diff --git a/metadata/entries/Safe_Range_RC.toml b/metadata/entries/Safe_Range_RC.toml new file mode 100644 --- /dev/null +++ b/metadata/entries/Safe_Range_RC.toml @@ -0,0 +1,61 @@ + + +title = "Making Arbitrary Relational Calculus Queries Safe-Range" +date = 2022-09-28 +topics = [ + "Logic/General logic/Classical first-order logic", +] +abstract = """ +The relational calculus (RC), i.e., first-order logic with equality +but without function symbols, is a concise, declarative database query +language. In contrast to relational algebra or SQL, which are the +traditional query languages of choice in the database community, RC +queries can evaluate to an infinite relation. Moreover, even in cases +where the evaluation result of an RC query would be finite it is not +clear how to efficiently compute it. Safe-range RC is an interesting +syntactic subclass of RC, because all safe-range queries evaluate to a +finite result and it is well-known +how to evaluate such queries by translating them to relational +algebra. We formalize and prove correct our +recent translation of an arbitrary RC query into a pair of +safe-range queries. Assuming an infinite domain, the two queries have +the following meaning: The first is closed and characterizes the +original query's relative safety, i.e., whether given a fixed +database (interpretation of atomic predicates with finite relations), +the original query evaluates to a finite relation. The second +safe-range query is equivalent to the original query, if the latter is +relatively safe. The formalization uses the Refinement Framework to +go from the non-deterministic algorithm described in the paper to a +deterministic, executable query translation. Our executable query +translation is a first step towards a verified tool that efficiently +evaluates arbitrary RC queries. This very problem is also solved by +the AFP entry Eval_FO +with a theoretically incomparable but practically worse time +complexity. (The latter is demonstrated by our +empirical evaluation.)""" +license = "bsd" +note = "" + +[authors] + +[authors.raszyk] +email = "raszyk_email" + +[authors.traytel] +homepage = "traytel_homepage" + +[contributors] + +[notify] +raszyk = "raszyk_email1" +traytel = "traytel_email2" + +[history] + +[extra] + +[related] diff --git a/thys/ROOTS b/thys/ROOTS --- a/thys/ROOTS +++ b/thys/ROOTS @@ -1,706 +1,707 @@ ADS_Functor AI_Planning_Languages_Semantics AODV AVL-Trees AWN Abortable_Linearizable_Modules Abs_Int_ITP2012 Abstract-Hoare-Logics Abstract-Rewriting Abstract_Completeness Abstract_Soundness Ackermanns_not_PR Actuarial_Mathematics Adaptive_State_Counting Affine_Arithmetic Aggregation_Algebras Akra_Bazzi Algebraic_Numbers Algebraic_VCs Allen_Calculus Amicable_Numbers Amortized_Complexity AnselmGod Applicative_Lifting Approximation_Algorithms Architectural_Design_Patterns Aristotles_Assertoric_Syllogistic Arith_Prog_Rel_Primes ArrowImpossibilityGS Attack_Trees Auto2_HOL Auto2_Imperative_HOL AutoFocus-Stream Automated_Stateful_Protocol_Verification Automatic_Refinement AxiomaticCategoryTheory BDD BD_Security_Compositional BNF_CC BNF_Operations BTree Banach_Steinhaus Belief_Revision Bell_Numbers_Spivey BenOr_Kozen_Reif Berlekamp_Zassenhaus Bernoulli Bertrands_Postulate Bicategory BinarySearchTree Binding_Syntax_Theory Binomial-Heaps Binomial-Queues BirdKMP Blue_Eyes Bondy Boolean_Expression_Checkers Boolos_Curious_Inference Bounded_Deducibility_Security Buchi_Complementation Budan_Fourier Buffons_Needle Buildings BytecodeLogicJmlTypes C2KA_DistributedSystems CAVA_Automata CAVA_LTL_Modelchecker CCS CISC-Kernel CRYSTALS-Kyber CRDT CSP_RefTK CYK CZH_Elementary_Categories CZH_Foundations CZH_Universal_Constructions CakeML CakeML_Codegen Call_Arity Card_Equiv_Relations Card_Multisets Card_Number_Partitions Card_Partitions Cartan_FP Case_Labeling Catalan_Numbers Category Category2 Category3 Cauchy Cayley_Hamilton Certification_Monads Chandy_Lamport Chord_Segments Circus Clean Clique_and_Monotone_Circuits ClockSynchInst Closest_Pair_Points CoCon CoSMeDis CoSMed CofGroups Coinductive Coinductive_Languages Collections Combinable_Wands Combinatorics_Words Combinatorics_Words_Graph_Lemma Combinatorics_Words_Lyndon Commuting_Hermitian Comparison_Sort_Lower_Bound Compiling-Exceptions-Correctly Complete_Non_Orders Completeness Complex_Bounded_Operators Complex_Geometry Complx ComponentDependencies ConcurrentGC ConcurrentIMP Concurrent_Ref_Alg Concurrent_Revisions Conditional_Simplification Conditional_Transfer_Rule Consensus_Refined Constructive_Cryptography Constructive_Cryptography_CM Constructor_Funs Containers CoreC++ Core_DOM Core_SC_DOM Correctness_Algebras Cotangent_PFD_Formula Count_Complex_Roots CryptHOL CryptoBasedCompositionalProperties Cubic_Quartic_Equations DFS_Framework DOM_Components DPT-SAT-Solver DataRefinementIBP Datatype_Order_Generator Decl_Sem_Fun_PL Decreasing-Diagrams Decreasing-Diagrams-II Dedekind_Real Deep_Learning Delta_System_Lemma Density_Compiler Dependent_SIFUM_Refinement Dependent_SIFUM_Type_Systems Depth-First-Search Derangements Deriving Descartes_Sign_Rule Design_Theory Dict_Construction Differential_Dynamic_Logic Differential_Game_Logic Digit_Expansions Dijkstra_Shortest_Path Diophantine_Eqns_Lin_Hom Dirichlet_L Dirichlet_Series DiscretePricing Discrete_Summation DiskPaxos Dominance_CHK DPRM_Theorem DynamicArchitectures Dynamic_Tables E_Transcendental Echelon_Form EdmondsKarp_Maxflow Efficient-Mergesort Elliptic_Curves_Group_Law Encodability_Process_Calculi Epistemic_Logic Equivalence_Relation_Enumeration Ergodic_Theory Error_Function Euler_MacLaurin Euler_Partition Eval_FO Example-Submission Extended_Finite_State_Machine_Inference Extended_Finite_State_Machines FFT FLP FOL-Fitting FOL_Axiomatic FOL_Harrison FOL_Seq_Calc1 FOL_Seq_Calc2 FOL_Seq_Calc3 FSM_Tests Factor_Algebraic_Polynomial Factored_Transition_System_Bounding Falling_Factorial_Sum Farkas FeatherweightJava Featherweight_OCL Fermat3_4 FileRefinement FinFun Finger-Trees Finite-Map-Extras Finite_Automata_HF Finite_Fields Finitely_Generated_Abelian_Groups First_Order_Terms First_Welfare_Theorem Fishburn_Impossibility Fisher_Yates Fishers_Inequality Flow_Networks Floyd_Warshall Flyspeck-Tame FocusStreamsCaseStudies Forcing Formal_Puiseux_Series Formal_SSA Formula_Derivatives Foundation_of_geometry Fourier FO_Theory_Rewriting Free-Boolean-Algebra Free-Groups Frequency_Moments Fresh_Identifiers FunWithFunctions FunWithTilings Functional-Automata Functional_Ordered_Resolution_Prover Furstenberg_Topology GPU_Kernel_PL Gabow_SCC GaleStewart_Games Gale_Shapley Game_Based_Crypto Gauss-Jordan-Elim-Fun Gauss_Jordan Gauss_Sums Gaussian_Integers GenClock General-Triangle Generalized_Counting_Sort Generic_Deriving Generic_Join GewirthPGCProof Girth_Chromatic GoedelGod Goedel_HFSet_Semantic Goedel_HFSet_Semanticless Goedel_Incompleteness Goodstein_Lambda GraphMarkingIBP Graph_Saturation Graph_Theory Green Groebner_Bases Groebner_Macaulay Gromov_Hyperbolicity Grothendieck_Schemes Group-Ring-Module HOL-CSP HOLCF-Prelude HRB-Slicing Hahn_Jordan_Decomposition Hales_Jewett Heard_Of Hello_World HereditarilyFinite Hermite Hermite_Lindemann Hidden_Markov_Models Higher_Order_Terms Hoare_Time Hood_Melville_Queue HotelKeyCards Huffman Hybrid_Logic Hybrid_Multi_Lane_Spatial_Logic Hybrid_Systems_VCs HyperCTL Hyperdual IEEE_Floating_Point IFC_Tracking IMAP-CRDT IMO2019 IMP2 IMP2_Binary_Heap IMP_Compiler IMP_Compiler_Reuse IP_Addresses Imperative_Insertion_Sort Implicational_Logic Impossible_Geometry Incompleteness Incredible_Proof_Machine Independence_CH Inductive_Confidentiality Inductive_Inference InfPathElimination InformationFlowSlicing InformationFlowSlicing_Inter Integration Interpolation_Polynomials_HOL_Algebra Interpreter_Optimizations Interval_Arithmetic_Word32 Intro_Dest_Elim Involutions2Squares Iptables_Semantics Irrational_Series_Erdos_Straus Irrationality_J_Hancl Irrationals_From_THEBOOK IsaGeoCoq Isabelle_C Isabelle_Marries_Dirac Isabelle_Meta_Model IsaNet Jacobson_Basic_Algebra Jinja JinjaDCI JinjaThreads JiveDataStoreModel Jordan_Hoelder Jordan_Normal_Form KAD KAT_and_DRA KBPs KD_Tree Key_Agreement_Strong_Adversaries Khovanskii_Theorem Kleene_Algebra Knights_Tour Knot_Theory Knuth_Bendix_Order Knuth_Morris_Pratt Koenigsberg_Friendship Kruskal Kuratowski_Closure_Complement LLL_Basis_Reduction LLL_Factorization LOFT LTL LTL_Master_Theorem LTL_Normal_Form LTL_to_DRA LTL_to_GBA Lam-ml-Normalization LambdaAuth LambdaMu Lambda_Free_EPO Lambda_Free_KBOs Lambda_Free_RPOs Lambert_W Landau_Symbols Laplace_Transform Latin_Square LatticeProperties Launchbury Laws_of_Large_Numbers Lazy-Lists-II Lazy_Case Lehmer Lifting_Definition_Option Lifting_the_Exponent LightweightJava LinearQuantifierElim Linear_Inequalities Linear_Programming Linear_Recurrences Liouville_Numbers List-Index List-Infinite List_Interleaving List_Inversions List_Update LocalLexing Localization_Ring Locally-Nameless-Sigma Logging_Independent_Anonymity Lowe_Ontological_Argument Lower_Semicontinuous Lp LP_Duality Lucas_Theorem MDP-Algorithms MDP-Rewards MFMC_Countable MFODL_Monitor_Optimized MFOTL_Monitor MSO_Regex_Equivalence Markov_Models Marriage Mason_Stothers Matrices_for_ODEs Matrix Matrix_Tensor Matroids Max-Card-Matching Median_Method Median_Of_Medians_Selection Menger Mereology Mersenne_Primes Metalogic_ProofChecker MiniML MiniSail Minimal_SSA Minkowskis_Theorem Minsky_Machines Modal_Logics_for_NTS Modular_Assembly_Kit_Security Modular_arithmetic_LLL_and_HNF_algorithms Monad_Memo_DP Monad_Normalisation MonoBoolTranAlgebra MonoidalCategory Monomorphic_Monad MuchAdoAboutTwo Multiset_Ordering_NPC Multi_Party_Computation Multirelations Myhill-Nerode Name_Carrying_Type_Inference Nano_JSON Nash_Williams Nat-Interval-Logic Native_Word Nested_Multisets_Ordinals Network_Security_Policy_Verification Neumann_Morgenstern_Utility No_FTL_observers Nominal2 Noninterference_CSP Noninterference_Concurrent_Composition Noninterference_Generic_Unwinding Noninterference_Inductive_Unwinding Noninterference_Ipurge_Unwinding Noninterference_Sequential_Composition NormByEval Nullstellensatz Number_Theoretic_Transform Octonions OpSets Open_Induction Optics Optimal_BST Orbit_Stabiliser Order_Lattice_Props Ordered_Resolution_Prover Ordinal Ordinal_Partitions Ordinals_and_Cardinals Ordinary_Differential_Equations PAC_Checker Package_logic PAL PCF PLM POPLmark-deBruijn PSemigroupsConvolution Padic_Ints Padic_Field Pairing_Heap Paraconsistency Parity_Game Partial_Function_MR Partial_Order_Reduction Password_Authentication_Protocol Pell Perfect-Number-Thm Perron_Frobenius Physical_Quantities Pi_Calculus Pi_Transcendental Planarity_Certificates Pluennecke_Ruzsa_Inequality Poincare_Bendixson Poincare_Disc Polynomial_Factorization Polynomial_Interpolation Polynomials Pop_Refinement Posix-Lexing Possibilistic_Noninterference Power_Sum_Polynomials Pratt_Certificate Prefix_Free_Code_Combinators Presburger-Automata Prim_Dijkstra_Simple Prime_Distribution_Elementary Prime_Harmonic_Series Prime_Number_Theorem Priority_Queue_Braun Priority_Search_Trees Probabilistic_Noninterference Probabilistic_Prime_Tests Probabilistic_System_Zoo Probabilistic_Timed_Automata Probabilistic_While Program-Conflict-Analysis Progress_Tracking Projective_Geometry Projective_Measurements Promela Proof_Strategy_Language PropResPI Propositional_Proof_Systems Prpu_Maxflow PseudoHoops Psi_Calculi Ptolemys_Theorem Public_Announcement_Logic QHLProver QR_Decomposition Quantales Quasi_Borel_Spaces Quaternions Quick_Sort_Cost RIPEMD-160-SPARK ROBDD RSAPSS Ramsey-Infinite Random_BSTs Random_Graph_Subgraph_Threshold Randomised_BSTs Randomised_Social_Choice Rank_Nullity_Theorem Real_Impl Real_Power Real_Time_Deque Recursion-Addition Recursion-Theory-I Refine_Imperative_HOL Refine_Monadic RefinementReactive Regex_Equivalence Registers Regression_Test_Selection Regular-Sets Regular_Algebras Regular_Tree_Relations Relation_Algebra Relational-Incorrectness-Logic Relational_Disjoint_Set_Forests Relational_Forests Relational_Method Relational_Minimum_Spanning_Trees Relational_Paths Rep_Fin_Groups ResiduatedTransitionSystem Residuated_Lattices Resolution_FOL Rewrite_Properties_Reduction Rewriting_Z Ribbon_Proofs Risk_Free_Lending Robbins-Conjecture Robinson_Arithmetic Root_Balanced_Tree Roth_Arithmetic_Progressions Routing Roy_Floyd_Warshall SATSolverVerification SC_DOM_Components SDS_Impossibility SIFPL SIFUM_Type_Systems SPARCv8 Safe_Distance Safe_OCL +Safe_Range_RC Saturation_Framework Saturation_Framework_Extensions SCC_Bloemen_Sequential Schutz_Spacetime Secondary_Sylow Security_Protocol_Refinement Selection_Heap_Sort SenSocialChoice Separata Separation_Algebra Separation_Logic_Imperative_HOL Separation_Logic_Unbounded SequentInvertibility Shadow_DOM Shadow_SC_DOM Shivers-CFA ShortestPath Show Sigma_Commit_Crypto Signature_Groebner Simpl Simple_Firewall Simplex Simplicial_complexes_and_boolean_functions SimplifiedOntologicalArgument Skew_Heap Skip_Lists Slicing Sliding_Window_Algorithm Smith_Normal_Form Smooth_Manifolds Sophomores_Dream Solidity Sort_Encodings Source_Coding_Theorem SpecCheck Special_Function_Bounds Splay_Tree Sqrt_Babylonian Stable_Matching Stalnaker_Logic Statecharts Stateful_Protocol_Composition_and_Typing Stellar_Quorums Stern_Brocot Stewart_Apollonius Stirling_Formula Stochastic_Matrices Stone_Algebras Stone_Kleene_Relation_Algebras Stone_Relation_Algebras Store_Buffer_Reduction Stream-Fusion Stream_Fusion_Code Strong_Security Sturm_Sequences Sturm_Tarski Stuttering_Equivalence Subresultants Subset_Boolean_Algebras SumSquares Sunflowers SuperCalc Surprise_Paradox Symmetric_Polynomials Syntax_Independent_Logic Szemeredi_Regularity Szpilrajn TESL_Language TLA Tail_Recursive_Functions Tarskis_Geometry Taylor_Models Three_Circles Timed_Automata Topological_Semantics Topology TortoiseHare Transcendence_Series_Hancl_Rucki Transformer_Semantics Transition_Systems_and_Automata Transitive-Closure Transitive-Closure-II Transitive_Models Treaps Tree-Automata Tree_Decomposition Triangle Trie Twelvefold_Way Tycon Types_Tableaus_and_Goedels_God Types_To_Sets_Extension UPF UPF_Firewall UTP Universal_Hash_Families Universal_Turing_Machine UpDown_Scheme Valuation Van_Emde_Boas_Trees Van_der_Waerden VectorSpace VeriComp Verified-Prover Verified_SAT_Based_AI_Planning VerifyThis2018 VerifyThis2019 Vickrey_Clarke_Groves Virtual_Substitution VolpanoSmith VYDRA_MDL WHATandWHERE_Security WOOT_Strong_Eventual_Consistency WebAssembly Weight_Balanced_Trees Weighted_Arithmetic_Geometric_Mean Weighted_Path_Order Well_Quasi_Orders Wetzels_Problem Winding_Number_Eval Word_Lib WorkerWrapper X86_Semantics XML Youngs_Inequality ZFC_in_HOL Zeta_3_Irrational Zeta_Function pGCL diff --git a/thys/Safe_Range_RC/Examples.thy b/thys/Safe_Range_RC/Examples.thy new file mode 100644 --- /dev/null +++ b/thys/Safe_Range_RC/Examples.thy @@ -0,0 +1,110 @@ +section \Examples\ + +(*<*) +theory Examples +imports Restrict_Frees_Impl +begin +(*>*) + +global_interpretation extra_cp: simplification cp cpropagated + defines RB = "simplification.rb_impl_det cp" + and assemble = "simplification.assemble cp" + and SPLIT = "simplification.split_impl_det cp" + by standard (auto simp only: sat_cp fv_cp rrb_cp gen_Gen_cp cpropagated_cp cpropagated_cp_triv + cpropagated_sub Let_def is_Bool_def fv.simps cp.simps cpropagated_simps nocp.simps cpropagated_nocp split: if_splits) + +subsection \Restricting Bounds in the "Suspicious Users" Query\ + +context + fixes b s p u :: nat and B P S + defines "b \ 0" + and "s \ Suc 0" + and "p \ Suc (Suc 0)" + and "u \ Suc (Suc (Suc 0))" + and "B \ \b. Pred ''B'' [Var b] :: (string, string) fmla" + and "P \ \b p. Pred ''P'' [Var b, Var p] :: (string, string) fmla" + and "S \ \p u s. Pred ''S'' [Var p, Var u, Var s] :: (string, string) fmla" + notes cp.simps[simp del] +begin + +definition Q_susp_user where + "Q_susp_user = Conj (B b) (Exists s (Forall p (Impl (P b p) (S p u s))))" +definition Q_susp_user_rb :: "(string, string) fmla" where + "Q_susp_user_rb = Conj (B b) (Disj (Exists s (Conj (Forall p (Impl (P b p) (S p u s))) (Exists p (S p u s)))) (Forall p (Neg (P b p))))" + +lemma ex_rb_Q_susp_user: "the_res (RB Q_susp_user) = Q_susp_user_rb" + by code_simp + +end + +subsection \Splitting a Disjunction of Predicates\ + +context + fixes x y :: nat and B P + defines "x \ 0" + and "y \ 1" + and "B \ \b. Pred ''B'' [Var b] :: (string, string) fmla" + and "P \ \b p. Pred ''P'' [Var b, Var p] :: (string, string) fmla" + notes cp.simps[simp del] +begin + +definition Q_disj where + "Q_disj = Disj (B x) (P x y)" +definition Q_disj_split_fin :: "(string, string) fmla" where + "Q_disj_split_fin = Conj (Disj (B x) (P x y)) (P x y)" +definition Q_disj_split_inf :: "(string, string) fmla" where + "Q_disj_split_inf = Exists x (B x)" + +lemma ex_split_Q_disj: "the_res (SPLIT Q_disj) = (Q_disj_split_fin, Q_disj_split_inf)" + by code_simp + +end + +subsection \Splitting a Conjunction with an Equality\ + +context + fixes x u v :: nat and B + defines "x \ 0" + and "u \ 1" + and "v \ 2" + and "B \ \b. Pred ''B'' [Var b] :: (string, string) fmla" + notes cp.simps[simp del] +begin + +definition Q_eq where + "Q_eq = Conj (B x) (u \ v)" +definition Q_eq_split_fin :: "(string, string) fmla" where + "Q_eq_split_fin = Bool False" +definition Q_eq_split_inf :: "(string, string) fmla" where + "Q_eq_split_inf = Exists x (B x)" + +lemma ex_split_Q_eq: "the_res (SPLIT Q_eq) = (Q_eq_split_fin, Q_eq_split_inf)" + by code_simp + +end + +subsection \Splitting the "Suspicious Users" Query\ + +context + fixes b s p u :: nat and B P S + defines "b \ 0" + and "s \ Suc 0" + and "p \ Suc (Suc 0)" + and "u \ Suc (Suc (Suc 0))" + and "B \ \b. Pred ''B'' [Var b] :: (string, string) fmla" + and "P \ \b p. Pred ''P'' [Var b, Var p] :: (string, string) fmla" + and "S \ \p u s. Pred ''S'' [Var p, Var u, Var s] :: (string, string) fmla" + notes cp.simps[simp del] +begin + +definition "Q_susp_user_split_fin = Conj Q_susp_user_rb (Exists s (Exists p (S p u s)))" +definition "Q_susp_user_split_inf = Exists b (Conj (B b) (Forall p (Neg (P b p))))" + +lemma ex_split_Q_susp_user: "the_res (SPLIT Q_susp_user) = (Q_susp_user_split_fin, Q_susp_user_split_inf)" + by code_simp + +end + +(*<*) +end +(*>*) \ No newline at end of file diff --git a/thys/Safe_Range_RC/Preliminaries.thy b/thys/Safe_Range_RC/Preliminaries.thy new file mode 100644 --- /dev/null +++ b/thys/Safe_Range_RC/Preliminaries.thy @@ -0,0 +1,460 @@ +section \Preliminaries\ + +(*<*) +theory Preliminaries +imports "List-Index.List_Index" +begin +(*>*) + +subsection \Iterated Function Update\ + +abbreviation fun_upds ("_[_ :=\<^sup>* _]" [90, 0, 0] 91) where + "f[xs :=\<^sup>* ys] \ fold (\(x, y) f. f(x := y)) (zip xs ys) f" + +fun restrict where + "restrict A (x # xs) (y # ys) = (if x \ A then y # restrict (A - {x}) xs ys else restrict A xs ys)" +| "restrict A _ _ = []" + +fun extend :: "nat set \ nat list \ 'a list \ 'a list set" where + "extend A (x # xs) ys = (if x \ A + then (\zs \ extend (A - {x}) xs (tl ys). {hd ys # zs}) + else (\z \ UNIV. \zs \ extend A xs ys. {z # zs}))" +| "extend A _ _ = {[]}" + +fun lookup where + "lookup (x # xs) (y # ys) z = (if x = z then y else lookup xs ys z)" +| "lookup _ _ _ = undefined" + +lemma extend_nonempty: "extend A xs ys \ {}" + by (induct xs arbitrary: A ys) auto + +lemma length_extend: "zs \ extend A xs ys \ length zs = length xs" + by (induct xs arbitrary: A ys zs) (auto split: if_splits) + +lemma ex_lookup_extend: "x \ A \ x \ set xs \ \zs \ extend A xs ys. lookup xs zs x = d" +proof (induct xs arbitrary: A ys) + case (Cons a xs) + from Cons(1)[of "A - {a}" "tl ys"] Cons(1)[of A ys] Cons(2-) show ?case + by (auto simp: ex_in_conv extend_nonempty) +qed simp + +lemma restrict_extend: "A \ set xs \ length ys = card A \ zs \ extend A xs ys \ restrict A xs zs = ys" +proof (induct xs arbitrary: A ys zs) + case (Cons a xs) + then have "finite A" + by (elim finite_subset) auto + with Cons(1)[of "A - {a}" "tl ys" "tl zs"] Cons(1)[of A ys "tl zs"] Cons(2-) show ?case + by (cases ys) (auto simp: subset_insert_iff split: if_splits) +qed simp + +lemma fun_upds_notin[simp]: "length xs = length ys \ x \ set xs \ (\[xs :=\<^sup>* ys]) x = \ x" + by (induct xs ys arbitrary: \ rule: list_induct2) auto + +lemma fun_upds_twist: "length xs = length ys \ a \ set xs \ \(a := x)[xs :=\<^sup>* ys] = (\[xs :=\<^sup>* ys])(a := x)" + by (induct xs ys arbitrary: \ rule: list_induct2) (auto simp: fun_upd_twist) + +lemma fun_upds_twist_apply: "length xs = length ys \ a \ set xs \ a \ b \ (\(a := x)[xs :=\<^sup>* ys]) b = (\[xs :=\<^sup>* ys]) b" + by (induct xs ys arbitrary: \ rule: list_induct2) (auto simp: fun_upd_twist) + +lemma fun_upds_extend: + "x \ A \ A \ set xs \ distinct xs \ sorted xs \ length ys = card A \ zs \ extend A xs ys \ + (\[xs :=\<^sup>* zs]) x = (\[sorted_list_of_set A :=\<^sup>* ys]) x" +proof (induct xs arbitrary: A ys zs \) + case (Cons a xs) + then have fin[simp]: "finite A" + by (elim finite_subset) auto + from Cons(2-) have "a \ A \ Min A = a" if "a \ A" + by (intro Min_eqI) auto + with Cons(2) fin have *: "a \ A \ sorted_list_of_set A = a # sorted_list_of_set (A - {a})" + by (subst sorted_list_of_set_nonempty) auto + show ?case + using Cons(1)[of "A - {a}" "tl ys"] Cons(1)[of A ys] Cons(2-) + by (cases ys; cases "x = a") + (auto simp add: subset_insert_iff * fun_upds_twist_apply length_extend simp del: fun_upd_apply split: if_splits) +qed simp + +lemma fun_upds_map_self: "\[xs :=\<^sup>* map \ xs] = \" + by (induct xs arbitrary: \) auto + +lemma fun_upds_single: "distinct xs \ \[xs :=\<^sup>* map (\(y := d)) xs] = (if y \ set xs then \(y := d) else \)" + by (induct xs arbitrary: \) (auto simp: fun_upds_twist) + +subsection \Lists and Sets\ + +lemma find_index_less_size: "\x \ set xs. P x \ find_index P xs < size xs" + by (induct xs) auto + +lemma index_less_size: "x \ set xs \ index xs x < size xs" + by (simp add: index_def find_index_less_size) + +lemma fun_upds_in: "length xs = length ys \ distinct xs \ x \ set xs \ (\[xs :=\<^sup>* ys]) x = ys ! index xs x" + by (induct xs ys arbitrary: \ rule: list_induct2) auto + +lemma remove_nth_index: "remove_nth (index ys y) ys = remove1 y ys" + by (induct ys) auto + +lemma index_remove_nth: "distinct xs \ x \ set xs \ index (remove_nth i xs) x = (if index xs x < i then index xs x else if i = index xs x then length xs - 1 else index xs x - 1)" + by (induct i xs rule: remove_nth.induct) (auto simp: not_less intro!: Suc_pred split: if_splits) + +lemma insert_nth_nth_index: + "y \ z \ y \ set ys \ z \ set ys \ length ys = Suc (length xs) \ distinct ys \ + insert_nth (index ys y) x xs ! index ys z = + xs ! index (remove1 y ys) z" + by (subst nth_insert_nth; + auto simp: remove_nth_index[symmetric] index_remove_nth dest: index_less_size intro!: arg_cong[of _ _ "nth xs"] index_eqI) + +lemma index_lt_index_remove: "index xs x < index xs y \ index xs x = index (remove1 y xs) x" + by (induct xs) auto + +lemma index_gt_index_remove: "index xs x > index xs y \ index xs x = Suc (index (remove1 y xs) x)" +proof (induct xs) + case (Cons z xs) + then show ?case + by (cases "z = x") auto +qed simp + +lemma lookup_map[simp]: "x \ set xs \ lookup xs (map f xs) x = f x" + by (induct xs) auto + +lemma in_set_remove_cases: "P z \ (\x \ set (remove1 z xs). P x) \ x \ set xs \ P x" + by (cases "x = z") auto + +lemma insert_remove_id: "x \ X \ X = insert x (X - {x})" + by auto + +lemma infinite_surj: "infinite A \ A \ f ` B \ infinite B" + by (elim contrapos_nn finite_surj) + +class infinite = + fixes to_nat :: "'a \ nat" + assumes surj_to_nat: "surj to_nat" +begin + +lemma infinite_UNIV: "infinite (UNIV :: 'a set)" + using surj_to_nat by (intro infinite_surj[of UNIV to_nat]) auto + +end + +instantiation nat :: infinite begin +definition to_nat_nat :: "nat \ nat" where "to_nat_nat = id" +instance by standard (auto simp: to_nat_nat_def) +end + +instantiation list :: (type) infinite begin +definition to_nat_list :: "'a list \ nat" where "to_nat_list = length" +instance by standard (auto simp: image_iff to_nat_list_def intro!: exI[of _ "replicate _ _"]) +end + +subsection \Equivalence Closure and Classes\ + +definition symcl where + "symcl r = {(x, y). (x, y) \ r \ (y, x) \ r}" + +definition transymcl where + "transymcl r = trancl (symcl r)" + +lemma symclp_symcl_eq[pred_set_conv]: "symclp (\x y. (x, y) \ r) = (\x y. (x, y) \ symcl r)" + by (auto simp: symclp_def symcl_def fun_eq_iff) + +definition "classes Qeq = quotient (Field Qeq) (transymcl Qeq)" + +lemma Field_symcl[simp]: "Field (symcl r) = Field r" + unfolding symcl_def Field_def by auto + +lemma Domain_symcl[simp]: "Domain (symcl r) = Field r" + unfolding symcl_def Field_def by auto + +lemma Field_trancl[simp]: "Field (trancl r) = Field r" + unfolding Field_def by auto + +lemma Field_transymcl[simp]: "Field (transymcl r) = Field r" + unfolding transymcl_def by auto + +lemma eqclass_empty_iff[simp]: "r `` {x} = {} \ x \ Domain r" + by auto + +lemma sym_symcl[simp]: "sym (symcl r)" + unfolding symcl_def sym_def by auto + +lemma in_symclI: + "(a,b) \ r \ (a,b) \ symcl r" + "(a,b) \ r \ (b,a) \ symcl r" + by (auto simp: symcl_def) + +lemma sym_transymcl: "sym (transymcl r)" + by (simp add: sym_trancl transymcl_def) + +lemma symcl_insert: + "symcl (insert (x, y) Qeq) = insert (y, x) (insert (x, y) (symcl Qeq))" + by (auto simp: symcl_def) + +lemma equiv_transymcl: "Equiv_Relations.equiv (Field Qeq) (transymcl Qeq)" + by (auto simp: Equiv_Relations.equiv_def sym_trancl refl_on_def transymcl_def + dest: FieldI1 FieldI2 Field_def[THEN equalityD1, THEN set_mp] + intro: r_r_into_trancl[of x _ _ x for x] elim!: in_symclI) + +lemma equiv_quotient_no_empty_class: "Equiv_Relations.equiv A r \ {} \ A // r" + by (auto simp: quotient_def refl_on_def sym_def Equiv_Relations.equiv_def) + +lemma classes_cover: "\(classes Qeq) = Field Qeq" + by (simp add: Union_quotient classes_def equiv_transymcl) + +lemma classes_disjoint: "X \ classes Qeq \ Y \ classes Qeq \ X = Y \ X \ Y = {}" + using quotient_disj[OF equiv_transymcl] + by (auto simp: classes_def) + +lemma classes_nonempty: "{} \ classes Qeq" + using equiv_quotient_no_empty_class[OF equiv_transymcl] + by (auto simp: classes_def) + +definition "class x Qeq = (if \X \ classes Qeq. x \ X then Some (THE X. X \ classes Qeq \ x \ X) else None)" + +lemma class_Some_eq: "class x Qeq = Some X \ X \ classes Qeq \ x \ X" + unfolding class_def + by (auto 0 3 dest: classes_disjoint del: conjI intro!: the_equality[of _ X] + conjI[of "(\X\classes Qeq. x \ X)"] intro: theI[where P="\X. X \ classes Qeq \ x \ X"]) + +lemma class_None_eq: "class x Qeq = None \ x \ Field Qeq" + by (simp add: class_def classes_cover[symmetric] split: if_splits) + +lemma insert_Image_triv: "x \ r \ insert (x, y) Qeq `` r = Qeq `` r" + by auto + +lemma Un1_Image_triv: "Domain B \ r = {} \ (A \ B) `` r = A `` r" + by auto + +lemma Un2_Image_triv: "Domain A \ r = {} \ (A \ B) `` r = B `` r" + by auto + +lemma classes_empty: "classes {} = {}" + unfolding classes_def by auto + +lemma ex_class: "x \ Field Qeq \ \X. class x Qeq = Some X \ x \ X" + by (metis Union_iff class_Some_eq classes_cover) + +lemma equivD: + "Equiv_Relations.equiv A r \ refl_on A r" + "Equiv_Relations.equiv A r \ sym r" + "Equiv_Relations.equiv A r \ trans r" + by (blast elim: Equiv_Relations.equivE)+ + +lemma transymcl_into: + "(x, y) \ r \ (x, y) \ transymcl r" + "(x, y) \ r \ (y, x) \ transymcl r" + unfolding transymcl_def by (blast intro: in_symclI r_into_trancl')+ + +lemma transymcl_self: + "(x, y) \ r \ (x, x) \ transymcl r" + "(x, y) \ r \ (y, y) \ transymcl r" + unfolding transymcl_def by (blast intro: in_symclI(1) in_symclI(2) r_r_into_trancl)+ + +lemma transymcl_trans: "(x, y) \ transymcl r \ (y, z) \ transymcl r \ (x, z) \ transymcl r" + using equiv_transymcl[THEN equivD(3), THEN transD] . + +lemma transymcl_sym: "(x, y) \ transymcl r \ (y, x) \ transymcl r" + using equiv_transymcl[THEN equivD(2), THEN symD] . + +lemma edge_same_class: "X \ classes Qeq \ (a, b) \ Qeq \ a \ X \ b \ X" + unfolding classes_def by (elim quotientE) (auto elim!: transymcl_trans transymcl_into) + +lemma Field_transymcl_self: "a \ Field Qeq \ (a, a) \ transymcl Qeq" + by (auto simp: Field_def transymcl_def[symmetric] transymcl_self) + +lemma transymcl_insert: "transymcl (insert (a, b) Qeq) = transymcl Qeq \ {(a,a),(b,b)} \ + ((transymcl Qeq \ {(a, a), (b, b)}) O {(a, b), (b, a)} O (transymcl Qeq \ {(a, a), (b, b)}) - transymcl Qeq)" + by (auto simp: relcomp_def relcompp_apply transymcl_def symcl_insert trancl_insert2 dest: trancl_trans) + +lemma transymcl_insert_both_new: "a \ Field Qeq \ b \ Field Qeq \ + transymcl (insert (a, b) Qeq) = transymcl Qeq \ {(a,a),(b,b),(a,b),(b,a)}" + unfolding transymcl_insert + by (auto dest: FieldI1 FieldI2) + +lemma transymcl_insert_same_class: "(x, y) \ transymcl Qeq \ transymcl (insert (x, y) Qeq) = transymcl Qeq" + by (auto 0 3 simp: transymcl_insert intro: transymcl_sym transymcl_trans) + +lemma classes_insert: "classes (insert (x, y) Qeq) = + (case (class x Qeq, class y Qeq) of + (Some X, Some Y) \ if X = Y then classes Qeq else classes Qeq - {X, Y} \ {X \ Y} + | (Some X, None) \ classes Qeq - {X} \ {insert y X} + | (None, Some Y) \ classes Qeq - {Y} \ {insert x Y} + | (None, None) \ classes Qeq \ {{x,y}})" +proof ((cases "class x Qeq"; cases "class y Qeq"), goal_cases NN NS SN SS) + case NN + then have "classes (insert (x, y) Qeq) = classes Qeq \ {{x, y}}" + by (fastforce simp: class_None_eq classes_def transymcl_insert_both_new insert_Image_triv quotientI + elim!: quotientE dest: FieldI1 intro: quotient_def[THEN Set.equalityD2, THEN set_mp] intro!: disjI1) + with NN show ?case + by auto +next + case (NS Y) + then have "insert x Y = transymcl (insert (x, y) Qeq) `` {x}" + unfolding transymcl_insert using FieldI1[of x _ "transymcl Qeq"] + relcompI[OF insertI1 relcompI[OF insertI1 insertI2[OF insertI2[OF transymcl_trans[OF transymcl_sym]]]], + of _ y Qeq _ x x "insert (y,y) (transymcl Qeq)" "{(y,x)}" "(x, x)" "(y, y)"] + by (auto simp: class_None_eq class_Some_eq classes_def + dest: FieldI1 FieldI2 elim!: quotientE intro: transymcl_sym transymcl_trans) + then have *: "insert x Y \ classes (insert (x, y) Qeq)" + by (auto simp: class_None_eq class_Some_eq classes_def intro!: quotientI) + moreover from * NS have "Y \ classes (insert (x, y) Qeq)" + using classes_disjoint[of Y "insert (x, y) Qeq" "insert x Y"] classes_cover[of Qeq] + by (auto simp: class_None_eq class_Some_eq) + moreover { + fix Z + assume Z: "Z \ Y" "Z \ classes Qeq" + then obtain z where z: "z \ Field Qeq" "Z = transymcl Qeq `` {z}" + by (auto elim!: quotientE simp: classes_def) + with NS Z have "z \ Z" "z \ x" "z \ y" "(z, x) \ transymcl Qeq" "(z, y) \ transymcl Qeq" + using classes_disjoint[of Z "Qeq" Y] classes_nonempty[of Qeq] + by (auto simp: class_None_eq class_Some_eq disjoint_iff Field_transymcl_self + dest: FieldI2 intro: transymcl_trans) + with NS Z * have "transymcl Qeq `` {z} = transymcl (insert (x, y) Qeq) `` {z}" + unfolding transymcl_insert + by (intro trans[OF _ Un1_Image_triv[symmetric]]) (auto simp: class_None_eq class_Some_eq) + with z have "Z \ classes (insert (x, y) Qeq)" + by (auto simp: classes_def intro!: quotientI) + } + moreover { + fix Z + assume Z: "Z \ insert x Y" "Z \ classes (insert (x, y) Qeq)" + then obtain z where z: "z \ Field (insert (x, y) Qeq)" "Z = transymcl (insert (x, y) Qeq) `` {z}" + by (auto elim!: quotientE simp: classes_def) + with NS Z * have "z \ Z" "z \ x" "z \ y" "(z, x) \ transymcl (insert (x, y) Qeq)" "(z, y) \ transymcl (insert (x, y) Qeq)" + using classes_disjoint[of Z "insert (x, y) Qeq" "insert x Y"] classes_nonempty[of "insert (x, y) Qeq"] + by (auto simp: class_None_eq class_Some_eq Field_transymcl_self transymcl_into(2) + intro: transymcl_trans) + with NS Z * have "transymcl (insert (x, y) Qeq) `` {z} = transymcl Qeq `` {z}" + unfolding transymcl_insert + by (intro trans[OF Un1_Image_triv]) (auto simp: class_None_eq class_Some_eq) + with z \z \ x\ \z \ y\ have "Z \ classes Qeq" + by (auto simp: classes_def intro!: quotientI) + } + ultimately have "classes (insert (x, y) Qeq) = classes Qeq - {Y} \ {insert x Y}" + by blast + with NS show ?case + by auto +next + case (SN X) + then have "insert y X = transymcl (insert (x, y) Qeq) `` {x}" + unfolding transymcl_insert using FieldI1[of x _ "transymcl Qeq"] + by (auto simp: class_None_eq class_Some_eq classes_def + dest: FieldI1 FieldI2 elim!: quotientE intro: transymcl_sym transymcl_trans) + then have *: "insert y X \ classes (insert (x, y) Qeq)" + by (auto simp: class_None_eq class_Some_eq classes_def intro!: quotientI) + moreover from * SN have "X \ classes (insert (x, y) Qeq)" + using classes_disjoint[of X "insert (x, y) Qeq" "insert y X"] classes_cover[of Qeq] + by (auto simp: class_None_eq class_Some_eq) + moreover { + fix Z + assume Z: "Z \ X" "Z \ classes Qeq" + then obtain z where z: "z \ Field Qeq" "Z = transymcl Qeq `` {z}" + by (auto elim!: quotientE simp: classes_def) + with SN Z have "z \ Z" "z \ x" "z \ y" "(z, x) \ transymcl Qeq" "(z, y) \ transymcl Qeq" + using classes_disjoint[of Z "Qeq" X] classes_nonempty[of Qeq] + by (auto simp: class_None_eq class_Some_eq disjoint_iff Field_transymcl_self + dest: FieldI2 intro: transymcl_trans) + with SN Z * have "transymcl Qeq `` {z} = transymcl (insert (x, y) Qeq) `` {z}" + unfolding transymcl_insert + by (intro trans[OF _ Un1_Image_triv[symmetric]]) (auto simp: class_None_eq class_Some_eq) + with z have "Z \ classes (insert (x, y) Qeq)" + by (auto simp: classes_def intro!: quotientI) + } + moreover { + fix Z + assume Z: "Z \ insert y X" "Z \ classes (insert (x, y) Qeq)" + then obtain z where z: "z \ Field (insert (x, y) Qeq)" "Z = transymcl (insert (x, y) Qeq) `` {z}" + by (auto elim!: quotientE simp: classes_def) + with SN Z * have "z \ Z" "z \ x" "z \ y" "(z, x) \ transymcl (insert (x, y) Qeq)" "(z, y) \ transymcl (insert (x, y) Qeq)" + using classes_disjoint[of Z "insert (x, y) Qeq" "insert y X"] classes_nonempty[of "insert (x, y) Qeq"] + by (auto simp: class_None_eq class_Some_eq Field_transymcl_self transymcl_into(2) + intro: transymcl_trans) + with SN Z * have "transymcl (insert (x, y) Qeq) `` {z} = transymcl Qeq `` {z}" + unfolding transymcl_insert + by (intro trans[OF Un1_Image_triv]) (auto simp: class_None_eq class_Some_eq) + with z \z \ x\ \z \ y\ have "Z \ classes Qeq" + by (auto simp: classes_def intro!: quotientI) + } + ultimately have "classes (insert (x, y) Qeq) = classes Qeq - {X} \ {insert y X}" + by blast + with SN show ?case + by auto +next + case (SS X Y) + moreover from SS have XY: "X \ classes Qeq" "Y \ classes Qeq" "x \ X" "y \ Y" "x \ Field Qeq" "y \ Field Qeq" + using class_None_eq[of x Qeq] class_None_eq[of y Qeq] class_Some_eq[of x Qeq X] class_Some_eq[of y Qeq Y] + by auto + moreover from XY have "X = Y \ classes (insert (x, y) Qeq) = classes Qeq" + unfolding classes_def + by (subst transymcl_insert_same_class) + (auto simp: classes_def insert_absorb elim!: quotientE intro: transymcl_sym transymcl_trans) + moreover + { + assume neq: "X \ Y" + from XY have "X = transymcl Qeq `` {x}" "Y = transymcl Qeq `` {y}" + by (auto simp: classes_def elim!: quotientE intro: transymcl_sym transymcl_trans) + with XY have XY_eq: + "X \ Y = transymcl (insert (x, y) Qeq) `` {x}" + "X \ Y = transymcl (insert (x, y) Qeq) `` {y}" + unfolding transymcl_insert by auto + then have *: "X \ Y \ classes (insert (x, y) Qeq)" + by (auto simp: classes_def quotientI) + moreover + from * XY neq have **: "X \ classes (insert (x, y) Qeq)" "Y \ classes (insert (x, y) Qeq)" + using classes_disjoint[OF *, of X] classes_disjoint[OF *, of Y] classes_disjoint[of X Qeq Y] + by auto + moreover { + fix Z + assume Z: "Z \ X" "Z \ Y" "Z \ classes Qeq" + then obtain z where z: "z \ Field Qeq" "Z = transymcl Qeq `` {z}" + by (auto elim!: quotientE simp: classes_def) + with XY Z have "z \ Z" "z \ x" "z \ y" "(z, x) \ transymcl Qeq" "(z, y) \ transymcl Qeq" + using classes_disjoint[of Z Qeq X] classes_disjoint[of Z Qeq Y] classes_nonempty[of Qeq] + by (auto simp: disjoint_iff Field_transymcl_self dest: FieldI2 intro: transymcl_trans) + with XY Z * have "transymcl Qeq `` {z} = transymcl (insert (x, y) Qeq) `` {z}" + unfolding transymcl_insert + by (intro trans[OF _ Un1_Image_triv[symmetric]]) (auto simp: class_None_eq class_Some_eq) + with z have "Z \ classes (insert (x, y) Qeq)" + by (auto simp: classes_def intro!: quotientI) + } + moreover { + fix Z + assume Z: "Z \ X \ Y" "Z \ classes (insert (x, y) Qeq)" + then obtain z where z: "z \ Field (insert (x, y) Qeq)" "Z = transymcl (insert (x, y) Qeq) `` {z}" + by (auto elim!: quotientE simp: classes_def) + with XY Z neq XY_eq have "z \ Z" "z \ x" "z \ y" "(z, x) \ transymcl (insert (x, y) Qeq)" "(z, y) \ transymcl (insert (x, y) Qeq)" + using classes_disjoint[OF *, of Z] classes_disjoint[of X Qeq Y] + by (auto simp: Field_transymcl_self) + with XY Z * have "transymcl (insert (x, y) Qeq) `` {z} = transymcl Qeq `` {z}" + unfolding transymcl_insert + by (intro trans[OF Un1_Image_triv]) (auto simp: class_None_eq class_Some_eq) + with z \z \ x\ \z \ y\ have "Z \ classes Qeq" + by (auto simp: classes_def intro!: quotientI) + } + ultimately have "classes (insert (x, y) Qeq) = classes Qeq - {X, Y} \ {X \ Y}" + by blast + } + ultimately show ?case + by auto +qed + +lemma classes_intersect_find_not_None: + assumes "\V\classes (set xys). V \ A \ {}" "xys \ []" + shows "find (\(x, y). x \ A \ y \ A) xys \ None" +proof - + from assms(2) obtain x y where "(x, y) \ set xys" by (cases xys) auto + with assms(1) obtain X where x: "class x (set xys) = Some X" "X \ A \ {}" + using ex_class[of "x" "set xys"] + by (auto simp: class_Some_eq Field_def) + then obtain a where "a \ A" "a \ X" + by blast + with x have "(a, x) \ transymcl (set xys)" + using equiv_class_eq[OF equiv_transymcl, of _ _ "set xys"] + by (fastforce simp: class_Some_eq classes_def elim!: quotientE) + then obtain b where "(a, b) \ symcl (set xys)" + by (auto simp: transymcl_def elim: converse_tranclE) + with \a \ A\ show ?thesis + by (auto simp: find_None_iff symcl_def) +qed + +(*<*) +end +(*>*) \ No newline at end of file diff --git a/thys/Safe_Range_RC/ROOT b/thys/Safe_Range_RC/ROOT new file mode 100644 --- /dev/null +++ b/thys/Safe_Range_RC/ROOT @@ -0,0 +1,19 @@ +chapter AFP + +session Safe_Range_RC (AFP) = Collections + + options [timeout=600] + sessions + Deriving + "List-Index" + theories + Preliminaries + Relational_Calculus + Restrict_Bounds + Restrict_Bounds_Impl + Restrict_Frees + Restrict_Frees_Impl + Examples + Results + document_files + "root.tex" + "root.bib" diff --git a/thys/Safe_Range_RC/Relational_Calculus.thy b/thys/Safe_Range_RC/Relational_Calculus.thy new file mode 100644 --- /dev/null +++ b/thys/Safe_Range_RC/Relational_Calculus.thy @@ -0,0 +1,1842 @@ +section \Relational Calculus\ + +(*<*) +theory Relational_Calculus +imports + Preliminaries + "Deriving.Derive" +begin +(*>*) + +subsection \First-order Terms\ + +datatype 'a "term" = Const 'a | Var nat + +type_synonym 'a val = "nat \ 'a" + +fun fv_term_set :: "'a term \ nat set" where + "fv_term_set (Var n) = {n}" +| "fv_term_set _ = {}" + +fun fv_fo_term_list :: "'a term \ nat list" where + "fv_fo_term_list (Var n) = [n]" +| "fv_fo_term_list _ = []" + +definition fv_terms_set :: "('a term) list \ nat set" where + "fv_terms_set ts = \(set (map fv_term_set ts))" + +fun eval_term :: "'a val \ 'a term \ 'a" (infix "\" 60) where + "eval_term \ (Const c) = c" +| "eval_term \ (Var n) = \ n" + +definition eval_terms :: "'a val \ ('a term) list \ 'a list" (infix "\" 60) where + "eval_terms \ ts = map (eval_term \) ts" + +lemma finite_set_term: "finite (set_term t)" + by (cases t) auto + +lemma finite_fv_term_set: "finite (fv_term_set t)" + by (cases t) auto + +lemma fv_term_setD: "n \ fv_term_set t \ t = Var n" + by (cases t) auto + +lemma fv_term_set_cong: "fv_term_set t = fv_term_set (map_term f t)" + by (cases t) auto + +lemma fv_terms_setI: "Var m \ set ts \ m \ fv_terms_set ts" + by (induction ts) (auto simp: fv_terms_set_def) + +lemma fv_terms_setD: "m \ fv_terms_set ts \ Var m \ set ts" + by (induction ts) (auto simp: fv_terms_set_def dest: fv_term_setD) + +lemma finite_fv_terms_set: "finite (fv_terms_set ts)" + by (auto simp: fv_terms_set_def finite_fv_term_set) + +lemma fv_terms_set_cong: "fv_terms_set ts = fv_terms_set (map (map_term f) ts)" + using fv_term_set_cong + by (induction ts) (fastforce simp: fv_terms_set_def)+ + +lemma eval_term_cong: "(\n. n \ fv_term_set t \ \ n = \' n) \ + eval_term \ t = eval_term \' t" + by (cases t) auto + +lemma eval_terms_fv_terms_set: "\ \ ts = \' \ ts \ n \ fv_terms_set ts \ \ n = \' n" +proof (induction ts) + case (Cons t ts) + then show ?case + by (cases t) (auto simp: eval_terms_def fv_terms_set_def) +qed (auto simp: eval_terms_def fv_terms_set_def) + +lemma eval_terms_cong: "(\n. n \ fv_terms_set ts \ \ n = \' n) \ + eval_terms \ ts = eval_terms \' ts" + by (auto simp: eval_terms_def fv_terms_set_def intro: eval_term_cong) + +subsection \Relational Calculus Syntax and Semantics\ + +datatype (discs_sels) ('a, 'b) fmla = + Pred 'b "('a term) list" +| Bool bool +| Eq nat "'a term" +| Neg "('a, 'b) fmla" +| Conj "('a, 'b) fmla" "('a, 'b) fmla" +| Disj "('a, 'b) fmla" "('a, 'b) fmla" +| Exists nat "('a, 'b) fmla" + +derive linorder "term" +derive linorder fmla + +fun fv :: "('a, 'b) fmla \ nat set" where + "fv (Pred _ ts) = fv_terms_set ts" +| "fv (Bool b) = {}" +| "fv (Eq x t') = {x} \ fv_term_set t'" +| "fv (Neg \) = fv \" +| "fv (Conj \ \) = fv \ \ fv \" +| "fv (Disj \ \) = fv \ \ fv \" +| "fv (Exists z \) = fv \ - {z}" + +definition exists where "exists x Q = (if x \ fv Q then Exists x Q else Q)" +abbreviation "Forall x Q \ Neg (Exists x (Neg Q))" +abbreviation "forall x Q \ Neg (exists x (Neg Q))" +abbreviation "Impl Q1 Q2 \ Disj (Neg Q1) Q2" + +definition "EXISTS xs Q = fold Exists xs Q" + +abbreviation close where + "close Q \ EXISTS (sorted_list_of_set (fv Q)) Q" + +lemma fv_exists[simp]: "fv (exists x Q) = fv Q - {x}" + by (auto simp: exists_def) + +lemma fv_EXISTS: "fv (EXISTS xs Q) = fv Q - set xs" + by (induct xs arbitrary: Q) (auto simp: EXISTS_def) + +lemma exists_Exists: "x \ fv Q \ exists x Q = Exists x Q" + by (auto simp: exists_def) + +lemma is_Bool_exists[simp]: "is_Bool (exists x Q) = is_Bool Q" + by (auto simp: exists_def is_Bool_def) + +lemma finite_fv[simp]: "finite (fv \)" + by (induction \ rule: fv.induct) + (auto simp: finite_fv_term_set finite_fv_terms_set) + +lemma fv_close[simp]: "fv (close Q) = {}" + by (subst fv_EXISTS) auto + +type_synonym 'a table = "('a list) set" +type_synonym ('a, 'b) intp = "'b \ nat \ 'a table" + +definition adom :: "('a, 'b) intp \ 'a set" where + "adom I = (\rn. \xs \ I rn. set xs)" + +fun sat :: "('a, 'b) fmla \ ('a, 'b) intp \ 'a val \ bool" where + "sat (Pred r ts) I \ \ \ \ ts \ I (r, length ts)" +| "sat (Bool b) I \ \ b" +| "sat (Eq x t') I \ \ \ x = \ \ t'" +| "sat (Neg \) I \ \ \sat \ I \" +| "sat (Conj \ \) I \ \ sat \ I \ \ sat \ I \" +| "sat (Disj \ \) I \ \ sat \ I \ \ sat \ I \" +| "sat (Exists z \) I \ \ (\x. sat \ I (\(z := x)))" + +lemma sat_fv_cong: "(\n. n \ fv \ \ \ n = \' n) \ + sat \ I \ \ sat \ I \'" +proof (induction \ arbitrary: \ \') + case (Neg \) + show ?case + using Neg(1)[of \ \'] Neg(2) + by auto +next + case (Conj \ \) + show ?case + using Conj(1,2)[of \ \'] Conj(3) + by auto +next + case (Disj \ \) + show ?case + using Disj(1,2)[of \ \'] Disj(3) + by auto +next + case (Exists n \) + have "\x. sat \ I (\(n := x)) = sat \ I (\'(n := x))" + using Exists(2) + by (auto intro!: Exists(1)) + then show ?case + by simp +qed (auto cong: eval_terms_cong eval_term_cong) + +lemma sat_fun_upd: "n \ fv Q \ sat Q I (\(n := z)) = sat Q I \" + by (rule sat_fv_cong) auto + +lemma sat_exists[simp]: "sat (exists n Q) I \ = (\x. sat Q I (\(n := x)))" + by (auto simp add: exists_def sat_fun_upd) + +abbreviation eq (infix "\" 80) where + "x \ y \ Eq x (Var y)" + +definition equiv (infix "\" 100) where + "Q1 \ Q2 = (\I \. finite (adom I) \ sat Q1 I \ \ sat Q2 I \)" + +lemma equiv_refl[iff]: "Q \ Q" + unfolding equiv_def by auto + +lemma equiv_sym[sym]: "Q1 \ Q2 \ Q2 \ Q1" + unfolding equiv_def by auto + +lemma equiv_trans[trans]: "Q1 \ Q2 \ Q2 \ Q3 \ Q1 \ Q3" + unfolding equiv_def by auto + +lemma equiv_Neg_cong[simp]: "Q \ Q' \ Neg Q \ Neg Q'" + unfolding equiv_def by auto + +lemma equiv_Conj_cong[simp]: "Q1 \ Q1' \ Q2 \ Q2' \ Conj Q1 Q2 \ Conj Q1' Q2'" + unfolding equiv_def by auto + +lemma equiv_Disj_cong[simp]: "Q1 \ Q1' \ Q2 \ Q2' \ Disj Q1 Q2 \ Disj Q1' Q2'" + unfolding equiv_def by auto + +lemma equiv_Exists_cong[simp]: "Q \ Q' \ Exists x Q \ Exists x Q'" + unfolding equiv_def by auto + +lemma equiv_Exists_exists_cong[simp]: "Q \ Q' \ Exists x Q \ exists x Q'" + unfolding equiv_def by auto + +lemma equiv_Exists_Disj: "Exists x (Disj Q1 Q2) \ Disj (Exists x Q1) (Exists x Q2)" + unfolding equiv_def by auto + +lemma equiv_Disj_Assoc: "Disj (Disj Q1 Q2) Q3 \ Disj Q1 (Disj Q2 Q3)" + unfolding equiv_def by auto + +lemma foldr_Disj_equiv_cong[simp]: + "list_all2 (\) xs ys \ b \ c \ foldr Disj xs b \ foldr Disj ys c" + by (induct xs ys arbitrary: b c rule: list.rel_induct) auto + +lemma Exists_nonfree_equiv: "x \ fv Q \ Exists x Q \ Q" + unfolding equiv_def sat.simps + by (metis exists_def sat_exists) + +subsection \Constant Propagation\ + +fun cp where + "cp (Eq x t) = (case t of Var y \ if x = y then Bool True else x \ y | _ \ Eq x t)" +| "cp (Neg Q) = (let Q' = cp Q in if is_Bool Q' then Bool (\ un_Bool Q') else Neg Q')" +| "cp (Conj Q1 Q2) = + (let Q1' = cp Q1; Q2' = cp Q2 in + if is_Bool Q1' then if un_Bool Q1' then Q2' else Bool False + else if is_Bool Q2' then if un_Bool Q2' then Q1' else Bool False + else Conj Q1' Q2')" +| "cp (Disj Q1 Q2) = + (let Q1' = cp Q1; Q2' = cp Q2 in + if is_Bool Q1' then if un_Bool Q1' then Bool True else Q2' + else if is_Bool Q2' then if un_Bool Q2' then Bool True else Q1' + else Disj Q1' Q2')" +| "cp (Exists x Q) = exists x (cp Q)" +| "cp Q = Q" + +lemma fv_cp: "fv (cp Q) \ fv Q" + by (induct Q) (auto simp: Let_def split: fmla.splits term.splits) + +lemma cp_exists[simp]: "cp (exists x Q) = exists x (cp Q)" + by (auto simp: exists_def fv_cp[THEN set_mp]) + +fun nocp where + "nocp (Bool b) = False" +| "nocp (Pred p ts) = True" +| "nocp (Eq x t) = (t \ Var x)" +| "nocp (Neg Q) = nocp Q" +| "nocp (Conj Q1 Q2) = (nocp Q1 \ nocp Q2)" +| "nocp (Disj Q1 Q2) = (nocp Q1 \ nocp Q2)" +| "nocp (Exists x Q) = (x \ fv Q \ nocp Q)" + +lemma nocp_exists[simp]: "nocp (exists x Q) = nocp Q" + unfolding exists_def by auto + +lemma nocp_cp_triv: "nocp Q \ cp Q = Q" + by (induct Q) (auto simp: exists_def is_Bool_def split: fmla.splits term.splits) + +lemma is_Bool_cp_triv: "is_Bool Q \ cp Q = Q" + by (auto simp: is_Bool_def) + +lemma nocp_cp_or_is_Bool: "nocp (cp Q) \ is_Bool (cp Q)" + by (induct Q) (auto simp: Let_def split: fmla.splits term.splits) + +lemma cp_idem[simp]: "cp (cp Q) = cp Q" + using is_Bool_cp_triv nocp_cp_triv nocp_cp_or_is_Bool by blast + +lemma sat_cp[simp]: "sat (cp Q) I \ = sat Q I \" + by (induct Q arbitrary: \) (auto 0 0 simp: Let_def is_Bool_def split: term.splits fmla.splits) + +lemma equiv_cp_cong[simp]: "Q \ Q' \ cp Q \ cp Q'" + by (auto simp: equiv_def) + +lemma equiv_cp[simp]: "cp Q \ Q" + by (auto simp: equiv_def) + +definition cpropagated where "cpropagated Q = (nocp Q \ is_Bool Q)" + +lemma cpropagated_cp[simp]: "cpropagated (cp Q)" + by (auto simp: cpropagated_def nocp_cp_or_is_Bool) + +lemma nocp_cpropagated[simp]: "nocp Q \ cpropagated Q" + by (auto simp: cpropagated_def) + +lemma cpropagated_cp_triv: "cpropagated Q \ cp Q = Q" + by (auto simp: cpropagated_def nocp_cp_triv is_Bool_def) + +lemma cpropagated_nocp: "cpropagated Q \ x \ fv Q \ nocp Q" + by (auto simp: cpropagated_def is_Bool_def) + +lemma cpropagated_simps[simp]: + "cpropagated (Bool b) \ True" + "cpropagated (Pred p ts) \ True" + "cpropagated (Eq x t) \ t \ Var x" + "cpropagated (Neg Q) \ nocp Q" + "cpropagated (Conj Q1 Q2) \ nocp Q1 \ nocp Q2" + "cpropagated (Disj Q1 Q2) \ nocp Q1 \ nocp Q2" + "cpropagated (Exists x Q) \ x \ fv Q \ nocp Q" + by (auto simp: cpropagated_def) + +subsection \Big Disjunction\ + +fun foldr1 where + "foldr1 f (x # xs) z = foldr f xs x" +| "foldr1 f [] z = z" + +definition DISJ where + "DISJ G = foldr1 Disj (sorted_list_of_set G) (Bool False)" + +lemma sat_foldr_Disj[simp]: "sat (foldr Disj xs Q) I \ = (\Q \ set xs \ {Q}. sat Q I \)" + by (induct xs arbitrary: Q) auto + +lemma sat_foldr1_Disj[simp]: "sat (foldr1 Disj xs Q) I \ = (if xs = [] then sat Q I \ else \Q \ set xs. sat Q I \)" + by (cases xs) auto + +lemma sat_DISJ[simp]: "finite G \ sat (DISJ G) I \ = (\Q \ G. sat Q I \)" + unfolding DISJ_def by auto + +lemma foldr_Disj_equiv: "insert Q (set Qs) = insert Q' (set Qs') \ foldr Disj Qs Q \ foldr Disj Qs' Q'" + by (auto simp: equiv_def set_eq_iff) + +lemma foldr1_Disj_equiv: "set Qs = set Qs' \ foldr1 Disj Qs (Bool False) \ foldr1 Disj Qs' (Bool False)" + by (cases Qs; cases Qs') (auto simp: foldr_Disj_equiv) + +lemma foldr1_Disj_equiv_cong[simp]: + "list_all2 (\) xs ys \ b \ c \ foldr1 Disj xs b \ foldr1 Disj ys c" + by (erule list.rel_cases) auto + +lemma Exists_foldr_Disj: + "Exists x (foldr Disj xs b) \ foldr Disj (map (exists x) xs) (exists x b)" + by (auto simp: equiv_def) + +lemma Exists_foldr1_Disj: + "Exists x (foldr1 Disj xs b) \ foldr1 Disj (map (exists x) xs) (exists x b)" + by (auto simp: equiv_def) + +lemma Exists_DISJ: + "finite \ \ Exists x (DISJ \) \ DISJ (exists x ` \)" + unfolding DISJ_def + by (rule equiv_trans[OF Exists_foldr1_Disj]) + (auto simp: exists_def intro!: foldr1_Disj_equiv equiv_trans[OF _ equiv_sym[OF equiv_cp]]) + +lemma Exists_cp_DISJ: + "finite \ \ Exists x (cp (DISJ \)) \ DISJ (exists x ` \)" + by (rule equiv_trans[OF equiv_Exists_cong[OF equiv_cp] Exists_DISJ]) + +lemma Disj_empty[simp]: "DISJ {} = Bool False" + unfolding DISJ_def by auto +lemma Disj_single[simp]: "DISJ {x} = x" + unfolding DISJ_def by auto + +lemma DISJ_insert[simp]: "finite X \ DISJ (insert x X) \ Disj x (DISJ X)" + by (induct X arbitrary: x rule: finite_induct) (auto simp: equiv_def) + +lemma DISJ_union[simp]: "finite X \ finite Y \ DISJ (X \ Y) \ Disj (DISJ X) (DISJ Y)" + by (induct X rule: finite_induct) + (auto intro!: DISJ_insert[THEN equiv_trans] simp: equiv_def) + +lemma DISJ_exists_pull_out: "finite \ \ Q \ \ \ + DISJ (exists x ` \) \ Disj (Exists x Q) (DISJ (exists x ` (\ - {Q})))" + by (auto simp: equiv_def) + +lemma DISJ_push_in: "finite \ \ Disj Q (DISJ \) \ DISJ (insert Q \)" + by (auto simp: equiv_def) + +lemma DISJ_insert_reorder: "finite \ \ DISJ (insert (Disj Q1 Q2) \) \ DISJ (insert Q2 (insert Q1 \))" + by (auto simp: equiv_def) + +lemma DISJ_insert_reorder': "finite \ \ finite \' \ DISJ (insert (Disj (DISJ \') Q2) \) \ DISJ (insert Q2 (\' \ \))" + by (auto simp: equiv_def) + +lemma fv_foldr_Disj[simp]: "fv (foldr Disj Qs Q) = (fv Q \ (\Q \ set Qs. fv Q))" + by (induct Qs) auto + +lemma fv_foldr1_Disj[simp]: "fv (foldr1 Disj Qs Q) = (if Qs = [] then fv Q else (\Q \ set Qs. fv Q))" + by (cases Qs) auto + +lemma fv_DISJ: "finite \ \ fv (DISJ \) \ (\Q \ \. fv Q)" + by (auto simp: DISJ_def dest!: fv_cp[THEN set_mp] split: if_splits) + +lemma fv_DISJ_close[simp]: "finite \ \ fv (DISJ (close ` \)) = {}" + by (auto dest!: fv_DISJ[THEN set_mp, rotated 1]) + +lemma fv_cp_foldr_Disj: "\Q\set Qs \ {Q}. cpropagated Q \ fv Q = A \ fv (cp (foldr Disj Qs Q)) = A" + by (induct Qs) (auto simp: cpropagated_cp_triv Let_def is_Bool_def) + +lemma fv_cp_foldr1_Disj: "cp (foldr1 Disj Qs (Bool False)) \ Bool False \ + \Q\set Qs. cpropagated Q \ fv Q = A \ + fv (cp (foldr1 Disj Qs (Bool False))) = A" + by (cases Qs) (auto simp: fv_cp_foldr_Disj) + +lemma fv_cp_DISJ_eq: "finite \ \ cp (DISJ \) \ Bool False \ \Q \ \. cpropagated Q \ fv Q = A \ fv (cp (DISJ \)) = A" + by (auto simp: DISJ_def fv_cp_foldr1_Disj) + +fun sub where + "sub (Bool t) = {Bool t}" +| "sub (Pred p ts) = {Pred p ts}" +| "sub (Eq x t) = {Eq x t}" +| "sub (Neg Q) = insert (Neg Q) (sub Q)" +| "sub (Conj Q1 Q2) = insert (Conj Q1 Q2) (sub Q1 \ sub Q2)" +| "sub (Disj Q1 Q2) = insert (Disj Q1 Q2) (sub Q1 \ sub Q2)" +| "sub (Exists z Q) = insert (Exists z Q) (sub Q)" + +lemma cpropagated_sub: "cpropagated Q \ Q' \ sub Q \ cpropagated Q'" + by (induct Q) auto + +lemma Exists_in_sub_cp_foldr_Disj: + "Exists x Q' \ sub (cp (foldr Disj Qs Q)) \ Exists x Q' \ sub (cp Q) \ (\Q \ set Qs. Exists x Q' \ sub (cp Q))" + by (induct Qs arbitrary: Q) (auto simp: Let_def split: if_splits) + +lemma Exists_in_sub_cp_foldr1_Disj: + "Exists x Q' \ sub (cp (foldr1 Disj Qs Q)) \ Qs = [] \ Exists x Q' \ sub (cp Q) \ (\Q \ set Qs. Exists x Q' \ sub (cp Q))" + by (cases Qs) (auto simp: Exists_in_sub_cp_foldr_Disj) + +lemma Exists_in_sub_cp_DISJ: "Exists x Q' \ sub (cp (DISJ \)) \ finite \ \ (\Q \ \. Exists x Q' \ sub (cp Q))" + unfolding DISJ_def by (drule Exists_in_sub_cp_foldr1_Disj) auto + +lemma Exists_in_sub_foldr_Disj: + "Exists x Q' \ sub (foldr Disj Qs Q) \ Exists x Q' \ sub Q \ (\Q \ set Qs. Exists x Q' \ sub Q)" + by (induct Qs arbitrary: Q) (auto simp: Let_def split: if_splits) + +lemma Exists_in_sub_foldr1_Disj: + "Exists x Q' \ sub (foldr1 Disj Qs Q) \ Qs = [] \ Exists x Q' \ sub Q \ (\Q \ set Qs. Exists x Q' \ sub Q)" + by (cases Qs) (auto simp: Exists_in_sub_foldr_Disj) + +lemma Exists_in_sub_DISJ: "Exists x Q' \ sub (DISJ \) \ finite \ \ (\Q \ \. Exists x Q' \ sub Q)" + unfolding DISJ_def by (drule Exists_in_sub_foldr1_Disj) auto + +subsection \Substitution\ + +fun subst_term ("_[_ \<^bold>\t _]" [90, 0, 0] 91) where + "Var z[x \<^bold>\t y] = Var (if x = z then y else z)" +| "Const c[x \<^bold>\t y] = Const c" + +abbreviation substs_term ("_[_ \<^bold>\t\<^sup>* _]" [90, 0, 0] 91) where + "t[xs \<^bold>\t\<^sup>* ys] \ fold (\(x, y) t. t[x \<^bold>\t y]) (zip xs ys) t" + +lemma size_subst_term[simp]: "size (t[x \<^bold>\t y]) = size t" + by (cases t) auto + +lemma fv_subst_term[simp]: "fv_term_set (t[x \<^bold>\t y]) = + (if x \ fv_term_set t then insert y (fv_term_set t - {x}) else fv_term_set t)" + by (cases t) auto + +definition "fresh2 x y Q = Suc (Max (insert x (insert y (fv Q))))" + +function (sequential) subst :: "('a, 'b) fmla \ nat \ nat \ ('a, 'b) fmla" ("_[_ \<^bold>\ _]" [90, 0, 0] 91) where + "Bool t[x \<^bold>\ y] = Bool t" +| "Pred p ts[x \<^bold>\ y] = Pred p (map (\t. t[x \<^bold>\t y]) ts)" +| "Eq z t[x \<^bold>\ y] = Eq (if z = x then y else z) (t[x \<^bold>\t y])" +| "Neg Q[x \<^bold>\ y] = Neg (Q[x \<^bold>\ y])" +| "Conj Q1 Q2[x \<^bold>\ y] = Conj (Q1[x \<^bold>\ y]) (Q2[x \<^bold>\ y])" +| "Disj Q1 Q2[x \<^bold>\ y] = Disj (Q1[x \<^bold>\ y]) (Q2[x \<^bold>\ y])" +| "Exists z Q[x \<^bold>\ y] = (if x = z then Exists x Q else + if z = y then let z' = fresh2 x y Q in Exists z' (Q[z \<^bold>\ z'][x \<^bold>\ y]) else Exists z (Q[x \<^bold>\ y]))" + by pat_completeness auto + +abbreviation substs ("_[_ \<^bold>\\<^sup>* _]" [90, 0, 0] 91) where + "Q[xs \<^bold>\\<^sup>* ys] \ fold (\(x, y) Q. Q[x \<^bold>\ y]) (zip xs ys) Q" + +lemma size_subst_p[simp]: "subst_dom (Q, x, y) \ size (Q[x \<^bold>\ y]) = size Q" + by (induct Q x y rule: subst.pinduct) (auto simp: subst.psimps o_def Let_def exists_def) + +termination by lexicographic_order + +lemma size_subst[simp]: "size (Q[x \<^bold>\ y]) = size Q" + by (induct Q x y rule: subst.induct) (auto simp: o_def Let_def exists_def) + +lemma fresh2_gt: + "x < fresh2 x y Q" + "y < fresh2 x y Q" + "z \ fv Q \ z < fresh2 x y Q" + unfolding fresh2_def less_Suc_eq_le + by (auto simp: max_def Max_ge_iff) + +lemma fresh2: + "x \ fresh2 x y Q" + "y \ fresh2 x y Q" + "fresh2 x y Q \ fv Q" + using fresh2_gt(1)[of x y Q] fresh2_gt(2)[of y x Q] fresh2_gt(3)[of "fresh2 x y Q" Q x y] + by auto + +lemma fv_subst: + "fv (Q[x \<^bold>\ y]) = (if x \ fv Q then insert y (fv Q - {x}) else fv Q)" + by (induct Q x y rule: subst.induct) + (auto simp: fv_terms_set_def Let_def fresh2 split: if_splits) + +lemma subst_term_triv: "x \ fv_term_set t \ t[x \<^bold>\t y] = t" + by (cases t) auto + +lemma subst_exists: "exists z Q[x \<^bold>\ y] = (if z \ fv Q then if x = z then exists x Q else + if z = y then let z' = fresh2 x y Q in exists z' (Q[z \<^bold>\ z'][x \<^bold>\ y]) else exists z (Q[x \<^bold>\ y]) else Q[x \<^bold>\ y])" + by (auto simp: exists_def Let_def fv_subst fresh2 dest: sym) + +lemma eval_subst[simp]: "\ \ t[x \<^bold>\t y] = \(x := \ y) \ t" + by (cases t) auto + +lemma sat_subst[simp]: "sat (Q[x \<^bold>\ y]) I \ = sat Q I (\(x := \ y))" + by (induct Q x y arbitrary: \ rule: subst.induct) + (auto 0 3 simp: eval_terms_def o_def Let_def fun_upd_twist[symmetric] sat_fun_upd fresh2 dest: sym) + +lemma substs_Bool[simp]: "length xs = length ys \ Bool b[xs \<^bold>\\<^sup>* ys] = Bool b" + by (induct xs ys rule: list_induct2) auto + +lemma substs_Neg[simp]: "length xs = length ys \ Neg Q[xs \<^bold>\\<^sup>* ys] = Neg (Q[xs \<^bold>\\<^sup>* ys])" + by (induct xs ys arbitrary: Q rule: list_induct2) (auto simp: Let_def) + +lemma substs_Conj[simp]: "length xs = length ys \ Conj Q1 Q2[xs \<^bold>\\<^sup>* ys] = Conj (Q1[xs \<^bold>\\<^sup>* ys]) (Q2[xs \<^bold>\\<^sup>* ys])" + by (induct xs ys arbitrary: Q1 Q2 rule: list_induct2) auto + +lemma substs_Disj[simp]: "length xs = length ys \ Disj Q1 Q2[xs \<^bold>\\<^sup>* ys] = Disj (Q1[xs \<^bold>\\<^sup>* ys]) (Q2[xs \<^bold>\\<^sup>* ys])" + by (induct xs ys arbitrary: Q1 Q2 rule: list_induct2) auto + +fun substs_bd where + "substs_bd z (x # xs) (y # ys) Q = (if x = z then substs_bd z xs ys Q else + if z = y then substs_bd (fresh2 x y Q) xs ys (Q[y \<^bold>\ fresh2 x y Q][x \<^bold>\ y]) else substs_bd z xs ys (Q[x \<^bold>\ y]))" +| "substs_bd z _ _ _ = z" + +fun substs_src where + "substs_src z (x # xs) (y # ys) Q = (if x = z then substs_src z xs ys Q else + if z = y then [y, x] @ substs_src (fresh2 x y Q) xs ys (Q[y \<^bold>\ fresh2 x y Q][x \<^bold>\ y]) else x # substs_src z xs ys (Q[x \<^bold>\ y]))" +| "substs_src _ _ _ _ = []" + +fun substs_dst where + "substs_dst z (x # xs) (y # ys) Q = (if x = z then substs_dst z xs ys Q else + if z = y then [fresh2 x y Q, y] @ substs_dst (fresh2 x y Q) xs ys (Q[y \<^bold>\ fresh2 x y Q][x \<^bold>\ y]) else y # substs_dst z xs ys (Q[x \<^bold>\ y]))" +| "substs_dst _ _ _ _ = []" + +lemma length_substs[simp]: "length xs = length ys \ length (substs_src z xs ys Q) = length (substs_dst z xs ys Q)" + by (induct xs ys arbitrary: z Q rule: list_induct2) auto + +lemma substs_Exists[simp]: "length xs = length ys \ + Exists z Q[xs \<^bold>\\<^sup>* ys] = Exists (substs_bd z xs ys Q) (Q[substs_src z xs ys Q \<^bold>\\<^sup>* substs_dst z xs ys Q])" + by (induct xs ys arbitrary: Q z rule: list_induct2) (auto simp: Let_def intro: exI[of _ "[]"]) + +fun subst_var where + "subst_var (x # xs) (y # ys) z = (if x = z then subst_var xs ys y else subst_var xs ys z)" +| "subst_var _ _ z = z" + +lemma substs_Eq[simp]: "length xs = length ys \ (Eq x t)[xs \<^bold>\\<^sup>* ys] = Eq (subst_var xs ys x) (t[xs \<^bold>\t\<^sup>* ys])" + by (induct xs ys arbitrary: x t rule: list_induct2) auto + +lemma substs_term_Var[simp]: "length xs = length ys \ (Var x)[xs \<^bold>\t\<^sup>* ys] = Var (subst_var xs ys x)" + by (induct xs ys arbitrary: x rule: list_induct2) auto + +lemma substs_term_Const[simp]: "length xs = length ys \ (Const c)[xs \<^bold>\t\<^sup>* ys] = Const c" + by (induct xs ys rule: list_induct2) auto + +lemma in_fv_substs: + "length xs = length ys \ x \ fv Q \ subst_var xs ys x \ fv (Q[xs \<^bold>\\<^sup>* ys])" + by (induct xs ys arbitrary: x Q rule: list_induct2) (auto simp: fv_subst) + +lemma exists_cp_subst: "x \ y \ exists x (cp (Q[x \<^bold>\ y])) = cp (Q[x \<^bold>\ y])" + by (auto simp: exists_def fv_subst dest!: set_mp[OF fv_cp] split: if_splits) + +subsection \Generated Variables\ + +inductive ap where + Pred: "ap (Pred p ts)" +| Eqc: "ap (Eq x (Const c))" + +inductive gen where + "gen x (Bool False) {}" +| "ap Q \ x \ fv Q \ gen x Q {Q}" +| "gen x Q G \ gen x (Neg (Neg Q)) G" +| "gen x (Conj (Neg Q1) (Neg Q2)) G \ gen x (Neg (Disj Q1 Q2)) G" +| "gen x (Disj (Neg Q1) (Neg Q2)) G \ gen x (Neg (Conj Q1 Q2)) G" +| "gen x Q1 G1 \ gen x Q2 G2 \ gen x (Disj Q1 Q2) (G1 \ G2)" +| "gen x Q1 G \ gen x Q2 G \ gen x (Conj Q1 Q2) G" +| "gen y Q G \ gen x (Conj Q (x \ y)) ((\Q. cp (Q[y \<^bold>\ x])) ` G)" +| "gen y Q G \ gen x (Conj Q (y \ x)) ((\Q. cp (Q[y \<^bold>\ x])) ` G)" +| "x \ y \ gen x Q G \ gen x (Exists y Q) (exists y ` G)" + +inductive gen' where + "gen' x (Bool False) {}" +| "ap Q \ x \ fv Q \ gen' x Q {Q}" +| "gen' x Q G \ gen' x (Neg (Neg Q)) G" +| "gen' x (Conj (Neg Q1) (Neg Q2)) G \ gen' x (Neg (Disj Q1 Q2)) G" +| "gen' x (Disj (Neg Q1) (Neg Q2)) G \ gen' x (Neg (Conj Q1 Q2)) G" +| "gen' x Q1 G1 \ gen' x Q2 G2 \ gen' x (Disj Q1 Q2) (G1 \ G2)" +| "gen' x Q1 G \ gen' x Q2 G \ gen' x (Conj Q1 Q2) G" +| "gen' y Q G \ gen' x (Conj Q (x \ y)) ((\Q. Q[y \<^bold>\ x]) ` G)" +| "gen' y Q G \ gen' x (Conj Q (y \ x)) ((\Q. Q[y \<^bold>\ x]) ` G)" +| "x \ y \ gen' x Q G \ gen' x (Exists y Q) (exists y ` G)" + +inductive qp where + ap: "ap Q \ qp Q" +| exists: "qp Q \ qp (exists x Q)" + +lemma qp_Exists: "qp Q \ x \ fv Q \ qp (Exists x Q)" + by (metis qp.exists exists_def) + +lemma qp_ExistsE: "qp (Exists x Q) \ (qp Q \ x \ fv Q \ R) \ R" + by (induct "Exists x Q" rule: qp.induct) (auto elim!: ap.cases simp: exists_def split: if_splits) + +fun qp_impl where + "qp_impl (Eq x (Const c)) = True" +| "qp_impl (Pred x ts) = True" +| "qp_impl (Exists x Q) = (x \ fv Q \ qp Q)" +| "qp_impl _ = False" + +lemma qp_imp_qp_impl: "qp Q \ qp_impl Q" + by (induct Q rule: qp.induct) (auto elim!: ap.cases simp: exists_def) + +lemma qp_impl_imp_qp: "qp_impl Q \ qp Q" + by (induct Q rule: qp_impl.induct) (auto intro: ap.intros qp_Exists qp.ap) + +lemma qp_code[code]: "qp Q = qp_impl Q" + using qp_imp_qp_impl qp_impl_imp_qp by blast + +lemma ap_cp: "ap Q \ ap (cp Q)" + by (induct Q rule: ap.induct) (auto intro: ap.intros) + +lemma qp_cp: "qp Q \ qp (cp Q)" + by (induct Q rule: qp.induct) (auto intro: qp.intros ap_cp) + +lemma ap_substs: "ap Q \ length xs = length ys \ ap (Q[xs \<^bold>\\<^sup>* ys])" +proof (induct Q arbitrary: xs ys rule: ap.induct) + case (Pred p ts) + then show ?case + by (induct xs ys arbitrary: ts rule: list_induct2) (auto intro!: ap.intros) +next + case (Eqc x c) + then show ?case + by (induct xs ys arbitrary: x rule: list_induct2) (auto intro!: ap.intros) +qed + +lemma ap_subst': "ap (Q[x \<^bold>\ y]) \ ap Q" +proof (induct "Q[x \<^bold>\ y]" arbitrary: Q rule: ap.induct) + case (Pred p ts) + then show ?case + by (cases Q) (auto simp: Let_def split: if_splits intro: ap.intros) +next + case (Eqc x c) + then show ?case + proof (cases Q) + case (Eq x t) + with Eqc show ?thesis + by (cases t) (auto intro: ap.intros) + qed (auto simp: Let_def split: if_splits) +qed + +lemma qp_substs: "qp Q \ length xs = length ys \ qp (Q[xs \<^bold>\\<^sup>* ys])" +proof (induct Q arbitrary: xs ys rule: qp.induct) + case (ap Q) + then show ?case + by (rule qp.ap[OF ap_substs]) +next + case (exists Q z) + from exists(3,1,2) show ?case + proof (induct xs ys arbitrary: Q z rule: list_induct2) + case Nil + then show ?case + by (auto intro: qp.intros) + next + case (Cons x xs y ys) + have [simp]: "Q[x \<^bold>\ y][xs \<^bold>\\<^sup>* ys] = Q[x # xs \<^bold>\\<^sup>* y # ys]" for Q :: "('a, 'b) fmla" and x y xs ys + by auto + have IH1[simp]: "qp (Q[x \<^bold>\ y])" for x y + using Cons(4)[of "[x]" "[y]"] by auto + have IH2[simp]: "qp (Q[x \<^bold>\ y][a \<^bold>\ b])" for x y a b + using Cons(4)[of "[x, a]" "[y, b]"] by auto + note zip_Cons_Cons[simp del] + show ?case + unfolding zip_Cons_Cons fold.simps prod.case o_apply subst_exists using Cons(1,3) + by (auto simp: Let_def intro!: qp.intros(2) Cons(2,4)) + qed +qed + +lemma qp_subst: "qp Q \ qp (Q[x \<^bold>\ y])" + using qp_substs[of Q "[x]" "[y]"] by auto + +lemma qp_Neg[dest]: "qp (Neg Q) \ False" + by (rule qp.induct[where P = "\Q'. Q' = Neg Q \ False", THEN mp]) (auto elim!: ap.cases simp: exists_def) + +lemma qp_Disj[dest]: "qp (Disj Q1 Q2) \ False" + by (rule qp.induct[where P = "\Q. Q = Disj Q1 Q2 \ False", THEN mp]) (auto elim!: ap.cases simp: exists_def) + +lemma qp_Conj[dest]: "qp (Conj Q1 Q2) \ False" + by (rule qp.induct[where P = "\Q. Q = Conj Q1 Q2 \ False", THEN mp]) (auto elim!: ap.cases simp: exists_def) + +lemma qp_eq[dest]: "qp (x \ y) \ False" + by (rule qp.induct[where P = "\Q. (\x y. Q = x \ y) \ False", THEN mp]) (auto elim!: ap.cases simp: exists_def) + +lemma qp_subst': "qp (Q[x \<^bold>\ y]) \ qp Q" +proof (induct Q x y rule: subst.induct) + case (3 z t x y) + then show ?case + by (cases t) (auto intro!: ap Eqc split: if_splits) +qed (auto 0 3 simp: qp_Exists fv_subst Let_def fresh2 Pred ap dest: sym elim!: qp_ExistsE split: if_splits) + +lemma qp_subst_eq[simp]: "qp (Q[x \<^bold>\ y]) = qp Q" + using qp_subst qp_subst' by blast + +lemma gen_qp: "gen x Q G \ Qqp \ G \ qp Qqp" + by (induct x Q G arbitrary: Qqp rule: gen.induct) (auto intro: qp.intros ap.intros qp_cp) + +lemma gen'_qp: "gen' x Q G \ Qqp \ G \ qp Qqp" + by (induct x Q G arbitrary: Qqp rule: gen'.induct) (auto intro: qp.intros ap.intros) + +lemma ap_cp_triv: "ap Q \ cp Q = Q" + by (induct Q rule: ap.induct) auto + +lemma qp_cp_triv: "qp Q \ cp Q = Q" + by (induct Q rule: qp.induct) (auto simp: ap_cp_triv) + +lemma ap_cp_subst_triv: "ap Q \ cp (Q[x \<^bold>\ y]) = Q[x \<^bold>\ y]" + by (induct Q rule: ap.induct) auto + +lemma qp_cp_subst_triv: "qp Q \ cp (Q[x \<^bold>\ y]) = Q[x \<^bold>\ y]" + by (induct Q rule: qp.induct) + (auto simp: exists_def qp_cp_triv Let_def fv_subst fresh2 ap_cp_subst_triv dest: sym) + +lemma gen_nocp_intros: + "gen y Q G \ gen x (Conj Q (x \ y)) ((\Q. Q[y \<^bold>\ x]) ` G)" + "gen y Q G \ gen x (Conj Q (y \ x)) ((\Q. Q[y \<^bold>\ x]) ` G)" + by (metis (no_types, lifting) gen.intros(8) gen_qp image_cong qp_cp_subst_triv, + metis (no_types, lifting) gen.intros(9) gen_qp image_cong qp_cp_subst_triv) + +lemma gen'_cp_intros: + "gen' y Q G \ gen' x (Conj Q (x \ y)) ((\Q. cp (Q[y \<^bold>\ x])) ` G)" + "gen' y Q G \ gen' x (Conj Q (y \ x)) ((\Q. cp (Q[y \<^bold>\ x])) ` G)" + by (metis (no_types, lifting) gen'.intros(8) gen'_qp image_cong qp_cp_subst_triv, + metis (no_types, lifting) gen'.intros(9) gen'_qp image_cong qp_cp_subst_triv) + +lemma gen'_gen: "gen' x Q G \ gen x Q G" + by (induct x Q G rule: gen'.induct) (auto intro!: gen.intros gen_nocp_intros) + +lemma gen_gen': "gen x Q G \ gen' x Q G" + by (induct x Q G rule: gen.induct) (auto intro!: gen'.intros gen'_cp_intros) + +lemma gen_eq_gen': "gen = gen'" + using gen'_gen gen_gen' by blast + +lemmas gen_induct[consumes 1] = gen'.induct[folded gen_eq_gen'] + +abbreviation Gen where "Gen x Q \ (\G. gen x Q G)" + +lemma qp_Gen: "qp Q \ x \ fv Q \ Gen x Q" + by (induct Q rule: qp.induct) (force simp: exists_def intro: gen.intros)+ + +lemma qp_gen: "qp Q \ x \ fv Q \ gen x Q {Q}" + by (induct Q rule: qp.induct) + (force simp: exists_def intro: gen.intros dest: gen.intros(10))+ + +lemma gen_foldr_Disj: + "list_all2 (gen x) Qs Gs \ gen x Q G \ GG = G \ (\G \ set Gs. G) \ + gen x (foldr Disj Qs Q) GG" +proof (induct Qs Gs arbitrary: Q G GG rule: list.rel_induct) + case (Cons Q' Qs G' Gs) + then have GG: "GG = G' \ (G \ (\G \ set Gs. G))" + by auto + from Cons(1,3-) show ?case + unfolding foldr.simps o_apply GG + by (intro gen.intros Cons(2)[OF _ refl]) auto +qed simp + +lemma gen_foldr1_Disj: + "list_all2 (gen x) Qs Gs \ gen x Q G \ GG = (if Qs = [] then G else (\G \ set Gs. G)) \ + gen x (foldr1 Disj Qs Q) GG" + by (erule list.rel_cases) (auto simp: gen_foldr_Disj) + +lemma gen_Bool_True[simp]: "gen x (Bool True) G = False" + by (auto elim: gen.cases) + +lemma gen_Bool_False[simp]: "gen x (Bool False) G = (G = {})" + by (auto elim: gen.cases intro: gen.intros) + +lemma gen_Gen_cp: "gen x Q G \ Gen x (cp Q)" + by (induct x Q G rule: gen_induct) + (auto split: if_splits simp: Let_def ap_cp_triv is_Bool_def exists_def intro: gen.intros) + +lemma Gen_cp: "Gen x Q \ Gen x (cp Q)" + by (metis gen_Gen_cp) + +lemma Gen_DISJ: "finite \ \ \Q \ \. qp Q \ x \ fv Q \ Gen x (DISJ \)" + unfolding DISJ_def + by (rule exI gen_foldr1_Disj[where Gs="map (\Q. {Q}) (sorted_list_of_set \)" and G="{}"])+ + (auto simp: list.rel_map qp_cp_triv qp_gen gen.intros intro!: list.rel_refl_strong) + +lemma Gen_cp_DISJ: "finite \ \ \Q \ \. qp Q \ x \ fv Q \ Gen x (cp (DISJ \))" + by (rule Gen_cp Gen_DISJ)+ + +lemma gen_Pred[simp]: + "gen z (Pred p ts) G \ z \ fv_terms_set ts \ G = {Pred p ts}" + by (auto elim: gen.cases intro: gen.intros ap.intros) + +lemma gen_Eq[simp]: + "gen z (Eq a t) G \ z = a \ (\c. t = Const c \ G = {Eq a t})" + by (auto elim: gen.cases elim!: ap.cases intro: gen.intros ap.intros) + +lemma gen_empty_cp: "gen z Q G \ G = {} \ cp Q = Bool False" + by (induct z Q G rule: gen_induct) + (fastforce simp: Let_def exists_def split: if_splits)+ + +inductive genempty where + "genempty (Bool False)" +| "genempty Q \ genempty (Neg (Neg Q))" +| "genempty (Conj (Neg Q1) (Neg Q2)) \ genempty (Neg (Disj Q1 Q2))" +| "genempty (Disj (Neg Q1) (Neg Q2)) \ genempty (Neg (Conj Q1 Q2))" +| "genempty Q1 \ genempty Q2 \ genempty (Disj Q1 Q2)" +| "genempty Q1 \ genempty Q2 \ genempty (Conj Q1 Q2)" +| "genempty Q \ genempty (Conj Q (x \ y))" +| "genempty Q \ genempty (Conj Q (y \ x))" +| "genempty Q \ genempty (Exists y Q)" + +lemma gen_genempty: "gen z Q G \ G = {} \ genempty Q" + by (induct z Q G rule: gen.induct) (auto intro: genempty.intros) + +lemma genempty_substs: "genempty Q \ length xs = length ys \ genempty (Q[xs \<^bold>\\<^sup>* ys])" + by (induct Q arbitrary: xs ys rule: genempty.induct) (auto intro: genempty.intros) + +lemma genempty_substs_Exists: "genempty Q \ length xs = length ys \ genempty (Exists y Q[xs \<^bold>\\<^sup>* ys])" + by (auto intro!: genempty.intros genempty_substs) + +lemma genempty_cp: "genempty Q \ cp Q = Bool False" + by (induct Q rule: genempty.induct) + (auto simp: Let_def exists_def split: if_splits) + +lemma gen_empty_cp_substs: + "gen x Q {} \ length xs = length ys \ cp (Q[xs \<^bold>\\<^sup>* ys]) = Bool False" + by (rule genempty_cp[OF genempty_substs[OF gen_genempty[OF _ refl]]]) + +lemma gen_empty_cp_substs_Exists: + "gen x Q {} \ length xs = length ys \ cp (Exists y Q[xs \<^bold>\\<^sup>* ys]) = Bool False" + by (rule genempty_cp[OF genempty_substs_Exists[OF gen_genempty[OF _ refl]]]) + +lemma gen_Gen_substs_Exists: + "length xs = length ys \ x \ y \ x \ fv Q \ + (\xs ys. length xs = length ys \ Gen (subst_var xs ys x) (cp (Q[xs \<^bold>\\<^sup>* ys]))) \ + Gen (subst_var xs ys x) (cp (Exists y Q[xs \<^bold>\\<^sup>* ys]))" +proof (induct xs ys arbitrary: y x Q rule: list_induct2) + case Nil + from Nil(1) Nil(3)[of "[]" "[]"] show ?case + by (auto simp: exists_def intro: gen.intros) +next + case (Cons xx xs yy ys) + have "Gen (subst_var xs ys yy) (cp (Q[[y,x]@xs \<^bold>\\<^sup>* [fresh2 x y Q,yy]@ys]))" + if "length xs = length ys" and "x \ y" for xs ys + using Cons(5)[of "[y,x]@xs" "[fresh2 x y Q,yy]@ys"] that Cons.prems by auto + moreover have "Gen (subst_var xs ys x) (cp (Q[[yy,xx]@xs \<^bold>\\<^sup>* [fresh2 xx yy Q,yy]@ys]))" + if "length xs = length ys" "x \ yy" "x \ xx" for xs ys + using Cons(5)[of "[yy,xx]@xs" "[fresh2 xx yy Q,yy]@ys"] that Cons.prems by auto + moreover have "Gen (subst_var xs ys yy) (cp (Q[[x]@xs \<^bold>\\<^sup>* [yy]@ys]))" + if "length xs = length ys" and "x = xx" for xs ys + using Cons(5)[of "[x]@xs" "[yy]@ys"] that Cons.prems by auto + moreover have "Gen (subst_var xs ys x) (cp (Q[[xx]@xs \<^bold>\\<^sup>* [yy]@ys]))" + if "length xs = length ys" and "x \ xx" for xs ys + using Cons(5)[of "[xx]@xs" "[yy]@ys"] that Cons.prems by auto + ultimately show ?case using Cons + by (auto simp: Let_def fresh2 fv_subst intro: Cons(2) simp del: substs_Exists split: if_splits) +qed + +lemma gen_fv: + "gen x Q G \ Qqp \ G \ x \ fv Qqp \ fv Qqp \ fv Q" + by (induct x Q G arbitrary: Qqp rule: gen_induct) + (force simp: fv_subst dest: fv_cp[THEN set_mp])+ + +lemma gen_sat: + fixes x :: nat + shows "gen x Q G \ sat Q I \ \ \Qqp \ G. sat Qqp I \" + by (induct x Q G arbitrary: \ rule: gen_induct) + (auto 6 0 simp: fun_upd_idem intro: UnI1 UnI2) + +subsection \Variable Erasure\ + +fun erase :: "('a, 'b) fmla \ nat \ ('a, 'b) fmla" (infix "\<^bold>\" 65) where + "Bool t \<^bold>\ x = Bool t" +| "Pred p ts \<^bold>\ x = (if x \ fv_terms_set ts then Bool False else Pred p ts)" +| "Eq z t \<^bold>\ x = (if t = Var z then Bool True else + if x = z \ x \ fv_term_set t then Bool False else Eq z t)" +| "Neg Q \<^bold>\ x = Neg (Q \<^bold>\ x)" +| "Conj Q1 Q2 \<^bold>\ x = Conj (Q1 \<^bold>\ x) (Q2 \<^bold>\ x)" +| "Disj Q1 Q2 \<^bold>\ x = Disj (Q1 \<^bold>\ x) (Q2 \<^bold>\ x)" +| "Exists z Q \<^bold>\ x = (if x = z then Exists x Q else Exists z (Q \<^bold>\ x))" + +lemma fv_erase: "fv (Q \<^bold>\ x) \ fv Q - {x}" + by (induct Q) auto + +lemma ap_cp_erase: "ap Q \ x \ fv Q \ cp (Q \<^bold>\ x) = Bool False" + by (induct Q rule: ap.induct) auto + +lemma qp_cp_erase: "qp Q \ x \ fv Q \ cp (Q \<^bold>\ x) = Bool False" + by (induct Q rule: qp.induct) (auto simp: exists_def ap_cp_erase split: if_splits) + +lemma sat_erase: "sat (Q \<^bold>\ x) I (\(x := z)) = sat (Q \<^bold>\ x) I \" + by (rule sat_fun_upd) (auto dest: fv_erase[THEN set_mp]) + +lemma exists_cp_erase: "exists x (cp (Q \<^bold>\ x)) = cp (Q \<^bold>\ x)" + by (auto simp: exists_def dest: set_mp[OF fv_cp] set_mp[OF fv_erase]) + +lemma gen_cp_erase: + fixes x :: nat + shows "gen x Q G \ Qqp \ G \ cp (Qqp \<^bold>\ x) = Bool False" + by (metis gen_qp qp_cp_erase gen_fv) + +subsection \Generated Variables and Substitutions\ + +lemma gen_Gen_cp_substs: "gen z Q G \ length xs = length ys \ + Gen (subst_var xs ys z) (cp (Q[xs \<^bold>\\<^sup>* ys]))" +proof (induct z Q G arbitrary: xs ys rule: gen_induct) + case (2 Q x) + show ?case + by (subst ap_cp_triv) (rule exI gen.intros(2) ap_substs 2 in_fv_substs)+ +next + case (3 x Q G) + then show ?case + by (fastforce simp: Let_def intro: gen.intros) +next + case (4 x Q1 Q2 G) + from 4(2)[of xs ys] 4(1,3) show ?case + by (auto simp: Let_def is_Bool_def intro!: gen.intros(4) split: if_splits) +next + case (5 x Q1 Q2 G) + from 5(2)[of xs ys] 5(1,3) show ?case + by (auto simp: Let_def is_Bool_def intro!: gen.intros(5) split: if_splits) +next + case (6 x Q1 G1 Q2 G2) + from 6(2,4)[of xs ys] 6(1,3,5) show ?case + by (auto simp: Let_def is_Bool_def intro!: gen.intros(6) split: if_splits) +next + case (7 x Q1 G Q2) + from 7(1) show ?case + proof (elim disjE conjE, goal_cases L R) + case L + from L(1) L(2)[rule_format, of xs ys] 7(2) show ?case + by (auto simp: Let_def is_Bool_def intro!: gen.intros(7) split: if_splits) + next + case R + from R(1) R(2)[rule_format, of xs ys] 7(2) show ?case + by (auto simp: Let_def is_Bool_def intro!: gen.intros(7) split: if_splits) + qed +next + case (8 y Q G x) + from 8(2)[of xs ys] 8(1,3) show ?case + by (auto simp: Let_def is_Bool_def intro!: gen.intros(8) split: if_splits) +next + case (9 y Q G x) + from 9(2)[of xs ys] 9(1,3) show ?case + by (auto simp: Let_def is_Bool_def intro!: gen.intros(9) split: if_splits) +next + case (10 x y Q G) + show ?case + proof (cases "x \ fv Q") + case True + with 10(4,1) show ?thesis using 10(3) + by (rule gen_Gen_substs_Exists) + next + case False + with 10(2) have "G = {}" + by (auto dest: gen_fv) + with 10(2,4) have "cp (Q[xs \<^bold>\\<^sup>* ys]) = Bool False" + by (auto intro!: gen_empty_cp_substs[of x]) + with 10(2,4) have "cp (Exists y Q[xs \<^bold>\\<^sup>* ys]) = Bool False" unfolding \G = {}\ + by (intro gen_empty_cp_substs_Exists) + then show ?thesis + by auto + qed +qed (fastforce simp: Let_def is_Bool_def intro!: gen.intros split: if_splits)+ + +lemma Gen_cp_substs: "Gen z Q \ length xs = length ys \ Gen (subst_var xs ys z) (cp (Q[xs \<^bold>\\<^sup>* ys]))" + by (blast intro: gen_Gen_cp_substs) + +lemma Gen_cp_subst: "Gen z Q \ z \ x \ Gen z (cp (Q[x \<^bold>\ y]))" + using Gen_cp_substs[of z Q "[x]" "[y]"] by auto + +lemma substs_bd_fv: "length xs = length ys \ substs_bd z xs ys Q \ fv (Q[substs_src z xs ys Q \<^bold>\\<^sup>* substs_dst z xs ys Q]) \ z \ fv Q" +proof (induct xs ys arbitrary: z Q rule: list_induct2) + case (Cons x xs y ys) + from Cons(1,3) show ?case + by (auto 0 4 simp: fv_subst fresh2 dest: Cons(2) sym split: if_splits) +qed simp + +lemma Gen_substs_bd: "length xs = length ys \ + (\xs ys. length xs = length ys \ Gen (subst_var xs ys z) (cp (Qz[xs \<^bold>\\<^sup>* ys]))) \ + Gen (substs_bd z xs ys Qz) (cp (Qz[substs_src z xs ys Qz \<^bold>\\<^sup>* substs_dst z xs ys Qz]))" +proof (induct xs ys arbitrary: z Qz rule: list_induct2) + case Nil + from Nil(1)[of "[]" "[]"] show ?case + by simp +next + case (Cons x xs y ys) + have "Gen (subst_var xs ys (fresh2 x y Qz)) (cp (Qz[y \<^bold>\ fresh2 x y Qz][x \<^bold>\ y][xs \<^bold>\\<^sup>* ys]))" + if "length xs = length ys" "z = y" for xs ys + using that Cons(3)[of "[y,x]@xs" "[fresh2 x y Qz,y]@ys"] + by (auto simp: fresh2) + moreover have "Gen (subst_var xs ys z) (cp (Qz[x \<^bold>\ y][xs \<^bold>\\<^sup>* ys]))" + if "length xs = length ys" "x \ z" for xs ys + using that Cons(3)[of "[x]@xs" "[y]@ys"] + by (auto simp: fresh2) + ultimately show ?case using Cons(1,3) + by (auto intro!: Cons(2)) +qed + +subsection \Safe-Range Queries\ + +definition nongens where + "nongens Q = {x \ fv Q. \ Gen x Q}" + +abbreviation rrf where + "rrf Q \ nongens Q = {}" + +definition rrb where + "rrb Q = (\y Qy. Exists y Qy \ sub Q \ Gen y Qy)" + +lemma rrb_simps[simp]: + "rrb (Bool b) = True" + "rrb (Pred p ts) = True" + "rrb (Eq x t) = True" + "rrb (Neg Q) = rrb Q" + "rrb (Disj Q1 Q2) = (rrb Q1 \ rrb Q2)" + "rrb (Conj Q1 Q2) = (rrb Q1 \ rrb Q2)" + "rrb (Exists y Qy) = (Gen y Qy \ rrb Qy)" + "rrb (exists y Qy) = ((y \ fv Qy \ Gen y Qy) \ rrb Qy)" + by (auto simp: rrb_def exists_def) + +lemma ap_rrb[simp]: "ap Q \ rrb Q" + by (cases Q rule: ap.cases) auto + +lemma qp_rrb[simp]: "qp Q \ rrb Q" + by (induct Q rule: qp.induct) (auto simp: qp_Gen) + +lemma rrb_cp: "rrb Q \ rrb (cp Q)" + by (induct Q rule: cp.induct) + (auto split: term.splits simp: Let_def exists_def Gen_cp dest!: fv_cp[THEN set_mp]) + +lemma gen_Gen_erase: "gen x Q G \ Gen x (Q \<^bold>\ z)" + by (induct x Q G rule: gen_induct) + (auto 0 4 intro: gen.intros qp.intros ap.intros elim!: ap.cases) + +lemma Gen_erase: "Gen x Q \ Gen x (Q \<^bold>\ z)" + by (metis gen_Gen_erase) + +lemma rrb_erase: "rrb Q \ rrb (Q \<^bold>\ x)" + by (induct Q x rule: erase.induct) + (auto split: term.splits simp: Let_def exists_def Gen_erase dest!: fv_cp[THEN set_mp]) + +lemma rrb_DISJ[simp]: "finite \ \ (\Q \ \. rrb Q) \ rrb (DISJ \)" + by (auto simp: rrb_def dest!: Exists_in_sub_DISJ) + +lemma rrb_cp_substs: "rrb Q \ length xs = length ys \ rrb (cp (Q[xs \<^bold>\\<^sup>* ys]))" +proof (induct "size Q" arbitrary: Q xs ys rule: less_induct) + case less + then show ?case + proof (cases Q) + case (Exists z Qz) + from less(2,3) show ?thesis + unfolding Exists substs_Exists[OF less(3)] cp.simps rrb_simps + by (intro conjI impI less(1) Gen_substs_bd Gen_cp_substs) (simp_all add: Exists) + qed (auto simp: Let_def ap_cp ap_substs ap.intros split: term.splits) +qed + +lemma rrb_cp_subst: "rrb Q \ rrb (cp (Q[x \<^bold>\ y]))" + using rrb_cp_substs[of Q "[x]" "[y]"] + by auto + +definition "sr Q = (rrf Q \ rrb Q)" + +lemma nongens_cp: "nongens (cp Q) \ nongens Q" + unfolding nongens_def by (auto dest: gen_Gen_cp fv_cp[THEN set_mp]) + +lemma sr_Disj: "fv Q1 = fv Q2 \ sr (Disj Q1 Q2) = (sr Q1 \ sr Q2)" + by (auto 0 4 simp: sr_def nongens_def elim!: ap.cases elim: gen.cases intro: gen.intros) + +lemma sr_foldr_Disj: "\Q' \ set Qs. fv Q' = fv Q \ sr (foldr Disj Qs Q) \ (\Q \ set Qs. sr Q) \ sr Q" + by (induct Qs) (auto simp: sr_Disj) + +lemma sr_foldr1_Disj: "\Q' \ set Qs. fv Q' = X \ sr (foldr1 Disj Qs Q) \ (if Qs = [] then sr Q else (\Q \ set Qs. sr Q))" + by (cases Qs) (auto simp: sr_foldr_Disj) + +lemma sr_False[simp]: "sr (Bool False)" + by (auto simp: sr_def nongens_def) + +lemma sr_cp: "sr Q \ sr (cp Q)" + by (auto simp: rrb_cp sr_def dest: nongens_cp[THEN set_mp]) + +lemma sr_DISJ: "finite \ \ \Q' \ \. fv Q' = X \ (\Q \ \. sr Q) \ sr (DISJ \)" + by (auto simp: DISJ_def sr_foldr1_Disj[of _ X] sr_cp) + +lemma sr_Conj_eq: "sr Q \ x \ fv Q \ y \ fv Q \ sr (Conj Q (x \ y))" + by (auto simp: sr_def nongens_def intro: gen.intros) + +subsection \Simplification\ + +locale simplification = + fixes simp :: "('a::{infinite, linorder}, 'b :: linorder) fmla \ ('a, 'b) fmla" + and simplified :: "('a, 'b) fmla \ bool" + assumes sat_simp: "sat (simp Q) I \ = sat Q I \" + and fv_simp: "fv (simp Q) \ fv Q" + and rrb_simp: "rrb Q \ rrb (simp Q)" + and gen_Gen_simp: "gen x Q G \ Gen x (simp Q)" + and fv_simp_Disj_same: "fv (simp Q1) = X \ fv (simp Q2) = X \ fv (simp (Disj Q1 Q2)) = X" + and simp_False: "simp (Bool False) = Bool False" + and simplified_sub: "simplified Q \ Q' \ sub Q \ simplified Q'" + and simplified_Conj_eq: "simplified Q \ x \ y \ x \ fv Q \ y \ fv Q \ simplified (Conj Q (x \ y))" + and simplified_fv_simp: "simplified Q \ fv (simp Q) = fv Q" + and simplified_simp: "simplified (simp Q)" + and simplified_cp: "simplified (cp Q)" +begin + +lemma Gen_simp: "Gen x Q \ Gen x (simp Q)" + by (metis gen_Gen_simp) + +lemma nongens_simp: "nongens (simp Q) \ nongens Q" + using Gen_simp by (auto simp: nongens_def dest!: fv_simp[THEN set_mp]) + +lemma sr_simp: "sr Q \ sr (simp Q)" + by (auto simp: rrb_simp sr_def dest: nongens_simp[THEN set_mp]) + +lemma equiv_simp_cong: "Q \ Q' \ simp Q \ simp Q'" + by (auto simp: equiv_def sat_simp) + +lemma equiv_simp: "simp Q \ Q" + by (auto simp: equiv_def sat_simp) + +lemma fv_simp_foldr_Disj: "\Q\set Qs \ {Q}. simplified Q \ fv Q = A \ + fv (simp (foldr Disj Qs Q)) = A" + by (induct Qs) (auto simp: Let_def is_Bool_def simplified_fv_simp fv_simp_Disj_same) + +lemma fv_simp_foldr1_Disj: "simp (foldr1 Disj Qs (Bool False)) \ Bool False \ + \Q\set Qs. simplified Q \ fv Q = A \ + fv (simp (foldr1 Disj Qs (Bool False))) = A" + by (cases Qs) (auto simp: fv_simp_foldr_Disj simp_False) + +lemma fv_simp_DISJ_eq: + "finite \ \ simp (DISJ \) \ Bool False \ \Q \ \. simplified Q \ fv Q = A \ fv (simp (DISJ \)) = A" + by (auto simp: DISJ_def fv_simp_foldr1_Disj) + +end + +subsection \Covered Variables\ + +inductive cov where + Eq_self: "cov x (x \ x) {}" +| nonfree: "x \ fv Q \ cov x Q {}" +| EqL: "x \ y \ cov x (x \ y) {x \ y}" +| EqR: "x \ y \ cov x (y \ x) {x \ y}" +| ap: "ap Q \ x \ fv Q \ cov x Q {Q}" +| Neg: "cov x Q G \ cov x (Neg Q) G" +| Disj: "cov x Q1 G1 \ cov x Q2 G2 \ cov x (Disj Q1 Q2) (G1 \ G2)" +| DisjL: "cov x Q1 G \ cp (Q1 \<^bold>\ x) = Bool True \ cov x (Disj Q1 Q2) G" +| DisjR: "cov x Q2 G \ cp (Q2 \<^bold>\ x) = Bool True \ cov x (Disj Q1 Q2) G" +| Conj: "cov x Q1 G1 \ cov x Q2 G2 \ cov x (Conj Q1 Q2) (G1 \ G2)" +| ConjL: "cov x Q1 G \ cp (Q1 \<^bold>\ x) = Bool False \ cov x (Conj Q1 Q2) G" +| ConjR: "cov x Q2 G \ cp (Q2 \<^bold>\ x) = Bool False \ cov x (Conj Q1 Q2) G" +| Exists: "x \ y \ cov x Q G \ x \ y \ G \ cov x (Exists y Q) (exists y ` G)" +| Exists_gen: "x \ y \ cov x Q G \ gen y Q Gy \ cov x (Exists y Q) ((exists y ` (G - {x \ y})) \ ((\Q. cp (Q[y \<^bold>\ x])) ` Gy))" + +inductive cov' where + Eq_self: "cov' x (x \ x) {}" +| nonfree: "x \ fv Q \ cov' x Q {}" +| EqL: "x \ y \ cov' x (x \ y) {x \ y}" +| EqR: "x \ y \ cov' x (y \ x) {x \ y}" +| ap: "ap Q \ x \ fv Q \ cov' x Q {Q}" +| Neg: "cov' x Q G \ cov' x (Neg Q) G" +| Disj: "cov' x Q1 G1 \ cov' x Q2 G2 \ cov' x (Disj Q1 Q2) (G1 \ G2)" +| DisjL: "cov' x Q1 G \ cp (Q1 \<^bold>\ x) = Bool True \ cov' x (Disj Q1 Q2) G" +| DisjR: "cov' x Q2 G \ cp (Q2 \<^bold>\ x) = Bool True \ cov' x (Disj Q1 Q2) G" +| Conj: "cov' x Q1 G1 \ cov' x Q2 G2 \ cov' x (Conj Q1 Q2) (G1 \ G2)" +| ConjL: "cov' x Q1 G \ cp (Q1 \<^bold>\ x) = Bool False \ cov' x (Conj Q1 Q2) G" +| ConjR: "cov' x Q2 G \ cp (Q2 \<^bold>\ x) = Bool False \ cov' x (Conj Q1 Q2) G" +| Exists: "x \ y \ cov' x Q G \ x \ y \ G \ cov' x (Exists y Q) (exists y ` G)" +| Exists_gen: "x \ y \ cov' x Q G \ gen y Q Gy \ cov' x (Exists y Q) ((exists y ` (G - {x \ y})) \ ((\Q. Q[y \<^bold>\ x]) ` Gy))" + +lemma cov_nocp_intros: + "x \ y \ cov x Q G \ gen y Q Gy \ cov x (Exists y Q) ((exists y ` (G - {x \ y})) \ ((\Q. Q[y \<^bold>\ x]) ` Gy))" + by (metis (no_types, lifting) cov.Exists_gen gen_qp image_cong qp_cp_subst_triv) + +lemma cov'_cp_intros: + "x \ y \ cov' x Q G \ gen y Q Gy \ cov' x (Exists y Q) ((exists y ` (G - {x \ y})) \ ((\Q. cp (Q[y \<^bold>\ x])) ` Gy))" + by (metis (no_types, lifting) cov'.Exists_gen gen_qp image_cong qp_cp_subst_triv) + +lemma cov'_cov: "cov' x Q G \ cov x Q G" + by (induct x Q G rule: cov'.induct) (force intro: cov.intros cov_nocp_intros)+ + +lemma cov_cov': "cov x Q G \ cov' x Q G" + by (induct x Q G rule: cov.induct) (force intro: cov'.intros cov'_cp_intros)+ + +lemma cov_eq_cov': "cov = cov'" + using cov'_cov cov_cov' by blast + +lemmas cov_induct[consumes 1, case_names Eq_self nonfree EqL EqR ap Neg Disj DisjL DisjR Conj ConjL ConjR Exists Exists_gen] = + cov'.induct[folded cov_eq_cov'] + +lemma ex_cov: "rrb Q \ x \ fv Q \ \G. cov x Q G" +proof (induct Q) + case (Eq z t) + then show ?case + by (cases t) (auto 6 0 intro: cov.intros ap.intros) +next + case (Exists z Q) + then obtain G Gz where "cov x Q G" "gen z Q Gz" "x \ z" + by force + then show ?case + by (cases "x \ z \ G") (auto intro: cov.intros) +qed (auto intro: cov.intros ap.intros) + +definition qps where + "qps G = {Q \ G. qp Q}" + +lemma qps_qp: "Q \ qps G \ qp Q" + by (auto simp: qps_def) + +lemma qps_in: "Q \ qps G \ Q \ G" + by (auto simp: qps_def) + +lemma qps_empty[simp]: "qps {} = {}" + by (auto simp: qps_def) + +lemma qps_insert: "qps (insert Q Qs) = (if qp Q then insert Q (qps Qs) else qps Qs)" + by (auto simp: qps_def) + +lemma qps_union[simp]: "qps (X \ Y) = qps X \ qps Y" + by (auto simp: qps_def) + +lemma finite_qps[simp]: "finite G \ finite (qps G)" + by (auto simp: qps_def) + +lemma qps_exists[simp]: "x \ y \ qps (exists y ` G) = exists y ` qps G" + by (auto simp: qps_def image_iff exists_def qp_Exists elim: qp_ExistsE) + +lemma qps_subst[simp]: "qps ((\Q. Q[x \<^bold>\ y]) ` G) = (\Q. Q[x \<^bold>\ y]) ` qps G" + by (auto simp: qps_def image_iff exists_def) + +lemma qps_minus[simp]: "qps (G - {x \ y}) = qps G" + by (auto simp: qps_def) + +lemma gen_qps[simp]: "gen x Q G \ qps G = G" + by (auto dest: gen_qp simp: qps_def) + +lemma qps_rrb[simp]: "Q \ qps G \ rrb Q" + by (auto simp: qps_def) + +definition eqs where + "eqs x G = {y. x \ y \ x \ y \ G}" + +lemma eqs_in: "y \ eqs x G \ x \ y \ G" + by (auto simp: eqs_def) + +lemma eqs_noteq: "y \ eqs x Q \ x \ y" + unfolding eqs_def by auto + +lemma eqs_empty[simp]: "eqs x {} = {}" + by (auto simp: eqs_def) + +lemma eqs_union[simp]: "eqs x (X \ Y) = eqs x X \ eqs x Y" + by (auto simp: eqs_def) + +lemma finite_eqs[simp]: "finite G \ finite (eqs x G)" + by (force simp: eqs_def image_iff elim!: finite_surj[where f = "\Q. SOME y. Q = x \ y"]) + +lemma eqs_exists[simp]: "x \ y \ eqs x (exists y ` G) = eqs x G - {y}" + by (auto simp: eqs_def exists_def image_iff) + +lemma notin_eqs[simp]: "x \ y \ G \ y \ eqs x G" + by (auto simp: eqs_def) + +lemma eqs_minus[simp]: "eqs x (G - {x \ y}) = eqs x G - {y}" + by (auto simp: eqs_def) + +lemma Var_eq_subst_iff: "Var z = t[x \<^bold>\t y] \ (if z = x then x = y \ t = Var x else + if z = y then t = Var x \ t = Var y else t = Var z)" + by (cases t) auto + +lemma Eq_eq_subst_iff: "y \ z = Q[x \<^bold>\ y] \ (if z = x then x = y \ Q = x \ x else + Q = x \ z \ Q = y \ z \ (z = y \ Q \ {x \ x, y \ y, y \ x}))" + by (cases Q) (auto simp: Let_def Var_eq_subst_iff split: if_splits) + +lemma eqs_subst[simp]: "x \ y \ eqs y ((\Q. Q[x \<^bold>\ y]) ` G) = (eqs y G - {x}) \ (eqs x G - {y})" + by (auto simp: eqs_def image_iff exists_def Eq_eq_subst_iff) + +lemma gen_eqs[simp]: "gen x Q G \ eqs z G = {}" + by (auto dest: gen_qp simp: eqs_def) + +lemma eqs_insert: "eqs x (insert Q Qs) = (case Q of z \ y \ + if z = x \ z \ y then insert y (eqs x Qs) else eqs x Qs | _ \ eqs x Qs)" + by (auto simp: eqs_def split: fmla.splits term.splits) + +lemma eqs_insert': "y \ x \ eqs x (insert (x \ y) Qs) = insert y (eqs x Qs)" + by (auto simp: eqs_def split: fmla.splits term.splits) + +lemma eqs_code[code]: "eqs x G = (\eq. case eq of y \ z \ z) ` (Set.filter (\eq. case eq of y \ z \ x = y \ x \ z | _ => False) G)" + by (auto simp: eqs_def image_iff Set.filter_def split: term.splits fmla.splits) + +lemma gen_finite[simp]: "gen x Q G \ finite G" + by (induct x Q G rule: gen_induct) auto + +lemma cov_finite[simp]: "cov x Q G \ finite G" + by (induct x Q G rule: cov.induct) auto + +lemma gen_sat_erase: "gen y Q Gy \ sat (Q \<^bold>\ x) I \ \ \Q\Gy. sat Q I \" + by (induct y Q Gy arbitrary: \ rule: gen_induct) + (force elim!: ap.cases dest: sym gen_sat split: if_splits)+ + +lemma cov_sat_erase: "cov x Q G \ + sat (Neg (Disj (DISJ (qps G)) (DISJ ((\y. x \ y) ` eqs x G)))) I \ \ + sat Q I \ \ sat (cp (Q \<^bold>\ x)) I \" + unfolding sat_cp +proof (induct x Q G arbitrary: \ rule: cov_induct) + case (Eq_self x) + then show ?case + by auto +next + case (nonfree x Q) + from nonfree(1) show ?case + by (induct Q arbitrary: \) auto +next + case (EqL x y) + then show ?case + by (auto simp: eqs_def) +next + case (EqR x y) + then show ?case + by (auto simp: eqs_def) +next + case (ap Q x) + then show ?case + by (auto simp: qps_def qp.intros elim!: ap.cases) +next + case (Neg x Q G) + then show ?case + by auto +next + case (Disj x Q1 G1 Q2 G2) + then show ?case + by auto +next + case (DisjL x Q1 G Q2) + then have "sat (Q1 \<^bold>\ x) I \" + by (subst sat_cp[symmetric]) auto + with DisjL show ?case + by auto +next + case (DisjR x Q2 G Q1) + then have "sat (Q2 \<^bold>\ x) I \" + by (subst sat_cp[symmetric]) auto + with DisjR show ?case + by auto +next + case (Conj x Q1 G1 Q2 G2) + then show ?case + by auto +next + case (ConjL x Q1 G Q2) + then have "\ sat (Q1 \<^bold>\ x) I \" + by (subst sat_cp[symmetric]) auto + with ConjL show ?case + by auto +next + case (ConjR x Q2 G Q1) + then have "\ sat (Q2 \<^bold>\ x) I \" + by (subst sat_cp[symmetric]) auto + with ConjR show ?case + by auto +next + case (Exists x y Q G) + then show ?case + by fastforce +next + case (Exists_gen x y Q G Gy) + show ?case + unfolding sat.simps erase.simps Exists_gen(1)[THEN eq_False[THEN iffD2]] if_False + proof (intro ex_cong1) + fix z + show "sat Q I (\(y := z)) = sat (Q \<^bold>\ x) I (\(y := z))" + proof (cases "z = \ x") + case True + with Exists_gen(2,4,5) show ?thesis + by (auto dest: gen_sat gen_sat_erase simp: ball_Un) + next + case False + with Exists_gen(1,2,4,5) show ?thesis + by (intro Exists_gen(3)) (auto simp: ball_Un fun_upd_def) + qed + qed +qed + +lemma cov_fv_aux: "cov x Q G \ Qqp \ G \ x \ fv Qqp \ fv Qqp - {x} \ fv Q" + by (induct x Q G arbitrary: Qqp rule: cov_induct) + (auto simp: fv_subst subset_eq gen_fv[THEN conjunct1] + gen_fv[THEN conjunct2, THEN set_mp] dest: gen_fv split: if_splits) + +lemma cov_fv: "cov x Q G \ x \ fv Q \ Qqp \ G \ x \ fv Qqp \ fv Qqp \ fv Q" + using cov_fv_aux[of x Q G Qqp] by auto + +lemma Gen_Conj: + "Gen x Q1 \ Gen x (Conj Q1 Q2)" + "Gen x Q2 \ Gen x (Conj Q1 Q2)" + by (auto intro: gen.intros) + +lemma cov_Gen_qps: "cov x Q G \ x \ fv Q \ Gen x (Conj Q (DISJ (qps G)))" + by (intro Gen_Conj(2) Gen_DISJ) (auto simp: qps_def dest: cov_fv) + +lemma cov_equiv: + assumes "cov x Q G" "\Q I \. sat (simp Q) I \ = sat Q I \" + shows "Q \ Disj (simp (Conj Q (DISJ (qps G)))) + (Disj (DISJ ((\y. Conj (cp (Q[x \<^bold>\ y])) (x \ y)) ` eqs x G)) + (Conj (Q \<^bold>\ x) (Neg (Disj (DISJ (qps G)) (DISJ ((\y. x \ y) ` eqs x G))))))" + (is "_ \ ?rhs") +unfolding equiv_def proof (intro allI impI) + fix I \ + show "sat Q I \ = sat ?rhs I \" + using cov_sat_erase[OF assms(1), of I \] assms + by (fastforce dest: sym simp del: cp.simps) +qed + +fun csts_term where + "csts_term (Var x) = {}" +| "csts_term (Const c) = {c}" + +fun csts where + "csts (Bool b) = {}" +| "csts (Pred p ts) = (\t \ set ts. csts_term t)" +| "csts (Eq x t) = csts_term t" +| "csts (Neg Q) = csts Q" +| "csts (Conj Q1 Q2) = csts Q1 \ csts Q2" +| "csts (Disj Q1 Q2) = csts Q1 \ csts Q2" +| "csts (Exists x Q) = csts Q" + +lemma finite_csts_term[simp]: "finite (csts_term t)" + by (induct t) auto + +lemma finite_csts[simp]: "finite (csts t)" + by (induct t) auto + +lemma ap_fresh_val: "ap Q \ \ x \ adom I \ \ x \ csts Q \ sat Q I \ \ x \ fv Q" +proof (induct Q pred: ap) + case (Pred p ts) + show ?case unfolding fv.simps fv_terms_set_def set_map UN_iff bex_simps + proof safe + fix t + assume "t \ set ts" "x \ fv_term_set t" + with Pred show "False" + by (cases t) (force simp: adom_def eval_terms_def)+ + qed +qed auto + +lemma qp_fresh_val: "qp Q \ \ x \ adom I \ \ x \ csts Q \ sat Q I \ \ x \ fv Q" +proof (induct Q arbitrary: \ rule: qp.induct) + case (ap Q) + then show ?case by (rule ap_fresh_val) +next + case (exists Q z) + from exists(2)[of \] exists(2)[of "\(z := _)"] exists(1,3-) show ?case + by (cases "x = z") (auto simp: exists_def fun_upd_def split: if_splits) +qed + +lemma ex_fresh_val: + fixes Q :: "('a :: infinite, 'b) fmla" + assumes "finite (adom I)" "finite A" + shows "\x. x \ adom I \ x \ csts Q \ x \ A" + by (metis UnCI assms ex_new_if_finite finite_Un finite_csts infinite_UNIV) + +definition fresh_val :: "('a :: infinite, 'b) fmla \ ('a, 'b) intp \ 'a set \ 'a" where + "fresh_val Q I A = (SOME x. x \ adom I \ x \ csts Q \ x \ A)" + +lemma fresh_val: + "finite (adom I) \ finite A \ fresh_val Q I A \ adom I" + "finite (adom I) \ finite A \ fresh_val Q I A \ csts Q" + "finite (adom I) \ finite A \ fresh_val Q I A \ A" + using someI_ex[OF ex_fresh_val, of I A Q] + by (auto simp: fresh_val_def) + +lemma csts_exists[simp]: "csts (exists x Q) = csts Q" + by (auto simp: exists_def) + +lemma csts_term_subst_term[simp]: "csts_term (t[x \<^bold>\t y]) = csts_term t" + by (cases t) auto + +lemma csts_subst[simp]: "csts (Q[x \<^bold>\ y]) = csts Q" + by (induct Q x y rule: subst.induct) (auto simp: Let_def) + +lemma gen_csts: "gen x Q G \ Qqp \ G \ csts Qqp \ csts Q" + by (induct x Q G arbitrary: Qqp rule: gen_induct) (auto simp: subset_eq) + +lemma cov_csts: "cov x Q G \ Qqp \ G \ csts Qqp \ csts Q" + by (induct x Q G arbitrary: Qqp rule: cov_induct) + (auto simp: subset_eq gen_csts[THEN set_mp]) + +lemma not_self_eqs[simp]: "x \ eqs x G" + by (auto simp: eqs_def) + +lemma (in simplification) cov_Exists_equiv: + fixes Q :: "('a :: {infinite, linorder}, 'b :: linorder) fmla" + assumes "cov x Q G" "x \ fv Q" + shows "Exists x Q \ Disj (Exists x (simp (Conj Q (DISJ (qps G))))) + (Disj (DISJ ((\y. cp (Q[x \<^bold>\ y])) ` eqs x G)) (cp (Q \<^bold>\ x)))" +proof - + have "Exists x Q \ Exists x (Disj (simp (Conj Q (DISJ (qps G)))) + (Disj (DISJ ((\y. Conj (cp (Q[x \<^bold>\ y])) (x \ y)) ` eqs x G)) + (Conj (Q \<^bold>\ x) (Neg (Disj (DISJ (qps G)) (DISJ ((\) x ` eqs x G)))))))" + by (rule equiv_Exists_cong[OF cov_equiv[OF assms(1) sat_simp]]) + also have "\ \ Disj (Exists x (simp (Conj Q (DISJ (qps G))))) (Disj + (Exists x (DISJ ((\y. Conj (cp (Q[x \<^bold>\ y])) (x \ y)) ` eqs x G))) + (Exists x (Conj (Q \<^bold>\ x) (Neg (Disj (DISJ (qps G)) (DISJ ((\) x ` eqs x G)))))))" + by (auto intro!: equiv_trans[OF equiv_Exists_Disj] equiv_Disj_cong[OF equiv_refl]) + also have "\ \ Disj (Exists x (simp (Conj Q (DISJ (qps G))))) + (Disj (DISJ ((\y. cp (Q[x \<^bold>\ y])) ` eqs x G)) (cp (Q \<^bold>\ x)))" + proof (rule equiv_Disj_cong[OF equiv_refl equiv_Disj_cong]) + show "Exists x (DISJ ((\y. Conj (cp (Q[x \<^bold>\ y])) (x \ y)) ` eqs x G)) \ DISJ ((\y. cp (Q[x \<^bold>\ y])) ` eqs x G)" + using assms(1) unfolding equiv_def + by simp (auto simp: eqs_def) + next + show "Exists x (Conj (Q \<^bold>\ x) (Neg (Disj (DISJ (qps G)) (DISJ ((\) x ` eqs x G))))) \ cp (Q \<^bold>\ x)" + unfolding equiv_def sat.simps sat_erase sat_cp + sat_DISJ[OF finite_qps[OF cov_finite[OF assms(1)]]] + sat_DISJ[OF finite_imageI[OF finite_eqs[OF cov_finite[OF assms(1)]]]] + proof (intro allI impI) + fix I :: "('a, 'b) intp" and \ + assume "finite (adom I)" + then show "(\z. sat (Q \<^bold>\ x) I \ \ \ ((\Q\qps G. sat Q I (\(x := z))) \ (\Q\(\) x ` eqs x G. sat Q I (\(x := z))))) = + sat (Q \<^bold>\ x) I \" + using fresh_val[OF _ finite_imageI[OF finite_fv], of I Q \ Q] assms + by (auto 0 3 simp: qps_def eqs_def intro!: exI[of _ "fresh_val Q I (\ ` fv Q)"] + dest: cov_fv cov_csts[THEN set_mp] + qp_fresh_val[where \="\(x := fresh_val Q I (\ ` fv Q))" and x=x and I=I]) + qed + qed + finally show ?thesis . +qed + +definition "eval_on V Q I = + (let xs = sorted_list_of_set V + in {ds. length xs = length ds \ (\\. sat Q I (\[xs :=\<^sup>* ds]))})" + +definition "eval Q I = eval_on (fv Q) Q I" + +lemmas eval_deep_def = eval_def[unfolded eval_on_def] + +lemma (in simplification) cov_eval_fin: + fixes Q :: "('a :: {infinite, linorder}, 'b :: linorder) fmla" + assumes "cov x Q G" "x \ fv Q" "finite (adom I)" "\\. \ sat (Q \<^bold>\ x) I \" + shows "eval Q I = eval_on (fv Q) (Disj (simp (Conj Q (DISJ (qps G)))) + (DISJ ((\y. Conj (cp (Q[x \<^bold>\ y])) (x \ y)) ` eqs x G))) I" + (is "eval Q I = eval_on (fv Q) ?Q I") +proof - + from assms(1) have fv: "fv ?Q \ fv Q" + by (auto dest!: fv_cp[THEN set_mp] fv_simp[THEN set_mp] fv_DISJ[THEN set_mp, rotated -1] + eqs_in qps_in cov_fv[OF assms(1,2)] simp: fv_subst simp del: cp.simps split: if_splits) + show ?thesis + unfolding eval_deep_def eval_on_def Let_def fv + proof (intro Collect_eqI arg_cong2[of _ _ _ _ "(\)"] ex_cong1) + fix ds \ + show "sat Q I (\[sorted_list_of_set (fv Q) :=\<^sup>* ds]) \ + sat ?Q I (\[sorted_list_of_set (fv Q) :=\<^sup>* ds])" + by (subst cov_equiv[OF assms(1) sat_simp, unfolded equiv_def, rule_format, OF assms(3)]) + (auto simp: assms(4)) + qed simp +qed + +lemma (in simplification) cov_sat_fin: + fixes Q :: "('a :: {infinite, linorder}, 'b :: linorder) fmla" + assumes "cov x Q G" "x \ fv Q" "finite (adom I)" "\\. \ sat (Q \<^bold>\ x) I \" + shows "sat Q I \ = sat (Disj (simp (Conj Q (DISJ (qps G)))) + (DISJ ((\y. Conj (cp (Q[x \<^bold>\ y])) (x \ y)) ` eqs x G))) I \" + (is "sat Q I \ = sat ?Q I \") +proof - + from assms(1) have fv: "fv ?Q \ fv Q" + by (auto dest!: fv_cp[THEN set_mp] fv_simp[THEN set_mp] fv_DISJ[THEN set_mp, rotated -1] + eqs_in qps_in cov_fv[OF assms(1,2)] simp: fv_subst simp del: cp.simps split: if_splits) + show ?thesis + by (subst cov_equiv[OF assms(1) sat_simp, unfolded equiv_def, rule_format, OF assms(3)]) + (auto simp: assms(4)) +qed + +lemma equiv_eval_eqI: "finite (adom I) \ fv Q = fv Q' \ Q \ Q' \ eval Q I = eval Q' I" + by (auto simp: eval_deep_def equiv_def) + +lemma equiv_eval_on_eqI: "finite (adom I) \ Q \ Q' \ eval_on X Q I = eval_on X Q' I" + by (auto simp: eval_on_def equiv_def) + +lemma equiv_eval_on_eval_eqI: "finite (adom I) \ fv Q \ fv Q' \ Q \ Q' \ eval_on (fv Q') Q I = eval Q' I" + by (auto simp: eval_deep_def eval_on_def equiv_def) + +lemma finite_eval_on_Disj2D: + assumes "finite X" + shows "finite (eval_on X (Disj Q1 Q2) I) \ finite (eval_on X Q2 I)" + unfolding eval_on_def Let_def + by (auto elim!: finite_subset[rotated]) + +lemma finite_eval_Disj2D: "finite (eval (Disj Q1 Q2) I) \ finite (eval Q2 I)" + unfolding eval_deep_def Let_def +proof (safe elim!: finite_surj) + fix ds \ + assume "length (sorted_list_of_set (fv Q2)) = length ds" "sat Q2 I (\[sorted_list_of_set (fv Q2) :=\<^sup>* ds])" + moreover obtain zs where "zs \ extend (fv Q2) (sorted_list_of_set (fv Q1 \ fv Q2)) ds" + using extend_nonempty by blast + ultimately show "ds \ restrict (fv Q2) (sorted_list_of_set (fv (Disj Q1 Q2))) ` + {ds. length (sorted_list_of_set (fv (Disj Q1 Q2))) = length ds \ + (\\. sat (Disj Q1 Q2) I (\[sorted_list_of_set (fv (Disj Q1 Q2)) :=\<^sup>* ds]))}" + by (auto simp: Let_def image_iff restrict_extend fun_upds_extend length_extend + elim!: sat_fv_cong[THEN iffD2, rotated -1] + intro!: exI[of _ zs] exI[of _ \] disjI2) +qed + +lemma infinite_eval_Disj2: + fixes Q1 Q2 :: "('a :: {infinite, linorder}, 'b :: linorder) fmla" + assumes "fv Q2 \ fv (Disj Q1 Q2)" "sat Q2 I \" + shows "infinite (eval (Disj Q1 Q2) I)" +proof - + from assms(1) obtain z where "z \ fv Q1" "z \ fv Q2" + by auto + then have "d \ (\ds. lookup (sorted_list_of_set (fv Q1 \ fv Q2)) ds z) ` eval (Disj Q1 Q2) I" for d + using assms(2) + by (auto simp: fun_upds_map_self eval_deep_def Let_def length_extend intro!: exI[of _ \] disjI2 imageI + dest!: ex_lookup_extend[of _ _ "(sorted_list_of_set (fv Q1 \ fv Q2))" "map \ (sorted_list_of_set (fv Q2))" d] + elim!: sat_fv_cong[THEN iffD2, rotated -1] fun_upds_extend[THEN trans]) + then show ?thesis + by (rule infinite_surj[OF infinite_UNIV, OF subsetI]) +qed + +lemma infinite_eval_on_Disj2: + fixes Q1 Q2 :: "('a :: {infinite, linorder}, 'b :: linorder) fmla" + assumes "fv Q2 \ X" "fv Q1 \ X""finite X" "sat Q2 I \" + shows "infinite (eval_on X (Disj Q1 Q2) I)" +proof - + from assms(1) obtain z where "z \ X" "z \ fv Q2" + by auto + then have "d \ (\ds. lookup (sorted_list_of_set X) ds z) ` eval_on X (Disj Q1 Q2) I" for d + using assms ex_lookup_extend[of z "fv Q2" "(sorted_list_of_set X)" "map \ (sorted_list_of_set (fv Q2))" d] + by (auto simp: fun_upds_map_self eval_on_def Let_def subset_eq length_extend intro!: exI[of _ \] disjI2 imageI + elim!: sat_fv_cong[THEN iffD2, rotated -1] fun_upds_extend[rotated -1, THEN trans]) + then show ?thesis + by (rule infinite_surj[OF infinite_UNIV, OF subsetI]) +qed + +lemma cov_eval_inf: + fixes Q :: "('a :: {infinite, linorder}, 'b :: linorder) fmla" + assumes "cov x Q G" "x \ fv Q" "finite (adom I)" "sat (Q \<^bold>\ x) I \" + shows "infinite (eval Q I)" +proof - + let ?Q1 = "Conj Q (DISJ (qps G))" + let ?Q2 = "DISJ ((\y. Conj (cp (Q[x \<^bold>\ y])) (x \ y)) ` eqs x G)" + define Q3 where "Q3 = Conj (Q \<^bold>\ x) (Neg (Disj (DISJ (qps G)) (DISJ ((\y. x \ y) ` eqs x G))))" + let ?Q = "Disj ?Q1 (Disj ?Q2 Q3)" + from assms(1) have fv123: "fv ?Q1 \ fv Q" "fv ?Q2 \ fv Q" "fv Q3 \ fv Q" and fin_fv[simp]: "finite (fv Q3)" unfolding Q3_def + by (auto dest!: fv_cp[THEN set_mp] fv_DISJ[THEN set_mp, rotated 1] fv_erase[THEN set_mp] + eqs_in qps_in cov_fv[OF assms(1,2)] simp: fv_subst simp del: cp.simps) + then have fv: "fv ?Q \ fv Q" + by auto + from assms(1,2,4) have sat: "sat Q3 I (\(x := d))" if "d \ adom I \ csts Q \ \ ` fv Q" for d + using that cov_fv[OF assms(1,2) qps_in] cov_fv[OF assms(1,2) eqs_in, of _ x] + qp_fresh_val[OF qps_qp, of _ G "\(x := d)" x I] cov_csts[OF assms(1) qps_in] + by (auto 5 2 simp: image_iff Q3_def elim!: sat_fv_cong[THEN iffD2, rotated -1] + dest: fv_erase[THEN set_mp] dest: eqs_in) + from assms(3) have inf: "infinite {d. d \ adom I \ csts Q \ \ ` fv Q}" + unfolding Compl_eq[symmetric] Compl_eq_Diff_UNIV + by (intro Diff_infinite_finite) (auto simp: infinite_UNIV) + { assume "x \ fv Q3" + let ?f = "\ds. lookup (sorted_list_of_set (fv Q)) ds x" + from inf have "infinite (eval_on (fv Q) Q3 I)" + proof (rule infinite_surj[where f="?f"], intro subsetI, elim CollectE) + fix z + assume "z \ adom I \ csts Q \ \ ` fv Q" + with \x \ fv Q3\ fv123 sat show "z \ ?f ` eval_on (fv Q) Q3 I" + by (auto simp: eval_on_def image_iff Let_def fun_upds_single subset_eq simp del: cp.simps + intro!: exI[of _ \] exI[of _ "map (\(x := z)) (sorted_list_of_set (fv Q))"]) + qed + then have "infinite (eval_on (fv Q) ?Q I)" + by (rule contrapos_nn) (auto dest!: finite_eval_on_Disj2D[rotated]) + } + moreover + { assume x: "x \ fv Q3" + from inf obtain d where "d \ adom I \ csts Q \ \ ` fv Q" + by (meson not_finite_existsD) + with fv123 sat[of d] assms(2) x have "infinite (eval_on (fv Q) (Disj (Disj ?Q1 ?Q2) Q3) I)" + by (intro infinite_eval_on_Disj2[of _"fv Q" _ _ "(\(x := d))"]) (auto simp del: cp.simps) + moreover have "eval_on (fv Q) (Disj (Disj ?Q1 ?Q2) Q3) I = eval_on (fv Q) ?Q I" + by (rule equiv_eval_on_eqI[OF assms(3) equiv_Disj_Assoc]) + ultimately have "infinite (eval_on (fv Q) ?Q I)" + by simp + } + moreover have "eval Q I = eval_on (fv Q) ?Q I" + unfolding Q3_def + by (rule equiv_eval_on_eval_eqI[symmetric, OF assms(3) fv[unfolded Q3_def] cov_equiv[OF assms(1) refl, THEN equiv_sym]]) + ultimately show ?thesis + by auto +qed + +subsection \More on Evaluation\ + +lemma eval_Bool_False[simp]: "eval (Bool False) I = {}" + by (auto simp: eval_deep_def) + +lemma eval_on_False[simp]: "eval_on X (Bool False) I = {}" + by (auto simp: eval_on_def) + +lemma eval_DISJ_prune_unsat: "finite B \ A \ B \ \Q \ B - A. \\. \ sat Q I \ \ eval_on X (DISJ A) I = eval_on X (DISJ B) I" + by (auto simp: eval_on_def finite_subset) + +lemma eval_DISJ: "finite \ \ \Q \ \. fv Q = A \ eval_on A (DISJ \) I = (\Q \ \. eval Q I)" + by (auto simp: eval_deep_def eval_on_def) + +lemma eval_cp_DISJ_closed: "finite \ \ \Q \ \. fv Q = {} \ eval (cp (DISJ \)) I = (\Q \ \. eval Q I)" + using fv_DISJ[of \] fv_cp[of "DISJ \"] by (auto simp: eval_deep_def) + +lemma (in simplification) eval_simp_DISJ_closed: "finite \ \ \Q \ \. fv Q = {} \ eval (simp (DISJ \)) I = (\Q \ \. eval Q I)" + using fv_DISJ[of \] fv_simp[of "DISJ \"] by (auto simp: eval_deep_def sat_simp) + +lemma eval_cong: "fv Q = fv Q' \ (\\. sat Q I \ = sat Q' I \) \ eval Q I = eval Q' I" + by (auto simp: eval_deep_def) + +lemma eval_on_cong: "(\\. sat Q I \ = sat Q' I \) \ eval_on X Q I = eval_on X Q' I" + by (auto simp: eval_on_def) + +lemma eval_empty_alt: "eval Q I = {} \ (\\. \ sat Q I \)" +proof (intro iffI allI) + fix \ + assume "eval Q I = {}" + then show "\ sat Q I \" + by (auto simp: eval_deep_def fun_upds_map_self + dest!: spec[of _ "map \ (sorted_list_of_set (fv Q))"] spec[of _ \]) +qed (auto simp: eval_deep_def) + +lemma sat_EXISTS: "distinct xs \ sat (EXISTS xs Q) I \ = (\ds. length ds = length xs \ sat Q I (\[xs :=\<^sup>* ds]))" +proof (induct xs arbitrary: Q \) + case (Cons x xs) + then show ?case + by (auto 0 3 simp: EXISTS_def length_Suc_conv fun_upds_twist fun_upd_def[symmetric]) +qed (simp add: EXISTS_def) + +lemma eval_empty_close: "eval (close Q) I = {} \ (\\. \ sat Q I \)" + by (subst eval_empty_alt) + (auto simp: sat_EXISTS fun_upds_map_self dest: spec2[of _ \ "map \(sorted_list_of_set (fv Q))" for \]) + +lemma infinite_eval_on_extra_variables: + assumes "finite X" "fv (Q :: ('a :: infinite, 'b) fmla) \ X" "\\. sat Q I \" + shows "infinite (eval_on X Q I)" +proof - + from assms obtain x \ where "x \ X - fv Q" "fv Q \ X" "sat Q I \" + by auto + with assms(1) show ?thesis + by (intro infinite_surj[OF infinite_UNIV, of "\ds. ds ! index (sorted_list_of_set X) x"]) + (force simp: eval_on_def image_iff fun_upds_in + elim!: sat_fv_cong[THEN iffD1, rotated] + intro!: exI[of _ "map (\y. if x = y then _ else \ y) (sorted_list_of_set X)"] exI[of _ \]) +qed + +lemma eval_on_cp: "eval_on X (cp Q) = eval_on X Q" + by (auto simp: eval_on_def) + +lemma (in simplification) eval_on_simp: "eval_on X (simp Q) = eval_on X Q" + by (auto simp: eval_on_def sat_simp) + +lemma (in simplification) eval_simp_False: "eval (simp (Bool False)) I = {}" + using fv_simp[of "Bool False"] by (auto simp: eval_deep_def sat_simp) + +abbreviation "idx_of_var x Q \ index (sorted_list_of_set (fv Q)) x" + +lemma evalE: "ds \ eval Q I \ (\\. length ds = card (fv Q) \ sat Q I (\[sorted_list_of_set (fv Q) :=\<^sup>* ds]) \ R) \ R" + unfolding eval_deep_def by auto + +lemma infinite_eval_Conj: + assumes "x \ fv Q" "infinite (eval Q I)" + shows "infinite (eval (Conj Q (x \ y)) I)" + (is "infinite (eval ?Qxy I)") +proof (cases "x = y") + case True + let ?f = "remove_nth (idx_of_var x ?Qxy)" + let ?g = "insert_nth (idx_of_var x ?Qxy) undefined" + show ?thesis + using assms(2) + proof (elim infinite_surj[of _ ?f], intro subsetI, elim evalE) + fix ds \ + assume ds: "length ds = card (fv Q)" "sat Q I (\[sorted_list_of_set (fv Q) :=\<^sup>* ds])" + show "ds \ ?f ` eval ?Qxy I" + proof (intro image_eqI[of _ _ "?g ds"]) + from ds assms(1) True show "ds = ?f (?g ds)" + by (intro remove_nth_insert_nth[symmetric]) + (auto simp: less_Suc_eq_le[symmetric] set_insort_key) + next + from ds assms(1) True show "?g ds \ eval ?Qxy I" + by (auto simp: eval_deep_def Let_def length_insert_nth distinct_insort set_insort_key fun_upds_in + simp del: insert_nth_take_drop elim!: sat_fv_cong[THEN iffD1, rotated] + intro!: exI[of _ \] trans[OF _ insert_nth_nth_index[symmetric]]) + qed + qed +next + case xy: False + show ?thesis + proof (cases "y \ fv Q") + case True + let ?f = "remove_nth (idx_of_var x ?Qxy)" + let ?g = "\ds. insert_nth (idx_of_var x ?Qxy) (ds ! idx_of_var y Q) ds" + from assms(2) show ?thesis + proof (elim infinite_surj[of _ ?f], intro subsetI, elim evalE) + fix ds \ + assume ds: "length ds = card (fv Q)" "sat Q I (\[sorted_list_of_set (fv Q) :=\<^sup>* ds])" + show "ds \ ?f ` eval ?Qxy I" + proof (intro image_eqI[of _ _ "?g ds"]) + from ds assms(1) True show "ds = ?f (?g ds)" + by (intro remove_nth_insert_nth[symmetric]) + (auto simp: less_Suc_eq_le[symmetric] set_insort_key) + next + from assms(1) True have "remove1 x (insort y (sorted_list_of_set (insert x (fv Q) - {y}))) = sorted_list_of_set (fv Q)" + by (metis Diff_insert_absorb finite_fv finite_insert insert_iff + sorted_list_of_set.fold_insort_key.remove sorted_list_of_set.sorted_key_list_of_set_remove) + moreover have "index (insort y (sorted_list_of_set (insert x (fv Q) - {y}))) x \ length ds" + using ds(1) assms(1) True + by (subst less_Suc_eq_le[symmetric]) (auto simp: set_insort_key intro: index_less_size) + ultimately show "?g ds \ eval ?Qxy I" + using ds assms(1) True + by (auto simp: eval_deep_def Let_def length_insert_nth distinct_insort set_insort_key fun_upds_in nth_insert_nth + simp del: insert_nth_take_drop elim!: sat_fv_cong[THEN iffD1, rotated] + intro!: exI[of _ \] trans[OF _ insert_nth_nth_index[symmetric]]) + qed + qed + next + case False + let ?Qxx = "Conj Q (x \ x)" + let ?f = "remove_nth (idx_of_var x ?Qxx) o remove_nth (idx_of_var y ?Qxy)" + let ?g1 = "insert_nth (idx_of_var y ?Qxy) undefined" + let ?g2 = "insert_nth (idx_of_var x ?Qxx) undefined" + let ?g = "?g1 o ?g2" + from assms(2) show ?thesis + proof (elim infinite_surj[of _ ?f], intro subsetI, elim evalE) + fix ds \ + assume ds: "length ds = card (fv Q)" "sat Q I (\[sorted_list_of_set (fv Q) :=\<^sup>* ds])" + then show "ds \ ?f ` eval ?Qxy I" + proof (intro image_eqI[of _ _ "?g ds"]) + from ds assms(1) xy False show "ds = ?f (?g ds)" + by (auto simp: less_Suc_eq_le[symmetric] set_insort_key index_less_size + length_insert_nth remove_nth_insert_nth simp del: insert_nth_take_drop) + next + from ds(1) have "index (insort x (sorted_list_of_set (fv Q))) x \ length ds" + by (auto simp: less_Suc_eq_le[symmetric] set_insort_key) + moreover from ds(1) have "index (insort y (insort x (sorted_list_of_set (fv Q)))) y \ Suc (length ds)" + by (auto simp: less_Suc_eq_le[symmetric] set_insort_key) + ultimately show "?g ds \ eval ?Qxy I" + using ds assms(1) xy False unfolding eval_deep_def Let_def + by (auto simp: fun_upds_in distinct_insort set_insort_key length_insert_nth + insert_nth_nth_index nth_insert_nth elim!: sat_fv_cong[THEN iffD1, rotated] + intro!: exI[of _ \] trans[OF _ insert_nth_nth_index[symmetric]] simp del: insert_nth_take_drop) [] + qed + qed + qed + qed + +lemma infinite_Implies_mono_on: "infinite (eval_on X Q I) \ finite X \ (\\. sat (Impl Q Q') I \) \ infinite (eval_on X Q' I)" + by (erule contrapos_nn, rule finite_subset[rotated]) (auto simp: eval_on_def image_iff) + +(*<*) +end +(*>*) \ No newline at end of file diff --git a/thys/Safe_Range_RC/Restrict_Bounds.thy b/thys/Safe_Range_RC/Restrict_Bounds.thy new file mode 100644 --- /dev/null +++ b/thys/Safe_Range_RC/Restrict_Bounds.thy @@ -0,0 +1,183 @@ +(*<*) +theory Restrict_Bounds +imports + Relational_Calculus + "Collections.Collections" +begin +(*>*) + +section \Restricting Bound Variables\ + +fun flat_Disj where + "flat_Disj (Disj Q1 Q2) = flat_Disj Q1 \ flat_Disj Q2" +| "flat_Disj Q = {Q}" + +lemma finite_flat_Disj[simp]: "finite (flat_Disj Q)" + by (induct Q rule: flat_Disj.induct) auto + +lemma DISJ_flat_Disj: "DISJ (flat_Disj Q) \ Q" + by (induct Q rule: flat_Disj.induct) (auto simp: DISJ_union[THEN equiv_trans] simp del: cp.simps) + +lemma fv_flat_Disj: "(\Q' \ flat_Disj Q. fv Q') = fv Q" + by (induct Q rule: flat_Disj.induct) auto + +lemma fv_flat_DisjD: "Q' \ flat_Disj Q \ x \ fv Q' \ x \ fv Q" + by (auto simp: fv_flat_Disj[of Q, symmetric]) + +lemma cpropagated_flat_DisjD: "Q' \ flat_Disj Q \ cpropagated Q \ cpropagated Q'" + by (induct Q rule: flat_Disj.induct) auto + +lemma flat_Disj_sub: "flat_Disj Q \ sub Q" + by (induct Q) auto + +lemma (in simplification) simplified_flat_DisjD: "Q' \ flat_Disj Q \ simplified Q \ simplified Q'" + by (elim simplified_sub set_mp[OF flat_Disj_sub]) + +definition fixbound where + "fixbound \ x = {Q \ \. x \ nongens Q}" + +definition (in simplification) rb_spec where + "rb_spec Q = SPEC (\Q'. rrb Q' \ simplified Q' \ Q \ Q' \ fv Q' \ fv Q)" + +definition (in simplification) rb_INV where + "rb_INV x Q \ = (finite \ \ + Exists x Q \ DISJ (exists x ` \) \ + (\Q' \ \. rrb Q' \ fv Q' \ fv Q \ simplified Q'))" + +lemma (in simplification) rb_INV_I: + "finite \ \ Exists x Q \ DISJ (exists x ` \) \ (\Q'. Q' \ \ \ rrb Q') \ + (\Q'. Q' \ \ \ fv Q' \ fv Q) \ (\Q'. Q' \ \ \ simplified Q') \ rb_INV x Q \" + unfolding rb_INV_def by auto + +fun (in simplification) rb :: "('a :: {infinite, linorder}, 'b :: linorder) fmla \ ('a, 'b) fmla nres" where + "rb (Neg Q) = do { Q' \ rb Q; RETURN (simp (Neg Q'))}" +| "rb (Disj Q1 Q2) = do { Q1' \ rb Q1; Q2' \ rb Q2; RETURN (simp (Disj Q1' Q2'))}" +| "rb (Conj Q1 Q2) = do { Q1' \ rb Q1; Q2' \ rb Q2; RETURN (simp (Conj Q1' Q2'))}" +| "rb (Exists x Q) = do { + Q' \ rb Q; + \ \ WHILE\<^sub>T\<^bsup>rb_INV x Q'\<^esup> + (\\. fixbound \ x \ {}) (\\. do { + Qfix \ RES (fixbound \ x); + G \ SPEC (cov x Qfix); + RETURN (\ - {Qfix} \ + {simp (Conj Qfix (DISJ (qps G)))} \ + (\y \ eqs x G. {cp (Qfix[x \<^bold>\ y])}) \ + {cp (Qfix \<^bold>\ x)})}) + (flat_Disj Q'); + RETURN (simp (DISJ (exists x ` \)))}" +| "rb Q = do { RETURN (simp Q) }" + +lemma (in simplification) cov_fixbound: "cov x Q G \ x \ fv Q \ + fixbound (insert (cp (Q \<^bold>\ x)) (insert (simp (Conj Q (DISJ (qps G)))) + (\ - {Q} \ ((\y. cp (Q[x \<^bold>\ y])) ` eqs x G)))) x = fixbound \ x - {Q}" + using Gen_simp[OF cov_Gen_qps[of x Q G]] + by (auto 4 4 simp: fixbound_def nongens_def fv_subst split: if_splits + dest!: fv_cp[THEN set_mp] fv_simp[THEN set_mp] fv_erase[THEN set_mp] dest: arg_cong[of _ _ fv] simp del: cp.simps) + +lemma finite_fixbound[simp]: "finite \ \ finite (fixbound \ x)" + unfolding fixbound_def by auto + +lemma fixboundE[elim_format]: "Q \ fixbound \ x \ x \ fv Q \ Q \ \ \ \ Gen x Q" + unfolding fixbound_def nongens_def by auto + +lemma fixbound_fv: "Q \ fixbound \ x \ x \ fv Q" + unfolding fixbound_def nongens_def by auto + +lemma fixbound_in: "Q \ fixbound \ x \ Q \ \" + unfolding fixbound_def nongens_def by auto + +lemma fixbound_empty_Gen: "fixbound \ x = {} \ x \ fv Q \ Q \ \ \ Gen x Q" + unfolding fixbound_def nongens_def by auto + +lemma fixbound_insert: + "fixbound (insert Q \) x = (if Gen x Q \ x \ fv Q then fixbound \ x else insert Q (fixbound \ x))" + by (auto simp: fixbound_def nongens_def) + +lemma fixbound_empty[simp]: + "fixbound {} x = {}" + by (auto simp: fixbound_def) + +lemma flat_Disj_Exists_sub: "Q' \ flat_Disj Q \ Exists y Qy \ sub Q' \ Exists y Qy \ sub Q" + by (induct Q arbitrary: Q' rule: flat_Disj.induct) auto + +lemma rrb_flat_Disj[simp]: "Q \ flat_Disj Q' \ rrb Q' \ rrb Q" + by (induct Q' rule: flat_Disj.induct) auto + +lemma (in simplification) rb_INV_finite[simp]: "rb_INV x Q \ \ finite \" + by (auto simp: rb_INV_def) + +lemma (in simplification) rb_INV_fv: "rb_INV x Q \ \ Q' \ \ \ z \ fv Q' \ z \ fv Q" + by (auto simp: rb_INV_def) + +lemma (in simplification) rb_INV_rrb: "rb_INV x Q \ \ Q' \ \ \ rrb Q'" + by (auto simp: rb_INV_def) + +lemma (in simplification) rb_INV_cpropagated: "rb_INV x Q \ \ Q' \ \ \ simplified Q'" + by (auto simp: rb_INV_def) + +lemma (in simplification) rb_INV_equiv: "rb_INV x Q \ \ Exists x Q \ DISJ (exists x ` \)" + by (auto simp: rb_INV_def) + +lemma (in simplification) rb_INV_init[simp]: "simplified Q \ rrb Q \ rb_INV x Q (flat_Disj Q)" + by (auto simp: rb_INV_def fv_flat_DisjD simplified_flat_DisjD + equiv_trans[OF equiv_Exists_cong[OF DISJ_flat_Disj[THEN equiv_sym]] Exists_DISJ, simplified]) + +lemma (in simplification) rb_INV_step[simp]: + fixes Q :: "('a :: {infinite, linorder}, 'b :: linorder) fmla" + assumes "rb_INV x Q \" "Q' \ fixbound \ x" "cov x Q' G" + shows "rb_INV x Q (insert (cp (Q' \<^bold>\ x)) (insert (simp (Conj Q' (DISJ (qps G)))) (\ - {Q'} \ (\y. cp (Q'[x \<^bold>\ y])) ` eqs x G)))" +proof (rule rb_INV_I, goal_cases finite equiv rrb fv simplified) + case finite + from assms(1,3) show ?case by simp +next + case equiv + from assms show ?case + unfolding rb_INV_def + by (auto 0 5 simp: fixbound_fv exists_cp_erase exists_cp_subst eqs_noteq exists_Exists + image_image image_Un insert_commute ac_simps dest: fixbound_in elim!: equiv_trans + intro: + equiv_trans[OF DISJ_push_in] + equiv_trans[OF DISJ_insert_reorder'] + equiv_trans[OF DISJ_insert_reorder] + intro!: + equiv_trans[OF DISJ_exists_pull_out] + equiv_trans[OF equiv_Disj_cong[OF cov_Exists_equiv equiv_refl]] + equiv_trans[OF equiv_Disj_cong[OF equiv_Disj_cong[OF equiv_Exists_exists_cong[OF equiv_refl] equiv_refl] equiv_refl]] + simp del: cp.simps) +next + case (rrb Q) + with assms show ?case + unfolding rb_INV_def + by (auto intro!: rrb_cp_subst rrb_cp[OF rrb_erase] rrb_simp[of "Conj _ _"] dest: fixbound_in simp del: cp.simps) +next + case (fv Q') + with assms show ?case + unfolding rb_INV_def + by (auto 0 4 dest!: fv_cp[THEN set_mp] fv_simp[THEN set_mp] fv_DISJ[THEN set_mp, rotated 1] fv_erase[THEN set_mp] + cov_fv[OF assms(3) _ qps_in, rotated] + cov_fv[OF assms(3) _ eqs_in, rotated] dest: fixbound_in + simp: fv_subst fixbound_fv split: if_splits simp del: cp.simps) +next + case (simplified Q') + with assms show ?case + unfolding rb_INV_def by (auto simp: simplified_simp simplified_cp simp del: cp.simps) +qed + +lemma (in simplification) rb_correct: + fixes Q :: "('a :: {linorder, infinite}, 'b :: linorder) fmla" + shows "rb Q \ rb_spec Q" +proof (induct Q rule: rb.induct[case_names Neg Disj Conj Exists Pred Bool Eq]) + case (Exists x Q) + then show ?case + unfolding rb.simps rb_spec_def bind_rule_complete + by (rule order_trans, refine_vcg WHILEIT_rule[where R="measure (\\. card (fixbound \ x))"]) + (auto simp: rb_INV_rrb rrb_simp simplified_simp fixbound_fv equiv_trans[OF equiv_Exists_cong rb_INV_equiv] + cov_fixbound fixbound_empty_Gen card_gt_0_iff UNION_singleton_eq_range subset_eq + intro!: equiv_simp[THEN equiv_trans, THEN equiv_sym, OF equiv_sym] + dest!: fv_DISJ[THEN set_mp, rotated 1] fv_simp[THEN set_mp] elim!: bspec elim: rb_INV_fv simp del: cp.simps) +qed (auto simp: rb_spec_def bind_rule_complete rrb_simp simplified_simp subset_eq dest!: fv_simp[THEN set_mp] + elim!: order_trans intro!: equiv_simp[THEN equiv_trans, THEN equiv_sym, OF equiv_sym] simp del: cp.simps) + +(*<*) +end +(*>*) \ No newline at end of file diff --git a/thys/Safe_Range_RC/Restrict_Bounds_Impl.thy b/thys/Safe_Range_RC/Restrict_Bounds_Impl.thy new file mode 100644 --- /dev/null +++ b/thys/Safe_Range_RC/Restrict_Bounds_Impl.thy @@ -0,0 +1,198 @@ +(*<*) +theory Restrict_Bounds_Impl +imports Restrict_Bounds +begin +(*>*) + +section \Refining the Non-Deterministic @{term simplification.rb} Function\ + +fun gen_size where + "gen_size (Bool b) = 1" +| "gen_size (Eq x t) = 1" +| "gen_size (Pred p ts) = 1" +| "gen_size (Neg (Neg Q)) = Suc (gen_size Q)" +| "gen_size (Neg (Conj Q1 Q2)) = Suc (Suc (gen_size (Neg Q1) + gen_size (Neg Q2)))" +| "gen_size (Neg (Disj Q1 Q2)) = Suc (Suc (gen_size (Neg Q1) + gen_size (Neg Q2)))" +| "gen_size (Neg Q) = Suc (gen_size Q)" +| "gen_size (Conj Q1 Q2) = Suc (gen_size Q1 + gen_size Q2)" +| "gen_size (Disj Q1 Q2) = Suc (gen_size Q1 + gen_size Q2)" +| "gen_size (Exists x Q) = Suc (gen_size Q)" + + +function (sequential) gen_impl where + "gen_impl x (Bool False) = [{}]" +| "gen_impl x (Bool True) = []" +| "gen_impl x (Eq y (Const c)) = (if x = y then [{Eq y (Const c)}] else [])" +| "gen_impl x (Eq y (Var z)) = []" +| "gen_impl x (Pred p ts) = (if x \ fv_terms_set ts then [{Pred p ts}] else [])" +| "gen_impl x (Neg (Neg Q)) = gen_impl x Q" +| "gen_impl x (Neg (Conj Q1 Q2)) = gen_impl x (Disj (Neg Q1) (Neg Q2))" +| "gen_impl x (Neg (Disj Q1 Q2)) = gen_impl x (Conj (Neg Q1) (Neg Q2))" +| "gen_impl x (Neg _) = []" +| "gen_impl x (Disj Q1 Q2) = [G1 \ G2. G1 \ gen_impl x Q1, G2 \ gen_impl x Q2]" +| "gen_impl x (Conj Q1 (y \ z)) = (if x = y then List.union (gen_impl x Q1) (map (image (\Q. cp (Q[z \<^bold>\ x]))) (gen_impl z Q1)) + else if x = z then List.union (gen_impl x Q1) (map (image (\Q. cp (Q[y \<^bold>\ x]))) (gen_impl y Q1)) + else gen_impl x Q1)"| + "gen_impl x (Conj Q1 Q2) = List.union (gen_impl x Q1) (gen_impl x Q2)" +| "gen_impl x (Exists y Q) = (if x = y then [] else map (image (exists y)) (gen_impl x Q))" + by pat_completeness auto +termination by (relation "measure (\(x, Q). gen_size Q)") simp_all + +lemma gen_impl_gen: "G \ set (gen_impl x Q) \ gen x Q G" + by (induct x Q arbitrary: G rule: gen_impl.induct) + (auto 5 2 simp: fv_terms_set_def intro: gen.intros simp: image_iff split: if_splits) + +lemma gen_gen_impl: "gen x Q G \ G \ set (gen_impl x Q)" +proof (induct x Q G rule: gen.induct) + case (7 x Q1 G Q2) + then show ?case + proof (cases Q2) + case (Eq x t) + with 7 show ?thesis + by (cases t) auto + qed auto +qed (auto elim!: ap.cases simp: image_iff) + +lemma set_gen_impl: "set (gen_impl x Q) = {G. gen x Q G}" + by (auto simp: gen_impl_gen gen_gen_impl) + +definition "flat xss = fold List.union xss []" + +(*much faster than fun*) +primrec cov_impl where + "cov_impl x (Bool b) = [{}]" +| "cov_impl x (Eq y t) = (case t of + Const c \ [if x = y then {Eq y (Const c)} else {}] + | Var z \ [if x = y \ x \ z then {x \ z} + else if x = z \ x \ y then {x \ y} + else {}])" +| "cov_impl x (Pred p ts) = [if x \ fv_terms_set ts then {Pred p ts} else {}]" +| "cov_impl x (Neg Q) = cov_impl x Q" +| "cov_impl x (Disj Q1 Q2) = (case (cp (Q1 \<^bold>\ x), cp (Q2 \<^bold>\ x)) of + (Bool True, Bool True) \ List.union (cov_impl x Q1) (cov_impl x Q2) + | (Bool True, _) \ cov_impl x Q1 + | (_, Bool True) \ cov_impl x Q2 + | (_, _) \ [G1 \ G2. G1 \ cov_impl x Q1, G2 \ cov_impl x Q2])" +| "cov_impl x (Conj Q1 Q2) = (case (cp (Q1 \<^bold>\ x), cp (Q2 \<^bold>\ x)) of + (Bool False, Bool False) \ List.union (cov_impl x Q1) (cov_impl x Q2) + | (Bool False, _) \ cov_impl x Q1 + | (_, Bool False) \ cov_impl x Q2 + | (_, _) \ [G1 \ G2. G1 \ cov_impl x Q1, G2 \ cov_impl x Q2])" +| "cov_impl x (Exists y Q) = (if x = y then [{}] else flat (map (\G. + (if x \ y \ G then [exists y ` (G - {x \ y}) \ (\Q. cp (Q[y \<^bold>\ x])) ` G'. G' \ gen_impl y Q] + else [exists y ` G])) (cov_impl x Q)))" + +lemma union_empty_iff: "List.union xs ys = [] \ xs = [] \ ys = []" + by (induct xs arbitrary: ys) (force simp: List.union_def List.insert_def)+ + +lemma fold_union_empty_iff: "fold List.union xss ys = [] \ (\xs \ set xss. xs = []) \ ys = []" + by (induct xss arbitrary: ys) (auto simp: union_empty_iff) + +lemma flat_empty_iff: "flat xss = [] \ (\xs \ set xss. xs = [])" + by (auto simp: flat_def fold_union_empty_iff) + +lemma set_fold_union: "set (fold List.union xss ys) = (\ (set ` set xss)) \ set ys" + by (induct xss arbitrary: ys) auto + +lemma set_flat: "set (flat xss) = \ (set ` set xss)" + unfolding flat_def by (auto simp: set_fold_union) + +lemma rrb_cov_impl: "rrb Q \ cov_impl x Q \ []" +proof (induct Q arbitrary: x) + case (Exists y Q) + then show ?case + by (cases "\G \ set (cov_impl x Q). x \ y \ G") + (auto simp: flat_empty_iff image_iff dest: gen_gen_impl intro!: UnI1 bexI[rotated]) +qed (auto split: term.splits fmla.splits bool.splits simp: union_empty_iff) + +lemma cov_Eq_self: "cov x (y \ y) {}" + by (metis Un_absorb cov.Eq_self cov.nonfree fv.simps(3) fv_term_set.simps(1) singletonD) + +lemma cov_impl_cov: "G \ set (cov_impl x Q) \ cov x Q G" +proof (induct Q arbitrary: x G) + case (Eq y t) + then show ?case + by (auto simp: cov_Eq_self intro: cov.intros ap.intros split: term.splits) +qed (auto simp: set_flat set_gen_impl intro: cov.intros ap.intros + split: term.splits fmla.splits bool.splits if_splits) + +definition "fixbound_impl \ x = filter (\Q. x \ fv Q \ gen_impl x Q = []) (sorted_list_of_set \)" + +lemma set_fixbound_impl: "finite \ \ set (fixbound_impl \ x) = fixbound \ x" + by (auto simp: fixbound_def nongens_def fixbound_impl_def set_gen_impl + dest: arg_cong[of _ _ set] simp flip: List.set_empty) + +lemma fixbound_empty_iff: "finite \ \ fixbound \ x \ {} \ fixbound_impl \ x \ []" + by (auto simp: set_fixbound_impl dest: arg_cong[of _ _ set] simp flip: List.set_empty) + +lemma fixbound_impl_hd_in: "finite \ \ fixbound_impl \ x = y # ys \ y \ \" + by (auto simp: fixbound_impl_def dest!: arg_cong[of _ _ set]) + +fun (in simplification) rb_impl :: "('a :: {infinite, linorder}, 'b :: linorder) fmla \ ('a, 'b) fmla nres" where + "rb_impl (Neg Q) = do { Q' \ rb_impl Q; RETURN (simp (Neg Q'))}" +| "rb_impl (Disj Q1 Q2) = do { Q1' \ rb_impl Q1; Q2' \ rb_impl Q2; RETURN (simp (Disj Q1' Q2'))}" +| "rb_impl (Conj Q1 Q2) = do { Q1' \ rb_impl Q1; Q2' \ rb_impl Q2; RETURN (simp (Conj Q1' Q2'))}" +| "rb_impl (Exists x Q) = do { + Q' \ rb_impl Q; + \ \ WHILE + (\\. fixbound_impl \ x \ []) (\\. do { + Qfix \ RETURN (hd (fixbound_impl \ x)); + G \ RETURN (hd (cov_impl x Qfix)); + RETURN (\ - {Qfix} \ + {simp (Conj Qfix (DISJ (qps G)))} \ + (\y \ eqs x G. {cp (Qfix[x \<^bold>\ y])}) \ + {cp (Qfix \<^bold>\ x)})}) + (flat_Disj Q'); + RETURN (simp (DISJ (exists x ` \)))}" +| "rb_impl Q = do { RETURN (simp Q) }" + +lemma (in simplification) rb_impl_refines_rb: "rb_impl Q \ rb Q" + apply (induct Q) + apply (unfold rb.simps rb_impl.simps) + apply refine_mono + apply refine_mono + apply refine_mono + apply refine_mono + apply refine_mono + apply refine_mono + apply refine_mono + subgoal for x Q' Q + apply (rule order_trans[OF WHILE_le_WHILEI[where I="rb_INV x Q"]]) + apply (rule order_trans[OF WHILEI_le_WHILEIT]) + apply (rule WHILEIT_refine[OF _ _ _ refine_IdI, THEN refine_IdD]) + apply (simp_all add: fixbound_empty_iff) [3] + apply refine_mono + apply (auto simp flip: set_fixbound_impl simp: neq_Nil_conv fixbound_impl_hd_in + intro!: cov_impl_cov rrb_cov_impl hd_in_set rb_INV_rrb) + done + done + +fun (in simplification) rb_impl_det :: "('a :: {infinite, linorder}, 'b :: linorder) fmla \ ('a, 'b) fmla dres" where + "rb_impl_det (Neg Q) = do { Q' \ rb_impl_det Q; dRETURN (simp (Neg Q'))}" +| "rb_impl_det (Disj Q1 Q2) = do { Q1' \ rb_impl_det Q1; Q2' \ rb_impl_det Q2; dRETURN (simp (Disj Q1' Q2'))}" +| "rb_impl_det (Conj Q1 Q2) = do { Q1' \ rb_impl_det Q1; Q2' \ rb_impl_det Q2; dRETURN (simp (Conj Q1' Q2'))}" +| "rb_impl_det (Exists x Q) = do { + Q' \ rb_impl_det Q; + \ \ dWHILE + (\\. fixbound_impl \ x \ []) (\\. do { + Qfix \ dRETURN (hd (fixbound_impl \ x)); + G \ dRETURN (hd (cov_impl x Qfix)); + dRETURN (\ - {Qfix} \ + {simp (Conj Qfix (DISJ (qps G)))} \ + (\y \ eqs x G. {cp (Qfix[x \<^bold>\ y])}) \ + {cp (Qfix \<^bold>\ x)})}) + (flat_Disj Q'); + dRETURN (simp (DISJ (exists x ` \)))}" +| "rb_impl_det Q = do { dRETURN (simp Q) }" + +lemma (in simplification) rb_impl_det_refines_rb_impl: "nres_of (rb_impl_det Q) \ rb_impl Q" + by (induct Q; unfold rb_impl.simps rb_impl_det.simps) refine_transfer+ + +lemmas (in simplification) RB_correct = + rb_impl_det_refines_rb_impl[THEN order_trans, OF + rb_impl_refines_rb[THEN order_trans, OF + rb_correct]] + +(*<*) +end +(*>*) \ No newline at end of file diff --git a/thys/Safe_Range_RC/Restrict_Frees.thy b/thys/Safe_Range_RC/Restrict_Frees.thy new file mode 100644 --- /dev/null +++ b/thys/Safe_Range_RC/Restrict_Frees.thy @@ -0,0 +1,694 @@ +(*<*) +theory Restrict_Frees +imports + Restrict_Bounds + "HOL-Library.Product_Lexorder" + "HOL-Library.List_Lexorder" + "HOL-Library.Multiset_Order" +begin + +hide_const (open) SetIndex.index +(*>*) + +section \Restricting Free Variables\ + +definition fixfree :: "(('a, 'b) fmla \ nat rel) set \ (('a, 'b) fmla \ nat rel) set" where + "fixfree \fin = {(Qfix, Qeq) \ \fin. nongens Qfix \ {}}" + +definition "disjointvars Q Qeq = (\V \ classes Qeq. if V \ fv Q = {} then V else {})" + +fun Conjs where + "Conjs Q [] = Q" +| "Conjs Q ((x, y) # xys) = Conjs (Conj Q (x \ y)) xys" + +function (sequential) Conjs_disjoint where + "Conjs_disjoint Q xys = (case find (\(x,y). {x, y} \ fv Q \ {}) xys of + None \ Conjs Q xys + | Some (x, y) \ Conjs_disjoint (Conj Q (x \ y)) (remove1 (x, y) xys))" + by pat_completeness auto +termination + by (relation "measure (\(Q, xys). length xys)") + (auto split: if_splits simp: length_remove1 neq_Nil_conv dest!: find_SomeD dest: length_pos_if_in_set) + +declare Conjs_disjoint.simps[simp del] + +definition CONJ where + "CONJ = (\(Q, Qeq). Conjs Q (sorted_list_of_set Qeq))" + +definition CONJ_disjoint where + "CONJ_disjoint = (\(Q, Qeq). Conjs_disjoint Q (sorted_list_of_set Qeq))" + +definition inf where + "inf \fin Q = {(Q', Qeq) \ \fin. disjointvars Q' Qeq \ {} \ fv Q' \ Field Qeq \ fv Q}" + +definition FV where + "FV Q Qfin Qinf \ (fv Qfin = fv Q \ Qfin = Bool False) \ fv Qinf = {}" + +definition EVAL where + "EVAL Q Qfin Qinf \ (\I. finite (adom I) \ (if eval Qinf I = {} then + eval Qfin I = eval Q I else infinite (eval Q I)))" + +definition EVAL' where + "EVAL' Q Qfin Qinf \ (\I. finite (adom I) \ (if eval Qinf I = {} then + eval_on (fv Q) Qfin I = eval Q I else infinite (eval Q I)))" + +definition (in simplification) split_spec :: "('a :: {infinite, linorder}, 'b :: linorder) fmla \ (('a, 'b) fmla \ ('a, 'b) fmla) nres" where + "split_spec Q = SPEC (\(Qfin, Qinf). sr Qfin \ sr Qinf \ FV Q Qfin Qinf \ EVAL Q Qfin Qinf \ + simplified Qfin \ simplified Qinf)" + +definition (in simplification) "assemble = (\(\fin, \inf). (simp (DISJ (CONJ_disjoint ` \fin)), simp (DISJ (close ` \inf))))" + +fun leftfresh where + "leftfresh Q [] = True" +| "leftfresh Q ((x, y) # xys) = (x \ fv Q \ leftfresh (Conj Q (x \ y)) xys)" + +definition (in simplification) "wf_state Q P = + (\(\fin, \inf). finite \fin \ finite \inf \ + (\(Qfix, Qeq) \ \fin. P Qfix \ simplified Qfix \ (\xs. leftfresh Qfix xs \ distinct xs \ set xs = Qeq) \ fv Qfix \ Field Qeq \ fv Q \ irrefl Qeq))" + +definition (in simplification) "split_INV1 Q = (\\pair. wf_state Q rrb \pair \ (let (Qfin, Qinf) = assemble \pair in EVAL' Q Qfin Qinf))" +definition (in simplification) "split_INV2 Q = (\\pair. wf_state Q sr \pair \ (let (Qfin, Qinf) = assemble \pair in EVAL' Q Qfin Qinf))" + +definition (in simplification) split :: "('a :: {infinite, linorder}, 'b :: linorder) fmla \ (('a, 'b) fmla \ ('a, 'b) fmla) nres" where + "split Q = do { + Q' \ rb Q; + \pair \ WHILE\<^sub>T\<^bsup>split_INV1 Q\<^esup> + (\(\fin, _). fixfree \fin \ {}) (\(\fin, \inf). do { + (Qfix, Qeq) \ RES (fixfree \fin); + x \ RES (nongens Qfix); + G \ SPEC (cov x Qfix); + let \fin = \fin - {(Qfix, Qeq)} \ + {(simp (Conj Qfix (DISJ (qps G))), Qeq)} \ + (\y \ eqs x G. {(cp (Qfix[x \<^bold>\ y]), Qeq \ {(x,y)})}); + let \inf = \inf \ {cp (Qfix \<^bold>\ x)}; + RETURN (\fin, \inf)}) + ({(Q', {})}, {}); + \pair \ WHILE\<^sub>T\<^bsup>split_INV2 Q\<^esup> + (\(\fin, _). inf \fin Q \ {}) (\(\fin, \inf). do { + Qpair \ RES (inf \fin Q); + let \fin = \fin - {Qpair}; + let \inf = \inf \ {CONJ Qpair}; + RETURN (\fin, \inf)}) + \pair; + let (Qfin, Qinf) = assemble \pair; + Qinf \ rb Qinf; + RETURN (Qfin, Qinf)}" + +lemma finite_fixfree[simp]: "finite \ \ finite (fixfree \)" + unfolding fixfree_def by (auto elim!: finite_subset[rotated]) + +lemma (in simplification) split_step_in_mult: + assumes "(Qfin, Qeq) \ \fin" "finite \fin" "x \ nongens Qfin" "cov x Qfin G" "fv Qfin \ F" + shows "((nongens \ fst) `# mset_set (insert (simp (Conj Qfin (DISJ (qps G))), Qeq) (\fin - {(Qfin, Qeq)} \ (\y. (cp (Qfin[x \<^bold>\ y]), insert (x, y) Qeq)) ` eqs x G)), + (nongens \ fst) `# mset_set \fin) \ mult {(X, Y). X \ Y \ Y \ F}" + (is "(?f (insert ?Q (?A \ ?B)), ?C) \ mult ?R") +proof (subst preorder.mult\<^sub>D\<^sub>M[where less_eq = "(in_rel ?R)\<^sup>=\<^sup>="]) + define X where "X = {(Qfin, Qeq)}" + define Y where "Y = insert ?Q ?B - (?A \ insert ?Q ?B)" + have "?f X \ {#}" + unfolding X_def by auto + moreover from assms(1,2) have "?f X \# ?C" + unfolding X_def by (auto intro!: image_eqI[where x = "(Qfin, Qeq)"]) + moreover from assms(1,2,4) have XY: + "insert ?Q (?A \ ?B) = \fin - X \ Y" "X \ \fin" "(\fin - X) \ Y = {}" "finite X" "finite Y" + unfolding X_def Y_def by auto + with assms(2) have "?f (insert ?Q (?A \ ?B)) = ?C - ?f X + ?f Y" + by (force simp: mset_set_Union mset_set_Diff multiset.map_comp o_def + dest: subset_imp_msubset_mset_set elim: subset_mset.trans + intro!: subset_imp_msubset_mset_set image_mset_subseteq_mono subset_mset.diff_add_assoc2 + trans[OF image_mset_Diff]) + moreover + { fix A + assume "A \ Y" + then have "A \ insert ?Q ?B" + unfolding Y_def by blast + with assms(3,4) have "nongens (fst A) \ nongens Qfin - {x}" + using Gen_cp_subst[of _ Qfin x] Gen_simp[OF cov_Gen_qps[OF assms(4)]] + gen_Gen_simp[OF gen.intros(7)[OF disjI1], of _ Qfin _ "DISJ (qps G)"] + by (fastforce simp: nongens_def fv_subst simp del: cp.simps + intro!: gen.intros(7) dest!: fv_cp[THEN set_mp] fv_simp[THEN set_mp] fv_DISJ[THEN set_mp, rotated 1] + elim: cov_fv[OF assms(4) _ qps_in, THEN conjunct2, THEN set_mp] + cov_fv[OF assms(4) _ eqs_in, THEN conjunct2, THEN set_mp]) + with assms(3) have "nongens (fst A) \ nongens Qfin" + by auto + with assms(5) have "\B \ X. nongens (fst A) \ nongens (fst B) \ nongens (fst B) \ F" + by (auto simp: X_def nongens_def) + } + with XY have "\A. A \# ?f Y \ \B. B \# ?f X \ A \ B \ B \ F" + by auto + ultimately + show "\X Y. X \ {#} \ X \# ?C \ ?f (insert ?Q (?A \ ?B)) = ?C - X + Y \ (\k. k \# Y \ (\a. a \# X \ k \ a \ a \ F))" + by blast +qed (unfold_locales, auto) + +lemma EVAL_cong: + "Qinf \ Qinf' \ fv Qinf = fv Qinf' \ EVAL Q Qfin Qinf = EVAL Q Qfin Qinf'" + using equiv_eval_eqI[of _ Qinf Qinf'] + by (auto simp: EVAL_def) + +lemma EVAL'_cong: + "Qinf \ Qinf' \ fv Qinf = fv Qinf' \ EVAL' Q Qfin Qinf = EVAL' Q Qfin Qinf'" + using equiv_eval_eqI[of _ Qinf Qinf'] + by (auto simp: EVAL'_def) + +lemma fv_Conjs[simp]: "fv (Conjs Q xys) = fv Q \ Field (set xys)" + by (induct Q xys rule: Conjs.induct) auto + +lemma fv_Conjs_disjoint[simp]: "distinct xys \ fv (Conjs_disjoint Q xys) = fv Q \ Field (set xys)" +proof (induct Q xys rule: Conjs_disjoint.induct) + case (1 Q xys) + then show ?case + by (subst Conjs_disjoint.simps) + (auto split: option.splits simp: Field_def subset_eq dest: find_SomeD(2)) +qed + +lemma fv_CONJ[simp]: "finite Qeq \ fv (CONJ (Q, Qeq)) = fv Q \ Field Qeq" + unfolding CONJ_def by (auto dest!: fv_cp[THEN set_mp]) + +lemma fv_CONJ_disjoint[simp]: "finite Qeq \ fv (CONJ_disjoint (Q, Qeq)) = fv Q \ Field Qeq" + unfolding CONJ_disjoint_def by auto + +lemma rrb_Conjs: "rrb Q \ rrb (Conjs Q xys)" + by (induct Q xys rule: Conjs.induct) auto + +lemma CONJ_empty[simp]: "CONJ (Q, {}) = Q" + by (auto simp: CONJ_def) + +lemma CONJ_disjoint_empty[simp]: "CONJ_disjoint (Q, {}) = Q" + by (auto simp: CONJ_disjoint_def Conjs_disjoint.simps) + +lemma Conjs_eq_False_iff[simp]: "irrefl (set xys) \ Conjs Q xys = Bool False \ Q = Bool False \ xys = []" + by (induct Q xys rule: Conjs.induct) (auto simp: Let_def is_Bool_def irrefl_def) + +lemma CONJ_eq_False_iff[simp]: "finite Qeq \ irrefl Qeq \ CONJ (Q, Qeq) = Bool False \ Q = Bool False \ Qeq = {}" + by (auto simp: CONJ_def) + +lemma Conjs_disjoint_eq_False_iff[simp]: "irrefl (set xys) \ Conjs_disjoint Q xys = Bool False \ Q = Bool False \ xys = []" +proof (induct Q xys rule: Conjs_disjoint.induct) + case (1 Q xys) + then show ?case + by (subst Conjs_disjoint.simps) + (auto simp: Let_def is_Bool_def irrefl_def split: option.splits) +qed + +lemma CONJ_disjoint_eq_False_iff[simp]: "finite Qeq \ irrefl Qeq \ CONJ_disjoint (Q, Qeq) = Bool False \ Q = Bool False \ Qeq = {}" + by (auto simp: CONJ_disjoint_def) + +lemma sr_Conjs_disjoint: + "distinct xys \ (\V\classes (set xys). V \ fv Q \ {}) \ sr Q \ sr (Conjs_disjoint Q xys)" +proof (induct Q xys rule: Conjs_disjoint.induct) + case (1 Q xys) + show ?case + proof (cases "find (\(x, y). {x, y} \ fv Q \ {}) xys") + case None + with 1(2-) show ?thesis + using classes_intersect_find_not_None[of xys "fv Q"] + by (cases xys) (simp_all add: Conjs_disjoint.simps) + next + case (Some xy) + then obtain x y where xy: "xy = (x, y)" and xy_in: "(x, y) \ set xys" + by (cases xy) (auto dest!: find_SomeD) + with Some 1(4) have "sr (Conj Q (x \ y))" + by (auto dest: find_SomeD simp: sr_Conj_eq) + moreover from 1(2,3) have "\V\classes (set (remove1 (x, y) xys)). V \ fv (Conj Q (x \ y)) \ {}" + by (subst (asm) insert_remove_id[OF xy_in], unfold classes_insert) + (auto simp: class_None_eq class_Some_eq split: option.splits if_splits) + ultimately show ?thesis + using 1(2-) Some xy 1(1)[OF Some xy[symmetric]] + by (simp add: Conjs_disjoint.simps) + qed +qed + +lemma sr_CONJ_disjoint: + "inf \fin Q = {} \ (Qfin, Qeq) \ \fin \ finite Qeq \ sr Qfin \ sr (CONJ_disjoint (Qfin, Qeq))" + unfolding inf_def disjointvars_def CONJ_disjoint_def prod.case + by (drule arg_cong[of _ _ "\A. (Qfin, Qeq) \ A"], intro sr_cp sr_Conjs_disjoint) + (auto simp only: mem_Collect_eq prod.case simp_thms distinct_sorted_list_of_set + set_sorted_list_of_set SUP_bot_conv classes_nonempty split: if_splits) + +lemma equiv_Conjs_cong: "Q \ Q' \ Conjs Q xys \ Conjs Q' xys" + by (induct Q xys arbitrary: Q' rule: Conjs.induct) auto + +lemma Conjs_pull_out: "Conjs Q (xys @ (x, y) # xys') \ Conjs (Conj Q (x \ y)) (xys @ xys')" + by (induct Q xys rule: Conjs.induct) + (auto elim!: equiv_trans intro!: equiv_Conjs_cong intro: equiv_def[THEN iffD2]) + +lemma Conjs_reorder: "distinct xys \ distinct xys' \ set xys = set xys' \ Conjs Q xys \ Conjs Q xys'" +proof (induct Q xys arbitrary: xys' rule: Conjs.induct) + case (2 Q x y xys) + from 2(4) obtain i where i: "i < length xys'" "xys' ! i = (x, y)" + by (auto simp: set_eq_iff in_set_conv_nth) + with 2(2-4) have *: "set xys = set (take i xys') \ set (drop (Suc i) xys')" + by (subst (asm) (1 2) id_take_nth_drop[of i xys']) + (auto simp: set_eq_iff dest: in_set_takeD in_set_dropD) + from i 2(2,3) show ?case + by (subst id_take_nth_drop[OF i(1)], subst (asm) (3) id_take_nth_drop[OF i(1)]) + (auto simp: * intro!: equiv_trans[OF _ Conjs_pull_out[THEN equiv_sym]] 2(1)) +qed simp + +lemma ex_Conjs_disjoint_eq_Conjs: + "distinct xys \ \xys'. distinct xys' \ set xys = set xys' \ Conjs_disjoint Q xys = Conjs Q xys'" +proof (induct Q xys rule: Conjs_disjoint.induct) + case (1 Q xys) + show ?case + proof (cases "find (\(x, y). {x, y} \ fv Q \ {}) xys") + case None + with 1(2) show ?thesis + by (subst Conjs_disjoint.simps) (auto intro!: exI[of _ xys]) + next + case (Some xy) + with 1(1)[of xy "fst xy" "snd xy"] 1(2) + obtain xys' where "distinct xys'" + "set xys - {xy} = set xys'" + "Conjs_disjoint (Conj Q (fst xy \ snd xy)) (remove1 xy xys) = + Conjs (Conj Q (fst xy \ snd xy)) xys'" + by auto + with Some show ?thesis + by (subst Conjs_disjoint.simps, intro exI[of _ "xy # xys'"]) + (auto simp: set_eq_iff dest: find_SomeD) + qed +qed + +lemma Conjs_disjoint_equiv_Conjs: + assumes "distinct xys" + shows "Conjs_disjoint Q xys \ Conjs Q xys" +proof - + from assms obtain xys' where xys': "distinct xys'" "set xys = set xys'" and "Conjs_disjoint Q xys = Conjs Q xys'" + using ex_Conjs_disjoint_eq_Conjs by blast + note this(3) + also have "\ \ Conjs Q xys" + by (intro Conjs_reorder xys' sym assms) + finally show ?thesis + by blast +qed + +lemma infinite_eval_Conjs: "infinite (eval Q I) \ leftfresh Q xys \ infinite (eval (Conjs Q xys) I)" +proof (induct Q xys rule: Conjs.induct) + case (2 Q x y xys) + then show ?case + unfolding Conjs.simps + by (intro 2(1) infinite_eval_Conj) auto +qed simp + +lemma leftfresh_fv_subset: "leftfresh Q xys \ fv Q' \ fv Q \ leftfresh Q' xys" + by (induct Q xys arbitrary: Q' rule: leftfresh.induct) (auto simp: subset_eq) + +lemma fun_upds_map: "(\x. x \ set ys \ \ x = \ x) \ \[ys :=\<^sup>* map \ ys] = \" + by (induct ys arbitrary: \) auto + +lemma map_fun_upds: "length xs = length ys \ distinct xs \ map (\[xs :=\<^sup>* ys]) xs = ys" + by (induct xs ys arbitrary: \ rule: list_induct2) auto + +lemma zip_map: "zip xs (map f xs) = map (\x. (x, f x)) xs" + by (induct xs) auto + +lemma filter_sorted_list_of_set: + "finite B \ A \ B \ filter (\x. x \ A) (sorted_list_of_set B) = sorted_list_of_set A" +proof (induct B arbitrary: A rule: finite_induct) + case (insert x B) + then have "finite A" by (auto simp: finite_subset) + moreover + from insert(1,2) have "filter (\y. y \ A - {x}) (sorted_list_of_set B) = + filter (\x. x \ A) (sorted_list_of_set B)" + by (intro filter_cong) auto + ultimately show ?case + using insert(1,2,4) insert(3)[of "A - {x}"] sorted_list_of_set_insert_remove[of A x] + by (cases "x \ A") (auto simp: filter_insort filter_insort_triv subset_insert_iff insert_absorb) +qed simp + +lemma infinite_eval_eval_on[rotated 2]: + assumes "fv Q \ X" "finite X" + shows "infinite (eval Q I) \ infinite (eval_on X Q I)" +proof (erule infinite_surj[of _ "\xs. map snd (filter (\(x,_). x \ fv Q) (zip (sorted_list_of_set X) xs))"], + unfold eval_deep_def Let_def, safe) + fix xs \ + assume len: "length (sorted_list_of_set (fv Q)) = length xs" and + "sat Q I (\[sorted_list_of_set (fv Q) :=\<^sup>* xs])" (is "sat Q I ?\") + moreover from assms len have "\[sorted_list_of_set X :=\<^sup>* map ?\ (sorted_list_of_set X)] = ?\" + by (intro fun_upds_map) force + ultimately show "xs \ (\xs. map snd (filter (\(x, _). x \ fv Q) (zip (sorted_list_of_set X) xs))) ` + eval_on X Q I" using assms + by (auto simp: eval_on_def image_iff zip_map filter_map o_def filter_sorted_list_of_set map_fun_upds + intro!: exI[of _ "map (\[sorted_list_of_set (fv Q) :=\<^sup>* xs]) (sorted_list_of_set X)"] exI[of _ \]) +qed + +lemma infinite_eval_CONJ_disjoint: + assumes "infinite (eval Q I)" "finite (adom I)" "fv Q \ X" "Field Qeq \ X" "finite X" "\xys. distinct xys \ leftfresh Q xys \ set xys = Qeq" + shows "infinite (eval_on X (CONJ_disjoint (Q, Qeq)) I)" +proof - + from assms(6) obtain xys where "distinct xys" "leftfresh Q xys" "set xys = Qeq" + by blast + with assms(1-5) show ?thesis + using infinite_eval_eval_on[OF infinite_eval_Conjs[of Q I xys], of X] equiv_eval_on_eqI[of I "Conjs_disjoint Q (sorted_list_of_set Qeq)" "Conjs Q xys" X] + equiv_trans[OF Conjs_disjoint_equiv_Conjs[of "sorted_list_of_set Qeq" Q] Conjs_reorder[of _ xys]] + fv_Conjs[of Q xys] + by (force simp: CONJ_disjoint_def subset_eq equiv_eval_on_eqI[OF _ equiv_cp]) +qed + +lemma sat_Conjs: "sat (Conjs Q xys) I \ \ sat Q I \ \ (\(x, y) \ set xys. sat (x \ y) I \)" + by (induct Q xys rule: Conjs.induct) auto + +lemma sat_Conjs_disjoint: "sat (Conjs_disjoint Q xys) I \ \ sat Q I \ \ (\(x, y) \ set xys. sat (x \ y) I \)" +proof (induct Q xys rule: Conjs_disjoint.induct) + case (1 Q xys) + then show ?case + by (subst Conjs_disjoint.simps) + (auto simp: sat_Conjs dest: find_SomeD(2) set_remove1_subset[THEN set_mp] in_set_remove_cases[rotated] split: option.splits) +qed + +lemma sat_CONJ: "finite Qeq \ sat (CONJ (Q, Qeq)) I \ \ sat Q I \ \ (\(x, y) \ Qeq. sat (x \ y) I \)" + unfolding CONJ_def by (auto simp: sat_Conjs) + +lemma sat_CONJ_disjoint: "finite Qeq \ sat (CONJ_disjoint (Q, Qeq)) I \ \ sat Q I \ \ (\(x, y) \ Qeq. sat (x \ y) I \)" + unfolding CONJ_disjoint_def by (auto simp: sat_Conjs_disjoint) + +lemma Conjs_inject: "Conjs Q xys = Conjs Q' xys \ Q = Q'" + by (induct Q xys arbitrary: Q' rule: Conjs.induct) auto + +lemma nonempty_disjointvars_infinite: + assumes "disjointvars (Qfin :: ('a :: infinite, 'b) fmla) Qeq \ {}" + "finite Qeq" "fv Qfin \ Field Qeq \ X" "finite X" "sat Qfin I \" "\(x, y)\Qeq. \ x = \ y" + shows "infinite (eval_on X (CONJ_disjoint (Qfin, Qeq)) I)" +proof - + from assms(1) obtain x V where xV: "V \ classes Qeq" "x \ V" "V \ fv Qfin = {}" + by (auto simp: disjointvars_def) + show ?thesis + proof (rule infinite_surj[OF infinite_UNIV, of "\ds. ds ! index (sorted_list_of_set X) x"], safe) + fix z + let ?ds = "map (\v. if v \ V then z else \ v) (sorted_list_of_set X)" + from xV have "x \ Field Qeq" + by (metis UnionI classes_cover) + { fix a b + assume *: "(a, b) \ Qeq" + from this edge_same_class[OF xV(1) this] assms(3,6) have "a \ X" "b \ X" "a \ V \ b \ V" "\ a = \ b" + by (auto dest: FieldI1 FieldI2) + with xV(1) assms(3,4) have "(\[sorted_list_of_set X :=\<^sup>* ?ds]) a = (\[sorted_list_of_set X :=\<^sup>* ?ds]) b" + by (subst (1 2) fun_upds_in) auto + } + with assms(2-) xV \x \ Field Qeq\ + show "z \ (\ds. ds ! index (sorted_list_of_set X) x) ` eval_on X (CONJ_disjoint (Qfin, Qeq)) I" + by (auto simp: eval_on_def CONJ_disjoint_def sat_Conjs_disjoint Let_def image_iff fun_upds_in subset_eq + intro!: exI[of _ "map (\v. if v \ V then z else \ v) (sorted_list_of_set X)"] exI[of _ \] + elim!: sat_fv_cong[THEN iffD1, rotated -1]) + qed +qed + +lemma EVAL'_EVAL: "EVAL' Q Qfin Qinf \ FV Q Qfin Qinf \ EVAL Q Qfin Qinf" + unfolding EVAL_def EVAL'_def FV_def + by (subst (2) eval_def) auto + +lemma cpropagated_Conjs_disjoint: + "distinct xys \ irrefl (set xys) \ \V\classes (set xys). V \ fv Q \ {} \ cpropagated Q \ cpropagated (Conjs_disjoint Q xys)" +proof (induct Q xys rule: Conjs_disjoint.induct) + case (1 Q xys) + show ?case + proof (cases "find (\(x, y). {x, y} \ fv Q \ {}) xys") + case None + with 1(2-) show ?thesis + using classes_intersect_find_not_None[of xys "fv Q"] + by (cases xys) (simp_all add: Conjs_disjoint.simps) + next + case (Some xy) + then obtain x y where xy: "xy = (x, y)" and xy_in: "(x, y) \ set xys" + by (cases xy) (auto dest!: find_SomeD) + with Some 1(3,5) have "cpropagated (Conj Q (x \ y))" + by (auto dest: find_SomeD simp: cpropagated_def irrefl_def is_Bool_def) + moreover from 1(2,4) have "\V\classes (set (remove1 (x, y) xys)). V \ fv (Conj Q (x \ y)) \ {}" + by (subst (asm) insert_remove_id[OF xy_in], unfold classes_insert) + (auto simp: class_None_eq class_Some_eq split: option.splits if_splits) + moreover from 1(3) have "irrefl (set xys - {(x, y)})" + by (auto simp: irrefl_def) + ultimately show ?thesis + using 1(2-) Some xy 1(1)[OF Some xy[symmetric]] + by (simp add: Conjs_disjoint.simps) + qed +qed + +lemma (in simplification) simplified_Conjs_disjoint: + "distinct xys \ irrefl (set xys) \ \V\classes (set xys). V \ fv Q \ {} \ simplified Q \ simplified (Conjs_disjoint Q xys)" +proof (induct Q xys rule: Conjs_disjoint.induct) + case (1 Q xys) + show ?case + proof (cases "find (\(x, y). {x, y} \ fv Q \ {}) xys") + case None + with 1(2-) show ?thesis + using classes_intersect_find_not_None[of xys "fv Q"] + by (cases xys) (simp_all add: Conjs_disjoint.simps) + next + case (Some xy) + then obtain x y where xy: "xy = (x, y)" and xy_in: "(x, y) \ set xys" + by (cases xy) (auto dest!: find_SomeD) + with Some 1(3,5) have "simplified (Conj Q (x \ y))" + by (auto dest: find_SomeD simp: irrefl_def intro!: simplified_Conj_eq) + moreover from 1(2,4) have "\V\classes (set (remove1 (x, y) xys)). V \ fv (Conj Q (x \ y)) \ {}" + by (subst (asm) insert_remove_id[OF xy_in], unfold classes_insert) + (auto simp: class_None_eq class_Some_eq split: option.splits if_splits) + moreover from 1(3) have "irrefl (set xys - {(x, y)})" + by (auto simp: irrefl_def) + ultimately show ?thesis + using 1(2-) Some xy 1(1)[OF Some xy[symmetric]] + by (simp add: Conjs_disjoint.simps) + qed +qed + +lemma disjointvars_empty_iff: "disjointvars Q Qeq = {} \ (\V\classes Qeq. V \ fv Q \ {})" + unfolding disjointvars_def UNION_empty_conv + using classes_nonempty by auto + +lemma cpropagated_CONJ_disjoint: + "finite Qeq \ irrefl Qeq \ disjointvars Q Qeq = {} \ cpropagated Q \ cpropagated (CONJ_disjoint (Q, Qeq))" + unfolding CONJ_disjoint_def prod.case disjointvars_empty_iff + by (rule cpropagated_Conjs_disjoint) auto + +lemma (in simplification) simplified_CONJ_disjoint: + "finite Qeq \ irrefl Qeq \ disjointvars Q Qeq = {} \ simplified Q \ simplified (CONJ_disjoint (Q, Qeq))" + unfolding CONJ_disjoint_def prod.case disjointvars_empty_iff + by (rule simplified_Conjs_disjoint) auto + +lemma (in simplification) split_INV1_init: + "rrb Q' \ simplified Q' \ Q \ Q' \ fv Q' \ fv Q \ split_INV1 Q ({(Q', {})}, {})" + by (auto simp add: split_INV1_def wf_state_def assemble_def FV_def EVAL'_def eval_def[symmetric] eval_simp_False irrefl_def + sat_simp equiv_def intro!: equiv_eval_on_eval_eqI del: equalityI dest: fv_simp[THEN set_mp] split: prod.splits) + +lemma (in simplification) split_INV1_I: + "wf_state Q rrb (\fin, \inf) \ EVAL' Q (simp (DISJ (CONJ_disjoint ` \fin))) (simp (DISJ (close ` \inf))) \ + split_INV1 Q (\fin, \inf)" + unfolding split_INV1_def assemble_def by auto + +lemma EVAL'_I: + "(\I. finite (adom I) \ eval Qinf I = {} \ eval_on (fv Q) Qfin I = eval Q I) \ + (\I. finite (adom I) \ eval Qinf I \ {} \ infinite (eval Q I)) \ EVAL' Q Qfin Qinf" + unfolding EVAL'_def by auto + +lemma (in simplification) wf_state_Un: + "wf_state Q P (\fin, \inf) \ wf_state Q P (insert Qpair \new, {Q'}) \ + wf_state Q P (insert Qpair (\fin \ \new), insert Q' \inf)" + by (auto simp: wf_state_def) + +lemma (in simplification) wf_state_Diff: + "wf_state Q P (\fin, \inf) \ wf_state Q P (\fin - \new, \inf)" + by (auto simp: wf_state_def) + +lemma (in simplification) split_INV1_step: + assumes "split_INV1 Q (\fin, \inf)" "(Qfin, Qeq) \ fixfree \fin" "x \ nongens Qfin" "cov x Qfin G" + shows "split_INV1 Q + (insert (simp (Conj Qfin (DISJ (qps G))), Qeq) + (\fin - {(Qfin, Qeq)} \ (\y. (cp (Qfin[x \<^bold>\ y]), insert (x, y) Qeq)) ` eqs x G), + insert (cp (Qfin \<^bold>\ x)) \inf)" + (is "split_INV1 Q (?Qfin, ?Qinf)") +proof (intro split_INV1_I EVAL'_I, goal_cases wf fin inf) + case wf + from assms(1) have wf: "wf_state Q rrb (\fin, \inf)" + by (auto simp: split_INV1_def) + with assms(2,3) obtain xys where *: + "x \ fv Qfin" "(Qfin, Qeq) \ \fin" "finite \fin" "finite Qeq" "finite \inf" "fv Qfin \ fv Q" "Field Qeq \ fv Q" + "distinct xys" "leftfresh Qfin xys" "set xys = Qeq" "rrb Qfin" "irrefl Qeq" + by (auto simp: fixfree_def nongens_def wf_state_def) + moreover from * have "\xs. leftfresh (simp (Conj Qfin (DISJ (qps G)))) xs \ distinct xs \ set xs = set xys" + using cov_fv[OF assms(4) _ qps_in] assms(4) + by (intro exI[of _ xys]) + (force elim!: leftfresh_fv_subset dest!: fv_simp[THEN set_mp] fv_DISJ[THEN set_mp, rotated 1]) + moreover from * have "\xs. leftfresh (cp (Qfin[x \<^bold>\ z])) xs \ distinct xs \ set xs = insert (x, z) (set xys)" + if "z \ eqs x G" for z + using cov_fv[OF assms(4) _ eqs_in, of z x] assms(4) that + by (intro exI[of _ "if (x, z) \ set xys then xys else (x, z) # xys"]) + (auto simp: fv_subst dest!: fv_cp[THEN set_mp] elim!: leftfresh_fv_subset) + ultimately show ?case + using cov_fv[OF assms(4) _ qps_in] cov_fv[OF assms(4) _ eqs_in] assms(4) + by (intro wf_state_Un wf_state_Diff wf) + (auto simp: wf_state_def rrb_simp simplified_simp simplified_cp rrb_cp_subst fv_subst + subset_eq irrefl_def + dest!: fv_cp[THEN set_mp] fv_simp[THEN set_mp] fv_DISJ[THEN set_mp, rotated 1]) +next + case (fin I) + note eq = trans[OF sat_simp sat_DISJ, symmetric] + from assms have *: + "x \ fv Qfin" "(Qfin, Qeq) \ \fin" "fv Qfin \ fv Q" "Field Qeq \ fv Q" and + finite[simp]: "finite \fin" "finite Qeq" "finite \inf" + by (auto simp: split_INV1_def fixfree_def nongens_def wf_state_def) + with fin have unsat: "\\. \ sat (Qfin \<^bold>\ x) I \" and "\x\\inf. \\. \ sat x I \" + by (auto simp: eval_empty_close eval_simp_DISJ_closed) + with fin(1) assms(1) * have "eval_on (fv Q) (simp (DISJ (CONJ_disjoint ` \fin))) I = eval Q I" + unfolding split_INV1_def Let_def assemble_def prod.case EVAL'_def + by (auto simp: eval_empty_close eval_simp_DISJ_closed) + with assms(4) show ?case + proof (elim trans[rotated], intro eval_on_cong box_equals[OF _ eq eq]) + fix \ + from * have "(\Q\\fin. sat (CONJ_disjoint Q) I \) \ + sat (CONJ_disjoint (Qfin, Qeq)) I \ \ (\Q\\fin - {(Qfin, Qeq)}. sat (CONJ_disjoint Q) I \)" + using assms(4) by (auto simp: fixfree_def) + also have "sat (CONJ_disjoint (Qfin, Qeq)) I \ \ + sat (CONJ_disjoint (simp (Conj Qfin (DISJ (qps G))), Qeq)) I \ \ + (\Q\(\y. (cp (Qfin[x \<^bold>\ y]), insert (x, y) Qeq)) ` eqs x G. sat (CONJ_disjoint Q) I \)" + using cov_sat_fin[of x Qfin G I \] assms(3,4) fin(1) unsat + by (auto simp: eval_empty_close sat_CONJ_disjoint nongens_def) + finally show "(\Q\CONJ_disjoint ` ?Qfin. sat Q I \) \ (\Q\CONJ_disjoint ` \fin. sat Q I \)" + by auto + qed simp_all +next + case (inf I) + from assms have *: + "x \ fv Qfin" "(Qfin, Qeq) \ \fin" "finite \fin" "finite Qeq" "finite \inf" "fv Qfin \ fv Q" "Field Qeq \ fv Q" + "\xys. distinct xys \ leftfresh Qfin xys \ set xys = Qeq" + by (auto simp: split_INV1_def fixfree_def nongens_def wf_state_def) + with inf obtain \ where "sat (Qfin \<^bold>\ x) I \ \ (\Q \ \inf. sat Q I \)" + by (subst (asm) eval_simp_DISJ_closed) (auto simp: eval_empty_close sat_CONJ simp del: fv_CONJ) + then show ?case + proof (elim disjE) + assume "sat (Qfin \<^bold>\ x) I \" + then have "infinite (eval Qfin I)" + by (rule cov_eval_inf[OF assms(4) *(1) inf(1)]) + then have "infinite (eval_on (fv Q) (CONJ_disjoint (Qfin, Qeq)) I)" + by (rule infinite_eval_CONJ_disjoint[OF _ inf(1) *(6,7) _ *(8)]) simp + with * have "infinite (eval_on (fv Q) (simp (DISJ (CONJ_disjoint ` \fin))) I)" + by (elim infinite_Implies_mono_on[rotated 3]) (auto simp: sat_simp) + with inf assms(1) show ?case + by (auto simp: split_INV1_def assemble_def EVAL'_def split: if_splits) + next + assume "\Q\\inf. sat Q I \" + with inf(1) assms(1) * show ?case + by (auto simp: split_INV1_def assemble_def EVAL'_def eval_simp_DISJ_closed eval_empty_close + split: if_splits) + qed +qed + +lemma (in simplification) split_INV1_decreases: + assumes "split_INV1 Q (\fin, \inf)" "(Qfin, Qeq) \ fixfree \fin" "x \ nongens Qfin" "cov x Qfin G" + shows "((nongens \ fst) `# mset_set (insert (simp (Conj Qfin (DISJ (qps G))), Qeq) (\fin - {(Qfin, Qeq)} \ (\y. (cp (Qfin[x \<^bold>\ y]), insert (x, y) Qeq)) ` eqs x G)), + (nongens \ fst) `# mset_set \fin) \ mult {(X, Y). X \ Y \ Y \ fv Q}" + using assms by (intro split_step_in_mult) (auto simp: fixfree_def split_INV1_def wf_state_def) + +lemma (in simplification) split_INV2_init: + "split_INV1 Q (\fin, \inf) \ fixfree \fin = {} \ split_INV2 Q (\fin, \inf)" + by (auto simp: split_INV1_def split_INV2_def wf_state_def sr_def fixfree_def) + +lemma (in simplification) split_INV2_I: + "wf_state Q sr (\fin, \inf) \ EVAL' Q (simp (DISJ (CONJ_disjoint ` \fin))) (simp (DISJ (close ` \inf))) \ + split_INV2 Q (\fin, \inf)" + unfolding split_INV2_def assemble_def by auto + +lemma (in simplification) split_INV2_step: + assumes "split_INV2 Q (\fin, \inf)" "(Qfin, Qeq) \ inf \fin Q" + shows "split_INV2 Q (\fin - {(Qfin, Qeq)}, insert (CONJ (Qfin, Qeq)) \inf)" +proof (intro split_INV2_I EVAL'_I, goal_cases wf fin inf) + case wf + with assms(1) show ?case + by (auto simp: split_INV2_def wf_state_def) +next + case (fin I) + with assms have finite[simp]: "finite \fin" "finite Qeq" and + unsat: "\\. \ sat (CONJ (Qfin, Qeq)) I \" and + eval: "eval_on (fv Q) (simp (DISJ (CONJ_disjoint ` \fin))) I = eval Q I" + by (auto simp: split_INV2_def inf_def wf_state_def assemble_def EVAL'_def eval_simp_DISJ_closed eval_empty_close) + from eval show ?case + proof (elim trans[rotated], unfold eval_on_simp, intro eval_DISJ_prune_unsat ballI allI; (elim DiffE imageE; hypsubst_thin)?) + fix Qpair \ + assume "Qpair \ \fin" "CONJ_disjoint Qpair \ CONJ_disjoint ` (\fin - {(Qfin, Qeq)})" + with unsat[of \] show "\ sat (CONJ_disjoint Qpair) I \" + by (cases "Qeq = snd Qpair"; cases Qpair) (auto simp: sat_CONJ_disjoint sat_CONJ) + qed auto +next + case (inf I) + from assms have *: + "(Qfin, Qeq) \ \fin" "finite \fin" "finite Qeq" "finite \inf" "fv Qfin \ fv Q" "Field Qeq \ fv Q" + by (auto simp: split_INV2_def inf_def wf_state_def) + with inf obtain \ where "sat Qfin I \ \ (\(x, y) \ Qeq. \ x = \ y) \ (\Q \ \inf. sat Q I \)" + by (subst (asm) eval_simp_DISJ_closed) (auto simp: eval_empty_close sat_CONJ simp del: fv_CONJ) + then show ?case + proof (elim disjE conjE) + assume "sat Qfin I \" "\(x, y) \ Qeq. \ x = \ y" + with assms * have "infinite (eval_on (fv Q) (CONJ_disjoint (Qfin, Qeq)) I)" + using nonempty_disjointvars_infinite[of Qfin Qeq "fv Q" I \] + infinite_eval_on_extra_variables[of "fv Q" "CONJ_disjoint (Qfin, Qeq)" I, OF _ _ exI, of \] + by (cases "fv (CONJ_disjoint (Qfin, Qeq)) \ fv Q") (auto simp: inf_def sat_CONJ sat_CONJ_disjoint) + with * have "infinite (eval_on (fv Q) (simp (DISJ (CONJ_disjoint ` \fin))) I)" + by (elim infinite_Implies_mono_on[rotated 3]) (auto simp: sat_simp) + with inf assms(1) show ?case + by (auto simp: split_INV2_def assemble_def EVAL'_def split: if_splits) + next + assume "\Q \ \inf. sat Q I \" + with inf(1) assms(1) * show "infinite (eval Q I)" + by (auto simp: split_INV2_def assemble_def EVAL'_def eval_simp_DISJ_closed eval_empty_close + split: if_splits) + qed +qed + +lemma (in simplification) split_INV2_decreases: + "split_INV2 Q (\fin, \inf) \ (Qfin, Qeq) \ Restrict_Frees.inf \fin Q \ card (\fin - {(Qfin, Qeq)}) < card \fin" + by (rule psubset_card_mono) (auto simp: inf_def split_INV2_def wf_state_def) + +lemma (in simplification) split_INV2_stop_fin_sr: + "inf \fin Q = {} \ split_INV2 Q (\fin, \inf) \ assemble (\fin, \inf) = (Qfin, Qinf) \ sr Qfin" + by (auto 0 4 simp: split_INV2_def assemble_def wf_state_def inf_def + intro!: sr_simp sr_DISJ[of _ "fv Q"] sr_CONJ_disjoint[of \fin Q]) + +lemma (in simplification) split_INV2_stop_inf_sr: + "split_INV2 Q (\fin, \inf) \ assemble (\fin, \inf) = (Qfin, Qinf) \ fv Q' \ fv Qinf \ rrb Q' \ sr Q'" + using fv_DISJ_close[of \inf] fv_simp[of "DISJ (close ` \inf)"] + by (auto simp: split_INV2_def assemble_def wf_state_def sr_def nongens_def) + +lemma (in simplification) split_INV2_stop_FV: + assumes "fv Q' \ fv Qinf" "inf \fin Q = {}" "split_INV2 Q (\fin, \inf)" "assemble (\fin, \inf) = (Qfin, Qinf)" + shows "FV Q Qfin Q'" +proof - + have "simplified Q'" "fv Q' = fv Q" if "Q' \ CONJ_disjoint ` \fin" for Q' + using that assms(2,3) + by (auto simp: split_INV2_def wf_state_def inf_def simplified_CONJ_disjoint) + with assms(1,3,4) show ?thesis + using fv_simp_DISJ_eq[of "CONJ_disjoint ` \fin" "fv Q"] fv_DISJ_close[of \inf] fv_simp[of "DISJ (close ` \inf)"] + by (auto simp: split_INV2_def assemble_def wf_state_def FV_def) +qed + +lemma (in simplification) split_INV2_stop_EVAL: + assumes "fv Q' \ fv Qinf" "inf \fin Q = {}" "split_INV2 Q (\fin, \inf)" "assemble (\fin, \inf) = (Qfin, Qinf)" "Qinf \ Q'" + shows "EVAL Q Qfin Q'" +proof - + have "simplified Q'" "fv Q' = fv Q" if "Q' \ CONJ_disjoint ` \fin" for Q' + using that assms(2,3) + by (auto simp: split_INV2_def wf_state_def inf_def simplified_CONJ_disjoint) + with assms(1,3,4,5) show ?thesis + using fv_simp_DISJ_eq[of "CONJ_disjoint ` \fin" "fv Q"] fv_DISJ_close[of \inf] fv_simp[of "DISJ (close ` \inf)"] + by (auto simp: split_INV2_def assemble_def wf_state_def sr_def EVAL'_cong FV_def elim!: EVAL'_EVAL) +qed + +lemma (in simplification) simplified_assemble: + "assemble (\fin, \inf) = (Qfin, Qinf) \ simplified Qfin" + by (auto simp: assemble_def simplified_simp) + +lemma (in simplification) split_correct: + notes cp.simps[simp del] + shows "split Q \ split_spec Q" + unfolding split_def split_spec_def Let_def + by (refine_vcg rb_correct[THEN order_trans, unfolded rb_spec_def] + WHILEIT_rule[where I="split_INV1 Q" and R="inv_image (mult {(X, Y). X \ Y \ Y \ fv Q}) (image_mset (nongens o fst) o mset_set o fst)"] + WHILEIT_rule[where I="split_INV2 Q" and R="measure (\(\fin, _). card \fin)"]) + (auto simp: wf_mult finite_subset_wf split_step_in_mult + conj_disj_distribR ex_disj_distrib card_gt_0_iff image_image image_Un + insert_commute ac_simps UNION_singleton_eq_range simplified_assemble + split_INV1_init split_INV1_step split_INV1_decreases + split_INV2_init split_INV2_step split_INV2_decreases + split_INV2_stop_fin_sr split_INV2_stop_inf_sr split_INV2_stop_FV split_INV2_stop_EVAL) + +(*<*) +end +(*>*) diff --git a/thys/Safe_Range_RC/Restrict_Frees_Impl.thy b/thys/Safe_Range_RC/Restrict_Frees_Impl.thy new file mode 100644 --- /dev/null +++ b/thys/Safe_Range_RC/Restrict_Frees_Impl.thy @@ -0,0 +1,145 @@ +(*<*) +theory Restrict_Frees_Impl +imports + Restrict_Bounds_Impl + Restrict_Frees +begin +(*>*) + +section \Refining the Non-Deterministic @{term simplification.split} Function\ + +definition "fixfree_impl \ = map (apsnd set) (filter (\(Q, _ :: (nat \ nat) list). \x \ fv Q. gen_impl x Q = []) + (sorted_list_of_set ((apsnd sorted_list_of_set) ` \)))" + +definition "nongens_impl Q = filter (\x. gen_impl x Q = []) (sorted_list_of_set (fv Q))" + +lemma set_nongens_impl: "set (nongens_impl Q) = nongens Q" + by (auto simp: nongens_def nongens_impl_def set_gen_impl simp flip: List.set_empty) + +lemma set_fixfree_impl: "finite \ \ \(_, Qeq) \ \. finite Qeq \ set (fixfree_impl \) = fixfree \" + by (fastforce simp: fixfree_def nongens_def fixfree_impl_def set_gen_impl image_iff apsnd_def map_prod_def + simp flip: List.set_empty split: prod.splits intro: exI[of _ "sorted_list_of_set _"]) + +lemma fixfree_empty_iff: "finite \ \ \(_, Qeq) \ \. finite Qeq \ fixfree \ \ {} \ fixfree_impl \ \ []" + by (auto simp: set_fixfree_impl dest: arg_cong[of _ _ set] simp flip: List.set_empty) + +definition "inf_impl \fin Q = + map (apsnd set) (filter (\(Qfix, xys). disjointvars Qfix (set xys) \ {} \ fv Qfix \ Field (set xys) \ fv Q) + (sorted_list_of_set ((apsnd sorted_list_of_set) ` \fin)))" + +lemma set_inf_impl: "finite \fin \ \(_, Qeq) \ \fin. finite Qeq \ set (inf_impl \fin Q) = inf \fin Q" + by (fastforce simp: inf_def inf_impl_def image_iff) + +lemma inf_empty_iff: "finite \fin \ \(_, Qeq) \ \fin. finite Qeq \ inf \fin Q \ {} \ inf_impl \fin Q \ []" + by (auto simp: set_inf_impl dest: arg_cong[of _ _ set] simp flip: List.set_empty) + +definition (in simplification) split_impl :: "('a :: {infinite, linorder}, 'b :: linorder) fmla \ (('a, 'b) fmla \ ('a, 'b) fmla) nres" where + "split_impl Q = do { + Q' \ rb_impl Q; + \pair \ WHILE + (\(\fin, _). fixfree_impl \fin \ []) (\(\fin, \inf). do { + (Qfix, Qeq) \ RETURN (hd (fixfree_impl \fin)); + x \ RETURN (hd (nongens_impl Qfix)); + G \ RETURN (hd (cov_impl x Qfix)); + let \fin = \fin - {(Qfix, Qeq)} \ + {(simp (Conj Qfix (DISJ (qps G))), Qeq)} \ + (\y \ eqs x G. {(cp (Qfix[x \<^bold>\ y]), Qeq \ {(x,y)})}); + let \inf = \inf \ {cp (Qfix \<^bold>\ x)}; + RETURN (\fin, \inf)}) + ({(Q', {})}, {}); + \pair \ WHILE + (\(\fin, _). inf_impl \fin Q \ []) (\(\fin, \inf). do { + Qpair \ RETURN (hd (inf_impl \fin Q)); + let \fin = \fin - {Qpair}; + let \inf = \inf \ {CONJ Qpair}; + RETURN (\fin, \inf)}) + \pair; + let (Qfin, Qinf) = assemble \pair; + Qinf \ rb_impl Qinf; + RETURN (Qfin, Qinf)}" + +lemma (in simplification) split_INV2_imp_split_INV1: "split_INV2 Q \pair \ split_INV1 Q \pair" + unfolding split_INV1_def split_INV2_def wf_state_def sr_def by auto + +lemma hd_fixfree_impl_props: + assumes "finite \" "\(_, Qeq) \ \. finite Qeq" "fixfree_impl \ \ []" + shows "hd (fixfree_impl \) \ \" "nongens (fst (hd (fixfree_impl \))) \ {}" +proof - + from hd_in_set[of "fixfree_impl \"] assms(3) have "hd (fixfree_impl \) \ set (fixfree_impl \)" + by blast + then have "hd (fixfree_impl \) \ fixfree \" + by (auto simp: set_fixfree_impl assms(1,2)) + then show "hd (fixfree_impl \) \ \" "nongens (fst (hd (fixfree_impl \))) \ {}" + unfolding fixfree_def by auto +qed + +lemma (in simplification) split_impl_refines_split: "split_impl Q \ split Q" + apply (unfold split_def split_impl_def Let_def) + supply rb_impl_refines_rb[refine_mono] + apply refine_mono + apply (rule order_trans[OF WHILE_le_WHILEI[where I="split_INV1 Q"]]) + apply (rule order_trans[OF WHILEI_le_WHILEIT]) + apply (rule WHILEIT_refine[OF _ _ _ refine_IdI, THEN refine_IdD]) + apply (simp_all only: pair_in_Id_conv split: prod.splits) [4] + apply (intro allI impI, hypsubst_thin) + apply (subst fixfree_empty_iff; auto simp: split_INV1_def wf_state_def) + apply (intro allI impI, simp only: prod.inject, elim conjE, hypsubst_thin) + apply refine_mono + apply (subst set_fixfree_impl[symmetric]; auto simp: split_INV1_def wf_state_def intro!: hd_in_set) + apply clarsimp + subgoal for Q' \fin \inf Qfix Qeq Qfix' Qeq' + using hd_fixfree_impl_props(2)[of \fin] + by (force simp: split_INV1_def wf_state_def set_nongens_impl[symmetric] dest!: sym[of "(Qfix', _)"] intro!: hd_in_set) + apply clarsimp + subgoal for Q' \fin \inf Qfix Qeq Qfix' Qeq' + apply (intro RETURN_rule cov_impl_cov hd_in_set rrb_cov_impl) + using hd_fixfree_impl_props(1)[of \fin] + by (force simp: split_INV1_def wf_state_def dest!: sym[of "(Qfix', _)"]) + apply (rule order_trans[OF WHILE_le_WHILEI[where I="split_INV1 Q"]]) + apply (rule order_trans[OF WHILEI_le_WHILEIT]) + apply (rule WHILEIT_refine[OF _ _ _ refine_IdI, THEN refine_IdD]) + apply (simp_all only: pair_in_Id_conv split_INV2_imp_split_INV1 split: prod.splits) [4] + apply (intro allI impI, simp only: prod.inject, elim conjE, hypsubst_thin) + apply (subst inf_empty_iff; auto simp: split_INV2_def wf_state_def) + apply (intro allI impI, simp only: prod.inject, elim conjE, hypsubst_thin) + apply refine_mono + apply (subst set_inf_impl[symmetric]; auto simp: split_INV2_def wf_state_def intro!: hd_in_set) + done + +definition (in simplification) split_impl_det :: "('a :: {infinite, linorder}, 'b :: linorder) fmla \ (('a, 'b) fmla \ ('a, 'b) fmla) dres" where + "split_impl_det Q = do { + Q' \ rb_impl_det Q; + \pair \ dWHILE + (\(\fin, _). fixfree_impl \fin \ []) (\(\fin, \inf). do { + (Qfix, Qeq) \ dRETURN (hd (fixfree_impl \fin)); + x \ dRETURN (hd (nongens_impl Qfix)); + G \ dRETURN (hd (cov_impl x Qfix)); + let \fin = \fin - {(Qfix, Qeq)} \ + {(simp (Conj Qfix (DISJ (qps G))), Qeq)} \ + (\y \ eqs x G. {(cp (Qfix[x \<^bold>\ y]), Qeq \ {(x,y)})}); + let \inf = \inf \ {cp (Qfix \<^bold>\ x)}; + dRETURN (\fin, \inf)}) + ({(Q', {})}, {}); + \pair \ dWHILE + (\(\fin, _). inf_impl \fin Q \ []) (\(\fin, \inf). do { + Qpair \ dRETURN (hd (inf_impl \fin Q)); + let \fin = \fin - {Qpair}; + let \inf = \inf \ {CONJ Qpair}; + dRETURN (\fin, \inf)}) + \pair; + let (Qfin, Qinf) = assemble \pair; + Qinf \ rb_impl_det Qinf; + dRETURN (Qfin, Qinf)}" + +lemma (in simplification) split_impl_det_refines_split_impl: "nres_of (split_impl_det Q) \ split_impl Q" + unfolding split_impl_def split_impl_det_def Let_def + by (refine_transfer rb_impl_det_refines_rb_impl) + +lemmas (in simplification) SPLIT_correct = + split_impl_det_refines_split_impl[THEN order_trans, OF + split_impl_refines_split[THEN order_trans, OF + split_correct]] + +(*<*) +end +(*>*) \ No newline at end of file diff --git a/thys/Safe_Range_RC/Results.thy b/thys/Safe_Range_RC/Results.thy new file mode 100644 --- /dev/null +++ b/thys/Safe_Range_RC/Results.thy @@ -0,0 +1,72 @@ +(*<*) +theory Results +imports Examples +begin +(*>*) + +section \Collected Results from the ICDT'22 Paper\ + +global_interpretation icdt22: simplification "\x. x" "\x. True" + by standard auto + +lemma cov_eval_fin: + assumes "cov x (Q :: ('a :: {infinite, linorder}, 'b :: linorder) fmla) G" "x \ fv Q" + "finite (adom I)" "\\. \ sat (Q \<^bold>\ x) I \" + shows "eval Q I = eval (Disj (Conj Q (DISJ (qps G))) (DISJ ((\y. Conj (cp (Q[x \<^bold>\ y])) (x \ y)) ` eqs x G))) I" + using assms + by (intro trans[OF icdt22.cov_eval_fin[OF assms]]) + (auto 0 3 simp: eval_def fv_subst intro!: arg_cong[of _ _ "\X. eval_on X _ _"] + dest!: fv_DISJ[THEN set_mp, rotated 1] fv_cp[THEN set_mp] + dest: cov_fv[OF _ _ qps_in] cov_fv[OF _ _ eqs_in]) + +text \Remapping the formalization statements to the lemma's from the paper:\ + +lemmas icdt22_lemma_1 = gen_fv gen_sat gen_cp_erase +lemmas icdt22_definition_2 = sub.simps nongens_def rrb_def sr_def +lemmas icdt22_lemma_3 = ex_cov cov_sat_erase +lemmas icdt22_lemma_4 = cov_fv cov_equiv[OF _ refl] +lemmas icdt22_lemma_5 = icdt22.cov_Exists_equiv +lemmas icdt22_example_6 = ex_rb_Q_susp_user[unfolded + Q_susp_user_def Q_susp_user_rb_def] +lemmas icdt22_lemma_7 = cov_eval_fin cov_eval_inf +lemmas icdt22_lemma_8 = inres_SPEC[OF _ icdt22.rb_correct[unfolded icdt22.rb_spec_def, simplified], of Q Q' for Q Q'] +lemmas icdt22_lemma_9 = inres_SPEC[OF _ icdt22.split_correct[unfolded icdt22.split_spec_def FV_def EVAL_def, simplified], + of Q "(Qfin, Qinf)" for Q Qfin Qinf, simplified] +lemmas icdt22_example_10 = ex_split_Q_disj[unfolded + Q_disj_def Q_disj_split_fin_def Q_disj_split_inf_def] +lemmas icdt22_example_11 = ex_split_Q_eq[unfolded + Q_eq_def Q_eq_split_fin_def Q_eq_split_inf_def] +lemmas icdt22_example_12 = ex_split_Q_susp_user[unfolded + Q_susp_user_def Q_susp_user_split_fin_def Q_susp_user_split_inf_def] + + +text \Additionally, here are the correctness statements for the algorithm variants with + intermediate constant propagation (which are used in the examples):\ + +lemmas icdt22_lemma_8' = inres_SPEC[OF _ extra_cp.RB_correct[unfolded extra_cp.rb_spec_def], simplified, of Q Q' for Q Q'] +lemmas icdt22_lemma_9' = inres_SPEC[OF _ extra_cp.SPLIT_correct[unfolded extra_cp.split_spec_def FV_def EVAL_def, simplified], + of Q "(Qfin, Qinf)" for Q Qfin Qinf, simplified] + +text \Now, we summarize the formally verified results from +our ICDT'22 paper~\cite{DBLP:conf/icdt/RaszykBKT22}: +\begin{description} +\item[@{thm [source] icdt22_lemma_1}:] @{thm icdt22_lemma_1[no_vars]} +\item[@{thm [source] icdt22_definition_2}:] @{thm icdt22_definition_2[no_vars]} +\item[@{thm [source] icdt22_lemma_3}:] @{thm icdt22_lemma_3[no_vars]} +\item[@{thm [source] icdt22_lemma_4}:] @{thm icdt22_lemma_4[no_vars]} +\item[@{thm [source] icdt22_lemma_5}:] @{thm icdt22_lemma_5[no_vars]} +\item[@{thm [source] icdt22_example_6}:] @{thm icdt22_example_6[no_vars]} +\item[@{thm [source] icdt22_lemma_7}:] @{thm icdt22_lemma_7[no_vars]} +\item[@{thm [source] icdt22_lemma_8}:] @{thm icdt22_lemma_8[no_vars]} +\item[@{thm [source] icdt22_lemma_9}:] @{thm icdt22_lemma_9[no_vars]} +\item[@{thm [source] icdt22_lemma_8'}:] @{thm icdt22_lemma_8'[no_vars]} +\item[@{thm [source] icdt22_lemma_9'}:] @{thm icdt22_lemma_9'[no_vars]} +\item[@{thm [source] icdt22_example_10}:] @{thm icdt22_example_10[no_vars]} +\item[@{thm [source] icdt22_example_11}:] @{thm icdt22_example_11[no_vars]} +\item[@{thm [source] icdt22_example_12}:] @{thm icdt22_example_12[no_vars]} +\end{description} +\ + +(*<*) +end +(*>*) \ No newline at end of file diff --git a/thys/Safe_Range_RC/document/root.bib b/thys/Safe_Range_RC/document/root.bib new file mode 100644 --- /dev/null +++ b/thys/Safe_Range_RC/document/root.bib @@ -0,0 +1,27 @@ +@inproceedings{DBLP:conf/icdt/RaszykBKT22, + author = {Martin Raszyk and + David A. Basin and + Srdan Krstic and + Dmitriy Traytel}, + editor = {Dan Olteanu and + Nils Vortmeier}, + title = {Practical Relational Calculus Query Evaluation}, + booktitle = {{ICDT} 2022}, + series = {LIPIcs}, + volume = {220}, + pages = {11:1--11:21}, + publisher = {Schloss Dagstuhl - Leibniz-Zentrum f{\"{u}}r Informatik}, + year = {2022}, + doi = {10.4230/LIPIcs.ICDT.2022.11}, +} + +@book{DBLP:books/aw/AbiteboulHV95, + author = {Serge Abiteboul and + Richard Hull and + Victor Vianu}, + title = {Foundations of Databases}, + publisher = {Addison-Wesley}, + year = {1995}, + url = {http://webdam.inria.fr/Alice/}, + isbn = {0-201-53771-0}, +} \ No newline at end of file diff --git a/thys/Safe_Range_RC/document/root.tex b/thys/Safe_Range_RC/document/root.tex new file mode 100644 --- /dev/null +++ b/thys/Safe_Range_RC/document/root.tex @@ -0,0 +1,71 @@ +\documentclass[10pt,a4paper]{article} +\usepackage[T1]{fontenc} +\usepackage{isabelle,isabellesym} +\usepackage{a4wide} +\usepackage[english]{babel} +\usepackage{eufrak} +\usepackage{amssymb} + +% this should be the last package used +\usepackage{pdfsetup} + +% urls in roman style, theory text in math-similar italics +\urlstyle{rm} +\isabellestyle{literal} + + +\begin{document} + +\title{Making Arbitrary Relational Calculus Queries Safe-Range} +\author{Martin Raszyk \and Dmitriy Traytel} + +\maketitle + +\begin{abstract} + +The relational calculus (RC), i.e., first-order logic with equality but without +function symbols, is a concise, declarative database query language. In +contrast to relational algebra or SQL, which are the traditional query +languages of choice in the database community, RC queries can evaluate to an +infinite relation. Moreover, even in cases where the evaluation result of an RC +query would be finite it is not clear how to efficiently compute it. Safe-range +RC is an interesting syntactic subclass of RC, because all safe-range queries +evaluate to a finite result and it is +well-known~\cite[\S5.4]{DBLP:books/aw/AbiteboulHV95} how to evaluate such +queries by translating them to relational algebra. We formalize and prove +correct our recent translation~\cite{DBLP:conf/icdt/RaszykBKT22} of an +arbitrary RC query into a pair of safe-range queries. Assuming an infinite +domain, the two queries have the following meaning: The first is closed and +characterizes the original query's relative safety, i.e., whether given a fixed +database (interpretation of atomic predicates with finite relations), the +original query evaluates to a finite relation. The second safe-range query is +equivalent to the original query, if the latter is relatively safe. + +The formalization uses the Refinement Framework to go from the +non-deterministic algorithm described in the paper to a deterministic, +executable query translation. Our executable query translation is a first step +towards a verified tool that efficiently evaluates arbitrary RC queries. This +very problem is also solved by the AFP entry +\href{https://isa-afp.org/entries/Eval_FO.html}{Eval\_FO} with a theoretically +incomparable but practically worse time complexity. (The latter is demonstrated +by our empirical evaluation~\cite{DBLP:conf/icdt/RaszykBKT22}.) + +\end{abstract} + +\tableofcontents + +% sane default for proof documents +\parindent 0pt\parskip 0.5ex + +% generated text of all theories +\input{session} + +\bibliographystyle{abbrv} +\bibliography{root} + +\end{document} + +%%% Local Variables: +%%% mode: latex +%%% TeX-master: t +%%% End: diff --git a/web/authors/raszyk/index.html b/web/authors/raszyk/index.html --- a/web/authors/raszyk/index.html +++ b/web/authors/raszyk/index.html @@ -1,115 +1,122 @@ Martin Raszyk- Archive of Formal Proofs

