:00:00+00:00 /dependencies/lazy-lists-ii/ 2004-04-26T00:00:00+00:00 /entries/Topology.html 2004-04-26T00:00:00+00:00 /entries/BinarySearchTree.html 2004-04-05T00:00:00+00:00 /entries/Functional-Automata.html 2004-03-30T00:00:00+00:00 /entries/AVL-Trees.html 2004-03-19T00:00:00+00:00 /entries/MiniML.html 2004-03-19T00:00:00+00:00 /authors/naraschewski/ 2004-03-19T00:00:00+00:00 /authors/pusch/ 2004-03-19T00:00:00+00:00 /theories/abortable_linearizable_modules/ /about/ /theories/abs_int_itp2012/ /theories/abstract-hoare-logics/ /theories/abstract-rewriting/ /theories/abstract_completeness/ /theories/abstract_soundness/ /theories/ackermanns_not_pr/ /theories/actuarial_mathematics/ /theories/adaptive_state_counting/ /theories/ads_functor/ /theories/affine_arithmetic/ /theories/aggregation_algebras/ /theories/ai_planning_languages_semantics/ /theories/akra_bazzi/ /theories/algebraic_numbers/ /theories/algebraic_vcs/ /theories/allen_calculus/ /theories/amicable_numbers/ /theories/amortized_complexity/ /theories/anselmgod/ /theories/aodv/ /theories/applicative_lifting/ /theories/approximation_algorithms/ /theories/architectural_design_patterns/ /theories/aristotles_assertoric_syllogistic/ /theories/arith_prog_rel_primes/ /theories/arrowimpossibilitygs/ /theories/attack_trees/ /theories/auto2_hol/ /theories/auto2_imperative_hol/ /theories/autofocus-stream/ /theories/automated_stateful_protocol_verification/ /theories/automatic_refinement/ /theories/avl-trees/ /theories/awn/ /theories/axiomaticcategorytheory/ /theories/banach_steinhaus/ /theories/bd_security_compositional/ /theories/bdd/ /theories/belief_revision/ /theories/bell_numbers_spivey/ /theories/benor_kozen_reif/ /theories/berlekamp_zassenhaus/ /theories/bernoulli/ /theories/bertrands_postulate/ /theories/bicategory/ /theories/binarysearchtree/ /theories/binding_syntax_theory/ /theories/binomial-heaps/ /theories/binomial-queues/ /theories/birdkmp/ /theories/blue_eyes/ /theories/bnf_cc/ /theories/bnf_operations/ /theories/bondy/ /theories/boolean_expression_checkers/ /theories/boolos_curious_inference/ /theories/bounded_deducibility_security/ /theories/btree/ /theories/buchi_complementation/ /theories/budan_fourier/ /theories/buffons_needle/ /theories/buildings/ /theories/bytecodelogicjmltypes/ /theories/c2ka_distributedsystems/ /theories/cakeml/ /theories/cakeml_codegen/ /theories/call_arity/ /theories/card_equiv_relations/ /theories/card_multisets/ /theories/card_number_partitions/ /theories/card_partitions/ /theories/cartan_fp/ /theories/case_labeling/ /theories/catalan_numbers/ /theories/category/ /theories/category2/ /theories/category3/ /theories/cauchy/ /theories/cava_automata/ /theories/cava_base/ /theories/cava_ltl_modelchecker/ /theories/cava_setup/ /theories/cayley_hamilton/ /theories/ccs/ /theories/certification_monads/ /theories/chandy_lamport/ /theories/chord_segments/ /theories/circus/ /theories/cisc-kernel/ /theories/clean/ /theories/clique_and_monotone_circuits/ /theories/clocksynchinst/ /theories/closest_pair_points/ /theories/cocon/ /theories/cofgroups/ /theories/coinductive/ /theories/coinductive_languages/ /theories/collections/ /theories/collections_examples/ /theories/combinable_wands/ /theories/combinatorics_words/ /theories/combinatorics_words_graph_lemma/ /theories/combinatorics_words_lyndon/ /theories/commuting_hermitian/ /theories/comparison_sort_lower_bound/ /theories/compiling-exceptions-correctly/ /theories/complete_non_orders/ /theories/completeness/ /theories/complex_bounded_operators/ /theories/complex_geometry/ /theories/complx/ /theories/componentdependencies/ /topics/computer-science/algorithms/ /topics/computer-science/algorithms/approximation/ /topics/computer-science/algorithms/concurrent/ /topics/computer-science/algorithms/distributed/ /topics/computer-science/algorithms/geometry/ /topics/computer-science/algorithms/graph/ /topics/computer-science/algorithms/mathematical/ /topics/computer-science/algorithms/online/ /topics/computer-science/algorithms/optimization/ /topics/computer-science/algorithms/quantum-computing/ /topics/computer-science/artificial-intelligence/ /topics/computer-science/automata-and-formal-languages/ /topics/computer-science/concurrency/ /topics/computer-science/concurrency/process-calculi/ + /topics/computer-science/data-management-systems/ + /topics/computer-science/data-structures/ /topics/computer-science/functional-programming/ /topics/computer-science/hardware/ /topics/computer-science/machine-learning/ /topics/computer-science/networks/ /topics/computer-science/programming-languages/ /topics/computer-science/programming-languages/compiling/ /topics/computer-science/programming-languages/lambda-calculi/ /topics/computer-science/programming-languages/language-definitions/ /topics/computer-science/programming-languages/logics/ /topics/computer-science/programming-languages/misc/ /topics/computer-science/programming-languages/static-analysis/ /topics/computer-science/programming-languages/type-systems/ /topics/computer-science/security/ /topics/computer-science/security/cryptography/ /topics/computer-science/semantics-and-reasoning/ /topics/computer-science/system-description-languages/ /theories/concurrent_ref_alg/ /theories/concurrent_revisions/ /theories/concurrentgc/ /theories/concurrentimp/ /theories/conditional_simplification/ /theories/conditional_transfer_rule/ /theories/consensus_refined/ /theories/constructive_cryptography/ /theories/constructive_cryptography_cm/ /theories/constructor_funs/ /theories/containers/ /theories/containers-benchmarks/ /theories/core_dom/ /theories/core_sc_dom/ /theories/corec++/ /theories/correctness_algebras/ /theories/cosmed/ /theories/cosmedis/ /theories/cotangent_pfd_formula/ /theories/count_complex_roots/ /theories/crdt/ /theories/crypthol/ /theories/cryptobasedcompositionalproperties/ /theories/crystals-kyber/ /theories/csp_reftk/ /theories/cubic_quartic_equations/ /theories/cyk/ /theories/czh_elementary_categories/ /theories/czh_foundations/ /theories/czh_universal_constructions/ /theories/datarefinementibp/ /theories/datatype_order_generator/ /theories/decl_sem_fun_pl/ /theories/decreasing-diagrams/ /theories/decreasing-diagrams-ii/ /theories/dedekind_real/ /theories/deep_learning/ /theories/delta_system_lemma/ /theories/density_compiler/ /theories/dependent_sifum_refinement/ /theories/dependent_sifum_type_systems/ /theories/depth-first-search/ /theories/derangements/ /theories/deriving/ /theories/descartes_sign_rule/ /theories/design_theory/ /theories/dfs_framework/ /theories/dict_construction/ /theories/differential_dynamic_logic/ /theories/differential_game_logic/ /theories/digit_expansions/ /theories/dijkstra_shortest_path/ /theories/diophantine_eqns_lin_hom/ /theories/dirichlet_l/ /theories/dirichlet_series/ /theories/discrete_summation/ /theories/discretepricing/ /theories/diskpaxos/ /theories/dom_components/ /theories/dominance_chk/ /download/ /theories/dprm_theorem/ /theories/dpt-sat-solver/ /theories/dynamic_tables/ /theories/dynamicarchitectures/ /theories/e_transcendental/ /theories/echelon_form/ /theories/edmondskarp_maxflow/ /theories/efficient-mergesort/ /theories/elliptic_curves_group_law/ /theories/encodability_process_calculi/ /submission/ /theories/epistemic_logic/ /theories/equivalence_relation_enumeration/ /theories/ergodic_theory/ /theories/error_function/ /theories/euler_maclaurin/ /theories/euler_partition/ /theories/eval_fo/ /theories/extended_finite_state_machine_inference/ /theories/extended_finite_state_machines/ /theories/factor_algebraic_polynomial/ /theories/factored_transition_system_bounding/ /theories/falling_factorial_sum/ /theories/farkas/ /theories/featherweight_ocl/ /theories/featherweightjava/ /theories/fermat3_4/ /theories/fft/ /theories/filerefinement/ /theories/finfun/ /theories/finger-trees/ /theories/finite-map-extras/ /theories/finite_automata_hf/ /theories/finite_fields/ /theories/finitely_generated_abelian_groups/ /theories/first_order_terms/ /theories/first_welfare_theorem/ /theories/fishburn_impossibility/ /theories/fisher_yates/ /theories/fishers_inequality/ /theories/flow_networks/ /theories/floyd_warshall/ /theories/flp/ /theories/flyspeck-tame/ /theories/flyspeck-tame-computation/ /theories/fo_theory_rewriting/ /theories/focusstreamscasestudies/ /theories/fol-fitting/ /theories/fol_axiomatic/ /theories/fol_harrison/ /theories/fol_seq_calc1/ /theories/fol_seq_calc2/ /theories/fol_seq_calc3/ /theories/forcing/ /theories/formal_puiseux_series/ /theories/formal_ssa/ /theories/formula_derivatives/ /theories/formula_derivatives-examples/ /theories/foundation_of_geometry/ /theories/fourier/ /theories/free-boolean-algebra/ /theories/free-groups/ /theories/frequency_moments/ /theories/fresh_identifiers/ /theories/fsm_tests/ /theories/functional-automata/ /theories/functional_ordered_resolution_prover/ /theories/funwithfunctions/ /theories/funwithtilings/ /theories/furstenberg_topology/ /theories/gabow_scc/ /theories/gale_shapley/ /theories/galestewart_games/ /theories/game_based_crypto/ /theories/gauss-jordan-elim-fun/ /theories/gauss_jordan/ /theories/gauss_sums/ /theories/gaussian_integers/ /theories/genclock/ /theories/general-triangle/ /theories/generalized_counting_sort/ /theories/generic_deriving/ /theories/generic_join/ /theories/gewirthpgcproof/ /theories/girth_chromatic/ /theories/goedel_hfset_semantic/ /theories/goedel_hfset_semanticless/ /theories/goedel_incompleteness/ /theories/goedelgod/ /theories/goodstein_lambda/ /theories/gpu_kernel_pl/ /theories/graph_saturation/ /theories/graph_theory/ /theories/graphmarkingibp/ /theories/green/ /theories/groebner_bases/ /theories/groebner_macaulay/ /theories/gromov_hyperbolicity/ /theories/grothendieck_schemes/ /theories/group-ring-module/ /theories/hahn_jordan_decomposition/ /theories/hales_jewett/ /theories/heard_of/ /theories/hello_world/ /help/ /theories/hereditarilyfinite/ /theories/hermite/ /theories/hermite_lindemann/ /theories/hidden_markov_models/ /theories/higher_order_terms/ /theories/hoare_time/ /theories/hol-csp/ /theories/hol-ode-arch-comp/ /theories/hol-ode-examples/ /theories/hol-ode-numerics/ /theories/holcf-prelude/ /theories/hood_melville_queue/ /theories/hotelkeycards/ /theories/hrb-slicing/ /theories/huffman/ /theories/hybrid_logic/ /theories/hybrid_multi_lane_spatial_logic/ /theories/hybrid_systems_vcs/ /theories/hyperctl/ /theories/hyperdual/ /theories/ieee_floating_point/ /theories/ifc_tracking/ /theories/imap-crdt/ /theories/imo2019/ /theories/imp2/ /theories/imp2_binary_heap/ /theories/imp_compiler/ /theories/imp_compiler_reuse/ /theories/imperative_insertion_sort/ /theories/implicational_logic/ /theories/impossible_geometry/ /theories/incompleteness/ /theories/incredible_proof_machine/ /theories/independence_ch/ /theories/inductive_confidentiality/ /theories/inductive_inference/ /theories/informationflowslicing/ /theories/informationflowslicing_inter/ /theories/infpathelimination/ /theories/integration/ /theories/interpolation_polynomials_hol_algebra/ /theories/interpreter_optimizations/ /theories/interval_arithmetic_word32/ /theories/intro_dest_elim/ </