Martin Raszyk

\ No newline at end of file diff --git a/web/authors/raszyk/index.xml b/web/authors/raszyk/index.xml --- a/web/authors/raszyk/index.xml +++ b/web/authors/raszyk/index.xml @@ -1,38 +1,47 @@ raszyk on Archive of Formal Proofs /authors/raszyk/ Recent content in raszyk on Archive of Formal Proofs Hugo -- gohugo.io en-gb - Tue, 15 Feb 2022 00:00:00 +0000 + Wed, 28 Sep 2022 00:00:00 +0000 + + Making Arbitrary Relational Calculus Queries Safe-Range + /entries/Safe_Range_RC.html + Wed, 28 Sep 2022 00:00:00 +0000 + + /entries/Safe_Range_RC.html + + + First-Order Query Evaluation /entries/Eval_FO.html Tue, 15 Feb 2022 00:00:00 +0000 /entries/Eval_FO.html Multi-Head Monitoring of Metric Dynamic Logic /entries/VYDRA_MDL.html Sun, 13 Feb 2022 00:00:00 +0000 /entries/VYDRA_MDL.html Formalization of an Optimized Monitoring Algorithm for Metric First-Order Dynamic Logic with Aggregations /entries/MFODL_Monitor_Optimized.html Thu, 09 Apr 2020 00:00:00 +0000 /entries/MFODL_Monitor_Optimized.html diff --git a/web/authors/traytel/index.html b/web/authors/traytel/index.html --- a/web/authors/traytel/index.html +++ b/web/authors/traytel/index.html @@ -1,262 +1,271 @@ Dmitriy Traytel- Archive of Formal Proofs

Dmitriy Traytel

Homepages 🌐

-

Entries

2021

+

Entries

2022

+ + +

2021

2020

2019

2018

2017

2016

2015

2014

2013

\ No newline at end of file diff --git a/web/authors/traytel/index.xml b/web/authors/traytel/index.xml --- a/web/authors/traytel/index.xml +++ b/web/authors/traytel/index.xml @@ -1,209 +1,218 @@ traytel on Archive of Formal Proofs /authors/traytel/ Recent content in traytel on Archive of Formal Proofs Hugo -- gohugo.io en-gb - Tue, 13 Apr 2021 00:00:00 +0000 + Wed, 28 Sep 2022 00:00:00 +0000 + + Making Arbitrary Relational Calculus Queries Safe-Range + /entries/Safe_Range_RC.html + Wed, 28 Sep 2022 00:00:00 +0000 + + /entries/Safe_Range_RC.html + + + Formalization of Timely Dataflow's Progress Tracking Protocol /entries/Progress_Tracking.html Tue, 13 Apr 2021 00:00:00 +0000 /entries/Progress_Tracking.html An Abstract Formalization of G&ouml;del's Incompleteness Theorems /entries/Goedel_Incompleteness.html Wed, 16 Sep 2020 00:00:00 +0000 /entries/Goedel_Incompleteness.html From Abstract to Concrete G&ouml;del's Incompleteness Theorems&mdash;Part I /entries/Goedel_HFSet_Semantic.html Wed, 16 Sep 2020 00:00:00 +0000 /entries/Goedel_HFSet_Semantic.html From Abstract to Concrete G&ouml;del's Incompleteness Theorems&mdash;Part II /entries/Goedel_HFSet_Semanticless.html Wed, 16 Sep 2020 00:00:00 +0000 /entries/Goedel_HFSet_Semanticless.html Robinson Arithmetic /entries/Robinson_Arithmetic.html Wed, 16 Sep 2020 00:00:00 +0000 /entries/Robinson_Arithmetic.html Syntax-Independent Logic Infrastructure /entries/Syntax_Independent_Logic.html Wed, 16 Sep 2020 00:00:00 +0000 /entries/Syntax_Independent_Logic.html A Formal Proof of The Chandy--Lamport Distributed Snapshot Algorithm /entries/Chandy_Lamport.html Tue, 21 Jul 2020 00:00:00 +0000 /entries/Chandy_Lamport.html Formalization of an Algorithm for Greedily Computing Associative Aggregations on Sliding Windows /entries/Sliding_Window_Algorithm.html Fri, 10 Apr 2020 00:00:00 +0000 /entries/Sliding_Window_Algorithm.html Formalization of an Optimized Monitoring Algorithm for Metric First-Order Dynamic Logic with Aggregations /entries/MFODL_Monitor_Optimized.html Thu, 09 Apr 2020 00:00:00 +0000 /entries/MFODL_Monitor_Optimized.html Formalization of a Monitoring Algorithm for Metric First-Order Temporal Logic /entries/MFOTL_Monitor.html Thu, 04 Jul 2019 00:00:00 +0000 /entries/MFOTL_Monitor.html Formalization of Generic Authenticated Data Structures /entries/LambdaAuth.html Tue, 14 May 2019 00:00:00 +0000 /entries/LambdaAuth.html A Verified Functional Implementation of Bachmair and Ganzinger's Ordered Resolution Prover /entries/Functional_Ordered_Resolution_Prover.html Fri, 23 Nov 2018 00:00:00 +0000 /entries/Functional_Ordered_Resolution_Prover.html Formalization of Bachmair and Ganzinger's Ordered Resolution Prover /entries/Ordered_Resolution_Prover.html Thu, 18 Jan 2018 00:00:00 +0000 /entries/Ordered_Resolution_Prover.html Operations on Bounded Natural Functors /entries/BNF_Operations.html Tue, 19 Dec 2017 00:00:00 +0000 /entries/BNF_Operations.html Abstract Soundness /entries/Abstract_Soundness.html Fri, 10 Feb 2017 00:00:00 +0000 /entries/Abstract_Soundness.html Formalization of Nested Multisets, Hereditary Multisets, and Syntactic Ordinals /entries/Nested_Multisets_Ordinals.html Sat, 12 Nov 2016 00:00:00 +0000 /entries/Nested_Multisets_Ordinals.html Derivatives of Logical Formulas /entries/Formula_Derivatives.html Thu, 28 May 2015 00:00:00 +0000 /entries/Formula_Derivatives.html A Zoo of Probabilistic Systems /entries/Probabilistic_System_Zoo.html Wed, 27 May 2015 00:00:00 +0000 /entries/Probabilistic_System_Zoo.html Decision Procedures for MSO on Words Based on Derivatives of Regular Expressions /entries/MSO_Regex_Equivalence.html Thu, 12 Jun 2014 00:00:00 +0000 /entries/MSO_Regex_Equivalence.html Abstract Completeness /entries/Abstract_Completeness.html Wed, 16 Apr 2014 00:00:00 +0000 /entries/Abstract_Completeness.html Unified Decision Procedures for Regular Expression Equivalence /entries/Regex_Equivalence.html Thu, 30 Jan 2014 00:00:00 +0000 /entries/Regex_Equivalence.html A Codatatype of Formal Languages /entries/Coinductive_Languages.html Fri, 15 Nov 2013 00:00:00 +0000 /entries/Coinductive_Languages.html diff --git a/web/data/keywords.json b/web/data/keywords.json --- a/web/data/keywords.json +++ b/web/data/keywords.json @@ -1,11196 +1,11236 @@ [{"id": 0, "keyword": "declarative first-order prover"}, {"id": 1, "keyword": "fusc function"}, {"id": 2, "keyword": "enabled transitions"}, {"id": 3, "keyword": "node labeled 1"}, {"id": 4, "keyword": "arbitrary user"}, {"id": 5, "keyword": "abstract automata types"}, {"id": 6, "keyword": "ground tree transducers"}, {"id": 7, "keyword": "homogeneous linear diophantine equations"}, {"id": 8, "keyword": "canonical matrix form"}, {"id": 9, "keyword": "computation models"}, {"id": 10, "keyword": "primes"}, {"id": 11, "keyword": "underlying decision procedure"}, {"id": 12, "keyword": "alpha"}, {"id": 13, "keyword": "stanford encyclopedia"}, {"id": 14, "keyword": "macaulay matrices"}, {"id": 15, "keyword": "excluding point sequences"}, {"id": 16, "keyword": "combinatorial argument"}, {"id": 17, "keyword": "basic geometric properties"}, {"id": 18, "keyword": "hash functions"}, {"id": 19, "keyword": "randomised binary search trees"}, {"id": 20, "keyword": "markov decision processes"}, {"id": 21, "keyword": "itp-2015 peter lammich"}, {"id": 22, "keyword": "word equations"}, {"id": 23, "keyword": "special combination"}, {"id": 24, "keyword": "qualitative applications"}, {"id": 25, "keyword": "signed words"}, {"id": 26, "keyword": "invariant generation"}, {"id": 27, "keyword": "fast iterative algorithm"}, {"id": 28, "keyword": "lens laws"}, {"id": 29, "keyword": "nodes labeled"}, {"id": 30, "keyword": "protocol transcript"}, {"id": 31, "keyword": "formalizing compiler transformations"}, {"id": 32, "keyword": "common set"}, {"id": 33, "keyword": "deterministic state machine"}, {"id": 34, "keyword": "generate executable code"}, {"id": 35, "keyword": "application programming interface"}, {"id": 36, "keyword": "superposition rules"}, {"id": 37, "keyword": "context-free languages"}, {"id": 38, "keyword": "model satisfies"}, {"id": 39, "keyword": "achieve consensus"}, {"id": 40, "keyword": "exception compilation scheme"}, {"id": 41, "keyword": "fixed arbitrary length"}, {"id": 42, "keyword": "security property"}, {"id": 43, "keyword": "totient function phi"}, {"id": 44, "keyword": "verify theorems"}, {"id": 45, "keyword": "poplmark challenge designed"}, {"id": 46, "keyword": "finite closed semantic tree"}, {"id": 47, "keyword": "saturation theorem proving"}, {"id": 48, "keyword": "unification algorithm"}, {"id": 49, "keyword": "complicated translation layer"}, {"id": 50, "keyword": "chords intersect"}, {"id": 51, "keyword": "deliverable d31"}, {"id": 52, "keyword": "generate human-readable secav proofs"}, {"id": 53, "keyword": "constructor calls occuring"}, {"id": 54, "keyword": "ciphertext attacks"}, {"id": 55, "keyword": "del"}, {"id": 56, "keyword": "model total correctness"}, {"id": 57, "keyword": "ramsey theory"}, {"id": 58, "keyword": "effectful computations"}, {"id": 59, "keyword": "lazy sequences"}, {"id": 60, "keyword": "underlying graph"}, {"id": 61, "keyword": "algebraic setting"}, {"id": 62, "keyword": "resulting code"}, {"id": 63, "keyword": "method called separata"}, {"id": 64, "keyword": "technische universit"}, {"id": 65, "keyword": "publisher subscriber pattern"}, {"id": 66, "keyword": "completeness proof"}, {"id": 67, "keyword": "function spaces"}, {"id": 68, "keyword": "inference step"}, {"id": 69, "keyword": "package logic"}, {"id": 70, "keyword": "minimal unsatisfiable cores"}, {"id": 71, "keyword": "compositional theory"}, {"id": 72, "keyword": "programming languages sml"}, {"id": 73, "keyword": "residuated transition system"}, {"id": 74, "keyword": "quotient construction"}, {"id": 75, "keyword": "monadic language"}, {"id": 76, "keyword": "discrete"}, {"id": 77, "keyword": "deductive system"}, {"id": 78, "keyword": "store buffer"}, {"id": 79, "keyword": "optimized variant"}, {"id": 80, "keyword": "target-language expression"}, {"id": 81, "keyword": "refinement-based theorem proving approach"}, {"id": 82, "keyword": "cyclic groups"}, {"id": 83, "keyword": "formal puiseux series"}, {"id": 84, "keyword": "replicated growable array"}, {"id": 85, "keyword": "axiomatic network model"}, {"id": 86, "keyword": "lifting invariants"}, {"id": 87, "keyword": "finite games"}, {"id": 88, "keyword": "work focuses"}, {"id": 89, "keyword": "detects unsatisfiability"}, {"id": 90, "keyword": "unifies previous formalisations"}, {"id": 91, "keyword": "semantic model"}, {"id": 92, "keyword": "important classes"}, {"id": 93, "keyword": "ground resolution"}, {"id": 94, "keyword": "accesses memory locations"}, {"id": 95, "keyword": "alternatives"}, {"id": 96, "keyword": "linux-based router"}, {"id": 97, "keyword": "counit natural transformations"}, {"id": 98, "keyword": "simple compilation function"}, {"id": 99, "keyword": "check high-level security goals"}, {"id": 100, "keyword": "specific isomorphism expressing"}, {"id": 101, "keyword": "computation traces"}, {"id": 102, "keyword": "floating-point arithmetic"}, {"id": 103, "keyword": "power sum polynomials"}, {"id": 104, "keyword": "efficient binary search"}, {"id": 105, "keyword": "application"}, {"id": 106, "keyword": "dependent security type system"}, {"id": 107, "keyword": "regular algebra hierarchy"}, {"id": 108, "keyword": "recursive fashion"}, {"id": 109, "keyword": "traditional query plan optimizations"}, {"id": 110, "keyword": "employs reasoning"}, {"id": 111, "keyword": "universal tool"}, {"id": 112, "keyword": "detailed description"}, {"id": 113, "keyword": "hol function"}, {"id": 114, "keyword": "real roots"}, {"id": 115, "keyword": "abrupt termination"}, {"id": 116, "keyword": "theology"}, {"id": 117, "keyword": "coinductive natural numbers"}, {"id": 118, "keyword": "mutually-recursive definition"}, {"id": 119, "keyword": "exotic terms"}, {"id": 120, "keyword": "conference certified programs"}, {"id": 121, "keyword": "graph lemma quantifies"}, {"id": 122, "keyword": "complementary semigroups"}, {"id": 123, "keyword": "encoding function"}, {"id": 124, "keyword": "division algorithms"}, {"id": 125, "keyword": "fixed prime"}, {"id": 126, "keyword": "separate afp entry"}, {"id": 127, "keyword": "integrated memory models"}, {"id": 128, "keyword": "avl trees"}, {"id": 129, "keyword": "theorem relates"}, {"id": 130, "keyword": "custom induction rules"}, {"id": 131, "keyword": "interdisciplinary project"}, {"id": 132, "keyword": "effective procedure"}, {"id": 133, "keyword": "uniform semantic substrate"}, {"id": 134, "keyword": "simulation-based proofs"}, {"id": 135, "keyword": "number"}, {"id": 136, "keyword": "basic definitions"}, {"id": 137, "keyword": "stepwise refinement"}, {"id": 138, "keyword": "kleene relation algebras"}, {"id": 139, "keyword": "implemented tail recursively"}, {"id": 140, "keyword": "high efficiency"}, {"id": 141, "keyword": "implement translation functions"}, {"id": 142, "keyword": "secure messaging channel established"}, {"id": 143, "keyword": "executable code"}, {"id": 144, "keyword": "church-style simply-typed"}, {"id": 145, "keyword": "uniquely determined polynomial combination"}, {"id": 146, "keyword": "efficient variable-length codes"}, {"id": 147, "keyword": "proof reuses"}, {"id": 148, "keyword": "assertoric syllogistic"}, {"id": 149, "keyword": "simple graphs"}, {"id": 150, "keyword": "careful presentation"}, {"id": 151, "keyword": "inductive unwinding theorem"}, {"id": 152, "keyword": "completely subsumes"}, {"id": 153, "keyword": "klein-beltrami model"}, {"id": 154, "keyword": "timed coordination"}, {"id": 155, "keyword": "factoring algorithm"}, {"id": 156, "keyword": "software tool"}, {"id": 157, "keyword": "fully corrupted"}, {"id": 158, "keyword": "reverse post order number"}, {"id": 159, "keyword": "-dimensional cube"}, {"id": 160, "keyword": "recursive procedures"}, {"id": 161, "keyword": "easily generate elements"}, {"id": 162, "keyword": "data types"}, {"id": 163, "keyword": "sat solver written"}, {"id": 164, "keyword": "orthogonal transformations"}, {"id": 165, "keyword": "input lists"}, {"id": 166, "keyword": "algebras based"}, {"id": 167, "keyword": "higher-order functions"}, {"id": 168, "keyword": "memory resolve"}, {"id": 169, "keyword": "bound depends"}, {"id": 170, "keyword": "authorized path"}, {"id": 171, "keyword": "niederreiter"}, {"id": 172, "keyword": "guard protocols"}, {"id": 173, "keyword": "derangements formula describes"}, {"id": 174, "keyword": "general properties"}, {"id": 175, "keyword": "partially filled"}, {"id": 176, "keyword": "solve clique"}, {"id": 177, "keyword": "kleene normal form"}, {"id": 178, "keyword": "processing components"}, {"id": 179, "keyword": "neutral absolute space"}, {"id": 180, "keyword": "left part"}, {"id": 181, "keyword": "component behavior"}, {"id": 182, "keyword": "distributing interest"}, {"id": 183, "keyword": "bisimilarity coincides"}, {"id": 184, "keyword": "abstract hilbert-style"}, {"id": 185, "keyword": "finite types"}, {"id": 186, "keyword": "decides language emptiness"}, {"id": 187, "keyword": "semantic annotations"}, {"id": 188, "keyword": "lift universally quantified equations"}, {"id": 189, "keyword": "synchronous step semantics"}, {"id": 190, "keyword": "compositional analysis"}, {"id": 191, "keyword": "handle binding"}, {"id": 192, "keyword": "quantifier elimination procedures"}, {"id": 193, "keyword": "fairly extensive set"}, {"id": 194, "keyword": "network"}, {"id": 195, "keyword": "strong law"}, {"id": 196, "keyword": "separation logic"}, {"id": 197, "keyword": "confidentiality verification"}, {"id": 198, "keyword": "automatic search"}, {"id": 199, "keyword": "important meta-theoretic results"}, {"id": 200, "keyword": "cartesian category"}, {"id": 201, "keyword": "dedicated encoding"}, {"id": 202, "keyword": "beth hintikka style"}, {"id": 203, "keyword": "university-level computer science curriculum"}, {"id": 204, "keyword": "transitive class"}, {"id": 205, "keyword": "quantum measurements"}, {"id": 206, "keyword": "enable easy integration"}, {"id": 207, "keyword": "free variables"}, {"id": 208, "keyword": "checking c1-information"}, {"id": 209, "keyword": "binding sequences"}, {"id": 210, "keyword": "full automation"}, {"id": 211, "keyword": "fixed bound"}, {"id": 212, "keyword": "basis reduction algorithm"}, {"id": 213, "keyword": "unsorted list deterministically"}, {"id": 214, "keyword": "boolean functions"}, {"id": 215, "keyword": "support"}, {"id": 216, "keyword": "mathcal"}, {"id": 217, "keyword": "main goal"}, {"id": 218, "keyword": "gale stewart theorem"}, {"id": 219, "keyword": "combinatorial proof"}, {"id": 220, "keyword": "monadic second-order logic"}, {"id": 221, "keyword": "preservation lemmas"}, {"id": 222, "keyword": "finite symbolic execution graph"}, {"id": 223, "keyword": "compiler rewrite rules"}, {"id": 224, "keyword": "conditions"}, {"id": 225, "keyword": "conditional equality operators"}, {"id": 226, "keyword": "binary tree"}, {"id": 227, "keyword": "executable framework"}, {"id": 228, "keyword": "final states"}, {"id": 229, "keyword": "simple firewall model"}, {"id": 230, "keyword": "simply transforms"}, {"id": 231, "keyword": "conclude wrong results"}, {"id": 232, "keyword": "embedded logic"}, {"id": 233, "keyword": "o-automata framework"}, {"id": 234, "keyword": "semantical representation"}, {"id": 235, "keyword": "basic file operations"}, {"id": 236, "keyword": "point-wise reasoning"}, {"id": 237, "keyword": "generalized multiset ordering"}, {"id": 238, "keyword": "numerous instances"}, {"id": 239, "keyword": "run construction rules"}, {"id": 240, "keyword": "semantic engine"}, {"id": 241, "keyword": "global context transformations"}, {"id": 242, "keyword": "cutting truncating sets"}, {"id": 243, "keyword": "industrial separation kernel"}, {"id": 244, "keyword": "existing afp-entry"}, {"id": 245, "keyword": "sufficiently efficient"}, {"id": 246, "keyword": "holcf package"}, {"id": 247, "keyword": "linear ordered fields"}, {"id": 248, "keyword": "hancl asserting"}, {"id": 249, "keyword": "concurrent choice"}, {"id": 250, "keyword": "normalisation procedures"}, {"id": 251, "keyword": "abstract algorithms closely"}, {"id": 252, "keyword": "algebraic closure"}, {"id": 253, "keyword": "cycle matroid"}, {"id": 254, "keyword": "term occurring"}, {"id": 255, "keyword": "arbitrary ring"}, {"id": 256, "keyword": "concrete protocols variants"}, {"id": 257, "keyword": "carrier set"}, {"id": 258, "keyword": "compositional algorithm exploits acyclicity"}, {"id": 259, "keyword": "refinement techniques"}, {"id": 260, "keyword": "bayesian regression presented"}, {"id": 261, "keyword": "natural transformations simply"}, {"id": 262, "keyword": "continuous functions"}, {"id": 263, "keyword": "possibilistic noninterference afp entry"}, {"id": 264, "keyword": "target language"}, {"id": 265, "keyword": "require guardedness up-"}, {"id": 266, "keyword": "elementary proof exist"}, {"id": 267, "keyword": "linear algebra libraries"}, {"id": 268, "keyword": "profound formalism"}, {"id": 269, "keyword": "exchanging data"}, {"id": 270, "keyword": "braun trees"}, {"id": 271, "keyword": "fully connected subgraph"}, {"id": 272, "keyword": "existing secav system"}, {"id": 273, "keyword": "non-negative real matrix"}, {"id": 274, "keyword": "proof assistant coq"}, {"id": 275, "keyword": "static program analysis"}, {"id": 276, "keyword": "contact gerwin"}, {"id": 277, "keyword": "algorithm factors polynomials"}, {"id": 278, "keyword": "subresultant polynomial remainder sequence"}, {"id": 279, "keyword": "ipurge unwinding theorem"}, {"id": 280, "keyword": "standard superposition calculus corresponds"}, {"id": 281, "keyword": "logarithmic relationship"}, {"id": 282, "keyword": "rabin automata"}, {"id": 283, "keyword": "time domain"}, {"id": 284, "keyword": "code rate"}, {"id": 285, "keyword": "stochastic matrix"}, {"id": 286, "keyword": "analyze similar algorithms"}, {"id": 287, "keyword": "short explanation"}, {"id": 288, "keyword": "negative integers"}, {"id": 289, "keyword": "prime number theorem builds"}, {"id": 290, "keyword": "routing policies"}, {"id": 291, "keyword": "research project"}, {"id": 292, "keyword": "field extensions"}, {"id": 293, "keyword": "invariant based programming"}, {"id": 294, "keyword": "development longer"}, {"id": 295, "keyword": "polynomial sequences"}, {"id": 296, "keyword": "automatically calculated"}, {"id": 297, "keyword": "practical algebraic calculus"}, {"id": 298, "keyword": "kind mapped"}, {"id": 299, "keyword": "cambridge lecture notes topics"}, {"id": 300, "keyword": "maximum element"}, {"id": 301, "keyword": "solved deterministically"}, {"id": 302, "keyword": "under-approximate relational logic"}, {"id": 303, "keyword": "fixed points"}, {"id": 304, "keyword": "ring theory development"}, {"id": 305, "keyword": "direct formalisation"}, {"id": 306, "keyword": "suitably extending paulson"}, {"id": 307, "keyword": "theorems hold"}, {"id": 308, "keyword": "separation logic theory"}, {"id": 309, "keyword": "small step operational semantics"}, {"id": 310, "keyword": "constant upper bound"}, {"id": 311, "keyword": "verifying network security policies"}, {"id": 312, "keyword": "key contribution"}, {"id": 313, "keyword": "herbrand universe"}, {"id": 314, "keyword": "class-free constants"}, {"id": 315, "keyword": "slightly extended"}, {"id": 316, "keyword": "icfp 2013 functional pearl"}, {"id": 317, "keyword": "separation logic framework"}, {"id": 318, "keyword": "component-based development approach"}, {"id": 319, "keyword": "previously unknown paradox"}, {"id": 320, "keyword": "homomorphic functions"}, {"id": 321, "keyword": "type class system"}, {"id": 322, "keyword": "radical expressions"}, {"id": 323, "keyword": "client-side javascript programs"}, {"id": 324, "keyword": "excluding cubic axioms"}, {"id": 325, "keyword": "concrete reachable states"}, {"id": 326, "keyword": "euclidean domains"}, {"id": 327, "keyword": "conversion functions"}, {"id": 328, "keyword": "diophantine sets"}, {"id": 329, "keyword": "important concepts"}, {"id": 330, "keyword": "finite state machines"}, {"id": 331, "keyword": "factorization algorithms"}, {"id": 332, "keyword": "abstract reference specification"}, {"id": 333, "keyword": "mark 1 machine"}, {"id": 334, "keyword": "applies induction"}, {"id": 335, "keyword": "itp 2017 paper"}, {"id": 336, "keyword": "article titled"}, {"id": 337, "keyword": "replacement rule"}, {"id": 338, "keyword": "respect stream equivalence"}, {"id": 339, "keyword": "purely functional implementation based"}, {"id": 340, "keyword": "affine scheme"}, {"id": 341, "keyword": "native sequential consistency"}, {"id": 342, "keyword": "non-deterministic languages"}, {"id": 343, "keyword": "dom revealed numerous invariants"}, {"id": 344, "keyword": "falsely claims"}, {"id": 345, "keyword": "future articles"}, {"id": 346, "keyword": "non-elementary worst-case blow-"}, {"id": 347, "keyword": "ascending priority"}, {"id": 348, "keyword": "abstract syntax"}, {"id": 349, "keyword": "logics"}, {"id": 350, "keyword": "random"}, {"id": 351, "keyword": "verified code"}, {"id": 352, "keyword": "extension theorem employing terminology"}, {"id": 353, "keyword": "features monadic types"}, {"id": 354, "keyword": "goto rule"}, {"id": 355, "keyword": "ruzsa triangle inequality"}, {"id": 356, "keyword": "high-level specification language jml"}, {"id": 357, "keyword": "routh-hurwitz stability criterion"}, {"id": 358, "keyword": "single-source shortest path problem"}, {"id": 359, "keyword": "monadic refinement framework"}, {"id": 360, "keyword": "datatypes generated"}, {"id": 361, "keyword": "significant confidentiality theorems"}, {"id": 362, "keyword": "identified inconsistencies"}, {"id": 363, "keyword": "extremal graph theory"}, {"id": 364, "keyword": "bnfcc structure"}, {"id": 365, "keyword": "flow saturates"}, {"id": 366, "keyword": "acceptance rejection decisions"}, {"id": 367, "keyword": "main motivation"}, {"id": 368, "keyword": "van oostrom"}, {"id": 369, "keyword": "probability larger"}, {"id": 370, "keyword": "approximation polynomial based"}, {"id": 371, "keyword": "compositionality results"}, {"id": 372, "keyword": "implemented tactics"}, {"id": 373, "keyword": "strictly increasing"}, {"id": 374, "keyword": "formally connect"}, {"id": 375, "keyword": "clean development"}, {"id": 376, "keyword": "vincent rahli"}, {"id": 377, "keyword": "inherently based"}, {"id": 378, "keyword": "probabilistic model checking"}, {"id": 379, "keyword": "abstract ledger supporting"}, {"id": 380, "keyword": "common criteria full abstraction"}, {"id": 381, "keyword": "client-side web applications"}, {"id": 382, "keyword": "standard types"}, {"id": 383, "keyword": "represents dominators"}, {"id": 384, "keyword": "graph node"}, {"id": 385, "keyword": "sequentially consistent"}, {"id": 386, "keyword": "rely quotient"}, {"id": 387, "keyword": "rose bohrer"}, {"id": 388, "keyword": "model refinement"}, {"id": 389, "keyword": "probabilistic behaviour"}, {"id": 390, "keyword": "function satisfies"}, {"id": 391, "keyword": "spectral theorem states"}, {"id": 392, "keyword": "symmetry property"}, {"id": 393, "keyword": "amortized logarithmic complexity"}, {"id": 394, "keyword": "detailed proof steps"}, {"id": 395, "keyword": "book markov decision processes"}, {"id": 396, "keyword": "equivalent forms"}, {"id": 397, "keyword": "tree automata technique"}, {"id": 398, "keyword": "verification tools"}, {"id": 399, "keyword": "applicative expressions"}, {"id": 400, "keyword": "sdss random dictatorship"}, {"id": 401, "keyword": "forward packets"}, {"id": 402, "keyword": "sturm proof method"}, {"id": 403, "keyword": "formulas obtained"}, {"id": 404, "keyword": "incredible proof machine"}, {"id": 405, "keyword": "multiplication"}, {"id": 406, "keyword": "real-world protocol"}, {"id": 407, "keyword": "ba12 mordechai ben-ari"}, {"id": 408, "keyword": "paper verified construction"}, {"id": 409, "keyword": "weighted graphs"}, {"id": 410, "keyword": "jinja source code semantics"}, {"id": 411, "keyword": "important consequences"}, {"id": 412, "keyword": "hol"}, {"id": 413, "keyword": "avoid circular reasoning"}, {"id": 414, "keyword": "multiple oblivious transfer"}, {"id": 415, "keyword": "consideration admits"}, {"id": 416, "keyword": "abductive reasoning"}, {"id": 417, "keyword": "facilitating developments"}, {"id": 418, "keyword": "base set"}, {"id": 419, "keyword": "coinductive terminated lists"}, {"id": 420, "keyword": "bor vka"}, {"id": 421, "keyword": "functor composition"}, {"id": 422, "keyword": "dedekind cuts"}, {"id": 423, "keyword": "mathematical structures"}, {"id": 424, "keyword": "253--269 cpp-2016 peter lammich"}, {"id": 425, "keyword": "previous work"}, {"id": 426, "keyword": "temporal specification technique"}, {"id": 427, "keyword": "fol theories extending"}, {"id": 428, "keyword": "control flow graph"}, {"id": 429, "keyword": "allowing formal reasoning"}, {"id": 430, "keyword": "collection semantics"}, {"id": 431, "keyword": "non-deterministic monad"}, {"id": 432, "keyword": "predicate"}, {"id": 433, "keyword": "partly commented"}, {"id": 434, "keyword": "related theorem"}, {"id": 435, "keyword": "john wickerson"}, {"id": 436, "keyword": "formally verified solver"}, {"id": 437, "keyword": "subsumption order"}, {"id": 438, "keyword": "write alpha"}, {"id": 439, "keyword": "afp article amortized complexity"}, {"id": 440, "keyword": "recursive fast fourier transform"}, {"id": 441, +"keyword": "executable query translation"}, +{"id": 442, "keyword": "automata classes"}, -{"id": 442, -"keyword": "current compression formats"}, {"id": 443, -"keyword": "minimum weight basis"}, +"keyword": "current compression formats"}, {"id": 444, +"keyword": "minimum weight basis"}, +{"id": 445, "keyword": "real numbers"}, -{"id": 445, +{"id": 446, "keyword": "larry paulson"}, -{"id": 446, +{"id": 447, "keyword": "completely factorize real"}, -{"id": 447, +{"id": 448, "keyword": "networking protocols"}, -{"id": 448, +{"id": 449, "keyword": "filtered sets"}, -{"id": 449, +{"id": 450, "keyword": "communicating sequential processes"}, -{"id": 450, +{"id": 451, "keyword": "fisher yates algorithm"}, -{"id": 451, +{"id": 452, "keyword": "basic elements"}, -{"id": 452, +{"id": 453, "keyword": "uniquely distinguish quantum states"}, -{"id": 453, +{"id": 454, "keyword": "alternate binomial theorem statement"}, -{"id": 454, -"keyword": "perfect logicians forbidden"}, {"id": 455, -"keyword": "complete test generation algorithms"}, +"keyword": "perfect logicians forbidden"}, {"id": 456, +"keyword": "complete test generation algorithms"}, +{"id": 457, "keyword": "verified heap functions"}, -{"id": 457, +{"id": 458, "keyword": "pace secure channel"}, -{"id": 458, +{"id": 459, "keyword": "coefficient functions"}, -{"id": 459, +{"id": 460, "keyword": "rule induction"}, -{"id": 460, +{"id": 461, "keyword": "evaluating cauchy indices"}, -{"id": 461, +{"id": 462, "keyword": "ground totality"}, -{"id": 462, +{"id": 463, "keyword": "generalizes sutherland"}, -{"id": 463, +{"id": 464, "keyword": "advanced algorithms"}, -{"id": 464, -"keyword": "word power"}, {"id": 465, +"keyword": "word power"}, +{"id": 466, "keyword": "information processing letters 29"}, -{"id": 466, -"keyword": "possibilistic information-flow security properties"}, {"id": 467, -"keyword": "stream fusion"}, +"keyword": "possibilistic information-flow security properties"}, {"id": 468, +"keyword": "stream fusion"}, +{"id": 469, "keyword": "general geometric facts"}, -{"id": 469, -"keyword": "efficient structures"}, {"id": 470, +"keyword": "efficient structures"}, +{"id": 471, "keyword": "concrete functors"}, -{"id": 471, -"keyword": "algebraic formalization end"}, {"id": 472, -"keyword": "lending funds"}, +"keyword": "algebraic formalization end"}, {"id": 473, +"keyword": "lending funds"}, +{"id": 474, "keyword": "sketches found"}, -{"id": 474, -"keyword": "benchmark problems"}, {"id": 475, -"keyword": "variable assignment"}, +"keyword": "benchmark problems"}, {"id": 476, +"keyword": "variable assignment"}, +{"id": 477, "keyword": "algorithm enumerating"}, -{"id": 477, +{"id": 478, "keyword": "previous afp article"}, -{"id": 478, +{"id": 479, "keyword": "representative dynamic programming problems"}, -{"id": 479, +{"id": 480, "keyword": "priority"}, -{"id": 480, +{"id": 481, "keyword": "andr platzer"}, -{"id": 481, +{"id": 482, "keyword": "adding observation instants"}, -{"id": 482, +{"id": 483, "keyword": "compiler optimization"}, -{"id": 483, +{"id": 484, "keyword": "nominal2 library"}, -{"id": 484, -"keyword": "finite automata"}, {"id": 485, +"keyword": "finite automata"}, +{"id": 486, "keyword": "abstract version"}, -{"id": 486, -"keyword": "proof details"}, {"id": 487, -"keyword": "programming languages"}, +"keyword": "proof details"}, {"id": 488, +"keyword": "programming languages"}, +{"id": 489, "keyword": "basic properties ndash"}, -{"id": 489, -"keyword": "taylor models"}, {"id": 490, +"keyword": "taylor models"}, +{"id": 491, "keyword": "starting point"}, -{"id": 491, -"keyword": "static single assignment form"}, {"id": 492, -"keyword": "randomized comb algorithm"}, +"keyword": "static single assignment form"}, {"id": 493, +"keyword": "randomized comb algorithm"}, +{"id": 494, "keyword": "collectively referred"}, -{"id": 494, -"keyword": "computes density functions"}, {"id": 495, -"keyword": "standard dolev-yao"}, +"keyword": "computes density functions"}, {"id": 496, +"keyword": "standard dolev-yao"}, +{"id": 497, "keyword": "isafor ceta project"}, -{"id": 497, +{"id": 498, "keyword": "relational model"}, -{"id": 498, +{"id": 499, "keyword": "deriving asymptotic estimates"}, -{"id": 499, +{"id": 500, "keyword": "clean offers conditionals"}, -{"id": 500, +{"id": 501, "keyword": "no-frills state-exception monad"}, -{"id": 501, +{"id": 502, "keyword": "search-time information"}, -{"id": 502, +{"id": 503, "keyword": "regular expressions extended"}, -{"id": 503, +{"id": 504, "keyword": "specific part"}, -{"id": 504, -"keyword": "breeders"}, {"id": 505, -"keyword": "classical geometric definitions"}, +"keyword": "breeders"}, {"id": 506, +"keyword": "classical geometric definitions"}, +{"id": 507, "keyword": "integration technique employs lex"}, -{"id": 507, +{"id": 508, "keyword": "bell numbers"}, -{"id": 508, +{"id": 509, "keyword": "pattern specifications"}, -{"id": 509, +{"id": 510, "keyword": "primitively corecursive-"}, -{"id": 510, +{"id": 511, "keyword": "tree automata apf-entry"}, -{"id": 511, +{"id": 512, "keyword": "detailed systematic study"}, -{"id": 512, +{"id": 513, "keyword": "compute roots"}, -{"id": 513, +{"id": 514, "keyword": "rational number"}, -{"id": 514, +{"id": 515, "keyword": "properties related"}, -{"id": 515, +{"id": 516, "keyword": "model compatibility"}, -{"id": 516, +{"id": 517, "keyword": "interactively find"}, -{"id": 517, -"keyword": "ben-ari ba12"}, {"id": 518, -"keyword": "difference bound matrices"}, +"keyword": "ben-ari ba12"}, {"id": 519, +"keyword": "difference bound matrices"}, +{"id": 520, "keyword": "object-oriented data-type theories generated"}, -{"id": 520, -"keyword": "benchmark scripts"}, {"id": 521, +"keyword": "benchmark scripts"}, +{"id": 522, "keyword": "field accesses"}, -{"id": 522, -"keyword": "enables users"}, {"id": 523, -"keyword": "semantic definitions"}, +"keyword": "enables users"}, {"id": 524, +"keyword": "semantic definitions"}, +{"id": 525, "keyword": "employs formal models"}, -{"id": 525, +{"id": 526, "keyword": "max-flow min-cut theorem"}, -{"id": 526, +{"id": 527, "keyword": "proof language"}, -{"id": 527, +{"id": 528, "keyword": "class hierarchies"}, -{"id": 528, +{"id": 529, "keyword": "determinization procedure"}, -{"id": 529, +{"id": 530, "keyword": "concurrent dynamic logics"}, -{"id": 530, +{"id": 531, "keyword": "pierre boutry"}, -{"id": 531, +{"id": 532, "keyword": "push-relabel algorithms"}, -{"id": 532, +{"id": 533, "keyword": "discrete probability distributions"}, -{"id": 533, +{"id": 534, "keyword": "afp entry"}, -{"id": 534, -"keyword": "multiple algebraic structures"}, {"id": 535, -"keyword": "cone text arg"}, +"keyword": "multiple algebraic structures"}, {"id": 536, +"keyword": "cone text arg"}, +{"id": 537, "keyword": "vector cross product"}, -{"id": 537, +{"id": 538, "keyword": "bounded-deducibility security"}, -{"id": 538, +{"id": 539, "keyword": "machine-checked text annex"}, -{"id": 539, +{"id": 540, "keyword": "executable density compiler"}, -{"id": 540, +{"id": 541, "keyword": "difference sets"}, -{"id": 541, +{"id": 542, "keyword": "counter-free automata"}, -{"id": 542, +{"id": 543, "keyword": "number theoretic transform"}, -{"id": 543, +{"id": 544, "keyword": "paper mechanising turing machines"}, -{"id": 544, -"keyword": "formalization reveals"}, {"id": 545, -"keyword": "involve regular expressions"}, +"keyword": "formalization reveals"}, {"id": 546, +"keyword": "involve regular expressions"}, +{"id": 547, "keyword": "chosen memory model"}, -{"id": 547, +{"id": 548, "keyword": "automated circuit verification"}, -{"id": 548, +{"id": 549, "keyword": "taylor expansions"}, -{"id": 549, +{"id": 550, "keyword": "infinite derivation trees"}, -{"id": 550, +{"id": 551, "keyword": "instance---many-sorted fol"}, -{"id": 551, +{"id": 552, "keyword": "entailment- minimal"}, -{"id": 552, +{"id": 553, "keyword": "theories reasoning"}, -{"id": 553, +{"id": 554, "keyword": "proof method casify"}, -{"id": 554, +{"id": 555, "keyword": "stationary distributions"}, -{"id": 555, +{"id": 556, "keyword": "severe limitation"}, -{"id": 556, +{"id": 557, "keyword": "lies strictly"}, -{"id": 557, -"keyword": "application areas"}, {"id": 558, -"keyword": "strongly connected components"}, +"keyword": "application areas"}, {"id": 559, +"keyword": "strongly connected components"}, +{"id": 560, "keyword": "initial segment condition"}, -{"id": 560, -"keyword": "locally ringed space"}, {"id": 561, +"keyword": "locally ringed space"}, +{"id": 562, "keyword": "maclaurin summation formula"}, -{"id": 562, -"keyword": "karel hrbacek"}, {"id": 563, -"keyword": "underlying ideas"}, +"keyword": "karel hrbacek"}, {"id": 564, +"keyword": "underlying ideas"}, +{"id": 565, "keyword": "fundamental subspaces"}, -{"id": 565, +{"id": 566, "keyword": "notable result"}, -{"id": 566, +{"id": 567, "keyword": "1 infty left"}, -{"id": 567, +{"id": 568, "keyword": "multiple goods"}, -{"id": 568, +{"id": 569, "keyword": "lehmer test"}, -{"id": 569, +{"id": 570, "keyword": "kepler conjecture"}, -{"id": 570, +{"id": 571, "keyword": "rely-guarantee-style reasoning"}, -{"id": 571, +{"id": 572, "keyword": "elegant encoding"}, -{"id": 572, +{"id": 573, "keyword": "require"}, -{"id": 573, +{"id": 574, "keyword": "proof assistant"}, -{"id": 574, +{"id": 575, "keyword": "transfer package"}, -{"id": 575, +{"id": 576, "keyword": "higher-order logic"}, -{"id": 576, +{"id": 577, "keyword": "case studies"}, -{"id": 577, -"keyword": "lp spaces"}, {"id": 578, -"keyword": "pctl formulas"}, +"keyword": "lp spaces"}, {"id": 579, +"keyword": "pctl formulas"}, +{"id": 580, "keyword": "program traces"}, -{"id": 580, -"keyword": "resolution calculus"}, {"id": 581, +"keyword": "resolution calculus"}, +{"id": 582, "keyword": "standard construction"}, -{"id": 582, -"keyword": "first-order terms"}, {"id": 583, -"keyword": "generate code"}, +"keyword": "first-order terms"}, {"id": 584, +"keyword": "generate code"}, +{"id": 585, "keyword": "public output ports"}, -{"id": 585, +{"id": 586, "keyword": "excluding center selection"}, -{"id": 586, +{"id": 587, "keyword": "implementation relates pointer-based computation"}, -{"id": 587, -"keyword": "flow-sensitive type system"}, {"id": 588, -"keyword": "fitting theory"}, +"keyword": "flow-sensitive type system"}, {"id": 589, +"keyword": "fitting theory"}, +{"id": 590, "keyword": "basic algebraic properties"}, -{"id": 590, -"keyword": "predicate taking"}, {"id": 591, +"keyword": "predicate taking"}, +{"id": 592, "keyword": "dataflow paradigm"}, -{"id": 592, -"keyword": "permissions held"}, {"id": 593, -"keyword": "arbitrary nominal sets"}, +"keyword": "permissions held"}, {"id": 594, +"keyword": "arbitrary nominal sets"}, +{"id": 595, "keyword": "correctness theorems"}, -{"id": 595, -"keyword": "incoming edges"}, {"id": 596, -"keyword": "input infinite sequences"}, +"keyword": "incoming edges"}, {"id": 597, +"keyword": "input infinite sequences"}, +{"id": 598, "keyword": "klein nicta"}, -{"id": 598, +{"id": 599, "keyword": "manual approach"}, -{"id": 599, +{"id": 600, "keyword": "originally obtained"}, -{"id": 600, +{"id": 601, "keyword": "familiar first-order logic"}, -{"id": 601, +{"id": 602, "keyword": "game-hopping style advocated"}, -{"id": 602, +{"id": 603, "keyword": "reusable building blocks"}, -{"id": 603, +{"id": 604, "keyword": "common factors"}, -{"id": 604, +{"id": 605, "keyword": "reduction step"}, -{"id": 605, -"keyword": "perfect forward secrecy"}, {"id": 606, +"keyword": "perfect forward secrecy"}, +{"id": 607, "keyword": "full sequential fragment"}, -{"id": 607, -"keyword": "adapting larry paulson"}, {"id": 608, -"keyword": "termination techniques"}, +"keyword": "adapting larry paulson"}, {"id": 609, +"keyword": "termination techniques"}, +{"id": 610, "keyword": "large part"}, -{"id": 610, -"keyword": "generic diamond lemma reduction"}, {"id": 611, +"keyword": "generic diamond lemma reduction"}, +{"id": 612, "keyword": "produce uniformly smaller automata"}, -{"id": 612, -"keyword": "regular expression"}, {"id": 613, -"keyword": "afp entry focusstreamscasestudies-afp"}, +"keyword": "regular expression"}, {"id": 614, +"keyword": "afp entry focusstreamscasestudies-afp"}, +{"id": 615, "keyword": "runtime monitoring"}, -{"id": 615, +{"id": 616, "keyword": "quantum projective measurements"}, -{"id": 616, +{"id": 617, "keyword": "existing theories"}, -{"id": 617, -"keyword": "relational parametricity due"}, {"id": 618, -"keyword": "superposition calculus"}, +"keyword": "relational parametricity due"}, {"id": 619, +"keyword": "superposition calculus"}, +{"id": 620, "keyword": "version states"}, -{"id": 620, -"keyword": "calculate sign variations"}, {"id": 621, +"keyword": "calculate sign variations"}, +{"id": 622, "keyword": "extended real numbers form"}, -{"id": 622, -"keyword": "standard reduction path"}, {"id": 623, -"keyword": "meld operations"}, +"keyword": "standard reduction path"}, {"id": 624, +"keyword": "meld operations"}, +{"id": 625, "keyword": "json objects"}, -{"id": 625, +{"id": 626, "keyword": "rgen villadsen"}, -{"id": 626, +{"id": 627, "keyword": "partial binary operation"}, -{"id": 627, +{"id": 628, "keyword": "tuples satisfying"}, -{"id": 628, +{"id": 629, "keyword": "remaining computation"}, -{"id": 629, +{"id": 630, "keyword": "andrei popescu propose"}, -{"id": 630, +{"id": 631, "keyword": "standard definitions"}, -{"id": 631, +{"id": 632, "keyword": "call return"}, -{"id": 632, +{"id": 633, "keyword": "substantial background"}, -{"id": 633, +{"id": 634, "keyword": "girard-tait style logical relation"}, -{"id": 634, +{"id": 635, "keyword": "expressive logic"}, -{"id": 635, +{"id": 636, "keyword": "informal description"}, -{"id": 636, +{"id": 637, "keyword": "infinite trees branching"}, -{"id": 637, -"keyword": "regular languages"}, {"id": 638, -"keyword": "carmichael numbers"}, +"keyword": "regular languages"}, {"id": 639, +"keyword": "carmichael numbers"}, +{"id": 640, "keyword": "digit expansions"}, -{"id": 640, -"keyword": "famous invisible hand"}, {"id": 641, +"keyword": "famous invisible hand"}, +{"id": 642, "keyword": "javascript object notation"}, -{"id": 642, -"keyword": "public announcement logic"}, {"id": 643, -"keyword": "compute arbitrary primitive recursive"}, +"keyword": "public announcement logic"}, {"id": 644, +"keyword": "compute arbitrary primitive recursive"}, +{"id": 645, "keyword": "respective fundamental homomorphism theorems"}, -{"id": 645, +{"id": 646, "keyword": "practically successful method"}, -{"id": 646, +{"id": 647, "keyword": "up-closed sets"}, -{"id": 647, +{"id": 648, "keyword": "edward zalta"}, -{"id": 648, +{"id": 649, "keyword": "generalized recurrence"}, -{"id": 649, +{"id": 650, "keyword": "equivalence kernels"}, -{"id": 650, +{"id": 651, "keyword": "real gamma function gamma"}, -{"id": 651, +{"id": 652, "keyword": "british imperial system"}, -{"id": 652, +{"id": 653, "keyword": "comparing encodability criteria"}, -{"id": 653, +{"id": 654, "keyword": "arbitrary user-"}, -{"id": 654, +{"id": 655, "keyword": "constructor applications"}, -{"id": 655, +{"id": 656, "keyword": "analogous problem arises"}, -{"id": 656, +{"id": 657, "keyword": "expanding contracting intervals"}, -{"id": 657, -"keyword": "first-order parameters"}, {"id": 658, -"keyword": "abortable linearizable module automaton"}, +"keyword": "first-order parameters"}, {"id": 659, +"keyword": "abortable linearizable module automaton"}, +{"id": 660, "keyword": "syntactic multiplication"}, -{"id": 660, -"keyword": "symmetric directed graphs"}, {"id": 661, +"keyword": "symmetric directed graphs"}, +{"id": 662, "keyword": "cava automata library"}, -{"id": 662, -"keyword": "higher-order frequency moments"}, {"id": 663, -"keyword": "fusible list functions"}, +"keyword": "higher-order frequency moments"}, {"id": 664, +"keyword": "fusible list functions"}, +{"id": 665, "keyword": "nash-williams discovered"}, -{"id": 665, +{"id": 666, "keyword": "equivalence proofs"}, -{"id": 666, +{"id": 667, "keyword": "regular algebras axiomatise"}, -{"id": 667, -"keyword": "efficient data structure combining"}, {"id": 668, -"keyword": "distributed systems specification"}, +"keyword": "efficient data structure combining"}, {"id": 669, +"keyword": "distributed systems specification"}, +{"id": 670, "keyword": "total recursive functions"}, -{"id": 670, -"keyword": "complete formalisation"}, {"id": 671, +"keyword": "complete formalisation"}, +{"id": 672, "keyword": "inductive definition"}, -{"id": 672, -"keyword": "cohen posets"}, {"id": 673, -"keyword": "standard system"}, +"keyword": "cohen posets"}, {"id": 674, +"keyword": "standard system"}, +{"id": 675, "keyword": "wide range"}, -{"id": 675, -"keyword": "nominal"}, {"id": 676, -"keyword": "ongoing development"}, +"keyword": "nominal"}, {"id": 677, +"keyword": "ongoing development"}, +{"id": 678, "keyword": "concrete logics satisfying"}, -{"id": 678, +{"id": 679, "keyword": "efficient implementation"}, -{"id": 679, +{"id": 680, "keyword": "ribbon proofs"}, -{"id": 680, +{"id": 681, "keyword": "mechanised proofs"}, -{"id": 681, +{"id": 682, "keyword": "test check"}, -{"id": 682, +{"id": 683, "keyword": "inverse limit"}, -{"id": 683, +{"id": 684, "keyword": "original quantifier elimination algorithm"}, -{"id": 684, +{"id": 685, "keyword": "abc"}, -{"id": 685, -"keyword": "lend money"}, {"id": 686, +"keyword": "lend money"}, +{"id": 687, "keyword": "symmetric cases"}, -{"id": 687, -"keyword": "verify purely functional"}, {"id": 688, -"keyword": "hyperdual numbers"}, +"keyword": "verify purely functional"}, {"id": 689, +"keyword": "hyperdual numbers"}, +{"id": 690, "keyword": "discrete fourier transform"}, -{"id": 690, -"keyword": "forward data packets"}, {"id": 691, +"keyword": "forward data packets"}, +{"id": 692, "keyword": "application consumes potential"}, -{"id": 692, -"keyword": "second-order derivation"}, {"id": 693, -"keyword": "special functions"}, +"keyword": "second-order derivation"}, {"id": 694, +"keyword": "special functions"}, +{"id": 695, "keyword": "initial conversion"}, -{"id": 695, +{"id": 696, "keyword": "hol formalization refines"}, -{"id": 696, +{"id": 697, "keyword": "eliminates duplicate prime factors"}, -{"id": 697, -"keyword": "explicit formula"}, {"id": 698, -"keyword": "eventually achieve"}, +"keyword": "explicit formula"}, {"id": 699, +"keyword": "eventually achieve"}, +{"id": 700, "keyword": "non-negative real"}, -{"id": 700, -"keyword": "deterministic minsky machine"}, {"id": 701, +"keyword": "deterministic minsky machine"}, +{"id": 702, "keyword": "graph properties expressed"}, -{"id": 702, -"keyword": "dom standard"}, {"id": 703, -"keyword": "high school"}, +"keyword": "dom standard"}, {"id": 704, +"keyword": "high school"}, +{"id": 705, "keyword": "dnf-based non-elementary algorithm"}, -{"id": 705, +{"id": 706, "keyword": "fast sat solver"}, -{"id": 706, +{"id": 707, "keyword": "coalgebraic literature"}, -{"id": 707, -"keyword": "generalisation bnfcc"}, {"id": 708, -"keyword": "vector space"}, +"keyword": "generalisation bnfcc"}, {"id": 709, +"keyword": "vector space"}, +{"id": 710, "keyword": "lll basis reduction algorithm"}, -{"id": 710, -"keyword": "comte de buffon posed"}, {"id": 711, +"keyword": "comte de buffon posed"}, +{"id": 712, "keyword": "confidentiality properties"}, -{"id": 712, -"keyword": "defining functors"}, {"id": 713, -"keyword": "prod limits_"}, +"keyword": "defining functors"}, {"id": 714, +"keyword": "prod limits_"}, +{"id": 715, "keyword": "binary orthogonality"}, -{"id": 715, -"keyword": "union concatenation"}, {"id": 716, -"keyword": "substantial set"}, +"keyword": "union concatenation"}, {"id": 717, +"keyword": "substantial set"}, +{"id": 718, "keyword": "von lindemann"}, -{"id": 718, +{"id": 719, "keyword": "proof tool"}, -{"id": 719, +{"id": 720, "keyword": "modulo operation"}, -{"id": 720, +{"id": 721, "keyword": "path"}, -{"id": 721, +{"id": 722, "keyword": "document corresponds"}, -{"id": 722, +{"id": 723, "keyword": "gps satellite"}, -{"id": 723, +{"id": 724, "keyword": "publication forthcoming"}, -{"id": 724, +{"id": 725, "keyword": "behavioral aspects"}, -{"id": 725, -"keyword": "graph- transformation based method"}, {"id": 726, +"keyword": "graph- transformation based method"}, +{"id": 727, "keyword": "odd-set cover"}, -{"id": 727, -"keyword": "classical algorithms"}, {"id": 728, -"keyword": "proofs involving linear algebra"}, +"keyword": "classical algorithms"}, {"id": 729, +"keyword": "proofs involving linear algebra"}, +{"id": 730, "keyword": "years formal verification"}, -{"id": 730, -"keyword": "simulation code generation"}, {"id": 731, +"keyword": "simulation code generation"}, +{"id": 732, "keyword": "geodesic triangles"}, -{"id": 732, -"keyword": "present interpretations"}, {"id": 733, -"keyword": "extending previous results applying"}, +"keyword": "present interpretations"}, {"id": 734, +"keyword": "extending previous results applying"}, +{"id": 735, "keyword": "cav 2013 paper"}, -{"id": 735, -"keyword": "k-universal hash family"}, {"id": 736, -"keyword": "revision 6081d5be8d08"}, +"keyword": "k-universal hash family"}, {"id": 737, +"keyword": "revision 6081d5be8d08"}, +{"id": 738, "keyword": "boolean connectives"}, -{"id": 738, +{"id": 739, "keyword": "verification condition generators producing"}, -{"id": 739, +{"id": 740, "keyword": "lattice-theoretic concepts"}, -{"id": 740, +{"id": 741, "keyword": "generic instantiation based"}, -{"id": 741, +{"id": 742, "keyword": "communication channels"}, -{"id": 742, +{"id": 743, "keyword": "sufficiently nice sdss"}, -{"id": 743, +{"id": 744, "keyword": "proof applies"}, -{"id": 744, +{"id": 745, "keyword": "couple small"}, -{"id": 745, -"keyword": "additive combinatorics due"}, {"id": 746, -"keyword": "representable bounds"}, +"keyword": "additive combinatorics due"}, {"id": 747, +"keyword": "representable bounds"}, +{"id": 748, "keyword": "textbook modal logic"}, -{"id": 748, +{"id": 749, "keyword": "relational program logics"}, -{"id": 749, +{"id": 750, "keyword": "formal words"}, -{"id": 750, +{"id": 751, "keyword": "command mk_ide enables"}, -{"id": 751, +{"id": 752, "keyword": "inventory management"}, -{"id": 752, +{"id": 753, "keyword": "generalised rewriting"}, -{"id": 753, +{"id": 754, "keyword": "enhanced interleaves predicate turns"}, -{"id": 754, +{"id": 755, "keyword": "call risk-free loan"}, -{"id": 755, +{"id": 756, "keyword": "cotangent spaces"}, -{"id": 756, +{"id": 757, "keyword": "simple exercises"}, -{"id": 757, +{"id": 758, "keyword": "induction hypothesis"}, -{"id": 758, -"keyword": "real-world computer networks"}, {"id": 759, +"keyword": "real-world computer networks"}, +{"id": 760, "keyword": "additional relations"}, -{"id": 760, +{"id": 761, "keyword": "combine stepwise refinement"}, -{"id": 761, +{"id": 762, "keyword": "logical foundation"}, -{"id": 762, +{"id": 763, "keyword": "nearest shadow root"}, -{"id": 763, +{"id": 764, "keyword": "asynchronously communicating nodes"}, -{"id": 764, +{"id": 765, "keyword": "introducing constructor functions"}, -{"id": 765, +{"id": 766, "keyword": "newly detected states"}, -{"id": 766, -"keyword": "presented variants increase"}, {"id": 767, +"keyword": "presented variants increase"}, +{"id": 768, "keyword": "divide conquer algorithms"}, -{"id": 768, -"keyword": "classical extensional mereology"}, {"id": 769, -"keyword": "quantified non-classical logics"}, +"keyword": "classical extensional mereology"}, {"id": 770, +"keyword": "quantified non-classical logics"}, +{"id": 771, "keyword": "usual definitions"}, -{"id": 771, -"keyword": "foundation presented"}, {"id": 772, +"keyword": "foundation presented"}, +{"id": 773, "keyword": "incidence set systems"}, -{"id": 773, -"keyword": "jacobi symbol"}, {"id": 774, -"keyword": "verification components"}, +"keyword": "jacobi symbol"}, {"id": 775, +"keyword": "verification components"}, +{"id": 776, "keyword": "system"}, -{"id": 776, +{"id": 777, "keyword": "counts distinct real roots"}, -{"id": 777, +{"id": 778, "keyword": "language primitives"}, -{"id": 778, -"keyword": "classical logic"}, {"id": 779, -"keyword": "formal protocol verification"}, +"keyword": "classical logic"}, {"id": 780, +"keyword": "formal protocol verification"}, +{"id": 781, "keyword": "entry genclock"}, -{"id": 781, -"keyword": "inlines function application"}, {"id": 782, +"keyword": "inlines function application"}, +{"id": 783, "keyword": "positive llists"}, -{"id": 783, -"keyword": "full classical propositional logic"}, {"id": 784, -"keyword": "imperative programming languages"}, +"keyword": "full classical propositional logic"}, {"id": 785, +"keyword": "imperative programming languages"}, +{"id": 786, "keyword": "dynamical systems"}, -{"id": 786, +{"id": 787, "keyword": "arbitrary transition systems"}, -{"id": 787, +{"id": 788, "keyword": "induced maps"}, -{"id": 788, +{"id": 789, "keyword": "info research codegen"}, -{"id": 789, +{"id": 790, "keyword": "monitoring tools"}, -{"id": 790, +{"id": 791, "keyword": "functional languages"}, -{"id": 791, +{"id": 792, "keyword": "strong nullstellensatz"}, -{"id": 792, +{"id": 793, "keyword": "stateful network implementation"}, -{"id": 793, +{"id": 794, "keyword": "development concludes"}, -{"id": 794, +{"id": 795, "keyword": "hyperbolic geometry"}, -{"id": 795, +{"id": 796, "keyword": "strongest postconditions based"}, -{"id": 796, +{"id": 797, "keyword": "cade 28 paper"}, -{"id": 797, +{"id": 798, "keyword": "called complete sets"}, -{"id": 798, -"keyword": "jordan curve theorem"}, {"id": 799, -"keyword": "preliminary version"}, +"keyword": "jordan curve theorem"}, {"id": 800, +"keyword": "preliminary version"}, +{"id": 801, "keyword": "core operations"}, -{"id": 801, -"keyword": "fixed arguments"}, {"id": 802, +"keyword": "fixed arguments"}, +{"id": 803, "keyword": "satisfying assignment"}, -{"id": 803, -"keyword": "b_n"}, {"id": 804, -"keyword": "bilinear dominance"}, +"keyword": "b_n"}, {"id": 805, +"keyword": "bilinear dominance"}, +{"id": 806, "keyword": "model reactive systems"}, -{"id": 806, +{"id": 807, "keyword": "target language features"}, -{"id": 807, +{"id": 808, "keyword": "social decision schemes"}, -{"id": 808, +{"id": 809, "keyword": "okamoto sigma-protocols"}, -{"id": 809, +{"id": 810, "keyword": "squares euclid"}, -{"id": 810, +{"id": 811, "keyword": "celebrated theorem"}, -{"id": 811, +{"id": 812, "keyword": "girard newton theorem"}, -{"id": 812, +{"id": 813, "keyword": "yoneda embedding preserves limits"}, -{"id": 813, +{"id": 814, "keyword": "behavior traces"}, -{"id": 814, +{"id": 815, "keyword": "avoid correctness issues"}, -{"id": 815, +{"id": 816, "keyword": "magic wand mathbin"}, -{"id": 816, +{"id": 817, "keyword": "argument functions"}, -{"id": 817, +{"id": 818, "keyword": "stream types"}, -{"id": 818, -"keyword": "original operational semantics"}, {"id": 819, -"keyword": "reduction conformance relations"}, +"keyword": "original operational semantics"}, {"id": 820, +"keyword": "reduction conformance relations"}, +{"id": 821, "keyword": "heap operations"}, -{"id": 821, -"keyword": "64-bit bases"}, {"id": 822, +"keyword": "64-bit bases"}, +{"id": 823, "keyword": "coupled simulation versus bisimulation"}, -{"id": 823, -"keyword": "unified policy framework"}, {"id": 824, -"keyword": "configuration trace"}, +"keyword": "unified policy framework"}, {"id": 825, +"keyword": "configuration trace"}, +{"id": 826, "keyword": "pen-and-paper analysis"}, -{"id": 826, +{"id": 827, "keyword": "definite initialisation analysis"}, -{"id": 827, +{"id": 828, "keyword": "complex plane"}, -{"id": 828, -"keyword": "galois theory"}, {"id": 829, -"keyword": "weak nullstellensatz"}, +"keyword": "galois theory"}, {"id": 830, +"keyword": "weak nullstellensatz"}, +{"id": 831, "keyword": "standard logistic function"}, -{"id": 831, -"keyword": "state-of-the-art automated protocol verifiers"}, {"id": 832, +"keyword": "state-of-the-art automated protocol verifiers"}, +{"id": 833, "keyword": "generate efficient code"}, -{"id": 833, -"keyword": "modal logics"}, {"id": 834, -"keyword": "syntactic context"}, +"keyword": "modal logics"}, {"id": 835, +"keyword": "syntactic context"}, +{"id": 836, "keyword": "resulting generalized counting sort"}, -{"id": 836, -"keyword": "special care"}, {"id": 837, -"keyword": "volume proofs"}, +"keyword": "special care"}, {"id": 838, +"keyword": "volume proofs"}, +{"id": 839, "keyword": "failed proof"}, -{"id": 839, +{"id": 840, "keyword": "individual computing nodes"}, -{"id": 840, +{"id": 841, "keyword": "recursive path order"}, -{"id": 841, +{"id": 842, "keyword": "reachable states"}, -{"id": 842, +{"id": 843, "keyword": "equivalent versions"}, -{"id": 843, +{"id": 844, "keyword": "closed finite games"}, -{"id": 844, +{"id": 845, "keyword": "generalised form"}, -{"id": 845, +{"id": 846, "keyword": "proposed under-approximate logics"}, -{"id": 846, -"keyword": "handle incidence relations"}, {"id": 847, +"keyword": "handle incidence relations"}, +{"id": 848, "keyword": "machine-assisted proof"}, -{"id": 848, -"keyword": "group representation"}, {"id": 849, -"keyword": "frame rule"}, +"keyword": "group representation"}, {"id": 850, +"keyword": "frame rule"}, +{"id": 851, "keyword": "proof document supports"}, -{"id": 851, -"keyword": "amortized complexity"}, {"id": 852, +"keyword": "amortized complexity"}, +{"id": 853, "keyword": "assertion failure"}, -{"id": 853, -"keyword": "regular expressions needed"}, {"id": 854, -"keyword": "n2m operation"}, +"keyword": "regular expressions needed"}, {"id": 855, +"keyword": "n2m operation"}, +{"id": 856, "keyword": "abstract compiler working"}, -{"id": 856, +{"id": 857, "keyword": "dra targets similar applications"}, -{"id": 857, +{"id": 858, "keyword": "certify termination proofs"}, -{"id": 858, -"keyword": "failures model"}, {"id": 859, -"keyword": "resource bound"}, +"keyword": "failures model"}, {"id": 860, +"keyword": "resource bound"}, +{"id": 861, "keyword": "probabilistic systems"}, -{"id": 861, -"keyword": "infinite behavior traces"}, {"id": 862, +"keyword": "infinite behavior traces"}, +{"id": 863, "keyword": "finiteness assumptions"}, -{"id": 863, -"keyword": "gps receiver"}, {"id": 864, -"keyword": "proof theory enables application"}, +"keyword": "gps receiver"}, {"id": 865, +"keyword": "proof theory enables application"}, +{"id": 866, "keyword": "longer valid"}, -{"id": 866, +{"id": 867, "keyword": "separation kernels"}, -{"id": 867, +{"id": 868, "keyword": "in-place heapsort"}, -{"id": 868, -"keyword": "result due"}, {"id": 869, -"keyword": "clause loop"}, +"keyword": "result due"}, {"id": 870, +"keyword": "clause loop"}, +{"id": 871, "keyword": "register aliasing"}, -{"id": 871, -"keyword": "recursive formalization"}, {"id": 872, +"keyword": "recursive formalization"}, +{"id": 873, "keyword": "revision functions launches"}, -{"id": 873, -"keyword": "extensible library"}, {"id": 874, -"keyword": "master theorem based"}, +"keyword": "extensible library"}, {"id": 875, +"keyword": "master theorem based"}, +{"id": 876, "keyword": "refinement type systems"}, -{"id": 876, -"keyword": "generic abstract interpreter"}, {"id": 877, -"keyword": "proof relies"}, +"keyword": "generic abstract interpreter"}, {"id": 878, +"keyword": "proof relies"}, +{"id": 879, "keyword": "quantum hoare logic"}, -{"id": 879, +{"id": 880, "keyword": "haskell tool called fffuu"}, -{"id": 880, +{"id": 881, "keyword": "recursion theorems"}, -{"id": 881, +{"id": 882, "keyword": "relation algebras equipped"}, -{"id": 882, +{"id": 883, "keyword": "prefix length"}, -{"id": 883, +{"id": 884, "keyword": "balanced nature"}, -{"id": 884, +{"id": 885, "keyword": "key component"}, -{"id": 885, +{"id": 886, "keyword": "article attempts"}, -{"id": 886, -"keyword": "heuristics automatically pick"}, {"id": 887, +"keyword": "heuristics automatically pick"}, +{"id": 888, "keyword": "instruction set architecture"}, -{"id": 888, -"keyword": "hol light formalization"}, {"id": 889, -"keyword": "tauberian theorem"}, +"keyword": "hol light formalization"}, {"id": 890, +"keyword": "tauberian theorem"}, +{"id": 891, "keyword": "domain-specific languages"}, -{"id": 891, -"keyword": "code generation"}, {"id": 892, +"keyword": "code generation"}, +{"id": 893, "keyword": "combinatorial optimisation"}, -{"id": 893, -"keyword": "isafol isafol authors"}, {"id": 894, -"keyword": "providing sequential composition"}, +"keyword": "isafol isafol authors"}, {"id": 895, +"keyword": "providing sequential composition"}, +{"id": 896, "keyword": "complex numbers"}, -{"id": 896, -"keyword": "afp"}, {"id": 897, -"keyword": "dominated terms"}, +"keyword": "afp"}, {"id": 898, +"keyword": "dominated terms"}, +{"id": 899, "keyword": "maximal normal subgroups"}, -{"id": 899, +{"id": 900, "keyword": "pseudonatural transformations"}, -{"id": 900, +{"id": 901, "keyword": "short outline"}, -{"id": 901, +{"id": 902, "keyword": "fixed lexicographical order"}, -{"id": 902, +{"id": 903, "keyword": "coq proof assistant"}, -{"id": 903, +{"id": 904, "keyword": "echelon form afp entry"}, -{"id": 904, +{"id": 905, "keyword": "implicit flows"}, -{"id": 905, +{"id": 906, "keyword": "time complexity"}, -{"id": 906, -"keyword": "integer keys"}, {"id": 907, -"keyword": "personal byzantine quorum systems"}, +"keyword": "integer keys"}, {"id": 908, +"keyword": "personal byzantine quorum systems"}, +{"id": 909, "keyword": "highly non-elementary mathematical tools"}, -{"id": 909, +{"id": 910, "keyword": "rivest commitment schemes"}, -{"id": 910, +{"id": 911, "keyword": "pairs consisting"}, -{"id": 911, +{"id": 912, "keyword": "potential breaks"}, -{"id": 912, +{"id": 913, "keyword": "json encoded data"}, -{"id": 913, +{"id": 914, "keyword": "partial derivatives"}, -{"id": 914, +{"id": 915, "keyword": "approach preservers"}, -{"id": 915, +{"id": 916, "keyword": "glibc strlen function"}, -{"id": 916, +{"id": 917, "keyword": "discrete-time markov chains"}, -{"id": 917, +{"id": 918, "keyword": "categorical predicate transformers implement"}, -{"id": 918, +{"id": 919, "keyword": "esop 2016 paper"}, -{"id": 919, -"keyword": "org jasmin_blanchette isafol"}, {"id": 920, +"keyword": "org jasmin_blanchette isafol"}, +{"id": 921, "keyword": "pseudo-random functions"}, -{"id": 921, +{"id": 922, "keyword": "ivana vukotic"}, -{"id": 922, +{"id": 923, "keyword": "academic press"}, -{"id": 923, +{"id": 924, "keyword": "unverified ssa construction algorithm"}, -{"id": 924, +{"id": 925, "keyword": "complex plane extended"}, -{"id": 925, +{"id": 926, "keyword": "dynamic method invocation"}, -{"id": 926, +{"id": 927, "keyword": "stable property detection"}, -{"id": 927, -"keyword": "simpler problem"}, {"id": 928, +"keyword": "simpler problem"}, +{"id": 929, "keyword": "cnf formulae"}, -{"id": 929, -"keyword": "certified dictionary translation"}, {"id": 930, -"keyword": "combinatorics"}, +"keyword": "certified dictionary translation"}, {"id": 931, +"keyword": "combinatorics"}, +{"id": 932, "keyword": "occurrence counts"}, -{"id": 932, -"keyword": "cava model checker"}, {"id": 933, +"keyword": "cava model checker"}, +{"id": 934, "keyword": "formalization"}, -{"id": 934, -"keyword": "popular notion"}, {"id": 935, -"keyword": "splay trees"}, +"keyword": "popular notion"}, {"id": 936, +"keyword": "splay trees"}, +{"id": 937, "keyword": "stepwise refinement techniques"}, -{"id": 937, +{"id": 938, "keyword": "additional operations"}, -{"id": 938, +{"id": 939, "keyword": "euclidean axiom"}, -{"id": 939, -"keyword": "program representation"}, {"id": 940, -"keyword": "simultaneously empowering end hosts"}, +"keyword": "program representation"}, {"id": 941, +"keyword": "simultaneously empowering end hosts"}, +{"id": 942, "keyword": "space complexity guarantees"}, -{"id": 942, -"keyword": "noninterference theorem"}, {"id": 943, +"keyword": "noninterference theorem"}, +{"id": 944, "keyword": "data flow analyser"}, -{"id": 944, -"keyword": "extent differs"}, {"id": 945, -"keyword": "upper triangular"}, +"keyword": "extent differs"}, {"id": 946, +"keyword": "upper triangular"}, +{"id": 947, "keyword": "lifting function application"}, -{"id": 947, +{"id": 948, "keyword": "mapping regular expressions"}, -{"id": 948, +{"id": 949, "keyword": "complicated solution"}, -{"id": 949, -"keyword": "pen-and-paper counterpart"}, {"id": 950, -"keyword": "uiuc"}, +"keyword": "pen-and-paper counterpart"}, {"id": 951, +"keyword": "uiuc"}, +{"id": 952, "keyword": "additional extensions"}, -{"id": 952, -"keyword": "explicit expression"}, {"id": 953, +"keyword": "explicit expression"}, +{"id": 954, "keyword": "bounds due"}, -{"id": 954, -"keyword": "divisor function"}, {"id": 955, -"keyword": "important role"}, +"keyword": "divisor function"}, {"id": 956, +"keyword": "important role"}, +{"id": 957, "keyword": "sequential java bytecode"}, -{"id": 957, -"keyword": "executable functional implementation"}, {"id": 958, -"keyword": "dense linear orders"}, +"keyword": "executable functional implementation"}, {"id": 959, +"keyword": "dense linear orders"}, +{"id": 960, "keyword": "basic forward analysis operations"}, -{"id": 960, +{"id": 961, "keyword": "detecting rectangle intersection"}, -{"id": 961, +{"id": 962, "keyword": "direct subsumption"}, -{"id": 962, +{"id": 963, "keyword": "semantic interpretation"}, -{"id": 963, +{"id": 964, "keyword": "words lexicographically minimal"}, -{"id": 964, +{"id": 965, "keyword": "standard laws"}, -{"id": 965, +{"id": 966, "keyword": "analytic number theory"}, -{"id": 966, +{"id": 967, "keyword": "symbolic computations"}, -{"id": 967, -"keyword": "decision type"}, {"id": 968, +"keyword": "decision type"}, +{"id": 969, "keyword": "proving correctness"}, -{"id": 969, -"keyword": "compute fair prices"}, {"id": 970, -"keyword": "presented work"}, +"keyword": "compute fair prices"}, {"id": 971, +"keyword": "presented work"}, +{"id": 972, "keyword": "fully executable solver"}, -{"id": 972, -"keyword": "easily adapted"}, {"id": 973, +"keyword": "easily adapted"}, +{"id": 974, "keyword": "process control"}, -{"id": 974, -"keyword": "executable sequent calculus prover"}, {"id": 975, -"keyword": "quantum information theory"}, +"keyword": "executable sequent calculus prover"}, {"id": 976, +"keyword": "quantum information theory"}, +{"id": 977, "keyword": "formally verified abstract account"}, -{"id": 977, -"keyword": "successfully analyzed threads satisfies"}, {"id": 978, -"keyword": "initial segment"}, +"keyword": "successfully analyzed threads satisfies"}, {"id": 979, +"keyword": "initial segment"}, +{"id": 980, "keyword": "alwen tiu"}, -{"id": 980, +{"id": 981, "keyword": "public ports"}, -{"id": 981, +{"id": 982, "keyword": "welfare economics holds"}, -{"id": 982, +{"id": 983, "keyword": "hol type system"}, -{"id": 983, +{"id": 984, "keyword": "non-negative solutions"}, -{"id": 984, +{"id": 985, "keyword": "abstract rewriting"}, -{"id": 985, +{"id": 986, "keyword": "distributed consensus"}, -{"id": 986, +{"id": 987, "keyword": "code equation"}, -{"id": 987, -"keyword": "generic push-relabel algorithm"}, {"id": 988, -"keyword": "induction rule"}, +"keyword": "generic push-relabel algorithm"}, {"id": 989, +"keyword": "induction rule"}, +{"id": 990, "keyword": "dijkstra"}, -{"id": 990, +{"id": 991, "keyword": "afp article monadification"}, -{"id": 991, +{"id": 992, "keyword": "linear order"}, -{"id": 992, +{"id": 993, "keyword": "fixed time-unit"}, -{"id": 993, +{"id": 994, "keyword": "real case"}, -{"id": 994, +{"id": 995, "keyword": "paper local lexing"}, -{"id": 995, +{"id": 996, "keyword": "5th postulate"}, -{"id": 996, +{"id": 997, "keyword": "key confirmation"}, -{"id": 997, +{"id": 998, "keyword": "well-understood low-level behavior"}, -{"id": 998, +{"id": 999, "keyword": "proof easily"}, -{"id": 999, +{"id": 1000, "keyword": "theorem prover ehdm"}, -{"id": 1000, -"keyword": "terms relevant"}, {"id": 1001, -"keyword": "json-encoded data"}, +"keyword": "terms relevant"}, {"id": 1002, +"keyword": "json-encoded data"}, +{"id": 1003, "keyword": "generic-deriving package"}, -{"id": 1003, -"keyword": "deep embedding approach"}, {"id": 1004, +"keyword": "deep embedding approach"}, +{"id": 1005, "keyword": "syntactic approximations imply"}, -{"id": 1005, -"keyword": "executable algorithms"}, {"id": 1006, -"keyword": "classical higher-order logic"}, +"keyword": "executable algorithms"}, {"id": 1007, +"keyword": "classical higher-order logic"}, +{"id": 1008, "keyword": "non-negative cost function"}, -{"id": 1008, +{"id": 1009, "keyword": "correctness claims"}, -{"id": 1009, +{"id": 1010, "keyword": "flexible set-based theorems"}, -{"id": 1010, +{"id": 1011, "keyword": "geocoq library"}, -{"id": 1011, +{"id": 1012, "keyword": "methodology chosen"}, -{"id": 1012, +{"id": 1013, "keyword": "previously break"}, -{"id": 1013, +{"id": 1014, "keyword": "identical sequence elements"}, -{"id": 1014, +{"id": 1015, "keyword": "structured isar proofs"}, -{"id": 1015, +{"id": 1016, "keyword": "countably infinite number"}, -{"id": 1016, +{"id": 1017, "keyword": "lebesgue-style integration plays"}, -{"id": 1017, -"keyword": "effect specifications"}, {"id": 1018, -"keyword": "atomic formulas"}, +"keyword": "effect specifications"}, {"id": 1019, +"keyword": "atomic formulas"}, +{"id": 1020, "keyword": "folder listinf"}, -{"id": 1020, +{"id": 1021, "keyword": "continuum hypothesis"}, -{"id": 1021, +{"id": 1022, "keyword": "execute programs"}, -{"id": 1022, +{"id": 1023, "keyword": "old_datatype command"}, -{"id": 1023, +{"id": 1024, "keyword": "formal laurent series"}, -{"id": 1024, +{"id": 1025, "keyword": "conditional expectation"}, -{"id": 1025, +{"id": 1026, "keyword": "latin rectangle"}, -{"id": 1026, +{"id": 1027, "keyword": "composite objects"}, -{"id": 1027, -"keyword": "application scenarios"}, {"id": 1028, -"keyword": "isar proof"}, +"keyword": "application scenarios"}, {"id": 1029, +"keyword": "isar proof"}, +{"id": 1030, "keyword": "stuttering equivalent"}, -{"id": 1030, +{"id": 1031, "keyword": "qualitative temporal representation"}, -{"id": 1031, +{"id": 1032, "keyword": "concrete program satisfies"}, -{"id": 1032, +{"id": 1033, "keyword": "vstte paper"}, -{"id": 1033, +{"id": 1034, "keyword": "regular identities"}, -{"id": 1034, +{"id": 1035, "keyword": "original linear program"}, -{"id": 1035, +{"id": 1036, "keyword": "natural deduction"}, -{"id": 1036, +{"id": 1037, "keyword": "designated root vertex"}, -{"id": 1037, +{"id": 1038, "keyword": "van emde boas tree"}, -{"id": 1038, +{"id": 1039, "keyword": "sylow p-subgroups"}, -{"id": 1039, +{"id": 1040, "keyword": "small classes"}, -{"id": 1040, -"keyword": "hermite normal form"}, {"id": 1041, -"keyword": "switching conveniently"}, +"keyword": "hermite normal form"}, {"id": 1042, +"keyword": "switching conveniently"}, +{"id": 1043, "keyword": "vdm-reminiscent partial-correctness specifications"}, -{"id": 1043, -"keyword": "bounded basic pseudo-hoops"}, {"id": 1044, +"keyword": "bounded basic pseudo-hoops"}, +{"id": 1045, "keyword": "region boundaries explicitly"}, -{"id": 1045, -"keyword": "georges-louis leclerc"}, {"id": 1046, -"keyword": "maximize reuse"}, +"keyword": "georges-louis leclerc"}, {"id": 1047, +"keyword": "maximize reuse"}, +{"id": 1048, "keyword": "mac lane"}, -{"id": 1048, +{"id": 1049, "keyword": "divergence kleene algebras"}, -{"id": 1049, +{"id": 1050, "keyword": "nominal style"}, -{"id": 1050, +{"id": 1051, "keyword": "lattice ordered groups"}, -{"id": 1051, +{"id": 1052, "keyword": "expected number"}, -{"id": 1052, +{"id": 1053, "keyword": "remainder terms"}, -{"id": 1053, +{"id": 1054, "keyword": "preliminaries chapter"}, -{"id": 1054, +{"id": 1055, "keyword": "confidentiality properties refer"}, -{"id": 1055, +{"id": 1056, "keyword": "executable type inference algorithm"}, -{"id": 1056, +{"id": 1057, "keyword": "infinitary version"}, -{"id": 1057, +{"id": 1058, "keyword": "state-space construction"}, -{"id": 1058, +{"id": 1059, "keyword": "maximal consistent set"}, -{"id": 1059, +{"id": 1060, "keyword": "software framework"}, -{"id": 1060, -"keyword": "filled rows"}, {"id": 1061, -"keyword": "magic wand"}, +"keyword": "filled rows"}, {"id": 1062, +"keyword": "magic wand"}, +{"id": 1063, "keyword": "choices"}, -{"id": 1063, -"keyword": "bernoulli numbers"}, {"id": 1064, +"keyword": "bernoulli numbers"}, +{"id": 1065, "keyword": "weak conjunction operator"}, -{"id": 1065, -"keyword": "called llist_topology"}, {"id": 1066, -"keyword": "lockstep models"}, +"keyword": "called llist_topology"}, {"id": 1067, +"keyword": "lockstep models"}, +{"id": 1068, "keyword": "type system restrictions"}, -{"id": 1068, +{"id": 1069, "keyword": "indistinguishable security"}, -{"id": 1069, +{"id": 1070, "keyword": "artificial intelligence"}, -{"id": 1070, -"keyword": "standard approach"}, {"id": 1071, -"keyword": "derived proof rules"}, +"keyword": "standard approach"}, {"id": 1072, +"keyword": "derived proof rules"}, +{"id": 1073, "keyword": "mathematical components"}, -{"id": 1073, -"keyword": "multiset-comparison problems"}, {"id": 1074, +"keyword": "multiset-comparison problems"}, +{"id": 1075, "keyword": "linear pass homomorphic application"}, -{"id": 1075, -"keyword": "planning tasks language"}, {"id": 1076, -"keyword": "dfs algorithm"}, +"keyword": "planning tasks language"}, {"id": 1077, +"keyword": "dfs algorithm"}, +{"id": 1078, "keyword": "arbitrary linearly-ordered integrity domains"}, -{"id": 1078, -"keyword": "smith normal form"}, {"id": 1079, -"keyword": "predicate identifies"}, +"keyword": "smith normal form"}, {"id": 1080, +"keyword": "predicate identifies"}, +{"id": 1081, "keyword": "reasoning stays"}, -{"id": 1081, +{"id": 1082, "keyword": "reducible control flow graph"}, -{"id": 1082, -"keyword": "present work"}, {"id": 1083, +"keyword": "present work"}, +{"id": 1084, "keyword": "omnipresent foundational errors"}, -{"id": 1084, -"keyword": "functional correctness"}, {"id": 1085, +"keyword": "functional correctness"}, +{"id": 1086, "keyword": "individual program behaviours"}, -{"id": 1086, -"keyword": "common special case"}, {"id": 1087, -"keyword": "afp entry dom_components"}, +"keyword": "common special case"}, {"id": 1088, +"keyword": "afp entry dom_components"}, +{"id": 1089, "keyword": "matryoshka website"}, -{"id": 1089, +{"id": 1090, +"keyword": "empirical evaluation"}, +{"id": 1091, "keyword": "mansky"}, -{"id": 1090, +{"id": 1092, "keyword": "seminal paper natural semantics"}, -{"id": 1091, +{"id": 1093, "keyword": "bytecode logic"}, -{"id": 1092, +{"id": 1094, "keyword": "accommodates partial functions"}, -{"id": 1093, +{"id": 1095, "keyword": "recursive datatype"}, -{"id": 1094, +{"id": 1096, "keyword": "channel protocols"}, -{"id": 1095, +{"id": 1097, "keyword": "locale eval lowbar"}, -{"id": 1096, +{"id": 1098, "keyword": "hand-written theory files"}, -{"id": 1097, -"keyword": "partial herbrand interpretations"}, -{"id": 1098, -"keyword": "formally verified model"}, {"id": 1099, -"keyword": "deletion condition"}, +"keyword": "partial herbrand interpretations"}, {"id": 1100, +"keyword": "formally verified model"}, +{"id": 1101, +"keyword": "deletion condition"}, +{"id": 1102, "keyword": "weak bisimilarity"}, -{"id": 1101, +{"id": 1103, "keyword": "security unwinding technique"}, -{"id": 1102, +{"id": 1104, "keyword": "negative real parts"}, -{"id": 1103, +{"id": 1105, "keyword": "linear real arithmetic"}, -{"id": 1104, +{"id": 1106, "keyword": "implicit reasoning steps"}, -{"id": 1105, +{"id": 1107, "keyword": "iterative versions"}, -{"id": 1106, +{"id": 1108, "keyword": "ab leq int_0"}, -{"id": 1107, -"keyword": "bernays-tarski axiom system"}, -{"id": 1108, -"keyword": "isoscele triangles"}, {"id": 1109, -"keyword": "euler ndash"}, +"keyword": "bernays-tarski axiom system"}, {"id": 1110, -"keyword": "afp entry bnf operations"}, +"keyword": "isoscele triangles"}, {"id": 1111, -"keyword": "verified virtual machines"}, +"keyword": "euler ndash"}, {"id": 1112, -"keyword": "general infinite processes"}, +"keyword": "afp entry bnf operations"}, {"id": 1113, -"keyword": "internal representation"}, +"keyword": "verified virtual machines"}, {"id": 1114, -"keyword": "concurrent programs"}, +"keyword": "general infinite processes"}, {"id": 1115, -"keyword": "generalized noninterference security"}, +"keyword": "interesting syntactic subclass"}, {"id": 1116, -"keyword": "varphi_i vee mathbf"}, +"keyword": "internal representation"}, {"id": 1117, -"keyword": "purely logical result yielding"}, +"keyword": "concurrent programs"}, {"id": 1118, -"keyword": "shallow semantical embeddings"}, +"keyword": "generalized noninterference security"}, {"id": 1119, -"keyword": "security statements"}, +"keyword": "varphi_i vee mathbf"}, {"id": 1120, +"keyword": "purely logical result yielding"}, +{"id": 1121, +"keyword": "shallow semantical embeddings"}, +{"id": 1122, +"keyword": "security statements"}, +{"id": 1123, "keyword": "euler-maclaurin formula relates"}, -{"id": 1121, +{"id": 1124, "keyword": "hol library"}, -{"id": 1122, +{"id": 1125, "keyword": "recursive enumerability"}, -{"id": 1123, +{"id": 1126, "keyword": "quantum programs"}, -{"id": 1124, +{"id": 1127, "keyword": "shallow embedding"}, -{"id": 1125, +{"id": 1128, "keyword": "safety policy"}, -{"id": 1126, -"keyword": "wider scope"}, -{"id": 1127, -"keyword": "basic classical properties"}, -{"id": 1128, -"keyword": "sufficient criterion"}, {"id": 1129, -"keyword": "concurrent reads"}, +"keyword": "wider scope"}, {"id": 1130, -"keyword": "symbolic execution"}, +"keyword": "basic classical properties"}, {"id": 1131, -"keyword": "message anonymity"}, +"keyword": "sufficient criterion"}, {"id": 1132, -"keyword": "epistemic logic theory"}, +"keyword": "concurrent reads"}, {"id": 1133, -"keyword": "detailed apply scripts"}, +"keyword": "symbolic execution"}, {"id": 1134, -"keyword": "preliminary evaluations"}, +"keyword": "message anonymity"}, {"id": 1135, -"keyword": "algebraic number executable"}, +"keyword": "epistemic logic theory"}, {"id": 1136, -"keyword": "correspondence theorem"}, +"keyword": "detailed apply scripts"}, {"id": 1137, -"keyword": "von neumann measurements"}, +"keyword": "preliminary evaluations"}, {"id": 1138, -"keyword": "interesting case study"}, +"keyword": "algebraic number executable"}, {"id": 1139, -"keyword": "compiler correctness proof shorter"}, +"keyword": "correspondence theorem"}, {"id": 1140, +"keyword": "von neumann measurements"}, +{"id": 1141, +"keyword": "interesting case study"}, +{"id": 1142, +"keyword": "compiler correctness proof shorter"}, +{"id": 1143, "keyword": "tolerate faults"}, -{"id": 1141, +{"id": 1144, "keyword": "morally questionable"}, -{"id": 1142, +{"id": 1145, "keyword": "gromov boundary"}, -{"id": 1143, +{"id": 1146, "keyword": "slicing based"}, -{"id": 1144, +{"id": 1147, "keyword": "interactive visual theorem prover"}, -{"id": 1145, +{"id": 1148, "keyword": "hol-algebra library"}, -{"id": 1146, -"keyword": "functional program"}, -{"id": 1147, -"keyword": "decision procedure toolkit"}, -{"id": 1148, -"keyword": "coordination"}, {"id": 1149, -"keyword": "trace set process"}, +"keyword": "functional program"}, {"id": 1150, +"keyword": "decision procedure toolkit"}, +{"id": 1151, +"keyword": "coordination"}, +{"id": 1152, +"keyword": "trace set process"}, +{"id": 1153, "keyword": "standard textbook version"}, -{"id": 1151, +{"id": 1154, "keyword": "timed automata"}, -{"id": 1152, +{"id": 1155, "keyword": "lsfa 2020 paper"}, -{"id": 1153, +{"id": 1156, "keyword": "data refinement framework"}, -{"id": 1154, +{"id": 1157, "keyword": "non-terminating executions"}, -{"id": 1155, +{"id": 1158, "keyword": "bius transformations"}, -{"id": 1156, +{"id": 1159, "keyword": "register refers"}, -{"id": 1157, +{"id": 1160, "keyword": "reactive systems"}, -{"id": 1158, +{"id": 1161, "keyword": "connecting algebraic varieties"}, -{"id": 1159, +{"id": 1162, "keyword": "algorithm meets schneider"}, -{"id": 1160, +{"id": 1163, "keyword": "successfully formalising"}, -{"id": 1161, +{"id": 1164, "keyword": "specialized sliding window algorithm"}, -{"id": 1162, -"keyword": "stuttering invariance central"}, -{"id": 1163, -"keyword": "arbitrary data"}, -{"id": 1164, -"keyword": "obtain liouville numbers"}, {"id": 1165, -"keyword": "tree boundaries set"}, +"keyword": "stuttering invariance central"}, {"id": 1166, -"keyword": "key agreement protocols"}, +"keyword": "arbitrary data"}, {"id": 1167, -"keyword": "recovering structure"}, +"keyword": "obtain liouville numbers"}, {"id": 1168, +"keyword": "tree boundaries set"}, +{"id": 1169, +"keyword": "key agreement protocols"}, +{"id": 1170, +"keyword": "recovering structure"}, +{"id": 1171, "keyword": "active research topic"}, -{"id": 1169, +{"id": 1172, "keyword": "proof rules indexed"}, -{"id": 1170, +{"id": 1173, "keyword": "algorithm tolerates"}, -{"id": 1171, +{"id": 1174, "keyword": "measuring angles"}, -{"id": 1172, +{"id": 1175, "keyword": "empty bst"}, -{"id": 1173, +{"id": 1176, "keyword": "reusing facts"}, -{"id": 1174, +{"id": 1177, "keyword": "remainder sequences"}, -{"id": 1175, +{"id": 1178, "keyword": "fully-featured compositional framework"}, -{"id": 1176, -"keyword": "order extension"}, -{"id": 1177, -"keyword": "practical purposes"}, -{"id": 1178, -"keyword": "dynamically typed programming languages"}, {"id": 1179, -"keyword": "matrix equation"}, +"keyword": "order extension"}, {"id": 1180, +"keyword": "practical purposes"}, +{"id": 1181, +"keyword": "dynamically typed programming languages"}, +{"id": 1182, +"keyword": "matrix equation"}, +{"id": 1183, "keyword": "substitute hybrid games"}, -{"id": 1181, +{"id": 1184, "keyword": "transition system"}, -{"id": 1182, +{"id": 1185, "keyword": "quantified modal logic kb"}, -{"id": 1183, +{"id": 1186, "keyword": "sorts objects"}, -{"id": 1184, +{"id": 1187, "keyword": "certified factorization algorithm"}, -{"id": 1185, +{"id": 1188, "keyword": "systems communication"}, -{"id": 1186, -"keyword": "framing conditions"}, -{"id": 1187, -"keyword": "completeness"}, -{"id": 1188, -"keyword": "astronomically huge"}, {"id": 1189, -"keyword": "finitely generated polynomial ideals"}, +"keyword": "framing conditions"}, {"id": 1190, +"keyword": "completeness"}, +{"id": 1191, +"keyword": "astronomically huge"}, +{"id": 1192, +"keyword": "finitely generated polynomial ideals"}, +{"id": 1193, "keyword": "transitive closure bypasses matrices"}, -{"id": 1191, +{"id": 1194, "keyword": "expected accuracy"}, -{"id": 1192, +{"id": 1195, "keyword": "rado"}, -{"id": 1193, +{"id": 1196, "keyword": "strong local confluence"}, -{"id": 1194, +{"id": 1197, "keyword": "3rd edition"}, -{"id": 1195, +{"id": 1198, "keyword": "sch15 anders schlichtkrull"}, -{"id": 1196, +{"id": 1199, "keyword": "hoc on-demand distance vector"}, -{"id": 1197, +{"id": 1200, "keyword": "expected properties"}, -{"id": 1198, +{"id": 1201, "keyword": "longer guaranteed"}, -{"id": 1199, +{"id": 1202, "keyword": "realistic virtual machine"}, -{"id": 1200, +{"id": 1203, "keyword": "developing security protocols"}, -{"id": 1201, +{"id": 1204, "keyword": "call root-balanced trees"}, -{"id": 1202, -"keyword": "algebraic numbers beta_1"}, -{"id": 1203, -"keyword": "function eval"}, -{"id": 1204, -"keyword": "floating-point numbers"}, {"id": 1205, -"keyword": "price vickrey auction"}, +"keyword": "algebraic numbers beta_1"}, {"id": 1206, -"keyword": "classical hoare"}, +"keyword": "function eval"}, {"id": 1207, -"keyword": "running average"}, +"keyword": "floating-point numbers"}, {"id": 1208, +"keyword": "price vickrey auction"}, +{"id": 1209, +"keyword": "classical hoare"}, +{"id": 1210, +"keyword": "running average"}, +{"id": 1211, "keyword": "james margetson"}, -{"id": 1209, +{"id": 1212, "keyword": "dedicated vertices"}, -{"id": 1210, +{"id": 1213, "keyword": "hereditarily finite"}, -{"id": 1211, +{"id": 1214, "keyword": "lemma"}, -{"id": 1212, +{"id": 1215, "keyword": "verify axioms"}, -{"id": 1213, +{"id": 1216, "keyword": "time events"}, -{"id": 1214, +{"id": 1217, "keyword": "piecewise continuous functions"}, -{"id": 1215, +{"id": 1218, "keyword": "feature dependent types"}, -{"id": 1216, +{"id": 1219, "keyword": "worst-case optimal multiway-join algorithms"}, -{"id": 1217, +{"id": 1220, "keyword": "treated abstractly"}, -{"id": 1218, +{"id": 1221, "keyword": "omega operation"}, -{"id": 1219, +{"id": 1222, "keyword": "theory fair-stream"}, -{"id": 1220, +{"id": 1223, "keyword": "independent random variables"}, -{"id": 1221, +{"id": 1224, "keyword": "terms algebraically"}, -{"id": 1222, -"keyword": "nested binary joins"}, -{"id": 1223, -"keyword": "fin"}, -{"id": 1224, -"keyword": "yosuke-ito-345 actuary"}, {"id": 1225, -"keyword": "directly executable program"}, +"keyword": "nested binary joins"}, {"id": 1226, -"keyword": "algebraic hierarchy"}, +"keyword": "fin"}, {"id": 1227, -"keyword": "sufficiently large"}, +"keyword": "yosuke-ito-345 actuary"}, {"id": 1228, +"keyword": "directly executable program"}, +{"id": 1229, +"keyword": "algebraic hierarchy"}, +{"id": 1230, +"keyword": "sufficiently large"}, +{"id": 1231, "keyword": "enhanced confidence"}, -{"id": 1229, +{"id": 1232, +"keyword": "efficiently compute"}, +{"id": 1233, "keyword": "resulting automaton"}, -{"id": 1230, +{"id": 1234, "keyword": "kleene algebra hierarchy"}, -{"id": 1231, -"keyword": "periodicity lemma"}, -{"id": 1232, -"keyword": "article added material"}, -{"id": 1233, -"keyword": "infinite polynomial"}, -{"id": 1234, -"keyword": "runtime faults"}, {"id": 1235, -"keyword": "abstract property"}, +"keyword": "periodicity lemma"}, {"id": 1236, -"keyword": "function definitions"}, +"keyword": "article added material"}, {"id": 1237, -"keyword": "standard transfinite kbo"}, +"keyword": "infinite polynomial"}, {"id": 1238, -"keyword": "secure stateful implementation"}, +"keyword": "runtime faults"}, {"id": 1239, -"keyword": "adjoint functors preserve limits"}, +"keyword": "abstract property"}, {"id": 1240, -"keyword": "sub-probability mass functions"}, +"keyword": "function definitions"}, {"id": 1241, +"keyword": "standard transfinite kbo"}, +{"id": 1242, +"keyword": "secure stateful implementation"}, +{"id": 1243, +"keyword": "adjoint functors preserve limits"}, +{"id": 1244, +"keyword": "sub-probability mass functions"}, +{"id": 1245, "keyword": "linear time"}, -{"id": 1242, +{"id": 1246, "keyword": "purely syntactic criteria"}, -{"id": 1243, +{"id": 1247, "keyword": "mechanically verifying algorithms"}, -{"id": 1244, +{"id": 1248, "keyword": "non-strict computations"}, -{"id": 1245, +{"id": 1249, "keyword": "derive proofs"}, -{"id": 1246, -"keyword": "expressive power"}, -{"id": 1247, -"keyword": "textbook presentation"}, -{"id": 1248, -"keyword": "io monad"}, -{"id": 1249, -"keyword": "common language features"}, {"id": 1250, -"keyword": "mutually recursive procedures"}, +"keyword": "expressive power"}, {"id": 1251, -"keyword": "intervals"}, +"keyword": "textbook presentation"}, {"id": 1252, -"keyword": "defensive strategies exist"}, +"keyword": "io monad"}, {"id": 1253, -"keyword": "ordinal arithmetic"}, +"keyword": "common language features"}, {"id": 1254, -"keyword": "security protocols based"}, +"keyword": "mutually recursive procedures"}, {"id": 1255, -"keyword": "cryptographically secure proof"}, +"keyword": "intervals"}, {"id": 1256, -"keyword": "domain theory"}, +"keyword": "defensive strategies exist"}, {"id": 1257, -"keyword": "class models"}, +"keyword": "ordinal arithmetic"}, {"id": 1258, +"keyword": "security protocols based"}, +{"id": 1259, +"keyword": "cryptographically secure proof"}, +{"id": 1260, +"keyword": "domain theory"}, +{"id": 1261, +"keyword": "class models"}, +{"id": 1262, "keyword": "fully automated methods"}, -{"id": 1259, +{"id": 1263, "keyword": "current formalization"}, -{"id": 1260, +{"id": 1264, "keyword": "formalisation presents"}, -{"id": 1261, -"keyword": "contradicts consensus"}, -{"id": 1262, -"keyword": "classical implicational logic"}, -{"id": 1263, -"keyword": "group divisible designs"}, -{"id": 1264, -"keyword": "self-contained specification"}, {"id": 1265, -"keyword": "successor search"}, +"keyword": "contradicts consensus"}, {"id": 1266, -"keyword": "full details"}, +"keyword": "classical implicational logic"}, {"id": 1267, -"keyword": "standard redundancy criterion"}, +"keyword": "group divisible designs"}, {"id": 1268, +"keyword": "self-contained specification"}, +{"id": 1269, +"keyword": "successor search"}, +{"id": 1270, +"keyword": "full details"}, +{"id": 1271, +"keyword": "standard redundancy criterion"}, +{"id": 1272, "keyword": "algebraic geometry"}, -{"id": 1269, +{"id": 1273, "keyword": "material decribed"}, -{"id": 1270, +{"id": 1274, "keyword": "abstract rewrite system"}, -{"id": 1271, -"keyword": "recursive function operates"}, -{"id": 1272, -"keyword": "sequential compactness"}, -{"id": 1273, -"keyword": "core part"}, -{"id": 1274, -"keyword": "w_i a_i"}, {"id": 1275, -"keyword": "operations run"}, +"keyword": "recursive function operates"}, {"id": 1276, -"keyword": "interpreting intensional type systems"}, +"keyword": "sequential compactness"}, {"id": 1277, -"keyword": "retain key properties"}, +"keyword": "core part"}, {"id": 1278, -"keyword": "lexicographic algorithm incorporating"}, +"keyword": "w_i a_i"}, {"id": 1279, -"keyword": "llists"}, +"keyword": "operations run"}, {"id": 1280, -"keyword": "success probability grows exponentially"}, +"keyword": "interpreting intensional type systems"}, {"id": 1281, +"keyword": "retain key properties"}, +{"id": 1282, +"keyword": "lexicographic algorithm incorporating"}, +{"id": 1283, +"keyword": "llists"}, +{"id": 1284, +"keyword": "success probability grows exponentially"}, +{"id": 1285, "keyword": "generate"}, -{"id": 1282, +{"id": 1286, "keyword": "34th ifip international conference"}, -{"id": 1283, +{"id": 1287, "keyword": "abstract academic models"}, -{"id": 1284, +{"id": 1288, "keyword": "notably poicar recurrence theorem"}, -{"id": 1285, +{"id": 1289, "keyword": "relevant definitions"}, -{"id": 1286, -"keyword": "refinement steps"}, -{"id": 1287, -"keyword": "time polynomial"}, -{"id": 1288, -"keyword": "skip lists consists"}, -{"id": 1289, -"keyword": "stream versions"}, {"id": 1290, -"keyword": "update constant pattern"}, +"keyword": "refinement steps"}, {"id": 1291, -"keyword": "small-step operational semantics"}, +"keyword": "time polynomial"}, {"id": 1292, -"keyword": "set partitions"}, +"keyword": "skip lists consists"}, {"id": 1293, -"keyword": "explicit construction"}, +"keyword": "stream versions"}, {"id": 1294, -"keyword": "mechanised proofs offermat"}, +"keyword": "update constant pattern"}, {"id": 1295, -"keyword": "concurrent sub-models"}, +"keyword": "small-step operational semantics"}, {"id": 1296, -"keyword": "parallel branches"}, +"keyword": "set partitions"}, {"id": 1297, -"keyword": "cubic equations"}, +"keyword": "explicit construction"}, {"id": 1298, -"keyword": "computably enumerable sets"}, +"keyword": "mechanised proofs offermat"}, {"id": 1299, -"keyword": "machine-verifiable proof certificates"}, +"keyword": "concurrent sub-models"}, {"id": 1300, -"keyword": "simple language"}, +"keyword": "parallel branches"}, {"id": 1301, +"keyword": "cubic equations"}, +{"id": 1302, +"keyword": "computably enumerable sets"}, +{"id": 1303, +"keyword": "machine-verifiable proof certificates"}, +{"id": 1304, +"keyword": "simple language"}, +{"id": 1305, "keyword": "poincar -bendixson theorem"}, -{"id": 1302, +{"id": 1306, "keyword": "relevant material"}, -{"id": 1303, +{"id": 1307, "keyword": "efficient data structures"}, -{"id": 1304, +{"id": 1308, "keyword": "extended real line"}, -{"id": 1305, +{"id": 1309, "keyword": "sunflower lemma"}, -{"id": 1306, -"keyword": "intransitive policy"}, -{"id": 1307, -"keyword": "universal property"}, -{"id": 1308, -"keyword": "algebraically closed field"}, -{"id": 1309, -"keyword": "larger memory"}, {"id": 1310, -"keyword": "program verification environment"}, +"keyword": "intransitive policy"}, {"id": 1311, +"keyword": "universal property"}, +{"id": 1312, +"keyword": "algebraically closed field"}, +{"id": 1313, +"keyword": "larger memory"}, +{"id": 1314, +"keyword": "program verification environment"}, +{"id": 1315, "keyword": "basic modal logics"}, -{"id": 1312, +{"id": 1316, "keyword": "nested multisets"}, -{"id": 1313, +{"id": 1317, "keyword": "concrete mathematics"}, -{"id": 1314, +{"id": 1318, "keyword": "safe ocl distincts nullable"}, -{"id": 1315, +{"id": 1319, "keyword": "ramsey"}, -{"id": 1316, +{"id": 1320, "keyword": "thy -files"}, -{"id": 1317, +{"id": 1321, "keyword": "deterministic processes"}, -{"id": 1318, +{"id": 1322, "keyword": "logarithmic expected time"}, -{"id": 1319, +{"id": 1323, "keyword": "generic work-list algorithm"}, -{"id": 1320, +{"id": 1324, "keyword": "theorems related"}, -{"id": 1321, +{"id": 1325, "keyword": "generic type class implementation"}, -{"id": 1322, -"keyword": "subtle behaviors"}, -{"id": 1323, -"keyword": "set construction"}, -{"id": 1324, -"keyword": "asymptotic growth approximation"}, -{"id": 1325, -"keyword": "well-order relation"}, {"id": 1326, -"keyword": "encryption schemes"}, +"keyword": "subtle behaviors"}, {"id": 1327, -"keyword": "ipv6 addresses"}, +"keyword": "set construction"}, {"id": 1328, -"keyword": "trusted base"}, +"keyword": "asymptotic growth approximation"}, {"id": 1329, +"keyword": "well-order relation"}, +{"id": 1330, +"keyword": "encryption schemes"}, +{"id": 1331, +"keyword": "ipv6 addresses"}, +{"id": 1332, +"keyword": "trusted base"}, +{"id": 1333, "keyword": "identifying finite-dimensional operators"}, -{"id": 1330, +{"id": 1334, "keyword": "restricted schedules"}, -{"id": 1331, +{"id": 1335, "keyword": "fabian immler"}, -{"id": 1332, +{"id": 1336, "keyword": "count real roots"}, -{"id": 1333, +{"id": 1337, "keyword": "abstract data structures"}, -{"id": 1334, +{"id": 1338, "keyword": "policy decision function"}, -{"id": 1335, +{"id": 1339, "keyword": "solutions based"}, -{"id": 1336, -"keyword": "produce labeled subgoals"}, -{"id": 1337, -"keyword": "quadratic virtual substitution"}, -{"id": 1338, -"keyword": "partial translation"}, -{"id": 1339, -"keyword": "tedious proofs"}, {"id": 1340, -"keyword": "jordan decomposition theorem"}, +"keyword": "produce labeled subgoals"}, {"id": 1341, +"keyword": "quadratic virtual substitution"}, +{"id": 1342, +"keyword": "partial translation"}, +{"id": 1343, +"keyword": "tedious proofs"}, +{"id": 1344, +"keyword": "jordan decomposition theorem"}, +{"id": 1345, "keyword": "algorithm decodes correctly"}, -{"id": 1342, +{"id": 1346, "keyword": "support tostring functions"}, -{"id": 1343, +{"id": 1347, "keyword": "underlying concepts"}, -{"id": 1344, +{"id": 1348, "keyword": "defining web components"}, -{"id": 1345, +{"id": 1349, "keyword": "financial theory"}, -{"id": 1346, -"keyword": "self-adjusting binary search trees"}, -{"id": 1347, -"keyword": "code generation facility"}, -{"id": 1348, -"keyword": "carefully crafted"}, -{"id": 1349, -"keyword": "topological space generated"}, {"id": 1350, -"keyword": "proving functional correctness"}, +"keyword": "self-adjusting binary search trees"}, {"id": 1351, +"keyword": "code generation facility"}, +{"id": 1352, +"keyword": "carefully crafted"}, +{"id": 1353, +"keyword": "topological space generated"}, +{"id": 1354, +"keyword": "proving functional correctness"}, +{"id": 1355, "keyword": "original design"}, -{"id": 1352, +{"id": 1356, "keyword": "squares problem"}, -{"id": 1353, +{"id": 1357, "keyword": "formal reasoning"}, -{"id": 1354, +{"id": 1358, "keyword": "temporal logic operators"}, -{"id": 1355, +{"id": 1359, "keyword": "quadratic real arithmetic"}, -{"id": 1356, +{"id": 1360, "keyword": "rank nullity theorem entry"}, -{"id": 1357, +{"id": 1361, "keyword": "pairwise commuting matrices"}, -{"id": 1358, +{"id": 1362, "keyword": "requires precise statements"}, -{"id": 1359, +{"id": 1363, "keyword": "linear size"}, -{"id": 1360, +{"id": 1364, "keyword": "bird tree"}, -{"id": 1361, +{"id": 1365, "keyword": "series consisting"}, -{"id": 1362, -"keyword": "pdf"}, -{"id": 1363, -"keyword": "standard arithmetic"}, -{"id": 1364, -"keyword": "executable function eval"}, -{"id": 1365, -"keyword": "extensible record package"}, {"id": 1366, -"keyword": "data secrecy"}, +"keyword": "pdf"}, {"id": 1367, -"keyword": "model checking"}, +"keyword": "standard arithmetic"}, {"id": 1368, -"keyword": "publication tphols 2009"}, +"keyword": "executable function eval"}, {"id": 1369, +"keyword": "extensible record package"}, +{"id": 1370, +"keyword": "data secrecy"}, +{"id": 1371, +"keyword": "model checking"}, +{"id": 1372, +"keyword": "publication tphols 2009"}, +{"id": 1373, "keyword": "additional control flow analysis"}, -{"id": 1370, +{"id": 1374, "keyword": "hermite-lindemann-weierstra theorem"}, -{"id": 1371, +{"id": 1375, "keyword": "ocl type system"}, -{"id": 1372, +{"id": 1376, "keyword": "x_1 exists"}, -{"id": 1373, +{"id": 1377, "keyword": "formalization consists"}, -{"id": 1374, +{"id": 1378, "keyword": "modal relational type theory"}, -{"id": 1375, +{"id": 1379, "keyword": "szl kalm"}, -{"id": 1376, +{"id": 1380, "keyword": "significant gain"}, -{"id": 1377, +{"id": 1381, "keyword": "separation logic assertion"}, -{"id": 1378, +{"id": 1382, "keyword": "shallowly embed"}, -{"id": 1379, +{"id": 1383, "keyword": "specially well-"}, -{"id": 1380, +{"id": 1384, "keyword": "random systems"}, -{"id": 1381, +{"id": 1385, "keyword": "perron ndash"}, -{"id": 1382, -"keyword": "unified approximation order"}, -{"id": 1383, -"keyword": "structures"}, -{"id": 1384, -"keyword": "building high-performance multiprocessor software"}, -{"id": 1385, -"keyword": "foundational assumptions"}, {"id": 1386, -"keyword": "cute puzzles"}, +"keyword": "unified approximation order"}, {"id": 1387, -"keyword": "relation algebras extended"}, +"keyword": "structures"}, {"id": 1388, -"keyword": "originally expressed"}, +"keyword": "building high-performance multiprocessor software"}, {"id": 1389, +"keyword": "foundational assumptions"}, +{"id": 1390, +"keyword": "cute puzzles"}, +{"id": 1391, +"keyword": "relation algebras extended"}, +{"id": 1392, +"keyword": "originally expressed"}, +{"id": 1393, "keyword": "frobenius theorem"}, -{"id": 1390, +{"id": 1394, "keyword": "space complexity"}, -{"id": 1391, +{"id": 1395, "keyword": "infinite series built"}, -{"id": 1392, -"keyword": "previous algorithms"}, -{"id": 1393, -"keyword": "abstract algorithm working"}, -{"id": 1394, -"keyword": "main premise"}, -{"id": 1395, -"keyword": "deciding relative safety"}, {"id": 1396, -"keyword": "spatially-separated views"}, +"keyword": "previous algorithms"}, {"id": 1397, -"keyword": "list update algorithms"}, +"keyword": "abstract algorithm working"}, {"id": 1398, -"keyword": "single nodes"}, +"keyword": "main premise"}, {"id": 1399, -"keyword": "fourier series"}, +"keyword": "deciding relative safety"}, {"id": 1400, -"keyword": "file write"}, +"keyword": "spatially-separated views"}, {"id": 1401, -"keyword": "adapted versions"}, +"keyword": "list update algorithms"}, {"id": 1402, -"keyword": "magic wand assertion"}, +"keyword": "single nodes"}, {"id": 1403, -"keyword": "adequacy proof"}, +"keyword": "fourier series"}, {"id": 1404, -"keyword": "sd-strategy- proofness"}, +"keyword": "file write"}, {"id": 1405, -"keyword": "dual incidence systems"}, +"keyword": "adapted versions"}, {"id": 1406, -"keyword": "primitive pythagorean triples"}, +"keyword": "magic wand assertion"}, {"id": 1407, -"keyword": "akra-bazzi method based"}, +"keyword": "adequacy proof"}, {"id": 1408, -"keyword": "important properties"}, +"keyword": "sd-strategy- proofness"}, {"id": 1409, -"keyword": "unique irreducible factors"}, +"keyword": "dual incidence systems"}, {"id": 1410, +"keyword": "primitive pythagorean triples"}, +{"id": 1411, +"keyword": "akra-bazzi method based"}, +{"id": 1412, +"keyword": "important properties"}, +{"id": 1413, +"keyword": "unique irreducible factors"}, +{"id": 1414, "keyword": "outgoing edges"}, -{"id": 1411, +{"id": 1415, "keyword": "target imperative hol"}, -{"id": 1412, +{"id": 1416, "keyword": "efficiently executable"}, -{"id": 1413, +{"id": 1417, "keyword": "lifting operation"}, -{"id": 1414, +{"id": 1418, "keyword": "lens algebra"}, -{"id": 1415, +{"id": 1419, "keyword": "agm operators"}, -{"id": 1416, +{"id": 1420, "keyword": "book"}, -{"id": 1417, -"keyword": "behaviour structure"}, -{"id": 1418, -"keyword": "complete semantics"}, -{"id": 1419, -"keyword": "simple solution"}, -{"id": 1420, -"keyword": "fixed-width machine words"}, {"id": 1421, -"keyword": "thread creation"}, +"keyword": "behaviour structure"}, {"id": 1422, +"keyword": "complete semantics"}, +{"id": 1423, +"keyword": "simple solution"}, +{"id": 1424, +"keyword": "fixed-width machine words"}, +{"id": 1425, +"keyword": "thread creation"}, +{"id": 1426, "keyword": "ip-route command"}, -{"id": 1423, +{"id": 1427, "keyword": "underlying libraries"}, -{"id": 1424, +{"id": 1428, "keyword": "formally verified checkers"}, -{"id": 1425, +{"id": 1429, "keyword": "direct corollaries"}, -{"id": 1426, +{"id": 1430, "keyword": "authors upcoming dissertation"}, -{"id": 1427, -"keyword": "restrictive definition"}, -{"id": 1428, -"keyword": "interactive program verification environment"}, -{"id": 1429, -"keyword": "extensible design permits"}, -{"id": 1430, -"keyword": "earlier afp entry"}, {"id": 1431, -"keyword": "automated proof tactics"}, +"keyword": "restrictive definition"}, {"id": 1432, -"keyword": "metatheoretical observation"}, +"keyword": "interactive program verification environment"}, {"id": 1433, -"keyword": "plane geometry"}, +"keyword": "extensible design permits"}, {"id": 1434, -"keyword": "finite trees"}, +"keyword": "earlier afp entry"}, {"id": 1435, -"keyword": "wide design space"}, +"keyword": "automated proof tactics"}, {"id": 1436, -"keyword": "hellip"}, +"keyword": "metatheoretical observation"}, {"id": 1437, -"keyword": "trace set inclusion"}, +"keyword": "plane geometry"}, {"id": 1438, -"keyword": "alpern"}, +"keyword": "finite trees"}, {"id": 1439, -"keyword": "mathematical development presented"}, +"keyword": "wide design space"}, {"id": 1440, -"keyword": "formal version"}, +"keyword": "hellip"}, {"id": 1441, -"keyword": "lambda-free recursive path orders"}, +"keyword": "trace set inclusion"}, {"id": 1442, +"keyword": "alpern"}, +{"id": 1443, +"keyword": "mathematical development presented"}, +{"id": 1444, +"keyword": "formal version"}, +{"id": 1445, +"keyword": "lambda-free recursive path orders"}, +{"id": 1446, "keyword": "concrete result"}, -{"id": 1443, +{"id": 1447, "keyword": "square complex matrix"}, -{"id": 1444, +{"id": 1448, "keyword": "quantitative temporal constraints"}, -{"id": 1445, +{"id": 1449, "keyword": "formalization effort necessitated"}, -{"id": 1446, +{"id": 1450, "keyword": "stepwise program refinement"}, -{"id": 1447, -"keyword": "theoretical computer science"}, -{"id": 1448, -"keyword": "sequential composition"}, -{"id": 1449, -"keyword": "combinatorial auction"}, -{"id": 1450, -"keyword": "1007 978-3-030-90138-7_2"}, {"id": 1451, -"keyword": "posix matching algorithm"}, +"keyword": "theoretical computer science"}, {"id": 1452, -"keyword": "article builds"}, +"keyword": "sequential composition"}, {"id": 1453, -"keyword": "paraconsistent logic avoids"}, +"keyword": "combinatorial auction"}, {"id": 1454, -"keyword": "mixed-product property"}, +"keyword": "1007 978-3-030-90138-7_2"}, {"id": 1455, -"keyword": "operator applications"}, +"keyword": "posix matching algorithm"}, {"id": 1456, -"keyword": "information whatsoever flows"}, +"keyword": "article builds"}, {"id": 1457, -"keyword": "tla specifications"}, +"keyword": "paraconsistent logic avoids"}, {"id": 1458, -"keyword": "security type system"}, +"keyword": "mixed-product property"}, {"id": 1459, -"keyword": "pide development environment"}, +"keyword": "operator applications"}, {"id": 1460, -"keyword": "entry vcg auctions"}, +"keyword": "information whatsoever flows"}, {"id": 1461, -"keyword": "locally control back-end settings"}, +"keyword": "tla specifications"}, {"id": 1462, +"keyword": "security type system"}, +{"id": 1463, +"keyword": "pide development environment"}, +{"id": 1464, +"keyword": "entry vcg auctions"}, +{"id": 1465, +"keyword": "locally control back-end settings"}, +{"id": 1466, "keyword": "bounded linear functions"}, -{"id": 1463, +{"id": 1467, "keyword": "deliberately restrict"}, -{"id": 1464, +{"id": 1468, "keyword": "sample main"}, -{"id": 1465, +{"id": 1469, "keyword": "construct proper generic extensions"}, -{"id": 1466, +{"id": 1470, "keyword": "reusable proof components"}, -{"id": 1467, -"keyword": "deductive tools"}, -{"id": 1468, -"keyword": "linearly ordered sets"}, -{"id": 1469, -"keyword": "primal problem"}, -{"id": 1470, -"keyword": "combine multiple methods"}, {"id": 1471, -"keyword": "extract efficient code"}, +"keyword": "deductive tools"}, {"id": 1472, +"keyword": "linearly ordered sets"}, +{"id": 1473, +"keyword": "primal problem"}, +{"id": 1474, +"keyword": "combine multiple methods"}, +{"id": 1475, +"keyword": "extract efficient code"}, +{"id": 1476, "keyword": "strips fragment"}, -{"id": 1473, +{"id": 1477, "keyword": "surely produce"}, -{"id": 1474, +{"id": 1478, +"keyword": "original query"}, +{"id": 1479, "keyword": "presents interesting results"}, -{"id": 1475, +{"id": 1480, "keyword": "intersecting chords theorem"}, -{"id": 1476, +{"id": 1481, "keyword": "lift larger classes"}, -{"id": 1477, +{"id": 1482, "keyword": "entry"}, -{"id": 1478, +{"id": 1483, "keyword": "related rewrite rules"}, -{"id": 1479, +{"id": 1484, "keyword": "weaker statement contained"}, -{"id": 1480, +{"id": 1485, "keyword": "automate canonical tasks"}, -{"id": 1481, +{"id": 1486, "keyword": "perform update operations naively"}, -{"id": 1482, -"keyword": "usual redundancy elimination rules"}, -{"id": 1483, -"keyword": "present"}, -{"id": 1484, -"keyword": "pairwise comparison"}, -{"id": 1485, -"keyword": "compositional algorithm"}, -{"id": 1486, -"keyword": "inconsistent bounds"}, {"id": 1487, -"keyword": "symmetric polynomial combination"}, +"keyword": "usual redundancy elimination rules"}, {"id": 1488, -"keyword": "conjectured relation"}, +"keyword": "present"}, {"id": 1489, -"keyword": "expression typing rules"}, +"keyword": "pairwise comparison"}, {"id": 1490, +"keyword": "compositional algorithm"}, +{"id": 1491, +"keyword": "inconsistent bounds"}, +{"id": 1492, +"keyword": "symmetric polynomial combination"}, +{"id": 1493, +"keyword": "conjectured relation"}, +{"id": 1494, +"keyword": "expression typing rules"}, +{"id": 1495, "keyword": "csp noninterference security stated"}, -{"id": 1491, +{"id": 1496, "keyword": "avoiding quantification"}, -{"id": 1492, +{"id": 1497, "keyword": "varepsilon 0"}, -{"id": 1493, +{"id": 1498, "keyword": "purposefully incomplete"}, -{"id": 1494, +{"id": 1499, "keyword": "combinatorial proof requires construction"}, -{"id": 1495, +{"id": 1500, "keyword": "adam betts"}, -{"id": 1496, +{"id": 1501, "keyword": "real-normed fields"}, -{"id": 1497, +{"id": 1502, "keyword": "algebraic structure"}, -{"id": 1498, +{"id": 1503, "keyword": "unlike treaps"}, -{"id": 1499, +{"id": 1504, "keyword": "lemma statements"}, -{"id": 1500, +{"id": 1505, "keyword": "sorted linked lists enhanced"}, -{"id": 1501, +{"id": 1506, "keyword": "uniformly bounded"}, -{"id": 1502, +{"id": 1507, "keyword": "compiler correctness"}, -{"id": 1503, +{"id": 1508, "keyword": "small step semantics"}, -{"id": 1504, +{"id": 1509, "keyword": "alexander birch jensen"}, -{"id": 1505, +{"id": 1510, "keyword": "mathematical theories"}, -{"id": 1506, +{"id": 1511, "keyword": "failure divergence model"}, -{"id": 1507, +{"id": 1512, "keyword": "bnfcc theory"}, -{"id": 1508, +{"id": 1513, "keyword": "diagonal functors"}, -{"id": 1509, +{"id": 1514, "keyword": "partial synchrony"}, -{"id": 1510, +{"id": 1515, "keyword": "preserves semantics"}, -{"id": 1511, +{"id": 1516, "keyword": "obtain dynamic programming algorithms"}, -{"id": 1512, +{"id": 1517, "keyword": "refine system specifications"}, -{"id": 1513, +{"id": 1518, "keyword": "process crashes"}, -{"id": 1514, +{"id": 1519, "keyword": "algorithm multiple times independently"}, -{"id": 1515, +{"id": 1520, "keyword": "diagonal-free timed automata"}, -{"id": 1516, +{"id": 1521, "keyword": "-free higher-order terms"}, -{"id": 1517, +{"id": 1522, "keyword": "generic imperative algorithms"}, -{"id": 1518, +{"id": 1523, "keyword": "gromov hyperbolic"}, -{"id": 1519, +{"id": 1524, "keyword": "imaginary part"}, -{"id": 1520, +{"id": 1525, "keyword": "artificial general intelligence"}, -{"id": 1521, +{"id": 1526, "keyword": "coreutils sha256 implementation"}, -{"id": 1522, -"keyword": "traditional formalisations"}, -{"id": 1523, -"keyword": "floating-point operations"}, -{"id": 1524, -"keyword": "landau expressions"}, -{"id": 1525, -"keyword": "asymptotic relation"}, -{"id": 1526, -"keyword": "lebesgue measure"}, {"id": 1527, -"keyword": "original design based"}, +"keyword": "traditional formalisations"}, {"id": 1528, -"keyword": "document root"}, +"keyword": "floating-point operations"}, {"id": 1529, -"keyword": "solve automatically"}, +"keyword": "landau expressions"}, {"id": 1530, +"keyword": "asymptotic relation"}, +{"id": 1531, +"keyword": "lebesgue measure"}, +{"id": 1532, +"keyword": "original design based"}, +{"id": 1533, +"keyword": "document root"}, +{"id": 1534, +"keyword": "solve automatically"}, +{"id": 1535, "keyword": "trick"}, -{"id": 1531, +{"id": 1536, "keyword": "weight-balanced trees"}, -{"id": 1532, +{"id": 1537, "keyword": "development forms"}, -{"id": 1533, +{"id": 1538, "keyword": "earlier version"}, -{"id": 1534, +{"id": 1539, "keyword": "afp entries goedel_hfset_semantic"}, -{"id": 1535, +{"id": 1540, "keyword": "fairly obvious properties"}, -{"id": 1536, +{"id": 1541, "keyword": "parigots -calculus"}, -{"id": 1537, +{"id": 1542, "keyword": "construct real exponents"}, -{"id": 1538, +{"id": 1543, "keyword": "nicta l4v"}, -{"id": 1539, +{"id": 1544, "keyword": "fully canceled words"}, -{"id": 1540, +{"id": 1545, "keyword": "concrete syntax"}, -{"id": 1541, +{"id": 1546, "keyword": "standard two-phase slicer"}, -{"id": 1542, -"keyword": "simple executable algorithms"}, -{"id": 1543, -"keyword": "unbounded nondeterminism"}, -{"id": 1544, -"keyword": "a-priori bound"}, -{"id": 1545, -"keyword": "single partial binary operation"}, -{"id": 1546, -"keyword": "hol definitions"}, {"id": 1547, -"keyword": "longer periods"}, +"keyword": "simple executable algorithms"}, {"id": 1548, -"keyword": "atomic elements"}, +"keyword": "unbounded nondeterminism"}, {"id": 1549, -"keyword": "linear equations"}, +"keyword": "a-priori bound"}, {"id": 1550, +"keyword": "single partial binary operation"}, +{"id": 1551, +"keyword": "hol definitions"}, +{"id": 1552, +"keyword": "longer periods"}, +{"id": 1553, +"keyword": "atomic elements"}, +{"id": 1554, +"keyword": "linear equations"}, +{"id": 1555, "keyword": "group_add class"}, -{"id": 1551, +{"id": 1556, "keyword": "formalizing game-based proofs"}, -{"id": 1552, -"keyword": "analytic function"}, -{"id": 1553, -"keyword": "previous afp entry"}, -{"id": 1554, -"keyword": "solving equations"}, -{"id": 1555, -"keyword": "random binary search trees"}, -{"id": 1556, -"keyword": "presents experimental results"}, {"id": 1557, -"keyword": "invariance"}, +"keyword": "analytic function"}, {"id": 1558, -"keyword": "abstract data type"}, +"keyword": "previous afp entry"}, {"id": 1559, -"keyword": "replicated data"}, +"keyword": "solving equations"}, {"id": 1560, -"keyword": "square roots"}, +"keyword": "random binary search trees"}, {"id": 1561, -"keyword": "stuttering sampling functions"}, +"keyword": "presents experimental results"}, {"id": 1562, -"keyword": "poincar disc model development"}, +"keyword": "invariance"}, {"id": 1563, -"keyword": "concurrent operations"}, +"keyword": "abstract data type"}, {"id": 1564, -"keyword": "immensely helpful"}, +"keyword": "replicated data"}, {"id": 1565, -"keyword": "intrinsic properties"}, +"keyword": "square roots"}, {"id": 1566, -"keyword": "category theory written"}, +"keyword": "stuttering sampling functions"}, {"id": 1567, -"keyword": "high-level type systems"}, +"keyword": "poincar disc model development"}, {"id": 1568, -"keyword": "schur decomposition"}, +"keyword": "concurrent operations"}, {"id": 1569, -"keyword": "stuttering"}, +"keyword": "immensely helpful"}, {"id": 1570, -"keyword": "language theory"}, +"keyword": "intrinsic properties"}, {"id": 1571, +"keyword": "category theory written"}, +{"id": 1572, +"keyword": "high-level type systems"}, +{"id": 1573, +"keyword": "schur decomposition"}, +{"id": 1574, +"keyword": "stuttering"}, +{"id": 1575, +"keyword": "language theory"}, +{"id": 1576, "keyword": "smt proof"}, -{"id": 1572, +{"id": 1577, "keyword": "permission amounts held"}, -{"id": 1573, +{"id": 1578, "keyword": "fourth sylow theorems"}, -{"id": 1574, +{"id": 1579, "keyword": "single infinite point"}, -{"id": 1575, +{"id": 1580, "keyword": "intuitive arguments found"}, -{"id": 1576, +{"id": 1581, "keyword": "defensive jinja virtual machine"}, -{"id": 1577, +{"id": 1582, "keyword": "type class"}, -{"id": 1578, +{"id": 1583, "keyword": "twelve bijections"}, -{"id": 1579, +{"id": 1584, "keyword": "torino group"}, -{"id": 1580, +{"id": 1585, "keyword": "semantic embedding"}, -{"id": 1581, +{"id": 1586, "keyword": "previous theorem"}, -{"id": 1582, +{"id": 1587, "keyword": "digit shifts"}, -{"id": 1583, +{"id": 1588, "keyword": "cardinality"}, -{"id": 1584, +{"id": 1589, "keyword": "polynomial factorisation algorithms ndash"}, -{"id": 1585, +{"id": 1590, "keyword": "protocol analysis"}, -{"id": 1586, +{"id": 1591, "keyword": "earlier joint work"}, -{"id": 1587, +{"id": 1592, "keyword": "statement boundaries"}, -{"id": 1588, +{"id": 1593, "keyword": "polynomial rings"}, -{"id": 1589, +{"id": 1594, "keyword": "operational rules"}, -{"id": 1590, +{"id": 1595, "keyword": "original compilation process"}, -{"id": 1591, +{"id": 1596, "keyword": "specification language"}, -{"id": 1592, +{"id": 1597, "keyword": "maximally consistent sets"}, -{"id": 1593, +{"id": 1598, "keyword": "von-neumann-morgenstern utility theorem"}, -{"id": 1594, +{"id": 1599, "keyword": "tarski-seidenberg theorem established"}, -{"id": 1595, +{"id": 1600, "keyword": "streamlining formal definitions"}, -{"id": 1596, +{"id": 1601, "keyword": "exhibit core features"}, -{"id": 1597, +{"id": 1602, "keyword": "right-hand side"}, -{"id": 1598, +{"id": 1603, "keyword": "calculating operators"}, -{"id": 1599, +{"id": 1604, "keyword": "generated code implements"}, -{"id": 1600, +{"id": 1605, "keyword": "automatic instantiation"}, -{"id": 1601, +{"id": 1606, "keyword": "skew heaps"}, -{"id": 1602, +{"id": 1607, "keyword": "completely remove tedious proofs"}, -{"id": 1603, -"keyword": "session keys"}, -{"id": 1604, -"keyword": "atkinson lemma"}, -{"id": 1605, -"keyword": "additional theory"}, -{"id": 1606, -"keyword": "boolos gave"}, -{"id": 1607, -"keyword": "lemma based"}, {"id": 1608, -"keyword": "hales jewett theorem"}, +"keyword": "session keys"}, {"id": 1609, -"keyword": "regular sets"}, +"keyword": "atkinson lemma"}, {"id": 1610, -"keyword": "web components"}, +"keyword": "additional theory"}, {"id": 1611, +"keyword": "boolos gave"}, +{"id": 1612, +"keyword": "lemma based"}, +{"id": 1613, +"keyword": "hales jewett theorem"}, +{"id": 1614, +"keyword": "regular sets"}, +{"id": 1615, +"keyword": "web components"}, +{"id": 1616, "keyword": "stuart rankin"}, -{"id": 1612, +{"id": 1617, "keyword": "18th century"}, -{"id": 1613, +{"id": 1618, "keyword": "roots"}, -{"id": 1614, +{"id": 1619, "keyword": "style presented"}, -{"id": 1615, +{"id": 1620, "keyword": "complementing previous encodings"}, -{"id": 1616, +{"id": 1621, "keyword": "hoc fashion"}, -{"id": 1617, +{"id": 1622, "keyword": "algebraic number implementation"}, -{"id": 1618, +{"id": 1623, "keyword": "transcendence criteria"}, -{"id": 1619, +{"id": 1624, "keyword": "exponential series"}, -{"id": 1620, +{"id": 1625, "keyword": "finite dimensional vector space"}, -{"id": 1621, +{"id": 1626, "keyword": "synthetic approach"}, -{"id": 1622, +{"id": 1627, "keyword": "function calls"}, -{"id": 1623, -"keyword": "hereditarily finite sets"}, -{"id": 1624, -"keyword": "free theorems"}, -{"id": 1625, -"keyword": "stuttering equivalence"}, -{"id": 1626, -"keyword": "predicate abstraction"}, -{"id": 1627, -"keyword": "formula represent propositional formulas"}, {"id": 1628, -"keyword": "preorder relations"}, +"keyword": "hereditarily finite sets"}, {"id": 1629, -"keyword": "bound variables"}, +"keyword": "free theorems"}, {"id": 1630, -"keyword": "first-order quantification"}, +"keyword": "stuttering equivalence"}, {"id": 1631, +"keyword": "predicate abstraction"}, +{"id": 1632, +"keyword": "formula represent propositional formulas"}, +{"id": 1633, +"keyword": "preorder relations"}, +{"id": 1634, +"keyword": "bound variables"}, +{"id": 1635, +"keyword": "first-order quantification"}, +{"id": 1636, "keyword": "skew binomial heaps"}, -{"id": 1632, +{"id": 1637, "keyword": "control operators"}, -{"id": 1633, -"keyword": "form construction algorithm"}, -{"id": 1634, -"keyword": "central meta theorem"}, -{"id": 1635, -"keyword": "matrix representation"}, -{"id": 1636, -"keyword": "data complexity"}, -{"id": 1637, -"keyword": "modular arithmetic plays"}, {"id": 1638, -"keyword": "fairly nice"}, +"keyword": "form construction algorithm"}, {"id": 1639, -"keyword": "foundational structures"}, +"keyword": "central meta theorem"}, {"id": 1640, -"keyword": "direct recursion"}, +"keyword": "matrix representation"}, {"id": 1641, -"keyword": "mathematical logic"}, +"keyword": "data complexity"}, {"id": 1642, -"keyword": "higher-order superposition calculus"}, +"keyword": "modular arithmetic plays"}, {"id": 1643, -"keyword": "purely algebraic"}, +"keyword": "fairly nice"}, {"id": 1644, +"keyword": "foundational structures"}, +{"id": 1645, +"keyword": "direct recursion"}, +{"id": 1646, +"keyword": "mathematical logic"}, +{"id": 1647, +"keyword": "higher-order superposition calculus"}, +{"id": 1648, +"keyword": "purely algebraic"}, +{"id": 1649, "keyword": "differentiability"}, -{"id": 1645, +{"id": 1650, "keyword": "logging-independent message anonymity"}, -{"id": 1646, +{"id": 1651, "keyword": "functional implementation"}, -{"id": 1647, +{"id": 1652, "keyword": "composition series"}, -{"id": 1648, +{"id": 1653, "keyword": "ordered resolution"}, -{"id": 1649, +{"id": 1654, "keyword": "chinese remainder theorem"}, -{"id": 1650, +{"id": 1655, "keyword": "clausal consequences"}, -{"id": 1651, +{"id": 1656, "keyword": "consistent fol theories extending"}, -{"id": 1652, +{"id": 1657, "keyword": "real coefficients"}, -{"id": 1653, -"keyword": "sparcv8 architecture"}, -{"id": 1654, -"keyword": "compositional noninterference"}, -{"id": 1655, -"keyword": "simd extensions"}, -{"id": 1656, -"keyword": "imperative hol heap monad"}, -{"id": 1657, -"keyword": "error message"}, {"id": 1658, -"keyword": "generic results"}, +"keyword": "sparcv8 architecture"}, {"id": 1659, -"keyword": "basic randomised social choice"}, +"keyword": "compositional noninterference"}, {"id": 1660, -"keyword": "dynamic tables parameterized"}, +"keyword": "simd extensions"}, {"id": 1661, +"keyword": "imperative hol heap monad"}, +{"id": 1662, +"keyword": "error message"}, +{"id": 1663, +"keyword": "generic results"}, +{"id": 1664, +"keyword": "basic randomised social choice"}, +{"id": 1665, +"keyword": "dynamic tables parameterized"}, +{"id": 1666, "keyword": "proper grounding"}, -{"id": 1662, +{"id": 1667, "keyword": "quasi-borel spaces"}, -{"id": 1663, -"keyword": "sat solver correctness proofs"}, -{"id": 1664, -"keyword": "charly gries"}, -{"id": 1665, -"keyword": "valid completeness threshold"}, -{"id": 1666, -"keyword": "reduces proof obligations"}, -{"id": 1667, -"keyword": "concrete representation"}, {"id": 1668, -"keyword": "restricted growth functions"}, +"keyword": "sat solver correctness proofs"}, {"id": 1669, -"keyword": "irrationality criteria"}, +"keyword": "charly gries"}, {"id": 1670, -"keyword": "language features"}, +"keyword": "valid completeness threshold"}, {"id": 1671, +"keyword": "reduces proof obligations"}, +{"id": 1672, +"keyword": "concrete representation"}, +{"id": 1673, +"keyword": "restricted growth functions"}, +{"id": 1674, +"keyword": "irrationality criteria"}, +{"id": 1675, +"keyword": "language features"}, +{"id": 1676, "keyword": "compilation function"}, -{"id": 1672, +{"id": 1677, "keyword": "formally reason"}, -{"id": 1673, -"keyword": "development employs"}, -{"id": 1674, -"keyword": "policy decision point"}, -{"id": 1675, -"keyword": "comparison oracle"}, -{"id": 1676, -"keyword": "suitable distributed system model"}, -{"id": 1677, -"keyword": "tautology elimination"}, {"id": 1678, -"keyword": "parallel prefix computations"}, +"keyword": "development employs"}, {"id": 1679, -"keyword": "andrei popescu"}, +"keyword": "policy decision point"}, {"id": 1680, -"keyword": "proofs necessitate"}, +"keyword": "comparison oracle"}, {"id": 1681, -"keyword": "verified implementation"}, +"keyword": "suitable distributed system model"}, {"id": 1682, -"keyword": "geometric sketches"}, +"keyword": "tautology elimination"}, {"id": 1683, -"keyword": "small-step semantics akin"}, +"keyword": "parallel prefix computations"}, {"id": 1684, +"keyword": "andrei popescu"}, +{"id": 1685, +"keyword": "proofs necessitate"}, +{"id": 1686, +"keyword": "verified implementation"}, +{"id": 1687, +"keyword": "geometric sketches"}, +{"id": 1688, +"keyword": "small-step semantics akin"}, +{"id": 1689, "keyword": "finite developments theorem"}, -{"id": 1685, +{"id": 1690, "keyword": "search-tree property"}, -{"id": 1686, +{"id": 1691, "keyword": "unverified reference implementation"}, -{"id": 1687, +{"id": 1692, "keyword": "abstract separation logic"}, -{"id": 1688, +{"id": 1693, "keyword": "abstract algebraic structure satisfying"}, -{"id": 1689, +{"id": 1694, "keyword": "types-to-sets mechanism"}, -{"id": 1690, +{"id": 1695, "keyword": "stiffness matrix represents"}, -{"id": 1691, +{"id": 1696, "keyword": "time real exponents"}, -{"id": 1692, +{"id": 1697, "keyword": "vcg auction"}, -{"id": 1693, -"keyword": "secure network configurations"}, -{"id": 1694, -"keyword": "infinite conjunctions"}, -{"id": 1695, -"keyword": "respective frameworks"}, -{"id": 1696, -"keyword": "strongly normalizing"}, -{"id": 1697, -"keyword": "distinct operators"}, {"id": 1698, -"keyword": "efficient computation"}, +"keyword": "secure network configurations"}, {"id": 1699, -"keyword": "author merz 1998"}, +"keyword": "infinite conjunctions"}, {"id": 1700, -"keyword": "concurrent revisions model"}, +"keyword": "respective frameworks"}, {"id": 1701, -"keyword": "regain sequential consistency"}, +"keyword": "strongly normalizing"}, {"id": 1702, -"keyword": "updated version"}, +"keyword": "distinct operators"}, {"id": 1703, -"keyword": "tlc model checker"}, +"keyword": "efficient computation"}, {"id": 1704, +"keyword": "author merz 1998"}, +{"id": 1705, +"keyword": "concurrent revisions model"}, +{"id": 1706, +"keyword": "regain sequential consistency"}, +{"id": 1707, +"keyword": "updated version"}, +{"id": 1708, +"keyword": "tlc model checker"}, +{"id": 1709, "keyword": "fully abstract"}, -{"id": 1705, +{"id": 1710, "keyword": "framework supports semantic annotations"}, -{"id": 1706, +{"id": 1711, "keyword": "theory file"}, -{"id": 1707, +{"id": 1712, "keyword": "earlier paper"}, -{"id": 1708, +{"id": 1713, "keyword": "executable functions"}, -{"id": 1709, +{"id": 1714, "keyword": "general result"}, -{"id": 1710, +{"id": 1715, "keyword": "runtime verification tool"}, -{"id": 1711, +{"id": 1716, "keyword": "automated proof techniques"}, -{"id": 1712, +{"id": 1717, "keyword": "simple verification conditions"}, -{"id": 1713, +{"id": 1718, "keyword": "orthogonal vectors"}, -{"id": 1714, +{"id": 1719, "keyword": "machine checked collections framework"}, -{"id": 1715, +{"id": 1720, "keyword": "command mk_ide"}, -{"id": 1716, +{"id": 1721, "keyword": "polynomial growth"}, -{"id": 1717, +{"id": 1722, "keyword": "local clock"}, -{"id": 1718, +{"id": 1723, "keyword": "abstract first-order prover"}, -{"id": 1719, +{"id": 1724, "keyword": "kuratowski subgraphs"}, -{"id": 1720, +{"id": 1725, "keyword": "mathematical text"}, -{"id": 1721, +{"id": 1726, "keyword": "absolute positiveness"}, -{"id": 1722, +{"id": 1727, "keyword": "cryptographic scheme crystals-kyber"}, -{"id": 1723, +{"id": 1728, "keyword": "number-theoretic foundations"}, -{"id": 1724, +{"id": 1729, "keyword": "negative resolution"}, -{"id": 1725, +{"id": 1730, "keyword": "differential game logic"}, -{"id": 1726, +{"id": 1731, "keyword": "reusable libraries"}, -{"id": 1727, +{"id": 1732, "keyword": "minimum weighted path length"}, -{"id": 1728, +{"id": 1733, "keyword": "analytic dirichlet series"}, -{"id": 1729, +{"id": 1734, "keyword": "completeness threshold"}, -{"id": 1730, +{"id": 1735, "keyword": "impact"}, -{"id": 1731, +{"id": 1736, "keyword": "gained experience"}, -{"id": 1732, +{"id": 1737, "keyword": "automated reasoning"}, -{"id": 1733, +{"id": 1738, "keyword": "positive real roots"}, -{"id": 1734, -"keyword": "update functions"}, -{"id": 1735, -"keyword": "ipv4 address allocation"}, -{"id": 1736, -"keyword": "reusable reasoning infrastructure"}, -{"id": 1737, -"keyword": "original motivation"}, -{"id": 1738, -"keyword": "underlying theorem"}, {"id": 1739, -"keyword": "tableau blocks"}, +"keyword": "update functions"}, {"id": 1740, -"keyword": "suffix"}, +"keyword": "ipv4 address allocation"}, {"id": 1741, -"keyword": "strong duality theorem"}, +"keyword": "reusable reasoning infrastructure"}, {"id": 1742, +"keyword": "original motivation"}, +{"id": 1743, +"keyword": "underlying theorem"}, +{"id": 1744, +"keyword": "tableau blocks"}, +{"id": 1745, +"keyword": "suffix"}, +{"id": 1746, +"keyword": "strong duality theorem"}, +{"id": 1747, "keyword": "subsequent formalisation"}, -{"id": 1743, +{"id": 1748, "keyword": "enumerative combinatorics"}, -{"id": 1744, -"keyword": "monad carries"}, -{"id": 1745, -"keyword": "concurrent programming"}, -{"id": 1746, -"keyword": "logic tla merz 1999"}, -{"id": 1747, -"keyword": "bisimulation variants"}, -{"id": 1748, -"keyword": "osc"}, {"id": 1749, -"keyword": "executable decision procedure"}, +"keyword": "monad carries"}, {"id": 1750, -"keyword": "parsing concept"}, +"keyword": "concurrent programming"}, {"id": 1751, -"keyword": "documents managed"}, +"keyword": "logic tla merz 1999"}, {"id": 1752, +"keyword": "bisimulation variants"}, +{"id": 1753, +"keyword": "osc"}, +{"id": 1754, +"keyword": "executable decision procedure"}, +{"id": 1755, +"keyword": "parsing concept"}, +{"id": 1756, +"keyword": "documents managed"}, +{"id": 1757, "keyword": "complex predicates"}, -{"id": 1753, +{"id": 1758, "keyword": "dual system relationships"}, -{"id": 1754, +{"id": 1759, "keyword": "study second-order formalisations"}, -{"id": 1755, +{"id": 1760, "keyword": "extended finite state machines"}, -{"id": 1756, +{"id": 1761, "keyword": "grammar based fuzzing"}, -{"id": 1757, +{"id": 1762, "keyword": "seligman-style tableau system"}, -{"id": 1758, +{"id": 1763, "keyword": "complete ipv4"}, -{"id": 1759, +{"id": 1764, "keyword": "first-order query evaluation"}, -{"id": 1760, +{"id": 1765, "keyword": "simple model"}, -{"id": 1761, +{"id": 1766, "keyword": "chandy--lamport algorithm"}, -{"id": 1762, +{"id": 1767, "keyword": "proof technology"}, -{"id": 1763, +{"id": 1768, "keyword": "turing machines"}, -{"id": 1764, -"keyword": "required induction rule"}, -{"id": 1765, -"keyword": "multivariate polynomials"}, -{"id": 1766, -"keyword": "main routing table"}, -{"id": 1767, -"keyword": "normalise monadic hol terms"}, -{"id": 1768, -"keyword": "executable instantiations"}, {"id": 1769, -"keyword": "design existence"}, +"keyword": "required induction rule"}, {"id": 1770, -"keyword": "32bit machine words"}, +"keyword": "multivariate polynomials"}, {"id": 1771, -"keyword": "lock synchronisation"}, +"keyword": "main routing table"}, {"id": 1772, +"keyword": "normalise monadic hol terms"}, +{"id": 1773, +"keyword": "executable instantiations"}, +{"id": 1774, +"keyword": "design existence"}, +{"id": 1775, +"keyword": "32bit machine words"}, +{"id": 1776, +"keyword": "lock synchronisation"}, +{"id": 1777, "keyword": "case distinction"}, -{"id": 1773, +{"id": 1778, "keyword": "advanced binding constructs"}, -{"id": 1774, +{"id": 1779, "keyword": "dynamic slicing"}, -{"id": 1775, +{"id": 1780, "keyword": "technical problems"}, -{"id": 1776, +{"id": 1781, "keyword": "additional properties related"}, -{"id": 1777, +{"id": 1782, "keyword": "technical university"}, -{"id": 1778, +{"id": 1783, "keyword": "security invariants"}, -{"id": 1779, +{"id": 1784, "keyword": "demonstrator semantic backend"}, -{"id": 1780, +{"id": 1785, "keyword": "tom ridge"}, -{"id": 1781, +{"id": 1786, "keyword": "real arithmetic"}, -{"id": 1782, +{"id": 1787, "keyword": "two-argument partition function"}, -{"id": 1783, +{"id": 1788, "keyword": "cade-27 paper"}, -{"id": 1784, -"keyword": "existing integration theory"}, -{"id": 1785, -"keyword": "defining variants"}, -{"id": 1786, -"keyword": "represent recursively enumerable sets"}, -{"id": 1787, -"keyword": "normalization equivalence"}, -{"id": 1788, -"keyword": "modified policy iteration"}, {"id": 1789, -"keyword": "set operations"}, +"keyword": "existing integration theory"}, {"id": 1790, -"keyword": "zf set theory"}, +"keyword": "defining variants"}, {"id": 1791, -"keyword": "robbins conjecture"}, +"keyword": "represent recursively enumerable sets"}, {"id": 1792, +"keyword": "normalization equivalence"}, +{"id": 1793, +"keyword": "modified policy iteration"}, +{"id": 1794, +"keyword": "set operations"}, +{"id": 1795, +"keyword": "zf set theory"}, +{"id": 1796, +"keyword": "robbins conjecture"}, +{"id": 1797, "keyword": "coalgebraic decision procedure"}, -{"id": 1793, +{"id": 1798, "keyword": "bit simpler"}, -{"id": 1794, -"keyword": "heterogeneous subsystems"}, -{"id": 1795, -"keyword": "semantic information directly embedded"}, -{"id": 1796, -"keyword": "guarantee safety"}, -{"id": 1797, -"keyword": "reimposing upper bounds"}, -{"id": 1798, -"keyword": "topological curiosity discovered"}, {"id": 1799, -"keyword": "central result"}, +"keyword": "heterogeneous subsystems"}, {"id": 1800, -"keyword": "numeric constants occurring"}, +"keyword": "semantic information directly embedded"}, {"id": 1801, -"keyword": "points constructible"}, +"keyword": "guarantee safety"}, {"id": 1802, -"keyword": "word numerals"}, +"keyword": "reimposing upper bounds"}, {"id": 1803, -"keyword": "verified approach"}, +"keyword": "topological curiosity discovered"}, {"id": 1804, -"keyword": "replacement theorem"}, +"keyword": "central result"}, {"id": 1805, +"keyword": "numeric constants occurring"}, +{"id": 1806, +"keyword": "points constructible"}, +{"id": 1807, +"keyword": "word numerals"}, +{"id": 1808, +"keyword": "verified approach"}, +{"id": 1809, +"keyword": "replacement theorem"}, +{"id": 1810, "keyword": "close connection"}, -{"id": 1806, +{"id": 1811, "keyword": "executable version"}, -{"id": 1807, +{"id": 1812, "keyword": "finitely supported"}, -{"id": 1808, +{"id": 1813, "keyword": "strong normalization"}, -{"id": 1809, +{"id": 1814, "keyword": "specific integer polynomial"}, -{"id": 1810, +{"id": 1815, "keyword": "metric space"}, -{"id": 1811, +{"id": 1816, "keyword": "optimised version"}, -{"id": 1812, +{"id": 1817, "keyword": "von zur gathen"}, -{"id": 1813, +{"id": 1818, "keyword": "similar level"}, -{"id": 1814, -"keyword": "refinement approach scales"}, -{"id": 1815, -"keyword": "explicitly represented"}, -{"id": 1816, -"keyword": "optimal stationary deterministic solution"}, -{"id": 1817, -"keyword": "semantic domain"}, -{"id": 1818, -"keyword": "computer algebra system maple"}, {"id": 1819, -"keyword": "sublists alternately extracted"}, +"keyword": "refinement approach scales"}, {"id": 1820, -"keyword": "cons"}, +"keyword": "explicitly represented"}, {"id": 1821, -"keyword": "congruence theorems"}, +"keyword": "optimal stationary deterministic solution"}, {"id": 1822, +"keyword": "semantic domain"}, +{"id": 1823, +"keyword": "computer algebra system maple"}, +{"id": 1824, +"keyword": "sublists alternately extracted"}, +{"id": 1825, +"keyword": "cons"}, +{"id": 1826, +"keyword": "congruence theorems"}, +{"id": 1827, "keyword": "wide variety"}, -{"id": 1823, +{"id": 1828, "keyword": "expected height"}, -{"id": 1824, -"keyword": "produce observable outputs"}, -{"id": 1825, -"keyword": "reduction theorem"}, -{"id": 1826, -"keyword": "self-contained certifier"}, -{"id": 1827, -"keyword": "book first-order logic"}, -{"id": 1828, -"keyword": "list update problem"}, {"id": 1829, -"keyword": "forthcoming paper"}, +"keyword": "produce observable outputs"}, {"id": 1830, -"keyword": "winding number measures"}, +"keyword": "reduction theorem"}, {"id": 1831, -"keyword": "important theorem"}, +"keyword": "self-contained certifier"}, {"id": 1832, +"keyword": "book first-order logic"}, +{"id": 1833, +"keyword": "list update problem"}, +{"id": 1834, +"keyword": "forthcoming paper"}, +{"id": 1835, +"keyword": "winding number measures"}, +{"id": 1836, +"keyword": "important theorem"}, +{"id": 1837, "keyword": "cartesian product"}, -{"id": 1833, +{"id": 1838, "keyword": "taylor series expansions"}, -{"id": 1834, -"keyword": "design choices underlying"}, -{"id": 1835, -"keyword": "constructive points"}, -{"id": 1836, -"keyword": "functional data structures"}, -{"id": 1837, -"keyword": "2nd international workshop"}, -{"id": 1838, -"keyword": "pages 20-34"}, {"id": 1839, -"keyword": "afp entry simple_firewall"}, +"keyword": "design choices underlying"}, {"id": 1840, -"keyword": "shadow root"}, +"keyword": "constructive points"}, {"id": 1841, -"keyword": "invariant factor decomposition"}, +"keyword": "functional data structures"}, {"id": 1842, -"keyword": "operational"}, +"keyword": "2nd international workshop"}, {"id": 1843, -"keyword": "restricted type"}, +"keyword": "pages 20-34"}, {"id": 1844, -"keyword": "org 10"}, +"keyword": "afp entry simple_firewall"}, {"id": 1845, +"keyword": "shadow root"}, +{"id": 1846, +"keyword": "invariant factor decomposition"}, +{"id": 1847, +"keyword": "operational"}, +{"id": 1848, +"keyword": "restricted type"}, +{"id": 1849, +"keyword": "org 10"}, +{"id": 1850, "keyword": "fully-automated approach"}, -{"id": 1846, +{"id": 1851, "keyword": "auxiliary labels"}, -{"id": 1847, +{"id": 1852, "keyword": "widely applicable"}, -{"id": 1848, +{"id": 1853, "keyword": "rich expression typing rules"}, -{"id": 1849, +{"id": 1854, "keyword": "metric first-order dynamic logic"}, -{"id": 1850, +{"id": 1855, "keyword": "specific conflict analysis algorithm"}, -{"id": 1851, +{"id": 1856, "keyword": "linear algebra"}, -{"id": 1852, +{"id": 1857, "keyword": "arbitrary uniform distributions"}, -{"id": 1853, +{"id": 1858, "keyword": "security violations"}, -{"id": 1854, -"keyword": "intersection type systems"}, -{"id": 1855, -"keyword": "state-of-the-art smt solvers"}, -{"id": 1856, -"keyword": "class-collection-based rts algorithms run"}, -{"id": 1857, -"keyword": "control flow"}, -{"id": 1858, -"keyword": "nominal2 package"}, {"id": 1859, -"keyword": "1 involving"}, +"keyword": "intersection type systems"}, {"id": 1860, -"keyword": "free groups"}, +"keyword": "state-of-the-art smt solvers"}, {"id": 1861, -"keyword": "actuarial mathematics"}, +"keyword": "class-collection-based rts algorithms run"}, {"id": 1862, -"keyword": "famous abc conjecture"}, +"keyword": "control flow"}, {"id": 1863, -"keyword": "myhill nerode theorem"}, +"keyword": "nominal2 package"}, {"id": 1864, -"keyword": "key result"}, +"keyword": "1 involving"}, {"id": 1865, +"keyword": "free groups"}, +{"id": 1866, +"keyword": "actuarial mathematics"}, +{"id": 1867, +"keyword": "famous abc conjecture"}, +{"id": 1868, +"keyword": "myhill nerode theorem"}, +{"id": 1869, +"keyword": "key result"}, +{"id": 1870, "keyword": "uniform substitution calculus"}, -{"id": 1866, +{"id": 1871, "keyword": "slightly modified"}, -{"id": 1867, +{"id": 1872, "keyword": "tetrahedral group"}, -{"id": 1868, +{"id": 1873, "keyword": "type class laws"}, -{"id": 1869, +{"id": 1874, "keyword": "greatest common divisor"}, -{"id": 1870, +{"id": 1875, "keyword": "automated reasoning framework"}, -{"id": 1871, +{"id": 1876, "keyword": "compiled tactic code"}, -{"id": 1872, +{"id": 1877, "keyword": "merkle functors"}, -{"id": 1873, +{"id": 1878, "keyword": "dirichlet products"}, -{"id": 1874, +{"id": 1879, "keyword": "import-expert format"}, -{"id": 1875, +{"id": 1880, "keyword": "group ring"}, -{"id": 1876, +{"id": 1881, "keyword": "efficient allocation"}, -{"id": 1877, +{"id": 1882, "keyword": "miller ndash"}, -{"id": 1878, +{"id": 1883, "keyword": "direct execution"}, -{"id": 1879, +{"id": 1884, "keyword": "important data structure"}, -{"id": 1880, +{"id": 1885, "keyword": "projective coordinates"}, -{"id": 1881, +{"id": 1886, "keyword": "hypergraph theory"}, -{"id": 1882, +{"id": 1887, "keyword": "perfect number theorem"}, -{"id": 1883, +{"id": 1888, "keyword": "semantic arguments"}, -{"id": 1884, +{"id": 1889, "keyword": "linear variable-separated rewrite systems"}, -{"id": 1885, -"keyword": "local lexing semantics"}, -{"id": 1886, -"keyword": "suffix comparability"}, -{"id": 1887, -"keyword": "shallow learning"}, -{"id": 1888, -"keyword": "normal form"}, -{"id": 1889, -"keyword": "stone relation algebras"}, {"id": 1890, -"keyword": "simulation relation"}, +"keyword": "local lexing semantics"}, {"id": 1891, -"keyword": "constant functions"}, +"keyword": "suffix comparability"}, {"id": 1892, -"keyword": "small predicate"}, +"keyword": "shallow learning"}, {"id": 1893, +"keyword": "normal form"}, +{"id": 1894, +"keyword": "stone relation algebras"}, +{"id": 1895, +"keyword": "simulation relation"}, +{"id": 1896, +"keyword": "fixed database"}, +{"id": 1897, +"keyword": "constant functions"}, +{"id": 1898, +"keyword": "small predicate"}, +{"id": 1899, "keyword": "riemann zeta function"}, -{"id": 1894, +{"id": 1900, "keyword": "jan kret nsk"}, -{"id": 1895, +{"id": 1901, "keyword": "complex vector spaces"}, -{"id": 1896, +{"id": 1902, "keyword": "ordinary generating function"}, -{"id": 1897, +{"id": 1903, "keyword": "incidence system isomorphisms"}, -{"id": 1898, +{"id": 1904, "keyword": "coefficients modulo"}, -{"id": 1899, +{"id": 1905, "keyword": "cardinality formulae"}, -{"id": 1900, +{"id": 1906, "keyword": "minor corrections"}, -{"id": 1901, +{"id": 1907, "keyword": "exceeds aleph_1"}, -{"id": 1902, +{"id": 1908, "keyword": "basic superposition calculus"}, -{"id": 1903, +{"id": 1909, "keyword": "projective geometry"}, -{"id": 1904, +{"id": 1910, "keyword": "imperative target language"}, -{"id": 1905, +{"id": 1911, "keyword": "automatically derive"}, -{"id": 1906, +{"id": 1912, "keyword": "afp entry implements"}, -{"id": 1907, +{"id": 1913, "keyword": "geometric folklore proof rigorous"}, -{"id": 1908, +{"id": 1914, "keyword": "transitive noninterference policies"}, -{"id": 1909, +{"id": 1915, "keyword": "structure proofs"}, -{"id": 1910, +{"id": 1916, "keyword": "arbitrary number"}, -{"id": 1911, +{"id": 1917, "keyword": "control-flow operators"}, -{"id": 1912, +{"id": 1918, "keyword": "powerset monad"}, -{"id": 1913, +{"id": 1919, "keyword": "distribute sequential composition"}, -{"id": 1914, +{"id": 1920, "keyword": "algebraic point"}, -{"id": 1915, +{"id": 1921, "keyword": "common base clock"}, -{"id": 1916, +{"id": 1922, "keyword": "lawrence paulson"}, -{"id": 1917, +{"id": 1923, "keyword": "dk andschl thesis"}, -{"id": 1918, +{"id": 1924, "keyword": "confidentiality guarantees"}, -{"id": 1919, +{"id": 1925, "keyword": "intensional higher-order modal logic"}, -{"id": 1920, +{"id": 1926, "keyword": "gromov hyperbolic spaces"}, -{"id": 1921, +{"id": 1927, "keyword": "experimental data suggests"}, -{"id": 1922, +{"id": 1928, "keyword": "control dependencies"}, -{"id": 1923, +{"id": 1929, "keyword": "multi-head paradigm"}, -{"id": 1924, -"keyword": "average-case cost"}, -{"id": 1925, -"keyword": "article collects formalisations"}, -{"id": 1926, -"keyword": "monitoring algorithm"}, -{"id": 1927, -"keyword": "logical approaches"}, -{"id": 1928, -"keyword": "strong ties"}, -{"id": 1929, -"keyword": "binary search tree operations"}, {"id": 1930, -"keyword": "private information"}, +"keyword": "average-case cost"}, {"id": 1931, -"keyword": "transition execution function"}, +"keyword": "article collects formalisations"}, {"id": 1932, -"keyword": "analyzed firewall mdash"}, +"keyword": "monitoring algorithm"}, {"id": 1933, +"keyword": "logical approaches"}, +{"id": 1934, +"keyword": "strong ties"}, +{"id": 1935, +"keyword": "binary search tree operations"}, +{"id": 1936, +"keyword": "private information"}, +{"id": 1937, +"keyword": "transition execution function"}, +{"id": 1938, +"keyword": "analyzed firewall mdash"}, +{"id": 1939, "keyword": "residue classes"}, -{"id": 1934, +{"id": 1940, "keyword": "final implementation"}, -{"id": 1935, +{"id": 1941, "keyword": "theory builds"}, -{"id": 1936, +{"id": 1942, "keyword": "pldi 2015 paper"}, -{"id": 1937, +{"id": 1943, "keyword": "carath odory"}, -{"id": 1938, +{"id": 1944, "keyword": "transitive closure"}, -{"id": 1939, +{"id": 1945, "keyword": "book dense sphere packings"}, -{"id": 1940, +{"id": 1946, "keyword": "planar systems"}, -{"id": 1941, +{"id": 1947, "keyword": "results hold"}, -{"id": 1942, +{"id": 1948, "keyword": "parser written"}, -{"id": 1943, +{"id": 1949, "keyword": "nature allowing"}, -{"id": 1944, -"keyword": "educational setting due"}, -{"id": 1945, -"keyword": "resolution rule"}, -{"id": 1946, -"keyword": "verification conditions generated"}, -{"id": 1947, -"keyword": "full extent"}, -{"id": 1948, -"keyword": "binary trees fredman"}, -{"id": 1949, -"keyword": "systems communication patterns"}, {"id": 1950, -"keyword": "handwritten reference implementations"}, +"keyword": "educational setting due"}, {"id": 1951, -"keyword": "interest distributed"}, +"keyword": "resolution rule"}, {"id": 1952, -"keyword": "metric first-order temporal logic"}, +"keyword": "verification conditions generated"}, {"id": 1953, -"keyword": "paraconsistent engineering"}, +"keyword": "full extent"}, {"id": 1954, -"keyword": "stone algebra"}, +"keyword": "binary trees fredman"}, {"id": 1955, -"keyword": "verify basic algorithms"}, +"keyword": "systems communication patterns"}, {"id": 1956, -"keyword": "dirichlet series"}, +"keyword": "handwritten reference implementations"}, {"id": 1957, -"keyword": "weak conjunction"}, +"keyword": "interest distributed"}, {"id": 1958, -"keyword": "desired subgraph"}, +"keyword": "metric first-order temporal logic"}, {"id": 1959, -"keyword": "hermitian matrix"}, +"keyword": "paraconsistent engineering"}, {"id": 1960, -"keyword": "hol nominal"}, +"keyword": "stone algebra"}, {"id": 1961, -"keyword": "set theory framework"}, +"keyword": "verify basic algorithms"}, {"id": 1962, -"keyword": "modeling application level protocols"}, +"keyword": "dirichlet series"}, {"id": 1963, -"keyword": "functions approximating"}, +"keyword": "weak conjunction"}, {"id": 1964, -"keyword": "domain-theoretic fixpoint operator"}, +"keyword": "desired subgraph"}, {"id": 1965, -"keyword": "amir hossein parvardi"}, +"keyword": "hermitian matrix"}, {"id": 1966, +"keyword": "hol nominal"}, +{"id": 1967, +"keyword": "set theory framework"}, +{"id": 1968, +"keyword": "afp entry eval_fo"}, +{"id": 1969, +"keyword": "modeling application level protocols"}, +{"id": 1970, +"keyword": "functions approximating"}, +{"id": 1971, +"keyword": "domain-theoretic fixpoint operator"}, +{"id": 1972, +"keyword": "amir hossein parvardi"}, +{"id": 1973, "keyword": "np-hard problem"}, -{"id": 1967, +{"id": 1974, "keyword": "trace based"}, -{"id": 1968, +{"id": 1975, "keyword": "digit expansions builds"}, -{"id": 1969, +{"id": 1976, "keyword": "correct 2-3 finger trees"}, -{"id": 1970, +{"id": 1977, "keyword": "sizeable family"}, -{"id": 1971, +{"id": 1978, "keyword": "optimal running time"}, -{"id": 1972, +{"id": 1979, "keyword": "emptiness check"}, -{"id": 1973, -"keyword": "ordinal exponentiation"}, -{"id": 1974, -"keyword": "first-order clauses"}, -{"id": 1975, -"keyword": "stiffness matrix"}, -{"id": 1976, -"keyword": "clause sets"}, -{"id": 1977, -"keyword": "georg kreisel"}, -{"id": 1978, -"keyword": "cartesian closed categories"}, -{"id": 1979, -"keyword": "executions produce sequences"}, {"id": 1980, -"keyword": "shifting intervals"}, +"keyword": "ordinal exponentiation"}, {"id": 1981, -"keyword": "write poof strategies"}, +"keyword": "first-order clauses"}, {"id": 1982, -"keyword": "approximating real roots"}, +"keyword": "stiffness matrix"}, {"id": 1983, -"keyword": "sequential imperative programming language"}, +"keyword": "clause sets"}, {"id": 1984, -"keyword": "models partial functions"}, +"keyword": "georg kreisel"}, {"id": 1985, -"keyword": "data dependencies"}, +"keyword": "cartesian closed categories"}, {"id": 1986, -"keyword": "distinctive feature"}, +"keyword": "executions produce sequences"}, {"id": 1987, -"keyword": "underlying transition system"}, +"keyword": "shifting intervals"}, {"id": 1988, -"keyword": "derive powerful induction rules"}, +"keyword": "write poof strategies"}, {"id": 1989, -"keyword": "fair prices"}, +"keyword": "approximating real roots"}, {"id": 1990, -"keyword": "eye color"}, +"keyword": "sequential imperative programming language"}, {"id": 1991, -"keyword": "polynomially bounded"}, +"keyword": "models partial functions"}, {"id": 1992, -"keyword": "contribution presents"}, +"keyword": "data dependencies"}, {"id": 1993, -"keyword": "computer-assisted interpretive method"}, +"keyword": "distinctive feature"}, {"id": 1994, -"keyword": "weak conjunction operator coincides"}, +"keyword": "underlying transition system"}, {"id": 1995, -"keyword": "maximum-flow minimal-cut theorem"}, +"keyword": "derive powerful induction rules"}, {"id": 1996, -"keyword": "negative diagonal entry"}, +"keyword": "fair prices"}, {"id": 1997, -"keyword": "relation composition"}, +"keyword": "eye color"}, {"id": 1998, -"keyword": "notions probabilistic noninterference"}, +"keyword": "polynomially bounded"}, {"id": 1999, -"keyword": "language processing"}, +"keyword": "contribution presents"}, {"id": 2000, -"keyword": "crypthol library crypthol"}, +"keyword": "computer-assisted interpretive method"}, {"id": 2001, -"keyword": "multiplicative subset"}, +"keyword": "weak conjunction operator coincides"}, {"id": 2002, -"keyword": "proof outlines"}, +"keyword": "maximum-flow minimal-cut theorem"}, {"id": 2003, -"keyword": "top 100 theorems list"}, +"keyword": "negative diagonal entry"}, {"id": 2004, -"keyword": "banach space"}, +"keyword": "relation composition"}, {"id": 2005, -"keyword": "so-called desargues"}, +"keyword": "notions probabilistic noninterference"}, {"id": 2006, +"keyword": "language processing"}, +{"id": 2007, +"keyword": "crypthol library crypthol"}, +{"id": 2008, +"keyword": "multiplicative subset"}, +{"id": 2009, +"keyword": "proof outlines"}, +{"id": 2010, +"keyword": "top 100 theorems list"}, +{"id": 2011, +"keyword": "banach space"}, +{"id": 2012, +"keyword": "so-called desargues"}, +{"id": 2013, "keyword": "current version"}, -{"id": 2007, +{"id": 2014, "keyword": "a-priori detect"}, -{"id": 2008, +{"id": 2015, "keyword": "periodic arithmetic functions"}, -{"id": 2009, +{"id": 2016, "keyword": "infinite ramsey theorem"}, -{"id": 2010, +{"id": 2017, "keyword": "registering applicative functors"}, -{"id": 2011, +{"id": 2018, "keyword": "future combinations"}, -{"id": 2012, +{"id": 2019, "keyword": "mutable references"}, -{"id": 2013, -"keyword": "isosceles triangle theorem"}, -{"id": 2014, -"keyword": "big step semantics"}, -{"id": 2015, -"keyword": "sequential consistency"}, -{"id": 2016, -"keyword": "strict partial orders"}, -{"id": 2017, -"keyword": "45th theorem"}, -{"id": 2018, -"keyword": "html documents"}, -{"id": 2019, -"keyword": "abelian group"}, {"id": 2020, -"keyword": "volpano smith system"}, +"keyword": "isosceles triangle theorem"}, {"id": 2021, -"keyword": "faug egrave"}, +"keyword": "big step semantics"}, {"id": 2022, -"keyword": "formalisation accompanies"}, +"keyword": "sequential consistency"}, {"id": 2023, -"keyword": "asymptotic approximation"}, +"keyword": "strict partial orders"}, {"id": 2024, -"keyword": "offers low-latency data-"}, +"keyword": "45th theorem"}, {"id": 2025, -"keyword": "specific parameterization"}, +"keyword": "html documents"}, {"id": 2026, +"keyword": "abelian group"}, +{"id": 2027, +"keyword": "volpano smith system"}, +{"id": 2028, +"keyword": "faug egrave"}, +{"id": 2029, +"keyword": "formalisation accompanies"}, +{"id": 2030, +"keyword": "asymptotic approximation"}, +{"id": 2031, +"keyword": "offers low-latency data-"}, +{"id": 2032, +"keyword": "specific parameterization"}, +{"id": 2033, "keyword": "kleene algebra"}, -{"id": 2027, +{"id": 2034, "keyword": "time frames"}, -{"id": 2028, +{"id": 2035, "keyword": "bnfccs preserve quotients"}, -{"id": 2029, +{"id": 2036, "keyword": "prover implementing"}, -{"id": 2030, +{"id": 2037, "keyword": "partial networks"}, -{"id": 2031, +{"id": 2038, "keyword": "functor category"}, -{"id": 2032, +{"id": 2039, "keyword": "nora szasz"}, -{"id": 2033, +{"id": 2040, "keyword": "stephanie bell"}, -{"id": 2034, +{"id": 2041, "keyword": "austrian science fund"}, -{"id": 2035, +{"id": 2042, "keyword": "denies access"}, -{"id": 2036, +{"id": 2043, "keyword": "effective mutual authentication service"}, -{"id": 2037, +{"id": 2044, "keyword": "finite length"}, -{"id": 2038, +{"id": 2045, "keyword": "monic irreducible polynomials"}, -{"id": 2039, +{"id": 2046, "keyword": "boolean matrices"}, -{"id": 2040, +{"id": 2047, "keyword": "normalises monadic expressions"}, -{"id": 2041, +{"id": 2048, "keyword": "verification conditions"}, -{"id": 2042, +{"id": 2049, "keyword": "allowed accesses"}, -{"id": 2043, +{"id": 2050, "keyword": "large class"}, -{"id": 2044, +{"id": 2051, "keyword": "concerns infinite sets"}, -{"id": 2045, +{"id": 2052, "keyword": "simple formalization covering"}, -{"id": 2046, +{"id": 2053, "keyword": "precise effect"}, -{"id": 2047, +{"id": 2054, "keyword": "semantic resolution"}, -{"id": 2048, +{"id": 2055, "keyword": "multiplication syntactically"}, -{"id": 2049, +{"id": 2056, "keyword": "publisher component"}, -{"id": 2050, +{"id": 2057, "keyword": "verified checker past"}, -{"id": 2051, +{"id": 2058, "keyword": "checks strong security"}, -{"id": 2052, +{"id": 2059, "keyword": "real polynomial"}, -{"id": 2053, +{"id": 2060, "keyword": "real normed division algebras"}, -{"id": 2054, -"keyword": "derives equality theorems"}, -{"id": 2055, -"keyword": "interest rate"}, -{"id": 2056, -"keyword": "book linear algebra"}, -{"id": 2057, -"keyword": "exponential generating function"}, -{"id": 2058, -"keyword": "function checking"}, -{"id": 2059, -"keyword": "refinement framework"}, -{"id": 2060, -"keyword": "slide operation"}, {"id": 2061, -"keyword": "morris-pratt string matching algorithm"}, +"keyword": "derives equality theorems"}, {"id": 2062, -"keyword": "infinite execution"}, +"keyword": "interest rate"}, {"id": 2063, -"keyword": "early version"}, +"keyword": "book linear algebra"}, {"id": 2064, -"keyword": "independent interest"}, +"keyword": "exponential generating function"}, {"id": 2065, -"keyword": "simple interactive proof assistant"}, +"keyword": "function checking"}, {"id": 2066, -"keyword": "construction theorem"}, +"keyword": "refinement framework"}, {"id": 2067, -"keyword": "object logic chaudhuri"}, +"keyword": "slide operation"}, {"id": 2068, -"keyword": "formulas assuming"}, +"keyword": "morris-pratt string matching algorithm"}, {"id": 2069, -"keyword": "unrestricted resolution rule"}, +"keyword": "infinite execution"}, {"id": 2070, -"keyword": "easy reuse"}, +"keyword": "early version"}, {"id": 2071, -"keyword": "lift_definition command"}, +"keyword": "independent interest"}, {"id": 2072, -"keyword": "paul erd"}, +"keyword": "simple interactive proof assistant"}, {"id": 2073, -"keyword": "separation logic utilities"}, +"keyword": "construction theorem"}, {"id": 2074, +"keyword": "object logic chaudhuri"}, +{"id": 2075, +"keyword": "formulas assuming"}, +{"id": 2076, +"keyword": "unrestricted resolution rule"}, +{"id": 2077, +"keyword": "easy reuse"}, +{"id": 2078, +"keyword": "lift_definition command"}, +{"id": 2079, +"keyword": "paul erd"}, +{"id": 2080, +"keyword": "separation logic utilities"}, +{"id": 2081, "keyword": "formal semantics builds"}, -{"id": 2075, +{"id": 2082, "keyword": "inference rules"}, -{"id": 2076, +{"id": 2083, "keyword": "complex arguments"}, -{"id": 2077, +{"id": 2084, "keyword": "runge-kutta methods"}, -{"id": 2078, +{"id": 2085, "keyword": "satisfying tuples"}, -{"id": 2079, +{"id": 2086, "keyword": "hahn decomposition theorem"}, -{"id": 2080, +{"id": 2087, "keyword": "compute asymptotic expansions"}, -{"id": 2081, +{"id": 2088, "keyword": "snyder found"}, -{"id": 2082, +{"id": 2089, "keyword": "so-called hessenberg"}, -{"id": 2083, +{"id": 2090, "keyword": "refutational theorem proving"}, -{"id": 2084, -"keyword": "additional assumptions needed"}, -{"id": 2085, -"keyword": "separating conjunction"}, -{"id": 2086, -"keyword": "domain-theoretic semantics"}, -{"id": 2087, -"keyword": "weak law"}, -{"id": 2088, -"keyword": "monadified version"}, -{"id": 2089, -"keyword": "state-of-the-art sat-based planner"}, -{"id": 2090, -"keyword": "approach supports reachability goals"}, {"id": 2091, -"keyword": "residuation operation"}, +"keyword": "additional assumptions needed"}, {"id": 2092, -"keyword": "formal proof technology"}, +"keyword": "separating conjunction"}, {"id": 2093, -"keyword": "missing gaps"}, +"keyword": "domain-theoretic semantics"}, {"id": 2094, +"keyword": "weak law"}, +{"id": 2095, +"keyword": "monadified version"}, +{"id": 2096, +"keyword": "state-of-the-art sat-based planner"}, +{"id": 2097, +"keyword": "approach supports reachability goals"}, +{"id": 2098, +"keyword": "residuation operation"}, +{"id": 2099, +"keyword": "formal proof technology"}, +{"id": 2100, +"keyword": "missing gaps"}, +{"id": 2101, "keyword": "prime number rdquo"}, -{"id": 2095, +{"id": 2102, "keyword": "simpler sigma-calculus based"}, -{"id": 2096, +{"id": 2103, "keyword": "maintain hidden state"}, -{"id": 2097, +{"id": 2104, "keyword": "statement applies"}, -{"id": 2098, +{"id": 2105, "keyword": "intraprocedural proof"}, -{"id": 2099, +{"id": 2106, "keyword": "interesting property"}, -{"id": 2100, +{"id": 2107, "keyword": "formal semantics complies"}, -{"id": 2101, +{"id": 2108, "keyword": "independent families"}, -{"id": 2102, +{"id": 2109, "keyword": "greatest fixed points"}, -{"id": 2103, +{"id": 2110, "keyword": "debugging purposes"}, -{"id": 2104, -"keyword": "exact nature"}, -{"id": 2105, -"keyword": "separator smaller"}, -{"id": 2106, -"keyword": "linear inequalities"}, -{"id": 2107, -"keyword": "difference vector"}, -{"id": 2108, -"keyword": "compositional approach"}, -{"id": 2109, -"keyword": "safely composable dom"}, -{"id": 2110, -"keyword": "sml parser"}, {"id": 2111, -"keyword": "treated implicitly"}, +"keyword": "exact nature"}, {"id": 2112, -"keyword": "full bridge rule"}, +"keyword": "separator smaller"}, {"id": 2113, -"keyword": "asymptotic bounds"}, +"keyword": "linear inequalities"}, {"id": 2114, -"keyword": "compiler correctness proof"}, +"keyword": "difference vector"}, {"id": 2115, -"keyword": "growth rates"}, +"keyword": "compositional approach"}, {"id": 2116, -"keyword": "second-order logic"}, +"keyword": "safely composable dom"}, {"id": 2117, -"keyword": "imperative programs"}, +"keyword": "sml parser"}, {"id": 2118, -"keyword": "call merkle functors"}, +"keyword": "treated implicitly"}, {"id": 2119, -"keyword": "printing case expressions"}, +"keyword": "full bridge rule"}, {"id": 2120, -"keyword": "homological argument"}, +"keyword": "asymptotic bounds"}, {"id": 2121, -"keyword": "partial correctness setting"}, +"keyword": "compiler correctness proof"}, {"id": 2122, -"keyword": "fundamental binary operations allowing"}, +"keyword": "growth rates"}, {"id": 2123, -"keyword": "mid 80s"}, +"keyword": "second-order logic"}, {"id": 2124, -"keyword": "main theorem relates"}, +"keyword": "imperative programs"}, {"id": 2125, -"keyword": "arctic semirings satisfy"}, +"keyword": "call merkle functors"}, {"id": 2126, -"keyword": "covering directed"}, +"keyword": "printing case expressions"}, {"id": 2127, +"keyword": "homological argument"}, +{"id": 2128, +"keyword": "partial correctness setting"}, +{"id": 2129, +"keyword": "fundamental binary operations allowing"}, +{"id": 2130, +"keyword": "mid 80s"}, +{"id": 2131, +"keyword": "main theorem relates"}, +{"id": 2132, +"keyword": "arctic semirings satisfy"}, +{"id": 2133, +"keyword": "covering directed"}, +{"id": 2134, "keyword": "abstract interface"}, -{"id": 2128, +{"id": 2135, "keyword": "existing solutions"}, -{"id": 2129, +{"id": 2136, "keyword": "group theory results"}, -{"id": 2130, +{"id": 2137, "keyword": "network security mechanisms"}, -{"id": 2131, +{"id": 2138, "keyword": "text"}, -{"id": 2132, +{"id": 2139, "keyword": "ordinary assertional reasoning"}, -{"id": 2133, +{"id": 2140, "keyword": "operational correspondence"}, -{"id": 2134, -"keyword": "standard boolean algebra operations"}, -{"id": 2135, -"keyword": "haskell"}, -{"id": 2136, -"keyword": "precisely compute roots"}, -{"id": 2137, -"keyword": "nondeterministic programs"}, -{"id": 2138, -"keyword": "verified monitor"}, -{"id": 2139, -"keyword": "data-type declarations"}, -{"id": 2140, -"keyword": "function elts"}, {"id": 2141, -"keyword": "flyspeck project"}, +"keyword": "standard boolean algebra operations"}, {"id": 2142, -"keyword": "classic unsolved problems"}, +"keyword": "haskell"}, {"id": 2143, -"keyword": "amicable numbers"}, +"keyword": "precisely compute roots"}, {"id": 2144, -"keyword": "order-theoretic concepts"}, +"keyword": "nondeterministic programs"}, {"id": 2145, -"keyword": "set theory"}, +"keyword": "verified monitor"}, {"id": 2146, -"keyword": "total correctness"}, +"keyword": "data-type declarations"}, {"id": 2147, -"keyword": "basic properties"}, +"keyword": "function elts"}, {"id": 2148, -"keyword": "special issue"}, +"keyword": "flyspeck project"}, {"id": 2149, -"keyword": "list type"}, +"keyword": "classic unsolved problems"}, {"id": 2150, -"keyword": "efficient proof checking"}, +"keyword": "amicable numbers"}, {"id": 2151, -"keyword": "peter lammich"}, +"keyword": "order-theoretic concepts"}, {"id": 2152, -"keyword": "black-box traces"}, +"keyword": "set theory"}, {"id": 2153, -"keyword": "code generation feature"}, +"keyword": "total correctness"}, {"id": 2154, -"keyword": "randall munroe"}, +"keyword": "basic properties"}, {"id": 2155, -"keyword": "meeting point"}, +"keyword": "special issue"}, {"id": 2156, -"keyword": "rational root test"}, +"keyword": "list type"}, {"id": 2157, -"keyword": "cyk decides"}, +"keyword": "efficient proof checking"}, {"id": 2158, -"keyword": "algebraic manipulations"}, +"keyword": "peter lammich"}, {"id": 2159, -"keyword": "generic types"}, +"keyword": "black-box traces"}, {"id": 2160, -"keyword": "tour revisited"}, +"keyword": "code generation feature"}, {"id": 2161, -"keyword": "formally verify gauss-seidel"}, +"keyword": "randall munroe"}, {"id": 2162, -"keyword": "simple verified token"}, +"keyword": "meeting point"}, {"id": 2163, -"keyword": "insertion sort"}, +"keyword": "rational root test"}, {"id": 2164, -"keyword": "transfinite cardinalities"}, +"keyword": "cyk decides"}, {"id": 2165, -"keyword": "travel faster"}, +"keyword": "algebraic manipulations"}, {"id": 2166, -"keyword": "greater detail"}, +"keyword": "generic types"}, {"id": 2167, +"keyword": "tour revisited"}, +{"id": 2168, +"keyword": "formally verify gauss-seidel"}, +{"id": 2169, +"keyword": "simple verified token"}, +{"id": 2170, +"keyword": "insertion sort"}, +{"id": 2171, +"keyword": "transfinite cardinalities"}, +{"id": 2172, +"keyword": "travel faster"}, +{"id": 2173, +"keyword": "greater detail"}, +{"id": 2174, "keyword": "partial data structures"}, -{"id": 2168, +{"id": 2175, "keyword": "formalising t-designs"}, -{"id": 2169, +{"id": 2176, "keyword": "strictness theorem"}, -{"id": 2170, +{"id": 2177, "keyword": "alternative interface"}, -{"id": 2171, +{"id": 2178, "keyword": "maximum flow"}, -{"id": 2172, +{"id": 2179, "keyword": "hamiltonian path problem"}, -{"id": 2173, +{"id": 2180, "keyword": "ltl yielding"}, -{"id": 2174, -"keyword": "recurrence equations"}, -{"id": 2175, -"keyword": "additional effort"}, -{"id": 2176, -"keyword": "formally verified quantifier elimination"}, -{"id": 2177, -"keyword": "weak simulation"}, -{"id": 2178, -"keyword": "maximum reachability probabilities"}, -{"id": 2179, -"keyword": "complex polynomials"}, -{"id": 2180, -"keyword": "discrete instants"}, {"id": 2181, -"keyword": "higher edge probability"}, +"keyword": "recurrence equations"}, {"id": 2182, -"keyword": "key cards"}, +"keyword": "additional effort"}, {"id": 2183, -"keyword": "representation function"}, +"keyword": "formally verified quantifier elimination"}, {"id": 2184, -"keyword": "inequality involving expectations"}, +"keyword": "weak simulation"}, {"id": 2185, -"keyword": "theorem statement"}, +"keyword": "maximum reachability probabilities"}, {"id": 2186, -"keyword": "simpler operations"}, +"keyword": "complex polynomials"}, {"id": 2187, +"keyword": "discrete instants"}, +{"id": 2188, +"keyword": "higher edge probability"}, +{"id": 2189, +"keyword": "key cards"}, +{"id": 2190, +"keyword": "representation function"}, +{"id": 2191, +"keyword": "inequality involving expectations"}, +{"id": 2192, +"keyword": "theorem statement"}, +{"id": 2193, +"keyword": "simpler operations"}, +{"id": 2194, "keyword": "summation bounds grow"}, -{"id": 2188, +{"id": 2195, "keyword": "framed links"}, -{"id": 2189, +{"id": 2196, "keyword": "ample set condition"}, -{"id": 2190, +{"id": 2197, "keyword": "violate sortedness"}, -{"id": 2191, +{"id": 2198, "keyword": "directly implies"}, -{"id": 2192, +{"id": 2199, "keyword": "accommodating arbitrary nominal datatypes"}, -{"id": 2193, +{"id": 2200, "keyword": "number-theoretic functions"}, -{"id": 2194, +{"id": 2201, "keyword": "to-string functions"}, -{"id": 2195, +{"id": 2202, "keyword": "states common definitions"}, -{"id": 2196, +{"id": 2203, "keyword": "constructive cryptography proofs"}, -{"id": 2197, +{"id": 2204, "keyword": "abstract perspective enables"}, -{"id": 2198, +{"id": 2205, "keyword": "cosmed social media platform"}, -{"id": 2199, +{"id": 2206, "keyword": "splitting compilation"}, -{"id": 2200, +{"id": 2207, "keyword": "well-ordered type"}, -{"id": 2201, +{"id": 2208, "keyword": "language features monadic sequencing"}, -{"id": 2202, +{"id": 2209, "keyword": "conflict-free replicated datatype"}, -{"id": 2203, +{"id": 2210, "keyword": "verified compiler"}, -{"id": 2204, +{"id": 2211, "keyword": "rts definition mandates safety"}, -{"id": 2205, +{"id": 2212, "keyword": "abstract formalization"}, -{"id": 2206, +{"id": 2213, "keyword": "works based"}, -{"id": 2207, +{"id": 2214, "keyword": "uniform substitution principle"}, -{"id": 2208, +{"id": 2215, "keyword": "infinite domain"}, -{"id": 2209, +{"id": 2216, "keyword": "full classification"}, -{"id": 2210, +{"id": 2217, "keyword": "identify undesired information leaks"}, -{"id": 2211, +{"id": 2218, "keyword": "building correct programs working"}, -{"id": 2212, +{"id": 2219, "keyword": "working backwards"}, -{"id": 2213, +{"id": 2220, "keyword": "functorial operations"}, -{"id": 2214, +{"id": 2221, "keyword": "intuitive desired security policy"}, -{"id": 2215, -"keyword": "org abs 1609"}, -{"id": 2216, -"keyword": "sum type"}, -{"id": 2217, -"keyword": "epistemic logic"}, -{"id": 2218, -"keyword": "sending end host selects"}, -{"id": 2219, -"keyword": "hybrid programs"}, -{"id": 2220, -"keyword": "statement"}, -{"id": 2221, -"keyword": "academic partners"}, {"id": 2222, -"keyword": "similar systems"}, +"keyword": "org abs 1609"}, {"id": 2223, -"keyword": "efficient priority search trees"}, +"keyword": "sum type"}, {"id": 2224, -"keyword": "pattern matching"}, +"keyword": "epistemic logic"}, {"id": 2225, -"keyword": "author x27"}, +"keyword": "sending end host selects"}, {"id": 2226, -"keyword": "direct adequacy proof"}, +"keyword": "hybrid programs"}, {"id": 2227, -"keyword": "lucas ndash"}, +"keyword": "statement"}, {"id": 2228, -"keyword": "original parallel postulate"}, +"keyword": "academic partners"}, {"id": 2229, -"keyword": "polynomial"}, +"keyword": "similar systems"}, {"id": 2230, -"keyword": "article"}, +"keyword": "efficient priority search trees"}, {"id": 2231, -"keyword": "outstanding work"}, +"keyword": "pattern matching"}, {"id": 2232, -"keyword": "transfinite recursion"}, +"keyword": "author x27"}, {"id": 2233, -"keyword": "previously replaced term"}, +"keyword": "direct adequacy proof"}, {"id": 2234, -"keyword": "fully verified"}, +"keyword": "lucas ndash"}, {"id": 2235, -"keyword": "running time"}, +"keyword": "original parallel postulate"}, {"id": 2236, -"keyword": "gou zel"}, +"keyword": "polynomial"}, {"id": 2237, -"keyword": "program execution"}, +"keyword": "article"}, {"id": 2238, -"keyword": "entire input sequence"}, +"keyword": "outstanding work"}, {"id": 2239, -"keyword": "standard textbook proof"}, +"keyword": "transfinite recursion"}, {"id": 2240, -"keyword": "computation based"}, +"keyword": "previously replaced term"}, {"id": 2241, -"keyword": "hol set"}, +"keyword": "fully verified"}, {"id": 2242, -"keyword": "surprise hanging"}, +"keyword": "running time"}, {"id": 2243, -"keyword": "efsms execute traces"}, +"keyword": "gou zel"}, {"id": 2244, -"keyword": "display algebraic numbers"}, +"keyword": "program execution"}, {"id": 2245, -"keyword": "constant predicates stated"}, +"keyword": "entire input sequence"}, {"id": 2246, -"keyword": "mutually inverse"}, +"keyword": "standard textbook proof"}, {"id": 2247, -"keyword": "automotive-gateway system"}, +"keyword": "computation based"}, {"id": 2248, +"keyword": "hol set"}, +{"id": 2249, +"keyword": "surprise hanging"}, +{"id": 2250, +"keyword": "efsms execute traces"}, +{"id": 2251, +"keyword": "display algebraic numbers"}, +{"id": 2252, +"keyword": "constant predicates stated"}, +{"id": 2253, +"keyword": "mutually inverse"}, +{"id": 2254, +"keyword": "automotive-gateway system"}, +{"id": 2255, "keyword": "type constructor representing"}, -{"id": 2249, +{"id": 2256, "keyword": "afp entry complex geometry"}, -{"id": 2250, +{"id": 2257, "keyword": "lists representation"}, -{"id": 2251, +{"id": 2258, "keyword": "state-based non-deterministic sequential computations"}, -{"id": 2252, +{"id": 2259, "keyword": "complete basis"}, -{"id": 2253, +{"id": 2260, "keyword": "existing package algorithms"}, -{"id": 2254, +{"id": 2261, "keyword": "target concurrent operating systems"}, -{"id": 2255, -"keyword": "butterfly scheme"}, -{"id": 2256, -"keyword": "classical church-rosser theorem"}, -{"id": 2257, -"keyword": "polychronous systems"}, -{"id": 2258, -"keyword": "certified declarative first-order prover"}, -{"id": 2259, -"keyword": "commuting conversion rule"}, -{"id": 2260, -"keyword": "parity wallet bug"}, -{"id": 2261, -"keyword": "tame plane graphs"}, {"id": 2262, -"keyword": "stream processing functions"}, +"keyword": "butterfly scheme"}, {"id": 2263, -"keyword": "rely guarantee reasoning"}, +"keyword": "classical church-rosser theorem"}, {"id": 2264, -"keyword": "haskell library"}, +"keyword": "polychronous systems"}, {"id": 2265, -"keyword": "13 binary relations"}, +"keyword": "certified declarative first-order prover"}, {"id": 2266, -"keyword": "expressing security properties"}, +"keyword": "commuting conversion rule"}, {"id": 2267, -"keyword": "encoding"}, +"keyword": "parity wallet bug"}, {"id": 2268, +"keyword": "tame plane graphs"}, +{"id": 2269, +"keyword": "stream processing functions"}, +{"id": 2270, +"keyword": "rely guarantee reasoning"}, +{"id": 2271, +"keyword": "haskell library"}, +{"id": 2272, +"keyword": "13 binary relations"}, +{"id": 2273, +"keyword": "expressing security properties"}, +{"id": 2274, +"keyword": "encoding"}, +{"id": 2275, "keyword": "side product"}, -{"id": 2269, +{"id": 2276, "keyword": "restricted identification"}, -{"id": 2270, +{"id": 2277, "keyword": "order logic"}, -{"id": 2271, +{"id": 2278, "keyword": "type checking phase"}, -{"id": 2272, +{"id": 2279, "keyword": "natural transformations"}, -{"id": 2273, +{"id": 2280, "keyword": "related concepts"}, -{"id": 2274, +{"id": 2281, "keyword": "labelled directed graphs"}, -{"id": 2275, +{"id": 2282, "keyword": "implementation runs"}, -{"id": 2276, +{"id": 2283, "keyword": "proofs correct incompletenesses"}, -{"id": 2277, +{"id": 2284, "keyword": "existing replication algorithm satisfies"}, -{"id": 2278, +{"id": 2285, "keyword": "algorithm top-"}, -{"id": 2279, +{"id": 2286, "keyword": "x_1"}, -{"id": 2280, +{"id": 2287, "keyword": "complete networks"}, -{"id": 2281, +{"id": 2288, "keyword": "multiplicative constants"}, -{"id": 2282, +{"id": 2289, "keyword": "sifum_type_systems afp entry"}, -{"id": 2283, +{"id": 2290, "keyword": "tail-recursive implementation"}, -{"id": 2284, +{"id": 2291, "keyword": "usable framework"}, -{"id": 2285, +{"id": 2292, "keyword": "source coding theorem"}, -{"id": 2286, -"keyword": "von wright"}, -{"id": 2287, -"keyword": "paper formalising fisher"}, -{"id": 2288, -"keyword": "modular assembly kit"}, -{"id": 2289, -"keyword": "web community"}, -{"id": 2290, -"keyword": "unrelated times"}, -{"id": 2291, -"keyword": "stepwise manner"}, -{"id": 2292, -"keyword": "semantic type soundness"}, {"id": 2293, -"keyword": "linear algebraic techniques"}, +"keyword": "von wright"}, {"id": 2294, -"keyword": "hoare logic"}, +"keyword": "paper formalising fisher"}, {"id": 2295, -"keyword": "multithreaded case"}, +"keyword": "modular assembly kit"}, {"id": 2296, +"keyword": "web community"}, +{"id": 2297, +"keyword": "unrelated times"}, +{"id": 2298, +"keyword": "stepwise manner"}, +{"id": 2299, +"keyword": "semantic type soundness"}, +{"id": 2300, +"keyword": "linear algebraic techniques"}, +{"id": 2301, +"keyword": "hoare logic"}, +{"id": 2302, +"keyword": "multithreaded case"}, +{"id": 2303, "keyword": "hintikka set"}, -{"id": 2297, +{"id": 2304, "keyword": "derive class instances"}, -{"id": 2298, +{"id": 2305, "keyword": "efficiently computed"}, -{"id": 2299, +{"id": 2306, "keyword": "a_n leq tfrac 1"}, -{"id": 2300, +{"id": 2307, "keyword": "polynomial interpolation"}, -{"id": 2301, +{"id": 2308, "keyword": "fully automated"}, -{"id": 2302, +{"id": 2309, "keyword": "concrete function"}, -{"id": 2303, +{"id": 2310, "keyword": "pragmatic reasons"}, -{"id": 2304, +{"id": 2311, "keyword": "polytimed systems"}, -{"id": 2305, +{"id": 2312, "keyword": "executable program"}, -{"id": 2306, +{"id": 2313, "keyword": "pythagoras law"}, -{"id": 2307, +{"id": 2314, "keyword": "type safety proof"}, -{"id": 2308, +{"id": 2315, "keyword": "verifying security policies"}, -{"id": 2309, +{"id": 2316, "keyword": "floating-point modulo function"}, -{"id": 2310, +{"id": 2317, "keyword": "chomsky normal form"}, -{"id": 2311, +{"id": 2318, "keyword": "effectively harness theorem provers"}, -{"id": 2312, +{"id": 2319, "keyword": "data structure"}, -{"id": 2313, +{"id": 2320, "keyword": "command"}, -{"id": 2314, +{"id": 2321, "keyword": "total"}, -{"id": 2315, +{"id": 2322, "keyword": "positional determinacy"}, -{"id": 2316, +{"id": 2323, "keyword": "separable characters induced moduli"}, -{"id": 2317, +{"id": 2324, "keyword": "inductive predicates"}, -{"id": 2318, +{"id": 2325, "keyword": "verification back-ends"}, -{"id": 2319, +{"id": 2326, "keyword": "jordan_normal_form afp entry"}, -{"id": 2320, +{"id": 2327, "keyword": "all-pairs shortest path problem"}, -{"id": 2321, +{"id": 2328, "keyword": "full asymptotic expansion"}, -{"id": 2322, +{"id": 2329, "keyword": "lens class"}, -{"id": 2323, +{"id": 2330, "keyword": "parameterised process architectures"}, -{"id": 2324, +{"id": 2331, "keyword": "shallow embedding manner"}, -{"id": 2325, +{"id": 2332, "keyword": "rapidly growing literature"}, -{"id": 2326, -"keyword": "input processes"}, -{"id": 2327, -"keyword": "recurrence relation"}, -{"id": 2328, -"keyword": "modern multiprocessors depend"}, -{"id": 2329, -"keyword": "input simultaneously"}, -{"id": 2330, -"keyword": "propositional fragment"}, -{"id": 2331, -"keyword": "coinductive lists"}, -{"id": 2332, -"keyword": "number theoretic result"}, {"id": 2333, -"keyword": "refutational completeness"}, +"keyword": "input processes"}, {"id": 2334, -"keyword": "secure process"}, +"keyword": "recurrence relation"}, {"id": 2335, -"keyword": "measure preserving transformations"}, +"keyword": "modern multiprocessors depend"}, {"id": 2336, +"keyword": "input simultaneously"}, +{"id": 2337, +"keyword": "safe-range query"}, +{"id": 2338, +"keyword": "propositional fragment"}, +{"id": 2339, +"keyword": "coinductive lists"}, +{"id": 2340, +"keyword": "number theoretic result"}, +{"id": 2341, +"keyword": "refutational completeness"}, +{"id": 2342, +"keyword": "secure process"}, +{"id": 2343, +"keyword": "measure preserving transformations"}, +{"id": 2344, "keyword": "efficient executable code"}, -{"id": 2337, +{"id": 2345, "keyword": "java language architecture"}, -{"id": 2338, +{"id": 2346, "keyword": "normal subgroups"}, -{"id": 2339, +{"id": 2347, "keyword": "internal equivalences"}, -{"id": 2340, +{"id": 2348, "keyword": "extensible minimal imperative fragment"}, -{"id": 2341, +{"id": 2349, "keyword": "leitsch lei97"}, -{"id": 2342, +{"id": 2350, "keyword": "conditional expressions"}, -{"id": 2343, +{"id": 2351, "keyword": "definitional embedding"}, -{"id": 2344, +{"id": 2352, "keyword": "constructing sturm sequences efficiently"}, -{"id": 2345, -"keyword": "finite fourier series"}, -{"id": 2346, -"keyword": "fixed access frequencies"}, -{"id": 2347, -"keyword": "hol-multivariate-analysis session"}, -{"id": 2348, -"keyword": "locale assumptions"}, -{"id": 2349, -"keyword": "concrete file represented"}, -{"id": 2350, -"keyword": "polynomial time"}, -{"id": 2351, -"keyword": "beta_n"}, -{"id": 2352, -"keyword": "communicating concurrent kleene algebra"}, {"id": 2353, -"keyword": "re-usable dfs-based algorithms"}, +"keyword": "finite fourier series"}, {"id": 2354, -"keyword": "development accompanies"}, +"keyword": "fixed access frequencies"}, {"id": 2355, -"keyword": "guarded recursive equations"}, +"keyword": "hol-multivariate-analysis session"}, {"id": 2356, -"keyword": "general recursion"}, +"keyword": "locale assumptions"}, {"id": 2357, -"keyword": "easily adapt existing proofs"}, +"keyword": "concrete file represented"}, {"id": 2358, -"keyword": "world code"}, +"keyword": "polynomial time"}, {"id": 2359, -"keyword": "problems"}, +"keyword": "beta_n"}, {"id": 2360, -"keyword": "mapping method"}, +"keyword": "communicating concurrent kleene algebra"}, {"id": 2361, -"keyword": "emphasising local spatial properties"}, +"keyword": "re-usable dfs-based algorithms"}, {"id": 2362, -"keyword": "stronger notion"}, +"keyword": "development accompanies"}, {"id": 2363, -"keyword": "tree automata"}, +"keyword": "guarded recursive equations"}, {"id": 2364, -"keyword": "automatic theorem prover"}, +"keyword": "general recursion"}, {"id": 2365, -"keyword": "typing rules"}, +"keyword": "easily adapt existing proofs"}, {"id": 2366, -"keyword": "augustin louis cauchy"}, +"keyword": "world code"}, {"id": 2367, -"keyword": "traditional proof outlines"}, +"keyword": "problems"}, {"id": 2368, -"keyword": "proof terms"}, +"keyword": "mapping method"}, {"id": 2369, -"keyword": "geodesic gromov-hyperbolic space"}, +"keyword": "emphasising local spatial properties"}, {"id": 2370, -"keyword": "order types"}, +"keyword": "stronger notion"}, {"id": 2371, -"keyword": "suitable inductive predicate"}, +"keyword": "tree automata"}, {"id": 2372, -"keyword": "developing aspects"}, +"keyword": "automatic theorem prover"}, {"id": 2373, -"keyword": "linux netfilter iptables firewall"}, +"keyword": "typing rules"}, {"id": 2374, -"keyword": "ordering properties"}, +"keyword": "augustin louis cauchy"}, {"id": 2375, -"keyword": "hereditary base 2"}, +"keyword": "traditional proof outlines"}, {"id": 2376, -"keyword": "insurance products"}, +"keyword": "proof terms"}, {"id": 2377, +"keyword": "geodesic gromov-hyperbolic space"}, +{"id": 2378, +"keyword": "order types"}, +{"id": 2379, +"keyword": "suitable inductive predicate"}, +{"id": 2380, +"keyword": "developing aspects"}, +{"id": 2381, +"keyword": "linux netfilter iptables firewall"}, +{"id": 2382, +"keyword": "ordering properties"}, +{"id": 2383, +"keyword": "hereditary base 2"}, +{"id": 2384, +"keyword": "insurance products"}, +{"id": 2385, "keyword": "timing functions"}, -{"id": 2378, +{"id": 2386, "keyword": "list module"}, -{"id": 2379, +{"id": 2387, "keyword": "128bit words"}, -{"id": 2380, +{"id": 2388, "keyword": "core theorems"}, -{"id": 2381, +{"id": 2389, "keyword": "worker wrapper transformation"}, -{"id": 2382, +{"id": 2390, "keyword": "implementation supports set membership"}, -{"id": 2383, +{"id": 2391, "keyword": "longest recognized substrings"}, -{"id": 2384, +{"id": 2392, "keyword": "initial nonterminal"}, -{"id": 2385, +{"id": 2393, "keyword": "insecure channel controlled"}, -{"id": 2386, +{"id": 2394, "keyword": "utility functions"}, -{"id": 2387, +{"id": 2395, "keyword": "unified view"}, -{"id": 2388, +{"id": 2396, "keyword": "underlying commented theories"}, -{"id": 2389, +{"id": 2397, "keyword": "software security"}, -{"id": 2390, +{"id": 2398, "keyword": "deeply embedded target programs"}, -{"id": 2391, +{"id": 2399, "keyword": "achieve compositionality"}, -{"id": 2392, +{"id": 2400, "keyword": "type definitions"}, -{"id": 2393, +{"id": 2401, "keyword": "priority search tree"}, -{"id": 2394, +{"id": 2402, "keyword": "complicated derivatives"}, -{"id": 2395, -"keyword": "resulting bst"}, -{"id": 2396, -"keyword": "decision"}, -{"id": 2397, -"keyword": "incomparable results"}, -{"id": 2398, -"keyword": "clear formalisation"}, -{"id": 2399, -"keyword": "total supremum function"}, -{"id": 2400, -"keyword": "extension formally represents"}, -{"id": 2401, -"keyword": "normal filters"}, -{"id": 2402, -"keyword": "rob arthan"}, {"id": 2403, -"keyword": "pseudo-bl algebras"}, +"keyword": "resulting bst"}, {"id": 2404, -"keyword": "purely functional algorithms"}, +"keyword": "decision"}, {"id": 2405, -"keyword": "mathematical development"}, +"keyword": "incomparable results"}, {"id": 2406, -"keyword": "optimizations heuristics"}, +"keyword": "clear formalisation"}, {"id": 2407, -"keyword": "borel-measurable random variables"}, +"keyword": "total supremum function"}, {"id": 2408, -"keyword": "checkers operate"}, +"keyword": "extension formally represents"}, {"id": 2409, +"keyword": "normal filters"}, +{"id": 2410, +"keyword": "rob arthan"}, +{"id": 2411, +"keyword": "pseudo-bl algebras"}, +{"id": 2412, +"keyword": "purely functional algorithms"}, +{"id": 2413, +"keyword": "mathematical development"}, +{"id": 2414, +"keyword": "optimizations heuristics"}, +{"id": 2415, +"keyword": "borel-measurable random variables"}, +{"id": 2416, +"keyword": "checkers operate"}, +{"id": 2417, "keyword": "short proof"}, -{"id": 2410, +{"id": 2418, "keyword": "total correctness based"}, -{"id": 2411, +{"id": 2419, "keyword": "real ideal world paradigm"}, -{"id": 2412, +{"id": 2420, "keyword": "arbitrary univariate polynomials"}, -{"id": 2413, +{"id": 2421, "keyword": "basic framework"}, -{"id": 2414, +{"id": 2422, "keyword": "game-based cryptographic security notions"}, -{"id": 2415, -"keyword": "test strategies"}, -{"id": 2416, -"keyword": "general solver"}, -{"id": 2417, -"keyword": "threat models"}, -{"id": 2418, -"keyword": "fredkin cacm 1960"}, -{"id": 2419, -"keyword": "induction"}, -{"id": 2420, -"keyword": "uniform global clock"}, -{"id": 2421, -"keyword": "mechanical derivation"}, -{"id": 2422, -"keyword": "proof sketch"}, {"id": 2423, -"keyword": "55th theorem"}, +"keyword": "test strategies"}, {"id": 2424, -"keyword": "specific instantiations"}, +"keyword": "general solver"}, {"id": 2425, -"keyword": "infinite iteration"}, +"keyword": "threat models"}, {"id": 2426, -"keyword": "parameterized verification framework"}, +"keyword": "fredkin cacm 1960"}, {"id": 2427, -"keyword": "probabilistic noninterference"}, +"keyword": "induction"}, {"id": 2428, -"keyword": "prior non-mechanized soundness proofs"}, +"keyword": "uniform global clock"}, {"id": 2429, +"keyword": "mechanical derivation"}, +{"id": 2430, +"keyword": "proof sketch"}, +{"id": 2431, +"keyword": "55th theorem"}, +{"id": 2432, +"keyword": "specific instantiations"}, +{"id": 2433, +"keyword": "infinite iteration"}, +{"id": 2434, +"keyword": "parameterized verification framework"}, +{"id": 2435, +"keyword": "probabilistic noninterference"}, +{"id": 2436, +"keyword": "prior non-mechanized soundness proofs"}, +{"id": 2437, "keyword": "planning system fast-downward"}, -{"id": 2430, +{"id": 2438, "keyword": "total store order"}, -{"id": 2431, +{"id": 2439, "keyword": "type system"}, -{"id": 2432, +{"id": 2440, "keyword": "verifythis competition series"}, -{"id": 2433, +{"id": 2441, "keyword": "cartesian categories"}, -{"id": 2434, +{"id": 2442, "keyword": "direct product"}, -{"id": 2435, +{"id": 2443, "keyword": "special case"}, -{"id": 2436, +{"id": 2444, "keyword": "free boolean algebra"}, -{"id": 2437, +{"id": 2445, "keyword": "static interprocedural slicing"}, -{"id": 2438, +{"id": 2446, "keyword": "connected open set"}, -{"id": 2439, +{"id": 2447, "keyword": "building"}, -{"id": 2440, +{"id": 2448, "keyword": "meet schneider"}, -{"id": 2441, +{"id": 2449, "keyword": "dynamic context"}, -{"id": 2442, +{"id": 2450, "keyword": "coherence theorem"}, -{"id": 2443, +{"id": 2451, "keyword": "set categories"}, -{"id": 2444, +{"id": 2452, "keyword": "step functions"}, -{"id": 2445, +{"id": 2453, "keyword": "practical interoperability protocol"}, -{"id": 2446, -"keyword": "general purpose data structure"}, -{"id": 2447, -"keyword": "proof method"}, -{"id": 2448, -"keyword": "diophantine approximations"}, -{"id": 2449, -"keyword": "factor polynomials"}, -{"id": 2450, -"keyword": "success probability"}, -{"id": 2451, -"keyword": "concrete sigma-protocols"}, -{"id": 2452, -"keyword": "expand stone relation algebras"}, -{"id": 2453, -"keyword": "effectively executable"}, {"id": 2454, -"keyword": "mechanising proofs"}, +"keyword": "general purpose data structure"}, {"id": 2455, -"keyword": "partial orders"}, +"keyword": "proof method"}, {"id": 2456, -"keyword": "mdp model checking"}, +"keyword": "diophantine approximations"}, {"id": 2457, +"keyword": "factor polynomials"}, +{"id": 2458, +"keyword": "success probability"}, +{"id": 2459, +"keyword": "concrete sigma-protocols"}, +{"id": 2460, +"keyword": "expand stone relation algebras"}, +{"id": 2461, +"keyword": "effectively executable"}, +{"id": 2462, +"keyword": "mechanising proofs"}, +{"id": 2463, +"keyword": "partial orders"}, +{"id": 2464, +"keyword": "mdp model checking"}, +{"id": 2465, "keyword": "providing stronger guarantees"}, -{"id": 2458, +{"id": 2466, "keyword": "lambda calculus"}, -{"id": 2459, +{"id": 2467, "keyword": "element set"}, -{"id": 2460, +{"id": 2468, "keyword": "landmark theorem due"}, -{"id": 2461, +{"id": 2469, "keyword": "classic quantifier elimination"}, -{"id": 2462, +{"id": 2470, "keyword": "game-based definitions"}, -{"id": 2463, +{"id": 2471, "keyword": "natural-language explanations"}, -{"id": 2464, +{"id": 2472, "keyword": "large transitive closures"}, -{"id": 2465, +{"id": 2473, "keyword": "static openflow rules"}, -{"id": 2466, +{"id": 2474, "keyword": "default instantiation"}, -{"id": 2467, +{"id": 2475, "keyword": "mentioned properties"}, -{"id": 2468, +{"id": 2476, "keyword": "verify truth tables"}, -{"id": 2469, +{"id": 2477, "keyword": "substructural logics"}, -{"id": 2470, +{"id": 2478, "keyword": "standard algorithms textbooks"}, -{"id": 2471, +{"id": 2479, "keyword": "key value-pairs"}, -{"id": 2472, +{"id": 2480, "keyword": "machine checked proofs"}, -{"id": 2473, +{"id": 2481, "keyword": "kleene star arise"}, -{"id": 2474, +{"id": 2482, "keyword": "formally verified implementation"}, -{"id": 2475, +{"id": 2483, "keyword": "autonomous systems"}, -{"id": 2476, +{"id": 2484, "keyword": "implementation mixes"}, -{"id": 2477, +{"id": 2485, "keyword": "slightly advanced properties"}, -{"id": 2478, +{"id": 2486, "keyword": "discussion logs"}, -{"id": 2479, +{"id": 2487, "keyword": "generic imperative language embedded"}, -{"id": 2480, +{"id": 2488, "keyword": "basic path manipulation rules"}, -{"id": 2481, +{"id": 2489, "keyword": "fully automatic tools"}, -{"id": 2482, +{"id": 2490, "keyword": "distinct network nodes"}, -{"id": 2483, +{"id": 2491, "keyword": "triangle"}, -{"id": 2484, +{"id": 2492, "keyword": "plotkin existential"}, -{"id": 2485, +{"id": 2493, "keyword": "feature nice mathematical properties"}, -{"id": 2486, -"keyword": "macaulay matrix"}, -{"id": 2487, -"keyword": "boolean algebras generalise"}, -{"id": 2488, -"keyword": "upf emphasizes"}, -{"id": 2489, -"keyword": "reasonable efficiency"}, -{"id": 2490, -"keyword": "explicit syntactic form"}, -{"id": 2491, -"keyword": "type inference rules"}, -{"id": 2492, -"keyword": "calculus immediately implies"}, -{"id": 2493, -"keyword": "underlying theory"}, {"id": 2494, -"keyword": "individual components"}, +"keyword": "macaulay matrix"}, {"id": 2495, -"keyword": "descartes test returns 0"}, +"keyword": "boolean algebras generalise"}, {"id": 2496, -"keyword": "divided differences"}, +"keyword": "upf emphasizes"}, {"id": 2497, +"keyword": "reasonable efficiency"}, +{"id": 2498, +"keyword": "explicit syntactic form"}, +{"id": 2499, +"keyword": "type inference rules"}, +{"id": 2500, +"keyword": "calculus immediately implies"}, +{"id": 2501, +"keyword": "underlying theory"}, +{"id": 2502, +"keyword": "individual components"}, +{"id": 2503, +"keyword": "descartes test returns 0"}, +{"id": 2504, +"keyword": "divided differences"}, +{"id": 2505, "keyword": "model existence theorem"}, -{"id": 2498, +{"id": 2506, "keyword": "executable denotational semantics"}, -{"id": 2499, +{"id": 2507, "keyword": "wireless mesh network"}, -{"id": 2500, +{"id": 2508, "keyword": "monotonic property transformers"}, -{"id": 2501, +{"id": 2509, "keyword": "prefix match"}, -{"id": 2502, +{"id": 2510, "keyword": "analytic proof"}, -{"id": 2503, +{"id": 2511, "keyword": "safe distance"}, -{"id": 2504, +{"id": 2512, "keyword": "existing implementation"}, -{"id": 2505, +{"id": 2513, "keyword": "natural logarithm"}, -{"id": 2506, -"keyword": "automatically transferable"}, -{"id": 2507, -"keyword": "oopsla 2006 paper"}, -{"id": 2508, -"keyword": "modern environment"}, -{"id": 2509, -"keyword": "dynamic architectures"}, -{"id": 2510, -"keyword": "simulate minsky machines"}, -{"id": 2511, -"keyword": "binomial heaps"}, -{"id": 2512, -"keyword": "classifies topological spaces"}, -{"id": 2513, -"keyword": "partial meet contraction"}, {"id": 2514, -"keyword": "standard signature algorithm"}, +"keyword": "automatically transferable"}, {"id": 2515, -"keyword": "selection functions"}, +"keyword": "oopsla 2006 paper"}, {"id": 2516, -"keyword": "peano arithmetic"}, +"keyword": "modern environment"}, {"id": 2517, -"keyword": "fully formally verified"}, +"keyword": "dynamic architectures"}, {"id": 2518, -"keyword": "files"}, +"keyword": "simulate minsky machines"}, {"id": 2519, -"keyword": "automated reasoning 52"}, +"keyword": "binomial heaps"}, {"id": 2520, -"keyword": "involves extensive reasoning"}, +"keyword": "classifies topological spaces"}, {"id": 2521, -"keyword": "pointwise updates"}, +"keyword": "partial meet contraction"}, {"id": 2522, -"keyword": "category theory"}, +"keyword": "standard signature algorithm"}, {"id": 2523, -"keyword": "vector fields"}, +"keyword": "selection functions"}, {"id": 2524, -"keyword": "direct mathematical model"}, +"keyword": "peano arithmetic"}, {"id": 2525, -"keyword": "group generated"}, +"keyword": "fully formally verified"}, {"id": 2526, -"keyword": "interesting format"}, +"keyword": "files"}, {"id": 2527, -"keyword": "random element"}, +"keyword": "automated reasoning 52"}, {"id": 2528, -"keyword": "simple imperative language"}, +"keyword": "involves extensive reasoning"}, {"id": 2529, -"keyword": "modal kleene algebra"}, +"keyword": "pointwise updates"}, {"id": 2530, +"keyword": "category theory"}, +{"id": 2531, +"keyword": "vector fields"}, +{"id": 2532, +"keyword": "direct mathematical model"}, +{"id": 2533, +"keyword": "group generated"}, +{"id": 2534, +"keyword": "interesting format"}, +{"id": 2535, +"keyword": "random element"}, +{"id": 2536, +"keyword": "simple imperative language"}, +{"id": 2537, +"keyword": "modal kleene algebra"}, +{"id": 2538, "keyword": "arbitrary fields"}, -{"id": 2531, +{"id": 2539, "keyword": "roger lipsett"}, -{"id": 2532, +{"id": 2540, "keyword": "probabilistic system types"}, -{"id": 2533, +{"id": 2541, "keyword": "existing pen-and-paper proof"}, -{"id": 2534, +{"id": 2542, "keyword": "working mathematician"}, -{"id": 2535, +{"id": 2543, "keyword": "squarefree integers"}, -{"id": 2536, -"keyword": "heap property"}, -{"id": 2537, -"keyword": "beautiful result"}, -{"id": 2538, -"keyword": "factorisation algorithm"}, -{"id": 2539, -"keyword": "simple techniques"}, -{"id": 2540, -"keyword": "arbitrary natural sets"}, -{"id": 2541, -"keyword": "christoph benzm uuml"}, -{"id": 2542, -"keyword": "combinable wand"}, -{"id": 2543, -"keyword": "failure-prone environments"}, {"id": 2544, -"keyword": "abstract cryptography"}, +"keyword": "heap property"}, {"id": 2545, -"keyword": "simpler secure processes"}, +"keyword": "beautiful result"}, {"id": 2546, -"keyword": "sim sqrt 2 pi"}, +"keyword": "factorisation algorithm"}, {"id": 2547, -"keyword": "rigorous polynomial approximation"}, +"keyword": "simple techniques"}, {"id": 2548, -"keyword": "cardinality facts relevant"}, +"keyword": "arbitrary natural sets"}, {"id": 2549, -"keyword": "source-to-assembly step matching"}, +"keyword": "christoph benzm uuml"}, {"id": 2550, -"keyword": "lambda-calculus"}, +"keyword": "combinable wand"}, {"id": 2551, -"keyword": "fundamental theorem"}, +"keyword": "failure-prone environments"}, {"id": 2552, -"keyword": "routing table entry"}, +"keyword": "abstract cryptography"}, {"id": 2553, -"keyword": "called object constraint language"}, +"keyword": "simpler secure processes"}, {"id": 2554, -"keyword": "logically safe"}, +"keyword": "sim sqrt 2 pi"}, {"id": 2555, -"keyword": "non-relational reasoning"}, +"keyword": "rigorous polynomial approximation"}, {"id": 2556, -"keyword": "intuitive combinatorial proof"}, +"keyword": "cardinality facts relevant"}, {"id": 2557, -"keyword": "tphols 2008 paper"}, +"keyword": "source-to-assembly step matching"}, {"id": 2558, -"keyword": "floyd-warshall algorithm"}, +"keyword": "lambda-calculus"}, {"id": 2559, -"keyword": "single event list varying"}, +"keyword": "fundamental theorem"}, {"id": 2560, -"keyword": "church-encoded representation"}, +"keyword": "routing table entry"}, {"id": 2561, -"keyword": "recursive inseparability"}, +"keyword": "called object constraint language"}, {"id": 2562, -"keyword": "hierarchical transactions"}, +"keyword": "logically safe"}, {"id": 2563, -"keyword": "low-degree polynomials"}, +"keyword": "non-relational reasoning"}, {"id": 2564, -"keyword": "declaring nominal datatypes"}, +"keyword": "intuitive combinatorial proof"}, {"id": 2565, -"keyword": "widening operation"}, +"keyword": "tphols 2008 paper"}, {"id": 2566, -"keyword": "full permission"}, +"keyword": "floyd-warshall algorithm"}, {"id": 2567, -"keyword": "weak preferences"}, +"keyword": "single event list varying"}, {"id": 2568, -"keyword": "generic theory"}, +"keyword": "church-encoded representation"}, {"id": 2569, -"keyword": "ocl specification"}, +"keyword": "recursive inseparability"}, {"id": 2570, +"keyword": "hierarchical transactions"}, +{"id": 2571, +"keyword": "low-degree polynomials"}, +{"id": 2572, +"keyword": "declaring nominal datatypes"}, +{"id": 2573, +"keyword": "widening operation"}, +{"id": 2574, +"keyword": "full permission"}, +{"id": 2575, +"keyword": "weak preferences"}, +{"id": 2576, +"keyword": "generic theory"}, +{"id": 2577, +"keyword": "ocl specification"}, +{"id": 2578, "keyword": "original expression"}, -{"id": 2571, +{"id": 2579, "keyword": "euler trails"}, -{"id": 2572, +{"id": 2580, "keyword": "mutually recursive functions"}, -{"id": 2573, +{"id": 2581, "keyword": "isomorphisms results"}, -{"id": 2574, +{"id": 2582, "keyword": "hol light development"}, -{"id": 2575, +{"id": 2583, "keyword": "numerical algorithms"}, -{"id": 2576, -"keyword": "special form"}, -{"id": 2577, -"keyword": "upcoming entry iptables semantics"}, -{"id": 2578, -"keyword": "x86-64 assembly instructions"}, -{"id": 2579, -"keyword": "great body"}, -{"id": 2580, -"keyword": "sliced graph"}, -{"id": 2581, -"keyword": "function zeta"}, -{"id": 2582, -"keyword": "van der waerden"}, -{"id": 2583, -"keyword": "pretty printing"}, {"id": 2584, -"keyword": "memory model"}, +"keyword": "special form"}, {"id": 2585, -"keyword": "directly inspired"}, +"keyword": "upcoming entry iptables semantics"}, {"id": 2586, -"keyword": "phi functions"}, +"keyword": "x86-64 assembly instructions"}, {"id": 2587, -"keyword": "security configuration actual firewall"}, +"keyword": "great body"}, {"id": 2588, -"keyword": "knuth bendix orders"}, +"keyword": "sliced graph"}, {"id": 2589, -"keyword": "belief change"}, +"keyword": "function zeta"}, {"id": 2590, +"keyword": "van der waerden"}, +{"id": 2591, +"keyword": "pretty printing"}, +{"id": 2592, +"keyword": "memory model"}, +{"id": 2593, +"keyword": "directly inspired"}, +{"id": 2594, +"keyword": "phi functions"}, +{"id": 2595, +"keyword": "security configuration actual firewall"}, +{"id": 2596, +"keyword": "knuth bendix orders"}, +{"id": 2597, +"keyword": "belief change"}, +{"id": 2598, "keyword": "arctic interpretations"}, -{"id": 2591, +{"id": 2599, "keyword": "bounded operators"}, -{"id": 2592, +{"id": 2600, "keyword": "harm security"}, -{"id": 2593, +{"id": 2601, "keyword": "separate afp entries goedel_hfset_semantic"}, -{"id": 2594, +{"id": 2602, "keyword": "frequency moment"}, -{"id": 2595, +{"id": 2603, "keyword": "arbitrary network topologies"}, -{"id": 2596, +{"id": 2604, "keyword": "theorem implies combinatorial planarity"}, -{"id": 2597, +{"id": 2605, "keyword": "expected internal path length"}, -{"id": 2598, +{"id": 2606, "keyword": "stronger version"}, -{"id": 2599, +{"id": 2607, "keyword": "solving linear programs"}, -{"id": 2600, +{"id": 2608, "keyword": "entry formally"}, -{"id": 2601, +{"id": 2609, "keyword": "discrete summation"}, -{"id": 2602, +{"id": 2610, "keyword": "compact intervals"}, -{"id": 2603, +{"id": 2611, "keyword": "complexity low"}, -{"id": 2604, +{"id": 2612, "keyword": "source type"}, -{"id": 2605, +{"id": 2613, "keyword": "meaningless encodings"}, -{"id": 2606, +{"id": 2614, "keyword": "yielding dynamic programming algorithms"}, -{"id": 2607, -"keyword": "hol formalization builds"}, -{"id": 2608, -"keyword": "abstract separation algebra"}, -{"id": 2609, -"keyword": "handle changing beliefs"}, -{"id": 2610, -"keyword": "exploiting type classes"}, -{"id": 2611, -"keyword": "linear programs"}, -{"id": 2612, -"keyword": "hol proof assistant"}, -{"id": 2613, -"keyword": "current monolithic protocols"}, -{"id": 2614, -"keyword": "partial correctness"}, {"id": 2615, -"keyword": "finite collection"}, +"keyword": "hol formalization builds"}, {"id": 2616, -"keyword": "manipulating data types"}, +"keyword": "abstract separation algebra"}, {"id": 2617, -"keyword": "library base"}, +"keyword": "handle changing beliefs"}, {"id": 2618, +"keyword": "exploiting type classes"}, +{"id": 2619, +"keyword": "linear programs"}, +{"id": 2620, +"keyword": "hol proof assistant"}, +{"id": 2621, +"keyword": "current monolithic protocols"}, +{"id": 2622, +"keyword": "partial correctness"}, +{"id": 2623, +"keyword": "finite collection"}, +{"id": 2624, +"keyword": "manipulating data types"}, +{"id": 2625, +"keyword": "library base"}, +{"id": 2626, "keyword": "sophisticated object-oriented bytecode language"}, -{"id": 2619, +{"id": 2627, "keyword": "probable hidden state sequence"}, -{"id": 2620, +{"id": 2628, "keyword": "finger tree"}, -{"id": 2621, +{"id": 2629, "keyword": "optimality equations"}, -{"id": 2622, +{"id": 2630, "keyword": "latin square"}, -{"id": 2623, +{"id": 2631, "keyword": "combine classical reasoning"}, -{"id": 2624, +{"id": 2632, "keyword": "magic wand formula"}, -{"id": 2625, +{"id": 2633, "keyword": "complete formalization"}, -{"id": 2626, +{"id": 2634, "keyword": "purely syntactic normalisation procedure"}, -{"id": 2627, +{"id": 2635, "keyword": "generic algorithm"}, -{"id": 2628, +{"id": 2636, "keyword": "formalizations differ mathematically"}, -{"id": 2629, +{"id": 2637, "keyword": "computing dominators"}, -{"id": 2630, +{"id": 2638, "keyword": "relational constructors"}, -{"id": 2631, +{"id": 2639, "keyword": "simplicial complexes"}, -{"id": 2632, +{"id": 2640, "keyword": "induction principle"}, -{"id": 2633, +{"id": 2641, "keyword": "correct binomial heaps"}, -{"id": 2634, +{"id": 2642, "keyword": "information flow security"}, -{"id": 2635, +{"id": 2643, "keyword": "basic concepts"}, -{"id": 2636, +{"id": 2644, "keyword": "present formalisation formed"}, -{"id": 2637, +{"id": 2645, "keyword": "significant piece"}, -{"id": 2638, +{"id": 2646, "keyword": "safe regression test selection"}, -{"id": 2639, +{"id": 2647, "keyword": "internal path length"}, -{"id": 2640, +{"id": 2648, "keyword": "avoid cascading linking"}, -{"id": 2641, +{"id": 2649, "keyword": "dirichlet l-functions"}, -{"id": 2642, +{"id": 2650, "keyword": "interactive proof assistant"}, -{"id": 2643, +{"id": 2651, "keyword": "article added additional material"}, -{"id": 2644, +{"id": 2652, "keyword": "shadow tree"}, -{"id": 2645, +{"id": 2653, "keyword": "prime number"}, -{"id": 2646, +{"id": 2654, "keyword": "representation independence"}, -{"id": 2647, -"keyword": "landau symbol"}, -{"id": 2648, -"keyword": "essentially follow"}, -{"id": 2649, -"keyword": "additively idempotent semirings"}, -{"id": 2650, -"keyword": "complex unknowns x1"}, -{"id": 2651, -"keyword": "byzantine fault-tolerant clock synchronization"}, -{"id": 2652, -"keyword": "closely follow"}, -{"id": 2653, -"keyword": "shaz qadeer"}, -{"id": 2654, -"keyword": "complex systems involves"}, {"id": 2655, -"keyword": "solving equational systems"}, +"keyword": "landau symbol"}, {"id": 2656, -"keyword": "safe ocl typing rules"}, +"keyword": "essentially follow"}, {"id": 2657, -"keyword": "delta system lemma sessions"}, +"keyword": "additively idempotent semirings"}, {"id": 2658, +"keyword": "complex unknowns x1"}, +{"id": 2659, +"keyword": "byzantine fault-tolerant clock synchronization"}, +{"id": 2660, +"keyword": "closely follow"}, +{"id": 2661, +"keyword": "shaz qadeer"}, +{"id": 2662, +"keyword": "complex systems involves"}, +{"id": 2663, +"keyword": "solving equational systems"}, +{"id": 2664, +"keyword": "safe ocl typing rules"}, +{"id": 2665, +"keyword": "delta system lemma sessions"}, +{"id": 2666, "keyword": "theorem due"}, -{"id": 2659, +{"id": 2667, "keyword": "temporal order"}, -{"id": 2660, +{"id": 2668, "keyword": "infrastructure previously"}, -{"id": 2661, +{"id": 2669, "keyword": "specification holds"}, -{"id": 2662, +{"id": 2670, "keyword": "skew links"}, -{"id": 2663, +{"id": 2671, "keyword": "transactional memory"}, -{"id": 2664, +{"id": 2672, "keyword": "unique squarefree decomposition"}, -{"id": 2665, +{"id": 2673, "keyword": "beta_1"}, -{"id": 2666, +{"id": 2674, "keyword": "discrete stochastic dynamic programming"}, -{"id": 2667, -"keyword": "highly modular"}, -{"id": 2668, -"keyword": "transcendental numbers"}, -{"id": 2669, -"keyword": "extra assumptions"}, -{"id": 2670, -"keyword": "fully json compliant"}, -{"id": 2671, -"keyword": "instantiation draws heavily"}, -{"id": 2672, -"keyword": "stuttering equivalence afp-entry"}, -{"id": 2673, -"keyword": "incompleteness theorem"}, -{"id": 2674, -"keyword": "general form"}, {"id": 2675, -"keyword": "coarse-grained semantics"}, +"keyword": "highly modular"}, {"id": 2676, -"keyword": "early result"}, +"keyword": "transcendental numbers"}, {"id": 2677, -"keyword": "core dom"}, +"keyword": "extra assumptions"}, {"id": 2678, -"keyword": "trace set processes"}, +"keyword": "fully json compliant"}, {"id": 2679, -"keyword": "theorem applying"}, +"keyword": "instantiation draws heavily"}, {"id": 2680, -"keyword": "present polished"}, +"keyword": "stuttering equivalence afp-entry"}, {"id": 2681, -"keyword": "graph representation"}, +"keyword": "incompleteness theorem"}, {"id": 2682, -"keyword": "large number"}, +"keyword": "general form"}, {"id": 2683, -"keyword": "classical propositional logic"}, +"keyword": "coarse-grained semantics"}, {"id": 2684, -"keyword": "context-free grammar"}, +"keyword": "early result"}, {"id": 2685, -"keyword": "lee cl73"}, +"keyword": "core dom"}, {"id": 2686, -"keyword": "security invariants hold"}, +"keyword": "trace set processes"}, {"id": 2687, -"keyword": "simple programming language"}, +"keyword": "theorem applying"}, {"id": 2688, -"keyword": "gibbard-satterthwaite theorem"}, +"keyword": "present polished"}, {"id": 2689, -"keyword": "compcertssa project"}, +"keyword": "graph representation"}, {"id": 2690, -"keyword": "linear upper bound"}, +"keyword": "large number"}, {"id": 2691, -"keyword": "formula mdp ta pta"}, +"keyword": "classical propositional logic"}, {"id": 2692, -"keyword": "quantic nuclei"}, +"keyword": "context-free grammar"}, {"id": 2693, -"keyword": "non-deterministic interpreter"}, +"keyword": "lee cl73"}, {"id": 2694, -"keyword": "embedding path order"}, +"keyword": "security invariants hold"}, {"id": 2695, -"keyword": "convergence rate"}, +"keyword": "simple programming language"}, {"id": 2696, -"keyword": "textbook types"}, +"keyword": "gibbard-satterthwaite theorem"}, {"id": 2697, -"keyword": "discrete financial models"}, +"keyword": "compcertssa project"}, {"id": 2698, -"keyword": "wireless networks"}, +"keyword": "linear upper bound"}, {"id": 2699, +"keyword": "formula mdp ta pta"}, +{"id": 2700, +"keyword": "quantic nuclei"}, +{"id": 2701, +"keyword": "non-deterministic interpreter"}, +{"id": 2702, +"keyword": "embedding path order"}, +{"id": 2703, +"keyword": "convergence rate"}, +{"id": 2704, +"keyword": "textbook types"}, +{"id": 2705, +"keyword": "discrete financial models"}, +{"id": 2706, +"keyword": "wireless networks"}, +{"id": 2707, "keyword": "mechanical theorem proving"}, -{"id": 2700, +{"id": 2708, "keyword": "jan kretinsky proposed"}, -{"id": 2701, +{"id": 2709, "keyword": "infinite subset"}, -{"id": 2702, +{"id": 2710, "keyword": "reflection-based decision procedure"}, -{"id": 2703, +{"id": 2711, "keyword": "int_0 infty b_n"}, -{"id": 2704, +{"id": 2712, "keyword": "general cost functions"}, -{"id": 2705, +{"id": 2713, "keyword": "ch research verifythis"}, -{"id": 2706, +{"id": 2714, "keyword": "prim"}, -{"id": 2707, +{"id": 2715, "keyword": "sparcv8 instruction set architecture"}, -{"id": 2708, +{"id": 2716, "keyword": "ordered bdd"}, -{"id": 2709, +{"id": 2717, "keyword": "incorporate smoothly"}, -{"id": 2710, +{"id": 2718, "keyword": "java interactive verification environment"}, -{"id": 2711, +{"id": 2719, "keyword": "time complexity bound"}, -{"id": 2712, +{"id": 2720, "keyword": "rules controls"}, -{"id": 2713, +{"id": 2721, "keyword": "theorem prover"}, -{"id": 2714, +{"id": 2722, "keyword": "decrease efficiency"}, -{"id": 2715, +{"id": 2723, "keyword": "separation algebra"}, -{"id": 2716, +{"id": 2724, "keyword": "refined version"}, -{"id": 2717, -"keyword": "facts involving algebraic laws"}, -{"id": 2718, -"keyword": "indefinitely long sequence"}, -{"id": 2719, -"keyword": "fundamental objects"}, -{"id": 2720, -"keyword": "open induction schema based"}, -{"id": 2721, -"keyword": "dependent choices"}, -{"id": 2722, -"keyword": "temporal operators"}, -{"id": 2723, -"keyword": "obtain concrete upper bounds"}, -{"id": 2724, -"keyword": "verify spoofing protection"}, {"id": 2725, -"keyword": "significantly worse"}, +"keyword": "facts involving algebraic laws"}, {"id": 2726, -"keyword": "type class functions"}, +"keyword": "indefinitely long sequence"}, {"id": 2727, -"keyword": "common format"}, +"keyword": "fundamental objects"}, {"id": 2728, -"keyword": "guarantee condition"}, +"keyword": "open induction schema based"}, {"id": 2729, -"keyword": "fairly rudimentary"}, +"keyword": "dependent choices"}, {"id": 2730, -"keyword": "relation reduces"}, +"keyword": "temporal operators"}, {"id": 2731, +"keyword": "obtain concrete upper bounds"}, +{"id": 2732, +"keyword": "verify spoofing protection"}, +{"id": 2733, +"keyword": "significantly worse"}, +{"id": 2734, +"keyword": "type class functions"}, +{"id": 2735, +"keyword": "common format"}, +{"id": 2736, +"keyword": "guarantee condition"}, +{"id": 2737, +"keyword": "fairly rudimentary"}, +{"id": 2738, +"keyword": "relation reduces"}, +{"id": 2739, "keyword": "petersen aplas 2012"}, -{"id": 2732, +{"id": 2740, "keyword": "strips soundness meta-theory"}, -{"id": 2733, +{"id": 2741, "keyword": "code"}, -{"id": 2734, +{"id": 2742, "keyword": "popular theorems attributed"}, -{"id": 2735, +{"id": 2743, "keyword": "puzzle"}, -{"id": 2736, +{"id": 2744, "keyword": "registering automatic methods"}, -{"id": 2737, -"keyword": "executable monitor"}, -{"id": 2738, -"keyword": "cryptographic operators"}, -{"id": 2739, -"keyword": "previous berlekamp zassenhaus development"}, -{"id": 2740, -"keyword": "paraconsistent many-"}, -{"id": 2741, -"keyword": "extended complex plane"}, -{"id": 2742, -"keyword": "non-deterministic buechi-automaton"}, -{"id": 2743, -"keyword": "x1j hellip"}, -{"id": 2744, -"keyword": "simplex algorithm"}, {"id": 2745, -"keyword": "higher order logic"}, +"keyword": "executable monitor"}, {"id": 2746, -"keyword": "reachable nodes"}, +"keyword": "cryptographic operators"}, {"id": 2747, -"keyword": "classical theorem stating"}, +"keyword": "previous berlekamp zassenhaus development"}, {"id": 2748, -"keyword": "basic part"}, +"keyword": "paraconsistent many-"}, {"id": 2749, -"keyword": "book concrete semantics"}, +"keyword": "extended complex plane"}, {"id": 2750, -"keyword": "concern geometry"}, +"keyword": "non-deterministic buechi-automaton"}, {"id": 2751, +"keyword": "x1j hellip"}, +{"id": 2752, +"keyword": "simplex algorithm"}, +{"id": 2753, +"keyword": "higher order logic"}, +{"id": 2754, +"keyword": "reachable nodes"}, +{"id": 2755, +"keyword": "classical theorem stating"}, +{"id": 2756, +"keyword": "basic part"}, +{"id": 2757, +"keyword": "book concrete semantics"}, +{"id": 2758, +"keyword": "concern geometry"}, +{"id": 2759, "keyword": "nnf-based algorithms"}, -{"id": 2752, +{"id": 2760, "keyword": "de bruijn index-based syntax"}, -{"id": 2753, +{"id": 2761, "keyword": "destination ip space"}, -{"id": 2754, +{"id": 2762, "keyword": "floating-point computation"}, -{"id": 2755, +{"id": 2763, "keyword": "secure auto-completion"}, -{"id": 2756, +{"id": 2764, "keyword": "generating function equivalence proof"}, -{"id": 2757, +{"id": 2765, "keyword": "random serial dictatorship"}, -{"id": 2758, +{"id": 2766, "keyword": "metaphysical theory"}, -{"id": 2759, +{"id": 2767, "keyword": "theorems stated"}, -{"id": 2760, +{"id": 2768, "keyword": "32-bit signed word"}, -{"id": 2761, +{"id": 2769, "keyword": "flowgraph-based program model"}, -{"id": 2762, +{"id": 2770, "keyword": "multiple positions"}, -{"id": 2763, +{"id": 2771, "keyword": "non-strict function abstractions"}, -{"id": 2764, +{"id": 2772, "keyword": "information-flow security applicable"}, -{"id": 2765, +{"id": 2773, "keyword": "party cryptographic primitives"}, -{"id": 2766, +{"id": 2774, "keyword": "lattice supremum providing"}, -{"id": 2767, +{"id": 2775, "keyword": "additional theorems"}, -{"id": 2768, -"keyword": "output port"}, -{"id": 2769, -"keyword": "verify algorithms"}, -{"id": 2770, -"keyword": "covers algebraic reasoning"}, -{"id": 2771, -"keyword": "interleaves"}, -{"id": 2772, -"keyword": "tree decomposition"}, -{"id": 2773, -"keyword": "framework features"}, -{"id": 2774, -"keyword": "quantities induces congruences"}, -{"id": 2775, -"keyword": "type constructors"}, {"id": 2776, -"keyword": "outsourcing data storage"}, +"keyword": "output port"}, {"id": 2777, -"keyword": "theoretical evidence"}, +"keyword": "verify algorithms"}, {"id": 2778, -"keyword": "finite infinite lists"}, +"keyword": "covers algebraic reasoning"}, {"id": 2779, +"keyword": "interleaves"}, +{"id": 2780, +"keyword": "tree decomposition"}, +{"id": 2781, +"keyword": "framework features"}, +{"id": 2782, +"keyword": "quantities induces congruences"}, +{"id": 2783, +"keyword": "type constructors"}, +{"id": 2784, +"keyword": "outsourcing data storage"}, +{"id": 2785, +"keyword": "theoretical evidence"}, +{"id": 2786, +"keyword": "finite infinite lists"}, +{"id": 2787, "keyword": "finite state markov chains"}, -{"id": 2780, +{"id": 2788, "keyword": "thematic section"}, -{"id": 2781, +{"id": 2789, "keyword": "definite descriptions"}, -{"id": 2782, +{"id": 2790, "keyword": "natural question"}, -{"id": 2783, +{"id": 2791, "keyword": "term shallow-style embedding"}, -{"id": 2784, +{"id": 2792, "keyword": "co-closure operators"}, -{"id": 2785, +{"id": 2793, "keyword": "uninterpreted functions"}, -{"id": 2786, +{"id": 2794, "keyword": "formal development"}, -{"id": 2787, +{"id": 2795, "keyword": "fft algorithm"}, -{"id": 2788, +{"id": 2796, "keyword": "rank-nullity theorem roughly follow"}, -{"id": 2789, +{"id": 2797, "keyword": "lens classes"}, -{"id": 2790, +{"id": 2798, "keyword": "state sigma iff"}, -{"id": 2791, +{"id": 2799, "keyword": "invariant based programs"}, -{"id": 2792, +{"id": 2800, "keyword": "types int"}, -{"id": 2793, +{"id": 2801, "keyword": "crucial ingredient"}, -{"id": 2794, +{"id": 2802, "keyword": "program executions based"}, -{"id": 2795, +{"id": 2803, "keyword": "single permanent failure"}, -{"id": 2796, +{"id": 2804, "keyword": "lyndon words"}, -{"id": 2797, +{"id": 2805, "keyword": "equational reasoning"}, -{"id": 2798, +{"id": 2806, "keyword": "operation results"}, -{"id": 2799, +{"id": 2807, "keyword": "ontological argument"}, -{"id": 2800, +{"id": 2808, "keyword": "decision procedure"}, -{"id": 2801, +{"id": 2809, "keyword": "enforcing exclusive writes"}, -{"id": 2802, +{"id": 2810, "keyword": "main entry point"}, -{"id": 2803, +{"id": 2811, "keyword": "showcase haskell"}, -{"id": 2804, +{"id": 2812, "keyword": "domain operation"}, -{"id": 2805, +{"id": 2813, "keyword": "fixed service"}, -{"id": 2806, +{"id": 2814, "keyword": "case study"}, -{"id": 2807, +{"id": 2815, "keyword": "basic concepts cartesian products"}, -{"id": 2808, -"keyword": "refinement theorem"}, -{"id": 2809, -"keyword": "consistent sign assignments"}, -{"id": 2810, -"keyword": "object logic"}, -{"id": 2811, -"keyword": "verified iptables firewall analysis"}, -{"id": 2812, -"keyword": "recursion principles"}, -{"id": 2813, -"keyword": "cayley-hamilton theorem based"}, -{"id": 2814, -"keyword": "general library"}, -{"id": 2815, -"keyword": "hoare triples"}, {"id": 2816, -"keyword": "dictionary translation"}, +"keyword": "refinement theorem"}, {"id": 2817, -"keyword": "prime-factorization algorithms"}, +"keyword": "consistent sign assignments"}, {"id": 2818, -"keyword": "proving safety"}, +"keyword": "object logic"}, {"id": 2819, +"keyword": "verified iptables firewall analysis"}, +{"id": 2820, +"keyword": "recursion principles"}, +{"id": 2821, +"keyword": "cayley-hamilton theorem based"}, +{"id": 2822, +"keyword": "general library"}, +{"id": 2823, +"keyword": "hoare triples"}, +{"id": 2824, +"keyword": "dictionary translation"}, +{"id": 2825, +"keyword": "prime-factorization algorithms"}, +{"id": 2826, +"keyword": "proving safety"}, +{"id": 2827, "keyword": "monotonically decreasing sequence"}, -{"id": 2820, +{"id": 2828, "keyword": "probability theory"}, -{"id": 2821, +{"id": 2829, "keyword": "pipeline-parallel stream processing"}, -{"id": 2822, +{"id": 2830, "keyword": "extended sturm"}, -{"id": 2823, +{"id": 2831, "keyword": "rigorous numerical algorithms"}, -{"id": 2824, +{"id": 2832, "keyword": "combined factorization algorithm"}, -{"id": 2825, +{"id": 2833, "keyword": "lifting step"}, -{"id": 2826, +{"id": 2834, "keyword": "satisfaction relation"}, -{"id": 2827, +{"id": 2835, "keyword": "automatic refinement framework"}, -{"id": 2828, -"keyword": "real eigenvalue"}, -{"id": 2829, -"keyword": "proposed approach"}, -{"id": 2830, -"keyword": "algorithm proceeds"}, -{"id": 2831, -"keyword": "so-called key equalities"}, -{"id": 2832, -"keyword": "transferring lifted properties back"}, -{"id": 2833, -"keyword": "fixed fraction"}, -{"id": 2834, -"keyword": "concise proof"}, -{"id": 2835, -"keyword": "adjoint functors"}, {"id": 2836, -"keyword": "cryptography proof formalizations"}, +"keyword": "real eigenvalue"}, {"id": 2837, -"keyword": "blockchain pattern"}, +"keyword": "proposed approach"}, {"id": 2838, -"keyword": "game-based proofs"}, +"keyword": "algorithm proceeds"}, {"id": 2839, -"keyword": "descartes test based"}, +"keyword": "so-called key equalities"}, {"id": 2840, -"keyword": "trace set"}, +"keyword": "transferring lifted properties back"}, {"id": 2841, -"keyword": "type-safe conversions"}, +"keyword": "fixed fraction"}, {"id": 2842, -"keyword": "computing bernoulli numbers"}, +"keyword": "concise proof"}, {"id": 2843, -"keyword": "collection offer functionality"}, +"keyword": "adjoint functors"}, {"id": 2844, -"keyword": "mason ndash"}, +"keyword": "cryptography proof formalizations"}, {"id": 2845, -"keyword": "summary edges"}, +"keyword": "blockchain pattern"}, {"id": 2846, -"keyword": "litte theorem"}, +"keyword": "game-based proofs"}, {"id": 2847, -"keyword": "inconsistent theory"}, +"keyword": "descartes test based"}, {"id": 2848, -"keyword": "proof closely"}, +"keyword": "trace set"}, {"id": 2849, -"keyword": "access windows"}, +"keyword": "type-safe conversions"}, {"id": 2850, -"keyword": "fully automated translation"}, +"keyword": "computing bernoulli numbers"}, {"id": 2851, -"keyword": "global variables"}, +"keyword": "collection offer functionality"}, {"id": 2852, -"keyword": "existing multivariate polynomial libraries"}, +"keyword": "mason ndash"}, {"id": 2853, -"keyword": "no-cloning theorem"}, +"keyword": "summary edges"}, {"id": 2854, -"keyword": "large financial losses"}, +"keyword": "litte theorem"}, {"id": 2855, -"keyword": "apply andy pitts"}, +"keyword": "inconsistent theory"}, {"id": 2856, -"keyword": "omega omega"}, +"keyword": "proof closely"}, {"id": 2857, -"keyword": "package algorithms applicable"}, +"keyword": "access windows"}, {"id": 2858, -"keyword": "fulfilling van der waerden"}, +"keyword": "fully automated translation"}, {"id": 2859, -"keyword": "interval logics"}, +"keyword": "global variables"}, {"id": 2860, +"keyword": "existing multivariate polynomial libraries"}, +{"id": 2861, +"keyword": "no-cloning theorem"}, +{"id": 2862, +"keyword": "large financial losses"}, +{"id": 2863, +"keyword": "apply andy pitts"}, +{"id": 2864, +"keyword": "omega omega"}, +{"id": 2865, +"keyword": "package algorithms applicable"}, +{"id": 2866, +"keyword": "fulfilling van der waerden"}, +{"id": 2867, +"keyword": "interval logics"}, +{"id": 2868, "keyword": "higher-order terms"}, -{"id": 2861, +{"id": 2869, "keyword": "measurable spaces"}, -{"id": 2862, +{"id": 2870, "keyword": "coarse-grained concurrency"}, -{"id": 2863, +{"id": 2871, "keyword": "study models"}, -{"id": 2864, +{"id": 2872, "keyword": "omega 1 alpha cdot"}, -{"id": 2865, +{"id": 2873, "keyword": "facilitate integrating future optimizations"}, -{"id": 2866, +{"id": 2874, "keyword": "eulerian trails"}, -{"id": 2867, +{"id": 2875, "keyword": "algebraically closed"}, -{"id": 2868, +{"id": 2876, "keyword": "numerous models"}, -{"id": 2869, +{"id": 2877, "keyword": "general simplex algorithm"}, -{"id": 2870, +{"id": 2878, "keyword": "relabelling function"}, -{"id": 2871, +{"id": 2879, "keyword": "algebraic geometry culminating"}, -{"id": 2872, +{"id": 2880, "keyword": "standard security protocols"}, -{"id": 2873, +{"id": 2881, "keyword": "automatically generate proofs"}, -{"id": 2874, +{"id": 2882, "keyword": "current symbolic state"}, -{"id": 2875, +{"id": 2883, "keyword": "state transformers"}, -{"id": 2876, +{"id": 2884, "keyword": "orbit-stabiliser theorem"}, -{"id": 2877, +{"id": 2885, "keyword": "sufficiently rich"}, -{"id": 2878, +{"id": 2886, "keyword": "commutative ring"}, -{"id": 2879, +{"id": 2887, "keyword": "regular structures"}, -{"id": 2880, +{"id": 2888, "keyword": "measure theory"}, -{"id": 2881, +{"id": 2889, "keyword": "consistent learning"}, -{"id": 2882, +{"id": 2890, "keyword": "called check monad"}, -{"id": 2883, +{"id": 2891, "keyword": "interval temporal logics"}, -{"id": 2884, +{"id": 2892, "keyword": "original functional sigma-calculus"}, -{"id": 2885, +{"id": 2893, "keyword": "precise algorithms"}, -{"id": 2886, +{"id": 2894, "keyword": "rational roots"}, -{"id": 2887, +{"id": 2895, "keyword": "dynamic negation"}, -{"id": 2888, +{"id": 2896, "keyword": "solution"}, -{"id": 2889, -"keyword": "afp entry core dom"}, -{"id": 2890, -"keyword": "cakeml abstract syntax trees"}, -{"id": 2891, -"keyword": "keith conrad"}, -{"id": 2892, -"keyword": "generating test cases"}, -{"id": 2893, -"keyword": "sorting algorithm"}, -{"id": 2894, -"keyword": "teaching purposes"}, -{"id": 2895, -"keyword": "path authorization mechanism"}, -{"id": 2896, -"keyword": "model finders"}, {"id": 2897, -"keyword": "subsequent article smooth manifolds"}, +"keyword": "afp entry core dom"}, {"id": 2898, -"keyword": "bounded wajsberg pseudo-hoops"}, +"keyword": "cakeml abstract syntax trees"}, {"id": 2899, -"keyword": "expressions involving"}, +"keyword": "keith conrad"}, {"id": 2900, +"keyword": "generating test cases"}, +{"id": 2901, +"keyword": "sorting algorithm"}, +{"id": 2902, +"keyword": "teaching purposes"}, +{"id": 2903, +"keyword": "path authorization mechanism"}, +{"id": 2904, +"keyword": "model finders"}, +{"id": 2905, +"keyword": "subsequent article smooth manifolds"}, +{"id": 2906, +"keyword": "bounded wajsberg pseudo-hoops"}, +{"id": 2907, +"keyword": "expressions involving"}, +{"id": 2908, "keyword": "basic formal framework"}, -{"id": 2901, +{"id": 2909, "keyword": "fixed natural number"}, -{"id": 2902, +{"id": 2910, "keyword": "descartes rule"}, -{"id": 2903, +{"id": 2911, "keyword": "total order relation"}, -{"id": 2904, +{"id": 2912, "keyword": "linux firewall iptables"}, -{"id": 2905, +{"id": 2913, "keyword": "hol sources underlying"}, -{"id": 2906, +{"id": 2914, "keyword": "gr bner bases"}, -{"id": 2907, +{"id": 2915, "keyword": "strict preferences"}, -{"id": 2908, +{"id": 2916, "keyword": "similar normal form"}, -{"id": 2909, -"keyword": "heap location"}, -{"id": 2910, -"keyword": "extended language"}, -{"id": 2911, -"keyword": "backward compatible"}, -{"id": 2912, -"keyword": "safely composable"}, -{"id": 2913, -"keyword": "minsky machines"}, -{"id": 2914, -"keyword": "null space"}, -{"id": 2915, -"keyword": "higher-order term algebra"}, -{"id": 2916, -"keyword": "code accessing"}, {"id": 2917, -"keyword": "semantic trees"}, +"keyword": "heap location"}, {"id": 2918, -"keyword": "featherweight ocl project"}, +"keyword": "theoretically incomparable"}, {"id": 2919, -"keyword": "well-formedness properties"}, +"keyword": "extended language"}, {"id": 2920, -"keyword": "solovay ndash"}, +"keyword": "backward compatible"}, {"id": 2921, -"keyword": "iteration operators"}, +"keyword": "safely composable"}, {"id": 2922, -"keyword": "fold build rule"}, +"keyword": "minsky machines"}, {"id": 2923, -"keyword": "category equipped"}, +"keyword": "null space"}, {"id": 2924, -"keyword": "universal composability framework"}, +"keyword": "higher-order term algebra"}, {"id": 2925, -"keyword": "decidability result"}, +"keyword": "code accessing"}, {"id": 2926, -"keyword": "closely related"}, +"keyword": "semantic trees"}, {"id": 2927, -"keyword": "optimisations suggested"}, +"keyword": "featherweight ocl project"}, {"id": 2928, -"keyword": "completely verified model checker"}, +"keyword": "well-formedness properties"}, {"id": 2929, -"keyword": "subsystems"}, +"keyword": "solovay ndash"}, {"id": 2930, -"keyword": "international system"}, +"keyword": "iteration operators"}, {"id": 2931, -"keyword": "stuttering equivalent runs"}, +"keyword": "fold build rule"}, {"id": 2932, -"keyword": "edge weights"}, +"keyword": "category equipped"}, {"id": 2933, +"keyword": "universal composability framework"}, +{"id": 2934, +"keyword": "decidability result"}, +{"id": 2935, +"keyword": "closely related"}, +{"id": 2936, +"keyword": "optimisations suggested"}, +{"id": 2937, +"keyword": "completely verified model checker"}, +{"id": 2938, +"keyword": "subsystems"}, +{"id": 2939, +"keyword": "international system"}, +{"id": 2940, +"keyword": "stuttering equivalent runs"}, +{"id": 2941, +"keyword": "edge weights"}, +{"id": 2942, "keyword": "widely studied topic"}, -{"id": 2934, +{"id": 2943, "keyword": "machine-checked version"}, -{"id": 2935, +{"id": 2944, "keyword": "planning domain definition language"}, -{"id": 2936, +{"id": 2945, "keyword": "high edge probability"}, -{"id": 2937, +{"id": 2946, "keyword": "refinement based verification"}, -{"id": 2938, -"keyword": "recursive functions heavily inspired"}, -{"id": 2939, -"keyword": "pide sub-system"}, -{"id": 2940, -"keyword": "lagrange interpolation"}, -{"id": 2941, -"keyword": "integrated pide document model"}, -{"id": 2942, -"keyword": "finite learning"}, -{"id": 2943, -"keyword": "applied relativization"}, -{"id": 2944, -"keyword": "imperative loop constructs"}, -{"id": 2945, -"keyword": "book consistency"}, -{"id": 2946, -"keyword": "cpp-2015 paper"}, {"id": 2947, -"keyword": "obtain executable code"}, +"keyword": "recursive functions heavily inspired"}, {"id": 2948, -"keyword": "basic theory"}, +"keyword": "pide sub-system"}, {"id": 2949, -"keyword": "formalisation hold"}, +"keyword": "lagrange interpolation"}, {"id": 2950, -"keyword": "probabilistic functional language"}, +"keyword": "integrated pide document model"}, {"id": 2951, -"keyword": "elements belong"}, +"keyword": "finite learning"}, {"id": 2952, -"keyword": "system describes"}, +"keyword": "applied relativization"}, {"id": 2953, +"keyword": "imperative loop constructs"}, +{"id": 2954, +"keyword": "book consistency"}, +{"id": 2955, +"keyword": "cpp-2015 paper"}, +{"id": 2956, +"keyword": "obtain executable code"}, +{"id": 2957, +"keyword": "basic theory"}, +{"id": 2958, +"keyword": "formalisation hold"}, +{"id": 2959, +"keyword": "probabilistic functional language"}, +{"id": 2960, +"keyword": "elements belong"}, +{"id": 2961, +"keyword": "system describes"}, +{"id": 2962, "keyword": "static fields"}, -{"id": 2954, +{"id": 2963, "keyword": "general formal proof techniques"}, -{"id": 2955, +{"id": 2964, "keyword": "np-complete optimization problems"}, -{"id": 2956, +{"id": 2965, "keyword": "probabilistic arguments"}, -{"id": 2957, +{"id": 2966, "keyword": "byzantine clock synchronization"}, -{"id": 2958, +{"id": 2967, "keyword": "original proof"}, -{"id": 2959, +{"id": 2968, "keyword": "cauchy completion"}, -{"id": 2960, +{"id": 2969, "keyword": "abstract bnfccs similar"}, -{"id": 2961, +{"id": 2970, "keyword": "abstract completeness theories"}, -{"id": 2962, +{"id": 2971, "keyword": "brian huffman"}, -{"id": 2963, +{"id": 2972, "keyword": "eponymous itp 2012 paper"}, -{"id": 2964, +{"id": 2973, "keyword": "prime number theorem"}, -{"id": 2965, +{"id": 2974, "keyword": "efficient deterministic parsing"}, -{"id": 2966, +{"id": 2975, "keyword": "data structure invented"}, -{"id": 2967, +{"id": 2976, "keyword": "refinement proof"}, -{"id": 2968, +{"id": 2977, "keyword": "general definition"}, -{"id": 2969, -"keyword": "completeness theorems"}, -{"id": 2970, -"keyword": "theorem prover based"}, -{"id": 2971, -"keyword": "angles requires solving"}, -{"id": 2972, -"keyword": "inductive method"}, -{"id": 2973, -"keyword": "approximation algorithm"}, -{"id": 2974, -"keyword": "possibilistic information-flow properties"}, -{"id": 2975, -"keyword": "larger arrangements due"}, -{"id": 2976, -"keyword": "axioms systems"}, -{"id": 2977, -"keyword": "visualizing class models"}, {"id": 2978, -"keyword": "linear integer polynomial"}, +"keyword": "completeness theorems"}, {"id": 2979, -"keyword": "set mapping"}, +"keyword": "theorem prover based"}, {"id": 2980, -"keyword": "formal semantics"}, +"keyword": "angles requires solving"}, {"id": 2981, +"keyword": "inductive method"}, +{"id": 2982, +"keyword": "approximation algorithm"}, +{"id": 2983, +"keyword": "possibilistic information-flow properties"}, +{"id": 2984, +"keyword": "larger arrangements due"}, +{"id": 2985, +"keyword": "axioms systems"}, +{"id": 2986, +"keyword": "visualizing class models"}, +{"id": 2987, +"keyword": "linear integer polynomial"}, +{"id": 2988, +"keyword": "set mapping"}, +{"id": 2989, +"keyword": "formal semantics"}, +{"id": 2990, "keyword": "partly recursive functions found"}, -{"id": 2982, +{"id": 2991, "keyword": "csp noninterference security"}, -{"id": 2983, +{"id": 2992, "keyword": "generate executable imperative programs"}, -{"id": 2984, +{"id": 2993, "keyword": "language-based non-interference property"}, -{"id": 2985, +{"id": 2994, "keyword": "formalisation underlying"}, -{"id": 2986, +{"id": 2995, "keyword": "jeroen ketema"}, -{"id": 2987, +{"id": 2996, "keyword": "type theory presented"}, -{"id": 2988, +{"id": 2997, "keyword": "execution involving integer matrices"}, -{"id": 2989, -"keyword": "assertion semantics unifies semantic"}, -{"id": 2990, -"keyword": "found"}, -{"id": 2991, -"keyword": "deterministic monad"}, -{"id": 2992, -"keyword": "explicit metric"}, -{"id": 2993, -"keyword": "first-order real arithmetic"}, -{"id": 2994, -"keyword": "main order fully coincides"}, -{"id": 2995, -"keyword": "safe approximation"}, -{"id": 2996, -"keyword": "general case"}, -{"id": 2997, -"keyword": "propositional clauses"}, {"id": 2998, -"keyword": "subtypes inherit"}, +"keyword": "assertion semantics unifies semantic"}, {"id": 2999, -"keyword": "jordan normal form"}, +"keyword": "found"}, {"id": 3000, -"keyword": "refinement theory"}, +"keyword": "deterministic monad"}, {"id": 3001, -"keyword": "generate theorem prover code"}, +"keyword": "explicit metric"}, {"id": 3002, -"keyword": "resuting proofs"}, +"keyword": "first-order real arithmetic"}, {"id": 3003, -"keyword": "matrix rank"}, +"keyword": "main order fully coincides"}, {"id": 3004, -"keyword": "integer polynomial belongs"}, +"keyword": "safe approximation"}, {"id": 3005, -"keyword": "well-typed programs"}, +"keyword": "general case"}, {"id": 3006, -"keyword": "binary decision trees"}, +"keyword": "propositional clauses"}, {"id": 3007, -"keyword": "decreasing diagrams showing"}, +"keyword": "subtypes inherit"}, {"id": 3008, -"keyword": "data spaces"}, +"keyword": "jordan normal form"}, {"id": 3009, -"keyword": "chapman formula"}, +"keyword": "refinement theory"}, {"id": 3010, -"keyword": "sufficient condition"}, +"keyword": "generate theorem prover code"}, {"id": 3011, -"keyword": "intricate cyclic program"}, +"keyword": "resuting proofs"}, {"id": 3012, -"keyword": "recursively expressed"}, +"keyword": "matrix rank"}, {"id": 3013, -"keyword": "robin smith"}, +"keyword": "integer polynomial belongs"}, {"id": 3014, -"keyword": "talking explicitly"}, +"keyword": "well-typed programs"}, {"id": 3015, -"keyword": "model partial correctness"}, +"keyword": "binary decision trees"}, {"id": 3016, -"keyword": "general-purpose coinductive data types"}, +"keyword": "decreasing diagrams showing"}, {"id": 3017, -"keyword": "directly follow"}, +"keyword": "data spaces"}, {"id": 3018, -"keyword": "indefinitely large set"}, +"keyword": "chapman formula"}, {"id": 3019, -"keyword": "computing enclosures"}, +"keyword": "sufficient condition"}, {"id": 3020, -"keyword": "quantum teleportation"}, +"keyword": "intricate cyclic program"}, {"id": 3021, -"keyword": "intricate part"}, +"keyword": "recursively expressed"}, {"id": 3022, +"keyword": "robin smith"}, +{"id": 3023, +"keyword": "talking explicitly"}, +{"id": 3024, +"keyword": "model partial correctness"}, +{"id": 3025, +"keyword": "general-purpose coinductive data types"}, +{"id": 3026, +"keyword": "directly follow"}, +{"id": 3027, +"keyword": "indefinitely large set"}, +{"id": 3028, +"keyword": "computing enclosures"}, +{"id": 3029, +"keyword": "quantum teleportation"}, +{"id": 3030, +"keyword": "intricate part"}, +{"id": 3031, "keyword": "external functions"}, -{"id": 3023, +{"id": 3032, "keyword": "resulting recursion induction rules"}, -{"id": 3024, +{"id": 3033, "keyword": "specific tactic support"}, -{"id": 3025, +{"id": 3034, "keyword": "promotes proof reuse"}, -{"id": 3026, +{"id": 3035, "keyword": "infinite graphs"}, -{"id": 3027, +{"id": 3036, "keyword": "planar dynamical systems"}, -{"id": 3028, +{"id": 3037, "keyword": "non-obvious closed form"}, -{"id": 3029, +{"id": 3038, "keyword": "verified programs"}, -{"id": 3030, +{"id": 3039, "keyword": "purely functional"}, -{"id": 3031, +{"id": 3040, "keyword": "conducting completely formal proofs"}, -{"id": 3032, +{"id": 3041, "keyword": "product spaces"}, -{"id": 3033, +{"id": 3042, "keyword": "cauchy sequence"}, -{"id": 3034, +{"id": 3043, "keyword": "entry adapts stream fusion"}, -{"id": 3035, +{"id": 3044, "keyword": "parallel composition"}, -{"id": 3036, +{"id": 3045, "keyword": "verified construction"}, -{"id": 3037, +{"id": 3046, "keyword": "relational parametricity"}, -{"id": 3038, +{"id": 3047, "keyword": "called residuation"}, -{"id": 3039, -"keyword": "export code"}, -{"id": 3040, -"keyword": "propositional abstract separation logic"}, -{"id": 3041, -"keyword": "knowledge compilation"}, -{"id": 3042, -"keyword": "heap sort"}, -{"id": 3043, -"keyword": "hol types"}, -{"id": 3044, -"keyword": "concepts due"}, -{"id": 3045, -"keyword": "cartesian powers"}, -{"id": 3046, -"keyword": "slightly stronger hypothesis"}, -{"id": 3047, -"keyword": "encoding based"}, {"id": 3048, -"keyword": "lexicographic extensions"}, +"keyword": "export code"}, {"id": 3049, -"keyword": "security proof"}, +"keyword": "propositional abstract separation logic"}, {"id": 3050, -"keyword": "uniquely determined product"}, +"keyword": "knowledge compilation"}, {"id": 3051, -"keyword": "input parameter"}, +"keyword": "heap sort"}, {"id": 3052, -"keyword": "model checker spin"}, +"keyword": "hol types"}, {"id": 3053, -"keyword": "stochastic matrices"}, +"keyword": "concepts due"}, {"id": 3054, +"keyword": "cartesian powers"}, +{"id": 3055, +"keyword": "slightly stronger hypothesis"}, +{"id": 3056, +"keyword": "encoding based"}, +{"id": 3057, +"keyword": "lexicographic extensions"}, +{"id": 3058, +"keyword": "security proof"}, +{"id": 3059, +"keyword": "uniquely determined product"}, +{"id": 3060, +"keyword": "input parameter"}, +{"id": 3061, +"keyword": "model checker spin"}, +{"id": 3062, +"keyword": "stochastic matrices"}, +{"id": 3063, "keyword": "original paper"}, -{"id": 3055, +{"id": 3064, "keyword": "formalization techniques presented"}, -{"id": 3056, +{"id": 3065, "keyword": "forward algorithm"}, -{"id": 3057, +{"id": 3066, "keyword": "dynamic thread creation"}, -{"id": 3058, +{"id": 3067, "keyword": "sequent calculus"}, -{"id": 3059, -"keyword": "machine-checked tree automata library"}, -{"id": 3060, -"keyword": "shared environments"}, -{"id": 3061, -"keyword": "composed protocol"}, -{"id": 3062, -"keyword": "experimental utilities"}, -{"id": 3063, -"keyword": "open publishing association"}, -{"id": 3064, -"keyword": "mit press 1995"}, -{"id": 3065, -"keyword": "design isomorphisms"}, -{"id": 3066, -"keyword": "existing approaches"}, -{"id": 3067, -"keyword": "trustworthy procedure"}, {"id": 3068, -"keyword": "varying numbers"}, +"keyword": "machine-checked tree automata library"}, {"id": 3069, -"keyword": "reduced echelon form"}, +"keyword": "shared environments"}, {"id": 3070, -"keyword": "elementary symmetric polynomials sk"}, +"keyword": "composed protocol"}, {"id": 3071, -"keyword": "related recurrence relations"}, +"keyword": "experimental utilities"}, {"id": 3072, -"keyword": "del numbers"}, +"keyword": "open publishing association"}, {"id": 3073, -"keyword": "prime iff"}, +"keyword": "mit press 1995"}, {"id": 3074, +"keyword": "design isomorphisms"}, +{"id": 3075, +"keyword": "existing approaches"}, +{"id": 3076, +"keyword": "trustworthy procedure"}, +{"id": 3077, +"keyword": "varying numbers"}, +{"id": 3078, +"keyword": "reduced echelon form"}, +{"id": 3079, +"keyword": "elementary symmetric polynomials sk"}, +{"id": 3080, +"keyword": "related recurrence relations"}, +{"id": 3081, +"keyword": "del numbers"}, +{"id": 3082, +"keyword": "prime iff"}, +{"id": 3083, "keyword": "compositional statement"}, -{"id": 3075, +{"id": 3084, "keyword": "complete proof method"}, -{"id": 3076, +{"id": 3085, "keyword": "unbounded version"}, -{"id": 3077, +{"id": 3086, "keyword": "conversion version"}, -{"id": 3078, +{"id": 3087, "keyword": "composite assertions"}, -{"id": 3079, +{"id": 3088, "keyword": "supporting automatic refinement"}, -{"id": 3080, +{"id": 3089, "keyword": "datatype package"}, -{"id": 3081, +{"id": 3090, "keyword": "transition function relation"}, -{"id": 3082, +{"id": 3091, +"keyword": "verified tool"}, +{"id": 3092, "keyword": "general version"}, -{"id": 3083, +{"id": 3093, "keyword": "prime ndash"}, -{"id": 3084, +{"id": 3094, "keyword": "horn- renamable"}, -{"id": 3085, +{"id": 3095, "keyword": "shadow dom"}, -{"id": 3086, +{"id": 3096, "keyword": "labour intensive"}, -{"id": 3087, +{"id": 3097, "keyword": "fully structured"}, -{"id": 3088, +{"id": 3098, "keyword": "numerous misunderstandings"}, -{"id": 3089, -"keyword": "basic linear algebra"}, -{"id": 3090, -"keyword": "tree theorem"}, -{"id": 3091, -"keyword": "undergraduate dissertation"}, -{"id": 3092, -"keyword": "inversions"}, -{"id": 3093, -"keyword": "nathan chong"}, -{"id": 3094, -"keyword": "greibach normal form"}, -{"id": 3095, -"keyword": "subseteq alpha order-isomorphic"}, -{"id": 3096, -"keyword": "cnf based sat algorithms"}, -{"id": 3097, -"keyword": "interactive automated relativization"}, -{"id": 3098, -"keyword": "significantly reduce"}, {"id": 3099, -"keyword": "practically usable verification environment"}, +"keyword": "basic linear algebra"}, {"id": 3100, -"keyword": "test decides primality"}, +"keyword": "tree theorem"}, {"id": 3101, -"keyword": "high annotation overhead"}, +"keyword": "undergraduate dissertation"}, {"id": 3102, +"keyword": "inversions"}, +{"id": 3103, +"keyword": "nathan chong"}, +{"id": 3104, +"keyword": "greibach normal form"}, +{"id": 3105, +"keyword": "subseteq alpha order-isomorphic"}, +{"id": 3106, +"keyword": "cnf based sat algorithms"}, +{"id": 3107, +"keyword": "interactive automated relativization"}, +{"id": 3108, +"keyword": "significantly reduce"}, +{"id": 3109, +"keyword": "practically usable verification environment"}, +{"id": 3110, +"keyword": "test decides primality"}, +{"id": 3111, +"keyword": "high annotation overhead"}, +{"id": 3112, "keyword": "law"}, -{"id": 3103, +{"id": 3113, "keyword": "itp 2011 paper"}, -{"id": 3104, +{"id": 3114, "keyword": "write operations"}, -{"id": 3105, +{"id": 3115, "keyword": "upper semicontinuous"}, -{"id": 3106, +{"id": 3116, "keyword": "labour cost"}, -{"id": 3107, +{"id": 3117, "keyword": "context relation"}, -{"id": 3108, +{"id": 3118, "keyword": "bounded-length strings"}, -{"id": 3109, +{"id": 3119, "keyword": "verification techniques"}, -{"id": 3110, +{"id": 3120, "keyword": "constant-time findmin"}, -{"id": 3111, +{"id": 3121, "keyword": "thick chamber complexes endowed"}, -{"id": 3112, +{"id": 3122, "keyword": "lifts resolution derivation steps"}, -{"id": 3113, +{"id": 3123, "keyword": "data structures depending"}, -{"id": 3114, +{"id": 3124, "keyword": "richard char-tung lee"}, -{"id": 3115, +{"id": 3125, "keyword": "supports mutual recursion"}, -{"id": 3116, +{"id": 3126, "keyword": "evaluation homomorphisms"}, -{"id": 3117, +{"id": 3127, "keyword": "surjective function"}, -{"id": 3118, +{"id": 3128, "keyword": "code generator"}, -{"id": 3119, +{"id": 3129, "keyword": "ten lemmas"}, -{"id": 3120, +{"id": 3130, "keyword": "degree bounds"}, -{"id": 3121, +{"id": 3131, "keyword": "countable ordinals"}, -{"id": 3122, +{"id": 3132, "keyword": "hybrid game"}, -{"id": 3123, +{"id": 3133, "keyword": "propositional linear-time temporal logic"}, -{"id": 3124, +{"id": 3134, "keyword": "code compilation"}, -{"id": 3125, +{"id": 3135, "keyword": "security concepts"}, -{"id": 3126, +{"id": 3136, "keyword": "negated subquery"}, -{"id": 3127, +{"id": 3137, "keyword": "partial equivalence relations"}, -{"id": 3128, +{"id": 3138, "keyword": "type class real_algebra_1"}, -{"id": 3129, -"keyword": "gauss-jordan algorithm states"}, -{"id": 3130, -"keyword": "hol4 formalization"}, -{"id": 3131, -"keyword": "stein"}, -{"id": 3132, -"keyword": "password authenticated connection establishment"}, -{"id": 3133, -"keyword": "over-approximate relational logics"}, -{"id": 3134, -"keyword": "difficulty arises"}, -{"id": 3135, -"keyword": "paulson"}, -{"id": 3136, -"keyword": "difficult"}, -{"id": 3137, -"keyword": "ip address ranges"}, -{"id": 3138, -"keyword": "basic toolbox"}, {"id": 3139, -"keyword": "pseudo-wajsberg algebras"}, +"keyword": "gauss-jordan algorithm states"}, {"id": 3140, -"keyword": "suitable invariants"}, +"keyword": "hol4 formalization"}, {"id": 3141, -"keyword": "basic topological facts"}, +"keyword": "stein"}, {"id": 3142, +"keyword": "password authenticated connection establishment"}, +{"id": 3143, +"keyword": "over-approximate relational logics"}, +{"id": 3144, +"keyword": "difficulty arises"}, +{"id": 3145, +"keyword": "paulson"}, +{"id": 3146, +"keyword": "difficult"}, +{"id": 3147, +"keyword": "ip address ranges"}, +{"id": 3148, +"keyword": "basic toolbox"}, +{"id": 3149, +"keyword": "pseudo-wajsberg algebras"}, +{"id": 3150, +"keyword": "suitable invariants"}, +{"id": 3151, +"keyword": "basic topological facts"}, +{"id": 3152, "keyword": "integer components"}, -{"id": 3143, +{"id": 3153, "keyword": "track counter-party obligations"}, -{"id": 3144, +{"id": 3154, "keyword": "sigma function"}, -{"id": 3145, +{"id": 3155, "keyword": "global security guarantee"}, -{"id": 3146, +{"id": 3156, "keyword": "symmetric polynomial"}, -{"id": 3147, +{"id": 3157, "keyword": "interactive theorem proving sch16"}, -{"id": 3148, +{"id": 3158, "keyword": "dirk pfl ger"}, -{"id": 3149, -"keyword": "local lexing"}, -{"id": 3150, -"keyword": "lower semicontinuous"}, -{"id": 3151, -"keyword": "single unit"}, -{"id": 3152, -"keyword": "mechanizing gauss"}, -{"id": 3153, -"keyword": "multi-stage compiler verifications"}, -{"id": 3154, -"keyword": "theorem"}, -{"id": 3155, -"keyword": "formalising baker"}, -{"id": 3156, -"keyword": "formal guarantees"}, -{"id": 3157, -"keyword": "classical registers"}, -{"id": 3158, -"keyword": "results"}, {"id": 3159, -"keyword": "usual monad laws"}, +"keyword": "local lexing"}, {"id": 3160, -"keyword": "implement probabilistic algorithms"}, +"keyword": "lower semicontinuous"}, {"id": 3161, -"keyword": "daniel schoepe"}, +"keyword": "single unit"}, {"id": 3162, -"keyword": "isar conversion"}, +"keyword": "mechanizing gauss"}, {"id": 3163, -"keyword": "standard compliant formalization"}, +"keyword": "multi-stage compiler verifications"}, {"id": 3164, -"keyword": "finite group"}, +"keyword": "theorem"}, {"id": 3165, -"keyword": "frobenius endomorphism"}, +"keyword": "formalising baker"}, {"id": 3166, -"keyword": "elliott mendelson"}, +"keyword": "formal guarantees"}, {"id": 3167, -"keyword": "nominal logic"}, +"keyword": "classical registers"}, {"id": 3168, -"keyword": "separation-logic based correctness proofs"}, +"keyword": "results"}, {"id": 3169, -"keyword": "distinct algebraic numbers alpha_i"}, +"keyword": "usual monad laws"}, {"id": 3170, -"keyword": "macaulay matrix constructed"}, +"keyword": "implement probabilistic algorithms"}, {"id": 3171, -"keyword": "refinement orders"}, +"keyword": "daniel schoepe"}, {"id": 3172, -"keyword": "biggest part"}, +"keyword": "isar conversion"}, {"id": 3173, -"keyword": "continuation semantics"}, +"keyword": "standard compliant formalization"}, {"id": 3174, -"keyword": "riemann integral"}, +"keyword": "finite group"}, {"id": 3175, +"keyword": "frobenius endomorphism"}, +{"id": 3176, +"keyword": "elliott mendelson"}, +{"id": 3177, +"keyword": "nominal logic"}, +{"id": 3178, +"keyword": "separation-logic based correctness proofs"}, +{"id": 3179, +"keyword": "distinct algebraic numbers alpha_i"}, +{"id": 3180, +"keyword": "macaulay matrix constructed"}, +{"id": 3181, +"keyword": "refinement orders"}, +{"id": 3182, +"keyword": "biggest part"}, +{"id": 3183, +"keyword": "continuation semantics"}, +{"id": 3184, +"keyword": "riemann integral"}, +{"id": 3185, "keyword": "automated theorem proving"}, -{"id": 3176, +{"id": 3186, "keyword": "functional arrays"}, -{"id": 3177, +{"id": 3187, "keyword": "previous unifiers"}, -{"id": 3178, +{"id": 3188, "keyword": "crowds protocol"}, -{"id": 3179, +{"id": 3189, "keyword": "spark certify"}, -{"id": 3180, +{"id": 3190, "keyword": "classic non-randomised quicksort"}, -{"id": 3181, +{"id": 3191, "keyword": "verifying techniques"}, -{"id": 3182, +{"id": 3192, "keyword": "automated reasoning tools"}, -{"id": 3183, +{"id": 3193, "keyword": "official standard"}, -{"id": 3184, +{"id": 3194, "keyword": "vital part"}, -{"id": 3185, +{"id": 3195, "keyword": "integer polynomials"}, -{"id": 3186, +{"id": 3196, "keyword": "borrow terminology"}, -{"id": 3187, +{"id": 3197, "keyword": "supported unicode characters"}, -{"id": 3188, +{"id": 3198, "keyword": "projective plane geometry"}, -{"id": 3189, -"keyword": "programs checking certificates"}, -{"id": 3190, -"keyword": "conjunctive normal forms"}, -{"id": 3191, -"keyword": "chapters 7-9"}, -{"id": 3192, -"keyword": "floor divided"}, -{"id": 3193, -"keyword": "ringed spaces"}, -{"id": 3194, -"keyword": "draft paper"}, -{"id": 3195, -"keyword": "employ code equations"}, -{"id": 3196, -"keyword": "transformations"}, -{"id": 3197, -"keyword": "negative solution"}, -{"id": 3198, -"keyword": "lifting algebraic laws point-wise"}, {"id": 3199, -"keyword": "observed sequence"}, +"keyword": "programs checking certificates"}, {"id": 3200, -"keyword": "dogged previous mechanised proofs"}, +"keyword": "conjunctive normal forms"}, {"id": 3201, -"keyword": "hol overhead"}, +"keyword": "chapters 7-9"}, {"id": 3202, +"keyword": "floor divided"}, +{"id": 3203, +"keyword": "ringed spaces"}, +{"id": 3204, +"keyword": "draft paper"}, +{"id": 3205, +"keyword": "employ code equations"}, +{"id": 3206, +"keyword": "transformations"}, +{"id": 3207, +"keyword": "negative solution"}, +{"id": 3208, +"keyword": "lifting algebraic laws point-wise"}, +{"id": 3209, +"keyword": "observed sequence"}, +{"id": 3210, +"keyword": "dogged previous mechanised proofs"}, +{"id": 3211, +"keyword": "hol overhead"}, +{"id": 3212, "keyword": "open problem"}, -{"id": 3203, +{"id": 3213, "keyword": "girth-chromatic number theorem"}, -{"id": 3204, +{"id": 3214, "keyword": "scheduling activity"}, -{"id": 3205, +{"id": 3215, "keyword": "simplicial complex"}, -{"id": 3206, +{"id": 3216, "keyword": "formalisation continues"}, -{"id": 3207, +{"id": 3217, "keyword": "monotonic functions"}, -{"id": 3208, +{"id": 3218, "keyword": "alphabet letters"}, -{"id": 3209, -"keyword": "executable proof checker"}, -{"id": 3210, -"keyword": "failures-divergences pair"}, -{"id": 3211, -"keyword": "synthesize imperative programs"}, -{"id": 3212, -"keyword": "communicating products"}, -{"id": 3213, -"keyword": "geodesic spaces"}, -{"id": 3214, -"keyword": "branches guarded"}, -{"id": 3215, -"keyword": "deg"}, -{"id": 3216, -"keyword": "restricted definition"}, -{"id": 3217, -"keyword": "first-order functional language"}, -{"id": 3218, -"keyword": "diagrammatic modeling language"}, {"id": 3219, -"keyword": "system types"}, +"keyword": "executable proof checker"}, {"id": 3220, -"keyword": "formalization builds"}, +"keyword": "failures-divergences pair"}, {"id": 3221, -"keyword": "analyze sufficient conditions"}, +"keyword": "synthesize imperative programs"}, {"id": 3222, +"keyword": "communicating products"}, +{"id": 3223, +"keyword": "geodesic spaces"}, +{"id": 3224, +"keyword": "branches guarded"}, +{"id": 3225, +"keyword": "deg"}, +{"id": 3226, +"keyword": "restricted definition"}, +{"id": 3227, +"keyword": "first-order functional language"}, +{"id": 3228, +"keyword": "diagrammatic modeling language"}, +{"id": 3229, +"keyword": "system types"}, +{"id": 3230, +"keyword": "formalization builds"}, +{"id": 3231, +"keyword": "analyze sufficient conditions"}, +{"id": 3232, "keyword": "implementation"}, -{"id": 3223, +{"id": 3233, "keyword": "reading heads asynchronously"}, -{"id": 3224, +{"id": 3234, "keyword": "experimental general-purpose proof methods"}, -{"id": 3225, +{"id": 3235, "keyword": "game theory"}, -{"id": 3226, +{"id": 3236, "keyword": "verifying dynamic"}, -{"id": 3227, +{"id": 3237, "keyword": "hol code generator"}, -{"id": 3228, +{"id": 3238, "keyword": "additional iteration laws"}, -{"id": 3229, -"keyword": "steam boiler system"}, -{"id": 3230, -"keyword": "reflection formula"}, -{"id": 3231, -"keyword": "nested multiset order"}, -{"id": 3232, -"keyword": "algebraic semantics"}, -{"id": 3233, -"keyword": "underlying algorithmic mechanisms"}, -{"id": 3234, -"keyword": "concurrent composition"}, -{"id": 3235, -"keyword": "elementary theory"}, -{"id": 3236, -"keyword": "outwards-pointing normal vector"}, -{"id": 3237, -"keyword": "matrices represented"}, -{"id": 3238, -"keyword": "factored representation"}, {"id": 3239, -"keyword": "leftmost reduction"}, +"keyword": "steam boiler system"}, {"id": 3240, -"keyword": "specification language statecharts"}, +"keyword": "reflection formula"}, {"id": 3241, -"keyword": "larger cardinality"}, +"keyword": "nested multiset order"}, {"id": 3242, -"keyword": "side conditions"}, +"keyword": "algebraic semantics"}, {"id": 3243, -"keyword": "imperative language constructs"}, +"keyword": "underlying algorithmic mechanisms"}, {"id": 3244, -"keyword": "automatic data refinement"}, +"keyword": "concurrent composition"}, {"id": 3245, -"keyword": "theory listinf list2"}, +"keyword": "elementary theory"}, {"id": 3246, -"keyword": "formal implementation"}, +"keyword": "outwards-pointing normal vector"}, {"id": 3247, -"keyword": "presented theory"}, +"keyword": "matrices represented"}, {"id": 3248, -"keyword": "stronger safety guarantees"}, +"keyword": "factored representation"}, {"id": 3249, -"keyword": "network protocols"}, +"keyword": "leftmost reduction"}, {"id": 3250, -"keyword": "separation logic connective"}, +"keyword": "specification language statecharts"}, {"id": 3251, -"keyword": "playfair axiom"}, +"keyword": "larger cardinality"}, {"id": 3252, -"keyword": "local parallel compositions"}, +"keyword": "side conditions"}, {"id": 3253, -"keyword": "cartesian closed"}, +"keyword": "imperative language constructs"}, {"id": 3254, -"keyword": "xml trees"}, +"keyword": "automatic data refinement"}, {"id": 3255, +"keyword": "theory listinf list2"}, +{"id": 3256, +"keyword": "formal implementation"}, +{"id": 3257, +"keyword": "presented theory"}, +{"id": 3258, +"keyword": "stronger safety guarantees"}, +{"id": 3259, +"keyword": "network protocols"}, +{"id": 3260, +"keyword": "separation logic connective"}, +{"id": 3261, +"keyword": "playfair axiom"}, +{"id": 3262, +"keyword": "local parallel compositions"}, +{"id": 3263, +"keyword": "cartesian closed"}, +{"id": 3264, +"keyword": "xml trees"}, +{"id": 3265, "keyword": "resulting tree"}, -{"id": 3256, +{"id": 3266, "keyword": "natural number"}, -{"id": 3257, +{"id": 3267, "keyword": "regular algebras"}, -{"id": 3258, +{"id": 3268, "keyword": "type preservation"}, -{"id": 3259, +{"id": 3269, "keyword": "field-theoretic nullstellensatz"}, -{"id": 3260, +{"id": 3270, "keyword": "document object model"}, -{"id": 3261, +{"id": 3271, "keyword": "shortest path"}, -{"id": 3262, +{"id": 3272, "keyword": "finite sound extensions"}, -{"id": 3263, +{"id": 3273, "keyword": "parametricity infrastructure"}, -{"id": 3264, +{"id": 3274, "keyword": "entry builds"}, -{"id": 3265, +{"id": 3275, "keyword": "finding proofs"}, -{"id": 3266, +{"id": 3276, "keyword": "eventual consistency property"}, -{"id": 3267, +{"id": 3277, "keyword": "step-wise refinement based"}, -{"id": 3268, +{"id": 3278, "keyword": "average number"}, -{"id": 3269, -"keyword": "subject reduction property"}, -{"id": 3270, -"keyword": "exchanging data sets"}, -{"id": 3271, -"keyword": "refinement kleene algebra"}, -{"id": 3272, -"keyword": "coinductive formalisations"}, -{"id": 3273, -"keyword": "exponential functions"}, -{"id": 3274, -"keyword": "constructions based"}, -{"id": 3275, -"keyword": "simple procedure call mechanism"}, -{"id": 3276, -"keyword": "find operation"}, -{"id": 3277, -"keyword": "entry strong security"}, -{"id": 3278, -"keyword": "0-1-2-principle"}, {"id": 3279, -"keyword": "associative lists"}, +"keyword": "subject reduction property"}, {"id": 3280, -"keyword": "state-based semantics based"}, +"keyword": "exchanging data sets"}, {"id": 3281, -"keyword": "hol theory listextras"}, +"keyword": "refinement kleene algebra"}, {"id": 3282, -"keyword": "code generator setup"}, +"keyword": "coinductive formalisations"}, {"id": 3283, -"keyword": "algorithm"}, +"keyword": "exponential functions"}, {"id": 3284, -"keyword": "static analysis"}, +"keyword": "constructions based"}, {"id": 3285, -"keyword": "symmetry arguments"}, +"keyword": "simple procedure call mechanism"}, {"id": 3286, -"keyword": "sepref tool"}, +"keyword": "find operation"}, {"id": 3287, -"keyword": "collection datastructures"}, +"keyword": "entry strong security"}, {"id": 3288, -"keyword": "verifying program correctness"}, +"keyword": "0-1-2-principle"}, {"id": 3289, -"keyword": "unit propagation"}, +"keyword": "associative lists"}, {"id": 3290, -"keyword": "highly informal"}, +"keyword": "state-based semantics based"}, {"id": 3291, -"keyword": "industrial systems"}, +"keyword": "hol theory listextras"}, {"id": 3292, -"keyword": "work revealed minor"}, +"keyword": "code generator setup"}, {"id": 3293, -"keyword": "smaller fixed fraction returned"}, +"keyword": "algorithm"}, {"id": 3294, -"keyword": "inverse transform intt"}, +"keyword": "static analysis"}, {"id": 3295, +"keyword": "symmetry arguments"}, +{"id": 3296, +"keyword": "sepref tool"}, +{"id": 3297, +"keyword": "collection datastructures"}, +{"id": 3298, +"keyword": "verifying program correctness"}, +{"id": 3299, +"keyword": "unit propagation"}, +{"id": 3300, +"keyword": "highly informal"}, +{"id": 3301, +"keyword": "industrial systems"}, +{"id": 3302, +"keyword": "work revealed minor"}, +{"id": 3303, +"keyword": "smaller fixed fraction returned"}, +{"id": 3304, +"keyword": "inverse transform intt"}, +{"id": 3305, "keyword": "annotated commands"}, -{"id": 3296, +{"id": 3306, "keyword": "randomized approximation algorithms"}, -{"id": 3297, +{"id": 3307, "keyword": "check"}, -{"id": 3298, +{"id": 3308, "keyword": "extended version"}, -{"id": 3299, +{"id": 3309, "keyword": "monotone predicate"}, -{"id": 3300, +{"id": 3310, "keyword": "dom respect component boundaries"}, -{"id": 3301, +{"id": 3311, "keyword": "eventual consistency"}, -{"id": 3302, +{"id": 3312, "keyword": "hyperdual extensions"}, -{"id": 3303, +{"id": 3313, "keyword": "static single assignment"}, -{"id": 3304, +{"id": 3314, "keyword": "security guarantees"}, -{"id": 3305, +{"id": 3315, "keyword": "underlying algebra"}, -{"id": 3306, +{"id": 3316, "keyword": "unit resolution"}, -{"id": 3307, +{"id": 3317, "keyword": "non-adjacent distinct vertices"}, -{"id": 3308, +{"id": 3318, "keyword": "large computations"}, -{"id": 3309, +{"id": 3319, "keyword": "detailed calculations"}, -{"id": 3310, +{"id": 3320, "keyword": "parametrizable equality functions"}, -{"id": 3311, +{"id": 3321, "keyword": "formal proof assistant"}, -{"id": 3312, +{"id": 3322, +"keyword": "traditional query languages"}, +{"id": 3323, "keyword": "sat solver installs"}, -{"id": 3313, +{"id": 3324, "keyword": "hf set theory"}, -{"id": 3314, +{"id": 3325, "keyword": "counting sort"}, -{"id": 3315, +{"id": 3326, "keyword": "mathematical tools"}, -{"id": 3316, +{"id": 3327, "keyword": "inversion rules"}, -{"id": 3317, +{"id": 3328, "keyword": "calculating cauchy indices"}, -{"id": 3318, +{"id": 3329, "keyword": "price determination"}, -{"id": 3319, +{"id": 3330, "keyword": "x_1 varepsilon"}, -{"id": 3320, +{"id": 3331, "keyword": "univariate polynomial"}, -{"id": 3321, +{"id": 3332, "keyword": "executable tool translating ltl"}, -{"id": 3322, +{"id": 3333, "keyword": "previous cc formalization constructive_cryptography"}, -{"id": 3323, +{"id": 3334, "keyword": "container framework"}, -{"id": 3324, +{"id": 3335, "keyword": "order relation"}, -{"id": 3325, +{"id": 3336, "keyword": "reflective quantifier elimination procedures"}, -{"id": 3326, +{"id": 3337, "keyword": "concrete version"}, -{"id": 3327, +{"id": 3338, "keyword": "drinks machine"}, -{"id": 3328, +{"id": 3339, "keyword": "security properties"}, -{"id": 3329, +{"id": 3340, "keyword": "analytical arguments"}, -{"id": 3330, +{"id": 3341, "keyword": "anonymous social choice function"}, -{"id": 3331, +{"id": 3342, "keyword": "crowning achievements"}, -{"id": 3332, +{"id": 3343, "keyword": "concurrency primitives"}, -{"id": 3333, +{"id": 3344, "keyword": "quantum computing"}, -{"id": 3334, +{"id": 3345, "keyword": "fixed choice"}, -{"id": 3335, +{"id": 3346, "keyword": "graph saturation"}, -{"id": 3336, +{"id": 3347, "keyword": "signed diffie-hellman"}, -{"id": 3337, +{"id": 3348, "keyword": "characterization theorem"}, -{"id": 3338, +{"id": 3349, "keyword": "ground terms induced"}, -{"id": 3339, +{"id": 3350, "keyword": "universal properties"}, -{"id": 3340, +{"id": 3351, "keyword": "weakest precondition component"}, -{"id": 3341, +{"id": 3352, "keyword": "proof theory"}, -{"id": 3342, +{"id": 3353, "keyword": "hol code generation facilities"}, -{"id": 3343, +{"id": 3354, "keyword": "logarithmic time"}, -{"id": 3344, +{"id": 3355, "keyword": "unsolvable system"}, -{"id": 3345, +{"id": 3356, "keyword": "handle equality tests"}, -{"id": 3346, +{"id": 3357, "keyword": "bad sequences"}, -{"id": 3347, +{"id": 3358, "keyword": "bounded number"}, -{"id": 3348, +{"id": 3359, "keyword": "model formulas"}, -{"id": 3349, -"keyword": "minor technical issue"}, -{"id": 3350, -"keyword": "thomas jech"}, -{"id": 3351, -"keyword": "expected utility function"}, -{"id": 3352, -"keyword": "gram-schmidt process"}, -{"id": 3353, -"keyword": "logically equivalent"}, -{"id": 3354, -"keyword": "decision problem"}, -{"id": 3355, -"keyword": "create executable scala code"}, -{"id": 3356, -"keyword": "specifies compilation"}, -{"id": 3357, -"keyword": "unbounded sequences"}, -{"id": 3358, -"keyword": "implies confluence"}, -{"id": 3359, -"keyword": "unifying theories"}, {"id": 3360, -"keyword": "linearly ordered commutative semigroups"}, +"keyword": "minor technical issue"}, {"id": 3361, -"keyword": "assembly-to-machine step"}, +"keyword": "thomas jech"}, {"id": 3362, -"keyword": "called galois fields"}, +"keyword": "expected utility function"}, {"id": 3363, -"keyword": "module development"}, +"keyword": "gram-schmidt process"}, {"id": 3364, -"keyword": "geometric proof"}, +"keyword": "logically equivalent"}, {"id": 3365, -"keyword": "mirroring beringer"}, +"keyword": "decision problem"}, {"id": 3366, -"keyword": "autonomous vehicle"}, +"keyword": "create executable scala code"}, {"id": 3367, -"keyword": "routing table"}, +"keyword": "specifies compilation"}, {"id": 3368, -"keyword": "standard prelude"}, +"keyword": "unbounded sequences"}, {"id": 3369, -"keyword": "formal correctness proofs"}, +"keyword": "implies confluence"}, {"id": 3370, -"keyword": "schneider"}, +"keyword": "unifying theories"}, {"id": 3371, -"keyword": "probabilistic timed automata"}, +"keyword": "linearly ordered commutative semigroups"}, {"id": 3372, -"keyword": "finite functions"}, +"keyword": "assembly-to-machine step"}, {"id": 3373, -"keyword": "reflexive transitive closure operation"}, +"keyword": "called galois fields"}, {"id": 3374, -"keyword": "sequential semantics"}, +"keyword": "module development"}, {"id": 3375, -"keyword": "countable transitive model"}, +"keyword": "geometric proof"}, {"id": 3376, -"keyword": "allowed nominals"}, +"keyword": "mirroring beringer"}, {"id": 3377, -"keyword": "1 javier esparza"}, +"keyword": "autonomous vehicle"}, {"id": 3378, -"keyword": "afp entry abstract completeness"}, +"keyword": "routing table"}, {"id": 3379, -"keyword": "lll algorithm"}, +"keyword": "standard prelude"}, {"id": 3380, -"keyword": "proof search procedure"}, +"keyword": "formal correctness proofs"}, {"id": 3381, -"keyword": "dynamic class initialization"}, +"keyword": "schneider"}, {"id": 3382, -"keyword": "colon-separated notation"}, +"keyword": "probabilistic timed automata"}, {"id": 3383, -"keyword": "factoring polynomials"}, +"keyword": "finite functions"}, {"id": 3384, -"keyword": "machine-checked proofs"}, +"keyword": "reflexive transitive closure operation"}, {"id": 3385, -"keyword": "strong eventual consistency"}, +"keyword": "sequential semantics"}, {"id": 3386, -"keyword": "wilf theorem"}, +"keyword": "countable transitive model"}, {"id": 3387, -"keyword": "information managed"}, +"keyword": "allowed nominals"}, {"id": 3388, -"keyword": "skew product"}, +"keyword": "1 javier esparza"}, {"id": 3389, -"keyword": "modern sat solvers"}, +"keyword": "afp entry abstract completeness"}, {"id": 3390, -"keyword": "sqrt sin"}, +"keyword": "lll algorithm"}, {"id": 3391, -"keyword": "protocol abstracts"}, +"keyword": "proof search procedure"}, {"id": 3392, -"keyword": "inefficient variant"}, +"keyword": "dynamic class initialization"}, {"id": 3393, -"keyword": "ordinary functions"}, +"keyword": "colon-separated notation"}, {"id": 3394, -"keyword": "accompanying algebraic laws"}, +"keyword": "factoring polynomials"}, {"id": 3395, -"keyword": "equivalent characterisations"}, +"keyword": "machine-checked proofs"}, {"id": 3396, -"keyword": "semantic back-ends"}, +"keyword": "strong eventual consistency"}, {"id": 3397, -"keyword": "algebraic structures based"}, +"keyword": "wilf theorem"}, {"id": 3398, -"keyword": "pairing heaps"}, +"keyword": "information managed"}, {"id": 3399, -"keyword": "elementary symmetric polynomials e1"}, +"keyword": "skew product"}, {"id": 3400, -"keyword": "called separating implication"}, +"keyword": "modern sat solvers"}, {"id": 3401, -"keyword": "removes exception handler entries"}, +"keyword": "sqrt sin"}, {"id": 3402, -"keyword": "column space"}, +"keyword": "protocol abstracts"}, {"id": 3403, -"keyword": "applied call-by-"}, +"keyword": "inefficient variant"}, {"id": 3404, -"keyword": "free logic"}, +"keyword": "ordinary functions"}, {"id": 3405, -"keyword": "hadjicostas ndash"}, +"keyword": "accompanying algebraic laws"}, {"id": 3406, -"keyword": "formal text lines"}, +"keyword": "equivalent characterisations"}, {"id": 3407, -"keyword": "predicate transformers"}, +"keyword": "semantic back-ends"}, {"id": 3408, -"keyword": "perfect logicians"}, +"keyword": "algebraic structures based"}, {"id": 3409, -"keyword": "removes syntactic sugar"}, +"keyword": "pairing heaps"}, {"id": 3410, -"keyword": "salomon sickert"}, +"keyword": "elementary symmetric polynomials e1"}, {"id": 3411, -"keyword": "axioms constructed"}, +"keyword": "called separating implication"}, {"id": 3412, -"keyword": "state space"}, +"keyword": "removes exception handler entries"}, {"id": 3413, -"keyword": "akra-bazzi theorem"}, +"keyword": "column space"}, {"id": 3414, -"keyword": "fall back"}, +"keyword": "applied call-by-"}, {"id": 3415, -"keyword": "lyndon-sch tzenberger theorem"}, +"keyword": "free logic"}, {"id": 3416, +"keyword": "hadjicostas ndash"}, +{"id": 3417, +"keyword": "formal text lines"}, +{"id": 3418, +"keyword": "predicate transformers"}, +{"id": 3419, +"keyword": "perfect logicians"}, +{"id": 3420, +"keyword": "removes syntactic sugar"}, +{"id": 3421, +"keyword": "salomon sickert"}, +{"id": 3422, +"keyword": "axioms constructed"}, +{"id": 3423, +"keyword": "state space"}, +{"id": 3424, +"keyword": "akra-bazzi theorem"}, +{"id": 3425, +"keyword": "fall back"}, +{"id": 3426, +"keyword": "lyndon-sch tzenberger theorem"}, +{"id": 3427, "keyword": "binary decision diagram"}, -{"id": 3417, +{"id": 3428, "keyword": "extended real numbers"}, -{"id": 3418, +{"id": 3429, "keyword": "programming applications"}, -{"id": 3419, +{"id": 3430, "keyword": "harmonic numbers"}, -{"id": 3420, +{"id": 3431, "keyword": "independent publication"}, -{"id": 3421, +{"id": 3432, "keyword": "deep learning"}, -{"id": 3422, +{"id": 3433, "keyword": "arbitrary infinite proofs"}, -{"id": 3423, +{"id": 3434, "keyword": "objects based"}, -{"id": 3424, +{"id": 3435, "keyword": "syntactic rewrite rules"}, -{"id": 3425, +{"id": 3436, "keyword": "shortest vector problem"}, -{"id": 3426, +{"id": 3437, "keyword": "pen-and-paper proof"}, -{"id": 3427, +{"id": 3438, "keyword": "controller constraints"}, -{"id": 3428, +{"id": 3439, "keyword": "verified compilation toolchain"}, -{"id": 3429, -"keyword": "search algorithms"}, -{"id": 3430, -"keyword": "tableau systems"}, -{"id": 3431, -"keyword": "constant time queue"}, -{"id": 3432, -"keyword": "performs comparable"}, -{"id": 3433, -"keyword": "arbitrary length"}, -{"id": 3434, -"keyword": "lim"}, -{"id": 3435, -"keyword": "unique factorization domain"}, -{"id": 3436, -"keyword": "divisor function sigma"}, -{"id": 3437, -"keyword": "resolvable designs"}, -{"id": 3438, -"keyword": "verified refinement step"}, -{"id": 3439, -"keyword": "duggan-schwartz theorems"}, {"id": 3440, -"keyword": "greedy algorithms"}, +"keyword": "search algorithms"}, {"id": 3441, -"keyword": "irreducible cfgs"}, +"keyword": "tableau systems"}, {"id": 3442, -"keyword": "computational models complicates comparisons"}, +"keyword": "constant time queue"}, {"id": 3443, -"keyword": "linear"}, +"keyword": "performs comparable"}, {"id": 3444, -"keyword": "interval traversing results"}, +"keyword": "arbitrary length"}, {"id": 3445, -"keyword": "key composition property"}, +"keyword": "lim"}, {"id": 3446, -"keyword": "human readable style"}, +"keyword": "unique factorization domain"}, {"id": 3447, -"keyword": "small step program refinement"}, +"keyword": "divisor function sigma"}, {"id": 3448, -"keyword": "foundations established"}, +"keyword": "resolvable designs"}, {"id": 3449, -"keyword": "pythagorean triples"}, +"keyword": "verified refinement step"}, {"id": 3450, -"keyword": "linear map"}, +"keyword": "duggan-schwartz theorems"}, {"id": 3451, -"keyword": "mathematical book written"}, +"keyword": "greedy algorithms"}, {"id": 3452, -"keyword": "javascript world"}, +"keyword": "irreducible cfgs"}, {"id": 3453, -"keyword": "binary multirelations associate elements"}, +"keyword": "computational models complicates comparisons"}, {"id": 3454, -"keyword": "large-scale shared mutable content"}, +"keyword": "linear"}, {"id": 3455, -"keyword": "infinite games"}, +"keyword": "interval traversing results"}, {"id": 3456, +"keyword": "key composition property"}, +{"id": 3457, +"keyword": "human readable style"}, +{"id": 3458, +"keyword": "small step program refinement"}, +{"id": 3459, +"keyword": "foundations established"}, +{"id": 3460, +"keyword": "pythagorean triples"}, +{"id": 3461, +"keyword": "linear map"}, +{"id": 3462, +"keyword": "mathematical book written"}, +{"id": 3463, +"keyword": "javascript world"}, +{"id": 3464, +"keyword": "binary multirelations associate elements"}, +{"id": 3465, +"keyword": "large-scale shared mutable content"}, +{"id": 3466, +"keyword": "infinite games"}, +{"id": 3467, "keyword": "lower-level language based"}, -{"id": 3457, +{"id": 3468, "keyword": "appearing numbers"}, -{"id": 3458, +{"id": 3469, "keyword": "real matrix"}, -{"id": 3459, +{"id": 3470, "keyword": "non-deterministic finite state machine"}, -{"id": 3460, +{"id": 3471, "keyword": "infinitary nominal data type"}, -{"id": 3461, +{"id": 3472, "keyword": "main result"}, -{"id": 3462, +{"id": 3473, "keyword": "positive rationals"}, -{"id": 3463, +{"id": 3474, "keyword": "state sigma_a"}, -{"id": 3464, +{"id": 3475, "keyword": "security policy"}, -{"id": 3465, +{"id": 3476, "keyword": "secure multiple case studies"}, -{"id": 3466, +{"id": 3477, "keyword": "cayley-hamilton afp entries"}, -{"id": 3467, +{"id": 3478, "keyword": "hoc network"}, -{"id": 3468, +{"id": 3479, "keyword": "type classes"}, -{"id": 3469, +{"id": 3480, "keyword": "afp entry amortized complexity"}, -{"id": 3470, +{"id": 3481, "keyword": "star-free regular expressions"}, -{"id": 3471, +{"id": 3482, "keyword": "regular language identity"}, -{"id": 3472, +{"id": 3483, "keyword": "cardinality formula assuming"}, -{"id": 3473, +{"id": 3484, "keyword": "nodes"}, -{"id": 3474, +{"id": 3485, "keyword": "standard semirings"}, -{"id": 3475, +{"id": 3486, "keyword": "data state manipulations"}, -{"id": 3476, +{"id": 3487, "keyword": "single exponential blow-"}, -{"id": 3477, +{"id": 3488, "keyword": "involved path"}, -{"id": 3478, +{"id": 3489, "keyword": "executable data structures"}, -{"id": 3479, +{"id": 3490, "keyword": "partition theorem states"}, -{"id": 3480, +{"id": 3491, "keyword": "riemann zeta"}, -{"id": 3481, +{"id": 3492, "keyword": "doctoral thesis"}, -{"id": 3482, +{"id": 3493, "keyword": "driving application"}, -{"id": 3483, +{"id": 3494, "keyword": "largest power"}, -{"id": 3484, +{"id": 3495, "keyword": "verified algorithms"}, -{"id": 3485, +{"id": 3496, "keyword": "infer interleaves statements"}, -{"id": 3486, +{"id": 3497, "keyword": "reversed morphisms"}, -{"id": 3487, +{"id": 3498, "keyword": "algebraic framework"}, -{"id": 3488, +{"id": 3499, "keyword": "model systems"}, -{"id": 3489, +{"id": 3500, "keyword": "submission"}, -{"id": 3490, +{"id": 3501, "keyword": "structured proof techniques"}, -{"id": 3491, +{"id": 3502, "keyword": "exponential golomb codes"}, -{"id": 3492, +{"id": 3503, "keyword": "document class"}, -{"id": 3493, +{"id": 3504, "keyword": "infinite sequence"}, -{"id": 3494, +{"id": 3505, "keyword": "multivariate taylor models"}, -{"id": 3495, +{"id": 3506, "keyword": "conference interactive theorem proving"}, -{"id": 3496, +{"id": 3507, "keyword": "approach produced"}, -{"id": 3497, +{"id": 3508, "keyword": "financial market"}, -{"id": 3498, +{"id": 3509, "keyword": "infinite horizon mdps"}, -{"id": 3499, +{"id": 3510, "keyword": "system verification"}, -{"id": 3500, +{"id": 3511, "keyword": "arithmetic progression"}, -{"id": 3501, +{"id": 3512, "keyword": "external communication clocking"}, -{"id": 3502, +{"id": 3513, "keyword": "transport theorems"}, -{"id": 3503, +{"id": 3514, "keyword": "simply-typed lambda terms"}, -{"id": 3504, +{"id": 3515, "keyword": "slightly mars"}, -{"id": 3505, +{"id": 3516, "keyword": "bisimulation equivalence"}, -{"id": 3506, +{"id": 3517, "keyword": "simplify protocol verification"}, -{"id": 3507, +{"id": 3518, "keyword": "unverified checkers"}, -{"id": 3508, +{"id": 3519, "keyword": "ijcar 2014 publication"}, -{"id": 3509, +{"id": 3520, "keyword": "dining philosopher problem"}, -{"id": 3510, -"keyword": "linearly independent"}, -{"id": 3511, -"keyword": "removing intermediate list structures"}, -{"id": 3512, -"keyword": "hand canonical notions"}, -{"id": 3513, -"keyword": "general sets"}, -{"id": 3514, -"keyword": "afp representation"}, -{"id": 3515, -"keyword": "symmetric multivariate polynomials"}, -{"id": 3516, -"keyword": "store buffer forwarding"}, -{"id": 3517, -"keyword": "key concepts"}, -{"id": 3518, -"keyword": "one-time efforts benefit"}, -{"id": 3519, -"keyword": "polynomial interpretations"}, -{"id": 3520, -"keyword": "leq alpha"}, {"id": 3521, -"keyword": "constructing correct programs"}, +"keyword": "linearly independent"}, {"id": 3522, -"keyword": "blackboard pattern"}, +"keyword": "removing intermediate list structures"}, {"id": 3523, -"keyword": "chagu rand"}, +"keyword": "hand canonical notions"}, {"id": 3524, -"keyword": "version due"}, +"keyword": "general sets"}, {"id": 3525, -"keyword": "symbolic transitions systems"}, +"keyword": "afp representation"}, {"id": 3526, -"keyword": "differs slightly"}, +"keyword": "symmetric multivariate polynomials"}, {"id": 3527, -"keyword": "fundamental properties"}, +"keyword": "store buffer forwarding"}, {"id": 3528, -"keyword": "powerful mathematical tools"}, +"keyword": "key concepts"}, {"id": 3529, -"keyword": "proof system"}, +"keyword": "one-time efforts benefit"}, {"id": 3530, -"keyword": "equivalence checker"}, +"keyword": "polynomial interpretations"}, {"id": 3531, -"keyword": "deletion preserve weight-balance"}, +"keyword": "leq alpha"}, {"id": 3532, -"keyword": "sparse relations"}, +"keyword": "constructing correct programs"}, {"id": 3533, -"keyword": "under-approximate hoare logic"}, +"keyword": "blackboard pattern"}, {"id": 3534, -"keyword": "code generation setup"}, +"keyword": "chagu rand"}, {"id": 3535, -"keyword": "underlying disambiguation strategy"}, +"keyword": "version due"}, {"id": 3536, -"keyword": "non-negative real-"}, +"keyword": "symbolic transitions systems"}, {"id": 3537, +"keyword": "differs slightly"}, +{"id": 3538, +"keyword": "fundamental properties"}, +{"id": 3539, +"keyword": "powerful mathematical tools"}, +{"id": 3540, +"keyword": "proof system"}, +{"id": 3541, +"keyword": "equivalence checker"}, +{"id": 3542, +"keyword": "deletion preserve weight-balance"}, +{"id": 3543, +"keyword": "sparse relations"}, +{"id": 3544, +"keyword": "under-approximate hoare logic"}, +{"id": 3545, +"keyword": "code generation setup"}, +{"id": 3546, +"keyword": "underlying disambiguation strategy"}, +{"id": 3547, +"keyword": "non-negative real-"}, +{"id": 3548, "keyword": "opinion"}, -{"id": 3538, +{"id": 3549, "keyword": "efficient root isolation"}, -{"id": 3539, +{"id": 3550, "keyword": "machine words"}, -{"id": 3540, +{"id": 3551, "keyword": "class type constructors"}, -{"id": 3541, +{"id": 3552, "keyword": "large real-world firewall"}, -{"id": 3542, +{"id": 3553, "keyword": "equational axiomatisation"}, -{"id": 3543, +{"id": 3554, "keyword": "solution obtained"}, -{"id": 3544, +{"id": 3555, "keyword": "convert ltl formulas"}, -{"id": 3545, +{"id": 3556, "keyword": "naive union operation"}, -{"id": 3546, +{"id": 3557, "keyword": "saturation-based heuristic prover"}, -{"id": 3547, +{"id": 3558, "keyword": "multiple relational databases"}, -{"id": 3548, +{"id": 3559, "keyword": "distinct prime factors"}, -{"id": 3549, +{"id": 3560, "keyword": "first-order logic completeness theorem"}, -{"id": 3550, +{"id": 3561, "keyword": "imp commands"}, -{"id": 3551, +{"id": 3562, "keyword": "periodic function"}, -{"id": 3552, +{"id": 3563, "keyword": "design pattern"}, -{"id": 3553, +{"id": 3564, "keyword": "obtain efficient code"}, -{"id": 3554, +{"id": 3565, "keyword": "chi automata"}, -{"id": 3555, +{"id": 3566, "keyword": "featuring program-level requirements"}, -{"id": 3556, +{"id": 3567, "keyword": "requested computation"}, -{"id": 3557, +{"id": 3568, "keyword": "finite maps"}, -{"id": 3558, +{"id": 3569, "keyword": "symmetric range"}, -{"id": 3559, +{"id": 3570, "keyword": "work implements"}, -{"id": 3560, +{"id": 3571, "keyword": "analytic continuation"}, -{"id": 3561, +{"id": 3572, "keyword": "demonic refinement algebra"}, -{"id": 3562, +{"id": 3573, "keyword": "list lookup operation"}, -{"id": 3563, +{"id": 3574, "keyword": "recursively inseparable"}, -{"id": 3564, +{"id": 3575, "keyword": "efficient factorization algorithm"}, -{"id": 3565, +{"id": 3576, "keyword": "port proofs"}, -{"id": 3566, +{"id": 3577, "keyword": "present article"}, -{"id": 3567, +{"id": 3578, "keyword": "axiom system"}, -{"id": 3568, +{"id": 3579, "keyword": "partial procedure"}, -{"id": 3569, +{"id": 3580, "keyword": "van der waerden number"}, -{"id": 3570, -"keyword": "abstract file represented"}, -{"id": 3571, -"keyword": "paper multi-head monitoring"}, -{"id": 3572, -"keyword": "extract ocaml code"}, -{"id": 3573, -"keyword": "linear inqualities"}, -{"id": 3574, -"keyword": "real-time constraints"}, -{"id": 3575, -"keyword": "equivalence classes"}, -{"id": 3576, -"keyword": "probabilistic loop termination"}, -{"id": 3577, -"keyword": "validate termination"}, -{"id": 3578, -"keyword": "large-scale stream processing systems"}, -{"id": 3579, -"keyword": "functional implementation based"}, -{"id": 3580, -"keyword": "abstract cfg"}, {"id": 3581, -"keyword": "polymorphic edge type"}, +"keyword": "safe-range queries evaluate"}, {"id": 3582, -"keyword": "theories presents"}, +"keyword": "abstract file represented"}, {"id": 3583, -"keyword": "rank-nullity theorem generalises"}, +"keyword": "paper multi-head monitoring"}, {"id": 3584, -"keyword": "major case study"}, +"keyword": "extract ocaml code"}, {"id": 3585, +"keyword": "linear inqualities"}, +{"id": 3586, +"keyword": "real-time constraints"}, +{"id": 3587, +"keyword": "equivalence classes"}, +{"id": 3588, +"keyword": "probabilistic loop termination"}, +{"id": 3589, +"keyword": "validate termination"}, +{"id": 3590, +"keyword": "large-scale stream processing systems"}, +{"id": 3591, +"keyword": "functional implementation based"}, +{"id": 3592, +"keyword": "abstract cfg"}, +{"id": 3593, +"keyword": "polymorphic edge type"}, +{"id": 3594, +"keyword": "theories presents"}, +{"id": 3595, +"keyword": "rank-nullity theorem generalises"}, +{"id": 3596, +"keyword": "major case study"}, +{"id": 3597, "keyword": "obtain efficient certified algorithms"}, -{"id": 3586, +{"id": 3598, "keyword": "complex case"}, -{"id": 3587, +{"id": 3599, "keyword": "lei97 alexander leitsch"}, -{"id": 3588, +{"id": 3600, "keyword": "existing libraries"}, -{"id": 3589, +{"id": 3601, "keyword": "type information"}, -{"id": 3590, +{"id": 3602, "keyword": "dprm theorem"}, -{"id": 3591, +{"id": 3603, "keyword": "quickstart guide"}, -{"id": 3592, +{"id": 3604, "keyword": "simple"}, -{"id": 3593, +{"id": 3605, "keyword": "gaussian integer formalisation"}, -{"id": 3594, +{"id": 3606, "keyword": "shannon decomposition"}, -{"id": 3595, +{"id": 3607, "keyword": "axiom"}, -{"id": 3596, +{"id": 3608, "keyword": "abstract specification"}, -{"id": 3597, +{"id": 3609, "keyword": "cidr notation"}, -{"id": 3598, +{"id": 3610, "keyword": "path lengths"}, -{"id": 3599, +{"id": 3611, "keyword": "discounted infinite horizon mdps"}, -{"id": 3600, +{"id": 3612, "keyword": "stricter safety guarantess"}, -{"id": 3601, +{"id": 3613, "keyword": "similar cegar-"}, -{"id": 3602, +{"id": 3614, "keyword": "floyd-warshall algorithm flo62"}, -{"id": 3603, +{"id": 3615, "keyword": "infinite form"}, -{"id": 3604, +{"id": 3616, "keyword": "inverse transform ifntt"}, -{"id": 3605, +{"id": 3617, "keyword": "underlying category"}, -{"id": 3606, +{"id": 3618, "keyword": "integers modulo"}, -{"id": 3607, +{"id": 3619, "keyword": "isomorphism classes"}, -{"id": 3608, +{"id": 3620, "keyword": "laplace transform"}, -{"id": 3609, +{"id": 3621, "keyword": "stepwise inductive definition"}, -{"id": 3610, -"keyword": "hol multivariate analysis"}, -{"id": 3611, -"keyword": "spectral radius theory"}, -{"id": 3612, -"keyword": "viterbi algorithm"}, -{"id": 3613, -"keyword": "directed graph"}, -{"id": 3614, -"keyword": "correct construction"}, -{"id": 3615, -"keyword": "yoneda lemma"}, -{"id": 3616, -"keyword": "kleene algebras endowed"}, -{"id": 3617, -"keyword": "autoref tool"}, -{"id": 3618, -"keyword": "simple while-language"}, -{"id": 3619, -"keyword": "pace authentication key"}, -{"id": 3620, -"keyword": "herglotz"}, -{"id": 3621, -"keyword": "relation-algebraic concepts"}, {"id": 3622, -"keyword": "periodically adjusting"}, +"keyword": "hol multivariate analysis"}, {"id": 3623, -"keyword": "hol-multivariate analysis library"}, +"keyword": "spectral radius theory"}, {"id": 3624, -"keyword": "reproduce faithfully"}, +"keyword": "viterbi algorithm"}, {"id": 3625, -"keyword": "generic fixed-width words"}, +"keyword": "directed graph"}, {"id": 3626, -"keyword": "counting partial equivalence relations"}, +"keyword": "correct construction"}, {"id": 3627, -"keyword": "additional indeterminate"}, +"keyword": "yoneda lemma"}, {"id": 3628, -"keyword": "message confidentiality"}, +"keyword": "kleene algebras endowed"}, {"id": 3629, -"keyword": "work comprises proofs"}, +"keyword": "autoref tool"}, {"id": 3630, -"keyword": "vandermonde matrices"}, +"keyword": "simple while-language"}, {"id": 3631, -"keyword": "original language"}, +"keyword": "pace authentication key"}, {"id": 3632, -"keyword": "verifies infinite families"}, +"keyword": "herglotz"}, {"id": 3633, -"keyword": "afp entry saturation_framework"}, +"keyword": "relation-algebraic concepts"}, {"id": 3634, -"keyword": "detailed presentation"}, +"keyword": "periodically adjusting"}, {"id": 3635, -"keyword": "executable algorithms based"}, +"keyword": "hol-multivariate analysis library"}, {"id": 3636, -"keyword": "art formal verification methods"}, +"keyword": "reproduce faithfully"}, {"id": 3637, -"keyword": "automatically executed programs"}, +"keyword": "generic fixed-width words"}, {"id": 3638, -"keyword": "verified monitor implements"}, +"keyword": "counting partial equivalence relations"}, {"id": 3639, -"keyword": "security expressed"}, +"keyword": "additional indeterminate"}, {"id": 3640, -"keyword": "subsystems involves causality"}, +"keyword": "message confidentiality"}, {"id": 3641, -"keyword": "byte-level little-endian memory model"}, +"keyword": "work comprises proofs"}, {"id": 3642, -"keyword": "tail-recursive generalization"}, +"keyword": "vandermonde matrices"}, {"id": 3643, -"keyword": "automatic differentiation"}, +"keyword": "original language"}, {"id": 3644, -"keyword": "paper compositional verification"}, +"keyword": "verifies infinite families"}, {"id": 3645, -"keyword": "set monad notation"}, +"keyword": "afp entry saturation_framework"}, {"id": 3646, -"keyword": "georgia notes"}, +"keyword": "detailed presentation"}, {"id": 3647, -"keyword": "plas 2009 paper"}, +"keyword": "executable algorithms based"}, {"id": 3648, -"keyword": "intransitive noninterference policy"}, +"keyword": "art formal verification methods"}, {"id": 3649, -"keyword": "interactive convergence algorithm"}, +"keyword": "automatically executed programs"}, {"id": 3650, -"keyword": "provably demonstrate"}, +"keyword": "verified monitor implements"}, {"id": 3651, -"keyword": "center selection"}, +"keyword": "security expressed"}, {"id": 3652, -"keyword": "forward differentiation"}, +"keyword": "subsystems involves causality"}, {"id": 3653, -"keyword": "automatic methods"}, +"keyword": "byte-level little-endian memory model"}, {"id": 3654, -"keyword": "classical dpll procedure"}, +"keyword": "tail-recursive generalization"}, {"id": 3655, -"keyword": "lifting"}, +"keyword": "automatic differentiation"}, {"id": 3656, -"keyword": "lehmer"}, +"keyword": "paper compositional verification"}, {"id": 3657, -"keyword": "electronic proceedings"}, +"keyword": "set monad notation"}, {"id": 3658, -"keyword": "inventors vickrey"}, +"keyword": "georgia notes"}, {"id": 3659, -"keyword": "one-complete computably enumerable set"}, +"keyword": "plas 2009 paper"}, {"id": 3660, -"keyword": "conway semirings extended"}, +"keyword": "intransitive noninterference policy"}, {"id": 3661, -"keyword": "pseudonymous identifiers output"}, +"keyword": "interactive convergence algorithm"}, {"id": 3662, -"keyword": "unverified translation"}, +"keyword": "provably demonstrate"}, {"id": 3663, -"keyword": "recently proposed framework"}, +"keyword": "center selection"}, {"id": 3664, -"keyword": "marriage theorem"}, +"keyword": "forward differentiation"}, {"id": 3665, -"keyword": "modern day politics"}, +"keyword": "automatic methods"}, {"id": 3666, +"keyword": "classical dpll procedure"}, +{"id": 3667, +"keyword": "lifting"}, +{"id": 3668, +"keyword": "lehmer"}, +{"id": 3669, +"keyword": "electronic proceedings"}, +{"id": 3670, +"keyword": "inventors vickrey"}, +{"id": 3671, +"keyword": "one-complete computably enumerable set"}, +{"id": 3672, +"keyword": "conway semirings extended"}, +{"id": 3673, +"keyword": "pseudonymous identifiers output"}, +{"id": 3674, +"keyword": "unverified translation"}, +{"id": 3675, +"keyword": "recently proposed framework"}, +{"id": 3676, +"keyword": "marriage theorem"}, +{"id": 3677, +"keyword": "modern day politics"}, +{"id": 3678, "keyword": "abstract reasoning"}, -{"id": 3667, +{"id": 3679, "keyword": "adjunctions"}, -{"id": 3668, +{"id": 3680, "keyword": "solomon feferman"}, -{"id": 3669, +{"id": 3681, "keyword": "babylonian method"}, -{"id": 3670, +{"id": 3682, "keyword": "phd thesis"}, -{"id": 3671, +{"id": 3683, "keyword": "formal analysis"}, -{"id": 3672, +{"id": 3684, "keyword": "implemented multi-"}, -{"id": 3673, +{"id": 3685, "keyword": "proposes axiom systems"}, -{"id": 3674, +{"id": 3686, "keyword": "called hol-csp 1"}, -{"id": 3675, +{"id": 3687, "keyword": "explicit bottom element"}, -{"id": 3676, +{"id": 3688, "keyword": "vandermonde identity"}, -{"id": 3677, +{"id": 3689, "keyword": "infinite type"}, -{"id": 3678, +{"id": 3690, "keyword": "ergodic theory"}, -{"id": 3679, +{"id": 3691, "keyword": "establishing strong eventual consistency"}, -{"id": 3680, +{"id": 3692, "keyword": "two-element security lattice"}, -{"id": 3681, +{"id": 3693, "keyword": "document presents"}, -{"id": 3682, +{"id": 3694, "keyword": "model checker"}, -{"id": 3683, +{"id": 3695, "keyword": "abstract proof"}, -{"id": 3684, +{"id": 3696, "keyword": "standard real cartesian model"}, -{"id": 3685, +{"id": 3697, "keyword": "holcf extension"}, -{"id": 3686, +{"id": 3698, "keyword": "development relies"}, -{"id": 3687, +{"id": 3699, "keyword": "basic identities"}, -{"id": 3688, +{"id": 3700, "keyword": "periodic bernoulli polynomials"}, -{"id": 3689, +{"id": 3701, "keyword": "protocols sharing common structure"}, -{"id": 3690, +{"id": 3702, "keyword": "attack tree validity"}, -{"id": 3691, +{"id": 3703, "keyword": "generic dfs algorithm framework"}, -{"id": 3692, +{"id": 3704, "keyword": "many-sorted problem"}, -{"id": 3693, +{"id": 3705, "keyword": "smallest number n_"}, -{"id": 3694, +{"id": 3706, "keyword": "laurent expansion"}, -{"id": 3695, +{"id": 3707, "keyword": "supports low-effort security proofs"}, -{"id": 3696, +{"id": 3708, "keyword": "natural homomorphism"}, -{"id": 3697, +{"id": 3709, "keyword": "potential applications"}, -{"id": 3698, +{"id": 3710, "keyword": "entire polynomial ring"}, -{"id": 3699, +{"id": 3711, "keyword": "differential dynamic logic"}, -{"id": 3700, +{"id": 3712, "keyword": "wpo subsumes kbo"}, -{"id": 3701, +{"id": 3713, "keyword": "top 100 mathematical theorems"}, -{"id": 3702, +{"id": 3714, "keyword": "beukers"}, -{"id": 3703, +{"id": 3715, "keyword": "first-order logic"}, -{"id": 3704, +{"id": 3716, "keyword": "canton protocol"}, -{"id": 3705, +{"id": 3717, "keyword": "linear temporal logic"}, -{"id": 3706, +{"id": 3718, "keyword": "newton puiseux theorem"}, -{"id": 3707, +{"id": 3719, "keyword": "safely composable web components"}, -{"id": 3708, +{"id": 3720, "keyword": "function"}, -{"id": 3709, +{"id": 3721, "keyword": "canonical isomorphism"}, -{"id": 3710, +{"id": 3722, "keyword": "grounding sets"}, -{"id": 3711, +{"id": 3723, "keyword": "characteristic polynomials"}, -{"id": 3712, +{"id": 3724, "keyword": "fibonacci numbers"}, -{"id": 3713, +{"id": 3725, "keyword": "control-flow graphs"}, -{"id": 3714, +{"id": 3726, "keyword": "public key cryptography"}, -{"id": 3715, +{"id": 3727, "keyword": "leading coefficient"}, -{"id": 3716, +{"id": 3728, "keyword": "denotational semantics"}, -{"id": 3717, +{"id": 3729, "keyword": "utilizing modern proof assistants"}, -{"id": 3718, +{"id": 3730, "keyword": "integral domains"}, -{"id": 3719, +{"id": 3731, "keyword": "generalized sylvester matrices"}, -{"id": 3720, +{"id": 3732, "keyword": "case statements"}, -{"id": 3721, +{"id": 3733, "keyword": "arbitrary size"}, -{"id": 3722, +{"id": 3734, "keyword": "concurrent systems"}, -{"id": 3723, +{"id": 3735, "keyword": "greatly reducing"}, -{"id": 3724, +{"id": 3736, "keyword": "matching"}, -{"id": 3725, +{"id": 3737, "keyword": "event shared"}, -{"id": 3726, +{"id": 3738, "keyword": "distributed ledgers"}, -{"id": 3727, +{"id": 3739, "keyword": "john bruntse larsen"}, -{"id": 3728, +{"id": 3740, "keyword": "gauss-jordan algorithm"}, -{"id": 3729, +{"id": 3741, "keyword": "existing tools"}, -{"id": 3730, +{"id": 3742, "keyword": "accompanying paper"}, -{"id": 3731, -"keyword": "developing methods"}, -{"id": 3732, -"keyword": "edmonds theorem"}, -{"id": 3733, -"keyword": "basic result"}, -{"id": 3734, -"keyword": "program dependence graphs"}, -{"id": 3735, -"keyword": "reference point"}, -{"id": 3736, -"keyword": "unwinding theorem"}, -{"id": 3737, -"keyword": "class-preserving learning"}, -{"id": 3738, -"keyword": "natural deduction proof calculus"}, -{"id": 3739, -"keyword": "compiler technology"}, -{"id": 3740, -"keyword": "monoidal functor"}, -{"id": 3741, -"keyword": "bst"}, -{"id": 3742, -"keyword": "greatest fixpoints"}, {"id": 3743, -"keyword": "cover records"}, +"keyword": "developing methods"}, {"id": 3744, -"keyword": "entire prover"}, +"keyword": "edmonds theorem"}, {"id": 3745, -"keyword": "quantum registers"}, +"keyword": "basic result"}, {"id": 3746, +"keyword": "program dependence graphs"}, +{"id": 3747, +"keyword": "reference point"}, +{"id": 3748, +"keyword": "unwinding theorem"}, +{"id": 3749, +"keyword": "class-preserving learning"}, +{"id": 3750, +"keyword": "natural deduction proof calculus"}, +{"id": 3751, +"keyword": "compiler technology"}, +{"id": 3752, +"keyword": "monoidal functor"}, +{"id": 3753, +"keyword": "bst"}, +{"id": 3754, +"keyword": "greatest fixpoints"}, +{"id": 3755, +"keyword": "cover records"}, +{"id": 3756, +"keyword": "entire prover"}, +{"id": 3757, +"keyword": "quantum registers"}, +{"id": 3758, "keyword": "security properties turn"}, -{"id": 3747, +{"id": 3759, "keyword": "locale assumptions correspond"}, -{"id": 3748, +{"id": 3760, "keyword": "monotonic predicate transformers"}, -{"id": 3749, +{"id": 3761, "keyword": "exponential reconstruction phase"}, -{"id": 3750, +{"id": 3762, "keyword": "monad transformers"}, -{"id": 3751, +{"id": 3763, "keyword": "process invariant"}, -{"id": 3752, +{"id": 3764, "keyword": "original algorithm presented"}, -{"id": 3753, +{"id": 3765, "keyword": "count distinct real roots"}, -{"id": 3754, +{"id": 3766, "keyword": "standard verification technology"}, -{"id": 3755, +{"id": 3767, "keyword": "frobenius reciprocity"}, -{"id": 3756, +{"id": 3768, "keyword": "static intraprocedural slicing"}, -{"id": 3757, +{"id": 3769, "keyword": "de bruijn indices"}, -{"id": 3758, +{"id": 3770, "keyword": "real closed field"}, -{"id": 3759, +{"id": 3771, "keyword": "compare encodability criteria"}, -{"id": 3760, +{"id": 3772, "keyword": "final theorem statement"}, -{"id": 3761, +{"id": 3773, "keyword": "timing information"}, -{"id": 3762, +{"id": 3774, "keyword": "high-level security goals"}, -{"id": 3763, +{"id": 3775, "keyword": "pop-refinement enables"}, -{"id": 3764, +{"id": 3776, "keyword": "sylow theorem"}, -{"id": 3765, +{"id": 3777, "keyword": "abstract type"}, -{"id": 3766, +{"id": 3778, "keyword": "ipv6 address space"}, -{"id": 3767, +{"id": 3779, "keyword": "solver based"}, -{"id": 3768, +{"id": 3780, "keyword": "resulting set"}, -{"id": 3769, +{"id": 3781, "keyword": "sheldon axler"}, -{"id": 3770, +{"id": 3782, "keyword": "nominal datatype package"}, -{"id": 3771, -"keyword": "gaussian integers"}, -{"id": 3772, -"keyword": "paper"}, -{"id": 3773, -"keyword": "information observed"}, -{"id": 3774, -"keyword": "tim gowers"}, -{"id": 3775, -"keyword": "radical coordinates"}, -{"id": 3776, -"keyword": "existing proof"}, -{"id": 3777, -"keyword": "landmark information flow property"}, -{"id": 3778, -"keyword": "afp entry category theory"}, -{"id": 3779, -"keyword": "cambridge university press"}, -{"id": 3780, -"keyword": "classical noninterference security"}, -{"id": 3781, -"keyword": "advanced set-theoretic concepts"}, -{"id": 3782, -"keyword": "concurrent kleene algebra"}, {"id": 3783, -"keyword": "nigsberg bridge problem"}, +"keyword": "gaussian integers"}, {"id": 3784, -"keyword": "algebraic numbers"}, +"keyword": "paper"}, {"id": 3785, -"keyword": "formal semantics designed"}, +"keyword": "information observed"}, {"id": 3786, -"keyword": "planetmath article"}, +"keyword": "tim gowers"}, {"id": 3787, -"keyword": "call-by-"}, +"keyword": "radical coordinates"}, {"id": 3788, -"keyword": "linearised looplessly"}, +"keyword": "existing proof"}, {"id": 3789, -"keyword": "dependency graph approximations"}, +"keyword": "landmark information flow property"}, {"id": 3790, -"keyword": "adam smith"}, +"keyword": "afp entry category theory"}, {"id": 3791, -"keyword": "basic geometric facts"}, +"keyword": "cambridge university press"}, {"id": 3792, -"keyword": "processor maintains"}, +"keyword": "classical noninterference security"}, {"id": 3793, -"keyword": "yufei zhao"}, +"keyword": "advanced set-theoretic concepts"}, {"id": 3794, -"keyword": "abstract functions modelled directly"}, +"keyword": "concurrent kleene algebra"}, {"id": 3795, -"keyword": "compiled code execution"}, +"keyword": "nigsberg bridge problem"}, {"id": 3796, -"keyword": "derive proof rules"}, +"keyword": "algebraic numbers"}, {"id": 3797, -"keyword": "ordinary transition systems"}, +"keyword": "formal semantics designed"}, {"id": 3798, -"keyword": "generating function proof"}, +"keyword": "planetmath article"}, {"id": 3799, -"keyword": "equational axioms"}, +"keyword": "call-by-"}, {"id": 3800, -"keyword": "entry lies"}, +"keyword": "linearised looplessly"}, {"id": 3801, -"keyword": "basic setting"}, +"keyword": "dependency graph approximations"}, {"id": 3802, -"keyword": "systematic development"}, +"keyword": "adam smith"}, {"id": 3803, -"keyword": "primitive recursive function"}, +"keyword": "basic geometric facts"}, {"id": 3804, -"keyword": "continuous linear operators"}, +"keyword": "processor maintains"}, {"id": 3805, -"keyword": "linux-based firewall"}, +"keyword": "yufei zhao"}, {"id": 3806, -"keyword": "clock synchronization"}, +"keyword": "abstract functions modelled directly"}, {"id": 3807, -"keyword": "ocl standard targeting"}, +"keyword": "compiled code execution"}, {"id": 3808, -"keyword": "coprime polynomials"}, +"keyword": "derive proof rules"}, {"id": 3809, -"keyword": "high-level view"}, +"keyword": "ordinary transition systems"}, {"id": 3810, -"keyword": "architectural design patterns"}, +"keyword": "generating function proof"}, {"id": 3811, -"keyword": "computing dominators due"}, +"keyword": "equational axioms"}, {"id": 3812, -"keyword": "generalised binomial coefficients"}, +"keyword": "entry lies"}, {"id": 3813, -"keyword": "beth hintikka-style completeness proofs"}, +"keyword": "basic setting"}, {"id": 3814, -"keyword": "transfinite induction"}, +"keyword": "systematic development"}, {"id": 3815, -"keyword": "linear independence"}, +"keyword": "primitive recursive function"}, {"id": 3816, -"keyword": "work presents"}, +"keyword": "continuous linear operators"}, {"id": 3817, -"keyword": "simple relation-algebraic semantics"}, +"keyword": "linux-based firewall"}, {"id": 3818, -"keyword": "real-word firewall errors"}, +"keyword": "clock synchronization"}, {"id": 3819, +"keyword": "ocl standard targeting"}, +{"id": 3820, +"keyword": "coprime polynomials"}, +{"id": 3821, +"keyword": "high-level view"}, +{"id": 3822, +"keyword": "architectural design patterns"}, +{"id": 3823, +"keyword": "computing dominators due"}, +{"id": 3824, +"keyword": "generalised binomial coefficients"}, +{"id": 3825, +"keyword": "beth hintikka-style completeness proofs"}, +{"id": 3826, +"keyword": "transfinite induction"}, +{"id": 3827, +"keyword": "linear independence"}, +{"id": 3828, +"keyword": "work presents"}, +{"id": 3829, +"keyword": "simple relation-algebraic semantics"}, +{"id": 3830, +"keyword": "real-word firewall errors"}, +{"id": 3831, "keyword": "static intraprocedural slicing based"}, -{"id": 3820, +{"id": 3832, "keyword": "circus language"}, -{"id": 3821, +{"id": 3833, "keyword": "book proof theory"}, -{"id": 3822, +{"id": 3834, "keyword": "main results verified"}, -{"id": 3823, +{"id": 3835, "keyword": "volume greater"}, -{"id": 3824, +{"id": 3836, "keyword": "finite limits"}, -{"id": 3825, +{"id": 3837, "keyword": "axiomatic definition"}, -{"id": 3826, +{"id": 3838, "keyword": "comparison-based sorting algorithm"}, -{"id": 3827, +{"id": 3839, "keyword": "extensions written"}, -{"id": 3828, +{"id": 3840, "keyword": "arbitrary linear order"}, -{"id": 3829, +{"id": 3841, "keyword": "axiomatic framework"}, -{"id": 3830, +{"id": 3842, "keyword": "minimal complete sets"}, -{"id": 3831, -"keyword": "abstract syntax tree generated"}, -{"id": 3832, -"keyword": "formulas"}, -{"id": 3833, -"keyword": "classes simply"}, -{"id": 3834, -"keyword": "introductory sections"}, -{"id": 3835, -"keyword": "logging-dependent message anonymity"}, -{"id": 3836, -"keyword": "traversing sets"}, -{"id": 3837, -"keyword": "high-school student"}, -{"id": 3838, -"keyword": "factoring square-free integer polynomials"}, -{"id": 3839, -"keyword": "linear bound argument"}, -{"id": 3840, -"keyword": "extreme simplicity"}, -{"id": 3841, -"keyword": "frobenius theorem based"}, -{"id": 3842, -"keyword": "mentioned logics"}, {"id": 3843, -"keyword": "single variable ranging"}, +"keyword": "abstract syntax tree generated"}, {"id": 3844, -"keyword": "optimal binary search trees"}, +"keyword": "formulas"}, {"id": 3845, -"keyword": "incremental verification"}, +"keyword": "classes simply"}, {"id": 3846, -"keyword": "articles ai-communications aic764"}, +"keyword": "introductory sections"}, {"id": 3847, -"keyword": "1 infty"}, +"keyword": "logging-dependent message anonymity"}, {"id": 3848, -"keyword": "infinite key range"}, +"keyword": "traversing sets"}, {"id": 3849, -"keyword": "elementary methods"}, +"keyword": "high-school student"}, {"id": 3850, -"keyword": "larger rings"}, +"keyword": "factoring square-free integer polynomials"}, {"id": 3851, -"keyword": "infinite paths"}, +"keyword": "linear bound argument"}, {"id": 3852, -"keyword": "virtual methods"}, +"keyword": "extreme simplicity"}, {"id": 3853, -"keyword": "tail-recursive function definitions"}, +"keyword": "frobenius theorem based"}, {"id": 3854, -"keyword": "hierarchical automaton"}, +"keyword": "mentioned logics"}, {"id": 3855, -"keyword": "cantor normal form"}, +"keyword": "single variable ranging"}, {"id": 3856, -"keyword": "modeling real-time systems"}, +"keyword": "optimal binary search trees"}, {"id": 3857, -"keyword": "hol users"}, +"keyword": "incremental verification"}, {"id": 3858, -"keyword": "distinct layers"}, +"keyword": "articles ai-communications aic764"}, {"id": 3859, +"keyword": "1 infty"}, +{"id": 3860, +"keyword": "infinite key range"}, +{"id": 3861, +"keyword": "elementary methods"}, +{"id": 3862, +"keyword": "larger rings"}, +{"id": 3863, +"keyword": "infinite paths"}, +{"id": 3864, +"keyword": "virtual methods"}, +{"id": 3865, +"keyword": "tail-recursive function definitions"}, +{"id": 3866, +"keyword": "hierarchical automaton"}, +{"id": 3867, +"keyword": "cantor normal form"}, +{"id": 3868, +"keyword": "modeling real-time systems"}, +{"id": 3869, +"keyword": "hol users"}, +{"id": 3870, +"keyword": "distinct layers"}, +{"id": 3871, "keyword": "knuth ndash"}, -{"id": 3860, +{"id": 3872, "keyword": "recursion theory --- definitions"}, -{"id": 3861, +{"id": 3873, "keyword": "general framework"}, -{"id": 3862, +{"id": 3874, "keyword": "modern web browser"}, -{"id": 3863, +{"id": 3875, "keyword": "hol light formalisation"}, -{"id": 3864, +{"id": 3876, "keyword": "complete lattices"}, -{"id": 3865, +{"id": 3877, "keyword": "original theorem statement"}, -{"id": 3866, +{"id": 3878, "keyword": "requirements"}, -{"id": 3867, +{"id": 3879, "keyword": "randomly generated inputs"}, -{"id": 3868, +{"id": 3880, "keyword": "convolution theorem thereon"}, -{"id": 3869, +{"id": 3881, "keyword": "topological boolean algebras"}, -{"id": 3870, +{"id": 3882, "keyword": "coinductive entry"}, -{"id": 3871, +{"id": 3883, "keyword": "range search algorithm"}, -{"id": 3872, +{"id": 3884, "keyword": "code generator maps"}, -{"id": 3873, +{"id": 3885, "keyword": "circus environment supports"}, -{"id": 3874, +{"id": 3886, "keyword": "additional notions"}, -{"id": 3875, +{"id": 3887, "keyword": "graph regularity"}, -{"id": 3876, +{"id": 3888, "keyword": "problem arithmetic progressions"}, -{"id": 3877, +{"id": 3889, "keyword": "security requirements expressed"}, -{"id": 3878, +{"id": 3890, "keyword": "many-sorted first-order logic"}, -{"id": 3879, +{"id": 3891, "keyword": "formal cryptographic protocol verification"}, -{"id": 3880, +{"id": 3892, "keyword": "easily justified"}, -{"id": 3881, +{"id": 3893, "keyword": "parallel postulates"}, -{"id": 3882, +{"id": 3894, "keyword": "spanning basic algorithms"}, -{"id": 3883, +{"id": 3895, "keyword": "compilation target"}, -{"id": 3884, +{"id": 3896, "keyword": "authenticated data structures"}, -{"id": 3885, +{"id": 3897, "keyword": "features exceptions"}, -{"id": 3886, +{"id": 3898, "keyword": "ordinal alpha"}, -{"id": 3887, +{"id": 3899, "keyword": "ltl properties"}, -{"id": 3888, +{"id": 3900, "keyword": "theory change"}, -{"id": 3889, +{"id": 3901, "keyword": "exhibit awkward interleaving"}, -{"id": 3890, +{"id": 3902, "keyword": "mentioned algorithms"}, -{"id": 3891, +{"id": 3903, "keyword": "knight visits"}, -{"id": 3892, -"keyword": "splay heaps"}, -{"id": 3893, -"keyword": "disconnected graph"}, -{"id": 3894, -"keyword": "important models"}, -{"id": 3895, -"keyword": "proving progress"}, -{"id": 3896, -"keyword": "elementary divisor rings"}, -{"id": 3897, -"keyword": "unchanged results"}, -{"id": 3898, -"keyword": "non-negative reals a_1"}, -{"id": 3899, -"keyword": "weighted arithmetic geometric"}, -{"id": 3900, -"keyword": "languages generated"}, -{"id": 3901, -"keyword": "perfect square"}, -{"id": 3902, -"keyword": "random experiment"}, -{"id": 3903, -"keyword": "hol logic system"}, {"id": 3904, -"keyword": "default setup"}, +"keyword": "splay heaps"}, {"id": 3905, -"keyword": "complex random system"}, +"keyword": "disconnected graph"}, {"id": 3906, -"keyword": "imperative hol"}, +"keyword": "important models"}, {"id": 3907, +"keyword": "proving progress"}, +{"id": 3908, +"keyword": "elementary divisor rings"}, +{"id": 3909, +"keyword": "unchanged results"}, +{"id": 3910, +"keyword": "non-negative reals a_1"}, +{"id": 3911, +"keyword": "weighted arithmetic geometric"}, +{"id": 3912, +"keyword": "languages generated"}, +{"id": 3913, +"keyword": "perfect square"}, +{"id": 3914, +"keyword": "random experiment"}, +{"id": 3915, +"keyword": "hol logic system"}, +{"id": 3916, +"keyword": "default setup"}, +{"id": 3917, +"keyword": "complex random system"}, +{"id": 3918, +"keyword": "imperative hol"}, +{"id": 3919, "keyword": "nearest neighbor algorithm"}, -{"id": 3908, +{"id": 3920, "keyword": "edge labels"}, -{"id": 3909, +{"id": 3921, "keyword": "verification condition generator"}, -{"id": 3910, +{"id": 3922, "keyword": "joachim breitner"}, -{"id": 3911, +{"id": 3923, "keyword": "inline caching optimization"}, -{"id": 3912, +{"id": 3924, "keyword": "algebraic"}, -{"id": 3913, +{"id": 3925, "keyword": "unique factorization domain form"}, -{"id": 3914, +{"id": 3926, "keyword": "bracket polynomial"}, -{"id": 3915, +{"id": 3927, "keyword": "constructive proof"}, -{"id": 3916, +{"id": 3928, "keyword": "object-oriented programming"}, -{"id": 3917, +{"id": 3929, "keyword": "conditional transfer rules"}, -{"id": 3918, +{"id": 3930, "keyword": "functional type theory"}, -{"id": 3919, +{"id": 3931, "keyword": "interesting data structure"}, -{"id": 3920, +{"id": 3932, "keyword": "arbitrary banach space"}, -{"id": 3921, +{"id": 3933, "keyword": "zfc set theory"}, -{"id": 3922, +{"id": 3934, "keyword": "quality criteria"}, -{"id": 3923, +{"id": 3935, "keyword": "deeply integrated"}, -{"id": 3924, +{"id": 3936, "keyword": "stream processing components"}, -{"id": 3925, +{"id": 3937, "keyword": "strong security"}, -{"id": 3926, +{"id": 3938, "keyword": "competitive analysis"}, -{"id": 3927, +{"id": 3939, "keyword": "correct verification tools"}, -{"id": 3928, +{"id": 3940, "keyword": "sample authentication protocol"}, -{"id": 3929, +{"id": 3941, "keyword": "finite lists"}, -{"id": 3930, +{"id": 3942, "keyword": "axioms proposed"}, -{"id": 3931, +{"id": 3943, "keyword": "ltl model checker"}, -{"id": 3932, -"keyword": "shared resources"}, -{"id": 3933, -"keyword": "accompanying induction invariant rules"}, -{"id": 3934, -"keyword": "program logic"}, -{"id": 3935, -"keyword": "certified programs"}, -{"id": 3936, -"keyword": "itp 2015 publication"}, -{"id": 3937, -"keyword": "set category locale"}, -{"id": 3938, -"keyword": "code generation support"}, -{"id": 3939, -"keyword": "subset relation"}, -{"id": 3940, -"keyword": "quantalic structure"}, -{"id": 3941, -"keyword": "completeness conditions"}, -{"id": 3942, -"keyword": "security invariant theory"}, -{"id": 3943, -"keyword": "polynomial-time basis reduction algorithm"}, {"id": 3944, -"keyword": "search path"}, +"keyword": "shared resources"}, {"id": 3945, -"keyword": "main topics"}, +"keyword": "accompanying induction invariant rules"}, {"id": 3946, -"keyword": "direct subsumption relation"}, +"keyword": "program logic"}, {"id": 3947, -"keyword": "minkowski inequalities"}, +"keyword": "certified programs"}, {"id": 3948, -"keyword": "generic join algorithm"}, +"keyword": "itp 2015 publication"}, {"id": 3949, -"keyword": "generalised binary modalities"}, +"keyword": "set category locale"}, {"id": 3950, -"keyword": "efficient imperative implementations"}, +"keyword": "code generation support"}, {"id": 3951, -"keyword": "sequent calculus prover"}, +"keyword": "subset relation"}, {"id": 3952, -"keyword": "relativized general knowledge"}, +"keyword": "quantalic structure"}, {"id": 3953, -"keyword": "framed links closely linked"}, +"keyword": "completeness conditions"}, {"id": 3954, -"keyword": "high-level proofs"}, +"keyword": "database community"}, {"id": 3955, -"keyword": "universally quantified uninterpreted terms"}, +"keyword": "security invariant theory"}, {"id": 3956, -"keyword": "morse lemma asserting"}, +"keyword": "polynomial-time basis reduction algorithm"}, {"id": 3957, -"keyword": "test-generation techniques"}, +"keyword": "search path"}, {"id": 3958, -"keyword": "interactive theorem proving 2014"}, +"keyword": "main topics"}, {"id": 3959, -"keyword": "approach decomposes ltl formulas"}, +"keyword": "direct subsumption relation"}, {"id": 3960, -"keyword": "data refinement"}, +"keyword": "minkowski inequalities"}, {"id": 3961, -"keyword": "data plane"}, +"keyword": "generic join algorithm"}, {"id": 3962, -"keyword": "collaborative text editing"}, +"keyword": "generalised binary modalities"}, {"id": 3963, -"keyword": "main advantage"}, +"keyword": "efficient imperative implementations"}, {"id": 3964, -"keyword": "proof"}, +"keyword": "sequent calculus prover"}, {"id": 3965, -"keyword": "functions thetasym"}, +"keyword": "relativized general knowledge"}, {"id": 3966, -"keyword": "equivalence relation"}, +"keyword": "framed links closely linked"}, {"id": 3967, -"keyword": "flexray communication protocol"}, +"keyword": "high-level proofs"}, {"id": 3968, -"keyword": "algebraic proof"}, +"keyword": "universally quantified uninterpreted terms"}, {"id": 3969, -"keyword": "alternative definition"}, +"keyword": "morse lemma asserting"}, {"id": 3970, -"keyword": "similar proof"}, +"keyword": "test-generation techniques"}, {"id": 3971, -"keyword": "protocols supported"}, +"keyword": "interactive theorem proving 2014"}, {"id": 3972, -"keyword": "efficient union-find data structure"}, +"keyword": "approach decomposes ltl formulas"}, {"id": 3973, -"keyword": "pairwise commuting hermitian matrices"}, +"keyword": "data refinement"}, {"id": 3974, -"keyword": "dom api"}, +"keyword": "data plane"}, {"id": 3975, -"keyword": "adding knuth"}, +"keyword": "collaborative text editing"}, {"id": 3976, -"keyword": "concrete monad"}, +"keyword": "main advantage"}, {"id": 3977, -"keyword": "identify bugs"}, +"keyword": "proof"}, {"id": 3978, -"keyword": "user command"}, +"keyword": "functions thetasym"}, {"id": 3979, -"keyword": "program analysis"}, +"keyword": "equivalence relation"}, {"id": 3980, -"keyword": "logic due"}, +"keyword": "flexray communication protocol"}, {"id": 3981, -"keyword": "comparisons performed"}, +"keyword": "algebraic proof"}, {"id": 3982, -"keyword": "inverse squares"}, +"keyword": "alternative definition"}, {"id": 3983, -"keyword": "correct optimized versions"}, +"keyword": "similar proof"}, {"id": 3984, -"keyword": "popular introduction"}, +"keyword": "protocols supported"}, {"id": 3985, -"keyword": "general theory"}, +"keyword": "efficient union-find data structure"}, {"id": 3986, -"keyword": "large library"}, +"keyword": "pairwise commuting hermitian matrices"}, {"id": 3987, -"keyword": "finite iteration"}, +"keyword": "dom api"}, {"id": 3988, +"keyword": "adding knuth"}, +{"id": 3989, +"keyword": "concrete monad"}, +{"id": 3990, +"keyword": "identify bugs"}, +{"id": 3991, +"keyword": "user command"}, +{"id": 3992, +"keyword": "program analysis"}, +{"id": 3993, +"keyword": "logic due"}, +{"id": 3994, +"keyword": "comparisons performed"}, +{"id": 3995, +"keyword": "inverse squares"}, +{"id": 3996, +"keyword": "correct optimized versions"}, +{"id": 3997, +"keyword": "popular introduction"}, +{"id": 3998, +"keyword": "general theory"}, +{"id": 3999, +"keyword": "large library"}, +{"id": 4000, +"keyword": "finite iteration"}, +{"id": 4001, "keyword": "monitor supports aggregation operations"}, -{"id": 3989, +{"id": 4002, "keyword": "key range"}, -{"id": 3990, +{"id": 4003, "keyword": "social welfare"}, -{"id": 3991, +{"id": 4004, "keyword": "proof obligations automatically"}, -{"id": 3992, +{"id": 4005, "keyword": "require intermediate operational semantics"}, -{"id": 3993, +{"id": 4006, "keyword": "shallow semantical embeddings approach"}, -{"id": 3994, +{"id": 4007, "keyword": "collect information"}, -{"id": 3995, +{"id": 4008, "keyword": "backward simulations"}, -{"id": 3996, +{"id": 4009, "keyword": "protocols secure"}, -{"id": 3997, +{"id": 4010, "keyword": "formal power series"}, -{"id": 3998, +{"id": 4011, "keyword": "increasingly important"}, -{"id": 3999, +{"id": 4012, "keyword": "type inference algorithm"}, -{"id": 4000, +{"id": 4013, "keyword": "engineering safety"}, -{"id": 4001, +{"id": 4014, "keyword": "fixed finite instance"}, -{"id": 4002, +{"id": 4015, "keyword": "closed set"}, -{"id": 4003, +{"id": 4016, "keyword": "query evaluation"}, -{"id": 4004, +{"id": 4017, "keyword": "generalized recurrence relation"}, -{"id": 4005, +{"id": 4018, "keyword": "information-flow security aims"}, -{"id": 4006, +{"id": 4019, "keyword": "infinite length"}, -{"id": 4007, +{"id": 4020, "keyword": "geometric probability"}, -{"id": 4008, +{"id": 4021, "keyword": "term focus"}, -{"id": 4009, +{"id": 4022, "keyword": "alternative proof"}, -{"id": 4010, +{"id": 4023, "keyword": "commitment schemes"}, -{"id": 4011, +{"id": 4024, "keyword": "multiplicative group"}, -{"id": 4012, +{"id": 4025, "keyword": "classical definition"}, -{"id": 4013, +{"id": 4026, "keyword": "compositionally reasoning"}, -{"id": 4014, +{"id": 4027, "keyword": "mathematical formulation"}, -{"id": 4015, +{"id": 4028, "keyword": "arbitrary higher-order contexts"}, -{"id": 4016, +{"id": 4029, "keyword": "constant time"}, -{"id": 4017, +{"id": 4030, "keyword": "dirichlet characters"}, -{"id": 4018, +{"id": 4031, "keyword": "fully formal"}, -{"id": 4019, +{"id": 4032, "keyword": "assorted fixed-point theorems"}, -{"id": 4020, +{"id": 4033, "keyword": "finite relations"}, -{"id": 4021, +{"id": 4034, "keyword": "selection sort"}, -{"id": 4022, +{"id": 4035, "keyword": "semantic side conditions"}, -{"id": 4023, +{"id": 4036, "keyword": "formal programming language semantics"}, -{"id": 4024, +{"id": 4037, "keyword": "unified modeling language"}, -{"id": 4025, +{"id": 4038, "keyword": "complx language"}, -{"id": 4026, +{"id": 4039, "keyword": "simpler versions"}, -{"id": 4027, +{"id": 4040, "keyword": "experimentally tested"}, -{"id": 4028, +{"id": 4041, "keyword": "algebraic laws"}, -{"id": 4029, +{"id": 4042, "keyword": "abstract simplicial complexes"}, -{"id": 4030, +{"id": 4043, "keyword": "nullable types"}, -{"id": 4031, +{"id": 4044, "keyword": "1 n-1 frac b_"}, -{"id": 4032, +{"id": 4045, "keyword": "fixed-point theorem"}, -{"id": 4033, +{"id": 4046, "keyword": "file read"}, -{"id": 4034, +{"id": 4047, "keyword": "found cryptic"}, -{"id": 4035, +{"id": 4048, "keyword": "partial recursive function"}, -{"id": 4036, +{"id": 4049, "keyword": "cl73 chin-liang chang"}, -{"id": 4037, +{"id": 4050, "keyword": "call- return behavior"}, -{"id": 4038, +{"id": 4051, "keyword": "inductive invariant proofs"}, -{"id": 4039, +{"id": 4052, "keyword": "omega 1 alpha"}, -{"id": 4040, +{"id": 4053, "keyword": "human-readable fast-to-replay proof scripts"}, -{"id": 4041, +{"id": 4054, "keyword": "monadic functions"}, -{"id": 4042, +{"id": 4055, "keyword": "nested multiset datatype"}, -{"id": 4043, +{"id": 4056, "keyword": "successor function"}, -{"id": 4044, +{"id": 4057, "keyword": "16th international symposium"}, -{"id": 4045, +{"id": 4058, "keyword": "behaviorally correct learning"}, -{"id": 4046, +{"id": 4059, "keyword": "cpp-2015 peter lammich"}, -{"id": 4047, +{"id": 4060, "keyword": "nieto verification"}, -{"id": 4048, +{"id": 4061, "keyword": "hare cycle-finding algorithm ascribed"}, -{"id": 4049, +{"id": 4062, "keyword": "safe distance rule"}, -{"id": 4050, +{"id": 4063, "keyword": "original problem"}, -{"id": 4051, +{"id": 4064, "keyword": "analytic combinatorics"}, -{"id": 4052, -"keyword": "normal strategy"}, -{"id": 4053, -"keyword": "single component"}, -{"id": 4054, -"keyword": "order relativity theory"}, -{"id": 4055, -"keyword": "sturm-tarksi theorem forms"}, -{"id": 4056, -"keyword": "signed measure"}, -{"id": 4057, -"keyword": "good lower bound"}, -{"id": 4058, -"keyword": "type classes connected"}, -{"id": 4059, -"keyword": "modeling languages"}, -{"id": 4060, -"keyword": "relative soundness results"}, -{"id": 4061, -"keyword": "arbitrary security lattices"}, -{"id": 4062, -"keyword": "construct complicated trees"}, -{"id": 4063, -"keyword": "large graphs"}, -{"id": 4064, -"keyword": "partition function"}, {"id": 4065, -"keyword": "bounded natural functors"}, +"keyword": "normal strategy"}, {"id": 4066, -"keyword": "afp entry ordered_resultion_prover"}, +"keyword": "single component"}, {"id": 4067, -"keyword": "automated tactic support"}, +"keyword": "order relativity theory"}, {"id": 4068, +"keyword": "sturm-tarksi theorem forms"}, +{"id": 4069, +"keyword": "signed measure"}, +{"id": 4070, +"keyword": "good lower bound"}, +{"id": 4071, +"keyword": "type classes connected"}, +{"id": 4072, +"keyword": "modeling languages"}, +{"id": 4073, +"keyword": "relative soundness results"}, +{"id": 4074, +"keyword": "arbitrary security lattices"}, +{"id": 4075, +"keyword": "construct complicated trees"}, +{"id": 4076, +"keyword": "large graphs"}, +{"id": 4077, +"keyword": "partition function"}, +{"id": 4078, +"keyword": "bounded natural functors"}, +{"id": 4079, +"keyword": "afp entry ordered_resultion_prover"}, +{"id": 4080, +"keyword": "automated tactic support"}, +{"id": 4081, "keyword": "infinite message streams represented"}, -{"id": 4069, +{"id": 4082, "keyword": "polynomial-time algorithm"}, -{"id": 4070, +{"id": 4083, "keyword": "complexity proof certificates"}, -{"id": 4071, +{"id": 4084, "keyword": "standard operators"}, -{"id": 4072, +{"id": 4085, "keyword": "int_0 1"}, -{"id": 4073, +{"id": 4086, "keyword": "present development"}, -{"id": 4074, +{"id": 4087, "keyword": "directly relating agents"}, -{"id": 4075, +{"id": 4088, "keyword": "path authorization"}, -{"id": 4076, +{"id": 4089, "keyword": "simply hermite-lindemann"}, -{"id": 4077, +{"id": 4090, "keyword": "generic framework semantics"}, -{"id": 4078, +{"id": 4091, "keyword": "p-adic fields"}, -{"id": 4079, +{"id": 4092, "keyword": "counts roots"}, -{"id": 4080, +{"id": 4093, "keyword": "generic properties"}, -{"id": 4081, +{"id": 4094, "keyword": "integer ring modulo"}, -{"id": 4082, +{"id": 4095, "keyword": "domain elements"}, -{"id": 4083, +{"id": 4096, "keyword": "codomain nat option"}, -{"id": 4084, +{"id": 4097, "keyword": "exponential nnf-based algorithms"}, -{"id": 4085, +{"id": 4098, "keyword": "basis executable code"}, -{"id": 4086, +{"id": 4099, "keyword": "orders"}, -{"id": 4087, +{"id": 4100, "keyword": "functional programming language"}, -{"id": 4088, +{"id": 4101, "keyword": "extended regular expressions"}, -{"id": 4089, +{"id": 4102, "keyword": "longest lyndon suffix"}, -{"id": 4090, +{"id": 4103, "keyword": "main concern"}, -{"id": 4091, +{"id": 4104, "keyword": "squares theorem"}, -{"id": 4092, -"keyword": "generic object model independent"}, -{"id": 4093, -"keyword": "uniform substitutions substitute"}, -{"id": 4094, -"keyword": "release ownership"}, -{"id": 4095, -"keyword": "key construction"}, -{"id": 4096, -"keyword": "aforesaid task"}, -{"id": 4097, -"keyword": "complex data structure"}, -{"id": 4098, -"keyword": "paul thomson"}, -{"id": 4099, -"keyword": "trivially unsatisfiable inequality"}, -{"id": 4100, -"keyword": "probabilistic variant"}, -{"id": 4101, -"keyword": "unique normal forms"}, -{"id": 4102, -"keyword": "permitting multiset comparisons"}, -{"id": 4103, -"keyword": "lipschitz maps"}, -{"id": 4104, -"keyword": "formal language"}, {"id": 4105, -"keyword": "small abstract subsystems"}, +"keyword": "generic object model independent"}, {"id": 4106, -"keyword": "asymptotically matches"}, +"keyword": "uniform substitutions substitute"}, {"id": 4107, -"keyword": "vincent bloemen"}, +"keyword": "release ownership"}, {"id": 4108, -"keyword": "infinite measure"}, +"keyword": "key construction"}, {"id": 4109, -"keyword": "proof calculus"}, +"keyword": "aforesaid task"}, {"id": 4110, -"keyword": "temporal logic"}, +"keyword": "complex data structure"}, {"id": 4111, -"keyword": "link tangle equivalence"}, +"keyword": "paul thomson"}, {"id": 4112, -"keyword": "instantiation reuses"}, +"keyword": "trivially unsatisfiable inequality"}, {"id": 4113, -"keyword": "representation executable"}, +"keyword": "probabilistic variant"}, {"id": 4114, -"keyword": "hol standard library"}, +"keyword": "unique normal forms"}, {"id": 4115, -"keyword": "article set-theoretical foundations"}, +"keyword": "permitting multiset comparisons"}, {"id": 4116, -"keyword": "underlying boolean algebra structure"}, +"keyword": "lipschitz maps"}, {"id": 4117, -"keyword": "aircraft cabin data network"}, +"keyword": "formal language"}, {"id": 4118, -"keyword": "liouville numbers"}, +"keyword": "small abstract subsystems"}, {"id": 4119, -"keyword": "basic model"}, +"keyword": "asymptotically matches"}, {"id": 4120, -"keyword": "verified translation"}, +"keyword": "vincent bloemen"}, {"id": 4121, -"keyword": "devise notions"}, +"keyword": "infinite measure"}, {"id": 4122, -"keyword": "platonic forms"}, +"keyword": "proof calculus"}, {"id": 4123, -"keyword": "np-complete problem"}, +"keyword": "temporal logic"}, {"id": 4124, -"keyword": "updown scheme"}, +"keyword": "link tangle equivalence"}, {"id": 4125, -"keyword": "yacc style grammars"}, +"keyword": "instantiation reuses"}, {"id": 4126, -"keyword": "rapid prototyping"}, +"keyword": "representation executable"}, {"id": 4127, -"keyword": "combinatorial design theory"}, +"keyword": "hol standard library"}, {"id": 4128, -"keyword": "fourteen lemmas"}, +"keyword": "article set-theoretical foundations"}, {"id": 4129, -"keyword": "utility functions form"}, +"keyword": "underlying boolean algebra structure"}, {"id": 4130, -"keyword": "theories presented"}, +"keyword": "aircraft cabin data network"}, {"id": 4131, -"keyword": "quantitative analysis"}, +"keyword": "liouville numbers"}, {"id": 4132, -"keyword": "atomic operations race"}, +"keyword": "basic model"}, {"id": 4133, -"keyword": "word iff"}, +"keyword": "verified translation"}, {"id": 4134, -"keyword": "knowledge"}, +"keyword": "devise notions"}, {"id": 4135, -"keyword": "msc thesis"}, +"keyword": "platonic forms"}, {"id": 4136, -"keyword": "nondeterministic branching"}, +"keyword": "np-complete problem"}, {"id": 4137, -"keyword": "randomized list update algorithm"}, +"keyword": "updown scheme"}, {"id": 4138, -"keyword": "document describes"}, +"keyword": "yacc style grammars"}, {"id": 4139, -"keyword": "significant generalization"}, +"keyword": "rapid prototyping"}, {"id": 4140, -"keyword": "short sketch"}, +"keyword": "combinatorial design theory"}, {"id": 4141, -"keyword": "state-normalisation allowing"}, +"keyword": "fourteen lemmas"}, {"id": 4142, -"keyword": "next-free ltl formula"}, +"keyword": "utility functions form"}, {"id": 4143, -"keyword": "devising correct speculative algorithms"}, +"keyword": "theories presented"}, {"id": 4144, -"keyword": "process trace"}, +"keyword": "quantitative analysis"}, {"id": 4145, -"keyword": "interactive theorem proving"}, +"keyword": "atomic operations race"}, {"id": 4146, -"keyword": "individual accepted"}, +"keyword": "word iff"}, {"id": 4147, -"keyword": "target terms"}, +"keyword": "knowledge"}, {"id": 4148, -"keyword": "quickly verified"}, +"keyword": "msc thesis"}, {"id": 4149, +"keyword": "nondeterministic branching"}, +{"id": 4150, +"keyword": "randomized list update algorithm"}, +{"id": 4151, +"keyword": "document describes"}, +{"id": 4152, +"keyword": "significant generalization"}, +{"id": 4153, +"keyword": "short sketch"}, +{"id": 4154, +"keyword": "state-normalisation allowing"}, +{"id": 4155, +"keyword": "next-free ltl formula"}, +{"id": 4156, +"keyword": "devising correct speculative algorithms"}, +{"id": 4157, +"keyword": "process trace"}, +{"id": 4158, +"keyword": "interactive theorem proving"}, +{"id": 4159, +"keyword": "individual accepted"}, +{"id": 4160, +"keyword": "target terms"}, +{"id": 4161, +"keyword": "quickly verified"}, +{"id": 4162, "keyword": "completeness result"}, -{"id": 4150, +{"id": 4163, "keyword": "implement saturation calculi"}, -{"id": 4151, +{"id": 4164, "keyword": "general predication"}, -{"id": 4152, +{"id": 4165, "keyword": "formal definitions"}, -{"id": 4153, +{"id": 4166, "keyword": "theory"}, -{"id": 4154, +{"id": 4167, "keyword": "ternary relation"}, -{"id": 4155, +{"id": 4168, "keyword": "posix matching"}, -{"id": 4156, +{"id": 4169, "keyword": "normalisation algorithm"}, -{"id": 4157, +{"id": 4170, "keyword": "full proof"}, -{"id": 4158, +{"id": 4171, "keyword": "short applications"}, -{"id": 4159, +{"id": 4172, "keyword": "dependent types"}, -{"id": 4160, +{"id": 4173, "keyword": "division modulo"}, -{"id": 4161, +{"id": 4174, "keyword": "sample computations"}, -{"id": 4162, +{"id": 4175, "keyword": "output type"}, -{"id": 4163, +{"id": 4176, "keyword": "sorted monadic equational logic"}, -{"id": 4164, +{"id": 4177, "keyword": "refinement calculus literature"}, -{"id": 4165, +{"id": 4178, "keyword": "early failure detection"}, -{"id": 4166, +{"id": 4179, "keyword": "hereditarily finite set theory"}, -{"id": 4167, +{"id": 4180, "keyword": "quantifier elimination theorem"}, -{"id": 4168, +{"id": 4181, "keyword": "main operation"}, -{"id": 4169, +{"id": 4182, "keyword": "constructive cryptography"}, -{"id": 4170, +{"id": 4183, "keyword": "data structures required"}, -{"id": 4171, +{"id": 4184, "keyword": "probability monad"}, -{"id": 4172, +{"id": 4185, "keyword": "key proofs"}, -{"id": 4173, -"keyword": "clock synchronization algorithm"}, -{"id": 4174, -"keyword": "julien narboux"}, -{"id": 4175, -"keyword": "sliding window algorithm"}, -{"id": 4176, -"keyword": "predicate transformer semantics"}, -{"id": 4177, -"keyword": "data plane protocols"}, -{"id": 4178, -"keyword": "bner bases"}, -{"id": 4179, -"keyword": "existing formalization"}, -{"id": 4180, -"keyword": "divide-and-conquer algorithm"}, -{"id": 4181, -"keyword": "prime harmonic series"}, -{"id": 4182, -"keyword": "classical theorem"}, -{"id": 4183, -"keyword": "complement automaton"}, -{"id": 4184, -"keyword": "actual sets"}, -{"id": 4185, -"keyword": "arbitrary intervals"}, {"id": 4186, -"keyword": "immediately offer"}, +"keyword": "clock synchronization algorithm"}, {"id": 4187, -"keyword": "locale-centric approach"}, +"keyword": "julien narboux"}, {"id": 4188, -"keyword": "partial semigroups"}, +"keyword": "sliding window algorithm"}, {"id": 4189, -"keyword": "specification decomposition principles"}, +"keyword": "predicate transformer semantics"}, {"id": 4190, -"keyword": "classic proof"}, +"keyword": "data plane protocols"}, {"id": 4191, -"keyword": "underlying routing protocol"}, +"keyword": "bner bases"}, {"id": 4192, -"keyword": "irreducible representation"}, +"keyword": "existing formalization"}, {"id": 4193, -"keyword": "completeness proof builds"}, +"keyword": "divide-and-conquer algorithm"}, {"id": 4194, -"keyword": "imperative executable code"}, +"keyword": "prime harmonic series"}, {"id": 4195, -"keyword": "executable implementation"}, +"keyword": "classical theorem"}, {"id": 4196, -"keyword": "uml class diagrams"}, +"keyword": "complement automaton"}, {"id": 4197, -"keyword": "simple summation conversion"}, +"keyword": "actual sets"}, {"id": 4198, -"keyword": "single setting"}, +"keyword": "arbitrary intervals"}, {"id": 4199, -"keyword": "closed-form formulae"}, +"keyword": "immediately offer"}, {"id": 4200, -"keyword": "sat solver descriptions"}, +"keyword": "locale-centric approach"}, {"id": 4201, -"keyword": "correctness properties"}, +"keyword": "partial semigroups"}, {"id": 4202, -"keyword": "efficient verified implementation"}, +"keyword": "specification decomposition principles"}, {"id": 4203, -"keyword": "category"}, +"keyword": "classic proof"}, {"id": 4204, -"keyword": "generic rules resulting"}, +"keyword": "underlying routing protocol"}, {"id": 4205, -"keyword": "approach"}, +"keyword": "irreducible representation"}, {"id": 4206, -"keyword": "independent axioms"}, +"keyword": "completeness proof builds"}, {"id": 4207, -"keyword": "veblen hierarchies"}, +"keyword": "imperative executable code"}, {"id": 4208, -"keyword": "semi-honest security setting"}, +"keyword": "executable implementation"}, {"id": 4209, -"keyword": "triangle counting lemma"}, +"keyword": "uml class diagrams"}, {"id": 4210, -"keyword": "existing proof format"}, +"keyword": "simple summation conversion"}, {"id": 4211, -"keyword": "aforementioned mathematical structures"}, +"keyword": "single setting"}, {"id": 4212, -"keyword": "executable formalisation"}, +"keyword": "closed-form formulae"}, {"id": 4213, -"keyword": "executable variant"}, +"keyword": "sat solver descriptions"}, {"id": 4214, -"keyword": "impossibility theorem due"}, +"keyword": "correctness properties"}, {"id": 4215, -"keyword": "finite consistent extensions"}, +"keyword": "efficient verified implementation"}, {"id": 4216, -"keyword": "x1n hellip"}, +"keyword": "category"}, {"id": 4217, -"keyword": "calculus ls_ pasl"}, +"keyword": "generic rules resulting"}, {"id": 4218, -"keyword": "diffie-hellman password-based authentication protocol"}, +"keyword": "approach"}, {"id": 4219, -"keyword": "average case"}, +"keyword": "independent axioms"}, {"id": 4220, -"keyword": "study filters based"}, +"keyword": "veblen hierarchies"}, {"id": 4221, -"keyword": "sorted linked lists"}, +"keyword": "semi-honest security setting"}, {"id": 4222, +"keyword": "triangle counting lemma"}, +{"id": 4223, +"keyword": "existing proof format"}, +{"id": 4224, +"keyword": "aforementioned mathematical structures"}, +{"id": 4225, +"keyword": "executable formalisation"}, +{"id": 4226, +"keyword": "executable variant"}, +{"id": 4227, +"keyword": "impossibility theorem due"}, +{"id": 4228, +"keyword": "finite consistent extensions"}, +{"id": 4229, +"keyword": "x1n hellip"}, +{"id": 4230, +"keyword": "calculus ls_ pasl"}, +{"id": 4231, +"keyword": "diffie-hellman password-based authentication protocol"}, +{"id": 4232, +"keyword": "average case"}, +{"id": 4233, +"keyword": "study filters based"}, +{"id": 4234, +"keyword": "sorted linked lists"}, +{"id": 4235, "keyword": "integer hull"}, -{"id": 4223, +{"id": 4236, "keyword": "binary masking"}, -{"id": 4224, +{"id": 4237, "keyword": "output consistency"}, -{"id": 4225, +{"id": 4238, "keyword": "important problem"}, -{"id": 4226, +{"id": 4239, "keyword": "strictly dominated"}, -{"id": 4227, +{"id": 4240, "keyword": "text introduction"}, -{"id": 4228, +{"id": 4241, "keyword": "distributed computing"}, -{"id": 4229, +{"id": 4242, "keyword": "combinatory logic"}, -{"id": 4230, +{"id": 4243, "keyword": "input generators"}, -{"id": 4231, +{"id": 4244, "keyword": "related splay heaps"}, -{"id": 4232, +{"id": 4245, "keyword": "treat binding sequences"}, -{"id": 4233, +{"id": 4246, "keyword": "bnf case"}, -{"id": 4234, +{"id": 4247, "keyword": "path-aware internet architectures"}, -{"id": 4235, +{"id": 4248, "keyword": "von neumann hierarchy"}, -{"id": 4236, +{"id": 4249, "keyword": "multi-head monitoring algorithm"}, -{"id": 4237, +{"id": 4250, "keyword": "object oriented design"}, -{"id": 4238, +{"id": 4251, "keyword": "significant contribution"}, -{"id": 4239, +{"id": 4252, "keyword": "total learning"}, -{"id": 4240, +{"id": 4253, "keyword": "compositional analysis methods"}, -{"id": 4241, +{"id": 4254, "keyword": "communicating sequential processes requires"}, -{"id": 4242, +{"id": 4255, "keyword": "abstract transition system context"}, -{"id": 4243, +{"id": 4256, "keyword": "consensus algorithms"}, -{"id": 4244, +{"id": 4257, "keyword": "weighted path order"}, -{"id": 4245, +{"id": 4258, "keyword": "birkhoff theorem"}, -{"id": 4246, +{"id": 4259, "keyword": "strong versions"}, -{"id": 4247, +{"id": 4260, "keyword": "theories listinf"}, -{"id": 4248, +{"id": 4261, "keyword": "higher-order probabilistic programs"}, -{"id": 4249, +{"id": 4262, "keyword": "share common algorithmic ideas"}, -{"id": 4250, +{"id": 4263, "keyword": "protecting authorized paths"}, -{"id": 4251, +{"id": 4264, "keyword": "chip authentication mapping"}, -{"id": 4252, +{"id": 4265, "keyword": "support arbitrary nesting"}, -{"id": 4253, +{"id": 4266, "keyword": "elementary row operations"}, -{"id": 4254, -"keyword": "normal form --"}, -{"id": 4255, -"keyword": "minimization algorithm"}, -{"id": 4256, -"keyword": "upper bound"}, -{"id": 4257, -"keyword": "10th problem"}, -{"id": 4258, -"keyword": "dual problem"}, -{"id": 4259, -"keyword": "arbitrary sets"}, -{"id": 4260, -"keyword": "log-gamma function"}, -{"id": 4261, -"keyword": "random order"}, -{"id": 4262, -"keyword": "unique solutions"}, -{"id": 4263, -"keyword": "reifies property patterns"}, -{"id": 4264, -"keyword": "directly derive executable"}, -{"id": 4265, -"keyword": "ultimately culminating"}, -{"id": 4266, -"keyword": "direct arguments"}, {"id": 4267, -"keyword": "external tools"}, +"keyword": "normal form --"}, {"id": 4268, -"keyword": "object-free style"}, +"keyword": "minimization algorithm"}, {"id": 4269, -"keyword": "finite set"}, +"keyword": "upper bound"}, {"id": 4270, -"keyword": "studying system-level properties"}, +"keyword": "10th problem"}, {"id": 4271, -"keyword": "insurance contracts"}, +"keyword": "dual problem"}, {"id": 4272, -"keyword": "abstract datatypes"}, +"keyword": "arbitrary sets"}, {"id": 4273, -"keyword": "hales jewett theorem presented"}, +"keyword": "log-gamma function"}, {"id": 4274, -"keyword": "disregard unrealizable behavior"}, +"keyword": "random order"}, {"id": 4275, -"keyword": "bounded model checking"}, +"keyword": "unique solutions"}, {"id": 4276, -"keyword": "floor randomly"}, +"keyword": "reifies property patterns"}, {"id": 4277, -"keyword": "maximum cardinality matching"}, +"keyword": "directly derive executable"}, {"id": 4278, -"keyword": "expressive extension"}, +"keyword": "ultimately culminating"}, {"id": 4279, -"keyword": "stream fusion transformation"}, +"keyword": "direct arguments"}, {"id": 4280, -"keyword": "univariate monic polynomial"}, +"keyword": "external tools"}, {"id": 4281, -"keyword": "concrete manifolds"}, +"keyword": "object-free style"}, {"id": 4282, -"keyword": "consistency problem"}, +"keyword": "finite set"}, {"id": 4283, -"keyword": "executable simplifier"}, +"keyword": "studying system-level properties"}, {"id": 4284, -"keyword": "fractional permissions"}, +"keyword": "insurance contracts"}, {"id": 4285, -"keyword": "folklore results related"}, +"keyword": "abstract datatypes"}, {"id": 4286, -"keyword": "basic category theory set"}, +"keyword": "hales jewett theorem presented"}, {"id": 4287, -"keyword": "mathematically precise theory"}, +"keyword": "disregard unrealizable behavior"}, {"id": 4288, -"keyword": "finite field"}, +"keyword": "bounded model checking"}, {"id": 4289, -"keyword": "additive combinatorics"}, +"keyword": "floor randomly"}, {"id": 4290, -"keyword": "type-class based structures"}, +"keyword": "maximum cardinality matching"}, {"id": 4291, -"keyword": "unify computation models"}, +"keyword": "expressive extension"}, {"id": 4292, -"keyword": "distinguishing feature"}, +"keyword": "stream fusion transformation"}, {"id": 4293, -"keyword": "potentials due"}, +"keyword": "univariate monic polynomial"}, {"id": 4294, -"keyword": "randomized algorithms"}, +"keyword": "concrete manifolds"}, {"id": 4295, -"keyword": "strict standard compliance formalization"}, +"keyword": "consistency problem"}, {"id": 4296, -"keyword": "formal methods"}, +"keyword": "executable simplifier"}, {"id": 4297, -"keyword": "syntactic bisimulation"}, +"keyword": "fractional permissions"}, {"id": 4298, -"keyword": "extended previous"}, +"keyword": "folklore results related"}, {"id": 4299, -"keyword": "self-referential implementation"}, +"keyword": "basic category theory set"}, {"id": 4300, -"keyword": "afp entry discrete summation"}, +"keyword": "mathematically precise theory"}, {"id": 4301, -"keyword": "channel protocols communicating"}, +"keyword": "finite field"}, {"id": 4302, -"keyword": "griffin observed"}, +"keyword": "additive combinatorics"}, {"id": 4303, -"keyword": "afp entries"}, +"keyword": "type-class based structures"}, {"id": 4304, -"keyword": "typed model"}, +"keyword": "unify computation models"}, {"id": 4305, -"keyword": "elementary properties"}, +"keyword": "distinguishing feature"}, {"id": 4306, -"keyword": "simple hybrid programs"}, +"keyword": "potentials due"}, {"id": 4307, -"keyword": "foundational shared-variable concurrency method"}, +"keyword": "randomized algorithms"}, {"id": 4308, -"keyword": "safety properties"}, +"keyword": "strict standard compliance formalization"}, {"id": 4309, -"keyword": "uniform substitutions"}, +"keyword": "formal methods"}, {"id": 4310, -"keyword": "finite carrier set"}, +"keyword": "syntactic bisimulation"}, {"id": 4311, +"keyword": "extended previous"}, +{"id": 4312, +"keyword": "self-referential implementation"}, +{"id": 4313, +"keyword": "afp entry discrete summation"}, +{"id": 4314, +"keyword": "channel protocols communicating"}, +{"id": 4315, +"keyword": "griffin observed"}, +{"id": 4316, +"keyword": "afp entries"}, +{"id": 4317, +"keyword": "typed model"}, +{"id": 4318, +"keyword": "elementary properties"}, +{"id": 4319, +"keyword": "simple hybrid programs"}, +{"id": 4320, +"keyword": "foundational shared-variable concurrency method"}, +{"id": 4321, +"keyword": "safety properties"}, +{"id": 4322, +"keyword": "uniform substitutions"}, +{"id": 4323, +"keyword": "finite carrier set"}, +{"id": 4324, "keyword": "guided tour"}, -{"id": 4312, +{"id": 4325, "keyword": "axiomatic system"}, -{"id": 4313, +{"id": 4326, "keyword": "real exponents"}, -{"id": 4314, +{"id": 4327, "keyword": "3-term arithmetic progressions"}, -{"id": 4315, +{"id": 4328, "keyword": "hermite--lindemann--weierstra transcendence theorem"}, -{"id": 4316, +{"id": 4329, "keyword": "liberal paradox"}, -{"id": 4317, +{"id": 4330, "keyword": "word inside"}, -{"id": 4318, +{"id": 4331, "keyword": "price function"}, -{"id": 4319, +{"id": 4332, "keyword": "linear combination"}, -{"id": 4320, +{"id": 4333, "keyword": "fair coin flips"}, -{"id": 4321, +{"id": 4334, "keyword": "correctness property"}, -{"id": 4322, +{"id": 4335, "keyword": "stochastic dominance"}, -{"id": 4323, +{"id": 4336, "keyword": "easily transfer theorems"}, -{"id": 4324, +{"id": 4337, "keyword": "expected length"}, -{"id": 4325, +{"id": 4338, "keyword": "actual executions"}, -{"id": 4326, +{"id": 4339, "keyword": "berlekamp-zassenhaus algorithm"}, -{"id": 4327, +{"id": 4340, "keyword": "set theoretic formulation"}, -{"id": 4328, +{"id": 4341, "keyword": "mixed-integer solutions"}, -{"id": 4329, +{"id": 4342, "keyword": "high-level style"}, -{"id": 4330, +{"id": 4343, "keyword": "proof principles"}, -{"id": 4331, +{"id": 4344, "keyword": "quantum mechanics"}, -{"id": 4332, +{"id": 4345, "keyword": "increasing rational sequence r_n"}, -{"id": 4333, +{"id": 4346, "keyword": "elimination contexts"}, -{"id": 4334, +{"id": 4347, "keyword": "dynamic languages"}, -{"id": 4335, +{"id": 4348, "keyword": "logics denote regular languages"}, -{"id": 4336, +{"id": 4349, "keyword": "verify first-order relativity theory"}, -{"id": 4337, +{"id": 4350, "keyword": "automatically deriving instances"}, -{"id": 4338, +{"id": 4351, "keyword": "golden ratio"}, -{"id": 4339, +{"id": 4352, "keyword": "knuth-morris-pratt algorithm"}, -{"id": 4340, +{"id": 4353, "keyword": "ideas borrowed"}, -{"id": 4341, +{"id": 4354, "keyword": "variable convention"}, -{"id": 4342, +{"id": 4355, "keyword": "loop freedom"}, -{"id": 4343, +{"id": 4356, "keyword": "behaviours"}, -{"id": 4344, +{"id": 4357, "keyword": "square-free factorization algorithm"}, -{"id": 4345, +{"id": 4358, "keyword": "verified functional splay trees"}, -{"id": 4346, +{"id": 4359, "keyword": "key resource assertions"}, -{"id": 4347, +{"id": 4360, "keyword": "higher-order permutative rewrite rule"}, -{"id": 4348, +{"id": 4361, "keyword": "fwf"}, -{"id": 4349, +{"id": 4362, "keyword": "cartesian monoidal category"}, -{"id": 4350, +{"id": 4363, "keyword": "property"}, -{"id": 4351, +{"id": 4364, "keyword": "generic kind"}, -{"id": 4352, +{"id": 4365, "keyword": "influential works"}, -{"id": 4353, +{"id": 4366, "keyword": "foreach combinators"}, -{"id": 4354, +{"id": 4367, "keyword": "product type"}, -{"id": 4355, +{"id": 4368, "keyword": "polynomial analogue"}, -{"id": 4356, +{"id": 4369, "keyword": "helper lemmas"}, -{"id": 4357, +{"id": 4370, "keyword": "rewriting tactics"}, -{"id": 4358, +{"id": 4371, "keyword": "proving open properties"}, -{"id": 4359, +{"id": 4372, "keyword": "interval trees"}, -{"id": 4360, +{"id": 4373, "keyword": "chosen plaintext"}, -{"id": 4361, +{"id": 4374, "keyword": "prohibited requests directly"}, -{"id": 4362, +{"id": 4375, "keyword": "analysing replication algorithms"}, -{"id": 4363, +{"id": 4376, "keyword": "so-called sturm sequences"}, -{"id": 4364, +{"id": 4377, "keyword": "metric dynamic logic"}, -{"id": 4365, +{"id": 4378, "keyword": "factor square-free integer polynomials"}, -{"id": 4366, +{"id": 4379, "keyword": "quasi-fixed point"}, -{"id": 4367, +{"id": 4380, "keyword": "incidence matrix representation"}, -{"id": 4368, +{"id": 4381, "keyword": "fundamental solution"}, -{"id": 4369, +{"id": 4382, "keyword": "symbolic execution step"}, -{"id": 4370, +{"id": 4383, "keyword": "formal linear algebraic techniques"}, -{"id": 4371, +{"id": 4384, "keyword": "edmonds-karp algorithm"}, -{"id": 4372, +{"id": 4385, "keyword": "imp language"}, -{"id": 4373, +{"id": 4386, "keyword": "code output level"}, -{"id": 4374, +{"id": 4387, "keyword": "call arity analysis"}, -{"id": 4375, -"keyword": "axiomatic constructor classes"}, -{"id": 4376, -"keyword": "fully"}, -{"id": 4377, -"keyword": "sch16 anders schlichtkrull"}, -{"id": 4378, -"keyword": "main theorem"}, -{"id": 4379, -"keyword": "weak bi-quantales"}, -{"id": 4380, -"keyword": "hand waving"}, -{"id": 4381, -"keyword": "basic features"}, -{"id": 4382, -"keyword": "method exploits"}, -{"id": 4383, -"keyword": "henkin witnesses"}, -{"id": 4384, -"keyword": "arithmetic type class hierarchy"}, -{"id": 4385, -"keyword": "analytic number theory rdquo"}, -{"id": 4386, -"keyword": "fntt running time"}, -{"id": 4387, -"keyword": "formal refutational completeness proofs"}, {"id": 4388, -"keyword": "graph theory"}, +"keyword": "axiomatic constructor classes"}, {"id": 4389, -"keyword": "tight upper bound"}, +"keyword": "fully"}, {"id": 4390, -"keyword": "geodesic metric space"}, +"keyword": "sch16 anders schlichtkrull"}, {"id": 4391, +"keyword": "main theorem"}, +{"id": 4392, +"keyword": "weak bi-quantales"}, +{"id": 4393, +"keyword": "hand waving"}, +{"id": 4394, +"keyword": "basic features"}, +{"id": 4395, +"keyword": "method exploits"}, +{"id": 4396, +"keyword": "henkin witnesses"}, +{"id": 4397, +"keyword": "arithmetic type class hierarchy"}, +{"id": 4398, +"keyword": "analytic number theory rdquo"}, +{"id": 4399, +"keyword": "fntt running time"}, +{"id": 4400, +"keyword": "formal refutational completeness proofs"}, +{"id": 4401, +"keyword": "graph theory"}, +{"id": 4402, +"keyword": "tight upper bound"}, +{"id": 4403, +"keyword": "geodesic metric space"}, +{"id": 4404, "keyword": "proper generic extension"}, -{"id": 4392, +{"id": 4405, "keyword": "general balanced trees"}, -{"id": 4393, +{"id": 4406, "keyword": "a_1 ldots a_n"}, -{"id": 4394, +{"id": 4407, "keyword": "notes"}, -{"id": 4395, +{"id": 4408, "keyword": "kleisli category"}, -{"id": 4396, +{"id": 4409, "keyword": "compare process calculi"}, -{"id": 4397, +{"id": 4410, "keyword": "high level attacks"}, -{"id": 4398, +{"id": 4411, "keyword": "type safety"}, -{"id": 4399, +{"id": 4412, "keyword": "proof structure"}, -{"id": 4400, +{"id": 4413, "keyword": "infinite element"}, -{"id": 4401, +{"id": 4414, "keyword": "second-order properties"}, -{"id": 4402, +{"id": 4415, "keyword": "increased demand"}, -{"id": 4403, +{"id": 4416, "keyword": "representing algorithms"}, -{"id": 4404, +{"id": 4417, "keyword": "unboxing optimization"}, -{"id": 4405, +{"id": 4418, "keyword": "list operations"}, -{"id": 4406, +{"id": 4419, "keyword": "boolean expressions"}, -{"id": 4407, +{"id": 4420, "keyword": "program refinement techniques"}, -{"id": 4408, +{"id": 4421, "keyword": "computer science"}, -{"id": 4409, +{"id": 4422, "keyword": "finite domain consisting"}, -{"id": 4410, +{"id": 4423, "keyword": "minkowski spacetime"}, -{"id": 4411, +{"id": 4424, "keyword": "combinatorial map"}, -{"id": 4412, +{"id": 4425, "keyword": "concurrency reasoning framework"}, -{"id": 4413, +{"id": 4426, "keyword": "transposition theorem"}, -{"id": 4414, +{"id": 4427, "keyword": "solved explicitly"}, -{"id": 4415, -"keyword": "large numbers states"}, -{"id": 4416, -"keyword": "balanced incomplete block designs"}, -{"id": 4417, -"keyword": "structures play"}, -{"id": 4418, -"keyword": "iteratively solve finite mdps"}, -{"id": 4419, -"keyword": "commutative replicated data types"}, -{"id": 4420, -"keyword": "master theorem"}, -{"id": 4421, -"keyword": "multiplicative monoid"}, -{"id": 4422, -"keyword": "bit ibn qurra"}, -{"id": 4423, -"keyword": "maximum cardinality"}, -{"id": 4424, -"keyword": "syntax-independent logic infrastructure"}, -{"id": 4425, -"keyword": "success sensitiveness"}, -{"id": 4426, -"keyword": "functional modeling language hol"}, -{"id": 4427, -"keyword": "group action"}, {"id": 4428, -"keyword": "international mathematical olympiad 2019"}, +"keyword": "large numbers states"}, {"id": 4429, -"keyword": "undesired information leak"}, +"keyword": "balanced incomplete block designs"}, {"id": 4430, -"keyword": "temporal intervals"}, +"keyword": "structures play"}, {"id": 4431, -"keyword": "hol function definition"}, +"keyword": "iteratively solve finite mdps"}, {"id": 4432, -"keyword": "proofs remain manageable"}, +"keyword": "commutative replicated data types"}, {"id": 4433, -"keyword": "software framework incorporates"}, +"keyword": "master theorem"}, {"id": 4434, -"keyword": "universal partial recursive function"}, +"keyword": "multiplicative monoid"}, {"id": 4435, -"keyword": "builds"}, +"keyword": "bit ibn qurra"}, {"id": 4436, -"keyword": "hol-based afp entry"}, +"keyword": "maximum cardinality"}, {"id": 4437, -"keyword": "technique"}, +"keyword": "syntax-independent logic infrastructure"}, {"id": 4438, -"keyword": "ideal showcase"}, +"keyword": "success sensitiveness"}, {"id": 4439, -"keyword": "automatically derive restrictions"}, +"keyword": "functional modeling language hol"}, {"id": 4440, -"keyword": "functional logic"}, +"keyword": "group action"}, {"id": 4441, -"keyword": "verifying functional"}, +"keyword": "international mathematical olympiad 2019"}, {"id": 4442, -"keyword": "insertion sort algorithm"}, +"keyword": "undesired information leak"}, {"id": 4443, -"keyword": "solve mdps"}, +"keyword": "temporal intervals"}, {"id": 4444, -"keyword": "partition relations concerns generalisations"}, +"keyword": "hol function definition"}, {"id": 4445, -"keyword": "fixpoint operations lfp"}, +"keyword": "proofs remain manageable"}, {"id": 4446, -"keyword": "approach demonstrates"}, +"keyword": "software framework incorporates"}, {"id": 4447, -"keyword": "internally vertex-disjoint paths"}, +"keyword": "universal partial recursive function"}, {"id": 4448, -"keyword": "parameterized proofs"}, +"keyword": "builds"}, {"id": 4449, -"keyword": "software tool authors"}, +"keyword": "hol-based afp entry"}, {"id": 4450, -"keyword": "verification condition generation"}, +"keyword": "technique"}, {"id": 4451, -"keyword": "generic type classes"}, +"keyword": "ideal showcase"}, {"id": 4452, -"keyword": "programs written"}, +"keyword": "automatically derive restrictions"}, {"id": 4453, -"keyword": "abstract characterization"}, +"keyword": "functional logic"}, {"id": 4454, -"keyword": "shapeless library"}, +"keyword": "verifying functional"}, {"id": 4455, -"keyword": "recursive programs based"}, +"keyword": "insertion sort algorithm"}, {"id": 4456, -"keyword": "ltl formula"}, +"keyword": "solve mdps"}, {"id": 4457, -"keyword": "geometric theorems"}, +"keyword": "partition relations concerns generalisations"}, {"id": 4458, -"keyword": "mathematics stack exchange page"}, +"keyword": "fixpoint operations lfp"}, {"id": 4459, -"keyword": "manual proofs"}, +"keyword": "approach demonstrates"}, {"id": 4460, -"keyword": "automated reasoning sch18"}, +"keyword": "internally vertex-disjoint paths"}, {"id": 4461, -"keyword": "theories list"}, +"keyword": "parameterized proofs"}, {"id": 4462, -"keyword": "theory dpt_sat_solver"}, +"keyword": "software tool authors"}, {"id": 4463, -"keyword": "chromatic number exist"}, +"keyword": "verification condition generation"}, {"id": 4464, +"keyword": "generic type classes"}, +{"id": 4465, +"keyword": "programs written"}, +{"id": 4466, +"keyword": "abstract characterization"}, +{"id": 4467, +"keyword": "shapeless library"}, +{"id": 4468, +"keyword": "recursive programs based"}, +{"id": 4469, +"keyword": "ltl formula"}, +{"id": 4470, +"keyword": "geometric theorems"}, +{"id": 4471, +"keyword": "mathematics stack exchange page"}, +{"id": 4472, +"keyword": "manual proofs"}, +{"id": 4473, +"keyword": "automated reasoning sch18"}, +{"id": 4474, +"keyword": "theories list"}, +{"id": 4475, +"keyword": "theory dpt_sat_solver"}, +{"id": 4476, +"keyword": "chromatic number exist"}, +{"id": 4477, "keyword": "interesting proofs"}, -{"id": 4465, +{"id": 4478, "keyword": "abstract level"}, -{"id": 4466, +{"id": 4479, "keyword": "accessibility decisions affecting"}, -{"id": 4467, +{"id": 4480, "keyword": "model entire prover architectures"}, -{"id": 4468, +{"id": 4481, "keyword": "structure abstractly"}, -{"id": 4469, +{"id": 4482, "keyword": "ordinary differential equations"}, -{"id": 4470, +{"id": 4483, "keyword": "basic facts"}, -{"id": 4471, +{"id": 4484, "keyword": "traceback properties"}, -{"id": 4472, +{"id": 4485, "keyword": "bohua zhan"}, -{"id": 4473, +{"id": 4486, "keyword": "path integrals"}, -{"id": 4474, +{"id": 4487, "keyword": "arbitrarily large girth"}, -{"id": 4475, -"keyword": "main thrust"}, -{"id": 4476, -"keyword": "arithmetize register machines"}, -{"id": 4477, -"keyword": "data refinement relations"}, -{"id": 4478, -"keyword": "map lists"}, -{"id": 4479, -"keyword": "extent required"}, -{"id": 4480, -"keyword": "logical systems"}, -{"id": 4481, -"keyword": "common automata library"}, -{"id": 4482, -"keyword": "road traffic"}, -{"id": 4483, -"keyword": "awn models comprise"}, -{"id": 4484, -"keyword": "instantiation boils"}, -{"id": 4485, -"keyword": "interesting formalization exercise"}, -{"id": 4486, -"keyword": "central security property"}, -{"id": 4487, -"keyword": "natural language processing"}, {"id": 4488, -"keyword": "automatically refines algorithms"}, +"keyword": "main thrust"}, {"id": 4489, -"keyword": "multivariate polynomial rings"}, +"keyword": "arithmetize register machines"}, {"id": 4490, -"keyword": "specific series fulfilling"}, +"keyword": "data refinement relations"}, {"id": 4491, -"keyword": "consistent set"}, +"keyword": "map lists"}, {"id": 4492, -"keyword": "ad-hoc approaches"}, +"keyword": "extent required"}, {"id": 4493, -"keyword": "residuated lattices"}, +"keyword": "logical systems"}, {"id": 4494, -"keyword": "additional non-deterministic choice command"}, +"keyword": "common automata library"}, {"id": 4495, -"keyword": "structurally recursive approach"}, +"keyword": "road traffic"}, {"id": 4496, -"keyword": "constant time findmin"}, +"keyword": "awn models comprise"}, {"id": 4497, -"keyword": "generic operations"}, +"keyword": "instantiation boils"}, {"id": 4498, -"keyword": "security definition"}, +"keyword": "interesting formalization exercise"}, {"id": 4499, -"keyword": "adapt ctl"}, +"keyword": "central security property"}, {"id": 4500, -"keyword": "de-bruijn terms"}, +"keyword": "natural language processing"}, {"id": 4501, -"keyword": "main contribution"}, +"keyword": "automatically refines algorithms"}, {"id": 4502, -"keyword": "convenient commands"}, +"keyword": "multivariate polynomial rings"}, {"id": 4503, -"keyword": "landmark work collective choice"}, +"keyword": "specific series fulfilling"}, {"id": 4504, +"keyword": "consistent set"}, +{"id": 4505, +"keyword": "ad-hoc approaches"}, +{"id": 4506, +"keyword": "residuated lattices"}, +{"id": 4507, +"keyword": "additional non-deterministic choice command"}, +{"id": 4508, +"keyword": "structurally recursive approach"}, +{"id": 4509, +"keyword": "constant time findmin"}, +{"id": 4510, +"keyword": "generic operations"}, +{"id": 4511, +"keyword": "security definition"}, +{"id": 4512, +"keyword": "adapt ctl"}, +{"id": 4513, +"keyword": "de-bruijn terms"}, +{"id": 4514, +"keyword": "main contribution"}, +{"id": 4515, +"keyword": "convenient commands"}, +{"id": 4516, +"keyword": "landmark work collective choice"}, +{"id": 4517, "keyword": "combinable iff"}, -{"id": 4505, +{"id": 4518, "keyword": "minimal polynomial"}, -{"id": 4506, +{"id": 4519, "keyword": "side effects"}, -{"id": 4507, +{"id": 4520, "keyword": "intricate distributed protocol"}, -{"id": 4508, +{"id": 4521, "keyword": "domain-theoretical aspects"}, -{"id": 4509, +{"id": 4522, "keyword": "express nuances"}, -{"id": 4510, +{"id": 4523, "keyword": "natural bijections"}, -{"id": 4511, +{"id": 4524, "keyword": "elementary symmetric polynomials"}, -{"id": 4512, +{"id": 4525, "keyword": "applications refer"}, -{"id": 4513, +{"id": 4526, "keyword": "practical application"}, -{"id": 4514, +{"id": 4527, "keyword": "unwanted subtleties"}, -{"id": 4515, +{"id": 4528, "keyword": "cryptographic validation fields"}, -{"id": 4516, +{"id": 4529, "keyword": "galois connections"}, -{"id": 4517, +{"id": 4530, "keyword": "targeted security property"}, -{"id": 4518, +{"id": 4531, "keyword": "perform stream fusion"}, -{"id": 4519, +{"id": 4532, "keyword": "lower bound"}, -{"id": 4520, +{"id": 4533, "keyword": "vertical composite"}, -{"id": 4521, +{"id": 4534, "keyword": "gale-shapley stable matching"}, -{"id": 4522, +{"id": 4535, "keyword": "inductive sets"}, -{"id": 4523, +{"id": 4536, "keyword": "ghost operations"}, -{"id": 4524, +{"id": 4537, "keyword": "debited loans cancel"}, -{"id": 4525, +{"id": 4538, "keyword": "quantum circuits"}, -{"id": 4526, +{"id": 4539, "keyword": "regular expression matches"}, -{"id": 4527, +{"id": 4540, "keyword": "direct consequence"}, -{"id": 4528, +{"id": 4541, "keyword": "conventional single-clocking semantics"}, -{"id": 4529, +{"id": 4542, "keyword": "successful model checkers"}, -{"id": 4530, +{"id": 4543, "keyword": "intuitionistic logic"}, -{"id": 4531, +{"id": 4544, "keyword": "multidimensional binary trees"}, -{"id": 4532, +{"id": 4545, "keyword": "computing saturated sets"}, -{"id": 4533, +{"id": 4546, "keyword": "commuting observables"}, -{"id": 4534, +{"id": 4547, "keyword": "cover quantitative"}, -{"id": 4535, +{"id": 4548, "keyword": "relational tt-lifting"}, -{"id": 4536, -"keyword": "protect paths"}, -{"id": 4537, -"keyword": "uniform framework"}, -{"id": 4538, -"keyword": "kleene star operation"}, -{"id": 4539, -"keyword": "simple hops"}, -{"id": 4540, -"keyword": "randomised treaps"}, -{"id": 4541, -"keyword": "verifying stateful security protocols"}, -{"id": 4542, -"keyword": "monoidal category"}, -{"id": 4543, -"keyword": "accompanying paper 2"}, -{"id": 4544, -"keyword": "proof approach"}, -{"id": 4545, -"keyword": "bisection square root"}, -{"id": 4546, -"keyword": "code generator performs"}, -{"id": 4547, -"keyword": "concrete prototypes"}, -{"id": 4548, -"keyword": "mild condition attractivity"}, {"id": 4549, -"keyword": "persisted size"}, +"keyword": "protect paths"}, {"id": 4550, -"keyword": "rational exponents"}, +"keyword": "uniform framework"}, {"id": 4551, -"keyword": "definition remarkably simple"}, +"keyword": "kleene star operation"}, {"id": 4552, +"keyword": "simple hops"}, +{"id": 4553, +"keyword": "randomised treaps"}, +{"id": 4554, +"keyword": "verifying stateful security protocols"}, +{"id": 4555, +"keyword": "monoidal category"}, +{"id": 4556, +"keyword": "accompanying paper 2"}, +{"id": 4557, +"keyword": "proof approach"}, +{"id": 4558, +"keyword": "bisection square root"}, +{"id": 4559, +"keyword": "code generator performs"}, +{"id": 4560, +"keyword": "concrete prototypes"}, +{"id": 4561, +"keyword": "mild condition attractivity"}, +{"id": 4562, +"keyword": "persisted size"}, +{"id": 4563, +"keyword": "rational exponents"}, +{"id": 4564, +"keyword": "definition remarkably simple"}, +{"id": 4565, "keyword": "executable characterisation"}, -{"id": 4553, +{"id": 4566, "keyword": "clausal form"}, -{"id": 4554, +{"id": 4567, "keyword": "order embedding"}, -{"id": 4555, +{"id": 4568, "keyword": "revised version"}, -{"id": 4556, +{"id": 4569, "keyword": "diatonic sequence"}, -{"id": 4557, +{"id": 4570, "keyword": "contraction factors"}, -{"id": 4558, +{"id": 4571, "keyword": "well-typed attacks"}, -{"id": 4559, +{"id": 4572, "keyword": "jones polynomial"}, -{"id": 4560, +{"id": 4573, "keyword": "proof techniques"}, -{"id": 4561, +{"id": 4574, "keyword": "number theory"}, -{"id": 4562, +{"id": 4575, "keyword": "noninterference security applying"}, -{"id": 4563, +{"id": 4576, "keyword": "unordered pairs"}, -{"id": 4564, +{"id": 4577, "keyword": "simple type system"}, -{"id": 4565, +{"id": 4578, "keyword": "inf-preserving transformers"}, -{"id": 4566, +{"id": 4579, "keyword": "projection functions"}, -{"id": 4567, +{"id": 4580, "keyword": "free monoid"}, -{"id": 4568, +{"id": 4581, "keyword": "certify size-change termination proofs"}, -{"id": 4569, +{"id": 4582, "keyword": "amortized time complexity"}, -{"id": 4570, +{"id": 4583, "keyword": "fundamental closest pair"}, -{"id": 4571, +{"id": 4584, "keyword": "computing gr bner bases"}, -{"id": 4572, +{"id": 4585, "keyword": "finality predicate"}, -{"id": 4573, +{"id": 4586, "keyword": "intuitively secure programs"}, -{"id": 4574, +{"id": 4587, "keyword": "continued fraction expansions"}, -{"id": 4575, +{"id": 4588, "keyword": "suitable denotational model"}, -{"id": 4576, -"keyword": "entire development"}, -{"id": 4577, -"keyword": "complicated proofs"}, -{"id": 4578, -"keyword": "integer-indexed maps"}, -{"id": 4579, -"keyword": "large collection"}, -{"id": 4580, -"keyword": "unique program"}, -{"id": 4581, -"keyword": "time"}, -{"id": 4582, -"keyword": "certificate language"}, -{"id": 4583, -"keyword": "fixed probability"}, -{"id": 4584, -"keyword": "lattice-based post-quantum cryptography"}, -{"id": 4585, -"keyword": "array operations seamlessly integrate"}, -{"id": 4586, -"keyword": "angelic nondeterministic choices"}, -{"id": 4587, -"keyword": "specification language tla"}, -{"id": 4588, -"keyword": "undesirable side-effect"}, {"id": 4589, -"keyword": "integers hurwitz"}, +"keyword": "entire development"}, {"id": 4590, -"keyword": "unprecedented time"}, +"keyword": "complicated proofs"}, {"id": 4591, -"keyword": "operations indirectly"}, +"keyword": "integer-indexed maps"}, {"id": 4592, -"keyword": "ribbon proofs emphasise"}, +"keyword": "large collection"}, {"id": 4593, -"keyword": "clause procedures gc"}, +"keyword": "unique program"}, {"id": 4594, -"keyword": "parser monad built"}, +"keyword": "time"}, {"id": 4595, -"keyword": "entry establishes syntax"}, +"keyword": "certificate language"}, {"id": 4596, -"keyword": "decreasing diagrams"}, +"keyword": "fixed probability"}, {"id": 4597, -"keyword": "linearly ordered borel-spaces"}, +"keyword": "lattice-based post-quantum cryptography"}, {"id": 4598, -"keyword": "imperative data structures"}, +"keyword": "array operations seamlessly integrate"}, {"id": 4599, -"keyword": "apply data refinement"}, +"keyword": "angelic nondeterministic choices"}, {"id": 4600, -"keyword": "limits exist"}, +"keyword": "specification language tla"}, {"id": 4601, -"keyword": "graham jameson"}, +"keyword": "undesirable side-effect"}, {"id": 4602, -"keyword": "uniformly coxeter"}, +"keyword": "integers hurwitz"}, {"id": 4603, -"keyword": "simple object calculus"}, +"keyword": "unprecedented time"}, {"id": 4604, -"keyword": "represent physical quantities"}, +"keyword": "operations indirectly"}, {"id": 4605, -"keyword": "constraint-system-based program analysis"}, +"keyword": "ribbon proofs emphasise"}, {"id": 4606, -"keyword": "economic behavior"}, +"keyword": "clause procedures gc"}, {"id": 4607, -"keyword": "locally finite"}, +"keyword": "parser monad built"}, {"id": 4608, -"keyword": "handling variable binding"}, +"keyword": "entry establishes syntax"}, {"id": 4609, -"keyword": "general possibility theorem"}, +"keyword": "declarative database query language"}, {"id": 4610, -"keyword": "collection framework"}, +"keyword": "decreasing diagrams"}, {"id": 4611, -"keyword": "feasible paths"}, +"keyword": "linearly ordered borel-spaces"}, {"id": 4612, -"keyword": "store buffering"}, +"keyword": "imperative data structures"}, {"id": 4613, -"keyword": "gamma"}, +"keyword": "apply data refinement"}, {"id": 4614, -"keyword": "understood problem"}, +"keyword": "limits exist"}, {"id": 4615, -"keyword": "dynamic refutational completeness"}, +"keyword": "graham jameson"}, {"id": 4616, -"keyword": "pascal schreck"}, +"keyword": "uniformly coxeter"}, {"id": 4617, -"keyword": "efficient checking"}, +"keyword": "simple object calculus"}, {"id": 4618, -"keyword": "program fulfilling"}, +"keyword": "represent physical quantities"}, {"id": 4619, -"keyword": "unified manner"}, +"keyword": "constraint-system-based program analysis"}, {"id": 4620, -"keyword": "assuming soundness"}, +"keyword": "economic behavior"}, {"id": 4621, -"keyword": "uniform boundedness principle"}, +"keyword": "locally finite"}, {"id": 4622, -"keyword": "residuated functions"}, +"keyword": "handling variable binding"}, {"id": 4623, -"keyword": "linux-style router"}, +"keyword": "general possibility theorem"}, {"id": 4624, -"keyword": "paper enriches hoare"}, +"keyword": "collection framework"}, {"id": 4625, -"keyword": "euro-mils project http"}, +"keyword": "feasible paths"}, {"id": 4626, -"keyword": "deque implementation"}, +"keyword": "store buffering"}, {"id": 4627, -"keyword": "international conference"}, +"keyword": "gamma"}, {"id": 4628, -"keyword": "greater computational cost"}, +"keyword": "understood problem"}, {"id": 4629, -"keyword": "minimal dfas"}, +"keyword": "dynamic refutational completeness"}, {"id": 4630, -"keyword": "noninterference security"}, +"keyword": "pascal schreck"}, {"id": 4631, -"keyword": "19th century number theory"}, +"keyword": "efficient checking"}, {"id": 4632, -"keyword": "strong properties"}, +"keyword": "program fulfilling"}, {"id": 4633, +"keyword": "unified manner"}, +{"id": 4634, +"keyword": "assuming soundness"}, +{"id": 4635, +"keyword": "uniform boundedness principle"}, +{"id": 4636, +"keyword": "residuated functions"}, +{"id": 4637, +"keyword": "linux-style router"}, +{"id": 4638, +"keyword": "paper enriches hoare"}, +{"id": 4639, +"keyword": "euro-mils project http"}, +{"id": 4640, +"keyword": "deque implementation"}, +{"id": 4641, +"keyword": "international conference"}, +{"id": 4642, +"keyword": "greater computational cost"}, +{"id": 4643, +"keyword": "minimal dfas"}, +{"id": 4644, +"keyword": "noninterference security"}, +{"id": 4645, +"keyword": "19th century number theory"}, +{"id": 4646, +"keyword": "strong properties"}, +{"id": 4647, "keyword": "one-dimensional case"}, -{"id": 4634, +{"id": 4648, "keyword": "generated document"}, -{"id": 4635, +{"id": 4649, "keyword": "measurable subset"}, -{"id": 4636, +{"id": 4650, "keyword": "behavior trace assertions"}, -{"id": 4637, +{"id": 4651, "keyword": "odd ranking"}, -{"id": 4638, +{"id": 4652, "keyword": "quartic equation"}, -{"id": 4639, +{"id": 4653, "keyword": "kind"}, -{"id": 4640, +{"id": 4654, "keyword": "sch18 anders schlichtkrull"}, -{"id": 4641, +{"id": 4655, "keyword": "classical statements"}, -{"id": 4642, +{"id": 4656, "keyword": "filtering behavior"}, -{"id": 4643, +{"id": 4657, "keyword": "general triangle"}, -{"id": 4644, +{"id": 4658, "keyword": "postponing soundness-critical admissibility checks"}, -{"id": 4645, +{"id": 4659, "keyword": "dynamic programming"}, -{"id": 4646, +{"id": 4660, "keyword": "modelling security"}, -{"id": 4647, +{"id": 4661, "keyword": "presburger arithmetic"}, -{"id": 4648, +{"id": 4662, "keyword": "erd odblac"}, -{"id": 4649, +{"id": 4663, "keyword": "fast number theoretic transform"}, -{"id": 4650, +{"id": 4664, "keyword": "positive integer"}, -{"id": 4651, +{"id": 4665, "keyword": "promising increased tolerance"}, -{"id": 4652, +{"id": 4666, "keyword": "probabilistic functions"}, -{"id": 4653, +{"id": 4667, "keyword": "featherweight ocl"}, -{"id": 4654, +{"id": 4668, "keyword": "concrete input"}, -{"id": 4655, +{"id": 4669, "keyword": "general setting"}, -{"id": 4656, +{"id": 4670, "keyword": "putnam exam problems"}, -{"id": 4657, +{"id": 4671, "keyword": "mechanized soundness proof"}, -{"id": 4658, +{"id": 4672, "keyword": "advanced replacement"}, -{"id": 4659, +{"id": 4673, "keyword": "syntax tree"}, -{"id": 4660, +{"id": 4674, "keyword": "rts algorithms select"}, -{"id": 4661, +{"id": 4675, "keyword": "efsm level"}, -{"id": 4662, +{"id": 4676, "keyword": "relation constraints"}, -{"id": 4663, +{"id": 4677, "keyword": "integers"}, -{"id": 4664, +{"id": 4678, "keyword": "presented formalization"}, -{"id": 4665, +{"id": 4679, "keyword": "topological proof"}, -{"id": 4666, +{"id": 4680, "keyword": "value-dependent noninterference property"}, -{"id": 4667, +{"id": 4681, "keyword": "consensus problem"}, -{"id": 4668, +{"id": 4682, "keyword": "drf guarantee"}, -{"id": 4669, +{"id": 4683, "keyword": "threshold probability"}, -{"id": 4670, +{"id": 4684, "keyword": "standard finite_map theory"}, -{"id": 4671, +{"id": 4685, "keyword": "logic programming"}, -{"id": 4672, +{"id": 4686, "keyword": "large tree automata"}, -{"id": 4673, +{"id": 4687, "keyword": "program construction"}, -{"id": 4674, +{"id": 4688, "keyword": "unlike traditional decision procedures"}, -{"id": 4675, +{"id": 4689, "keyword": "case"}, -{"id": 4676, +{"id": 4690, "keyword": "linear logics"}, -{"id": 4677, +{"id": 4691, "keyword": "free monoidal category"}, -{"id": 4678, +{"id": 4692, "keyword": "contribution reuses"}, -{"id": 4679, +{"id": 4693, "keyword": "smaller set"}, -{"id": 4680, +{"id": 4694, "keyword": "odd bernoulli numbers"}, -{"id": 4681, +{"id": 4695, "keyword": "axiomatic characterization"}, -{"id": 4682, +{"id": 4696, "keyword": "original article"}, -{"id": 4683, +{"id": 4697, "keyword": "useless zero-reductions"}, -{"id": 4684, +{"id": 4698, "keyword": "integer variables"}, -{"id": 4685, +{"id": 4699, "keyword": "important introductory theorems"}, -{"id": 4686, +{"id": 4700, "keyword": "proof due"}, -{"id": 4687, +{"id": 4701, "keyword": "common ground"}, -{"id": 4688, +{"id": 4702, "keyword": "terminated successfully"}, -{"id": 4689, +{"id": 4703, "keyword": "monadic interpreter"}, -{"id": 4690, +{"id": 4704, "keyword": "support negative joins"}, -{"id": 4691, +{"id": 4705, "keyword": "nontrivial size"}, -{"id": 4692, +{"id": 4706, "keyword": "ternary kripke frames"}, -{"id": 4693, +{"id": 4707, "keyword": "monolithic structure"}, -{"id": 4694, +{"id": 4708, "keyword": "immutable arrays"}, -{"id": 4695, +{"id": 4709, "keyword": "epsilon free top-"}, -{"id": 4696, -"keyword": "algebraic approach"}, -{"id": 4697, -"keyword": "completeness proofs naturally suggest"}, -{"id": 4698, -"keyword": "ifip networking 2016"}, -{"id": 4699, -"keyword": "integer lattice 8484"}, -{"id": 4700, -"keyword": "weak duality theorem"}, -{"id": 4701, -"keyword": "jinja source"}, -{"id": 4702, -"keyword": "finite stuttering"}, -{"id": 4703, -"keyword": "standard proof methods"}, -{"id": 4704, -"keyword": "executable emulator"}, -{"id": 4705, -"keyword": "leading power-product"}, -{"id": 4706, -"keyword": "global context"}, -{"id": 4707, -"keyword": "data transmission"}, -{"id": 4708, -"keyword": "coercion ord_of_nat"}, -{"id": 4709, -"keyword": "present proof development represents"}, {"id": 4710, -"keyword": "important specializations"}, +"keyword": "algebraic approach"}, {"id": 4711, -"keyword": "comprehension principle"}, +"keyword": "completeness proofs naturally suggest"}, {"id": 4712, -"keyword": "log log"}, +"keyword": "ifip networking 2016"}, {"id": 4713, +"keyword": "integer lattice 8484"}, +{"id": 4714, +"keyword": "weak duality theorem"}, +{"id": 4715, +"keyword": "jinja source"}, +{"id": 4716, +"keyword": "finite stuttering"}, +{"id": 4717, +"keyword": "standard proof methods"}, +{"id": 4718, +"keyword": "executable emulator"}, +{"id": 4719, +"keyword": "leading power-product"}, +{"id": 4720, +"keyword": "global context"}, +{"id": 4721, +"keyword": "data transmission"}, +{"id": 4722, +"keyword": "coercion ord_of_nat"}, +{"id": 4723, +"keyword": "present proof development represents"}, +{"id": 4724, +"keyword": "important specializations"}, +{"id": 4725, +"keyword": "comprehension principle"}, +{"id": 4726, +"keyword": "log log"}, +{"id": 4727, "keyword": "machine language"}, -{"id": 4714, +{"id": 4728, "keyword": "tensor product"}, -{"id": 4715, +{"id": 4729, "keyword": "minkowski space-time"}, -{"id": 4716, +{"id": 4730, "keyword": "ordered semirings"}, -{"id": 4717, +{"id": 4731, "keyword": "finite support"}, -{"id": 4718, +{"id": 4732, "keyword": "certifying primes"}, -{"id": 4719, +{"id": 4733, "keyword": "computational modeling"}, -{"id": 4720, +{"id": 4734, "keyword": "regular arithmetic geometric"}, -{"id": 4721, +{"id": 4735, "keyword": "marked regular expressions"}, -{"id": 4722, +{"id": 4736, "keyword": "9th international joint conference"}, -{"id": 4723, +{"id": 4737, "keyword": "term rewriting"}, -{"id": 4724, +{"id": 4738, "keyword": "maximum norm"}, -{"id": 4725, +{"id": 4739, "keyword": "combined result"}, -{"id": 4726, +{"id": 4740, "keyword": "unnamed initial segment"}, -{"id": 4727, +{"id": 4741, "keyword": "simulation-based security paradigms"}, -{"id": 4728, +{"id": 4742, "keyword": "fixpoint theorem"}, -{"id": 4729, +{"id": 4743, "keyword": "modified version"}, -{"id": 4730, +{"id": 4744, "keyword": "object-oriented data"}, -{"id": 4731, +{"id": 4745, "keyword": "modular hierarchy"}, -{"id": 4732, +{"id": 4746, "keyword": "finite-dimensional vector spaces"}, -{"id": 4733, +{"id": 4747, "keyword": "type"}, -{"id": 4734, +{"id": 4748, "keyword": "source code"}, -{"id": 4735, +{"id": 4749, "keyword": "trusted reference implementation"}, -{"id": 4736, -"keyword": "establish existence"}, -{"id": 4737, -"keyword": "compute short vectors"}, -{"id": 4738, -"keyword": "recursive functions"}, -{"id": 4739, -"keyword": "write access"}, -{"id": 4740, -"keyword": "applying sturm"}, -{"id": 4741, -"keyword": "regularity lemma"}, -{"id": 4742, -"keyword": "worst case"}, -{"id": 4743, -"keyword": "random bst"}, -{"id": 4744, -"keyword": "general attacker"}, -{"id": 4745, -"keyword": "base vectors"}, -{"id": 4746, -"keyword": "cofinitary group"}, -{"id": 4747, -"keyword": "system implies"}, -{"id": 4748, -"keyword": "johann bernoulli"}, -{"id": 4749, -"keyword": "ramanujan sums gauss sums"}, {"id": 4750, -"keyword": "axiomatic type classes"}, +"keyword": "establish existence"}, {"id": 4751, -"keyword": "stability"}, +"keyword": "compute short vectors"}, {"id": 4752, -"keyword": "word problem"}, +"keyword": "recursive functions"}, {"id": 4753, -"keyword": "notes introduction"}, +"keyword": "write access"}, {"id": 4754, -"keyword": "numerous applications"}, +"keyword": "applying sturm"}, {"id": 4755, -"keyword": "stothers theorem"}, +"keyword": "regularity lemma"}, {"id": 4756, -"keyword": "probabilistic data structure"}, +"keyword": "worst case"}, {"id": 4757, -"keyword": "kan extensions"}, +"keyword": "random bst"}, {"id": 4758, -"keyword": "cut admissibility"}, +"keyword": "general attacker"}, {"id": 4759, -"keyword": "additional password"}, +"keyword": "base vectors"}, {"id": 4760, -"keyword": "nat-bijection theory"}, +"keyword": "cofinitary group"}, {"id": 4761, -"keyword": "expected utility theory"}, +"keyword": "system implies"}, {"id": 4762, -"keyword": "language emptiness problem"}, +"keyword": "johann bernoulli"}, {"id": 4763, -"keyword": "generic worklist algorithm"}, +"keyword": "ramanujan sums gauss sums"}, {"id": 4764, -"keyword": "timed automata carries"}, +"keyword": "axiomatic type classes"}, {"id": 4765, -"keyword": "linear-time temporal logic"}, +"keyword": "stability"}, {"id": 4766, -"keyword": "safe navigation operations"}, +"keyword": "word problem"}, {"id": 4767, -"keyword": "generative probabilistic"}, +"keyword": "notes introduction"}, {"id": 4768, -"keyword": "derive notions"}, +"keyword": "numerous applications"}, {"id": 4769, -"keyword": "formalising single binder calculi"}, +"keyword": "stothers theorem"}, {"id": 4770, -"keyword": "high-level algorithm"}, +"keyword": "probabilistic data structure"}, {"id": 4771, -"keyword": "one-pass uniform substitutions"}, +"keyword": "kan extensions"}, {"id": 4772, -"keyword": "hidden markov models"}, +"keyword": "cut admissibility"}, {"id": 4773, -"keyword": "main theorem states"}, +"keyword": "additional password"}, {"id": 4774, -"keyword": "adaptive state counting"}, +"keyword": "nat-bijection theory"}, {"id": 4775, -"keyword": "kronecker tensor product"}, +"keyword": "expected utility theory"}, {"id": 4776, -"keyword": "current element"}, +"keyword": "language emptiness problem"}, {"id": 4777, -"keyword": "relation algebra"}, +"keyword": "generic worklist algorithm"}, {"id": 4778, -"keyword": "observation set"}, +"keyword": "timed automata carries"}, {"id": 4779, -"keyword": "minimisation"}, +"keyword": "linear-time temporal logic"}, {"id": 4780, -"keyword": "direct semantics"}, +"keyword": "safe navigation operations"}, {"id": 4781, -"keyword": "dynamic logics"}, +"keyword": "generative probabilistic"}, {"id": 4782, -"keyword": "remain anonymous"}, +"keyword": "derive notions"}, {"id": 4783, -"keyword": "generalized topological semantics"}, +"keyword": "formalising single binder calculi"}, {"id": 4784, -"keyword": "compiler composition"}, +"keyword": "high-level algorithm"}, {"id": 4785, -"keyword": "called concurrent transition systems"}, +"keyword": "one-pass uniform substitutions"}, {"id": 4786, -"keyword": "tensor analysis"}, +"keyword": "hidden markov models"}, {"id": 4787, -"keyword": "concrete laplace transforms"}, +"keyword": "main theorem states"}, {"id": 4788, -"keyword": "complex construction"}, +"keyword": "adaptive state counting"}, {"id": 4789, -"keyword": "publisher subscriber"}, +"keyword": "current element"}, {"id": 4790, -"keyword": "list interleavings"}, +"keyword": "relation algebra"}, {"id": 4791, -"keyword": "flows model"}, +"keyword": "observation set"}, {"id": 4792, -"keyword": "axioms set proposed"}, +"keyword": "minimisation"}, {"id": 4793, -"keyword": "similar construction"}, +"keyword": "direct semantics"}, {"id": 4794, +"keyword": "dynamic logics"}, +{"id": 4795, +"keyword": "remain anonymous"}, +{"id": 4796, +"keyword": "generalized topological semantics"}, +{"id": 4797, +"keyword": "compiler composition"}, +{"id": 4798, +"keyword": "called concurrent transition systems"}, +{"id": 4799, +"keyword": "tensor analysis"}, +{"id": 4800, +"keyword": "concrete laplace transforms"}, +{"id": 4801, +"keyword": "complex construction"}, +{"id": 4802, +"keyword": "publisher subscriber"}, +{"id": 4803, +"keyword": "list interleavings"}, +{"id": 4804, +"keyword": "flows model"}, +{"id": 4805, +"keyword": "axioms set proposed"}, +{"id": 4806, +"keyword": "similar construction"}, +{"id": 4807, "keyword": "features dynamic thread creation"}, -{"id": 4795, +{"id": 4808, "keyword": "random-permutation random-function switching lemma"}, -{"id": 4796, +{"id": 4809, "keyword": "defensive strategies"}, -{"id": 4797, +{"id": 4810, "keyword": "real world"}, -{"id": 4798, +{"id": 4811, "keyword": "function eval checking"}, -{"id": 4799, +{"id": 4812, "keyword": "disjoint sums"}, -{"id": 4800, +{"id": 4813, "keyword": "imperative implementation"}, -{"id": 4801, +{"id": 4814, "keyword": "large formalization efforts"}, -{"id": 4802, +{"id": 4815, "keyword": "term rewrite systems"}, -{"id": 4803, +{"id": 4816, "keyword": "programming languages support working"}, -{"id": 4804, +{"id": 4817, "keyword": "executable ml code"}, -{"id": 4805, +{"id": 4818, "keyword": "locally nameless representation"}, -{"id": 4806, +{"id": 4819, "keyword": "fault-tolerant midpoint algorithm"}, -{"id": 4807, +{"id": 4820, "keyword": "metatheoretical properties"}, -{"id": 4808, +{"id": 4821, "keyword": "strictly larger"}, -{"id": 4809, +{"id": 4822, "keyword": "direct application"}, -{"id": 4810, +{"id": 4823, "keyword": "runtime bounds"}, -{"id": 4811, +{"id": 4824, "keyword": "physical clocks"}, -{"id": 4812, +{"id": 4825, "keyword": "schultz refers"}, -{"id": 4813, +{"id": 4826, "keyword": "first-order logic metatheory"}, -{"id": 4814, +{"id": 4827, "keyword": "executable equivalence checker"}, -{"id": 4815, +{"id": 4828, "keyword": "computability theory"}, -{"id": 4816, +{"id": 4829, "keyword": "stellar quorum systems"}, -{"id": 4817, +{"id": 4830, "keyword": "sequence preserves fairness"}, -{"id": 4818, -"keyword": "single binders"}, -{"id": 4819, -"keyword": "microsoft research"}, -{"id": 4820, -"keyword": "square integrable functions"}, -{"id": 4821, -"keyword": "formal differentiation"}, -{"id": 4822, -"keyword": "logarithmic amortized complexity"}, -{"id": 4823, -"keyword": "tfrac 1 2 log"}, -{"id": 4824, -"keyword": "shared bdd"}, -{"id": 4825, -"keyword": "euclidean space indexed"}, -{"id": 4826, -"keyword": "multi-node extension"}, -{"id": 4827, -"keyword": "existing formal developments"}, -{"id": 4828, -"keyword": "stores key information"}, -{"id": 4829, -"keyword": "generic tactics"}, -{"id": 4830, -"keyword": "taking advantage"}, {"id": 4831, -"keyword": "article knight"}, +"keyword": "single binders"}, {"id": 4832, -"keyword": "output infinite sequences"}, +"keyword": "microsoft research"}, {"id": 4833, -"keyword": "universal turing machine entry"}, +"keyword": "square integrable functions"}, {"id": 4834, -"keyword": "traditional approach"}, +"keyword": "formal differentiation"}, {"id": 4835, -"keyword": "monoidal categories"}, +"keyword": "logarithmic amortized complexity"}, {"id": 4836, -"keyword": "knaster tarski theorem"}, +"keyword": "tfrac 1 2 log"}, {"id": 4837, -"keyword": "tool implementors"}, +"keyword": "shared bdd"}, {"id": 4838, -"keyword": "hol formalization"}, +"keyword": "euclidean space indexed"}, {"id": 4839, -"keyword": "achieve high expressiveness"}, +"keyword": "multi-node extension"}, {"id": 4840, -"keyword": "generic consistency ---"}, +"keyword": "existing formal developments"}, {"id": 4841, -"keyword": "ipv4 addresses"}, +"keyword": "stores key information"}, {"id": 4842, -"keyword": "operators combine"}, +"keyword": "generic tactics"}, {"id": 4843, -"keyword": "refinement relations"}, +"keyword": "taking advantage"}, {"id": 4844, -"keyword": "isafor ceta-system"}, +"keyword": "article knight"}, {"id": 4845, -"keyword": "dot-decimal notation"}, +"keyword": "practically worse time complexity"}, {"id": 4846, -"keyword": "allocation function allocates goods"}, +"keyword": "kronecker tensor product"}, {"id": 4847, -"keyword": "failure assumptions"}, +"keyword": "output infinite sequences"}, {"id": 4848, -"keyword": "reduction path"}, +"keyword": "universal turing machine entry"}, {"id": 4849, -"keyword": "spectral radius"}, +"keyword": "traditional approach"}, {"id": 4850, -"keyword": "imperative refinement framework"}, +"keyword": "monoidal categories"}, {"id": 4851, -"keyword": "sparse grid"}, +"keyword": "knaster tarski theorem"}, {"id": 4852, -"keyword": "generic construction"}, +"keyword": "tool implementors"}, {"id": 4853, -"keyword": "opposite case"}, +"keyword": "hol formalization"}, {"id": 4854, -"keyword": "sound syntactic criteria"}, +"keyword": "achieve high expressiveness"}, {"id": 4855, -"keyword": "noninterference proofs"}, +"keyword": "generic consistency ---"}, {"id": 4856, -"keyword": "easily obtained"}, +"keyword": "ipv4 addresses"}, {"id": 4857, -"keyword": "efficient imperative version"}, +"keyword": "operators combine"}, {"id": 4858, -"keyword": "mechanically supported logic analysis"}, +"keyword": "refinement relations"}, {"id": 4859, -"keyword": "time bounds"}, +"keyword": "isafor ceta-system"}, {"id": 4860, -"keyword": "terms"}, +"keyword": "dot-decimal notation"}, {"id": 4861, -"keyword": "proof rules"}, +"keyword": "allocation function allocates goods"}, {"id": 4862, -"keyword": "successively extending"}, +"keyword": "failure assumptions"}, {"id": 4863, -"keyword": "concrete algorithms implementations"}, +"keyword": "reduction path"}, {"id": 4864, -"keyword": "closure property"}, +"keyword": "spectral radius"}, {"id": 4865, -"keyword": "pattern poses"}, +"keyword": "imperative refinement framework"}, {"id": 4866, -"keyword": "sufficiently large inputs"}, +"keyword": "sparse grid"}, {"id": 4867, +"keyword": "generic construction"}, +{"id": 4868, +"keyword": "opposite case"}, +{"id": 4869, +"keyword": "sound syntactic criteria"}, +{"id": 4870, +"keyword": "noninterference proofs"}, +{"id": 4871, +"keyword": "easily obtained"}, +{"id": 4872, +"keyword": "efficient imperative version"}, +{"id": 4873, +"keyword": "mechanically supported logic analysis"}, +{"id": 4874, +"keyword": "time bounds"}, +{"id": 4875, +"keyword": "terms"}, +{"id": 4876, +"keyword": "proof rules"}, +{"id": 4877, +"keyword": "successively extending"}, +{"id": 4878, +"keyword": "concrete algorithms implementations"}, +{"id": 4879, +"keyword": "closure property"}, +{"id": 4880, +"keyword": "pattern poses"}, +{"id": 4881, +"keyword": "sufficiently large inputs"}, +{"id": 4882, "keyword": "reflexive transitive closure"}, -{"id": 4868, +{"id": 4883, "keyword": "real world distributed systems"}, -{"id": 4869, +{"id": 4884, "keyword": "wolfram engine"}, -{"id": 4870, +{"id": 4885, "keyword": "compositionality proofs"}, -{"id": 4871, +{"id": 4886, "keyword": "employs herbrand"}, -{"id": 4872, +{"id": 4887, "keyword": "extra-history change history"}, -{"id": 4873, +{"id": 4888, "keyword": "real component"}, -{"id": 4874, +{"id": 4889, "keyword": "replicated datatypes"}, -{"id": 4875, +{"id": 4890, "keyword": "solving markov decision processes"}, -{"id": 4876, -"keyword": "pure exchange economy"}, -{"id": 4877, -"keyword": "integer coefficients"}, -{"id": 4878, -"keyword": "initial states"}, -{"id": 4879, -"keyword": "good closure properties"}, -{"id": 4880, -"keyword": "faithful formalization"}, -{"id": 4881, -"keyword": "free basis"}, -{"id": 4882, -"keyword": "rational actors"}, -{"id": 4883, -"keyword": "functional automata"}, -{"id": 4884, -"keyword": "kleene star"}, -{"id": 4885, -"keyword": "effect polymorphism"}, -{"id": 4886, -"keyword": "kleene algebras remain"}, -{"id": 4887, -"keyword": "cancellative separation algebra"}, -{"id": 4888, -"keyword": "running time bounds"}, -{"id": 4889, -"keyword": "resulting hierarchy"}, -{"id": 4890, -"keyword": "word count program"}, {"id": 4891, -"keyword": "memory implementations"}, +"keyword": "pure exchange economy"}, {"id": 4892, -"keyword": "binding signature"}, +"keyword": "integer coefficients"}, {"id": 4893, -"keyword": "rational polynomials"}, +"keyword": "initial states"}, {"id": 4894, -"keyword": "polymorphic lambda-calculus extended"}, +"keyword": "good closure properties"}, {"id": 4895, -"keyword": "recursion combinator"}, +"keyword": "faithful formalization"}, {"id": 4896, -"keyword": "partial commutativity relationships"}, +"keyword": "free basis"}, {"id": 4897, -"keyword": "iptables match condition"}, +"keyword": "rational actors"}, {"id": 4898, -"keyword": "l-shaped tiles"}, +"keyword": "functional automata"}, {"id": 4899, -"keyword": "metric temporal logic"}, +"keyword": "kleene star"}, {"id": 4900, -"keyword": "verifying depth-"}, +"keyword": "effect polymorphism"}, {"id": 4901, -"keyword": "alpha_1 ldots beta_n"}, +"keyword": "kleene algebras remain"}, {"id": 4902, -"keyword": "basic notions"}, +"keyword": "cancellative separation algebra"}, {"id": 4903, -"keyword": "intransitive purge function"}, +"keyword": "running time bounds"}, {"id": 4904, -"keyword": "concurrent constraint pi-calculus"}, +"keyword": "resulting hierarchy"}, {"id": 4905, -"keyword": "automatize canonical tasks"}, +"keyword": "word count program"}, {"id": 4906, -"keyword": "unified translation approach"}, +"keyword": "memory implementations"}, {"id": 4907, +"keyword": "binding signature"}, +{"id": 4908, +"keyword": "rational polynomials"}, +{"id": 4909, +"keyword": "polymorphic lambda-calculus extended"}, +{"id": 4910, +"keyword": "recursion combinator"}, +{"id": 4911, +"keyword": "partial commutativity relationships"}, +{"id": 4912, +"keyword": "iptables match condition"}, +{"id": 4913, +"keyword": "l-shaped tiles"}, +{"id": 4914, +"keyword": "metric temporal logic"}, +{"id": 4915, +"keyword": "verifying depth-"}, +{"id": 4916, +"keyword": "alpha_1 ldots beta_n"}, +{"id": 4917, +"keyword": "basic notions"}, +{"id": 4918, +"keyword": "intransitive purge function"}, +{"id": 4919, +"keyword": "concurrent constraint pi-calculus"}, +{"id": 4920, +"keyword": "automatize canonical tasks"}, +{"id": 4921, +"keyword": "unified translation approach"}, +{"id": 4922, "keyword": "present sufficient conditions"}, -{"id": 4908, +{"id": 4923, "keyword": "inequality states"}, -{"id": 4909, +{"id": 4924, "keyword": "existing formal power series"}, -{"id": 4910, +{"id": 4925, "keyword": "transcendence"}, -{"id": 4911, +{"id": 4926, "keyword": "integers based"}, -{"id": 4912, +{"id": 4927, "keyword": "completely verified"}, -{"id": 4913, +{"id": 4928, "keyword": "worth noting"}, -{"id": 4914, +{"id": 4929, "keyword": "square matrices form"}, -{"id": 4915, +{"id": 4930, "keyword": "number-theoretic lemmas"}, -{"id": 4916, +{"id": 4931, "keyword": "analytic completeness proof covers"}, -{"id": 4917, +{"id": 4932, "keyword": "common theme"}, -{"id": 4918, +{"id": 4933, "keyword": "usual redundancy criteria based"}, -{"id": 4919, +{"id": 4934, "keyword": "fundamental building block"}, -{"id": 4920, +{"id": 4935, "keyword": "convergence function applied"}, -{"id": 4921, +{"id": 4936, "keyword": "transforming xml trees"}, -{"id": 4922, +{"id": 4937, "keyword": "speculative linearizability framework"}, -{"id": 4923, +{"id": 4938, "keyword": "holomorphic automorphisms"}, -{"id": 4924, +{"id": 4939, "keyword": "interactive theorem prover"}, -{"id": 4925, +{"id": 4940, +"keyword": "arbitrary rc query"}, +{"id": 4941, "keyword": "applied mathematics"}, -{"id": 4926, +{"id": 4942, "keyword": "policy iteration algorithms"}, -{"id": 4927, +{"id": 4943, "keyword": "ijcar 2006 paper"}, -{"id": 4928, +{"id": 4944, "keyword": "search tree"}, -{"id": 4929, +{"id": 4945, "keyword": "spatio-temporal multi-modal logic"}, -{"id": 4930, +{"id": 4946, "keyword": "imperative language imp"}, -{"id": 4931, +{"id": 4947, "keyword": "degenerate deterministic case"}, -{"id": 4932, +{"id": 4948, "keyword": "imperative hol programs"}, -{"id": 4933, +{"id": 4949, "keyword": "web standards"}, -{"id": 4934, +{"id": 4950, "keyword": "higher-order probabilistic programming languages"}, -{"id": 4935, +{"id": 4951, "keyword": "syntactic approximations"}, -{"id": 4936, +{"id": 4952, "keyword": "standard restrictions"}, -{"id": 4937, +{"id": 4953, "keyword": "executable automata"}, -{"id": 4938, +{"id": 4954, "keyword": "existing cc results"}, -{"id": 4939, +{"id": 4955, "keyword": "original functionality"}, -{"id": 4940, +{"id": 4956, "keyword": "non-atomic keys"}, -{"id": 4941, +{"id": 4957, "keyword": "asymptotically equivalent"}, -{"id": 4942, +{"id": 4958, "keyword": "describe formalization"}, -{"id": 4943, +{"id": 4959, "keyword": "intermediate relations"}, -{"id": 4944, +{"id": 4960, "keyword": "symbolic states"}, -{"id": 4945, +{"id": 4961, "keyword": "monetary supply grows"}, -{"id": 4946, +{"id": 4962, "keyword": "lazy list"}, -{"id": 4947, +{"id": 4963, "keyword": "healthcare iot system"}, -{"id": 4948, +{"id": 4964, "keyword": "standardization theorem"}, -{"id": 4949, +{"id": 4965, "keyword": "j3202"}, -{"id": 4950, +{"id": 4966, "keyword": "john harrison"}, -{"id": 4951, +{"id": 4967, "keyword": "complex roots"}, -{"id": 4952, +{"id": 4968, "keyword": "george boolos gave"}, -{"id": 4953, +{"id": 4969, "keyword": "adaptive test cases"}, -{"id": 4954, +{"id": 4970, "keyword": "markov chains"}, -{"id": 4955, +{"id": 4971, "keyword": "efficient executable algorithm"}, -{"id": 4956, -"keyword": "myhill-nerode theorem"}, -{"id": 4957, -"keyword": "single strip"}, -{"id": 4958, -"keyword": "risk-free lending protocol"}, -{"id": 4959, -"keyword": "simple specification"}, -{"id": 4960, -"keyword": "approximation error"}, -{"id": 4961, -"keyword": "isomorphism theorem"}, -{"id": 4962, -"keyword": "pretty printers"}, -{"id": 4963, -"keyword": "repeated opening"}, -{"id": 4964, -"keyword": "normal form property"}, -{"id": 4965, -"keyword": "program verification"}, -{"id": 4966, -"keyword": "classic dynamic programming algorithm"}, -{"id": 4967, -"keyword": "considerably shorter"}, -{"id": 4968, -"keyword": "familiar real-"}, -{"id": 4969, -"keyword": "computing optimal stable matches"}, -{"id": 4970, -"keyword": "original sturm"}, -{"id": 4971, -"keyword": "single-source shortest path function"}, {"id": 4972, -"keyword": "convergence function"}, +"keyword": "myhill-nerode theorem"}, {"id": 4973, -"keyword": "canonical set-theoretic constructions internalized"}, +"keyword": "single strip"}, {"id": 4974, -"keyword": "secure information flow"}, +"keyword": "risk-free lending protocol"}, {"id": 4975, -"keyword": "ocl standard"}, +"keyword": "simple specification"}, {"id": 4976, -"keyword": "soundness proof"}, +"keyword": "approximation error"}, {"id": 4977, -"keyword": "real analysis"}, +"keyword": "isomorphism theorem"}, {"id": 4978, -"keyword": "automata library"}, +"keyword": "pretty printers"}, {"id": 4979, -"keyword": "datatypes similar"}, +"keyword": "repeated opening"}, {"id": 4980, -"keyword": "formally verified clrs algorithms"}, +"keyword": "normal form property"}, {"id": 4981, -"keyword": "automated-theorem-proving assistant"}, +"keyword": "program verification"}, {"id": 4982, -"keyword": "paulson semantics-based approach"}, +"keyword": "classic dynamic programming algorithm"}, {"id": 4983, -"keyword": "turn outputs descriptions"}, +"keyword": "considerably shorter"}, {"id": 4984, -"keyword": "stone-kleene relation algebras"}, +"keyword": "familiar real-"}, {"id": 4985, -"keyword": "java se 8 specification"}, +"keyword": "computing optimal stable matches"}, {"id": 4986, -"keyword": "past operators"}, +"keyword": "original sturm"}, {"id": 4987, -"keyword": "primitive authentication construct"}, +"keyword": "single-source shortest path function"}, {"id": 4988, -"keyword": "matrix theory"}, +"keyword": "convergence function"}, {"id": 4989, -"keyword": "additional domain elements"}, +"keyword": "canonical set-theoretic constructions internalized"}, {"id": 4990, -"keyword": "informal presentation"}, +"keyword": "secure information flow"}, {"id": 4991, -"keyword": "simple inductive proof"}, +"keyword": "ocl standard"}, {"id": 4992, -"keyword": "company associating"}, +"keyword": "soundness proof"}, {"id": 4993, -"keyword": "c11 syntax deeply integrated"}, +"keyword": "real analysis"}, {"id": 4994, -"keyword": "anders schlichtkrull"}, +"keyword": "automata library"}, {"id": 4995, -"keyword": "generated test suite"}, +"keyword": "datatypes similar"}, {"id": 4996, -"keyword": "hol light"}, +"keyword": "formally verified clrs algorithms"}, {"id": 4997, -"keyword": "straightforward analytic proof"}, +"keyword": "automated-theorem-proving assistant"}, {"id": 4998, -"keyword": "comparing relations"}, +"keyword": "paulson semantics-based approach"}, {"id": 4999, -"keyword": "asymptotic expansions"}, +"keyword": "turn outputs descriptions"}, {"id": 5000, -"keyword": "abstract program"}, +"keyword": "stone-kleene relation algebras"}, {"id": 5001, -"keyword": "successful termination"}, +"keyword": "java se 8 specification"}, {"id": 5002, -"keyword": "future separation logic developments"}, +"keyword": "past operators"}, {"id": 5003, -"keyword": "guiding proof search"}, +"keyword": "primitive authentication construct"}, {"id": 5004, -"keyword": "undirected graphs"}, +"keyword": "matrix theory"}, {"id": 5005, -"keyword": "previous formalisation"}, +"keyword": "additional domain elements"}, {"id": 5006, -"keyword": "association lists"}, +"keyword": "informal presentation"}, {"id": 5007, -"keyword": "textbook first-order logic"}, +"keyword": "simple inductive proof"}, {"id": 5008, -"keyword": "concurrent value-dependent noninterference"}, +"keyword": "company associating"}, {"id": 5009, -"keyword": "textbook reasoning"}, +"keyword": "c11 syntax deeply integrated"}, {"id": 5010, -"keyword": "logical reasoning"}, +"keyword": "anders schlichtkrull"}, {"id": 5011, -"keyword": "program trace semantics"}, +"keyword": "generated test suite"}, {"id": 5012, -"keyword": "method calls"}, +"keyword": "hol light"}, {"id": 5013, -"keyword": "game theoretic issues"}, +"keyword": "straightforward analytic proof"}, {"id": 5014, -"keyword": "byte code"}, +"keyword": "comparing relations"}, {"id": 5015, -"keyword": "cantor pairing function"}, +"keyword": "asymptotic expansions"}, {"id": 5016, -"keyword": "potential negative cycles"}, +"keyword": "abstract program"}, {"id": 5017, -"keyword": "randomised skip list"}, +"keyword": "successful termination"}, {"id": 5018, -"keyword": "strengthen mertens"}, +"keyword": "future separation logic developments"}, {"id": 5019, -"keyword": "manual alpha-conversions"}, +"keyword": "guiding proof search"}, {"id": 5020, -"keyword": "mobile computing"}, +"keyword": "undirected graphs"}, {"id": 5021, -"keyword": "formalising cryptographic arguments"}, +"keyword": "previous formalisation"}, {"id": 5022, -"keyword": "reference implementation"}, +"keyword": "association lists"}, {"id": 5023, -"keyword": "simplify complex iptables rulests"}, +"keyword": "textbook first-order logic"}, {"id": 5024, -"keyword": "stieltjes constants"}, +"keyword": "concurrent value-dependent noninterference"}, {"id": 5025, -"keyword": "specific variants"}, +"keyword": "textbook reasoning"}, {"id": 5026, -"keyword": "faithful embedding"}, +"keyword": "logical reasoning"}, {"id": 5027, -"keyword": "continuous lattices"}, +"keyword": "program trace semantics"}, {"id": 5028, +"keyword": "method calls"}, +{"id": 5029, +"keyword": "game theoretic issues"}, +{"id": 5030, +"keyword": "byte code"}, +{"id": 5031, +"keyword": "cantor pairing function"}, +{"id": 5032, +"keyword": "potential negative cycles"}, +{"id": 5033, +"keyword": "randomised skip list"}, +{"id": 5034, +"keyword": "strengthen mertens"}, +{"id": 5035, +"keyword": "manual alpha-conversions"}, +{"id": 5036, +"keyword": "mobile computing"}, +{"id": 5037, +"keyword": "formalising cryptographic arguments"}, +{"id": 5038, +"keyword": "reference implementation"}, +{"id": 5039, +"keyword": "simplify complex iptables rulests"}, +{"id": 5040, +"keyword": "stieltjes constants"}, +{"id": 5041, +"keyword": "specific variants"}, +{"id": 5042, +"keyword": "faithful embedding"}, +{"id": 5043, +"keyword": "continuous lattices"}, +{"id": 5044, "keyword": "intermediate results"}, -{"id": 5029, +{"id": 5045, "keyword": "unified translation"}, -{"id": 5030, +{"id": 5046, "keyword": "autocorres tool"}, -{"id": 5031, +{"id": 5047, "keyword": "set category"}, -{"id": 5032, +{"id": 5048, "keyword": "model existence"}, -{"id": 5033, +{"id": 5049, "keyword": "factor ring"}, -{"id": 5034, +{"id": 5050, "keyword": "data-refinement techniques"}, -{"id": 5035, +{"id": 5051, "keyword": "nondeterminism monad"}, -{"id": 5036, -"keyword": "capture laws"}, -{"id": 5037, -"keyword": "resulting automata"}, -{"id": 5038, -"keyword": "normalizing strategy"}, -{"id": 5039, -"keyword": "non-negative weights w_1"}, -{"id": 5040, -"keyword": "red-black trees"}, -{"id": 5041, -"keyword": "key encapsulation mechanism"}, -{"id": 5042, -"keyword": "finite search space"}, -{"id": 5043, -"keyword": "replicated databases"}, -{"id": 5044, -"keyword": "concurrency control model"}, -{"id": 5045, -"keyword": "additional convenience"}, -{"id": 5046, -"keyword": "affine systems"}, -{"id": 5047, -"keyword": "parent clauses"}, -{"id": 5048, -"keyword": "elementary number theory"}, -{"id": 5049, -"keyword": "proof term checker embedded"}, -{"id": 5050, -"keyword": "distributed system"}, -{"id": 5051, -"keyword": "knight"}, {"id": 5052, -"keyword": "decision problem clique"}, +"keyword": "capture laws"}, {"id": 5053, -"keyword": "upcoming work principia logico-metaphysica"}, +"keyword": "resulting automata"}, {"id": 5054, -"keyword": "guarantee information flow noninterference"}, +"keyword": "normalizing strategy"}, {"id": 5055, -"keyword": "classical two-sided matching scenarios"}, +"keyword": "non-negative weights w_1"}, {"id": 5056, -"keyword": "large fragment"}, +"keyword": "red-black trees"}, {"id": 5057, -"keyword": "aforementioned consensus problem"}, +"keyword": "key encapsulation mechanism"}, {"id": 5058, -"keyword": "afp entry robinson_arithmetic"}, +"keyword": "finite search space"}, {"id": 5059, -"keyword": "divergence reflection"}, +"keyword": "replicated databases"}, {"id": 5060, -"keyword": "elegant proof"}, +"keyword": "concurrency control model"}, {"id": 5061, -"keyword": "alpha-equivalence classes"}, +"keyword": "additional convenience"}, {"id": 5062, -"keyword": "previous analogous"}, +"keyword": "affine systems"}, {"id": 5063, -"keyword": "operators"}, +"keyword": "parent clauses"}, {"id": 5064, -"keyword": "cc studies system classes"}, +"keyword": "elementary number theory"}, {"id": 5065, -"keyword": "automatically extracted scala code"}, +"keyword": "proof term checker embedded"}, {"id": 5066, -"keyword": "binding structure"}, +"keyword": "distributed system"}, {"id": 5067, -"keyword": "essential parts"}, +"keyword": "knight"}, {"id": 5068, +"keyword": "decision problem clique"}, +{"id": 5069, +"keyword": "upcoming work principia logico-metaphysica"}, +{"id": 5070, +"keyword": "guarantee information flow noninterference"}, +{"id": 5071, +"keyword": "classical two-sided matching scenarios"}, +{"id": 5072, +"keyword": "large fragment"}, +{"id": 5073, +"keyword": "aforementioned consensus problem"}, +{"id": 5074, +"keyword": "afp entry robinson_arithmetic"}, +{"id": 5075, +"keyword": "divergence reflection"}, +{"id": 5076, +"keyword": "elegant proof"}, +{"id": 5077, +"keyword": "alpha-equivalence classes"}, +{"id": 5078, +"keyword": "previous analogous"}, +{"id": 5079, +"keyword": "operators"}, +{"id": 5080, +"keyword": "cc studies system classes"}, +{"id": 5081, +"keyword": "automatically extracted scala code"}, +{"id": 5082, +"keyword": "binding structure"}, +{"id": 5083, +"keyword": "essential parts"}, +{"id": 5084, "keyword": "chamber complexes"}, -{"id": 5069, +{"id": 5085, "keyword": "quantum prisoner"}, -{"id": 5070, +{"id": 5086, "keyword": "generic algebraic middle-layer"}, -{"id": 5071, +{"id": 5087, "keyword": "cite swan"}, -{"id": 5072, +{"id": 5088, "keyword": "lower semicontinuous hull"}, -{"id": 5073, +{"id": 5089, "keyword": "maclaurin series"}, -{"id": 5074, +{"id": 5090, "keyword": "functional representation"}, -{"id": 5075, +{"id": 5091, "keyword": "state-merging technique"}, -{"id": 5076, +{"id": 5092, "keyword": "natural numbers 0"}, -{"id": 5077, +{"id": 5093, "keyword": "canonical matrix analogue"}, -{"id": 5078, +{"id": 5094, "keyword": "incorrectly initialized contract"}, -{"id": 5079, +{"id": 5095, "keyword": "generic framework"}, -{"id": 5080, +{"id": 5096, "keyword": "locale mechanism"}, -{"id": 5081, +{"id": 5097, "keyword": "test output formats"}, -{"id": 5082, +{"id": 5098, "keyword": "confidential events"}, -{"id": 5083, +{"id": 5099, "keyword": "ultimately refutational completeness"}, -{"id": 5084, +{"id": 5100, "keyword": "proofs require"}, -{"id": 5085, +{"id": 5101, +"keyword": "atomic predicates"}, +{"id": 5102, "keyword": "boolean algebra"}, -{"id": 5086, +{"id": 5103, "keyword": "remaining rules"}, -{"id": 5087, +{"id": 5104, "keyword": "fractional assertions"}, -{"id": 5088, +{"id": 5105, "keyword": "zout domains"}, -{"id": 5089, +{"id": 5106, "keyword": "abstract structures"}, -{"id": 5090, +{"id": 5107, "keyword": "deliberately formulated"}, -{"id": 5091, +{"id": 5108, "keyword": "boolean algebra type"}, -{"id": 5092, +{"id": 5109, "keyword": "mobius base logic"}, -{"id": 5093, +{"id": 5110, "keyword": "suitable setup"}, -{"id": 5094, +{"id": 5111, "keyword": "type class hierarchy"}, -{"id": 5095, +{"id": 5112, "keyword": "predicate satisfied"}, -{"id": 5096, +{"id": 5113, "keyword": "itp-2016 paper"}, -{"id": 5097, +{"id": 5114, "keyword": "axioms set suggested"}, -{"id": 5098, +{"id": 5115, "keyword": "finite partitioning"}, -{"id": 5099, +{"id": 5116, "keyword": "internal direct product"}, -{"id": 5100, +{"id": 5117, "keyword": "derive comparators"}, -{"id": 5101, +{"id": 5118, "keyword": "basic graph algorithms"}, -{"id": 5102, +{"id": 5119, "keyword": "mso formulas correspond"}, -{"id": 5103, +{"id": 5120, "keyword": "stateful connection semantics"}, -{"id": 5104, +{"id": 5121, "keyword": "correctness"}, -{"id": 5105, +{"id": 5122, "keyword": "major goal"}, -{"id": 5106, +{"id": 5123, "keyword": "fine-grained concurrency"}, -{"id": 5107, +{"id": 5124, "keyword": "handling inconsistency"}, -{"id": 5108, +{"id": 5125, "keyword": "employ messageless guard protocols"}, -{"id": 5109, +{"id": 5126, "keyword": "fundamental metaphysical theory"}, -{"id": 5110, +{"id": 5127, "keyword": "network model"}, -{"id": 5111, +{"id": 5128, "keyword": "co-inductive lists"}, -{"id": 5112, +{"id": 5129, "keyword": "hol experts"}, -{"id": 5113, +{"id": 5130, "keyword": "files chap02"}, -{"id": 5114, +{"id": 5131, "keyword": "sk sum"}, -{"id": 5115, +{"id": 5132, "keyword": "text book level"}, -{"id": 5116, -"keyword": "paper describing"}, -{"id": 5117, -"keyword": "normal series"}, -{"id": 5118, -"keyword": "msc thesis sch15"}, -{"id": 5119, -"keyword": "argument"}, -{"id": 5120, -"keyword": "minimal space usage"}, -{"id": 5121, -"keyword": "ieee-754 floating-point arithmetic"}, -{"id": 5122, -"keyword": "verifying functional programs"}, -{"id": 5123, -"keyword": "subtle algorithmic mechanisms"}, -{"id": 5124, -"keyword": "approximative version"}, -{"id": 5125, -"keyword": "triangle removal lemma"}, -{"id": 5126, -"keyword": "abstract execution model"}, -{"id": 5127, -"keyword": "gr bner basis"}, -{"id": 5128, -"keyword": "main novelty"}, -{"id": 5129, -"keyword": "internal path length relates"}, -{"id": 5130, -"keyword": "incrementally check"}, -{"id": 5131, -"keyword": "random graph"}, -{"id": 5132, -"keyword": "lattice point"}, {"id": 5133, -"keyword": "concurrent refinement algebra"}, +"keyword": "paper describing"}, {"id": 5134, -"keyword": "cryptographic hash-function ripemd-160"}, +"keyword": "normal series"}, {"id": 5135, -"keyword": "peculiar mapping argument"}, +"keyword": "msc thesis sch15"}, {"id": 5136, -"keyword": "countable chain condition"}, +"keyword": "argument"}, {"id": 5137, -"keyword": "gdpr compliance verification"}, +"keyword": "minimal space usage"}, {"id": 5138, -"keyword": "elementary facts"}, +"keyword": "ieee-754 floating-point arithmetic"}, {"id": 5139, -"keyword": "formalisation"}, +"keyword": "verifying functional programs"}, {"id": 5140, -"keyword": "automated theorem prover"}, +"keyword": "subtle algorithmic mechanisms"}, {"id": 5141, -"keyword": "entry adds quickcheck setup"}, +"keyword": "approximative version"}, {"id": 5142, -"keyword": "regular expression equivalence"}, +"keyword": "triangle removal lemma"}, {"id": 5143, -"keyword": "complex analysis"}, +"keyword": "abstract execution model"}, {"id": 5144, -"keyword": "complete formal development"}, +"keyword": "gr bner basis"}, {"id": 5145, -"keyword": "real-world programming languages"}, +"keyword": "main novelty"}, {"id": 5146, -"keyword": "call arity"}, +"keyword": "internal path length relates"}, {"id": 5147, -"keyword": "refused events"}, +"keyword": "incrementally check"}, {"id": 5148, -"keyword": "formal proof"}, +"keyword": "random graph"}, {"id": 5149, +"keyword": "lattice point"}, +{"id": 5150, +"keyword": "concurrent refinement algebra"}, +{"id": 5151, +"keyword": "cryptographic hash-function ripemd-160"}, +{"id": 5152, +"keyword": "peculiar mapping argument"}, +{"id": 5153, +"keyword": "countable chain condition"}, +{"id": 5154, +"keyword": "gdpr compliance verification"}, +{"id": 5155, +"keyword": "elementary facts"}, +{"id": 5156, +"keyword": "non-deterministic algorithm"}, +{"id": 5157, +"keyword": "formalisation"}, +{"id": 5158, +"keyword": "automated theorem prover"}, +{"id": 5159, +"keyword": "entry adds quickcheck setup"}, +{"id": 5160, +"keyword": "regular expression equivalence"}, +{"id": 5161, +"keyword": "complex analysis"}, +{"id": 5162, +"keyword": "complete formal development"}, +{"id": 5163, +"keyword": "real-world programming languages"}, +{"id": 5164, +"keyword": "call arity"}, +{"id": 5165, +"keyword": "refused events"}, +{"id": 5166, +"keyword": "formal proof"}, +{"id": 5167, "keyword": "method normalises applicative expressions"}, -{"id": 5150, +{"id": 5168, "keyword": "winding number"}, -{"id": 5151, +{"id": 5169, "keyword": "unpublished specialized algorithms"}, -{"id": 5152, +{"id": 5170, "keyword": "hoare logic based"}, -{"id": 5153, +{"id": 5171, "keyword": "desired interval"}, -{"id": 5154, +{"id": 5172, "keyword": "mainstream structures"}, -{"id": 5155, +{"id": 5173, "keyword": "object logic zfc"}, -{"id": 5156, +{"id": 5174, "keyword": "state proofs"}, -{"id": 5157, +{"id": 5175, "keyword": "representing legal agreements"}, -{"id": 5158, +{"id": 5176, "keyword": "basic material"}, -{"id": 5159, +{"id": 5177, "keyword": "interest accrued"}, -{"id": 5160, +{"id": 5178, "keyword": "classical ai planning"}, -{"id": 5161, +{"id": 5179, "keyword": "chosen uniformly"}, -{"id": 5162, +{"id": 5180, "keyword": "rank-nullity theorem"}, -{"id": 5163, +{"id": 5181, "keyword": "tactic code"}, -{"id": 5164, +{"id": 5182, "keyword": "fully executable functional implementation"}, -{"id": 5165, +{"id": 5183, "keyword": "yoneda functor"}, -{"id": 5166, +{"id": 5184, "keyword": "limits"}, -{"id": 5167, +{"id": 5185, "keyword": "arbitrary classes"}, -{"id": 5168, +{"id": 5186, "keyword": "creating custom induction"}, -{"id": 5169, +{"id": 5187, "keyword": "interval arithmetic"}, -{"id": 5170, +{"id": 5188, "keyword": "full range"}, -{"id": 5171, +{"id": 5189, "keyword": "ssa"}, -{"id": 5172, +{"id": 5190, "keyword": "verified"}, -{"id": 5173, +{"id": 5191, "keyword": "inference system presented"}, -{"id": 5174, +{"id": 5192, "keyword": "bindings-aware induction"}, -{"id": 5175, +{"id": 5193, "keyword": "infinitesimal components"}, -{"id": 5176, -"keyword": "contextual equivalence"}, -{"id": 5177, -"keyword": "applied non-classical logics 2005"}, -{"id": 5178, -"keyword": "noncommuting words form"}, -{"id": 5179, -"keyword": "providing formalizations"}, -{"id": 5180, -"keyword": "autonomous vehicle manufacturers"}, -{"id": 5181, -"keyword": "algorithm aims"}, -{"id": 5182, -"keyword": "paper describes"}, -{"id": 5183, -"keyword": "cambridge university press 2001"}, -{"id": 5184, -"keyword": "priority queue"}, -{"id": 5185, -"keyword": "applicative functor"}, -{"id": 5186, -"keyword": "space usage"}, -{"id": 5187, -"keyword": "analyse system structure oriented"}, -{"id": 5188, -"keyword": "unverified tools"}, -{"id": 5189, -"keyword": "complete graphs"}, -{"id": 5190, -"keyword": "standard theorems"}, -{"id": 5191, -"keyword": "valid parameters"}, -{"id": 5192, -"keyword": "conduct machine checkable proofs"}, -{"id": 5193, -"keyword": "proof-carrying-code style encoding"}, {"id": 5194, -"keyword": "analogous languages"}, +"keyword": "contextual equivalence"}, {"id": 5195, -"keyword": "friendship theorem"}, +"keyword": "applied non-classical logics 2005"}, {"id": 5196, -"keyword": "mathematical machinery"}, +"keyword": "noncommuting words form"}, {"id": 5197, +"keyword": "providing formalizations"}, +{"id": 5198, +"keyword": "autonomous vehicle manufacturers"}, +{"id": 5199, +"keyword": "algorithm aims"}, +{"id": 5200, +"keyword": "paper describes"}, +{"id": 5201, +"keyword": "cambridge university press 2001"}, +{"id": 5202, +"keyword": "priority queue"}, +{"id": 5203, +"keyword": "applicative functor"}, +{"id": 5204, +"keyword": "space usage"}, +{"id": 5205, +"keyword": "analyse system structure oriented"}, +{"id": 5206, +"keyword": "unverified tools"}, +{"id": 5207, +"keyword": "complete graphs"}, +{"id": 5208, +"keyword": "standard theorems"}, +{"id": 5209, +"keyword": "valid parameters"}, +{"id": 5210, +"keyword": "conduct machine checkable proofs"}, +{"id": 5211, +"keyword": "proof-carrying-code style encoding"}, +{"id": 5212, +"keyword": "analogous languages"}, +{"id": 5213, +"keyword": "friendship theorem"}, +{"id": 5214, +"keyword": "mathematical machinery"}, +{"id": 5215, "keyword": "non-deterministic automata"}, -{"id": 5198, +{"id": 5216, "keyword": "formal proof closely"}, -{"id": 5199, +{"id": 5217, "keyword": "shorter refinement proofs"}, -{"id": 5200, +{"id": 5218, "keyword": "modeling firewall policies"}, -{"id": 5201, +{"id": 5219, "keyword": "standard estimations"}, -{"id": 5202, +{"id": 5220, "keyword": "group"}, -{"id": 5203, +{"id": 5221, "keyword": "axiomatic theory"}, -{"id": 5204, +{"id": 5222, "keyword": "syntactic formula"}, -{"id": 5205, +{"id": 5223, "keyword": "faulty process"}, -{"id": 5206, +{"id": 5224, "keyword": "verified decision procedures"}, -{"id": 5207, +{"id": 5225, "keyword": "resp"}, -{"id": 5208, +{"id": 5226, "keyword": "projective spaces"}, -{"id": 5209, +{"id": 5227, "keyword": "uniform proof"}, -{"id": 5210, +{"id": 5228, "keyword": "resolution theorem proving chapter"}, -{"id": 5211, +{"id": 5229, "keyword": "deductive program verification"}, -{"id": 5212, +{"id": 5230, "keyword": "entire cosmedis network"}, -{"id": 5213, +{"id": 5231, "keyword": "adaptive state counting algorithm"}, -{"id": 5214, +{"id": 5232, "keyword": "policy"}, -{"id": 5215, +{"id": 5233, "keyword": "autonomous vehicle liable"}, -{"id": 5216, -"keyword": "minimal ssa form"}, -{"id": 5217, -"keyword": "powerset construction mapping nfas"}, -{"id": 5218, -"keyword": "transition paths"}, -{"id": 5219, -"keyword": "execution time compares"}, -{"id": 5220, -"keyword": "complexity analysis"}, -{"id": 5221, -"keyword": "achieve bottom-"}, -{"id": 5222, -"keyword": "protocol analysis tools"}, -{"id": 5223, -"keyword": "progress tracking protocol"}, -{"id": 5224, -"keyword": "cryptographic constructions"}, -{"id": 5225, -"keyword": "gamma function"}, -{"id": 5226, -"keyword": "theorem 2"}, -{"id": 5227, -"keyword": "wikipedia articles"}, -{"id": 5228, -"keyword": "textbook ramsey theory"}, -{"id": 5229, -"keyword": "weakest-precondition entailment"}, -{"id": 5230, -"keyword": "subsumes lexicographic path orders"}, -{"id": 5231, -"keyword": "accessed independently"}, -{"id": 5232, -"keyword": "sparcv8 cpu simulator"}, -{"id": 5233, -"keyword": "maximal load factors"}, {"id": 5234, -"keyword": "mergesort algorithm"}, +"keyword": "minimal ssa form"}, {"id": 5235, -"keyword": "bendix orders"}, +"keyword": "powerset construction mapping nfas"}, {"id": 5236, -"keyword": "general theorem"}, +"keyword": "transition paths"}, {"id": 5237, -"keyword": "residuated boolean algebra"}, +"keyword": "execution time compares"}, {"id": 5238, -"keyword": "maclaurin formula"}, +"keyword": "complexity analysis"}, {"id": 5239, -"keyword": "partial sums"}, +"keyword": "achieve bottom-"}, {"id": 5240, -"keyword": "recursively enumerable set"}, +"keyword": "protocol analysis tools"}, {"id": 5241, -"keyword": "mathematical framework"}, +"keyword": "progress tracking protocol"}, {"id": 5242, -"keyword": "inf-preserving predicate transformers"}, +"keyword": "cryptographic constructions"}, {"id": 5243, -"keyword": "timely dataflow"}, +"keyword": "gamma function"}, {"id": 5244, -"keyword": "paracomplete logics"}, +"keyword": "theorem 2"}, {"id": 5245, -"keyword": "binary search trees"}, +"keyword": "wikipedia articles"}, {"id": 5246, -"keyword": "pronounced lambda auth"}, +"keyword": "textbook ramsey theory"}, {"id": 5247, -"keyword": "simple imperative language imp"}, +"keyword": "weakest-precondition entailment"}, {"id": 5248, -"keyword": "subseteq alpha"}, +"keyword": "subsumes lexicographic path orders"}, {"id": 5249, -"keyword": "skip lists"}, +"keyword": "accessed independently"}, {"id": 5250, -"keyword": "empty rows"}, +"keyword": "sparcv8 cpu simulator"}, {"id": 5251, -"keyword": "present version hol-csp profits"}, +"keyword": "maximal load factors"}, {"id": 5252, -"keyword": "formal framework"}, +"keyword": "mergesort algorithm"}, {"id": 5253, -"keyword": "first-order unification algorithm"}, +"keyword": "bendix orders"}, {"id": 5254, -"keyword": "tree-regular languages"}, +"keyword": "general theorem"}, {"id": 5255, -"keyword": "first-order prover"}, +"keyword": "residuated boolean algebra"}, {"id": 5256, -"keyword": "highly probable assumption"}, +"keyword": "maclaurin formula"}, {"id": 5257, -"keyword": "differential_dynamic_logic article"}, +"keyword": "partial sums"}, {"id": 5258, -"keyword": "form bigwedge_"}, +"keyword": "recursively enumerable set"}, {"id": 5259, -"keyword": "important correctness property"}, +"keyword": "mathematical framework"}, {"id": 5260, -"keyword": "key aspect"}, +"keyword": "inf-preserving predicate transformers"}, {"id": 5261, -"keyword": "positive fractions"}, +"keyword": "timely dataflow"}, {"id": 5262, -"keyword": "mechanized proof"}, +"keyword": "paracomplete logics"}, {"id": 5263, -"keyword": "equality holds"}, +"keyword": "binary search trees"}, {"id": 5264, -"keyword": "theorems state propositions"}, +"keyword": "pronounced lambda auth"}, {"id": 5265, -"keyword": "generated inputs"}, +"keyword": "simple imperative language imp"}, {"id": 5266, -"keyword": "diagrammatic proof system"}, +"keyword": "subseteq alpha"}, {"id": 5267, -"keyword": "deutsch-schorr-waite graph marking algorithm"}, +"keyword": "skip lists"}, {"id": 5268, -"keyword": "convert regular expressions"}, +"keyword": "empty rows"}, {"id": 5269, -"keyword": "monotone boolean functions"}, +"keyword": "present version hol-csp profits"}, {"id": 5270, -"keyword": "prior formalization attempt"}, +"keyword": "formal framework"}, {"id": 5271, -"keyword": "circus processes"}, +"keyword": "first-order unification algorithm"}, {"id": 5272, -"keyword": "verify properties"}, +"keyword": "tree-regular languages"}, {"id": 5273, -"keyword": "concrete programming language"}, +"keyword": "first-order prover"}, {"id": 5274, -"keyword": "non-functional requirements"}, +"keyword": "highly probable assumption"}, {"id": 5275, -"keyword": "limiting parallels axiom"}, +"keyword": "differential_dynamic_logic article"}, {"id": 5276, -"keyword": "webassembly language"}, +"keyword": "form bigwedge_"}, {"id": 5277, -"keyword": "8th event"}, +"keyword": "important correctness property"}, {"id": 5278, +"keyword": "key aspect"}, +{"id": 5279, +"keyword": "positive fractions"}, +{"id": 5280, +"keyword": "mechanized proof"}, +{"id": 5281, +"keyword": "equality holds"}, +{"id": 5282, +"keyword": "theorems state propositions"}, +{"id": 5283, +"keyword": "generated inputs"}, +{"id": 5284, +"keyword": "diagrammatic proof system"}, +{"id": 5285, +"keyword": "deutsch-schorr-waite graph marking algorithm"}, +{"id": 5286, +"keyword": "convert regular expressions"}, +{"id": 5287, +"keyword": "monotone boolean functions"}, +{"id": 5288, +"keyword": "prior formalization attempt"}, +{"id": 5289, +"keyword": "circus processes"}, +{"id": 5290, +"keyword": "verify properties"}, +{"id": 5291, +"keyword": "concrete programming language"}, +{"id": 5292, +"keyword": "non-functional requirements"}, +{"id": 5293, +"keyword": "limiting parallels axiom"}, +{"id": 5294, +"keyword": "webassembly language"}, +{"id": 5295, +"keyword": "8th event"}, +{"id": 5296, "keyword": "local type definitions"}, -{"id": 5279, +{"id": 5297, "keyword": "approximation quality solely depends"}, -{"id": 5280, +{"id": 5298, "keyword": "protocol"}, -{"id": 5281, +{"id": 5299, "keyword": "2 scalar product"}, -{"id": 5282, +{"id": 5300, "keyword": "unique decomposition"}, -{"id": 5283, +{"id": 5301, "keyword": "florian kammueller"}, -{"id": 5284, +{"id": 5302, "keyword": "stepwise program refinement techniques"}, -{"id": 5285, +{"id": 5303, "keyword": "ungeneralised counterparts"}, -{"id": 5286, +{"id": 5304, "keyword": "auxiliary type"}, -{"id": 5287, +{"id": 5305, "keyword": "internal execution clocking"}, -{"id": 5288, +{"id": 5306, "keyword": "concurrent behaviour"}, -{"id": 5289, +{"id": 5307, "keyword": "primitive data types"}, -{"id": 5290, +{"id": 5308, "keyword": "systems communication plays"}, -{"id": 5291, +{"id": 5309, "keyword": "complementary error function erfc"}, -{"id": 5292, +{"id": 5310, "keyword": "functions learnable"}, -{"id": 5293, +{"id": 5311, "keyword": "concrete applicative functor"}, -{"id": 5294, +{"id": 5312, "keyword": "case combinators"}, -{"id": 5295, +{"id": 5313, "keyword": "infinite series"}, -{"id": 5296, +{"id": 5314, "keyword": "woots strong eventual consistency"}, -{"id": 5297, +{"id": 5315, "keyword": "yamada 2"}, -{"id": 5298, +{"id": 5316, "keyword": "isafol project isafol"}, -{"id": 5299, +{"id": 5317, "keyword": "events"}, -{"id": 5300, +{"id": 5318, "keyword": "derive mertens"}, -{"id": 5301, +{"id": 5319, "keyword": "operational semantics"}, -{"id": 5302, +{"id": 5320, "keyword": "match expression"}, -{"id": 5303, +{"id": 5321, "keyword": "paper assumptions"}, -{"id": 5304, +{"id": 5322, "keyword": "affine arithmetic"}, -{"id": 5305, +{"id": 5323, "keyword": "standard protocol descriptions based"}, -{"id": 5306, +{"id": 5324, "keyword": "easily expandable"}, -{"id": 5307, +{"id": 5325, "keyword": "tsinakis conditions"}, -{"id": 5308, +{"id": 5326, "keyword": "binary temporal operators"}, -{"id": 5309, +{"id": 5327, "keyword": "javier esparza"}, -{"id": 5310, +{"id": 5328, "keyword": "afp entry dynamic architectures"}, -{"id": 5311, +{"id": 5329, "keyword": "total correctness proof"}, -{"id": 5312, +{"id": 5330, "keyword": "timothy gowers"}, -{"id": 5313, +{"id": 5331, "keyword": "directed security policies"}, -{"id": 5314, +{"id": 5332, "keyword": "one-sided sequent calculus"}, -{"id": 5315, +{"id": 5333, "keyword": "hybrid logic"}, -{"id": 5316, +{"id": 5334, "keyword": "authentication mechanisms employed call"}, -{"id": 5317, +{"id": 5335, "keyword": "maximum determination"}, -{"id": 5318, +{"id": 5336, "keyword": "unwinding results"}, -{"id": 5319, +{"id": 5337, "keyword": "general scheme"}, -{"id": 5320, +{"id": 5338, "keyword": "substantial performance penalty"}, -{"id": 5321, +{"id": 5339, "keyword": "propositional logic"}, -{"id": 5322, +{"id": 5340, "keyword": "lehmer presented criterions"}, -{"id": 5323, +{"id": 5341, "keyword": "witnessing diamonds"}, -{"id": 5324, +{"id": 5342, "keyword": "mutilated chess board"}, -{"id": 5325, +{"id": 5343, "keyword": "formally verified"}, -{"id": 5326, +{"id": 5344, "keyword": "w_1 ldots w_n 1"}, -{"id": 5327, +{"id": 5345, "keyword": "real vectors spaces"}, -{"id": 5328, +{"id": 5346, "keyword": "establish sound type-system-"}, -{"id": 5329, +{"id": 5347, "keyword": "future related mechanisation efforts"}, -{"id": 5330, +{"id": 5348, "keyword": "compare complements"}, -{"id": 5331, +{"id": 5349, "keyword": "concrete system"}, -{"id": 5332, +{"id": 5350, "keyword": "compatible formalization"}, -{"id": 5333, +{"id": 5351, "keyword": "active domain"}, -{"id": 5334, +{"id": 5352, "keyword": "informal proof"}, -{"id": 5335, +{"id": 5353, "keyword": "leftmost reduction theorem"}, -{"id": 5336, +{"id": 5354, "keyword": "verify-- philosophical arguments"}, -{"id": 5337, -"keyword": "number partitions"}, -{"id": 5338, -"keyword": "rewrite rules"}, -{"id": 5339, -"keyword": "monochromatic line"}, -{"id": 5340, -"keyword": "monotonic boolean transformers"}, -{"id": 5341, -"keyword": "designs"}, -{"id": 5342, -"keyword": "fundamental banach spaces"}, -{"id": 5343, -"keyword": "swierczkowski ndash"}, -{"id": 5344, -"keyword": "eponym ijcar 2020 paper"}, -{"id": 5345, -"keyword": "expressing smart contracts"}, -{"id": 5346, -"keyword": "key properties"}, -{"id": 5347, -"keyword": "effectively executable algorithm"}, -{"id": 5348, -"keyword": "generalise relation algebras"}, -{"id": 5349, -"keyword": "abstract representation"}, -{"id": 5350, -"keyword": "abstract theory"}, -{"id": 5351, -"keyword": "desired precision"}, -{"id": 5352, -"keyword": "compiled code"}, -{"id": 5353, -"keyword": "odd-set cover osc"}, -{"id": 5354, -"keyword": "maintaining knowledge"}, {"id": 5355, -"keyword": "sophisticated languages"}, +"keyword": "number partitions"}, {"id": 5356, -"keyword": "function eval solves capturability"}, +"keyword": "rewrite rules"}, {"id": 5357, -"keyword": "operational properties"}, +"keyword": "monochromatic line"}, {"id": 5358, +"keyword": "monotonic boolean transformers"}, +{"id": 5359, +"keyword": "designs"}, +{"id": 5360, +"keyword": "fundamental banach spaces"}, +{"id": 5361, +"keyword": "swierczkowski ndash"}, +{"id": 5362, +"keyword": "eponym ijcar 2020 paper"}, +{"id": 5363, +"keyword": "expressing smart contracts"}, +{"id": 5364, +"keyword": "key properties"}, +{"id": 5365, +"keyword": "effectively executable algorithm"}, +{"id": 5366, +"keyword": "generalise relation algebras"}, +{"id": 5367, +"keyword": "abstract representation"}, +{"id": 5368, +"keyword": "abstract theory"}, +{"id": 5369, +"keyword": "desired precision"}, +{"id": 5370, +"keyword": "compiled code"}, +{"id": 5371, +"keyword": "odd-set cover osc"}, +{"id": 5372, +"keyword": "maintaining knowledge"}, +{"id": 5373, +"keyword": "sophisticated languages"}, +{"id": 5374, +"keyword": "function eval solves capturability"}, +{"id": 5375, +"keyword": "operational properties"}, +{"id": 5376, "keyword": "curve operations"}, -{"id": 5359, +{"id": 5377, "keyword": "alternative interpretation"}, -{"id": 5360, +{"id": 5378, "keyword": "significantly larger"}, -{"id": 5361, +{"id": 5379, "keyword": "automatic tactics"}, -{"id": 5362, +{"id": 5380, "keyword": "gewirth"}, -{"id": 5363, +{"id": 5381, "keyword": "theorem states"}, -{"id": 5364, +{"id": 5382, "keyword": "previous axiomatic encoding"}, -{"id": 5365, +{"id": 5383, "keyword": "cauchy index"}, -{"id": 5366, +{"id": 5384, "keyword": "tree width"}, -{"id": 5367, +{"id": 5385, "keyword": "effectively decide ideal membership"}, -{"id": 5368, +{"id": 5386, "keyword": "gmw protocol"}, -{"id": 5369, +{"id": 5387, "keyword": "multi-party computation"}, -{"id": 5370, +{"id": 5388, "keyword": "low edge probability"}, -{"id": 5371, +{"id": 5389, "keyword": "static refutational completeness"}, -{"id": 5372, +{"id": 5390, "keyword": "incoming edges equals"}, -{"id": 5373, +{"id": 5391, "keyword": "tail-recursive function"}, -{"id": 5374, +{"id": 5392, "keyword": "all-pairs shortest paths problem"}, -{"id": 5375, +{"id": 5393, "keyword": "initial specification"}, -{"id": 5376, +{"id": 5394, "keyword": "time sufficient properties"}, -{"id": 5377, -"keyword": "symmetry properties"}, -{"id": 5378, -"keyword": "probabilistic functional programming language"}, -{"id": 5379, -"keyword": "fixed set"}, -{"id": 5380, -"keyword": "reflexive-transitive closures"}, -{"id": 5381, -"keyword": "racing effects"}, -{"id": 5382, -"keyword": "dbm-based forward analysis"}, -{"id": 5383, -"keyword": "formal verification"}, -{"id": 5384, -"keyword": "compositional invariant proofs"}, -{"id": 5385, -"keyword": "defining functions"}, -{"id": 5386, -"keyword": "correctness proof"}, -{"id": 5387, -"keyword": "smt"}, -{"id": 5388, -"keyword": "separation logic formulae"}, -{"id": 5389, -"keyword": "catalan numbers"}, -{"id": 5390, -"keyword": "deriving approximative safety properties"}, -{"id": 5391, -"keyword": "keeping track"}, -{"id": 5392, -"keyword": "polar form transformation"}, -{"id": 5393, -"keyword": "counting sort making"}, -{"id": 5394, -"keyword": "interval calculus"}, {"id": 5395, -"keyword": "countable networks"}, +"keyword": "symmetry properties"}, {"id": 5396, -"keyword": "generated code"}, +"keyword": "probabilistic functional programming language"}, {"id": 5397, -"keyword": "christian urban"}, +"keyword": "fixed set"}, {"id": 5398, -"keyword": "modify nodes"}, +"keyword": "reflexive-transitive closures"}, {"id": 5399, -"keyword": "security systems"}, +"keyword": "racing effects"}, {"id": 5400, -"keyword": "unsorted first-order logic"}, +"keyword": "dbm-based forward analysis"}, {"id": 5401, -"keyword": "generalising tla action formulas"}, +"keyword": "formal verification"}, {"id": 5402, -"keyword": "collecting semantics"}, +"keyword": "compositional invariant proofs"}, {"id": 5403, -"keyword": "single partial composition operation"}, +"keyword": "defining functions"}, {"id": 5404, -"keyword": "guarantee minimality"}, +"keyword": "correctness proof"}, {"id": 5405, -"keyword": "data stream"}, +"keyword": "smt"}, {"id": 5406, -"keyword": "search trees based"}, +"keyword": "separation logic formulae"}, {"id": 5407, -"keyword": "financial products"}, +"keyword": "catalan numbers"}, {"id": 5408, -"keyword": "universal turing machine"}, +"keyword": "deriving approximative safety properties"}, {"id": 5409, -"keyword": "nonzero rational number"}, +"keyword": "keeping track"}, {"id": 5410, -"keyword": "unrestricted rules"}, +"keyword": "polar form transformation"}, {"id": 5411, -"keyword": "efficient version"}, +"keyword": "counting sort making"}, {"id": 5412, -"keyword": "specification mechanism"}, +"keyword": "interval calculus"}, {"id": 5413, -"keyword": "rts algorithm"}, +"keyword": "countable networks"}, {"id": 5414, -"keyword": "dirichlet"}, +"keyword": "generated code"}, {"id": 5415, -"keyword": "involve polynomial interpretations"}, +"keyword": "christian urban"}, {"id": 5416, -"keyword": "resulting proof system"}, +"keyword": "modify nodes"}, {"id": 5417, -"keyword": "newton interpolation"}, +"keyword": "security systems"}, {"id": 5418, -"keyword": "arrow-debreu model"}, +"keyword": "unsorted first-order logic"}, {"id": 5419, -"keyword": "complex algebraic numbers"}, +"keyword": "generalising tla action formulas"}, {"id": 5420, -"keyword": "regular operations"}, +"keyword": "collecting semantics"}, {"id": 5421, -"keyword": "infinite-dimensional vector spaces"}, +"keyword": "single partial composition operation"}, {"id": 5422, -"keyword": "tool box allowing"}, +"keyword": "guarantee minimality"}, {"id": 5423, -"keyword": "elementary measure theory"}, +"keyword": "data stream"}, {"id": 5424, -"keyword": "false alarms"}, +"keyword": "search trees based"}, {"id": 5425, -"keyword": "generic unwinding theorem"}, +"keyword": "financial products"}, {"id": 5426, -"keyword": "program compositions"}, +"keyword": "original query evaluates"}, {"id": 5427, -"keyword": "org vol-3002 paper7"}, +"keyword": "universal turing machine"}, {"id": 5428, -"keyword": "knot theory"}, +"keyword": "nonzero rational number"}, {"id": 5429, -"keyword": "formal model"}, +"keyword": "unrestricted rules"}, {"id": 5430, -"keyword": "abstract interpreter operate"}, +"keyword": "efficient version"}, {"id": 5431, -"keyword": "hom embedding"}, +"keyword": "specification mechanism"}, {"id": 5432, -"keyword": "zeroth frequency moment"}, +"keyword": "rts algorithm"}, {"id": 5433, -"keyword": "bnf-based datatype package"}, +"keyword": "dirichlet"}, {"id": 5434, -"keyword": "classic notion"}, +"keyword": "involve polynomial interpretations"}, {"id": 5435, -"keyword": "projective space geometry"}, +"keyword": "resulting proof system"}, {"id": 5436, -"keyword": "free"}, +"keyword": "newton interpolation"}, {"id": 5437, -"keyword": "small-step semantics instrumented"}, +"keyword": "arrow-debreu model"}, {"id": 5438, -"keyword": "reproduced faithfully"}, +"keyword": "complex algebraic numbers"}, {"id": 5439, +"keyword": "regular operations"}, +{"id": 5440, +"keyword": "infinite-dimensional vector spaces"}, +{"id": 5441, +"keyword": "tool box allowing"}, +{"id": 5442, +"keyword": "elementary measure theory"}, +{"id": 5443, +"keyword": "false alarms"}, +{"id": 5444, +"keyword": "generic unwinding theorem"}, +{"id": 5445, +"keyword": "program compositions"}, +{"id": 5446, +"keyword": "org vol-3002 paper7"}, +{"id": 5447, +"keyword": "knot theory"}, +{"id": 5448, +"keyword": "formal model"}, +{"id": 5449, +"keyword": "abstract interpreter operate"}, +{"id": 5450, +"keyword": "hom embedding"}, +{"id": 5451, +"keyword": "zeroth frequency moment"}, +{"id": 5452, +"keyword": "bnf-based datatype package"}, +{"id": 5453, +"keyword": "classic notion"}, +{"id": 5454, +"keyword": "projective space geometry"}, +{"id": 5455, +"keyword": "free"}, +{"id": 5456, +"keyword": "small-step semantics instrumented"}, +{"id": 5457, +"keyword": "reproduced faithfully"}, +{"id": 5458, "keyword": "strong eventual consistency guarantees"}, -{"id": 5440, +{"id": 5459, "keyword": "sparcv8 cpu"}, -{"id": 5441, +{"id": 5460, "keyword": "poincar disc model"}, -{"id": 5442, +{"id": 5461, "keyword": "called learnable"}, -{"id": 5443, +{"id": 5462, "keyword": "variants"}, -{"id": 5444, +{"id": 5463, "keyword": "cartesian monoidal categories"}, -{"id": 5445, +{"id": 5464, "keyword": "deterministic list update algorithms"}, -{"id": 5446, +{"id": 5465, "keyword": "quad int_0 1"}, -{"id": 5447, +{"id": 5466, "keyword": "levi identities"}, -{"id": 5448, +{"id": 5467, "keyword": "applicative functors augment computations"}, -{"id": 5449, +{"id": 5468, "keyword": "therories describe hoare logics"}, -{"id": 5450, +{"id": 5469, "keyword": "list"}, -{"id": 5451, +{"id": 5470, "keyword": "abstract algebra"}, -{"id": 5452, +{"id": 5471, "keyword": "verifying practical algorithms"}, -{"id": 5453, +{"id": 5472, "keyword": "neutral social decision scheme"}, -{"id": 5454, +{"id": 5473, "keyword": "data refinement techniques"}, -{"id": 5455, +{"id": 5474, "keyword": "concrete data structures"}, -{"id": 5456, +{"id": 5475, "keyword": "basic number-theoretic functions related"}, -{"id": 5457, -"keyword": "mfodl supports real-time constraints"}, -{"id": 5458, -"keyword": "geometric interpretation"}, -{"id": 5459, -"keyword": "minsky configurations"}, -{"id": 5460, -"keyword": "stepwise refinement based approach"}, -{"id": 5461, -"keyword": "concrete lower bound"}, -{"id": 5462, -"keyword": "textual language"}, -{"id": 5463, -"keyword": "elementary proof"}, -{"id": 5464, -"keyword": "originally reported"}, -{"id": 5465, -"keyword": "lu cleverly extended"}, -{"id": 5466, -"keyword": "efficient arrays"}, -{"id": 5467, -"keyword": "basic blocks"}, -{"id": 5468, -"keyword": "represent objects"}, -{"id": 5469, -"keyword": "iterative interpretive process"}, -{"id": 5470, -"keyword": "simple algebraic basis"}, -{"id": 5471, -"keyword": "basic algebra leading"}, -{"id": 5472, -"keyword": "volpano smith-style noninterference notions"}, -{"id": 5473, -"keyword": "composable security statements"}, -{"id": 5474, -"keyword": "important functions"}, -{"id": 5475, -"keyword": "core notion"}, {"id": 5476, -"keyword": "complex"}, +"keyword": "mfodl supports real-time constraints"}, {"id": 5477, -"keyword": "model-level og proof"}, +"keyword": "geometric interpretation"}, {"id": 5478, -"keyword": "simplify program verification"}, +"keyword": "minsky configurations"}, {"id": 5479, -"keyword": "constant intersect designs"}, +"keyword": "stepwise refinement based approach"}, {"id": 5480, -"keyword": "folder commonset"}, +"keyword": "concrete lower bound"}, {"id": 5481, -"keyword": "type checker"}, +"keyword": "textual language"}, {"id": 5482, -"keyword": "hol light version"}, +"keyword": "elementary proof"}, {"id": 5483, -"keyword": "formal summation"}, +"keyword": "originally reported"}, {"id": 5484, -"keyword": "key establishment protocols"}, +"keyword": "lu cleverly extended"}, {"id": 5485, -"keyword": "linear transformations"}, +"keyword": "efficient arrays"}, {"id": 5486, -"keyword": "bicolano operational semantics"}, +"keyword": "basic blocks"}, {"id": 5487, -"keyword": "elementary infrastructure"}, +"keyword": "represent objects"}, {"id": 5488, -"keyword": "nominal logic formalism"}, +"keyword": "iterative interpretive process"}, {"id": 5489, -"keyword": "efficient monpoly monitoring tool"}, +"keyword": "simple algebraic basis"}, {"id": 5490, -"keyword": "complex library"}, +"keyword": "basic algebra leading"}, {"id": 5491, -"keyword": "ceta system"}, +"keyword": "volpano smith-style noninterference notions"}, {"id": 5492, -"keyword": "standard disassembly tool objdump"}, +"keyword": "composable security statements"}, {"id": 5493, -"keyword": "binary relations"}, +"keyword": "important functions"}, {"id": 5494, -"keyword": "cover monotonic security invariants"}, +"keyword": "core notion"}, {"id": 5495, -"keyword": "simple paper proof"}, +"keyword": "complex"}, {"id": 5496, -"keyword": "global model"}, +"keyword": "model-level og proof"}, {"id": 5497, -"keyword": "derive"}, +"keyword": "simplify program verification"}, {"id": 5498, -"keyword": "relativize paulson"}, +"keyword": "constant intersect designs"}, {"id": 5499, -"keyword": "normed space"}, +"keyword": "folder commonset"}, {"id": 5500, -"keyword": "radix sort"}, +"keyword": "type checker"}, {"id": 5501, -"keyword": "proof step"}, +"keyword": "hol light version"}, {"id": 5502, -"keyword": "declassification bounds"}, +"keyword": "formal summation"}, {"id": 5503, -"keyword": "original version"}, +"keyword": "key establishment protocols"}, {"id": 5504, -"keyword": "stimulus structure"}, +"keyword": "linear transformations"}, {"id": 5505, -"keyword": "protocol verification"}, +"keyword": "relative safety"}, {"id": 5506, -"keyword": "higher entity"}, +"keyword": "bicolano operational semantics"}, {"id": 5507, -"keyword": "arithmetic logical operations"}, +"keyword": "elementary infrastructure"}, {"id": 5508, -"keyword": "require eventual consistency"}, +"keyword": "nominal logic formalism"}, {"id": 5509, -"keyword": "skip blocks"}, +"keyword": "efficient monpoly monitoring tool"}, {"id": 5510, -"keyword": "subterm coefficient functions"}, +"keyword": "complex library"}, {"id": 5511, -"keyword": "tla axioms"}, +"keyword": "ceta system"}, {"id": 5512, +"keyword": "standard disassembly tool objdump"}, +{"id": 5513, +"keyword": "binary relations"}, +{"id": 5514, +"keyword": "cover monotonic security invariants"}, +{"id": 5515, +"keyword": "simple paper proof"}, +{"id": 5516, +"keyword": "global model"}, +{"id": 5517, +"keyword": "derive"}, +{"id": 5518, +"keyword": "relativize paulson"}, +{"id": 5519, +"keyword": "normed space"}, +{"id": 5520, +"keyword": "radix sort"}, +{"id": 5521, +"keyword": "proof step"}, +{"id": 5522, +"keyword": "declassification bounds"}, +{"id": 5523, +"keyword": "original version"}, +{"id": 5524, +"keyword": "stimulus structure"}, +{"id": 5525, +"keyword": "protocol verification"}, +{"id": 5526, +"keyword": "higher entity"}, +{"id": 5527, +"keyword": "arithmetic logical operations"}, +{"id": 5528, +"keyword": "require eventual consistency"}, +{"id": 5529, +"keyword": "skip blocks"}, +{"id": 5530, +"keyword": "subterm coefficient functions"}, +{"id": 5531, +"keyword": "tla axioms"}, +{"id": 5532, "keyword": "afp package"}, -{"id": 5513, +{"id": 5533, "keyword": "alphabetised relational calculus"}, -{"id": 5514, +{"id": 5534, "keyword": "infinite"}, -{"id": 5515, +{"id": 5535, "keyword": "unify correctness statements"}, -{"id": 5516, +{"id": 5536, "keyword": "representing documents"}, -{"id": 5517, +{"id": 5537, "keyword": "complete semantic tableau calculus"}, -{"id": 5518, +{"id": 5538, "keyword": "domain-relation map satisfying"}, -{"id": 5519, +{"id": 5539, "keyword": "abstract convergence theorem"}, -{"id": 5520, +{"id": 5540, "keyword": "normal functions"}, -{"id": 5521, +{"id": 5541, "keyword": "language determinism"}, -{"id": 5522, +{"id": 5542, "keyword": "comparatively small subset"}, -{"id": 5523, +{"id": 5543, "keyword": "independent runs"}, -{"id": 5524, +{"id": 5544, "keyword": "principal ideal domains"}, -{"id": 5525, +{"id": 5545, "keyword": "write specifications"}, -{"id": 5526, +{"id": 5546, "keyword": "pairwise balanced designs"}, -{"id": 5527, +{"id": 5547, "keyword": "original presentation"}, -{"id": 5528, +{"id": 5548, "keyword": "verified type checker"}, -{"id": 5529, +{"id": 5549, "keyword": "conflict-free replicated data types"}, -{"id": 5530, +{"id": 5550, "keyword": "inverse function"}, -{"id": 5531, +{"id": 5551, "keyword": "underlying local hidden-variable theory"}, -{"id": 5532, +{"id": 5552, "keyword": "stream fusion library"}, -{"id": 5533, +{"id": 5553, "keyword": "program verification competition"}, -{"id": 5534, +{"id": 5554, "keyword": "primitives"}, -{"id": 5535, +{"id": 5555, "keyword": "finite measure preserving systems"}, -{"id": 5536, +{"id": 5556, "keyword": "verified functional skew heaps"}, -{"id": 5537, -"keyword": "completed versions"}, -{"id": 5538, -"keyword": "fixed upper bound"}, -{"id": 5539, -"keyword": "chosen abstractions"}, -{"id": 5540, -"keyword": "composition properties wrt"}, -{"id": 5541, -"keyword": "dfs-based algorithms"}, -{"id": 5542, -"keyword": "rules applying"}, -{"id": 5543, -"keyword": "logarithmic upper bound"}, -{"id": 5544, -"keyword": "incidence system properties"}, -{"id": 5545, -"keyword": "small imperative language imp"}, -{"id": 5546, -"keyword": "certified complex root isolation"}, -{"id": 5547, -"keyword": "linear constraints"}, -{"id": 5548, -"keyword": "algebraically independent"}, -{"id": 5549, -"keyword": "double exponential"}, -{"id": 5550, -"keyword": "monotone maps"}, -{"id": 5551, -"keyword": "verified ssa construction"}, -{"id": 5552, -"keyword": "reachability analysis"}, -{"id": 5553, -"keyword": "prime power"}, -{"id": 5554, -"keyword": "applications ranging"}, -{"id": 5555, -"keyword": "distributed environment"}, -{"id": 5556, -"keyword": "octonionic product"}, {"id": 5557, -"keyword": "event lists varying"}, +"keyword": "completed versions"}, {"id": 5558, -"keyword": "notably holcf"}, +"keyword": "fixed upper bound"}, {"id": 5559, -"keyword": "call path authorization"}, +"keyword": "chosen abstractions"}, {"id": 5560, -"keyword": "presentation"}, +"keyword": "composition properties wrt"}, {"id": 5561, -"keyword": "efficiently executable code"}, +"keyword": "dfs-based algorithms"}, {"id": 5562, -"keyword": "simple proofs"}, +"keyword": "rules applying"}, {"id": 5563, -"keyword": "independent modules"}, +"keyword": "logarithmic upper bound"}, {"id": 5564, -"keyword": "holzf theory"}, +"keyword": "incidence system properties"}, {"id": 5565, -"keyword": "state monad"}, +"keyword": "small imperative language imp"}, {"id": 5566, -"keyword": "random pivot choice"}, +"keyword": "certified complex root isolation"}, {"id": 5567, -"keyword": "concurrent revisions"}, +"keyword": "linear constraints"}, {"id": 5568, -"keyword": "reduced row echelon form"}, +"keyword": "algebraically independent"}, {"id": 5569, -"keyword": "number-theoretic results"}, +"keyword": "double exponential"}, {"id": 5570, -"keyword": "subterm property"}, +"keyword": "monotone maps"}, {"id": 5571, -"keyword": "basis reduction"}, +"keyword": "verified ssa construction"}, {"id": 5572, -"keyword": "bkr algorithm"}, +"keyword": "reachability analysis"}, {"id": 5573, -"keyword": "case study revealed"}, +"keyword": "prime power"}, {"id": 5574, -"keyword": "dynamic declassification triggers"}, +"keyword": "applications ranging"}, {"id": 5575, -"keyword": "machine-checked correctness theorems"}, +"keyword": "distributed environment"}, {"id": 5576, -"keyword": "hereditary multisets"}, +"keyword": "octonionic product"}, {"id": 5577, -"keyword": "dana scott"}, +"keyword": "event lists varying"}, {"id": 5578, -"keyword": "fourier sequences"}, +"keyword": "notably holcf"}, {"id": 5579, -"keyword": "collections framework"}, +"keyword": "call path authorization"}, {"id": 5580, -"keyword": "relational core"}, +"keyword": "presentation"}, {"id": 5581, -"keyword": "infinite set"}, +"keyword": "efficiently executable code"}, {"id": 5582, -"keyword": "real error function erf"}, +"keyword": "simple proofs"}, {"id": 5583, -"keyword": "verifying safety properties"}, +"keyword": "independent modules"}, {"id": 5584, -"keyword": "modal collapse"}, +"keyword": "holzf theory"}, {"id": 5585, -"keyword": "differential dynamics logic"}, +"keyword": "state monad"}, {"id": 5586, -"keyword": "hilbert systems"}, +"keyword": "random pivot choice"}, {"id": 5587, -"keyword": "development establishes"}, +"keyword": "concurrent revisions"}, {"id": 5588, -"keyword": "quad text"}, +"keyword": "reduced row echelon form"}, {"id": 5589, -"keyword": "rely condition generalised"}, +"keyword": "number-theoretic results"}, {"id": 5590, -"keyword": "prefix order"}, +"keyword": "subterm property"}, {"id": 5591, -"keyword": "closure properties"}, +"keyword": "basis reduction"}, {"id": 5592, -"keyword": "negative cycles"}, +"keyword": "bkr algorithm"}, {"id": 5593, +"keyword": "case study revealed"}, +{"id": 5594, +"keyword": "dynamic declassification triggers"}, +{"id": 5595, +"keyword": "machine-checked correctness theorems"}, +{"id": 5596, +"keyword": "hereditary multisets"}, +{"id": 5597, +"keyword": "dana scott"}, +{"id": 5598, +"keyword": "fourier sequences"}, +{"id": 5599, +"keyword": "collections framework"}, +{"id": 5600, +"keyword": "relational core"}, +{"id": 5601, +"keyword": "infinite set"}, +{"id": 5602, +"keyword": "real error function erf"}, +{"id": 5603, +"keyword": "verifying safety properties"}, +{"id": 5604, +"keyword": "modal collapse"}, +{"id": 5605, +"keyword": "differential dynamics logic"}, +{"id": 5606, +"keyword": "hilbert systems"}, +{"id": 5607, +"keyword": "development establishes"}, +{"id": 5608, +"keyword": "quad text"}, +{"id": 5609, +"keyword": "rely condition generalised"}, +{"id": 5610, +"keyword": "prefix order"}, +{"id": 5611, +"keyword": "closure properties"}, +{"id": 5612, +"keyword": "negative cycles"}, +{"id": 5613, "keyword": "generalized intervals"}, -{"id": 5594, +{"id": 5614, "keyword": "input programs"}, -{"id": 5595, +{"id": 5615, "keyword": "common-sense theory"}, -{"id": 5596, +{"id": 5616, "keyword": "standard semantics"}, -{"id": 5597, +{"id": 5617, "keyword": "omega-complete non-orders"}] \ No newline at end of file diff --git a/web/dependencies/collections/index.html b/web/dependencies/collections/index.html --- a/web/dependencies/collections/index.html +++ b/web/dependencies/collections/index.html @@ -1,233 +1,240 @@ Collections - Archive of Formal Proofs

Collections Dependents

2022

+

2021

2019

2017

2016

2015

2014

2013

2012

2011

2009

2007

\ No newline at end of file diff --git a/web/dependencies/collections/index.xml b/web/dependencies/collections/index.xml --- a/web/dependencies/collections/index.xml +++ b/web/dependencies/collections/index.xml @@ -1,173 +1,182 @@ Collections on Archive of Formal Proofs /dependencies/collections/ Recent content in Collections on Archive of Formal Proofs Hugo -- gohugo.io en-gb - Mon, 31 Jan 2022 00:00:00 +0000 + Wed, 28 Sep 2022 00:00:00 +0000 + + Making Arbitrary Relational Calculus Queries Safe-Range + /entries/Safe_Range_RC.html + Wed, 28 Sep 2022 00:00:00 +0000 + + /entries/Safe_Range_RC.html + + + A Sequent Calculus Prover for First-Order Logic with Functions /entries/FOL_Seq_Calc2.html Mon, 31 Jan 2022 00:00:00 +0000 /entries/FOL_Seq_Calc2.html Gale-Shapley Algorithm /entries/Gale_Shapley.html Wed, 29 Dec 2021 00:00:00 +0000 /entries/Gale_Shapley.html Kruskal's Algorithm for Minimum Spanning Forest /entries/Kruskal.html Thu, 14 Feb 2019 00:00:00 +0000 /entries/Kruskal.html Transition Systems and Automata /entries/Transition_Systems_and_Automata.html Thu, 19 Oct 2017 00:00:00 +0000 /entries/Transition_Systems_and_Automata.html The Imperative Refinement Framework /entries/Refine_Imperative_HOL.html Mon, 08 Aug 2016 00:00:00 +0000 /entries/Refine_Imperative_HOL.html Algorithms for Reduced Ordered Binary Decision Diagrams /entries/ROBDD.html Wed, 27 Apr 2016 00:00:00 +0000 /entries/ROBDD.html Verified Construction of Static Single Assignment Form /entries/Formal_SSA.html Fri, 05 Feb 2016 00:00:00 +0000 /entries/Formal_SSA.html Deriving class instances for datatypes /entries/Deriving.html Wed, 11 Mar 2015 00:00:00 +0000 /entries/Deriving.html The CAVA Automata Library /entries/CAVA_Automata.html Wed, 28 May 2014 00:00:00 +0000 /entries/CAVA_Automata.html Abstract Completeness /entries/Abstract_Completeness.html Wed, 16 Apr 2014 00:00:00 +0000 /entries/Abstract_Completeness.html Light-weight Containers /entries/Containers.html Mon, 15 Apr 2013 00:00:00 +0000 /entries/Containers.html A Separation Logic Framework for Imperative HOL /entries/Separation_Logic_Imperative_HOL.html Wed, 14 Nov 2012 00:00:00 +0000 /entries/Separation_Logic_Imperative_HOL.html Ordinary Differential Equations /entries/Ordinary_Differential_Equations.html Thu, 26 Apr 2012 00:00:00 +0000 /entries/Ordinary_Differential_Equations.html Dijkstra's Shortest Path Algorithm /entries/Dijkstra_Shortest_Path.html Mon, 30 Jan 2012 00:00:00 +0000 /entries/Dijkstra_Shortest_Path.html Executable Transitive Closures of Finite Relations /entries/Transitive-Closure.html Mon, 14 Mar 2011 00:00:00 +0000 /entries/Transitive-Closure.html Collections Framework /entries/Collections.html Wed, 25 Nov 2009 00:00:00 +0000 /entries/Collections.html Tree Automata /entries/Tree-Automata.html Wed, 25 Nov 2009 00:00:00 +0000 /entries/Tree-Automata.html Jinja with Threads /entries/JinjaThreads.html Mon, 03 Dec 2007 00:00:00 +0000 /entries/JinjaThreads.html diff --git a/web/dependencies/deriving/index.html b/web/dependencies/deriving/index.html --- a/web/dependencies/deriving/index.html +++ b/web/dependencies/deriving/index.html @@ -1,181 +1,190 @@ Deriving - Archive of Formal Proofs

Deriving Dependents

-

2021

+

2022

+ + +

2021

2019

2016

2015

2014

2013

2012

\ No newline at end of file diff --git a/web/dependencies/deriving/index.xml b/web/dependencies/deriving/index.xml --- a/web/dependencies/deriving/index.xml +++ b/web/dependencies/deriving/index.xml @@ -1,119 +1,128 @@ Deriving on Archive of Formal Proofs /dependencies/deriving/ Recent content in Deriving on Archive of Formal Proofs Hugo -- gohugo.io en-gb - Tue, 23 Nov 2021 00:00:00 +0000 + Wed, 28 Sep 2022 00:00:00 +0000 + + Making Arbitrary Relational Calculus Queries Safe-Range + /entries/Safe_Range_RC.html + Wed, 28 Sep 2022 00:00:00 +0000 + + /entries/Safe_Range_RC.html + + + van Emde Boas Trees /entries/Van_Emde_Boas_Trees.html Tue, 23 Nov 2021 00:00:00 +0000 /entries/Van_Emde_Boas_Trees.html A Compositional and Unified Translation of LTL into ω-Automata /entries/LTL_Master_Theorem.html Tue, 16 Apr 2019 00:00:00 +0000 /entries/LTL_Master_Theorem.html Gröbner Bases Theory /entries/Groebner_Bases.html Mon, 02 May 2016 00:00:00 +0000 /entries/Groebner_Bases.html Derivatives of Logical Formulas /entries/Formula_Derivatives.html Thu, 28 May 2015 00:00:00 +0000 /entries/Formula_Derivatives.html Haskell's Show Class in Isabelle/HOL /entries/Show.html Tue, 29 Jul 2014 00:00:00 +0000 /entries/Show.html Decision Procedures for MSO on Words Based on Derivatives of Regular Expressions /entries/MSO_Regex_Equivalence.html Thu, 12 Jun 2014 00:00:00 +0000 /entries/MSO_Regex_Equivalence.html The CAVA Automata Library /entries/CAVA_Automata.html Wed, 28 May 2014 00:00:00 +0000 /entries/CAVA_Automata.html Affine Arithmetic /entries/Affine_Arithmetic.html Fri, 07 Feb 2014 00:00:00 +0000 /entries/Affine_Arithmetic.html Implementing field extensions of the form Q[sqrt(b)] /entries/Real_Impl.html Thu, 06 Feb 2014 00:00:00 +0000 /entries/Real_Impl.html Light-weight Containers /entries/Containers.html Mon, 15 Apr 2013 00:00:00 +0000 /entries/Containers.html Generating linear orders for datatypes /entries/Datatype_Order_Generator.html Tue, 07 Aug 2012 00:00:00 +0000 /entries/Datatype_Order_Generator.html Ordinary Differential Equations /entries/Ordinary_Differential_Equations.html Thu, 26 Apr 2012 00:00:00 +0000 /entries/Ordinary_Differential_Equations.html diff --git a/web/dependencies/index.html b/web/dependencies/index.html --- a/web/dependencies/index.html +++ b/web/dependencies/index.html @@ -1,2112 +1,2112 @@ Archive of Formal Proofs

Dependencies Dependents

2022

+ + + -
Lp

Apr 08
-

2021

-

2020

2019

2018

2017

2016

2015

2014

SM

May 28

2013

2012

2011

2010

2009

2007

2006

2004

\ No newline at end of file diff --git a/web/dependencies/list-index/index.html b/web/dependencies/list-index/index.html --- a/web/dependencies/list-index/index.html +++ b/web/dependencies/list-index/index.html @@ -1,250 +1,257 @@ List-Index - Archive of Formal Proofs

List-Index Dependents

2022

+

2021

2020

2019

2017

2016

2015

2014

2012

2005

\ No newline at end of file diff --git a/web/dependencies/list-index/index.xml b/web/dependencies/list-index/index.xml --- a/web/dependencies/list-index/index.xml +++ b/web/dependencies/list-index/index.xml @@ -1,200 +1,209 @@ List-Index on Archive of Formal Proofs /dependencies/list-index/ Recent content in List-Index on Archive of Formal Proofs Hugo -- gohugo.io en-gb - Thu, 21 Apr 2022 00:00:00 +0000 + Wed, 28 Sep 2022 00:00:00 +0000 + + Making Arbitrary Relational Calculus Queries Safe-Range + /entries/Safe_Range_RC.html + Wed, 28 Sep 2022 00:00:00 +0000 + + /entries/Safe_Range_RC.html + + + Fisher's Inequality: Linear Algebraic Proof Techniques for Combinatorics /entries/Fishers_Inequality.html Thu, 21 Apr 2022 00:00:00 +0000 /entries/Fishers_Inequality.html Gale-Shapley Algorithm /entries/Gale_Shapley.html Wed, 29 Dec 2021 00:00:00 +0000 /entries/Gale_Shapley.html A data flow analysis algorithm for computing dominators /entries/Dominance_CHK.html Sun, 05 Sep 2021 00:00:00 +0000 /entries/Dominance_CHK.html Isabelle's Metalogic: Formalization and Proof Checker /entries/Metalogic_ProofChecker.html Tue, 27 Apr 2021 00:00:00 +0000 /entries/Metalogic_ProofChecker.html JinjaDCI: a Java semantics with dynamic class initialization /entries/JinjaDCI.html Mon, 11 Jan 2021 00:00:00 +0000 /entries/JinjaDCI.html Verified SAT-Based AI Planning /entries/Verified_SAT_Based_AI_Planning.html Thu, 29 Oct 2020 00:00:00 +0000 /entries/Verified_SAT_Based_AI_Planning.html A verified algorithm for computing the Smith normal form of a matrix /entries/Smith_Normal_Form.html Sat, 23 May 2020 00:00:00 +0000 /entries/Smith_Normal_Form.html An Algebra for Higher-Order Terms /entries/Higher_Order_Terms.html Tue, 15 Jan 2019 00:00:00 +0000 /entries/Higher_Order_Terms.html Lower bound on comparison-based sorting algorithms /entries/Comparison_Sort_Lower_Bound.html Wed, 15 Mar 2017 00:00:00 +0000 /entries/Comparison_Sort_Lower_Bound.html The number of comparisons in QuickSort /entries/Quick_Sort_Cost.html Wed, 15 Mar 2017 00:00:00 +0000 /entries/Quick_Sort_Cost.html Formalization of Nested Multisets, Hereditary Multisets, and Syntactic Ordinals /entries/Nested_Multisets_Ordinals.html Sat, 12 Nov 2016 00:00:00 +0000 /entries/Nested_Multisets_Ordinals.html The Imperative Refinement Framework /entries/Refine_Imperative_HOL.html Mon, 08 Aug 2016 00:00:00 +0000 /entries/Refine_Imperative_HOL.html Randomised Social Choice Theory /entries/Randomised_Social_Choice.html Thu, 05 May 2016 00:00:00 +0000 /entries/Randomised_Social_Choice.html Analysis of List Update Algorithms /entries/List_Update.html Wed, 17 Feb 2016 00:00:00 +0000 /entries/List_Update.html Planarity Certificates /entries/Planarity_Certificates.html Wed, 11 Nov 2015 00:00:00 +0000 /entries/Planarity_Certificates.html Converting Linear Temporal Logic to Deterministic (Generalized) Rabin Automata /entries/LTL_to_DRA.html Fri, 04 Sep 2015 00:00:00 +0000 /entries/LTL_to_DRA.html Derivatives of Logical Formulas /entries/Formula_Derivatives.html Thu, 28 May 2015 00:00:00 +0000 /entries/Formula_Derivatives.html Decision Procedures for MSO on Words Based on Derivatives of Regular Expressions /entries/MSO_Regex_Equivalence.html Thu, 12 Jun 2014 00:00:00 +0000 /entries/MSO_Regex_Equivalence.html Affine Arithmetic /entries/Affine_Arithmetic.html Fri, 07 Feb 2014 00:00:00 +0000 /entries/Affine_Arithmetic.html Ordinary Differential Equations /entries/Ordinary_Differential_Equations.html Thu, 26 Apr 2012 00:00:00 +0000 /entries/Ordinary_Differential_Equations.html Jinja is not Java /entries/Jinja.html Wed, 01 Jun 2005 00:00:00 +0000 /entries/Jinja.html diff --git a/web/entries/Collections.html b/web/entries/Collections.html --- a/web/entries/Collections.html +++ b/web/entries/Collections.html @@ -1,366 +1,366 @@ Collections Framework - Archive of Formal Proofs

Collections Framework

Peter Lammich 🌐 with contributions from Andreas Lochbihler 🌐 and Thomas Tuerk

November 25, 2009

Abstract

This development provides an efficient, extensible, machine checked collections framework. The library adopts the concepts of interface, implementation and generic algorithm from object-oriented programming and implements them in Isabelle/HOL. The framework features the use of data refinement techniques to refine an abstract specification (using high-level concepts like sets) to a more concrete implementation (using collection datastructures, like red-black-trees). The code-generator of Isabelle/HOL can be used to generate efficient code.

License

History

April 25, 2012
New iterator foundation by Tuerk. Various maintenance changes.
October 10, 2011
SetSpec: Added operations: sng, isSng, bexists, size_abort, diff, filter, iterate_rule_insertP MapSpec: Added operations: sng, isSng, iterate_rule_insertP, bexists, size, size_abort, restrict, map_image_filter, map_value_image_filter Some maintenance changes
December 1, 2010
New Interfaces: Priority Queues, Annotated Lists. Implemented by finger trees, (skew) binomial queues.
October 8, 2010
New Interfaces: OrderedSet, OrderedMap, List. Fifo now implements list-interface: Function names changed: put/get --> enqueue/dequeue. New Implementations: ArrayList, ArrayHashMap, ArrayHashSet, TrieMap, TrieSet. Invariant-free datastructures: Invariant implicitely hidden in typedef. Record-interfaces: All operations of an interface encapsulated as record. Examples moved to examples subdirectory.

Topics

Session Collections

Session Collections_Examples

Used by

- +

Cite

× 
@article{Collections-AFP,
   author  = {Peter Lammich},
   title   = {Collections Framework},
   journal = {Archive of Formal Proofs},
   month   = {November},
   year    = {2009},
   note    = {\url{https://isa-afp.org/entries/Collections.html},
             Formal proof development},
   ISSN    = {2150-914x},
 }
Download

Download

× Download latest

Older releases:

\ No newline at end of file diff --git a/web/entries/Deriving.html b/web/entries/Deriving.html --- a/web/entries/Deriving.html +++ b/web/entries/Deriving.html @@ -1,228 +1,228 @@ Deriving class instances for datatypes - Archive of Formal Proofs

Deriving Class Instances for Datatypes

Abstract

We provide a framework for registering automatic methods to derive class instances of datatypes, as it is possible using Haskell's ``deriving Ord, Show, ...'' feature.

We further implemented such automatic methods to derive comparators, linear orders, parametrizable equality functions, and hash-functions which are required in the Isabelle Collection Framework and the Container Framework. Moreover, for the tactic of Blanchette to show that a datatype is countable, we implemented a wrapper so that this tactic becomes accessible in our framework. All of the generators are based on the infrastructure that is provided by the BNF-based datatype package.

Our formalization was performed as part of the IsaFoR/CeTA project. With our new tactics we could remove several tedious proofs for (conditional) linear orders, and conditional equality operators within IsaFoR and the Container Framework.

License

Topics

Session Deriving

Used by

- +

Cite

× 
@article{Deriving-AFP,
   author  = {Christian Sternagel and René Thiemann},
   title   = {Deriving class instances for datatypes},
   journal = {Archive of Formal Proofs},
   month   = {March},
   year    = {2015},
   note    = {\url{https://isa-afp.org/entries/Deriving.html},
             Formal proof development},
   ISSN    = {2150-914x},
 }
Download

Download

× Download latest

Older releases:

\ No newline at end of file diff --git a/web/entries/List-Index.html b/web/entries/List-Index.html --- a/web/entries/List-Index.html +++ b/web/entries/List-Index.html @@ -1,196 +1,196 @@ List Index - Archive of Formal Proofs

List Index

Tobias Nipkow 🌐

February 20, 2010

Abstract

This theory provides functions for finding the index of an element in a list, by predicate and by value.

License

Topics

Session List-Index

Used by

- +

Cite

× 
@article{List-Index-AFP,
   author  = {Tobias Nipkow},
   title   = {List Index},
   journal = {Archive of Formal Proofs},
   month   = {February},
   year    = {2010},
   note    = {\url{https://isa-afp.org/entries/List-Index.html},
             Formal proof development},
   ISSN    = {2150-914x},
 }
Download

Download

× Download latest

Older releases:

\ No newline at end of file diff --git a/web/entries/Safe_Range_RC.html b/web/entries/Safe_Range_RC.html new file mode 100644 --- /dev/null +++ b/web/entries/Safe_Range_RC.html @@ -0,0 +1,196 @@ + + + + + + Making Arbitrary Relational Calculus Queries Safe-Range - Archive of Formal Proofs + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+
+
+ + + +
+
+

+ Making Arbitrary Relational Calculus Queries Safe-Range

+
+ +

Martin Raszyk 📧 and Dmitriy Traytel 🌐 +

+ + +

September 28, 2022

+ +
+

Abstract

+ +
The relational calculus (RC), i.e., first-order logic with equality +but without function symbols, is a concise, declarative database query +language. In contrast to relational algebra or SQL, which are the +traditional query languages of choice in the database community, RC +queries can evaluate to an infinite relation. Moreover, even in cases +where the evaluation result of an RC query would be finite it is not +clear how to efficiently compute it. Safe-range RC is an interesting +syntactic subclass of RC, because all safe-range queries evaluate to a +finite result and it is well-known +how to evaluate such queries by translating them to relational +algebra. We formalize and prove correct our +recent translation of an arbitrary RC query into a pair of +safe-range queries. Assuming an infinite domain, the two queries have +the following meaning: The first is closed and characterizes the +original query's relative safety, i.e., whether given a fixed +database (interpretation of atomic predicates with finite relations), +the original query evaluates to a finite relation. The second +safe-range query is equivalent to the original query, if the latter is +relatively safe. The formalization uses the Refinement Framework to +go from the non-deterministic algorithm described in the paper to a +deterministic, executable query translation. Our executable query +translation is a first step towards a verified tool that efficiently +evaluates arbitrary RC queries. This very problem is also solved by +the AFP entry Eval_FO +with a theoretically incomparable but practically worse time +complexity. (The latter is demonstrated by our +empirical evaluation.)
+ +

License

+

Topics

+ +

Session Safe_Range_RC

+
+ + +
+
+ + + +
+ +
+

Cite

+ × +
+ 
@article{Safe_Range_RC-AFP,
+  author  = {Martin Raszyk and Dmitriy Traytel},
+  title   = {Making Arbitrary Relational Calculus Queries Safe-Range},
+  journal = {Archive of Formal Proofs},
+  month   = {September},
+  year    = {2022},
+  note    = {\url{https://isa-afp.org/entries/Safe_Range_RC.html},
+            Formal proof development},
+  ISSN    = {2150-914x},
+}
+ Download +
+
+
+ +
+ +
+

Download

+ × + Download latest + +
+
+
+
+ + + \ No newline at end of file diff --git a/web/entries/index.html b/web/entries/index.html --- a/web/entries/index.html +++ b/web/entries/index.html @@ -1,5069 +1,5076 @@ Archive of Formal Proofs

Entries

2022

+

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

\ No newline at end of file diff --git a/web/entries/index.xml b/web/entries/index.xml --- a/web/entries/index.xml +++ b/web/entries/index.xml @@ -1,6356 +1,6365 @@ Entries on Archive of Formal Proofs /entries/ Recent content in Entries on Archive of Formal Proofs Hugo -- gohugo.io en-gb - Fri, 23 Sep 2022 00:00:00 +0000 + Wed, 28 Sep 2022 00:00:00 +0000 + + Making Arbitrary Relational Calculus Queries Safe-Range + /entries/Safe_Range_RC.html + Wed, 28 Sep 2022 00:00:00 +0000 + + /entries/Safe_Range_RC.html + + + Stalnaker's Epistemic Logic /entries/Stalnaker_Logic.html Fri, 23 Sep 2022 00:00:00 +0000 /entries/Stalnaker_Logic.html p-adic Fields and p-adic Semialgebraic Sets /entries/Padic_Field.html Thu, 22 Sep 2022 00:00:00 +0000 /entries/Padic_Field.html Risk-Free Lending /entries/Risk_Free_Lending.html Sun, 18 Sep 2022 00:00:00 +0000 /entries/Risk_Free_Lending.html Soundness and Completeness of Implicational Logic /entries/Implicational_Logic.html Tue, 13 Sep 2022 00:00:00 +0000 /entries/Implicational_Logic.html CRYSTALS-Kyber /entries/CRYSTALS-Kyber.html Thu, 08 Sep 2022 00:00:00 +0000 /entries/CRYSTALS-Kyber.html Unbounded Separation Logic /entries/Separation_Logic_Unbounded.html Mon, 05 Sep 2022 00:00:00 +0000 /entries/Separation_Logic_Unbounded.html Khovanskii&#x27;s Theorem /entries/Khovanskii_Theorem.html Fri, 02 Sep 2022 00:00:00 +0000 /entries/Khovanskii_Theorem.html The Hales–Jewett Theorem /entries/Hales_Jewett.html Fri, 02 Sep 2022 00:00:00 +0000 /entries/Hales_Jewett.html Number Theoretic Transform /entries/Number_Theoretic_Transform.html Thu, 18 Aug 2022 00:00:00 +0000 /entries/Number_Theoretic_Transform.html Correctness of a Set-based Algorithm for Computing Strongly Connected Components of a Graph /entries/SCC_Bloemen_Sequential.html Wed, 17 Aug 2022 00:00:00 +0000 /entries/SCC_Bloemen_Sequential.html From THE BOOK: Two Squares via Involutions /entries/Involutions2Squares.html Mon, 15 Aug 2022 00:00:00 +0000 /entries/Involutions2Squares.html Verified Complete Test Strategies for Finite State Machines /entries/FSM_Tests.html Tue, 09 Aug 2022 00:00:00 +0000 /entries/FSM_Tests.html Nano JSON: Working with JSON formatted data in Isabelle/HOL and Isabelle/ML /entries/Nano_JSON.html Fri, 29 Jul 2022 00:00:00 +0000 /entries/Nano_JSON.html Isabelle/Solidity: A deep Embedding of Solidity in Isabelle/HOL /entries/Solidity.html Mon, 18 Jul 2022 00:00:00 +0000 /entries/Solidity.html Simultaneous diagonalization of pairwise commuting Hermitian matrices /entries/Commuting_Hermitian.html Mon, 18 Jul 2022 00:00:00 +0000 /entries/Commuting_Hermitian.html Pólya’s Proof of the Weighted Arithmetic–Geometric Mean Inequality /entries/Weighted_Arithmetic_Geometric_Mean.html Mon, 11 Jul 2022 00:00:00 +0000 /entries/Weighted_Arithmetic_Geometric_Mean.html A Reuse-Based Multi-Stage Compiler Verification for Language IMP /entries/IMP_Compiler_Reuse.html Sun, 10 Jul 2022 00:00:00 +0000 /entries/IMP_Compiler_Reuse.html Real-Time Double-Ended Queue /entries/Real_Time_Deque.html Thu, 23 Jun 2022 00:00:00 +0000 /entries/Real_Time_Deque.html Boolos's Curious Inference in Isabelle/HOL /entries/Boolos_Curious_Inference.html Mon, 20 Jun 2022 00:00:00 +0000 /entries/Boolos_Curious_Inference.html Finite Fields /entries/Finite_Fields.html Wed, 08 Jun 2022 00:00:00 +0000 /entries/Finite_Fields.html IsaNet: Formalization of a Verification Framework for Secure Data Plane Protocols /entries/IsaNet.html Wed, 08 Jun 2022 00:00:00 +0000 /entries/IsaNet.html Diophantine Equations and the DPRM Theorem /entries/DPRM_Theorem.html Mon, 06 Jun 2022 00:00:00 +0000 /entries/DPRM_Theorem.html Reducing Rewrite Properties to Properties on Ground Terms /entries/Rewrite_Properties_Reduction.html Thu, 02 Jun 2022 00:00:00 +0000 /entries/Rewrite_Properties_Reduction.html A Restricted Definition of the Magic Wand to Soundly Combine Fractions of a Wand /entries/Combinable_Wands.html Mon, 30 May 2022 00:00:00 +0000 /entries/Combinable_Wands.html The Plünnecke-Ruzsa Inequality /entries/Pluennecke_Ruzsa_Inequality.html Thu, 26 May 2022 00:00:00 +0000 /entries/Pluennecke_Ruzsa_Inequality.html Formalization of a Framework for the Sound Automation of Magic Wands /entries/Package_logic.html Wed, 18 May 2022 00:00:00 +0000 /entries/Package_logic.html Clique is not solvable by monotone circuits of polynomial size /entries/Clique_and_Monotone_Circuits.html Sun, 08 May 2022 00:00:00 +0000 /entries/Clique_and_Monotone_Circuits.html Fisher's Inequality: Linear Algebraic Proof Techniques for Combinatorics /entries/Fishers_Inequality.html Thu, 21 Apr 2022 00:00:00 +0000 /entries/Fishers_Inequality.html Digit Expansions /entries/Digit_Expansions.html Wed, 20 Apr 2022 00:00:00 +0000 /entries/Digit_Expansions.html The Generalized Multiset Ordering is NP-Complete /entries/Multiset_Ordering_NPC.html Wed, 20 Apr 2022 00:00:00 +0000 /entries/Multiset_Ordering_NPC.html The Sophomore's Dream /entries/Sophomores_Dream.html Sun, 10 Apr 2022 00:00:00 +0000 /entries/Sophomores_Dream.html A Combinator Library for Prefix-Free Codes /entries/Prefix_Free_Code_Combinators.html Fri, 08 Apr 2022 00:00:00 +0000 /entries/Prefix_Free_Code_Combinators.html Formalization of Randomized Approximation Algorithms for Frequency Moments /entries/Frequency_Moments.html Fri, 08 Apr 2022 00:00:00 +0000 /entries/Frequency_Moments.html Constructing the Reals as Dedekind Cuts of Rationals /entries/Dedekind_Real.html Thu, 24 Mar 2022 00:00:00 +0000 /entries/Dedekind_Real.html Ackermann's Function Is Not Primitive Recursive /entries/Ackermanns_not_PR.html Wed, 23 Mar 2022 00:00:00 +0000 /entries/Ackermanns_not_PR.html A Naive Prover for First-Order Logic /entries/FOL_Seq_Calc3.html Tue, 22 Mar 2022 00:00:00 +0000 /entries/FOL_Seq_Calc3.html A Proof from THE BOOK: The Partial Fraction Expansion of the Cotangent /entries/Cotangent_PFD_Formula.html Tue, 15 Mar 2022 00:00:00 +0000 /entries/Cotangent_PFD_Formula.html The Independence of the Continuum Hypothesis in Isabelle/ZF /entries/Independence_CH.html Sun, 06 Mar 2022 00:00:00 +0000 /entries/Independence_CH.html Transitive Models of Fragments of ZFC /entries/Transitive_Models.html Thu, 03 Mar 2022 00:00:00 +0000 /entries/Transitive_Models.html Residuated Transition Systems /entries/ResiduatedTransitionSystem.html Mon, 28 Feb 2022 00:00:00 +0000 /entries/ResiduatedTransitionSystem.html Universal Hash Families /entries/Universal_Hash_Families.html Sun, 20 Feb 2022 00:00:00 +0000 /entries/Universal_Hash_Families.html Wetzel's Problem and the Continuum Hypothesis /entries/Wetzels_Problem.html Fri, 18 Feb 2022 00:00:00 +0000 /entries/Wetzels_Problem.html First-Order Query Evaluation /entries/Eval_FO.html Tue, 15 Feb 2022 00:00:00 +0000 /entries/Eval_FO.html Multi-Head Monitoring of Metric Dynamic Logic /entries/VYDRA_MDL.html Sun, 13 Feb 2022 00:00:00 +0000 /entries/VYDRA_MDL.html Enumeration of Equivalence Relations /entries/Equivalence_Relation_Enumeration.html Fri, 04 Feb 2022 00:00:00 +0000 /entries/Equivalence_Relation_Enumeration.html Duality of Linear Programming /entries/LP_Duality.html Thu, 03 Feb 2022 00:00:00 +0000 /entries/LP_Duality.html Quasi-Borel Spaces /entries/Quasi_Borel_Spaces.html Thu, 03 Feb 2022 00:00:00 +0000 /entries/Quasi_Borel_Spaces.html First-Order Theory of Rewriting /entries/FO_Theory_Rewriting.html Wed, 02 Feb 2022 00:00:00 +0000 /entries/FO_Theory_Rewriting.html A Sequent Calculus Prover for First-Order Logic with Functions /entries/FOL_Seq_Calc2.html Mon, 31 Jan 2022 00:00:00 +0000 /entries/FOL_Seq_Calc2.html Young's Inequality for Increasing Functions /entries/Youngs_Inequality.html Mon, 31 Jan 2022 00:00:00 +0000 /entries/Youngs_Inequality.html Interpolation Polynomials (in HOL-Algebra) /entries/Interpolation_Polynomials_HOL_Algebra.html Sat, 29 Jan 2022 00:00:00 +0000 /entries/Interpolation_Polynomials_HOL_Algebra.html Median Method /entries/Median_Method.html Tue, 25 Jan 2022 00:00:00 +0000 /entries/Median_Method.html Actuarial Mathematics /entries/Actuarial_Mathematics.html Sun, 23 Jan 2022 00:00:00 +0000 /entries/Actuarial_Mathematics.html Irrational numbers from THE BOOK /entries/Irrationals_From_THEBOOK.html Sat, 08 Jan 2022 00:00:00 +0000 /entries/Irrationals_From_THEBOOK.html Knight's Tour Revisited Revisited /entries/Knights_Tour.html Tue, 04 Jan 2022 00:00:00 +0000 /entries/Knights_Tour.html Hyperdual Numbers and Forward Differentiation /entries/Hyperdual.html Fri, 31 Dec 2021 00:00:00 +0000 /entries/Hyperdual.html Gale-Shapley Algorithm /entries/Gale_Shapley.html Wed, 29 Dec 2021 00:00:00 +0000 /entries/Gale_Shapley.html Roth's Theorem on Arithmetic Progressions /entries/Roth_Arithmetic_Progressions.html Tue, 28 Dec 2021 00:00:00 +0000 /entries/Roth_Arithmetic_Progressions.html Markov Decision Processes with Rewards /entries/MDP-Rewards.html Thu, 16 Dec 2021 00:00:00 +0000 /entries/MDP-Rewards.html Verified Algorithms for Solving Markov Decision Processes /entries/MDP-Algorithms.html Thu, 16 Dec 2021 00:00:00 +0000 /entries/MDP-Algorithms.html Regular Tree Relations /entries/Regular_Tree_Relations.html Wed, 15 Dec 2021 00:00:00 +0000 /entries/Regular_Tree_Relations.html Simplicial Complexes and Boolean functions /entries/Simplicial_complexes_and_boolean_functions.html Mon, 29 Nov 2021 00:00:00 +0000 /entries/Simplicial_complexes_and_boolean_functions.html van Emde Boas Trees /entries/Van_Emde_Boas_Trees.html Tue, 23 Nov 2021 00:00:00 +0000 /entries/Van_Emde_Boas_Trees.html Foundation of geometry in planes, and some complements: Excluding the parallel axioms /entries/Foundation_of_geometry.html Mon, 22 Nov 2021 00:00:00 +0000 /entries/Foundation_of_geometry.html The Hahn and Jordan Decomposition Theorems /entries/Hahn_Jordan_Decomposition.html Fri, 19 Nov 2021 00:00:00 +0000 /entries/Hahn_Jordan_Decomposition.html Automating Public Announcement Logic and the Wise Men Puzzle in Isabelle/HOL /entries/PAL.html Mon, 08 Nov 2021 00:00:00 +0000 /entries/PAL.html Exploring Simplified Variants of Gödel’s Ontological Argument in Isabelle/HOL /entries/SimplifiedOntologicalArgument.html Mon, 08 Nov 2021 00:00:00 +0000 /entries/SimplifiedOntologicalArgument.html Factorization of Polynomials with Algebraic Coefficients /entries/Factor_Algebraic_Polynomial.html Mon, 08 Nov 2021 00:00:00 +0000 /entries/Factor_Algebraic_Polynomial.html Real Exponents as the Limits of Sequences of Rational Exponents /entries/Real_Power.html Mon, 08 Nov 2021 00:00:00 +0000 /entries/Real_Power.html Szemerédi's Regularity Lemma /entries/Szemeredi_Regularity.html Fri, 05 Nov 2021 00:00:00 +0000 /entries/Szemeredi_Regularity.html Quantum and Classical Registers /entries/Registers.html Thu, 28 Oct 2021 00:00:00 +0000 /entries/Registers.html Belief Revision Theory /entries/Belief_Revision.html Tue, 19 Oct 2021 00:00:00 +0000 /entries/Belief_Revision.html X86 instruction semantics and basic block symbolic execution /entries/X86_Semantics.html Wed, 13 Oct 2021 00:00:00 +0000 /entries/X86_Semantics.html Algebras for Iteration, Infinite Executions and Correctness of Sequential Computations /entries/Correctness_Algebras.html Tue, 12 Oct 2021 00:00:00 +0000 /entries/Correctness_Algebras.html Verified Quadratic Virtual Substitution for Real Arithmetic /entries/Virtual_Substitution.html Sat, 02 Oct 2021 00:00:00 +0000 /entries/Virtual_Substitution.html Soundness and Completeness of an Axiomatic System for First-Order Logic /entries/FOL_Axiomatic.html Fri, 24 Sep 2021 00:00:00 +0000 /entries/FOL_Axiomatic.html Complex Bounded Operators /entries/Complex_Bounded_Operators.html Sat, 18 Sep 2021 00:00:00 +0000 /entries/Complex_Bounded_Operators.html A Formalization of Weighted Path Orders and Recursive Path Orders /entries/Weighted_Path_Order.html Thu, 16 Sep 2021 00:00:00 +0000 /entries/Weighted_Path_Order.html Category Theory for ZFC in HOL I: Foundations: Design Patterns, Set Theory, Digraphs, Semicategories /entries/CZH_Foundations.html Mon, 06 Sep 2021 00:00:00 +0000 /entries/CZH_Foundations.html Category Theory for ZFC in HOL II: Elementary Theory of 1-Categories /entries/CZH_Elementary_Categories.html Mon, 06 Sep 2021 00:00:00 +0000 /entries/CZH_Elementary_Categories.html Category Theory for ZFC in HOL III: Universal Constructions /entries/CZH_Universal_Constructions.html Mon, 06 Sep 2021 00:00:00 +0000 /entries/CZH_Universal_Constructions.html Conditional Simplification /entries/Conditional_Simplification.html Mon, 06 Sep 2021 00:00:00 +0000 /entries/Conditional_Simplification.html Conditional Transfer Rule /entries/Conditional_Transfer_Rule.html Mon, 06 Sep 2021 00:00:00 +0000 /entries/Conditional_Transfer_Rule.html Extension of Types-To-Sets /entries/Types_To_Sets_Extension.html Mon, 06 Sep 2021 00:00:00 +0000 /entries/Types_To_Sets_Extension.html IDE: Introduction, Destruction, Elimination /entries/Intro_Dest_Elim.html Mon, 06 Sep 2021 00:00:00 +0000 /entries/Intro_Dest_Elim.html A data flow analysis algorithm for computing dominators /entries/Dominance_CHK.html Sun, 05 Sep 2021 00:00:00 +0000 /entries/Dominance_CHK.html Solving Cubic and Quartic Equations /entries/Cubic_Quartic_Equations.html Fri, 03 Sep 2021 00:00:00 +0000 /entries/Cubic_Quartic_Equations.html Logging-independent Message Anonymity in the Relational Method /entries/Logging_Independent_Anonymity.html Thu, 26 Aug 2021 00:00:00 +0000 /entries/Logging_Independent_Anonymity.html The Theorem of Three Circles /entries/Three_Circles.html Sat, 21 Aug 2021 00:00:00 +0000 /entries/Three_Circles.html CoCon: A Confidentiality-Verified Conference Management System /entries/CoCon.html Mon, 16 Aug 2021 00:00:00 +0000 /entries/CoCon.html Compositional BD Security /entries/BD_Security_Compositional.html Mon, 16 Aug 2021 00:00:00 +0000 /entries/BD_Security_Compositional.html CoSMed: A confidentiality-verified social media platform /entries/CoSMed.html Mon, 16 Aug 2021 00:00:00 +0000 /entries/CoSMed.html CoSMeDis: A confidentiality-verified distributed social media platform /entries/CoSMeDis.html Mon, 16 Aug 2021 00:00:00 +0000 /entries/CoSMeDis.html Fresh identifiers /entries/Fresh_Identifiers.html Mon, 16 Aug 2021 00:00:00 +0000 /entries/Fresh_Identifiers.html Combinatorial Design Theory /entries/Design_Theory.html Fri, 13 Aug 2021 00:00:00 +0000 /entries/Design_Theory.html Relational Forests /entries/Relational_Forests.html Tue, 03 Aug 2021 00:00:00 +0000 /entries/Relational_Forests.html Schutz' Independent Axioms for Minkowski Spacetime /entries/Schutz_Spacetime.html Tue, 27 Jul 2021 00:00:00 +0000 /entries/Schutz_Spacetime.html Finitely Generated Abelian Groups /entries/Finitely_Generated_Abelian_Groups.html Wed, 07 Jul 2021 00:00:00 +0000 /entries/Finitely_Generated_Abelian_Groups.html SpecCheck - Specification-Based Testing for Isabelle/ML /entries/SpecCheck.html Thu, 01 Jul 2021 00:00:00 +0000 /entries/SpecCheck.html Van der Waerden's Theorem /entries/Van_der_Waerden.html Tue, 22 Jun 2021 00:00:00 +0000 /entries/Van_der_Waerden.html MiniSail - A kernel language for the ISA specification language SAIL /entries/MiniSail.html Fri, 18 Jun 2021 00:00:00 +0000 /entries/MiniSail.html Public Announcement Logic /entries/Public_Announcement_Logic.html Thu, 17 Jun 2021 00:00:00 +0000 /entries/Public_Announcement_Logic.html A Shorter Compiler Correctness Proof for Language IMP /entries/IMP_Compiler.html Fri, 04 Jun 2021 00:00:00 +0000 /entries/IMP_Compiler.html Combinatorics on Words Basics /entries/Combinatorics_Words.html Mon, 24 May 2021 00:00:00 +0000 /entries/Combinatorics_Words.html Graph Lemma /entries/Combinatorics_Words_Graph_Lemma.html Mon, 24 May 2021 00:00:00 +0000 /entries/Combinatorics_Words_Graph_Lemma.html Lyndon words /entries/Combinatorics_Words_Lyndon.html Mon, 24 May 2021 00:00:00 +0000 /entries/Combinatorics_Words_Lyndon.html Regression Test Selection /entries/Regression_Test_Selection.html Fri, 30 Apr 2021 00:00:00 +0000 /entries/Regression_Test_Selection.html Isabelle's Metalogic: Formalization and Proof Checker /entries/Metalogic_ProofChecker.html Tue, 27 Apr 2021 00:00:00 +0000 /entries/Metalogic_ProofChecker.html Lifting the Exponent /entries/Lifting_the_Exponent.html Tue, 27 Apr 2021 00:00:00 +0000 /entries/Lifting_the_Exponent.html The BKR Decision Procedure for Univariate Real Arithmetic /entries/BenOr_Kozen_Reif.html Sat, 24 Apr 2021 00:00:00 +0000 /entries/BenOr_Kozen_Reif.html Gale-Stewart Games /entries/GaleStewart_Games.html Fri, 23 Apr 2021 00:00:00 +0000 /entries/GaleStewart_Games.html Formalization of Timely Dataflow's Progress Tracking Protocol /entries/Progress_Tracking.html Tue, 13 Apr 2021 00:00:00 +0000 /entries/Progress_Tracking.html Information Flow Control via Dependency Tracking /entries/IFC_Tracking.html Thu, 01 Apr 2021 00:00:00 +0000 /entries/IFC_Tracking.html Grothendieck's Schemes in Algebraic Geometry /entries/Grothendieck_Schemes.html Mon, 29 Mar 2021 00:00:00 +0000 /entries/Grothendieck_Schemes.html Hensel's Lemma for the p-adic Integers /entries/Padic_Ints.html Tue, 23 Mar 2021 00:00:00 +0000 /entries/Padic_Ints.html Constructive Cryptography in HOL: the Communication Modeling Aspect /entries/Constructive_Cryptography_CM.html Wed, 17 Mar 2021 00:00:00 +0000 /entries/Constructive_Cryptography_CM.html Two algorithms based on modular arithmetic: lattice basis reduction and Hermite normal form computation /entries/Modular_arithmetic_LLL_and_HNF_algorithms.html Fri, 12 Mar 2021 00:00:00 +0000 /entries/Modular_arithmetic_LLL_and_HNF_algorithms.html Quantum projective measurements and the CHSH inequality /entries/Projective_Measurements.html Wed, 03 Mar 2021 00:00:00 +0000 /entries/Projective_Measurements.html The Hermite–Lindemann–Weierstraß Transcendence Theorem /entries/Hermite_Lindemann.html Wed, 03 Mar 2021 00:00:00 +0000 /entries/Hermite_Lindemann.html Mereology /entries/Mereology.html Mon, 01 Mar 2021 00:00:00 +0000 /entries/Mereology.html The Sunflower Lemma of Erdős and Rado /entries/Sunflowers.html Thu, 25 Feb 2021 00:00:00 +0000 /entries/Sunflowers.html A Verified Imperative Implementation of B-Trees /entries/BTree.html Wed, 24 Feb 2021 00:00:00 +0000 /entries/BTree.html Formal Puiseux Series /entries/Formal_Puiseux_Series.html Wed, 17 Feb 2021 00:00:00 +0000 /entries/Formal_Puiseux_Series.html The Laws of Large Numbers /entries/Laws_of_Large_Numbers.html Wed, 10 Feb 2021 00:00:00 +0000 /entries/Laws_of_Large_Numbers.html Tarski's Parallel Postulate implies the 5th Postulate of Euclid, the Postulate of Playfair and the original Parallel Postulate of Euclid /entries/IsaGeoCoq.html Sun, 31 Jan 2021 00:00:00 +0000 /entries/IsaGeoCoq.html Solution to the xkcd Blue Eyes puzzle /entries/Blue_Eyes.html Sat, 30 Jan 2021 00:00:00 +0000 /entries/Blue_Eyes.html Hood-Melville Queue /entries/Hood_Melville_Queue.html Mon, 18 Jan 2021 00:00:00 +0000 /entries/Hood_Melville_Queue.html JinjaDCI: a Java semantics with dynamic class initialization /entries/JinjaDCI.html Mon, 11 Jan 2021 00:00:00 +0000 /entries/JinjaDCI.html Cofinality and the Delta System Lemma /entries/Delta_System_Lemma.html Sun, 27 Dec 2020 00:00:00 +0000 /entries/Delta_System_Lemma.html Topological semantics for paraconsistent and paracomplete logics /entries/Topological_Semantics.html Thu, 17 Dec 2020 00:00:00 +0000 /entries/Topological_Semantics.html Relational Minimum Spanning Tree Algorithms /entries/Relational_Minimum_Spanning_Trees.html Tue, 08 Dec 2020 00:00:00 +0000 /entries/Relational_Minimum_Spanning_Trees.html Inline Caching and Unboxing Optimization for Interpreters /entries/Interpreter_Optimizations.html Mon, 07 Dec 2020 00:00:00 +0000 /entries/Interpreter_Optimizations.html The Relational Method with Message Anonymity for the Verification of Cryptographic Protocols /entries/Relational_Method.html Sat, 05 Dec 2020 00:00:00 +0000 /entries/Relational_Method.html Isabelle Marries Dirac: a Library for Quantum Computation and Quantum Information /entries/Isabelle_Marries_Dirac.html Sun, 22 Nov 2020 00:00:00 +0000 /entries/Isabelle_Marries_Dirac.html The HOL-CSP Refinement Toolkit /entries/CSP_RefTK.html Thu, 19 Nov 2020 00:00:00 +0000 /entries/CSP_RefTK.html AI Planning Languages Semantics /entries/AI_Planning_Languages_Semantics.html Thu, 29 Oct 2020 00:00:00 +0000 /entries/AI_Planning_Languages_Semantics.html Verified SAT-Based AI Planning /entries/Verified_SAT_Based_AI_Planning.html Thu, 29 Oct 2020 00:00:00 +0000 /entries/Verified_SAT_Based_AI_Planning.html A Sound Type System for Physical Quantities, Units, and Measurements /entries/Physical_Quantities.html Tue, 20 Oct 2020 00:00:00 +0000 /entries/Physical_Quantities.html Finite Map Extras /entries/Finite-Map-Extras.html Mon, 12 Oct 2020 00:00:00 +0000 /entries/Finite-Map-Extras.html A Formal Model of the Document Object Model with Shadow Roots /entries/Shadow_DOM.html Mon, 28 Sep 2020 00:00:00 +0000 /entries/Shadow_DOM.html A Formal Model of the Safely Composable Document Object Model with Shadow Roots /entries/Shadow_SC_DOM.html Mon, 28 Sep 2020 00:00:00 +0000 /entries/Shadow_SC_DOM.html A Formalization of Safely Composable Web Components /entries/SC_DOM_Components.html Mon, 28 Sep 2020 00:00:00 +0000 /entries/SC_DOM_Components.html A Formalization of Web Components /entries/DOM_Components.html Mon, 28 Sep 2020 00:00:00 +0000 /entries/DOM_Components.html The Safely Composable DOM /entries/Core_SC_DOM.html Mon, 28 Sep 2020 00:00:00 +0000 /entries/Core_SC_DOM.html An Abstract Formalization of G&ouml;del's Incompleteness Theorems /entries/Goedel_Incompleteness.html Wed, 16 Sep 2020 00:00:00 +0000 /entries/Goedel_Incompleteness.html From Abstract to Concrete G&ouml;del's Incompleteness Theorems&mdash;Part I /entries/Goedel_HFSet_Semantic.html Wed, 16 Sep 2020 00:00:00 +0000 /entries/Goedel_HFSet_Semantic.html From Abstract to Concrete G&ouml;del's Incompleteness Theorems&mdash;Part II /entries/Goedel_HFSet_Semanticless.html Wed, 16 Sep 2020 00:00:00 +0000 /entries/Goedel_HFSet_Semanticless.html Robinson Arithmetic /entries/Robinson_Arithmetic.html Wed, 16 Sep 2020 00:00:00 +0000 /entries/Robinson_Arithmetic.html Syntax-Independent Logic Infrastructure /entries/Syntax_Independent_Logic.html Wed, 16 Sep 2020 00:00:00 +0000 /entries/Syntax_Independent_Logic.html A Formal Model of Extended Finite State Machines /entries/Extended_Finite_State_Machines.html Mon, 07 Sep 2020 00:00:00 +0000 /entries/Extended_Finite_State_Machines.html Inference of Extended Finite State Machines /entries/Extended_Finite_State_Machine_Inference.html Mon, 07 Sep 2020 00:00:00 +0000 /entries/Extended_Finite_State_Machine_Inference.html Practical Algebraic Calculus Checker /entries/PAC_Checker.html Mon, 31 Aug 2020 00:00:00 +0000 /entries/PAC_Checker.html Some classical results in inductive inference of recursive functions /entries/Inductive_Inference.html Mon, 31 Aug 2020 00:00:00 +0000 /entries/Inductive_Inference.html Relational Disjoint-Set Forests /entries/Relational_Disjoint_Set_Forests.html Wed, 26 Aug 2020 00:00:00 +0000 /entries/Relational_Disjoint_Set_Forests.html Extensions to the Comprehensive Framework for Saturation Theorem Proving /entries/Saturation_Framework_Extensions.html Tue, 25 Aug 2020 00:00:00 +0000 /entries/Saturation_Framework_Extensions.html Putting the `K' into Bird's derivation of Knuth-Morris-Pratt string matching /entries/BirdKMP.html Tue, 25 Aug 2020 00:00:00 +0000 /entries/BirdKMP.html Amicable Numbers /entries/Amicable_Numbers.html Tue, 04 Aug 2020 00:00:00 +0000 /entries/Amicable_Numbers.html Ordinal Partitions /entries/Ordinal_Partitions.html Mon, 03 Aug 2020 00:00:00 +0000 /entries/Ordinal_Partitions.html A Formal Proof of The Chandy--Lamport Distributed Snapshot Algorithm /entries/Chandy_Lamport.html Tue, 21 Jul 2020 00:00:00 +0000 /entries/Chandy_Lamport.html Relational Characterisations of Paths /entries/Relational_Paths.html Mon, 13 Jul 2020 00:00:00 +0000 /entries/Relational_Paths.html A Formally Verified Checker of the Safe Distance Traffic Rules for Autonomous Vehicles /entries/Safe_Distance.html Mon, 01 Jun 2020 00:00:00 +0000 /entries/Safe_Distance.html A verified algorithm for computing the Smith normal form of a matrix /entries/Smith_Normal_Form.html Sat, 23 May 2020 00:00:00 +0000 /entries/Smith_Normal_Form.html The Nash-Williams Partition Theorem /entries/Nash_Williams.html Sat, 16 May 2020 00:00:00 +0000 /entries/Nash_Williams.html A Formalization of Knuth–Bendix Orders /entries/Knuth_Bendix_Order.html Wed, 13 May 2020 00:00:00 +0000 /entries/Knuth_Bendix_Order.html Irrationality Criteria for Series by Erdős and Straus /entries/Irrational_Series_Erdos_Straus.html Tue, 12 May 2020 00:00:00 +0000 /entries/Irrational_Series_Erdos_Straus.html Recursion Theorem in ZF /entries/Recursion-Addition.html Mon, 11 May 2020 00:00:00 +0000 /entries/Recursion-Addition.html An Efficient Normalisation Procedure for Linear Temporal Logic: Isabelle/HOL Formalisation /entries/LTL_Normal_Form.html Fri, 08 May 2020 00:00:00 +0000 /entries/LTL_Normal_Form.html Formalization of Forcing in Isabelle/ZF /entries/Forcing.html Wed, 06 May 2020 00:00:00 +0000 /entries/Forcing.html Banach-Steinhaus Theorem /entries/Banach_Steinhaus.html Sat, 02 May 2020 00:00:00 +0000 /entries/Banach_Steinhaus.html Attack Trees in Isabelle for GDPR compliance of IoT healthcare systems /entries/Attack_Trees.html Mon, 27 Apr 2020 00:00:00 +0000 /entries/Attack_Trees.html Gaussian Integers /entries/Gaussian_Integers.html Fri, 24 Apr 2020 00:00:00 +0000 /entries/Gaussian_Integers.html Power Sum Polynomials /entries/Power_Sum_Polynomials.html Fri, 24 Apr 2020 00:00:00 +0000 /entries/Power_Sum_Polynomials.html The Lambert W Function on the Reals /entries/Lambert_W.html Fri, 24 Apr 2020 00:00:00 +0000 /entries/Lambert_W.html Matrices for ODEs /entries/Matrices_for_ODEs.html Sun, 19 Apr 2020 00:00:00 +0000 /entries/Matrices_for_ODEs.html Authenticated Data Structures As Functors /entries/ADS_Functor.html Thu, 16 Apr 2020 00:00:00 +0000 /entries/ADS_Functor.html Formalization of an Algorithm for Greedily Computing Associative Aggregations on Sliding Windows /entries/Sliding_Window_Algorithm.html Fri, 10 Apr 2020 00:00:00 +0000 /entries/Sliding_Window_Algorithm.html A Comprehensive Framework for Saturation Theorem Proving /entries/Saturation_Framework.html Thu, 09 Apr 2020 00:00:00 +0000 /entries/Saturation_Framework.html Formalization of an Optimized Monitoring Algorithm for Metric First-Order Dynamic Logic with Aggregations /entries/MFODL_Monitor_Optimized.html Thu, 09 Apr 2020 00:00:00 +0000 /entries/MFODL_Monitor_Optimized.html Automated Stateful Protocol Verification /entries/Automated_Stateful_Protocol_Verification.html Wed, 08 Apr 2020 00:00:00 +0000 /entries/Automated_Stateful_Protocol_Verification.html Stateful Protocol Composition and Typing /entries/Stateful_Protocol_Composition_and_Typing.html Wed, 08 Apr 2020 00:00:00 +0000 /entries/Stateful_Protocol_Composition_and_Typing.html Lucas's Theorem /entries/Lucas_Theorem.html Tue, 07 Apr 2020 00:00:00 +0000 /entries/Lucas_Theorem.html Strong Eventual Consistency of the Collaborative Editing Framework WOOT /entries/WOOT_Strong_Eventual_Consistency.html Wed, 25 Mar 2020 00:00:00 +0000 /entries/WOOT_Strong_Eventual_Consistency.html Furstenberg's topology and his proof of the infinitude of primes /entries/Furstenberg_Topology.html Sun, 22 Mar 2020 00:00:00 +0000 /entries/Furstenberg_Topology.html An Under-Approximate Relational Logic /entries/Relational-Incorrectness-Logic.html Thu, 12 Mar 2020 00:00:00 +0000 /entries/Relational-Incorrectness-Logic.html Hello World /entries/Hello_World.html Sat, 07 Mar 2020 00:00:00 +0000 /entries/Hello_World.html Implementing the Goodstein Function in &lambda;-Calculus /entries/Goodstein_Lambda.html Fri, 21 Feb 2020 00:00:00 +0000 /entries/Goodstein_Lambda.html A Generic Framework for Verified Compilers /entries/VeriComp.html Mon, 10 Feb 2020 00:00:00 +0000 /entries/VeriComp.html Arithmetic progressions and relative primes /entries/Arith_Prog_Rel_Primes.html Sat, 01 Feb 2020 00:00:00 +0000 /entries/Arith_Prog_Rel_Primes.html A Hierarchy of Algebras for Boolean Subsets /entries/Subset_Boolean_Algebras.html Fri, 31 Jan 2020 00:00:00 +0000 /entries/Subset_Boolean_Algebras.html Mersenne primes and the Lucas–Lehmer test /entries/Mersenne_Primes.html Fri, 17 Jan 2020 00:00:00 +0000 /entries/Mersenne_Primes.html Verified Approximation Algorithms /entries/Approximation_Algorithms.html Thu, 16 Jan 2020 00:00:00 +0000 /entries/Approximation_Algorithms.html Closest Pair of Points Algorithms /entries/Closest_Pair_Points.html Mon, 13 Jan 2020 00:00:00 +0000 /entries/Closest_Pair_Points.html Skip Lists /entries/Skip_Lists.html Thu, 09 Jan 2020 00:00:00 +0000 /entries/Skip_Lists.html Bicategories /entries/Bicategory.html Mon, 06 Jan 2020 00:00:00 +0000 /entries/Bicategory.html The Irrationality of ζ(3) /entries/Zeta_3_Irrational.html Fri, 27 Dec 2019 00:00:00 +0000 /entries/Zeta_3_Irrational.html Formalizing a Seligman-Style Tableau System for Hybrid Logic /entries/Hybrid_Logic.html Fri, 20 Dec 2019 00:00:00 +0000 /entries/Hybrid_Logic.html The Poincaré-Bendixson Theorem /entries/Poincare_Bendixson.html Wed, 18 Dec 2019 00:00:00 +0000 /entries/Poincare_Bendixson.html Complex Geometry /entries/Complex_Geometry.html Mon, 16 Dec 2019 00:00:00 +0000 /entries/Complex_Geometry.html Poincaré Disc Model /entries/Poincare_Disc.html Mon, 16 Dec 2019 00:00:00 +0000 /entries/Poincare_Disc.html Gauss Sums and the Pólya–Vinogradov Inequality /entries/Gauss_Sums.html Tue, 10 Dec 2019 00:00:00 +0000 /entries/Gauss_Sums.html An Efficient Generalization of Counting Sort for Large, possibly Infinite Key Ranges /entries/Generalized_Counting_Sort.html Wed, 04 Dec 2019 00:00:00 +0000 /entries/Generalized_Counting_Sort.html Interval Arithmetic on 32-bit Words /entries/Interval_Arithmetic_Word32.html Wed, 27 Nov 2019 00:00:00 +0000 /entries/Interval_Arithmetic_Word32.html Zermelo Fraenkel Set Theory in Higher-Order Logic /entries/ZFC_in_HOL.html Thu, 24 Oct 2019 00:00:00 +0000 /entries/ZFC_in_HOL.html Isabelle/C /entries/Isabelle_C.html Tue, 22 Oct 2019 00:00:00 +0000 /entries/Isabelle_C.html VerifyThis 2019 -- Polished Isabelle Solutions /entries/VerifyThis2019.html Wed, 16 Oct 2019 00:00:00 +0000 /entries/VerifyThis2019.html Aristotle's Assertoric Syllogistic /entries/Aristotles_Assertoric_Syllogistic.html Tue, 08 Oct 2019 00:00:00 +0000 /entries/Aristotles_Assertoric_Syllogistic.html Sigma Protocols and Commitment Schemes /entries/Sigma_Commit_Crypto.html Mon, 07 Oct 2019 00:00:00 +0000 /entries/Sigma_Commit_Crypto.html Clean - An Abstract Imperative Programming Language and its Theory /entries/Clean.html Fri, 04 Oct 2019 00:00:00 +0000 /entries/Clean.html Formalization of Multiway-Join Algorithms /entries/Generic_Join.html Mon, 16 Sep 2019 00:00:00 +0000 /entries/Generic_Join.html Verification Components for Hybrid Systems /entries/Hybrid_Systems_VCs.html Tue, 10 Sep 2019 00:00:00 +0000 /entries/Hybrid_Systems_VCs.html Fourier Series /entries/Fourier.html Fri, 06 Sep 2019 00:00:00 +0000 /entries/Fourier.html A Case Study in Basic Algebra /entries/Jacobson_Basic_Algebra.html Fri, 30 Aug 2019 00:00:00 +0000 /entries/Jacobson_Basic_Algebra.html Formalisation of an Adaptive State Counting Algorithm /entries/Adaptive_State_Counting.html Fri, 16 Aug 2019 00:00:00 +0000 /entries/Adaptive_State_Counting.html Laplace Transform /entries/Laplace_Transform.html Wed, 14 Aug 2019 00:00:00 +0000 /entries/Laplace_Transform.html Communicating Concurrent Kleene Algebra for Distributed Systems Specification /entries/C2KA_DistributedSystems.html Tue, 06 Aug 2019 00:00:00 +0000 /entries/C2KA_DistributedSystems.html Linear Programming /entries/Linear_Programming.html Tue, 06 Aug 2019 00:00:00 +0000 /entries/Linear_Programming.html Selected Problems from the International Mathematical Olympiad 2019 /entries/IMO2019.html Mon, 05 Aug 2019 00:00:00 +0000 /entries/IMO2019.html Stellar Quorum Systems /entries/Stellar_Quorums.html Thu, 01 Aug 2019 00:00:00 +0000 /entries/Stellar_Quorums.html A Formal Development of a Polychronous Polytimed Coordination Language /entries/TESL_Language.html Tue, 30 Jul 2019 00:00:00 +0000 /entries/TESL_Language.html Order Extension and Szpilrajn's Extension Theorem /entries/Szpilrajn.html Sat, 27 Jul 2019 00:00:00 +0000 /entries/Szpilrajn.html A Sequent Calculus for First-Order Logic /entries/FOL_Seq_Calc1.html Thu, 18 Jul 2019 00:00:00 +0000 /entries/FOL_Seq_Calc1.html A Verified Code Generator from Isabelle/HOL to CakeML /entries/CakeML_Codegen.html Mon, 08 Jul 2019 00:00:00 +0000 /entries/CakeML_Codegen.html Formalization of a Monitoring Algorithm for Metric First-Order Temporal Logic /entries/MFOTL_Monitor.html Thu, 04 Jul 2019 00:00:00 +0000 /entries/MFOTL_Monitor.html Complete Non-Orders and Fixed Points /entries/Complete_Non_Orders.html Thu, 27 Jun 2019 00:00:00 +0000 /entries/Complete_Non_Orders.html Priority Search Trees /entries/Priority_Search_Trees.html Tue, 25 Jun 2019 00:00:00 +0000 /entries/Priority_Search_Trees.html Purely Functional, Simple, and Efficient Implementation of Prim and Dijkstra /entries/Prim_Dijkstra_Simple.html Tue, 25 Jun 2019 00:00:00 +0000 /entries/Prim_Dijkstra_Simple.html Linear Inequalities /entries/Linear_Inequalities.html Fri, 21 Jun 2019 00:00:00 +0000 /entries/Linear_Inequalities.html Hilbert's Nullstellensatz /entries/Nullstellensatz.html Sun, 16 Jun 2019 00:00:00 +0000 /entries/Nullstellensatz.html Gröbner Bases, Macaulay Matrices and Dubé's Degree Bounds /entries/Groebner_Macaulay.html Sat, 15 Jun 2019 00:00:00 +0000 /entries/Groebner_Macaulay.html Binary Heaps for IMP2 /entries/IMP2_Binary_Heap.html Thu, 13 Jun 2019 00:00:00 +0000 /entries/IMP2_Binary_Heap.html Differential Game Logic /entries/Differential_Game_Logic.html Mon, 03 Jun 2019 00:00:00 +0000 /entries/Differential_Game_Logic.html Multidimensional Binary Search Trees /entries/KD_Tree.html Thu, 30 May 2019 00:00:00 +0000 /entries/KD_Tree.html Formalization of Generic Authenticated Data Structures /entries/LambdaAuth.html Tue, 14 May 2019 00:00:00 +0000 /entries/LambdaAuth.html Multi-Party Computation /entries/Multi_Party_Computation.html Thu, 09 May 2019 00:00:00 +0000 /entries/Multi_Party_Computation.html HOL-CSP Version 2.0 /entries/HOL-CSP.html Fri, 26 Apr 2019 00:00:00 +0000 /entries/HOL-CSP.html A Compositional and Unified Translation of LTL into ω-Automata /entries/LTL_Master_Theorem.html Tue, 16 Apr 2019 00:00:00 +0000 /entries/LTL_Master_Theorem.html A General Theory of Syntax with Bindings /entries/Binding_Syntax_Theory.html Sat, 06 Apr 2019 00:00:00 +0000 /entries/Binding_Syntax_Theory.html The Transcendence of Certain Infinite Series /entries/Transcendence_Series_Hancl_Rucki.html Wed, 27 Mar 2019 00:00:00 +0000 /entries/Transcendence_Series_Hancl_Rucki.html Quantum Hoare Logic /entries/QHLProver.html Sun, 24 Mar 2019 00:00:00 +0000 /entries/QHLProver.html Safe OCL /entries/Safe_OCL.html Sat, 09 Mar 2019 00:00:00 +0000 /entries/Safe_OCL.html Elementary Facts About the Distribution of Primes /entries/Prime_Distribution_Elementary.html Thu, 21 Feb 2019 00:00:00 +0000 /entries/Prime_Distribution_Elementary.html Kruskal's Algorithm for Minimum Spanning Forest /entries/Kruskal.html Thu, 14 Feb 2019 00:00:00 +0000 /entries/Kruskal.html Probabilistic Primality Testing /entries/Probabilistic_Prime_Tests.html Mon, 11 Feb 2019 00:00:00 +0000 /entries/Probabilistic_Prime_Tests.html Universal Turing Machine /entries/Universal_Turing_Machine.html Fri, 08 Feb 2019 00:00:00 +0000 /entries/Universal_Turing_Machine.html Isabelle/UTP: Mechanised Theory Engineering for Unifying Theories of Programming /entries/UTP.html Fri, 01 Feb 2019 00:00:00 +0000 /entries/UTP.html The Inversions of a List /entries/List_Inversions.html Fri, 01 Feb 2019 00:00:00 +0000 /entries/List_Inversions.html Farkas' Lemma and Motzkin's Transposition Theorem /entries/Farkas.html Thu, 17 Jan 2019 00:00:00 +0000 /entries/Farkas.html An Algebra for Higher-Order Terms /entries/Higher_Order_Terms.html Tue, 15 Jan 2019 00:00:00 +0000 /entries/Higher_Order_Terms.html IMP2 – Simple Program Verification in Isabelle/HOL /entries/IMP2.html Tue, 15 Jan 2019 00:00:00 +0000 /entries/IMP2.html A Reduction Theorem for Store Buffers /entries/Store_Buffer_Reduction.html Mon, 07 Jan 2019 00:00:00 +0000 /entries/Store_Buffer_Reduction.html A Formal Model of the Document Object Model /entries/Core_DOM.html Wed, 26 Dec 2018 00:00:00 +0000 /entries/Core_DOM.html Formalization of Concurrent Revisions /entries/Concurrent_Revisions.html Tue, 25 Dec 2018 00:00:00 +0000 /entries/Concurrent_Revisions.html Verifying Imperative Programs using Auto2 /entries/Auto2_Imperative_HOL.html Fri, 21 Dec 2018 00:00:00 +0000 /entries/Auto2_Imperative_HOL.html Constructive Cryptography in HOL /entries/Constructive_Cryptography.html Mon, 17 Dec 2018 00:00:00 +0000 /entries/Constructive_Cryptography.html Properties of Orderings and Lattices /entries/Order_Lattice_Props.html Tue, 11 Dec 2018 00:00:00 +0000 /entries/Order_Lattice_Props.html Quantales /entries/Quantales.html Tue, 11 Dec 2018 00:00:00 +0000 /entries/Quantales.html Transformer Semantics /entries/Transformer_Semantics.html Tue, 11 Dec 2018 00:00:00 +0000 /entries/Transformer_Semantics.html A Verified Functional Implementation of Bachmair and Ganzinger's Ordered Resolution Prover /entries/Functional_Ordered_Resolution_Prover.html Fri, 23 Nov 2018 00:00:00 +0000 /entries/Functional_Ordered_Resolution_Prover.html Graph Saturation /entries/Graph_Saturation.html Fri, 23 Nov 2018 00:00:00 +0000 /entries/Graph_Saturation.html Auto2 Prover /entries/Auto2_HOL.html Tue, 20 Nov 2018 00:00:00 +0000 /entries/Auto2_HOL.html Matroids /entries/Matroids.html Fri, 16 Nov 2018 00:00:00 +0000 /entries/Matroids.html Deriving generic class instances for datatypes /entries/Generic_Deriving.html Tue, 06 Nov 2018 00:00:00 +0000 /entries/Generic_Deriving.html Formalisation and Evaluation of Alan Gewirth's Proof for the Principle of Generic Consistency in Isabelle/HOL /entries/GewirthPGCProof.html Tue, 30 Oct 2018 00:00:00 +0000 /entries/GewirthPGCProof.html Epistemic Logic: Completeness of Modal Logics /entries/Epistemic_Logic.html Mon, 29 Oct 2018 00:00:00 +0000 /entries/Epistemic_Logic.html Smooth Manifolds /entries/Smooth_Manifolds.html Mon, 22 Oct 2018 00:00:00 +0000 /entries/Smooth_Manifolds.html Formalization of the Embedding Path Order for Lambda-Free Higher-Order Terms /entries/Lambda_Free_EPO.html Fri, 19 Oct 2018 00:00:00 +0000 /entries/Lambda_Free_EPO.html Randomised Binary Search Trees /entries/Randomised_BSTs.html Fri, 19 Oct 2018 00:00:00 +0000 /entries/Randomised_BSTs.html Upper Bounding Diameters of State Spaces of Factored Transition Systems /entries/Factored_Transition_System_Bounding.html Fri, 12 Oct 2018 00:00:00 +0000 /entries/Factored_Transition_System_Bounding.html The Transcendence of π /entries/Pi_Transcendental.html Fri, 28 Sep 2018 00:00:00 +0000 /entries/Pi_Transcendental.html Symmetric Polynomials /entries/Symmetric_Polynomials.html Tue, 25 Sep 2018 00:00:00 +0000 /entries/Symmetric_Polynomials.html Signature-Based Gröbner Basis Algorithms /entries/Signature_Groebner.html Thu, 20 Sep 2018 00:00:00 +0000 /entries/Signature_Groebner.html The Prime Number Theorem /entries/Prime_Number_Theorem.html Wed, 19 Sep 2018 00:00:00 +0000 /entries/Prime_Number_Theorem.html Aggregation Algebras /entries/Aggregation_Algebras.html Sat, 15 Sep 2018 00:00:00 +0000 /entries/Aggregation_Algebras.html Octonions /entries/Octonions.html Fri, 14 Sep 2018 00:00:00 +0000 /entries/Octonions.html Quaternions /entries/Quaternions.html Wed, 05 Sep 2018 00:00:00 +0000 /entries/Quaternions.html The Budan-Fourier Theorem and Counting Real Roots with Multiplicity /entries/Budan_Fourier.html Sun, 02 Sep 2018 00:00:00 +0000 /entries/Budan_Fourier.html An Incremental Simplex Algorithm with Unsatisfiable Core Generation /entries/Simplex.html Fri, 24 Aug 2018 00:00:00 +0000 /entries/Simplex.html Minsky Machines /entries/Minsky_Machines.html Tue, 14 Aug 2018 00:00:00 +0000 /entries/Minsky_Machines.html Pricing in discrete financial models /entries/DiscretePricing.html Mon, 16 Jul 2018 00:00:00 +0000 /entries/DiscretePricing.html Von-Neumann-Morgenstern Utility Theorem /entries/Neumann_Morgenstern_Utility.html Wed, 04 Jul 2018 00:00:00 +0000 /entries/Neumann_Morgenstern_Utility.html Pell's Equation /entries/Pell.html Sat, 23 Jun 2018 00:00:00 +0000 /entries/Pell.html Projective Geometry /entries/Projective_Geometry.html Thu, 14 Jun 2018 00:00:00 +0000 /entries/Projective_Geometry.html The Localization of a Commutative Ring /entries/Localization_Ring.html Thu, 14 Jun 2018 00:00:00 +0000 /entries/Localization_Ring.html Partial Order Reduction /entries/Partial_Order_Reduction.html Tue, 05 Jun 2018 00:00:00 +0000 /entries/Partial_Order_Reduction.html Optimal Binary Search Trees /entries/Optimal_BST.html Sun, 27 May 2018 00:00:00 +0000 /entries/Optimal_BST.html Hidden Markov Models /entries/Hidden_Markov_Models.html Fri, 25 May 2018 00:00:00 +0000 /entries/Hidden_Markov_Models.html Probabilistic Timed Automata /entries/Probabilistic_Timed_Automata.html Thu, 24 May 2018 00:00:00 +0000 /entries/Probabilistic_Timed_Automata.html Axiom Systems for Category Theory in Free Logic /entries/AxiomaticCategoryTheory.html Wed, 23 May 2018 00:00:00 +0000 /entries/AxiomaticCategoryTheory.html Irrational Rapidly Convergent Series /entries/Irrationality_J_Hancl.html Wed, 23 May 2018 00:00:00 +0000 /entries/Irrationality_J_Hancl.html Monadification, Memoization and Dynamic Programming /entries/Monad_Memo_DP.html Tue, 22 May 2018 00:00:00 +0000 /entries/Monad_Memo_DP.html OpSets: Sequential Specifications for Replicated Datatypes /entries/OpSets.html Thu, 10 May 2018 00:00:00 +0000 /entries/OpSets.html An Isabelle/HOL Formalization of the Modular Assembly Kit for Security Properties /entries/Modular_Assembly_Kit_Security.html Mon, 07 May 2018 00:00:00 +0000 /entries/Modular_Assembly_Kit_Security.html WebAssembly /entries/WebAssembly.html Sun, 29 Apr 2018 00:00:00 +0000 /entries/WebAssembly.html VerifyThis 2018 - Polished Isabelle Solutions /entries/VerifyThis2018.html Fri, 27 Apr 2018 00:00:00 +0000 /entries/VerifyThis2018.html Bounded Natural Functors with Covariance and Contravariance /entries/BNF_CC.html Tue, 24 Apr 2018 00:00:00 +0000 /entries/BNF_CC.html The Incompatibility of Fishburn-Strategyproofness and Pareto-Efficiency /entries/Fishburn_Impossibility.html Thu, 22 Mar 2018 00:00:00 +0000 /entries/Fishburn_Impossibility.html Weight-Balanced Trees /entries/Weight_Balanced_Trees.html Tue, 13 Mar 2018 00:00:00 +0000 /entries/Weight_Balanced_Trees.html CakeML /entries/CakeML.html Mon, 12 Mar 2018 00:00:00 +0000 /entries/CakeML.html A Theory of Architectural Design Patterns /entries/Architectural_Design_Patterns.html Thu, 01 Mar 2018 00:00:00 +0000 /entries/Architectural_Design_Patterns.html Hoare Logics for Time Bounds /entries/Hoare_Time.html Mon, 26 Feb 2018 00:00:00 +0000 /entries/Hoare_Time.html A verified factorization algorithm for integer polynomials with polynomial complexity /entries/LLL_Factorization.html Tue, 06 Feb 2018 00:00:00 +0000 /entries/LLL_Factorization.html First-Order Terms /entries/First_Order_Terms.html Tue, 06 Feb 2018 00:00:00 +0000 /entries/First_Order_Terms.html The Error Function /entries/Error_Function.html Tue, 06 Feb 2018 00:00:00 +0000 /entries/Error_Function.html Treaps /entries/Treaps.html Tue, 06 Feb 2018 00:00:00 +0000 /entries/Treaps.html A verified LLL algorithm /entries/LLL_Basis_Reduction.html Fri, 02 Feb 2018 00:00:00 +0000 /entries/LLL_Basis_Reduction.html Formalization of Bachmair and Ganzinger's Ordered Resolution Prover /entries/Ordered_Resolution_Prover.html Thu, 18 Jan 2018 00:00:00 +0000 /entries/Ordered_Resolution_Prover.html Gromov Hyperbolicity /entries/Gromov_Hyperbolicity.html Tue, 16 Jan 2018 00:00:00 +0000 /entries/Gromov_Hyperbolicity.html An Isabelle/HOL formalisation of Green's Theorem /entries/Green.html Thu, 11 Jan 2018 00:00:00 +0000 /entries/Green.html Taylor Models /entries/Taylor_Models.html Mon, 08 Jan 2018 00:00:00 +0000 /entries/Taylor_Models.html The Falling Factorial of a Sum /entries/Falling_Factorial_Sum.html Fri, 22 Dec 2017 00:00:00 +0000 /entries/Falling_Factorial_Sum.html Dirichlet L-Functions and Dirichlet's Theorem /entries/Dirichlet_L.html Thu, 21 Dec 2017 00:00:00 +0000 /entries/Dirichlet_L.html The Mason–Stothers Theorem /entries/Mason_Stothers.html Thu, 21 Dec 2017 00:00:00 +0000 /entries/Mason_Stothers.html The Median-of-Medians Selection Algorithm /entries/Median_Of_Medians_Selection.html Thu, 21 Dec 2017 00:00:00 +0000 /entries/Median_Of_Medians_Selection.html Operations on Bounded Natural Functors /entries/BNF_Operations.html Tue, 19 Dec 2017 00:00:00 +0000 /entries/BNF_Operations.html The string search algorithm by Knuth, Morris and Pratt /entries/Knuth_Morris_Pratt.html Mon, 18 Dec 2017 00:00:00 +0000 /entries/Knuth_Morris_Pratt.html Stochastic Matrices and the Perron-Frobenius Theorem /entries/Stochastic_Matrices.html Wed, 22 Nov 2017 00:00:00 +0000 /entries/Stochastic_Matrices.html The IMAP CmRDT /entries/IMAP-CRDT.html Thu, 09 Nov 2017 00:00:00 +0000 /entries/IMAP-CRDT.html Hybrid Multi-Lane Spatial Logic /entries/Hybrid_Multi_Lane_Spatial_Logic.html Mon, 06 Nov 2017 00:00:00 +0000 /entries/Hybrid_Multi_Lane_Spatial_Logic.html The Kuratowski Closure-Complement Theorem /entries/Kuratowski_Closure_Complement.html Thu, 26 Oct 2017 00:00:00 +0000 /entries/Kuratowski_Closure_Complement.html Büchi Complementation /entries/Buchi_Complementation.html Thu, 19 Oct 2017 00:00:00 +0000 /entries/Buchi_Complementation.html Transition Systems and Automata /entries/Transition_Systems_and_Automata.html Thu, 19 Oct 2017 00:00:00 +0000 /entries/Transition_Systems_and_Automata.html Count the Number of Complex Roots /entries/Count_Complex_Roots.html Tue, 17 Oct 2017 00:00:00 +0000 /entries/Count_Complex_Roots.html Evaluate Winding Numbers through Cauchy Indices /entries/Winding_Number_Eval.html Tue, 17 Oct 2017 00:00:00 +0000 /entries/Winding_Number_Eval.html Homogeneous Linear Diophantine Equations /entries/Diophantine_Eqns_Lin_Hom.html Sat, 14 Oct 2017 00:00:00 +0000 /entries/Diophantine_Eqns_Lin_Hom.html Dirichlet Series /entries/Dirichlet_Series.html Thu, 12 Oct 2017 00:00:00 +0000 /entries/Dirichlet_Series.html Linear Recurrences /entries/Linear_Recurrences.html Thu, 12 Oct 2017 00:00:00 +0000 /entries/Linear_Recurrences.html The Hurwitz and Riemann ζ Functions /entries/Zeta_Function.html Thu, 12 Oct 2017 00:00:00 +0000 /entries/Zeta_Function.html Computer-assisted Reconstruction and Assessment of E. J. Lowe's Modal Ontological Argument /entries/Lowe_Ontological_Argument.html Thu, 21 Sep 2017 00:00:00 +0000 /entries/Lowe_Ontological_Argument.html Representation and Partial Automation of the Principia Logico-Metaphysica in Isabelle/HOL /entries/PLM.html Sun, 17 Sep 2017 00:00:00 +0000 /entries/PLM.html Anselm's God in Isabelle/HOL /entries/AnselmGod.html Wed, 06 Sep 2017 00:00:00 +0000 /entries/AnselmGod.html Microeconomics and the First Welfare Theorem /entries/First_Welfare_Theorem.html Fri, 01 Sep 2017 00:00:00 +0000 /entries/First_Welfare_Theorem.html Orbit-Stabiliser Theorem with Application to Rotational Symmetries /entries/Orbit_Stabiliser.html Sun, 20 Aug 2017 00:00:00 +0000 /entries/Orbit_Stabiliser.html Root-Balanced Tree /entries/Root_Balanced_Tree.html Sun, 20 Aug 2017 00:00:00 +0000 /entries/Root_Balanced_Tree.html The LambdaMu-calculus /entries/LambdaMu.html Wed, 16 Aug 2017 00:00:00 +0000 /entries/LambdaMu.html Stewart's Theorem and Apollonius' Theorem /entries/Stewart_Apollonius.html Mon, 31 Jul 2017 00:00:00 +0000 /entries/Stewart_Apollonius.html Dynamic Architectures /entries/DynamicArchitectures.html Fri, 28 Jul 2017 00:00:00 +0000 /entries/DynamicArchitectures.html Declarative Semantics for Functional Languages /entries/Decl_Sem_Fun_PL.html Fri, 21 Jul 2017 00:00:00 +0000 /entries/Decl_Sem_Fun_PL.html HOLCF-Prelude /entries/HOLCF-Prelude.html Sat, 15 Jul 2017 00:00:00 +0000 /entries/HOLCF-Prelude.html Minkowski's Theorem /entries/Minkowskis_Theorem.html Thu, 13 Jul 2017 00:00:00 +0000 /entries/Minkowskis_Theorem.html Verified Metatheory and Type Inference for a Name-Carrying Simply-Typed Lambda Calculus /entries/Name_Carrying_Type_Inference.html Sun, 09 Jul 2017 00:00:00 +0000 /entries/Name_Carrying_Type_Inference.html A framework for establishing Strong Eventual Consistency for Conflict-free Replicated Datatypes /entries/CRDT.html Fri, 07 Jul 2017 00:00:00 +0000 /entries/CRDT.html Stone-Kleene Relation Algebras /entries/Stone_Kleene_Relation_Algebras.html Thu, 06 Jul 2017 00:00:00 +0000 /entries/Stone_Kleene_Relation_Algebras.html Propositional Proof Systems /entries/Propositional_Proof_Systems.html Wed, 21 Jun 2017 00:00:00 +0000 /entries/Propositional_Proof_Systems.html Partial Semigroups and Convolution Algebras /entries/PSemigroupsConvolution.html Tue, 13 Jun 2017 00:00:00 +0000 /entries/PSemigroupsConvolution.html Buffon's Needle Problem /entries/Buffons_Needle.html Tue, 06 Jun 2017 00:00:00 +0000 /entries/Buffons_Needle.html Flow Networks and the Min-Cut-Max-Flow Theorem /entries/Flow_Networks.html Thu, 01 Jun 2017 00:00:00 +0000 /entries/Flow_Networks.html Formalizing Push-Relabel Algorithms /entries/Prpu_Maxflow.html Thu, 01 Jun 2017 00:00:00 +0000 /entries/Prpu_Maxflow.html Optics /entries/Optics.html Thu, 25 May 2017 00:00:00 +0000 /entries/Optics.html Developing Security Protocols by Refinement /entries/Security_Protocol_Refinement.html Wed, 24 May 2017 00:00:00 +0000 /entries/Security_Protocol_Refinement.html Dictionary Construction /entries/Dict_Construction.html Wed, 24 May 2017 00:00:00 +0000 /entries/Dict_Construction.html The Floyd-Warshall Algorithm for Shortest Paths /entries/Floyd_Warshall.html Mon, 08 May 2017 00:00:00 +0000 /entries/Floyd_Warshall.html CryptHOL /entries/CryptHOL.html Fri, 05 May 2017 00:00:00 +0000 /entries/CryptHOL.html Effect polymorphism in higher-order logic /entries/Monomorphic_Monad.html Fri, 05 May 2017 00:00:00 +0000 /entries/Monomorphic_Monad.html Game-based cryptography in HOL /entries/Game_Based_Crypto.html Fri, 05 May 2017 00:00:00 +0000 /entries/Game_Based_Crypto.html Monad normalisation /entries/Monad_Normalisation.html Fri, 05 May 2017 00:00:00 +0000 /entries/Monad_Normalisation.html Probabilistic while loop /entries/Probabilistic_While.html Fri, 05 May 2017 00:00:00 +0000 /entries/Probabilistic_While.html Monoidal Categories /entries/MonoidalCategory.html Thu, 04 May 2017 00:00:00 +0000 /entries/MonoidalCategory.html Types, Tableaus and Gödel’s God in Isabelle/HOL /entries/Types_Tableaus_and_Goedels_God.html Mon, 01 May 2017 00:00:00 +0000 /entries/Types_Tableaus_and_Goedels_God.html Local Lexing /entries/LocalLexing.html Fri, 28 Apr 2017 00:00:00 +0000 /entries/LocalLexing.html Constructor Functions /entries/Constructor_Funs.html Wed, 19 Apr 2017 00:00:00 +0000 /entries/Constructor_Funs.html Lazifying case constants /entries/Lazy_Case.html Tue, 18 Apr 2017 00:00:00 +0000 /entries/Lazy_Case.html Subresultants /entries/Subresultants.html Thu, 06 Apr 2017 00:00:00 +0000 /entries/Subresultants.html Expected Shape of Random Binary Search Trees /entries/Random_BSTs.html Tue, 04 Apr 2017 00:00:00 +0000 /entries/Random_BSTs.html Lower bound on comparison-based sorting algorithms /entries/Comparison_Sort_Lower_Bound.html Wed, 15 Mar 2017 00:00:00 +0000 /entries/Comparison_Sort_Lower_Bound.html The number of comparisons in QuickSort /entries/Quick_Sort_Cost.html Wed, 15 Mar 2017 00:00:00 +0000 /entries/Quick_Sort_Cost.html The Euler–MacLaurin Formula /entries/Euler_MacLaurin.html Fri, 10 Mar 2017 00:00:00 +0000 /entries/Euler_MacLaurin.html The Group Law for Elliptic Curves /entries/Elliptic_Curves_Group_Law.html Tue, 28 Feb 2017 00:00:00 +0000 /entries/Elliptic_Curves_Group_Law.html Menger's Theorem /entries/Menger.html Sun, 26 Feb 2017 00:00:00 +0000 /entries/Menger.html Differential Dynamic Logic /entries/Differential_Dynamic_Logic.html Mon, 13 Feb 2017 00:00:00 +0000 /entries/Differential_Dynamic_Logic.html Abstract Soundness /entries/Abstract_Soundness.html Fri, 10 Feb 2017 00:00:00 +0000 /entries/Abstract_Soundness.html Stone Relation Algebras /entries/Stone_Relation_Algebras.html Tue, 07 Feb 2017 00:00:00 +0000 /entries/Stone_Relation_Algebras.html Refining Authenticated Key Agreement with Strong Adversaries /entries/Key_Agreement_Strong_Adversaries.html Tue, 31 Jan 2017 00:00:00 +0000 /entries/Key_Agreement_Strong_Adversaries.html Bernoulli Numbers /entries/Bernoulli.html Tue, 24 Jan 2017 00:00:00 +0000 /entries/Bernoulli.html Bertrand's postulate /entries/Bertrands_Postulate.html Tue, 17 Jan 2017 00:00:00 +0000 /entries/Bertrands_Postulate.html Minimal Static Single Assignment Form /entries/Minimal_SSA.html Tue, 17 Jan 2017 00:00:00 +0000 /entries/Minimal_SSA.html The Transcendence of e /entries/E_Transcendental.html Thu, 12 Jan 2017 00:00:00 +0000 /entries/E_Transcendental.html Formal Network Models and Their Application to Firewall Policies /entries/UPF_Firewall.html Sun, 08 Jan 2017 00:00:00 +0000 /entries/UPF_Firewall.html Verification of a Diffie-Hellman Password-based Authentication Protocol by Extending the Inductive Method /entries/Password_Authentication_Protocol.html Tue, 03 Jan 2017 00:00:00 +0000 /entries/Password_Authentication_Protocol.html First-Order Logic According to Harrison /entries/FOL_Harrison.html Sun, 01 Jan 2017 00:00:00 +0000 /entries/FOL_Harrison.html Concurrent Refinement Algebra and Rely Quotients /entries/Concurrent_Ref_Alg.html Fri, 30 Dec 2016 00:00:00 +0000 /entries/Concurrent_Ref_Alg.html The Twelvefold Way /entries/Twelvefold_Way.html Thu, 29 Dec 2016 00:00:00 +0000 /entries/Twelvefold_Way.html Proof Strategy Language /entries/Proof_Strategy_Language.html Tue, 20 Dec 2016 00:00:00 +0000 /entries/Proof_Strategy_Language.html Paraconsistency /entries/Paraconsistency.html Wed, 07 Dec 2016 00:00:00 +0000 /entries/Paraconsistency.html COMPLX: A Verification Framework for Concurrent Imperative Programs /entries/Complx.html Tue, 29 Nov 2016 00:00:00 +0000 /entries/Complx.html Abstract Interpretation of Annotated Commands /entries/Abs_Int_ITP2012.html Wed, 23 Nov 2016 00:00:00 +0000 /entries/Abs_Int_ITP2012.html Separata: Isabelle tactics for Separation Algebra /entries/Separata.html Wed, 16 Nov 2016 00:00:00 +0000 /entries/Separata.html Formalization of Knuth–Bendix Orders for Lambda-Free Higher-Order Terms /entries/Lambda_Free_KBOs.html Sat, 12 Nov 2016 00:00:00 +0000 /entries/Lambda_Free_KBOs.html Formalization of Nested Multisets, Hereditary Multisets, and Syntactic Ordinals /entries/Nested_Multisets_Ordinals.html Sat, 12 Nov 2016 00:00:00 +0000 /entries/Nested_Multisets_Ordinals.html Expressiveness of Deep Learning /entries/Deep_Learning.html Thu, 10 Nov 2016 00:00:00 +0000 /entries/Deep_Learning.html Modal Logics for Nominal Transition Systems /entries/Modal_Logics_for_NTS.html Tue, 25 Oct 2016 00:00:00 +0000 /entries/Modal_Logics_for_NTS.html Stable Matching /entries/Stable_Matching.html Mon, 24 Oct 2016 00:00:00 +0000 /entries/Stable_Matching.html LOFT — Verified Migration of Linux Firewalls to SDN /entries/LOFT.html Fri, 21 Oct 2016 00:00:00 +0000 /entries/LOFT.html A formal model for the SPARCv8 ISA and a proof of non-interference for the LEON3 processor /entries/SPARCv8.html Wed, 19 Oct 2016 00:00:00 +0000 /entries/SPARCv8.html Source Coding Theorem /entries/Source_Coding_Theorem.html Wed, 19 Oct 2016 00:00:00 +0000 /entries/Source_Coding_Theorem.html The Factorization Algorithm of Berlekamp and Zassenhaus /entries/Berlekamp_Zassenhaus.html Fri, 14 Oct 2016 00:00:00 +0000 /entries/Berlekamp_Zassenhaus.html Intersecting Chords Theorem /entries/Chord_Segments.html Tue, 11 Oct 2016 00:00:00 +0000 /entries/Chord_Segments.html Lp spaces /entries/Lp.html Wed, 05 Oct 2016 00:00:00 +0000 /entries/Lp.html Fisher–Yates shuffle /entries/Fisher_Yates.html Fri, 30 Sep 2016 00:00:00 +0000 /entries/Fisher_Yates.html Allen's Interval Calculus /entries/Allen_Calculus.html Thu, 29 Sep 2016 00:00:00 +0000 /entries/Allen_Calculus.html Formalization of Recursive Path Orders for Lambda-Free Higher-Order Terms /entries/Lambda_Free_RPOs.html Fri, 23 Sep 2016 00:00:00 +0000 /entries/Lambda_Free_RPOs.html Iptables Semantics /entries/Iptables_Semantics.html Fri, 09 Sep 2016 00:00:00 +0000 /entries/Iptables_Semantics.html A Variant of the Superposition Calculus /entries/SuperCalc.html Tue, 06 Sep 2016 00:00:00 +0000 /entries/SuperCalc.html Stone Algebras /entries/Stone_Algebras.html Tue, 06 Sep 2016 00:00:00 +0000 /entries/Stone_Algebras.html Stirling's formula /entries/Stirling_Formula.html Thu, 01 Sep 2016 00:00:00 +0000 /entries/Stirling_Formula.html Routing /entries/Routing.html Wed, 31 Aug 2016 00:00:00 +0000 /entries/Routing.html Simple Firewall /entries/Simple_Firewall.html Wed, 24 Aug 2016 00:00:00 +0000 /entries/Simple_Firewall.html Infeasible Paths Elimination by Symbolic Execution Techniques: Proof of Correctness and Preservation of Paths /entries/InfPathElimination.html Thu, 18 Aug 2016 00:00:00 +0000 /entries/InfPathElimination.html Formalizing the Edmonds-Karp Algorithm /entries/EdmondsKarp_Maxflow.html Fri, 12 Aug 2016 00:00:00 +0000 /entries/EdmondsKarp_Maxflow.html The Imperative Refinement Framework /entries/Refine_Imperative_HOL.html Mon, 08 Aug 2016 00:00:00 +0000 /entries/Refine_Imperative_HOL.html Ptolemy's Theorem /entries/Ptolemys_Theorem.html Sun, 07 Aug 2016 00:00:00 +0000 /entries/Ptolemys_Theorem.html Surprise Paradox /entries/Surprise_Paradox.html Sun, 17 Jul 2016 00:00:00 +0000 /entries/Surprise_Paradox.html Pairing Heap /entries/Pairing_Heap.html Thu, 14 Jul 2016 00:00:00 +0000 /entries/Pairing_Heap.html A Framework for Verifying Depth-First Search Algorithms /entries/DFS_Framework.html Tue, 05 Jul 2016 00:00:00 +0000 /entries/DFS_Framework.html Chamber Complexes, Coxeter Systems, and Buildings /entries/Buildings.html Fri, 01 Jul 2016 00:00:00 +0000 /entries/Buildings.html The Resolution Calculus for First-Order Logic /entries/Resolution_FOL.html Thu, 30 Jun 2016 00:00:00 +0000 /entries/Resolution_FOL.html The Z Property /entries/Rewriting_Z.html Thu, 30 Jun 2016 00:00:00 +0000 /entries/Rewriting_Z.html Compositional Security-Preserving Refinement for Concurrent Imperative Programs /entries/Dependent_SIFUM_Refinement.html Tue, 28 Jun 2016 00:00:00 +0000 /entries/Dependent_SIFUM_Refinement.html IP Addresses /entries/IP_Addresses.html Tue, 28 Jun 2016 00:00:00 +0000 /entries/IP_Addresses.html Cardinality of Multisets /entries/Card_Multisets.html Sun, 26 Jun 2016 00:00:00 +0000 /entries/Card_Multisets.html Category Theory with Adjunctions and Limits /entries/Category3.html Sun, 26 Jun 2016 00:00:00 +0000 /entries/Category3.html A Dependent Security Type System for Concurrent Imperative Programs /entries/Dependent_SIFUM_Type_Systems.html Sat, 25 Jun 2016 00:00:00 +0000 /entries/Dependent_SIFUM_Type_Systems.html Catalan Numbers /entries/Catalan_Numbers.html Tue, 21 Jun 2016 00:00:00 +0000 /entries/Catalan_Numbers.html Program Construction and Verification Components Based on Kleene Algebra /entries/Algebraic_VCs.html Sat, 18 Jun 2016 00:00:00 +0000 /entries/Algebraic_VCs.html Conservation of CSP Noninterference Security under Concurrent Composition /entries/Noninterference_Concurrent_Composition.html Mon, 13 Jun 2016 00:00:00 +0000 /entries/Noninterference_Concurrent_Composition.html Finite Machine Word Library /entries/Word_Lib.html Thu, 09 Jun 2016 00:00:00 +0000 /entries/Word_Lib.html Tree Decomposition /entries/Tree_Decomposition.html Tue, 31 May 2016 00:00:00 +0000 /entries/Tree_Decomposition.html Cardinality of Equivalence Relations /entries/Card_Equiv_Relations.html Tue, 24 May 2016 00:00:00 +0000 /entries/Card_Equiv_Relations.html POSIX Lexing with Derivatives of Regular Expressions /entries/Posix-Lexing.html Tue, 24 May 2016 00:00:00 +0000 /entries/Posix-Lexing.html Perron-Frobenius Theorem for Spectral Radius Analysis /entries/Perron_Frobenius.html Fri, 20 May 2016 00:00:00 +0000 /entries/Perron_Frobenius.html The meta theory of the Incredible Proof Machine /entries/Incredible_Proof_Machine.html Fri, 20 May 2016 00:00:00 +0000 /entries/Incredible_Proof_Machine.html A Constructive Proof for FLP /entries/FLP.html Wed, 18 May 2016 00:00:00 +0000 /entries/FLP.html A Formal Proof of the Max-Flow Min-Cut Theorem for Countable Networks /entries/MFMC_Countable.html Mon, 09 May 2016 00:00:00 +0000 /entries/MFMC_Countable.html Randomised Social Choice Theory /entries/Randomised_Social_Choice.html Thu, 05 May 2016 00:00:00 +0000 /entries/Randomised_Social_Choice.html Spivey's Generalized Recurrence for Bell Numbers /entries/Bell_Numbers_Spivey.html Wed, 04 May 2016 00:00:00 +0000 /entries/Bell_Numbers_Spivey.html The Incompatibility of SD-Efficiency and SD-Strategy-Proofness /entries/SDS_Impossibility.html Wed, 04 May 2016 00:00:00 +0000 /entries/SDS_Impossibility.html Gröbner Bases Theory /entries/Groebner_Bases.html Mon, 02 May 2016 00:00:00 +0000 /entries/Groebner_Bases.html No Faster-Than-Light Observers /entries/No_FTL_observers.html Thu, 28 Apr 2016 00:00:00 +0000 /entries/No_FTL_observers.html A formalisation of the Cocke-Younger-Kasami algorithm /entries/CYK.html Wed, 27 Apr 2016 00:00:00 +0000 /entries/CYK.html Algorithms for Reduced Ordered Binary Decision Diagrams /entries/ROBDD.html Wed, 27 Apr 2016 00:00:00 +0000 /entries/ROBDD.html Conservation of CSP Noninterference Security under Sequential Composition /entries/Noninterference_Sequential_Composition.html Tue, 26 Apr 2016 00:00:00 +0000 /entries/Noninterference_Sequential_Composition.html Kleene Algebras with Domain /entries/KAD.html Tue, 12 Apr 2016 00:00:00 +0000 /entries/KAD.html Propositional Resolution and Prime Implicates Generation /entries/PropResPI.html Fri, 11 Mar 2016 00:00:00 +0000 /entries/PropResPI.html The Cartan Fixed Point Theorems /entries/Cartan_FP.html Tue, 08 Mar 2016 00:00:00 +0000 /entries/Cartan_FP.html Timed Automata /entries/Timed_Automata.html Tue, 08 Mar 2016 00:00:00 +0000 /entries/Timed_Automata.html Linear Temporal Logic /entries/LTL.html Tue, 01 Mar 2016 00:00:00 +0000 /entries/LTL.html Analysis of List Update Algorithms /entries/List_Update.html Wed, 17 Feb 2016 00:00:00 +0000 /entries/List_Update.html Verified Construction of Static Single Assignment Form /entries/Formal_SSA.html Fri, 05 Feb 2016 00:00:00 +0000 /entries/Formal_SSA.html Polynomial Factorization /entries/Polynomial_Factorization.html Fri, 29 Jan 2016 00:00:00 +0000 /entries/Polynomial_Factorization.html Polynomial Interpolation /entries/Polynomial_Interpolation.html Fri, 29 Jan 2016 00:00:00 +0000 /entries/Polynomial_Interpolation.html Knot Theory /entries/Knot_Theory.html Wed, 20 Jan 2016 00:00:00 +0000 /entries/Knot_Theory.html Tensor Product of Matrices /entries/Matrix_Tensor.html Mon, 18 Jan 2016 00:00:00 +0000 /entries/Matrix_Tensor.html Cardinality of Number Partitions /entries/Card_Number_Partitions.html Thu, 14 Jan 2016 00:00:00 +0000 /entries/Card_Number_Partitions.html Basic Geometric Properties of Triangles /entries/Triangle.html Mon, 28 Dec 2015 00:00:00 +0000 /entries/Triangle.html Descartes' Rule of Signs /entries/Descartes_Sign_Rule.html Mon, 28 Dec 2015 00:00:00 +0000 /entries/Descartes_Sign_Rule.html Liouville numbers /entries/Liouville_Numbers.html Mon, 28 Dec 2015 00:00:00 +0000 /entries/Liouville_Numbers.html The Divergence of the Prime Harmonic Series /entries/Prime_Harmonic_Series.html Mon, 28 Dec 2015 00:00:00 +0000 /entries/Prime_Harmonic_Series.html Algebraic Numbers in Isabelle/HOL /entries/Algebraic_Numbers.html Tue, 22 Dec 2015 00:00:00 +0000 /entries/Algebraic_Numbers.html Applicative Lifting /entries/Applicative_Lifting.html Tue, 22 Dec 2015 00:00:00 +0000 /entries/Applicative_Lifting.html The Stern-Brocot Tree /entries/Stern_Brocot.html Tue, 22 Dec 2015 00:00:00 +0000 /entries/Stern_Brocot.html Cardinality of Set Partitions /entries/Card_Partitions.html Sat, 12 Dec 2015 00:00:00 +0000 /entries/Card_Partitions.html Latin Square /entries/Latin_Square.html Wed, 02 Dec 2015 00:00:00 +0000 /entries/Latin_Square.html Ergodic Theory /entries/Ergodic_Theory.html Tue, 01 Dec 2015 00:00:00 +0000 /entries/Ergodic_Theory.html Euler's Partition Theorem /entries/Euler_Partition.html Thu, 19 Nov 2015 00:00:00 +0000 /entries/Euler_Partition.html The Tortoise and Hare Algorithm /entries/TortoiseHare.html Wed, 18 Nov 2015 00:00:00 +0000 /entries/TortoiseHare.html Planarity Certificates /entries/Planarity_Certificates.html Wed, 11 Nov 2015 00:00:00 +0000 /entries/Planarity_Certificates.html Positional Determinacy of Parity Games /entries/Parity_Game.html Mon, 02 Nov 2015 00:00:00 +0000 /entries/Parity_Game.html A Meta-Model for the Isabelle API /entries/Isabelle_Meta_Model.html Wed, 16 Sep 2015 00:00:00 +0000 /entries/Isabelle_Meta_Model.html Converting Linear Temporal Logic to Deterministic (Generalized) Rabin Automata /entries/LTL_to_DRA.html Fri, 04 Sep 2015 00:00:00 +0000 /entries/LTL_to_DRA.html Matrices, Jordan Normal Forms, and Spectral Radius Theory /entries/Jordan_Normal_Form.html Fri, 21 Aug 2015 00:00:00 +0000 /entries/Jordan_Normal_Form.html Decreasing Diagrams II /entries/Decreasing-Diagrams-II.html Thu, 20 Aug 2015 00:00:00 +0000 /entries/Decreasing-Diagrams-II.html The Inductive Unwinding Theorem for CSP Noninterference Security /entries/Noninterference_Inductive_Unwinding.html Tue, 18 Aug 2015 00:00:00 +0000 /entries/Noninterference_Inductive_Unwinding.html Representations of Finite Groups /entries/Rep_Fin_Groups.html Wed, 12 Aug 2015 00:00:00 +0000 /entries/Rep_Fin_Groups.html Analysing and Comparing Encodability Criteria for Process Calculi /entries/Encodability_Process_Calculi.html Mon, 10 Aug 2015 00:00:00 +0000 /entries/Encodability_Process_Calculi.html Generating Cases from Labeled Subgoals /entries/Case_Labeling.html Tue, 21 Jul 2015 00:00:00 +0000 /entries/Case_Labeling.html Landau Symbols /entries/Landau_Symbols.html Tue, 14 Jul 2015 00:00:00 +0000 /entries/Landau_Symbols.html The Akra-Bazzi theorem and the Master theorem /entries/Akra_Bazzi.html Tue, 14 Jul 2015 00:00:00 +0000 /entries/Akra_Bazzi.html Hermite Normal Form /entries/Hermite.html Tue, 07 Jul 2015 00:00:00 +0000 /entries/Hermite.html Derangements Formula /entries/Derangements.html Sat, 27 Jun 2015 00:00:00 +0000 /entries/Derangements.html Binary Multirelations /entries/Multirelations.html Thu, 11 Jun 2015 00:00:00 +0000 /entries/Multirelations.html Reasoning about Lists via List Interleaving /entries/List_Interleaving.html Thu, 11 Jun 2015 00:00:00 +0000 /entries/List_Interleaving.html The Generic Unwinding Theorem for CSP Noninterference Security /entries/Noninterference_Generic_Unwinding.html Thu, 11 Jun 2015 00:00:00 +0000 /entries/Noninterference_Generic_Unwinding.html The Ipurge Unwinding Theorem for CSP Noninterference Security /entries/Noninterference_Ipurge_Unwinding.html Thu, 11 Jun 2015 00:00:00 +0000 /entries/Noninterference_Ipurge_Unwinding.html Parameterized Dynamic Tables /entries/Dynamic_Tables.html Sun, 07 Jun 2015 00:00:00 +0000 /entries/Dynamic_Tables.html Derivatives of Logical Formulas /entries/Formula_Derivatives.html Thu, 28 May 2015 00:00:00 +0000 /entries/Formula_Derivatives.html A Zoo of Probabilistic Systems /entries/Probabilistic_System_Zoo.html Wed, 27 May 2015 00:00:00 +0000 /entries/Probabilistic_System_Zoo.html VCG - Combinatorial Vickrey-Clarke-Groves Auctions /entries/Vickrey_Clarke_Groves.html Thu, 30 Apr 2015 00:00:00 +0000 /entries/Vickrey_Clarke_Groves.html Residuated Lattices /entries/Residuated_Lattices.html Wed, 15 Apr 2015 00:00:00 +0000 /entries/Residuated_Lattices.html Concurrent IMP /entries/ConcurrentIMP.html Mon, 13 Apr 2015 00:00:00 +0000 /entries/ConcurrentIMP.html Relaxing Safely: Verified On-the-Fly Garbage Collection for x86-TSO /entries/ConcurrentGC.html Mon, 13 Apr 2015 00:00:00 +0000 /entries/ConcurrentGC.html Trie /entries/Trie.html Mon, 30 Mar 2015 00:00:00 +0000 /entries/Trie.html Consensus Refined /entries/Consensus_Refined.html Wed, 18 Mar 2015 00:00:00 +0000 /entries/Consensus_Refined.html Deriving class instances for datatypes /entries/Deriving.html Wed, 11 Mar 2015 00:00:00 +0000 /entries/Deriving.html The Safety of Call Arity /entries/Call_Arity.html Fri, 20 Feb 2015 00:00:00 +0000 /entries/Call_Arity.html Echelon Form /entries/Echelon_Form.html Thu, 12 Feb 2015 00:00:00 +0000 /entries/Echelon_Form.html QR Decomposition /entries/QR_Decomposition.html Thu, 12 Feb 2015 00:00:00 +0000 /entries/QR_Decomposition.html Finite Automata in Hereditarily Finite Set Theory /entries/Finite_Automata_HF.html Thu, 05 Feb 2015 00:00:00 +0000 /entries/Finite_Automata_HF.html Verification of the UpDown Scheme /entries/UpDown_Scheme.html Wed, 28 Jan 2015 00:00:00 +0000 /entries/UpDown_Scheme.html The Unified Policy Framework (UPF) /entries/UPF.html Fri, 28 Nov 2014 00:00:00 +0000 /entries/UPF.html Loop freedom of the (untimed) AODV routing protocol /entries/AODV.html Thu, 23 Oct 2014 00:00:00 +0000 /entries/AODV.html Lifting Definition Option /entries/Lifting_Definition_Option.html Mon, 13 Oct 2014 00:00:00 +0000 /entries/Lifting_Definition_Option.html Stream Fusion in HOL with Code Generation /entries/Stream_Fusion_Code.html Fri, 10 Oct 2014 00:00:00 +0000 /entries/Stream_Fusion_Code.html A Verified Compiler for Probability Density Functions /entries/Density_Compiler.html Thu, 09 Oct 2014 00:00:00 +0000 /entries/Density_Compiler.html Formalization of Refinement Calculus for Reactive Systems /entries/RefinementReactive.html Wed, 08 Oct 2014 00:00:00 +0000 /entries/RefinementReactive.html Certification Monads /entries/Certification_Monads.html Fri, 03 Oct 2014 00:00:00 +0000 /entries/Certification_Monads.html XML /entries/XML.html Fri, 03 Oct 2014 00:00:00 +0000 /entries/XML.html Imperative Insertion Sort /entries/Imperative_Insertion_Sort.html Thu, 25 Sep 2014 00:00:00 +0000 /entries/Imperative_Insertion_Sort.html The Sturm-Tarski Theorem /entries/Sturm_Tarski.html Fri, 19 Sep 2014 00:00:00 +0000 /entries/Sturm_Tarski.html The Cayley-Hamilton Theorem /entries/Cayley_Hamilton.html Mon, 15 Sep 2014 00:00:00 +0000 /entries/Cayley_Hamilton.html The Jordan-Hölder Theorem /entries/Jordan_Hoelder.html Tue, 09 Sep 2014 00:00:00 +0000 /entries/Jordan_Hoelder.html Priority Queues Based on Braun Trees /entries/Priority_Queue_Braun.html Thu, 04 Sep 2014 00:00:00 +0000 /entries/Priority_Queue_Braun.html Gauss-Jordan Algorithm and Its Applications /entries/Gauss_Jordan.html Wed, 03 Sep 2014 00:00:00 +0000 /entries/Gauss_Jordan.html Real-Valued Special Functions: Upper and Lower Bounds /entries/Special_Function_Bounds.html Fri, 29 Aug 2014 00:00:00 +0000 /entries/Special_Function_Bounds.html Vector Spaces /entries/VectorSpace.html Fri, 29 Aug 2014 00:00:00 +0000 /entries/VectorSpace.html Skew Heap /entries/Skew_Heap.html Wed, 13 Aug 2014 00:00:00 +0000 /entries/Skew_Heap.html Splay Tree /entries/Splay_Tree.html Tue, 12 Aug 2014 00:00:00 +0000 /entries/Splay_Tree.html Haskell's Show Class in Isabelle/HOL /entries/Show.html Tue, 29 Jul 2014 00:00:00 +0000 /entries/Show.html Formal Specification of a Generic Separation Kernel /entries/CISC-Kernel.html Fri, 18 Jul 2014 00:00:00 +0000 /entries/CISC-Kernel.html pGCL for Isabelle /entries/pGCL.html Sun, 13 Jul 2014 00:00:00 +0000 /entries/pGCL.html Amortized Complexity Verified /entries/Amortized_Complexity.html Mon, 07 Jul 2014 00:00:00 +0000 /entries/Amortized_Complexity.html Network Security Policy Verification /entries/Network_Security_Policy_Verification.html Fri, 04 Jul 2014 00:00:00 +0000 /entries/Network_Security_Policy_Verification.html Pop-Refinement /entries/Pop_Refinement.html Thu, 03 Jul 2014 00:00:00 +0000 /entries/Pop_Refinement.html Decision Procedures for MSO on Words Based on Derivatives of Regular Expressions /entries/MSO_Regex_Equivalence.html Thu, 12 Jun 2014 00:00:00 +0000 /entries/MSO_Regex_Equivalence.html Boolean Expression Checkers /entries/Boolean_Expression_Checkers.html Sun, 08 Jun 2014 00:00:00 +0000 /entries/Boolean_Expression_Checkers.html A Fully Verified Executable LTL Model Checker /entries/CAVA_LTL_Modelchecker.html Wed, 28 May 2014 00:00:00 +0000 /entries/CAVA_LTL_Modelchecker.html Converting Linear-Time Temporal Logic to Generalized Büchi Automata /entries/LTL_to_GBA.html Wed, 28 May 2014 00:00:00 +0000 /entries/LTL_to_GBA.html Promela Formalization /entries/Promela.html Wed, 28 May 2014 00:00:00 +0000 /entries/Promela.html The CAVA Automata Library /entries/CAVA_Automata.html Wed, 28 May 2014 00:00:00 +0000 /entries/CAVA_Automata.html Verified Efficient Implementation of Gabow's Strongly Connected Components Algorithm /entries/Gabow_SCC.html Wed, 28 May 2014 00:00:00 +0000 /entries/Gabow_SCC.html Noninterference Security in Communicating Sequential Processes /entries/Noninterference_CSP.html Fri, 23 May 2014 00:00:00 +0000 /entries/Noninterference_CSP.html Transitive closure according to Roy-Floyd-Warshall /entries/Roy_Floyd_Warshall.html Fri, 23 May 2014 00:00:00 +0000 /entries/Roy_Floyd_Warshall.html Regular Algebras /entries/Regular_Algebras.html Wed, 21 May 2014 00:00:00 +0000 /entries/Regular_Algebras.html Formalisation and Analysis of Component Dependencies /entries/ComponentDependencies.html Mon, 28 Apr 2014 00:00:00 +0000 /entries/ComponentDependencies.html A Formalization of Assumptions and Guarantees for Compositional Noninterference /entries/SIFUM_Type_Systems.html Wed, 23 Apr 2014 00:00:00 +0000 /entries/SIFUM_Type_Systems.html A Formalization of Declassification with WHAT-and-WHERE-Security /entries/WHATandWHERE_Security.html Wed, 23 Apr 2014 00:00:00 +0000 /entries/WHATandWHERE_Security.html A Formalization of Strong Security /entries/Strong_Security.html Wed, 23 Apr 2014 00:00:00 +0000 /entries/Strong_Security.html Bounded-Deducibility Security /entries/Bounded_Deducibility_Security.html Tue, 22 Apr 2014 00:00:00 +0000 /entries/Bounded_Deducibility_Security.html A shallow embedding of HyperCTL* /entries/HyperCTL.html Wed, 16 Apr 2014 00:00:00 +0000 /entries/HyperCTL.html Abstract Completeness /entries/Abstract_Completeness.html Wed, 16 Apr 2014 00:00:00 +0000 /entries/Abstract_Completeness.html Discrete Summation /entries/Discrete_Summation.html Sun, 13 Apr 2014 00:00:00 +0000 /entries/Discrete_Summation.html Syntax and semantics of a GPU kernel programming language /entries/GPU_Kernel_PL.html Thu, 03 Apr 2014 00:00:00 +0000 /entries/GPU_Kernel_PL.html Probabilistic Noninterference /entries/Probabilistic_Noninterference.html Tue, 11 Mar 2014 00:00:00 +0000 /entries/Probabilistic_Noninterference.html Mechanization of the Algebra for Wireless Networks (AWN) /entries/AWN.html Sat, 08 Mar 2014 00:00:00 +0000 /entries/AWN.html Mutually Recursive Partial Functions /entries/Partial_Function_MR.html Tue, 18 Feb 2014 00:00:00 +0000 /entries/Partial_Function_MR.html Properties of Random Graphs -- Subgraph Containment /entries/Random_Graph_Subgraph_Threshold.html Thu, 13 Feb 2014 00:00:00 +0000 /entries/Random_Graph_Subgraph_Threshold.html Verification of Selection and Heap Sort Using Locales /entries/Selection_Heap_Sort.html Tue, 11 Feb 2014 00:00:00 +0000 /entries/Selection_Heap_Sort.html Affine Arithmetic /entries/Affine_Arithmetic.html Fri, 07 Feb 2014 00:00:00 +0000 /entries/Affine_Arithmetic.html Implementing field extensions of the form Q[sqrt(b)] /entries/Real_Impl.html Thu, 06 Feb 2014 00:00:00 +0000 /entries/Real_Impl.html Unified Decision Procedures for Regular Expression Equivalence /entries/Regex_Equivalence.html Thu, 30 Jan 2014 00:00:00 +0000 /entries/Regex_Equivalence.html Secondary Sylow Theorems /entries/Secondary_Sylow.html Tue, 28 Jan 2014 00:00:00 +0000 /entries/Secondary_Sylow.html Relation Algebra /entries/Relation_Algebra.html Sat, 25 Jan 2014 00:00:00 +0000 /entries/Relation_Algebra.html Kleene Algebra with Tests and Demonic Refinement Algebras /entries/KAT_and_DRA.html Thu, 23 Jan 2014 00:00:00 +0000 /entries/KAT_and_DRA.html Featherweight OCL: A Proposal for a Machine-Checked Formal Semantics for OCL 2.5 /entries/Featherweight_OCL.html Thu, 16 Jan 2014 00:00:00 +0000 /entries/Featherweight_OCL.html Compositional Properties of Crypto-Based Components /entries/CryptoBasedCompositionalProperties.html Sat, 11 Jan 2014 00:00:00 +0000 /entries/CryptoBasedCompositionalProperties.html Sturm's Theorem /entries/Sturm_Sequences.html Sat, 11 Jan 2014 00:00:00 +0000 /entries/Sturm_Sequences.html A General Method for the Proof of Theorems on Tail-recursive Functions /entries/Tail_Recursive_Functions.html Sun, 01 Dec 2013 00:00:00 +0000 /entries/Tail_Recursive_Functions.html Gödel's Incompleteness Theorems /entries/Incompleteness.html Sun, 17 Nov 2013 00:00:00 +0000 /entries/Incompleteness.html The Hereditarily Finite Sets /entries/HereditarilyFinite.html Sun, 17 Nov 2013 00:00:00 +0000 /entries/HereditarilyFinite.html A Codatatype of Formal Languages /entries/Coinductive_Languages.html Fri, 15 Nov 2013 00:00:00 +0000 /entries/Coinductive_Languages.html Stream Processing Components: Isabelle/HOL Formalisation and Case Studies /entries/FocusStreamsCaseStudies.html Thu, 14 Nov 2013 00:00:00 +0000 /entries/FocusStreamsCaseStudies.html Gödel's God in Isabelle/HOL /entries/GoedelGod.html Tue, 12 Nov 2013 00:00:00 +0000 /entries/GoedelGod.html Decreasing Diagrams /entries/Decreasing-Diagrams.html Fri, 01 Nov 2013 00:00:00 +0000 /entries/Decreasing-Diagrams.html Automatic Data Refinement /entries/Automatic_Refinement.html Wed, 02 Oct 2013 00:00:00 +0000 /entries/Automatic_Refinement.html Native Word /entries/Native_Word.html Tue, 17 Sep 2013 00:00:00 +0000 /entries/Native_Word.html A Formal Model of IEEE Floating Point Arithmetic /entries/IEEE_Floating_Point.html Sat, 27 Jul 2013 00:00:00 +0000 /entries/IEEE_Floating_Point.html Lehmer's Theorem /entries/Lehmer.html Mon, 22 Jul 2013 00:00:00 +0000 /entries/Lehmer.html Pratt's Primality Certificates /entries/Pratt_Certificate.html Mon, 22 Jul 2013 00:00:00 +0000 /entries/Pratt_Certificate.html The Königsberg Bridge Problem and the Friendship Theorem /entries/Koenigsberg_Friendship.html Fri, 19 Jul 2013 00:00:00 +0000 /entries/Koenigsberg_Friendship.html Sound and Complete Sort Encodings for First-Order Logic /entries/Sort_Encodings.html Thu, 27 Jun 2013 00:00:00 +0000 /entries/Sort_Encodings.html An Axiomatic Characterization of the Single-Source Shortest Path Problem /entries/ShortestPath.html Wed, 22 May 2013 00:00:00 +0000 /entries/ShortestPath.html Graph Theory /entries/Graph_Theory.html Sun, 28 Apr 2013 00:00:00 +0000 /entries/Graph_Theory.html Light-weight Containers /entries/Containers.html Mon, 15 Apr 2013 00:00:00 +0000 /entries/Containers.html Nominal 2 /entries/Nominal2.html Thu, 21 Feb 2013 00:00:00 +0000 /entries/Nominal2.html The Correctness of Launchbury's Natural Semantics for Lazy Evaluation /entries/Launchbury.html Thu, 31 Jan 2013 00:00:00 +0000 /entries/Launchbury.html Ribbon Proofs /entries/Ribbon_Proofs.html Sat, 19 Jan 2013 00:00:00 +0000 /entries/Ribbon_Proofs.html Rank-Nullity Theorem in Linear Algebra /entries/Rank_Nullity_Theorem.html Wed, 16 Jan 2013 00:00:00 +0000 /entries/Rank_Nullity_Theorem.html Kleene Algebra /entries/Kleene_Algebra.html Tue, 15 Jan 2013 00:00:00 +0000 /entries/Kleene_Algebra.html Computing N-th Roots using the Babylonian Method /entries/Sqrt_Babylonian.html Thu, 03 Jan 2013 00:00:00 +0000 /entries/Sqrt_Babylonian.html A Separation Logic Framework for Imperative HOL /entries/Separation_Logic_Imperative_HOL.html Wed, 14 Nov 2012 00:00:00 +0000 /entries/Separation_Logic_Imperative_HOL.html Open Induction /entries/Open_Induction.html Fri, 02 Nov 2012 00:00:00 +0000 /entries/Open_Induction.html The independence of Tarski's Euclidean axiom /entries/Tarskis_Geometry.html Tue, 30 Oct 2012 00:00:00 +0000 /entries/Tarskis_Geometry.html Bondy's Theorem /entries/Bondy.html Sat, 27 Oct 2012 00:00:00 +0000 /entries/Bondy.html Possibilistic Noninterference /entries/Possibilistic_Noninterference.html Mon, 10 Sep 2012 00:00:00 +0000 /entries/Possibilistic_Noninterference.html Generating linear orders for datatypes /entries/Datatype_Order_Generator.html Tue, 07 Aug 2012 00:00:00 +0000 /entries/Datatype_Order_Generator.html Proving the Impossibility of Trisecting an Angle and Doubling the Cube /entries/Impossible_Geometry.html Sun, 05 Aug 2012 00:00:00 +0000 /entries/Impossible_Geometry.html Verifying Fault-Tolerant Distributed Algorithms in the Heard-Of Model /entries/Heard_Of.html Fri, 27 Jul 2012 00:00:00 +0000 /entries/Heard_Of.html Logical Relations for PCF /entries/PCF.html Sun, 01 Jul 2012 00:00:00 +0000 /entries/PCF.html Type Constructor Classes and Monad Transformers /entries/Tycon.html Tue, 26 Jun 2012 00:00:00 +0000 /entries/Tycon.html CCS in nominal logic /entries/CCS.html Tue, 29 May 2012 00:00:00 +0000 /entries/CCS.html Psi-calculi in Isabelle /entries/Psi_Calculi.html Tue, 29 May 2012 00:00:00 +0000 /entries/Psi_Calculi.html The pi-calculus in nominal logic /entries/Pi_Calculus.html Tue, 29 May 2012 00:00:00 +0000 /entries/Pi_Calculus.html Isabelle/Circus /entries/Circus.html Sun, 27 May 2012 00:00:00 +0000 /entries/Circus.html Separation Algebra /entries/Separation_Algebra.html Fri, 11 May 2012 00:00:00 +0000 /entries/Separation_Algebra.html Stuttering Equivalence /entries/Stuttering_Equivalence.html Mon, 07 May 2012 00:00:00 +0000 /entries/Stuttering_Equivalence.html Inductive Study of Confidentiality /entries/Inductive_Confidentiality.html Wed, 02 May 2012 00:00:00 +0000 /entries/Inductive_Confidentiality.html Ordinary Differential Equations /entries/Ordinary_Differential_Equations.html Thu, 26 Apr 2012 00:00:00 +0000 /entries/Ordinary_Differential_Equations.html Well-Quasi-Orders /entries/Well_Quasi_Orders.html Fri, 13 Apr 2012 00:00:00 +0000 /entries/Well_Quasi_Orders.html Abortable Linearizable Modules /entries/Abortable_Linearizable_Modules.html Thu, 01 Mar 2012 00:00:00 +0000 /entries/Abortable_Linearizable_Modules.html Executable Transitive Closures /entries/Transitive-Closure-II.html Wed, 29 Feb 2012 00:00:00 +0000 /entries/Transitive-Closure-II.html A Probabilistic Proof of the Girth-Chromatic Number Theorem /entries/Girth_Chromatic.html Mon, 06 Feb 2012 00:00:00 +0000 /entries/Girth_Chromatic.html Dijkstra's Shortest Path Algorithm /entries/Dijkstra_Shortest_Path.html Mon, 30 Jan 2012 00:00:00 +0000 /entries/Dijkstra_Shortest_Path.html Refinement for Monadic Programs /entries/Refine_Monadic.html Mon, 30 Jan 2012 00:00:00 +0000 /entries/Refine_Monadic.html Markov Models /entries/Markov_Models.html Tue, 03 Jan 2012 00:00:00 +0000 /entries/Markov_Models.html A Definitional Encoding of TLA* in Isabelle/HOL /entries/TLA.html Sat, 19 Nov 2011 00:00:00 +0000 /entries/TLA.html Efficient Mergesort /entries/Efficient-Mergesort.html Wed, 09 Nov 2011 00:00:00 +0000 /entries/Efficient-Mergesort.html Algebra of Monotonic Boolean Transformers /entries/MonoBoolTranAlgebra.html Thu, 22 Sep 2011 00:00:00 +0000 /entries/MonoBoolTranAlgebra.html Lattice Properties /entries/LatticeProperties.html Thu, 22 Sep 2011 00:00:00 +0000 /entries/LatticeProperties.html Pseudo Hoops /entries/PseudoHoops.html Thu, 22 Sep 2011 00:00:00 +0000 /entries/PseudoHoops.html The Myhill-Nerode Theorem Based on Regular Expressions /entries/Myhill-Nerode.html Fri, 26 Aug 2011 00:00:00 +0000 /entries/Myhill-Nerode.html Gauss-Jordan Elimination for Matrices Represented as Functions /entries/Gauss-Jordan-Elim-Fun.html Fri, 19 Aug 2011 00:00:00 +0000 /entries/Gauss-Jordan-Elim-Fun.html Maximum Cardinality Matching /entries/Max-Card-Matching.html Thu, 21 Jul 2011 00:00:00 +0000 /entries/Max-Card-Matching.html Knowledge-based programs /entries/KBPs.html Tue, 17 May 2011 00:00:00 +0000 /entries/KBPs.html The General Triangle Is Unique /entries/General-Triangle.html Fri, 01 Apr 2011 00:00:00 +0000 /entries/General-Triangle.html Executable Transitive Closures of Finite Relations /entries/Transitive-Closure.html Mon, 14 Mar 2011 00:00:00 +0000 /entries/Transitive-Closure.html AutoFocus Stream Processing for Single-Clocking and Multi-Clocking Semantics /entries/AutoFocus-Stream.html Wed, 23 Feb 2011 00:00:00 +0000 /entries/AutoFocus-Stream.html Infinite Lists /entries/List-Infinite.html Wed, 23 Feb 2011 00:00:00 +0000 /entries/List-Infinite.html Interval Temporal Logic on Natural Numbers /entries/Nat-Interval-Logic.html Wed, 23 Feb 2011 00:00:00 +0000 /entries/Nat-Interval-Logic.html Lightweight Java /entries/LightweightJava.html Mon, 07 Feb 2011 00:00:00 +0000 /entries/LightweightJava.html RIPEMD-160 /entries/RIPEMD-160-SPARK.html Mon, 10 Jan 2011 00:00:00 +0000 /entries/RIPEMD-160-SPARK.html Lower Semicontinuous Functions /entries/Lower_Semicontinuous.html Sat, 08 Jan 2011 00:00:00 +0000 /entries/Lower_Semicontinuous.html Hall's Marriage Theorem /entries/Marriage.html Fri, 17 Dec 2010 00:00:00 +0000 /entries/Marriage.html Shivers' Control Flow Analysis /entries/Shivers-CFA.html Tue, 16 Nov 2010 00:00:00 +0000 /entries/Shivers-CFA.html Binomial Heaps and Skew Binomial Heaps /entries/Binomial-Heaps.html Thu, 28 Oct 2010 00:00:00 +0000 /entries/Binomial-Heaps.html Finger Trees /entries/Finger-Trees.html Thu, 28 Oct 2010 00:00:00 +0000 /entries/Finger-Trees.html Functional Binomial Queues /entries/Binomial-Queues.html Thu, 28 Oct 2010 00:00:00 +0000 /entries/Binomial-Queues.html Strong Normalization of Moggis's Computational Metalanguage /entries/Lam-ml-Normalization.html Sun, 29 Aug 2010 00:00:00 +0000 /entries/Lam-ml-Normalization.html Executable Multivariate Polynomials /entries/Polynomials.html Tue, 10 Aug 2010 00:00:00 +0000 /entries/Polynomials.html Formalizing Statecharts using Hierarchical Automata /entries/Statecharts.html Sun, 08 Aug 2010 00:00:00 +0000 /entries/Statecharts.html Free Groups /entries/Free-Groups.html Thu, 24 Jun 2010 00:00:00 +0000 /entries/Free-Groups.html Category Theory /entries/Category2.html Sun, 20 Jun 2010 00:00:00 +0000 /entries/Category2.html Executable Matrix Operations on Matrices of Arbitrary Dimensions /entries/Matrix.html Thu, 17 Jun 2010 00:00:00 +0000 /entries/Matrix.html Abstract Rewriting /entries/Abstract-Rewriting.html Mon, 14 Jun 2010 00:00:00 +0000 /entries/Abstract-Rewriting.html Semantics and Data Refinement of Invariant Based Programs /entries/DataRefinementIBP.html Fri, 28 May 2010 00:00:00 +0000 /entries/DataRefinementIBP.html Verification of the Deutsch-Schorr-Waite Graph Marking Algorithm using Data Refinement /entries/GraphMarkingIBP.html Fri, 28 May 2010 00:00:00 +0000 /entries/GraphMarkingIBP.html A Complete Proof of the Robbins Conjecture /entries/Robbins-Conjecture.html Sat, 22 May 2010 00:00:00 +0000 /entries/Robbins-Conjecture.html Regular Sets and Expressions /entries/Regular-Sets.html Wed, 12 May 2010 00:00:00 +0000 /entries/Regular-Sets.html Locally Nameless Sigma Calculus /entries/Locally-Nameless-Sigma.html Fri, 30 Apr 2010 00:00:00 +0000 /entries/Locally-Nameless-Sigma.html Free Boolean Algebra /entries/Free-Boolean-Algebra.html Mon, 29 Mar 2010 00:00:00 +0000 /entries/Free-Boolean-Algebra.html Information Flow Noninterference via Slicing /entries/InformationFlowSlicing.html Tue, 23 Mar 2010 00:00:00 +0000 /entries/InformationFlowSlicing.html Inter-Procedural Information Flow Noninterference via Slicing /entries/InformationFlowSlicing_Inter.html Tue, 23 Mar 2010 00:00:00 +0000 /entries/InformationFlowSlicing_Inter.html List Index /entries/List-Index.html Sat, 20 Feb 2010 00:00:00 +0000 /entries/List-Index.html Coinductive /entries/Coinductive.html Fri, 12 Feb 2010 00:00:00 +0000 /entries/Coinductive.html A Fast SAT Solver for Isabelle in Standard ML /entries/DPT-SAT-Solver.html Wed, 09 Dec 2009 00:00:00 +0000 /entries/DPT-SAT-Solver.html Formalizing the Logic-Automaton Connection /entries/Presburger-Automata.html Thu, 03 Dec 2009 00:00:00 +0000 /entries/Presburger-Automata.html Collections Framework /entries/Collections.html Wed, 25 Nov 2009 00:00:00 +0000 /entries/Collections.html Tree Automata /entries/Tree-Automata.html Wed, 25 Nov 2009 00:00:00 +0000 /entries/Tree-Automata.html Perfect Number Theorem /entries/Perfect-Number-Thm.html Sun, 22 Nov 2009 00:00:00 +0000 /entries/Perfect-Number-Thm.html Backing up Slicing: Verifying the Interprocedural Two-Phase Horwitz-Reps-Binkley Slicer /entries/HRB-Slicing.html Fri, 13 Nov 2009 00:00:00 +0000 /entries/HRB-Slicing.html The Worker/Wrapper Transformation /entries/WorkerWrapper.html Fri, 30 Oct 2009 00:00:00 +0000 /entries/WorkerWrapper.html Ordinals and Cardinals /entries/Ordinals_and_Cardinals.html Tue, 01 Sep 2009 00:00:00 +0000 /entries/Ordinals_and_Cardinals.html Invertibility in Sequent Calculi /entries/SequentInvertibility.html Fri, 28 Aug 2009 00:00:00 +0000 /entries/SequentInvertibility.html An Example of a Cofinitary Group in Isabelle/HOL /entries/CofGroups.html Tue, 04 Aug 2009 00:00:00 +0000 /entries/CofGroups.html Code Generation for Functions as Data /entries/FinFun.html Wed, 06 May 2009 00:00:00 +0000 /entries/FinFun.html Stream Fusion /entries/Stream-Fusion.html Wed, 29 Apr 2009 00:00:00 +0000 /entries/Stream-Fusion.html A Bytecode Logic for JML and Types /entries/BytecodeLogicJmlTypes.html Fri, 12 Dec 2008 00:00:00 +0000 /entries/BytecodeLogicJmlTypes.html Secure information flow and program logics /entries/SIFPL.html Mon, 10 Nov 2008 00:00:00 +0000 /entries/SIFPL.html Some classical results in Social Choice Theory /entries/SenSocialChoice.html Sun, 09 Nov 2008 00:00:00 +0000 /entries/SenSocialChoice.html Fun With Tilings /entries/FunWithTilings.html Fri, 07 Nov 2008 00:00:00 +0000 /entries/FunWithTilings.html The Textbook Proof of Huffman's Algorithm /entries/Huffman.html Wed, 15 Oct 2008 00:00:00 +0000 /entries/Huffman.html Towards Certified Slicing /entries/Slicing.html Tue, 16 Sep 2008 00:00:00 +0000 /entries/Slicing.html A Correctness Proof for the Volpano/Smith Security Typing System /entries/VolpanoSmith.html Tue, 02 Sep 2008 00:00:00 +0000 /entries/VolpanoSmith.html Arrow and Gibbard-Satterthwaite /entries/ArrowImpossibilityGS.html Mon, 01 Sep 2008 00:00:00 +0000 /entries/ArrowImpossibilityGS.html Fun With Functions /entries/FunWithFunctions.html Tue, 26 Aug 2008 00:00:00 +0000 /entries/FunWithFunctions.html Formal Verification of Modern SAT Solvers /entries/SATSolverVerification.html Wed, 23 Jul 2008 00:00:00 +0000 /entries/SATSolverVerification.html Recursion Theory I /entries/Recursion-Theory-I.html Sat, 05 Apr 2008 00:00:00 +0000 /entries/Recursion-Theory-I.html A Sequential Imperative Programming Language Syntax, Semantics, Hoare Logics and Verification Environment /entries/Simpl.html Fri, 29 Feb 2008 00:00:00 +0000 /entries/Simpl.html BDD Normalisation /entries/BDD.html Fri, 29 Feb 2008 00:00:00 +0000 /entries/BDD.html Normalization by Evaluation /entries/NormByEval.html Mon, 18 Feb 2008 00:00:00 +0000 /entries/NormByEval.html Quantifier Elimination for Linear Arithmetic /entries/LinearQuantifierElim.html Fri, 11 Jan 2008 00:00:00 +0000 /entries/LinearQuantifierElim.html Formalization of Conflict Analysis of Programs with Procedures, Thread Creation, and Monitors /entries/Program-Conflict-Analysis.html Fri, 14 Dec 2007 00:00:00 +0000 /entries/Program-Conflict-Analysis.html Jinja with Threads /entries/JinjaThreads.html Mon, 03 Dec 2007 00:00:00 +0000 /entries/JinjaThreads.html Much Ado About Two /entries/MuchAdoAboutTwo.html Tue, 06 Nov 2007 00:00:00 +0000 /entries/MuchAdoAboutTwo.html Fermat's Last Theorem for Exponents 3 and 4 and the Parametrisation of Pythagorean Triples /entries/Fermat3_4.html Sun, 12 Aug 2007 00:00:00 +0000 /entries/Fermat3_4.html Sums of Two and Four Squares /entries/SumSquares.html Sun, 12 Aug 2007 00:00:00 +0000 /entries/SumSquares.html Fundamental Properties of Valuation Theory and Hensel's Lemma /entries/Valuation.html Wed, 08 Aug 2007 00:00:00 +0000 /entries/Valuation.html First-Order Logic According to Fitting /entries/FOL-Fitting.html Thu, 02 Aug 2007 00:00:00 +0000 /entries/FOL-Fitting.html POPLmark Challenge Via de Bruijn Indices /entries/POPLmark-deBruijn.html Thu, 02 Aug 2007 00:00:00 +0000 /entries/POPLmark-deBruijn.html Hotel Key Card System /entries/HotelKeyCards.html Sat, 09 Sep 2006 00:00:00 +0000 /entries/HotelKeyCards.html Abstract Hoare Logics /entries/Abstract-Hoare-Logics.html Tue, 08 Aug 2006 00:00:00 +0000 /entries/Abstract-Hoare-Logics.html Flyspeck I: Tame Graphs /entries/Flyspeck-Tame.html Mon, 22 May 2006 00:00:00 +0000 /entries/Flyspeck-Tame.html CoreC++ /entries/CoreC++.html Mon, 15 May 2006 00:00:00 +0000 /entries/CoreC++.html A Theory of Featherweight Java in Isabelle/HOL /entries/FeatherweightJava.html Fri, 31 Mar 2006 00:00:00 +0000 /entries/FeatherweightJava.html Instances of Schneider's generalized protocol of clock synchronization /entries/ClockSynchInst.html Wed, 15 Mar 2006 00:00:00 +0000 /entries/ClockSynchInst.html Cauchy's Mean Theorem and the Cauchy-Schwarz Inequality /entries/Cauchy.html Tue, 14 Mar 2006 00:00:00 +0000 /entries/Cauchy.html Countable Ordinals /entries/Ordinal.html Fri, 11 Nov 2005 00:00:00 +0000 /entries/Ordinal.html Fast Fourier Transform /entries/FFT.html Wed, 12 Oct 2005 00:00:00 +0000 /entries/FFT.html Formalization of a Generalized Protocol for Clock Synchronization /entries/GenClock.html Fri, 24 Jun 2005 00:00:00 +0000 /entries/GenClock.html Proving the Correctness of Disk Paxos /entries/DiskPaxos.html Wed, 22 Jun 2005 00:00:00 +0000 /entries/DiskPaxos.html Jive Data and Store Model /entries/JiveDataStoreModel.html Mon, 20 Jun 2005 00:00:00 +0000 /entries/JiveDataStoreModel.html Jinja is not Java /entries/Jinja.html Wed, 01 Jun 2005 00:00:00 +0000 /entries/Jinja.html SHA1, RSA, PSS and more /entries/RSAPSS.html Mon, 02 May 2005 00:00:00 +0000 /entries/RSAPSS.html Category Theory to Yoneda's Lemma /entries/Category.html Thu, 21 Apr 2005 00:00:00 +0000 /entries/Category.html File Refinement /entries/FileRefinement.html Thu, 09 Dec 2004 00:00:00 +0000 /entries/FileRefinement.html Integration theory and random variables /entries/Integration.html Fri, 19 Nov 2004 00:00:00 +0000 /entries/Integration.html A Mechanically Verified, Efficient, Sound and Complete Theorem Prover For First Order Logic /entries/Verified-Prover.html Tue, 28 Sep 2004 00:00:00 +0000 /entries/Verified-Prover.html Completeness theorem /entries/Completeness.html Mon, 20 Sep 2004 00:00:00 +0000 /entries/Completeness.html Ramsey's theorem, infinitary version /entries/Ramsey-Infinite.html Mon, 20 Sep 2004 00:00:00 +0000 /entries/Ramsey-Infinite.html Compiling Exceptions Correctly /entries/Compiling-Exceptions-Correctly.html Fri, 09 Jul 2004 00:00:00 +0000 /entries/Compiling-Exceptions-Correctly.html Depth First Search /entries/Depth-First-Search.html Thu, 24 Jun 2004 00:00:00 +0000 /entries/Depth-First-Search.html Groups, Rings and Modules /entries/Group-Ring-Module.html Tue, 18 May 2004 00:00:00 +0000 /entries/Group-Ring-Module.html Lazy Lists II /entries/Lazy-Lists-II.html Mon, 26 Apr 2004 00:00:00 +0000 /entries/Lazy-Lists-II.html Topology /entries/Topology.html Mon, 26 Apr 2004 00:00:00 +0000 /entries/Topology.html Binary Search Trees /entries/BinarySearchTree.html Mon, 05 Apr 2004 00:00:00 +0000 /entries/BinarySearchTree.html Functional Automata /entries/Functional-Automata.html Tue, 30 Mar 2004 00:00:00 +0000 /entries/Functional-Automata.html AVL Trees /entries/AVL-Trees.html Fri, 19 Mar 2004 00:00:00 +0000 /entries/AVL-Trees.html Mini ML /entries/MiniML.html Fri, 19 Mar 2004 00:00:00 +0000 /entries/MiniML.html diff --git a/web/index.html b/web/index.html --- a/web/index.html +++ b/web/index.html @@ -1,5750 +1,5758 @@ Archive of Formal Proofs

Archive of Formal Proofs

The Archive of Formal Proofs is a collection of proof libraries, examples, and larger scientific developments, mechanically checked in the theorem prover Isabelle. It is organized in the way of a scientific journal, is indexed by dblp and has an ISSN: 2150-914x. Submissions are refereed and we encourage companion AFP submissions to conference and journal publications. To cite an entry, please use the preferred citation style.

A development version of the archive is available as well.

2022

+

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2008

2004

\ No newline at end of file diff --git a/web/index.json b/web/index.json --- a/web/index.json +++ b/web/index.json @@ -1,14257 +1,14277 @@ [ { + "abstract": "The relational calculus (RC), i.e., first-order logic with equality but without function symbols, is a concise, declarative database query language. In contrast to relational algebra or SQL, which are the traditional query languages of choice in the database community, RC queries can evaluate to an infinite relation. Moreover, even in cases where the evaluation result of an RC query would be finite it is not clear how to efficiently compute it. Safe-range RC is an interesting syntactic subclass of RC, because all safe-range queries evaluate to a finite result and it is \u003ca href=\"http://webdam.inria.fr/Alice/pdfs/Chapter-5.pdf\"\u003ewell-known\u003c/a\u003e how to evaluate such queries by translating them to relational algebra. We formalize and prove correct \u003ca href=\"https://doi.org/10.4230/LIPIcs.ICDT.2022.11\"\u003eour recent translation\u003c/a\u003e of an arbitrary RC query into a pair of safe-range queries. Assuming an infinite domain, the two queries have the following meaning: The first is closed and characterizes the original query's relative safety, i.e., whether given a fixed database (interpretation of atomic predicates with finite relations), the original query evaluates to a finite relation. The second safe-range query is equivalent to the original query, if the latter is relatively safe. The formalization uses the Refinement Framework to go from the non-deterministic algorithm described in the paper to a deterministic, executable query translation. Our executable query translation is a first step towards a verified tool that efficiently evaluates arbitrary RC queries. This very problem is also solved by the AFP entry \u003ca href=\"https://isa-afp.org/entries/Eval_FO.html\"\u003eEval_FO\u003c/a\u003e with a theoretically incomparable but practically worse time complexity. (The latter is demonstrated by \u003ca href=\"https://doi.org/10.4230/LIPIcs.ICDT.2022.11\"\u003eour empirical evaluation\u003c/a\u003e.)", + "authors": [ + "Martin Raszyk", + "Dmitriy Traytel" + ], + "date": "2022-09-28", + "id": 0, + "link": "/entries/Safe_Range_RC.html", + "permalink": "/entries/Safe_Range_RC.html", + "shortname": "Safe_Range_RC", + "title": "Making Arbitrary Relational Calculus Queries Safe-Range", + "topic_links": [ + "logic/general-logic/classical-first-order-logic" + ], + "topics": [ + "Logic/General logic/Classical first-order logic" + ], + "used_by": 0 + }, + { "abstract": "This work is a formalization of Stalnaker's epistemic logic with countably many agents and its soundness and completeness theorems, as well as the equivalence between the axiomatization of S4 available in the Epistemic Logic theory and the topological one. It builds on the Epistemic Logic theory.", "authors": [ "Laura P. Gamboa Guzman" ], "date": "2022-09-23", - "id": 0, + "id": 1, "link": "/entries/Stalnaker_Logic.html", "permalink": "/entries/Stalnaker_Logic.html", "shortname": "Stalnaker_Logic", "title": "Stalnaker's Epistemic Logic", "topic_links": [ "logic/general-logic/logics-of-knowledge-and-belief" ], "topics": [ "Logic/General logic/Logics of knowledge and belief" ], "used_by": 0 }, { "abstract": "The field of p-adic numbers for a prime integer p is constructed. Basic facts about p-adic topology including Hensel's Lemma are proved, building on a prior submission by the author. The theory of semialgebraic sets and semialgebraic functions on cartesian powers of p-adic fields is also developed, following a formalization of these concepts due to Denef. This is done towards a formalization of Denef's proof of Macintyre's quantifier elimination theorem for p-adic fields. Theories developing general multivariable polynomial rings over a commutative ring are developed, as well as some general theory of cartesian powers of an arbitrary ring.", "authors": [ "Aaron Crighton" ], "date": "2022-09-22", - "id": 1, + "id": 2, "link": "/entries/Padic_Field.html", "permalink": "/entries/Padic_Field.html", "shortname": "Padic_Field", "title": "p-adic Fields and p-adic Semialgebraic Sets", "topic_links": [ "mathematics/number-theory", "mathematics/algebra" ], "topics": [ "Mathematics/Number theory", "Mathematics/Algebra" ], "used_by": 0 }, { "abstract": "We construct an abstract ledger supporting the \u003cem\u003erisk-free lending\u003c/em\u003e protocol. The risk-free lending protocol is a system for issuing and exchanging novel financial products we call \u003cem\u003erisk-free loan\u003c/em\u003e. The system allows one party to lend money at 0\u0026#37; APY to another party in exchange for a good or service. On every update of the ledger, accounts have interest distributed to them. Holders of lent assets keep interest accrued by those assets. After distributing interest, the system returns a fixed fraction of each loan. These fixed fractions determine \u003cem\u003eloan periods\u003c/em\u003e. Loans for longer periods have a smaller fixed fraction returned. Loans may be re-lent or used as collateral for other loans. We give a sufficient criterion to enforce all accounts will forever be solvent. We give a protocol for maintaining this invariant when transferring or lending funds. We also show this invariant holds after update. Even though the system does not track counter-party obligations, we show that all credited and debited loans cancel and the monetary supply grows at a specified interest rate.", "authors": [ "Matthew Doty" ], "date": "2022-09-18", - "id": 2, + "id": 3, "link": "/entries/Risk_Free_Lending.html", "permalink": "/entries/Risk_Free_Lending.html", "shortname": "Risk_Free_Lending", "title": "Risk-Free Lending", "topic_links": [ "mathematics/games-and-economics" ], "topics": [ "Mathematics/Games and economics" ], "used_by": 0 }, { "abstract": "This work is a formalization of soundness and completeness of the Bernays-Tarski axiom system for classical implicational logic. The completeness proof is constructive following the approach by László Kalmár, Elliott Mendelson and others. The result can be extended to full classical propositional logic by uncommenting a few lines for falsehood. ", "authors": [ "Asta Halkjær From", "Jørgen Villadsen" ], "date": "2022-09-13", - "id": 3, + "id": 4, "link": "/entries/Implicational_Logic.html", "permalink": "/entries/Implicational_Logic.html", "shortname": "Implicational_Logic", "title": "Soundness and Completeness of Implicational Logic", "topic_links": [ "logic/general-logic/classical-propositional-logic", "logic/proof-theory" ], "topics": [ "Logic/General logic/Classical propositional logic", "Logic/Proof theory" ], "used_by": 0 }, { "abstract": "This article formalizes the specification and the algorithm of the cryptographic scheme CRYSTALS-KYBER with multiplication using the Number Theoretic Transform and verifies its (1-δ)-correctness proof. CRYSTALS-KYBER is a key encapsulation mechanism in lattice-based post-quantum cryptography. This entry formalizes the key generation, encryption and decryption algorithms and shows that the algorithm decodes correctly under a highly probable assumption ((1-δ)-correctness). Moreover, the Number Theoretic Transform (NTT) in the case of Kyber and the convolution theorem thereon is formalized.", "authors": [ "Katharina Kreuzer" ], "date": "2022-09-08", - "id": 4, + "id": 5, "link": "/entries/CRYSTALS-Kyber.html", "permalink": "/entries/CRYSTALS-Kyber.html", "shortname": "CRYSTALS-Kyber", "title": "CRYSTALS-Kyber", "topic_links": [ "computer-science/security" ], "topics": [ "Computer science/Security" ], "used_by": 0 }, { "abstract": "Many separation logics support fractional permissions to distinguish between read and write access to a heap location, for instance, to allow concurrent reads while enforcing exclusive writes. Fractional permissions extend to composite assertions such as (co)inductive predicates and magic wands by allowing those to be multiplied by a fraction. Typical separation logic proofs require that this multiplication has three key properties: it needs to distribute over assertions, it should permit fractions to be factored out from assertions, and two fractions of the same assertion should be combinable into one larger fraction. Existing formal semantics incorporating fractional assertions into a separation logic define multiplication semantically (via models), resulting in a semantics in which distributivity and combinability do not hold for key resource assertions such as magic wands, and fractions cannot be factored out from a separating conjunction. By contrast, existing automatic separation logic verifiers define multiplication syntactically, resulting in a different semantics for which it is unknown whether distributivity and combinability hold for all assertions. In this entry (which accompanies an \u003ca href=\"https://dardinier.me/papers/multiplication.pdf\"\u003eOOPSLA'22 paper\u003c/a\u003e), we present and formalize an unbounded version of separation logic, a novel semantics for separation logic assertions that allows states to hold more than a full permission to a heap location during the evaluation of an assertion. By reimposing upper bounds on the permissions held per location at statement boundaries, we retain key properties of separation logic, in particular, we prove that the frame rule still holds. We also prove that our assertion semantics unifies semantic and syntactic multiplication and thereby reconciles the discrepancy between separation logic theory and tools and enjoys distributivity, factorisability, and combinability.", "authors": [ "Thibault Dardinier" ], "date": "2022-09-05", - "id": 5, + "id": 6, "link": "/entries/Separation_Logic_Unbounded.html", "permalink": "/entries/Separation_Logic_Unbounded.html", "shortname": "Separation_Logic_Unbounded", "title": "Unbounded Separation Logic", "topic_links": [ "computer-science/programming-languages/logics" ], "topics": [ "Computer science/Programming languages/Logics" ], "used_by": 0 }, { "abstract": "We formalise the proof of an important theorem in additive combinatorics due to Khovanskii, attesting that the cardinality of the set of all sums of $n$ many elements of $A$, where $A$ is a finite subset of an abelian group, is a polynomial in $n$ for all sufficiently large $n$. We follow a proof due to Nathanson and Ruzsa as presented in the notes “Introduction to Additive Combinatorics” by Timothy Gowers for the University of Cambridge.", "authors": [ "Angeliki Koutsoukou-Argyraki", "Lawrence C. Paulson" ], "date": "2022-09-02", - "id": 6, + "id": 7, "link": "/entries/Khovanskii_Theorem.html", "permalink": "/entries/Khovanskii_Theorem.html", "shortname": "Khovanskii_Theorem", "title": "Khovanskii\u0026#x27;s Theorem", "topic_links": [ "mathematics/combinatorics" ], "topics": [ "Mathematics/Combinatorics" ], "used_by": 0 }, { "abstract": "\u003cp\u003eThis article is a formalisation of a proof of the Hales–Jewett theorem presented in the textbook \u003cem\u003eRamsey Theory\u003c/em\u003e by Graham et al.\u003c/p\u003e \u003cp\u003eThe Hales–Jewett theorem is a result in Ramsey Theory which states that, for any non-negative integers $r$ and $t$, there exists a minimal dimension $N$, such that any $r$-coloured $N'$-dimensional cube over $t$ elements (with $N' \\geq N$) contains a monochromatic line. This theorem generalises Van der Waerden's Theorem, which has already been formalised in another \u003ca href=\"https://www.isa-afp.org/entries/Van_der_Waerden.html\"\u003eAFP entry\u003c/a\u003e.\u003c/p\u003e", "authors": [ "Ujkan Sulejmani", "Manuel Eberl", "Katharina Kreuzer" ], "date": "2022-09-02", - "id": 7, + "id": 8, "link": "/entries/Hales_Jewett.html", "permalink": "/entries/Hales_Jewett.html", "shortname": "Hales_Jewett", "title": "The Hales–Jewett Theorem", "topic_links": [ "mathematics/combinatorics" ], "topics": [ "Mathematics/Combinatorics" ], "used_by": 0 }, { "abstract": "\u003cp\u003eThis entry contains an Isabelle formalization of the \u003cem\u003eNumber Theoretic Transform (NTT)\u003c/em\u003e which is the analogue to a \u003cem\u003eDiscrete Fourier Transform (DFT)\u003c/em\u003e over a finite field. Roots of unity in the complex numbers are replaced by those in a finite field. \u003c/p\u003e\u003cp\u003eFirst, we define both \u003cem\u003eNTT\u003c/em\u003e and the inverse transform \u003cem\u003eINTT\u003c/em\u003e in Isabelle and prove them to be mutually inverse. \u003c/p\u003e\u003cp\u003e\u003cem\u003eDFT\u003c/em\u003e can be efficiently computed by the recursive \u003cem\u003eFast Fourier Transform (FFT)\u003c/em\u003e. In our formalization, this algorithm is adapted to the setting of the \u003cem\u003eNTT\u003c/em\u003e: We implement a \u003cem\u003eFast Number Theoretic Transform (FNTT)\u003c/em\u003e based on the Butterfly scheme by Cooley and Tukey. Additionally, we provide an inverse transform \u003cem\u003eIFNTT\u003c/em\u003e and prove it mutually inverse to \u003cem\u003eFNTT\u003c/em\u003e. \u003c/p\u003e\u003cp\u003e Afterwards, a recursive formalization of the \u003cem\u003eFNTT\u003c/em\u003e running time is examined and the famous $O(n \\log n)$ bounds are proven.\u003c/p\u003e", "authors": [ "Thomas Ammer", "Katharina Kreuzer" ], "date": "2022-08-18", - "id": 8, + "id": 9, "link": "/entries/Number_Theoretic_Transform.html", "permalink": "/entries/Number_Theoretic_Transform.html", "shortname": "Number_Theoretic_Transform", "title": "Number Theoretic Transform", "topic_links": [ "computer-science/algorithms/mathematical" ], "topics": [ "Computer science/Algorithms/Mathematical" ], "used_by": 1 }, { "abstract": "We prove the correctness of a sequential algorithm for computing maximal strongly connected components (SCCs) of a graph due to Vincent Bloemen.", "authors": [ "Stephan Merz", "Vincent Trélat" ], "date": "2022-08-17", - "id": 9, + "id": 10, "link": "/entries/SCC_Bloemen_Sequential.html", "permalink": "/entries/SCC_Bloemen_Sequential.html", "shortname": "SCC_Bloemen_Sequential", "title": "Correctness of a Set-based Algorithm for Computing Strongly Connected Components of a Graph", "topic_links": [ "computer-science/algorithms/graph" ], "topics": [ "Computer science/Algorithms/Graph" ], "used_by": 0 }, { "abstract": "This theory contains the involution-based proof of the two squares theorem from \u003ca href=\"https://dx.doi.org/10.1007/978-3-662-57265-8\"\u003eTHE BOOK\u003c/a\u003e.", "authors": [ "Maksym Bortin" ], "date": "2022-08-15", - "id": 10, + "id": 11, "link": "/entries/Involutions2Squares.html", "permalink": "/entries/Involutions2Squares.html", "shortname": "Involutions2Squares", "title": "From THE BOOK: Two Squares via Involutions", "topic_links": [ "mathematics/number-theory" ], "topics": [ "Mathematics/Number theory" ], "used_by": 0 }, { "abstract": "This entry provides executable formalisations of complete test generation algorithms for finite state machines. It covers testing for the language-equivalence and reduction conformance relations, supporting the former via the W, Wp, HSI, H, SPY and SPYH-methods, and the latter via adaptive state counting. The test strategies are implemented using generic frameworks, allowing for reuse of shared components between related strategies. This work is described in the author\u0026#x27;s \u003ca href=\"https://doi.org/10.26092/elib/1665\"\u003edoctoral thesis\u003c/a\u003e.", "authors": [ "Robert Sachtleben" ], "date": "2022-08-09", - "id": 11, + "id": 12, "link": "/entries/FSM_Tests.html", "permalink": "/entries/FSM_Tests.html", "shortname": "FSM_Tests", "title": "Verified Complete Test Strategies for Finite State Machines", "topic_links": [ "computer-science/automata-and-formal-languages", "computer-science/algorithms" ], "topics": [ "Computer science/Automata and formal languages", "Computer science/Algorithms" ], "used_by": 0 }, { "abstract": "JSON (JavaScript Object Notation) is a common format for exchanging data, based on a collection of key/value-pairs (the JSON objects) and lists. Its syntax is inspired by JavaScript with the aim of being easy to read and write for humans and easy to parse and generate for machines. Despite its origin in the JavaScript world, JSON is language-independent and many programming languages support working with JSON-encoded data. This makes JSON an interesting format for exchanging data with Isabelle/HOL. This AFP entry provides a JSON-like import-expert format for both Isabelle/ML and Isabelle/HOL. On the one hand, this AFP entry provides means for Isabelle/HOL users to work with JSON encoded data without the need using Isabelle/ML. On the other and, the provided Isabelle/ML interfaces allow additional extensions or integration into Isabelle extensions written in Isabelle/ML. While format is not fully JSON compliant (e.g., due to limitations in the range of supported Unicode characters), it works in most situations: the provided implementation in Isabelle/ML and its representation in Isabelle/HOL have been used successfully in several projects for exchanging data sets of several hundredths of megabyte between Isabelle and external tools.", "authors": [ "Achim D. Brucker" ], "date": "2022-07-29", - "id": 12, + "id": 13, "link": "/entries/Nano_JSON.html", "permalink": "/entries/Nano_JSON.html", "shortname": "Nano_JSON", "title": "Nano JSON: Working with JSON formatted data in Isabelle/HOL and Isabelle/ML", "topic_links": [ "tools", "computer-science/data-structures" ], "topics": [ "Tools", "Computer science/Data structures" ], "used_by": 0 }, { "abstract": "Smart contracts are automatically executed programs, usually representing legal agreements such as financial transactions. Thus, bugs in smart contracts can lead to large financial losses. For example, an incorrectly initialized contract was the root cause of the Parity Wallet bug that saw $280M worth of Ether destroyed. Ether is the cryptocurrency of the Ethereum blockchain that uses Solidity for expressing smart contracts. We address this problem by formalizing an executable denotational semantics for Solidity in the interactive theorem prover Isabelle/HOL. This formal semantics builds the foundation of an interactive program verification environment for Solidity programs and allows for inspecting them by (symbolic) execution. We combine the latter with grammar based fuzzing to ensure that our formal semantics complies to the Solidity implementation on the Ethereum Blockchain. Finally, we demonstrate the formal verification of Solidity programs by two examples: constant folding and a simple verified token.", "authors": [ "Diego Marmsoler", "Achim D. Brucker" ], "date": "2022-07-18", - "id": 13, + "id": 14, "link": "/entries/Solidity.html", "permalink": "/entries/Solidity.html", "shortname": "Solidity", "title": "Isabelle/Solidity: A deep Embedding of Solidity in Isabelle/HOL", "topic_links": [ "computer-science/programming-languages", "computer-science/semantics-and-reasoning" ], "topics": [ "Computer science/Programming languages", "Computer science/Semantics and reasoning" ], "used_by": 0 }, { "abstract": "A Hermitian matrix is a square complex matrix that is equal to its conjugate transpose. The (finite-dimensional) spectral theorem states that any such matrix can be decomposed into a product of a unitary matrix and a diagonal matrix containing only real elements. We formalize the generalization of this result, which states that any finite set of Hermitian and pairwise commuting matrices can be decomposed as previously, using the same unitary matrix; in other words, they are simultaneously diagonalizable. Sets of pairwise commuting Hermitian matrices are called \u003cem\u003eComplete Sets of Commuting Observables\u003c/em\u003e in Quantum Mechanics, where they represent physical quantities that can be simultaneously measured to uniquely distinguish quantum states.", "authors": [ "Mnacho Echenim" ], "date": "2022-07-18", - "id": 14, + "id": 15, "link": "/entries/Commuting_Hermitian.html", "permalink": "/entries/Commuting_Hermitian.html", "shortname": "Commuting_Hermitian", "title": "Simultaneous diagonalization of pairwise commuting Hermitian matrices", "topic_links": [ "mathematics/algebra" ], "topics": [ "Mathematics/Algebra" ], "used_by": 0 }, { "abstract": "\u003cp\u003eThis article provides a formalisation of the Weighted Arithmetic–Geometric Mean Inequality: given non-negative reals $a_1, \\ldots, a_n$ and non-negative weights $w_1, \\ldots, w_n$ such that $w_1 + \\ldots + w_n = 1$, we have \\[\\prod\\limits_{i=1}^n a_i^{w_i} \\leq \\sum\\limits_{i=1}^n w_i a_i\\ .\\] If the weights are additionally all non-zero, equality holds if and only if $a_1 = \\ldots = a_n$.\u003c/p\u003e \u003cp\u003eAs a corollary with $w_1 = \\ldots = w_n = 1/n$, the regular arithmetic–geometric mean inequality follows, namely that \\[\\sqrt[n]{a_1\\,\\cdots\\, a_n} \\leq \\tfrac{1}{n}(a_1 + \\ldots + a_n)\\ .\\]\u003c/p\u003e \u003cp\u003eI follow Pólya's elegant proof, which uses the inequality $1 + x \\leq e^x$ as a starting point. Pólya claims that this proof came to him in a dream, and that it was “the best mathematics he had ever dreamt.”\u003c/p\u003e", "authors": [ "Manuel Eberl" ], "date": "2022-07-11", - "id": 15, + "id": 16, "link": "/entries/Weighted_Arithmetic_Geometric_Mean.html", "permalink": "/entries/Weighted_Arithmetic_Geometric_Mean.html", "shortname": "Weighted_Arithmetic_Geometric_Mean", "title": "Pólya’s Proof of the Weighted Arithmetic–Geometric Mean Inequality", "topic_links": [ "mathematics/analysis" ], "topics": [ "Mathematics/Analysis" ], "used_by": 0 }, { "abstract": "After introducing the didactic imperative programming language IMP, Nipkow and Klein's book on formal programming language semantics (version of March 2021) specifies compilation of IMP commands into a lower-level language based on a stack machine, and expounds a formal verification of that compiler. Exercise 8.4 asks the reader to adjust such proof for a new compilation target, consisting of a machine language that (i) accesses memory locations through their addresses instead of variable names, and (ii) maintains a stack in memory via a stack pointer rather than relying upon a built-in stack. A natural strategy to maximize reuse of the original proof is keeping the original language as an assembly one and splitting compilation into multiple steps, namely a source-to-assembly step matching the original compilation process followed by an assembly-to-machine step. In this way, proving assembly code-machine code equivalence is the only extant task. A previous paper by the present author introduces a reasoning toolbox that allows for a compiler correctness proof shorter than the book's one, as such promising to constitute a further enhanced reference for the formal verification of real-world compilers. This paper in turn shows that such toolbox can be reused to accomplish the aforesaid task as well, which demonstrates that the proposed approach also promotes proof reuse in multi-stage compiler verifications.", "authors": [ "Pasquale Noce" ], "date": "2022-07-10", - "id": 16, + "id": 17, "link": "/entries/IMP_Compiler_Reuse.html", "permalink": "/entries/IMP_Compiler_Reuse.html", "shortname": "IMP_Compiler_Reuse", "title": "A Reuse-Based Multi-Stage Compiler Verification for Language IMP", "topic_links": [ "computer-science/programming-languages/compiling" ], "topics": [ "Computer science/Programming languages/Compiling" ], "used_by": 0 }, { "abstract": "A double-ended queue (\u003cem\u003edeque\u003c/em\u003e) is a queue where one can enqueue and dequeue at both ends. We define and verify the \u003ca href=\"https://doi.org/10.1145/165180.165225\"\u003edeque implementation by Chuang and Goldberg\u003c/a\u003e. It is purely functional and all operations run in constant time.", "authors": [ "Balazs Toth", "Tobias Nipkow" ], "date": "2022-06-23", - "id": 17, + "id": 18, "link": "/entries/Real_Time_Deque.html", "permalink": "/entries/Real_Time_Deque.html", "shortname": "Real_Time_Deque", "title": "Real-Time Double-Ended Queue", "topic_links": [ "computer-science/data-structures" ], "topics": [ "Computer science/Data structures" ], "used_by": 0 }, { "abstract": "In 1987, George Boolos gave an interesting and vivid concrete example of the considerable speed-up afforded by higher-order logic over first-order logic. (A phenomenon first noted by Kurt Gödel in 1936.) Boolos's example concerned an inference $I$ with five premises, and a conclusion, such that the shortest derivation of the conclusion from the premises in a standard system for first-order logic is astronomically huge; while there exists a second-order derivation whose length is of the order of a page or two. Boolos gave a short sketch of that second-order derivation, which relies on the comprehension principle of second-order logic. Here, Boolos's inference is formalized into fourteen lemmas, each quickly verified by the automated-theorem-proving assistant Isabelle/HOL.", "authors": [ "Jeffrey Ketland" ], "date": "2022-06-20", - "id": 18, + "id": 19, "link": "/entries/Boolos_Curious_Inference.html", "permalink": "/entries/Boolos_Curious_Inference.html", "shortname": "Boolos_Curious_Inference", "title": "Boolos's Curious Inference in Isabelle/HOL", "topic_links": [ "logic/philosophical-aspects" ], "topics": [ "Logic/Philosophical aspects" ], "used_by": 0 }, { "abstract": "This entry formalizes the classification of the finite fields (also called Galois fields): For each prime power $p^n$ there exists exactly one (up to isomorphisms) finite field of that size and there are no other finite fields. The derivation includes a formalization of the characteristic of rings, the Frobenius endomorphism, formal differentiation for polynomials in HOL-Algebra and Gauss' formula for the number of monic irreducible polynomials over finite fields: \\[ \\frac{1}{n} \\sum_{d | n} \\mu(d) p^{n/d} \\textrm{.} \\] The proofs are based on the books from \u003ca href=\"https://doi.org/10.1007/978-1-4757-2103-4\"\u003eIreland and Rosen\u003c/a\u003e, as well as, \u003ca href=\"https://doi.org/10.1017/CBO9781139172769\"\u003eLidl and Niederreiter\u003c/a\u003e.", "authors": [ "Emin Karayel" ], "date": "2022-06-08", - "id": 19, + "id": 20, "link": "/entries/Finite_Fields.html", "permalink": "/entries/Finite_Fields.html", "shortname": "Finite_Fields", "title": "Finite Fields", "topic_links": [ "mathematics/algebra" ], "topics": [ "Mathematics/Algebra" ], "used_by": 0 }, { "abstract": "Today's Internet is built on decades-old networking protocols that lack scalability, reliability and security. In response, the networking community has developed \u003cem\u003epath-aware\u003c/em\u003e Internet architectures that solve these issues while simultaneously empowering end hosts. In these architectures, autonomous systems authorize forwarding paths in accordance with their routing policies, and protect paths using cryptographic authenticators. For each packet, the sending end host selects an authorized path and embeds it and its authenticators in the packet header. This allows routers to efficiently determine how to forward the packet. The central security property of the data plane, i.e., of forwarding, is that packets can only travel along authorized paths. This property, which we call \u003cem\u003epath authorization\u003c/em\u003e, protects the routing policies of autonomous systems from malicious senders. The fundamental role of packet forwarding in the Internet's ecosystem and the complexity of the authentication mechanisms employed call for a formal analysis. We develop IsaNet, a parameterized verification framework for data plane protocols in Isabelle/HOL. We first formulate an abstract model without an attacker for which we prove path authorization. We then refine this model by introducing a Dolev--Yao attacker and by protecting authorized paths using (generic) cryptographic validation fields. This model is parametrized by the path authorization mechanism and assumes five simple verification conditions. We propose novel attacker models and different sets of assumptions on the underlying routing protocol. We validate our framework by instantiating it with nine concrete protocols variants and prove that they each satisfy the verification conditions (and hence path authorization). The invariants needed for the security proof are proven in the parametrized model instead of the instance models. Our framework thus supports low-effort security proofs for data plane protocols. In contrast to what could be achieved with state-of-the-art automated protocol verifiers, our results hold for arbitrary network topologies and sets of authorized paths.", "authors": [ "Tobias Klenze", "Christoph Sprenger" ], "date": "2022-06-08", - "id": 20, + "id": 21, "link": "/entries/IsaNet.html", "permalink": "/entries/IsaNet.html", "shortname": "IsaNet", "title": "IsaNet: Formalization of a Verification Framework for Secure Data Plane Protocols", "topic_links": [ "computer-science/security", "computer-science/networks" ], "topics": [ "Computer science/Security", "Computer science/Networks" ], "used_by": 0 }, { "abstract": "We present a formalization of Matiyasevich's proof of the DPRM theorem, which states that every recursively enumerable set of natural numbers is Diophantine. This result from 1970 yields a negative solution to Hilbert's 10th problem over the integers. To represent recursively enumerable sets in equations, we implement and arithmetize register machines. We formalize a general theory of Diophantine sets and relations to reason about them abstractly. Using several number-theoretic lemmas, we prove that exponentiation has a Diophantine representation.", "authors": [ "Jonas Bayer", "Marco David", "Benedikt Stock", "Abhik Pal", "Yuri Matiyasevich", "Dierk Schleicher" ], "date": "2022-06-06", - "id": 21, + "id": 22, "link": "/entries/DPRM_Theorem.html", "permalink": "/entries/DPRM_Theorem.html", "shortname": "DPRM_Theorem", "title": "Diophantine Equations and the DPRM Theorem", "topic_links": [ "logic/computability", "mathematics/number-theory" ], "topics": [ "Logic/Computability", "Mathematics/Number theory" ], "used_by": 0 }, { "abstract": "This AFP entry relates important rewriting properties between the set of terms and the set of ground terms induced by a given signature. The properties considered are confluence, strong/local confluence, the normal form property, unique normal forms with respect to reduction and conversion, commutation, conversion equivalence, and normalization equivalence.", "authors": [ "Alexander Lochmann" ], "date": "2022-06-02", - "id": 22, + "id": 23, "link": "/entries/Rewrite_Properties_Reduction.html", "permalink": "/entries/Rewrite_Properties_Reduction.html", "shortname": "Rewrite_Properties_Reduction", "title": "Reducing Rewrite Properties to Properties on Ground Terms", "topic_links": [ "logic/rewriting" ], "topics": [ "Logic/Rewriting" ], "used_by": 0 }, { "abstract": "Many separation logics support \u003cem\u003efractional permissions\u003c/em\u003e to distinguish between read and write access to a heap location, for instance, to allow concurrent reads while enforcing exclusive writes. The concept has been generalized to fractional assertions. $A^p$ (where $A$ is a separation logic assertion and $p$ a fraction between $0$ and $1$) represents a fraction $p$ of $A$. $A^p$ holds in a state $\\sigma$ iff there exists a state $\\sigma_A$ in which $A$ holds and $\\sigma$ is obtained from $\\sigma_A$ by multiplying all permission amounts held by $p$. While $A^{p + q}$ can always be split into $A^p * A^q$, recombining $A^p * A^q$ into $A^{p+q}$ is not always sound. We say that $A$ is \u003cem\u003ecombinable\u003c/em\u003e iff the entailment $A^p * A^q \\models A^{p+q}$ holds for any two positive fractions $p$ and $q$ such that $p + q \\le 1$. Combinable assertions are particularly useful to reason about concurrent programs, for instance, to combine the postconditions of parallel branches when they terminate. Unfortunately, the magic wand assertion $A \\mathbin{-\\!\\!*} B$, commonly used to specify properties of partial data structures, is typically \u003cem\u003enot\u003c/em\u003e combinable. In this entry, we formalize a novel, restricted definition of the magic wand, described in \u003ca href=\"https://arxiv.org/abs/2205.11325\"\u003ea paper at CAV 22\u003c/a\u003e, which we call the \u003cem\u003ecombinable wand\u003c/em\u003e. We prove some key properties of the combinable wand; in particular, a combinable wand is combinable if its right-hand side is combinable.", "authors": [ "Thibault Dardinier" ], "date": "2022-05-30", - "id": 23, + "id": 24, "link": "/entries/Combinable_Wands.html", "permalink": "/entries/Combinable_Wands.html", "shortname": "Combinable_Wands", "title": "A Restricted Definition of the Magic Wand to Soundly Combine Fractions of a Wand", "topic_links": [ "computer-science/programming-languages/logics" ], "topics": [ "Computer science/Programming languages/Logics" ], "used_by": 0 }, { "abstract": "We formalise Plünnecke's inequality and the Plünnecke-Ruzsa inequality, following the notes by Timothy Gowers: \"Introduction to Additive Combinatorics\" (2022) for the University of Cambridge. To this end, we first introduce basic definitions and prove elementary facts on sumsets and difference sets. Then, we show two versions of the Ruzsa triangle inequality. We follow with a proof due to Petridis.", "authors": [ "Angeliki Koutsoukou-Argyraki", "Lawrence C. Paulson" ], "date": "2022-05-26", - "id": 24, + "id": 25, "link": "/entries/Pluennecke_Ruzsa_Inequality.html", "permalink": "/entries/Pluennecke_Ruzsa_Inequality.html", "shortname": "Pluennecke_Ruzsa_Inequality", "title": "The Plünnecke-Ruzsa Inequality", "topic_links": [ "mathematics/combinatorics" ], "topics": [ "Mathematics/Combinatorics" ], "used_by": 1 }, { "abstract": "The magic wand $\\mathbin{-\\!\\!*}$ (also called separating implication) is a separation logic connective commonly used to specify properties of partial data structures, for instance during iterative traversals. A \u003cem\u003efootprint\u003c/em\u003e of a magic wand formula $$A \\mathbin{-\\!\\!*} B$$ is a state that, combined with any state in which $A$ holds, yields a state in which $B$ holds. The key challenge of proving a magic wand (also called \u003cem\u003epackaging\u003c/em\u003e a wand) is to find such a footprint. Existing package algorithms either have a high annotation overhead or are unsound. In this entry, we formally define a framework for the sound automation of magic wands, described in an \u003ca href=\"https://www.cs.ubc.ca/~alexsumm/papers/DardinierParthasarathyWeeksMuellerSummers22.pdf\"\u003eupcoming paper at CAV 2022\u003c/a\u003e, and prove that it is sound and complete. This framework, called the \u003cem\u003epackage logic\u003c/em\u003e, precisely characterises a wide design space of possible package algorithms applicable to a large class of separation logics.", "authors": [ "Thibault Dardinier" ], "date": "2022-05-18", - "id": 25, + "id": 26, "link": "/entries/Package_logic.html", "permalink": "/entries/Package_logic.html", "shortname": "Package_logic", "title": "Formalization of a Framework for the Sound Automation of Magic Wands", "topic_links": [ "computer-science/programming-languages/logics" ], "topics": [ "Computer science/Programming languages/Logics" ], "used_by": 1 }, { "abstract": "\u003cp\u003e Given a graph $G$ with $n$ vertices and a number $s$, the decision problem Clique asks whether $G$ contains a fully connected subgraph with $s$ vertices. For this NP-complete problem there exists a non-trivial lower bound: no monotone circuit of a size that is polynomial in $n$ can solve Clique. \u003c/p\u003e\u003cp\u003e This entry provides an Isabelle/HOL formalization of a concrete lower bound (the bound is $\\sqrt[7]{n}^{\\sqrt[8]{n}}$ for the fixed choice of $s = \\sqrt[4]{n}$), following a proof by Gordeev. \u003c/p\u003e", "authors": [ "René Thiemann" ], "date": "2022-05-08", - "id": 26, + "id": 27, "link": "/entries/Clique_and_Monotone_Circuits.html", "permalink": "/entries/Clique_and_Monotone_Circuits.html", "shortname": "Clique_and_Monotone_Circuits", "title": "Clique is not solvable by monotone circuits of polynomial size", "topic_links": [ "mathematics/combinatorics" ], "topics": [ "Mathematics/Combinatorics" ], "used_by": 0 }, { "abstract": "Linear algebraic techniques are powerful, yet often underrated tools in combinatorial proofs. This formalisation provides a library including matrix representations of incidence set systems, general formal proof techniques for the rank argument and linear bound argument, and finally a formalisation of a number of variations of the well-known Fisher's inequality. We build on our prior work formalising combinatorial design theory using a locale-centric approach, including extensions such as constant intersect designs and dual incidence systems. In addition to Fisher's inequality, we also formalise proofs on other incidence system properties using the incidence matrix representation, such as design existence, dual system relationships and incidence system isomorphisms. This formalisation is presented in the paper \"Formalising Fisher's Inequality: Formal Linear Algebraic Techniques in Combinatorics\", accepted to ITP 2022.", "authors": [ "Chelsea Edmonds", "Lawrence C. Paulson" ], "date": "2022-04-21", - "id": 27, + "id": 28, "link": "/entries/Fishers_Inequality.html", "permalink": "/entries/Fishers_Inequality.html", "shortname": "Fishers_Inequality", "title": "Fisher's Inequality: Linear Algebraic Proof Techniques for Combinatorics", "topic_links": [ "mathematics/combinatorics", "mathematics/algebra" ], "topics": [ "Mathematics/Combinatorics", "Mathematics/Algebra" ], "used_by": 0 }, { "abstract": "We formalize how a natural number can be expanded into its digits in some base and prove properties about functions that operate on digit expansions. This includes the formalization of concepts such as digit shifts and carries. For a base that is a power of 2 we formalize the binary AND, binary orthogonality and binary masking of two natural numbers. This library on digit expansions builds the basis for the formalization of the DPRM theorem.", "authors": [ "Jonas Bayer", "Marco David", "Abhik Pal", "Benedikt Stock" ], "date": "2022-04-20", - "id": 28, + "id": 29, "link": "/entries/Digit_Expansions.html", "permalink": "/entries/Digit_Expansions.html", "shortname": "Digit_Expansions", "title": "Digit Expansions", "topic_links": [ "mathematics/number-theory" ], "topics": [ "Mathematics/Number theory" ], "used_by": 1 }, { "abstract": "We consider the problem of comparing two multisets via the generalized multiset ordering. We show that the corresponding decision problem is NP-complete. To be more precise, we encode multiset-comparisons into propositional formulas or into conjunctive normal forms of quadratic size; we further prove that satisfiability of conjunctive normal forms can be encoded as multiset-comparison problems of linear size. As a corollary, we also show that the problem of deciding whether two terms are related by a recursive path order is NP-hard, provided the recursive path order is based on the generalized multiset ordering.", "authors": [ "René Thiemann", "Lukas Schmidinger" ], "date": "2022-04-20", - "id": 29, + "id": 30, "link": "/entries/Multiset_Ordering_NPC.html", "permalink": "/entries/Multiset_Ordering_NPC.html", "shortname": "Multiset_Ordering_NPC", "title": "The Generalized Multiset Ordering is NP-Complete", "topic_links": [ "logic/rewriting" ], "topics": [ "Logic/Rewriting" ], "used_by": 0 }, { "abstract": "\u003cp\u003eThis article provides a brief formalisation of the two equations known as the \u003cem\u003eSophomore's Dream\u003c/em\u003e, first discovered by Johann Bernoulli in 1697:\u003c/p\u003e \\[\\int_0^1 x^{-x}\\,\\text{d}x = \\sum_{n=1}^\\infty n^{-n} \\quad\\text{and}\\quad \\int_0^1 x^x\\,\\text{d}x = -\\sum_{n=1}^\\infty (-n)^{-n}\\]", "authors": [ "Manuel Eberl" ], "date": "2022-04-10", - "id": 30, + "id": 31, "link": "/entries/Sophomores_Dream.html", "permalink": "/entries/Sophomores_Dream.html", "shortname": "Sophomores_Dream", "title": "The Sophomore's Dream", "topic_links": [ "mathematics/analysis" ], "topics": [ "Mathematics/Analysis" ], "used_by": 0 }, { "abstract": "This entry contains a set of binary encodings for primitive data types, such as natural numbers, integers, floating-point numbers as well as combinators to construct encodings for products, lists, sets or functions of/between such types. For natural numbers and integers, the entry contains various encodings, such as Elias-Gamma-Codes and exponential Golomb Codes, which are efficient variable-length codes in use by current compression formats. A use-case for this library is measuring the persisted size of a complex data structure without having to hand-craft a dedicated encoding for it, independent of Isabelle's internal representation.", "authors": [ "Emin Karayel" ], "date": "2022-04-08", - "id": 31, + "id": 32, "link": "/entries/Prefix_Free_Code_Combinators.html", "permalink": "/entries/Prefix_Free_Code_Combinators.html", "shortname": "Prefix_Free_Code_Combinators", "title": "A Combinator Library for Prefix-Free Codes", "topic_links": [ "computer-science/algorithms", "computer-science/data-structures" ], "topics": [ "Computer science/Algorithms", "Computer science/Data structures" ], "used_by": 1 }, { "abstract": "In 1999 Alon et. al. introduced the still active research topic of approximating the frequency moments of a data stream using randomized algorithms with minimal space usage. This includes the problem of estimating the cardinality of the stream elements - the zeroth frequency moment. But, also higher-order frequency moments that provide information about the skew of the data stream. (The \u003ci\u003ek\u003c/i\u003e-th frequency moment of a data stream is the sum of the \u003ci\u003ek\u003c/i\u003e-th powers of the occurrence counts of each element in the stream.) This entry formalizes three randomized algorithms for the approximation of \u003ci\u003eF\u003csub\u003e0\u003c/sub\u003e\u003c/i\u003e, \u003ci\u003eF\u003csub\u003e2\u003c/sub\u003e\u003c/i\u003e and \u003ci\u003eF\u003csub\u003ek\u003c/sub\u003e\u003c/i\u003e for \u003ci\u003ek ≥ 3\u003c/i\u003e based on [\u003ca href=\"https://doi.org/10.1006/jcss.1997.1545\"\u003e1\u003c/a\u003e, \u003ca href=\"https://doi.org/10.1007/3-540-45726-7_1\"\u003e2\u003c/a\u003e] and verifies their expected accuracy, success probability and space usage.", "authors": [ "Emin Karayel" ], "date": "2022-04-08", - "id": 32, + "id": 33, "link": "/entries/Frequency_Moments.html", "permalink": "/entries/Frequency_Moments.html", "shortname": "Frequency_Moments", "title": "Formalization of Randomized Approximation Algorithms for Frequency Moments", "topic_links": [ "computer-science/algorithms/approximation", "mathematics/probability-theory" ], "topics": [ "Computer science/Algorithms/Approximation", "Mathematics/Probability theory" ], "used_by": 0 }, { "abstract": "The type of real numbers is constructed from the positive rationals using the method of Dedekind cuts. This development, briefly described in papers by the authors, follows the textbook presentation by Gleason. It's notable that the first formalisation of a significant piece of mathematics, by Jutting in 1977, involved a similar construction.", "authors": [ "Jacques D. Fleuriot", "Lawrence C. Paulson" ], "date": "2022-03-24", - "id": 33, + "id": 34, "link": "/entries/Dedekind_Real.html", "permalink": "/entries/Dedekind_Real.html", "shortname": "Dedekind_Real", "title": "Constructing the Reals as Dedekind Cuts of Rationals", "topic_links": [ "mathematics/analysis" ], "topics": [ "Mathematics/Analysis" ], "used_by": 0 }, { "abstract": "Ackermann's function is defined in the usual way and a number of its elementary properties are proved. Then, the primitive recursive functions are defined inductively: as a predicate on the functions that map lists of numbers to numbers. It is shown that every primitive recursive function is strictly dominated by Ackermann's function. The formalisation follows an earlier one by Nora Szasz.", "authors": [ "Lawrence C. Paulson" ], "date": "2022-03-23", - "id": 34, + "id": 35, "link": "/entries/Ackermanns_not_PR.html", "permalink": "/entries/Ackermanns_not_PR.html", "shortname": "Ackermanns_not_PR", "title": "Ackermann's Function Is Not Primitive Recursive", "topic_links": [ "logic/computability" ], "topics": [ "Logic/Computability" ], "used_by": 0 }, { "abstract": "\u003cp\u003e The AFP entry \u003ca href=\"https://www.isa-afp.org/entries/Abstract_Completeness.html\"\u003eAbstract Completeness\u003c/a\u003e by Blanchette, Popescu and Traytel formalizes the core of Beth/Hintikka-style completeness proofs for first-order logic and can be used to formalize executable sequent calculus provers. In the Journal of Automated Reasoning, the authors instantiate the framework with a sequent calculus for first-order logic and prove its completeness. Their use of an infinite set of proof rules indexed by formulas yields very direct arguments. A fair stream of these rules controls the prover, making its definition remarkably simple. The AFP entry, however, only contains a toy example for propositional logic. The AFP entry \u003ca href=\"https://www.isa-afp.org/entries/FOL_Seq_Calc2.html\"\u003eA Sequent Calculus Prover for First-Order Logic with Functions\u003c/a\u003e by From and Jacobsen also uses the framework, but uses a finite set of generic rules resulting in a more sophisticated prover with more complicated proofs. \u003c/p\u003e \u003cp\u003e This entry contains an executable sequent calculus prover for first-order logic with functions in the style presented by Blanchette et al. The prover can be exported to Haskell and this entry includes formalized proofs of its soundness and completeness. The proofs are simpler than those for the prover by From and Jacobsen but the performance of the prover is significantly worse. \u003c/p\u003e \u003cp\u003e The included theory \u003cem\u003eFair-Stream\u003c/em\u003e first proves that the sequence of natural numbers 0, 0, 1, 0, 1, 2, etc. is fair. It then proves that mapping any surjective function across the sequence preserves fairness. This method of obtaining a fair stream of rules is similar to the one given by Blanchette et al. The concrete functions from natural numbers to terms, formulas and rules are defined using the \u003cem\u003eNat-Bijection\u003c/em\u003e theory in the HOL-Library. \u003c/p\u003e", "authors": [ "Asta Halkjær From" ], "date": "2022-03-22", - "id": 35, + "id": 36, "link": "/entries/FOL_Seq_Calc3.html", "permalink": "/entries/FOL_Seq_Calc3.html", "shortname": "FOL_Seq_Calc3", "title": "A Naive Prover for First-Order Logic", "topic_links": [ "logic/general-logic/classical-first-order-logic", "logic/proof-theory", "logic/general-logic/mechanization-of-proofs" ], "topics": [ "Logic/General logic/Classical first-order logic", "Logic/Proof theory", "Logic/General logic/Mechanization of proofs" ], "used_by": 0 }, { "abstract": "\u003cp\u003eIn this article, I formalise a proof from \u003ca href=\"https://dx.doi.org/10.1007/978-3-662-57265-8\"\u003eTHE BOOK\u003c/a\u003e; namely a formula that was called ‘one of the most beautiful formulas involving elementary functions’:\u003c/p\u003e \\[\\pi \\cot(\\pi z) = \\frac{1}{z} + \\sum_{n=1}^\\infty\\left(\\frac{1}{z+n} + \\frac{1}{z-n}\\right)\\] \u003cp\u003eThe proof uses Herglotz's trick to show the real case and analytic continuation for the complex case.\u003c/p\u003e", "authors": [ "Manuel Eberl" ], "date": "2022-03-15", - "id": 36, + "id": 37, "link": "/entries/Cotangent_PFD_Formula.html", "permalink": "/entries/Cotangent_PFD_Formula.html", "shortname": "Cotangent_PFD_Formula", "title": "A Proof from THE BOOK: The Partial Fraction Expansion of the Cotangent", "topic_links": [ "mathematics/analysis" ], "topics": [ "Mathematics/Analysis" ], "used_by": 0 }, { "abstract": "We redeveloped our formalization of forcing in the set theory framework of Isabelle/ZF. Under the assumption of the existence of a countable transitive model of ZFC, we construct proper generic extensions that satisfy the Continuum Hypothesis and its negation.", "authors": [ "Emmanuel Gunther", "Miguel Pagano", "Pedro Sánchez Terraf", "Matías Steinberg" ], "date": "2022-03-06", - "id": 37, + "id": 38, "link": "/entries/Independence_CH.html", "permalink": "/entries/Independence_CH.html", "shortname": "Independence_CH", "title": "The Independence of the Continuum Hypothesis in Isabelle/ZF", "topic_links": [ "logic/set-theory" ], "topics": [ "Logic/Set theory" ], "used_by": 0 }, { "abstract": "We extend the ZF-Constructibility library by relativizing theories of the Isabelle/ZF and Delta System Lemma sessions to a transitive class. We also relativize Paulson's work on Aleph and our former treatment of the Axiom of Dependent Choices. This work is a prerrequisite to our formalization of the independence of the Continuum Hypothesis.", "authors": [ "Emmanuel Gunther", "Miguel Pagano", "Pedro Sánchez Terraf", "Matías Steinberg" ], "date": "2022-03-03", - "id": 38, + "id": 39, "link": "/entries/Transitive_Models.html", "permalink": "/entries/Transitive_Models.html", "shortname": "Transitive_Models", "title": "Transitive Models of Fragments of ZFC", "topic_links": [ "logic/set-theory" ], "topics": [ "Logic/Set theory" ], "used_by": 1 }, { "abstract": "\u003cp\u003e A \u003cem\u003eresiduated transition system\u003c/em\u003e (RTS) is a transition system that is equipped with a certain partial binary operation, called \u003cem\u003eresiduation\u003c/em\u003e, on transitions. Using the residuation operation, one can express nuances, such as a distinction between nondeterministic and concurrent choice, as well as partial commutativity relationships between transitions, which are not captured by ordinary transition systems. A version of residuated transition systems was introduced in previous work by the author, in which they were called “concurrent transition systems” in view of the original motivation for their definition from the study of concurrency. In the first part of the present article, we give a formal development that generalizes and subsumes the original presentation. We give an axiomatic definition of residuated transition systems that assumes only a single partial binary operation as given structure. From the axioms, we derive notions of “arrow“ (transition), “source”, “target”, “identity”, as well as “composition” and “join” of transitions; thereby recovering structure that in the previous work was assumed as given. We formalize and generalize the result, that residuation extends from transitions to transition paths, and we systematically develop the properties of this extension. A significant generalization made in the present work is the identification of a general notion of congruence on RTS’s, along with an associated quotient construction. \u003c/p\u003e \u003cp\u003e In the second part of this article, we use the RTS framework to formalize several results in the theory of reduction in Church’s λ-calculus. Using a de Bruijn index-based syntax in which terms represent parallel reduction steps, we define residuation on terms and show that it satisfies the axioms for an RTS. An application of the results on paths from the first part of the article allows us to prove the classical Church-Rosser Theorem with little additional effort. We then use residuation to define the notion of “development” and we prove the Finite Developments Theorem, that every development is finite, formalizing and adapting to de Bruijn indices a proof by de Vrijer. We also use residuation to define the notion of a “standard reduction path”, and we prove the Standardization Theorem: that every reduction path is congruent to a standard one. As a corollary of the Standardization Theorem, we obtain the Leftmost Reduction Theorem: that leftmost reduction is a normalizing strategy. \u003c/p\u003e", "authors": [ "Eugene W. Stark" ], "date": "2022-02-28", - "id": 39, + "id": 40, "link": "/entries/ResiduatedTransitionSystem.html", "permalink": "/entries/ResiduatedTransitionSystem.html", "shortname": "ResiduatedTransitionSystem", "title": "Residuated Transition Systems", "topic_links": [ "computer-science/automata-and-formal-languages", "computer-science/concurrency", "computer-science/programming-languages/lambda-calculi" ], "topics": [ "Computer science/Automata and formal languages", "Computer science/Concurrency", "Computer science/Programming languages/Lambda calculi" ], "used_by": 0 }, { "abstract": "A \u003ci\u003ek\u003c/i\u003e-universal hash family is a probability space of functions, which have uniform distribution and form \u003ci\u003ek\u003c/i\u003e-wise independent random variables. They can often be used in place of classic (or cryptographic) hash functions and allow the rigorous analysis of the performance of randomized algorithms and data structures that rely on hash functions. In 1981 \u003ca href=\"https://doi.org/10.1016/0022-0000(81)90033-7\"\u003eWegman and Carter\u003c/a\u003e introduced a generic construction for such families with arbitrary \u003ci\u003ek\u003c/i\u003e using polynomials over a finite field. This entry contains a formalization of them and establishes the property of \u003ci\u003ek\u003c/i\u003e-universality. To be useful the formalization also provides an explicit construction of finite fields using the factor ring of integers modulo a prime. Additionally, some generic results about independent families are shown that might be of independent interest.", "authors": [ "Emin Karayel" ], "date": "2022-02-20", - "id": 40, + "id": 41, "link": "/entries/Universal_Hash_Families.html", "permalink": "/entries/Universal_Hash_Families.html", "shortname": "Universal_Hash_Families", "title": "Universal Hash Families", "topic_links": [ "mathematics/probability-theory", "computer-science/algorithms" ], "topics": [ "Mathematics/Probability theory", "Computer science/Algorithms" ], "used_by": 1 }, { "abstract": "Let $F$ be a set of analytic functions on the complex plane such that, for each $z\\in\\mathbb{C}$, the set $\\{f(z) \\mid f\\in F\\}$ is countable; must then $F$ itself be countable? The answer is yes if the Continuum Hypothesis is false, i.e., if the cardinality of $\\mathbb{R}$ exceeds $\\aleph_1$. But if CH is true then such an $F$, of cardinality $\\aleph_1$, can be constructed by transfinite recursion. The formal proof illustrates reasoning about complex analysis (analytic and homomorphic functions) and set theory (transfinite cardinalities) in a single setting. The mathematical text comes from \u003cem\u003eProofs from THE BOOK\u003c/em\u003e by Aigner and Ziegler.", "authors": [ "Lawrence C. Paulson" ], "date": "2022-02-18", - "id": 41, + "id": 42, "link": "/entries/Wetzels_Problem.html", "permalink": "/entries/Wetzels_Problem.html", "shortname": "Wetzels_Problem", "title": "Wetzel's Problem and the Continuum Hypothesis", "topic_links": [ "mathematics/analysis", "logic/set-theory" ], "topics": [ "Mathematics/Analysis", "Logic/Set theory" ], "used_by": 0 }, { "abstract": "We formalize first-order query evaluation over an infinite domain with equality. We first define the syntax and semantics of first-order logic with equality. Next we define a locale \u003ci\u003eeval\u0026lowbar;fo\u003c/i\u003e abstracting a representation of a potentially infinite set of tuples satisfying a first-order query over finite relations. Inside the locale, we define a function \u003ci\u003eeval\u003c/i\u003e checking if the set of tuples satisfying a first-order query over a database (an interpretation of the query's predicates) is finite (i.e., deciding \u003ci\u003erelative safety\u003c/i\u003e) and computing the set of satisfying tuples if it is finite. Altogether the function \u003ci\u003eeval\u003c/i\u003e solves \u003ci\u003ecapturability\u003c/i\u003e (Avron and Hirshfeld, 1991) of first-order logic with equality. We also use the function \u003ci\u003eeval\u003c/i\u003e to prove a code equation for the semantics of first-order logic, i.e., the function checking if a first-order query over a database is satisfied by a variable assignment.\u003cbr/\u003e We provide an interpretation of the locale \u003ci\u003eeval\u0026lowbar;fo\u003c/i\u003e based on the approach by Ailamazyan et al. A core notion in the interpretation is the active domain of a query and a database that contains all domain elements that occur in the database or interpret the query's constants. We prove the main theorem of Ailamazyan et al. relating the satisfaction of a first-order query over an infinite domain to the satisfaction of this query over a finite domain consisting of the active domain and a few additional domain elements (outside the active domain) whose number only depends on the query. In our interpretation of the locale \u003ci\u003eeval\u0026lowbar;fo\u003c/i\u003e, we use a potentially higher number of the additional domain elements, but their number still only depends on the query and thus has no effect on the data complexity (Vardi, 1982) of query evaluation. Our interpretation yields an \u003ci\u003eexecutable\u003c/i\u003e function \u003ci\u003eeval\u003c/i\u003e. The time complexity of \u003ci\u003eeval\u003c/i\u003e on a query is linear in the total number of tuples in the intermediate relations for the subqueries. Specifically, we build a database index to evaluate a conjunction. We also optimize the case of a negated subquery in a conjunction. Finally, we export code for the infinite domain of natural numbers.", "authors": [ "Martin Raszyk" ], "date": "2022-02-15", - "id": 42, + "id": 43, "link": "/entries/Eval_FO.html", "permalink": "/entries/Eval_FO.html", "shortname": "Eval_FO", "title": "First-Order Query Evaluation", "topic_links": [ "logic/general-logic/classical-first-order-logic" ], "topics": [ "Logic/General logic/Classical first-order logic" ], "used_by": 0 }, { "abstract": "Runtime monitoring (or runtime verification) is an approach to checking compliance of a system's execution with a specification (e.g., a temporal query). The system's execution is logged into a trace---a sequence of time-points, each consisting of a time-stamp and observed events. A monitor is an algorithm that produces verdicts on the satisfaction of a temporal query on a trace. We formalize a monitoring algorithm for metric dynamic logic, an extension of metric temporal logic with regular expressions. The monitor computes whether a given query is satisfied at every position in an input trace of time-stamped events. We formalize the time-stamps as an abstract algebraic structure satisfying certain assumptions. Instances of this structure include natural numbers, real numbers, and lexicographic combinations of them. Our monitor follows the multi-head paradigm: it reads the input simultaneously at multiple positions and moves its reading heads asynchronously. This mode of operation results in unprecedented time and space complexity guarantees for metric dynamic logic: The monitor's amortized time complexity to process a time-point and the monitor's space complexity neither depends on the event-rate, i.e., the number of events within a fixed time-unit, nor on the numeric constants occurring in the quantitative temporal constraints in the given query. The multi-head monitoring algorithm for metric dynamic logic is reported in our paper \"Multi-Head Monitoring of Metric Dynamic Logic\" published at ATVA 2020. We have also formalized unpublished specialized algorithms for the temporal operators of metric temporal logic.", "authors": [ "Martin Raszyk" ], "date": "2022-02-13", - "id": 43, + "id": 44, "link": "/entries/VYDRA_MDL.html", "permalink": "/entries/VYDRA_MDL.html", "shortname": "VYDRA_MDL", "title": "Multi-Head Monitoring of Metric Dynamic Logic", "topic_links": [ "computer-science/algorithms" ], "topics": [ "Computer science/Algorithms" ], "used_by": 0 }, { "abstract": "\u003cp\u003eThis entry contains a formalization of an algorithm enumerating all equivalence relations on an initial segment of the natural numbers. The approach follows the method described by Stanton and White \u003ca href=\"https://doi.org/10.1007/978-1-4612-4968-9\"\u003e[5,§ 1.5]\u003c/a\u003e using restricted growth functions.\u003c/p\u003e \u003cp\u003eThe algorithm internally enumerates restricted growth functions (as lists), whose equivalence kernels then form the equivalence relations. This has the advantage that the representation is compact and lookup of the relation reduces to a list lookup operation.\u003c/p\u003e \u003cp\u003eThe algorithm can also be used within a proof and an example application is included, where a sequence of variables is split by the possible partitions they can form.\u003c/p\u003e", "authors": [ "Emin Karayel" ], "date": "2022-02-04", - "id": 44, + "id": 45, "link": "/entries/Equivalence_Relation_Enumeration.html", "permalink": "/entries/Equivalence_Relation_Enumeration.html", "shortname": "Equivalence_Relation_Enumeration", "title": "Enumeration of Equivalence Relations", "topic_links": [ "mathematics/combinatorics", "computer-science/algorithms/mathematical" ], "topics": [ "Mathematics/Combinatorics", "Computer science/Algorithms/Mathematical" ], "used_by": 1 }, { "abstract": "We formalize the weak and strong duality theorems of linear programming. For the strong duality theorem we provide three sufficient preconditions: both the primal problem and the dual problem are satisfiable, the primal problem is satisfiable and bounded, or the dual problem is satisfiable and bounded. The proofs are based on an existing formalization of Farkas' Lemma.", "authors": [ "René Thiemann" ], "date": "2022-02-03", - "id": 45, + "id": 46, "link": "/entries/LP_Duality.html", "permalink": "/entries/LP_Duality.html", "shortname": "LP_Duality", "title": "Duality of Linear Programming", "topic_links": [ "mathematics/algebra" ], "topics": [ "Mathematics/Algebra" ], "used_by": 0 }, { "abstract": "The notion of quasi-Borel spaces was introduced by \u003ca href=\"https://dl.acm.org/doi/10.5555/3329995.3330072\"\u003e Heunen et al\u003c/a\u003e. The theory provides a suitable denotational model for higher-order probabilistic programming languages with continuous distributions. This entry is a formalization of the theory of quasi-Borel spaces, including construction of quasi-Borel spaces (product, coproduct, function spaces), the adjunction between the category of measurable spaces and the category of quasi-Borel spaces, and the probability monad on quasi-Borel spaces. This entry also contains the formalization of the Bayesian regression presented in the work of Heunen et al. This work is a part of the work by same authors, \u003ci\u003eProgram Logic for Higher-Order Probabilistic Programs in Isabelle/HOL\u003c/i\u003e, which will be published in the proceedings of the 16th International Symposium on Functional and Logic Programming (FLOPS 2022).", "authors": [ "Michikazu Hirata", "Yasuhiko Minamide", "Tetsuya Sato" ], "date": "2022-02-03", - "id": 46, + "id": 47, "link": "/entries/Quasi_Borel_Spaces.html", "permalink": "/entries/Quasi_Borel_Spaces.html", "shortname": "Quasi_Borel_Spaces", "title": "Quasi-Borel Spaces", "topic_links": [ "computer-science/semantics-and-reasoning" ], "topics": [ "Computer science/Semantics and reasoning" ], "used_by": 0 }, { "abstract": "The first-order theory of rewriting (FORT) is a decidable theory for linear variable-separated rewrite systems. The decision procedure is based on tree automata technique and an inference system presented in \"Certifying Proofs in the First-Order Theory of Rewriting\". This AFP entry provides a formalization of the underlying decision procedure. Moreover it allows to generate a function that can verify each inference step via the code generation facility of Isabelle/HOL. Additionally it contains the specification of a certificate language (that allows to state proofs in FORT) and a formalized function that allows to verify the validity of the proof. This gives software tool authors, that implement the decision procedure, the possibility to verify their output.", "authors": [ "Alexander Lochmann", "Bertram Felgenhauer" ], "date": "2022-02-02", - "id": 47, + "id": 48, "link": "/entries/FO_Theory_Rewriting.html", "permalink": "/entries/FO_Theory_Rewriting.html", "shortname": "FO_Theory_Rewriting", "title": "First-Order Theory of Rewriting", "topic_links": [ "computer-science/automata-and-formal-languages", "logic/rewriting", "logic/proof-theory" ], "topics": [ "Computer science/Automata and formal languages", "Logic/Rewriting", "Logic/Proof theory" ], "used_by": 0 }, { "abstract": "We formalize an automated theorem prover for first-order logic with functions. The proof search procedure is based on sequent calculus and we verify its soundness and completeness using the Abstract Soundness and Abstract Completeness theories. Our analytic completeness proof covers both open and closed formulas. Since our deterministic prover considers only the subset of terms relevant to proving a given sequent, we do so as well when building a countermodel from a failed proof. We formally connect our prover with the proof system and semantics of the existing SeCaV system. In particular, the prover's output can be post-processed in Haskell to generate human-readable SeCaV proofs which are also machine-verifiable proof certificates.", "authors": [ "Asta Halkjær From", "Frederik Krogsdal Jacobsen" ], "date": "2022-01-31", - "id": 48, + "id": 49, "link": "/entries/FOL_Seq_Calc2.html", "permalink": "/entries/FOL_Seq_Calc2.html", "shortname": "FOL_Seq_Calc2", "title": "A Sequent Calculus Prover for First-Order Logic with Functions", "topic_links": [ "logic/general-logic/classical-first-order-logic", "logic/proof-theory", "logic/general-logic/mechanization-of-proofs" ], "topics": [ "Logic/General logic/Classical first-order logic", "Logic/Proof theory", "Logic/General logic/Mechanization of proofs" ], "used_by": 0 }, { "abstract": "Young's inequality states that $$ ab \\leq \\int_0^a f(x)dx + \\int_0^b f^{-1}(y) dy $$ where $a\\geq 0$, $b\\geq 0$ and $f$ is strictly increasing and continuous. Its proof is formalised following \u003ca href=\"https://www.jstor.org/stable/2318018\"\u003ethe development\u003c/a\u003e by Cunningham and Grossman. Their idea is to make the intuitive, geometric folklore proof rigorous by reasoning about step functions. The lack of the Riemann integral makes the development longer than one would like, but their argument is reproduced faithfully.", "authors": [ "Lawrence C. Paulson" ], "date": "2022-01-31", - "id": 49, + "id": 50, "link": "/entries/Youngs_Inequality.html", "permalink": "/entries/Youngs_Inequality.html", "shortname": "Youngs_Inequality", "title": "Young's Inequality for Increasing Functions", "topic_links": [ "mathematics/analysis" ], "topics": [ "Mathematics/Analysis" ], "used_by": 0 }, { "abstract": "\u003cp\u003eA well known result from algebra is that, on any field, there is exactly one polynomial of degree less than n interpolating n points [\u003ca href=\"https://doi.org/10.1017/CBO9780511814549\"\u003e1\u003c/a\u003e, §7].\u003c/p\u003e \u003cp\u003eThis entry contains a formalization of the above result, as well as the following generalization in the case of finite fields \u003ci\u003eF\u003c/i\u003e: There are \u003ci\u003e|F|\u003csup\u003em-n\u003c/sup\u003e\u003c/i\u003e polynomials of degree less than \u003ci\u003em ≥ n\u003c/i\u003e interpolating the same n points, where \u003ci\u003e|F|\u003c/i\u003e denotes the size of the domain of the field. To establish the result the entry also includes a formalization of Lagrange interpolation, which might be of independent interest.\u003c/p\u003e \u003cp\u003eThe formalized results are defined on the algebraic structures from HOL-Algebra, which are distinct from the type-class based structures defined in HOL. Note that there is an existing formalization for polynomial interpolation and, in particular, Lagrange interpolation by Thiemann and Yamada [\u003ca href=\"https://www.isa-afp.org/entries/Polynomial_Interpolation.html\"\u003e2\u003c/a\u003e] on the type-class based structures in HOL.\u003c/p\u003e", "authors": [ "Emin Karayel" ], "date": "2022-01-29", - "id": 50, + "id": 51, "link": "/entries/Interpolation_Polynomials_HOL_Algebra.html", "permalink": "/entries/Interpolation_Polynomials_HOL_Algebra.html", "shortname": "Interpolation_Polynomials_HOL_Algebra", "title": "Interpolation Polynomials (in HOL-Algebra)", "topic_links": [ "mathematics/algebra" ], "topics": [ "Mathematics/Algebra" ], "used_by": 2 }, { "abstract": "\u003cp\u003eThe median method is an amplification result for randomized approximation algorithms described in [\u003ca href=\"https://doi.org/10.1006/jcss.1997.1545\"\u003e1\u003c/a\u003e]. Given an algorithm whose result is in a desired interval with a probability larger than \u003ci\u003e1/2\u003c/i\u003e, it is possible to improve the success probability, by running the algorithm multiple times independently and using the median. In contrast to using the mean, the amplification of the success probability grows exponentially with the number of independent runs.\u003c/p\u003e \u003cp\u003eThis entry contains a formalization of the underlying theorem: Given a sequence of n independent random variables, which are in a desired interval with a probability \u003ci\u003e1/2 + a\u003c/i\u003e. Then their median will be in the desired interval with a probability of \u003ci\u003e1 − exp(−2a\u003csup\u003e2\u003c/sup\u003e n)\u003c/i\u003e. In particular, the success probability approaches \u003ci\u003e1\u003c/i\u003e exponentially with the number of variables.\u003c/p\u003e \u003cp\u003eIn addition to that, this entry also contains a proof that order-statistics of Borel-measurable random variables are themselves measurable and that generalized intervals in linearly ordered Borel-spaces are measurable.\u003c/p\u003e", "authors": [ "Emin Karayel" ], "date": "2022-01-25", - "id": 51, + "id": 52, "link": "/entries/Median_Method.html", "permalink": "/entries/Median_Method.html", "shortname": "Median_Method", "title": "Median Method", "topic_links": [ "mathematics/probability-theory" ], "topics": [ "Mathematics/Probability theory" ], "used_by": 1 }, { "abstract": "Actuarial Mathematics is a theory in applied mathematics, which is mainly used for determining the prices of insurance products and evaluating the liability of a company associating with insurance contracts. It is related to calculus, probability theory and financial theory, etc. In this entry, I formalize the very basic part of Actuarial Mathematics in Isabelle/HOL. The first formalization is about the theory of interest which deals with interest rates, present value factors, an annuity certain, etc. I have already formalized the basic part of Actuarial Mathematics in Coq (https://github.com/Yosuke-Ito-345/Actuary). This entry is currently the partial translation and a little generalization of the Coq formalization. The further translation in Isabelle/HOL is now proceeding.", "authors": [ "Yosuke Ito" ], "date": "2022-01-23", - "id": 52, + "id": 53, "link": "/entries/Actuarial_Mathematics.html", "permalink": "/entries/Actuarial_Mathematics.html", "shortname": "Actuarial_Mathematics", "title": "Actuarial Mathematics", "topic_links": [ "mathematics/games-and-economics" ], "topics": [ "Mathematics/Games and economics" ], "used_by": 0 }, { "abstract": "An elementary proof is formalised: that \u003cem\u003eexp r\u003c/em\u003e is irrational for every nonzero rational number \u003cem\u003er\u003c/em\u003e. The mathematical development comes from the well-known volume \u003cem\u003eProofs from THE BOOK\u003c/em\u003e, by Aigner and Ziegler, who credit the idea to Hermite. The development illustrates a number of basic Isabelle techniques: the manipulation of summations, the calculation of quite complicated derivatives and the estimation of integrals. We also see how to import another AFP entry (Stirling's formula). As for the theorem itself, note that a much stronger and more general result (the Hermite--Lindemann--Weierstraß transcendence theorem) is already available in the AFP.", "authors": [ "Lawrence C. Paulson" ], "date": "2022-01-08", - "id": 53, + "id": 54, "link": "/entries/Irrationals_From_THEBOOK.html", "permalink": "/entries/Irrationals_From_THEBOOK.html", "shortname": "Irrationals_From_THEBOOK", "title": "Irrational numbers from THE BOOK", "topic_links": [ "mathematics/number-theory" ], "topics": [ "Mathematics/Number theory" ], "used_by": 0 }, { "abstract": "This is a formalization of the article \u003ci\u003eKnight's Tour Revisited\u003c/i\u003e by Cull and De Curtins where they prove the existence of a Knight's path for arbitrary \u003ci\u003en \u0026times; m\u003c/i\u003e-boards with \u003ci\u003emin(n,m) \u0026ge; 5\u003c/i\u003e. If \u003ci\u003en \u0026middot; m\u003c/i\u003e is even, then there exists a Knight's circuit. A Knight's Path is a sequence of moves of a Knight on a chessboard s.t. the Knight visits every square of a chessboard exactly once. Finding a Knight's path is a an instance of the Hamiltonian path problem. A Knight's circuit is a Knight's path, where additionally the Knight can move from the last square to the first square of the path, forming a loop. During the formalization two mistakes in the original proof were discovered. These mistakes are corrected in this formalization.", "authors": [ "Lukas Koller" ], "date": "2022-01-04", - "id": 54, + "id": 55, "link": "/entries/Knights_Tour.html", "permalink": "/entries/Knights_Tour.html", "shortname": "Knights_Tour", "title": "Knight's Tour Revisited Revisited", "topic_links": [ "mathematics/graph-theory" ], "topics": [ "Mathematics/Graph theory" ], "used_by": 0 }, { "abstract": "\u003cp\u003eHyperdual numbers are ones with a real component and a number of infinitesimal components, usually written as $a_0 + a_1 \\cdot \\epsilon_1 + a_2 \\cdot \\epsilon_2 + a_3 \\cdot \\epsilon_1\\epsilon_2$. They have been proposed by \u003ca href=\"https://doi.org/10.2514/6.2011-886\"\u003eFike and Alonso\u003c/a\u003e in an approach to automatic differentiation.\u003c/p\u003e \u003cp\u003eIn this entry we formalise hyperdual numbers and their application to forward differentiation. We show them to be an instance of multiple algebraic structures and then, along with facts about twice-differentiability, we define what we call the hyperdual extensions of functions on real-normed fields. This extension formally represents the proposed way that the first and second derivatives of a function can be automatically calculated. We demonstrate it on the standard logistic function $f(x) = \\frac{1}{1 + e^{-x}}$ and also reproduce the example analytic function $f(x) = \\frac{e^x}{\\sqrt{sin(x)^3 + cos(x)^3}}$ used for demonstration by Fike and Alonso.\u003c/p\u003e", "authors": [ "Filip Smola", "Jacques D. Fleuriot" ], "date": "2021-12-31", - "id": 55, + "id": 56, "link": "/entries/Hyperdual.html", "permalink": "/entries/Hyperdual.html", "shortname": "Hyperdual", "title": "Hyperdual Numbers and Forward Differentiation", "topic_links": [ "mathematics/algebra", "mathematics/analysis" ], "topics": [ "Mathematics/Algebra", "Mathematics/Analysis" ], "used_by": 0 }, { "abstract": "This is a stepwise refinement and proof of the Gale-Shapley stable matching (or marriage) algorithm down to executable code. Both a purely functional implementation based on lists and a functional implementation based on efficient arrays (provided by the Collections Framework in the AFP) are developed. The latter implementation runs in time \u003ci\u003eO(n\u003csup\u003e2\u003c/sup\u003e)\u003c/i\u003e where \u003ci\u003en\u003c/i\u003e is the cardinality of the two sets to be matched.", "authors": [ "Tobias Nipkow" ], "date": "2021-12-29", - "id": 56, + "id": 57, "link": "/entries/Gale_Shapley.html", "permalink": "/entries/Gale_Shapley.html", "shortname": "Gale_Shapley", "title": "Gale-Shapley Algorithm", "topic_links": [ "computer-science/algorithms", "mathematics/games-and-economics" ], "topics": [ "Computer science/Algorithms", "Mathematics/Games and economics" ], "used_by": 0 }, { "abstract": "We formalise a proof of Roth's Theorem on Arithmetic Progressions, a major result in additive combinatorics on the existence of 3-term arithmetic progressions in subsets of natural numbers. To this end, we follow a proof using graph regularity. We employ our recent formalisation of Szemerédi's Regularity Lemma, a major result in extremal graph theory, which we use here to prove the Triangle Counting Lemma and the Triangle Removal Lemma. Our sources are Yufei Zhao's MIT lecture notes \"\u003ca href=\"https://ocw.mit.edu/courses/mathematics/18-217-graph-theory-and-additive-combinatorics-fall-2019/lecture-notes/MIT18_217F19_ch3.pdf\"\u003eGraph Theory and Additive Combinatorics\u003c/a\u003e\" (revised version \u003ca href=\"https://yufeizhao.com/gtac/gtac17.pdf\"\u003ehere\u003c/a\u003e) and W.T. Gowers's Cambridge lecture notes \"\u003ca href=\"https://www.dpmms.cam.ac.uk/~par31/notes/tic.pdf\"\u003eTopics in Combinatorics\u003c/a\u003e\". We also refer to the University of Georgia notes by Stephanie Bell and Will Grodzicki, \"\u003ca href=\"http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.432.327\"\u003eUsing Szemerédi's Regularity Lemma to Prove Roth's Theorem\u003c/a\u003e\".", "authors": [ "Chelsea Edmonds", "Angeliki Koutsoukou-Argyraki", "Lawrence C. Paulson" ], "date": "2021-12-28", - "id": 57, + "id": 58, "link": "/entries/Roth_Arithmetic_Progressions.html", "permalink": "/entries/Roth_Arithmetic_Progressions.html", "shortname": "Roth_Arithmetic_Progressions", "title": "Roth's Theorem on Arithmetic Progressions", "topic_links": [ "mathematics/graph-theory", "mathematics/combinatorics" ], "topics": [ "Mathematics/Graph theory", "Mathematics/Combinatorics" ], "used_by": 0 }, { "abstract": "We present a formalization of Markov Decision Processes with rewards. In particular we first build on Hölzl's formalization of MDPs (AFP entry: Markov_Models) and extend them with rewards. We proceed with an analysis of the expected total discounted reward criterion for infinite horizon MDPs. The central result is the construction of the iteration rule for the Bellman operator. We prove the optimality equations for this operator and show the existence of an optimal stationary deterministic solution. The analysis can be used to obtain dynamic programming algorithms such as value iteration and policy iteration to solve MDPs with formal guarantees. Our formalization is based on chapters 5 and 6 in Puterman's book \"Markov Decision Processes: Discrete Stochastic Dynamic Programming\".", "authors": [ "Maximilian Schäffeler", "Mohammad Abdulaziz" ], "date": "2021-12-16", - "id": 58, + "id": 59, "link": "/entries/MDP-Rewards.html", "permalink": "/entries/MDP-Rewards.html", "shortname": "MDP-Rewards", "title": "Markov Decision Processes with Rewards", "topic_links": [ "mathematics/probability-theory" ], "topics": [ "Mathematics/Probability theory" ], "used_by": 1 }, { "abstract": "We present a formalization of algorithms for solving Markov Decision Processes (MDPs) with formal guarantees on the optimality of their solutions. In particular we build on our analysis of the Bellman operator for discounted infinite horizon MDPs. From the iterator rule on the Bellman operator we directly derive executable value iteration and policy iteration algorithms to iteratively solve finite MDPs. We also prove correct optimized versions of value iteration that use matrix splittings to improve the convergence rate. In particular, we formally verify Gauss-Seidel value iteration and modified policy iteration. The algorithms are evaluated on two standard examples from the literature, namely, inventory management and gridworld. Our formalization covers most of chapter 6 in Puterman's book \"Markov Decision Processes: Discrete Stochastic Dynamic Programming\".", "authors": [ "Maximilian Schäffeler", "Mohammad Abdulaziz" ], "date": "2021-12-16", - "id": 59, + "id": 60, "link": "/entries/MDP-Algorithms.html", "permalink": "/entries/MDP-Algorithms.html", "shortname": "MDP-Algorithms", "title": "Verified Algorithms for Solving Markov Decision Processes", "topic_links": [ "mathematics/probability-theory", "computer-science/algorithms" ], "topics": [ "Mathematics/Probability theory", "Computer science/Algorithms" ], "used_by": 0 }, { "abstract": "Tree automata have good closure properties and therefore a commonly used to prove/disprove properties. This formalization contains among other things the proofs of many closure properties of tree automata (anchored) ground tree transducers and regular relations. Additionally it includes the well known pumping lemma and a lifting of the Myhill Nerode theorem for regular languages to tree languages. We want to mention the existence of a \u003ca href=\"https://www.isa-afp.org/entries/Tree-Automata.html\"\u003etree automata APF-entry\u003c/a\u003e developed by Peter Lammich. His work is based on epsilon free top-down tree automata, while this entry builds on bottom-up tree auotamta with epsilon transitions. Moreover our formalization relies on the \u003ca href=\"https://www.isa-afp.org/entries/Collections.html\"\u003eCollections Framework\u003c/a\u003e, also by Peter Lammich, to obtain efficient code. All proven constructions of the closure properties are exportable using the Isabelle/HOL code generation facilities.", "authors": [ "Alexander Lochmann", "Bertram Felgenhauer", "Christian Sternagel", "René Thiemann", "Thomas Sternagel" ], "date": "2021-12-15", - "id": 60, + "id": 61, "link": "/entries/Regular_Tree_Relations.html", "permalink": "/entries/Regular_Tree_Relations.html", "shortname": "Regular_Tree_Relations", "title": "Regular Tree Relations", "topic_links": [ "computer-science/automata-and-formal-languages" ], "topics": [ "Computer science/Automata and formal languages" ], "used_by": 2 }, { "abstract": "In this work we formalise the isomorphism between simplicial complexes of dimension $n$ and monotone Boolean functions in $n$ variables, mainly following the definitions and results as introduced by N. A. Scoville. We also take advantage of the AFP representation of \u003ca href=\"https://www.isa-afp.org/entries/ROBDD.html\"\u003eROBDD\u003c/a\u003e (Reduced Ordered Binary Decision Diagrams) to compute the ROBDD representation of a given simplicial complex (by means of the isomorphism to Boolean functions). Some examples of simplicial complexes and associated Boolean functions are also presented.", "authors": [ "Jesús Aransay", "Alejandro del Campo", "Julius Michaelis" ], "date": "2021-11-29", - "id": 61, + "id": 62, "link": "/entries/Simplicial_complexes_and_boolean_functions.html", "permalink": "/entries/Simplicial_complexes_and_boolean_functions.html", "shortname": "Simplicial_complexes_and_boolean_functions", "title": "Simplicial Complexes and Boolean functions", "topic_links": [ "mathematics/topology" ], "topics": [ "Mathematics/Topology" ], "used_by": 0 }, { "abstract": "The \u003cem\u003evan Emde Boas tree\u003c/em\u003e or \u003cem\u003evan Emde Boas priority queue\u003c/em\u003e is a data structure supporting membership test, insertion, predecessor and successor search, minimum and maximum determination and deletion in \u003cem\u003eO(log log U)\u003c/em\u003e time, where \u003cem\u003eU = 0,...,2\u003csup\u003en-1\u003c/sup\u003e\u003c/em\u003e is the overall range to be considered. \u003cp/\u003e The presented formalization follows Chapter 20 of the popular \u003cem\u003eIntroduction to Algorithms (3rd ed.)\u003c/em\u003e by Cormen, Leiserson, Rivest and Stein (CLRS), extending the list of formally verified CLRS algorithms. Our current formalization is based on the first author's bachelor's thesis. \u003cp/\u003e First, we prove correct a \u003cem\u003efunctional\u003c/em\u003e implementation, w.r.t. an abstract data type for sets. Apart from functional correctness, we show a resource bound, and runtime bounds w.r.t. manually defined timing functions for the operations. \u003cp/\u003e Next, we refine the operations to Imperative HOL with time, and show correctness and complexity. This yields a practically more efficient implementation, and eliminates the manually defined timing functions from the trusted base of the proof.", "authors": [ "Thomas Ammer", "Peter Lammich" ], "date": "2021-11-23", - "id": 62, + "id": 63, "link": "/entries/Van_Emde_Boas_Trees.html", "permalink": "/entries/Van_Emde_Boas_Trees.html", "shortname": "Van_Emde_Boas_Trees", "title": "van Emde Boas Trees", "topic_links": [ "computer-science/data-structures" ], "topics": [ "Computer science/Data structures" ], "used_by": 0 }, { "abstract": "\"Foundations of Geometry\" is a mathematical book written by Hilbert in 1899. This entry is a complete formalization of \"Incidence\" (excluding cubic axioms), \"Order\" and \"Congruence\" (excluding point sequences) of the axioms constructed in this book. In addition, the theorem of the problem about the part that is treated implicitly and is not clearly stated in it is being carried out in parallel.", "authors": [ "Fumiya Iwama" ], "date": "2021-11-22", - "id": 63, + "id": 64, "link": "/entries/Foundation_of_geometry.html", "permalink": "/entries/Foundation_of_geometry.html", "shortname": "Foundation_of_geometry", "title": "Foundation of geometry in planes, and some complements: Excluding the parallel axioms", "topic_links": [ "mathematics/geometry" ], "topics": [ "Mathematics/Geometry" ], "used_by": 0 }, { "abstract": "In this work we formalize the Hahn decomposition theorem for signed measures, namely that any measure space for a signed measure can be decomposed into a positive and a negative set, where every measurable subset of the positive one has a positive measure, and every measurable subset of the negative one has a negative measure. We also formalize the Jordan decomposition theorem as a corollary, which states that the signed measure under consideration admits a unique decomposition into a difference of two positive measures, at least one of which is finite.", "authors": [ "Marie Cousin", "Mnacho Echenim", "Hervé Guiol" ], "date": "2021-11-19", - "id": 64, + "id": 65, "link": "/entries/Hahn_Jordan_Decomposition.html", "permalink": "/entries/Hahn_Jordan_Decomposition.html", "shortname": "Hahn_Jordan_Decomposition", "title": "The Hahn and Jordan Decomposition Theorems", "topic_links": [ "mathematics/measure-and-integration" ], "topics": [ "Mathematics/Measure and integration" ], "used_by": 0 }, { "abstract": "We present a shallow embedding of public announcement logic (PAL) with relativized general knowledge in HOL. We then use PAL to obtain an elegant encoding of the wise men puzzle, which we solve automatically using sledgehammer.", "authors": [ "Christoph Benzmüller", "Sebastian Reiche" ], "date": "2021-11-08", - "id": 65, + "id": 66, "link": "/entries/PAL.html", "permalink": "/entries/PAL.html", "shortname": "PAL", "title": "Automating Public Announcement Logic and the Wise Men Puzzle in Isabelle/HOL", "topic_links": [ "logic/general-logic/logics-of-knowledge-and-belief" ], "topics": [ "Logic/General logic/Logics of knowledge and belief" ], "used_by": 0 }, { "abstract": "\u003cp\u003eSimplified variants of Gödel's ontological argument are explored. Among those is a particularly interesting simplified argument which is (i) valid already in basic modal logics K or KT, (ii) which does not suffer from modal collapse, and (iii) which avoids the rather complex predicates of essence (Ess.) and necessary existence (NE) as used by Gödel. \u003c/p\u003e\u003cp\u003e Whether the presented variants increase or decrease the attractiveness and persuasiveness of the ontological argument is a question I would like to pass on to philosophy and theology. \u003c/p\u003e", "authors": [ "Christoph Benzmüller" ], "date": "2021-11-08", - "id": 66, + "id": 67, "link": "/entries/SimplifiedOntologicalArgument.html", "permalink": "/entries/SimplifiedOntologicalArgument.html", "shortname": "SimplifiedOntologicalArgument", "title": "Exploring Simplified Variants of Gödel’s Ontological Argument in Isabelle/HOL", "topic_links": [ "logic/philosophical-aspects", "logic/general-logic/modal-logic" ], "topics": [ "Logic/Philosophical aspects", "Logic/General logic/Modal logic" ], "used_by": 0 }, { "abstract": "The AFP already contains a verified implementation of algebraic numbers. However, it is has a severe limitation in its factorization algorithm of real and complex polynomials: the factorization is only guaranteed to succeed if the coefficients of the polynomial are rational numbers. In this work, we verify an algorithm to factor all real and complex polynomials whose coefficients are algebraic. The existence of such an algorithm proves in a constructive way that the set of complex algebraic numbers is algebraically closed. Internally, the algorithm is based on resultants of multivariate polynomials and an approximation algorithm using interval arithmetic.", "authors": [ "Manuel Eberl", "René Thiemann" ], "date": "2021-11-08", - "id": 67, + "id": 68, "link": "/entries/Factor_Algebraic_Polynomial.html", "permalink": "/entries/Factor_Algebraic_Polynomial.html", "shortname": "Factor_Algebraic_Polynomial", "title": "Factorization of Polynomials with Algebraic Coefficients", "topic_links": [ "mathematics/algebra" ], "topics": [ "Mathematics/Algebra" ], "used_by": 2 }, { "abstract": "In this formalisation, we construct real exponents as the limits of sequences of rational exponents. In particular, if $a \\ge 1$ and $x \\in \\mathbb{R}$, we choose an increasing rational sequence $r_n$ such that $\\lim_{n\\to\\infty} {r_n} = x$. Then the sequence $a^{r_n}$ is increasing and if $r$ is any rational number such that $r \u003e x$, $a^{r_n}$ is bounded above by $a^r$. By the convergence criterion for monotone sequences, $a^{r_n}$ converges. We define $a^ x = \\lim_{n\\to\\infty} a^{r_n}$ and show that it has the expected properties (for $a \\ge 0$). This particular construction of real exponents is needed instead of the usual one using the natural logarithm and exponential functions (which already exists in Isabelle) to support our mechanical derivation of Euler's exponential series as an ``infinite polynomial\". Aside from helping us avoid circular reasoning, this is, as far as we are aware, the first time real exponents are mechanised in this way within a proof assistant.", "authors": [ "Jacques D. Fleuriot" ], "date": "2021-11-08", - "id": 68, + "id": 69, "link": "/entries/Real_Power.html", "permalink": "/entries/Real_Power.html", "shortname": "Real_Power", "title": "Real Exponents as the Limits of Sequences of Rational Exponents", "topic_links": [ "mathematics/analysis" ], "topics": [ "Mathematics/Analysis" ], "used_by": 0 }, { "abstract": "\u003ca href=\"https://en.wikipedia.org/wiki/Szemerédi_regularity_lemma\"\u003eSzemerédi's regularity lemma\u003c/a\u003e is a key result in the study of large graphs. It asserts the existence of an upper bound on the number of parts the vertices of a graph need to be partitioned into such that the edges between the parts are random in a certain sense. This bound depends only on the desired precision and not on the graph itself, in the spirit of Ramsey's theorem. The formalisation follows online course notes by \u003ca href=\"https://www.dpmms.cam.ac.uk/~par31/notes/tic.pdf\"\u003eTim Gowers\u003c/a\u003e and \u003ca href=\"https://yufeizhao.com/gtac/gtac.pdf\"\u003eYufei Zhao\u003c/a\u003e.", "authors": [ "Chelsea Edmonds", "Angeliki Koutsoukou-Argyraki", "Lawrence C. Paulson" ], "date": "2021-11-05", - "id": 69, + "id": 70, "link": "/entries/Szemeredi_Regularity.html", "permalink": "/entries/Szemeredi_Regularity.html", "shortname": "Szemeredi_Regularity", "title": "Szemerédi's Regularity Lemma", "topic_links": [ "mathematics/graph-theory", "mathematics/combinatorics" ], "topics": [ "Mathematics/Graph theory", "Mathematics/Combinatorics" ], "used_by": 1 }, { "abstract": "A formalization of the theory of quantum and classical registers as developed by (Unruh, Quantum and Classical Registers). In a nutshell, a register refers to a part of a larger memory or system that can be accessed independently. Registers can be constructed from other registers and several (compatible) registers can be composed. This formalization develops both the generic theory of registers as well as specific instantiations for classical and quantum registers.", "authors": [ "Dominique Unruh" ], "date": "2021-10-28", - "id": 70, + "id": 71, "link": "/entries/Registers.html", "permalink": "/entries/Registers.html", "shortname": "Registers", "title": "Quantum and Classical Registers", "topic_links": [ "computer-science/algorithms/quantum-computing", "computer-science/programming-languages/logics", "computer-science/semantics-and-reasoning" ], "topics": [ "Computer science/Algorithms/Quantum computing", "Computer science/Programming languages/Logics", "Computer science/Semantics and reasoning" ], "used_by": 0 }, { "abstract": "The 1985 paper by Carlos Alchourrón, Peter Gärdenfors, and David Makinson (AGM), “On the Logic of Theory Change: Partial Meet Contraction and Revision Functions” launches a large and rapidly growing literature that employs formal models and logics to handle changing beliefs of a rational agent and to take into account new piece of information observed by this agent. In 2011, a review book titled \"AGM 25 Years: Twenty-Five Years of Research in Belief Change\" was edited to summarize the first twenty five years of works based on AGM. This HOL-based AFP entry is a faithful formalization of the AGM operators (e.g. contraction, revision, remainder ...) axiomatized in the original paper. It also contains the proofs of all the theorems stated in the paper that show how these operators combine. Both proofs of Harper and Levi identities are established.", "authors": [ "Valentin Fouillard", "Safouan Taha", "Frédéric Boulanger", "Nicolas Sabouret" ], "date": "2021-10-19", - "id": 71, + "id": 72, "link": "/entries/Belief_Revision.html", "permalink": "/entries/Belief_Revision.html", "shortname": "Belief_Revision", "title": "Belief Revision Theory", "topic_links": [ "logic/general-logic/logics-of-knowledge-and-belief" ], "topics": [ "Logic/General logic/Logics of knowledge and belief" ], "used_by": 0 }, { "abstract": "This AFP entry provides semantics for roughly 120 different X86-64 assembly instructions. These instructions include various moves, arithmetic/logical operations, jumps, call/return, SIMD extensions and others. External functions are supported by allowing a user to provide custom semantics for these calls. Floating-point operations are mapped to uninterpreted functions. The model provides semantics for register aliasing and a byte-level little-endian memory model. The semantics are purposefully incomplete, but overapproximative. For example, the precise effect of flags may be undefined for certain instructions, or instructions may simply have no semantics at all. In those cases, the semantics are mapped to universally quantified uninterpreted terms from a locale. Second, this entry provides a method to symbolic execution of basic blocks. The method, called ''se_step'' (for: symbolic execution step) fetches an instruction and updates the current symbolic state while keeping track of assumptions made over the memory model. A key component is a set of theorems that prove how reads from memory resolve after writes have occurred. Thirdly, this entry provides a parser that allows the user to copy-paste the output of the standard disassembly tool objdump into Isabelle/HOL. A couple small and explanatory examples are included, including functions from the word count program. Several examples can be supplied upon request (they are not included due to the running time of verification): functions from the floating-point modulo function from FDLIBM, the GLIBC strlen function and the CoreUtils SHA256 implementation.", "authors": [ "Freek Verbeek", "Abhijith Bharadwaj", "Joshua Bockenek", "Ian Roessle", "Timmy Weerwag", "Binoy Ravindran" ], "date": "2021-10-13", - "id": 72, + "id": 73, "link": "/entries/X86_Semantics.html", "permalink": "/entries/X86_Semantics.html", "shortname": "X86_Semantics", "title": "X86 instruction semantics and basic block symbolic execution", "topic_links": [ "computer-science/hardware", "computer-science/semantics-and-reasoning" ], "topics": [ "Computer science/Hardware", "Computer science/Semantics and reasoning" ], "used_by": 0 }, { "abstract": "We study models of state-based non-deterministic sequential computations and describe them using algebras. We propose algebras that describe iteration for strict and non-strict computations. They unify computation models which differ in the fixpoints used to represent iteration. We propose algebras that describe the infinite executions of a computation. They lead to a unified approximation order and results that connect fixpoints in the approximation and refinement orders. This unifies the semantics of recursion for a range of computation models. We propose algebras that describe preconditions and the effect of while-programs under postconditions. They unify correctness statements in two dimensions: one statement applies in various computation models to various correctness claims.", "authors": [ "Walter Guttmann" ], "date": "2021-10-12", - "id": 73, + "id": 74, "link": "/entries/Correctness_Algebras.html", "permalink": "/entries/Correctness_Algebras.html", "shortname": "Correctness_Algebras", "title": "Algebras for Iteration, Infinite Executions and Correctness of Sequential Computations", "topic_links": [ "computer-science/programming-languages/logics" ], "topics": [ "Computer science/Programming languages/Logics" ], "used_by": 0 }, { "abstract": "This paper presents a formally verified quantifier elimination (QE) algorithm for first-order real arithmetic by linear and quadratic virtual substitution (VS) in Isabelle/HOL. The Tarski-Seidenberg theorem established that the first-order logic of real arithmetic is decidable by QE. However, in practice, QE algorithms are highly complicated and often combine multiple methods for performance. VS is a practically successful method for QE that targets formulas with low-degree polynomials. To our knowledge, this is the first work to formalize VS for quadratic real arithmetic including inequalities. The proofs necessitate various contributions to the existing multivariate polynomial libraries in Isabelle/HOL. Our framework is modularized and easily expandable (to facilitate integrating future optimizations), and could serve as a basis for developing practical general-purpose QE algorithms. Further, as our formalization is designed with practicality in mind, we export our development to SML and test the resulting code on 378 benchmarks from the literature, comparing to Redlog, Z3, Wolfram Engine, and SMT-RAT. This identified inconsistencies in some tools, underscoring the significance of a verified approach for the intricacies of real arithmetic.", "authors": [ "Matias Scharager", "Katherine Cordwell", "Stefan Mitsch", "André Platzer" ], "date": "2021-10-02", - "id": 74, + "id": 75, "link": "/entries/Virtual_Substitution.html", "permalink": "/entries/Virtual_Substitution.html", "shortname": "Virtual_Substitution", "title": "Verified Quadratic Virtual Substitution for Real Arithmetic", "topic_links": [ "computer-science/algorithms/mathematical" ], "topics": [ "Computer science/Algorithms/Mathematical" ], "used_by": 0 }, { "abstract": "This work is a formalization of the soundness and completeness of an axiomatic system for first-order logic. The proof system is based on System Q1 by Smullyan and the completeness proof follows his textbook \"First-Order Logic\" (Springer-Verlag 1968). The completeness proof is in the Henkin style where a consistent set is extended to a maximal consistent set using Lindenbaum's construction and Henkin witnesses are added during the construction to ensure saturation as well. The resulting set is a Hintikka set which, by the model existence theorem, is satisfiable in the Herbrand universe.", "authors": [ "Asta Halkjær From" ], "date": "2021-09-24", - "id": 75, + "id": 76, "link": "/entries/FOL_Axiomatic.html", "permalink": "/entries/FOL_Axiomatic.html", "shortname": "FOL_Axiomatic", "title": "Soundness and Completeness of an Axiomatic System for First-Order Logic", "topic_links": [ "logic/general-logic/classical-first-order-logic", "logic/proof-theory" ], "topics": [ "Logic/General logic/Classical first-order logic", "Logic/Proof theory" ], "used_by": 0 }, { "abstract": "We present a formalization of bounded operators on complex vector spaces. Our formalization contains material on complex vector spaces (normed spaces, Banach spaces, Hilbert spaces) that complements and goes beyond the developments of real vectors spaces in the Isabelle/HOL standard library. We define the type of bounded operators between complex vector spaces (\u003cem\u003ecblinfun\u003c/em\u003e) and develop the theory of unitaries, projectors, extension of bounded linear functions (BLT theorem), adjoints, Loewner order, closed subspaces and more. For the finite-dimensional case, we provide code generation support by identifying finite-dimensional operators with matrices as formalized in the \u003ca href=\"Jordan_Normal_Form.html\"\u003eJordan_Normal_Form\u003c/a\u003e AFP entry.", "authors": [ "José Manuel Rodríguez Caballero", "Dominique Unruh" ], "date": "2021-09-18", - "id": 76, + "id": 77, "link": "/entries/Complex_Bounded_Operators.html", "permalink": "/entries/Complex_Bounded_Operators.html", "shortname": "Complex_Bounded_Operators", "title": "Complex Bounded Operators", "topic_links": [ "mathematics/analysis" ], "topics": [ "Mathematics/Analysis" ], "used_by": 1 }, { "abstract": "We define the weighted path order (WPO) and formalize several properties such as strong normalization, the subterm property, and closure properties under substitutions and contexts. Our definition of WPO extends the original definition by also permitting multiset comparisons of arguments instead of just lexicographic extensions. Therefore, our WPO not only subsumes lexicographic path orders (LPO), but also recursive path orders (RPO). We formally prove these subsumptions and therefore all of the mentioned properties of WPO are automatically transferable to LPO and RPO as well. Such a transformation is not required for Knuth\u0026ndash;Bendix orders (KBO), since they have already been formalized. Nevertheless, we still provide a proof that WPO subsumes KBO and thereby underline the generality of WPO.", "authors": [ "Christian Sternagel", "René Thiemann", "Akihisa Yamada" ], "date": "2021-09-16", - "id": 77, + "id": 78, "link": "/entries/Weighted_Path_Order.html", "permalink": "/entries/Weighted_Path_Order.html", "shortname": "Weighted_Path_Order", "title": "A Formalization of Weighted Path Orders and Recursive Path Orders", "topic_links": [ "logic/rewriting" ], "topics": [ "Logic/Rewriting" ], "used_by": 1 }, { "abstract": "This article provides a foundational framework for the formalization of category theory in the object logic ZFC in HOL of the formal proof assistant Isabelle. More specifically, this article provides a formalization of canonical set-theoretic constructions internalized in the type \u003ci\u003eV\u003c/i\u003e associated with the ZFC in HOL, establishes a design pattern for the formalization of mathematical structures using sequences and locales, and showcases the developed infrastructure by providing formalizations of the elementary theories of digraphs and semicategories. The methodology chosen for the formalization of the theories of digraphs and semicategories (and categories in future articles) rests on the ideas that were originally expressed in the article \u003ci\u003eSet-Theoretical Foundations of Category Theory\u003c/i\u003e written by Solomon Feferman and Georg Kreisel. Thus, in the context of this work, each of the aforementioned mathematical structures is represented as a term of the type \u003ci\u003eV\u003c/i\u003e embedded into a stage of the von Neumann hierarchy.", "authors": [ "Mihails Milehins" ], "date": "2021-09-06", - "id": 78, + "id": 79, "link": "/entries/CZH_Foundations.html", "permalink": "/entries/CZH_Foundations.html", "shortname": "CZH_Foundations", "title": "Category Theory for ZFC in HOL I: Foundations: Design Patterns, Set Theory, Digraphs, Semicategories", "topic_links": [ "mathematics/category-theory", "logic/set-theory" ], "topics": [ "Mathematics/Category theory", "Logic/Set theory" ], "used_by": 1 }, { "abstract": "This article provides a formalization of the foundations of the theory of 1-categories in the object logic ZFC in HOL of the formal proof assistant Isabelle. The article builds upon the foundations that were established in the AFP entry \u003ci\u003eCategory Theory for ZFC in HOL I: Foundations: Design Patterns, Set Theory, Digraphs, Semicategories\u003c/i\u003e.", "authors": [ "Mihails Milehins" ], "date": "2021-09-06", - "id": 79, + "id": 80, "link": "/entries/CZH_Elementary_Categories.html", "permalink": "/entries/CZH_Elementary_Categories.html", "shortname": "CZH_Elementary_Categories", "title": "Category Theory for ZFC in HOL II: Elementary Theory of 1-Categories", "topic_links": [ "mathematics/category-theory" ], "topics": [ "Mathematics/Category theory" ], "used_by": 1 }, { "abstract": "The article provides a formalization of elements of the theory of universal constructions for 1-categories (such as limits, adjoints and Kan extensions) in the object logic ZFC in HOL of the formal proof assistant Isabelle. The article builds upon the foundations established in the AFP entry \u003ci\u003eCategory Theory for ZFC in HOL II: Elementary Theory of 1-Categories\u003c/i\u003e.", "authors": [ "Mihails Milehins" ], "date": "2021-09-06", - "id": 80, + "id": 81, "link": "/entries/CZH_Universal_Constructions.html", "permalink": "/entries/CZH_Universal_Constructions.html", "shortname": "CZH_Universal_Constructions", "title": "Category Theory for ZFC in HOL III: Universal Constructions", "topic_links": [ "mathematics/category-theory" ], "topics": [ "Mathematics/Category theory" ], "used_by": 0 }, { "abstract": "The article provides a collection of experimental general-purpose proof methods for the object logic Isabelle/HOL of the formal proof assistant Isabelle. The methods in the collection offer functionality that is similar to certain aspects of the functionality provided by the standard proof methods of Isabelle that combine classical reasoning and rewriting, such as the method \u003ci\u003eauto\u003c/i\u003e, but use a different approach for rewriting. More specifically, these methods allow for the side conditions of the rewrite rules to be solved via intro-resolution.", "authors": [ "Mihails Milehins" ], "date": "2021-09-06", - "id": 81, + "id": 82, "link": "/entries/Conditional_Simplification.html", "permalink": "/entries/Conditional_Simplification.html", "shortname": "Conditional_Simplification", "title": "Conditional Simplification", "topic_links": [ "tools" ], "topics": [ "Tools" ], "used_by": 1 }, { "abstract": "This article provides a collection of experimental utilities for unoverloading of definitions and synthesis of conditional transfer rules for the object logic Isabelle/HOL of the formal proof assistant Isabelle written in Isabelle/ML.", "authors": [ "Mihails Milehins" ], "date": "2021-09-06", - "id": 82, + "id": 83, "link": "/entries/Conditional_Transfer_Rule.html", "permalink": "/entries/Conditional_Transfer_Rule.html", "shortname": "Conditional_Transfer_Rule", "title": "Conditional Transfer Rule", "topic_links": [ "tools" ], "topics": [ "Tools" ], "used_by": 1 }, { "abstract": "In their article titled \u003ci\u003eFrom Types to Sets by Local Type Definitions in Higher-Order Logic\u003c/i\u003e and published in the proceedings of the conference \u003ci\u003eInteractive Theorem Proving\u003c/i\u003e in 2016, Ondřej Kunčar and Andrei Popescu propose an extension of the logic Isabelle/HOL and an associated algorithm for the relativization of the \u003ci\u003etype-based theorems\u003c/i\u003e to more flexible \u003ci\u003eset-based theorems\u003c/i\u003e, collectively referred to as \u003ci\u003eTypes-To-Sets\u003c/i\u003e. One of the aims of their work was to open an opportunity for the development of a software tool for applied relativization in the implementation of the logic Isabelle/HOL of the proof assistant Isabelle. In this article, we provide a prototype of a software framework for the interactive automated relativization of theorems in Isabelle/HOL, developed as an extension of the proof language Isabelle/Isar. The software framework incorporates the implementation of the proposed extension of the logic, and builds upon some of the ideas for further work expressed in the original article on Types-To-Sets by Ondřej Kunčar and Andrei Popescu and the subsequent article \u003ci\u003eSmooth Manifolds and Types to Sets for Linear Algebra in Isabelle/HOL\u003c/i\u003e that was written by Fabian Immler and Bohua Zhan and published in the proceedings of the \u003ci\u003eInternational Conference on Certified Programs and Proofs\u003c/i\u003e in 2019.", "authors": [ "Mihails Milehins" ], "date": "2021-09-06", - "id": 83, + "id": 84, "link": "/entries/Types_To_Sets_Extension.html", "permalink": "/entries/Types_To_Sets_Extension.html", "shortname": "Types_To_Sets_Extension", "title": "Extension of Types-To-Sets", "topic_links": [ "tools" ], "topics": [ "Tools" ], "used_by": 0 }, { "abstract": "The article provides the command \u003cb\u003emk_ide\u003c/b\u003e for the object logic Isabelle/HOL of the formal proof assistant Isabelle. The command \u003cb\u003emk_ide\u003c/b\u003e enables the automated synthesis of the introduction, destruction and elimination rules from arbitrary definitions of constant predicates stated in Isabelle/HOL.", "authors": [ "Mihails Milehins" ], "date": "2021-09-06", - "id": 84, + "id": 85, "link": "/entries/Intro_Dest_Elim.html", "permalink": "/entries/Intro_Dest_Elim.html", "shortname": "Intro_Dest_Elim", "title": "IDE: Introduction, Destruction, Elimination", "topic_links": [ "tools" ], "topics": [ "Tools" ], "used_by": 1 }, { "abstract": "This entry formalises the fast iterative algorithm for computing dominators due to Cooper, Harvey and Kennedy. It gives a specification of computing dominators on a control flow graph where each node refers to its reverse post order number. A semilattice of reversed-ordered list which represents dominators is built and a Kildall-style algorithm on the semilattice is defined for computing dominators. Finally the soundness and completeness of the algorithm are proved w.r.t. the specification.", "authors": [ "Nan Jiang" ], "date": "2021-09-05", - "id": 85, + "id": 86, "link": "/entries/Dominance_CHK.html", "permalink": "/entries/Dominance_CHK.html", "shortname": "Dominance_CHK", "title": "A data flow analysis algorithm for computing dominators", "topic_links": [ "computer-science/programming-languages/static-analysis" ], "topics": [ "Computer science/Programming languages/Static analysis" ], "used_by": 0 }, { "abstract": "\u003cp\u003eWe formalize Cardano's formula to solve a cubic equation $$ax^3 + bx^2 + cx + d = 0,$$ as well as Ferrari's formula to solve a quartic equation. We further turn both formulas into executable algorithms based on the algebraic number implementation in the AFP. To this end we also slightly extended this library, namely by making the minimal polynomial of an algebraic number executable, and by defining and implementing $n$-th roots of complex numbers.\u003c/p\u003e", "authors": [ "René Thiemann" ], "date": "2021-09-03", - "id": 86, + "id": 87, "link": "/entries/Cubic_Quartic_Equations.html", "permalink": "/entries/Cubic_Quartic_Equations.html", "shortname": "Cubic_Quartic_Equations", "title": "Solving Cubic and Quartic Equations", "topic_links": [ "mathematics/analysis" ], "topics": [ "Mathematics/Analysis" ], "used_by": 0 }, { "abstract": "In the context of formal cryptographic protocol verification, logging-independent message anonymity is the property for a given message to remain anonymous despite the attacker's capability of mapping messages of that sort to agents based on some intrinsic feature of such messages, rather than by logging the messages exchanged by legitimate agents as with logging-dependent message anonymity. This paper illustrates how logging-independent message anonymity can be formalized according to the relational method for formal protocol verification by considering a real-world protocol, namely the Restricted Identification one by the BSI. This sample model is used to verify that the pseudonymous identifiers output by user identification tokens remain anonymous under the expected conditions.", "authors": [ "Pasquale Noce" ], "date": "2021-08-26", - "id": 87, + "id": 88, "link": "/entries/Logging_Independent_Anonymity.html", "permalink": "/entries/Logging_Independent_Anonymity.html", "shortname": "Logging_Independent_Anonymity", "title": "Logging-independent Message Anonymity in the Relational Method", "topic_links": [ "computer-science/security" ], "topics": [ "Computer science/Security" ], "used_by": 0 }, { "abstract": "The Descartes test based on Bernstein coefficients and Descartes’ rule of signs effectively (over-)approximates the number of real roots of a univariate polynomial over an interval. In this entry we formalise the theorem of three circles, which gives sufficient conditions for when the Descartes test returns 0 or 1. This is the first step for efficient root isolation.", "authors": [ "Fox Thomson", "Wenda Li" ], "date": "2021-08-21", - "id": 88, + "id": 89, "link": "/entries/Three_Circles.html", "permalink": "/entries/Three_Circles.html", "shortname": "Three_Circles", "title": "The Theorem of Three Circles", "topic_links": [ "mathematics/analysis" ], "topics": [ "Mathematics/Analysis" ], "used_by": 0 }, { "abstract": "This entry contains the confidentiality verification of the (functional kernel of) the CoCon conference management system [\u003ca href=\"https://doi.org/10.1007/978-3-319-08867-9_11\"\u003e1\u003c/a\u003e, \u003ca href=\"https://doi.org/10.1007/s10817-020-09566-9\"\u003e2\u003c/a\u003e]. The confidentiality properties refer to the documents managed by the system, namely papers, reviews, discussion logs and acceptance/rejection decisions, and also to the assignment of reviewers to papers. They have all been formulated as instances of BD Security [\u003ca href=\"https://doi.org/10.4230/LIPIcs.ITP.2021.3\"\u003e3\u003c/a\u003e, \u003ca href=\"https://www.isa-afp.org/entries/Bounded_Deducibility_Security.html\"\u003e4\u003c/a\u003e] and verified using the BD Security unwinding technique.", "authors": [ "Andrei Popescu", "Peter Lammich", "Thomas Bauereiss" ], "date": "2021-08-16", - "id": 89, + "id": 90, "link": "/entries/CoCon.html", "permalink": "/entries/CoCon.html", "shortname": "CoCon", "title": "CoCon: A Confidentiality-Verified Conference Management System", "topic_links": [ "computer-science/security" ], "topics": [ "Computer science/Security" ], "used_by": 0 }, { "abstract": "Building on a previous \u003ca href=\"https://www.isa-afp.org/entries/Bounded_Deducibility_Security.html\"\u003eAFP entry\u003c/a\u003e that formalizes the Bounded-Deducibility Security (BD Security) framework \u003ca href=\"https://doi.org/10.4230/LIPIcs.ITP.2021.3\"\u003e[1]\u003c/a\u003e, we formalize compositionality and transport theorems for information flow security. These results allow lifting BD Security properties from individual components specified as transition systems, to a composition of systems specified as communicating products of transition systems. The underlying ideas of these results are presented in the papers \u003ca href=\"https://doi.org/10.4230/LIPIcs.ITP.2021.3\"\u003e[1]\u003c/a\u003e and \u003ca href=\"https://doi.org/10.1109/SP.2017.24\"\u003e[2]\u003c/a\u003e. The latter paper also describes a major case study where these results have been used: on verifying the CoSMeDis distributed social media platform (itself formalized as an \u003ca href=\"https://www.isa-afp.org/entries/CoSMeDis.html\"\u003eAFP entry\u003c/a\u003e that builds on this entry).", "authors": [ "Thomas Bauereiss", "Andrei Popescu" ], "date": "2021-08-16", - "id": 90, + "id": 91, "link": "/entries/BD_Security_Compositional.html", "permalink": "/entries/BD_Security_Compositional.html", "shortname": "BD_Security_Compositional", "title": "Compositional BD Security", "topic_links": [ "computer-science/security" ], "topics": [ "Computer science/Security" ], "used_by": 1 }, { "abstract": "This entry contains the confidentiality verification of the (functional kernel of) the CoSMed social media platform. The confidentiality properties are formalized as instances of BD Security [\u003ca href=\"https://doi.org/10.4230/LIPIcs.ITP.2021.3\"\u003e1\u003c/a\u003e, \u003ca href=\"https://www.isa-afp.org/entries/Bounded_Deducibility_Security.html\"\u003e2\u003c/a\u003e]. An innovation in the deployment of BD Security compared to previous work is the use of dynamic declassification triggers, incorporated as part of inductive bounds, for providing stronger guarantees that account for the repeated opening and closing of access windows. To further strengthen the confidentiality guarantees, we also prove \"traceback\" properties about the accessibility decisions affecting the information managed by the system.", "authors": [ "Thomas Bauereiss", "Andrei Popescu" ], "date": "2021-08-16", - "id": 91, + "id": 92, "link": "/entries/CoSMed.html", "permalink": "/entries/CoSMed.html", "shortname": "CoSMed", "title": "CoSMed: A confidentiality-verified social media platform", "topic_links": [ "computer-science/security" ], "topics": [ "Computer science/Security" ], "used_by": 0 }, { "abstract": "This entry contains the confidentiality verification of the (functional kernel of) the CoSMeDis distributed social media platform presented in [\u003ca href=\"https://doi.org/10.1109/SP.2017.24\"\u003e1\u003c/a\u003e]. CoSMeDis is a multi-node extension the CoSMed prototype social media platform [\u003ca href=\"https://doi.org/10.1007/978-3-319-43144-4_6\"\u003e2\u003c/a\u003e, \u003ca href=\"https://doi.org/10.1007/s10817-017-9443-3\"\u003e3\u003c/a\u003e, \u003ca href=\"https://www.isa-afp.org/entries/CoSMed.html\"\u003e4\u003c/a\u003e]. The confidentiality properties are formalized as instances of BD Security [\u003ca href=\"https://doi.org/10.4230/LIPIcs.ITP.2021.3\"\u003e5\u003c/a\u003e, \u003ca href=\"https://www.isa-afp.org/entries/Bounded_Deducibility_Security.html\"\u003e6\u003c/a\u003e]. The lifting of confidentiality properties from single nodes to the entire CoSMeDis network is performed using compositionality and transport theorems for BD Security, which are described in [\u003ca href=\"https://doi.org/10.1109/SP.2017.24\"\u003e1\u003c/a\u003e] and formalized in a separate \u003ca href=\"https://www.isa-afp.org/entries/BD_Security_Compositional.html\"\u003eAFP entry\u003c/a\u003e.", "authors": [ "Thomas Bauereiss", "Andrei Popescu" ], "date": "2021-08-16", - "id": 92, + "id": 93, "link": "/entries/CoSMeDis.html", "permalink": "/entries/CoSMeDis.html", "shortname": "CoSMeDis", "title": "CoSMeDis: A confidentiality-verified distributed social media platform", "topic_links": [ "computer-science/security" ], "topics": [ "Computer science/Security" ], "used_by": 0 }, { "abstract": "This entry defines a type class with an operator returning a fresh identifier, given a set of already used identifiers and a preferred identifier. The entry provides a default instantiation for any infinite type, as well as executable instantiations for natural numbers and strings.", "authors": [ "Andrei Popescu", "Thomas Bauereiss" ], "date": "2021-08-16", - "id": 93, + "id": 94, "link": "/entries/Fresh_Identifiers.html", "permalink": "/entries/Fresh_Identifiers.html", "shortname": "Fresh_Identifiers", "title": "Fresh identifiers", "topic_links": [ "computer-science/data-structures" ], "topics": [ "Computer science/Data structures" ], "used_by": 3 }, { "abstract": "Combinatorial design theory studies incidence set systems with certain balance and symmetry properties. It is closely related to hypergraph theory. This formalisation presents a general library for formal reasoning on incidence set systems, designs and their applications, including formal definitions and proofs for many key properties, operations, and theorems on the construction and existence of designs. Notably, this includes formalising t-designs, balanced incomplete block designs (BIBD), group divisible designs (GDD), pairwise balanced designs (PBD), design isomorphisms, and the relationship between graphs and designs. A locale-centric approach has been used to manage the relationships between the many different types of designs. Theorems of particular interest include the necessary conditions for existence of a BIBD, Wilson's construction on GDDs, and Bose's inequality on resolvable designs. Parts of this formalisation are explored in the paper \"A Modular First Formalisation of Combinatorial Design Theory\", presented at CICM 2021.", "authors": [ "Chelsea Edmonds", "Lawrence C. Paulson" ], "date": "2021-08-13", - "id": 94, + "id": 95, "link": "/entries/Design_Theory.html", "permalink": "/entries/Design_Theory.html", "shortname": "Design_Theory", "title": "Combinatorial Design Theory", "topic_links": [ "mathematics/combinatorics" ], "topics": [ "Mathematics/Combinatorics" ], "used_by": 1 }, { "abstract": "We study second-order formalisations of graph properties expressed as first-order formulas in relation algebras extended with a Kleene star. The formulas quantify over relations while still avoiding quantification over elements of the base set. We formalise the property of undirected graphs being acyclic this way. This involves a study of various kinds of orientation of graphs. We also verify basic algorithms to constructively prove several second-order properties.", "authors": [ "Walter Guttmann" ], "date": "2021-08-03", - "id": 95, + "id": 96, "link": "/entries/Relational_Forests.html", "permalink": "/entries/Relational_Forests.html", "shortname": "Relational_Forests", "title": "Relational Forests", "topic_links": [ "mathematics/graph-theory" ], "topics": [ "Mathematics/Graph theory" ], "used_by": 0 }, { "abstract": "This is a formalisation of Schutz' system of axioms for Minkowski spacetime published under the name \"Independent axioms for Minkowski space-time\" in 1997, as well as most of the results in the third chapter (\"Temporal Order on a Path\") of the above monograph. Many results are proven here that cannot be found in Schutz, either preceding the theorem they are needed for, or within their own thematic section.", "authors": [ "Richard Schmoetten", "Jake Palmer", "Jacques D. Fleuriot" ], "date": "2021-07-27", - "id": 96, + "id": 97, "link": "/entries/Schutz_Spacetime.html", "permalink": "/entries/Schutz_Spacetime.html", "shortname": "Schutz_Spacetime", "title": "Schutz' Independent Axioms for Minkowski Spacetime", "topic_links": [ "mathematics/physics", "mathematics/geometry" ], "topics": [ "Mathematics/Physics", "Mathematics/Geometry" ], "used_by": 0 }, { "abstract": "This article deals with the formalisation of some group-theoretic results including the fundamental theorem of finitely generated abelian groups characterising the structure of these groups as a uniquely determined product of cyclic groups. Both the invariant factor decomposition and the primary decomposition are covered. Additional work includes results about the direct product, the internal direct product and more group-theoretic lemmas.", "authors": [ "Joseph Thommes", "Manuel Eberl" ], "date": "2021-07-07", - "id": 97, + "id": 98, "link": "/entries/Finitely_Generated_Abelian_Groups.html", "permalink": "/entries/Finitely_Generated_Abelian_Groups.html", "shortname": "Finitely_Generated_Abelian_Groups", "title": "Finitely Generated Abelian Groups", "topic_links": [ "mathematics/algebra" ], "topics": [ "Mathematics/Algebra" ], "used_by": 1 }, { "abstract": "SpecCheck is a \u003ca href=\"https://en.wikipedia.org/wiki/QuickCheck\"\u003eQuickCheck\u003c/a\u003e-like testing framework for Isabelle/ML. You can use it to write specifications for ML functions. SpecCheck then checks whether your specification holds by testing your function against a given number of generated inputs. It helps you to identify bugs by printing counterexamples on failure and provides you timing information. SpecCheck is customisable and allows you to specify your own input generators, test output formats, as well as pretty printers and shrinking functions for counterexamples among other things.", "authors": [ "Kevin Kappelmann", "Lukas Bulwahn", "Sebastian Willenbrink" ], "date": "2021-07-01", - "id": 98, + "id": 99, "link": "/entries/SpecCheck.html", "permalink": "/entries/SpecCheck.html", "shortname": "SpecCheck", "title": "SpecCheck - Specification-Based Testing for Isabelle/ML", "topic_links": [ "tools" ], "topics": [ "Tools" ], "used_by": 3 }, { "abstract": "This article formalises the proof of Van der Waerden's Theorem from Ramsey theory. Van der Waerden's Theorem states that for integers $k$ and $l$ there exists a number $N$ which guarantees that if an integer interval of length at least $N$ is coloured with $k$ colours, there will always be an arithmetic progression of length $l$ of the same colour in said interval. The proof goes along the lines of \\cite{Swan}. The smallest number $N_{k,l}$ fulfilling Van der Waerden's Theorem is then called the Van der Waerden Number. Finding the Van der Waerden Number is still an open problem for most values of $k$ and $l$.", "authors": [ "Katharina Kreuzer", "Manuel Eberl" ], "date": "2021-06-22", - "id": 99, + "id": 100, "link": "/entries/Van_der_Waerden.html", "permalink": "/entries/Van_der_Waerden.html", "shortname": "Van_der_Waerden", "title": "Van der Waerden's Theorem", "topic_links": [ "mathematics/combinatorics" ], "topics": [ "Mathematics/Combinatorics" ], "used_by": 0 }, { "abstract": "MiniSail is a kernel language for Sail, an instruction set architecture (ISA) specification language. Sail is an imperative language with a light-weight dependent type system similar to refinement type systems. From an ISA specification, the Sail compiler can generate theorem prover code and C (or OCaml) to give an executable emulator for an architecture. The idea behind MiniSail is to capture the key and novel features of Sail in terms of their syntax, typing rules and operational semantics, and to confirm that they work together by proving progress and preservation lemmas. We use the Nominal2 library to handle binding.", "authors": [ "Mark Wassell" ], "date": "2021-06-18", - "id": 100, + "id": 101, "link": "/entries/MiniSail.html", "permalink": "/entries/MiniSail.html", "shortname": "MiniSail", "title": "MiniSail - A kernel language for the ISA specification language SAIL", "topic_links": [ "computer-science/programming-languages/type-systems" ], "topics": [ "Computer science/Programming languages/Type systems" ], "used_by": 0 }, { "abstract": "This work is a formalization of public announcement logic with countably many agents. It includes proofs of soundness and completeness for a variant of the axiom system PA + DIST! + NEC!. The completeness proof builds on the Epistemic Logic theory. Paper: \u003ca href=\"https://doi.org/10.1007/978-3-030-90138-7_2\"\u003ehttps://doi.org/10.1007/978-3-030-90138-7_2\u003c/a\u003e.", "authors": [ "Asta Halkjær From" ], "date": "2021-06-17", - "id": 101, + "id": 102, "link": "/entries/Public_Announcement_Logic.html", "permalink": "/entries/Public_Announcement_Logic.html", "shortname": "Public_Announcement_Logic", "title": "Public Announcement Logic", "topic_links": [ "logic/general-logic/logics-of-knowledge-and-belief" ], "topics": [ "Logic/General logic/Logics of knowledge and belief" ], "used_by": 0 }, { "abstract": "This paper presents a compiler correctness proof for the didactic imperative programming language IMP, introduced in Nipkow and Klein's book on formal programming language semantics (version of March 2021), whose size is just two thirds of the book's proof in the number of formal text lines. As such, it promises to constitute a further enhanced reference for the formal verification of compilers meant for larger, real-world programming languages. The presented proof does not depend on language determinism, so that the proposed approach can be applied to non-deterministic languages as well. As a confirmation, this paper extends IMP with an additional non-deterministic choice command, and proves compiler correctness, viz. the simulation of compiled code execution by source code, for such extended language.", "authors": [ "Pasquale Noce" ], "date": "2021-06-04", - "id": 102, + "id": 103, "link": "/entries/IMP_Compiler.html", "permalink": "/entries/IMP_Compiler.html", "shortname": "IMP_Compiler", "title": "A Shorter Compiler Correctness Proof for Language IMP", "topic_links": [ "computer-science/programming-languages/compiling" ], "topics": [ "Computer science/Programming languages/Compiling" ], "used_by": 0 }, { "abstract": "We formalize basics of Combinatorics on Words. This is an extension of existing theories on lists. We provide additional properties related to prefix, suffix, factor, length and rotation. The topics include prefix and suffix comparability, mismatch, word power, total and reversed morphisms, border, periods, primitivity and roots. We also formalize basic, mostly folklore results related to word equations: equidivisibility, commutation and conjugation. Slightly advanced properties include the Periodicity lemma (often cited as the Fine and Wilf theorem) and the variant of the Lyndon-Schützenberger theorem for words. We support the algebraic point of view which sees words as generators of submonoids of a free monoid. This leads to the concepts of the (free) hull, the (free) basis (or code).", "authors": [ "Štěpán Holub", "Martin Raška", "Štěpán Starosta" ], "date": "2021-05-24", - "id": 103, + "id": 104, "link": "/entries/Combinatorics_Words.html", "permalink": "/entries/Combinatorics_Words.html", "shortname": "Combinatorics_Words", "title": "Combinatorics on Words Basics", "topic_links": [ "computer-science/automata-and-formal-languages" ], "topics": [ "Computer science/Automata and formal languages" ], "used_by": 2 }, { "abstract": "Graph lemma quantifies the defect effect of a system of word equations. That is, it provides an upper bound on the rank of the system. We formalize the proof based on the decomposition of a solution into its free basis. A direct application is an alternative proof of the fact that two noncommuting words form a code.", "authors": [ "Štěpán Holub", "Štěpán Starosta" ], "date": "2021-05-24", - "id": 104, + "id": 105, "link": "/entries/Combinatorics_Words_Graph_Lemma.html", "permalink": "/entries/Combinatorics_Words_Graph_Lemma.html", "shortname": "Combinatorics_Words_Graph_Lemma", "title": "Graph Lemma", "topic_links": [ "computer-science/automata-and-formal-languages" ], "topics": [ "Computer science/Automata and formal languages" ], "used_by": 0 }, { "abstract": "Lyndon words are words lexicographically minimal in their conjugacy class. We formalize their basic properties and characterizations, in particular the concepts of the longest Lyndon suffix and the Lyndon factorization. Most of the work assumes a fixed lexicographical order. Nevertheless we also define the smallest relation guaranteeing lexicographical minimality of a given word (in its conjugacy class).", "authors": [ "Štěpán Holub", "Štěpán Starosta" ], "date": "2021-05-24", - "id": 105, + "id": 106, "link": "/entries/Combinatorics_Words_Lyndon.html", "permalink": "/entries/Combinatorics_Words_Lyndon.html", "shortname": "Combinatorics_Words_Lyndon", "title": "Lyndon words", "topic_links": [ "computer-science/automata-and-formal-languages" ], "topics": [ "Computer science/Automata and formal languages" ], "used_by": 0 }, { "abstract": "This development provides a general definition for safe Regression Test Selection (RTS) algorithms. RTS algorithms select which tests to rerun on revised code, reducing the time required to check for newly introduced errors. An RTS algorithm is considered safe if and only if all deselected tests would have unchanged results. This definition is instantiated with two class-collection-based RTS algorithms run over the JVM as modeled by JinjaDCI. This is achieved with a general definition for Collection Semantics, small-step semantics instrumented to collect information during execution. As the RTS definition mandates safety, these instantiations include proofs of safety. This work is described in Mansky and Gunter's LSFA 2020 paper and Mansky's doctoral thesis (UIUC, 2020).", "authors": [ "Susannah Mansky" ], "date": "2021-04-30", - "id": 106, + "id": 107, "link": "/entries/Regression_Test_Selection.html", "permalink": "/entries/Regression_Test_Selection.html", "shortname": "Regression_Test_Selection", "title": "Regression Test Selection", "topic_links": [ "computer-science/algorithms" ], "topics": [ "Computer science/Algorithms" ], "used_by": 0 }, { "abstract": "In this entry we formalize Isabelle's metalogic in Isabelle/HOL. Furthermore, we define a language of proof terms and an executable proof checker and prove its soundness wrt. the metalogic. The formalization is intentionally kept close to the Isabelle implementation(for example using de Brujin indices) to enable easy integration of generated code with the Isabelle system without a complicated translation layer. The formalization is described in our \u003ca href=\"https://arxiv.org/pdf/2104.12224.pdf\"\u003eCADE 28 paper\u003c/a\u003e.", "authors": [ "Tobias Nipkow", "Simon Roßkopf" ], "date": "2021-04-27", - "id": 107, + "id": 108, "link": "/entries/Metalogic_ProofChecker.html", "permalink": "/entries/Metalogic_ProofChecker.html", "shortname": "Metalogic_ProofChecker", "title": "Isabelle's Metalogic: Formalization and Proof Checker", "topic_links": [ "logic/general-logic" ], "topics": [ "Logic/General logic" ], "used_by": 0 }, { "abstract": "We formalize the \u003ci\u003eLifting the Exponent Lemma\u003c/i\u003e, which shows how to find the largest power of $p$ dividing $a^n \\pm b^n$, for a prime $p$ and positive integers $a$ and $b$. The proof follows \u003ca href=\"https://s3.amazonaws.com/aops-cdn.artofproblemsolving.com/resources/articles/lifting-the-exponent.pdf\"\u003eAmir Hossein Parvardi's\u003c/a\u003e.", "authors": [ "Maya Kądziołka" ], "date": "2021-04-27", - "id": 108, + "id": 109, "link": "/entries/Lifting_the_Exponent.html", "permalink": "/entries/Lifting_the_Exponent.html", "shortname": "Lifting_the_Exponent", "title": "Lifting the Exponent", "topic_links": [ "mathematics/number-theory" ], "topics": [ "Mathematics/Number theory" ], "used_by": 0 }, { "abstract": "We formalize the univariate case of Ben-Or, Kozen, and Reif's decision procedure for first-order real arithmetic (the BKR algorithm). We also formalize the univariate case of Renegar's variation of the BKR algorithm. The two formalizations differ mathematically in minor ways (that have significant impact on the multivariate case), but are quite similar in proof structure. Both rely on sign-determination (finding the set of consistent sign assignments for a set of polynomials). The method used for sign-determination is similar to Tarski's original quantifier elimination algorithm (it stores key information in a matrix equation), but with a reduction step to keep complexity low.", "authors": [ "Katherine Cordwell", "Yong Kiam Tan", "André Platzer" ], "date": "2021-04-24", - "id": 109, + "id": 110, "link": "/entries/BenOr_Kozen_Reif.html", "permalink": "/entries/BenOr_Kozen_Reif.html", "shortname": "BenOr_Kozen_Reif", "title": "The BKR Decision Procedure for Univariate Real Arithmetic", "topic_links": [ "computer-science/algorithms/mathematical" ], "topics": [ "Computer science/Algorithms/Mathematical" ], "used_by": 1 }, { "abstract": "This is a formalisation of the main result of Gale and Stewart from 1953, showing that closed finite games are determined. This property is now known as the Gale Stewart Theorem. While the original paper shows some additional theorems as well, we only formalize this main result, but do so in a somewhat general way. We formalize games of a fixed arbitrary length, including infinite length, using co-inductive lists, and show that defensive strategies exist unless the other player is winning. For closed games, defensive strategies are winning for the closed player, proving that such games are determined. For finite games, which are a special case in our formalisation, all games are closed.", "authors": [ "Sebastiaan J. C. Joosten" ], "date": "2021-04-23", - "id": 110, + "id": 111, "link": "/entries/GaleStewart_Games.html", "permalink": "/entries/GaleStewart_Games.html", "shortname": "GaleStewart_Games", "title": "Gale-Stewart Games", "topic_links": [ "mathematics/games-and-economics" ], "topics": [ "Mathematics/Games and economics" ], "used_by": 0 }, { "abstract": "Large-scale stream processing systems often follow the dataflow paradigm, which enforces a program structure that exposes a high degree of parallelism. The Timely Dataflow distributed system supports expressive cyclic dataflows for which it offers low-latency data- and pipeline-parallel stream processing. To achieve high expressiveness and performance, Timely Dataflow uses an intricate distributed protocol for tracking the computation’s progress. We formalize this progress tracking protocol and verify its safety. Our formalization is described in detail in our forthcoming \u003ca href=\"https://traytel.bitbucket.io/papers/itp21-progress_tracking/safe.pdf\"\u003eITP'21 paper\u003c/a\u003e.", "authors": [ "Matthias Brun", "Sára Decova", "Andrea Lattuada", "Dmitriy Traytel" ], "date": "2021-04-13", - "id": 111, + "id": 112, "link": "/entries/Progress_Tracking.html", "permalink": "/entries/Progress_Tracking.html", "shortname": "Progress_Tracking", "title": "Formalization of Timely Dataflow's Progress Tracking Protocol", "topic_links": [ "computer-science/algorithms/distributed" ], "topics": [ "Computer science/Algorithms/Distributed" ], "used_by": 0 }, { "abstract": "We provide a characterisation of how information is propagated by program executions based on the tracking data and control dependencies within executions themselves. The characterisation might be used for deriving approximative safety properties to be targeted by static analyses or checked at runtime. We utilise a simple yet versatile control flow graph model as a program representation. As our model is not assumed to be finite it can be instantiated for a broad class of programs. The targeted security property is indistinguishable security where executions produce sequences of observations and only non-terminating executions are allowed to drop a tail of those. A very crude approximation of our characterisation is slicing based on program dependence graphs, which we use as a minimal example and derive a corresponding soundness result. For further details and applications refer to the authors upcoming dissertation.", "authors": [ "Benedikt Nordhoff" ], "date": "2021-04-01", - "id": 112, + "id": 113, "link": "/entries/IFC_Tracking.html", "permalink": "/entries/IFC_Tracking.html", "shortname": "IFC_Tracking", "title": "Information Flow Control via Dependency Tracking", "topic_links": [ "computer-science/security" ], "topics": [ "Computer science/Security" ], "used_by": 0 }, { "abstract": "We formalize mainstream structures in algebraic geometry culminating in Grothendieck's schemes: presheaves of rings, sheaves of rings, ringed spaces, locally ringed spaces, affine schemes and schemes. We prove that the spectrum of a ring is a locally ringed space, hence an affine scheme. Finally, we prove that any affine scheme is a scheme.", "authors": [ "Anthony Bordg", "Lawrence C. Paulson", "Wenda Li" ], "date": "2021-03-29", - "id": 113, + "id": 114, "link": "/entries/Grothendieck_Schemes.html", "permalink": "/entries/Grothendieck_Schemes.html", "shortname": "Grothendieck_Schemes", "title": "Grothendieck's Schemes in Algebraic Geometry", "topic_links": [ "mathematics/algebra", "mathematics/geometry" ], "topics": [ "Mathematics/Algebra", "Mathematics/Geometry" ], "used_by": 0 }, { "abstract": "We formalize the ring of \u003cem\u003ep\u003c/em\u003e-adic integers within the framework of the HOL-Algebra library. The carrier of the ring is formalized as the inverse limit of quotients of the integers by powers of a fixed prime \u003cem\u003ep\u003c/em\u003e. We define an integer-valued valuation, as well as an extended-integer valued valuation which sends 0 to the infinite element. Basic topological facts about the \u003cem\u003ep\u003c/em\u003e-adic integers are formalized, including completeness and sequential compactness. Taylor expansions of polynomials over a commutative ring are defined, culminating in the formalization of Hensel's Lemma based on a proof due to Keith Conrad.", "authors": [ "Aaron Crighton" ], "date": "2021-03-23", - "id": 114, + "id": 115, "link": "/entries/Padic_Ints.html", "permalink": "/entries/Padic_Ints.html", "shortname": "Padic_Ints", "title": "Hensel's Lemma for the p-adic Integers", "topic_links": [ "mathematics/number-theory" ], "topics": [ "Mathematics/Number theory" ], "used_by": 1 }, { "abstract": "Constructive Cryptography (CC) [\u003ca href=\"https://conference.iiis.tsinghua.edu.cn/ICS2011/content/papers/14.html\"\u003eICS 2011\u003c/a\u003e, \u003ca href=\"https://doi.org/10.1007/978-3-642-27375-9_3\"\u003eTOSCA 2011\u003c/a\u003e, \u003ca href=\"https://doi.org/10.1007/978-3-662-53641-4_1\"\u003eTCC 2016\u003c/a\u003e] introduces an abstract approach to composable security statements that allows one to focus on a particular aspect of security proofs at a time. Instead of proving the properties of concrete systems, CC studies system classes, i.e., the shared behavior of similar systems, and their transformations. Modeling of systems communication plays a crucial role in composability and reusability of security statements; yet, this aspect has not been studied in any of the existing CC results. We extend our previous CC formalization [\u003ca href=\"https://isa-afp.org/entries/Constructive_Cryptography.html\"\u003eConstructive_Cryptography\u003c/a\u003e, \u003ca href=\"https://doi.org/10.1109/CSF.2019.00018\"\u003eCSF 2019\u003c/a\u003e] with a new semantic domain called Fused Resource Templates (FRT) that abstracts over the systems communication patterns in CC proofs. This widens the scope of cryptography proof formalizations in the CryptHOL library [\u003ca href=\"https://isa-afp.org/entries/CryptHOL.html\"\u003eCryptHOL\u003c/a\u003e, \u003ca href=\"https://doi.org/10.1007/978-3-662-49498-1_20\"\u003eESOP 2016\u003c/a\u003e, \u003ca href=\"https://doi.org/10.1007/s00145-019-09341-z\"\u003eJ Cryptol 2020\u003c/a\u003e]. This formalization is described in \u003ca href=\"http://www.andreas-lochbihler.de/pub/basin2021.pdf\"\u003eAbstract Modeling of Systems Communication in Constructive Cryptography using CryptHOL\u003c/a\u003e.", "authors": [ "Andreas Lochbihler", "S. Reza Sefidgar" ], "date": "2021-03-17", - "id": 115, + "id": 116, "link": "/entries/Constructive_Cryptography_CM.html", "permalink": "/entries/Constructive_Cryptography_CM.html", "shortname": "Constructive_Cryptography_CM", "title": "Constructive Cryptography in HOL: the Communication Modeling Aspect", "topic_links": [ "computer-science/security/cryptography", "mathematics/probability-theory" ], "topics": [ "Computer science/Security/Cryptography", "Mathematics/Probability theory" ], "used_by": 0 }, { "abstract": "We verify two algorithms for which modular arithmetic plays an essential role: Storjohann's variant of the LLL lattice basis reduction algorithm and Kopparty's algorithm for computing the Hermite normal form of a matrix. To do this, we also formalize some facts about the modulo operation with symmetric range. Our implementations are based on the original papers, but are otherwise efficient. For basis reduction we formalize two versions: one that includes all of the optimizations/heuristics from Storjohann's paper, and one excluding a heuristic that we observed to often decrease efficiency. We also provide a fast, self-contained certifier for basis reduction, based on the efficient Hermite normal form algorithm.", "authors": [ "Ralph Bottesch", "Jose Divasón", "René Thiemann" ], "date": "2021-03-12", - "id": 116, + "id": 117, "link": "/entries/Modular_arithmetic_LLL_and_HNF_algorithms.html", "permalink": "/entries/Modular_arithmetic_LLL_and_HNF_algorithms.html", "shortname": "Modular_arithmetic_LLL_and_HNF_algorithms", "title": "Two algorithms based on modular arithmetic: lattice basis reduction and Hermite normal form computation", "topic_links": [ "computer-science/algorithms/mathematical" ], "topics": [ "Computer science/Algorithms/Mathematical" ], "used_by": 0 }, { "abstract": "This work contains a formalization of quantum projective measurements, also known as von Neumann measurements, which are based on elements of spectral theory. We also formalized the CHSH inequality, an inequality involving expectations in a probability space that is violated by quantum measurements, thus proving that quantum mechanics cannot be modeled with an underlying local hidden-variable theory.", "authors": [ "Mnacho Echenim" ], "date": "2021-03-03", - "id": 117, + "id": 118, "link": "/entries/Projective_Measurements.html", "permalink": "/entries/Projective_Measurements.html", "shortname": "Projective_Measurements", "title": "Quantum projective measurements and the CHSH inequality", "topic_links": [ "computer-science/algorithms/quantum-computing", "mathematics/physics/quantum-information" ], "topics": [ "Computer science/Algorithms/Quantum computing", "Mathematics/Physics/Quantum information" ], "used_by": 1 }, { "abstract": "\u003cp\u003eThis article provides a formalisation of the Hermite-Lindemann-Weierstraß Theorem (also known as simply Hermite-Lindemann or Lindemann-Weierstraß). This theorem is one of the crowning achievements of 19th century number theory.\u003c/p\u003e \u003cp\u003eThe theorem states that if $\\alpha_1, \\ldots, \\alpha_n\\in\\mathbb{C}$ are algebraic numbers that are linearly independent over $\\mathbb{Z}$, then $e^{\\alpha_1},\\ldots,e^{\\alpha_n}$ are algebraically independent over $\\mathbb{Q}$.\u003c/p\u003e \u003cp\u003eLike the \u003ca href=\"https://doi.org/10.1007/978-3-319-66107-0_5\"\u003eprevious formalisation in Coq by Bernard\u003c/a\u003e, I proceeded by formalising \u003ca href=\"https://doi.org/10.1017/CBO9780511565977\"\u003eBaker's version of the theorem and proof\u003c/a\u003e and then deriving the original one from that. Baker's version states that for any algebraic numbers $\\beta_1, \\ldots, \\beta_n\\in\\mathbb{C}$ and distinct algebraic numbers $\\alpha_i, \\ldots, \\alpha_n\\in\\mathbb{C}$, we have $\\beta_1 e^{\\alpha_1} + \\ldots + \\beta_n e^{\\alpha_n} = 0$ if and only if all the $\\beta_i$ are zero.\u003c/p\u003e \u003cp\u003eThis has a number of direct corollaries, e.g.:\u003c/p\u003e \u003cul\u003e \u003cli\u003e$e$ and $\\pi$ are transcendental\u003c/li\u003e \u003cli\u003e$e^z$, $\\sin z$, $\\tan z$, etc. are transcendental for algebraic $z\\in\\mathbb{C}\\setminus\\{0\\}$\u003c/li\u003e \u003cli\u003e$\\ln z$ is transcendental for algebraic $z\\in\\mathbb{C}\\setminus\\{0, 1\\}$\u003c/li\u003e \u003c/ul\u003e", "authors": [ "Manuel Eberl" ], "date": "2021-03-03", - "id": 118, + "id": 119, "link": "/entries/Hermite_Lindemann.html", "permalink": "/entries/Hermite_Lindemann.html", "shortname": "Hermite_Lindemann", "title": "The Hermite–Lindemann–Weierstraß Transcendence Theorem", "topic_links": [ "mathematics/number-theory" ], "topics": [ "Mathematics/Number theory" ], "used_by": 1 }, { "abstract": "We use Isabelle/HOL to verify elementary theorems and alternative axiomatizations of classical extensional mereology.", "authors": [ "Ben Blumson" ], "date": "2021-03-01", - "id": 119, + "id": 120, "link": "/entries/Mereology.html", "permalink": "/entries/Mereology.html", "shortname": "Mereology", "title": "Mereology", "topic_links": [ "logic/philosophical-aspects" ], "topics": [ "Logic/Philosophical aspects" ], "used_by": 0 }, { "abstract": "We formally define sunflowers and provide a formalization of the sunflower lemma of Erd\u0026odblac;s and Rado: whenever a set of size-\u003ci\u003ek\u003c/i\u003e-sets has a larger cardinality than \u003ci\u003e(r - 1)\u003csup\u003ek\u003c/sup\u003e \u0026middot; k!\u003c/i\u003e, then it contains a sunflower of cardinality \u003ci\u003er\u003c/i\u003e.", "authors": [ "René Thiemann" ], "date": "2021-02-25", - "id": 120, + "id": 121, "link": "/entries/Sunflowers.html", "permalink": "/entries/Sunflowers.html", "shortname": "Sunflowers", "title": "The Sunflower Lemma of Erdős and Rado", "topic_links": [ "mathematics/combinatorics" ], "topics": [ "Mathematics/Combinatorics" ], "used_by": 1 }, { "abstract": "In this work, we use the interactive theorem prover Isabelle/HOL to verify an imperative implementation of the classical B-tree data structure invented by Bayer and McCreight [ACM 1970]. The implementation supports set membership, insertion and deletion queries with efficient binary search for intra-node navigation. This is accomplished by first specifying the structure abstractly in the functional modeling language HOL and proving functional correctness. Using manual refinement, we derive an imperative implementation in Imperative/HOL. We show the validity of this refinement using the separation logic utilities from the \u003ca href=\"https://www.isa-afp.org/entries/Refine_Imperative_HOL.html\"\u003e Isabelle Refinement Framework \u003c/a\u003e . The code can be exported to the programming languages SML, OCaml and Scala. We examine the runtime of all operations indirectly by reproducing results of the logarithmic relationship between height and the number of nodes. The results are discussed in greater detail in the corresponding \u003ca href=\"https://mediatum.ub.tum.de/1596550\"\u003eBachelor's Thesis\u003c/a\u003e.", "authors": [ "Niels Mündler" ], "date": "2021-02-24", - "id": 121, + "id": 122, "link": "/entries/BTree.html", "permalink": "/entries/BTree.html", "shortname": "BTree", "title": "A Verified Imperative Implementation of B-Trees", "topic_links": [ "computer-science/data-structures" ], "topics": [ "Computer science/Data structures" ], "used_by": 0 }, { "abstract": "\u003cp\u003eFormal Puiseux series are generalisations of formal power series and formal Laurent series that also allow for fractional exponents. They have the following general form: \\[\\sum_{i=N}^\\infty a_{i/d} X^{i/d}\\] where \u003cem\u003eN\u003c/em\u003e is an integer and \u003cem\u003ed\u003c/em\u003e is a positive integer.\u003c/p\u003e \u003cp\u003eThis entry defines these series including their basic algebraic properties. Furthermore, it proves the Newton–Puiseux Theorem, namely that the Puiseux series over an algebraically closed field of characteristic 0 are also algebraically closed.\u003c/p\u003e", "authors": [ "Manuel Eberl" ], "date": "2021-02-17", - "id": 122, + "id": 123, "link": "/entries/Formal_Puiseux_Series.html", "permalink": "/entries/Formal_Puiseux_Series.html", "shortname": "Formal_Puiseux_Series", "title": "Formal Puiseux Series", "topic_links": [ "mathematics/algebra" ], "topics": [ "Mathematics/Algebra" ], "used_by": 0 }, { "abstract": "\u003cp\u003eThe Law of Large Numbers states that, informally, if one performs a random experiment $X$ many times and takes the average of the results, that average will be very close to the expected value $E[X]$.\u003c/p\u003e \u003cp\u003e More formally, let $(X_i)_{i\\in\\mathbb{N}}$ be a sequence of independently identically distributed random variables whose expected value $E[X_1]$ exists. Denote the running average of $X_1, \\ldots, X_n$ as $\\overline{X}_n$. Then:\u003c/p\u003e \u003cul\u003e \u003cli\u003eThe Weak Law of Large Numbers states that $\\overline{X}_{n} \\longrightarrow E[X_1]$ in probability for $n\\to\\infty$, i.e. $\\mathcal{P}(|\\overline{X}_{n} - E[X_1]| \u003e \\varepsilon) \\longrightarrow 0$ as $n\\to\\infty$ for any $\\varepsilon \u003e 0$.\u003c/li\u003e \u003cli\u003eThe Strong Law of Large Numbers states that $\\overline{X}_{n} \\longrightarrow E[X_1]$ almost surely for $n\\to\\infty$, i.e. $\\mathcal{P}(\\overline{X}_{n} \\longrightarrow E[X_1]) = 1$.\u003c/li\u003e \u003c/ul\u003e \u003cp\u003eIn this entry, I formally prove the strong law and from it the weak law. The approach used for the proof of the strong law is a particularly quick and slick one based on ergodic theory, which was formalised by Gouëzel in another AFP entry.\u003c/p\u003e", "authors": [ "Manuel Eberl" ], "date": "2021-02-10", - "id": 123, + "id": 124, "link": "/entries/Laws_of_Large_Numbers.html", "permalink": "/entries/Laws_of_Large_Numbers.html", "shortname": "Laws_of_Large_Numbers", "title": "The Laws of Large Numbers", "topic_links": [ "mathematics/probability-theory" ], "topics": [ "Mathematics/Probability theory" ], "used_by": 0 }, { "abstract": "\u003cp\u003eThe \u003ca href=\"https://geocoq.github.io/GeoCoq/\"\u003eGeoCoq library\u003c/a\u003e contains a formalization of geometry using the Coq proof assistant. It contains both proofs about the foundations of geometry and high-level proofs in the same style as in high school. We port a part of the GeoCoq 2.4.0 library to Isabelle/HOL: more precisely, the files Chap02.v to Chap13_3.v, suma.v as well as the associated definitions and some useful files for the demonstration of certain parallel postulates. The synthetic approach of the demonstrations is directly inspired by those contained in GeoCoq. The names of the lemmas and theorems used are kept as far as possible as well as the definitions. \u003c/p\u003e \u003cp\u003eIt should be noted that T.J.M. Makarios has done \u003ca href=\"https://www.isa-afp.org/entries/Tarskis_Geometry.html\"\u003esome proofs in Tarski's Geometry\u003c/a\u003e. It uses a definition that does not quite coincide with the definition used in Geocoq and here. Furthermore, corresponding definitions in the \u003ca href=\"https://www.isa-afp.org/entries/Poincare_Disc.html\"\u003ePoincaré Disc Model development\u003c/a\u003e are not identical to those defined in GeoCoq. \u003c/p\u003e \u003cp\u003eIn the last part, it is formalized that, in the neutral/absolute space, the axiom of the parallels of Tarski's system implies the Playfair axiom, the 5th postulate of Euclid and Euclid's original parallel postulate. These proofs, which are not constructive, are directly inspired by Pierre Boutry, Charly Gries, Julien Narboux and Pascal Schreck. \u003c/p\u003e", "authors": [ "Roland Coghetto" ], "date": "2021-01-31", - "id": 124, + "id": 125, "link": "/entries/IsaGeoCoq.html", "permalink": "/entries/IsaGeoCoq.html", "shortname": "IsaGeoCoq", "title": "Tarski's Parallel Postulate implies the 5th Postulate of Euclid, the Postulate of Playfair and the original Parallel Postulate of Euclid", "topic_links": [ "mathematics/geometry" ], "topics": [ "Mathematics/Geometry" ], "used_by": 0 }, { "abstract": "In a \u003ca href=\"https://xkcd.com/blue_eyes.html\"\u003epuzzle published by Randall Munroe\u003c/a\u003e, perfect logicians forbidden from communicating are stranded on an island, and may only leave once they have figured out their own eye color. We present a method of modeling the behavior of perfect logicians and formalize a solution of the puzzle.", "authors": [ "Maya Kądziołka" ], "date": "2021-01-30", - "id": 125, + "id": 126, "link": "/entries/Blue_Eyes.html", "permalink": "/entries/Blue_Eyes.html", "shortname": "Blue_Eyes", "title": "Solution to the xkcd Blue Eyes puzzle", "topic_links": [ "logic/general-logic/logics-of-knowledge-and-belief" ], "topics": [ "Logic/General logic/Logics of knowledge and belief" ], "used_by": 0 }, { "abstract": "This is a verified implementation of a constant time queue. The original design is due to \u003ca href=\"https://doi.org/10.1016/0020-0190(81)90030-2\"\u003eHood and Melville\u003c/a\u003e. This formalization follows the presentation in \u003cem\u003ePurely Functional Data Structures\u003c/em\u003eby Okasaki.", "authors": [ "Alejandro Gómez-Londoño" ], "date": "2021-01-18", - "id": 126, + "id": 127, "link": "/entries/Hood_Melville_Queue.html", "permalink": "/entries/Hood_Melville_Queue.html", "shortname": "Hood_Melville_Queue", "title": "Hood-Melville Queue", "topic_links": [ "computer-science/data-structures" ], "topics": [ "Computer science/Data structures" ], "used_by": 0 }, { "abstract": "We extend Jinja to include static fields, methods, and instructions, and dynamic class initialization, based on the Java SE 8 specification. This includes extension of definitions and proofs. This work is partially described in Mansky and Gunter's paper at CPP 2019 and Mansky's doctoral thesis (UIUC, 2020).", "authors": [ "Susannah Mansky" ], "date": "2021-01-11", - "id": 127, + "id": 128, "link": "/entries/JinjaDCI.html", "permalink": "/entries/JinjaDCI.html", "shortname": "JinjaDCI", "title": "JinjaDCI: a Java semantics with dynamic class initialization", "topic_links": [ "computer-science/programming-languages/language-definitions" ], "topics": [ "Computer science/Programming languages/Language definitions" ], "used_by": 1 }, { "abstract": "We formalize the basic results on cofinality of linearly ordered sets and ordinals and Šanin’s Lemma for uncountable families of finite sets. This last result is used to prove the countable chain condition for Cohen posets. We work in the set theory framework of Isabelle/ZF, using the Axiom of Choice as needed.", "authors": [ "Pedro Sánchez Terraf" ], "date": "2020-12-27", - "id": 128, + "id": 129, "link": "/entries/Delta_System_Lemma.html", "permalink": "/entries/Delta_System_Lemma.html", "shortname": "Delta_System_Lemma", "title": "Cofinality and the Delta System Lemma", "topic_links": [ "mathematics/combinatorics", "logic/set-theory" ], "topics": [ "Mathematics/Combinatorics", "Logic/Set theory" ], "used_by": 1 }, { "abstract": "We introduce a generalized topological semantics for paraconsistent and paracomplete logics by drawing upon early works on topological Boolean algebras (cf. works by Kuratowski, Zarycki, McKinsey \u0026 Tarski, etc.). In particular, this work exemplarily illustrates the shallow semantical embeddings approach (\u003ca href=\"http://dx.doi.org/10.1007/s11787-012-0052-y\"\u003eSSE\u003c/a\u003e) employing the proof assistant Isabelle/HOL. By means of the SSE technique we can effectively harness theorem provers, model finders and 'hammers' for reasoning with quantified non-classical logics.", "authors": [ "David Fuenmayor" ], "date": "2020-12-17", - "id": 129, + "id": 130, "link": "/entries/Topological_Semantics.html", "permalink": "/entries/Topological_Semantics.html", "shortname": "Topological_Semantics", "title": "Topological semantics for paraconsistent and paracomplete logics", "topic_links": [ "logic/general-logic" ], "topics": [ "Logic/General logic" ], "used_by": 0 }, { "abstract": "We verify the correctness of Prim's, Kruskal's and Borůvka's minimum spanning tree algorithms based on algebras for aggregation and minimisation.", "authors": [ "Walter Guttmann", "Nicolas Robinson-O'Brien" ], "date": "2020-12-08", - "id": 130, + "id": 131, "link": "/entries/Relational_Minimum_Spanning_Trees.html", "permalink": "/entries/Relational_Minimum_Spanning_Trees.html", "shortname": "Relational_Minimum_Spanning_Trees", "title": "Relational Minimum Spanning Tree Algorithms", "topic_links": [ "computer-science/algorithms/graph" ], "topics": [ "Computer science/Algorithms/Graph" ], "used_by": 0 }, { "abstract": "This Isabelle/HOL formalization builds on the \u003cem\u003eVeriComp\u003c/em\u003e entry of the \u003cem\u003eArchive of Formal Proofs\u003c/em\u003e to provide the following contributions: \u003cul\u003e \u003cli\u003ean operational semantics for a realistic virtual machine (Std) for dynamically typed programming languages;\u003c/li\u003e \u003cli\u003ethe formalization of an inline caching optimization (Inca), a proof of bisimulation with (Std), and a compilation function;\u003c/li\u003e \u003cli\u003ethe formalization of an unboxing optimization (Ubx), a proof of bisimulation with (Inca), and a simple compilation function.\u003c/li\u003e \u003c/ul\u003e This formalization was described in the CPP 2021 paper \u003cem\u003eTowards Efficient and Verified Virtual Machines for Dynamic Languages\u003c/em\u003e", "authors": [ "Martin Desharnais" ], "date": "2020-12-07", - "id": 131, + "id": 132, "link": "/entries/Interpreter_Optimizations.html", "permalink": "/entries/Interpreter_Optimizations.html", "shortname": "Interpreter_Optimizations", "title": "Inline Caching and Unboxing Optimization for Interpreters", "topic_links": [ "computer-science/programming-languages/misc" ], "topics": [ "Computer science/Programming languages/Misc" ], "used_by": 0 }, { "abstract": "This paper introduces a new method for the formal verification of cryptographic protocols, the relational method, derived from Paulson's inductive method by means of some enhancements aimed at streamlining formal definitions and proofs, specially for protocols using public key cryptography. Moreover, this paper proposes a method to formalize a further security property, message anonymity, in addition to message confidentiality and authenticity. The relational method, including message anonymity, is then applied to the verification of a sample authentication protocol, comprising Password Authenticated Connection Establishment (PACE) with Chip Authentication Mapping followed by the explicit verification of an additional password over the PACE secure channel.", "authors": [ "Pasquale Noce" ], "date": "2020-12-05", - "id": 132, + "id": 133, "link": "/entries/Relational_Method.html", "permalink": "/entries/Relational_Method.html", "shortname": "Relational_Method", "title": "The Relational Method with Message Anonymity for the Verification of Cryptographic Protocols", "topic_links": [ "computer-science/security" ], "topics": [ "Computer science/Security" ], "used_by": 0 }, { "abstract": "This work is an effort to formalise some quantum algorithms and results in quantum information theory. Formal methods being critical for the safety and security of algorithms and protocols, we foresee their widespread use for quantum computing in the future. We have developed a large library for quantum computing in Isabelle based on a matrix representation for quantum circuits, successfully formalising the no-cloning theorem, quantum teleportation, Deutsch's algorithm, the Deutsch-Jozsa algorithm and the quantum Prisoner's Dilemma.", "authors": [ "Anthony Bordg", "Hanna Lachnitt", "Yijun He" ], "date": "2020-11-22", - "id": 133, + "id": 134, "link": "/entries/Isabelle_Marries_Dirac.html", "permalink": "/entries/Isabelle_Marries_Dirac.html", "shortname": "Isabelle_Marries_Dirac", "title": "Isabelle Marries Dirac: a Library for Quantum Computation and Quantum Information", "topic_links": [ "computer-science/algorithms/quantum-computing", "mathematics/physics/quantum-information" ], "topics": [ "Computer science/Algorithms/Quantum computing", "Mathematics/Physics/Quantum information" ], "used_by": 1 }, { "abstract": "We use a formal development for CSP, called HOL-CSP2.0, to analyse a family of refinement notions, comprising classic and new ones. This analysis enables to derive a number of properties that allow to deepen the understanding of these notions, in particular with respect to specification decomposition principles for the case of infinite sets of events. The established relations between the refinement relations help to clarify some obscure points in the CSP literature, but also provide a weapon for shorter refinement proofs. Furthermore, we provide a framework for state-normalisation allowing to formally reason on parameterised process architectures. As a result, we have a modern environment for formal proofs of concurrent systems that allow for the combination of general infinite processes with locally finite ones in a logically safe way. We demonstrate these verification-techniques for classical, generalised examples: The CopyBuffer for arbitrary data and the Dijkstra's Dining Philosopher Problem of arbitrary size.", "authors": [ "Safouan Taha", "Burkhart Wolff", "Lina Ye" ], "date": "2020-11-19", - "id": 134, + "id": 135, "link": "/entries/CSP_RefTK.html", "permalink": "/entries/CSP_RefTK.html", "shortname": "CSP_RefTK", "title": "The HOL-CSP Refinement Toolkit", "topic_links": [ "computer-science/concurrency/process-calculi", "computer-science/semantics-and-reasoning" ], "topics": [ "Computer science/Concurrency/Process calculi", "Computer science/Semantics and reasoning" ], "used_by": 0 }, { "abstract": "This is an Isabelle/HOL formalisation of the semantics of the multi-valued planning tasks language that is used by the planning system Fast-Downward, the STRIPS fragment of the Planning Domain Definition Language (PDDL), and the STRIPS soundness meta-theory developed by Vladimir Lifschitz. It also contains formally verified checkers for checking the well-formedness of problems specified in either language as well the correctness of potential solutions. The formalisation in this entry was described in an earlier publication.", "authors": [ "Mohammad Abdulaziz", "Peter Lammich" ], "date": "2020-10-29", - "id": 135, + "id": 136, "link": "/entries/AI_Planning_Languages_Semantics.html", "permalink": "/entries/AI_Planning_Languages_Semantics.html", "shortname": "AI_Planning_Languages_Semantics", "title": "AI Planning Languages Semantics", "topic_links": [ "computer-science/artificial-intelligence" ], "topics": [ "Computer science/Artificial intelligence" ], "used_by": 1 }, { "abstract": "We present an executable formally verified SAT encoding of classical AI planning that is based on the encodings by Kautz and Selman and the one by Rintanen et al. The encoding was experimentally tested and shown to be usable for reasonably sized standard AI planning benchmarks. We also use it as a reference to test a state-of-the-art SAT-based planner, showing that it sometimes falsely claims that problems have no solutions of certain lengths. The formalisation in this submission was described in an independent publication.", "authors": [ "Mohammad Abdulaziz", "Friedrich Kurz" ], "date": "2020-10-29", - "id": 136, + "id": 137, "link": "/entries/Verified_SAT_Based_AI_Planning.html", "permalink": "/entries/Verified_SAT_Based_AI_Planning.html", "shortname": "Verified_SAT_Based_AI_Planning", "title": "Verified SAT-Based AI Planning", "topic_links": [ "computer-science/artificial-intelligence" ], "topics": [ "Computer science/Artificial intelligence" ], "used_by": 0 }, { "abstract": "The present Isabelle theory builds a formal model for both the International System of Quantities (ISQ) and the International System of Units (SI), which are both fundamental for physics and engineering. Both the ISQ and the SI are deeply integrated into Isabelle's type system. Quantities are parameterised by dimension types, which correspond to base vectors, and thus only quantities of the same dimension can be equated. Since the underlying \"algebra of quantities\" induces congruences on quantity and SI types, specific tactic support is developed to capture these. Our construction is validated by a test-set of known equivalences between both quantities and SI units. Moreover, the presented theory can be used for type-safe conversions between the SI system and others, like the British Imperial System (BIS).", "authors": [ "Simon Foster", "Burkhart Wolff" ], "date": "2020-10-20", - "id": 137, + "id": 138, "link": "/entries/Physical_Quantities.html", "permalink": "/entries/Physical_Quantities.html", "shortname": "Physical_Quantities", "title": "A Sound Type System for Physical Quantities, Units, and Measurements", "topic_links": [ "mathematics/physics", "computer-science/programming-languages/type-systems" ], "topics": [ "Mathematics/Physics", "Computer science/Programming languages/Type systems" ], "used_by": 0 }, { "abstract": "This entry includes useful syntactic sugar, new operators and functions, and their associated lemmas for finite maps which currently are not present in the standard Finite_Map theory.", "authors": [ "Javier Díaz" ], "date": "2020-10-12", - "id": 138, + "id": 139, "link": "/entries/Finite-Map-Extras.html", "permalink": "/entries/Finite-Map-Extras.html", "shortname": "Finite-Map-Extras", "title": "Finite Map Extras", "topic_links": [ "computer-science/data-structures" ], "topics": [ "Computer science/Data structures" ], "used_by": 0 }, { "abstract": "In this AFP entry, we extend our formalization of the core DOM with Shadow Roots. Shadow roots are a recent proposal of the web community to support a component-based development approach for client-side web applications. Shadow roots are a significant extension to the DOM standard and, as web standards are condemned to be backward compatible, such extensions often result in complex specification that may contain unwanted subtleties that can be detected by a formalization. Our Isabelle/HOL formalization is, in the sense of object-orientation, an extension of our formalization of the core DOM and enjoys the same basic properties, i.e., it is extensible, i.e., can be extended without the need of re-proving already proven properties and executable, i.e., we can generate executable code from our specification. We exploit the executability to show that our formalization complies to the official standard of the W3C, respectively, the WHATWG.", "authors": [ "Achim D. Brucker", "Michael Herzberg" ], "date": "2020-09-28", - "id": 139, + "id": 140, "link": "/entries/Shadow_DOM.html", "permalink": "/entries/Shadow_DOM.html", "shortname": "Shadow_DOM", "title": "A Formal Model of the Document Object Model with Shadow Roots", "topic_links": [ "computer-science/data-structures" ], "topics": [ "Computer science/Data structures" ], "used_by": 1 }, { "abstract": "In this AFP entry, we extend our formalization of the safely composable DOM with Shadow Roots. This is a proposal for Shadow Roots with stricter safety guarantess than the standard compliant formalization (see \"Shadow DOM\"). Shadow Roots are a recent proposal of the web community to support a component-based development approach for client-side web applications. Shadow roots are a significant extension to the DOM standard and, as web standards are condemned to be backward compatible, such extensions often result in complex specification that may contain unwanted subtleties that can be detected by a formalization. Our Isabelle/HOL formalization is, in the sense of object-orientation, an extension of our formalization of the core DOM and enjoys the same basic properties, i.e., it is extensible, i.e., can be extended without the need of re-proving already proven properties and executable, i.e., we can generate executable code from our specification. We exploit the executability to show that our formalization complies to the official standard of the W3C, respectively, the WHATWG.", "authors": [ "Achim D. Brucker", "Michael Herzberg" ], "date": "2020-09-28", - "id": 140, + "id": 141, "link": "/entries/Shadow_SC_DOM.html", "permalink": "/entries/Shadow_SC_DOM.html", "shortname": "Shadow_SC_DOM", "title": "A Formal Model of the Safely Composable Document Object Model with Shadow Roots", "topic_links": [ "computer-science/data-structures" ], "topics": [ "Computer science/Data structures" ], "used_by": 1 }, { "abstract": "While the (safely composable) DOM with shadow trees provide the technical basis for defining web components, it does neither defines the concept of web components nor specifies the safety properties that web components should guarantee. Consequently, the standard also does not discuss how or even if the methods for modifying the DOM respect component boundaries. In AFP entry, we present a formally verified model of safely composable web components and define safety properties which ensure that different web components can only interact with each other using well-defined interfaces. Moreover, our verification of the application programming interface (API) of the DOM revealed numerous invariants that implementations of the DOM API need to preserve to ensure the integrity of components. In comparison to the strict standard compliance formalization of Web Components in the AFP entry \"DOM_Components\", the notion of components in this entry (based on \"SC_DOM\" and \"Shadow_SC_DOM\") provides much stronger safety guarantees.", "authors": [ "Achim D. Brucker", "Michael Herzberg" ], "date": "2020-09-28", - "id": 141, + "id": 142, "link": "/entries/SC_DOM_Components.html", "permalink": "/entries/SC_DOM_Components.html", "shortname": "SC_DOM_Components", "title": "A Formalization of Safely Composable Web Components", "topic_links": [ "computer-science/data-structures" ], "topics": [ "Computer science/Data structures" ], "used_by": 0 }, { "abstract": "While the DOM with shadow trees provide the technical basis for defining web components, the DOM standard neither defines the concept of web components nor specifies the safety properties that web components should guarantee. Consequently, the standard also does not discuss how or even if the methods for modifying the DOM respect component boundaries. In AFP entry, we present a formally verified model of web components and define safety properties which ensure that different web components can only interact with each other using well-defined interfaces. Moreover, our verification of the application programming interface (API) of the DOM revealed numerous invariants that implementations of the DOM API need to preserve to ensure the integrity of components.", "authors": [ "Achim D. Brucker", "Michael Herzberg" ], "date": "2020-09-28", - "id": 142, + "id": 143, "link": "/entries/DOM_Components.html", "permalink": "/entries/DOM_Components.html", "shortname": "DOM_Components", "title": "A Formalization of Web Components", "topic_links": [ "computer-science/data-structures" ], "topics": [ "Computer science/Data structures" ], "used_by": 0 }, { "abstract": "In this AFP entry, we formalize the core of the Safely Composable Document Object Model (SC DOM). The SC DOM improve the standard DOM (as formalized in the AFP entry \"Core DOM\") by strengthening the tree boundaries set by shadow roots: in the SC DOM, the shadow root is a sub-class of the document class (instead of a base class). This modifications also results in changes to some API methods (e.g., getOwnerDocument) to return the nearest shadow root rather than the document root. As a result, many API methods that, when called on a node inside a shadow tree, would previously ``break out'' and return or modify nodes that are possibly outside the shadow tree, now stay within its boundaries. This change in behavior makes programs that operate on shadow trees more predictable for the developer and allows them to make more assumptions about other code accessing the DOM.", "authors": [ "Achim D. Brucker", "Michael Herzberg" ], "date": "2020-09-28", - "id": 143, + "id": 144, "link": "/entries/Core_SC_DOM.html", "permalink": "/entries/Core_SC_DOM.html", "shortname": "Core_SC_DOM", "title": "The Safely Composable DOM", "topic_links": [ "computer-science/data-structures" ], "topics": [ "Computer science/Data structures" ], "used_by": 1 }, { "abstract": "We present an abstract formalization of G\u0026ouml;del's incompleteness theorems. We analyze sufficient conditions for the theorems' applicability to a partially specified logic. Our abstract perspective enables a comparison between alternative approaches from the literature. These include Rosser's variation of the first theorem, Jeroslow's variation of the second theorem, and the Swierczkowski\u0026ndash;Paulson semantics-based approach. This AFP entry is the main entry point to the results described in our CADE-27 paper \u003ca href=\"https://dx.doi.org/10.1007/978-3-030-29436-6_26\"\u003eA Formally Verified Abstract Account of Gödel's Incompleteness Theorems\u003c/a\u003e. As part of our abstract formalization's validation, we instantiate our locales twice in the separate AFP entries \u003ca href=\"https://www.isa-afp.org/entries/Goedel_HFSet_Semantic.html\"\u003eGoedel_HFSet_Semantic\u003c/a\u003e and \u003ca href=\"https://www.isa-afp.org/entries/Goedel_HFSet_Semanticless.html\"\u003eGoedel_HFSet_Semanticless\u003c/a\u003e.", "authors": [ "Andrei Popescu", "Dmitriy Traytel" ], "date": "2020-09-16", - "id": 144, + "id": 145, "link": "/entries/Goedel_Incompleteness.html", "permalink": "/entries/Goedel_Incompleteness.html", "shortname": "Goedel_Incompleteness", "title": "An Abstract Formalization of G\u0026ouml;del's Incompleteness Theorems", "topic_links": [ "logic/proof-theory" ], "topics": [ "Logic/Proof theory" ], "used_by": 2 }, { "abstract": "We validate an abstract formulation of G\u0026ouml;del's First and Second Incompleteness Theorems from a \u003ca href=\"https://www.isa-afp.org/entries/Goedel_Incompleteness.html\"\u003eseparate AFP entry\u003c/a\u003e by instantiating them to the case of \u003ci\u003efinite sound extensions of the Hereditarily Finite (HF) Set theory\u003c/i\u003e, i.e., FOL theories extending the HF Set theory with a finite set of axioms that are sound in the standard model. The concrete results had been previously formalised in an \u003ca href=\"https://www.isa-afp.org/entries/Incompleteness.html\"\u003eAFP entry by Larry Paulson\u003c/a\u003e; our instantiation reuses the infrastructure developed in that entry.", "authors": [ "Andrei Popescu", "Dmitriy Traytel" ], "date": "2020-09-16", - "id": 145, + "id": 146, "link": "/entries/Goedel_HFSet_Semantic.html", "permalink": "/entries/Goedel_HFSet_Semantic.html", "shortname": "Goedel_HFSet_Semantic", "title": "From Abstract to Concrete G\u0026ouml;del's Incompleteness Theorems\u0026mdash;Part I", "topic_links": [ "logic/proof-theory" ], "topics": [ "Logic/Proof theory" ], "used_by": 0 }, { "abstract": "We validate an abstract formulation of G\u0026ouml;del's Second Incompleteness Theorem from a \u003ca href=\"https://www.isa-afp.org/entries/Goedel_Incompleteness.html\"\u003eseparate AFP entry\u003c/a\u003e by instantiating it to the case of \u003ci\u003efinite consistent extensions of the Hereditarily Finite (HF) Set theory\u003c/i\u003e, i.e., consistent FOL theories extending the HF Set theory with a finite set of axioms. The instantiation draws heavily on infrastructure previously developed by Larry Paulson in his \u003ca href=\"https://www.isa-afp.org/entries/Incompleteness.html\"\u003edirect formalisation of the concrete result\u003c/a\u003e. It strengthens Paulson's formalization of G\u0026ouml;del's Second from that entry by \u003ci\u003enot\u003c/i\u003e assuming soundness, and in fact not relying on any notion of model or semantic interpretation. The strengthening was obtained by first replacing some of Paulson’s semantic arguments with proofs within his HF calculus, and then plugging in some of Paulson's (modified) lemmas to instantiate our soundness-free G\u0026ouml;del's Second locale.", "authors": [ "Andrei Popescu", "Dmitriy Traytel" ], "date": "2020-09-16", - "id": 146, + "id": 147, "link": "/entries/Goedel_HFSet_Semanticless.html", "permalink": "/entries/Goedel_HFSet_Semanticless.html", "shortname": "Goedel_HFSet_Semanticless", "title": "From Abstract to Concrete G\u0026ouml;del's Incompleteness Theorems\u0026mdash;Part II", "topic_links": [ "logic/proof-theory" ], "topics": [ "Logic/Proof theory" ], "used_by": 0 }, { "abstract": "We instantiate our syntax-independent logic infrastructure developed in \u003ca href=\"https://www.isa-afp.org/entries/Syntax_Independent_Logic.html\"\u003ea separate AFP entry\u003c/a\u003e to the FOL theory of Robinson arithmetic (also known as Q). The latter was formalised using Nominal Isabelle by adapting \u003ca href=\"https://www.isa-afp.org/entries/Incompleteness.html\"\u003eLarry Paulson’s formalization of the Hereditarily Finite Set theory\u003c/a\u003e.", "authors": [ "Andrei Popescu", "Dmitriy Traytel" ], "date": "2020-09-16", - "id": 147, + "id": 148, "link": "/entries/Robinson_Arithmetic.html", "permalink": "/entries/Robinson_Arithmetic.html", "shortname": "Robinson_Arithmetic", "title": "Robinson Arithmetic", "topic_links": [ "logic/proof-theory" ], "topics": [ "Logic/Proof theory" ], "used_by": 0 }, { "abstract": "We formalize a notion of logic whose terms and formulas are kept abstract. In particular, logical connectives, substitution, free variables, and provability are not defined, but characterized by their general properties as locale assumptions. Based on this abstract characterization, we develop further reusable reasoning infrastructure. For example, we define parallel substitution (along with proving its characterizing theorems) from single-point substitution. Similarly, we develop a natural deduction style proof system starting from the abstract Hilbert-style one. These one-time efforts benefit different concrete logics satisfying our locales' assumptions. We instantiate the syntax-independent logic infrastructure to Robinson arithmetic (also known as Q) in the AFP entry \u003ca href=\"https://www.isa-afp.org/entries/Robinson_Arithmetic.html\"\u003eRobinson_Arithmetic\u003c/a\u003e and to hereditarily finite set theory in the AFP entries \u003ca href=\"https://www.isa-afp.org/entries/Goedel_HFSet_Semantic.html\"\u003eGoedel_HFSet_Semantic\u003c/a\u003e and \u003ca href=\"https://www.isa-afp.org/entries/Goedel_HFSet_Semanticless.html\"\u003eGoedel_HFSet_Semanticless\u003c/a\u003e, which are part of our formalization of G\u0026ouml;del's Incompleteness Theorems described in our CADE-27 paper \u003ca href=\"https://dx.doi.org/10.1007/978-3-030-29436-6_26\"\u003eA Formally Verified Abstract Account of Gödel's Incompleteness Theorems\u003c/a\u003e.", "authors": [ "Andrei Popescu", "Dmitriy Traytel" ], "date": "2020-09-16", - "id": 148, + "id": 149, "link": "/entries/Syntax_Independent_Logic.html", "permalink": "/entries/Syntax_Independent_Logic.html", "shortname": "Syntax_Independent_Logic", "title": "Syntax-Independent Logic Infrastructure", "topic_links": [ "logic/proof-theory" ], "topics": [ "Logic/Proof theory" ], "used_by": 2 }, { "abstract": "In this AFP entry, we provide a formalisation of extended finite state machines (EFSMs) where models are represented as finite sets of transitions between states. EFSMs execute traces to produce observable outputs. We also define various simulation and equality metrics for EFSMs in terms of traces and prove their strengths in relation to each other. Another key contribution is a framework of function definitions such that LTL properties can be phrased over EFSMs. Finally, we provide a simple example case study in the form of a drinks machine.", "authors": [ "Michael Foster", "Achim D. Brucker", "Ramsay G. Taylor", "John Derrick" ], "date": "2020-09-07", - "id": 149, + "id": 150, "link": "/entries/Extended_Finite_State_Machines.html", "permalink": "/entries/Extended_Finite_State_Machines.html", "shortname": "Extended_Finite_State_Machines", "title": "A Formal Model of Extended Finite State Machines", "topic_links": [ "computer-science/automata-and-formal-languages" ], "topics": [ "Computer science/Automata and formal languages" ], "used_by": 1 }, { "abstract": "In this AFP entry, we provide a formal implementation of a state-merging technique to infer extended finite state machines (EFSMs), complete with output and update functions, from black-box traces. In particular, we define the subsumption in context relation as a means of determining whether one transition is able to account for the behaviour of another. Building on this, we define the direct subsumption relation, which lifts the subsumption in context relation to EFSM level such that we can use it to determine whether it is safe to merge a given pair of transitions. Key proofs include the conditions necessary for subsumption to occur and that subsumption and direct subsumption are preorder relations. We also provide a number of different heuristics which can be used to abstract away concrete values into registers so that more states and transitions can be merged and provide proofs of the various conditions which must hold for these abstractions to subsume their ungeneralised counterparts. A Code Generator setup to create executable Scala code is also defined.", "authors": [ "Michael Foster", "Achim D. Brucker", "Ramsay G. Taylor", "John Derrick" ], "date": "2020-09-07", - "id": 150, + "id": 151, "link": "/entries/Extended_Finite_State_Machine_Inference.html", "permalink": "/entries/Extended_Finite_State_Machine_Inference.html", "shortname": "Extended_Finite_State_Machine_Inference", "title": "Inference of Extended Finite State Machines", "topic_links": [ "computer-science/automata-and-formal-languages" ], "topics": [ "Computer science/Automata and formal languages" ], "used_by": 0 }, { "abstract": "Generating and checking proof certificates is important to increase the trust in automated reasoning tools. In recent years formal verification using computer algebra became more important and is heavily used in automated circuit verification. An existing proof format which covers algebraic reasoning and allows efficient proof checking is the practical algebraic calculus (PAC). In this development, we present the verified checker Pastèque that is obtained by synthesis via the Refinement Framework. This is the formalization going with our FMCAD'20 tool presentation.", "authors": [ "Mathias Fleury", "Daniela Kaufmann" ], "date": "2020-08-31", - "id": 151, + "id": 152, "link": "/entries/PAC_Checker.html", "permalink": "/entries/PAC_Checker.html", "shortname": "PAC_Checker", "title": "Practical Algebraic Calculus Checker", "topic_links": [ "computer-science/algorithms" ], "topics": [ "Computer science/Algorithms" ], "used_by": 0 }, { "abstract": "\u003cp\u003e This entry formalizes some classical concepts and results from inductive inference of recursive functions. In the basic setting a partial recursive function (\"strategy\") must identify (\"learn\") all functions from a set (\"class\") of recursive functions. To that end the strategy receives more and more values $f(0), f(1), f(2), \\ldots$ of some function $f$ from the given class and in turn outputs descriptions of partial recursive functions, for example, Gödel numbers. The strategy is considered successful if the sequence of outputs (\"hypotheses\") converges to a description of $f$. A class of functions learnable in this sense is called \"learnable in the limit\". The set of all these classes is denoted by LIM. \u003c/p\u003e \u003cp\u003e Other types of inference considered are finite learning (FIN), behaviorally correct learning in the limit (BC), and some variants of LIM with restrictions on the hypotheses: total learning (TOTAL), consistent learning (CONS), and class-preserving learning (CP). The main results formalized are the proper inclusions $\\mathrm{FIN} \\subset \\mathrm{CP} \\subset \\mathrm{TOTAL} \\subset \\mathrm{CONS} \\subset \\mathrm{LIM} \\subset \\mathrm{BC} \\subset 2^{\\mathcal{R}}$, where $\\mathcal{R}$ is the set of all total recursive functions. Further results show that for all these inference types except CONS, strategies can be assumed to be total recursive functions; that all inference types but CP are closed under the subset relation between classes; and that no inference type is closed under the union of classes. \u003c/p\u003e \u003cp\u003e The above is based on a formalization of recursive functions heavily inspired by the \u003ca href=\"https://www.isa-afp.org/entries/Universal_Turing_Machine.html\"\u003eUniversal Turing Machine\u003c/a\u003e entry by Xu et al., but different in that it models partial functions with codomain \u003cem\u003enat option\u003c/em\u003e. The formalization contains a construction of a universal partial recursive function, without resorting to Turing machines, introduces decidability and recursive enumerability, and proves some standard results: existence of a Kleene normal form, the \u003cem\u003es-m-n\u003c/em\u003e theorem, Rice's theorem, and assorted fixed-point theorems (recursion theorems) by Kleene, Rogers, and Smullyan. \u003c/p\u003e", "authors": [ "Frank J. Balbach" ], "date": "2020-08-31", - "id": 152, + "id": 153, "link": "/entries/Inductive_Inference.html", "permalink": "/entries/Inductive_Inference.html", "shortname": "Inductive_Inference", "title": "Some classical results in inductive inference of recursive functions", "topic_links": [ "logic/computability", "computer-science/machine-learning" ], "topics": [ "Logic/Computability", "Computer science/Machine learning" ], "used_by": 0 }, { "abstract": "We give a simple relation-algebraic semantics of read and write operations on associative arrays. The array operations seamlessly integrate with assignments in the Hoare-logic library. Using relation algebras and Kleene algebras we verify the correctness of an array-based implementation of disjoint-set forests with a naive union operation and a find operation with path compression.", "authors": [ "Walter Guttmann" ], "date": "2020-08-26", - "id": 153, + "id": 154, "link": "/entries/Relational_Disjoint_Set_Forests.html", "permalink": "/entries/Relational_Disjoint_Set_Forests.html", "shortname": "Relational_Disjoint_Set_Forests", "title": "Relational Disjoint-Set Forests", "topic_links": [ "computer-science/data-structures" ], "topics": [ "Computer science/Data structures" ], "used_by": 1 }, { "abstract": "This Isabelle/HOL formalization extends the AFP entry \u003cem\u003eSaturation_Framework\u003c/em\u003e with the following contributions: \u003cul\u003e \u003cli\u003ean application of the framework to prove Bachmair and Ganzinger's resolution prover RP refutationally complete, which was formalized in a more ad hoc fashion by Schlichtkrull et al. in the AFP entry \u003cem\u003eOrdered_Resultion_Prover\u003c/em\u003e;\u003c/li\u003e \u003cli\u003egeneralizations of various basic concepts formalized by Schlichtkrull et al., which were needed to verify RP and could be useful to formalize other calculi, such as superposition;\u003c/li\u003e \u003cli\u003ealternative proofs of fairness (and hence saturation and ultimately refutational completeness) for the given clause procedures GC and LGC, based on invariance.\u003c/li\u003e \u003c/ul\u003e", "authors": [ "Jasmin Christian Blanchette", "Sophie Tourret" ], "date": "2020-08-25", - "id": 154, + "id": 155, "link": "/entries/Saturation_Framework_Extensions.html", "permalink": "/entries/Saturation_Framework_Extensions.html", "shortname": "Saturation_Framework_Extensions", "title": "Extensions to the Comprehensive Framework for Saturation Theorem Proving", "topic_links": [ "logic/general-logic/mechanization-of-proofs" ], "topics": [ "Logic/General logic/Mechanization of proofs" ], "used_by": 0 }, { "abstract": "Richard Bird and collaborators have proposed a derivation of an intricate cyclic program that implements the Morris-Pratt string matching algorithm. Here we provide a proof of total correctness for Bird's derivation and complete it by adding Knuth's optimisation.", "authors": [ "Peter Gammie" ], "date": "2020-08-25", - "id": 155, + "id": 156, "link": "/entries/BirdKMP.html", "permalink": "/entries/BirdKMP.html", "shortname": "BirdKMP", "title": "Putting the `K' into Bird's derivation of Knuth-Morris-Pratt string matching", "topic_links": [ "computer-science/functional-programming" ], "topics": [ "Computer science/Functional programming" ], "used_by": 0 }, { "abstract": "This is a formalisation of Amicable Numbers, involving some relevant material including Euler's sigma function, some relevant definitions, results and examples as well as rules such as Th\u0026#257;bit ibn Qurra's Rule, Euler's Rule, te Riele's Rule and Borho's Rule with breeders.", "authors": [ "Angeliki Koutsoukou-Argyraki" ], "date": "2020-08-04", - "id": 156, + "id": 157, "link": "/entries/Amicable_Numbers.html", "permalink": "/entries/Amicable_Numbers.html", "shortname": "Amicable_Numbers", "title": "Amicable Numbers", "topic_links": [ "mathematics/number-theory" ], "topics": [ "Mathematics/Number theory" ], "used_by": 0 }, { "abstract": "The theory of partition relations concerns generalisations of Ramsey's theorem. For any ordinal $\\alpha$, write $\\alpha \\to (\\alpha, m)^2$ if for each function $f$ from unordered pairs of elements of $\\alpha$ into $\\{0,1\\}$, either there is a subset $X\\subseteq \\alpha$ order-isomorphic to $\\alpha$ such that $f\\{x,y\\}=0$ for all $\\{x,y\\}\\subseteq X$, or there is an $m$ element set $Y\\subseteq \\alpha$ such that $f\\{x,y\\}=1$ for all $\\{x,y\\}\\subseteq Y$. (In both cases, with $\\{x,y\\}$ we require $x\\not=y$.) In particular, the infinite Ramsey theorem can be written in this notation as $\\omega \\to (\\omega, \\omega)^2$, or if we restrict $m$ to the positive integers as above, then $\\omega \\to (\\omega, m)^2$ for all $m$. This entry formalises Larson's proof of $\\omega^\\omega \\to (\\omega^\\omega, m)^2$ along with a similar proof of a result due to Specker: $\\omega^2 \\to (\\omega^2, m)^2$. Also proved is a necessary result by Erdős and Milner: $\\omega^{1+\\alpha\\cdot n} \\to (\\omega^{1+\\alpha}, 2^n)^2$.", "authors": [ "Lawrence C. Paulson" ], "date": "2020-08-03", - "id": 157, + "id": 158, "link": "/entries/Ordinal_Partitions.html", "permalink": "/entries/Ordinal_Partitions.html", "shortname": "Ordinal_Partitions", "title": "Ordinal Partitions", "topic_links": [ "mathematics/combinatorics", "logic/set-theory" ], "topics": [ "Mathematics/Combinatorics", "Logic/Set theory" ], "used_by": 0 }, { "abstract": "We provide a suitable distributed system model and implementation of the Chandy--Lamport distributed snapshot algorithm [ACM Transactions on Computer Systems, 3, 63-75, 1985]. Our main result is a formal termination and correctness proof of the Chandy--Lamport algorithm and its use in stable property detection.", "authors": [ "Ben Fiedler", "Dmitriy Traytel" ], "date": "2020-07-21", - "id": 158, + "id": 159, "link": "/entries/Chandy_Lamport.html", "permalink": "/entries/Chandy_Lamport.html", "shortname": "Chandy_Lamport", "title": "A Formal Proof of The Chandy--Lamport Distributed Snapshot Algorithm", "topic_links": [ "computer-science/algorithms/distributed" ], "topics": [ "Computer science/Algorithms/Distributed" ], "used_by": 0 }, { "abstract": "Binary relations are one of the standard ways to encode, characterise and reason about graphs. Relation algebras provide equational axioms for a large fragment of the calculus of binary relations. Although relations are standard tools in many areas of mathematics and computing, researchers usually fall back to point-wise reasoning when it comes to arguments about paths in a graph. We present a purely algebraic way to specify different kinds of paths in Kleene relation algebras, which are relation algebras equipped with an operation for reflexive transitive closure. We study the relationship between paths with a designated root vertex and paths without such a vertex. Since we stay in first-order logic this development helps with mechanising proofs. To demonstrate the applicability of the algebraic framework we verify the correctness of three basic graph algorithms.", "authors": [ "Walter Guttmann", "Peter Höfner" ], "date": "2020-07-13", - "id": 159, + "id": 160, "link": "/entries/Relational_Paths.html", "permalink": "/entries/Relational_Paths.html", "shortname": "Relational_Paths", "title": "Relational Characterisations of Paths", "topic_links": [ "mathematics/graph-theory" ], "topics": [ "Mathematics/Graph theory" ], "used_by": 0 }, { "abstract": "The Vienna Convention on Road Traffic defines the safe distance traffic rules informally. This could make autonomous vehicle liable for safe-distance-related accidents because there is no clear definition of how large a safe distance is. We provide a formally proven prescriptive definition of a safe distance, and checkers which can decide whether an autonomous vehicle is obeying the safe distance rule. Not only does our work apply to the domain of law, but it also serves as a specification for autonomous vehicle manufacturers and for online verification of path planners.", "authors": [ "Albert Rizaldi", "Fabian Immler" ], "date": "2020-06-01", - "id": 160, + "id": 161, "link": "/entries/Safe_Distance.html", "permalink": "/entries/Safe_Distance.html", "shortname": "Safe_Distance", "title": "A Formally Verified Checker of the Safe Distance Traffic Rules for Autonomous Vehicles", "topic_links": [ "computer-science/algorithms/mathematical", "mathematics/physics" ], "topics": [ "Computer science/Algorithms/Mathematical", "Mathematics/Physics" ], "used_by": 0 }, { "abstract": "This work presents a formal proof in Isabelle/HOL of an algorithm to transform a matrix into its Smith normal form, a canonical matrix form, in a general setting: the algorithm is parameterized by operations to prove its existence over elementary divisor rings, while execution is guaranteed over Euclidean domains. We also provide a formal proof on some results about the generality of this algorithm as well as the uniqueness of the Smith normal form. Since Isabelle/HOL does not feature dependent types, the development is carried out switching conveniently between two different existing libraries: the Hermite normal form (based on HOL Analysis) and the Jordan normal form AFP entries. This permits to reuse results from both developments and it is done by means of the lifting and transfer package together with the use of local type definitions.", "authors": [ "Jose Divasón" ], "date": "2020-05-23", - "id": 161, + "id": 162, "link": "/entries/Smith_Normal_Form.html", "permalink": "/entries/Smith_Normal_Form.html", "shortname": "Smith_Normal_Form", "title": "A verified algorithm for computing the Smith normal form of a matrix", "topic_links": [ "mathematics/algebra", "computer-science/algorithms/mathematical" ], "topics": [ "Mathematics/Algebra", "Computer science/Algorithms/Mathematical" ], "used_by": 1 }, { "abstract": "In 1965, Nash-Williams discovered a generalisation of the infinite form of Ramsey's theorem. Where the latter concerns infinite sets of n-element sets for some fixed n, the Nash-Williams theorem concerns infinite sets of finite sets (or lists) subject to a “no initial segment” condition. The present formalisation follows a monograph on Ramsey Spaces by Todorčević.", "authors": [ "Lawrence C. Paulson" ], "date": "2020-05-16", - "id": 162, + "id": 163, "link": "/entries/Nash_Williams.html", "permalink": "/entries/Nash_Williams.html", "shortname": "Nash_Williams", "title": "The Nash-Williams Partition Theorem", "topic_links": [ "mathematics/combinatorics" ], "topics": [ "Mathematics/Combinatorics" ], "used_by": 1 }, { "abstract": "We define a generalized version of Knuth\u0026ndash;Bendix orders, including subterm coefficient functions. For these orders we formalize several properties such as strong normalization, the subterm property, closure properties under substitutions and contexts, as well as ground totality.", "authors": [ "Christian Sternagel", "René Thiemann" ], "date": "2020-05-13", - "id": 163, + "id": 164, "link": "/entries/Knuth_Bendix_Order.html", "permalink": "/entries/Knuth_Bendix_Order.html", "shortname": "Knuth_Bendix_Order", "title": "A Formalization of Knuth–Bendix Orders", "topic_links": [ "logic/rewriting" ], "topics": [ "Logic/Rewriting" ], "used_by": 3 }, { "abstract": "We formalise certain irrationality criteria for infinite series of the form: \\[\\sum_{n=1}^\\infty \\frac{b_n}{\\prod_{i=1}^n a_i} \\] where $\\{b_n\\}$ is a sequence of integers and $\\{a_n\\}$ a sequence of positive integers with $a_n \u003e1$ for all large n. The results are due to P. Erdős and E. G. Straus \u003ca href=\"https://projecteuclid.org/euclid.pjm/1102911140\"\u003e[1]\u003c/a\u003e. In particular, we formalise Theorem 2.1, Corollary 2.10 and Theorem 3.1. The latter is an application of Theorem 2.1 involving the prime numbers.", "authors": [ "Angeliki Koutsoukou-Argyraki", "Wenda Li" ], "date": "2020-05-12", - "id": 164, + "id": 165, "link": "/entries/Irrational_Series_Erdos_Straus.html", "permalink": "/entries/Irrational_Series_Erdos_Straus.html", "shortname": "Irrational_Series_Erdos_Straus", "title": "Irrationality Criteria for Series by Erdős and Straus", "topic_links": [ "mathematics/number-theory", "mathematics/analysis" ], "topics": [ "Mathematics/Number theory", "Mathematics/Analysis" ], "used_by": 0 }, { "abstract": "This document contains a proof of the recursion theorem. This is a mechanization of the proof of the recursion theorem from the text \u003ci\u003eIntroduction to Set Theory\u003c/i\u003e, by Karel Hrbacek and Thomas Jech. This implementation may be used as the basis for a model of Peano arithmetic in ZF. While recursion and the natural numbers are already available in Isabelle/ZF, this clean development is much easier to follow.", "authors": [ "Georgy Dunaev" ], "date": "2020-05-11", - "id": 165, + "id": 166, "link": "/entries/Recursion-Addition.html", "permalink": "/entries/Recursion-Addition.html", "shortname": "Recursion-Addition", "title": "Recursion Theorem in ZF", "topic_links": [ "logic/set-theory" ], "topics": [ "Logic/Set theory" ], "used_by": 0 }, { "abstract": "In the mid 80s, Lichtenstein, Pnueli, and Zuck proved a classical theorem stating that every formula of Past LTL (the extension of LTL with past operators) is equivalent to a formula of the form $\\bigwedge_{i=1}^n \\mathbf{G}\\mathbf{F} \\varphi_i \\vee \\mathbf{F}\\mathbf{G} \\psi_i$, where $\\varphi_i$ and $\\psi_i$ contain only past operators. Some years later, Chang, Manna, and Pnueli built on this result to derive a similar normal form for LTL. Both normalisation procedures have a non-elementary worst-case blow-up, and follow an involved path from formulas to counter-free automata to star-free regular expressions and back to formulas. We improve on both points. We present an executable formalisation of a direct and purely syntactic normalisation procedure for LTL yielding a normal form, comparable to the one by Chang, Manna, and Pnueli, that has only a single exponential blow-up.", "authors": [ "Salomon Sickert" ], "date": "2020-05-08", - "id": 166, + "id": 167, "link": "/entries/LTL_Normal_Form.html", "permalink": "/entries/LTL_Normal_Form.html", "shortname": "LTL_Normal_Form", "title": "An Efficient Normalisation Procedure for Linear Temporal Logic: Isabelle/HOL Formalisation", "topic_links": [ "computer-science/automata-and-formal-languages", "logic/general-logic/temporal-logic" ], "topics": [ "Computer science/Automata and formal languages", "Logic/General logic/Temporal logic" ], "used_by": 0 }, { "abstract": "We formalize the theory of forcing in the set theory framework of Isabelle/ZF. Under the assumption of the existence of a countable transitive model of ZFC, we construct a proper generic extension and show that the latter also satisfies ZFC.", "authors": [ "Emmanuel Gunther", "Miguel Pagano", "Pedro Sánchez Terraf" ], "date": "2020-05-06", - "id": 167, + "id": 168, "link": "/entries/Forcing.html", "permalink": "/entries/Forcing.html", "shortname": "Forcing", "title": "Formalization of Forcing in Isabelle/ZF", "topic_links": [ "logic/set-theory" ], "topics": [ "Logic/Set theory" ], "used_by": 0 }, { "abstract": "We formalize in Isabelle/HOL a result due to S. Banach and H. Steinhaus known as the Banach-Steinhaus theorem or Uniform boundedness principle: a pointwise-bounded family of continuous linear operators from a Banach space to a normed space is uniformly bounded. Our approach is an adaptation to Isabelle/HOL of a proof due to A. Sokal.", "authors": [ "Dominique Unruh", "José Manuel Rodríguez Caballero" ], "date": "2020-05-02", - "id": 168, + "id": 169, "link": "/entries/Banach_Steinhaus.html", "permalink": "/entries/Banach_Steinhaus.html", "shortname": "Banach_Steinhaus", "title": "Banach-Steinhaus Theorem", "topic_links": [ "mathematics/analysis" ], "topics": [ "Mathematics/Analysis" ], "used_by": 1 }, { "abstract": "In this article, we present a proof theory for Attack Trees. Attack Trees are a well established and useful model for the construction of attacks on systems since they allow a stepwise exploration of high level attacks in application scenarios. Using the expressiveness of Higher Order Logic in Isabelle, we develop a generic theory of Attack Trees with a state-based semantics based on Kripke structures and CTL. The resulting framework allows mechanically supported logic analysis of the meta-theory of the proof calculus of Attack Trees and at the same time the developed proof theory enables application to case studies. A central correctness and completeness result proved in Isabelle establishes a connection between the notion of Attack Tree validity and CTL. The application is illustrated on the example of a healthcare IoT system and GDPR compliance verification.", "authors": [ "Florian Kammüller" ], "date": "2020-04-27", - "id": 169, + "id": 170, "link": "/entries/Attack_Trees.html", "permalink": "/entries/Attack_Trees.html", "shortname": "Attack_Trees", "title": "Attack Trees in Isabelle for GDPR compliance of IoT healthcare systems", "topic_links": [ "computer-science/security" ], "topics": [ "Computer science/Security" ], "used_by": 0 }, { "abstract": "\u003cp\u003eThe Gaussian integers are the subring \u0026#8484;[i] of the complex numbers, i. e. the ring of all complex numbers with integral real and imaginary part. This article provides a definition of this ring as well as proofs of various basic properties, such as that they form a Euclidean ring and a full classification of their primes. An executable (albeit not very efficient) factorisation algorithm is also provided.\u003c/p\u003e \u003cp\u003eLastly, this Gaussian integer formalisation is used in two short applications:\u003c/p\u003e \u003col\u003e \u003cli\u003e The characterisation of all positive integers that can be written as sums of two squares\u003c/li\u003e \u003cli\u003e Euclid's formula for primitive Pythagorean triples\u003c/li\u003e \u003c/ol\u003e \u003cp\u003eWhile elementary proofs for both of these are already available in the AFP, the theory of Gaussian integers provides more concise proofs and a more high-level view.\u003c/p\u003e", "authors": [ "Manuel Eberl" ], "date": "2020-04-24", - "id": 170, + "id": 171, "link": "/entries/Gaussian_Integers.html", "permalink": "/entries/Gaussian_Integers.html", "shortname": "Gaussian_Integers", "title": "Gaussian Integers", "topic_links": [ "mathematics/number-theory" ], "topics": [ "Mathematics/Number theory" ], "used_by": 0 }, { "abstract": "\u003cp\u003eThis article provides a formalisation of the symmetric multivariate polynomials known as \u003cem\u003epower sum polynomials\u003c/em\u003e. These are of the form p\u003csub\u003en\u003c/sub\u003e(\u003cem\u003eX\u003c/em\u003e\u003csub\u003e1\u003c/sub\u003e,\u0026hellip;, \u003cem\u003eX\u003c/em\u003e\u003csub\u003e\u003cem\u003ek\u003c/em\u003e\u003c/sub\u003e) = \u003cem\u003eX\u003c/em\u003e\u003csub\u003e1\u003c/sub\u003e\u003csup\u003en\u003c/sup\u003e + \u0026hellip; + X\u003csub\u003e\u003cem\u003ek\u003c/em\u003e\u003c/sub\u003e\u003csup\u003en\u003c/sup\u003e. A formal proof of the Girard–Newton Theorem is also given. This theorem relates the power sum polynomials to the elementary symmetric polynomials s\u003csub\u003e\u003cem\u003ek\u003c/em\u003e\u003c/sub\u003e in the form of a recurrence relation (-1)\u003csup\u003e\u003cem\u003ek\u003c/em\u003e\u003c/sup\u003e \u003cem\u003ek\u003c/em\u003e s\u003csub\u003e\u003cem\u003ek\u003c/em\u003e\u003c/sub\u003e = \u0026sum;\u003csub\u003ei\u0026isinv;[0,\u003cem\u003ek\u003c/em\u003e)\u003c/sub\u003e (-1)\u003csup\u003ei\u003c/sup\u003e s\u003csub\u003ei\u003c/sub\u003e p\u003csub\u003e\u003cem\u003ek\u003c/em\u003e-\u003cem\u003ei\u003c/em\u003e\u003c/sub\u003e\u0026thinsp;.\u003c/p\u003e \u003cp\u003eAs an application, this is then used to solve a generalised form of a puzzle given as an exercise in Dummit and Foote's \u003cem\u003eAbstract Algebra\u003c/em\u003e: For \u003cem\u003ek\u003c/em\u003e complex unknowns \u003cem\u003ex\u003c/em\u003e\u003csub\u003e1\u003c/sub\u003e, \u0026hellip;, \u003cem\u003ex\u003c/em\u003e\u003csub\u003e\u003cem\u003ek\u003c/em\u003e\u003c/sub\u003e, define p\u003csub\u003e\u003cem\u003ej\u003c/em\u003e\u003c/sub\u003e := \u003cem\u003ex\u003c/em\u003e\u003csub\u003e1\u003c/sub\u003e\u003csup\u003e\u003cem\u003ej\u003c/em\u003e\u003c/sup\u003e + \u0026hellip; + \u003cem\u003ex\u003c/em\u003e\u003csub\u003e\u003cem\u003ek\u003c/em\u003e\u003c/sub\u003e\u003csup\u003e\u003cem\u003ej\u003c/em\u003e\u003c/sup\u003e. Then for each vector \u003cem\u003ea\u003c/em\u003e \u0026isinv; \u0026#x2102;\u003csup\u003e\u003cem\u003ek\u003c/em\u003e\u003c/sup\u003e, show that there is exactly one solution to the system p\u003csub\u003e1\u003c/sub\u003e = a\u003csub\u003e1\u003c/sub\u003e, \u0026hellip;, p\u003csub\u003e\u003cem\u003ek\u003c/em\u003e\u003c/sub\u003e = a\u003csub\u003e\u003cem\u003ek\u003c/em\u003e\u003c/sub\u003e up to permutation of the \u003cem\u003ex\u003c/em\u003e\u003csub\u003e\u003cem\u003ei\u003c/em\u003e\u003c/sub\u003e and determine the value of p\u003csub\u003e\u003cem\u003ei\u003c/em\u003e\u003c/sub\u003e for i\u0026gt;k.\u003c/p\u003e", "authors": [ "Manuel Eberl" ], "date": "2020-04-24", - "id": 171, + "id": 172, "link": "/entries/Power_Sum_Polynomials.html", "permalink": "/entries/Power_Sum_Polynomials.html", "shortname": "Power_Sum_Polynomials", "title": "Power Sum Polynomials", "topic_links": [ "mathematics/algebra" ], "topics": [ "Mathematics/Algebra" ], "used_by": 1 }, { "abstract": "\u003cp\u003eThe Lambert \u003cem\u003eW\u003c/em\u003e function is a multi-valued function defined as the inverse function of \u003cem\u003ex\u003c/em\u003e \u0026#x21A6; \u003cem\u003ex\u003c/em\u003e e\u003csup\u003e\u003cem\u003ex\u003c/em\u003e\u003c/sup\u003e. Besides numerous applications in combinatorics, physics, and engineering, it also frequently occurs when solving equations containing both e\u003csup\u003e\u003cem\u003ex\u003c/em\u003e\u003c/sup\u003e and \u003cem\u003ex\u003c/em\u003e, or both \u003cem\u003ex\u003c/em\u003e and log \u003cem\u003ex\u003c/em\u003e.\u003c/p\u003e \u003cp\u003eThis article provides a definition of the two real-valued branches \u003cem\u003eW\u003c/em\u003e\u003csub\u003e0\u003c/sub\u003e(\u003cem\u003ex\u003c/em\u003e) and \u003cem\u003eW\u003c/em\u003e\u003csub\u003e-1\u003c/sub\u003e(\u003cem\u003ex\u003c/em\u003e) and proves various properties such as basic identities and inequalities, monotonicity, differentiability, asymptotic expansions, and the MacLaurin series of \u003cem\u003eW\u003c/em\u003e\u003csub\u003e0\u003c/sub\u003e(\u003cem\u003ex\u003c/em\u003e) at \u003cem\u003ex\u003c/em\u003e = 0.\u003c/p\u003e", "authors": [ "Manuel Eberl" ], "date": "2020-04-24", - "id": 172, + "id": 173, "link": "/entries/Lambert_W.html", "permalink": "/entries/Lambert_W.html", "shortname": "Lambert_W", "title": "The Lambert W Function on the Reals", "topic_links": [ "mathematics/analysis" ], "topics": [ "Mathematics/Analysis" ], "used_by": 0 }, { "abstract": "Our theories formalise various matrix properties that serve to establish existence, uniqueness and characterisation of the solution to affine systems of ordinary differential equations (ODEs). In particular, we formalise the operator and maximum norm of matrices. Then we use them to prove that square matrices form a Banach space, and in this setting, we show an instance of Picard-Lindelöf’s theorem for affine systems of ODEs. Finally, we use this formalisation to verify three simple hybrid programs.", "authors": [ "Jonathan Julian Huerta y Munive" ], "date": "2020-04-19", - "id": 173, + "id": 174, "link": "/entries/Matrices_for_ODEs.html", "permalink": "/entries/Matrices_for_ODEs.html", "shortname": "Matrices_for_ODEs", "title": "Matrices for ODEs", "topic_links": [ "mathematics/analysis", "mathematics/algebra" ], "topics": [ "Mathematics/Analysis", "Mathematics/Algebra" ], "used_by": 0 }, { "abstract": "Authenticated data structures allow several systems to convince each other that they are referring to the same data structure, even if each of them knows only a part of the data structure. Using inclusion proofs, knowledgeable systems can selectively share their knowledge with other systems and the latter can verify the authenticity of what is being shared. In this article, we show how to modularly define authenticated data structures, their inclusion proofs, and operations thereon as datatypes in Isabelle/HOL, using a shallow embedding. Modularity allows us to construct complicated trees from reusable building blocks, which we call Merkle functors. Merkle functors include sums, products, and function spaces and are closed under composition and least fixpoints. As a practical application, we model the hierarchical transactions of \u003ca href=\"https://www.canton.io\"\u003eCanton\u003c/a\u003e, a practical interoperability protocol for distributed ledgers, as authenticated data structures. This is a first step towards formalizing the Canton protocol and verifying its integrity and security guarantees.", "authors": [ "Andreas Lochbihler", "Ognjen Marić" ], "date": "2020-04-16", - "id": 174, + "id": 175, "link": "/entries/ADS_Functor.html", "permalink": "/entries/ADS_Functor.html", "shortname": "ADS_Functor", "title": "Authenticated Data Structures As Functors", "topic_links": [ "computer-science/data-structures" ], "topics": [ "Computer science/Data structures" ], "used_by": 0 }, { "abstract": "Basin et al.'s \u003ca href=\"https://doi.org/10.1016/j.ipl.2014.09.009\"\u003esliding window algorithm (SWA)\u003c/a\u003e is an algorithm for combining the elements of subsequences of a sequence with an associative operator. It is greedy and minimizes the number of operator applications. We formalize the algorithm and verify its functional correctness. We extend the algorithm with additional operations and provide an alternative interface to the slide operation that does not require the entire input sequence.", "authors": [ "Lukas Heimes", "Dmitriy Traytel", "Joshua Schneider" ], "date": "2020-04-10", - "id": 175, + "id": 176, "link": "/entries/Sliding_Window_Algorithm.html", "permalink": "/entries/Sliding_Window_Algorithm.html", "shortname": "Sliding_Window_Algorithm", "title": "Formalization of an Algorithm for Greedily Computing Associative Aggregations on Sliding Windows", "topic_links": [ "computer-science/algorithms" ], "topics": [ "Computer science/Algorithms" ], "used_by": 0 }, { "abstract": "This Isabelle/HOL formalization is the companion of the technical report “A comprehensive framework for saturation theorem proving”, itself companion of the eponym IJCAR 2020 paper, written by Uwe Waldmann, Sophie Tourret, Simon Robillard and Jasmin Blanchette. It verifies a framework for formal refutational completeness proofs of abstract provers that implement saturation calculi, such as ordered resolution or superposition, and allows to model entire prover architectures in such a way that the static refutational completeness of a calculus immediately implies the dynamic refutational completeness of a prover implementing the calculus using a variant of the given clause loop. The technical report “A comprehensive framework for saturation theorem proving” is available \u003ca href=\"http://matryoshka.gforge.inria.fr/pubs/satur_report.pdf\"\u003eon the Matryoshka website\u003c/a\u003e. The names of the Isabelle lemmas and theorems corresponding to the results in the report are indicated in the margin of the report.", "authors": [ "Sophie Tourret" ], "date": "2020-04-09", - "id": 176, + "id": 177, "link": "/entries/Saturation_Framework.html", "permalink": "/entries/Saturation_Framework.html", "shortname": "Saturation_Framework", "title": "A Comprehensive Framework for Saturation Theorem Proving", "topic_links": [ "logic/general-logic/mechanization-of-proofs" ], "topics": [ "Logic/General logic/Mechanization of proofs" ], "used_by": 1 }, { "abstract": "A monitor is a runtime verification tool that solves the following problem: Given a stream of time-stamped events and a policy formulated in a specification language, decide whether the policy is satisfied at every point in the stream. We verify the correctness of an executable monitor for specifications given as formulas in metric first-order dynamic logic (MFODL), which combines the features of metric first-order temporal logic (MFOTL) and metric dynamic logic. Thus, MFODL supports real-time constraints, first-order parameters, and regular expressions. Additionally, the monitor supports aggregation operations such as count and sum. This formalization, which is described in a \u003ca href=\"http://people.inf.ethz.ch/trayteld/papers/ijcar20-verimonplus/verimonplus.pdf\"\u003e forthcoming paper at IJCAR 2020\u003c/a\u003e, significantly extends \u003ca href=\"https://www.isa-afp.org/entries/MFOTL_Monitor.html\"\u003eprevious work on a verified monitor\u003c/a\u003e for MFOTL. Apart from the addition of regular expressions and aggregations, we implemented \u003ca href=\"https://www.isa-afp.org/entries/Generic_Join.html\"\u003emulti-way joins\u003c/a\u003e and a specialized sliding window algorithm to further optimize the monitor.", "authors": [ "Thibault Dardinier", "Lukas Heimes", "Martin Raszyk", "Joshua Schneider", "Dmitriy Traytel" ], "date": "2020-04-09", - "id": 177, + "id": 178, "link": "/entries/MFODL_Monitor_Optimized.html", "permalink": "/entries/MFODL_Monitor_Optimized.html", "shortname": "MFODL_Monitor_Optimized", "title": "Formalization of an Optimized Monitoring Algorithm for Metric First-Order Dynamic Logic with Aggregations", "topic_links": [ "computer-science/algorithms", "logic/general-logic/modal-logic", "computer-science/automata-and-formal-languages" ], "topics": [ "Computer science/Algorithms", "Logic/General logic/Modal logic", "Computer science/Automata and formal languages" ], "used_by": 0 }, { "abstract": "In protocol verification we observe a wide spectrum from fully automated methods to interactive theorem proving with proof assistants like Isabelle/HOL. In this AFP entry, we present a fully-automated approach for verifying stateful security protocols, i.e., protocols with mutable state that may span several sessions. The approach supports reachability goals like secrecy and authentication. We also include a simple user-friendly transaction-based protocol specification language that is embedded into Isabelle.", "authors": [ "Andreas V. Hess", "Sebastian Mödersheim", "Achim D. Brucker", "Anders Schlichtkrull" ], "date": "2020-04-08", - "id": 178, + "id": 179, "link": "/entries/Automated_Stateful_Protocol_Verification.html", "permalink": "/entries/Automated_Stateful_Protocol_Verification.html", "shortname": "Automated_Stateful_Protocol_Verification", "title": "Automated Stateful Protocol Verification", "topic_links": [ "computer-science/security", "tools" ], "topics": [ "Computer science/Security", "Tools" ], "used_by": 0 }, { "abstract": "We provide in this AFP entry several relative soundness results for security protocols. In particular, we prove typing and compositionality results for stateful protocols (i.e., protocols with mutable state that may span several sessions), and that focuses on reachability properties. Such results are useful to simplify protocol verification by reducing it to a simpler problem: Typing results give conditions under which it is safe to verify a protocol in a typed model where only \"well-typed\" attacks can occur whereas compositionality results allow us to verify a composed protocol by only verifying the component protocols in isolation. The conditions on the protocols under which the results hold are furthermore syntactic in nature allowing for full automation. The foundation presented here is used in another entry to provide fully automated and formalized security proofs of stateful protocols.", "authors": [ "Andreas V. Hess", "Sebastian Mödersheim", "Achim D. Brucker" ], "date": "2020-04-08", - "id": 179, + "id": 180, "link": "/entries/Stateful_Protocol_Composition_and_Typing.html", "permalink": "/entries/Stateful_Protocol_Composition_and_Typing.html", "shortname": "Stateful_Protocol_Composition_and_Typing", "title": "Stateful Protocol Composition and Typing", "topic_links": [ "computer-science/security" ], "topics": [ "Computer science/Security" ], "used_by": 1 }, { "abstract": "This work presents a formalisation of a generating function proof for Lucas's theorem. We first outline extensions to the existing Formal Power Series (FPS) library, including an equivalence relation for coefficients modulo \u003cem\u003en\u003c/em\u003e, an alternate binomial theorem statement, and a formalised proof of the Freshman's dream (mod \u003cem\u003ep\u003c/em\u003e) lemma. The second part of the work presents the formal proof of Lucas's Theorem. Working backwards, the formalisation first proves a well known corollary of the theorem which is easier to formalise, and then applies induction to prove the original theorem statement. The proof of the corollary aims to provide a good example of a formalised generating function equivalence proof using the FPS library. The final theorem statement is intended to be integrated into the formalised proof of Hilbert's 10th Problem.", "authors": [ "Chelsea Edmonds" ], "date": "2020-04-07", - "id": 180, + "id": 181, "link": "/entries/Lucas_Theorem.html", "permalink": "/entries/Lucas_Theorem.html", "shortname": "Lucas_Theorem", "title": "Lucas's Theorem", "topic_links": [ "mathematics/number-theory" ], "topics": [ "Mathematics/Number theory" ], "used_by": 1 }, { "abstract": "Commutative Replicated Data Types (CRDTs) are a promising new class of data structures for large-scale shared mutable content in applications that only require eventual consistency. The WithOut Operational Transforms (WOOT) framework is a CRDT for collaborative text editing introduced by Oster et al. (CSCW 2006) for which the eventual consistency property was verified only for a bounded model to date. We contribute a formal proof for WOOTs strong eventual consistency.", "authors": [ "Emin Karayel", "Edgar Gonzàlez" ], "date": "2020-03-25", - "id": 181, + "id": 182, "link": "/entries/WOOT_Strong_Eventual_Consistency.html", "permalink": "/entries/WOOT_Strong_Eventual_Consistency.html", "shortname": "WOOT_Strong_Eventual_Consistency", "title": "Strong Eventual Consistency of the Collaborative Editing Framework WOOT", "topic_links": [ "computer-science/algorithms/distributed" ], "topics": [ "Computer science/Algorithms/Distributed" ], "used_by": 0 }, { "abstract": "\u003cp\u003eThis article gives a formal version of Furstenberg's topological proof of the infinitude of primes. He defines a topology on the integers based on arithmetic progressions (or, equivalently, residue classes). Using some fairly obvious properties of this topology, the infinitude of primes is then easily obtained.\u003c/p\u003e \u003cp\u003eApart from this, this topology is also fairly ‘nice’ in general: it is second countable, metrizable, and perfect. All of these (well-known) facts are formally proven, including an explicit metric for the topology given by Zulfeqarr.\u003c/p\u003e", "authors": [ "Manuel Eberl" ], "date": "2020-03-22", - "id": 182, + "id": 183, "link": "/entries/Furstenberg_Topology.html", "permalink": "/entries/Furstenberg_Topology.html", "shortname": "Furstenberg_Topology", "title": "Furstenberg's topology and his proof of the infinitude of primes", "topic_links": [ "mathematics/number-theory" ], "topics": [ "Mathematics/Number theory" ], "used_by": 0 }, { "abstract": "Recently, authors have proposed under-approximate logics for reasoning about programs. So far, all such logics have been confined to reasoning about individual program behaviours. Yet there exist many over-approximate relational logics for reasoning about pairs of programs and relating their behaviours. We present the first under-approximate relational logic, for the simple imperative language IMP. We prove our logic is both sound and complete. Additionally, we show how reasoning in this logic can be decomposed into non-relational reasoning in an under-approximate Hoare logic, mirroring Beringer’s result for over-approximate relational logics. We illustrate the application of our logic on some small examples in which we provably demonstrate the presence of insecurity.", "authors": [ "Toby Murray" ], "date": "2020-03-12", - "id": 183, + "id": 184, "link": "/entries/Relational-Incorrectness-Logic.html", "permalink": "/entries/Relational-Incorrectness-Logic.html", "shortname": "Relational-Incorrectness-Logic", "title": "An Under-Approximate Relational Logic", "topic_links": [ "computer-science/programming-languages/logics", "computer-science/security" ], "topics": [ "Computer science/Programming languages/Logics", "Computer science/Security" ], "used_by": 0 }, { "abstract": "In this article, we present a formalization of the well-known \"Hello, World!\" code, including a formal framework for reasoning about IO. Our model is inspired by the handling of IO in Haskell. We start by formalizing the 🌍 and embrace the IO monad afterwards. Then we present a sample main :: IO (), followed by its proof of correctness.", "authors": [ "Cornelius Diekmann", "Lars Hupel" ], "date": "2020-03-07", - "id": 184, + "id": 185, "link": "/entries/Hello_World.html", "permalink": "/entries/Hello_World.html", "shortname": "Hello_World", "title": "Hello World", "topic_links": [ "computer-science/functional-programming" ], "topics": [ "Computer science/Functional programming" ], "used_by": 0 }, { "abstract": "In this formalization, we develop an implementation of the Goodstein function G in plain \u0026lambda;-calculus, linked to a concise, self-contained specification. The implementation works on a Church-encoded representation of countable ordinals. The initial conversion to hereditary base 2 is not covered, but the material is sufficient to compute the particular value G(16), and easily extends to other fixed arguments.", "authors": [ "Bertram Felgenhauer" ], "date": "2020-02-21", - "id": 185, + "id": 186, "link": "/entries/Goodstein_Lambda.html", "permalink": "/entries/Goodstein_Lambda.html", "shortname": "Goodstein_Lambda", "title": "Implementing the Goodstein Function in \u0026lambda;-Calculus", "topic_links": [ "logic/rewriting" ], "topics": [ "Logic/Rewriting" ], "used_by": 0 }, { "abstract": "This is a generic framework for formalizing compiler transformations. It leverages Isabelle/HOL’s locales to abstract over concrete languages and transformations. It states common definitions for language semantics, program behaviours, forward and backward simulations, and compilers. We provide generic operations, such as simulation and compiler composition, and prove general (partial) correctness theorems, resulting in reusable proof components.", "authors": [ "Martin Desharnais" ], "date": "2020-02-10", - "id": 186, + "id": 187, "link": "/entries/VeriComp.html", "permalink": "/entries/VeriComp.html", "shortname": "VeriComp", "title": "A Generic Framework for Verified Compilers", "topic_links": [ "computer-science/programming-languages/compiling" ], "topics": [ "Computer science/Programming languages/Compiling" ], "used_by": 1 }, { "abstract": "This article provides a formalization of the solution obtained by the author of the Problem “ARITHMETIC PROGRESSIONS” from the \u003ca href=\"https://www.ocf.berkeley.edu/~wwu/riddles/putnam.shtml\"\u003e Putnam exam problems of 2002\u003c/a\u003e. The statement of the problem is as follows: For which integers \u003cem\u003en\u003c/em\u003e \u003e 1 does the set of positive integers less than and relatively prime to \u003cem\u003en\u003c/em\u003e constitute an arithmetic progression?", "authors": [ "José Manuel Rodríguez Caballero" ], "date": "2020-02-01", - "id": 187, + "id": 188, "link": "/entries/Arith_Prog_Rel_Primes.html", "permalink": "/entries/Arith_Prog_Rel_Primes.html", "shortname": "Arith_Prog_Rel_Primes", "title": "Arithmetic progressions and relative primes", "topic_links": [ "mathematics/number-theory" ], "topics": [ "Mathematics/Number theory" ], "used_by": 0 }, { "abstract": "We present a collection of axiom systems for the construction of Boolean subalgebras of larger overall algebras. The subalgebras are defined as the range of a complement-like operation on a semilattice. This technique has been used, for example, with the antidomain operation, dynamic negation and Stone algebras. We present a common ground for these constructions based on a new equational axiomatisation of Boolean algebras.", "authors": [ "Walter Guttmann", "Bernhard Möller" ], "date": "2020-01-31", - "id": 188, + "id": 189, "link": "/entries/Subset_Boolean_Algebras.html", "permalink": "/entries/Subset_Boolean_Algebras.html", "shortname": "Subset_Boolean_Algebras", "title": "A Hierarchy of Algebras for Boolean Subsets", "topic_links": [ "mathematics/algebra" ], "topics": [ "Mathematics/Algebra" ], "used_by": 1 }, { "abstract": "\u003cp\u003eThis article provides formal proofs of basic properties of Mersenne numbers, i. e. numbers of the form 2\u003csup\u003e\u003cem\u003en\u003c/em\u003e\u003c/sup\u003e - 1, and especially of Mersenne primes.\u003c/p\u003e \u003cp\u003eIn particular, an efficient, verified, and executable version of the Lucas\u0026ndash;Lehmer test is developed. This test decides primality for Mersenne numbers in time polynomial in \u003cem\u003en\u003c/em\u003e.\u003c/p\u003e", "authors": [ "Manuel Eberl" ], "date": "2020-01-17", - "id": 189, + "id": 190, "link": "/entries/Mersenne_Primes.html", "permalink": "/entries/Mersenne_Primes.html", "shortname": "Mersenne_Primes", "title": "Mersenne primes and the Lucas–Lehmer test", "topic_links": [ "mathematics/number-theory" ], "topics": [ "Mathematics/Number theory" ], "used_by": 0 }, { "abstract": "We present the first formal verification of approximation algorithms for NP-complete optimization problems: vertex cover, set cover, independent set, center selection, load balancing, and bin packing. The proofs correct incompletenesses in existing proofs and improve the approximation ratio in one case. A detailed description of our work (excluding center selection) has been published in the proceedings of \u003ca href=\"https://doi.org/10.1007/978-3-030-51054-1_17\"\u003eIJCAR 2020\u003c/a\u003e.", "authors": [ "Robin Eßmann", "Tobias Nipkow", "Simon Robillard", "Ujkan Sulejmani" ], "date": "2020-01-16", - "id": 190, + "id": 191, "link": "/entries/Approximation_Algorithms.html", "permalink": "/entries/Approximation_Algorithms.html", "shortname": "Approximation_Algorithms", "title": "Verified Approximation Algorithms", "topic_links": [ "computer-science/algorithms/approximation" ], "topics": [ "Computer science/Algorithms/Approximation" ], "used_by": 0 }, { "abstract": "This entry provides two related verified divide-and-conquer algorithms solving the fundamental \u003cem\u003eClosest Pair of Points\u003c/em\u003e problem in Computational Geometry. Functional correctness and the optimal running time of \u003cem\u003eO\u003c/em\u003e(\u003cem\u003en\u003c/em\u003e log \u003cem\u003en\u003c/em\u003e) are proved. Executable code is generated which is empirically competitive with handwritten reference implementations.", "authors": [ "Martin Rau", "Tobias Nipkow" ], "date": "2020-01-13", - "id": 191, + "id": 192, "link": "/entries/Closest_Pair_Points.html", "permalink": "/entries/Closest_Pair_Points.html", "shortname": "Closest_Pair_Points", "title": "Closest Pair of Points Algorithms", "topic_links": [ "computer-science/algorithms/geometry" ], "topics": [ "Computer science/Algorithms/Geometry" ], "used_by": 0 }, { "abstract": "\u003cp\u003e Skip lists are sorted linked lists enhanced with shortcuts and are an alternative to binary search trees. A skip lists consists of multiple levels of sorted linked lists where a list on level n is a subsequence of the list on level n − 1. In the ideal case, elements are skipped in such a way that a lookup in a skip lists takes O(log n) time. In a randomised skip list the skipped elements are choosen randomly. \u003c/p\u003e \u003cp\u003e This entry contains formalized proofs of the textbook results about the expected height and the expected length of a search path in a randomised skip list. \u003c/p\u003e", "authors": [ "Max W. Haslbeck", "Manuel Eberl" ], "date": "2020-01-09", - "id": 192, + "id": 193, "link": "/entries/Skip_Lists.html", "permalink": "/entries/Skip_Lists.html", "shortname": "Skip_Lists", "title": "Skip Lists", "topic_links": [ "computer-science/data-structures" ], "topics": [ "Computer science/Data structures" ], "used_by": 0 }, { "abstract": "\u003cp\u003e Taking as a starting point the author's previous work on developing aspects of category theory in Isabelle/HOL, this article gives a compatible formalization of the notion of \"bicategory\" and develops a framework within which formal proofs of facts about bicategories can be given. The framework includes a number of basic results, including the Coherence Theorem, the Strictness Theorem, pseudofunctors and biequivalence, and facts about internal equivalences and adjunctions in a bicategory. As a driving application and demonstration of the utility of the framework, it is used to give a formal proof of a theorem, due to Carboni, Kasangian, and Street, that characterizes up to biequivalence the bicategories of spans in a category with pullbacks. The formalization effort necessitated the filling-in of many details that were not evident from the brief presentation in the original paper, as well as identifying a few minor corrections along the way. \u003c/p\u003e\u003cp\u003e Revisions made subsequent to the first version of this article added additional material on pseudofunctors, pseudonatural transformations, modifications, and equivalence of bicategories; the main thrust being to give a proof that a pseudofunctor is a biequivalence if and only if it can be extended to an equivalence of bicategories. \u003c/p\u003e", "authors": [ "Eugene W. Stark" ], "date": "2020-01-06", - "id": 193, + "id": 194, "link": "/entries/Bicategory.html", "permalink": "/entries/Bicategory.html", "shortname": "Bicategory", "title": "Bicategories", "topic_links": [ "mathematics/category-theory" ], "topics": [ "Mathematics/Category theory" ], "used_by": 0 }, { "abstract": "\u003cp\u003eThis article provides a formalisation of Beukers's straightforward analytic proof that ζ(3) is irrational. This was first proven by Apéry (which is why this result is also often called ‘Apéry's Theorem’) using a more algebraic approach. This formalisation follows \u003ca href=\"http://people.math.sc.edu/filaseta/gradcourses/Math785/Math785Notes4.pdf\"\u003eFilaseta's presentation\u003c/a\u003e of Beukers's proof.\u003c/p\u003e", "authors": [ "Manuel Eberl" ], "date": "2019-12-27", - "id": 194, + "id": 195, "link": "/entries/Zeta_3_Irrational.html", "permalink": "/entries/Zeta_3_Irrational.html", "shortname": "Zeta_3_Irrational", "title": "The Irrationality of ζ(3)", "topic_links": [ "mathematics/number-theory" ], "topics": [ "Mathematics/Number theory" ], "used_by": 0 }, { "abstract": "This work is a formalization of soundness and completeness proofs for a Seligman-style tableau system for hybrid logic. The completeness result is obtained via a synthetic approach using maximally consistent sets of tableau blocks. The formalization differs from previous work in a few ways. First, to avoid the need to backtrack in the construction of a tableau, the formalized system has no unnamed initial segment, and therefore no Name rule. Second, I show that the full Bridge rule is admissible in the system. Third, I start from rules restricted to only extend the branch with new formulas, including only witnessing diamonds that are not already witnessed, and show that the unrestricted rules are admissible. Similarly, I start from simpler versions of the @-rules and show that these are sufficient. The GoTo rule is restricted using a notion of potential such that each application consumes potential and potential is earned through applications of the remaining rules. I show that if a branch can be closed then it can be closed starting from a single unit. Finally, Nom is restricted by a fixed set of allowed nominals. The resulting system should be terminating.", "authors": [ "Asta Halkjær From" ], "date": "2019-12-20", - "id": 195, + "id": 196, "link": "/entries/Hybrid_Logic.html", "permalink": "/entries/Hybrid_Logic.html", "shortname": "Hybrid_Logic", "title": "Formalizing a Seligman-Style Tableau System for Hybrid Logic", "topic_links": [ "logic/general-logic/modal-logic" ], "topics": [ "Logic/General logic/Modal logic" ], "used_by": 0 }, { "abstract": "The Poincaré-Bendixson theorem is a classical result in the study of (continuous) dynamical systems. Colloquially, it restricts the possible behaviors of planar dynamical systems: such systems cannot be chaotic. In practice, it is a useful tool for proving the existence of (limiting) periodic behavior in planar systems. The theorem is an interesting and challenging benchmark for formalized mathematics because proofs in the literature rely on geometric sketches and only hint at symmetric cases. It also requires a substantial background of mathematical theories, e.g., the Jordan curve theorem, real analysis, ordinary differential equations, and limiting (long-term) behavior of dynamical systems.", "authors": [ "Fabian Immler", "Yong Kiam Tan" ], "date": "2019-12-18", - "id": 196, + "id": 197, "link": "/entries/Poincare_Bendixson.html", "permalink": "/entries/Poincare_Bendixson.html", "shortname": "Poincare_Bendixson", "title": "The Poincaré-Bendixson Theorem", "topic_links": [ "mathematics/analysis" ], "topics": [ "Mathematics/Analysis" ], "used_by": 0 }, { "abstract": "A formalization of geometry of complex numbers is presented. Fundamental objects that are investigated are the complex plane extended by a single infinite point, its objects (points, lines and circles), and groups of transformations that act on them (e.g., inversions and Möbius transformations). Most objects are defined algebraically, but correspondence with classical geometric definitions is shown.", "authors": [ "Filip Marić", "Danijela Simić" ], "date": "2019-12-16", - "id": 197, + "id": 198, "link": "/entries/Complex_Geometry.html", "permalink": "/entries/Complex_Geometry.html", "shortname": "Complex_Geometry", "title": "Complex Geometry", "topic_links": [ "mathematics/geometry" ], "topics": [ "Mathematics/Geometry" ], "used_by": 2 }, { "abstract": "We describe formalization of the Poincaré disc model of hyperbolic geometry within the Isabelle/HOL proof assistant. The model is defined within the extended complex plane (one dimensional complex projectives space \u0026#8450;P1), formalized in the AFP entry “Complex Geometry”. Points, lines, congruence of pairs of points, betweenness of triples of points, circles, and isometries are defined within the model. It is shown that the model satisfies all Tarski's axioms except the Euclid's axiom. It is shown that it satisfies its negation and the limiting parallels axiom (which proves it to be a model of hyperbolic geometry).", "authors": [ "Danijela Simić", "Filip Marić", "Pierre Boutry" ], "date": "2019-12-16", - "id": 198, + "id": 199, "link": "/entries/Poincare_Disc.html", "permalink": "/entries/Poincare_Disc.html", "shortname": "Poincare_Disc", "title": "Poincaré Disc Model", "topic_links": [ "mathematics/geometry" ], "topics": [ "Mathematics/Geometry" ], "used_by": 0 }, { "abstract": "\u003cp\u003eThis article provides a full formalisation of Chapter 8 of Apostol's \u003cem\u003e\u003ca href=\"https://www.springer.com/de/book/9780387901633\"\u003eIntroduction to Analytic Number Theory\u003c/a\u003e\u003c/em\u003e. Subjects that are covered are:\u003c/p\u003e \u003cul\u003e \u003cli\u003eperiodic arithmetic functions and their finite Fourier series\u003c/li\u003e \u003cli\u003e(generalised) Ramanujan sums\u003c/li\u003e \u003cli\u003eGauss sums and separable characters\u003c/li\u003e \u003cli\u003einduced moduli and primitive characters\u003c/li\u003e \u003cli\u003ethe Pólya\u0026mdash;Vinogradov inequality\u003c/li\u003e \u003c/ul\u003e", "authors": [ "Rodrigo Raya", "Manuel Eberl" ], "date": "2019-12-10", - "id": 199, + "id": 200, "link": "/entries/Gauss_Sums.html", "permalink": "/entries/Gauss_Sums.html", "shortname": "Gauss_Sums", "title": "Gauss Sums and the Pólya–Vinogradov Inequality", "topic_links": [ "mathematics/number-theory" ], "topics": [ "Mathematics/Number theory" ], "used_by": 0 }, { "abstract": "Counting sort is a well-known algorithm that sorts objects of any kind mapped to integer keys, or else to keys in one-to-one correspondence with some subset of the integers (e.g. alphabet letters). However, it is suitable for direct use, viz. not just as a subroutine of another sorting algorithm (e.g. radix sort), only if the key range is not significantly larger than the number of the objects to be sorted. This paper describes a tail-recursive generalization of counting sort making use of a bounded number of counters, suitable for direct use in case of a large, or even infinite key range of any kind, subject to the only constraint of being a subset of an arbitrary linear order. After performing a pen-and-paper analysis of how such algorithm has to be designed to maximize its efficiency, this paper formalizes the resulting generalized counting sort (GCsort) algorithm and then formally proves its correctness properties, namely that (a) the counters' number is maximized never exceeding the fixed upper bound, (b) objects are conserved, (c) objects get sorted, and (d) the algorithm is stable.", "authors": [ "Pasquale Noce" ], "date": "2019-12-04", - "id": 200, + "id": 201, "link": "/entries/Generalized_Counting_Sort.html", "permalink": "/entries/Generalized_Counting_Sort.html", "shortname": "Generalized_Counting_Sort", "title": "An Efficient Generalization of Counting Sort for Large, possibly Infinite Key Ranges", "topic_links": [ "computer-science/algorithms", "computer-science/functional-programming" ], "topics": [ "Computer science/Algorithms", "Computer science/Functional programming" ], "used_by": 0 }, { "abstract": "Interval_Arithmetic implements conservative interval arithmetic computations, then uses this interval arithmetic to implement a simple programming language where all terms have 32-bit signed word values, with explicit infinities for terms outside the representable bounds. Our target use case is interpreters for languages that must have a well-understood low-level behavior. We include a formalization of bounded-length strings which are used for the identifiers of our language. Bounded-length identifiers are useful in some applications, for example the \u003ca href=\"https://www.isa-afp.org/entries/Differential_Dynamic_Logic.html\"\u003eDifferential_Dynamic_Logic\u003c/a\u003e article, where a Euclidean space indexed by identifiers demands that identifiers are finitely many.", "authors": [ "Rose Bohrer" ], "date": "2019-11-27", - "id": 201, + "id": 202, "link": "/entries/Interval_Arithmetic_Word32.html", "permalink": "/entries/Interval_Arithmetic_Word32.html", "shortname": "Interval_Arithmetic_Word32", "title": "Interval Arithmetic on 32-bit Words", "topic_links": [ "computer-science/data-structures" ], "topics": [ "Computer science/Data structures" ], "used_by": 0 }, { "abstract": "\u003cp\u003eThis entry is a new formalisation of ZFC set theory in Isabelle/HOL. It is logically equivalent to Obua's HOLZF; the point is to have the closest possible integration with the rest of Isabelle/HOL, minimising the amount of new notations and exploiting type classes.\u003c/p\u003e \u003cp\u003eThere is a type \u003cem\u003eV\u003c/em\u003e of sets and a function \u003cem\u003eelts :: V =\u0026gt; V set\u003c/em\u003e mapping a set to its elements. Classes simply have type \u003cem\u003eV set\u003c/em\u003e, and a predicate identifies the small classes: those that correspond to actual sets. Type classes connected with orders and lattices are used to minimise the amount of new notation for concepts such as the subset relation, union and intersection. Basic concepts — Cartesian products, disjoint sums, natural numbers, functions, etc. — are formalised.\u003c/p\u003e \u003cp\u003eMore advanced set-theoretic concepts, such as transfinite induction, ordinals, cardinals and the transitive closure of a set, are also provided. The definition of addition and multiplication for general sets (not just ordinals) follows Kirby.\u003c/p\u003e \u003cp\u003eThe theory provides two type classes with the aim of facilitating developments that combine \u003cem\u003eV\u003c/em\u003e with other Isabelle/HOL types: \u003cem\u003eembeddable\u003c/em\u003e, the class of types that can be injected into \u003cem\u003eV\u003c/em\u003e (including \u003cem\u003eV\u003c/em\u003e itself as well as \u003cem\u003eV*V\u003c/em\u003e, etc.), and \u003cem\u003esmall\u003c/em\u003e, the class of types that correspond to some ZF set.\u003c/p\u003e extra-history = Change history: [2020-01-28]: Generalisation of the \"small\" predicate and order types to arbitrary sets; ordinal exponentiation; introduction of the coercion ord_of_nat :: \"nat =\u003e V\"; numerous new lemmas. (revision 6081d5be8d08)", "authors": [ "Lawrence C. Paulson" ], "date": "2019-10-24", - "id": 202, + "id": 203, "link": "/entries/ZFC_in_HOL.html", "permalink": "/entries/ZFC_in_HOL.html", "shortname": "ZFC_in_HOL", "title": "Zermelo Fraenkel Set Theory in Higher-Order Logic", "topic_links": [ "logic/set-theory" ], "topics": [ "Logic/Set theory" ], "used_by": 3 }, { "abstract": "We present a framework for C code in C11 syntax deeply integrated into the Isabelle/PIDE development environment. Our framework provides an abstract interface for verification back-ends to be plugged-in independently. Thus, various techniques such as deductive program verification or white-box testing can be applied to the same source, which is part of an integrated PIDE document model. Semantic back-ends are free to choose the supported C fragment and its semantics. In particular, they can differ on the chosen memory model or the specification mechanism for framing conditions. Our framework supports semantic annotations of C sources in the form of comments. Annotations serve to locally control back-end settings, and can express the term focus to which an annotation refers. Both the logical and the syntactic context are available when semantic annotations are evaluated. As a consequence, a formula in an annotation can refer both to HOL or C variables. Our approach demonstrates the degree of maturity and expressive power the Isabelle/PIDE sub-system has achieved in recent years. Our integration technique employs Lex and Yacc style grammars to ensure efficient deterministic parsing. This is the core-module of Isabelle/C; the AFP package for Clean and Clean_wrapper as well as AutoCorres and AutoCorres_wrapper (available via git) are applications of this front-end.", "authors": [ "Frédéric Tuong", "Burkhart Wolff" ], "date": "2019-10-22", - "id": 203, + "id": 204, "link": "/entries/Isabelle_C.html", "permalink": "/entries/Isabelle_C.html", "shortname": "Isabelle_C", "title": "Isabelle/C", "topic_links": [ "computer-science/programming-languages/language-definitions", "computer-science/semantics-and-reasoning", "tools" ], "topics": [ "Computer science/Programming languages/Language definitions", "Computer science/Semantics and reasoning", "Tools" ], "used_by": 0 }, { "abstract": "VerifyThis 2019 (http://www.pm.inf.ethz.ch/research/verifythis.html) was a program verification competition associated with ETAPS 2019. It was the 8th event in the VerifyThis competition series. In this entry, we present polished and completed versions of our solutions that we created during the competition.", "authors": [ "Peter Lammich", "Simon Wimmer" ], "date": "2019-10-16", - "id": 204, + "id": 205, "link": "/entries/VerifyThis2019.html", "permalink": "/entries/VerifyThis2019.html", "shortname": "VerifyThis2019", "title": "VerifyThis 2019 -- Polished Isabelle Solutions", "topic_links": [ "computer-science/algorithms" ], "topics": [ "Computer science/Algorithms" ], "used_by": 0 }, { "abstract": "We formalise with Isabelle/HOL some basic elements of Aristotle's assertoric syllogistic following the \u003ca href=\"https://plato.stanford.edu/entries/aristotle-logic/\"\u003earticle from the Stanford Encyclopedia of Philosophy by Robin Smith.\u003c/a\u003e To this end, we use a set theoretic formulation (covering both individual and general predication). In particular, we formalise the deductions in the Figures and after that we present Aristotle's metatheoretical observation that all deductions in the Figures can in fact be reduced to either Barbara or Celarent. As the formal proofs prove to be straightforward, the interest of this entry lies in illustrating the functionality of Isabelle and high efficiency of Sledgehammer for simple exercises in philosophy.", "authors": [ "Angeliki Koutsoukou-Argyraki" ], "date": "2019-10-08", - "id": 205, + "id": 206, "link": "/entries/Aristotles_Assertoric_Syllogistic.html", "permalink": "/entries/Aristotles_Assertoric_Syllogistic.html", "shortname": "Aristotles_Assertoric_Syllogistic", "title": "Aristotle's Assertoric Syllogistic", "topic_links": [ "logic/philosophical-aspects" ], "topics": [ "Logic/Philosophical aspects" ], "used_by": 0 }, { "abstract": "We use CryptHOL to formalise commitment schemes and Sigma-protocols. Both are widely used fundamental two party cryptographic primitives. Security for commitment schemes is considered using game-based definitions whereas the security of Sigma-protocols is considered using both the game-based and simulation-based security paradigms. In this work, we first define security for both primitives and then prove secure multiple case studies: the Schnorr, Chaum-Pedersen and Okamoto Sigma-protocols as well as a construction that allows for compound (AND and OR statements) Sigma-protocols and the Pedersen and Rivest commitment schemes. We also prove that commitment schemes can be constructed from Sigma-protocols. We formalise this proof at an abstract level, only assuming the existence of a Sigma-protocol; consequently, the instantiations of this result for the concrete Sigma-protocols we consider come for free.", "authors": [ "David Butler", "Andreas Lochbihler" ], "date": "2019-10-07", - "id": 206, + "id": 207, "link": "/entries/Sigma_Commit_Crypto.html", "permalink": "/entries/Sigma_Commit_Crypto.html", "shortname": "Sigma_Commit_Crypto", "title": "Sigma Protocols and Commitment Schemes", "topic_links": [ "computer-science/security/cryptography" ], "topics": [ "Computer science/Security/Cryptography" ], "used_by": 1 }, { "abstract": "Clean is based on a simple, abstract execution model for an imperative target language. “Abstract” is understood in contrast to “Concrete Semantics”; alternatively, the term “shallow-style embedding” could be used. It strives for a type-safe notion of program-variables, an incremental construction of the typed state-space, support of incremental verification, and open-world extensibility of new type definitions being intertwined with the program definitions. Clean is based on a “no-frills” state-exception monad with the usual definitions of bind and unit for the compositional glue of state-based computations. Clean offers conditionals and loops supporting C-like control-flow operators such as break and return. The state-space construction is based on the extensible record package. Direct recursion of procedures is supported. Clean’s design strives for extreme simplicity. It is geared towards symbolic execution and proven correct verification tools. The underlying libraries of this package, however, deliberately restrict themselves to the most elementary infrastructure for these tasks. The package is intended to serve as demonstrator semantic backend for Isabelle/C, or for the test-generation techniques.", "authors": [ "Frédéric Tuong", "Burkhart Wolff" ], "date": "2019-10-04", - "id": 207, + "id": 208, "link": "/entries/Clean.html", "permalink": "/entries/Clean.html", "shortname": "Clean", "title": "Clean - An Abstract Imperative Programming Language and its Theory", "topic_links": [ "computer-science/programming-languages", "computer-science/semantics-and-reasoning" ], "topics": [ "Computer science/Programming languages", "Computer science/Semantics and reasoning" ], "used_by": 0 }, { "abstract": "Worst-case optimal multiway-join algorithms are recent seminal achievement of the database community. These algorithms compute the natural join of multiple relational databases and improve in the worst case over traditional query plan optimizations of nested binary joins. In 2014, \u003ca href=\"https://doi.org/10.1145/2590989.2590991\"\u003eNgo, Ré, and Rudra\u003c/a\u003e gave a unified presentation of different multi-way join algorithms. We formalized and proved correct their \"Generic Join\" algorithm and extended it to support negative joins.", "authors": [ "Thibault Dardinier" ], "date": "2019-09-16", - "id": 208, + "id": 209, "link": "/entries/Generic_Join.html", "permalink": "/entries/Generic_Join.html", "shortname": "Generic_Join", "title": "Formalization of Multiway-Join Algorithms", "topic_links": [ "computer-science/algorithms" ], "topics": [ "Computer science/Algorithms" ], "used_by": 1 }, { "abstract": "These components formalise a semantic framework for the deductive verification of hybrid systems. They support reasoning about continuous evolutions of hybrid programs in the style of differential dynamics logic. Vector fields or flows model these evolutions, and their verification is done with invariants for the former or orbits for the latter. Laws of modal Kleene algebra or categorical predicate transformers implement the verification condition generation. Examples show the approach at work.", "authors": [ "Jonathan Julian Huerta y Munive" ], "date": "2019-09-10", - "id": 209, + "id": 210, "link": "/entries/Hybrid_Systems_VCs.html", "permalink": "/entries/Hybrid_Systems_VCs.html", "shortname": "Hybrid_Systems_VCs", "title": "Verification Components for Hybrid Systems", "topic_links": [ "mathematics/algebra", "mathematics/analysis" ], "topics": [ "Mathematics/Algebra", "Mathematics/Analysis" ], "used_by": 1 }, { "abstract": "This development formalises the square integrable functions over the reals and the basics of Fourier series. It culminates with a proof that every well-behaved periodic function can be approximated by a Fourier series. The material is ported from HOL Light: https://github.com/jrh13/hol-light/blob/master/100/fourier.ml", "authors": [ "Lawrence C. Paulson" ], "date": "2019-09-06", - "id": 210, + "id": 211, "link": "/entries/Fourier.html", "permalink": "/entries/Fourier.html", "shortname": "Fourier", "title": "Fourier Series", "topic_links": [ "mathematics/analysis" ], "topics": [ "Mathematics/Analysis" ], "used_by": 0 }, { "abstract": "The focus of this case study is re-use in abstract algebra. It contains locale-based formalisations of selected parts of set, group and ring theory from Jacobson's \u003ci\u003eBasic Algebra\u003c/i\u003e leading to the respective fundamental homomorphism theorems. The study is not intended as a library base for abstract algebra. It rather explores an approach towards abstract algebra in Isabelle.", "authors": [ "Clemens Ballarin" ], "date": "2019-08-30", - "id": 211, + "id": 212, "link": "/entries/Jacobson_Basic_Algebra.html", "permalink": "/entries/Jacobson_Basic_Algebra.html", "shortname": "Jacobson_Basic_Algebra", "title": "A Case Study in Basic Algebra", "topic_links": [ "mathematics/algebra" ], "topics": [ "Mathematics/Algebra" ], "used_by": 3 }, { "abstract": "This entry provides a formalisation of a refinement of an adaptive state counting algorithm, used to test for reduction between finite state machines. The algorithm has been originally presented by Hierons in the paper \u003ca href=\"https://doi.org/10.1109/TC.2004.85\"\u003eTesting from a Non-Deterministic Finite State Machine Using Adaptive State Counting\u003c/a\u003e. Definitions for finite state machines and adaptive test cases are given and many useful theorems are derived from these. The algorithm is formalised using mutually recursive functions, for which it is proven that the generated test suite is sufficient to test for reduction against finite state machines of a certain fault domain. Additionally, the algorithm is specified in a simple WHILE-language and its correctness is shown using Hoare-logic.", "authors": [ "Robert Sachtleben" ], "date": "2019-08-16", - "id": 212, + "id": 213, "link": "/entries/Adaptive_State_Counting.html", "permalink": "/entries/Adaptive_State_Counting.html", "shortname": "Adaptive_State_Counting", "title": "Formalisation of an Adaptive State Counting Algorithm", "topic_links": [ "computer-science/automata-and-formal-languages", "computer-science/algorithms" ], "topics": [ "Computer science/Automata and formal languages", "Computer science/Algorithms" ], "used_by": 0 }, { "abstract": "This entry formalizes the Laplace transform and concrete Laplace transforms for arithmetic functions, frequency shift, integration and (higher) differentiation in the time domain. It proves Lerch's lemma and uniqueness of the Laplace transform for continuous functions. In order to formalize the foundational assumptions, this entry contains a formalization of piecewise continuous functions and functions of exponential order.", "authors": [ "Fabian Immler" ], "date": "2019-08-14", - "id": 213, + "id": 214, "link": "/entries/Laplace_Transform.html", "permalink": "/entries/Laplace_Transform.html", "shortname": "Laplace_Transform", "title": "Laplace Transform", "topic_links": [ "mathematics/analysis" ], "topics": [ "Mathematics/Analysis" ], "used_by": 0 }, { "abstract": "Communicating Concurrent Kleene Algebra (C²KA) is a mathematical framework for capturing the communicating and concurrent behaviour of agents in distributed systems. It extends Hoare et al.'s Concurrent Kleene Algebra (CKA) with communication actions through the notions of stimuli and shared environments. C²KA has applications in studying system-level properties of distributed systems such as safety, security, and reliability. In this work, we formalize results about C²KA and its application for distributed systems specification. We first formalize the stimulus structure and behaviour structure (CKA). Next, we combine them to formalize C²KA and its properties. Then, we formalize notions and properties related to the topology of distributed systems and the potential for communication via stimuli and via shared environments of agents, all within the algebraic setting of C²KA.", "authors": [ "Maxime Buyse", "Jason Jaskolka" ], "date": "2019-08-06", - "id": 214, + "id": 215, "link": "/entries/C2KA_DistributedSystems.html", "permalink": "/entries/C2KA_DistributedSystems.html", "shortname": "C2KA_DistributedSystems", "title": "Communicating Concurrent Kleene Algebra for Distributed Systems Specification", "topic_links": [ "computer-science/automata-and-formal-languages", "mathematics/algebra" ], "topics": [ "Computer science/Automata and formal languages", "Mathematics/Algebra" ], "used_by": 0 }, { "abstract": "We use the previous formalization of the general simplex algorithm to formulate an algorithm for solving linear programs. We encode the linear programs using only linear constraints. Solving these constraints also solves the original linear program. This algorithm is proven to be sound by applying the weak duality theorem which is also part of this formalization.", "authors": [ "Julian Parsert", "Cezary Kaliszyk" ], "date": "2019-08-06", - "id": 215, + "id": 216, "link": "/entries/Linear_Programming.html", "permalink": "/entries/Linear_Programming.html", "shortname": "Linear_Programming", "title": "Linear Programming", "topic_links": [ "mathematics/algebra" ], "topics": [ "Mathematics/Algebra" ], "used_by": 0 }, { "abstract": "\u003cp\u003eThis entry contains formalisations of the answers to three of the six problem of the International Mathematical Olympiad 2019, namely Q1, Q4, and Q5.\u003c/p\u003e \u003cp\u003eThe reason why these problems were chosen is that they are particularly amenable to formalisation: they can be solved with minimal use of libraries. The remaining three concern geometry and graph theory, which, in the author's opinion, are more difficult to formalise resp. require a more complex library.\u003c/p\u003e", "authors": [ "Manuel Eberl" ], "date": "2019-08-05", - "id": 216, + "id": 217, "link": "/entries/IMO2019.html", "permalink": "/entries/IMO2019.html", "shortname": "IMO2019", "title": "Selected Problems from the International Mathematical Olympiad 2019", "topic_links": [ "mathematics/misc" ], "topics": [ "Mathematics/Misc" ], "used_by": 0 }, { "abstract": "We formalize the static properties of personal Byzantine quorum systems (PBQSs) and Stellar quorum systems, as described in the paper ``Stellar Consensus by Reduction'' (to appear at DISC 2019).", "authors": [ "Giuliano Losa" ], "date": "2019-08-01", - "id": 217, + "id": 218, "link": "/entries/Stellar_Quorums.html", "permalink": "/entries/Stellar_Quorums.html", "shortname": "Stellar_Quorums", "title": "Stellar Quorum Systems", "topic_links": [ "computer-science/algorithms/distributed" ], "topics": [ "Computer science/Algorithms/Distributed" ], "used_by": 0 }, { "abstract": "The design of complex systems involves different formalisms for modeling their different parts or aspects. The global model of a system may therefore consist of a coordination of concurrent sub-models that use different paradigms. We develop here a theory for a language used to specify the timed coordination of such heterogeneous subsystems by addressing the following issues: \u003cul\u003e\u003cli\u003ethe behavior of the sub-systems is observed only at a series of discrete instants,\u003c/li\u003e\u003cli\u003eevents may occur in different sub-systems at unrelated times, leading to polychronous systems, which do not necessarily have a common base clock,\u003c/li\u003e\u003cli\u003ecoordination between subsystems involves causality, so the occurrence of an event may enforce the occurrence of other events, possibly after a certain duration has elapsed or an event has occurred a given number of times,\u003c/li\u003e\u003cli\u003ethe domain of time (discrete, rational, continuous...) may be different in the subsystems, leading to polytimed systems,\u003c/li\u003e\u003cli\u003ethe time frames of different sub-systems may be related (for instance, time in a GPS satellite and in a GPS receiver on Earth are related although they are not the same).\u003c/li\u003e\u003c/ul\u003e Firstly, a denotational semantics of the language is defined. Then, in order to be able to incrementally check the behavior of systems, an operational semantics is given, with proofs of progress, soundness and completeness with regard to the denotational semantics. These proofs are made according to a setup that can scale up when new operators are added to the language. In order for specifications to be composed in a clean way, the language should be invariant by stuttering (i.e., adding observation instants at which nothing happens). The proof of this invariance is also given.", "authors": [ "Hai Nguyen Van", "Frédéric Boulanger", "Burkhart Wolff" ], "date": "2019-07-30", - "id": 218, + "id": 219, "link": "/entries/TESL_Language.html", "permalink": "/entries/TESL_Language.html", "shortname": "TESL_Language", "title": "A Formal Development of a Polychronous Polytimed Coordination Language", "topic_links": [ "computer-science/system-description-languages", "computer-science/semantics-and-reasoning", "computer-science/concurrency" ], "topics": [ "Computer science/System description languages", "Computer science/Semantics and reasoning", "Computer science/Concurrency" ], "used_by": 0 }, { "abstract": "This entry is concerned with the principle of order extension, i.e. the extension of an order relation to a total order relation. To this end, we prove a more general version of Szpilrajn's extension theorem employing terminology from the book \"Consistency, Choice, and Rationality\" by Bossert and Suzumura. We also formalize theorem 2.7 of their book.", "authors": [ "Peter Zeller", "Lukas Stevens" ], "date": "2019-07-27", - "id": 219, + "id": 220, "link": "/entries/Szpilrajn.html", "permalink": "/entries/Szpilrajn.html", "shortname": "Szpilrajn", "title": "Order Extension and Szpilrajn's Extension Theorem", "topic_links": [ "mathematics/order" ], "topics": [ "Mathematics/Order" ], "used_by": 1 }, { "abstract": "This work formalizes soundness and completeness of a one-sided sequent calculus for first-order logic. The completeness is shown via a translation from a complete semantic tableau calculus, the proof of which is based on the First-Order Logic According to Fitting theory. The calculi and proof techniques are taken from Ben-Ari's Mathematical Logic for Computer Science. Paper: \u003ca href=\"http://ceur-ws.org/Vol-3002/paper7.pdf\"\u003ehttp://ceur-ws.org/Vol-3002/paper7.pdf\u003c/a\u003e.", "authors": [ "Asta Halkjær From" ], "date": "2019-07-18", - "id": 220, + "id": 221, "link": "/entries/FOL_Seq_Calc1.html", "permalink": "/entries/FOL_Seq_Calc1.html", "shortname": "FOL_Seq_Calc1", "title": "A Sequent Calculus for First-Order Logic", "topic_links": [ "logic/proof-theory" ], "topics": [ "Logic/Proof theory" ], "used_by": 1 }, { "abstract": "This entry contains the formalization that accompanies my PhD thesis (see https://lars.hupel.info/research/codegen/). I develop a verified compilation toolchain from executable specifications in Isabelle/HOL to CakeML abstract syntax trees. This improves over the state-of-the-art in Isabelle by providing a trustworthy procedure for code generation.", "authors": [ "Lars Hupel" ], "date": "2019-07-08", - "id": 221, + "id": 222, "link": "/entries/CakeML_Codegen.html", "permalink": "/entries/CakeML_Codegen.html", "shortname": "CakeML_Codegen", "title": "A Verified Code Generator from Isabelle/HOL to CakeML", "topic_links": [ "computer-science/programming-languages/compiling", "logic/rewriting" ], "topics": [ "Computer science/Programming languages/Compiling", "Logic/Rewriting" ], "used_by": 0 }, { "abstract": "A monitor is a runtime verification tool that solves the following problem: Given a stream of time-stamped events and a policy formulated in a specification language, decide whether the policy is satisfied at every point in the stream. We verify the correctness of an executable monitor for specifications given as formulas in metric first-order temporal logic (MFOTL), an expressive extension of linear temporal logic with real-time constraints and first-order quantification. The verified monitor implements a simplified variant of the algorithm used in the efficient MonPoly monitoring tool. The formalization is presented in a \u003ca href=\"https://doi.org/10.1007/978-3-030-32079-9_18\"\u003eRV 2019 paper\u003c/a\u003e, which also compares the output of the verified monitor to that of other monitoring tools on randomly generated inputs. This case study revealed several errors in the optimized but unverified tools.", "authors": [ "Joshua Schneider", "Dmitriy Traytel" ], "date": "2019-07-04", - "id": 222, + "id": 223, "link": "/entries/MFOTL_Monitor.html", "permalink": "/entries/MFOTL_Monitor.html", "shortname": "MFOTL_Monitor", "title": "Formalization of a Monitoring Algorithm for Metric First-Order Temporal Logic", "topic_links": [ "computer-science/algorithms", "logic/general-logic/temporal-logic", "computer-science/automata-and-formal-languages" ], "topics": [ "Computer science/Algorithms", "Logic/General logic/Temporal logic", "Computer science/Automata and formal languages" ], "used_by": 2 }, { "abstract": "We develop an Isabelle/HOL library of order-theoretic concepts, such as various completeness conditions and fixed-point theorems. We keep our formalization as general as possible: we reprove several well-known results about complete orders, often without any properties of ordering, thus complete non-orders. In particular, we generalize the Knaster–Tarski theorem so that we ensure the existence of a quasi-fixed point of monotone maps over complete non-orders, and show that the set of quasi-fixed points is complete under a mild condition—attractivity—which is implied by either antisymmetry or transitivity. This result generalizes and strengthens a result by Stauti and Maaden. Finally, we recover Kleene’s fixed-point theorem for omega-complete non-orders, again using attractivity to prove that Kleene’s fixed points are least quasi-fixed points.", "authors": [ "Akihisa Yamada", "Jérémy Dubut" ], "date": "2019-06-27", - "id": 223, + "id": 224, "link": "/entries/Complete_Non_Orders.html", "permalink": "/entries/Complete_Non_Orders.html", "shortname": "Complete_Non_Orders", "title": "Complete Non-Orders and Fixed Points", "topic_links": [ "mathematics/order" ], "topics": [ "Mathematics/Order" ], "used_by": 0 }, { "abstract": "We present a new, purely functional, simple and efficient data structure combining a search tree and a priority queue, which we call a \u003cem\u003epriority search tree\u003c/em\u003e. The salient feature of priority search trees is that they offer a decrease-key operation, something that is missing from other simple, purely functional priority queue implementations. Priority search trees can be implemented on top of any search tree. This entry does the implementation for red-black trees. This entry formalizes the first part of our ITP-2019 proof pearl \u003cem\u003ePurely Functional, Simple and Efficient Priority Search Trees and Applications to Prim and Dijkstra\u003c/em\u003e.", "authors": [ "Peter Lammich", "Tobias Nipkow" ], "date": "2019-06-25", - "id": 224, + "id": 225, "link": "/entries/Priority_Search_Trees.html", "permalink": "/entries/Priority_Search_Trees.html", "shortname": "Priority_Search_Trees", "title": "Priority Search Trees", "topic_links": [ "computer-science/data-structures" ], "topics": [ "Computer science/Data structures" ], "used_by": 1 }, { "abstract": "We verify purely functional, simple and efficient implementations of Prim's and Dijkstra's algorithms. This constitutes the first verification of an executable and even efficient version of Prim's algorithm. This entry formalizes the second part of our ITP-2019 proof pearl \u003cem\u003ePurely Functional, Simple and Efficient Priority Search Trees and Applications to Prim and Dijkstra\u003c/em\u003e.", "authors": [ "Peter Lammich", "Tobias Nipkow" ], "date": "2019-06-25", - "id": 225, + "id": 226, "link": "/entries/Prim_Dijkstra_Simple.html", "permalink": "/entries/Prim_Dijkstra_Simple.html", "shortname": "Prim_Dijkstra_Simple", "title": "Purely Functional, Simple, and Efficient Implementation of Prim and Dijkstra", "topic_links": [ "computer-science/algorithms/graph" ], "topics": [ "Computer science/Algorithms/Graph" ], "used_by": 0 }, { "abstract": "We formalize results about linear inqualities, mainly from Schrijver's book. The main results are the proof of the fundamental theorem on linear inequalities, Farkas' lemma, Carathéodory's theorem, the Farkas-Minkowsky-Weyl theorem, the decomposition theorem of polyhedra, and Meyer's result that the integer hull of a polyhedron is a polyhedron itself. Several theorems include bounds on the appearing numbers, and in particular we provide an a-priori bound on mixed-integer solutions of linear inequalities.", "authors": [ "Ralph Bottesch", "Alban Reynaud", "René Thiemann" ], "date": "2019-06-21", - "id": 226, + "id": 227, "link": "/entries/Linear_Inequalities.html", "permalink": "/entries/Linear_Inequalities.html", "shortname": "Linear_Inequalities", "title": "Linear Inequalities", "topic_links": [ "mathematics/algebra" ], "topics": [ "Mathematics/Algebra" ], "used_by": 2 }, { "abstract": "This entry formalizes Hilbert's Nullstellensatz, an important theorem in algebraic geometry that can be viewed as the generalization of the Fundamental Theorem of Algebra to multivariate polynomials: If a set of (multivariate) polynomials over an algebraically closed field has no common zero, then the ideal it generates is the entire polynomial ring. The formalization proves several equivalent versions of this celebrated theorem: the weak Nullstellensatz, the strong Nullstellensatz (connecting algebraic varieties and radical ideals), and the field-theoretic Nullstellensatz. The formalization follows Chapter 4.1. of \u003ca href=\"https://link.springer.com/book/10.1007/978-0-387-35651-8\"\u003eIdeals, Varieties, and Algorithms\u003c/a\u003e by Cox, Little and O'Shea.", "authors": [ "Alexander Maletzky" ], "date": "2019-06-16", - "id": 227, + "id": 228, "link": "/entries/Nullstellensatz.html", "permalink": "/entries/Nullstellensatz.html", "shortname": "Nullstellensatz", "title": "Hilbert's Nullstellensatz", "topic_links": [ "mathematics/algebra", "mathematics/geometry" ], "topics": [ "Mathematics/Algebra", "Mathematics/Geometry" ], "used_by": 0 }, { "abstract": "This entry formalizes the connection between Gröbner bases and Macaulay matrices (sometimes also referred to as `generalized Sylvester matrices'). In particular, it contains a method for computing Gröbner bases, which proceeds by first constructing some Macaulay matrix of the initial set of polynomials, then row-reducing this matrix, and finally converting the result back into a set of polynomials. The output is shown to be a Gröbner basis if the Macaulay matrix constructed in the first step is sufficiently large. In order to obtain concrete upper bounds on the size of the matrix (and hence turn the method into an effectively executable algorithm), Dubé's degree bounds on Gröbner bases are utilized; consequently, they are also part of the formalization.", "authors": [ "Alexander Maletzky" ], "date": "2019-06-15", - "id": 228, + "id": 229, "link": "/entries/Groebner_Macaulay.html", "permalink": "/entries/Groebner_Macaulay.html", "shortname": "Groebner_Macaulay", "title": "Gröbner Bases, Macaulay Matrices and Dubé's Degree Bounds", "topic_links": [ "mathematics/algebra" ], "topics": [ "Mathematics/Algebra" ], "used_by": 0 }, { "abstract": "In this submission array-based binary minimum heaps are formalized. The correctness of the following heap operations is proved: insert, get-min, delete-min and make-heap. These are then used to verify an in-place heapsort. The formalization is based on IMP2, an imperative program verification framework implemented in Isabelle/HOL. The verified heap functions are iterative versions of the partly recursive functions found in \"Algorithms and Data Structures – The Basic Toolbox\" by K. Mehlhorn and P. Sanders and \"Introduction to Algorithms\" by T. H. Cormen, C. E. Leiserson, R. L. Rivest and C. Stein.", "authors": [ "Simon Griebel" ], "date": "2019-06-13", - "id": 229, + "id": 230, "link": "/entries/IMP2_Binary_Heap.html", "permalink": "/entries/IMP2_Binary_Heap.html", "shortname": "IMP2_Binary_Heap", "title": "Binary Heaps for IMP2", "topic_links": [ "computer-science/data-structures", "computer-science/algorithms" ], "topics": [ "Computer science/Data structures", "Computer science/Algorithms" ], "used_by": 0 }, { "abstract": "This formalization provides differential game logic (dGL), a logic for proving properties of hybrid game. In addition to the syntax and semantics, it formalizes a uniform substitution calculus for dGL. Church's uniform substitutions substitute a term or formula for a function or predicate symbol everywhere. The uniform substitutions for dGL also substitute hybrid games for a game symbol everywhere. We prove soundness of one-pass uniform substitutions and the axioms of differential game logic with respect to their denotational semantics. One-pass uniform substitutions are faster by postponing soundness-critical admissibility checks with a linear pass homomorphic application and regain soundness by a variable condition at the replacements. The formalization is based on prior non-mechanized soundness proofs for dGL.", "authors": [ "André Platzer" ], "date": "2019-06-03", - "id": 230, + "id": 231, "link": "/entries/Differential_Game_Logic.html", "permalink": "/entries/Differential_Game_Logic.html", "shortname": "Differential_Game_Logic", "title": "Differential Game Logic", "topic_links": [ "computer-science/programming-languages/logics" ], "topics": [ "Computer science/Programming languages/Logics" ], "used_by": 0 }, { "abstract": "This entry provides a formalization of multidimensional binary trees, also known as k-d trees. It includes a balanced build algorithm as well as the nearest neighbor algorithm and the range search algorithm. It is based on the papers \u003ca href=\"https://dl.acm.org/citation.cfm?doid=361002.361007\"\u003eMultidimensional binary search trees used for associative searching\u003c/a\u003e and \u003ca href=\"https://dl.acm.org/citation.cfm?doid=355744.355745\"\u003e An Algorithm for Finding Best Matches in Logarithmic Expected Time\u003c/a\u003e.", "authors": [ "Martin Rau" ], "date": "2019-05-30", - "id": 231, + "id": 232, "link": "/entries/KD_Tree.html", "permalink": "/entries/KD_Tree.html", "shortname": "KD_Tree", "title": "Multidimensional Binary Search Trees", "topic_links": [ "computer-science/data-structures" ], "topics": [ "Computer science/Data structures" ], "used_by": 0 }, { "abstract": "Authenticated data structures are a technique for outsourcing data storage and maintenance to an untrusted server. The server is required to produce an efficiently checkable and cryptographically secure proof that it carried out precisely the requested computation. \u003ca href=\"https://doi.org/10.1145/2535838.2535851\"\u003eMiller et al.\u003c/a\u003e introduced \u0026lambda;\u0026bull; (pronounced \u003ci\u003elambda auth\u003c/i\u003e)\u0026mdash;a functional programming language with a built-in primitive authentication construct, which supports a wide range of user-specified authenticated data structures while guaranteeing certain correctness and security properties for all well-typed programs. We formalize \u0026lambda;\u0026bull; and prove its correctness and security properties. With Isabelle's help, we uncover and repair several mistakes in the informal proofs and lemma statements. Our findings are summarized in an \u003ca href=\"https://doi.org/10.4230/LIPIcs.ITP.2019.10\"\u003eITP'19 paper\u003c/a\u003e.", "authors": [ "Matthias Brun", "Dmitriy Traytel" ], "date": "2019-05-14", - "id": 232, + "id": 233, "link": "/entries/LambdaAuth.html", "permalink": "/entries/LambdaAuth.html", "shortname": "LambdaAuth", "title": "Formalization of Generic Authenticated Data Structures", "topic_links": [ "computer-science/security", "computer-science/programming-languages/lambda-calculi" ], "topics": [ "Computer science/Security", "Computer science/Programming languages/Lambda calculi" ], "used_by": 0 }, { "abstract": "We use CryptHOL to consider Multi-Party Computation (MPC) protocols. MPC was first considered by Yao in 1983 and recent advances in efficiency and an increased demand mean it is now deployed in the real world. Security is considered using the real/ideal world paradigm. We first define security in the semi-honest security setting where parties are assumed not to deviate from the protocol transcript. In this setting we prove multiple Oblivious Transfer (OT) protocols secure and then show security for the gates of the GMW protocol. We then define malicious security, this is a stronger notion of security where parties are assumed to be fully corrupted by an adversary. In this setting we again consider OT, as it is a fundamental building block of almost all MPC protocols.", "authors": [ "David Aspinall", "David Butler" ], "date": "2019-05-09", - "id": 233, + "id": 234, "link": "/entries/Multi_Party_Computation.html", "permalink": "/entries/Multi_Party_Computation.html", "shortname": "Multi_Party_Computation", "title": "Multi-Party Computation", "topic_links": [ "computer-science/security" ], "topics": [ "Computer science/Security" ], "used_by": 0 }, { "abstract": "This is a complete formalization of the work of Hoare and Roscoe on the denotational semantics of the Failure/Divergence Model of CSP. It follows essentially the presentation of CSP in Roscoe’s Book ”Theory and Practice of Concurrency” [8] and the semantic details in a joint Paper of Roscoe and Brooks ”An improved failures model for communicating processes\". The present work is based on a prior formalization attempt, called HOL-CSP 1.0, done in 1997 by H. Tej and B. Wolff with the Isabelle proof technology available at that time. This work revealed minor, but omnipresent foundational errors in key concepts like the process invariant. The present version HOL-CSP profits from substantially improved libraries (notably HOLCF), improved automated proof techniques, and structured proof techniques in Isar and is substantially shorter but more complete.", "authors": [ "Safouan Taha", "Lina Ye", "Burkhart Wolff" ], "date": "2019-04-26", - "id": 234, + "id": 235, "link": "/entries/HOL-CSP.html", "permalink": "/entries/HOL-CSP.html", "shortname": "HOL-CSP", "title": "HOL-CSP Version 2.0", "topic_links": [ "computer-science/concurrency/process-calculi", "computer-science/semantics-and-reasoning" ], "topics": [ "Computer science/Concurrency/Process calculi", "Computer science/Semantics and reasoning" ], "used_by": 1 }, { "abstract": "We present a formalisation of the unified translation approach of linear temporal logic (LTL) into ω-automata from [1]. This approach decomposes LTL formulas into ``simple'' languages and allows a clear separation of concerns: first, we formalise the purely logical result yielding this decomposition; second, we instantiate this generic theory to obtain a construction for deterministic (state-based) Rabin automata (DRA). We extract from this particular instantiation an executable tool translating LTL to DRAs. To the best of our knowledge this is the first verified translation from LTL to DRAs that is proven to be double exponential in the worst case which asymptotically matches the known lower bound. \u003cp\u003e [1] Javier Esparza, Jan Kretínský, Salomon Sickert. One Theorem to Rule Them All: A Unified Translation of LTL into ω-Automata. LICS 2018", "authors": [ "Benedikt Seidl", "Salomon Sickert" ], "date": "2019-04-16", - "id": 235, + "id": 236, "link": "/entries/LTL_Master_Theorem.html", "permalink": "/entries/LTL_Master_Theorem.html", "shortname": "LTL_Master_Theorem", "title": "A Compositional and Unified Translation of LTL into ω-Automata", "topic_links": [ "computer-science/automata-and-formal-languages" ], "topics": [ "Computer science/Automata and formal languages" ], "used_by": 1 }, { "abstract": "We formalize a theory of syntax with bindings that has been developed and refined over the last decade to support several large formalization efforts. Terms are defined for an arbitrary number of constructors of varying numbers of inputs, quotiented to alpha-equivalence and sorted according to a binding signature. The theory includes many properties of the standard operators on terms: substitution, swapping and freshness. It also includes bindings-aware induction and recursion principles and support for semantic interpretation. This work has been presented in the ITP 2017 paper “A Formalized General Theory of Syntax with Bindings”.", "authors": [ "Lorenzo Gheri", "Andrei Popescu" ], "date": "2019-04-06", - "id": 236, + "id": 237, "link": "/entries/Binding_Syntax_Theory.html", "permalink": "/entries/Binding_Syntax_Theory.html", "shortname": "Binding_Syntax_Theory", "title": "A General Theory of Syntax with Bindings", "topic_links": [ "computer-science/programming-languages/lambda-calculi", "computer-science/functional-programming", "logic/general-logic/mechanization-of-proofs" ], "topics": [ "Computer science/Programming languages/Lambda calculi", "Computer science/Functional programming", "Logic/General logic/Mechanization of proofs" ], "used_by": 0 }, { "abstract": "We formalize the proofs of two transcendence criteria by J. Hančl and P. Rucki that assert the transcendence of the sums of certain infinite series built up by sequences that fulfil certain properties. Both proofs make use of Roth's celebrated theorem on diophantine approximations to algebraic numbers from 1955 which we implement as an assumption without having formalised its proof.", "authors": [ "Angeliki Koutsoukou-Argyraki", "Wenda Li" ], "date": "2019-03-27", - "id": 237, + "id": 238, "link": "/entries/Transcendence_Series_Hancl_Rucki.html", "permalink": "/entries/Transcendence_Series_Hancl_Rucki.html", "shortname": "Transcendence_Series_Hancl_Rucki", "title": "The Transcendence of Certain Infinite Series", "topic_links": [ "mathematics/analysis", "mathematics/number-theory" ], "topics": [ "Mathematics/Analysis", "Mathematics/Number theory" ], "used_by": 0 }, { "abstract": "We formalize quantum Hoare logic as given in [1]. In particular, we specify the syntax and denotational semantics of a simple model of quantum programs. Then, we write down the rules of quantum Hoare logic for partial correctness, and show the soundness and completeness of the resulting proof system. As an application, we verify the correctness of Grover’s algorithm.", "authors": [ "Junyi Liu", "Bohua Zhan", "Shuling Wang", "Shenggang Ying", "Tao Liu", "Yangjia Li", "Mingsheng Ying", "Naijun Zhan" ], "date": "2019-03-24", - "id": 238, + "id": 239, "link": "/entries/QHLProver.html", "permalink": "/entries/QHLProver.html", "shortname": "QHLProver", "title": "Quantum Hoare Logic", "topic_links": [ "computer-science/programming-languages/logics", "computer-science/semantics-and-reasoning" ], "topics": [ "Computer science/Programming languages/Logics", "Computer science/Semantics and reasoning" ], "used_by": 1 }, { "abstract": "\u003cp\u003eThe theory is a formalization of the \u003ca href=\"https://www.omg.org/spec/OCL/\"\u003eOCL\u003c/a\u003e type system, its abstract syntax and expression typing rules. The theory does not define a concrete syntax and a semantics. In contrast to \u003ca href=\"https://www.isa-afp.org/entries/Featherweight_OCL.html\"\u003eFeatherweight OCL\u003c/a\u003e, it is based on a deep embedding approach. The type system is defined from scratch, it is not based on the Isabelle HOL type system.\u003c/p\u003e \u003cp\u003eThe Safe OCL distincts nullable and non-nullable types. Also the theory gives a formal definition of \u003ca href=\"http://ceur-ws.org/Vol-1512/paper07.pdf\"\u003esafe navigation operations\u003c/a\u003e. The Safe OCL typing rules are much stricter than rules given in the OCL specification. It allows one to catch more errors on a type checking phase.\u003c/p\u003e \u003cp\u003eThe type theory presented is four-layered: classes, basic types, generic types, errorable types. We introduce the following new types: non-nullable types (T[1]), nullable types (T[?]), OclSuper. OclSuper is a supertype of all other types (basic types, collections, tuples). This type allows us to define a total supremum function, so types form an upper semilattice. It allows us to define rich expression typing rules in an elegant manner.\u003c/p\u003e \u003cp\u003eThe Preliminaries Chapter of the theory defines a number of helper lemmas for transitive closures and tuples. It defines also a generic object model independent from OCL. It allows one to use the theory as a reference for formalization of analogous languages.\u003c/p\u003e", "authors": [ "Denis Nikiforov" ], "date": "2019-03-09", - "id": 239, + "id": 240, "link": "/entries/Safe_OCL.html", "permalink": "/entries/Safe_OCL.html", "shortname": "Safe_OCL", "title": "Safe OCL", "topic_links": [ "computer-science/programming-languages/language-definitions" ], "topics": [ "Computer science/Programming languages/Language definitions" ], "used_by": 0 }, { "abstract": "\u003cp\u003eThis entry is a formalisation of Chapter 4 (and parts of Chapter 3) of Apostol's \u003ca href=\"https://www.springer.com/de/book/9780387901633\"\u003e\u003cem\u003eIntroduction to Analytic Number Theory\u003c/em\u003e\u003c/a\u003e. The main topics that are addressed are properties of the distribution of prime numbers that can be shown in an elementary way (i.\u0026thinsp;e. without the Prime Number Theorem), the various equivalent forms of the PNT (which imply each other in elementary ways), and consequences that follow from the PNT in elementary ways. The latter include, most notably, asymptotic bounds for the number of distinct prime factors of \u003cem\u003en\u003c/em\u003e, the divisor function \u003cem\u003ed(n)\u003c/em\u003e, Euler's totient function \u003cem\u003e\u0026phi;(n)\u003c/em\u003e, and lcm(1,\u0026hellip;,\u003cem\u003en\u003c/em\u003e).\u003c/p\u003e", "authors": [ "Manuel Eberl" ], "date": "2019-02-21", - "id": 240, + "id": 241, "link": "/entries/Prime_Distribution_Elementary.html", "permalink": "/entries/Prime_Distribution_Elementary.html", "shortname": "Prime_Distribution_Elementary", "title": "Elementary Facts About the Distribution of Primes", "topic_links": [ "mathematics/number-theory" ], "topics": [ "Mathematics/Number theory" ], "used_by": 3 }, { "abstract": "This Isabelle/HOL formalization defines a greedy algorithm for finding a minimum weight basis on a weighted matroid and proves its correctness. This algorithm is an abstract version of Kruskal's algorithm. We interpret the abstract algorithm for the cycle matroid (i.e. forests in a graph) and refine it to imperative executable code using an efficient union-find data structure. Our formalization can be instantiated for different graph representations. We provide instantiations for undirected graphs and symmetric directed graphs.", "authors": [ "Maximilian P. L. Haslbeck", "Peter Lammich", "Julian Biendarra" ], "date": "2019-02-14", - "id": 241, + "id": 242, "link": "/entries/Kruskal.html", "permalink": "/entries/Kruskal.html", "shortname": "Kruskal", "title": "Kruskal's Algorithm for Minimum Spanning Forest", "topic_links": [ "computer-science/algorithms/graph" ], "topics": [ "Computer science/Algorithms/Graph" ], "used_by": 0 }, { "abstract": "\u003cp\u003eThe most efficient known primality tests are \u003cem\u003eprobabilistic\u003c/em\u003e in the sense that they use randomness and may, with some probability, mistakenly classify a composite number as prime \u0026ndash; but never a prime number as composite. Examples of this are the Miller\u0026ndash;Rabin test, the Solovay\u0026ndash;Strassen test, and (in most cases) Fermat's test.\u003c/p\u003e \u003cp\u003eThis entry defines these three tests and proves their correctness. It also develops some of the number-theoretic foundations, such as Carmichael numbers and the Jacobi symbol with an efficient executable algorithm to compute it.\u003c/p\u003e", "authors": [ "Daniel Stüwe", "Manuel Eberl" ], "date": "2019-02-11", - "id": 242, + "id": 243, "link": "/entries/Probabilistic_Prime_Tests.html", "permalink": "/entries/Probabilistic_Prime_Tests.html", "shortname": "Probabilistic_Prime_Tests", "title": "Probabilistic Primality Testing", "topic_links": [ "mathematics/number-theory" ], "topics": [ "Mathematics/Number theory" ], "used_by": 1 }, { "abstract": "We formalise results from computability theory: recursive functions, undecidability of the halting problem, and the existence of a universal Turing machine. This formalisation is the AFP entry corresponding to the paper Mechanising Turing Machines and Computability Theory in Isabelle/HOL, ITP 2013.", "authors": [ "Jian Xu", "Xingyuan Zhang", "Christian Urban", "Sebastiaan J. C. Joosten" ], "date": "2019-02-08", - "id": 243, + "id": 244, "link": "/entries/Universal_Turing_Machine.html", "permalink": "/entries/Universal_Turing_Machine.html", "shortname": "Universal_Turing_Machine", "title": "Universal Turing Machine", "topic_links": [ "logic/computability", "computer-science/automata-and-formal-languages" ], "topics": [ "Logic/Computability", "Computer science/Automata and formal languages" ], "used_by": 0 }, { "abstract": "Isabelle/UTP is a mechanised theory engineering toolkit based on Hoare and He’s Unifying Theories of Programming (UTP). UTP enables the creation of denotational, algebraic, and operational semantics for different programming languages using an alphabetised relational calculus. We provide a semantic embedding of the alphabetised relational calculus in Isabelle/HOL, including new type definitions, relational constructors, automated proof tactics, and accompanying algebraic laws. Isabelle/UTP can be used to both capture laws of programming for different languages, and put these fundamental theorems to work in the creation of associated verification tools, using calculi like Hoare logics. This document describes the relational core of the UTP in Isabelle/HOL.", "authors": [ "Simon Foster", "Frank Zeyda", "Yakoub Nemouchi", "Pedro Ribeiro", "Burkhart Wolff" ], "date": "2019-02-01", - "id": 244, + "id": 245, "link": "/entries/UTP.html", "permalink": "/entries/UTP.html", "shortname": "UTP", "title": "Isabelle/UTP: Mechanised Theory Engineering for Unifying Theories of Programming", "topic_links": [ "computer-science/programming-languages/logics" ], "topics": [ "Computer science/Programming languages/Logics" ], "used_by": 0 }, { "abstract": "\u003cp\u003eThis entry defines the set of \u003cem\u003einversions\u003c/em\u003e of a list, i.e. the pairs of indices that violate sortedness. It also proves the correctness of the well-known \u003cem\u003eO\u003c/em\u003e(\u003cem\u003en log n\u003c/em\u003e) divide-and-conquer algorithm to compute the number of inversions.\u003c/p\u003e", "authors": [ "Manuel Eberl" ], "date": "2019-02-01", - "id": 245, + "id": 246, "link": "/entries/List_Inversions.html", "permalink": "/entries/List_Inversions.html", "shortname": "List_Inversions", "title": "The Inversions of a List", "topic_links": [ "computer-science/algorithms" ], "topics": [ "Computer science/Algorithms" ], "used_by": 0 }, { "abstract": "We formalize a proof of Motzkin's transposition theorem and Farkas' lemma in Isabelle/HOL. Our proof is based on the formalization of the simplex algorithm which, given a set of linear constraints, either returns a satisfying assignment to the problem or detects unsatisfiability. By reusing facts about the simplex algorithm we show that a set of linear constraints is unsatisfiable if and only if there is a linear combination of the constraints which evaluates to a trivially unsatisfiable inequality.", "authors": [ "Ralph Bottesch", "Max W. Haslbeck", "René Thiemann" ], "date": "2019-01-17", - "id": 246, + "id": 247, "link": "/entries/Farkas.html", "permalink": "/entries/Farkas.html", "shortname": "Farkas", "title": "Farkas' Lemma and Motzkin's Transposition Theorem", "topic_links": [ "mathematics/algebra" ], "topics": [ "Mathematics/Algebra" ], "used_by": 1 }, { "abstract": "In this formalization, I introduce a higher-order term algebra, generalizing the notions of free variables, matching, and substitution. The need arose from the work on a \u003ca href=\"http://dx.doi.org/10.1007/978-3-319-89884-1_35\"\u003everified compiler from Isabelle to CakeML\u003c/a\u003e. Terms can be thought of as consisting of a generic (free variables, constants, application) and a specific part. As example applications, this entry provides instantiations for de-Bruijn terms, terms with named variables, and \u003ca href=\"https://www.isa-afp.org/entries/Lambda_Free_RPOs.html\"\u003eBlanchette’s \u0026lambda;-free higher-order terms\u003c/a\u003e. Furthermore, I implement translation functions between de-Bruijn terms and named terms and prove their correctness.", "authors": [ "Lars Hupel" ], "date": "2019-01-15", - "id": 247, + "id": 248, "link": "/entries/Higher_Order_Terms.html", "permalink": "/entries/Higher_Order_Terms.html", "shortname": "Higher_Order_Terms", "title": "An Algebra for Higher-Order Terms", "topic_links": [ "computer-science/programming-languages/lambda-calculi" ], "topics": [ "Computer science/Programming languages/Lambda calculi" ], "used_by": 1 }, { "abstract": "IMP2 is a simple imperative language together with Isabelle tooling to create a program verification environment in Isabelle/HOL. The tools include a C-like syntax, a verification condition generator, and Isabelle commands for the specification of programs. The framework is modular, i.e., it allows easy reuse of already proved programs within larger programs. This entry comes with a quickstart guide and a large collection of examples, spanning basic algorithms with simple proofs to more advanced algorithms and proof techniques like data refinement. Some highlights from the examples are: \u003cul\u003e \u003cli\u003eBisection Square Root, \u003c/li\u003e \u003cli\u003eExtended Euclid, \u003c/li\u003e \u003cli\u003eExponentiation by Squaring, \u003c/li\u003e \u003cli\u003eBinary Search, \u003c/li\u003e \u003cli\u003eInsertion Sort, \u003c/li\u003e \u003cli\u003eQuicksort, \u003c/li\u003e \u003cli\u003eDepth First Search. \u003c/li\u003e \u003c/ul\u003e The abstract syntax and semantics are very simple and well-documented. They are suitable to be used in a course, as extension to the IMP language which comes with the Isabelle distribution. While this entry is limited to a simple imperative language, the ideas could be extended to more sophisticated languages.", "authors": [ "Peter Lammich", "Simon Wimmer" ], "date": "2019-01-15", - "id": 248, + "id": 249, "link": "/entries/IMP2.html", "permalink": "/entries/IMP2.html", "shortname": "IMP2", "title": "IMP2 – Simple Program Verification in Isabelle/HOL", "topic_links": [ "computer-science/programming-languages/logics", "computer-science/algorithms" ], "topics": [ "Computer science/Programming languages/Logics", "Computer science/Algorithms" ], "used_by": 1 }, { "abstract": "When verifying a concurrent program, it is usual to assume that memory is sequentially consistent. However, most modern multiprocessors depend on store buffering for efficiency, and provide native sequential consistency only at a substantial performance penalty. To regain sequential consistency, a programmer has to follow an appropriate programming discipline. However, na\u0026iuml;ve disciplines, such as protecting all shared accesses with locks, are not flexible enough for building high-performance multiprocessor software. We present a new discipline for concurrent programming under TSO (total store order, with store buffer forwarding). It does not depend on concurrency primitives, such as locks. Instead, threads use ghost operations to acquire and release ownership of memory addresses. A thread can write to an address only if no other thread owns it, and can read from an address only if it owns it or it is shared and the thread has flushed its store buffer since it last wrote to an address it did not own. This discipline covers both coarse-grained concurrency (where data is protected by locks) as well as fine-grained concurrency (where atomic operations race to memory). We formalize this discipline in Isabelle/HOL, and prove that if every execution of a program in a system without store buffers follows the discipline, then every execution of the program with store buffers is sequentially consistent. Thus, we can show sequential consistency under TSO by ordinary assertional reasoning about the program, without having to consider store buffers at all.", "authors": [ "Ernie Cohen", "Norbert Schirmer" ], "date": "2019-01-07", - "id": 249, + "id": 250, "link": "/entries/Store_Buffer_Reduction.html", "permalink": "/entries/Store_Buffer_Reduction.html", "shortname": "Store_Buffer_Reduction", "title": "A Reduction Theorem for Store Buffers", "topic_links": [ "computer-science/concurrency" ], "topics": [ "Computer science/Concurrency" ], "used_by": 0 }, { "abstract": "In this AFP entry, we formalize the core of the Document Object Model (DOM). At its core, the DOM defines a tree-like data structure for representing documents in general and HTML documents in particular. It is the heart of any modern web browser. Formalizing the key concepts of the DOM is a prerequisite for the formal reasoning over client-side JavaScript programs and for the analysis of security concepts in modern web browsers. We present a formalization of the core DOM, with focus on the node-tree and the operations defined on node-trees, in Isabelle/HOL. We use the formalization to verify the functional correctness of the most important functions defined in the DOM standard. Moreover, our formalization is 1) extensible, i.e., can be extended without the need of re-proving already proven properties and 2) executable, i.e., we can generate executable code from our specification.", "authors": [ "Achim D. Brucker", "Michael Herzberg" ], "date": "2018-12-26", - "id": 250, + "id": 251, "link": "/entries/Core_DOM.html", "permalink": "/entries/Core_DOM.html", "shortname": "Core_DOM", "title": "A Formal Model of the Document Object Model", "topic_links": [ "computer-science/data-structures" ], "topics": [ "Computer science/Data structures" ], "used_by": 1 }, { "abstract": "Concurrent revisions is a concurrency control model developed by Microsoft Research. It has many interesting properties that distinguish it from other well-known models such as transactional memory. One of these properties is \u003cem\u003edeterminacy\u003c/em\u003e: programs written within the model always produce the same outcome, independent of scheduling activity. The concurrent revisions model has an operational semantics, with an informal proof of determinacy. This document contains an Isabelle/HOL formalization of this semantics and the proof of determinacy.", "authors": [ "Roy Overbeek" ], "date": "2018-12-25", - "id": 251, + "id": 252, "link": "/entries/Concurrent_Revisions.html", "permalink": "/entries/Concurrent_Revisions.html", "shortname": "Concurrent_Revisions", "title": "Formalization of Concurrent Revisions", "topic_links": [ "computer-science/concurrency" ], "topics": [ "Computer science/Concurrency" ], "used_by": 0 }, { "abstract": "This entry contains the application of auto2 to verifying functional and imperative programs. Algorithms and data structures that are verified include linked lists, binary search trees, red-black trees, interval trees, priority queue, quicksort, union-find, Dijkstra's algorithm, and a sweep-line algorithm for detecting rectangle intersection. The imperative verification is based on Imperative HOL and its separation logic framework. A major goal of this work is to set up automation in order to reduce the length of proof that the user needs to provide, both for verifying functional programs and for working with separation logic.", "authors": [ "Bohua Zhan" ], "date": "2018-12-21", - "id": 252, + "id": 253, "link": "/entries/Auto2_Imperative_HOL.html", "permalink": "/entries/Auto2_Imperative_HOL.html", "shortname": "Auto2_Imperative_HOL", "title": "Verifying Imperative Programs using Auto2", "topic_links": [ "computer-science/algorithms", "computer-science/data-structures" ], "topics": [ "Computer science/Algorithms", "Computer science/Data structures" ], "used_by": 0 }, { "abstract": "Inspired by Abstract Cryptography, we extend CryptHOL, a framework for formalizing game-based proofs, with an abstract model of Random Systems and provide proof rules about their composition and equality. This foundation facilitates the formalization of Constructive Cryptography proofs, where the security of a cryptographic scheme is realized as a special form of construction in which a complex random system is built from simpler ones. This is a first step towards a fully-featured compositional framework, similar to Universal Composability framework, that supports formalization of simulation-based proofs.", "authors": [ "Andreas Lochbihler", "S. Reza Sefidgar" ], "date": "2018-12-17", - "id": 253, + "id": 254, "link": "/entries/Constructive_Cryptography.html", "permalink": "/entries/Constructive_Cryptography.html", "shortname": "Constructive_Cryptography", "title": "Constructive Cryptography in HOL", "topic_links": [ "computer-science/security/cryptography", "mathematics/probability-theory" ], "topics": [ "Computer science/Security/Cryptography", "Mathematics/Probability theory" ], "used_by": 1 }, { "abstract": "These components add further fundamental order and lattice-theoretic concepts and properties to Isabelle's libraries. They follow by and large the introductory sections of the Compendium of Continuous Lattices, covering directed and filtered sets, down-closed and up-closed sets, ideals and filters, Galois connections, closure and co-closure operators. Some emphasis is on duality and morphisms between structures, as in the Compendium. To this end, three ad-hoc approaches to duality are compared.", "authors": [ "Georg Struth" ], "date": "2018-12-11", - "id": 254, + "id": 255, "link": "/entries/Order_Lattice_Props.html", "permalink": "/entries/Order_Lattice_Props.html", "shortname": "Order_Lattice_Props", "title": "Properties of Orderings and Lattices", "topic_links": [ "mathematics/order" ], "topics": [ "Mathematics/Order" ], "used_by": 2 }, { "abstract": "These mathematical components formalise basic properties of quantales, together with some important models, constructions, and concepts, including quantic nuclei and conuclei.", "authors": [ "Georg Struth" ], "date": "2018-12-11", - "id": 255, + "id": 256, "link": "/entries/Quantales.html", "permalink": "/entries/Quantales.html", "shortname": "Quantales", "title": "Quantales", "topic_links": [ "mathematics/algebra" ], "topics": [ "Mathematics/Algebra" ], "used_by": 1 }, { "abstract": "These mathematical components formalise predicate transformer semantics for programs, yet currently only for partial correctness and in the absence of faults. A first part for isotone (or monotone), Sup-preserving and Inf-preserving transformers follows Back and von Wright's approach, with additional emphasis on the quantalic structure of algebras of transformers. The second part develops Sup-preserving and Inf-preserving predicate transformers from the powerset monad, via its Kleisli category and Eilenberg-Moore algebras, with emphasis on adjunctions and dualities, as well as isomorphisms between relations, state transformers and predicate transformers.", "authors": [ "Georg Struth" ], "date": "2018-12-11", - "id": 256, + "id": 257, "link": "/entries/Transformer_Semantics.html", "permalink": "/entries/Transformer_Semantics.html", "shortname": "Transformer_Semantics", "title": "Transformer Semantics", "topic_links": [ "mathematics/algebra", "computer-science/semantics-and-reasoning" ], "topics": [ "Mathematics/Algebra", "Computer science/Semantics and reasoning" ], "used_by": 1 }, { "abstract": "This Isabelle/HOL formalization refines the abstract ordered resolution prover presented in Section 4.3 of Bachmair and Ganzinger's \"Resolution Theorem Proving\" chapter in the \u003ci\u003eHandbook of Automated Reasoning\u003c/i\u003e. The result is a functional implementation of a first-order prover.", "authors": [ "Anders Schlichtkrull", "Jasmin Christian Blanchette", "Dmitriy Traytel" ], "date": "2018-11-23", - "id": 257, + "id": 258, "link": "/entries/Functional_Ordered_Resolution_Prover.html", "permalink": "/entries/Functional_Ordered_Resolution_Prover.html", "shortname": "Functional_Ordered_Resolution_Prover", "title": "A Verified Functional Implementation of Bachmair and Ganzinger's Ordered Resolution Prover", "topic_links": [ "logic/general-logic/mechanization-of-proofs" ], "topics": [ "Logic/General logic/Mechanization of proofs" ], "used_by": 0 }, { "abstract": "This is an Isabelle/HOL formalisation of graph saturation, closely following a \u003ca href=\"https://doi.org/10.1016/j.jlamp.2018.06.005\"\u003epaper by the author\u003c/a\u003e on graph saturation. Nine out of ten lemmas of the original paper are proven in this formalisation. The formalisation additionally includes two theorems that show the main premise of the paper: that consistency and entailment are decided through graph saturation. This formalisation does not give executable code, and it did not implement any of the optimisations suggested in the paper.", "authors": [ "Sebastiaan J. C. Joosten" ], "date": "2018-11-23", - "id": 258, + "id": 259, "link": "/entries/Graph_Saturation.html", "permalink": "/entries/Graph_Saturation.html", "shortname": "Graph_Saturation", "title": "Graph Saturation", "topic_links": [ "logic/rewriting", "mathematics/graph-theory" ], "topics": [ "Logic/Rewriting", "Mathematics/Graph theory" ], "used_by": 0 }, { "abstract": "Auto2 is a saturation-based heuristic prover for higher-order logic, implemented as a tactic in Isabelle. This entry contains the instantiation of auto2 for Isabelle/HOL, along with two basic examples: solutions to some of the Pelletier’s problems, and elementary number theory of primes.", "authors": [ "Bohua Zhan" ], "date": "2018-11-20", - "id": 259, + "id": 260, "link": "/entries/Auto2_HOL.html", "permalink": "/entries/Auto2_HOL.html", "shortname": "Auto2_HOL", "title": "Auto2 Prover", "topic_links": [ "tools" ], "topics": [ "Tools" ], "used_by": 1 }, { "abstract": "\u003cp\u003eThis article defines the combinatorial structures known as \u003cem\u003eIndependence Systems\u003c/em\u003e and \u003cem\u003eMatroids\u003c/em\u003e and provides basic concepts and theorems related to them. These structures play an important role in combinatorial optimisation, e. g. greedy algorithms such as Kruskal's algorithm. The development is based on Oxley's \u003ca href=\"http://www.math.lsu.edu/~oxley/survey4.pdf\"\u003e`What is a Matroid?'\u003c/a\u003e.\u003c/p\u003e", "authors": [ "Jonas Keinholz" ], "date": "2018-11-16", - "id": 260, + "id": 261, "link": "/entries/Matroids.html", "permalink": "/entries/Matroids.html", "shortname": "Matroids", "title": "Matroids", "topic_links": [ "mathematics/combinatorics" ], "topics": [ "Mathematics/Combinatorics" ], "used_by": 1 }, { "abstract": "\u003cp\u003eWe provide a framework for automatically deriving instances for generic type classes. Our approach is inspired by Haskell's \u003ci\u003egeneric-deriving\u003c/i\u003e package and Scala's \u003ci\u003eshapeless\u003c/i\u003e library. In addition to generating the code for type class functions, we also attempt to automatically prove type class laws for these instances. As of now, however, some manual proofs are still required for recursive datatypes.\u003c/p\u003e \u003cp\u003eNote: There are already articles in the AFP that provide automatic instantiation for a number of classes. Concretely, \u003ca href=\"https://www.isa-afp.org/entries/Deriving.html\"\u003eDeriving\u003c/a\u003e allows the automatic instantiation of comparators, linear orders, equality, and hashing. \u003ca href=\"https://www.isa-afp.org/entries/Show.html\"\u003eShow\u003c/a\u003e instantiates a Haskell-style \u003ci\u003eshow\u003c/i\u003e class.\u003c/p\u003e\u003cp\u003eOur approach works for arbitrary classes (with some Isabelle/HOL overhead for each class), but a smaller set of datatypes.\u003c/p\u003e", "authors": [ "Jonas Rädle", "Lars Hupel" ], "date": "2018-11-06", - "id": 261, + "id": 262, "link": "/entries/Generic_Deriving.html", "permalink": "/entries/Generic_Deriving.html", "shortname": "Generic_Deriving", "title": "Deriving generic class instances for datatypes", "topic_links": [ "computer-science/data-structures" ], "topics": [ "Computer science/Data structures" ], "used_by": 0 }, { "abstract": "An ambitious ethical theory ---Alan Gewirth's \"Principle of Generic Consistency\"--- is encoded and analysed in Isabelle/HOL. Gewirth's theory has stirred much attention in philosophy and ethics and has been proposed as a potential means to bound the impact of artificial general intelligence.", "authors": [ "David Fuenmayor", "Christoph Benzmüller" ], "date": "2018-10-30", - "id": 262, + "id": 263, "link": "/entries/GewirthPGCProof.html", "permalink": "/entries/GewirthPGCProof.html", "shortname": "GewirthPGCProof", "title": "Formalisation and Evaluation of Alan Gewirth's Proof for the Principle of Generic Consistency in Isabelle/HOL", "topic_links": [ "logic/philosophical-aspects" ], "topics": [ "Logic/Philosophical aspects" ], "used_by": 0 }, { "abstract": "This work is a formalization of epistemic logic with countably many agents. It includes proofs of soundness and completeness for the axiom system K. The completeness proof is based on the textbook \"Reasoning About Knowledge\" by Fagin, Halpern, Moses and Vardi (MIT Press 1995). The extensions of system K (T, KB, K4, S4, S5) and their completeness proofs are based on the textbook \"Modal Logic\" by Blackburn, de Rijke and Venema (Cambridge University Press 2001). Papers: \u003ca href=\"https://doi.org/10.1007/978-3-030-88853-4_1\"\u003ehttps://doi.org/10.1007/978-3-030-88853-4_1\u003c/a\u003e, \u003ca href=\"https://doi.org/10.1007/978-3-030-90138-7_2\"\u003ehttps://doi.org/10.1007/978-3-030-90138-7_2\u003c/a\u003e.", "authors": [ "Asta Halkjær From" ], "date": "2018-10-29", - "id": 263, + "id": 264, "link": "/entries/Epistemic_Logic.html", "permalink": "/entries/Epistemic_Logic.html", "shortname": "Epistemic_Logic", "title": "Epistemic Logic: Completeness of Modal Logics", "topic_links": [ "logic/general-logic/logics-of-knowledge-and-belief" ], "topics": [ "Logic/General logic/Logics of knowledge and belief" ], "used_by": 2 }, { "abstract": "We formalize the definition and basic properties of smooth manifolds in Isabelle/HOL. Concepts covered include partition of unity, tangent and cotangent spaces, and the fundamental theorem of path integrals. We also examine some concrete manifolds such as spheres and projective spaces. The formalization makes extensive use of the analysis and linear algebra libraries in Isabelle/HOL, in particular its “types-to-sets” mechanism.", "authors": [ "Fabian Immler", "Bohua Zhan" ], "date": "2018-10-22", - "id": 264, + "id": 265, "link": "/entries/Smooth_Manifolds.html", "permalink": "/entries/Smooth_Manifolds.html", "shortname": "Smooth_Manifolds", "title": "Smooth Manifolds", "topic_links": [ "mathematics/analysis", "mathematics/topology" ], "topics": [ "Mathematics/Analysis", "Mathematics/Topology" ], "used_by": 0 }, { "abstract": "This Isabelle/HOL formalization defines the Embedding Path Order (EPO) for higher-order terms without lambda-abstraction and proves many useful properties about it. In contrast to the lambda-free recursive path orders, it does not fully coincide with RPO on first-order terms, but it is compatible with arbitrary higher-order contexts.", "authors": [ "Alexander Bentkamp" ], "date": "2018-10-19", - "id": 265, + "id": 266, "link": "/entries/Lambda_Free_EPO.html", "permalink": "/entries/Lambda_Free_EPO.html", "shortname": "Lambda_Free_EPO", "title": "Formalization of the Embedding Path Order for Lambda-Free Higher-Order Terms", "topic_links": [ "logic/rewriting" ], "topics": [ "Logic/Rewriting" ], "used_by": 0 }, { "abstract": "\u003cp\u003eThis work is a formalisation of the Randomised Binary Search Trees introduced by Martínez and Roura, including definitions and correctness proofs.\u003c/p\u003e \u003cp\u003eLike randomised treaps, they are a probabilistic data structure that behaves exactly as if elements were inserted into a non-balancing BST in random order. However, unlike treaps, they only use discrete probability distributions, but their use of randomness is more complicated.\u003c/p\u003e", "authors": [ "Manuel Eberl" ], "date": "2018-10-19", - "id": 266, + "id": 267, "link": "/entries/Randomised_BSTs.html", "permalink": "/entries/Randomised_BSTs.html", "shortname": "Randomised_BSTs", "title": "Randomised Binary Search Trees", "topic_links": [ "computer-science/data-structures" ], "topics": [ "Computer science/Data structures" ], "used_by": 0 }, { "abstract": "A completeness threshold is required to guarantee the completeness of planning as satisfiability, and bounded model checking of safety properties. One valid completeness threshold is the diameter of the underlying transition system. The diameter is the maximum element in the set of lengths of all shortest paths between pairs of states. The diameter is not calculated exactly in our setting, where the transition system is succinctly described using a (propositionally) factored representation. Rather, an upper bound on the diameter is calculated compositionally, by bounding the diameters of small abstract subsystems, and then composing those. We port a HOL4 formalisation of a compositional algorithm for computing a relatively tight upper bound on the system diameter. This compositional algorithm exploits acyclicity in the state space to achieve compositionality, and it was introduced by Abdulaziz et. al. The formalisation that we port is described as a part of another paper by Abdulaziz et. al. As a part of this porting we developed a libray about transition systems, which shall be of use in future related mechanisation efforts.", "authors": [ "Friedrich Kurz", "Mohammad Abdulaziz" ], "date": "2018-10-12", - "id": 267, + "id": 268, "link": "/entries/Factored_Transition_System_Bounding.html", "permalink": "/entries/Factored_Transition_System_Bounding.html", "shortname": "Factored_Transition_System_Bounding", "title": "Upper Bounding Diameters of State Spaces of Factored Transition Systems", "topic_links": [ "computer-science/automata-and-formal-languages", "mathematics/graph-theory" ], "topics": [ "Computer science/Automata and formal languages", "Mathematics/Graph theory" ], "used_by": 0 }, { "abstract": "\u003cp\u003eThis entry shows the transcendence of \u0026pi; based on the classic proof using the fundamental theorem of symmetric polynomials first given by von Lindemann in 1882, but the formalisation mostly follows the version by Niven. The proof reuses much of the machinery developed in the AFP entry on the transcendence of \u003cem\u003ee\u003c/em\u003e.\u003c/p\u003e", "authors": [ "Manuel Eberl" ], "date": "2018-09-28", - "id": 268, + "id": 269, "link": "/entries/Pi_Transcendental.html", "permalink": "/entries/Pi_Transcendental.html", "shortname": "Pi_Transcendental", "title": "The Transcendence of π", "topic_links": [ "mathematics/number-theory" ], "topics": [ "Mathematics/Number theory" ], "used_by": 1 }, { "abstract": "\u003cp\u003eA symmetric polynomial is a polynomial in variables \u003cem\u003eX\u003c/em\u003e\u003csub\u003e1\u003c/sub\u003e,\u0026hellip;,\u003cem\u003eX\u003c/em\u003e\u003csub\u003en\u003c/sub\u003e that does not discriminate between its variables, i.\u0026thinsp;e. it is invariant under any permutation of them. These polynomials are important in the study of the relationship between the coefficients of a univariate polynomial and its roots in its algebraic closure.\u003c/p\u003e \u003cp\u003eThis article provides a definition of symmetric polynomials and the elementary symmetric polynomials e\u003csub\u003e1\u003c/sub\u003e,\u0026hellip;,e\u003csub\u003en\u003c/sub\u003e and proofs of their basic properties, including three notable ones:\u003c/p\u003e \u003cul\u003e \u003cli\u003e Vieta's formula, which gives an explicit expression for the \u003cem\u003ek\u003c/em\u003e-th coefficient of a univariate monic polynomial in terms of its roots \u003cem\u003ex\u003c/em\u003e\u003csub\u003e1\u003c/sub\u003e,\u0026hellip;,\u003cem\u003ex\u003c/em\u003e\u003csub\u003en\u003c/sub\u003e, namely \u003cem\u003ec\u003c/em\u003e\u003csub\u003e\u003cem\u003ek\u003c/em\u003e\u003c/sub\u003e = (-1)\u003csup\u003e\u003cem\u003en\u003c/em\u003e-\u003cem\u003ek\u003c/em\u003e\u003c/sup\u003e\u0026thinsp;e\u003csub\u003e\u003cem\u003en\u003c/em\u003e-\u003cem\u003ek\u003c/em\u003e\u003c/sub\u003e(\u003cem\u003ex\u003c/em\u003e\u003csub\u003e1\u003c/sub\u003e,\u0026hellip;,\u003cem\u003ex\u003c/em\u003e\u003csub\u003en\u003c/sub\u003e).\u003c/li\u003e \u003cli\u003eSecond, the Fundamental Theorem of Symmetric Polynomials, which states that any symmetric polynomial is itself a uniquely determined polynomial combination of the elementary symmetric polynomials.\u003c/li\u003e \u003cli\u003eThird, as a corollary of the previous two, that given a polynomial over some ring \u003cem\u003eR\u003c/em\u003e, any symmetric polynomial combination of its roots is also in \u003cem\u003eR\u003c/em\u003e even when the roots are not. \u003c/ul\u003e \u003cp\u003e Both the symmetry property itself and the witness for the Fundamental Theorem are executable. \u003c/p\u003e", "authors": [ "Manuel Eberl" ], "date": "2018-09-25", - "id": 269, + "id": 270, "link": "/entries/Symmetric_Polynomials.html", "permalink": "/entries/Symmetric_Polynomials.html", "shortname": "Symmetric_Polynomials", "title": "Symmetric Polynomials", "topic_links": [ "mathematics/algebra" ], "topics": [ "Mathematics/Algebra" ], "used_by": 2 }, { "abstract": "\u003cp\u003eThis article formalizes signature-based algorithms for computing Gr\u0026ouml;bner bases. Such algorithms are, in general, superior to other algorithms in terms of efficiency, and have not been formalized in any proof assistant so far. The present development is both generic, in the sense that most known variants of signature-based algorithms are covered by it, and effectively executable on concrete input thanks to Isabelle's code generator. Sample computations of benchmark problems show that the verified implementation of signature-based algorithms indeed outperforms the existing implementation of Buchberger's algorithm in Isabelle/HOL.\u003c/p\u003e \u003cp\u003eBesides total correctness of the algorithms, the article also proves that under certain conditions they a-priori detect and avoid all useless zero-reductions, and always return 'minimal' (in some sense) Gr\u0026ouml;bner bases if an input parameter is chosen in the right way.\u003c/p\u003e\u003cp\u003eThe formalization follows the recent survey article by Eder and Faug\u0026egrave;re.\u003c/p\u003e", "authors": [ "Alexander Maletzky" ], "date": "2018-09-20", - "id": 270, + "id": 271, "link": "/entries/Signature_Groebner.html", "permalink": "/entries/Signature_Groebner.html", "shortname": "Signature_Groebner", "title": "Signature-Based Gröbner Basis Algorithms", "topic_links": [ "mathematics/algebra", "computer-science/algorithms/mathematical" ], "topics": [ "Mathematics/Algebra", "Computer science/Algorithms/Mathematical" ], "used_by": 0 }, { "abstract": "\u003cp\u003eThis article provides a short proof of the Prime Number Theorem in several equivalent forms, most notably \u0026pi;(\u003cem\u003ex\u003c/em\u003e) ~ \u003cem\u003ex\u003c/em\u003e/ln \u003cem\u003ex\u003c/em\u003e where \u0026pi;(\u003cem\u003ex\u003c/em\u003e) is the number of primes no larger than \u003cem\u003ex\u003c/em\u003e. It also defines other basic number-theoretic functions related to primes like Chebyshev's functions \u0026thetasym; and \u0026psi; and the \u0026ldquo;\u003cem\u003en\u003c/em\u003e-th prime number\u0026rdquo; function p\u003csub\u003e\u003cem\u003en\u003c/em\u003e\u003c/sub\u003e. We also show various bounds and relationship between these functions are shown. Lastly, we derive Mertens' First and Second Theorem, i.\u0026thinsp;e. \u0026sum;\u003csub\u003e\u003cem\u003ep\u003c/em\u003e\u0026le;\u003cem\u003ex\u003c/em\u003e\u003c/sub\u003e ln \u003cem\u003ep\u003c/em\u003e/\u003cem\u003ep\u003c/em\u003e = ln \u003cem\u003ex\u003c/em\u003e + \u003cem\u003eO\u003c/em\u003e(1) and \u0026sum;\u003csub\u003e\u003cem\u003ep\u003c/em\u003e\u0026le;\u003cem\u003ex\u003c/em\u003e\u003c/sub\u003e 1/\u003cem\u003ep\u003c/em\u003e = ln ln \u003cem\u003ex\u003c/em\u003e + M + \u003cem\u003eO\u003c/em\u003e(1/ln \u003cem\u003ex\u003c/em\u003e). We also give explicit bounds for the remainder terms.\u003c/p\u003e \u003cp\u003eThe proof of the Prime Number Theorem builds on a library of Dirichlet series and analytic combinatorics. We essentially follow the presentation by Newman. The core part of the proof is a Tauberian theorem for Dirichlet series, which is proven using complex analysis and then used to strengthen Mertens' First Theorem to \u0026sum;\u003csub\u003e\u003cem\u003ep\u003c/em\u003e\u0026le;\u003cem\u003ex\u003c/em\u003e\u003c/sub\u003e ln \u003cem\u003ep\u003c/em\u003e/\u003cem\u003ep\u003c/em\u003e = ln \u003cem\u003ex\u003c/em\u003e + c + \u003cem\u003eo\u003c/em\u003e(1).\u003c/p\u003e \u003cp\u003eA variant of this proof has been formalised before by Harrison in HOL Light, and formalisations of Selberg's elementary proof exist both by Avigad \u003cem\u003eet al.\u003c/em\u003e in Isabelle and by Carneiro in Metamath. The advantage of the analytic proof is that, while it requires more powerful mathematical tools, it is considerably shorter and clearer. This article attempts to provide a short and clear formalisation of all components of that proof using the full range of mathematical machinery available in Isabelle, staying as close as possible to Newman's simple paper proof.\u003c/p\u003e", "authors": [ "Manuel Eberl", "Lawrence C. Paulson" ], "date": "2018-09-19", - "id": 271, + "id": 272, "link": "/entries/Prime_Number_Theorem.html", "permalink": "/entries/Prime_Number_Theorem.html", "shortname": "Prime_Number_Theorem", "title": "The Prime Number Theorem", "topic_links": [ "mathematics/number-theory" ], "topics": [ "Mathematics/Number theory" ], "used_by": 4 }, { "abstract": "We develop algebras for aggregation and minimisation for weight matrices and for edge weights in graphs. We verify the correctness of Prim's and Kruskal's minimum spanning tree algorithms based on these algebras. We also show numerous instances of these algebras based on linearly ordered commutative semigroups.", "authors": [ "Walter Guttmann" ], "date": "2018-09-15", - "id": 272, + "id": 273, "link": "/entries/Aggregation_Algebras.html", "permalink": "/entries/Aggregation_Algebras.html", "shortname": "Aggregation_Algebras", "title": "Aggregation Algebras", "topic_links": [ "mathematics/algebra" ], "topics": [ "Mathematics/Algebra" ], "used_by": 1 }, { "abstract": "We develop the basic theory of Octonions, including various identities and properties of the octonions and of the octonionic product, a description of 7D isometries and representations of orthogonal transformations. To this end we first develop the theory of the vector cross product in 7 dimensions. The development of the theory of Octonions is inspired by that of the theory of Quaternions by Lawrence Paulson. However, we do not work within the type class real_algebra_1 because the octonionic product is not associative.", "authors": [ "Angeliki Koutsoukou-Argyraki" ], "date": "2018-09-14", - "id": 273, + "id": 274, "link": "/entries/Octonions.html", "permalink": "/entries/Octonions.html", "shortname": "Octonions", "title": "Octonions", "topic_links": [ "mathematics/algebra", "mathematics/geometry" ], "topics": [ "Mathematics/Algebra", "Mathematics/Geometry" ], "used_by": 0 }, { "abstract": "This theory is inspired by the HOL Light development of quaternions, but follows its own route. Quaternions are developed coinductively, as in the existing formalisation of the complex numbers. Quaternions are quickly shown to belong to the type classes of real normed division algebras and real inner product spaces. And therefore they inherit a great body of facts involving algebraic laws, limits, continuity, etc., which must be proved explicitly in the HOL Light version. The development concludes with the geometric interpretation of the product of imaginary quaternions.", "authors": [ "Lawrence C. Paulson" ], "date": "2018-09-05", - "id": 274, + "id": 275, "link": "/entries/Quaternions.html", "permalink": "/entries/Quaternions.html", "shortname": "Quaternions", "title": "Quaternions", "topic_links": [ "mathematics/algebra", "mathematics/geometry" ], "topics": [ "Mathematics/Algebra", "Mathematics/Geometry" ], "used_by": 0 }, { "abstract": "This entry is mainly about counting and approximating real roots (of a polynomial) with multiplicity. We have first formalised the Budan-Fourier theorem: given a polynomial with real coefficients, we can calculate sign variations on Fourier sequences to over-approximate the number of real roots (counting multiplicity) within an interval. When all roots are known to be real, the over-approximation becomes tight: we can utilise this theorem to count real roots exactly. It is also worth noting that Descartes' rule of sign is a direct consequence of the Budan-Fourier theorem, and has been included in this entry. In addition, we have extended previous formalised Sturm's theorem to count real roots with multiplicity, while the original Sturm's theorem only counts distinct real roots. Compared to the Budan-Fourier theorem, our extended Sturm's theorem always counts roots exactly but may suffer from greater computational cost.", "authors": [ "Wenda Li" ], "date": "2018-09-02", - "id": 275, + "id": 276, "link": "/entries/Budan_Fourier.html", "permalink": "/entries/Budan_Fourier.html", "shortname": "Budan_Fourier", "title": "The Budan-Fourier Theorem and Counting Real Roots with Multiplicity", "topic_links": [ "mathematics/analysis" ], "topics": [ "Mathematics/Analysis" ], "used_by": 2 }, { "abstract": "We present an Isabelle/HOL formalization and total correctness proof for the incremental version of the Simplex algorithm which is used in most state-of-the-art SMT solvers. It supports extraction of satisfying assignments, extraction of minimal unsatisfiable cores, incremental assertion of constraints and backtracking. The formalization relies on stepwise program refinement, starting from a simple specification, going through a number of refinement steps, and ending up in a fully executable functional implementation. Symmetries present in the algorithm are handled with special care.", "authors": [ "Filip Marić", "Mirko Spasić", "René Thiemann" ], "date": "2018-08-24", - "id": 276, + "id": 277, "link": "/entries/Simplex.html", "permalink": "/entries/Simplex.html", "shortname": "Simplex", "title": "An Incremental Simplex Algorithm with Unsatisfiable Core Generation", "topic_links": [ "computer-science/algorithms/optimization" ], "topics": [ "Computer science/Algorithms/Optimization" ], "used_by": 1 }, { "abstract": "\u003cp\u003e We formalize undecidablity results for Minsky machines. To this end, we also formalize recursive inseparability. \u003c/p\u003e\u003cp\u003e We start by proving that Minsky machines can compute arbitrary primitive recursive and recursive functions. We then show that there is a deterministic Minsky machine with one argument and two final states such that the set of inputs that are accepted in one state is recursively inseparable from the set of inputs that are accepted in the other state. \u003c/p\u003e\u003cp\u003e As a corollary, the set of Minsky configurations that reach the first state but not the second recursively inseparable from the set of Minsky configurations that reach the second state but not the first. In particular both these sets are undecidable. \u003c/p\u003e\u003cp\u003e We do \u003cem\u003enot\u003c/em\u003e prove that recursive functions can simulate Minsky machines. \u003c/p\u003e", "authors": [ "Bertram Felgenhauer" ], "date": "2018-08-14", - "id": 277, + "id": 278, "link": "/entries/Minsky_Machines.html", "permalink": "/entries/Minsky_Machines.html", "shortname": "Minsky_Machines", "title": "Minsky Machines", "topic_links": [ "logic/computability" ], "topics": [ "Logic/Computability" ], "used_by": 0 }, { "abstract": "We have formalized the computation of fair prices for derivative products in discrete financial models. As an application, we derive a way to compute fair prices of derivative products in the Cox-Ross-Rubinstein model of a financial market, thus completing the work that was presented in this \u003ca href=\"https://hal.archives-ouvertes.fr/hal-01562944\"\u003epaper\u003c/a\u003e.", "authors": [ "Mnacho Echenim" ], "date": "2018-07-16", - "id": 278, + "id": 279, "link": "/entries/DiscretePricing.html", "permalink": "/entries/DiscretePricing.html", "shortname": "DiscretePricing", "title": "Pricing in discrete financial models", "topic_links": [ "mathematics/probability-theory", "mathematics/games-and-economics" ], "topics": [ "Mathematics/Probability theory", "Mathematics/Games and economics" ], "used_by": 0 }, { "abstract": "Utility functions form an essential part of game theory and economics. In order to guarantee the existence of utility functions most of the time sufficient properties are assumed in an axiomatic manner. One famous and very common set of such assumptions is that of expected utility theory. Here, the rationality, continuity, and independence of preferences is assumed. The von-Neumann-Morgenstern Utility theorem shows that these assumptions are necessary and sufficient for an expected utility function to exists. This theorem was proven by Neumann and Morgenstern in ``Theory of Games and Economic Behavior'' which is regarded as one of the most influential works in game theory. The formalization includes formal definitions of the underlying concepts including continuity and independence of preferences.", "authors": [ "Julian Parsert", "Cezary Kaliszyk" ], "date": "2018-07-04", - "id": 279, + "id": 280, "link": "/entries/Neumann_Morgenstern_Utility.html", "permalink": "/entries/Neumann_Morgenstern_Utility.html", "shortname": "Neumann_Morgenstern_Utility", "title": "Von-Neumann-Morgenstern Utility Theorem", "topic_links": [ "mathematics/games-and-economics" ], "topics": [ "Mathematics/Games and economics" ], "used_by": 0 }, { "abstract": "\u003cp\u003e This article gives the basic theory of Pell's equation \u003cem\u003ex\u003c/em\u003e\u003csup\u003e2\u003c/sup\u003e = 1 + \u003cem\u003eD\u003c/em\u003e\u0026thinsp;\u003cem\u003ey\u003c/em\u003e\u003csup\u003e2\u003c/sup\u003e, where \u003cem\u003eD\u003c/em\u003e\u0026thinsp;\u0026isin;\u0026thinsp;\u0026#8469; is a parameter and \u003cem\u003ex\u003c/em\u003e, \u003cem\u003ey\u003c/em\u003e are integer variables. \u003c/p\u003e \u003cp\u003e The main result that is proven is the following: If \u003cem\u003eD\u003c/em\u003e is not a perfect square, then there exists a \u003cem\u003efundamental solution\u003c/em\u003e (\u003cem\u003ex\u003c/em\u003e\u003csub\u003e0\u003c/sub\u003e, \u003cem\u003ey\u003c/em\u003e\u003csub\u003e0\u003c/sub\u003e) that is not the trivial solution (1, 0) and which generates all other solutions (\u003cem\u003ex\u003c/em\u003e, \u003cem\u003ey\u003c/em\u003e) in the sense that there exists some \u003cem\u003en\u003c/em\u003e\u0026thinsp;\u0026isin;\u0026thinsp;\u0026#8469; such that |\u003cem\u003ex\u003c/em\u003e| + |\u003cem\u003ey\u003c/em\u003e|\u0026thinsp;\u0026radic;\u003cspan style=\"text-decoration: overline\"\u003e\u003cem\u003eD\u003c/em\u003e\u003c/span\u003e = (\u003cem\u003ex\u003c/em\u003e\u003csub\u003e0\u003c/sub\u003e + \u003cem\u003ey\u003c/em\u003e\u003csub\u003e0\u003c/sub\u003e\u0026thinsp;\u0026radic;\u003cspan style=\"text-decoration: overline\"\u003e\u003cem\u003eD\u003c/em\u003e\u003c/span\u003e)\u003csup\u003e\u003cem\u003en\u003c/em\u003e\u003c/sup\u003e. This also implies that the set of solutions is infinite, and it gives us an explicit and executable characterisation of all the solutions. \u003c/p\u003e \u003cp\u003e Based on this, simple executable algorithms for computing the fundamental solution and the infinite sequence of all non-negative solutions are also provided. \u003c/p\u003e", "authors": [ "Manuel Eberl" ], "date": "2018-06-23", - "id": 280, + "id": 281, "link": "/entries/Pell.html", "permalink": "/entries/Pell.html", "shortname": "Pell", "title": "Pell's Equation", "topic_links": [ "mathematics/number-theory" ], "topics": [ "Mathematics/Number theory" ], "used_by": 1 }, { "abstract": "We formalize the basics of projective geometry. In particular, we give a proof of the so-called Hessenberg's theorem in projective plane geometry. We also provide a proof of the so-called Desargues's theorem based on an axiomatization of (higher) projective space geometry using the notion of rank of a matroid. This last approach allows to handle incidence relations in an homogeneous way dealing only with points and without the need of talking explicitly about lines, planes or any higher entity.", "authors": [ "Anthony Bordg" ], "date": "2018-06-14", - "id": 281, + "id": 282, "link": "/entries/Projective_Geometry.html", "permalink": "/entries/Projective_Geometry.html", "shortname": "Projective_Geometry", "title": "Projective Geometry", "topic_links": [ "mathematics/geometry" ], "topics": [ "Mathematics/Geometry" ], "used_by": 0 }, { "abstract": "We formalize the localization of a commutative ring R with respect to a multiplicative subset (i.e. a submonoid of R seen as a multiplicative monoid). This localization is itself a commutative ring and we build the natural homomorphism of rings from R to its localization.", "authors": [ "Anthony Bordg" ], "date": "2018-06-14", - "id": 282, + "id": 283, "link": "/entries/Localization_Ring.html", "permalink": "/entries/Localization_Ring.html", "shortname": "Localization_Ring", "title": "The Localization of a Commutative Ring", "topic_links": [ "mathematics/algebra" ], "topics": [ "Mathematics/Algebra" ], "used_by": 1 }, { "abstract": "This entry provides a formalization of the abstract theory of ample set partial order reduction. The formalization includes transition systems with actions, trace theory, as well as basics on finite, infinite, and lazy sequences. We also provide a basic framework for static analysis on concurrent systems with respect to the ample set condition.", "authors": [ "Julian Brunner" ], "date": "2018-06-05", - "id": 283, + "id": 284, "link": "/entries/Partial_Order_Reduction.html", "permalink": "/entries/Partial_Order_Reduction.html", "shortname": "Partial_Order_Reduction", "title": "Partial Order Reduction", "topic_links": [ "computer-science/automata-and-formal-languages" ], "topics": [ "Computer science/Automata and formal languages" ], "used_by": 1 }, { "abstract": "This article formalizes recursive algorithms for the construction of optimal binary search trees given fixed access frequencies. We follow Knuth (1971), Yao (1980) and Mehlhorn (1984). The algorithms are memoized with the help of the AFP article \u003ca href=\"Monad_Memo_DP.html\"\u003eMonadification, Memoization and Dynamic Programming\u003c/a\u003e, thus yielding dynamic programming algorithms.", "authors": [ "Tobias Nipkow", "Dániel Somogyi" ], "date": "2018-05-27", - "id": 284, + "id": 285, "link": "/entries/Optimal_BST.html", "permalink": "/entries/Optimal_BST.html", "shortname": "Optimal_BST", "title": "Optimal Binary Search Trees", "topic_links": [ "computer-science/algorithms", "computer-science/data-structures" ], "topics": [ "Computer science/Algorithms", "Computer science/Data structures" ], "used_by": 0 }, { "abstract": "This entry contains a formalization of hidden Markov models [3] based on Johannes Hölzl's formalization of discrete time Markov chains [1]. The basic definitions are provided and the correctness of two main (dynamic programming) algorithms for hidden Markov models is proved: the forward algorithm for computing the likelihood of an observed sequence, and the Viterbi algorithm for decoding the most probable hidden state sequence. The Viterbi algorithm is made executable including memoization. Hidden markov models have various applications in natural language processing. For an introduction see Jurafsky and Martin [2].", "authors": [ "Simon Wimmer" ], "date": "2018-05-25", - "id": 285, + "id": 286, "link": "/entries/Hidden_Markov_Models.html", "permalink": "/entries/Hidden_Markov_Models.html", "shortname": "Hidden_Markov_Models", "title": "Hidden Markov Models", "topic_links": [ "mathematics/probability-theory", "computer-science/algorithms" ], "topics": [ "Mathematics/Probability theory", "Computer science/Algorithms" ], "used_by": 0 }, { "abstract": "We present a formalization of probabilistic timed automata (PTA) for which we try to follow the formula MDP + TA = PTA as far as possible: our work starts from our existing formalizations of Markov decision processes (MDP) and timed automata (TA) and combines them modularly. We prove the fundamental result for probabilistic timed automata: the region construction that is known from timed automata carries over to the probabilistic setting. In particular, this allows us to prove that minimum and maximum reachability probabilities can be computed via a reduction to MDP model checking, including the case where one wants to disregard unrealizable behavior. Further information can be found in our ITP paper [2].", "authors": [ "Simon Wimmer", "Johannes Hölzl" ], "date": "2018-05-24", - "id": 286, + "id": 287, "link": "/entries/Probabilistic_Timed_Automata.html", "permalink": "/entries/Probabilistic_Timed_Automata.html", "shortname": "Probabilistic_Timed_Automata", "title": "Probabilistic Timed Automata", "topic_links": [ "mathematics/probability-theory", "computer-science/automata-and-formal-languages" ], "topics": [ "Mathematics/Probability theory", "Computer science/Automata and formal languages" ], "used_by": 0 }, { "abstract": "This document provides a concise overview on the core results of our previous work on the exploration of axioms systems for category theory. Extending the previous studies (http://arxiv.org/abs/1609.01493) we include one further axiomatic theory in our experiments. This additional theory has been suggested by Mac Lane in 1948. We show that the axioms proposed by Mac Lane are equivalent to the ones we studied before, which includes an axioms set suggested by Scott in the 1970s and another axioms set proposed by Freyd and Scedrov in 1990, which we slightly modified to remedy a minor technical issue.", "authors": [ "Christoph Benzmüller", "Dana Scott" ], "date": "2018-05-23", - "id": 287, + "id": 288, "link": "/entries/AxiomaticCategoryTheory.html", "permalink": "/entries/AxiomaticCategoryTheory.html", "shortname": "AxiomaticCategoryTheory", "title": "Axiom Systems for Category Theory in Free Logic", "topic_links": [ "mathematics/category-theory" ], "topics": [ "Mathematics/Category theory" ], "used_by": 0 }, { "abstract": "We formalize with Isabelle/HOL a proof of a theorem by J. Hancl asserting the irrationality of the sum of a series consisting of rational numbers, built up by sequences that fulfill certain properties. Even though the criterion is a number theoretic result, the proof makes use only of analytical arguments. We also formalize a corollary of the theorem for a specific series fulfilling the assumptions of the theorem.", "authors": [ "Angeliki Koutsoukou-Argyraki", "Wenda Li" ], "date": "2018-05-23", - "id": 288, + "id": 289, "link": "/entries/Irrationality_J_Hancl.html", "permalink": "/entries/Irrationality_J_Hancl.html", "shortname": "Irrationality_J_Hancl", "title": "Irrational Rapidly Convergent Series", "topic_links": [ "mathematics/number-theory", "mathematics/analysis" ], "topics": [ "Mathematics/Number theory", "Mathematics/Analysis" ], "used_by": 0 }, { "abstract": "We present a lightweight framework for the automatic verified (functional or imperative) memoization of recursive functions. Our tool can turn a pure Isabelle/HOL function definition into a monadified version in a state monad or the Imperative HOL heap monad, and prove a correspondence theorem. We provide a variety of memory implementations for the two types of monads. A number of simple techniques allow us to achieve bottom-up computation and space-efficient memoization. The framework’s utility is demonstrated on a number of representative dynamic programming problems. A detailed description of our work can be found in the accompanying paper [2].", "authors": [ "Simon Wimmer", "Shuwei Hu", "Tobias Nipkow" ], "date": "2018-05-22", - "id": 289, + "id": 290, "link": "/entries/Monad_Memo_DP.html", "permalink": "/entries/Monad_Memo_DP.html", "shortname": "Monad_Memo_DP", "title": "Monadification, Memoization and Dynamic Programming", "topic_links": [ "computer-science/algorithms", "computer-science/functional-programming" ], "topics": [ "Computer science/Algorithms", "Computer science/Functional programming" ], "used_by": 2 }, { "abstract": "We introduce OpSets, an executable framework for specifying and reasoning about the semantics of replicated datatypes that provide eventual consistency in a distributed system, and for mechanically verifying algorithms that implement these datatypes. Our approach is simple but expressive, allowing us to succinctly specify a variety of abstract datatypes, including maps, sets, lists, text, graphs, trees, and registers. Our datatypes are also composable, enabling the construction of complex data structures. To demonstrate the utility of OpSets for analysing replication algorithms, we highlight an important correctness property for collaborative text editing that has traditionally been overlooked; algorithms that do not satisfy this property can exhibit awkward interleaving of text. We use OpSets to specify this correctness property and prove that although one existing replication algorithm satisfies this property, several other published algorithms do not.", "authors": [ "Martin Kleppmann", "Victor B. F. Gomes", "Dominic P. Mulligan", "Alastair R. Beresford" ], "date": "2018-05-10", - "id": 290, + "id": 291, "link": "/entries/OpSets.html", "permalink": "/entries/OpSets.html", "shortname": "OpSets", "title": "OpSets: Sequential Specifications for Replicated Datatypes", "topic_links": [ "computer-science/algorithms/distributed", "computer-science/data-structures" ], "topics": [ "Computer science/Algorithms/Distributed", "Computer science/Data structures" ], "used_by": 0 }, { "abstract": "The \"Modular Assembly Kit for Security Properties\" (MAKS) is a framework for both the definition and verification of possibilistic information-flow security properties at the specification-level. MAKS supports the uniform representation of a wide range of possibilistic information-flow properties and provides support for the verification of such properties via unwinding results and compositionality results. We provide a formalization of this framework in Isabelle/HOL.", "authors": [ "Oliver Bračevac", "Richard Gay", "Sylvia Grewe", "Heiko Mantel", "Henning Sudbrock", "Markus Tasch" ], "date": "2018-05-07", - "id": 291, + "id": 292, "link": "/entries/Modular_Assembly_Kit_Security.html", "permalink": "/entries/Modular_Assembly_Kit_Security.html", "shortname": "Modular_Assembly_Kit_Security", "title": "An Isabelle/HOL Formalization of the Modular Assembly Kit for Security Properties", "topic_links": [ "computer-science/security" ], "topics": [ "Computer science/Security" ], "used_by": 0 }, { "abstract": "This is a mechanised specification of the WebAssembly language, drawn mainly from the previously published paper formalisation of Haas et al. Also included is a full proof of soundness of the type system, together with a verified type checker and interpreter. We include only a partial procedure for the extraction of the type checker and interpreter here. For more details, please see our paper in CPP 2018.", "authors": [ "Conrad Watt" ], "date": "2018-04-29", - "id": 292, + "id": 293, "link": "/entries/WebAssembly.html", "permalink": "/entries/WebAssembly.html", "shortname": "WebAssembly", "title": "WebAssembly", "topic_links": [ "computer-science/programming-languages/language-definitions" ], "topics": [ "Computer science/Programming languages/Language definitions" ], "used_by": 0 }, { "abstract": "\u003ca href=\"http://www.pm.inf.ethz.ch/research/verifythis.html\"\u003eVerifyThis 2018\u003c/a\u003e was a program verification competition associated with ETAPS 2018. It was the 7th event in the VerifyThis competition series. In this entry, we present polished and completed versions of our solutions that we created during the competition.", "authors": [ "Peter Lammich", "Simon Wimmer" ], "date": "2018-04-27", - "id": 293, + "id": 294, "link": "/entries/VerifyThis2018.html", "permalink": "/entries/VerifyThis2018.html", "shortname": "VerifyThis2018", "title": "VerifyThis 2018 - Polished Isabelle Solutions", "topic_links": [ "computer-science/algorithms" ], "topics": [ "Computer science/Algorithms" ], "used_by": 0 }, { "abstract": "Bounded natural functors (BNFs) provide a modular framework for the construction of (co)datatypes in higher-order logic. Their functorial operations, the mapper and relator, are restricted to a subset of the parameters, namely those where recursion can take place. For certain applications, such as free theorems, data refinement, quotients, and generalised rewriting, it is desirable that these operations do not ignore the other parameters. In this article, we formalise the generalisation BNF\u003csub\u003eCC\u003c/sub\u003e that extends the mapper and relator to covariant and contravariant parameters. We show that \u003col\u003e \u003cli\u003e BNF\u003csub\u003eCC\u003c/sub\u003es are closed under functor composition and least and greatest fixpoints,\u003c/li\u003e \u003cli\u003e subtypes inherit the BNF\u003csub\u003eCC\u003c/sub\u003e structure under conditions that generalise those for the BNF case, and\u003c/li\u003e \u003cli\u003e BNF\u003csub\u003eCC\u003c/sub\u003es preserve quotients under mild conditions.\u003c/li\u003e \u003c/ol\u003e These proofs are carried out for abstract BNF\u003csub\u003eCC\u003c/sub\u003es similar to the AFP entry BNF Operations. In addition, we apply the BNF\u003csub\u003eCC\u003c/sub\u003e theory to several concrete functors.", "authors": [ "Andreas Lochbihler", "Joshua Schneider" ], "date": "2018-04-24", - "id": 294, + "id": 295, "link": "/entries/BNF_CC.html", "permalink": "/entries/BNF_CC.html", "shortname": "BNF_CC", "title": "Bounded Natural Functors with Covariance and Contravariance", "topic_links": [ "computer-science/functional-programming", "tools" ], "topics": [ "Computer science/Functional programming", "Tools" ], "used_by": 0 }, { "abstract": "\u003cp\u003eThis formalisation contains the proof that there is no anonymous Social Choice Function for at least three agents and alternatives that fulfils both Pareto-Efficiency and Fishburn-Strategyproofness. It was derived from a proof of \u003ca href=\"http://dss.in.tum.de/files/brandt-research/stratset.pdf\"\u003eBrandt \u003cem\u003eet al.\u003c/em\u003e\u003c/a\u003e, which relies on an unverified translation of a fixed finite instance of the original problem to SAT. This Isabelle proof contains a machine-checked version of both the statement for exactly three agents and alternatives and the lifting to the general case.\u003c/p\u003e", "authors": [ "Felix Brandt", "Manuel Eberl", "Christian Saile", "Christian Stricker" ], "date": "2018-03-22", - "id": 295, + "id": 296, "link": "/entries/Fishburn_Impossibility.html", "permalink": "/entries/Fishburn_Impossibility.html", "shortname": "Fishburn_Impossibility", "title": "The Incompatibility of Fishburn-Strategyproofness and Pareto-Efficiency", "topic_links": [ "mathematics/games-and-economics" ], "topics": [ "Mathematics/Games and economics" ], "used_by": 0 }, { "abstract": "This theory provides a verified implementation of weight-balanced trees following the work of \u003ca href=\"https://doi.org/10.1017/S0956796811000104\"\u003eHirai and Yamamoto\u003c/a\u003e who proved that all parameters in a certain range are valid, i.e. guarantee that insertion and deletion preserve weight-balance. Instead of a general theorem we provide parameterized proofs of preservation of the invariant that work for many (all?) valid parameters.", "authors": [ "Tobias Nipkow", "Stefan Dirix" ], "date": "2018-03-13", - "id": 296, + "id": 297, "link": "/entries/Weight_Balanced_Trees.html", "permalink": "/entries/Weight_Balanced_Trees.html", "shortname": "Weight_Balanced_Trees", "title": "Weight-Balanced Trees", "topic_links": [ "computer-science/data-structures" ], "topics": [ "Computer science/Data structures" ], "used_by": 0 }, { "abstract": "CakeML is a functional programming language with a proven-correct compiler and runtime system. This entry contains an unofficial version of the CakeML semantics that has been exported from the Lem specifications to Isabelle. Additionally, there are some hand-written theory files that adapt the exported code to Isabelle and port proofs from the HOL4 formalization, e.g. termination and equivalence proofs.", "authors": [ "Lars Hupel", "Yu Zhang" ], "date": "2018-03-12", - "id": 297, + "id": 298, "link": "/entries/CakeML.html", "permalink": "/entries/CakeML.html", "shortname": "CakeML", "title": "CakeML", "topic_links": [ "computer-science/programming-languages/language-definitions" ], "topics": [ "Computer science/Programming languages/Language definitions" ], "used_by": 1 }, { "abstract": "The following document formalizes and verifies several architectural design patterns. Each pattern specification is formalized in terms of a locale where the locale assumptions correspond to the assumptions which a pattern poses on an architecture. Thus, pattern specifications may build on top of each other by interpreting the corresponding locale. A pattern is verified using the framework provided by the AFP entry Dynamic Architectures. Currently, the document consists of formalizations of 4 different patterns: the singleton, the publisher subscriber, the blackboard pattern, and the blockchain pattern. Thereby, the publisher component of the publisher subscriber pattern is modeled as an instance of the singleton pattern and the blackboard pattern is modeled as an instance of the publisher subscriber pattern. In general, this entry provides the first steps towards an overall theory of architectural design patterns.", "authors": [ "Diego Marmsoler" ], "date": "2018-03-01", - "id": 298, + "id": 299, "link": "/entries/Architectural_Design_Patterns.html", "permalink": "/entries/Architectural_Design_Patterns.html", "shortname": "Architectural_Design_Patterns", "title": "A Theory of Architectural Design Patterns", "topic_links": [ "computer-science/system-description-languages" ], "topics": [ "Computer science/System description languages" ], "used_by": 0 }, { "abstract": "We study three different Hoare logics for reasoning about time bounds of imperative programs and formalize them in Isabelle/HOL: a classical Hoare like logic due to Nielson, a logic with potentials due to Carbonneaux \u003ci\u003eet al.\u003c/i\u003e and a \u003ci\u003eseparation logic\u003c/i\u003e following work by Atkey, Chaguérand and Pottier. These logics are formally shown to be sound and complete. Verification condition generators are developed and are shown sound and complete too. We also consider variants of the systems where we abstract from multiplicative constants in the running time bounds, thus supporting a big-O style of reasoning. Finally we compare the expressive power of the three systems.", "authors": [ "Maximilian P. L. Haslbeck", "Tobias Nipkow" ], "date": "2018-02-26", - "id": 299, + "id": 300, "link": "/entries/Hoare_Time.html", "permalink": "/entries/Hoare_Time.html", "shortname": "Hoare_Time", "title": "Hoare Logics for Time Bounds", "topic_links": [ "computer-science/programming-languages/logics" ], "topics": [ "Computer science/Programming languages/Logics" ], "used_by": 0 }, { "abstract": "Short vectors in lattices and factors of integer polynomials are related. Each factor of an integer polynomial belongs to a certain lattice. When factoring polynomials, the condition that we are looking for an irreducible polynomial means that we must look for a small element in a lattice, which can be done by a basis reduction algorithm. In this development we formalize this connection and thereby one main application of the LLL basis reduction algorithm: an algorithm to factor square-free integer polynomials which runs in polynomial time. The work is based on our previous Berlekamp–Zassenhaus development, where the exponential reconstruction phase has been replaced by the polynomial-time basis reduction algorithm. Thanks to this formalization we found a serious flaw in a textbook.", "authors": [ "Jose Divasón", "Sebastiaan J. C. Joosten", "René Thiemann", "Akihisa Yamada" ], "date": "2018-02-06", - "id": 300, + "id": 301, "link": "/entries/LLL_Factorization.html", "permalink": "/entries/LLL_Factorization.html", "shortname": "LLL_Factorization", "title": "A verified factorization algorithm for integer polynomials with polynomial complexity", "topic_links": [ "mathematics/algebra" ], "topics": [ "Mathematics/Algebra" ], "used_by": 0 }, { "abstract": "We formalize basic results on first-order terms, including matching and a first-order unification algorithm, as well as well-foundedness of the subsumption order. This entry is part of the \u003ci\u003eIsabelle Formalization of Rewriting\u003c/i\u003e \u003ca href=\"http://cl-informatik.uibk.ac.at/isafor\"\u003eIsaFoR\u003c/a\u003e, where first-order terms are omni-present: the unification algorithm is used to certify several confluence and termination techniques, like critical-pair computation and dependency graph approximations; and the subsumption order is a crucial ingredient for completion.", "authors": [ "Christian Sternagel", "René Thiemann" ], "date": "2018-02-06", - "id": 301, + "id": 302, "link": "/entries/First_Order_Terms.html", "permalink": "/entries/First_Order_Terms.html", "shortname": "First_Order_Terms", "title": "First-Order Terms", "topic_links": [ "logic/rewriting", "computer-science/algorithms" ], "topics": [ "Logic/Rewriting", "Computer science/Algorithms" ], "used_by": 5 }, { "abstract": "\u003cp\u003e This entry provides the definitions and basic properties of the complex and real error function erf and the complementary error function erfc. Additionally, it gives their full asymptotic expansions. \u003c/p\u003e", "authors": [ "Manuel Eberl" ], "date": "2018-02-06", - "id": 302, + "id": 303, "link": "/entries/Error_Function.html", "permalink": "/entries/Error_Function.html", "shortname": "Error_Function", "title": "The Error Function", "topic_links": [ "mathematics/analysis" ], "topics": [ "Mathematics/Analysis" ], "used_by": 0 }, { "abstract": "\u003cp\u003e A Treap is a binary tree whose nodes contain pairs consisting of some payload and an associated priority. It must have the search-tree property w.r.t. the payloads and the heap property w.r.t. the priorities. Treaps are an interesting data structure that is related to binary search trees (BSTs) in the following way: if one forgets all the priorities of a treap, the resulting BST is exactly the same as if one had inserted the elements into an empty BST in order of ascending priority. This means that a treap behaves like a BST where we can pretend the elements were inserted in a different order from the one in which they were actually inserted. \u003c/p\u003e \u003cp\u003e In particular, by choosing these priorities at random upon insertion of an element, we can pretend that we inserted the elements in \u003cem\u003erandom order\u003c/em\u003e, so that the shape of the resulting tree is that of a random BST no matter in what order we insert the elements. This is the main result of this formalisation.\u003c/p\u003e", "authors": [ "Max W. Haslbeck", "Manuel Eberl", "Tobias Nipkow" ], "date": "2018-02-06", - "id": 303, + "id": 304, "link": "/entries/Treaps.html", "permalink": "/entries/Treaps.html", "shortname": "Treaps", "title": "Treaps", "topic_links": [ "computer-science/data-structures" ], "topics": [ "Computer science/Data structures" ], "used_by": 0 }, { "abstract": "The Lenstra-Lenstra-Lovász basis reduction algorithm, also known as LLL algorithm, is an algorithm to find a basis with short, nearly orthogonal vectors of an integer lattice. Thereby, it can also be seen as an approximation to solve the shortest vector problem (SVP), which is an NP-hard problem, where the approximation quality solely depends on the dimension of the lattice, but not the lattice itself. The algorithm also possesses many applications in diverse fields of computer science, from cryptanalysis to number theory, but it is specially well-known since it was used to implement the first polynomial-time algorithm to factor polynomials. In this work we present the first mechanized soundness proof of the LLL algorithm to compute short vectors in lattices. The formalization follows a textbook by von zur Gathen and Gerhard.", "authors": [ "Ralph Bottesch", "Jose Divasón", "Max W. Haslbeck", "Sebastiaan J. C. Joosten", "René Thiemann", "Akihisa Yamada" ], "date": "2018-02-02", - "id": 304, + "id": 305, "link": "/entries/LLL_Basis_Reduction.html", "permalink": "/entries/LLL_Basis_Reduction.html", "shortname": "LLL_Basis_Reduction", "title": "A verified LLL algorithm", "topic_links": [ "computer-science/algorithms/mathematical", "mathematics/algebra" ], "topics": [ "Computer science/Algorithms/Mathematical", "Mathematics/Algebra" ], "used_by": 3 }, { "abstract": "This Isabelle/HOL formalization covers Sections 2 to 4 of Bachmair and Ganzinger's \"Resolution Theorem Proving\" chapter in the \u003cem\u003eHandbook of Automated Reasoning\u003c/em\u003e. This includes soundness and completeness of unordered and ordered variants of ground resolution with and without literal selection, the standard redundancy criterion, a general framework for refutational theorem proving, and soundness and completeness of an abstract first-order prover.", "authors": [ "Anders Schlichtkrull", "Jasmin Christian Blanchette", "Dmitriy Traytel", "Uwe Waldmann" ], "date": "2018-01-18", - "id": 305, + "id": 306, "link": "/entries/Ordered_Resolution_Prover.html", "permalink": "/entries/Ordered_Resolution_Prover.html", "shortname": "Ordered_Resolution_Prover", "title": "Formalization of Bachmair and Ganzinger's Ordered Resolution Prover", "topic_links": [ "logic/general-logic/mechanization-of-proofs" ], "topics": [ "Logic/General logic/Mechanization of proofs" ], "used_by": 4 }, { "abstract": "A geodesic metric space is Gromov hyperbolic if all its geodesic triangles are thin, i.e., every side is contained in a fixed thickening of the two other sides. While this definition looks innocuous, it has proved extremely important and versatile in modern geometry since its introduction by Gromov. We formalize the basic classical properties of Gromov hyperbolic spaces, notably the Morse lemma asserting that quasigeodesics are close to geodesics, the invariance of hyperbolicity under quasi-isometries, we define and study the Gromov boundary and its associated distance, and prove that a quasi-isometry between Gromov hyperbolic spaces extends to a homeomorphism of the boundaries. We also prove a less classical theorem, by Bonk and Schramm, asserting that a Gromov hyperbolic space embeds isometrically in a geodesic Gromov-hyperbolic space. As the original proof uses a transfinite sequence of Cauchy completions, this is an interesting formalization exercise. Along the way, we introduce basic material on isometries, quasi-isometries, Lipschitz maps, geodesic spaces, the Hausdorff distance, the Cauchy completion of a metric space, and the exponential on extended real numbers.", "authors": [ "Sebastien Gouezel" ], "date": "2018-01-16", - "id": 306, + "id": 307, "link": "/entries/Gromov_Hyperbolicity.html", "permalink": "/entries/Gromov_Hyperbolicity.html", "shortname": "Gromov_Hyperbolicity", "title": "Gromov Hyperbolicity", "topic_links": [ "mathematics/geometry" ], "topics": [ "Mathematics/Geometry" ], "used_by": 0 }, { "abstract": "We formalise a statement of Green’s theorem—the first formalisation to our knowledge—in Isabelle/HOL. The theorem statement that we formalise is enough for most applications, especially in physics and engineering. Our formalisation is made possible by a novel proof that avoids the ubiquitous line integral cancellation argument. This eliminates the need to formalise orientations and region boundaries explicitly with respect to the outwards-pointing normal vector. Instead we appeal to a homological argument about equivalences between paths.", "authors": [ "Mohammad Abdulaziz", "Lawrence C. Paulson" ], "date": "2018-01-11", - "id": 307, + "id": 308, "link": "/entries/Green.html", "permalink": "/entries/Green.html", "shortname": "Green", "title": "An Isabelle/HOL formalisation of Green's Theorem", "topic_links": [ "mathematics/analysis" ], "topics": [ "Mathematics/Analysis" ], "used_by": 0 }, { "abstract": "We present a formally verified implementation of multivariate Taylor models. Taylor models are a form of rigorous polynomial approximation, consisting of an approximation polynomial based on Taylor expansions, combined with a rigorous bound on the approximation error. Taylor models were introduced as a tool to mitigate the dependency problem of interval arithmetic. Our implementation automatically computes Taylor models for the class of elementary functions, expressed by composition of arithmetic operations and basic functions like exp, sin, or square root.", "authors": [ "Christoph Traut", "Fabian Immler" ], "date": "2018-01-08", - "id": 308, + "id": 309, "link": "/entries/Taylor_Models.html", "permalink": "/entries/Taylor_Models.html", "shortname": "Taylor_Models", "title": "Taylor Models", "topic_links": [ "computer-science/algorithms/mathematical", "computer-science/data-structures", "mathematics/analysis", "mathematics/algebra" ], "topics": [ "Computer science/Algorithms/Mathematical", "Computer science/Data structures", "Mathematics/Analysis", "Mathematics/Algebra" ], "used_by": 0 }, { "abstract": "This entry shows that the falling factorial of a sum can be computed with an expression using binomial coefficients and the falling factorial of its summands. The entry provides three different proofs: a combinatorial proof, an induction proof and an algebraic proof using the Vandermonde identity. The three formalizations try to follow their informal presentations from a Mathematics Stack Exchange page as close as possible. The induction and algebraic formalization end up to be very close to their informal presentation, whereas the combinatorial proof first requires the introduction of list interleavings, and significant more detail than its informal presentation.", "authors": [ "Lukas Bulwahn" ], "date": "2017-12-22", - "id": 309, + "id": 310, "link": "/entries/Falling_Factorial_Sum.html", "permalink": "/entries/Falling_Factorial_Sum.html", "shortname": "Falling_Factorial_Sum", "title": "The Falling Factorial of a Sum", "topic_links": [ "mathematics/combinatorics" ], "topics": [ "Mathematics/Combinatorics" ], "used_by": 0 }, { "abstract": "\u003cp\u003eThis article provides a formalisation of Dirichlet characters and Dirichlet \u003cem\u003eL\u003c/em\u003e-functions including proofs of their basic properties \u0026ndash; most notably their analyticity, their areas of convergence, and their non-vanishing for \u0026Re;(s) \u0026ge; 1. All of this is built in a very high-level style using Dirichlet series. The proof of the non-vanishing follows a very short and elegant proof by Newman, which we attempt to reproduce faithfully in a similar level of abstraction in Isabelle.\u003c/p\u003e \u003cp\u003eThis also leads to a relatively short proof of Dirichlet’s Theorem, which states that, if \u003cem\u003eh\u003c/em\u003e and \u003cem\u003en\u003c/em\u003e are coprime, there are infinitely many primes \u003cem\u003ep\u003c/em\u003e with \u003cem\u003ep\u003c/em\u003e \u0026equiv; \u003cem\u003eh\u003c/em\u003e (mod \u003cem\u003en\u003c/em\u003e).\u003c/p\u003e", "authors": [ "Manuel Eberl" ], "date": "2017-12-21", - "id": 310, + "id": 311, "link": "/entries/Dirichlet_L.html", "permalink": "/entries/Dirichlet_L.html", "shortname": "Dirichlet_L", "title": "Dirichlet L-Functions and Dirichlet's Theorem", "topic_links": [ "mathematics/number-theory", "mathematics/algebra" ], "topics": [ "Mathematics/Number theory", "Mathematics/Algebra" ], "used_by": 1 }, { "abstract": "\u003cp\u003eThis article provides a formalisation of Snyder’s simple and elegant proof of the Mason\u0026ndash;Stothers theorem, which is the polynomial analogue of the famous abc Conjecture for integers. Remarkably, Snyder found this very elegant proof when he was still a high-school student.\u003c/p\u003e \u003cp\u003eIn short, the statement of the theorem is that three non-zero coprime polynomials \u003cem\u003eA\u003c/em\u003e, \u003cem\u003eB\u003c/em\u003e, \u003cem\u003eC\u003c/em\u003e over a field which sum to 0 and do not all have vanishing derivatives fulfil max{deg(\u003cem\u003eA\u003c/em\u003e), deg(\u003cem\u003eB\u003c/em\u003e), deg(\u003cem\u003eC\u003c/em\u003e)} \u003c deg(rad(\u003cem\u003eABC\u003c/em\u003e)) where the rad(\u003cem\u003eP\u003c/em\u003e) denotes the \u003cem\u003eradical\u003c/em\u003e of \u003cem\u003eP\u003c/em\u003e, i.\u0026thinsp;e. the product of all unique irreducible factors of \u003cem\u003eP\u003c/em\u003e.\u003c/p\u003e \u003cp\u003eThis theorem also implies a kind of polynomial analogue of Fermat’s Last Theorem for polynomials: except for trivial cases, \u003cem\u003eA\u003csup\u003en\u003c/sup\u003e\u003c/em\u003e + \u003cem\u003eB\u003csup\u003en\u003c/sup\u003e\u003c/em\u003e + \u003cem\u003eC\u003csup\u003en\u003c/sup\u003e\u003c/em\u003e = 0 implies n\u0026nbsp;\u0026le;\u0026nbsp;2 for coprime polynomials \u003cem\u003eA\u003c/em\u003e, \u003cem\u003eB\u003c/em\u003e, \u003cem\u003eC\u003c/em\u003e over a field.\u003c/em\u003e\u003c/p\u003e", "authors": [ "Manuel Eberl" ], "date": "2017-12-21", - "id": 311, + "id": 312, "link": "/entries/Mason_Stothers.html", "permalink": "/entries/Mason_Stothers.html", "shortname": "Mason_Stothers", "title": "The Mason–Stothers Theorem", "topic_links": [ "mathematics/algebra" ], "topics": [ "Mathematics/Algebra" ], "used_by": 0 }, { "abstract": "\u003cp\u003eThis entry provides an executable functional implementation of the Median-of-Medians algorithm for selecting the \u003cem\u003ek\u003c/em\u003e-th smallest element of an unsorted list deterministically in linear time. The size bounds for the recursive call that lead to the linear upper bound on the run-time of the algorithm are also proven. \u003c/p\u003e", "authors": [ "Manuel Eberl" ], "date": "2017-12-21", - "id": 312, + "id": 313, "link": "/entries/Median_Of_Medians_Selection.html", "permalink": "/entries/Median_Of_Medians_Selection.html", "shortname": "Median_Of_Medians_Selection", "title": "The Median-of-Medians Selection Algorithm", "topic_links": [ "computer-science/algorithms" ], "topics": [ "Computer science/Algorithms" ], "used_by": 1 }, { "abstract": "This entry formalizes the closure property of bounded natural functors (BNFs) under seven operations. These operations and the corresponding proofs constitute the core of Isabelle's (co)datatype package. To be close to the implemented tactics, the proofs are deliberately formulated as detailed apply scripts. The (co)datatypes together with (co)induction principles and (co)recursors are byproducts of the fixpoint operations LFP and GFP. Composition of BNFs is subdivided into four simpler operations: Compose, Kill, Lift, and Permute. The N2M operation provides mutual (co)induction principles and (co)recursors for nested (co)datatypes.", "authors": [ "Jasmin Christian Blanchette", "Andrei Popescu", "Dmitriy Traytel" ], "date": "2017-12-19", - "id": 313, + "id": 314, "link": "/entries/BNF_Operations.html", "permalink": "/entries/BNF_Operations.html", "shortname": "BNF_Operations", "title": "Operations on Bounded Natural Functors", "topic_links": [ "tools" ], "topics": [ "Tools" ], "used_by": 0 }, { "abstract": "The Knuth-Morris-Pratt algorithm is often used to show that the problem of finding a string \u003ci\u003es\u003c/i\u003e in a text \u003ci\u003et\u003c/i\u003e can be solved deterministically in \u003ci\u003eO(|s| + |t|)\u003c/i\u003e time. We use the Isabelle Refinement Framework to formulate and verify the algorithm. Via refinement, we apply some optimisations and finally use the \u003cem\u003eSepref\u003c/em\u003e tool to obtain executable code in \u003cem\u003eImperative/HOL\u003c/em\u003e.", "authors": [ "Fabian Hellauer", "Peter Lammich" ], "date": "2017-12-18", - "id": 314, + "id": 315, "link": "/entries/Knuth_Morris_Pratt.html", "permalink": "/entries/Knuth_Morris_Pratt.html", "shortname": "Knuth_Morris_Pratt", "title": "The string search algorithm by Knuth, Morris and Pratt", "topic_links": [ "computer-science/algorithms" ], "topics": [ "Computer science/Algorithms" ], "used_by": 0 }, { "abstract": "Stochastic matrices are a convenient way to model discrete-time and finite state Markov chains. The Perron\u0026ndash;Frobenius theorem tells us something about the existence and uniqueness of non-negative eigenvectors of a stochastic matrix. In this entry, we formalize stochastic matrices, link the formalization to the existing AFP-entry on Markov chains, and apply the Perron\u0026ndash;Frobenius theorem to prove that stationary distributions always exist, and they are unique if the stochastic matrix is irreducible.", "authors": [ "René Thiemann" ], "date": "2017-11-22", - "id": 315, + "id": 316, "link": "/entries/Stochastic_Matrices.html", "permalink": "/entries/Stochastic_Matrices.html", "shortname": "Stochastic_Matrices", "title": "Stochastic Matrices and the Perron-Frobenius Theorem", "topic_links": [ "mathematics/algebra", "computer-science/automata-and-formal-languages" ], "topics": [ "Mathematics/Algebra", "Computer science/Automata and formal languages" ], "used_by": 0 }, { "abstract": "We provide our Isabelle/HOL formalization of a Conflict-free Replicated Datatype for Internet Message Access Protocol commands. We show that Strong Eventual Consistency (SEC) is guaranteed by proving the commutativity of concurrent operations. We base our formalization on the recently proposed \"framework for establishing Strong Eventual Consistency for Conflict-free Replicated Datatypes\" (AFP.CRDT) from Gomes et al. Hence, we provide an additional example of how the recently proposed framework can be used to design and prove CRDTs.", "authors": [ "Tim Jungnickel", "Lennart Oldenburg", "Matthias Loibl" ], "date": "2017-11-09", - "id": 316, + "id": 317, "link": "/entries/IMAP-CRDT.html", "permalink": "/entries/IMAP-CRDT.html", "shortname": "IMAP-CRDT", "title": "The IMAP CmRDT", "topic_links": [ "computer-science/algorithms/distributed", "computer-science/data-structures" ], "topics": [ "Computer science/Algorithms/Distributed", "Computer science/Data structures" ], "used_by": 0 }, { "abstract": "We present a semantic embedding of a spatio-temporal multi-modal logic, specifically defined to reason about motorway traffic, into Isabelle/HOL. The semantic model is an abstraction of a motorway, emphasising local spatial properties, and parameterised by the types of sensors deployed in the vehicles. We use the logic to define controller constraints to ensure safety, i.e., the absence of collisions on the motorway. After proving safety with a restrictive definition of sensors, we relax these assumptions and show how to amend the controller constraints to still guarantee safety.", "authors": [ "Sven Linker" ], "date": "2017-11-06", - "id": 317, + "id": 318, "link": "/entries/Hybrid_Multi_Lane_Spatial_Logic.html", "permalink": "/entries/Hybrid_Multi_Lane_Spatial_Logic.html", "shortname": "Hybrid_Multi_Lane_Spatial_Logic", "title": "Hybrid Multi-Lane Spatial Logic", "topic_links": [ "logic/general-logic/modal-logic" ], "topics": [ "Logic/General logic/Modal logic" ], "used_by": 0 }, { "abstract": "We discuss a topological curiosity discovered by Kuratowski (1922): the fact that the number of distinct operators on a topological space generated by compositions of closure and complement never exceeds 14, and is exactly 14 in the case of R. In addition, we prove a theorem due to Chagrov (1982) that classifies topological spaces according to the number of such operators they support.", "authors": [ "Peter Gammie", "Gianpaolo Gioiosa" ], "date": "2017-10-26", - "id": 318, + "id": 319, "link": "/entries/Kuratowski_Closure_Complement.html", "permalink": "/entries/Kuratowski_Closure_Complement.html", "shortname": "Kuratowski_Closure_Complement", "title": "The Kuratowski Closure-Complement Theorem", "topic_links": [ "mathematics/topology" ], "topics": [ "Mathematics/Topology" ], "used_by": 0 }, { "abstract": "This entry provides a verified implementation of rank-based Büchi Complementation. The verification is done in three steps: \u003col\u003e \u003cli\u003eDefinition of odd rankings and proof that an automaton rejects a word iff there exists an odd ranking for it.\u003c/li\u003e \u003cli\u003eDefinition of the complement automaton and proof that it accepts exactly those words for which there is an odd ranking.\u003c/li\u003e \u003cli\u003eVerified implementation of the complement automaton using the Isabelle Collections Framework.\u003c/li\u003e \u003c/ol\u003e", "authors": [ "Julian Brunner" ], "date": "2017-10-19", - "id": 319, + "id": 320, "link": "/entries/Buchi_Complementation.html", "permalink": "/entries/Buchi_Complementation.html", "shortname": "Buchi_Complementation", "title": "Büchi Complementation", "topic_links": [ "computer-science/automata-and-formal-languages" ], "topics": [ "Computer science/Automata and formal languages" ], "used_by": 0 }, { "abstract": "This entry provides a very abstract theory of transition systems that can be instantiated to express various types of automata. A transition system is typically instantiated by providing a set of initial states, a predicate for enabled transitions, and a transition execution function. From this, it defines the concepts of finite and infinite paths as well as the set of reachable states, among other things. Many useful theorems, from basic path manipulation rules to coinduction and run construction rules, are proven in this abstract transition system context. The library comes with instantiations for DFAs, NFAs, and Büchi automata.", "authors": [ "Julian Brunner" ], "date": "2017-10-19", - "id": 320, + "id": 321, "link": "/entries/Transition_Systems_and_Automata.html", "permalink": "/entries/Transition_Systems_and_Automata.html", "shortname": "Transition_Systems_and_Automata", "title": "Transition Systems and Automata", "topic_links": [ "computer-science/automata-and-formal-languages" ], "topics": [ "Computer science/Automata and formal languages" ], "used_by": 4 }, { "abstract": "Based on evaluating Cauchy indices through remainder sequences, this entry provides an effective procedure to count the number of complex roots (with multiplicity) of a polynomial within various shapes (e.g., rectangle, circle and half-plane). Potential applications of this entry include certified complex root isolation (of a polynomial) and testing the Routh-Hurwitz stability criterion (i.e., to check whether all the roots of some characteristic polynomial have negative real parts).", "authors": [ "Wenda Li" ], "date": "2017-10-17", - "id": 321, + "id": 322, "link": "/entries/Count_Complex_Roots.html", "permalink": "/entries/Count_Complex_Roots.html", "shortname": "Count_Complex_Roots", "title": "Count the Number of Complex Roots", "topic_links": [ "mathematics/analysis" ], "topics": [ "Mathematics/Analysis" ], "used_by": 1 }, { "abstract": "In complex analysis, the winding number measures the number of times a path (counterclockwise) winds around a point, while the Cauchy index can approximate how the path winds. This entry provides a formalisation of the Cauchy index, which is then shown to be related to the winding number. In addition, this entry also offers a tactic that enables users to evaluate the winding number by calculating Cauchy indices.", "authors": [ "Wenda Li" ], "date": "2017-10-17", - "id": 322, + "id": 323, "link": "/entries/Winding_Number_Eval.html", "permalink": "/entries/Winding_Number_Eval.html", "shortname": "Winding_Number_Eval", "title": "Evaluate Winding Numbers through Cauchy Indices", "topic_links": [ "mathematics/analysis" ], "topics": [ "Mathematics/Analysis" ], "used_by": 2 }, { "abstract": "We formalize the theory of homogeneous linear diophantine equations, focusing on two main results: (1) an abstract characterization of minimal complete sets of solutions, and (2) an algorithm computing them. Both, the characterization and the algorithm are based on previous work by Huet. Our starting point is a simple but inefficient variant of Huet's lexicographic algorithm incorporating improved bounds due to Clausen and Fortenbacher. We proceed by proving its soundness and completeness. Finally, we employ code equations to obtain a reasonably efficient implementation. Thus, we provide a formally verified solver for homogeneous linear diophantine equations.", "authors": [ "Florian Messner", "Julian Parsert", "Jonas Schöpf", "Christian Sternagel" ], "date": "2017-10-14", - "id": 323, + "id": 324, "link": "/entries/Diophantine_Eqns_Lin_Hom.html", "permalink": "/entries/Diophantine_Eqns_Lin_Hom.html", "shortname": "Diophantine_Eqns_Lin_Hom", "title": "Homogeneous Linear Diophantine Equations", "topic_links": [ "computer-science/algorithms/mathematical", "mathematics/number-theory", "tools" ], "topics": [ "Computer science/Algorithms/Mathematical", "Mathematics/Number theory", "Tools" ], "used_by": 0 }, { "abstract": "This entry is a formalisation of much of Chapters 2, 3, and 11 of Apostol's \u0026ldquo;Introduction to Analytic Number Theory\u0026rdquo;. This includes: \u003cul\u003e \u003cli\u003eDefinitions and basic properties for several number-theoretic functions (Euler's \u0026phi;, M\u0026ouml;bius \u0026mu;, Liouville's \u0026lambda;, the divisor function \u0026sigma;, von Mangoldt's \u0026Lambda;)\u003c/li\u003e \u003cli\u003eExecutable code for most of these functions, the most efficient implementations using the factoring algorithm by Thiemann \u003ci\u003eet al.\u003c/i\u003e\u003c/li\u003e \u003cli\u003eDirichlet products and formal Dirichlet series\u003c/li\u003e \u003cli\u003eAnalytic results connecting convergent formal Dirichlet series to complex functions\u003c/li\u003e \u003cli\u003eEuler product expansions\u003c/li\u003e \u003cli\u003eAsymptotic estimates of number-theoretic functions including the density of squarefree integers and the average number of divisors of a natural number\u003c/li\u003e \u003c/ul\u003e These results are useful as a basis for developing more number-theoretic results, such as the Prime Number Theorem.", "authors": [ "Manuel Eberl" ], "date": "2017-10-12", - "id": 324, + "id": 325, "link": "/entries/Dirichlet_Series.html", "permalink": "/entries/Dirichlet_Series.html", "shortname": "Dirichlet_Series", "title": "Dirichlet Series", "topic_links": [ "mathematics/number-theory" ], "topics": [ "Mathematics/Number theory" ], "used_by": 4 }, { "abstract": "\u003cp\u003e Linear recurrences with constant coefficients are an interesting class of recurrence equations that can be solved explicitly. The most famous example are certainly the Fibonacci numbers with the equation \u003ci\u003ef\u003c/i\u003e(\u003ci\u003en\u003c/i\u003e) = \u003ci\u003ef\u003c/i\u003e(\u003ci\u003en\u003c/i\u003e-1) + \u003ci\u003ef\u003c/i\u003e(\u003ci\u003en\u003c/i\u003e - 2) and the quite non-obvious closed form (\u003ci\u003e\u0026phi;\u003c/i\u003e\u003csup\u003e\u003ci\u003en\u003c/i\u003e\u003c/sup\u003e - (-\u003ci\u003e\u0026phi;\u003c/i\u003e)\u003csup\u003e-\u003ci\u003en\u003c/i\u003e\u003c/sup\u003e) / \u0026radic;\u003cspan style=\"text-decoration: overline\"\u003e5\u003c/span\u003e where \u0026phi; is the golden ratio. \u003c/p\u003e \u003cp\u003e In this work, I build on existing tools in Isabelle \u0026ndash; such as formal power series and polynomial factorisation algorithms \u0026ndash; to develop a theory of these recurrences and derive a fully executable solver for them that can be exported to programming languages like Haskell. \u003c/p\u003e", "authors": [ "Manuel Eberl" ], "date": "2017-10-12", - "id": 325, + "id": 326, "link": "/entries/Linear_Recurrences.html", "permalink": "/entries/Linear_Recurrences.html", "shortname": "Linear_Recurrences", "title": "Linear Recurrences", "topic_links": [ "mathematics/analysis" ], "topics": [ "Mathematics/Analysis" ], "used_by": 1 }, { "abstract": "\u003cp\u003eThis entry builds upon the results about formal and analytic Dirichlet series to define the Hurwitz \u0026zeta; function \u0026zeta;(\u003cem\u003ea\u003c/em\u003e,\u003cem\u003es\u003c/em\u003e) and, based on that, the Riemann \u0026zeta; function \u0026zeta;(\u003cem\u003es\u003c/em\u003e). This is done by first defining them for \u0026real;(\u003cem\u003ez\u003c/em\u003e) \u003e 1 and then successively extending the domain to the left using the Euler\u0026ndash;MacLaurin formula.\u003c/p\u003e \u003cp\u003eApart from the most basic facts such as analyticity, the following results are provided:\u003c/p\u003e \u003cul\u003e \u003cli\u003ethe Stieltjes constants and the Laurent expansion of \u0026zeta;(\u003cem\u003es\u003c/em\u003e) at \u003cem\u003es\u003c/em\u003e = 1\u003c/li\u003e \u003cli\u003ethe non-vanishing of \u0026zeta;(\u003cem\u003es\u003c/em\u003e) for \u0026real;(\u003cem\u003ez\u003c/em\u003e) \u0026ge; 1\u003c/li\u003e \u003cli\u003ethe relationship between \u0026zeta;(\u003cem\u003ea\u003c/em\u003e,\u003cem\u003es\u003c/em\u003e) and \u0026Gamma;\u003c/li\u003e \u003cli\u003ethe special values at negative integers and positive even integers\u003c/li\u003e \u003cli\u003eHurwitz's formula and the reflection formula for \u0026zeta;(\u003cem\u003es\u003c/em\u003e)\u003c/li\u003e \u003cli\u003ethe \u003ca href=\"https://arxiv.org/abs/math/0405478\"\u003e Hadjicostas\u0026ndash;Chapman formula\u003c/a\u003e\u003c/li\u003e \u003c/ul\u003e \u003cp\u003eThe entry also contains Euler's analytic proof of the infinitude of primes, based on the fact that \u0026zeta;(\u003ci\u003es\u003c/i\u003e) has a pole at \u003ci\u003es\u003c/i\u003e = 1.\u003c/p\u003e", "authors": [ "Manuel Eberl" ], "date": "2017-10-12", - "id": 326, + "id": 327, "link": "/entries/Zeta_Function.html", "permalink": "/entries/Zeta_Function.html", "shortname": "Zeta_Function", "title": "The Hurwitz and Riemann ζ Functions", "topic_links": [ "mathematics/number-theory", "mathematics/analysis" ], "topics": [ "Mathematics/Number theory", "Mathematics/Analysis" ], "used_by": 3 }, { "abstract": "Computers may help us to understand --not just verify-- philosophical arguments. By utilizing modern proof assistants in an iterative interpretive process, we can reconstruct and assess an argument by fully formal means. Through the mechanization of a variant of St. Anselm's ontological argument by E. J. Lowe, which is a paradigmatic example of a natural-language argument with strong ties to metaphysics and religion, we offer an ideal showcase for our computer-assisted interpretive method.", "authors": [ "David Fuenmayor", "Christoph Benzmüller" ], "date": "2017-09-21", - "id": 327, + "id": 328, "link": "/entries/Lowe_Ontological_Argument.html", "permalink": "/entries/Lowe_Ontological_Argument.html", "shortname": "Lowe_Ontological_Argument", "title": "Computer-assisted Reconstruction and Assessment of E. J. Lowe's Modal Ontological Argument", "topic_links": [ "logic/philosophical-aspects" ], "topics": [ "Logic/Philosophical aspects" ], "used_by": 0 }, { "abstract": "\u003cp\u003e We present an embedding of the second-order fragment of the Theory of Abstract Objects as described in Edward Zalta's upcoming work \u003ca href=\"https://mally.stanford.edu/principia.pdf\"\u003ePrincipia Logico-Metaphysica (PLM)\u003c/a\u003e in the automated reasoning framework Isabelle/HOL. The Theory of Abstract Objects is a metaphysical theory that reifies property patterns, as they for example occur in the abstract reasoning of mathematics, as \u003cb\u003eabstract objects\u003c/b\u003e and provides an axiomatic framework that allows to reason about these objects. It thereby serves as a fundamental metaphysical theory that can be used to axiomatize and describe a wide range of philosophical objects, such as Platonic forms or Leibniz' concepts, and has the ambition to function as a foundational theory of mathematics. The target theory of our embedding as described in chapters 7-9 of PLM employs a modal relational type theory as logical foundation for which a representation in functional type theory is \u003ca href=\"https://mally.stanford.edu/Papers/rtt.pdf\"\u003eknown to be challenging\u003c/a\u003e. \u003c/p\u003e \u003cp\u003e Nevertheless we arrive at a functioning representation of the theory in the functional logic of Isabelle/HOL based on a semantical representation of an Aczel-model of the theory. Based on this representation we construct an implementation of the deductive system of PLM which allows to automatically and interactively find and verify theorems of PLM. \u003c/p\u003e \u003cp\u003e Our work thereby supports the concept of shallow semantical embeddings of logical systems in HOL as a universal tool for logical reasoning \u003ca href=\"http://www.mi.fu-berlin.de/inf/groups/ag-ki/publications/Universal-Reasoning/1703_09620_pd.pdf\"\u003eas promoted by Christoph Benzm\u0026uuml;ller\u003c/a\u003e. \u003c/p\u003e \u003cp\u003e The most notable result of the presented work is the discovery of a previously unknown paradox in the formulation of the Theory of Abstract Objects. The embedding of the theory in Isabelle/HOL played a vital part in this discovery. Furthermore it was possible to immediately offer several options to modify the theory to guarantee its consistency. Thereby our work could provide a significant contribution to the development of a proper grounding for object theory. \u003c/p\u003e", "authors": [ "Daniel Kirchner" ], "date": "2017-09-17", - "id": 328, + "id": 329, "link": "/entries/PLM.html", "permalink": "/entries/PLM.html", "shortname": "PLM", "title": "Representation and Partial Automation of the Principia Logico-Metaphysica in Isabelle/HOL", "topic_links": [ "logic/philosophical-aspects" ], "topics": [ "Logic/Philosophical aspects" ], "used_by": 0 }, { "abstract": "Paul Oppenheimer and Edward Zalta's formalisation of Anselm's ontological argument for the existence of God is automated by embedding a free logic for definite descriptions within Isabelle/HOL.", "authors": [ "Ben Blumson" ], "date": "2017-09-06", - "id": 329, + "id": 330, "link": "/entries/AnselmGod.html", "permalink": "/entries/AnselmGod.html", "shortname": "AnselmGod", "title": "Anselm's God in Isabelle/HOL", "topic_links": [ "logic/philosophical-aspects" ], "topics": [ "Logic/Philosophical aspects" ], "used_by": 0 }, { "abstract": "Economic activity has always been a fundamental part of society. Due to modern day politics, economic theory has gained even more influence on our lives. Thus we want models and theories to be as precise as possible. This can be achieved using certification with the help of formal proof technology. Hence we will use Isabelle/HOL to construct two economic models, that of the the pure exchange economy and a version of the Arrow-Debreu Model. We will prove that the \u003ci\u003eFirst Theorem of Welfare Economics\u003c/i\u003e holds within both. The theorem is the mathematical formulation of Adam Smith's famous \u003ci\u003einvisible hand\u003c/i\u003e and states that a group of self-interested and rational actors will eventually achieve an efficient allocation of goods and services.", "authors": [ "Julian Parsert", "Cezary Kaliszyk" ], "date": "2017-09-01", - "id": 330, + "id": 331, "link": "/entries/First_Welfare_Theorem.html", "permalink": "/entries/First_Welfare_Theorem.html", "shortname": "First_Welfare_Theorem", "title": "Microeconomics and the First Welfare Theorem", "topic_links": [ "mathematics/games-and-economics" ], "topics": [ "Mathematics/Games and economics" ], "used_by": 1 }, { "abstract": "The Orbit-Stabiliser theorem is a basic result in the algebra of groups that factors the order of a group into the sizes of its orbits and stabilisers. We formalize the notion of a group action and the related concepts of orbits and stabilisers. This allows us to prove the orbit-stabiliser theorem. In the second part of this work, we formalize the tetrahedral group and use the orbit-stabiliser theorem to prove that there are twelve (orientation-preserving) rotations of the tetrahedron.", "authors": [ "Jonas Rädle" ], "date": "2017-08-20", - "id": 331, + "id": 332, "link": "/entries/Orbit_Stabiliser.html", "permalink": "/entries/Orbit_Stabiliser.html", "shortname": "Orbit_Stabiliser", "title": "Orbit-Stabiliser Theorem with Application to Rotational Symmetries", "topic_links": [ "mathematics/algebra" ], "topics": [ "Mathematics/Algebra" ], "used_by": 0 }, { "abstract": "\u003cp\u003e Andersson introduced \u003cem\u003egeneral balanced trees\u003c/em\u003e, search trees based on the design principle of partial rebuilding: perform update operations naively until the tree becomes too unbalanced, at which point a whole subtree is rebalanced. This article defines and analyzes a functional version of general balanced trees, which we call \u003cem\u003eroot-balanced trees\u003c/em\u003e. Using a lightweight model of execution time, amortized logarithmic complexity is verified in the theorem prover Isabelle. \u003c/p\u003e \u003cp\u003e This is the Isabelle formalization of the material decribed in the APLAS 2017 article \u003ca href=\"http://www21.in.tum.de/~nipkow/pubs/aplas17.html\"\u003eVerified Root-Balanced Trees\u003c/a\u003e by the same author, which also presents experimental results that show competitiveness of root-balanced with AVL and red-black trees. \u003c/p\u003e", "authors": [ "Tobias Nipkow" ], "date": "2017-08-20", - "id": 332, + "id": 333, "link": "/entries/Root_Balanced_Tree.html", "permalink": "/entries/Root_Balanced_Tree.html", "shortname": "Root_Balanced_Tree", "title": "Root-Balanced Tree", "topic_links": [ "computer-science/data-structures" ], "topics": [ "Computer science/Data structures" ], "used_by": 2 }, { "abstract": "The propositions-as-types correspondence is ordinarily presented as linking the metatheory of typed λ-calculi and the proof theory of intuitionistic logic. Griffin observed that this correspondence could be extended to classical logic through the use of control operators. This observation set off a flurry of further research, leading to the development of Parigots λμ-calculus. In this work, we formalise λμ- calculus in Isabelle/HOL and prove several metatheoretical properties such as type preservation and progress.", "authors": [ "Cristina Matache", "Victor B. F. Gomes", "Dominic P. Mulligan" ], "date": "2017-08-16", - "id": 333, + "id": 334, "link": "/entries/LambdaMu.html", "permalink": "/entries/LambdaMu.html", "shortname": "LambdaMu", "title": "The LambdaMu-calculus", "topic_links": [ "computer-science/programming-languages/lambda-calculi" ], "topics": [ "Computer science/Programming languages/Lambda calculi" ], "used_by": 0 }, { "abstract": "This entry formalizes the two geometric theorems, Stewart's and Apollonius' theorem. Stewart's Theorem relates the length of a triangle's cevian to the lengths of the triangle's two sides. Apollonius' Theorem is a specialisation of Stewart's theorem, restricting the cevian to be the median. The proof applies the law of cosines, some basic geometric facts about triangles and then simply transforms the terms algebraically to yield the conjectured relation. The formalization in Isabelle can closely follow the informal proofs described in the Wikipedia articles of those two theorems.", "authors": [ "Lukas Bulwahn" ], "date": "2017-07-31", - "id": 334, + "id": 335, "link": "/entries/Stewart_Apollonius.html", "permalink": "/entries/Stewart_Apollonius.html", "shortname": "Stewart_Apollonius", "title": "Stewart's Theorem and Apollonius' Theorem", "topic_links": [ "mathematics/geometry" ], "topics": [ "Mathematics/Geometry" ], "used_by": 0 }, { "abstract": "The architecture of a system describes the system's overall organization into components and connections between those components. With the emergence of mobile computing, dynamic architectures have become increasingly important. In such architectures, components may appear or disappear, and connections may change over time. In the following we mechanize a theory of dynamic architectures and verify the soundness of a corresponding calculus. Therefore, we first formalize the notion of configuration traces as a model for dynamic architectures. Then, the behavior of single components is formalized in terms of behavior traces and an operator is introduced and studied to extract the behavior of a single component out of a given configuration trace. Then, behavior trace assertions are introduced as a temporal specification technique to specify behavior of components. Reasoning about component behavior in a dynamic context is formalized in terms of a calculus for dynamic architectures. Finally, the soundness of the calculus is verified by introducing an alternative interpretation for behavior trace assertions over configuration traces and proving the rules of the calculus. Since projection may lead to finite as well as infinite behavior traces, they are formalized in terms of coinductive lists. Thus, our theory is based on Lochbihler's formalization of coinductive lists. The theory may be applied to verify properties for dynamic architectures.", "authors": [ "Diego Marmsoler" ], "date": "2017-07-28", - "id": 335, + "id": 336, "link": "/entries/DynamicArchitectures.html", "permalink": "/entries/DynamicArchitectures.html", "shortname": "DynamicArchitectures", "title": "Dynamic Architectures", "topic_links": [ "computer-science/system-description-languages" ], "topics": [ "Computer science/System description languages" ], "used_by": 1 }, { "abstract": "We present a semantics for an applied call-by-value lambda-calculus that is compositional, extensional, and elementary. We present four different views of the semantics: 1) as a relational (big-step) semantics that is not operational but instead declarative, 2) as a denotational semantics that does not use domain theory, 3) as a non-deterministic interpreter, and 4) as a variant of the intersection type systems of the Torino group. We prove that the semantics is correct by showing that it is sound and complete with respect to operational semantics on programs and that is sound with respect to contextual equivalence. We have not yet investigated whether it is fully abstract. We demonstrate that this approach to semantics is useful with three case studies. First, we use the semantics to prove correctness of a compiler optimization that inlines function application. Second, we adapt the semantics to the polymorphic lambda-calculus extended with general recursion and prove semantic type soundness. Third, we adapt the semantics to the call-by-value lambda-calculus with mutable references. \u003cbr\u003e The paper that accompanies these Isabelle theories is \u003ca href=\"https://arxiv.org/abs/1707.03762\"\u003eavailable on arXiv\u003c/a\u003e.", "authors": [ "Jeremy Siek" ], "date": "2017-07-21", - "id": 336, + "id": 337, "link": "/entries/Decl_Sem_Fun_PL.html", "permalink": "/entries/Decl_Sem_Fun_PL.html", "shortname": "Decl_Sem_Fun_PL", "title": "Declarative Semantics for Functional Languages", "topic_links": [ "computer-science/programming-languages" ], "topics": [ "Computer science/Programming languages" ], "used_by": 0 }, { "abstract": "The Isabelle/HOLCF-Prelude is a formalization of a large part of Haskell's standard prelude in Isabelle/HOLCF. We use it to prove the correctness of the Eratosthenes' Sieve, in its self-referential implementation commonly used to showcase Haskell's laziness; prove correctness of GHC's \"fold/build\" rule and related rewrite rules; and certify a number of hints suggested by HLint.", "authors": [ "Joachim Breitner", "Brian Huffman", "Neil Mitchell", "Christian Sternagel" ], "date": "2017-07-15", - "id": 337, + "id": 338, "link": "/entries/HOLCF-Prelude.html", "permalink": "/entries/HOLCF-Prelude.html", "shortname": "HOLCF-Prelude", "title": "HOLCF-Prelude", "topic_links": [ "computer-science/functional-programming" ], "topics": [ "Computer science/Functional programming" ], "used_by": 1 }, { "abstract": "\u003cp\u003eMinkowski's theorem relates a subset of \u0026#8477;\u003csup\u003en\u003c/sup\u003e, the Lebesgue measure, and the integer lattice \u0026#8484;\u003csup\u003en\u003c/sup\u003e: It states that any convex subset of \u0026#8477;\u003csup\u003en\u003c/sup\u003e with volume greater than 2\u003csup\u003en\u003c/sup\u003e contains at least one lattice point from \u0026#8484;\u003csup\u003en\u003c/sup\u003e\\{0}, i.\u0026thinsp;e. a non-zero point with integer coefficients.\u003c/p\u003e \u003cp\u003eA related theorem which directly implies this is Blichfeldt's theorem, which states that any subset of \u0026#8477;\u003csup\u003en\u003c/sup\u003e with a volume greater than 1 contains two different points whose difference vector has integer components.\u003c/p\u003e \u003cp\u003eThe entry contains a proof of both theorems.\u003c/p\u003e", "authors": [ "Manuel Eberl" ], "date": "2017-07-13", - "id": 338, + "id": 339, "link": "/entries/Minkowskis_Theorem.html", "permalink": "/entries/Minkowskis_Theorem.html", "shortname": "Minkowskis_Theorem", "title": "Minkowski's Theorem", "topic_links": [ "mathematics/geometry", "mathematics/number-theory" ], "topics": [ "Mathematics/Geometry", "Mathematics/Number theory" ], "used_by": 0 }, { "abstract": "I formalise a Church-style simply-typed \\(\\lambda\\)-calculus, extended with pairs, a unit value, and projection functions, and show some metatheory of the calculus, such as the subject reduction property. Particular attention is paid to the treatment of names in the calculus. A nominal style of binding is used, but I use a manual approach over Nominal Isabelle in order to extract an executable type inference algorithm. More information can be found in my \u003ca href=\"http://www.openthesis.org/documents/Verified-Metatheory-Type-Inference-Simply-603182.html\"\u003eundergraduate dissertation\u003c/a\u003e.", "authors": [ "Michael Rawson" ], "date": "2017-07-09", - "id": 339, + "id": 340, "link": "/entries/Name_Carrying_Type_Inference.html", "permalink": "/entries/Name_Carrying_Type_Inference.html", "shortname": "Name_Carrying_Type_Inference", "title": "Verified Metatheory and Type Inference for a Name-Carrying Simply-Typed Lambda Calculus", "topic_links": [ "computer-science/programming-languages/type-systems" ], "topics": [ "Computer science/Programming languages/Type systems" ], "used_by": 0 }, { "abstract": "In this work, we focus on the correctness of Conflict-free Replicated Data Types (CRDTs), a class of algorithm that provides strong eventual consistency guarantees for replicated data. We develop a modular and reusable framework for verifying the correctness of CRDT algorithms. We avoid correctness issues that have dogged previous mechanised proofs in this area by including a network model in our formalisation, and proving that our theorems hold in all possible network behaviours. Our axiomatic network model is a standard abstraction that accurately reflects the behaviour of real-world computer networks. Moreover, we identify an abstract convergence theorem, a property of order relations, which provides a formal definition of strong eventual consistency. We then obtain the first machine-checked correctness theorems for three concrete CRDTs: the Replicated Growable Array, the Observed-Remove Set, and an Increment-Decrement Counter.", "authors": [ "Victor B. F. Gomes", "Martin Kleppmann", "Dominic P. Mulligan", "Alastair R. Beresford" ], "date": "2017-07-07", - "id": 340, + "id": 341, "link": "/entries/CRDT.html", "permalink": "/entries/CRDT.html", "shortname": "CRDT", "title": "A framework for establishing Strong Eventual Consistency for Conflict-free Replicated Datatypes", "topic_links": [ "computer-science/algorithms/distributed", "computer-science/data-structures" ], "topics": [ "Computer science/Algorithms/Distributed", "Computer science/Data structures" ], "used_by": 1 }, { "abstract": "We develop Stone-Kleene relation algebras, which expand Stone relation algebras with a Kleene star operation to describe reachability in weighted graphs. Many properties of the Kleene star arise as a special case of a more general theory of iteration based on Conway semirings extended by simulation axioms. This includes several theorems representing complex program transformations. We formally prove the correctness of Conway's automata-based construction of the Kleene star of a matrix. We prove numerous results useful for reasoning about weighted graphs.", "authors": [ "Walter Guttmann" ], "date": "2017-07-06", - "id": 341, + "id": 342, "link": "/entries/Stone_Kleene_Relation_Algebras.html", "permalink": "/entries/Stone_Kleene_Relation_Algebras.html", "shortname": "Stone_Kleene_Relation_Algebras", "title": "Stone-Kleene Relation Algebras", "topic_links": [ "mathematics/algebra" ], "topics": [ "Mathematics/Algebra" ], "used_by": 4 }, { "abstract": "We formalize a range of proof systems for classical propositional logic (sequent calculus, natural deduction, Hilbert systems, resolution) and prove the most important meta-theoretic results about semantics and proofs: compactness, soundness, completeness, translations between proof systems, cut-elimination, interpolation and model existence.", "authors": [ "Julius Michaelis", "Tobias Nipkow" ], "date": "2017-06-21", - "id": 342, + "id": 343, "link": "/entries/Propositional_Proof_Systems.html", "permalink": "/entries/Propositional_Proof_Systems.html", "shortname": "Propositional_Proof_Systems", "title": "Propositional Proof Systems", "topic_links": [ "logic/proof-theory" ], "topics": [ "Logic/Proof theory" ], "used_by": 2 }, { "abstract": "Partial Semigroups are relevant to the foundations of quantum mechanics and combinatorics as well as to interval and separation logics. Convolution algebras can be understood either as algebras of generalised binary modalities over ternary Kripke frames, in particular over partial semigroups, or as algebras of quantale-valued functions which are equipped with a convolution-style operation of multiplication that is parametrised by a ternary relation. Convolution algebras provide algebraic semantics for various substructural logics, including categorial, relevance and linear logics, for separation logic and for interval logics; they cover quantitative and qualitative applications. These mathematical components for partial semigroups and convolution algebras provide uniform foundations from which models of computation based on relations, program traces or pomsets, and verification components for separation or interval temporal logics can be built with little effort.", "authors": [ "Brijesh Dongol", "Victor B. F. Gomes", "Ian J. Hayes", "Georg Struth" ], "date": "2017-06-13", - "id": 343, + "id": 344, "link": "/entries/PSemigroupsConvolution.html", "permalink": "/entries/PSemigroupsConvolution.html", "shortname": "PSemigroupsConvolution", "title": "Partial Semigroups and Convolution Algebras", "topic_links": [ "mathematics/algebra" ], "topics": [ "Mathematics/Algebra" ], "used_by": 0 }, { "abstract": "In the 18th century, Georges-Louis Leclerc, Comte de Buffon posed and later solved the following problem, which is often called the first problem ever solved in geometric probability: Given a floor divided into vertical strips of the same width, what is the probability that a needle thrown onto the floor randomly will cross two strips? This entry formally defines the problem in the case where the needle's position is chosen uniformly at random in a single strip around the origin (which is equivalent to larger arrangements due to symmetry). It then provides proofs of the simple solution in the case where the needle's length is no greater than the width of the strips and the more complicated solution in the opposite case.", "authors": [ "Manuel Eberl" ], "date": "2017-06-06", - "id": 344, + "id": 345, "link": "/entries/Buffons_Needle.html", "permalink": "/entries/Buffons_Needle.html", "shortname": "Buffons_Needle", "title": "Buffon's Needle Problem", "topic_links": [ "mathematics/probability-theory", "mathematics/geometry" ], "topics": [ "Mathematics/Probability theory", "Mathematics/Geometry" ], "used_by": 0 }, { "abstract": "We present a formalization of flow networks and the Min-Cut-Max-Flow theorem. Our formal proof closely follows a standard textbook proof, and is accessible even without being an expert in Isabelle/HOL, the interactive theorem prover used for the formalization.", "authors": [ "Peter Lammich", "S. Reza Sefidgar" ], "date": "2017-06-01", - "id": 345, + "id": 346, "link": "/entries/Flow_Networks.html", "permalink": "/entries/Flow_Networks.html", "shortname": "Flow_Networks", "title": "Flow Networks and the Min-Cut-Max-Flow Theorem", "topic_links": [ "mathematics/graph-theory" ], "topics": [ "Mathematics/Graph theory" ], "used_by": 2 }, { "abstract": "We present a formalization of push-relabel algorithms for computing the maximum flow in a network. We start with Goldberg's et al.~generic push-relabel algorithm, for which we show correctness and the time complexity bound of O(V^2E). We then derive the relabel-to-front and FIFO implementation. Using stepwise refinement techniques, we derive an efficient verified implementation. Our formal proof of the abstract algorithms closely follows a standard textbook proof. It is accessible even without being an expert in Isabelle/HOL, the interactive theorem prover used for the formalization.", "authors": [ "Peter Lammich", "S. Reza Sefidgar" ], "date": "2017-06-01", - "id": 346, + "id": 347, "link": "/entries/Prpu_Maxflow.html", "permalink": "/entries/Prpu_Maxflow.html", "shortname": "Prpu_Maxflow", "title": "Formalizing Push-Relabel Algorithms", "topic_links": [ "computer-science/algorithms/graph", "mathematics/graph-theory" ], "topics": [ "Computer science/Algorithms/Graph", "Mathematics/Graph theory" ], "used_by": 0 }, { "abstract": "Lenses provide an abstract interface for manipulating data types through spatially-separated views. They are defined abstractly in terms of two functions, \u003cem\u003eget\u003c/em\u003e, the return a value from the source type, and \u003cem\u003eput\u003c/em\u003e that updates the value. We mechanise the underlying theory of lenses, in terms of an algebraic hierarchy of lenses, including well-behaved and very well-behaved lenses, each lens class being characterised by a set of lens laws. We also mechanise a lens algebra in Isabelle that enables their composition and comparison, so as to allow construction of complex lenses. This is accompanied by a large library of algebraic laws. Moreover we also show how the lens classes can be applied by instantiating them with a number of Isabelle data types.", "authors": [ "Simon Foster", "Frank Zeyda" ], "date": "2017-05-25", - "id": 347, + "id": 348, "link": "/entries/Optics.html", "permalink": "/entries/Optics.html", "shortname": "Optics", "title": "Optics", "topic_links": [ "computer-science/functional-programming", "mathematics/algebra" ], "topics": [ "Computer science/Functional programming", "Mathematics/Algebra" ], "used_by": 1 }, { "abstract": "We propose a development method for security protocols based on stepwise refinement. Our refinement strategy transforms abstract security goals into protocols that are secure when operating over an insecure channel controlled by a Dolev-Yao-style intruder. As intermediate levels of abstraction, we employ messageless guard protocols and channel protocols communicating over channels with security properties. These abstractions provide insights on why protocols are secure and foster the development of families of protocols sharing common structure and properties. We have implemented our method in Isabelle/HOL and used it to develop different entity authentication and key establishment protocols, including realistic features such as key confirmation, replay caches, and encrypted tickets. Our development highlights that guard protocols and channel protocols provide fundamental abstractions for bridging the gap between security properties and standard protocol descriptions based on cryptographic messages. It also shows that our refinement approach scales to protocols of nontrivial size and complexity.", "authors": [ "Christoph Sprenger", "Ivano Somaini" ], "date": "2017-05-24", - "id": 348, + "id": 349, "link": "/entries/Security_Protocol_Refinement.html", "permalink": "/entries/Security_Protocol_Refinement.html", "shortname": "Security_Protocol_Refinement", "title": "Developing Security Protocols by Refinement", "topic_links": [ "computer-science/security" ], "topics": [ "Computer science/Security" ], "used_by": 0 }, { "abstract": "Isabelle's code generator natively supports type classes. For targets that do not have language support for classes and instances, it performs the well-known dictionary translation, as described by Haftmann and Nipkow. This translation happens outside the logic, i.e., there is no guarantee that it is correct, besides the pen-and-paper proof. This work implements a certified dictionary translation that produces new class-free constants and derives equality theorems.", "authors": [ "Lars Hupel" ], "date": "2017-05-24", - "id": 349, + "id": 350, "link": "/entries/Dict_Construction.html", "permalink": "/entries/Dict_Construction.html", "shortname": "Dict_Construction", "title": "Dictionary Construction", "topic_links": [ "tools" ], "topics": [ "Tools" ], "used_by": 1 }, { "abstract": "The Floyd-Warshall algorithm [Flo62, Roy59, War62] is a classic dynamic programming algorithm to compute the length of all shortest paths between any two vertices in a graph (i.e. to solve the all-pairs shortest path problem, or APSP for short). Given a representation of the graph as a matrix of weights M, it computes another matrix M' which represents a graph with the same path lengths and contains the length of the shortest path between any two vertices i and j. This is only possible if the graph does not contain any negative cycles. However, in this case the Floyd-Warshall algorithm will detect the situation by calculating a negative diagonal entry. This entry includes a formalization of the algorithm and of these key properties. The algorithm is refined to an efficient imperative version using the Imperative Refinement Framework.", "authors": [ "Simon Wimmer", "Peter Lammich" ], "date": "2017-05-08", - "id": 350, + "id": 351, "link": "/entries/Floyd_Warshall.html", "permalink": "/entries/Floyd_Warshall.html", "shortname": "Floyd_Warshall", "title": "The Floyd-Warshall Algorithm for Shortest Paths", "topic_links": [ "computer-science/algorithms/graph" ], "topics": [ "Computer science/Algorithms/Graph" ], "used_by": 0 }, { "abstract": "\u003cp\u003eCryptHOL provides a framework for formalising cryptographic arguments in Isabelle/HOL. It shallowly embeds a probabilistic functional programming language in higher order logic. The language features monadic sequencing, recursion, random sampling, failures and failure handling, and black-box access to oracles. Oracles are probabilistic functions which maintain hidden state between different invocations. All operators are defined in the new semantic domain of generative probabilistic values, a codatatype. We derive proof rules for the operators and establish a connection with the theory of relational parametricity. Thus, the resuting proofs are trustworthy and comprehensible, and the framework is extensible and widely applicable. \u003c/p\u003e\u003cp\u003e The framework is used in the accompanying AFP entry \"Game-based Cryptography in HOL\". There, we show-case our framework by formalizing different game-based proofs from the literature. This formalisation continues the work described in the author's ESOP 2016 paper.\u003c/p\u003e", "authors": [ "Andreas Lochbihler" ], "date": "2017-05-05", - "id": 351, + "id": 352, "link": "/entries/CryptHOL.html", "permalink": "/entries/CryptHOL.html", "shortname": "CryptHOL", "title": "CryptHOL", "topic_links": [ "computer-science/security/cryptography", "computer-science/functional-programming", "mathematics/probability-theory" ], "topics": [ "Computer science/Security/Cryptography", "Computer science/Functional programming", "Mathematics/Probability theory" ], "used_by": 3 }, { "abstract": "The notion of a monad cannot be expressed within higher-order logic (HOL) due to type system restrictions. We show that if a monad is used with values of only one type, this notion can be formalised in HOL. Based on this idea, we develop a library of effect specifications and implementations of monads and monad transformers. Hence, we can abstract over the concrete monad in HOL definitions and thus use the same definition for different (combinations of) effects. We illustrate the usefulness of effect polymorphism with a monadic interpreter for a simple language.", "authors": [ "Andreas Lochbihler" ], "date": "2017-05-05", - "id": 352, + "id": 353, "link": "/entries/Monomorphic_Monad.html", "permalink": "/entries/Monomorphic_Monad.html", "shortname": "Monomorphic_Monad", "title": "Effect polymorphism in higher-order logic", "topic_links": [ "computer-science/functional-programming" ], "topics": [ "Computer science/Functional programming" ], "used_by": 1 }, { "abstract": "\u003cp\u003eIn this AFP entry, we show how to specify game-based cryptographic security notions and formally prove secure several cryptographic constructions from the literature using the CryptHOL framework. Among others, we formalise the notions of a random oracle, a pseudo-random function, an unpredictable function, and of encryption schemes that are indistinguishable under chosen plaintext and/or ciphertext attacks. We prove the random-permutation/random-function switching lemma, security of the Elgamal and hashed Elgamal public-key encryption scheme and correctness and security of several constructions with pseudo-random functions. \u003c/p\u003e\u003cp\u003eOur proofs follow the game-hopping style advocated by Shoup and Bellare and Rogaway, from which most of the examples have been taken. We generalise some of their results such that they can be reused in other proofs. Thanks to CryptHOL's integration with Isabelle's parametricity infrastructure, many simple hops are easily justified using the theory of representation independence.\u003c/p\u003e", "authors": [ "Andreas Lochbihler", "S. Reza Sefidgar", "Bhargav Bhatt" ], "date": "2017-05-05", - "id": 353, + "id": 354, "link": "/entries/Game_Based_Crypto.html", "permalink": "/entries/Game_Based_Crypto.html", "shortname": "Game_Based_Crypto", "title": "Game-based cryptography in HOL", "topic_links": [ "computer-science/security/cryptography" ], "topics": [ "Computer science/Security/Cryptography" ], "used_by": 2 }, { "abstract": "The usual monad laws can directly be used as rewrite rules for Isabelle’s simplifier to normalise monadic HOL terms and decide equivalences. In a commutative monad, however, the commutativity law is a higher-order permutative rewrite rule that makes the simplifier loop. This AFP entry implements a simproc that normalises monadic expressions in commutative monads using ordered rewriting. The simproc can also permute computations across control operators like if and case.", "authors": [ "Joshua Schneider", "Manuel Eberl", "Andreas Lochbihler" ], "date": "2017-05-05", - "id": 354, + "id": 355, "link": "/entries/Monad_Normalisation.html", "permalink": "/entries/Monad_Normalisation.html", "shortname": "Monad_Normalisation", "title": "Monad normalisation", "topic_links": [ "tools", "computer-science/functional-programming", "logic/rewriting" ], "topics": [ "Tools", "Computer science/Functional programming", "Logic/Rewriting" ], "used_by": 3 }, { "abstract": "This AFP entry defines a probabilistic while operator based on sub-probability mass functions and formalises zero-one laws and variant rules for probabilistic loop termination. As applications, we implement probabilistic algorithms for the Bernoulli, geometric and arbitrary uniform distributions that only use fair coin flips, and prove them correct and terminating with probability 1.", "authors": [ "Andreas Lochbihler" ], "date": "2017-05-05", - "id": 355, + "id": 356, "link": "/entries/Probabilistic_While.html", "permalink": "/entries/Probabilistic_While.html", "shortname": "Probabilistic_While", "title": "Probabilistic while loop", "topic_links": [ "computer-science/functional-programming", "mathematics/probability-theory", "computer-science/algorithms" ], "topics": [ "Computer science/Functional programming", "Mathematics/Probability theory", "Computer science/Algorithms" ], "used_by": 1 }, { "abstract": "\u003cp\u003e Building on the formalization of basic category theory set out in the author's previous AFP article, the present article formalizes some basic aspects of the theory of monoidal categories. Among the notions defined here are monoidal category, monoidal functor, and equivalence of monoidal categories. The main theorems formalized are MacLane's coherence theorem and the constructions of the free monoidal category and free strict monoidal category generated by a given category. The coherence theorem is proved syntactically, using a structurally recursive approach to reduction of terms that might have some novel aspects. We also give proofs of some results given by Etingof et al, which may prove useful in a formal setting. In particular, we show that the left and right unitors need not be taken as given data in the definition of monoidal category, nor does the definition of monoidal functor need to take as given a specific isomorphism expressing the preservation of the unit object. Our definitions of monoidal category and monoidal functor are stated so as to take advantage of the economy afforded by these facts. \u003c/p\u003e\u003cp\u003e Revisions made subsequent to the first version of this article added material on cartesian monoidal categories; showing that the underlying category of a cartesian monoidal category is a cartesian category, and that every cartesian category extends to a cartesian monoidal category. \u003c/p\u003e", "authors": [ "Eugene W. Stark" ], "date": "2017-05-04", - "id": 356, + "id": 357, "link": "/entries/MonoidalCategory.html", "permalink": "/entries/MonoidalCategory.html", "shortname": "MonoidalCategory", "title": "Monoidal Categories", "topic_links": [ "mathematics/category-theory" ], "topics": [ "Mathematics/Category theory" ], "used_by": 1 }, { "abstract": "A computer-formalisation of the essential parts of Fitting's textbook \"Types, Tableaus and Gödel's God\" in Isabelle/HOL is presented. In particular, Fitting's (and Anderson's) variant of the ontological argument is verified and confirmed. This variant avoids the modal collapse, which has been criticised as an undesirable side-effect of Kurt Gödel's (and Dana Scott's) versions of the ontological argument. Fitting's work is employing an intensional higher-order modal logic, which we shallowly embed here in classical higher-order logic. We then utilize the embedded logic for the formalisation of Fitting's argument. (See also the earlier AFP entry ``Gödel's God in Isabelle/HOL''.)", "authors": [ "David Fuenmayor", "Christoph Benzmüller" ], "date": "2017-05-01", - "id": 357, + "id": 358, "link": "/entries/Types_Tableaus_and_Goedels_God.html", "permalink": "/entries/Types_Tableaus_and_Goedels_God.html", "shortname": "Types_Tableaus_and_Goedels_God", "title": "Types, Tableaus and Gödel’s God in Isabelle/HOL", "topic_links": [ "logic/philosophical-aspects" ], "topics": [ "Logic/Philosophical aspects" ], "used_by": 0 }, { "abstract": "This formalisation accompanies the paper \u003ca href=\"https://arxiv.org/abs/1702.03277\"\u003eLocal Lexing\u003c/a\u003e which introduces a novel parsing concept of the same name. The paper also gives a high-level algorithm for local lexing as an extension of Earley's algorithm. This formalisation proves the algorithm to be correct with respect to its local lexing semantics. As a special case, this formalisation thus also contains a proof of the correctness of Earley's algorithm. The paper contains a short outline of how this formalisation is organised.", "authors": [ "Steven Obua" ], "date": "2017-04-28", - "id": 358, + "id": 359, "link": "/entries/LocalLexing.html", "permalink": "/entries/LocalLexing.html", "shortname": "LocalLexing", "title": "Local Lexing", "topic_links": [ "computer-science/automata-and-formal-languages" ], "topics": [ "Computer science/Automata and formal languages" ], "used_by": 0 }, { "abstract": "Isabelle's code generator performs various adaptations for target languages. Among others, constructor applications have to be fully saturated. That means that for constructor calls occuring as arguments to higher-order functions, synthetic lambdas have to be inserted. This entry provides tooling to avoid this construction altogether by introducing constructor functions.", "authors": [ "Lars Hupel" ], "date": "2017-04-19", - "id": 359, + "id": 360, "link": "/entries/Constructor_Funs.html", "permalink": "/entries/Constructor_Funs.html", "shortname": "Constructor_Funs", "title": "Constructor Functions", "topic_links": [ "tools" ], "topics": [ "Tools" ], "used_by": 1 }, { "abstract": "Isabelle's code generator performs various adaptations for target languages. Among others, case statements are printed as match expressions. Internally, this is a sophisticated procedure, because in HOL, case statements are represented as nested calls to the case combinators as generated by the datatype package. Furthermore, the procedure relies on laziness of match expressions in the target language, i.e., that branches guarded by patterns that fail to match are not evaluated. Similarly, \u003ctt\u003eif-then-else\u003c/tt\u003e is printed to the corresponding construct in the target language. This entry provides tooling to replace these special cases in the code generator by ignoring these target language features, instead printing case expressions and \u003ctt\u003eif-then-else\u003c/tt\u003e as functions.", "authors": [ "Lars Hupel" ], "date": "2017-04-18", - "id": 360, + "id": 361, "link": "/entries/Lazy_Case.html", "permalink": "/entries/Lazy_Case.html", "shortname": "Lazy_Case", "title": "Lazifying case constants", "topic_links": [ "tools" ], "topics": [ "Tools" ], "used_by": 1 }, { "abstract": "We formalize the theory of subresultants and the subresultant polynomial remainder sequence as described by Brown and Traub. As a result, we obtain efficient certified algorithms for computing the resultant and the greatest common divisor of polynomials.", "authors": [ "Sebastiaan J. C. Joosten", "René Thiemann", "Akihisa Yamada" ], "date": "2017-04-06", - "id": 361, + "id": 362, "link": "/entries/Subresultants.html", "permalink": "/entries/Subresultants.html", "shortname": "Subresultants", "title": "Subresultants", "topic_links": [ "mathematics/algebra" ], "topics": [ "Mathematics/Algebra" ], "used_by": 1 }, { "abstract": "\u003cp\u003eThis entry contains proofs for the textbook results about the distributions of the height and internal path length of random binary search trees (BSTs), i.\u0026thinsp;e. BSTs that are formed by taking an empty BST and inserting elements from a fixed set in random order.\u003c/p\u003e \u003cp\u003eIn particular, we prove a logarithmic upper bound on the expected height and the \u003cem\u003eΘ(n log n)\u003c/em\u003e closed-form solution for the expected internal path length in terms of the harmonic numbers. We also show how the internal path length relates to the average-case cost of a lookup in a BST.\u003c/p\u003e", "authors": [ "Manuel Eberl" ], "date": "2017-04-04", - "id": 362, + "id": 363, "link": "/entries/Random_BSTs.html", "permalink": "/entries/Random_BSTs.html", "shortname": "Random_BSTs", "title": "Expected Shape of Random Binary Search Trees", "topic_links": [ "computer-science/data-structures" ], "topics": [ "Computer science/Data structures" ], "used_by": 2 }, { "abstract": "\u003cp\u003eThis article contains a formal proof of the well-known fact that number of comparisons that a comparison-based sorting algorithm needs to perform to sort a list of length \u003cem\u003en\u003c/em\u003e is at least \u003cem\u003elog\u003csub\u003e2\u003c/sub\u003e\u0026nbsp;(n!)\u003c/em\u003e in the worst case, i.\u0026thinsp;e.\u0026nbsp;\u003cem\u003eΩ(n log n)\u003c/em\u003e.\u003c/p\u003e \u003cp\u003eFor this purpose, a shallow embedding for comparison-based sorting algorithms is defined: a sorting algorithm is a recursive datatype containing either a HOL function or a query of a comparison oracle with a continuation containing the remaining computation. This makes it possible to force the algorithm to use only comparisons and to track the number of comparisons made.\u003c/p\u003e", "authors": [ "Manuel Eberl" ], "date": "2017-03-15", - "id": 363, + "id": 364, "link": "/entries/Comparison_Sort_Lower_Bound.html", "permalink": "/entries/Comparison_Sort_Lower_Bound.html", "shortname": "Comparison_Sort_Lower_Bound", "title": "Lower bound on comparison-based sorting algorithms", "topic_links": [ "computer-science/algorithms" ], "topics": [ "Computer science/Algorithms" ], "used_by": 2 }, { "abstract": "\u003cp\u003eWe give a formal proof of the well-known results about the number of comparisons performed by two variants of QuickSort: first, the expected number of comparisons of randomised QuickSort (i.\u0026thinsp;e.\u0026nbsp;QuickSort with random pivot choice) is \u003cem\u003e2\u0026thinsp;(n+1)\u0026thinsp;H\u003csub\u003en\u003c/sub\u003e - 4\u0026thinsp;n\u003c/em\u003e, which is asymptotically equivalent to \u003cem\u003e2\u0026thinsp;n ln n\u003c/em\u003e; second, the number of comparisons performed by the classic non-randomised QuickSort has the same distribution in the average case as the randomised one.\u003c/p\u003e", "authors": [ "Manuel Eberl" ], "date": "2017-03-15", - "id": 364, + "id": 365, "link": "/entries/Quick_Sort_Cost.html", "permalink": "/entries/Quick_Sort_Cost.html", "shortname": "Quick_Sort_Cost", "title": "The number of comparisons in QuickSort", "topic_links": [ "computer-science/algorithms" ], "topics": [ "Computer science/Algorithms" ], "used_by": 1 }, { "abstract": "\u003cp\u003eThe Euler-MacLaurin formula relates the value of a discrete sum to that of the corresponding integral in terms of the derivatives at the borders of the summation and a remainder term. Since the remainder term is often very small as the summation bounds grow, this can be used to compute asymptotic expansions for sums.\u003c/p\u003e \u003cp\u003eThis entry contains a proof of this formula for functions from the reals to an arbitrary Banach space. Two variants of the formula are given: the standard textbook version and a variant outlined in \u003cem\u003eConcrete Mathematics\u003c/em\u003e that is more useful for deriving asymptotic estimates.\u003c/p\u003e \u003cp\u003eAs example applications, we use that formula to derive the full asymptotic expansion of the harmonic numbers and the sum of inverse squares.\u003c/p\u003e", "authors": [ "Manuel Eberl" ], "date": "2017-03-10", - "id": 365, + "id": 366, "link": "/entries/Euler_MacLaurin.html", "permalink": "/entries/Euler_MacLaurin.html", "shortname": "Euler_MacLaurin", "title": "The Euler–MacLaurin Formula", "topic_links": [ "mathematics/analysis" ], "topics": [ "Mathematics/Analysis" ], "used_by": 2 }, { "abstract": "We prove the group law for elliptic curves in Weierstrass form over fields of characteristic greater than 2. In addition to affine coordinates, we also formalize projective coordinates, which allow for more efficient computations. By specializing the abstract formalization to prime fields, we can apply the curve operations to parameters used in standard security protocols.", "authors": [ "Stefan Berghofer" ], "date": "2017-02-28", - "id": 366, + "id": 367, "link": "/entries/Elliptic_Curves_Group_Law.html", "permalink": "/entries/Elliptic_Curves_Group_Law.html", "shortname": "Elliptic_Curves_Group_Law", "title": "The Group Law for Elliptic Curves", "topic_links": [ "computer-science/security/cryptography" ], "topics": [ "Computer science/Security/Cryptography" ], "used_by": 0 }, { "abstract": "We present a formalization of Menger's Theorem for directed and undirected graphs in Isabelle/HOL. This well-known result shows that if two non-adjacent distinct vertices u, v in a directed graph have no separator smaller than n, then there exist n internally vertex-disjoint paths from u to v. The version for undirected graphs follows immediately because undirected graphs are a special case of directed graphs.", "authors": [ "Christoph Dittmann" ], "date": "2017-02-26", - "id": 367, + "id": 368, "link": "/entries/Menger.html", "permalink": "/entries/Menger.html", "shortname": "Menger", "title": "Menger's Theorem", "topic_links": [ "mathematics/graph-theory" ], "topics": [ "Mathematics/Graph theory" ], "used_by": 0 }, { "abstract": "We formalize differential dynamic logic, a logic for proving properties of hybrid systems. The proof calculus in this formalization is based on the uniform substitution principle. We show it is sound with respect to our denotational semantics, which provides increased confidence in the correctness of the KeYmaera X theorem prover based on this calculus. As an application, we include a proof term checker embedded in Isabelle/HOL with several example proofs. Published in: Rose Bohrer, Vincent Rahli, Ivana Vukotic, Marcus Völp, André Platzer: Formally verified differential dynamic logic. CPP 2017.", "authors": [ "Rose Bohrer" ], "date": "2017-02-13", - "id": 368, + "id": 369, "link": "/entries/Differential_Dynamic_Logic.html", "permalink": "/entries/Differential_Dynamic_Logic.html", "shortname": "Differential_Dynamic_Logic", "title": "Differential Dynamic Logic", "topic_links": [ "logic/general-logic/modal-logic", "computer-science/programming-languages/logics" ], "topics": [ "Logic/General logic/Modal logic", "Computer science/Programming languages/Logics" ], "used_by": 0 }, { "abstract": "A formalized coinductive account of the abstract development of Brotherston, Gorogiannis, and Petersen [APLAS 2012], in a slightly more general form since we work with arbitrary infinite proofs, which may be acyclic. This work is described in detail in an article by the authors, published in 2017 in the \u003cem\u003eJournal of Automated Reasoning\u003c/em\u003e. The abstract proof can be instantiated for various formalisms, including first-order logic with inductive predicates.", "authors": [ "Jasmin Christian Blanchette", "Andrei Popescu", "Dmitriy Traytel" ], "date": "2017-02-10", - "id": 369, + "id": 370, "link": "/entries/Abstract_Soundness.html", "permalink": "/entries/Abstract_Soundness.html", "shortname": "Abstract_Soundness", "title": "Abstract Soundness", "topic_links": [ "logic/proof-theory" ], "topics": [ "Logic/Proof theory" ], "used_by": 2 }, { "abstract": "We develop Stone relation algebras, which generalise relation algebras by replacing the underlying Boolean algebra structure with a Stone algebra. We show that finite matrices over extended real numbers form an instance. As a consequence, relation-algebraic concepts and methods can be used for reasoning about weighted graphs. We also develop a fixpoint calculus and apply it to compare different definitions of reflexive-transitive closures in semirings.", "authors": [ "Walter Guttmann" ], "date": "2017-02-07", - "id": 370, + "id": 371, "link": "/entries/Stone_Relation_Algebras.html", "permalink": "/entries/Stone_Relation_Algebras.html", "shortname": "Stone_Relation_Algebras", "title": "Stone Relation Algebras", "topic_links": [ "mathematics/algebra" ], "topics": [ "Mathematics/Algebra" ], "used_by": 1 }, { "abstract": "We develop a family of key agreement protocols that are correct by construction. Our work substantially extends prior work on developing security protocols by refinement. First, we strengthen the adversary by allowing him to compromise different resources of protocol participants, such as their long-term keys or their session keys. This enables the systematic development of protocols that ensure strong properties such as perfect forward secrecy. Second, we broaden the class of protocols supported to include those with non-atomic keys and equationally defined cryptographic operators. We use these extensions to develop key agreement protocols including signed Diffie-Hellman and the core of IKEv1 and SKEME.", "authors": [ "Joseph Lallemand", "Christoph Sprenger" ], "date": "2017-01-31", - "id": 371, + "id": 372, "link": "/entries/Key_Agreement_Strong_Adversaries.html", "permalink": "/entries/Key_Agreement_Strong_Adversaries.html", "shortname": "Key_Agreement_Strong_Adversaries", "title": "Refining Authenticated Key Agreement with Strong Adversaries", "topic_links": [ "computer-science/security" ], "topics": [ "Computer science/Security" ], "used_by": 0 }, { "abstract": "\u003cp\u003eBernoulli numbers were first discovered in the closed-form expansion of the sum 1\u003csup\u003em\u003c/sup\u003e + 2\u003csup\u003em\u003c/sup\u003e + \u0026hellip; + n\u003csup\u003em\u003c/sup\u003e for a fixed m and appear in many other places. This entry provides three different definitions for them: a recursive one, an explicit one, and one through their exponential generating function.\u003c/p\u003e \u003cp\u003eIn addition, we prove some basic facts, e.g. their relation to sums of powers of integers and that all odd Bernoulli numbers except the first are zero, and some advanced facts like their relationship to the Riemann zeta function on positive even integers.\u003c/p\u003e \u003cp\u003eWe also prove the correctness of the Akiyama\u0026ndash;Tanigawa algorithm for computing Bernoulli numbers with reasonable efficiency, and we define the periodic Bernoulli polynomials (which appear e.g. in the Euler\u0026ndash;MacLaurin summation formula and the expansion of the log-Gamma function) and prove their basic properties.\u003c/p\u003e", "authors": [ "Lukas Bulwahn", "Manuel Eberl" ], "date": "2017-01-24", - "id": 372, + "id": 373, "link": "/entries/Bernoulli.html", "permalink": "/entries/Bernoulli.html", "shortname": "Bernoulli", "title": "Bernoulli Numbers", "topic_links": [ "mathematics/analysis", "mathematics/number-theory" ], "topics": [ "Mathematics/Analysis", "Mathematics/Number theory" ], "used_by": 5 }, { "abstract": "\u003cp\u003eBertrand's postulate is an early result on the distribution of prime numbers: For every positive integer n, there exists a prime number that lies strictly between n and 2n. The proof is ported from John Harrison's formalisation in HOL Light. It proceeds by first showing that the property is true for all n greater than or equal to 600 and then showing that it also holds for all n below 600 by case distinction. \u003c/p\u003e", "authors": [ "Julian Biendarra", "Manuel Eberl" ], "date": "2017-01-17", - "id": 373, + "id": 374, "link": "/entries/Bertrands_Postulate.html", "permalink": "/entries/Bertrands_Postulate.html", "shortname": "Bertrands_Postulate", "title": "Bertrand's postulate", "topic_links": [ "mathematics/number-theory" ], "topics": [ "Mathematics/Number theory" ], "used_by": 2 }, { "abstract": "\u003cp\u003eThis formalization is an extension to \u003ca href=\"https://www.isa-afp.org/entries/Formal_SSA.html\"\u003e\"Verified Construction of Static Single Assignment Form\"\u003c/a\u003e. In their work, the authors have shown that \u003ca href=\"https://doi.org/10.1007/978-3-642-37051-9_6\"\u003eBraun et al.'s static single assignment (SSA) construction algorithm\u003c/a\u003e produces minimal SSA form for input programs with a reducible control flow graph (CFG). However Braun et al. also proposed an extension to their algorithm that they claim produces minimal SSA form even for irreducible CFGs.\u003cbr\u003e In this formalization we support that claim by giving a mechanized proof. \u003c/p\u003e \u003cp\u003eAs the extension of Braun et al.'s algorithm aims for removing so-called redundant strongly connected components of phi functions, we show that this suffices to guarantee minimality according to \u003ca href=\"https://doi.org/10.1145/115372.115320\"\u003eCytron et al.\u003c/a\u003e.\u003c/p\u003e", "authors": [ "Max Wagner", "Denis Lohner" ], "date": "2017-01-17", - "id": 374, + "id": 375, "link": "/entries/Minimal_SSA.html", "permalink": "/entries/Minimal_SSA.html", "shortname": "Minimal_SSA", "title": "Minimal Static Single Assignment Form", "topic_links": [ "computer-science/programming-languages/compiling" ], "topics": [ "Computer science/Programming languages/Compiling" ], "used_by": 0 }, { "abstract": "\u003cp\u003eThis work contains a proof that Euler's number e is transcendental. The proof follows the standard approach of assuming that e is algebraic and then using a specific integer polynomial to derive two inconsistent bounds, leading to a contradiction.\u003c/p\u003e \u003cp\u003eThis kind of approach can be found in many different sources; this formalisation mostly follows a \u003ca href=\"http://planetmath.org/proofoflindemannweierstrasstheoremandthateandpiaretranscendental\"\u003ePlanetMath article\u003c/a\u003e by Roger Lipsett.\u003c/p\u003e", "authors": [ "Manuel Eberl" ], "date": "2017-01-12", - "id": 375, + "id": 376, "link": "/entries/E_Transcendental.html", "permalink": "/entries/E_Transcendental.html", "shortname": "E_Transcendental", "title": "The Transcendence of e", "topic_links": [ "mathematics/analysis", "mathematics/number-theory" ], "topics": [ "Mathematics/Analysis", "Mathematics/Number theory" ], "used_by": 2 }, { "abstract": "We present a formal model of network protocols and their application to modeling firewall policies. The formalization is based on the Unified Policy Framework (UPF). The formalization was originally developed with for generating test cases for testing the security configuration actual firewall and router (middle-boxes) using HOL-TestGen. Our work focuses on modeling application level protocols on top of tcp/ip.", "authors": [ "Achim D. Brucker", "Lukas Brügger", "Burkhart Wolff" ], "date": "2017-01-08", - "id": 376, + "id": 377, "link": "/entries/UPF_Firewall.html", "permalink": "/entries/UPF_Firewall.html", "shortname": "UPF_Firewall", "title": "Formal Network Models and Their Application to Firewall Policies", "topic_links": [ "computer-science/security", "computer-science/networks" ], "topics": [ "Computer science/Security", "Computer science/Networks" ], "used_by": 0 }, { "abstract": "This paper constructs a formal model of a Diffie-Hellman password-based authentication protocol between a user and a smart card, and proves its security. The protocol provides for the dispatch of the user's password to the smart card on a secure messaging channel established by means of Password Authenticated Connection Establishment (PACE), where the mapping method being used is Chip Authentication Mapping. By applying and suitably extending Paulson's Inductive Method, this paper proves that the protocol establishes trustworthy secure messaging channels, preserves the secrecy of users' passwords, and provides an effective mutual authentication service. What is more, these security properties turn out to hold independently of the secrecy of the PACE authentication key.", "authors": [ "Pasquale Noce" ], "date": "2017-01-03", - "id": 377, + "id": 378, "link": "/entries/Password_Authentication_Protocol.html", "permalink": "/entries/Password_Authentication_Protocol.html", "shortname": "Password_Authentication_Protocol", "title": "Verification of a Diffie-Hellman Password-based Authentication Protocol by Extending the Inductive Method", "topic_links": [ "computer-science/security" ], "topics": [ "Computer science/Security" ], "used_by": 0 }, { "abstract": "\u003cp\u003eWe present a certified declarative first-order prover with equality based on John Harrison's Handbook of Practical Logic and Automated Reasoning, Cambridge University Press, 2009. ML code reflection is used such that the entire prover can be executed within Isabelle as a very simple interactive proof assistant. As examples we consider Pelletier's problems 1-46.\u003c/p\u003e \u003cp\u003eReference: Programming and Verifying a Declarative First-Order Prover in Isabelle/HOL. Alexander Birch Jensen, John Bruntse Larsen, Anders Schlichtkrull \u0026 Jørgen Villadsen. AI Communications 31:281-299 2018. \u003ca href=\"https://content.iospress.com/articles/ai-communications/aic764\"\u003e https://content.iospress.com/articles/ai-communications/aic764\u003c/a\u003e\u003c/p\u003e \u003cp\u003eSee also: Students' Proof Assistant (SPA). \u003ca href=https://github.com/logic-tools/spa\u003e https://github.com/logic-tools/spa\u003c/a\u003e\u003c/p\u003e", "authors": [ "Alexander Birch Jensen", "Anders Schlichtkrull", "Jørgen Villadsen" ], "date": "2017-01-01", - "id": 378, + "id": 379, "link": "/entries/FOL_Harrison.html", "permalink": "/entries/FOL_Harrison.html", "shortname": "FOL_Harrison", "title": "First-Order Logic According to Harrison", "topic_links": [ "logic/general-logic/mechanization-of-proofs" ], "topics": [ "Logic/General logic/Mechanization of proofs" ], "used_by": 0 }, { "abstract": "The concurrent refinement algebra developed here is designed to provide a foundation for rely/guarantee reasoning about concurrent programs. The algebra builds on a complete lattice of commands by providing sequential composition, parallel composition and a novel weak conjunction operator. The weak conjunction operator coincides with the lattice supremum providing its arguments are non-aborting, but aborts if either of its arguments do. Weak conjunction provides an abstract version of a guarantee condition as a guarantee process. We distinguish between models that distribute sequential composition over non-deterministic choice from the left (referred to as being conjunctive in the refinement calculus literature) and those that don't. Least and greatest fixed points of monotone functions are provided to allow recursion and iteration operators to be added to the language. Additional iteration laws are available for conjunctive models. The rely quotient of processes \u003ci\u003ec\u003c/i\u003e and \u003ci\u003ei\u003c/i\u003e is the process that, if executed in parallel with \u003ci\u003ei\u003c/i\u003e implements \u003ci\u003ec\u003c/i\u003e. It represents an abstract version of a rely condition generalised to a process.", "authors": [ "Julian Fell", "Ian J. Hayes", "Andrius Velykis" ], "date": "2016-12-30", - "id": 379, + "id": 380, "link": "/entries/Concurrent_Ref_Alg.html", "permalink": "/entries/Concurrent_Ref_Alg.html", "shortname": "Concurrent_Ref_Alg", "title": "Concurrent Refinement Algebra and Rely Quotients", "topic_links": [ "computer-science/concurrency" ], "topics": [ "Computer science/Concurrency" ], "used_by": 0 }, { "abstract": "This entry provides all cardinality theorems of the Twelvefold Way. The Twelvefold Way systematically classifies twelve related combinatorial problems concerning two finite sets, which include counting permutations, combinations, multisets, set partitions and number partitions. This development builds upon the existing formal developments with cardinality theorems for those structures. It provides twelve bijections from the various structures to different equivalence classes on finite functions, and hence, proves cardinality formulae for these equivalence classes on finite functions.", "authors": [ "Lukas Bulwahn" ], "date": "2016-12-29", - "id": 380, + "id": 381, "link": "/entries/Twelvefold_Way.html", "permalink": "/entries/Twelvefold_Way.html", "shortname": "Twelvefold_Way", "title": "The Twelvefold Way", "topic_links": [ "mathematics/combinatorics" ], "topics": [ "Mathematics/Combinatorics" ], "used_by": 0 }, { "abstract": "Isabelle includes various automatic tools for finding proofs under certain conditions. However, for each conjecture, knowing which automation to use, and how to tweak its parameters, is currently labour intensive. We have developed a language, PSL, designed to capture high level proof strategies. PSL offloads the construction of human-readable fast-to-replay proof scripts to automatic search, making use of search-time information about each conjecture. Our preliminary evaluations show that PSL reduces the labour cost of interactive theorem proving. This submission contains the implementation of PSL and an example theory file, Example.thy, showing how to write poof strategies in PSL.", "authors": [ "Yutaka Nagashima" ], "date": "2016-12-20", - "id": 381, + "id": 382, "link": "/entries/Proof_Strategy_Language.html", "permalink": "/entries/Proof_Strategy_Language.html", "shortname": "Proof_Strategy_Language", "title": "Proof Strategy Language", "topic_links": [ "tools" ], "topics": [ "Tools" ], "used_by": 0 }, { "abstract": "Paraconsistency is about handling inconsistency in a coherent way. In classical and intuitionistic logic everything follows from an inconsistent theory. A paraconsistent logic avoids the explosion. Quite a few applications in computer science and engineering are discussed in the Intelligent Systems Reference Library Volume 110: Towards Paraconsistent Engineering (Springer 2016). We formalize a paraconsistent many-valued logic that we motivated and described in a special issue on logical approaches to paraconsistency (Journal of Applied Non-Classical Logics 2005). We limit ourselves to the propositional fragment of the higher-order logic. The logic is based on so-called key equalities and has a countably infinite number of truth values. We prove theorems in the logic using the definition of validity. We verify truth tables and also counterexamples for non-theorems. We prove meta-theorems about the logic and finally we investigate a case study.", "authors": [ "Anders Schlichtkrull", "Jørgen Villadsen" ], "date": "2016-12-07", - "id": 382, + "id": 383, "link": "/entries/Paraconsistency.html", "permalink": "/entries/Paraconsistency.html", "shortname": "Paraconsistency", "title": "Paraconsistency", "topic_links": [ "logic/general-logic/paraconsistent-logics" ], "topics": [ "Logic/General logic/Paraconsistent logics" ], "used_by": 0 }, { "abstract": "We propose a concurrency reasoning framework for imperative programs, based on the Owicki-Gries (OG) foundational shared-variable concurrency method. Our framework combines the approaches of Hoare-Parallel, a formalisation of OG in Isabelle/HOL for a simple while-language, and Simpl, a generic imperative language embedded in Isabelle/HOL, allowing formal reasoning on C programs. We define the Complx language, extending the syntax and semantics of Simpl with support for parallel composition and synchronisation. We additionally define an OG logic, which we prove sound w.r.t. the semantics, and a verification condition generator, both supporting involved low-level imperative constructs such as function calls and abrupt termination. We illustrate our framework on an example that features exceptions, guards and function calls. We aim to then target concurrent operating systems, such as the interruptible eChronos embedded operating system for which we already have a model-level OG proof using Hoare-Parallel.", "authors": [ "Sidney Amani", "June Andronick", "Maksym Bortin", "Corey Lewis", "Christine Rizkallah", "Joseph Tuong" ], "date": "2016-11-29", - "id": 383, + "id": 384, "link": "/entries/Complx.html", "permalink": "/entries/Complx.html", "shortname": "Complx", "title": "COMPLX: A Verification Framework for Concurrent Imperative Programs", "topic_links": [ "computer-science/programming-languages/logics", "computer-science/programming-languages/language-definitions" ], "topics": [ "Computer science/Programming languages/Logics", "Computer science/Programming languages/Language definitions" ], "used_by": 0 }, { "abstract": "This is the Isabelle formalization of the material decribed in the eponymous \u003ca href=\"https://doi.org/10.1007/978-3-642-32347-8_9\"\u003eITP 2012 paper\u003c/a\u003e. It develops a generic abstract interpreter for a while-language, including widening and narrowing. The collecting semantics and the abstract interpreter operate on annotated commands: the program is represented as a syntax tree with the semantic information directly embedded, without auxiliary labels. The aim of the formalization is simplicity, not efficiency or precision. This is motivated by the inclusion of the material in a theorem prover based course on semantics. A similar (but more polished) development is covered in the book \u003ca href=\"https://doi.org/10.1007/978-3-319-10542-0\"\u003eConcrete Semantics\u003c/a\u003e.", "authors": [ "Tobias Nipkow" ], "date": "2016-11-23", - "id": 384, + "id": 385, "link": "/entries/Abs_Int_ITP2012.html", "permalink": "/entries/Abs_Int_ITP2012.html", "shortname": "Abs_Int_ITP2012", "title": "Abstract Interpretation of Annotated Commands", "topic_links": [ "computer-science/programming-languages/static-analysis" ], "topics": [ "Computer science/Programming languages/Static analysis" ], "used_by": 0 }, { "abstract": "We bring the labelled sequent calculus $LS_{PASL}$ for propositional abstract separation logic to Isabelle. The tactics given here are directly applied on an extension of the Separation Algebra in the AFP. In addition to the cancellative separation algebra, we further consider some useful properties in the heap model of separation logic, such as indivisible unit, disjointness, and cross-split. The tactics are essentially a proof search procedure for the calculus $LS_{PASL}$. We wrap the tactics in an Isabelle method called separata, and give a few examples of separation logic formulae which are provable by separata.", "authors": [ "Zhe Hou", "David Sanan", "Alwen Tiu", "Rajeev Gore", "Ranald Clouston" ], "date": "2016-11-16", - "id": 385, + "id": 386, "link": "/entries/Separata.html", "permalink": "/entries/Separata.html", "shortname": "Separata", "title": "Separata: Isabelle tactics for Separation Algebra", "topic_links": [ "computer-science/programming-languages/logics", "tools" ], "topics": [ "Computer science/Programming languages/Logics", "Tools" ], "used_by": 0 }, { "abstract": "This Isabelle/HOL formalization defines Knuth–Bendix orders for higher-order terms without lambda-abstraction and proves many useful properties about them. The main order fully coincides with the standard transfinite KBO with subterm coefficients on first-order terms. It appears promising as the basis of a higher-order superposition calculus.", "authors": [ "Heiko Becker", "Jasmin Christian Blanchette", "Uwe Waldmann", "Daniel Wand" ], "date": "2016-11-12", - "id": 386, + "id": 387, "link": "/entries/Lambda_Free_KBOs.html", "permalink": "/entries/Lambda_Free_KBOs.html", "shortname": "Lambda_Free_KBOs", "title": "Formalization of Knuth–Bendix Orders for Lambda-Free Higher-Order Terms", "topic_links": [ "logic/rewriting" ], "topics": [ "Logic/Rewriting" ], "used_by": 0 }, { "abstract": "This Isabelle/HOL formalization introduces a nested multiset datatype and defines Dershowitz and Manna's nested multiset order. The order is proved well founded and linear. By removing one constructor, we transform the nested multisets into hereditary multisets. These are isomorphic to the syntactic ordinals—the ordinals can be recursively expressed in Cantor normal form. Addition, subtraction, multiplication, and linear orders are provided on this type.", "authors": [ "Jasmin Christian Blanchette", "Mathias Fleury", "Dmitriy Traytel" ], "date": "2016-11-12", - "id": 387, + "id": 388, "link": "/entries/Nested_Multisets_Ordinals.html", "permalink": "/entries/Nested_Multisets_Ordinals.html", "shortname": "Nested_Multisets_Ordinals", "title": "Formalization of Nested Multisets, Hereditary Multisets, and Syntactic Ordinals", "topic_links": [ "logic/rewriting" ], "topics": [ "Logic/Rewriting" ], "used_by": 7 }, { "abstract": "Deep learning has had a profound impact on computer science in recent years, with applications to search engines, image recognition and language processing, bioinformatics, and more. Recently, Cohen et al. provided theoretical evidence for the superiority of deep learning over shallow learning. This formalization of their work simplifies and generalizes the original proof, while working around the limitations of the Isabelle type system. To support the formalization, I developed reusable libraries of formalized mathematics, including results about the matrix rank, the Lebesgue measure, and multivariate polynomials, as well as a library for tensor analysis.", "authors": [ "Alexander Bentkamp" ], "date": "2016-11-10", - "id": 388, + "id": 389, "link": "/entries/Deep_Learning.html", "permalink": "/entries/Deep_Learning.html", "shortname": "Deep_Learning", "title": "Expressiveness of Deep Learning", "topic_links": [ "computer-science/machine-learning", "mathematics/analysis" ], "topics": [ "Computer science/Machine learning", "Mathematics/Analysis" ], "used_by": 1 }, { "abstract": "We formalize a uniform semantic substrate for a wide variety of process calculi where states and action labels can be from arbitrary nominal sets. A Hennessy-Milner logic for these systems is defined, and proved adequate for bisimulation equivalence. A main novelty is the construction of an infinitary nominal data type to model formulas with (finitely supported) infinite conjunctions and actions that may contain binding names. The logic is generalized to treat different bisimulation variants such as early, late and open in a systematic way.", "authors": [ "Tjark Weber", "Lars-Henrik Eriksson", "Joachim Parrow", "Johannes Borgström", "Ramunas Gutkovas" ], "date": "2016-10-25", - "id": 389, + "id": 390, "link": "/entries/Modal_Logics_for_NTS.html", "permalink": "/entries/Modal_Logics_for_NTS.html", "shortname": "Modal_Logics_for_NTS", "title": "Modal Logics for Nominal Transition Systems", "topic_links": [ "computer-science/concurrency/process-calculi", "logic/general-logic/modal-logic" ], "topics": [ "Computer science/Concurrency/Process calculi", "Logic/General logic/Modal logic" ], "used_by": 0 }, { "abstract": "We mechanize proofs of several results from the matching with contracts literature, which generalize those of the classical two-sided matching scenarios that go by the name of stable marriage. Our focus is on game theoretic issues. Along the way we develop executable algorithms for computing optimal stable matches.", "authors": [ "Peter Gammie" ], "date": "2016-10-24", - "id": 390, + "id": 391, "link": "/entries/Stable_Matching.html", "permalink": "/entries/Stable_Matching.html", "shortname": "Stable_Matching", "title": "Stable Matching", "topic_links": [ "mathematics/games-and-economics" ], "topics": [ "Mathematics/Games and economics" ], "used_by": 0 }, { "abstract": "We present LOFT — Linux firewall OpenFlow Translator, a system that transforms the main routing table and FORWARD chain of iptables of a Linux-based firewall into a set of static OpenFlow rules. Our implementation is verified against a model of a simplified Linux-based router and we can directly show how much of the original functionality is preserved.", "authors": [ "Julius Michaelis", "Cornelius Diekmann" ], "date": "2016-10-21", - "id": 391, + "id": 392, "link": "/entries/LOFT.html", "permalink": "/entries/LOFT.html", "shortname": "LOFT", "title": "LOFT — Verified Migration of Linux Firewalls to SDN", "topic_links": [ "computer-science/networks" ], "topics": [ "Computer science/Networks" ], "used_by": 0 }, { "abstract": "We formalise the SPARCv8 instruction set architecture (ISA) which is used in processors such as LEON3. Our formalisation can be specialised to any SPARCv8 CPU, here we use LEON3 as a running example. Our model covers the operational semantics for all the instructions in the integer unit of the SPARCv8 architecture and it supports Isabelle code export, which effectively turns the Isabelle model into a SPARCv8 CPU simulator. We prove the language-based non-interference property for the LEON3 processor. Our model is based on deterministic monad, which is a modified version of the non-deterministic monad from NICTA/l4v.", "authors": [ "Zhe Hou", "David Sanan", "Alwen Tiu", "Yang Liu" ], "date": "2016-10-19", - "id": 392, + "id": 393, "link": "/entries/SPARCv8.html", "permalink": "/entries/SPARCv8.html", "shortname": "SPARCv8", "title": "A formal model for the SPARCv8 ISA and a proof of non-interference for the LEON3 processor", "topic_links": [ "computer-science/security", "computer-science/hardware" ], "topics": [ "Computer science/Security", "Computer science/Hardware" ], "used_by": 0 }, { "abstract": "This document contains a proof of the necessary condition on the code rate of a source code, namely that this code rate is bounded by the entropy of the source. This represents one half of Shannon's source coding theorem, which is itself an equivalence.", "authors": [ "Quentin Hibon", "Lawrence C. Paulson" ], "date": "2016-10-19", - "id": 393, + "id": 394, "link": "/entries/Source_Coding_Theorem.html", "permalink": "/entries/Source_Coding_Theorem.html", "shortname": "Source_Coding_Theorem", "title": "Source Coding Theorem", "topic_links": [ "mathematics/probability-theory" ], "topics": [ "Mathematics/Probability theory" ], "used_by": 0 }, { "abstract": "\u003cp\u003eWe formalize the Berlekamp-Zassenhaus algorithm for factoring square-free integer polynomials in Isabelle/HOL. We further adapt an existing formalization of Yun’s square-free factorization algorithm to integer polynomials, and thus provide an efficient and certified factorization algorithm for arbitrary univariate polynomials. \u003c/p\u003e \u003cp\u003eThe algorithm first performs a factorization in the prime field GF(p) and then performs computations in the integer ring modulo p^k, where both p and k are determined at runtime. Since a natural modeling of these structures via dependent types is not possible in Isabelle/HOL, we formalize the whole algorithm using Isabelle’s recent addition of local type definitions. \u003c/p\u003e \u003cp\u003eThrough experiments we verify that our algorithm factors polynomials of degree 100 within seconds. \u003c/p\u003e", "authors": [ "Jose Divasón", "Sebastiaan J. C. Joosten", "René Thiemann", "Akihisa Yamada" ], "date": "2016-10-14", - "id": 394, + "id": 395, "link": "/entries/Berlekamp_Zassenhaus.html", "permalink": "/entries/Berlekamp_Zassenhaus.html", "shortname": "Berlekamp_Zassenhaus", "title": "The Factorization Algorithm of Berlekamp and Zassenhaus", "topic_links": [ "mathematics/algebra" ], "topics": [ "Mathematics/Algebra" ], "used_by": 7 }, { "abstract": "This entry provides a geometric proof of the intersecting chords theorem. The theorem states that when two chords intersect each other inside a circle, the products of their segments are equal. After a short review of existing proofs in the literature, I decided to use a proof approach that employs reasoning about lengths of line segments, the orthogonality of two lines and the Pythagoras Law. Hence, one can understand the formalized proof easily with the knowledge of a few general geometric facts that are commonly taught in high-school. This theorem is the 55th theorem of the Top 100 Theorems list.", "authors": [ "Lukas Bulwahn" ], "date": "2016-10-11", - "id": 395, + "id": 396, "link": "/entries/Chord_Segments.html", "permalink": "/entries/Chord_Segments.html", "shortname": "Chord_Segments", "title": "Intersecting Chords Theorem", "topic_links": [ "mathematics/geometry" ], "topics": [ "Mathematics/Geometry" ], "used_by": 0 }, { "abstract": "Lp is the space of functions whose p-th power is integrable. It is one of the most fundamental Banach spaces that is used in analysis and probability. We develop a framework for function spaces, and then implement the Lp spaces in this framework using the existing integration theory in Isabelle/HOL. Our development contains most fundamental properties of Lp spaces, notably the Hölder and Minkowski inequalities, completeness of Lp, duality, stability under almost sure convergence, multiplication of functions in Lp and Lq, stability under conditional expectation.", "authors": [ "Sebastien Gouezel" ], "date": "2016-10-05", - "id": 396, + "id": 397, "link": "/entries/Lp.html", "permalink": "/entries/Lp.html", "shortname": "Lp", "title": "Lp spaces", "topic_links": [ "mathematics/analysis" ], "topics": [ "Mathematics/Analysis" ], "used_by": 2 }, { "abstract": "\u003cp\u003eThis work defines and proves the correctness of the Fisher–Yates algorithm for shuffling – i.e. producing a random permutation – of a list. The algorithm proceeds by traversing the list and in each step swapping the current element with a random element from the remaining list.\u003c/p\u003e", "authors": [ "Manuel Eberl" ], "date": "2016-09-30", - "id": 397, + "id": 398, "link": "/entries/Fisher_Yates.html", "permalink": "/entries/Fisher_Yates.html", "shortname": "Fisher_Yates", "title": "Fisher–Yates shuffle", "topic_links": [ "computer-science/algorithms" ], "topics": [ "Computer science/Algorithms" ], "used_by": 0 }, { "abstract": "Allen’s interval calculus is a qualitative temporal representation of time events. Allen introduced 13 binary relations that describe all the possible arrangements between two events, i.e. intervals with non-zero finite length. The compositions are pertinent to reasoning about knowledge of time. In particular, a consistency problem of relation constraints is commonly solved with a guideline from these compositions. We formalize the relations together with an axiomatic system. We proof the validity of the 169 compositions of these relations. We also define nests as the sets of intervals that share a meeting point. We prove that nests give the ordering properties of points without introducing a new datatype for points. [1] J.F. Allen. Maintaining Knowledge about Temporal Intervals. In Commun. ACM, volume 26, pages 832–843, 1983. [2] J. F. Allen and P. J. Hayes. A Common-sense Theory of Time. In Proceedings of the 9th International Joint Conference on Artificial Intelligence (IJCAI’85), pages 528–531, 1985.", "authors": [ "Fadoua Ghourabi" ], "date": "2016-09-29", - "id": 398, + "id": 399, "link": "/entries/Allen_Calculus.html", "permalink": "/entries/Allen_Calculus.html", "shortname": "Allen_Calculus", "title": "Allen's Interval Calculus", "topic_links": [ "logic/general-logic/temporal-logic", "mathematics/order" ], "topics": [ "Logic/General logic/Temporal logic", "Mathematics/Order" ], "used_by": 0 }, { "abstract": "This Isabelle/HOL formalization defines recursive path orders (RPOs) for higher-order terms without lambda-abstraction and proves many useful properties about them. The main order fully coincides with the standard RPO on first-order terms also in the presence of currying, distinguishing it from previous work. An optimized variant is formalized as well. It appears promising as the basis of a higher-order superposition calculus.", "authors": [ "Jasmin Christian Blanchette", "Uwe Waldmann", "Daniel Wand" ], "date": "2016-09-23", - "id": 399, + "id": 400, "link": "/entries/Lambda_Free_RPOs.html", "permalink": "/entries/Lambda_Free_RPOs.html", "shortname": "Lambda_Free_RPOs", "title": "Formalization of Recursive Path Orders for Lambda-Free Higher-Order Terms", "topic_links": [ "logic/rewriting" ], "topics": [ "Logic/Rewriting" ], "used_by": 5 }, { "abstract": "We present a big step semantics of the filtering behavior of the Linux/netfilter iptables firewall. We provide algorithms to simplify complex iptables rulests to a simple firewall model (c.f. AFP entry \u003ca href=\"https://www.isa-afp.org/entries/Simple_Firewall.html\"\u003eSimple_Firewall\u003c/a\u003e) and to verify spoofing protection of a ruleset. Internally, we embed our semantics into ternary logic, ultimately supporting every iptables match condition by abstracting over unknowns. Using this AFP entry and all entries it depends on, we created an easy-to-use, stand-alone haskell tool called \u003ca href=\"http://iptables.isabelle.systems\"\u003efffuu\u003c/a\u003e. The tool does not require any input \u0026mdash;except for the \u003ctt\u003eiptables-save\u003c/tt\u003e dump of the analyzed firewall\u0026mdash; and presents interesting results about the user's ruleset. Real-Word firewall errors have been uncovered, and the correctness of rulesets has been proved, with the help of our tool.", "authors": [ "Cornelius Diekmann", "Lars Hupel" ], "date": "2016-09-09", - "id": 400, + "id": 401, "link": "/entries/Iptables_Semantics.html", "permalink": "/entries/Iptables_Semantics.html", "shortname": "Iptables_Semantics", "title": "Iptables Semantics", "topic_links": [ "computer-science/networks" ], "topics": [ "Computer science/Networks" ], "used_by": 2 }, { "abstract": "We provide a formalization of a variant of the superposition calculus, together with formal proofs of soundness and refutational completeness (w.r.t. the usual redundancy criteria based on clause ordering). This version of the calculus uses all the standard restrictions of the superposition rules, together with the following refinement, inspired by the basic superposition calculus: each clause is associated with a set of terms which are assumed to be in normal form -- thus any application of the replacement rule on these terms is blocked. The set is initially empty and terms may be added or removed at each inference step. The set of terms that are assumed to be in normal form includes any term introduced by previous unifiers as well as any term occurring in the parent clauses at a position that is smaller (according to some given ordering on positions) than a previously replaced term. The standard superposition calculus corresponds to the case where the set of irreducible terms is always empty.", "authors": [ "Nicolas Peltier" ], "date": "2016-09-06", - "id": 401, + "id": 402, "link": "/entries/SuperCalc.html", "permalink": "/entries/SuperCalc.html", "shortname": "SuperCalc", "title": "A Variant of the Superposition Calculus", "topic_links": [ "logic/proof-theory" ], "topics": [ "Logic/Proof theory" ], "used_by": 0 }, { "abstract": "A range of algebras between lattices and Boolean algebras generalise the notion of a complement. We develop a hierarchy of these pseudo-complemented algebras that includes Stone algebras. Independently of this theory we study filters based on partial orders. Both theories are combined to prove Chen and Grätzer's construction theorem for Stone algebras. The latter involves extensive reasoning about algebraic structures in addition to reasoning in algebraic structures.", "authors": [ "Walter Guttmann" ], "date": "2016-09-06", - "id": 402, + "id": 403, "link": "/entries/Stone_Algebras.html", "permalink": "/entries/Stone_Algebras.html", "shortname": "Stone_Algebras", "title": "Stone Algebras", "topic_links": [ "mathematics/order" ], "topics": [ "Mathematics/Order" ], "used_by": 2 }, { "abstract": "\u003cp\u003eThis work contains a proof of Stirling's formula both for the factorial $n! \\sim \\sqrt{2\\pi n} (n/e)^n$ on natural numbers and the real Gamma function $\\Gamma(x)\\sim \\sqrt{2\\pi/x} (x/e)^x$. The proof is based on work by \u003ca href=\"http://www.maths.lancs.ac.uk/~jameson/stirlgamma.pdf\"\u003eGraham Jameson\u003c/a\u003e.\u003c/p\u003e \u003cp\u003eThis is then extended to the full asymptotic expansion $$\\log\\Gamma(z) = \\big(z - \\tfrac{1}{2}\\big)\\log z - z + \\tfrac{1}{2}\\log(2\\pi) + \\sum_{k=1}^{n-1} \\frac{B_{k+1}}{k(k+1)} z^{-k}\\\\ {} - \\frac{1}{n} \\int_0^\\infty B_n([t])(t + z)^{-n}\\,\\text{d}t$$ uniformly for all complex $z\\neq 0$ in the cone $\\text{arg}(z)\\leq \\alpha$ for any $\\alpha\\in(0,\\pi)$, with which the above asymptotic relation for \u0026Gamma; is also extended to complex arguments.\u003c/p\u003e", "authors": [ "Manuel Eberl" ], "date": "2016-09-01", - "id": 403, + "id": 404, "link": "/entries/Stirling_Formula.html", "permalink": "/entries/Stirling_Formula.html", "shortname": "Stirling_Formula", "title": "Stirling's formula", "topic_links": [ "mathematics/analysis" ], "topics": [ "Mathematics/Analysis" ], "used_by": 5 }, { "abstract": "This entry contains definitions for routing with routing tables/longest prefix matching. A routing table entry is modelled as a record of a prefix match, a metric, an output port, and an optional next hop. A routing table is a list of entries, sorted by prefix length and metric. Additionally, a parser and serializer for the output of the ip-route command, a function to create a relation from output port to corresponding destination IP space, and a model of a Linux-style router are included.", "authors": [ "Julius Michaelis", "Cornelius Diekmann" ], "date": "2016-08-31", - "id": 404, + "id": 405, "link": "/entries/Routing.html", "permalink": "/entries/Routing.html", "shortname": "Routing", "title": "Routing", "topic_links": [ "computer-science/networks" ], "topics": [ "Computer science/Networks" ], "used_by": 1 }, { "abstract": "We present a simple model of a firewall. The firewall can accept or drop a packet and can match on interfaces, IP addresses, protocol, and ports. It was designed to feature nice mathematical properties: The type of match expressions was carefully crafted such that the conjunction of two match expressions is only one match expression. This model is too simplistic to mirror all aspects of the real world. In the upcoming entry \"Iptables Semantics\", we will translate the Linux firewall iptables to this model. For a fixed service (e.g. ssh, http), we provide an algorithm to compute an overview of the firewall's filtering behavior. The algorithm computes minimal service matrices, i.e. graphs which partition the complete IPv4 and IPv6 address space and visualize the allowed accesses between partitions. For a detailed description, see \u003ca href=\"http://dl.ifip.org/db/conf/networking/networking2016/1570232858.pdf\"\u003eVerified iptables Firewall Analysis\u003c/a\u003e, IFIP Networking 2016.", "authors": [ "Cornelius Diekmann", "Julius Michaelis", "Max W. Haslbeck" ], "date": "2016-08-24", - "id": 405, + "id": 406, "link": "/entries/Simple_Firewall.html", "permalink": "/entries/Simple_Firewall.html", "shortname": "Simple_Firewall", "title": "Simple Firewall", "topic_links": [ "computer-science/networks" ], "topics": [ "Computer science/Networks" ], "used_by": 1 }, { "abstract": "TRACER is a tool for verifying safety properties of sequential C programs. TRACER attempts at building a finite symbolic execution graph which over-approximates the set of all concrete reachable states and the set of feasible paths. We present an abstract framework for TRACER and similar CEGAR-like systems. The framework provides 1) a graph- transformation based method for reducing the feasible paths in control-flow graphs, 2) a model for symbolic execution, subsumption, predicate abstraction and invariant generation. In this framework we formally prove two key properties: correct construction of the symbolic states and preservation of feasible paths. The framework focuses on core operations, leaving to concrete prototypes to “fit in” heuristics for combining them. The accompanying paper (published in ITP 2016) can be found at https://www.lri.fr/∼wolff/papers/conf/2016-itp-InfPathsNSE.pdf.", "authors": [ "Romain Aissat", "Frederic Voisin", "Burkhart Wolff" ], "date": "2016-08-18", - "id": 406, + "id": 407, "link": "/entries/InfPathElimination.html", "permalink": "/entries/InfPathElimination.html", "shortname": "InfPathElimination", "title": "Infeasible Paths Elimination by Symbolic Execution Techniques: Proof of Correctness and Preservation of Paths", "topic_links": [ "computer-science/programming-languages/static-analysis" ], "topics": [ "Computer science/Programming languages/Static analysis" ], "used_by": 0 }, { "abstract": "We present a formalization of the Ford-Fulkerson method for computing the maximum flow in a network. Our formal proof closely follows a standard textbook proof, and is accessible even without being an expert in Isabelle/HOL--- the interactive theorem prover used for the formalization. We then use stepwise refinement to obtain the Edmonds-Karp algorithm, and formally prove a bound on its complexity. Further refinement yields a verified implementation, whose execution time compares well to an unverified reference implementation in Java. This entry is based on our ITP-2016 paper with the same title.", "authors": [ "Peter Lammich", "S. Reza Sefidgar" ], "date": "2016-08-12", - "id": 407, + "id": 408, "link": "/entries/EdmondsKarp_Maxflow.html", "permalink": "/entries/EdmondsKarp_Maxflow.html", "shortname": "EdmondsKarp_Maxflow", "title": "Formalizing the Edmonds-Karp Algorithm", "topic_links": [ "computer-science/algorithms/graph" ], "topics": [ "Computer science/Algorithms/Graph" ], "used_by": 1 }, { "abstract": "We present the Imperative Refinement Framework (IRF), a tool that supports a stepwise refinement based approach to imperative programs. This entry is based on the material we presented in [ITP-2015, CPP-2016]. It uses the Monadic Refinement Framework as a frontend for the specification of the abstract programs, and Imperative/HOL as a backend to generate executable imperative programs. The IRF comes with tool support to synthesize imperative programs from more abstract, functional ones, using efficient imperative implementations for the abstract data structures. This entry also includes the Imperative Isabelle Collection Framework (IICF), which provides a library of re-usable imperative collection data structures. Moreover, this entry contains a quickstart guide and a reference manual, which provide an introduction to using the IRF for Isabelle/HOL experts. It also provids a collection of (partly commented) practical examples, some highlights being Dijkstra's Algorithm, Nested-DFS, and a generic worklist algorithm with subsumption. Finally, this entry contains benchmark scripts that compare the runtime of some examples against reference implementations of the algorithms in Java and C++. [ITP-2015] Peter Lammich: Refinement to Imperative/HOL. ITP 2015: 253--269 [CPP-2016] Peter Lammich: Refinement based verification of imperative data structures. CPP 2016: 27--36", "authors": [ "Peter Lammich" ], "date": "2016-08-08", - "id": 408, + "id": 409, "link": "/entries/Refine_Imperative_HOL.html", "permalink": "/entries/Refine_Imperative_HOL.html", "shortname": "Refine_Imperative_HOL", "title": "The Imperative Refinement Framework", "topic_links": [ "computer-science/semantics-and-reasoning", "computer-science/data-structures" ], "topics": [ "Computer science/Semantics and reasoning", "Computer science/Data structures" ], "used_by": 5 }, { "abstract": "This entry provides an analytic proof to Ptolemy's Theorem using polar form transformation and trigonometric identities. In this formalization, we use ideas from John Harrison's HOL Light formalization and the proof sketch on the Wikipedia entry of Ptolemy's Theorem. This theorem is the 95th theorem of the Top 100 Theorems list.", "authors": [ "Lukas Bulwahn" ], "date": "2016-08-07", - "id": 409, + "id": 410, "link": "/entries/Ptolemys_Theorem.html", "permalink": "/entries/Ptolemys_Theorem.html", "shortname": "Ptolemys_Theorem", "title": "Ptolemy's Theorem", "topic_links": [ "mathematics/geometry" ], "topics": [ "Mathematics/Geometry" ], "used_by": 0 }, { "abstract": "In 1964, Fitch showed that the paradox of the surprise hanging can be resolved by showing that the judge’s verdict is inconsistent. His formalization builds on Gödel’s coding of provability. In this theory, we reproduce his proof in Isabelle, building on Paulson’s formalisation of Gödel’s incompleteness theorems.", "authors": [ "Joachim Breitner" ], "date": "2016-07-17", - "id": 410, + "id": 411, "link": "/entries/Surprise_Paradox.html", "permalink": "/entries/Surprise_Paradox.html", "shortname": "Surprise_Paradox", "title": "Surprise Paradox", "topic_links": [ "logic/proof-theory" ], "topics": [ "Logic/Proof theory" ], "used_by": 0 }, { "abstract": "This library defines three different versions of pairing heaps: a functional version of the original design based on binary trees [Fredman et al. 1986], the version by Okasaki [1998] and a modified version of the latter that is free of structural invariants. \u003cp\u003e The amortized complexity of pairing heaps is analyzed in the AFP article \u003ca href=\"http://isa-afp.org/entries/Amortized_Complexity.html\"\u003eAmortized Complexity\u003c/a\u003e.", "authors": [ "Hauke Brinkop", "Tobias Nipkow" ], "date": "2016-07-14", - "id": 411, + "id": 412, "link": "/entries/Pairing_Heap.html", "permalink": "/entries/Pairing_Heap.html", "shortname": "Pairing_Heap", "title": "Pairing Heap", "topic_links": [ "computer-science/data-structures" ], "topics": [ "Computer science/Data structures" ], "used_by": 2 }, { "abstract": "\u003cp\u003e This entry presents a framework for the modular verification of DFS-based algorithms, which is described in our [CPP-2015] paper. It provides a generic DFS algorithm framework, that can be parameterized with user-defined actions on certain events (e.g. discovery of new node). It comes with an extensible library of invariants, which can be used to derive invariants of a specific parameterization. Using refinement techniques, efficient implementations of the algorithms can easily be derived. Here, the framework comes with templates for a recursive and a tail-recursive implementation, and also with several templates for implementing the data structures required by the DFS algorithm. Finally, this entry contains a set of re-usable DFS-based algorithms, which illustrate the application of the framework. \u003c/p\u003e\u003cp\u003e [CPP-2015] Peter Lammich, René Neumann: A Framework for Verifying Depth-First Search Algorithms. CPP 2015: 137-146\u003c/p\u003e", "authors": [ "Peter Lammich", "René Neumann" ], "date": "2016-07-05", - "id": 412, + "id": 413, "link": "/entries/DFS_Framework.html", "permalink": "/entries/DFS_Framework.html", "shortname": "DFS_Framework", "title": "A Framework for Verifying Depth-First Search Algorithms", "topic_links": [ "computer-science/algorithms/graph" ], "topics": [ "Computer science/Algorithms/Graph" ], "used_by": 4 }, { "abstract": "We provide a basic formal framework for the theory of chamber complexes and Coxeter systems, and for buildings as thick chamber complexes endowed with a system of apartments. Along the way, we develop some of the general theory of abstract simplicial complexes and of groups (relying on the \u003ci\u003egroup_add\u003c/i\u003e class for the basics), including free groups and group presentations, and their universal properties. The main results verified are that the deletion condition is both necessary and sufficient for a group with a set of generators of order two to be a Coxeter system, and that the apartments in a (thick) building are all uniformly Coxeter.", "authors": [ "Jeremy Sylvestre" ], "date": "2016-07-01", - "id": 413, + "id": 414, "link": "/entries/Buildings.html", "permalink": "/entries/Buildings.html", "shortname": "Buildings", "title": "Chamber Complexes, Coxeter Systems, and Buildings", "topic_links": [ "mathematics/algebra", "mathematics/geometry" ], "topics": [ "Mathematics/Algebra", "Mathematics/Geometry" ], "used_by": 0 }, { "abstract": "This theory is a formalization of the resolution calculus for first-order logic. It is proven sound and complete. The soundness proof uses the substitution lemma, which shows a correspondence between substitutions and updates to an environment. The completeness proof uses semantic trees, i.e. trees whose paths are partial Herbrand interpretations. It employs Herbrand's theorem in a formulation which states that an unsatisfiable set of clauses has a finite closed semantic tree. It also uses the lifting lemma which lifts resolution derivation steps from the ground world up to the first-order world. The theory is presented in a paper in the Journal of Automated Reasoning [Sch18] which extends a paper presented at the International Conference on Interactive Theorem Proving [Sch16]. An earlier version was presented in an MSc thesis [Sch15]. The formalization mostly follows textbooks by Ben-Ari [BA12], Chang and Lee [CL73], and Leitsch [Lei97]. The theory is part of the IsaFoL project [IsaFoL]. \u003cp\u003e \u003ca name=\"Sch18\"\u003e\u003c/a\u003e[Sch18] Anders Schlichtkrull. \"Formalization of the Resolution Calculus for First-Order Logic\". Journal of Automated Reasoning, 2018.\u003cbr\u003e \u003ca name=\"Sch16\"\u003e\u003c/a\u003e[Sch16] Anders Schlichtkrull. \"Formalization of the Resolution Calculus for First-Order Logic\". In: ITP 2016. Vol. 9807. LNCS. Springer, 2016.\u003cbr\u003e \u003ca name=\"Sch15\"\u003e\u003c/a\u003e[Sch15] Anders Schlichtkrull. \u003ca href=\"https://people.compute.dtu.dk/andschl/Thesis.pdf\"\u003e \"Formalization of Resolution Calculus in Isabelle\"\u003c/a\u003e. \u003ca href=\"https://people.compute.dtu.dk/andschl/Thesis.pdf\"\u003ehttps://people.compute.dtu.dk/andschl/Thesis.pdf\u003c/a\u003e. MSc thesis. Technical University of Denmark, 2015.\u003cbr\u003e \u003ca name=\"BA12\"\u003e\u003c/a\u003e[BA12] Mordechai Ben-Ari. \u003ci\u003eMathematical Logic for Computer Science\u003c/i\u003e. 3rd. Springer, 2012.\u003cbr\u003e \u003ca name=\"CL73\"\u003e\u003c/a\u003e[CL73] Chin-Liang Chang and Richard Char-Tung Lee. \u003ci\u003eSymbolic Logic and Mechanical Theorem Proving\u003c/i\u003e. 1st. Academic Press, Inc., 1973.\u003cbr\u003e \u003ca name=\"Lei97\"\u003e\u003c/a\u003e[Lei97] Alexander Leitsch. \u003ci\u003eThe Resolution Calculus\u003c/i\u003e. Texts in theoretical computer science. Springer, 1997.\u003cbr\u003e \u003ca name=\"IsaFoL\"\u003e\u003c/a\u003e[IsaFoL] IsaFoL authors. \u003ca href=\"https://bitbucket.org/jasmin_blanchette/isafol\"\u003e IsaFoL: Isabelle Formalization of Logic\u003c/a\u003e. \u003ca href=\"https://bitbucket.org/jasmin_blanchette/isafol\"\u003ehttps://bitbucket.org/jasmin_blanchette/isafol\u003c/a\u003e.", "authors": [ "Anders Schlichtkrull" ], "date": "2016-06-30", - "id": 414, + "id": 415, "link": "/entries/Resolution_FOL.html", "permalink": "/entries/Resolution_FOL.html", "shortname": "Resolution_FOL", "title": "The Resolution Calculus for First-Order Logic", "topic_links": [ "logic/general-logic/mechanization-of-proofs" ], "topics": [ "Logic/General logic/Mechanization of proofs" ], "used_by": 0 }, { "abstract": "We formalize the Z property introduced by Dehornoy and van Oostrom. First we show that for any abstract rewrite system, Z implies confluence. Then we give two examples of proofs using Z: confluence of lambda-calculus with respect to beta-reduction and confluence of combinatory logic.", "authors": [ "Bertram Felgenhauer", "Julian Nagele", "Vincent van Oostrom", "Christian Sternagel" ], "date": "2016-06-30", - "id": 415, + "id": 416, "link": "/entries/Rewriting_Z.html", "permalink": "/entries/Rewriting_Z.html", "shortname": "Rewriting_Z", "title": "The Z Property", "topic_links": [ "logic/rewriting" ], "topics": [ "Logic/Rewriting" ], "used_by": 0 }, { "abstract": "The paper \"Compositional Verification and Refinement of Concurrent Value-Dependent Noninterference\" by Murray et. al. (CSF 2016) presents a compositional theory of refinement for a value-dependent noninterference property, defined in (Murray, PLAS 2015), for concurrent programs. This development formalises that refinement theory, and demonstrates its application on some small examples.", "authors": [ "Toby Murray", "Robert Sison", "Edward Pierzchalski", "Christine Rizkallah" ], "date": "2016-06-28", - "id": 416, + "id": 417, "link": "/entries/Dependent_SIFUM_Refinement.html", "permalink": "/entries/Dependent_SIFUM_Refinement.html", "shortname": "Dependent_SIFUM_Refinement", "title": "Compositional Security-Preserving Refinement for Concurrent Imperative Programs", "topic_links": [ "computer-science/security" ], "topics": [ "Computer science/Security" ], "used_by": 0 }, { "abstract": "This entry contains a definition of IP addresses and a library to work with them. Generic IP addresses are modeled as machine words of arbitrary length. Derived from this generic definition, IPv4 addresses are 32bit machine words, IPv6 addresses are 128bit words. Additionally, IPv4 addresses can be represented in dot-decimal notation and IPv6 addresses in (compressed) colon-separated notation. We support toString functions and parsers for both notations. Sets of IP addresses can be represented with a netmask (e.g. 192.168.0.0/255.255.0.0) or in CIDR notation (e.g. 192.168.0.0/16). To provide executable code for set operations on IP address ranges, the library includes a datatype to work on arbitrary intervals of machine words.", "authors": [ "Cornelius Diekmann", "Julius Michaelis", "Lars Hupel" ], "date": "2016-06-28", - "id": 417, + "id": 418, "link": "/entries/IP_Addresses.html", "permalink": "/entries/IP_Addresses.html", "shortname": "IP_Addresses", "title": "IP Addresses", "topic_links": [ "computer-science/networks" ], "topics": [ "Computer science/Networks" ], "used_by": 1 }, { "abstract": "\u003cp\u003eThis entry provides three lemmas to count the number of multisets of a given size and finite carrier set. The first lemma provides a cardinality formula assuming that the multiset's elements are chosen from the given carrier set. The latter two lemmas provide formulas assuming that the multiset's elements also cover the given carrier set, i.e., each element of the carrier set occurs in the multiset at least once.\u003c/p\u003e \u003cp\u003eThe proof of the first lemma uses the argument of the recurrence relation for counting multisets. The proof of the second lemma is straightforward, and the proof of the third lemma is easily obtained using the first cardinality lemma. A challenge for the formalization is the derivation of the required induction rule, which is a special combination of the induction rules for finite sets and natural numbers. The induction rule is derived by defining a suitable inductive predicate and transforming the predicate's induction rule.\u003c/p\u003e", "authors": [ "Lukas Bulwahn" ], "date": "2016-06-26", - "id": 418, + "id": 419, "link": "/entries/Card_Multisets.html", "permalink": "/entries/Card_Multisets.html", "shortname": "Card_Multisets", "title": "Cardinality of Multisets", "topic_links": [ "mathematics/combinatorics" ], "topics": [ "Mathematics/Combinatorics" ], "used_by": 1 }, { "abstract": "\u003cp\u003e This article attempts to develop a usable framework for doing category theory in Isabelle/HOL. Our point of view, which to some extent differs from that of the previous AFP articles on the subject, is to try to explore how category theory can be done efficaciously within HOL, rather than trying to match exactly the way things are done using a traditional approach. To this end, we define the notion of category in an \"object-free\" style, in which a category is represented by a single partial composition operation on arrows. This way of defining categories provides some advantages in the context of HOL, including the ability to avoid the use of records and the possibility of defining functors and natural transformations simply as certain functions on arrows, rather than as composite objects. We define various constructions associated with the basic notions, including: dual category, product category, functor category, discrete category, free category, functor composition, and horizontal and vertical composite of natural transformations. A \"set category\" locale is defined that axiomatizes the notion \"category of all sets at a type and all functions between them,\" and a fairly extensive set of properties of set categories is derived from the locale assumptions. The notion of a set category is used to prove the Yoneda Lemma in a general setting of a category equipped with a \"hom embedding,\" which maps arrows of the category to the \"universe\" of the set category. We also give a treatment of adjunctions, defining adjunctions via left and right adjoint functors, natural bijections between hom-sets, and unit and counit natural transformations, and showing the equivalence of these definitions. We also develop the theory of limits, including representations of functors, diagrams and cones, and diagonal functors. We show that right adjoint functors preserve limits, and that limits can be constructed via products and equalizers. We characterize the conditions under which limits exist in a set category. We also examine the case of limits in a functor category, ultimately culminating in a proof that the Yoneda embedding preserves limits. \u003c/p\u003e\u003cp\u003e Revisions made subsequent to the first version of this article added material on equivalence of categories, cartesian categories, categories with pullbacks, categories with finite limits, and cartesian closed categories. A construction was given of the category of hereditarily finite sets and functions between them, and it was shown that this category is cartesian closed. \u003c/p\u003e", "authors": [ "Eugene W. Stark" ], "date": "2016-06-26", - "id": 419, + "id": 420, "link": "/entries/Category3.html", "permalink": "/entries/Category3.html", "shortname": "Category3", "title": "Category Theory with Adjunctions and Limits", "topic_links": [ "mathematics/category-theory" ], "topics": [ "Mathematics/Category theory" ], "used_by": 1 }, { "abstract": "The paper \"Compositional Verification and Refinement of Concurrent Value-Dependent Noninterference\" by Murray et. al. (CSF 2016) presents a dependent security type system for compositionally verifying a value-dependent noninterference property, defined in (Murray, PLAS 2015), for concurrent programs. This development formalises that security definition, the type system and its soundness proof, and demonstrates its application on some small examples. It was derived from the SIFUM_Type_Systems AFP entry, by Sylvia Grewe, Heiko Mantel and Daniel Schoepe, and whose structure it inherits.", "authors": [ "Toby Murray", "Robert Sison", "Edward Pierzchalski", "Christine Rizkallah" ], "date": "2016-06-25", - "id": 420, + "id": 421, "link": "/entries/Dependent_SIFUM_Type_Systems.html", "permalink": "/entries/Dependent_SIFUM_Type_Systems.html", "shortname": "Dependent_SIFUM_Type_Systems", "title": "A Dependent Security Type System for Concurrent Imperative Programs", "topic_links": [ "computer-science/security", "computer-science/programming-languages/type-systems" ], "topics": [ "Computer science/Security", "Computer science/Programming languages/Type systems" ], "used_by": 1 }, { "abstract": "\u003cp\u003eIn this work, we define the Catalan numbers \u003cem\u003eC\u003csub\u003en\u003c/sub\u003e\u003c/em\u003e and prove several equivalent definitions (including some closed-form formulae). We also show one of their applications (counting the number of binary trees of size \u003cem\u003en\u003c/em\u003e), prove the asymptotic growth approximation \u003cem\u003eC\u003csub\u003en\u003c/sub\u003e \u0026sim; 4\u003csup\u003en\u003c/sup\u003e / (\u0026radic;\u003cspan style=\"text-decoration: overline\"\u003e\u0026pi;\u003c/span\u003e \u0026middot; n\u003csup\u003e1.5\u003c/sup\u003e)\u003c/em\u003e, and provide reasonably efficient executable code to compute them.\u003c/p\u003e \u003cp\u003eThe derivation of the closed-form formulae uses algebraic manipulations of the ordinary generating function of the Catalan numbers, and the asymptotic approximation is then done using generalised binomial coefficients and the Gamma function. Thanks to these highly non-elementary mathematical tools, the proofs are very short and simple.\u003c/p\u003e", "authors": [ "Manuel Eberl" ], "date": "2016-06-21", - "id": 421, + "id": 422, "link": "/entries/Catalan_Numbers.html", "permalink": "/entries/Catalan_Numbers.html", "shortname": "Catalan_Numbers", "title": "Catalan Numbers", "topic_links": [ "mathematics/combinatorics" ], "topics": [ "Mathematics/Combinatorics" ], "used_by": 0 }, { "abstract": "Variants of Kleene algebra support program construction and verification by algebraic reasoning. This entry provides a verification component for Hoare logic based on Kleene algebra with tests, verification components for weakest preconditions and strongest postconditions based on Kleene algebra with domain and a component for step-wise refinement based on refinement Kleene algebra with tests. In addition to these components for the partial correctness of while programs, a verification component for total correctness based on divergence Kleene algebras and one for (partial correctness) of recursive programs based on domain quantales are provided. Finally we have integrated memory models for programs with pointers and a program trace semantics into the weakest precondition component.", "authors": [ "Victor B. F. Gomes", "Georg Struth" ], "date": "2016-06-18", - "id": 422, + "id": 423, "link": "/entries/Algebraic_VCs.html", "permalink": "/entries/Algebraic_VCs.html", "shortname": "Algebraic_VCs", "title": "Program Construction and Verification Components Based on Kleene Algebra", "topic_links": [ "mathematics/algebra" ], "topics": [ "Mathematics/Algebra" ], "used_by": 0 }, { "abstract": "\u003cp\u003eIn his outstanding work on Communicating Sequential Processes, Hoare has defined two fundamental binary operations allowing to compose the input processes into another, typically more complex, process: sequential composition and concurrent composition. Particularly, the output of the latter operation is a process in which any event not shared by both operands can occur whenever the operand that admits the event can engage in it, whereas any event shared by both operands can occur just in case both can engage in it.\u003c/p\u003e \u003cp\u003eThis paper formalizes Hoare's definition of concurrent composition and proves, in the general case of a possibly intransitive policy, that CSP noninterference security is conserved under this operation. This result, along with the previous analogous one concerning sequential composition, enables the construction of more and more complex processes enforcing noninterference security by composing, sequentially or concurrently, simpler secure processes, whose security can in turn be proven using either the definition of security, or unwinding theorems.\u003c/p\u003e", "authors": [ "Pasquale Noce" ], "date": "2016-06-13", - "id": 423, + "id": 424, "link": "/entries/Noninterference_Concurrent_Composition.html", "permalink": "/entries/Noninterference_Concurrent_Composition.html", "shortname": "Noninterference_Concurrent_Composition", "title": "Conservation of CSP Noninterference Security under Concurrent Composition", "topic_links": [ "computer-science/security", "computer-science/concurrency/process-calculi" ], "topics": [ "Computer science/Security", "Computer science/Concurrency/Process calculi" ], "used_by": 0 }, { "abstract": "This entry contains an extension to the Isabelle library for fixed-width machine words. In particular, the entry adds quickcheck setup for words, printing as hexadecimals, additional operations, reasoning about alignment, signed words, enumerations of words, normalisation of word numerals, and an extensive library of properties about generic fixed-width words, as well as an instantiation of many of these to the commonly used 32 and 64-bit bases.", "authors": [ "Joel Beeren", "Matthew Fernandez", "Xin Gao", "Gerwin Klein", "Rafal Kolanski", "Japheth Lim", "Corey Lewis", "Daniel Matichuk", "Thomas Sewell" ], "date": "2016-06-09", - "id": 424, + "id": 425, "link": "/entries/Word_Lib.html", "permalink": "/entries/Word_Lib.html", "shortname": "Word_Lib", "title": "Finite Machine Word Library", "topic_links": [ "computer-science/data-structures" ], "topics": [ "Computer science/Data structures" ], "used_by": 8 }, { "abstract": "We formalize tree decompositions and tree width in Isabelle/HOL, proving that trees have treewidth 1. We also show that every edge of a tree decomposition is a separation of the underlying graph. As an application of this theorem we prove that complete graphs of size n have treewidth n-1.", "authors": [ "Christoph Dittmann" ], "date": "2016-05-31", - "id": 425, + "id": 426, "link": "/entries/Tree_Decomposition.html", "permalink": "/entries/Tree_Decomposition.html", "shortname": "Tree_Decomposition", "title": "Tree Decomposition", "topic_links": [ "mathematics/graph-theory" ], "topics": [ "Mathematics/Graph theory" ], "used_by": 0 }, { "abstract": "This entry provides formulae for counting the number of equivalence relations and partial equivalence relations over a finite carrier set with given cardinality. To count the number of equivalence relations, we provide bijections between equivalence relations and set partitions, and then transfer the main results of the two AFP entries, Cardinality of Set Partitions and Spivey's Generalized Recurrence for Bell Numbers, to theorems on equivalence relations. To count the number of partial equivalence relations, we observe that counting partial equivalence relations over a set A is equivalent to counting all equivalence relations over all subsets of the set A. From this observation and the results on equivalence relations, we show that the cardinality of partial equivalence relations over a finite set of cardinality n is equal to the n+1-th Bell number.", "authors": [ "Lukas Bulwahn" ], "date": "2016-05-24", - "id": 426, + "id": 427, "link": "/entries/Card_Equiv_Relations.html", "permalink": "/entries/Card_Equiv_Relations.html", "shortname": "Card_Equiv_Relations", "title": "Cardinality of Equivalence Relations", "topic_links": [ "mathematics/combinatorics" ], "topics": [ "Mathematics/Combinatorics" ], "used_by": 1 }, { "abstract": "Brzozowski introduced the notion of derivatives for regular expressions. They can be used for a very simple regular expression matching algorithm. Sulzmann and Lu cleverly extended this algorithm in order to deal with POSIX matching, which is the underlying disambiguation strategy for regular expressions needed in lexers. In this entry we give our inductive definition of what a POSIX value is and show (i) that such a value is unique (for given regular expression and string being matched) and (ii) that Sulzmann and Lu's algorithm always generates such a value (provided that the regular expression matches the string). We also prove the correctness of an optimised version of the POSIX matching algorithm.", "authors": [ "Fahad Ausaf", "Roy Dyckhoff", "Christian Urban" ], "date": "2016-05-24", - "id": 427, + "id": 428, "link": "/entries/Posix-Lexing.html", "permalink": "/entries/Posix-Lexing.html", "shortname": "Posix-Lexing", "title": "POSIX Lexing with Derivatives of Regular Expressions", "topic_links": [ "computer-science/automata-and-formal-languages" ], "topics": [ "Computer science/Automata and formal languages" ], "used_by": 0 }, { "abstract": "\u003cp\u003eThe spectral radius of a matrix A is the maximum norm of all eigenvalues of A. In previous work we already formalized that for a complex matrix A, the values in A\u003csup\u003en\u003c/sup\u003e grow polynomially in n if and only if the spectral radius is at most one. One problem with the above characterization is the determination of all \u003cem\u003ecomplex\u003c/em\u003e eigenvalues. In case A contains only non-negative real values, a simplification is possible with the help of the Perron\u0026ndash;Frobenius theorem, which tells us that it suffices to consider only the \u003cem\u003ereal\u003c/em\u003e eigenvalues of A, i.e., applying Sturm's method can decide the polynomial growth of A\u003csup\u003en\u003c/sup\u003e. \u003c/p\u003e\u003cp\u003e We formalize the Perron\u0026ndash;Frobenius theorem based on a proof via Brouwer's fixpoint theorem, which is available in the HOL multivariate analysis (HMA) library. Since the results on the spectral radius is based on matrices in the Jordan normal form (JNF) library, we further develop a connection which allows us to easily transfer theorems between HMA and JNF. With this connection we derive the combined result: if A is a non-negative real matrix, and no real eigenvalue of A is strictly larger than one, then A\u003csup\u003en\u003c/sup\u003e is polynomially bounded in n. \u003c/p\u003e", "authors": [ "Jose Divasón", "Ondřej Kunčar", "René Thiemann", "Akihisa Yamada" ], "date": "2016-05-20", - "id": 428, + "id": 429, "link": "/entries/Perron_Frobenius.html", "permalink": "/entries/Perron_Frobenius.html", "shortname": "Perron_Frobenius", "title": "Perron-Frobenius Theorem for Spectral Radius Analysis", "topic_links": [ "mathematics/algebra" ], "topics": [ "Mathematics/Algebra" ], "used_by": 3 }, { "abstract": "The \u003ca href=\"http://incredible.pm\"\u003eIncredible Proof Machine\u003c/a\u003e is an interactive visual theorem prover which represents proofs as port graphs. We model this proof representation in Isabelle, and prove that it is just as powerful as natural deduction.", "authors": [ "Joachim Breitner", "Denis Lohner" ], "date": "2016-05-20", - "id": 429, + "id": 430, "link": "/entries/Incredible_Proof_Machine.html", "permalink": "/entries/Incredible_Proof_Machine.html", "shortname": "Incredible_Proof_Machine", "title": "The meta theory of the Incredible Proof Machine", "topic_links": [ "logic/proof-theory" ], "topics": [ "Logic/Proof theory" ], "used_by": 0 }, { "abstract": "The impossibility of distributed consensus with one faulty process is a result with important consequences for real world distributed systems e.g., commits in replicated databases. Since proofs are not immune to faults and even plausible proofs with a profound formalism can conclude wrong results, we validate the fundamental result named FLP after Fischer, Lynch and Paterson. We present a formalization of distributed systems and the aforementioned consensus problem. Our proof is based on Hagen Völzer's paper \"A constructive proof for FLP\". In addition to the enhanced confidence in the validity of Völzer's proof, we contribute the missing gaps to show the correctness in Isabelle/HOL. We clarify the proof details and even prove fairness of the infinite execution that contradicts consensus. Our Isabelle formalization can also be reused for further proofs of properties of distributed systems.", "authors": [ "Benjamin Bisping", "Paul-David Brodmann", "Tim Jungnickel", "Christina Rickmann", "Henning Seidler", "Anke Stüber", "Arno Wilhelm-Weidner", "Kirstin Peters", "Uwe Nestmann" ], "date": "2016-05-18", - "id": 430, + "id": 431, "link": "/entries/FLP.html", "permalink": "/entries/FLP.html", "shortname": "FLP", "title": "A Constructive Proof for FLP", "topic_links": [ "computer-science/concurrency" ], "topics": [ "Computer science/Concurrency" ], "used_by": 0 }, { "abstract": "This article formalises a proof of the maximum-flow minimal-cut theorem for networks with countably many edges. A network is a directed graph with non-negative real-valued edge labels and two dedicated vertices, the source and the sink. A flow in a network assigns non-negative real numbers to the edges such that for all vertices except for the source and the sink, the sum of values on incoming edges equals the sum of values on outgoing edges. A cut is a subset of the vertices which contains the source, but not the sink. Our theorem states that in every network, there is a flow and a cut such that the flow saturates all the edges going out of the cut and is zero on all the incoming edges. The proof is based on the paper \u003cemph\u003eThe Max-Flow Min-Cut theorem for countable networks\u003c/emph\u003e by Aharoni et al. Additionally, we prove a characterisation of the lifting operation for relations on discrete probability distributions, which leads to a concise proof of its distributivity over relation composition.", "authors": [ "Andreas Lochbihler" ], "date": "2016-05-09", - "id": 431, + "id": 432, "link": "/entries/MFMC_Countable.html", "permalink": "/entries/MFMC_Countable.html", "shortname": "MFMC_Countable", "title": "A Formal Proof of the Max-Flow Min-Cut Theorem for Countable Networks", "topic_links": [ "mathematics/graph-theory" ], "topics": [ "Mathematics/Graph theory" ], "used_by": 1 }, { "abstract": "This work contains a formalisation of basic Randomised Social Choice, including Stochastic Dominance and Social Decision Schemes (SDSs) along with some of their most important properties (Anonymity, Neutrality, ex-post- and SD-Efficiency, SD-Strategy-Proofness) and two particular SDSs – Random Dictatorship and Random Serial Dictatorship (with proofs of the properties that they satisfy). Many important properties of these concepts are also proven – such as the two equivalent characterisations of Stochastic Dominance and the fact that SD-efficiency of a lottery only depends on the support. The entry also provides convenient commands to define Preference Profiles, prove their well-formedness, and automatically derive restrictions that sufficiently nice SDSs need to satisfy on the defined profiles. Currently, the formalisation focuses on weak preferences and Stochastic Dominance, but it should be easy to extend it to other domains – such as strict preferences – or other lottery extensions – such as Bilinear Dominance or Pairwise Comparison.", "authors": [ "Manuel Eberl" ], "date": "2016-05-05", - "id": 432, + "id": 433, "link": "/entries/Randomised_Social_Choice.html", "permalink": "/entries/Randomised_Social_Choice.html", "shortname": "Randomised_Social_Choice", "title": "Randomised Social Choice Theory", "topic_links": [ "mathematics/games-and-economics" ], "topics": [ "Mathematics/Games and economics" ], "used_by": 2 }, { "abstract": "This entry defines the Bell numbers as the cardinality of set partitions for a carrier set of given size, and derives Spivey's generalized recurrence relation for Bell numbers following his elegant and intuitive combinatorial proof. \u003cp\u003e As the set construction for the combinatorial proof requires construction of three intermediate structures, the main difficulty of the formalization is handling the overall combinatorial argument in a structured way. The introduced proof structure allows us to compose the combinatorial argument from its subparts, and supports to keep track how the detailed proof steps are related to the overall argument. To obtain this structure, this entry uses set monad notation for the set construction's definition, introduces suitable predicates and rules, and follows a repeating structure in its Isar proof.", "authors": [ "Lukas Bulwahn" ], "date": "2016-05-04", - "id": 433, + "id": 434, "link": "/entries/Bell_Numbers_Spivey.html", "permalink": "/entries/Bell_Numbers_Spivey.html", "shortname": "Bell_Numbers_Spivey", "title": "Spivey's Generalized Recurrence for Bell Numbers", "topic_links": [ "mathematics/combinatorics" ], "topics": [ "Mathematics/Combinatorics" ], "used_by": 2 }, { "abstract": "This formalisation contains the proof that there is no anonymous and neutral Social Decision Scheme for at least four voters and alternatives that fulfils both SD-Efficiency and SD-Strategy- Proofness. The proof is a fully structured and quasi-human-redable one. It was derived from the (unstructured) SMT proof of the case for exactly four voters and alternatives by Brandl et al. Their proof relies on an unverified translation of the original problem to SMT, and the proof that lifts the argument for exactly four voters and alternatives to the general case is also not machine-checked. In this Isabelle proof, on the other hand, all of these steps are fully proven and machine-checked. This is particularly important seeing as a previously published informal proof of a weaker statement contained a mistake in precisely this lifting step.", "authors": [ "Manuel Eberl" ], "date": "2016-05-04", - "id": 434, + "id": 435, "link": "/entries/SDS_Impossibility.html", "permalink": "/entries/SDS_Impossibility.html", "shortname": "SDS_Impossibility", "title": "The Incompatibility of SD-Efficiency and SD-Strategy-Proofness", "topic_links": [ "mathematics/games-and-economics" ], "topics": [ "Mathematics/Games and economics" ], "used_by": 0 }, { "abstract": "This formalization is concerned with the theory of Gröbner bases in (commutative) multivariate polynomial rings over fields, originally developed by Buchberger in his 1965 PhD thesis. Apart from the statement and proof of the main theorem of the theory, the formalization also implements Buchberger's algorithm for actually computing Gröbner bases as a tail-recursive function, thus allowing to effectively decide ideal membership in finitely generated polynomial ideals. Furthermore, all functions can be executed on a concrete representation of multivariate polynomials as association lists.", "authors": [ "Fabian Immler", "Alexander Maletzky" ], "date": "2016-05-02", - "id": 435, + "id": 436, "link": "/entries/Groebner_Bases.html", "permalink": "/entries/Groebner_Bases.html", "shortname": "Groebner_Bases", "title": "Gröbner Bases Theory", "topic_links": [ "mathematics/algebra", "computer-science/algorithms/mathematical" ], "topics": [ "Mathematics/Algebra", "Computer science/Algorithms/Mathematical" ], "used_by": 4 }, { "abstract": "We provide a formal proof within First Order Relativity Theory that no observer can travel faster than the speed of light. Originally reported in Stannett \u0026 Németi (2014) \"Using Isabelle/HOL to verify first-order relativity theory\", Journal of Automated Reasoning 52(4), pp. 361-378.", "authors": [ "Mike Stannett", "István Németi" ], "date": "2016-04-28", - "id": 436, + "id": 437, "link": "/entries/No_FTL_observers.html", "permalink": "/entries/No_FTL_observers.html", "shortname": "No_FTL_observers", "title": "No Faster-Than-Light Observers", "topic_links": [ "mathematics/physics" ], "topics": [ "Mathematics/Physics" ], "used_by": 0 }, { "abstract": "The theory provides a formalisation of the Cocke-Younger-Kasami algorithm (CYK for short), an approach to solving the word problem for context-free languages. CYK decides if a word is in the languages generated by a context-free grammar in Chomsky normal form. The formalized algorithm is executable.", "authors": [ "Maksym Bortin" ], "date": "2016-04-27", - "id": 437, + "id": 438, "link": "/entries/CYK.html", "permalink": "/entries/CYK.html", "shortname": "CYK", "title": "A formalisation of the Cocke-Younger-Kasami algorithm", "topic_links": [ "computer-science/algorithms", "computer-science/automata-and-formal-languages" ], "topics": [ "Computer science/Algorithms", "Computer science/Automata and formal languages" ], "used_by": 0 }, { "abstract": "We present a verified and executable implementation of ROBDDs in Isabelle/HOL. Our implementation relates pointer-based computation in the Heap monad to operations on an abstract definition of boolean functions. Internally, we implemented the if-then-else combinator in a recursive fashion, following the Shannon decomposition of the argument functions. The implementation mixes and adapts known techniques and is built with efficiency in mind.", "authors": [ "Julius Michaelis", "Max W. Haslbeck", "Peter Lammich", "Lars Hupel" ], "date": "2016-04-27", - "id": 438, + "id": 439, "link": "/entries/ROBDD.html", "permalink": "/entries/ROBDD.html", "shortname": "ROBDD", "title": "Algorithms for Reduced Ordered Binary Decision Diagrams", "topic_links": [ "computer-science/algorithms", "computer-science/data-structures" ], "topics": [ "Computer science/Algorithms", "Computer science/Data structures" ], "used_by": 1 }, { "abstract": "\u003cp\u003eIn his outstanding work on Communicating Sequential Processes, Hoare has defined two fundamental binary operations allowing to compose the input processes into another, typically more complex, process: sequential composition and concurrent composition. Particularly, the output of the former operation is a process that initially behaves like the first operand, and then like the second operand once the execution of the first one has terminated successfully, as long as it does.\u003c/p\u003e \u003cp\u003eThis paper formalizes Hoare's definition of sequential composition and proves, in the general case of a possibly intransitive policy, that CSP noninterference security is conserved under this operation, provided that successful termination cannot be affected by confidential events and cannot occur as an alternative to other events in the traces of the first operand. Both of these assumptions are shown, by means of counterexamples, to be necessary for the theorem to hold.\u003c/p\u003e", "authors": [ "Pasquale Noce" ], "date": "2016-04-26", - "id": 439, + "id": 440, "link": "/entries/Noninterference_Sequential_Composition.html", "permalink": "/entries/Noninterference_Sequential_Composition.html", "shortname": "Noninterference_Sequential_Composition", "title": "Conservation of CSP Noninterference Security under Sequential Composition", "topic_links": [ "computer-science/security", "computer-science/concurrency/process-calculi" ], "topics": [ "Computer science/Security", "Computer science/Concurrency/Process calculi" ], "used_by": 1 }, { "abstract": "Kleene algebras with domain are Kleene algebras endowed with an operation that maps each element of the algebra to its domain of definition (or its complement) in abstract fashion. They form a simple algebraic basis for Hoare logics, dynamic logics or predicate transformer semantics. We formalise a modular hierarchy of algebras with domain and antidomain (domain complement) operations in Isabelle/HOL that ranges from domain and antidomain semigroups to modal Kleene algebras and divergence Kleene algebras. We link these algebras with models of binary relations and program traces. We include some examples from modal logics, termination and program analysis.", "authors": [ "Victor B. F. Gomes", "Walter Guttmann", "Peter Höfner", "Georg Struth", "Tjark Weber" ], "date": "2016-04-12", - "id": 440, + "id": 441, "link": "/entries/KAD.html", "permalink": "/entries/KAD.html", "shortname": "KAD", "title": "Kleene Algebras with Domain", "topic_links": [ "computer-science/programming-languages/logics", "computer-science/automata-and-formal-languages", "mathematics/algebra" ], "topics": [ "Computer science/Programming languages/Logics", "Computer science/Automata and formal languages", "Mathematics/Algebra" ], "used_by": 2 }, { "abstract": "We provide formal proofs in Isabelle-HOL (using mostly structured Isar proofs) of the soundness and completeness of the Resolution rule in propositional logic. The completeness proofs take into account the usual redundancy elimination rules (tautology elimination and subsumption), and several refinements of the Resolution rule are considered: ordered resolution (with selection functions), positive and negative resolution, semantic resolution and unit resolution (the latter refinement is complete only for clause sets that are Horn- renamable). We also define a concrete procedure for computing saturated sets and establish its soundness and completeness. The clause sets are not assumed to be finite, so that the results can be applied to formulas obtained by grounding sets of first-order clauses (however, a total ordering among atoms is assumed to be given). Next, we show that the unrestricted Resolution rule is deductive- complete, in the sense that it is able to generate all (prime) implicates of any set of propositional clauses (i.e., all entailment- minimal, non-valid, clausal consequences of the considered set). The generation of prime implicates is an important problem, with many applications in artificial intelligence and verification (for abductive reasoning, knowledge compilation, diagnosis, debugging etc.). We also show that implicates can be computed in an incremental way, by fixing an ordering among all the atoms in the considered sets and resolving upon these atoms one by one in the considered order (with no backtracking). This feature is critical for the efficient computation of prime implicates. Building on these results, we provide a procedure for computing such implicates and establish its soundness and completeness.", "authors": [ "Nicolas Peltier" ], "date": "2016-03-11", - "id": 441, + "id": 442, "link": "/entries/PropResPI.html", "permalink": "/entries/PropResPI.html", "shortname": "PropResPI", "title": "Propositional Resolution and Prime Implicates Generation", "topic_links": [ "logic/general-logic/mechanization-of-proofs" ], "topics": [ "Logic/General logic/Mechanization of proofs" ], "used_by": 0 }, { "abstract": "The Cartan fixed point theorems concern the group of holomorphic automorphisms on a connected open set of C\u003csup\u003en\u003c/sup\u003e. Ciolli et al. have formalised the one-dimensional case of these theorems in HOL Light. This entry contains their proofs, ported to Isabelle/HOL. Thus it addresses the authors' remark that \"it would be important to write a formal proof in a language that can be read by both humans and machines\".", "authors": [ "Lawrence C. Paulson" ], "date": "2016-03-08", - "id": 442, + "id": 443, "link": "/entries/Cartan_FP.html", "permalink": "/entries/Cartan_FP.html", "shortname": "Cartan_FP", "title": "The Cartan Fixed Point Theorems", "topic_links": [ "mathematics/analysis" ], "topics": [ "Mathematics/Analysis" ], "used_by": 0 }, { "abstract": "Timed automata are a widely used formalism for modeling real-time systems, which is employed in a class of successful model checkers such as UPPAAL [LPY97], HyTech [HHWt97] or Kronos [Yov97]. This work formalizes the theory for the subclass of diagonal-free timed automata, which is sufficient to model many interesting problems. We first define the basic concepts and semantics of diagonal-free timed automata. Based on this, we prove two types of decidability results for the language emptiness problem. The first is the classic result of Alur and Dill [AD90, AD94], which uses a finite partitioning of the state space into so-called `regions`. Our second result focuses on an approach based on `Difference Bound Matrices (DBMs)`, which is practically used by model checkers. We prove the correctness of the basic forward analysis operations on DBMs. One of these operations is the Floyd-Warshall algorithm for the all-pairs shortest paths problem. To obtain a finite search space, a widening operation has to be used for this kind of analysis. We use Patricia Bouyer's [Bou04] approach to prove that this widening operation is correct in the sense that DBM-based forward analysis in combination with the widening operation also decides language emptiness. The interesting property of this proof is that the first decidability result is reused to obtain the second one.", "authors": [ "Simon Wimmer" ], "date": "2016-03-08", - "id": 443, + "id": 444, "link": "/entries/Timed_Automata.html", "permalink": "/entries/Timed_Automata.html", "shortname": "Timed_Automata", "title": "Timed Automata", "topic_links": [ "computer-science/automata-and-formal-languages" ], "topics": [ "Computer science/Automata and formal languages" ], "used_by": 1 }, { "abstract": "This theory provides a formalisation of linear temporal logic (LTL) and unifies previous formalisations within the AFP. This entry establishes syntax and semantics for this logic and decouples it from existing entries, yielding a common environment for theories reasoning about LTL. Furthermore a parser written in SML and an executable simplifier are provided.", "authors": [ "Salomon Sickert" ], "date": "2016-03-01", - "id": 444, + "id": 445, "link": "/entries/LTL.html", "permalink": "/entries/LTL.html", "shortname": "LTL", "title": "Linear Temporal Logic", "topic_links": [ "logic/general-logic/temporal-logic", "computer-science/automata-and-formal-languages" ], "topics": [ "Logic/General logic/Temporal logic", "Computer science/Automata and formal languages" ], "used_by": 6 }, { "abstract": "\u003cp\u003e These theories formalize the quantitative analysis of a number of classical algorithms for the list update problem: 2-competitiveness of move-to-front, the lower bound of 2 for the competitiveness of deterministic list update algorithms and 1.6-competitiveness of the randomized COMB algorithm, the best randomized list update algorithm known to date. The material is based on the first two chapters of \u003ci\u003eOnline Computation and Competitive Analysis\u003c/i\u003e by Borodin and El-Yaniv. \u003c/p\u003e \u003cp\u003e For an informal description see the FSTTCS 2016 publication \u003ca href=\"http://www21.in.tum.de/~nipkow/pubs/fsttcs16.html\"\u003eVerified Analysis of List Update Algorithms\u003c/a\u003e by Haslbeck and Nipkow. \u003c/p\u003e", "authors": [ "Maximilian P. L. Haslbeck", "Tobias Nipkow" ], "date": "2016-02-17", - "id": 445, + "id": 446, "link": "/entries/List_Update.html", "permalink": "/entries/List_Update.html", "shortname": "List_Update", "title": "Analysis of List Update Algorithms", "topic_links": [ "computer-science/algorithms/online" ], "topics": [ "Computer science/Algorithms/Online" ], "used_by": 0 }, { "abstract": "\u003cp\u003e We define a functional variant of the static single assignment (SSA) form construction algorithm described by \u003ca href=\"https://doi.org/10.1007/978-3-642-37051-9_6\"\u003eBraun et al.\u003c/a\u003e, which combines simplicity and efficiency. The definition is based on a general, abstract control flow graph representation using Isabelle locales. \u003c/p\u003e \u003cp\u003e We prove that the algorithm's output is semantically equivalent to the input according to a small-step semantics, and that it is in minimal SSA form for the common special case of reducible inputs. We then show the satisfiability of the locale assumptions by giving instantiations for a simple While language. \u003c/p\u003e \u003cp\u003e Furthermore, we use a generic instantiation based on typedefs in order to extract OCaml code and replace the unverified SSA construction algorithm of the \u003ca href=\"https://doi.org/10.1145/2579080\"\u003eCompCertSSA project\u003c/a\u003e with it. \u003c/p\u003e \u003cp\u003e A more detailed description of the verified SSA construction can be found in the paper \u003ca href=\"https://doi.org/10.1145/2892208.2892211\"\u003eVerified Construction of Static Single Assignment Form\u003c/a\u003e, CC 2016. \u003c/p\u003e", "authors": [ "Sebastian Ullrich", "Denis Lohner" ], "date": "2016-02-05", - "id": 446, + "id": 447, "link": "/entries/Formal_SSA.html", "permalink": "/entries/Formal_SSA.html", "shortname": "Formal_SSA", "title": "Verified Construction of Static Single Assignment Form", "topic_links": [ "computer-science/programming-languages/compiling" ], "topics": [ "Computer science/Programming languages/Compiling" ], "used_by": 1 }, { "abstract": "Based on existing libraries for polynomial interpolation and matrices, we formalized several factorization algorithms for polynomials, including Kronecker's algorithm for integer polynomials, Yun's square-free factorization algorithm for field polynomials, and Berlekamp's algorithm for polynomials over finite fields. By combining the last one with Hensel's lifting, we derive an efficient factorization algorithm for the integer polynomials, which is then lifted for rational polynomials by mechanizing Gauss' lemma. Finally, we assembled a combined factorization algorithm for rational polynomials, which combines all the mentioned algorithms and additionally uses the explicit formula for roots of quadratic polynomials and a rational root test. \u003cp\u003e As side products, we developed division algorithms for polynomials over integral domains, as well as primality-testing and prime-factorization algorithms for integers.", "authors": [ "René Thiemann", "Akihisa Yamada" ], "date": "2016-01-29", - "id": 447, + "id": 448, "link": "/entries/Polynomial_Factorization.html", "permalink": "/entries/Polynomial_Factorization.html", "shortname": "Polynomial_Factorization", "title": "Polynomial Factorization", "topic_links": [ "mathematics/algebra" ], "topics": [ "Mathematics/Algebra" ], "used_by": 12 }, { "abstract": "We formalized three algorithms for polynomial interpolation over arbitrary fields: Lagrange's explicit expression, the recursive algorithm of Neville and Aitken, and the Newton interpolation in combination with an efficient implementation of divided differences. Variants of these algorithms for integer polynomials are also available, where sometimes the interpolation can fail; e.g., there is no linear integer polynomial \u003ci\u003ep\u003c/i\u003e such that \u003ci\u003ep(0) = 0\u003c/i\u003e and \u003ci\u003ep(2) = 1\u003c/i\u003e. Moreover, for the Newton interpolation for integer polynomials, we proved that all intermediate results that are computed during the algorithm must be integers. This admits an early failure detection in the implementation. Finally, we proved the uniqueness of polynomial interpolation. \u003cp\u003e The development also contains improved code equations to speed up the division of integers in target languages.", "authors": [ "René Thiemann", "Akihisa Yamada" ], "date": "2016-01-29", - "id": 448, + "id": 449, "link": "/entries/Polynomial_Interpolation.html", "permalink": "/entries/Polynomial_Interpolation.html", "shortname": "Polynomial_Interpolation", "title": "Polynomial Interpolation", "topic_links": [ "mathematics/algebra" ], "topics": [ "Mathematics/Algebra" ], "used_by": 7 }, { "abstract": "This work contains a formalization of some topics in knot theory. The concepts that were formalized include definitions of tangles, links, framed links and link/tangle equivalence. The formalization is based on a formulation of links in terms of tangles. We further construct and prove the invariance of the Bracket polynomial. Bracket polynomial is an invariant of framed links closely linked to the Jones polynomial. This is perhaps the first attempt to formalize any aspect of knot theory in an interactive proof assistant.", "authors": [ "T.V.H. Prathamesh" ], "date": "2016-01-20", - "id": 449, + "id": 450, "link": "/entries/Knot_Theory.html", "permalink": "/entries/Knot_Theory.html", "shortname": "Knot_Theory", "title": "Knot Theory", "topic_links": [ "mathematics/topology" ], "topics": [ "Mathematics/Topology" ], "used_by": 0 }, { "abstract": "In this work, the Kronecker tensor product of matrices and the proofs of some of its properties are formalized. Properties which have been formalized include associativity of the tensor product and the mixed-product property.", "authors": [ "T.V.H. Prathamesh" ], "date": "2016-01-18", - "id": 450, + "id": 451, "link": "/entries/Matrix_Tensor.html", "permalink": "/entries/Matrix_Tensor.html", "shortname": "Matrix_Tensor", "title": "Tensor Product of Matrices", "topic_links": [ "computer-science/data-structures", "mathematics/algebra" ], "topics": [ "Computer science/Data structures", "Mathematics/Algebra" ], "used_by": 2 }, { "abstract": "This entry provides a basic library for number partitions, defines the two-argument partition function through its recurrence relation and relates this partition function to the cardinality of number partitions. The main proof shows that the recursively-defined partition function with arguments n and k equals the cardinality of number partitions of n with exactly k parts. The combinatorial proof follows the proof sketch of Theorem 2.4.1 in Mazur's textbook `Combinatorics: A Guided Tour`. This entry can serve as starting point for various more intrinsic properties about number partitions, the partition function and related recurrence relations.", "authors": [ "Lukas Bulwahn" ], "date": "2016-01-14", - "id": 451, + "id": 452, "link": "/entries/Card_Number_Partitions.html", "permalink": "/entries/Card_Number_Partitions.html", "shortname": "Card_Number_Partitions", "title": "Cardinality of Number Partitions", "topic_links": [ "mathematics/combinatorics" ], "topics": [ "Mathematics/Combinatorics" ], "used_by": 2 }, { "abstract": "\u003cp\u003e This entry contains a definition of angles between vectors and between three points. Building on this, we prove basic geometric properties of triangles, such as the Isosceles Triangle Theorem, the Law of Sines and the Law of Cosines, that the sum of the angles of a triangle is π, and the congruence theorems for triangles. \u003c/p\u003e\u003cp\u003e The definitions and proofs were developed following those by John Harrison in HOL Light. However, due to Isabelle's type class system, all definitions and theorems in the Isabelle formalisation hold for all real inner product spaces. \u003c/p\u003e", "authors": [ "Manuel Eberl" ], "date": "2015-12-28", - "id": 452, + "id": 453, "link": "/entries/Triangle.html", "permalink": "/entries/Triangle.html", "shortname": "Triangle", "title": "Basic Geometric Properties of Triangles", "topic_links": [ "mathematics/geometry" ], "topics": [ "Mathematics/Geometry" ], "used_by": 3 }, { "abstract": "\u003cp\u003e Descartes' Rule of Signs relates the number of positive real roots of a polynomial with the number of sign changes in its coefficient sequence. \u003c/p\u003e\u003cp\u003e Our proof follows the simple inductive proof given by Rob Arthan, which was also used by John Harrison in his HOL Light formalisation. We proved most of the lemmas for arbitrary linearly-ordered integrity domains (e.g. integers, rationals, reals); the main result, however, requires the intermediate value theorem and was therefore only proven for real polynomials. \u003c/p\u003e", "authors": [ "Manuel Eberl" ], "date": "2015-12-28", - "id": 453, + "id": 454, "link": "/entries/Descartes_Sign_Rule.html", "permalink": "/entries/Descartes_Sign_Rule.html", "shortname": "Descartes_Sign_Rule", "title": "Descartes' Rule of Signs", "topic_links": [ "mathematics/analysis" ], "topics": [ "Mathematics/Analysis" ], "used_by": 0 }, { "abstract": "\u003cp\u003e Liouville numbers are a class of transcendental numbers that can be approximated particularly well with rational numbers. Historically, they were the first numbers whose transcendence was proven. \u003c/p\u003e\u003cp\u003e In this entry, we define the concept of Liouville numbers as well as the standard construction to obtain Liouville numbers (including Liouville's constant) and we prove their most important properties: irrationality and transcendence. \u003c/p\u003e\u003cp\u003e The proof is very elementary and requires only standard arithmetic, the Mean Value Theorem for polynomials, and the boundedness of polynomials on compact intervals. \u003c/p\u003e", "authors": [ "Manuel Eberl" ], "date": "2015-12-28", - "id": 454, + "id": 455, "link": "/entries/Liouville_Numbers.html", "permalink": "/entries/Liouville_Numbers.html", "shortname": "Liouville_Numbers", "title": "Liouville numbers", "topic_links": [ "mathematics/analysis", "mathematics/number-theory" ], "topics": [ "Mathematics/Analysis", "Mathematics/Number theory" ], "used_by": 0 }, { "abstract": "\u003cp\u003e In this work, we prove the lower bound \u003cspan class=\"nobr\"\u003eln(H_n) - ln(5/3)\u003c/span\u003e for the partial sum of the Prime Harmonic series and, based on this, the divergence of the Prime Harmonic Series \u003cspan class=\"nobr\"\u003e∑[p\u0026thinsp;prime]\u0026thinsp;·\u0026thinsp;1/p.\u003c/span\u003e \u003c/p\u003e\u003cp\u003e The proof relies on the unique squarefree decomposition of natural numbers. This is similar to Euler's original proof (which was highly informal and morally questionable). Its advantage over proofs by contradiction, like the famous one by Paul Erdős, is that it provides a relatively good lower bound for the partial sums. \u003c/p\u003e", "authors": [ "Manuel Eberl" ], "date": "2015-12-28", - "id": 455, + "id": 456, "link": "/entries/Prime_Harmonic_Series.html", "permalink": "/entries/Prime_Harmonic_Series.html", "shortname": "Prime_Harmonic_Series", "title": "The Divergence of the Prime Harmonic Series", "topic_links": [ "mathematics/number-theory" ], "topics": [ "Mathematics/Number theory" ], "used_by": 0 }, { "abstract": "Based on existing libraries for matrices, factorization of rational polynomials, and Sturm's theorem, we formalized algebraic numbers in Isabelle/HOL. Our development serves as an implementation for real and complex numbers, and it admits to compute roots and completely factorize real and complex polynomials, provided that all coefficients are rational numbers. Moreover, we provide two implementations to display algebraic numbers, an injective and expensive one, or a faster but approximative version. \u003c/p\u003e\u003cp\u003e To this end, we mechanized several results on resultants, which also required us to prove that polynomials over a unique factorization domain form again a unique factorization domain. \u003c/p\u003e", "authors": [ "René Thiemann", "Akihisa Yamada", "Sebastiaan J. C. Joosten" ], "date": "2015-12-22", - "id": 456, + "id": 457, "link": "/entries/Algebraic_Numbers.html", "permalink": "/entries/Algebraic_Numbers.html", "shortname": "Algebraic_Numbers", "title": "Algebraic Numbers in Isabelle/HOL", "topic_links": [ "mathematics/algebra" ], "topics": [ "Mathematics/Algebra" ], "used_by": 6 }, { "abstract": "Applicative functors augment computations with effects by lifting function application to types which model the effects. As the structure of the computation cannot depend on the effects, applicative expressions can be analysed statically. This allows us to lift universally quantified equations to the effectful types, as observed by Hinze. Thus, equational reasoning over effectful computations can be reduced to pure types. \u003c/p\u003e\u003cp\u003e This entry provides a package for registering applicative functors and two proof methods for lifting of equations over applicative functors. The first method normalises applicative expressions according to the laws of applicative functors. This way, equations whose two sides contain the same list of variables can be lifted to every applicative functor. \u003c/p\u003e\u003cp\u003e To lift larger classes of equations, the second method exploits a number of additional properties (e.g., commutativity of effects) provided the properties have been declared for the concrete applicative functor at hand upon registration. \u003c/p\u003e\u003cp\u003e We declare several types from the Isabelle library as applicative functors and illustrate the use of the methods with two examples: the lifting of the arithmetic type class hierarchy to streams and the verification of a relabelling function on binary trees. We also formalise and verify the normalisation algorithm used by the first proof method. \u003c/p\u003e", "authors": [ "Andreas Lochbihler", "Joshua Schneider" ], "date": "2015-12-22", - "id": 457, + "id": 458, "link": "/entries/Applicative_Lifting.html", "permalink": "/entries/Applicative_Lifting.html", "shortname": "Applicative_Lifting", "title": "Applicative Lifting", "topic_links": [ "computer-science/functional-programming" ], "topics": [ "Computer science/Functional programming" ], "used_by": 4 }, { "abstract": "The Stern-Brocot tree contains all rational numbers exactly once and in their lowest terms. We formalise the Stern-Brocot tree as a coinductive tree using recursive and iterative specifications, which we have proven equivalent, and show that it indeed contains all the numbers as stated. Following Hinze, we prove that the Stern-Brocot tree can be linearised looplessly into Stern's diatonic sequence (also known as Dijkstra's fusc function) and that it is a permutation of the Bird tree. \u003c/p\u003e\u003cp\u003e The reasoning stays at an abstract level by appealing to the uniqueness of solutions of guarded recursive equations and lifting algebraic laws point-wise to trees and streams using applicative functors. \u003c/p\u003e", "authors": [ "Peter Gammie", "Andreas Lochbihler" ], "date": "2015-12-22", - "id": 458, + "id": 459, "link": "/entries/Stern_Brocot.html", "permalink": "/entries/Stern_Brocot.html", "shortname": "Stern_Brocot", "title": "The Stern-Brocot Tree", "topic_links": [ "mathematics/number-theory" ], "topics": [ "Mathematics/Number theory" ], "used_by": 0 }, { "abstract": "The theory's main theorem states that the cardinality of set partitions of size k on a carrier set of size n is expressed by Stirling numbers of the second kind. In Isabelle, Stirling numbers of the second kind are defined in the AFP entry `Discrete Summation` through their well-known recurrence relation. The main theorem relates them to the alternative definition as cardinality of set partitions. The proof follows the simple and short explanation in Richard P. Stanley's `Enumerative Combinatorics: Volume 1` and Wikipedia, and unravels the full details and implicit reasoning steps of these explanations.", "authors": [ "Lukas Bulwahn" ], "date": "2015-12-12", - "id": 459, + "id": 460, "link": "/entries/Card_Partitions.html", "permalink": "/entries/Card_Partitions.html", "shortname": "Card_Partitions", "title": "Cardinality of Set Partitions", "topic_links": [ "mathematics/combinatorics" ], "topics": [ "Mathematics/Combinatorics" ], "used_by": 4 }, { "abstract": "A Latin Square is a n x n table filled with integers from 1 to n where each number appears exactly once in each row and each column. A Latin Rectangle is a partially filled n x n table with r filled rows and n-r empty rows, such that each number appears at most once in each row and each column. The main result of this theory is that any Latin Rectangle can be completed to a Latin Square.", "authors": [ "Alexander Bentkamp" ], "date": "2015-12-02", - "id": 460, + "id": 461, "link": "/entries/Latin_Square.html", "permalink": "/entries/Latin_Square.html", "shortname": "Latin_Square", "title": "Latin Square", "topic_links": [ "mathematics/combinatorics" ], "topics": [ "Mathematics/Combinatorics" ], "used_by": 0 }, { "abstract": "Ergodic theory is the branch of mathematics that studies the behaviour of measure preserving transformations, in finite or infinite measure. It interacts both with probability theory (mainly through measure theory) and with geometry as a lot of interesting examples are from geometric origin. We implement the first definitions and theorems of ergodic theory, including notably Poicaré recurrence theorem for finite measure preserving systems (together with the notion of conservativity in general), induced maps, Kac's theorem, Birkhoff theorem (arguably the most important theorem in ergodic theory), and variations around it such as conservativity of the corresponding skew product, or Atkinson lemma.", "authors": [ "Sebastien Gouezel" ], "date": "2015-12-01", - "id": 461, + "id": 462, "link": "/entries/Ergodic_Theory.html", "permalink": "/entries/Ergodic_Theory.html", "shortname": "Ergodic_Theory", "title": "Ergodic Theory", "topic_links": [ "mathematics/probability-theory" ], "topics": [ "Mathematics/Probability theory" ], "used_by": 4 }, { "abstract": "Euler's Partition Theorem states that the number of partitions with only distinct parts is equal to the number of partitions with only odd parts. The combinatorial proof follows John Harrison's HOL Light formalization. This theorem is the 45th theorem of the Top 100 Theorems list.", "authors": [ "Lukas Bulwahn" ], "date": "2015-11-19", - "id": 462, + "id": 463, "link": "/entries/Euler_Partition.html", "permalink": "/entries/Euler_Partition.html", "shortname": "Euler_Partition", "title": "Euler's Partition Theorem", "topic_links": [ "mathematics/combinatorics" ], "topics": [ "Mathematics/Combinatorics" ], "used_by": 0 }, { "abstract": "We formalize the Tortoise and Hare cycle-finding algorithm ascribed to Floyd by Knuth, and an improved version due to Brent.", "authors": [ "Peter Gammie" ], "date": "2015-11-18", - "id": 463, + "id": 464, "link": "/entries/TortoiseHare.html", "permalink": "/entries/TortoiseHare.html", "shortname": "TortoiseHare", "title": "The Tortoise and Hare Algorithm", "topic_links": [ "computer-science/algorithms" ], "topics": [ "Computer science/Algorithms" ], "used_by": 0 }, { "abstract": "This development provides a formalization of planarity based on combinatorial maps and proves that Kuratowski's theorem implies combinatorial planarity. Moreover, it contains verified implementations of programs checking certificates for planarity (i.e., a combinatorial map) or non-planarity (i.e., a Kuratowski subgraph).", "authors": [ "Lars Noschinski" ], "date": "2015-11-11", - "id": 464, + "id": 465, "link": "/entries/Planarity_Certificates.html", "permalink": "/entries/Planarity_Certificates.html", "shortname": "Planarity_Certificates", "title": "Planarity Certificates", "topic_links": [ "mathematics/graph-theory" ], "topics": [ "Mathematics/Graph theory" ], "used_by": 0 }, { "abstract": "We present a formalization of parity games (a two-player game on directed graphs) and a proof of their positional determinacy in Isabelle/HOL. This proof works for both finite and infinite games.", "authors": [ "Christoph Dittmann" ], "date": "2015-11-02", - "id": 465, + "id": 466, "link": "/entries/Parity_Game.html", "permalink": "/entries/Parity_Game.html", "shortname": "Parity_Game", "title": "Positional Determinacy of Parity Games", "topic_links": [ "mathematics/games-and-economics", "mathematics/graph-theory" ], "topics": [ "Mathematics/Games and economics", "Mathematics/Graph theory" ], "used_by": 1 }, { "abstract": "We represent a theory \u003ci\u003eof\u003c/i\u003e (a fragment of) Isabelle/HOL \u003ci\u003ein\u003c/i\u003e Isabelle/HOL. The purpose of this exercise is to write packages for domain-specific specifications such as class models, B-machines, ..., and generally speaking, any domain-specific languages whose abstract syntax can be defined by a HOL \"datatype\". On this basis, the Isabelle code-generator can then be used to generate code for global context transformations as well as tactic code. \u003cp\u003e Consequently the package is geared towards parsing, printing and code-generation to the Isabelle API. It is at the moment not sufficiently rich for doing meta theory on Isabelle itself. Extensions in this direction are possible though. \u003cp\u003e Moreover, the chosen fragment is fairly rudimentary. However it should be easily adapted to one's needs if a package is written on top of it. The supported API contains types, terms, transformation of global context like definitions and data-type declarations as well as infrastructure for Isar-setups. \u003cp\u003e This theory is drawn from the \u003ca href=\"http://isa-afp.org/entries/Featherweight_OCL.html\"\u003eFeatherweight OCL\u003c/a\u003e project where it is used to construct a package for object-oriented data-type theories generated from UML class diagrams. The Featherweight OCL, for example, allows for both the direct execution of compiled tactic code by the Isabelle API as well as the generation of \".thy\"-files for debugging purposes. \u003cp\u003e Gained experience from this project shows that the compiled code is sufficiently efficient for practical purposes while being based on a formal \u003ci\u003emodel\u003c/i\u003e on which properties of the package can be proven such as termination of certain transformations, correctness, etc.", "authors": [ "Frédéric Tuong", "Burkhart Wolff" ], "date": "2015-09-16", - "id": 466, + "id": 467, "link": "/entries/Isabelle_Meta_Model.html", "permalink": "/entries/Isabelle_Meta_Model.html", "shortname": "Isabelle_Meta_Model", "title": "A Meta-Model for the Isabelle API", "topic_links": [ "computer-science/programming-languages/language-definitions" ], "topics": [ "Computer science/Programming languages/Language definitions" ], "used_by": 0 }, { "abstract": "Recently, Javier Esparza and Jan Kretinsky proposed a new method directly translating linear temporal logic (LTL) formulas to deterministic (generalized) Rabin automata. Compared to the existing approaches of constructing a non-deterministic Buechi-automaton in the first step and then applying a determinization procedure (e.g. some variant of Safra's construction) in a second step, this new approach preservers a relation between the formula and the states of the resulting automaton. While the old approach produced a monolithic structure, the new method is compositional. Furthermore, in some cases the resulting automata are much smaller than the automata generated by existing approaches. In order to ensure the correctness of the construction, this entry contains a complete formalisation and verification of the translation. Furthermore from this basis executable code is generated.", "authors": [ "Salomon Sickert" ], "date": "2015-09-04", - "id": 467, + "id": 468, "link": "/entries/LTL_to_DRA.html", "permalink": "/entries/LTL_to_DRA.html", "shortname": "LTL_to_DRA", "title": "Converting Linear Temporal Logic to Deterministic (Generalized) Rabin Automata", "topic_links": [ "computer-science/automata-and-formal-languages" ], "topics": [ "Computer science/Automata and formal languages" ], "used_by": 0 }, { "abstract": "\u003cp\u003e Matrix interpretations are useful as measure functions in termination proving. In order to use these interpretations also for complexity analysis, the growth rate of matrix powers has to examined. Here, we formalized a central result of spectral radius theory, namely that the growth rate is polynomially bounded if and only if the spectral radius of a matrix is at most one. \u003c/p\u003e\u003cp\u003e To formally prove this result we first studied the growth rates of matrices in Jordan normal form, and prove the result that every complex matrix has a Jordan normal form using a constructive prove via Schur decomposition. \u003c/p\u003e\u003cp\u003e The whole development is based on a new abstract type for matrices, which is also executable by a suitable setup of the code generator. It completely subsumes our former AFP-entry on executable matrices, and its main advantage is its close connection to the HMA-representation which allowed us to easily adapt existing proofs on determinants. \u003c/p\u003e\u003cp\u003e All the results have been applied to improve CeTA, our certifier to validate termination and complexity proof certificates. \u003c/p\u003e", "authors": [ "René Thiemann", "Akihisa Yamada" ], "date": "2015-08-21", - "id": 468, + "id": 469, "link": "/entries/Jordan_Normal_Form.html", "permalink": "/entries/Jordan_Normal_Form.html", "shortname": "Jordan_Normal_Form", "title": "Matrices, Jordan Normal Forms, and Spectral Radius Theory", "topic_links": [ "mathematics/algebra" ], "topics": [ "Mathematics/Algebra" ], "used_by": 12 }, { "abstract": "This theory formalizes the commutation version of decreasing diagrams for Church-Rosser modulo. The proof follows Felgenhauer and van Oostrom (RTA 2013). The theory also provides important specializations, in particular van Oostrom’s conversion version (TCS 2008) of decreasing diagrams.", "authors": [ "Bertram Felgenhauer" ], "date": "2015-08-20", - "id": 469, + "id": 470, "link": "/entries/Decreasing-Diagrams-II.html", "permalink": "/entries/Decreasing-Diagrams-II.html", "shortname": "Decreasing-Diagrams-II", "title": "Decreasing Diagrams II", "topic_links": [ "logic/rewriting" ], "topics": [ "Logic/Rewriting" ], "used_by": 0 }, { "abstract": "\u003cp\u003e The necessary and sufficient condition for CSP noninterference security stated by the Ipurge Unwinding Theorem is expressed in terms of a pair of event lists varying over the set of process traces. This does not render it suitable for the subsequent application of rule induction in the case of a process defined inductively, since rule induction may rather be applied to a single variable ranging over an inductively defined set. \u003c/p\u003e\u003cp\u003e Starting from the Ipurge Unwinding Theorem, this paper derives a necessary and sufficient condition for CSP noninterference security that involves a single event list varying over the set of process traces, and is thus suitable for rule induction; hence its name, Inductive Unwinding Theorem. Similarly to the Ipurge Unwinding Theorem, the new theorem only requires to consider individual accepted and refused events for each process trace, and applies to the general case of a possibly intransitive noninterference policy. Specific variants of this theorem are additionally proven for deterministic processes and trace set processes. \u003c/p\u003e", "authors": [ "Pasquale Noce" ], "date": "2015-08-18", - "id": 470, + "id": 471, "link": "/entries/Noninterference_Inductive_Unwinding.html", "permalink": "/entries/Noninterference_Inductive_Unwinding.html", "shortname": "Noninterference_Inductive_Unwinding", "title": "The Inductive Unwinding Theorem for CSP Noninterference Security", "topic_links": [ "computer-science/security" ], "topics": [ "Computer science/Security" ], "used_by": 0 }, { "abstract": "We provide a formal framework for the theory of representations of finite groups, as modules over the group ring. Along the way, we develop the general theory of groups (relying on the group_add class for the basics), modules, and vector spaces, to the extent required for theory of group representations. We then provide formal proofs of several important introductory theorems in the subject, including Maschke's theorem, Schur's lemma, and Frobenius reciprocity. We also prove that every irreducible representation is isomorphic to a submodule of the group ring, leading to the fact that for a finite group there are only finitely many isomorphism classes of irreducible representations. In all of this, no restriction is made on the characteristic of the ring or field of scalars until the definition of a group representation, and then the only restriction made is that the characteristic must not divide the order of the group.", "authors": [ "Jeremy Sylvestre" ], "date": "2015-08-12", - "id": 471, + "id": 472, "link": "/entries/Rep_Fin_Groups.html", "permalink": "/entries/Rep_Fin_Groups.html", "shortname": "Rep_Fin_Groups", "title": "Representations of Finite Groups", "topic_links": [ "mathematics/algebra" ], "topics": [ "Mathematics/Algebra" ], "used_by": 0 }, { "abstract": "Encodings or the proof of their absence are the main way to compare process calculi. To analyse the quality of encodings and to rule out trivial or meaningless encodings, they are augmented with quality criteria. There exists a bunch of different criteria and different variants of criteria in order to reason in different settings. This leads to incomparable results. Moreover it is not always clear whether the criteria used to obtain a result in a particular setting do indeed fit to this setting. We show how to formally reason about and compare encodability criteria by mapping them on requirements on a relation between source and target terms that is induced by the encoding function. In particular we analyse the common criteria full abstraction, operational correspondence, divergence reflection, success sensitiveness, and respect of barbs; e.g. we analyse the exact nature of the simulation relation (coupled simulation versus bisimulation) that is induced by different variants of operational correspondence. This way we reduce the problem of analysing or comparing encodability criteria to the better understood problem of comparing relations on processes.", "authors": [ "Kirstin Peters", "Rob van Glabbeek" ], "date": "2015-08-10", - "id": 472, + "id": 473, "link": "/entries/Encodability_Process_Calculi.html", "permalink": "/entries/Encodability_Process_Calculi.html", "shortname": "Encodability_Process_Calculi", "title": "Analysing and Comparing Encodability Criteria for Process Calculi", "topic_links": [ "computer-science/concurrency/process-calculi" ], "topics": [ "Computer science/Concurrency/Process calculi" ], "used_by": 0 }, { "abstract": "Isabelle/Isar provides named cases to structure proofs. This article contains an implementation of a proof method \u003ctt\u003ecasify\u003c/tt\u003e, which can be used to easily extend proof tools with support for named cases. Such a proof tool must produce labeled subgoals, which are then interpreted by \u003ctt\u003ecasify\u003c/tt\u003e. \u003cp\u003e As examples, this work contains verification condition generators producing named cases for three languages: The Hoare language from \u003ctt\u003eHOL/Library\u003c/tt\u003e, a monadic language for computations with failure (inspired by the AutoCorres tool), and a language of conditional expressions. These VCGs are demonstrated by a number of example programs.", "authors": [ "Lars Noschinski" ], "date": "2015-07-21", - "id": 473, + "id": 474, "link": "/entries/Case_Labeling.html", "permalink": "/entries/Case_Labeling.html", "shortname": "Case_Labeling", "title": "Generating Cases from Labeled Subgoals", "topic_links": [ "tools", "computer-science/programming-languages/misc" ], "topics": [ "Tools", "Computer science/Programming languages/Misc" ], "used_by": 1 }, { "abstract": "This entry provides Landau symbols to describe and reason about the asymptotic growth of functions for sufficiently large inputs. A number of simplification procedures are provided for additional convenience: cancelling of dominated terms in sums under a Landau symbol, cancelling of common factors in products, and a decision procedure for Landau expressions containing products of powers of functions like x, ln(x), ln(ln(x)) etc.", "authors": [ "Manuel Eberl" ], "date": "2015-07-14", - "id": 474, + "id": 475, "link": "/entries/Landau_Symbols.html", "permalink": "/entries/Landau_Symbols.html", "shortname": "Landau_Symbols", "title": "Landau Symbols", "topic_links": [ "mathematics/analysis" ], "topics": [ "Mathematics/Analysis" ], "used_by": 11 }, { "abstract": "This article contains a formalisation of the Akra-Bazzi method based on a proof by Leighton. It is a generalisation of the well-known Master Theorem for analysing the complexity of Divide \u0026 Conquer algorithms. We also include a generalised version of the Master theorem based on the Akra-Bazzi theorem, which is easier to apply than the Akra-Bazzi theorem itself. \u003cp\u003e Some proof methods that facilitate applying the Master theorem are also included. For a more detailed explanation of the formalisation and the proof methods, see the accompanying paper (publication forthcoming).", "authors": [ "Manuel Eberl" ], "date": "2015-07-14", - "id": 475, + "id": 476, "link": "/entries/Akra_Bazzi.html", "permalink": "/entries/Akra_Bazzi.html", "shortname": "Akra_Bazzi", "title": "The Akra-Bazzi theorem and the Master theorem", "topic_links": [ "mathematics/analysis" ], "topics": [ "Mathematics/Analysis" ], "used_by": 1 }, { "abstract": "Hermite Normal Form is a canonical matrix analogue of Reduced Echelon Form, but involving matrices over more general rings. In this work we formalise an algorithm to compute the Hermite Normal Form of a matrix by means of elementary row operations, taking advantage of the Echelon Form AFP entry. We have proven the correctness of such an algorithm and refined it to immutable arrays. Furthermore, we have also formalised the uniqueness of the Hermite Normal Form of a matrix. Code can be exported and some examples of execution involving integer matrices and polynomial matrices are presented as well.", "authors": [ "Jose Divasón", "Jesús Aransay" ], "date": "2015-07-07", - "id": 476, + "id": 477, "link": "/entries/Hermite.html", "permalink": "/entries/Hermite.html", "shortname": "Hermite", "title": "Hermite Normal Form", "topic_links": [ "computer-science/algorithms/mathematical", "mathematics/algebra" ], "topics": [ "Computer science/Algorithms/Mathematical", "Mathematics/Algebra" ], "used_by": 2 }, { "abstract": "The Derangements Formula describes the number of fixpoint-free permutations as a closed formula. This theorem is the 88th theorem in a list of the ``\u003ca href=\"http://www.cs.ru.nl/~freek/100/\"\u003eTop 100 Mathematical Theorems\u003c/a\u003e''.", "authors": [ "Lukas Bulwahn" ], "date": "2015-06-27", - "id": 477, + "id": 478, "link": "/entries/Derangements.html", "permalink": "/entries/Derangements.html", "shortname": "Derangements", "title": "Derangements Formula", "topic_links": [ "mathematics/combinatorics" ], "topics": [ "Mathematics/Combinatorics" ], "used_by": 0 }, { "abstract": "Binary multirelations associate elements of a set with its subsets; hence they are binary relations from a set to its power set. Applications include alternating automata, models and logics for games, program semantics with dual demonic and angelic nondeterministic choices and concurrent dynamic logics. This proof document supports an arXiv article that formalises the basic algebra of multirelations and proposes axiom systems for them, ranging from weak bi-monoids to weak bi-quantales.", "authors": [ "Hitoshi Furusawa", "Georg Struth" ], "date": "2015-06-11", - "id": 478, + "id": 479, "link": "/entries/Multirelations.html", "permalink": "/entries/Multirelations.html", "shortname": "Multirelations", "title": "Binary Multirelations", "topic_links": [ "mathematics/algebra" ], "topics": [ "Mathematics/Algebra" ], "used_by": 0 }, { "abstract": "\u003cp\u003e Among the various mathematical tools introduced in his outstanding work on Communicating Sequential Processes, Hoare has defined \"interleaves\" as the predicate satisfied by any three lists such that the first list may be split into sublists alternately extracted from the other two ones, whatever is the criterion for extracting an item from either one list or the other in each step. \u003c/p\u003e\u003cp\u003e This paper enriches Hoare's definition by identifying such criterion with the truth value of a predicate taking as inputs the head and the tail of the first list. This enhanced \"interleaves\" predicate turns out to permit the proof of equalities between lists without the need of an induction. Some rules that allow to infer \"interleaves\" statements without induction, particularly applying to the addition or removal of a prefix to the input lists, are also proven. Finally, a stronger version of the predicate, named \"Interleaves\", is shown to fulfil further rules applying to the addition or removal of a suffix to the input lists. \u003c/p\u003e", "authors": [ "Pasquale Noce" ], "date": "2015-06-11", - "id": 479, + "id": 480, "link": "/entries/List_Interleaving.html", "permalink": "/entries/List_Interleaving.html", "shortname": "List_Interleaving", "title": "Reasoning about Lists via List Interleaving", "topic_links": [ "computer-science/data-structures" ], "topics": [ "Computer science/Data structures" ], "used_by": 1 }, { "abstract": "\u003cp\u003e The classical definition of noninterference security for a deterministic state machine with outputs requires to consider the outputs produced by machine actions after any trace, i.e. any indefinitely long sequence of actions, of the machine. In order to render the verification of the security of such a machine more straightforward, there is a need of some sufficient condition for security such that just individual actions, rather than unbounded sequences of actions, have to be considered. \u003c/p\u003e\u003cp\u003e By extending previous results applying to transitive noninterference policies, Rushby has proven an unwinding theorem that provides a sufficient condition of this kind in the general case of a possibly intransitive policy. This condition has to be satisfied by a generic function mapping security domains into equivalence relations over machine states. \u003c/p\u003e\u003cp\u003e An analogous problem arises for CSP noninterference security, whose definition requires to consider any possible future, i.e. any indefinitely long sequence of subsequent events and any indefinitely large set of refused events associated to that sequence, for each process trace. \u003c/p\u003e\u003cp\u003e This paper provides a sufficient condition for CSP noninterference security, which indeed requires to just consider individual accepted and refused events and applies to the general case of a possibly intransitive policy. This condition follows Rushby's one for classical noninterference security, and has to be satisfied by a generic function mapping security domains into equivalence relations over process traces; hence its name, Generic Unwinding Theorem. Variants of this theorem applying to deterministic processes and trace set processes are also proven. Finally, the sufficient condition for security expressed by the theorem is shown not to be a necessary condition as well, viz. there exists a secure process such that no domain-relation map satisfying the condition exists. \u003c/p\u003e", "authors": [ "Pasquale Noce" ], "date": "2015-06-11", - "id": 480, + "id": 481, "link": "/entries/Noninterference_Generic_Unwinding.html", "permalink": "/entries/Noninterference_Generic_Unwinding.html", "shortname": "Noninterference_Generic_Unwinding", "title": "The Generic Unwinding Theorem for CSP Noninterference Security", "topic_links": [ "computer-science/security", "computer-science/concurrency/process-calculi" ], "topics": [ "Computer science/Security", "Computer science/Concurrency/Process calculi" ], "used_by": 0 }, { "abstract": "\u003cp\u003e The definition of noninterference security for Communicating Sequential Processes requires to consider any possible future, i.e. any indefinitely long sequence of subsequent events and any indefinitely large set of refused events associated to that sequence, for each process trace. In order to render the verification of the security of a process more straightforward, there is a need of some sufficient condition for security such that just individual accepted and refused events, rather than unbounded sequences and sets of events, have to be considered. \u003c/p\u003e\u003cp\u003e Of course, if such a sufficient condition were necessary as well, it would be even more valuable, since it would permit to prove not only that a process is secure by verifying that the condition holds, but also that a process is not secure by verifying that the condition fails to hold. \u003c/p\u003e\u003cp\u003e This paper provides a necessary and sufficient condition for CSP noninterference security, which indeed requires to just consider individual accepted and refused events and applies to the general case of a possibly intransitive policy. This condition follows Rushby's output consistency for deterministic state machines with outputs, and has to be satisfied by a specific function mapping security domains into equivalence relations over process traces. The definition of this function makes use of an intransitive purge function following Rushby's one; hence the name given to the condition, Ipurge Unwinding Theorem. \u003c/p\u003e\u003cp\u003e Furthermore, in accordance with Hoare's formal definition of deterministic processes, it is shown that a process is deterministic just in case it is a trace set process, i.e. it may be identified by means of a trace set alone, matching the set of its traces, in place of a failures-divergences pair. Then, variants of the Ipurge Unwinding Theorem are proven for deterministic processes and trace set processes. \u003c/p\u003e", "authors": [ "Pasquale Noce" ], "date": "2015-06-11", - "id": 481, + "id": 482, "link": "/entries/Noninterference_Ipurge_Unwinding.html", "permalink": "/entries/Noninterference_Ipurge_Unwinding.html", "shortname": "Noninterference_Ipurge_Unwinding", "title": "The Ipurge Unwinding Theorem for CSP Noninterference Security", "topic_links": [ "computer-science/security" ], "topics": [ "Computer science/Security" ], "used_by": 3 }, { "abstract": "This article formalizes the amortized analysis of dynamic tables parameterized with their minimal and maximal load factors and the expansion and contraction factors. \u003cP\u003e A full description is found in a \u003ca href=\"http://www21.in.tum.de/~nipkow/pubs\"\u003ecompanion paper\u003c/a\u003e.", "authors": [ "Tobias Nipkow" ], "date": "2015-06-07", - "id": 482, + "id": 483, "link": "/entries/Dynamic_Tables.html", "permalink": "/entries/Dynamic_Tables.html", "shortname": "Dynamic_Tables", "title": "Parameterized Dynamic Tables", "topic_links": [ "computer-science/data-structures" ], "topics": [ "Computer science/Data structures" ], "used_by": 0 }, { "abstract": "We formalize new decision procedures for WS1S, M2L(Str), and Presburger Arithmetics. Formulas of these logics denote regular languages. Unlike traditional decision procedures, we do \u003cem\u003enot\u003c/em\u003e translate formulas into automata (nor into regular expressions), at least not explicitly. Instead we devise notions of derivatives (inspired by Brzozowski derivatives for regular expressions) that operate on formulas directly and compute a syntactic bisimulation using these derivatives. The treatment of Boolean connectives and quantifiers is uniform for all mentioned logics and is abstracted into a locale. This locale is then instantiated by different atomic formulas and their derivatives (which may differ even for the same logic under different encodings of interpretations as formal words). \u003cp\u003e The WS1S instance is described in the draft paper \u003ca href=\"https://people.inf.ethz.ch/trayteld/papers/csl15-ws1s_derivatives/index.html\"\u003eA Coalgebraic Decision Procedure for WS1S\u003c/a\u003e by the author.", "authors": [ "Dmitriy Traytel" ], "date": "2015-05-28", - "id": 483, + "id": 484, "link": "/entries/Formula_Derivatives.html", "permalink": "/entries/Formula_Derivatives.html", "shortname": "Formula_Derivatives", "title": "Derivatives of Logical Formulas", "topic_links": [ "computer-science/automata-and-formal-languages", "logic/general-logic/decidability-of-theories" ], "topics": [ "Computer science/Automata and formal languages", "Logic/General logic/Decidability of theories" ], "used_by": 1 }, { "abstract": "Numerous models of probabilistic systems are studied in the literature. Coalgebra has been used to classify them into system types and compare their expressiveness. We formalize the resulting hierarchy of probabilistic system types by modeling the semantics of the different systems as codatatypes. This approach yields simple and concise proofs, as bisimilarity coincides with equality for codatatypes. \u003cp\u003e This work is described in detail in the ITP 2015 publication by the authors.", "authors": [ "Johannes Hölzl", "Andreas Lochbihler", "Dmitriy Traytel" ], "date": "2015-05-27", - "id": 484, + "id": 485, "link": "/entries/Probabilistic_System_Zoo.html", "permalink": "/entries/Probabilistic_System_Zoo.html", "shortname": "Probabilistic_System_Zoo", "title": "A Zoo of Probabilistic Systems", "topic_links": [ "computer-science/automata-and-formal-languages" ], "topics": [ "Computer science/Automata and formal languages" ], "used_by": 0 }, { "abstract": "A VCG auction (named after their inventors Vickrey, Clarke, and Groves) is a generalization of the single-good, second price Vickrey auction to the case of a combinatorial auction (multiple goods, from which any participant can bid on each possible combination). We formalize in this entry VCG auctions, including tie-breaking and prove that the functions for the allocation and the price determination are well-defined. Furthermore we show that the allocation function allocates goods only to participants, only goods in the auction are allocated, and no good is allocated twice. We also show that the price function is non-negative. These properties also hold for the automatically extracted Scala code.", "authors": [ "Marco B. Caminati", "Manfred Kerber", "Christoph Lange", "Colin Rowat" ], "date": "2015-04-30", - "id": 485, + "id": 486, "link": "/entries/Vickrey_Clarke_Groves.html", "permalink": "/entries/Vickrey_Clarke_Groves.html", "shortname": "Vickrey_Clarke_Groves", "title": "VCG - Combinatorial Vickrey-Clarke-Groves Auctions", "topic_links": [ "mathematics/games-and-economics" ], "topics": [ "Mathematics/Games and economics" ], "used_by": 0 }, { "abstract": "The theory of residuated lattices, first proposed by Ward and Dilworth, is formalised in Isabelle/HOL. This includes concepts of residuated functions; their adjoints and conjugates. It also contains necessary and sufficient conditions for the existence of these operations in an arbitrary lattice. The mathematical components for residuated lattices are linked to the AFP entry for relation algebra. In particular, we prove Jonsson and Tsinakis conditions for a residuated boolean algebra to form a relation algebra.", "authors": [ "Victor B. F. Gomes", "Georg Struth" ], "date": "2015-04-15", - "id": 486, + "id": 487, "link": "/entries/Residuated_Lattices.html", "permalink": "/entries/Residuated_Lattices.html", "shortname": "Residuated_Lattices", "title": "Residuated Lattices", "topic_links": [ "mathematics/algebra" ], "topics": [ "Mathematics/Algebra" ], "used_by": 0 }, { "abstract": "ConcurrentIMP extends the small imperative language IMP with control non-determinism and constructs for synchronous message passing.", "authors": [ "Peter Gammie" ], "date": "2015-04-13", - "id": 487, + "id": 488, "link": "/entries/ConcurrentIMP.html", "permalink": "/entries/ConcurrentIMP.html", "shortname": "ConcurrentIMP", "title": "Concurrent IMP", "topic_links": [ "computer-science/programming-languages/logics" ], "topics": [ "Computer science/Programming languages/Logics" ], "used_by": 1 }, { "abstract": "\u003cp\u003e We use ConcurrentIMP to model Schism, a state-of-the-art real-time garbage collection scheme for weak memory, and show that it is safe on x86-TSO.\u003c/p\u003e \u003cp\u003e This development accompanies the PLDI 2015 paper of the same name. \u003c/p\u003e", "authors": [ "Peter Gammie", "Tony Hosking", "Kai Engelhardt" ], "date": "2015-04-13", - "id": 488, + "id": 489, "link": "/entries/ConcurrentGC.html", "permalink": "/entries/ConcurrentGC.html", "shortname": "ConcurrentGC", "title": "Relaxing Safely: Verified On-the-Fly Garbage Collection for x86-TSO", "topic_links": [ "computer-science/algorithms/concurrent" ], "topics": [ "Computer science/Algorithms/Concurrent" ], "used_by": 0 }, { "abstract": "This article formalizes the ``trie'' data structure invented by Fredkin [CACM 1960]. It also provides a specialization where the entries in the trie are lists.", "authors": [ "Andreas Lochbihler", "Tobias Nipkow" ], "date": "2015-03-30", - "id": 489, + "id": 490, "link": "/entries/Trie.html", "permalink": "/entries/Trie.html", "shortname": "Trie", "title": "Trie", "topic_links": [ "computer-science/data-structures" ], "topics": [ "Computer science/Data structures" ], "used_by": 5 }, { "abstract": "Algorithms for solving the consensus problem are fundamental to distributed computing. Despite their brevity, their ability to operate in concurrent, asynchronous and failure-prone environments comes at the cost of complex and subtle behaviors. Accordingly, understanding how they work and proving their correctness is a non-trivial endeavor where abstraction is immensely helpful. Moreover, research on consensus has yielded a large number of algorithms, many of which appear to share common algorithmic ideas. A natural question is whether and how these similarities can be distilled and described in a precise, unified way. In this work, we combine stepwise refinement and lockstep models to provide an abstract and unified view of a sizeable family of consensus algorithms. Our models provide insights into the design choices underlying the different algorithms, and classify them based on those choices.", "authors": [ "Ognjen Marić", "Christoph Sprenger" ], "date": "2015-03-18", - "id": 490, + "id": 491, "link": "/entries/Consensus_Refined.html", "permalink": "/entries/Consensus_Refined.html", "shortname": "Consensus_Refined", "title": "Consensus Refined", "topic_links": [ "computer-science/algorithms/distributed" ], "topics": [ "Computer science/Algorithms/Distributed" ], "used_by": 0 }, { "abstract": "\u003cp\u003eWe provide a framework for registering automatic methods to derive class instances of datatypes, as it is possible using Haskell's ``deriving Ord, Show, ...'' feature.\u003c/p\u003e \u003cp\u003eWe further implemented such automatic methods to derive comparators, linear orders, parametrizable equality functions, and hash-functions which are required in the Isabelle Collection Framework and the Container Framework. Moreover, for the tactic of Blanchette to show that a datatype is countable, we implemented a wrapper so that this tactic becomes accessible in our framework. All of the generators are based on the infrastructure that is provided by the BNF-based datatype package.\u003c/p\u003e \u003cp\u003eOur formalization was performed as part of the \u003ca href=\"http://cl-informatik.uibk.ac.at/software/ceta\"\u003eIsaFoR/CeTA\u003c/a\u003e project. With our new tactics we could remove several tedious proofs for (conditional) linear orders, and conditional equality operators within IsaFoR and the Container Framework.\u003c/p\u003e", "authors": [ "Christian Sternagel", "René Thiemann" ], "date": "2015-03-11", - "id": 491, + "id": 492, "link": "/entries/Deriving.html", "permalink": "/entries/Deriving.html", "shortname": "Deriving", "title": "Deriving class instances for datatypes", "topic_links": [ "computer-science/data-structures" ], "topics": [ "Computer science/Data structures" ], - "used_by": 12 + "used_by": 13 }, { "abstract": "We formalize the Call Arity analysis, as implemented in GHC, and prove both functional correctness and, more interestingly, safety (i.e. the transformation does not increase allocation). \u003cp\u003e We use syntax and the denotational semantics from the entry \"Launchbury\", where we formalized Launchbury's natural semantics for lazy evaluation. \u003cp\u003e The functional correctness of Call Arity is proved with regard to that denotational semantics. The operational properties are shown with regard to a small-step semantics akin to Sestoft's mark 1 machine, which we prove to be equivalent to Launchbury's semantics. \u003cp\u003e We use Christian Urban's Nominal2 package to define our terms and make use of Brian Huffman's HOLCF package for the domain-theoretical aspects of the development.", "authors": [ "Joachim Breitner" ], "date": "2015-02-20", - "id": 492, + "id": 493, "link": "/entries/Call_Arity.html", "permalink": "/entries/Call_Arity.html", "shortname": "Call_Arity", "title": "The Safety of Call Arity", "topic_links": [ "computer-science/programming-languages/static-analysis" ], "topics": [ "Computer science/Programming languages/Static analysis" ], "used_by": 0 }, { "abstract": "We formalize an algorithm to compute the Echelon Form of a matrix. We have proved its existence over Bézout domains and made it executable over Euclidean domains, such as the integer ring and the univariate polynomials over a field. This allows us to compute determinants, inverses and characteristic polynomials of matrices. The work is based on the HOL-Multivariate Analysis library, and on both the Gauss-Jordan and Cayley-Hamilton AFP entries. As a by-product, some algebraic structures have been implemented (principal ideal domains, Bézout domains...). The algorithm has been refined to immutable arrays and code can be generated to functional languages as well.", "authors": [ "Jose Divasón", "Jesús Aransay" ], "date": "2015-02-12", - "id": 493, + "id": 494, "link": "/entries/Echelon_Form.html", "permalink": "/entries/Echelon_Form.html", "shortname": "Echelon_Form", "title": "Echelon Form", "topic_links": [ "computer-science/algorithms/mathematical", "mathematics/algebra" ], "topics": [ "Computer science/Algorithms/Mathematical", "Mathematics/Algebra" ], "used_by": 1 }, { "abstract": "QR decomposition is an algorithm to decompose a real matrix A into the product of two other matrices Q and R, where Q is orthogonal and R is invertible and upper triangular. The algorithm is useful for the least squares problem; i.e., the computation of the best approximation of an unsolvable system of linear equations. As a side-product, the Gram-Schmidt process has also been formalized. A refinement using immutable arrays is presented as well. The development relies, among others, on the AFP entry \"Implementing field extensions of the form Q[sqrt(b)]\" by René Thiemann, which allows execution of the algorithm using symbolic computations. Verified code can be generated and executed using floats as well.", "authors": [ "Jose Divasón", "Jesús Aransay" ], "date": "2015-02-12", - "id": 494, + "id": 495, "link": "/entries/QR_Decomposition.html", "permalink": "/entries/QR_Decomposition.html", "shortname": "QR_Decomposition", "title": "QR Decomposition", "topic_links": [ "computer-science/algorithms/mathematical", "mathematics/algebra" ], "topics": [ "Computer science/Algorithms/Mathematical", "Mathematics/Algebra" ], "used_by": 0 }, { "abstract": "Finite Automata, both deterministic and non-deterministic, for regular languages. The Myhill-Nerode Theorem. Closure under intersection, concatenation, etc. Regular expressions define regular languages. Closure under reversal; the powerset construction mapping NFAs to DFAs. Left and right languages; minimal DFAs. Brzozowski's minimization algorithm. Uniqueness up to isomorphism of minimal DFAs.", "authors": [ "Lawrence C. Paulson" ], "date": "2015-02-05", - "id": 495, + "id": 496, "link": "/entries/Finite_Automata_HF.html", "permalink": "/entries/Finite_Automata_HF.html", "shortname": "Finite_Automata_HF", "title": "Finite Automata in Hereditarily Finite Set Theory", "topic_links": [ "computer-science/automata-and-formal-languages" ], "topics": [ "Computer science/Automata and formal languages" ], "used_by": 0 }, { "abstract": "The UpDown scheme is a recursive scheme used to compute the stiffness matrix on a special form of sparse grids. Usually, when discretizing a Euclidean space of dimension d we need O(n^d) points, for n points along each dimension. Sparse grids are a hierarchical representation where the number of points is reduced to O(n * log(n)^d). One disadvantage of such sparse grids is that the algorithm now operate recursively in the dimensions and levels of the sparse grid. \u003cp\u003e The UpDown scheme allows us to compute the stiffness matrix on such a sparse grid. The stiffness matrix represents the influence of each representation function on the L^2 scalar product. For a detailed description see Dirk Pflüger's PhD thesis. This formalization was developed as an interdisciplinary project (IDP) at the Technische Universität München.", "authors": [ "Johannes Hölzl" ], "date": "2015-01-28", - "id": 496, + "id": 497, "link": "/entries/UpDown_Scheme.html", "permalink": "/entries/UpDown_Scheme.html", "shortname": "UpDown_Scheme", "title": "Verification of the UpDown Scheme", "topic_links": [ "computer-science/algorithms/mathematical" ], "topics": [ "Computer science/Algorithms/Mathematical" ], "used_by": 0 }, { "abstract": "We present the Unified Policy Framework (UPF), a generic framework for modelling security (access-control) policies. UPF emphasizes the view that a policy is a policy decision function that grants or denies access to resources, permissions, etc. In other words, instead of modelling the relations of permitted or prohibited requests directly, we model the concrete function that implements the policy decision point in a system. In more detail, UPF is based on the following four principles: 1) Functional representation of policies, 2) No conflicts are possible, 3) Three-valued decision type (allow, deny, undefined), 4) Output type not containing the decision only.", "authors": [ "Achim D. Brucker", "Lukas Brügger", "Burkhart Wolff" ], "date": "2014-11-28", - "id": 497, + "id": 498, "link": "/entries/UPF.html", "permalink": "/entries/UPF.html", "shortname": "UPF", "title": "The Unified Policy Framework (UPF)", "topic_links": [ "computer-science/security" ], "topics": [ "Computer science/Security" ], "used_by": 1 }, { "abstract": "\u003cp\u003e The Ad hoc On-demand Distance Vector (AODV) routing protocol allows the nodes in a Mobile Ad hoc Network (MANET) or a Wireless Mesh Network (WMN) to know where to forward data packets. Such a protocol is ‘loop free’ if it never leads to routing decisions that forward packets in circles. \u003cp\u003e This development mechanises an existing pen-and-paper proof of loop freedom of AODV. The protocol is modelled in the Algebra of Wireless Networks (AWN), which is the subject of an earlier paper and AFP mechanization. The proof relies on a novel compositional approach for lifting invariants to networks of nodes. \u003c/p\u003e\u003cp\u003e We exploit the mechanization to analyse several variants of AODV and show that Isabelle/HOL can re-establish most proof obligations automatically and identify exactly the steps that are no longer valid. \u003c/p\u003e", "authors": [ "Timothy Bourke", "Peter Höfner" ], "date": "2014-10-23", - "id": 498, + "id": 499, "link": "/entries/AODV.html", "permalink": "/entries/AODV.html", "shortname": "AODV", "title": "Loop freedom of the (untimed) AODV routing protocol", "topic_links": [ "computer-science/concurrency/process-calculi" ], "topics": [ "Computer science/Concurrency/Process calculi" ], "used_by": 0 }, { "abstract": "We implemented a command that can be used to easily generate elements of a restricted type \u003ctt\u003e{x :: 'a. P x}\u003c/tt\u003e, provided the definition is of the form \u003ctt\u003ef ys = (if check ys then Some(generate ys :: 'a) else None)\u003c/tt\u003e where \u003ctt\u003eys\u003c/tt\u003e is a list of variables \u003ctt\u003ey1 ... yn\u003c/tt\u003e and \u003ctt\u003echeck ys ==\u003e P(generate ys)\u003c/tt\u003e can be proved. \u003cp\u003e In principle, such a definition is also directly possible using the \u003ctt\u003elift_definition\u003c/tt\u003e command. However, then this definition will not be suitable for code-generation. To this end, we automated a more complex construction of Joachim Breitner which is amenable for code-generation, and where the test \u003ctt\u003echeck ys\u003c/tt\u003e will only be performed once. In the automation, one auxiliary type is created, and Isabelle's lifting- and transfer-package is invoked several times.", "authors": [ "René Thiemann" ], "date": "2014-10-13", - "id": 499, + "id": 500, "link": "/entries/Lifting_Definition_Option.html", "permalink": "/entries/Lifting_Definition_Option.html", "shortname": "Lifting_Definition_Option", "title": "Lifting Definition Option", "topic_links": [ "computer-science/functional-programming" ], "topics": [ "Computer science/Functional programming" ], "used_by": 0 }, { "abstract": "Stream Fusion is a system for removing intermediate list data structures from functional programs, in particular Haskell. This entry adapts stream fusion to Isabelle/HOL and its code generator. We define stream types for finite and possibly infinite lists and stream versions for most of the fusible list functions in the theories List and Coinductive_List, and prove them correct with respect to the conversion functions between lists and streams. The Stream Fusion transformation itself is implemented as a simproc in the preprocessor of the code generator. [Brian Huffman's \u003ca href=\"http://isa-afp.org/entries/Stream-Fusion.html\"\u003eAFP entry\u003c/a\u003e formalises stream fusion in HOLCF for the domain of lazy lists to prove the GHC compiler rewrite rules correct. In contrast, this work enables Isabelle's code generator to perform stream fusion itself. To that end, it covers both finite and coinductive lists from the HOL library and the Coinductive entry. The fusible list functions require specification and proof principles different from Huffman's.]", "authors": [ "Andreas Lochbihler", "Alexandra Maximova" ], "date": "2014-10-10", - "id": 500, + "id": 501, "link": "/entries/Stream_Fusion_Code.html", "permalink": "/entries/Stream_Fusion_Code.html", "shortname": "Stream_Fusion_Code", "title": "Stream Fusion in HOL with Code Generation", "topic_links": [ "computer-science/functional-programming" ], "topics": [ "Computer science/Functional programming" ], "used_by": 0 }, { "abstract": "\u003ca href=\"https://doi.org/10.1007/978-3-642-36742-7_35\"\u003eBhat et al. [TACAS 2013]\u003c/a\u003e developed an inductive compiler that computes density functions for probability spaces described by programs in a probabilistic functional language. In this work, we implement such a compiler for a modified version of this language within the theorem prover Isabelle and give a formal proof of its soundness w.r.t. the semantics of the source and target language. Together with Isabelle's code generation for inductive predicates, this yields a fully verified, executable density compiler. The proof is done in two steps: First, an abstract compiler working with abstract functions modelled directly in the theorem prover's logic is defined and proved sound. Then, this compiler is refined to a concrete version that returns a target-language expression. \u003cp\u003e An article with the same title and authors is published in the proceedings of ESOP 2015. A detailed presentation of this work can be found in the first author's master's thesis.", "authors": [ "Manuel Eberl", "Johannes Hölzl", "Tobias Nipkow" ], "date": "2014-10-09", - "id": 501, + "id": 502, "link": "/entries/Density_Compiler.html", "permalink": "/entries/Density_Compiler.html", "shortname": "Density_Compiler", "title": "A Verified Compiler for Probability Density Functions", "topic_links": [ "mathematics/probability-theory", "computer-science/programming-languages/compiling" ], "topics": [ "Mathematics/Probability theory", "Computer science/Programming languages/Compiling" ], "used_by": 0 }, { "abstract": "We present a formalization of refinement calculus for reactive systems. Refinement calculus is based on monotonic predicate transformers (monotonic functions from sets of post-states to sets of pre-states), and it is a powerful formalism for reasoning about imperative programs. We model reactive systems as monotonic property transformers that transform sets of output infinite sequences into sets of input infinite sequences. Within this semantics we can model refinement of reactive systems, (unbounded) angelic and demonic nondeterminism, sequential composition, and other semantic properties. We can model systems that may fail for some inputs, and we can model compatibility of systems. We can specify systems that have liveness properties using linear temporal logic, and we can refine system specifications into systems based on symbolic transitions systems, suitable for implementations.", "authors": [ "Viorel Preoteasa" ], "date": "2014-10-08", - "id": 502, + "id": 503, "link": "/entries/RefinementReactive.html", "permalink": "/entries/RefinementReactive.html", "shortname": "RefinementReactive", "title": "Formalization of Refinement Calculus for Reactive Systems", "topic_links": [ "computer-science/programming-languages/logics" ], "topics": [ "Computer science/Programming languages/Logics" ], "used_by": 0 }, { "abstract": "This entry provides several monads intended for the development of stand-alone certifiers via code generation from Isabelle/HOL. More specifically, there are three flavors of error monads (the sum type, for the case where all monadic functions are total; an instance of the former, the so called check monad, yielding either success without any further information or an error message; as well as a variant of the sum type that accommodates partial functions by providing an explicit bottom element) and a parser monad built on top. All of this monads are heavily used in the IsaFoR/CeTA project which thus provides many examples of their usage.", "authors": [ "Christian Sternagel", "René Thiemann" ], "date": "2014-10-03", - "id": 503, + "id": 504, "link": "/entries/Certification_Monads.html", "permalink": "/entries/Certification_Monads.html", "shortname": "Certification_Monads", "title": "Certification Monads", "topic_links": [ "computer-science/functional-programming" ], "topics": [ "Computer science/Functional programming" ], "used_by": 3 }, { "abstract": "This entry provides an XML library for Isabelle/HOL. This includes parsing and pretty printing of XML trees as well as combinators for transforming XML trees into arbitrary user-defined data. The main contribution of this entry is an interface (fit for code generation) that allows for communication between verified programs formalized in Isabelle/HOL and the outside world via XML. This library was developed as part of the IsaFoR/CeTA project to which we refer for examples of its usage.", "authors": [ "Christian Sternagel", "René Thiemann" ], "date": "2014-10-03", - "id": 504, + "id": 505, "link": "/entries/XML.html", "permalink": "/entries/XML.html", "shortname": "XML", "title": "XML", "topic_links": [ "computer-science/functional-programming", "computer-science/data-structures" ], "topics": [ "Computer science/Functional programming", "Computer science/Data structures" ], "used_by": 0 }, { "abstract": "The insertion sort algorithm of Cormen et al. (Introduction to Algorithms) is expressed in Imperative HOL and proved to be correct and terminating. For this purpose we also provide a theory about imperative loop constructs with accompanying induction/invariant rules for proving partial and total correctness. Furthermore, the formalized algorithm is fit for code generation.", "authors": [ "Christian Sternagel" ], "date": "2014-09-25", - "id": 505, + "id": 506, "link": "/entries/Imperative_Insertion_Sort.html", "permalink": "/entries/Imperative_Insertion_Sort.html", "shortname": "Imperative_Insertion_Sort", "title": "Imperative Insertion Sort", "topic_links": [ "computer-science/algorithms" ], "topics": [ "Computer science/Algorithms" ], "used_by": 0 }, { "abstract": "We have formalized the Sturm-Tarski theorem (also referred as the Tarski theorem), which generalizes Sturm's theorem. Sturm's theorem is usually used as a way to count distinct real roots, while the Sturm-Tarksi theorem forms the basis for Tarski's classic quantifier elimination for real closed field.", "authors": [ "Wenda Li" ], "date": "2014-09-19", - "id": 506, + "id": 507, "link": "/entries/Sturm_Tarski.html", "permalink": "/entries/Sturm_Tarski.html", "shortname": "Sturm_Tarski", "title": "The Sturm-Tarski Theorem", "topic_links": [ "mathematics/analysis" ], "topics": [ "Mathematics/Analysis" ], "used_by": 4 }, { "abstract": "This document contains a proof of the Cayley-Hamilton theorem based on the development of matrices in HOL/Multivariate Analysis.", "authors": [ "Stephan Adelsberger", "Stefan Hetzl", "Florian Pollak" ], "date": "2014-09-15", - "id": 507, + "id": 508, "link": "/entries/Cayley_Hamilton.html", "permalink": "/entries/Cayley_Hamilton.html", "shortname": "Cayley_Hamilton", "title": "The Cayley-Hamilton Theorem", "topic_links": [ "mathematics/algebra" ], "topics": [ "Mathematics/Algebra" ], "used_by": 1 }, { "abstract": "This submission contains theories that lead to a formalization of the proof of the Jordan-Hölder theorem about composition series of finite groups. The theories formalize the notions of isomorphism classes of groups, simple groups, normal series, composition series, maximal normal subgroups. Furthermore, they provide proofs of the second isomorphism theorem for groups, the characterization theorem for maximal normal subgroups as well as many useful lemmas about normal subgroups and factor groups. The proof is inspired by course notes of Stuart Rankin.", "authors": [ "Jakob von Raumer" ], "date": "2014-09-09", - "id": 508, + "id": 509, "link": "/entries/Jordan_Hoelder.html", "permalink": "/entries/Jordan_Hoelder.html", "shortname": "Jordan_Hoelder", "title": "The Jordan-Hölder Theorem", "topic_links": [ "mathematics/algebra" ], "topics": [ "Mathematics/Algebra" ], "used_by": 0 }, { "abstract": "This entry verifies priority queues based on Braun trees. Insertion and deletion take logarithmic time and preserve the balanced nature of Braun trees. Two implementations of deletion are provided.", "authors": [ "Tobias Nipkow" ], "date": "2014-09-04", - "id": 509, + "id": 510, "link": "/entries/Priority_Queue_Braun.html", "permalink": "/entries/Priority_Queue_Braun.html", "shortname": "Priority_Queue_Braun", "title": "Priority Queues Based on Braun Trees", "topic_links": [ "computer-science/data-structures" ], "topics": [ "Computer science/Data structures" ], "used_by": 0 }, { "abstract": "The Gauss-Jordan algorithm states that any matrix over a field can be transformed by means of elementary row operations to a matrix in reduced row echelon form. The formalization is based on the Rank Nullity Theorem entry of the AFP and on the HOL-Multivariate-Analysis session of Isabelle, where matrices are represented as functions over finite types. We have set up the code generator to make this representation executable. In order to improve the performance, a refinement to immutable arrays has been carried out. We have formalized some of the applications of the Gauss-Jordan algorithm. Thanks to this development, the following facts can be computed over matrices whose elements belong to a field: Ranks, Determinants, Inverses, Bases and dimensions and Solutions of systems of linear equations. Code can be exported to SML and Haskell.", "authors": [ "Jose Divasón", "Jesús Aransay" ], "date": "2014-09-03", - "id": 510, + "id": 511, "link": "/entries/Gauss_Jordan.html", "permalink": "/entries/Gauss_Jordan.html", "shortname": "Gauss_Jordan", "title": "Gauss-Jordan Algorithm and Its Applications", "topic_links": [ "computer-science/algorithms/mathematical" ], "topics": [ "Computer science/Algorithms/Mathematical" ], "used_by": 4 }, { "abstract": "This development proves upper and lower bounds for several familiar real-valued functions. For sin, cos, exp and sqrt, it defines and verifies infinite families of upper and lower bounds, mostly based on Taylor series expansions. For arctan, ln and exp, it verifies a finite collection of upper and lower bounds, originally obtained from the functions' continued fraction expansions using the computer algebra system Maple. A common theme in these proofs is to take the difference between a function and its approximation, which should be zero at one point, and then consider the sign of the derivative. The immediate purpose of this development is to verify axioms used by MetiTarski, an automatic theorem prover for real-valued special functions. Crucial to MetiTarski's operation is the provision of upper and lower bounds for each function of interest.", "authors": [ "Lawrence C. Paulson" ], "date": "2014-08-29", - "id": 511, + "id": 512, "link": "/entries/Special_Function_Bounds.html", "permalink": "/entries/Special_Function_Bounds.html", "shortname": "Special_Function_Bounds", "title": "Real-Valued Special Functions: Upper and Lower Bounds", "topic_links": [ "mathematics/analysis" ], "topics": [ "Mathematics/Analysis" ], "used_by": 0 }, { "abstract": "This formalisation of basic linear algebra is based completely on locales, building off HOL-Algebra. It includes basic definitions: linear combinations, span, linear independence; linear transformations; interpretation of function spaces as vector spaces; the direct sum of vector spaces, sum of subspaces; the replacement theorem; existence of bases in finite-dimensional; vector spaces, definition of dimension; the rank-nullity theorem. Some concepts are actually defined and proved for modules as they also apply there. Infinite-dimensional vector spaces are supported, but dimension is only supported for finite-dimensional vector spaces. The proofs are standard; the proofs of the replacement theorem and rank-nullity theorem roughly follow the presentation in Linear Algebra by Friedberg, Insel, and Spence. The rank-nullity theorem generalises the existing development in the Archive of Formal Proof (originally using type classes, now using a mix of type classes and locales).", "authors": [ "Holden Lee" ], "date": "2014-08-29", - "id": 512, + "id": 513, "link": "/entries/VectorSpace.html", "permalink": "/entries/VectorSpace.html", "shortname": "VectorSpace", "title": "Vector Spaces", "topic_links": [ "mathematics/algebra" ], "topics": [ "Mathematics/Algebra" ], "used_by": 3 }, { "abstract": "Skew heaps are an amazingly simple and lightweight implementation of priority queues. They were invented by Sleator and Tarjan [SIAM 1986] and have logarithmic amortized complexity. This entry provides executable and verified functional skew heaps. \u003cp\u003e The amortized complexity of skew heaps is analyzed in the AFP entry \u003ca href=\"http://isa-afp.org/entries/Amortized_Complexity.html\"\u003eAmortized Complexity\u003c/a\u003e.", "authors": [ "Tobias Nipkow" ], "date": "2014-08-13", - "id": 513, + "id": 514, "link": "/entries/Skew_Heap.html", "permalink": "/entries/Skew_Heap.html", "shortname": "Skew_Heap", "title": "Skew Heap", "topic_links": [ "computer-science/data-structures" ], "topics": [ "Computer science/Data structures" ], "used_by": 1 }, { "abstract": "Splay trees are self-adjusting binary search trees which were invented by Sleator and Tarjan [JACM 1985]. This entry provides executable and verified functional splay trees as well as the related splay heaps (due to Okasaki). \u003cp\u003e The amortized complexity of splay trees and heaps is analyzed in the AFP entry \u003ca href=\"http://isa-afp.org/entries/Amortized_Complexity.html\"\u003eAmortized Complexity\u003c/a\u003e.", "authors": [ "Tobias Nipkow" ], "date": "2014-08-12", - "id": 514, + "id": 515, "link": "/entries/Splay_Tree.html", "permalink": "/entries/Splay_Tree.html", "shortname": "Splay_Tree", "title": "Splay Tree", "topic_links": [ "computer-science/data-structures" ], "topics": [ "Computer science/Data structures" ], "used_by": 1 }, { "abstract": "We implemented a type class for \"to-string\" functions, similar to Haskell's Show class. Moreover, we provide instantiations for Isabelle/HOL's standard types like bool, prod, sum, nats, ints, and rats. It is further possible, to automatically derive show functions for arbitrary user defined datatypes similar to Haskell's \"deriving Show\".", "authors": [ "Christian Sternagel", "René Thiemann" ], "date": "2014-07-29", - "id": 515, + "id": 516, "link": "/entries/Show.html", "permalink": "/entries/Show.html", "shortname": "Show", "title": "Haskell's Show Class in Isabelle/HOL", "topic_links": [ "computer-science/functional-programming" ], "topics": [ "Computer science/Functional programming" ], "used_by": 16 }, { "abstract": "\u003cp\u003eIntransitive noninterference has been a widely studied topic in the last few decades. Several well-established methodologies apply interactive theorem proving to formulate a noninterference theorem over abstract academic models. In joint work with several industrial and academic partners throughout Europe, we are helping in the certification process of PikeOS, an industrial separation kernel developed at SYSGO. In this process, established theories could not be applied. We present a new generic model of separation kernels and a new theory of intransitive noninterference. The model is rich in detail, making it suitable for formal verification of realistic and industrial systems such as PikeOS. Using a refinement-based theorem proving approach, we ensure that proofs remain manageable.\u003c/p\u003e \u003cp\u003e This document corresponds to the deliverable D31.1 of the EURO-MILS Project \u003ca href=\"http://www.euromils.eu\"\u003ehttp://www.euromils.eu\u003c/a\u003e.\u003c/p\u003e", "authors": [ "Freek Verbeek", "Sergey Tverdyshev", "Oto Havle", "Holger Blasum", "Bruno Langenstein", "Werner Stephan", "Yakoub Nemouchi", "Abderrahmane Feliachi", "Burkhart Wolff", "Julien Schmaltz" ], "date": "2014-07-18", - "id": 516, + "id": 517, "link": "/entries/CISC-Kernel.html", "permalink": "/entries/CISC-Kernel.html", "shortname": "CISC-Kernel", "title": "Formal Specification of a Generic Separation Kernel", "topic_links": [ "computer-science/security" ], "topics": [ "Computer science/Security" ], "used_by": 0 }, { "abstract": "\u003cp\u003epGCL is both a programming language and a specification language that incorporates both probabilistic and nondeterministic choice, in a unified manner. Program verification is by refinement or annotation (or both), using either Hoare triples, or weakest-precondition entailment, in the style of GCL.\u003c/p\u003e \u003cp\u003e This package provides both a shallow embedding of the language primitives, and an annotation and refinement framework. The generated document includes a brief tutorial.\u003c/p\u003e", "authors": [ "David Cock" ], "date": "2014-07-13", - "id": 517, + "id": 518, "link": "/entries/pGCL.html", "permalink": "/entries/pGCL.html", "shortname": "pGCL", "title": "pGCL for Isabelle", "topic_links": [ "computer-science/programming-languages/language-definitions" ], "topics": [ "Computer science/Programming languages/Language definitions" ], "used_by": 0 }, { "abstract": "A framework for the analysis of the amortized complexity of functional data structures is formalized in Isabelle/HOL and applied to a number of standard examples and to the folowing non-trivial ones: skew heaps, splay trees, splay heaps and pairing heaps. \u003cp\u003e A preliminary version of this work (without pairing heaps) is described in a \u003ca href=\"http://www21.in.tum.de/~nipkow/pubs/itp15.html\"\u003epaper\u003c/a\u003e published in the proceedings of the conference on Interactive Theorem Proving ITP 2015. An extended version of this publication is available \u003ca href=\"http://www21.in.tum.de/~nipkow/pubs/jfp16.html\"\u003ehere\u003c/a\u003e.", "authors": [ "Tobias Nipkow" ], "date": "2014-07-07", - "id": 518, + "id": 519, "link": "/entries/Amortized_Complexity.html", "permalink": "/entries/Amortized_Complexity.html", "shortname": "Amortized_Complexity", "title": "Amortized Complexity Verified", "topic_links": [ "computer-science/data-structures" ], "topics": [ "Computer science/Data structures" ], "used_by": 2 }, { "abstract": "We present a unified theory for verifying network security policies. A security policy is represented as directed graph. To check high-level security goals, security invariants over the policy are expressed. We cover monotonic security invariants, i.e. prohibiting more does not harm security. We provide the following contributions for the security invariant theory. \u003cul\u003e \u003cli\u003eSecure auto-completion of scenario-specific knowledge, which eases usability.\u003c/li\u003e \u003cli\u003eSecurity violations can be repaired by tightening the policy iff the security invariants hold for the deny-all policy.\u003c/li\u003e \u003cli\u003eAn algorithm to compute a security policy.\u003c/li\u003e \u003cli\u003eA formalization of stateful connection semantics in network security mechanisms.\u003c/li\u003e \u003cli\u003eAn algorithm to compute a secure stateful implementation of a policy.\u003c/li\u003e \u003cli\u003eAn executable implementation of all the theory.\u003c/li\u003e \u003cli\u003eExamples, ranging from an aircraft cabin data network to the analysis of a large real-world firewall.\u003c/li\u003e \u003cli\u003eMore examples: A fully automated translation of high-level security goals to both firewall and SDN configurations (see Examples/Distributed_WebApp.thy).\u003c/li\u003e \u003c/ul\u003e For a detailed description, see \u003cul\u003e \u003cli\u003eC. Diekmann, A. Korsten, and G. Carle. \u003ca href=\"http://www.net.in.tum.de/fileadmin/bibtex/publications/papers/diekmann2015mansdnnfv.pdf\"\u003eDemonstrating topoS: Theorem-prover-based synthesis of secure network configurations.\u003c/a\u003e In 2nd International Workshop on Management of SDN and NFV Systems, manSDN/NFV, Barcelona, Spain, November 2015.\u003c/li\u003e \u003cli\u003eC. Diekmann, S.-A. Posselt, H. Niedermayer, H. Kinkelin, O. Hanka, and G. Carle. \u003ca href=\"http://www.net.in.tum.de/pub/diekmann/forte14.pdf\"\u003eVerifying Security Policies using Host Attributes.\u003c/a\u003e In FORTE, 34th IFIP International Conference on Formal Techniques for Distributed Objects, Components and Systems, Berlin, Germany, June 2014.\u003c/li\u003e \u003cli\u003eC. Diekmann, L. Hupel, and G. Carle. Directed Security Policies: \u003ca href=\"http://rvg.web.cse.unsw.edu.au/eptcs/paper.cgi?ESSS2014.3\"\u003eA Stateful Network Implementation.\u003c/a\u003e In J. Pang and Y. Liu, editors, Engineering Safety and Security Systems, volume 150 of Electronic Proceedings in Theoretical Computer Science, pages 20-34, Singapore, May 2014. Open Publishing Association.\u003c/li\u003e \u003c/ul\u003e", "authors": [ "Cornelius Diekmann" ], "date": "2014-07-04", - "id": 519, + "id": 520, "link": "/entries/Network_Security_Policy_Verification.html", "permalink": "/entries/Network_Security_Policy_Verification.html", "shortname": "Network_Security_Policy_Verification", "title": "Network Security Policy Verification", "topic_links": [ "computer-science/security" ], "topics": [ "Computer science/Security" ], "used_by": 0 }, { "abstract": "Pop-refinement is an approach to stepwise refinement, carried out inside an interactive theorem prover by constructing a monotonically decreasing sequence of predicates over deeply embedded target programs. The sequence starts with a predicate that characterizes the possible implementations, and ends with a predicate that characterizes a unique program in explicit syntactic form. Pop-refinement enables more requirements (e.g. program-level and non-functional) to be captured in the initial specification and preserved through refinement. Security requirements expressed as hyperproperties (i.e. predicates over sets of traces) are always preserved by pop-refinement, unlike the popular notion of refinement as trace set inclusion. Two simple examples in Isabelle/HOL are presented, featuring program-level requirements, non-functional requirements, and hyperproperties.", "authors": [ "Alessandro Coglio" ], "date": "2014-07-03", - "id": 520, + "id": 521, "link": "/entries/Pop_Refinement.html", "permalink": "/entries/Pop_Refinement.html", "shortname": "Pop_Refinement", "title": "Pop-Refinement", "topic_links": [ "computer-science/programming-languages/misc" ], "topics": [ "Computer science/Programming languages/Misc" ], "used_by": 0 }, { "abstract": "Monadic second-order logic on finite words (MSO) is a decidable yet expressive logic into which many decision problems can be encoded. Since MSO formulas correspond to regular languages, equivalence of MSO formulas can be reduced to the equivalence of some regular structures (e.g. automata). We verify an executable decision procedure for MSO formulas that is not based on automata but on regular expressions. \u003cp\u003e Decision procedures for regular expression equivalence have been formalized before, usually based on Brzozowski derivatives. Yet, for a straightforward embedding of MSO formulas into regular expressions an extension of regular expressions with a projection operation is required. We prove total correctness and completeness of an equivalence checker for regular expressions extended in that way. We also define a language-preserving translation of formulas into regular expressions with respect to two different semantics of MSO. \u003cp\u003e The formalization is described in this \u003ca href=\"http://www21.in.tum.de/~nipkow/pubs/icfp13.html\"\u003eICFP 2013 functional pearl\u003c/a\u003e.", "authors": [ "Dmitriy Traytel", "Tobias Nipkow" ], "date": "2014-06-12", - "id": 521, + "id": 522, "link": "/entries/MSO_Regex_Equivalence.html", "permalink": "/entries/MSO_Regex_Equivalence.html", "shortname": "MSO_Regex_Equivalence", "title": "Decision Procedures for MSO on Words Based on Derivatives of Regular Expressions", "topic_links": [ "computer-science/automata-and-formal-languages", "logic/general-logic/decidability-of-theories" ], "topics": [ "Computer science/Automata and formal languages", "Logic/General logic/Decidability of theories" ], "used_by": 0 }, { "abstract": "This entry provides executable checkers for the following properties of boolean expressions: satisfiability, tautology and equivalence. Internally, the checkers operate on binary decision trees and are reasonably efficient (for purely functional algorithms).", "authors": [ "Tobias Nipkow" ], "date": "2014-06-08", - "id": 522, + "id": 523, "link": "/entries/Boolean_Expression_Checkers.html", "permalink": "/entries/Boolean_Expression_Checkers.html", "shortname": "Boolean_Expression_Checkers", "title": "Boolean Expression Checkers", "topic_links": [ "computer-science/algorithms", "logic/general-logic/mechanization-of-proofs" ], "topics": [ "Computer science/Algorithms", "Logic/General logic/Mechanization of proofs" ], "used_by": 2 }, { "abstract": "We present an LTL model checker whose code has been completely verified using the Isabelle theorem prover. The checker consists of over 4000 lines of ML code. The code is produced using the Isabelle Refinement Framework, which allows us to split its correctness proof into (1) the proof of an abstract version of the checker, consisting of a few hundred lines of ``formalized pseudocode'', and (2) a verified refinement step in which mathematical sets and other abstract structures are replaced by implementations of efficient structures like red-black trees and functional arrays. This leads to a checker that, while still slower than unverified checkers, can already be used as a trusted reference implementation against which advanced implementations can be tested. \u003cp\u003e An early version of this model checker is described in the \u003ca href=\"http://www21.in.tum.de/~nipkow/pubs/cav13.html\"\u003eCAV 2013 paper\u003c/a\u003e with the same title.", "authors": [ "Javier Esparza", "Peter Lammich", "René Neumann", "Tobias Nipkow", "Alexander Schimpf", "Jan-Georg Smaus" ], "date": "2014-05-28", - "id": 523, + "id": 524, "link": "/entries/CAVA_LTL_Modelchecker.html", "permalink": "/entries/CAVA_LTL_Modelchecker.html", "shortname": "CAVA_LTL_Modelchecker", "title": "A Fully Verified Executable LTL Model Checker", "topic_links": [ "computer-science/automata-and-formal-languages" ], "topics": [ "Computer science/Automata and formal languages" ], "used_by": 0 }, { "abstract": "We formalize linear-time temporal logic (LTL) and the algorithm by Gerth et al. to convert LTL formulas to generalized Büchi automata. We also formalize some syntactic rewrite rules that can be applied to optimize the LTL formula before conversion. Moreover, we integrate the Stuttering Equivalence AFP-Entry by Stefan Merz, adapting the lemma that next-free LTL formula cannot distinguish between stuttering equivalent runs to our setting. \u003cp\u003e We use the Isabelle Refinement and Collection framework, as well as the Autoref tool, to obtain a refined version of our algorithm, from which efficiently executable code can be extracted.", "authors": [ "Alexander Schimpf", "Peter Lammich" ], "date": "2014-05-28", - "id": 524, + "id": 525, "link": "/entries/LTL_to_GBA.html", "permalink": "/entries/LTL_to_GBA.html", "shortname": "LTL_to_GBA", "title": "Converting Linear-Time Temporal Logic to Generalized Büchi Automata", "topic_links": [ "computer-science/automata-and-formal-languages" ], "topics": [ "Computer science/Automata and formal languages" ], "used_by": 1 }, { "abstract": "We present an executable formalization of the language Promela, the description language for models of the model checker SPIN. This formalization is part of the work for a completely verified model checker (CAVA), but also serves as a useful (and executable!) description of the semantics of the language itself, something that is currently missing. The formalization uses three steps: It takes an abstract syntax tree generated from an SML parser, removes syntactic sugar and enriches it with type information. This further gets translated into a transition system, on which the semantic engine (read: successor function) operates.", "authors": [ "René Neumann" ], "date": "2014-05-28", - "id": 525, + "id": 526, "link": "/entries/Promela.html", "permalink": "/entries/Promela.html", "shortname": "Promela", "title": "Promela Formalization", "topic_links": [ "computer-science/system-description-languages" ], "topics": [ "Computer science/System description languages" ], "used_by": 1 }, { "abstract": "We report on the graph and automata library that is used in the fully verified LTL model checker CAVA. As most components of CAVA use some type of graphs or automata, a common automata library simplifies assembly of the components and reduces redundancy. \u003cp\u003e The CAVA Automata Library provides a hierarchy of graph and automata classes, together with some standard algorithms. Its object oriented design allows for sharing of algorithms, theorems, and implementations between its classes, and also simplifies extensions of the library. Moreover, it is integrated into the Automatic Refinement Framework, supporting automatic refinement of the abstract automata types to efficient data structures. \u003cp\u003e Note that the CAVA Automata Library is work in progress. Currently, it is very specifically tailored towards the requirements of the CAVA model checker. Nevertheless, the formalization techniques presented here allow an extension of the library to a wider scope. Moreover, they are not limited to graph libraries, but apply to class hierarchies in general. \u003cp\u003e The CAVA Automata Library is described in the paper: Peter Lammich, The CAVA Automata Library, Isabelle Workshop 2014.", "authors": [ "Peter Lammich" ], "date": "2014-05-28", - "id": 526, + "id": 527, "link": "/entries/CAVA_Automata.html", "permalink": "/entries/CAVA_Automata.html", "shortname": "CAVA_Automata", "title": "The CAVA Automata Library", "topic_links": [ "computer-science/automata-and-formal-languages" ], "topics": [ "Computer science/Automata and formal languages" ], "used_by": 8 }, { "abstract": "We present an Isabelle/HOL formalization of Gabow's algorithm for finding the strongly connected components of a directed graph. Using data refinement techniques, we extract efficient code that performs comparable to a reference implementation in Java. Our style of formalization allows for re-using large parts of the proofs when defining variants of the algorithm. We demonstrate this by verifying an algorithm for the emptiness check of generalized Büchi automata, re-using most of the existing proofs.", "authors": [ "Peter Lammich" ], "date": "2014-05-28", - "id": 527, + "id": 528, "link": "/entries/Gabow_SCC.html", "permalink": "/entries/Gabow_SCC.html", "shortname": "Gabow_SCC", "title": "Verified Efficient Implementation of Gabow's Strongly Connected Components Algorithm", "topic_links": [ "computer-science/algorithms/graph", "mathematics/graph-theory" ], "topics": [ "Computer science/Algorithms/Graph", "Mathematics/Graph theory" ], "used_by": 2 }, { "abstract": "\u003cp\u003e An extension of classical noninterference security for deterministic state machines, as introduced by Goguen and Meseguer and elegantly formalized by Rushby, to nondeterministic systems should satisfy two fundamental requirements: it should be based on a mathematically precise theory of nondeterminism, and should be equivalent to (or at least not weaker than) the classical notion in the degenerate deterministic case. \u003c/p\u003e \u003cp\u003e This paper proposes a definition of noninterference security applying to Hoare's Communicating Sequential Processes (CSP) in the general case of a possibly intransitive noninterference policy, and proves the equivalence of this security property to classical noninterference security for processes representing deterministic state machines. \u003c/p\u003e \u003cp\u003e Furthermore, McCullough's generalized noninterference security is shown to be weaker than both the proposed notion of CSP noninterference security for a generic process, and classical noninterference security for processes representing deterministic state machines. This renders CSP noninterference security preferable as an extension of classical noninterference security to nondeterministic systems. \u003c/p\u003e", "authors": [ "Pasquale Noce" ], "date": "2014-05-23", - "id": 528, + "id": 529, "link": "/entries/Noninterference_CSP.html", "permalink": "/entries/Noninterference_CSP.html", "shortname": "Noninterference_CSP", "title": "Noninterference Security in Communicating Sequential Processes", "topic_links": [ "computer-science/security" ], "topics": [ "Computer science/Security" ], "used_by": 1 }, { "abstract": "This formulation of the Roy-Floyd-Warshall algorithm for the transitive closure bypasses matrices and arrays, but uses a more direct mathematical model with adjacency functions for immediate predecessors and successors. This can be implemented efficiently in functional programming languages and is particularly adequate for sparse relations.", "authors": [ "Makarius Wenzel" ], "date": "2014-05-23", - "id": 529, + "id": 530, "link": "/entries/Roy_Floyd_Warshall.html", "permalink": "/entries/Roy_Floyd_Warshall.html", "shortname": "Roy_Floyd_Warshall", "title": "Transitive closure according to Roy-Floyd-Warshall", "topic_links": [ "computer-science/algorithms/graph" ], "topics": [ "Computer science/Algorithms/Graph" ], "used_by": 0 }, { "abstract": "Regular algebras axiomatise the equational theory of regular expressions as induced by regular language identity. We use Isabelle/HOL for a detailed systematic study of regular algebras given by Boffa, Conway, Kozen and Salomaa. We investigate the relationships between these classes, formalise a soundness proof for the smallest class (Salomaa's) and obtain completeness of the largest one (Boffa's) relative to a deep result by Krob. In addition we provide a large collection of regular identities in the general setting of Boffa's axiom. Our regular algebra hierarchy is orthogonal to the Kleene algebra hierarchy in the Archive of Formal Proofs; we have not aimed at an integration for pragmatic reasons.", "authors": [ "Simon Foster", "Georg Struth" ], "date": "2014-05-21", - "id": 530, + "id": 531, "link": "/entries/Regular_Algebras.html", "permalink": "/entries/Regular_Algebras.html", "shortname": "Regular_Algebras", "title": "Regular Algebras", "topic_links": [ "computer-science/automata-and-formal-languages", "mathematics/algebra" ], "topics": [ "Computer science/Automata and formal languages", "Mathematics/Algebra" ], "used_by": 0 }, { "abstract": "This set of theories presents a formalisation in Isabelle/HOL of data dependencies between components. The approach allows to analyse system structure oriented towards efficient checking of system: it aims at elaborating for a concrete system, which parts of the system are necessary to check a given property.", "authors": [ "Maria Spichkova" ], "date": "2014-04-28", - "id": 531, + "id": 532, "link": "/entries/ComponentDependencies.html", "permalink": "/entries/ComponentDependencies.html", "shortname": "ComponentDependencies", "title": "Formalisation and Analysis of Component Dependencies", "topic_links": [ "computer-science/system-description-languages" ], "topics": [ "Computer science/System description languages" ], "used_by": 0 }, { "abstract": "Research in information-flow security aims at developing methods to identify undesired information leaks within programs from private (high) sources to public (low) sinks. For a concurrent system, it is desirable to have compositional analysis methods that allow for analyzing each thread independently and that nevertheless guarantee that the parallel composition of successfully analyzed threads satisfies a global security guarantee. However, such a compositional analysis should not be overly pessimistic about what an environment might do with shared resources. Otherwise, the analysis will reject many intuitively secure programs. \u003cp\u003e The paper \"Assumptions and Guarantees for Compositional Noninterference\" by Mantel et. al. presents one solution for this problem: an approach for compositionally reasoning about non-interference in concurrent programs via rely-guarantee-style reasoning. We present an Isabelle/HOL formalization of the concepts and proofs of this approach.", "authors": [ "Sylvia Grewe", "Heiko Mantel", "Daniel Schoepe" ], "date": "2014-04-23", - "id": 532, + "id": 533, "link": "/entries/SIFUM_Type_Systems.html", "permalink": "/entries/SIFUM_Type_Systems.html", "shortname": "SIFUM_Type_Systems", "title": "A Formalization of Assumptions and Guarantees for Compositional Noninterference", "topic_links": [ "computer-science/security", "computer-science/programming-languages/type-systems" ], "topics": [ "Computer science/Security", "Computer science/Programming languages/Type systems" ], "used_by": 0 }, { "abstract": "Research in information-flow security aims at developing methods to identify undesired information leaks within programs from private sources to public sinks. Noninterference captures this intuition by requiring that no information whatsoever flows from private sources to public sinks. However, in practice this definition is often too strict: Depending on the intuitive desired security policy, the controlled declassification of certain private information (WHAT) at certain points in the program (WHERE) might not result in an undesired information leak. \u003cp\u003e We present an Isabelle/HOL formalization of such a security property for controlled declassification, namely WHAT\u0026WHERE-security from \"Scheduler-Independent Declassification\" by Lux, Mantel, and Perner. The formalization includes compositionality proofs for and a soundness proof for a security type system that checks for programs in a simple while language with dynamic thread creation. \u003cp\u003e Our formalization of the security type system is abstract in the language for expressions and in the semantic side conditions for expressions. It can easily be instantiated with different syntactic approximations for these side conditions. The soundness proof of such an instantiation boils down to showing that these syntactic approximations imply the semantic side conditions. \u003cp\u003e This Isabelle/HOL formalization uses theories from the entry Strong Security.", "authors": [ "Sylvia Grewe", "Alexander Lux", "Heiko Mantel", "Jens Sauer" ], "date": "2014-04-23", - "id": 533, + "id": 534, "link": "/entries/WHATandWHERE_Security.html", "permalink": "/entries/WHATandWHERE_Security.html", "shortname": "WHATandWHERE_Security", "title": "A Formalization of Declassification with WHAT-and-WHERE-Security", "topic_links": [ "computer-science/security", "computer-science/programming-languages/type-systems" ], "topics": [ "Computer science/Security", "Computer science/Programming languages/Type systems" ], "used_by": 0 }, { "abstract": "Research in information-flow security aims at developing methods to identify undesired information leaks within programs from private sources to public sinks. Noninterference captures this intuition. Strong security from Sabelfeld and Sands formalizes noninterference for concurrent systems. \u003cp\u003e We present an Isabelle/HOL formalization of strong security for arbitrary security lattices (Sabelfeld and Sands use a two-element security lattice in the original publication). The formalization includes compositionality proofs for strong security and a soundness proof for a security type system that checks strong security for programs in a simple while language with dynamic thread creation. \u003cp\u003e Our formalization of the security type system is abstract in the language for expressions and in the semantic side conditions for expressions. It can easily be instantiated with different syntactic approximations for these side conditions. The soundness proof of such an instantiation boils down to showing that these syntactic approximations imply the semantic side conditions.", "authors": [ "Sylvia Grewe", "Alexander Lux", "Heiko Mantel", "Jens Sauer" ], "date": "2014-04-23", - "id": 534, + "id": 535, "link": "/entries/Strong_Security.html", "permalink": "/entries/Strong_Security.html", "shortname": "Strong_Security", "title": "A Formalization of Strong Security", "topic_links": [ "computer-science/security", "computer-science/programming-languages/type-systems" ], "topics": [ "Computer science/Security", "Computer science/Programming languages/Type systems" ], "used_by": 1 }, { "abstract": "This is a formalization of bounded-deducibility security (BD security), a flexible notion of information-flow security applicable to arbitrary transition systems. It generalizes Sutherland's classic notion of nondeducibility by factoring in declassification bounds and trigger, whereas nondeducibility states that, in a system, information cannot flow between specified sources and sinks, BD security indicates upper bounds for the flow and triggers under which these upper bounds are no longer guaranteed.", "authors": [ "Andrei Popescu", "Peter Lammich", "Thomas Bauereiss" ], "date": "2014-04-22", - "id": 535, + "id": 536, "link": "/entries/Bounded_Deducibility_Security.html", "permalink": "/entries/Bounded_Deducibility_Security.html", "shortname": "Bounded_Deducibility_Security", "title": "Bounded-Deducibility Security", "topic_links": [ "computer-science/security" ], "topics": [ "Computer science/Security" ], "used_by": 3 }, { "abstract": "We formalize HyperCTL*, a temporal logic for expressing security properties. We first define a shallow embedding of HyperCTL*, within which we prove inductive and coinductive rules for the operators. Then we show that a HyperCTL* formula captures Goguen-Meseguer noninterference, a landmark information flow property. We also define a deep embedding and connect it to the shallow embedding by a denotational semantics, for which we prove sanity w.r.t. dependence on the free variables. Finally, we show that under some finiteness assumptions about the model, noninterference is given by a (finitary) syntactic formula.", "authors": [ "Markus N. Rabe", "Peter Lammich", "Andrei Popescu" ], "date": "2014-04-16", - "id": 536, + "id": 537, "link": "/entries/HyperCTL.html", "permalink": "/entries/HyperCTL.html", "shortname": "HyperCTL", "title": "A shallow embedding of HyperCTL*", "topic_links": [ "computer-science/security", "logic/general-logic/temporal-logic" ], "topics": [ "Computer science/Security", "Logic/General logic/Temporal logic" ], "used_by": 0 }, { "abstract": "A formalization of an abstract property of possibly infinite derivation trees (modeled by a codatatype), representing the core of a proof (in Beth/Hintikka style) of the first-order logic completeness theorem, independent of the concrete syntax or inference rules. This work is described in detail in the IJCAR 2014 publication by the authors. The abstract proof can be instantiated for a wide range of Gentzen and tableau systems as well as various flavors of FOL---e.g., with or without predicates, equality, or sorts. Here, we give only a toy example instantiation with classical propositional logic. A more serious instance---many-sorted FOL with equality---is described elsewhere [Blanchette and Popescu, FroCoS 2013].", "authors": [ "Jasmin Christian Blanchette", "Andrei Popescu", "Dmitriy Traytel" ], "date": "2014-04-16", - "id": 537, + "id": 538, "link": "/entries/Abstract_Completeness.html", "permalink": "/entries/Abstract_Completeness.html", "shortname": "Abstract_Completeness", "title": "Abstract Completeness", "topic_links": [ "logic/proof-theory" ], "topics": [ "Logic/Proof theory" ], "used_by": 4 }, { "abstract": "These theories introduce basic concepts and proofs about discrete summation: shifts, formal summation, falling factorials and stirling numbers. As proof of concept, a simple summation conversion is provided.", "authors": [ "Florian Haftmann" ], "date": "2014-04-13", - "id": 538, + "id": 539, "link": "/entries/Discrete_Summation.html", "permalink": "/entries/Discrete_Summation.html", "shortname": "Discrete_Summation", "title": "Discrete Summation", "topic_links": [ "mathematics/combinatorics" ], "topics": [ "Mathematics/Combinatorics" ], "used_by": 2 }, { "abstract": "This document accompanies the article \"The Design and Implementation of a Verification Technique for GPU Kernels\" by Adam Betts, Nathan Chong, Alastair F. Donaldson, Jeroen Ketema, Shaz Qadeer, Paul Thomson and John Wickerson. It formalises all of the definitions provided in Sections 3 and 4 of the article.", "authors": [ "John Wickerson" ], "date": "2014-04-03", - "id": 539, + "id": 540, "link": "/entries/GPU_Kernel_PL.html", "permalink": "/entries/GPU_Kernel_PL.html", "shortname": "GPU_Kernel_PL", "title": "Syntax and semantics of a GPU kernel programming language", "topic_links": [ "computer-science/programming-languages/language-definitions" ], "topics": [ "Computer science/Programming languages/Language definitions" ], "used_by": 0 }, { "abstract": "We formalize a probabilistic noninterference for a multi-threaded language with uniform scheduling, where probabilistic behaviour comes from both the scheduler and the individual threads. We define notions probabilistic noninterference in two variants: resumption-based and trace-based. For the resumption-based notions, we prove compositionality w.r.t. the language constructs and establish sound type-system-like syntactic criteria. This is a formalization of the mathematical development presented at CPP 2013 and CALCO 2013. It is the probabilistic variant of the Possibilistic Noninterference AFP entry.", "authors": [ "Andrei Popescu", "Johannes Hölzl" ], "date": "2014-03-11", - "id": 540, + "id": 541, "link": "/entries/Probabilistic_Noninterference.html", "permalink": "/entries/Probabilistic_Noninterference.html", "shortname": "Probabilistic_Noninterference", "title": "Probabilistic Noninterference", "topic_links": [ "computer-science/security" ], "topics": [ "Computer science/Security" ], "used_by": 0 }, { "abstract": "\u003cp\u003e AWN is a process algebra developed for modelling and analysing protocols for Mobile Ad hoc Networks (MANETs) and Wireless Mesh Networks (WMNs). AWN models comprise five distinct layers: sequential processes, local parallel compositions, nodes, partial networks, and complete networks.\u003c/p\u003e \u003cp\u003e This development mechanises the original operational semantics of AWN and introduces a variant 'open' operational semantics that enables the compositional statement and proof of invariants across distinct network nodes. It supports labels (for weakening invariants) and (abstract) data state manipulations. A framework for compositional invariant proofs is developed, including a tactic (inv_cterms) for inductive invariant proofs of sequential processes, lifting rules for the open versions of the higher layers, and a rule for transferring lifted properties back to the standard semantics. A notion of 'control terms' reduces proof obligations to the subset of subterms that act directly (in contrast to operators for combining terms and joining processes).\u003c/p\u003e", "authors": [ "Timothy Bourke" ], "date": "2014-03-08", - "id": 541, + "id": 542, "link": "/entries/AWN.html", "permalink": "/entries/AWN.html", "shortname": "AWN", "title": "Mechanization of the Algebra for Wireless Networks (AWN)", "topic_links": [ "computer-science/concurrency/process-calculi" ], "topics": [ "Computer science/Concurrency/Process calculi" ], "used_by": 1 }, { "abstract": "We provide a wrapper around the partial-function command that supports mutual recursion.", "authors": [ "René Thiemann" ], "date": "2014-02-18", - "id": 542, + "id": 543, "link": "/entries/Partial_Function_MR.html", "permalink": "/entries/Partial_Function_MR.html", "shortname": "Partial_Function_MR", "title": "Mutually Recursive Partial Functions", "topic_links": [ "computer-science/functional-programming" ], "topics": [ "Computer science/Functional programming" ], "used_by": 2 }, { "abstract": "Random graphs are graphs with a fixed number of vertices, where each edge is present with a fixed probability. We are interested in the probability that a random graph contains a certain pattern, for example a cycle or a clique. A very high edge probability gives rise to perhaps too many edges (which degrades performance for many algorithms), whereas a low edge probability might result in a disconnected graph. We prove a theorem about a threshold probability such that a higher edge probability will asymptotically almost surely produce a random graph with the desired subgraph.", "authors": [ "Lars Hupel" ], "date": "2014-02-13", - "id": 543, + "id": 544, "link": "/entries/Random_Graph_Subgraph_Threshold.html", "permalink": "/entries/Random_Graph_Subgraph_Threshold.html", "shortname": "Random_Graph_Subgraph_Threshold", "title": "Properties of Random Graphs -- Subgraph Containment", "topic_links": [ "mathematics/graph-theory", "mathematics/probability-theory" ], "topics": [ "Mathematics/Graph theory", "Mathematics/Probability theory" ], "used_by": 1 }, { "abstract": "Stepwise program refinement techniques can be used to simplify program verification. Programs are better understood since their main properties are clearly stated, and verification of rather complex algorithms is reduced to proving simple statements connecting successive program specifications. Additionally, it is easy to analyze similar algorithms and to compare their properties within a single formalization. Usually, formal analysis is not done in educational setting due to complexity of verification and a lack of tools and procedures to make comparison easy. Verification of an algorithm should not only give correctness proof, but also better understanding of an algorithm. If the verification is based on small step program refinement, it can become simple enough to be demonstrated within the university-level computer science curriculum. In this paper we demonstrate this and give a formal analysis of two well known algorithms (Selection Sort and Heap Sort) using proof assistant Isabelle/HOL and program refinement techniques.", "authors": [ "Danijela Petrovic" ], "date": "2014-02-11", - "id": 544, + "id": 545, "link": "/entries/Selection_Heap_Sort.html", "permalink": "/entries/Selection_Heap_Sort.html", "shortname": "Selection_Heap_Sort", "title": "Verification of Selection and Heap Sort Using Locales", "topic_links": [ "computer-science/algorithms" ], "topics": [ "Computer science/Algorithms" ], "used_by": 0 }, { "abstract": "We give a formalization of affine forms as abstract representations of zonotopes. We provide affine operations as well as overapproximations of some non-affine operations like multiplication and division. Expressions involving those operations can automatically be turned into (executable) functions approximating the original expression in affine arithmetic.", "authors": [ "Fabian Immler" ], "date": "2014-02-07", - "id": 545, + "id": 546, "link": "/entries/Affine_Arithmetic.html", "permalink": "/entries/Affine_Arithmetic.html", "shortname": "Affine_Arithmetic", "title": "Affine Arithmetic", "topic_links": [ "mathematics/analysis" ], "topics": [ "Mathematics/Analysis" ], "used_by": 2 }, { "abstract": "We apply data refinement to implement the real numbers, where we support all numbers in the field extension Q[sqrt(b)], i.e., all numbers of the form p + q * sqrt(b) for rational numbers p and q and some fixed natural number b. To this end, we also developed algorithms to precisely compute roots of a rational number, and to perform a factorization of natural numbers which eliminates duplicate prime factors. \u003cp\u003e Our results have been used to certify termination proofs which involve polynomial interpretations over the reals.", "authors": [ "René Thiemann" ], "date": "2014-02-06", - "id": 546, + "id": 547, "link": "/entries/Real_Impl.html", "permalink": "/entries/Real_Impl.html", "shortname": "Real_Impl", "title": "Implementing field extensions of the form Q[sqrt(b)]", "topic_links": [ "mathematics/analysis" ], "topics": [ "Mathematics/Analysis" ], "used_by": 2 }, { "abstract": "We formalize a unified framework for verified decision procedures for regular expression equivalence. Five recently published formalizations of such decision procedures (three based on derivatives, two on marked regular expressions) can be obtained as instances of the framework. We discover that the two approaches based on marked regular expressions, which were previously thought to be the same, are different, and one seems to produce uniformly smaller automata. The common framework makes it possible to compare the performance of the different decision procedures in a meaningful way. \u003ca href=\"http://www21.in.tum.de/~nipkow/pubs/itp14.html\"\u003e The formalization is described in a paper of the same name presented at Interactive Theorem Proving 2014\u003c/a\u003e.", "authors": [ "Tobias Nipkow", "Dmitriy Traytel" ], "date": "2014-01-30", - "id": 547, + "id": 548, "link": "/entries/Regex_Equivalence.html", "permalink": "/entries/Regex_Equivalence.html", "shortname": "Regex_Equivalence", "title": "Unified Decision Procedures for Regular Expression Equivalence", "topic_links": [ "computer-science/automata-and-formal-languages" ], "topics": [ "Computer science/Automata and formal languages" ], "used_by": 0 }, { "abstract": "These theories extend the existing proof of the first Sylow theorem (written by Florian Kammueller and L. C. Paulson) by what are often called the second, third and fourth Sylow theorems. These theorems state propositions about the number of Sylow p-subgroups of a group and the fact that they are conjugate to each other. The proofs make use of an implementation of group actions and their properties.", "authors": [ "Jakob von Raumer" ], "date": "2014-01-28", - "id": 548, + "id": 549, "link": "/entries/Secondary_Sylow.html", "permalink": "/entries/Secondary_Sylow.html", "shortname": "Secondary_Sylow", "title": "Secondary Sylow Theorems", "topic_links": [ "mathematics/algebra" ], "topics": [ "Mathematics/Algebra" ], "used_by": 1 }, { "abstract": "Tarski's algebra of binary relations is formalised along the lines of the standard textbooks of Maddux and Schmidt and Ströhlein. This includes relation-algebraic concepts such as subidentities, vectors and a domain operation as well as various notions associated to functions. Relation algebras are also expanded by a reflexive transitive closure operation, and they are linked with Kleene algebras and models of binary relations and Boolean matrices.", "authors": [ "Alasdair Armstrong", "Simon Foster", "Georg Struth", "Tjark Weber" ], "date": "2014-01-25", - "id": 549, + "id": 550, "link": "/entries/Relation_Algebra.html", "permalink": "/entries/Relation_Algebra.html", "shortname": "Relation_Algebra", "title": "Relation Algebra", "topic_links": [ "mathematics/algebra" ], "topics": [ "Mathematics/Algebra" ], "used_by": 2 }, { "abstract": "We formalise Kleene algebra with tests (KAT) and demonic refinement algebra (DRA) in Isabelle/HOL. KAT is relevant for program verification and correctness proofs in the partial correctness setting. While DRA targets similar applications in the context of total correctness. Our formalisation contains the two most important models of these algebras: binary relations in the case of KAT and predicate transformers in the case of DRA. In addition, we derive the inference rules for Hoare logic in KAT and its relational model and present a simple formally verified program verification tool prototype based on the algebraic approach.", "authors": [ "Alasdair Armstrong", "Victor B. F. Gomes", "Georg Struth" ], "date": "2014-01-23", - "id": 550, + "id": 551, "link": "/entries/KAT_and_DRA.html", "permalink": "/entries/KAT_and_DRA.html", "shortname": "KAT_and_DRA", "title": "Kleene Algebra with Tests and Demonic Refinement Algebras", "topic_links": [ "computer-science/programming-languages/logics", "computer-science/automata-and-formal-languages", "mathematics/algebra" ], "topics": [ "Computer science/Programming languages/Logics", "Computer science/Automata and formal languages", "Mathematics/Algebra" ], "used_by": 2 }, { "abstract": "The Unified Modeling Language (UML) is one of the few modeling languages that is widely used in industry. While UML is mostly known as diagrammatic modeling language (e.g., visualizing class models), it is complemented by a textual language, called Object Constraint Language (OCL). The current version of OCL is based on a four-valued logic that turns UML into a formal language. Any type comprises the elements \"invalid\" and \"null\" which are propagated as strict and non-strict, respectively. Unfortunately, the former semi-formal semantics of this specification language, captured in the \"Annex A\" of the OCL standard, leads to different interpretations of corner cases. We formalize the core of OCL: denotational definitions, a logical calculus and operational rules that allow for the execution of OCL expressions by a mixture of term rewriting and code compilation. Our formalization reveals several inconsistencies and contradictions in the current version of the OCL standard. Overall, this document is intended to provide the basis for a machine-checked text \"Annex A\" of the OCL standard targeting at tool implementors.", "authors": [ "Achim D. Brucker", "Frédéric Tuong", "Burkhart Wolff" ], "date": "2014-01-16", - "id": 551, + "id": 552, "link": "/entries/Featherweight_OCL.html", "permalink": "/entries/Featherweight_OCL.html", "shortname": "Featherweight_OCL", "title": "Featherweight OCL: A Proposal for a Machine-Checked Formal Semantics for OCL 2.5", "topic_links": [ "computer-science/system-description-languages" ], "topics": [ "Computer science/System description languages" ], "used_by": 0 }, { "abstract": "This paper presents an Isabelle/HOL set of theories which allows the specification of crypto-based components and the verification of their composition properties wrt. cryptographic aspects. We introduce a formalisation of the security property of data secrecy, the corresponding definitions and proofs. Please note that here we import the Isabelle/HOL theory ListExtras.thy, presented in the AFP entry FocusStreamsCaseStudies-AFP.", "authors": [ "Maria Spichkova" ], "date": "2014-01-11", - "id": 552, + "id": 553, "link": "/entries/CryptoBasedCompositionalProperties.html", "permalink": "/entries/CryptoBasedCompositionalProperties.html", "shortname": "CryptoBasedCompositionalProperties", "title": "Compositional Properties of Crypto-Based Components", "topic_links": [ "computer-science/security" ], "topics": [ "Computer science/Security" ], "used_by": 0 }, { "abstract": "Sturm's Theorem states that polynomial sequences with certain properties, so-called Sturm sequences, can be used to count the number of real roots of a real polynomial. This work contains a proof of Sturm's Theorem and code for constructing Sturm sequences efficiently. It also provides the “sturm” proof method, which can decide certain statements about the roots of real polynomials, such as “the polynomial P has exactly n roots in the interval I” or “P(x) \u003e Q(x) for all x \u0026#8712; \u0026#8477;”.", "authors": [ "Manuel Eberl" ], "date": "2014-01-11", - "id": 553, + "id": 554, "link": "/entries/Sturm_Sequences.html", "permalink": "/entries/Sturm_Sequences.html", "shortname": "Sturm_Sequences", "title": "Sturm's Theorem", "topic_links": [ "mathematics/analysis" ], "topics": [ "Mathematics/Analysis" ], "used_by": 4 }, { "abstract": "\u003cp\u003e Tail-recursive function definitions are sometimes more straightforward than alternatives, but proving theorems on them may be roundabout because of the peculiar form of the resulting recursion induction rules. \u003c/p\u003e\u003cp\u003e This paper describes a proof method that provides a general solution to this problem by means of suitable invariants over inductive sets, and illustrates the application of such method by examining two case studies. \u003c/p\u003e", "authors": [ "Pasquale Noce" ], "date": "2013-12-01", - "id": 554, + "id": 555, "link": "/entries/Tail_Recursive_Functions.html", "permalink": "/entries/Tail_Recursive_Functions.html", "shortname": "Tail_Recursive_Functions", "title": "A General Method for the Proof of Theorems on Tail-recursive Functions", "topic_links": [ "computer-science/functional-programming" ], "topics": [ "Computer science/Functional programming" ], "used_by": 0 }, { "abstract": "Gödel's two incompleteness theorems are formalised, following a careful \u003ca href=\"http://journals.impan.gov.pl/dm/Inf/422-0-1.html\"\u003epresentation\u003c/a\u003e by Swierczkowski, in the theory of \u003ca href=\"HereditarilyFinite.html\"\u003ehereditarily finite sets\u003c/a\u003e. This represents the first ever machine-assisted proof of the second incompleteness theorem. Compared with traditional formalisations using Peano arithmetic (see e.g. Boolos), coding is simpler, with no need to formalise the notion of multiplication (let alone that of a prime number) in the formalised calculus upon which the theorem is based. However, other technical problems had to be solved in order to complete the argument.", "authors": [ "Lawrence C. Paulson" ], "date": "2013-11-17", - "id": 555, + "id": 556, "link": "/entries/Incompleteness.html", "permalink": "/entries/Incompleteness.html", "shortname": "Incompleteness", "title": "Gödel's Incompleteness Theorems", "topic_links": [ "logic/proof-theory" ], "topics": [ "Logic/Proof theory" ], "used_by": 2 }, { "abstract": "The theory of hereditarily finite sets is formalised, following the \u003ca href=\"http://journals.impan.gov.pl/dm/Inf/422-0-1.html\"\u003edevelopment\u003c/a\u003e of Swierczkowski. An HF set is a finite collection of other HF sets; they enjoy an induction principle and satisfy all the axioms of ZF set theory apart from the axiom of infinity, which is negated. All constructions that are possible in ZF set theory (Cartesian products, disjoint sums, natural numbers, functions) without using infinite sets are possible here. The definition of addition for the HF sets follows Kirby. This development forms the foundation for the Isabelle proof of Gödel's incompleteness theorems, which has been \u003ca href=\"Incompleteness.html\"\u003eformalised separately\u003c/a\u003e.", "authors": [ "Lawrence C. Paulson" ], "date": "2013-11-17", - "id": 556, + "id": 557, "link": "/entries/HereditarilyFinite.html", "permalink": "/entries/HereditarilyFinite.html", "shortname": "HereditarilyFinite", "title": "The Hereditarily Finite Sets", "topic_links": [ "logic/set-theory" ], "topics": [ "Logic/Set theory" ], "used_by": 4 }, { "abstract": "\u003cp\u003eWe define formal languages as a codataype of infinite trees branching over the alphabet. Each node in such a tree indicates whether the path to this node constitutes a word inside or outside of the language. This codatatype is isormorphic to the set of lists representation of languages, but caters for definitions by corecursion and proofs by coinduction.\u003c/p\u003e \u003cp\u003eRegular operations on languages are then defined by primitive corecursion. A difficulty arises here, since the standard definitions of concatenation and iteration from the coalgebraic literature are not primitively corecursive-they require guardedness up-to union/concatenation. Without support for up-to corecursion, these operation must be defined as a composition of primitive ones (and proved being equal to the standard definitions). As an exercise in coinduction we also prove the axioms of Kleene algebra for the defined regular operations.\u003c/p\u003e \u003cp\u003eFurthermore, a language for context-free grammars given by productions in Greibach normal form and an initial nonterminal is constructed by primitive corecursion, yielding an executable decision procedure for the word problem without further ado.\u003c/p\u003e", "authors": [ "Dmitriy Traytel" ], "date": "2013-11-15", - "id": 557, + "id": 558, "link": "/entries/Coinductive_Languages.html", "permalink": "/entries/Coinductive_Languages.html", "shortname": "Coinductive_Languages", "title": "A Codatatype of Formal Languages", "topic_links": [ "computer-science/automata-and-formal-languages" ], "topics": [ "Computer science/Automata and formal languages" ], "used_by": 1 }, { "abstract": "This set of theories presents an Isabelle/HOL formalisation of stream processing components introduced in Focus, a framework for formal specification and development of interactive systems. This is an extended and updated version of the formalisation, which was elaborated within the methodology \"Focus on Isabelle\". In addition, we also applied the formalisation on three case studies that cover different application areas: process control (Steam Boiler System), data transmission (FlexRay communication protocol), memory and processing components (Automotive-Gateway System).", "authors": [ "Maria Spichkova" ], "date": "2013-11-14", - "id": 558, + "id": 559, "link": "/entries/FocusStreamsCaseStudies.html", "permalink": "/entries/FocusStreamsCaseStudies.html", "shortname": "FocusStreamsCaseStudies", "title": "Stream Processing Components: Isabelle/HOL Formalisation and Case Studies", "topic_links": [ "computer-science/programming-languages/language-definitions" ], "topics": [ "Computer science/Programming languages/Language definitions" ], "used_by": 0 }, { "abstract": "Dana Scott's version of Gödel's proof of God's existence is formalized in quantified modal logic KB (QML KB). QML KB is modeled as a fragment of classical higher-order logic (HOL); thus, the formalization is essentially a formalization in HOL.", "authors": [ "Christoph Benzmüller", "Bruno Woltzenlogel Paleo" ], "date": "2013-11-12", - "id": 559, + "id": 560, "link": "/entries/GoedelGod.html", "permalink": "/entries/GoedelGod.html", "shortname": "GoedelGod", "title": "Gödel's God in Isabelle/HOL", "topic_links": [ "logic/philosophical-aspects" ], "topics": [ "Logic/Philosophical aspects" ], "used_by": 0 }, { "abstract": "This theory contains a formalization of decreasing diagrams showing that any locally decreasing abstract rewrite system is confluent. We consider the valley (van Oostrom, TCS 1994) and the conversion version (van Oostrom, RTA 2008) and closely follow the original proofs. As an application we prove Newman's lemma.", "authors": [ "Harald Zankl" ], "date": "2013-11-01", - "id": 560, + "id": 561, "link": "/entries/Decreasing-Diagrams.html", "permalink": "/entries/Decreasing-Diagrams.html", "shortname": "Decreasing-Diagrams", "title": "Decreasing Diagrams", "topic_links": [ "logic/rewriting" ], "topics": [ "Logic/Rewriting" ], "used_by": 0 }, { "abstract": "We present the Autoref tool for Isabelle/HOL, which automatically refines algorithms specified over abstract concepts like maps and sets to algorithms over concrete implementations like red-black-trees, and produces a refinement theorem. It is based on ideas borrowed from relational parametricity due to Reynolds and Wadler. The tool allows for rapid prototyping of verified, executable algorithms. Moreover, it can be configured to fine-tune the result to the user~s needs. Our tool is able to automatically instantiate generic algorithms, which greatly simplifies the implementation of executable data structures. \u003cp\u003e This AFP-entry provides the basic tool, which is then used by the Refinement and Collection Framework to provide automatic data refinement for the nondeterminism monad and various collection datastructures.", "authors": [ "Peter Lammich" ], "date": "2013-10-02", - "id": 561, + "id": 562, "link": "/entries/Automatic_Refinement.html", "permalink": "/entries/Automatic_Refinement.html", "shortname": "Automatic_Refinement", "title": "Automatic Data Refinement", "topic_links": [ "computer-science/programming-languages/logics" ], "topics": [ "Computer science/Programming languages/Logics" ], "used_by": 10 }, { "abstract": "This entry makes machine words and machine arithmetic available for code generation from Isabelle/HOL. It provides a common abstraction that hides the differences between the different target languages. The code generator maps these operations to the APIs of the target languages. Apart from that, we extend the available bit operations on types int and integer, and map them to the operations in the target languages.", "authors": [ "Andreas Lochbihler" ], "date": "2013-09-17", - "id": 562, + "id": 563, "link": "/entries/Native_Word.html", "permalink": "/entries/Native_Word.html", "shortname": "Native_Word", "title": "Native Word", "topic_links": [ "computer-science/data-structures" ], "topics": [ "Computer science/Data structures" ], "used_by": 10 }, { "abstract": "This development provides a formal model of IEEE-754 floating-point arithmetic. This formalization, including formal specification of the standard and proofs of important properties of floating-point arithmetic, forms the foundation for verifying programs with floating-point computation. There is also a code generation setup for floats so that we can execute programs using this formalization in functional programming languages.", "authors": [ "Lei Yu" ], "date": "2013-07-27", - "id": 563, + "id": 564, "link": "/entries/IEEE_Floating_Point.html", "permalink": "/entries/IEEE_Floating_Point.html", "shortname": "IEEE_Floating_Point", "title": "A Formal Model of IEEE Floating Point Arithmetic", "topic_links": [ "computer-science/data-structures" ], "topics": [ "Computer science/Data structures" ], "used_by": 2 }, { "abstract": "In 1927, Lehmer presented criterions for primality, based on the converse of Fermat's litte theorem. This work formalizes the second criterion from Lehmer's paper, a necessary and sufficient condition for primality. \u003cp\u003e As a side product we formalize some properties of Euler's phi-function, the notion of the order of an element of a group, and the cyclicity of the multiplicative group of a finite field.", "authors": [ "Simon Wimmer", "Lars Noschinski" ], "date": "2013-07-22", - "id": 564, + "id": 565, "link": "/entries/Lehmer.html", "permalink": "/entries/Lehmer.html", "shortname": "Lehmer", "title": "Lehmer's Theorem", "topic_links": [ "mathematics/number-theory" ], "topics": [ "Mathematics/Number theory" ], "used_by": 1 }, { "abstract": "In 1975, Pratt introduced a proof system for certifying primes. He showed that a number \u003ci\u003ep\u003c/i\u003e is prime iff a primality certificate for \u003ci\u003ep\u003c/i\u003e exists. By showing a logarithmic upper bound on the length of the certificates in size of the prime number, he concluded that the decision problem for prime numbers is in NP. This work formalizes soundness and completeness of Pratt's proof system as well as an upper bound for the size of the certificate.", "authors": [ "Simon Wimmer", "Lars Noschinski" ], "date": "2013-07-22", - "id": 565, + "id": 566, "link": "/entries/Pratt_Certificate.html", "permalink": "/entries/Pratt_Certificate.html", "shortname": "Pratt_Certificate", "title": "Pratt's Primality Certificates", "topic_links": [ "mathematics/number-theory" ], "topics": [ "Mathematics/Number theory" ], "used_by": 2 }, { "abstract": "This development provides a formalization of undirected graphs and simple graphs, which are based on Benedikt Nordhoff and Peter Lammich's simple formalization of labelled directed graphs in the archive. Then, with our formalization of graphs, we show both necessary and sufficient conditions for Eulerian trails and circuits as well as the fact that the Königsberg Bridge Problem does not have a solution. In addition, we show the Friendship Theorem in simple graphs.", "authors": [ "Wenda Li" ], "date": "2013-07-19", - "id": 566, + "id": 567, "link": "/entries/Koenigsberg_Friendship.html", "permalink": "/entries/Koenigsberg_Friendship.html", "shortname": "Koenigsberg_Friendship", "title": "The Königsberg Bridge Problem and the Friendship Theorem", "topic_links": [ "mathematics/graph-theory" ], "topics": [ "Mathematics/Graph theory" ], "used_by": 0 }, { "abstract": "This is a formalization of the soundness and completeness properties for various efficient encodings of sorts in unsorted first-order logic used by Isabelle's Sledgehammer tool. \u003cp\u003e Essentially, the encodings proceed as follows: a many-sorted problem is decorated with (as few as possible) tags or guards that make the problem monotonic; then sorts can be soundly erased. \u003cp\u003e The development employs a formalization of many-sorted first-order logic in clausal form (clauses, structures and the basic properties of the satisfaction relation), which could be of interest as the starting point for other formalizations of first-order logic metatheory.", "authors": [ "Jasmin Christian Blanchette", "Andrei Popescu" ], "date": "2013-06-27", - "id": 567, + "id": 568, "link": "/entries/Sort_Encodings.html", "permalink": "/entries/Sort_Encodings.html", "shortname": "Sort_Encodings", "title": "Sound and Complete Sort Encodings for First-Order Logic", "topic_links": [ "logic/general-logic/mechanization-of-proofs" ], "topics": [ "Logic/General logic/Mechanization of proofs" ], "used_by": 0 }, { "abstract": "This theory is split into two sections. In the first section, we give a formal proof that a well-known axiomatic characterization of the single-source shortest path problem is correct. Namely, we prove that in a directed graph with a non-negative cost function on the edges the single-source shortest path function is the only function that satisfies a set of four axioms. In the second section, we give a formal proof of the correctness of an axiomatic characterization of the single-source shortest path problem for directed graphs with general cost functions. The axioms here are more involved because we have to account for potential negative cycles in the graph. The axioms are summarized in three Isabelle locales.", "authors": [ "Christine Rizkallah" ], "date": "2013-05-22", - "id": 568, + "id": 569, "link": "/entries/ShortestPath.html", "permalink": "/entries/ShortestPath.html", "shortname": "ShortestPath", "title": "An Axiomatic Characterization of the Single-Source Shortest Path Problem", "topic_links": [ "mathematics/graph-theory" ], "topics": [ "Mathematics/Graph theory" ], "used_by": 0 }, { "abstract": "This development provides a formalization of directed graphs, supporting (labelled) multi-edges and infinite graphs. A polymorphic edge type allows edges to be treated as pairs of vertices, if multi-edges are not required. Formalized properties are i.a. walks (and related concepts), connectedness and subgraphs and basic properties of isomorphisms. \u003cp\u003e This formalization is used to prove characterizations of Euler Trails, Shortest Paths and Kuratowski subgraphs.", "authors": [ "Lars Noschinski" ], "date": "2013-04-28", - "id": 569, + "id": 570, "link": "/entries/Graph_Theory.html", "permalink": "/entries/Graph_Theory.html", "shortname": "Graph_Theory", "title": "Graph Theory", "topic_links": [ "mathematics/graph-theory" ], "topics": [ "Mathematics/Graph theory" ], "used_by": 4 }, { "abstract": "This development provides a framework for container types like sets and maps such that generated code implements these containers with different (efficient) data structures. Thanks to type classes and refinement during code generation, this light-weight approach can seamlessly replace Isabelle's default setup for code generation. Heuristics automatically pick one of the available data structures depending on the type of elements to be stored, but users can also choose on their own. The extensible design permits to add more implementations at any time. \u003cp\u003e To support arbitrary nesting of sets, we define a linear order on sets based on a linear order of the elements and provide efficient implementations. It even allows to compare complements with non-complements.", "authors": [ "Andreas Lochbihler" ], "date": "2013-04-15", - "id": 570, + "id": 571, "link": "/entries/Containers.html", "permalink": "/entries/Containers.html", "shortname": "Containers", "title": "Light-weight Containers", "topic_links": [ "computer-science/data-structures" ], "topics": [ "Computer science/Data structures" ], "used_by": 8 }, { "abstract": "\u003cp\u003eDealing with binders, renaming of bound variables, capture-avoiding substitution, etc., is very often a major problem in formal proofs, especially in proofs by structural and rule induction. Nominal Isabelle is designed to make such proofs easy to formalise: it provides an infrastructure for declaring nominal datatypes (that is alpha-equivalence classes) and for defining functions over them by structural recursion. It also provides induction principles that have Barendregt’s variable convention already built in. \u003c/p\u003e\u003cp\u003e This entry can be used as a more advanced replacement for HOL/Nominal in the Isabelle distribution. \u003c/p\u003e", "authors": [ "Christian Urban", "Stefan Berghofer", "Cezary Kaliszyk" ], "date": "2013-02-21", - "id": 571, + "id": 572, "link": "/entries/Nominal2.html", "permalink": "/entries/Nominal2.html", "shortname": "Nominal2", "title": "Nominal 2", "topic_links": [ "tools" ], "topics": [ "Tools" ], "used_by": 8 }, { "abstract": "In his seminal paper \"Natural Semantics for Lazy Evaluation\", John Launchbury proves his semantics correct with respect to a denotational semantics, and outlines an adequacy proof. We have formalized both semantics and machine-checked the correctness proof, clarifying some details. Furthermore, we provide a new and more direct adequacy proof that does not require intermediate operational semantics.", "authors": [ "Joachim Breitner" ], "date": "2013-01-31", - "id": 572, + "id": 573, "link": "/entries/Launchbury.html", "permalink": "/entries/Launchbury.html", "shortname": "Launchbury", "title": "The Correctness of Launchbury's Natural Semantics for Lazy Evaluation", "topic_links": [ "computer-science/programming-languages/lambda-calculi", "computer-science/semantics-and-reasoning" ], "topics": [ "Computer science/Programming languages/Lambda calculi", "Computer science/Semantics and reasoning" ], "used_by": 1 }, { "abstract": "This document concerns the theory of ribbon proofs: a diagrammatic proof system, based on separation logic, for verifying program correctness. We include the syntax, proof rules, and soundness results for two alternative formalisations of ribbon proofs. \u003cp\u003e Compared to traditional proof outlines, ribbon proofs emphasise the structure of a proof, so are intelligible and pedagogical. Because they contain less redundancy than proof outlines, and allow each proof step to be checked locally, they may be more scalable. Where proof outlines are cumbersome to modify, ribbon proofs can be visually manoeuvred to yield proofs of variant programs.", "authors": [ "John Wickerson" ], "date": "2013-01-19", - "id": 573, + "id": 574, "link": "/entries/Ribbon_Proofs.html", "permalink": "/entries/Ribbon_Proofs.html", "shortname": "Ribbon_Proofs", "title": "Ribbon Proofs", "topic_links": [ "computer-science/programming-languages/logics" ], "topics": [ "Computer science/Programming languages/Logics" ], "used_by": 0 }, { "abstract": "In this contribution, we present some formalizations based on the HOL-Multivariate-Analysis session of Isabelle. Firstly, a generalization of several theorems of such library are presented. Secondly, some definitions and proofs involving Linear Algebra and the four fundamental subspaces of a matrix are shown. Finally, we present a proof of the result known in Linear Algebra as the ``Rank-Nullity Theorem'', which states that, given any linear map f from a finite dimensional vector space V to a vector space W, then the dimension of V is equal to the dimension of the kernel of f (which is a subspace of V) and the dimension of the range of f (which is a subspace of W). The proof presented here is based on the one given by Sheldon Axler in his book \u003ci\u003eLinear Algebra Done Right\u003c/i\u003e. As a corollary of the previous theorem, and taking advantage of the relationship between linear maps and matrices, we prove that, for every matrix A (which has associated a linear map between finite dimensional vector spaces), the sum of its null space and its column space (which is equal to the range of the linear map) is equal to the number of columns of A.", "authors": [ "Jose Divasón", "Jesús Aransay" ], "date": "2013-01-16", - "id": 574, + "id": 575, "link": "/entries/Rank_Nullity_Theorem.html", "permalink": "/entries/Rank_Nullity_Theorem.html", "shortname": "Rank_Nullity_Theorem", "title": "Rank-Nullity Theorem in Linear Algebra", "topic_links": [ "mathematics/algebra" ], "topics": [ "Mathematics/Algebra" ], "used_by": 4 }, { "abstract": "These files contain a formalisation of variants of Kleene algebras and their most important models as axiomatic type classes in Isabelle/HOL. Kleene algebras are foundational structures in computing with applications ranging from automata and language theory to computational modeling, program construction and verification. \u003cp\u003e We start with formalising dioids, which are additively idempotent semirings, and expand them by axiomatisations of the Kleene star for finite iteration and an omega operation for infinite iteration. We show that powersets over a given monoid, (regular) languages, sets of paths in a graph, sets of computation traces, binary relations and formal power series form Kleene algebras, and consider further models based on lattices, max-plus semirings and min-plus semirings. We also demonstrate that dioids are closed under the formation of matrices (proofs for Kleene algebras remain to be completed). \u003cp\u003e On the one hand we have aimed at a reference formalisation of variants of Kleene algebras that covers a wide range of variants and the core theorems in a structured and modular way and provides readable proofs at text book level. On the other hand, we intend to use this algebraic hierarchy and its models as a generic algebraic middle-layer from which programming applications can quickly be explored, implemented and verified.", "authors": [ "Alasdair Armstrong", "Georg Struth", "Tjark Weber" ], "date": "2013-01-15", - "id": 575, + "id": 576, "link": "/entries/Kleene_Algebra.html", "permalink": "/entries/Kleene_Algebra.html", "shortname": "Kleene_Algebra", "title": "Kleene Algebra", "topic_links": [ "computer-science/programming-languages/logics", "computer-science/automata-and-formal-languages", "mathematics/algebra" ], "topics": [ "Computer science/Programming languages/Logics", "Computer science/Automata and formal languages", "Mathematics/Algebra" ], "used_by": 6 }, { "abstract": "We implement the Babylonian method to compute n-th roots of numbers. We provide precise algorithms for naturals, integers and rationals, and offer an approximation algorithm for square roots over linear ordered fields. Moreover, there are precise algorithms to compute the floor and the ceiling of n-th roots.", "authors": [ "René Thiemann" ], "date": "2013-01-03", - "id": 576, + "id": 577, "link": "/entries/Sqrt_Babylonian.html", "permalink": "/entries/Sqrt_Babylonian.html", "shortname": "Sqrt_Babylonian", "title": "Computing N-th Roots using the Babylonian Method", "topic_links": [ "mathematics/analysis" ], "topics": [ "Mathematics/Analysis" ], "used_by": 4 }, { "abstract": "We provide a framework for separation-logic based correctness proofs of Imperative HOL programs. Our framework comes with a set of proof methods to automate canonical tasks such as verification condition generation and frame inference. Moreover, we provide a set of examples that show the applicability of our framework. The examples include algorithms on lists, hash-tables, and union-find trees. We also provide abstract interfaces for lists, maps, and sets, that allow to develop generic imperative algorithms and use data-refinement techniques. \u003cbr\u003e As we target Imperative HOL, our programs can be translated to efficiently executable code in various target languages, including ML, OCaml, Haskell, and Scala.", "authors": [ "Peter Lammich", "Rene Meis" ], "date": "2012-11-14", - "id": 577, + "id": 578, "link": "/entries/Separation_Logic_Imperative_HOL.html", "permalink": "/entries/Separation_Logic_Imperative_HOL.html", "shortname": "Separation_Logic_Imperative_HOL", "title": "A Separation Logic Framework for Imperative HOL", "topic_links": [ "computer-science/programming-languages/logics" ], "topics": [ "Computer science/Programming languages/Logics" ], "used_by": 2 }, { "abstract": "A proof of the open induction schema based on J.-C. Raoult, Proving open properties by induction, \u003ci\u003eInformation Processing Letters\u003c/i\u003e 29, 1988, pp.19-23. \u003cp\u003eThis research was supported by the Austrian Science Fund (FWF): J3202.\u003c/p\u003e", "authors": [ "Mizuhito Ogawa", "Christian Sternagel" ], "date": "2012-11-02", - "id": 578, + "id": 579, "link": "/entries/Open_Induction.html", "permalink": "/entries/Open_Induction.html", "shortname": "Open_Induction", "title": "Open Induction", "topic_links": [ "mathematics/combinatorics" ], "topics": [ "Mathematics/Combinatorics" ], "used_by": 4 }, { "abstract": "Tarski's axioms of plane geometry are formalized and, using the standard real Cartesian model, shown to be consistent. A substantial theory of the projective plane is developed. Building on this theory, the Klein-Beltrami model of the hyperbolic plane is defined and shown to satisfy all of Tarski's axioms except his Euclidean axiom; thus Tarski's Euclidean axiom is shown to be independent of his other axioms of plane geometry. \u003cp\u003e An earlier version of this work was the subject of the author's \u003ca href=\"http://researcharchive.vuw.ac.nz/handle/10063/2315\"\u003eMSc thesis\u003c/a\u003e, which contains natural-language explanations of some of the more interesting proofs.", "authors": [ "T. J. M. Makarios" ], "date": "2012-10-30", - "id": 579, + "id": 580, "link": "/entries/Tarskis_Geometry.html", "permalink": "/entries/Tarskis_Geometry.html", "shortname": "Tarskis_Geometry", "title": "The independence of Tarski's Euclidean axiom", "topic_links": [ "mathematics/geometry" ], "topics": [ "Mathematics/Geometry" ], "used_by": 0 }, { "abstract": "A proof of Bondy's theorem following B. Bollabas, Combinatorics, 1986, Cambridge University Press.", "authors": [ "Jeremy Avigad", "Stefan Hetzl" ], "date": "2012-10-27", - "id": 580, + "id": 581, "link": "/entries/Bondy.html", "permalink": "/entries/Bondy.html", "shortname": "Bondy", "title": "Bondy's Theorem", "topic_links": [ "mathematics/combinatorics" ], "topics": [ "Mathematics/Combinatorics" ], "used_by": 0 }, { "abstract": "We formalize a wide variety of Volpano/Smith-style noninterference notions for a while language with parallel composition. We systematize and classify these notions according to compositionality w.r.t. the language constructs. Compositionality yields sound syntactic criteria (a.k.a. type systems) in a uniform way. \u003cp\u003e An \u003ca href=\"http://www21.in.tum.de/~nipkow/pubs/cpp12.html\"\u003earticle\u003c/a\u003e about these proofs is published in the proceedings of the conference Certified Programs and Proofs 2012.", "authors": [ "Andrei Popescu", "Johannes Hölzl" ], "date": "2012-09-10", - "id": 581, + "id": 582, "link": "/entries/Possibilistic_Noninterference.html", "permalink": "/entries/Possibilistic_Noninterference.html", "shortname": "Possibilistic_Noninterference", "title": "Possibilistic Noninterference", "topic_links": [ "computer-science/security", "computer-science/programming-languages/type-systems" ], "topics": [ "Computer science/Security", "Computer science/Programming languages/Type systems" ], "used_by": 0 }, { "abstract": "We provide a framework for registering automatic methods to derive class instances of datatypes, as it is possible using Haskell's ``deriving Ord, Show, ...'' feature. \u003cp\u003e We further implemented such automatic methods to derive (linear) orders or hash-functions which are required in the Isabelle Collection Framework. Moreover, for the tactic of Huffman and Krauss to show that a datatype is countable, we implemented a wrapper so that this tactic becomes accessible in our framework. \u003cp\u003e Our formalization was performed as part of the \u003ca href=\"http://cl-informatik.uibk.ac.at/software/ceta\"\u003eIsaFoR/CeTA\u003c/a\u003e project. With our new tactic we could completely remove tedious proofs for linear orders of two datatypes. \u003cp\u003e This development is aimed at datatypes generated by the \"old_datatype\" command.", "authors": [ "René Thiemann" ], "date": "2012-08-07", - "id": 582, + "id": 583, "link": "/entries/Datatype_Order_Generator.html", "permalink": "/entries/Datatype_Order_Generator.html", "shortname": "Datatype_Order_Generator", "title": "Generating linear orders for datatypes", "topic_links": [ "computer-science/data-structures" ], "topics": [ "Computer science/Data structures" ], "used_by": 4 }, { "abstract": "Squaring the circle, doubling the cube and trisecting an angle, using a compass and straightedge alone, are classic unsolved problems first posed by the ancient Greeks. All three problems were proved to be impossible in the 19th century. The following document presents the proof of the impossibility of solving the latter two problems using Isabelle/HOL, following a proof by Carrega. The proof uses elementary methods: no Galois theory or field extensions. The set of points constructible using a compass and straightedge is defined inductively. Radical expressions, which involve only square roots and arithmetic of rational numbers, are defined, and we find that all constructive points have radical coordinates. Finally, doubling the cube and trisecting certain angles requires solving certain cubic equations that can be proved to have no rational roots. The Isabelle proofs require a great many detailed calculations.", "authors": [ "Ralph Romanos", "Lawrence C. Paulson" ], "date": "2012-08-05", - "id": 583, + "id": 584, "link": "/entries/Impossible_Geometry.html", "permalink": "/entries/Impossible_Geometry.html", "shortname": "Impossible_Geometry", "title": "Proving the Impossibility of Trisecting an Angle and Doubling the Cube", "topic_links": [ "mathematics/algebra", "mathematics/geometry" ], "topics": [ "Mathematics/Algebra", "Mathematics/Geometry" ], "used_by": 0 }, { "abstract": "Distributed computing is inherently based on replication, promising increased tolerance to failures of individual computing nodes or communication channels. Realizing this promise, however, involves quite subtle algorithmic mechanisms, and requires precise statements about the kinds and numbers of faults that an algorithm tolerates (such as process crashes, communication faults or corrupted values). The landmark theorem due to Fischer, Lynch, and Paterson shows that it is impossible to achieve Consensus among N asynchronously communicating nodes in the presence of even a single permanent failure. Existing solutions must rely on assumptions of \"partial synchrony\". \u003cp\u003e Indeed, there have been numerous misunderstandings on what exactly a given algorithm is supposed to realize in what kinds of environments. Moreover, the abundance of subtly different computational models complicates comparisons between different algorithms. Charron-Bost and Schiper introduced the Heard-Of model for representing algorithms and failure assumptions in a uniform framework, simplifying comparisons between algorithms. \u003cp\u003e In this contribution, we represent the Heard-Of model in Isabelle/HOL. We define two semantics of runs of algorithms with different unit of atomicity and relate these through a reduction theorem that allows us to verify algorithms in the coarse-grained semantics (where proofs are easier) and infer their correctness for the fine-grained one (which corresponds to actual executions). We instantiate the framework by verifying six Consensus algorithms that differ in the underlying algorithmic mechanisms and the kinds of faults they tolerate.", "authors": [ "Henri Debrat", "Stephan Merz" ], "date": "2012-07-27", - "id": 584, + "id": 585, "link": "/entries/Heard_Of.html", "permalink": "/entries/Heard_Of.html", "shortname": "Heard_Of", "title": "Verifying Fault-Tolerant Distributed Algorithms in the Heard-Of Model", "topic_links": [ "computer-science/algorithms/distributed" ], "topics": [ "Computer science/Algorithms/Distributed" ], "used_by": 1 }, { "abstract": "We apply Andy Pitts's methods of defining relations over domains to several classical results in the literature. We show that the Y combinator coincides with the domain-theoretic fixpoint operator, that parallel-or and the Plotkin existential are not definable in PCF, that the continuation semantics for PCF coincides with the direct semantics, and that our domain-theoretic semantics for PCF is adequate for reasoning about contextual equivalence in an operational semantics. Our version of PCF is untyped and has both strict and non-strict function abstractions. The development is carried out in HOLCF.", "authors": [ "Peter Gammie" ], "date": "2012-07-01", - "id": 585, + "id": 586, "link": "/entries/PCF.html", "permalink": "/entries/PCF.html", "shortname": "PCF", "title": "Logical Relations for PCF", "topic_links": [ "computer-science/programming-languages/lambda-calculi" ], "topics": [ "Computer science/Programming languages/Lambda calculi" ], "used_by": 0 }, { "abstract": "These theories contain a formalization of first class type constructors and axiomatic constructor classes for HOLCF. This work is described in detail in the ICFP 2012 paper \u003ci\u003eFormal Verification of Monad Transformers\u003c/i\u003e by the author. The formalization is a revised and updated version of earlier joint work with Matthews and White. \u003cP\u003e Based on the hierarchy of type classes in Haskell, we define classes for functors, monads, monad-plus, etc. Each one includes all the standard laws as axioms. We also provide a new user command, tycondef, for defining new type constructors in HOLCF. Using tycondef, we instantiate the type class hierarchy with various monads and monad transformers.", "authors": [ "Brian Huffman" ], "date": "2012-06-26", - "id": 586, + "id": 587, "link": "/entries/Tycon.html", "permalink": "/entries/Tycon.html", "shortname": "Tycon", "title": "Type Constructor Classes and Monad Transformers", "topic_links": [ "computer-science/functional-programming" ], "topics": [ "Computer science/Functional programming" ], "used_by": 0 }, { "abstract": "We formalise a large portion of CCS as described in Milner's book 'Communication and Concurrency' using the nominal datatype package in Isabelle. Our results include many of the standard theorems of bisimulation equivalence and congruence, for both weak and strong versions. One main goal of this formalisation is to keep the machine-checked proofs as close to their pen-and-paper counterpart as possible. \u003cp\u003e This entry is described in detail in \u003ca href=\"http://www.itu.dk/people/jebe/files/thesis.pdf\"\u003eBengtson's thesis\u003c/a\u003e.", "authors": [ "Jesper Bengtson" ], "date": "2012-05-29", - "id": 587, + "id": 588, "link": "/entries/CCS.html", "permalink": "/entries/CCS.html", "shortname": "CCS", "title": "CCS in nominal logic", "topic_links": [ "computer-science/concurrency/process-calculi" ], "topics": [ "Computer science/Concurrency/Process calculi" ], "used_by": 0 }, { "abstract": "Psi-calculi are extensions of the pi-calculus, accommodating arbitrary nominal datatypes to represent not only data but also communication channels, assertions and conditions, giving it an expressive power beyond the applied pi-calculus and the concurrent constraint pi-calculus. \u003cp\u003e We have formalised psi-calculi in the interactive theorem prover Isabelle using its nominal datatype package. One distinctive feature is that the framework needs to treat binding sequences, as opposed to single binders, in an efficient way. While different methods for formalising single binder calculi have been proposed over the last decades, representations for such binding sequences are not very well explored. \u003cp\u003e The main effort in the formalisation is to keep the machine checked proofs as close to their pen-and-paper counterparts as possible. This includes treating all binding sequences as atomic elements, and creating custom induction and inversion rules that to remove the bulk of manual alpha-conversions. \u003cp\u003e This entry is described in detail in \u003ca href=\"http://www.itu.dk/people/jebe/files/thesis.pdf\"\u003eBengtson's thesis\u003c/a\u003e.", "authors": [ "Jesper Bengtson" ], "date": "2012-05-29", - "id": 588, + "id": 589, "link": "/entries/Psi_Calculi.html", "permalink": "/entries/Psi_Calculi.html", "shortname": "Psi_Calculi", "title": "Psi-calculi in Isabelle", "topic_links": [ "computer-science/concurrency/process-calculi" ], "topics": [ "Computer science/Concurrency/Process calculi" ], "used_by": 0 }, { "abstract": "We formalise the pi-calculus using the nominal datatype package, based on ideas from the nominal logic by Pitts et al., and demonstrate an implementation in Isabelle/HOL. The purpose is to derive powerful induction rules for the semantics in order to conduct machine checkable proofs, closely following the intuitive arguments found in manual proofs. In this way we have covered many of the standard theorems of bisimulation equivalence and congruence, both late and early, and both strong and weak in a uniform manner. We thus provide one of the most extensive formalisations of a the pi-calculus ever done inside a theorem prover. \u003cp\u003e A significant gain in our formulation is that agents are identified up to alpha-equivalence, thereby greatly reducing the arguments about bound names. This is a normal strategy for manual proofs about the pi-calculus, but that kind of hand waving has previously been difficult to incorporate smoothly in an interactive theorem prover. We show how the nominal logic formalism and its support in Isabelle accomplishes this and thus significantly reduces the tedium of conducting completely formal proofs. This improves on previous work using weak higher order abstract syntax since we do not need extra assumptions to filter out exotic terms and can keep all arguments within a familiar first-order logic. \u003cp\u003e This entry is described in detail in \u003ca href=\"http://www.itu.dk/people/jebe/files/thesis.pdf\"\u003eBengtson's thesis\u003c/a\u003e.", "authors": [ "Jesper Bengtson" ], "date": "2012-05-29", - "id": 589, + "id": 590, "link": "/entries/Pi_Calculus.html", "permalink": "/entries/Pi_Calculus.html", "shortname": "Pi_Calculus", "title": "The pi-calculus in nominal logic", "topic_links": [ "computer-science/concurrency/process-calculi" ], "topics": [ "Computer science/Concurrency/Process calculi" ], "used_by": 0 }, { "abstract": "The Circus specification language combines elements for complex data and behavior specifications, using an integration of Z and CSP with a refinement calculus. Its semantics is based on Hoare and He's Unifying Theories of Programming (UTP). Isabelle/Circus is a formalization of the UTP and the Circus language in Isabelle/HOL. It contains proof rules and tactic support that allows for proofs of refinement for Circus processes (involving both data and behavioral aspects). \u003cp\u003e The Isabelle/Circus environment supports a syntax for the semantic definitions which is close to textbook presentations of Circus. This article contains an extended version of corresponding VSTTE Paper together with the complete formal development of its underlying commented theories.", "authors": [ "Abderrahmane Feliachi", "Burkhart Wolff", "Marie-Claude Gaudel" ], "date": "2012-05-27", - "id": 590, + "id": 591, "link": "/entries/Circus.html", "permalink": "/entries/Circus.html", "shortname": "Circus", "title": "Isabelle/Circus", "topic_links": [ "computer-science/concurrency/process-calculi", "computer-science/system-description-languages" ], "topics": [ "Computer science/Concurrency/Process calculi", "Computer science/System description languages" ], "used_by": 0 }, { "abstract": "We present a generic type class implementation of separation algebra for Isabelle/HOL as well as lemmas and generic tactics which can be used directly for any instantiation of the type class. \u003cP\u003e The ex directory contains example instantiations that include structures such as a heap or virtual memory. \u003cP\u003e The abstract separation algebra is based upon \"Abstract Separation Logic\" by Calcagno et al. These theories are also the basis of the ITP 2012 rough diamond \"Mechanised Separation Algebra\" by the authors. \u003cP\u003e The aim of this work is to support and significantly reduce the effort for future separation logic developments in Isabelle/HOL by factoring out the part of separation logic that can be treated abstractly once and for all. This includes developing typical default rule sets for reasoning as well as automated tactic support for separation logic.", "authors": [ "Gerwin Klein", "Rafal Kolanski", "Andrew Boyton" ], "date": "2012-05-11", - "id": 591, + "id": 592, "link": "/entries/Separation_Algebra.html", "permalink": "/entries/Separation_Algebra.html", "shortname": "Separation_Algebra", "title": "Separation Algebra", "topic_links": [ "computer-science/programming-languages/logics" ], "topics": [ "Computer science/Programming languages/Logics" ], "used_by": 2 }, { "abstract": "\u003cp\u003eTwo omega-sequences are stuttering equivalent if they differ only by finite repetitions of elements. Stuttering equivalence is a fundamental concept in the theory of concurrent and distributed systems. Notably, Lamport argues that refinement notions for such systems should be insensitive to finite stuttering. Peled and Wilke showed that all PLTL (propositional linear-time temporal logic) properties that are insensitive to stuttering equivalence can be expressed without the next-time operator. Stuttering equivalence is also important for certain verification techniques such as partial-order reduction for model checking.\u003c/p\u003e \u003cp\u003eWe formalize stuttering equivalence in Isabelle/HOL. Our development relies on the notion of stuttering sampling functions that may skip blocks of identical sequence elements. We also encode PLTL and prove the theorem due to Peled and Wilke.\u003c/p\u003e", "authors": [ "Stephan Merz" ], "date": "2012-05-07", - "id": 592, + "id": 593, "link": "/entries/Stuttering_Equivalence.html", "permalink": "/entries/Stuttering_Equivalence.html", "shortname": "Stuttering_Equivalence", "title": "Stuttering Equivalence", "topic_links": [ "computer-science/automata-and-formal-languages" ], "topics": [ "Computer science/Automata and formal languages" ], "used_by": 5 }, { "abstract": "This document contains the full theory files accompanying article \u003ci\u003eInductive Study of Confidentiality --- for Everyone\u003c/i\u003e in \u003ci\u003eFormal Aspects of Computing\u003c/i\u003e. They aim at an illustrative and didactic presentation of the Inductive Method of protocol analysis, focusing on the treatment of one of the main goals of security protocols: confidentiality against a threat model. The treatment of confidentiality, which in fact forms a key aspect of all protocol analysis tools, has been found cryptic by many learners of the Inductive Method, hence the motivation for this work. The theory files in this document guide the reader step by step towards design and proof of significant confidentiality theorems. These are developed against two threat models, the standard Dolev-Yao and a more audacious one, the General Attacker, which turns out to be particularly useful also for teaching purposes.", "authors": [ "Giampaolo Bella" ], "date": "2012-05-02", - "id": 593, + "id": 594, "link": "/entries/Inductive_Confidentiality.html", "permalink": "/entries/Inductive_Confidentiality.html", "shortname": "Inductive_Confidentiality", "title": "Inductive Study of Confidentiality", "topic_links": [ "computer-science/security" ], "topics": [ "Computer science/Security" ], "used_by": 0 }, { "abstract": "\u003cp\u003eSession Ordinary-Differential-Equations formalizes ordinary differential equations (ODEs) and initial value problems. This work comprises proofs for local and global existence of unique solutions (Picard-Lindelöf theorem). Moreover, it contains a formalization of the (continuous or even differentiable) dependency of the flow on initial conditions as the \u003ci\u003eflow\u003c/i\u003e of ODEs.\u003c/p\u003e \u003cp\u003e Not in the generated document are the following sessions: \u003cul\u003e \u003cli\u003e HOL-ODE-Numerics: Rigorous numerical algorithms for computing enclosures of solutions based on Runge-Kutta methods and affine arithmetic. Reachability analysis with splitting and reduction at hyperplanes.\u003c/li\u003e \u003cli\u003e HOL-ODE-Examples: Applications of the numerical algorithms to concrete systems of ODEs.\u003c/li\u003e \u003cli\u003e Lorenz_C0, Lorenz_C1: Verified algorithms for checking C1-information according to Tucker's proof, computation of C0-information.\u003c/li\u003e \u003c/ul\u003e \u003c/p\u003e", "authors": [ "Fabian Immler", "Johannes Hölzl" ], "date": "2012-04-26", - "id": 594, + "id": 595, "link": "/entries/Ordinary_Differential_Equations.html", "permalink": "/entries/Ordinary_Differential_Equations.html", "shortname": "Ordinary_Differential_Equations", "title": "Ordinary Differential Equations", "topic_links": [ "mathematics/analysis" ], "topics": [ "Mathematics/Analysis" ], "used_by": 3 }, { "abstract": "Based on Isabelle/HOL's type class for preorders, we introduce a type class for well-quasi-orders (wqo) which is characterized by the absence of \"bad\" sequences (our proofs are along the lines of the proof of Nash-Williams, from which we also borrow terminology). Our main results are instantiations for the product type, the list type, and a type of finite trees, which (almost) directly follow from our proofs of (1) Dickson's Lemma, (2) Higman's Lemma, and (3) Kruskal's Tree Theorem. More concretely: \u003cul\u003e \u003cli\u003eIf the sets A and B are wqo then their Cartesian product is wqo.\u003c/li\u003e \u003cli\u003eIf the set A is wqo then the set of finite lists over A is wqo.\u003c/li\u003e \u003cli\u003eIf the set A is wqo then the set of finite trees over A is wqo.\u003c/li\u003e \u003c/ul\u003e The research was funded by the Austrian Science Fund (FWF): J3202.", "authors": [ "Christian Sternagel" ], "date": "2012-04-13", - "id": 595, + "id": 596, "link": "/entries/Well_Quasi_Orders.html", "permalink": "/entries/Well_Quasi_Orders.html", "shortname": "Well_Quasi_Orders", "title": "Well-Quasi-Orders", "topic_links": [ "mathematics/combinatorics" ], "topics": [ "Mathematics/Combinatorics" ], "used_by": 5 }, { "abstract": "We define the Abortable Linearizable Module automaton (ALM for short) and prove its key composition property using the IOA theory of HOLCF. The ALM is at the heart of the Speculative Linearizability framework. This framework simplifies devising correct speculative algorithms by enabling their decomposition into independent modules that can be analyzed and proved correct in isolation. It is particularly useful when working in a distributed environment, where the need to tolerate faults and asynchrony has made current monolithic protocols so intricate that it is no longer tractable to check their correctness. Our theory contains a typical example of a refinement proof in the I/O-automata framework of Lynch and Tuttle.", "authors": [ "Rachid Guerraoui", "Viktor Kuncak", "Giuliano Losa" ], "date": "2012-03-01", - "id": 596, + "id": 597, "link": "/entries/Abortable_Linearizable_Modules.html", "permalink": "/entries/Abortable_Linearizable_Modules.html", "shortname": "Abortable_Linearizable_Modules", "title": "Abortable Linearizable Modules", "topic_links": [ "computer-science/algorithms/distributed" ], "topics": [ "Computer science/Algorithms/Distributed" ], "used_by": 0 }, { "abstract": "\u003cp\u003e We provide a generic work-list algorithm to compute the (reflexive-)transitive closure of relations where only successors of newly detected states are generated. In contrast to our previous work, the relations do not have to be finite, but each element must only have finitely many (indirect) successors. Moreover, a subsumption relation can be used instead of pure equality. An executable variant of the algorithm is available where the generic operations are instantiated with list operations. \u003c/p\u003e\u003cp\u003e This formalization was performed as part of the IsaFoR/CeTA project, and it has been used to certify size-change termination proofs where large transitive closures have to be computed. \u003c/p\u003e", "authors": [ "René Thiemann" ], "date": "2012-02-29", - "id": 597, + "id": 598, "link": "/entries/Transitive-Closure-II.html", "permalink": "/entries/Transitive-Closure-II.html", "shortname": "Transitive-Closure-II", "title": "Executable Transitive Closures", "topic_links": [ "computer-science/algorithms/graph" ], "topics": [ "Computer science/Algorithms/Graph" ], "used_by": 0 }, { "abstract": "This works presents a formalization of the Girth-Chromatic number theorem in graph theory, stating that graphs with arbitrarily large girth and chromatic number exist. The proof uses the theory of Random Graphs to prove the existence with probabilistic arguments.", "authors": [ "Lars Noschinski" ], "date": "2012-02-06", - "id": 598, + "id": 599, "link": "/entries/Girth_Chromatic.html", "permalink": "/entries/Girth_Chromatic.html", "shortname": "Girth_Chromatic", "title": "A Probabilistic Proof of the Girth-Chromatic Number Theorem", "topic_links": [ "mathematics/graph-theory" ], "topics": [ "Mathematics/Graph theory" ], "used_by": 3 }, { "abstract": "We implement and prove correct Dijkstra's algorithm for the single source shortest path problem, conceived in 1956 by E. Dijkstra. The algorithm is implemented using the data refinement framework for monadic, nondeterministic programs. An efficient implementation is derived using data structures from the Isabelle Collection Framework.", "authors": [ "Benedikt Nordhoff", "Peter Lammich" ], "date": "2012-01-30", - "id": 599, + "id": 600, "link": "/entries/Dijkstra_Shortest_Path.html", "permalink": "/entries/Dijkstra_Shortest_Path.html", "shortname": "Dijkstra_Shortest_Path", "title": "Dijkstra's Shortest Path Algorithm", "topic_links": [ "computer-science/algorithms/graph" ], "topics": [ "Computer science/Algorithms/Graph" ], "used_by": 3 }, { "abstract": "We provide a framework for program and data refinement in Isabelle/HOL. The framework is based on a nondeterminism-monad with assertions, i.e., the monad carries a set of results or an assertion failure. Recursion is expressed by fixed points. For convenience, we also provide while and foreach combinators. \u003cp\u003e The framework provides tools to automatize canonical tasks, such as verification condition generation, finding appropriate data refinement relations, and refine an executable program to a form that is accepted by the Isabelle/HOL code generator. \u003cp\u003e This submission comes with a collection of examples and a user-guide, illustrating the usage of the framework.", "authors": [ "Peter Lammich" ], "date": "2012-01-30", - "id": 600, + "id": 601, "link": "/entries/Refine_Monadic.html", "permalink": "/entries/Refine_Monadic.html", "shortname": "Refine_Monadic", "title": "Refinement for Monadic Programs", "topic_links": [ "computer-science/semantics-and-reasoning" ], "topics": [ "Computer science/Semantics and reasoning" ], "used_by": 3 }, { "abstract": "This is a formalization of Markov models in Isabelle/HOL. It builds on Isabelle's probability theory. The available models are currently Discrete-Time Markov Chains and a extensions of them with rewards. \u003cp\u003e As application of these models we formalize probabilistic model checking of pCTL formulas, analysis of IPv4 address allocation in ZeroConf and an analysis of the anonymity of the Crowds protocol. \u003ca href=\"http://arxiv.org/abs/1212.3870\"\u003eSee here for the corresponding paper.\u003c/a\u003e", "authors": [ "Johannes Hölzl", "Tobias Nipkow" ], "date": "2012-01-03", - "id": 601, + "id": 602, "link": "/entries/Markov_Models.html", "permalink": "/entries/Markov_Models.html", "shortname": "Markov_Models", "title": "Markov Models", "topic_links": [ "mathematics/probability-theory", "computer-science/automata-and-formal-languages" ], "topics": [ "Mathematics/Probability theory", "Computer science/Automata and formal languages" ], "used_by": 4 }, { "abstract": "We mechanise the logic TLA* \u003ca href=\"http://www.springerlink.com/content/ax3qk557qkdyt7n6/\"\u003e[Merz 1999]\u003c/a\u003e, an extension of Lamport's Temporal Logic of Actions (TLA) \u003ca href=\"http://dl.acm.org/citation.cfm?doid=177492.177726\"\u003e[Lamport 1994]\u003c/a\u003e for specifying and reasoning about concurrent and reactive systems. Aiming at a framework for mechanising] the verification of TLA (or TLA*) specifications, this contribution reuses some elements from a previous axiomatic encoding of TLA in Isabelle/HOL by the second author [Merz 1998], which has been part of the Isabelle distribution. In contrast to that previous work, we give here a shallow, definitional embedding, with the following highlights: \u003cul\u003e \u003cli\u003ea theory of infinite sequences, including a formalisation of the concepts of stuttering invariance central to TLA and TLA*; \u003cli\u003ea definition of the semantics of TLA*, which extends TLA by a mutually-recursive definition of formulas and pre-formulas, generalising TLA action formulas; \u003cli\u003ea substantial set of derived proof rules, including the TLA* axioms and Lamport's proof rules for system verification; \u003cli\u003ea set of examples illustrating the usage of Isabelle/TLA* for reasoning about systems. \u003c/ul\u003e Note that this work is unrelated to the ongoing development of a proof system for the specification language TLA+, which includes an encoding of TLA+ as a new Isabelle object logic \u003ca href=\"http://www.springerlink.com/content/354026160p14j175/\"\u003e[Chaudhuri et al 2010]\u003c/a\u003e.", "authors": [ "Gudmund Grov", "Stephan Merz" ], "date": "2011-11-19", - "id": 602, + "id": 603, "link": "/entries/TLA.html", "permalink": "/entries/TLA.html", "shortname": "TLA", "title": "A Definitional Encoding of TLA* in Isabelle/HOL", "topic_links": [ "computer-science/programming-languages/logics" ], "topics": [ "Computer science/Programming languages/Logics" ], "used_by": 0 }, { "abstract": "We provide a formalization of the mergesort algorithm as used in GHC's Data.List module, proving correctness and stability. Furthermore, experimental data suggests that generated (Haskell-)code for this algorithm is much faster than for previous algorithms available in the Isabelle distribution.", "authors": [ "Christian Sternagel" ], "date": "2011-11-09", - "id": 603, + "id": 604, "link": "/entries/Efficient-Mergesort.html", "permalink": "/entries/Efficient-Mergesort.html", "shortname": "Efficient-Mergesort", "title": "Efficient Mergesort", "topic_links": [ "computer-science/algorithms" ], "topics": [ "Computer science/Algorithms" ], "used_by": 2 }, { "abstract": "Algebras of imperative programming languages have been successful in reasoning about programs. In general an algebra of programs is an algebraic structure with programs as elements and with program compositions (sequential composition, choice, skip) as algebra operations. Various versions of these algebras were introduced to model partial correctness, total correctness, refinement, demonic choice, and other aspects. We formalize here an algebra which can be used to model total correctness, refinement, demonic and angelic choice. The basic model of this algebra are monotonic Boolean transformers (monotonic functions from a Boolean algebra to itself).", "authors": [ "Viorel Preoteasa" ], "date": "2011-09-22", - "id": 604, + "id": 605, "link": "/entries/MonoBoolTranAlgebra.html", "permalink": "/entries/MonoBoolTranAlgebra.html", "shortname": "MonoBoolTranAlgebra", "title": "Algebra of Monotonic Boolean Transformers", "topic_links": [ "computer-science/programming-languages/logics" ], "topics": [ "Computer science/Programming languages/Logics" ], "used_by": 1 }, { "abstract": "This formalization introduces and collects some algebraic structures based on lattices and complete lattices for use in other developments. The structures introduced are modular, and lattice ordered groups. In addition to the results proved for the new lattices, this formalization also introduces theorems about latices and complete lattices in general.", "authors": [ "Viorel Preoteasa" ], "date": "2011-09-22", - "id": 605, + "id": 606, "link": "/entries/LatticeProperties.html", "permalink": "/entries/LatticeProperties.html", "shortname": "LatticeProperties", "title": "Lattice Properties", "topic_links": [ "mathematics/order" ], "topics": [ "Mathematics/Order" ], "used_by": 3 }, { "abstract": "Pseudo-hoops are algebraic structures introduced by B. Bosbach under the name of complementary semigroups. In this formalization we prove some properties of pseudo-hoops and we define the basic concepts of filter and normal filter. The lattice of normal filters is isomorphic with the lattice of congruences of a pseudo-hoop. We also study some important classes of pseudo-hoops. Bounded Wajsberg pseudo-hoops are equivalent to pseudo-Wajsberg algebras and bounded basic pseudo-hoops are equivalent to pseudo-BL algebras. Some examples of pseudo-hoops are given in the last section of the formalization.", "authors": [ "George Georgescu", "Laurentiu Leustean", "Viorel Preoteasa" ], "date": "2011-09-22", - "id": 606, + "id": 607, "link": "/entries/PseudoHoops.html", "permalink": "/entries/PseudoHoops.html", "shortname": "PseudoHoops", "title": "Pseudo Hoops", "topic_links": [ "mathematics/algebra" ], "topics": [ "Mathematics/Algebra" ], "used_by": 0 }, { "abstract": "There are many proofs of the Myhill-Nerode theorem using automata. In this library we give a proof entirely based on regular expressions, since regularity of languages can be conveniently defined using regular expressions (it is more painful in HOL to define regularity in terms of automata). We prove the first direction of the Myhill-Nerode theorem by solving equational systems that involve regular expressions. For the second direction we give two proofs: one using tagging-functions and another using partial derivatives. We also establish various closure properties of regular languages. Most details of the theories are described in our ITP 2011 paper.", "authors": [ "Chunhan Wu", "Xingyuan Zhang", "Christian Urban" ], "date": "2011-08-26", - "id": 607, + "id": 608, "link": "/entries/Myhill-Nerode.html", "permalink": "/entries/Myhill-Nerode.html", "shortname": "Myhill-Nerode", "title": "The Myhill-Nerode Theorem Based on Regular Expressions", "topic_links": [ "computer-science/automata-and-formal-languages" ], "topics": [ "Computer science/Automata and formal languages" ], "used_by": 0 }, { "abstract": "This theory provides a compact formulation of Gauss-Jordan elimination for matrices represented as functions. Its distinctive feature is succinctness. It is not meant for large computations.", "authors": [ "Tobias Nipkow" ], "date": "2011-08-19", - "id": 608, + "id": 609, "link": "/entries/Gauss-Jordan-Elim-Fun.html", "permalink": "/entries/Gauss-Jordan-Elim-Fun.html", "shortname": "Gauss-Jordan-Elim-Fun", "title": "Gauss-Jordan Elimination for Matrices Represented as Functions", "topic_links": [ "computer-science/algorithms/mathematical", "mathematics/algebra" ], "topics": [ "Computer science/Algorithms/Mathematical", "Mathematics/Algebra" ], "used_by": 1 }, { "abstract": "\u003cp\u003e A \u003cem\u003ematching\u003c/em\u003e in a graph \u003ci\u003eG\u003c/i\u003e is a subset \u003ci\u003eM\u003c/i\u003e of the edges of \u003ci\u003eG\u003c/i\u003e such that no two share an endpoint. A matching has maximum cardinality if its cardinality is at least as large as that of any other matching. An \u003cem\u003eodd-set cover\u003c/em\u003e \u003ci\u003eOSC\u003c/i\u003e of a graph \u003ci\u003eG\u003c/i\u003e is a labeling of the nodes of \u003ci\u003eG\u003c/i\u003e with integers such that every edge of \u003ci\u003eG\u003c/i\u003e is either incident to a node labeled 1 or connects two nodes labeled with the same number \u003ci\u003ei \u0026ge; 2\u003c/i\u003e. \u003c/p\u003e\u003cp\u003e This article proves Edmonds theorem:\u003cbr\u003e Let \u003ci\u003eM\u003c/i\u003e be a matching in a graph \u003ci\u003eG\u003c/i\u003e and let \u003ci\u003eOSC\u003c/i\u003e be an odd-set cover of \u003ci\u003eG\u003c/i\u003e. For any \u003ci\u003ei \u0026ge; 0\u003c/i\u003e, let \u003cvar\u003en(i)\u003c/var\u003e be the number of nodes labeled \u003ci\u003ei\u003c/i\u003e. If \u003ci\u003e|M| = n(1) + \u0026sum;\u003csub\u003ei \u0026ge; 2\u003c/sub\u003e(n(i) div 2)\u003c/i\u003e, then \u003ci\u003eM\u003c/i\u003e is a maximum cardinality matching. \u003c/p\u003e", "authors": [ "Christine Rizkallah" ], "date": "2011-07-21", - "id": 609, + "id": 610, "link": "/entries/Max-Card-Matching.html", "permalink": "/entries/Max-Card-Matching.html", "shortname": "Max-Card-Matching", "title": "Maximum Cardinality Matching", "topic_links": [ "mathematics/graph-theory" ], "topics": [ "Mathematics/Graph theory" ], "used_by": 0 }, { "abstract": "Knowledge-based programs (KBPs) are a formalism for directly relating agents' knowledge and behaviour. Here we present a general scheme for compiling KBPs to executable automata with a proof of correctness in Isabelle/HOL. We develop the algorithm top-down, using Isabelle's locale mechanism to structure these proofs, and show that two classic examples can be synthesised using Isabelle's code generator.", "authors": [ "Peter Gammie" ], "date": "2011-05-17", - "id": 610, + "id": 611, "link": "/entries/KBPs.html", "permalink": "/entries/KBPs.html", "shortname": "KBPs", "title": "Knowledge-based programs", "topic_links": [ "computer-science/automata-and-formal-languages" ], "topics": [ "Computer science/Automata and formal languages" ], "used_by": 1 }, { "abstract": "Some acute-angled triangles are special, e.g. right-angled or isoscele triangles. Some are not of this kind, but, without measuring angles, look as if they were. In that sense, there is exactly one general triangle. This well-known fact is proven here formally.", "authors": [ "Joachim Breitner" ], "date": "2011-04-01", - "id": 611, + "id": 612, "link": "/entries/General-Triangle.html", "permalink": "/entries/General-Triangle.html", "shortname": "General-Triangle", "title": "The General Triangle Is Unique", "topic_links": [ "mathematics/geometry" ], "topics": [ "Mathematics/Geometry" ], "used_by": 0 }, { "abstract": "We provide a generic work-list algorithm to compute the transitive closure of finite relations where only successors of newly detected states are generated. This algorithm is then instantiated for lists over arbitrary carriers and red black trees (which are faster but require a linear order on the carrier), respectively. Our formalization was performed as part of the IsaFoR/CeTA project where reflexive transitive closures of large tree automata have to be computed.", "authors": [ "Christian Sternagel", "René Thiemann" ], "date": "2011-03-14", - "id": 612, + "id": 613, "link": "/entries/Transitive-Closure.html", "permalink": "/entries/Transitive-Closure.html", "shortname": "Transitive-Closure", "title": "Executable Transitive Closures of Finite Relations", "topic_links": [ "computer-science/algorithms/graph" ], "topics": [ "Computer science/Algorithms/Graph" ], "used_by": 3 }, { "abstract": "We formalize the AutoFocus Semantics (a time-synchronous subset of the Focus formalism) as stream processing functions on finite and infinite message streams represented as finite/infinite lists. The formalization comprises both the conventional single-clocking semantics (uniform global clock for all components and communications channels) and its extension to multi-clocking semantics (internal execution clocking of a component may be a multiple of the external communication clocking). The semantics is defined by generic stream processing functions making it suitable for simulation/code generation in Isabelle/HOL. Furthermore, a number of AutoFocus semantics properties are formalized using definitions from the IntervalLogic theories.", "authors": [ "David Trachtenherz" ], "date": "2011-02-23", - "id": 613, + "id": 614, "link": "/entries/AutoFocus-Stream.html", "permalink": "/entries/AutoFocus-Stream.html", "shortname": "AutoFocus-Stream", "title": "AutoFocus Stream Processing for Single-Clocking and Multi-Clocking Semantics", "topic_links": [ "computer-science/programming-languages/language-definitions" ], "topics": [ "Computer science/Programming languages/Language definitions" ], "used_by": 0 }, { "abstract": "We introduce a theory of infinite lists in HOL formalized as functions over naturals (folder ListInf, theories ListInf and ListInf_Prefix). It also provides additional results for finite lists (theory ListInf/List2), natural numbers (folder CommonArith, esp. division/modulo, naturals with infinity), sets (folder CommonSet, esp. cutting/truncating sets, traversing sets of naturals).", "authors": [ "David Trachtenherz" ], "date": "2011-02-23", - "id": 614, + "id": 615, "link": "/entries/List-Infinite.html", "permalink": "/entries/List-Infinite.html", "shortname": "List-Infinite", "title": "Infinite Lists", "topic_links": [ "computer-science/data-structures" ], "topics": [ "Computer science/Data structures" ], "used_by": 1 }, { "abstract": "We introduce a theory of temporal logic operators using sets of natural numbers as time domain, formalized in a shallow embedding manner. The theory comprises special natural intervals (theory IL_Interval: open and closed intervals, continuous and modulo intervals, interval traversing results), operators for shifting intervals to left/right on the number axis as well as expanding/contracting intervals by constant factors (theory IL_IntervalOperators.thy), and ultimately definitions and results for unary and binary temporal operators on arbitrary natural sets (theory IL_TemporalOperators).", "authors": [ "David Trachtenherz" ], "date": "2011-02-23", - "id": 615, + "id": 616, "link": "/entries/Nat-Interval-Logic.html", "permalink": "/entries/Nat-Interval-Logic.html", "shortname": "Nat-Interval-Logic", "title": "Interval Temporal Logic on Natural Numbers", "topic_links": [ "logic/general-logic/temporal-logic" ], "topics": [ "Logic/General logic/Temporal logic" ], "used_by": 1 }, { "abstract": "A fully-formalized and extensible minimal imperative fragment of Java.", "authors": [ "Rok Strniša", "Matthew Parkinson" ], "date": "2011-02-07", - "id": 616, + "id": 617, "link": "/entries/LightweightJava.html", "permalink": "/entries/LightweightJava.html", "shortname": "LightweightJava", "title": "Lightweight Java", "topic_links": [ "computer-science/programming-languages/language-definitions" ], "topics": [ "Computer science/Programming languages/Language definitions" ], "used_by": 0 }, { "abstract": "This work presents a verification of an implementation in SPARK/ADA of the cryptographic hash-function RIPEMD-160. A functional specification of RIPEMD-160 is given in Isabelle/HOL. Proofs for the verification conditions generated by the static-analysis toolset of SPARK certify the functional correctness of the implementation.", "authors": [ "Fabian Immler" ], "date": "2011-01-10", - "id": 617, + "id": 618, "link": "/entries/RIPEMD-160-SPARK.html", "permalink": "/entries/RIPEMD-160-SPARK.html", "shortname": "RIPEMD-160-SPARK", "title": "RIPEMD-160", "topic_links": [ "computer-science/programming-languages/static-analysis" ], "topics": [ "Computer science/Programming languages/Static analysis" ], "used_by": 0 }, { "abstract": "We define the notions of lower and upper semicontinuity for functions from a metric space to the extended real line. We prove that a function is both lower and upper semicontinuous if and only if it is continuous. We also give several equivalent characterizations of lower semicontinuity. In particular, we prove that a function is lower semicontinuous if and only if its epigraph is a closed set. Also, we introduce the notion of the lower semicontinuous hull of an arbitrary function and prove its basic properties.", "authors": [ "Bogdan Grechuk" ], "date": "2011-01-08", - "id": 618, + "id": 619, "link": "/entries/Lower_Semicontinuous.html", "permalink": "/entries/Lower_Semicontinuous.html", "shortname": "Lower_Semicontinuous", "title": "Lower Semicontinuous Functions", "topic_links": [ "mathematics/analysis" ], "topics": [ "Mathematics/Analysis" ], "used_by": 0 }, { "abstract": "Two proofs of Hall's Marriage Theorem: one due to Halmos and Vaughan, one due to Rado.", "authors": [ "Dongchen Jiang", "Tobias Nipkow" ], "date": "2010-12-17", - "id": 619, + "id": 620, "link": "/entries/Marriage.html", "permalink": "/entries/Marriage.html", "shortname": "Marriage", "title": "Hall's Marriage Theorem", "topic_links": [ "mathematics/combinatorics" ], "topics": [ "Mathematics/Combinatorics" ], "used_by": 1 }, { "abstract": "In his dissertation, Olin Shivers introduces a concept of control flow graphs for functional languages, provides an algorithm to statically derive a safe approximation of the control flow graph and proves this algorithm correct. In this research project, Shivers' algorithms and proofs are formalized in the HOLCF extension of HOL.", "authors": [ "Joachim Breitner" ], "date": "2010-11-16", - "id": 620, + "id": 621, "link": "/entries/Shivers-CFA.html", "permalink": "/entries/Shivers-CFA.html", "shortname": "Shivers-CFA", "title": "Shivers' Control Flow Analysis", "topic_links": [ "computer-science/programming-languages/static-analysis" ], "topics": [ "Computer science/Programming languages/Static analysis" ], "used_by": 0 }, { "abstract": "We implement and prove correct binomial heaps and skew binomial heaps. Both are data-structures for priority queues. While binomial heaps have logarithmic \u003cem\u003efindMin\u003c/em\u003e, \u003cem\u003edeleteMin\u003c/em\u003e, \u003cem\u003einsert\u003c/em\u003e, and \u003cem\u003emeld\u003c/em\u003e operations, skew binomial heaps have constant time \u003cem\u003efindMin\u003c/em\u003e, \u003cem\u003einsert\u003c/em\u003e, and \u003cem\u003emeld\u003c/em\u003e operations, and only the \u003cem\u003edeleteMin\u003c/em\u003e-operation is logarithmic. This is achieved by using \u003cem\u003eskew links\u003c/em\u003e to avoid cascading linking on \u003cem\u003einsert\u003c/em\u003e-operations, and \u003cem\u003edata-structural bootstrapping\u003c/em\u003e to get constant-time \u003cem\u003efindMin\u003c/em\u003e and \u003cem\u003emeld\u003c/em\u003e operations. Our implementation follows the paper by Brodal and Okasaki.", "authors": [ "Rene Meis", "Finn Nielsen", "Peter Lammich" ], "date": "2010-10-28", - "id": 621, + "id": 622, "link": "/entries/Binomial-Heaps.html", "permalink": "/entries/Binomial-Heaps.html", "shortname": "Binomial-Heaps", "title": "Binomial Heaps and Skew Binomial Heaps", "topic_links": [ "computer-science/data-structures" ], "topics": [ "Computer science/Data structures" ], "used_by": 2 }, { "abstract": "We implement and prove correct 2-3 finger trees. Finger trees are a general purpose data structure, that can be used to efficiently implement other data structures, such as priority queues. Intuitively, a finger tree is an annotated sequence, where the annotations are elements of a monoid. Apart from operations to access the ends of the sequence, the main operation is to split the sequence at the point where a \u003cem\u003emonotone predicate\u003c/em\u003e over the sum of the left part of the sequence becomes true for the first time. The implementation follows the paper of Hinze and Paterson. The code generator can be used to get efficient, verified code.", "authors": [ "Benedikt Nordhoff", "Stefan Körner", "Peter Lammich" ], "date": "2010-10-28", - "id": 622, + "id": 623, "link": "/entries/Finger-Trees.html", "permalink": "/entries/Finger-Trees.html", "shortname": "Finger-Trees", "title": "Finger Trees", "topic_links": [ "computer-science/data-structures" ], "topics": [ "Computer science/Data structures" ], "used_by": 3 }, { "abstract": "Priority queues are an important data structure and efficient implementations of them are crucial. We implement a functional variant of binomial queues in Isabelle/HOL and show its functional correctness. A verification against an abstract reference specification of priority queues has also been attempted, but could not be achieved to the full extent.", "authors": [ "René Neumann" ], "date": "2010-10-28", - "id": 623, + "id": 624, "link": "/entries/Binomial-Queues.html", "permalink": "/entries/Binomial-Queues.html", "shortname": "Binomial-Queues", "title": "Functional Binomial Queues", "topic_links": [ "computer-science/data-structures" ], "topics": [ "Computer science/Data structures" ], "used_by": 0 }, { "abstract": "Handling variable binding is one of the main difficulties in formal proofs. In this context, Moggi's computational metalanguage serves as an interesting case study. It features monadic types and a commuting conversion rule that rearranges the binding structure. Lindley and Stark have given an elegant proof of strong normalization for this calculus. The key construction in their proof is a notion of relational TT-lifting, using stacks of elimination contexts to obtain a Girard-Tait style logical relation. I give a formalization of their proof in Isabelle/HOL-Nominal with a particular emphasis on the treatment of bound variables.", "authors": [ "Christian Doczkal" ], "date": "2010-08-29", - "id": 624, + "id": 625, "link": "/entries/Lam-ml-Normalization.html", "permalink": "/entries/Lam-ml-Normalization.html", "shortname": "Lam-ml-Normalization", "title": "Strong Normalization of Moggis's Computational Metalanguage", "topic_links": [ "computer-science/programming-languages/lambda-calculi" ], "topics": [ "Computer science/Programming languages/Lambda calculi" ], "used_by": 0 }, { "abstract": "We define multivariate polynomials over arbitrary (ordered) semirings in combination with (executable) operations like addition, multiplication, and substitution. We also define (weak) monotonicity of polynomials and comparison of polynomials where we provide standard estimations like absolute positiveness or the more recent approach of Neurauter, Zankl, and Middeldorp. Moreover, it is proven that strongly normalizing (monotone) orders can be lifted to strongly normalizing (monotone) orders over polynomials. Our formalization was performed as part of the \u003ca href=\"http://cl-informatik.uibk.ac.at/software/ceta\"\u003eIsaFoR/CeTA-system\u003c/a\u003e which contains several termination techniques. The provided theories have been essential to formalize polynomial interpretations. \u003cp\u003e This formalization also contains an abstract representation as coefficient functions with finite support and a type of power-products. If this type is ordered by a linear (term) ordering, various additional notions, such as leading power-product, leading coefficient etc., are introduced as well. Furthermore, a lot of generic properties of, and functions on, multivariate polynomials are formalized, including the substitution and evaluation homomorphisms, embeddings of polynomial rings into larger rings (i.e. with one additional indeterminate), homogenization and dehomogenization of polynomials, and the canonical isomorphism between R[X,Y] and R[X][Y].", "authors": [ "Christian Sternagel", "René Thiemann", "Alexander Maletzky", "Fabian Immler", "Florian Haftmann", "Andreas Lochbihler", "Alexander Bentkamp" ], "date": "2010-08-10", - "id": 625, + "id": 626, "link": "/entries/Polynomials.html", "permalink": "/entries/Polynomials.html", "shortname": "Polynomials", "title": "Executable Multivariate Polynomials", "topic_links": [ "mathematics/analysis", "mathematics/algebra", "computer-science/algorithms/mathematical" ], "topics": [ "Mathematics/Analysis", "Mathematics/Algebra", "Computer science/Algorithms/Mathematical" ], "used_by": 7 }, { "abstract": "We formalize in Isabelle/HOL the abtract syntax and a synchronous step semantics for the specification language Statecharts. The formalization is based on Hierarchical Automata which allow a structural decomposition of Statecharts into Sequential Automata. To support the composition of Statecharts, we introduce calculating operators to construct a Hierarchical Automaton in a stepwise manner. Furthermore, we present a complete semantics of Statecharts including a theory of data spaces, which enables the modelling of racing effects. We also adapt CTL for Statecharts to build a bridge for future combinations with model checking. However the main motivation of this work is to provide a sound and complete basis for reasoning on Statecharts. As a central meta theorem we prove that the well-formedness of a Statechart is preserved by the semantics.", "authors": [ "Steffen Helke", "Florian Kammüller" ], "date": "2010-08-08", - "id": 626, + "id": 627, "link": "/entries/Statecharts.html", "permalink": "/entries/Statecharts.html", "shortname": "Statecharts", "title": "Formalizing Statecharts using Hierarchical Automata", "topic_links": [ "computer-science/automata-and-formal-languages" ], "topics": [ "Computer science/Automata and formal languages" ], "used_by": 0 }, { "abstract": "Free Groups are, in a sense, the most generic kind of group. They are defined over a set of generators with no additional relations in between them. They play an important role in the definition of group presentations and in other fields. This theory provides the definition of Free Group as the set of fully canceled words in the generators. The universal property is proven, as well as some isomorphisms results about Free Groups.", "authors": [ "Joachim Breitner" ], "date": "2010-06-24", - "id": 627, + "id": 628, "link": "/entries/Free-Groups.html", "permalink": "/entries/Free-Groups.html", "shortname": "Free-Groups", "title": "Free Groups", "topic_links": [ "mathematics/algebra" ], "topics": [ "Mathematics/Algebra" ], "used_by": 0 }, { "abstract": "This article presents a development of Category Theory in Isabelle/HOL. A Category is defined using records and locales. Functors and Natural Transformations are also defined. The main result that has been formalized is that the Yoneda functor is a full and faithful embedding. We also formalize the completeness of many sorted monadic equational logic. Extensive use is made of the HOLZF theory in both cases. For an informal description see \u003ca href=\"http://www.srcf.ucam.org/~apk32/Isabelle/Category/Cat.pdf\"\u003ehere [pdf]\u003c/a\u003e.", "authors": [ "Alexander Katovsky" ], "date": "2010-06-20", - "id": 628, + "id": 629, "link": "/entries/Category2.html", "permalink": "/entries/Category2.html", "shortname": "Category2", "title": "Category Theory", "topic_links": [ "mathematics/category-theory" ], "topics": [ "Mathematics/Category theory" ], "used_by": 0 }, { "abstract": "We provide the operations of matrix addition, multiplication, transposition, and matrix comparisons as executable functions over ordered semirings. Moreover, it is proven that strongly normalizing (monotone) orders can be lifted to strongly normalizing (monotone) orders over matrices. We further show that the standard semirings over the naturals, integers, and rationals, as well as the arctic semirings satisfy the axioms that are required by our matrix theory. Our formalization is part of the \u003ca href=\"http://cl-informatik.uibk.ac.at/software/ceta\"\u003eCeTA\u003c/a\u003e system which contains several termination techniques. The provided theories have been essential to formalize matrix-interpretations and arctic interpretations.", "authors": [ "Christian Sternagel", "René Thiemann" ], "date": "2010-06-17", - "id": 629, + "id": 630, "link": "/entries/Matrix.html", "permalink": "/entries/Matrix.html", "shortname": "Matrix", "title": "Executable Matrix Operations on Matrices of Arbitrary Dimensions", "topic_links": [ "computer-science/data-structures" ], "topics": [ "Computer science/Data structures" ], "used_by": 5 }, { "abstract": "We present an Isabelle formalization of abstract rewriting (see, e.g., the book by Baader and Nipkow). First, we define standard relations like \u003ci\u003ejoinability\u003c/i\u003e, \u003ci\u003emeetability\u003c/i\u003e, \u003ci\u003econversion\u003c/i\u003e, etc. Then, we formalize important properties of abstract rewrite systems, e.g., confluence and strong normalization. Our main concern is on strong normalization, since this formalization is the basis of \u003ca href=\"http://cl-informatik.uibk.ac.at/software/ceta\"\u003eCeTA\u003c/a\u003e (which is mainly about strong normalization of term rewrite systems). Hence lemmas involving strong normalization constitute by far the biggest part of this theory. One of those is Newman's lemma.", "authors": [ "Christian Sternagel", "René Thiemann" ], "date": "2010-06-14", - "id": 630, + "id": 631, "link": "/entries/Abstract-Rewriting.html", "permalink": "/entries/Abstract-Rewriting.html", "shortname": "Abstract-Rewriting", "title": "Abstract Rewriting", "topic_links": [ "logic/rewriting" ], "topics": [ "Logic/Rewriting" ], "used_by": 10 }, { "abstract": "The invariant based programming is a technique of constructing correct programs by first identifying the basic situations (pre- and post-conditions and invariants) that can occur during the execution of the program, and then defining the transitions and proving that they preserve the invariants. Data refinement is a technique of building correct programs working on concrete datatypes as refinements of more abstract programs. In the theories presented here we formalize the predicate transformer semantics for invariant based programs and their data refinement.", "authors": [ "Viorel Preoteasa", "Ralph-Johan Back" ], "date": "2010-05-28", - "id": 631, + "id": 632, "link": "/entries/DataRefinementIBP.html", "permalink": "/entries/DataRefinementIBP.html", "shortname": "DataRefinementIBP", "title": "Semantics and Data Refinement of Invariant Based Programs", "topic_links": [ "computer-science/programming-languages/logics" ], "topics": [ "Computer science/Programming languages/Logics" ], "used_by": 1 }, { "abstract": "The verification of the Deutsch-Schorr-Waite graph marking algorithm is used as a benchmark in many formalizations of pointer programs. The main purpose of this mechanization is to show how data refinement of invariant based programs can be used in verifying practical algorithms. The verification starts with an abstract algorithm working on a graph given by a relation \u003ci\u003enext\u003c/i\u003e on nodes. Gradually the abstract program is refined into Deutsch-Schorr-Waite graph marking algorithm where only one bit per graph node of additional memory is used for marking.", "authors": [ "Viorel Preoteasa", "Ralph-Johan Back" ], "date": "2010-05-28", - "id": 632, + "id": 633, "link": "/entries/GraphMarkingIBP.html", "permalink": "/entries/GraphMarkingIBP.html", "shortname": "GraphMarkingIBP", "title": "Verification of the Deutsch-Schorr-Waite Graph Marking Algorithm using Data Refinement", "topic_links": [ "computer-science/algorithms/graph" ], "topics": [ "Computer science/Algorithms/Graph" ], "used_by": 0 }, { "abstract": "This document gives a formalization of the proof of the Robbins conjecture, following A. Mann, \u003ci\u003eA Complete Proof of the Robbins Conjecture\u003c/i\u003e, 2003.", "authors": [ "Matthew Doty" ], "date": "2010-05-22", - "id": 633, + "id": 634, "link": "/entries/Robbins-Conjecture.html", "permalink": "/entries/Robbins-Conjecture.html", "shortname": "Robbins-Conjecture", "title": "A Complete Proof of the Robbins Conjecture", "topic_links": [ "mathematics/algebra" ], "topics": [ "Mathematics/Algebra" ], "used_by": 0 }, { "abstract": "This is a library of constructions on regular expressions and languages. It provides the operations of concatenation, Kleene star and derivative on languages. Regular expressions and their meaning are defined. An executable equivalence checker for regular expressions is verified; it does not need automata but works directly on regular expressions. \u003ci\u003eBy mapping regular expressions to binary relations, an automatic and complete proof method for (in)equalities of binary relations over union, concatenation and (reflexive) transitive closure is obtained.\u003c/i\u003e \u003cP\u003e Extended regular expressions with complement and intersection are also defined and an equivalence checker is provided.", "authors": [ "Alexander Krauss", "Tobias Nipkow" ], "date": "2010-05-12", - "id": 634, + "id": 635, "link": "/entries/Regular-Sets.html", "permalink": "/entries/Regular-Sets.html", "shortname": "Regular-Sets", "title": "Regular Sets and Expressions", "topic_links": [ "computer-science/automata-and-formal-languages" ], "topics": [ "Computer science/Automata and formal languages" ], "used_by": 12 }, { "abstract": "We present a Theory of Objects based on the original functional sigma-calculus by Abadi and Cardelli but with an additional parameter to methods. We prove confluence of the operational semantics following the outline of Nipkow's proof of confluence for the lambda-calculus reusing his theory Commutation, a generic diamond lemma reduction. We furthermore formalize a simple type system for our sigma-calculus including a proof of type safety. The entire development uses the concept of Locally Nameless representation for binders. We reuse an earlier proof of confluence for a simpler sigma-calculus based on de Bruijn indices and lists to represent objects.", "authors": [ "Ludovic Henrio", "Florian Kammüller", "Bianca Lutz", "Henry Sudhof" ], "date": "2010-04-30", - "id": 635, + "id": 636, "link": "/entries/Locally-Nameless-Sigma.html", "permalink": "/entries/Locally-Nameless-Sigma.html", "shortname": "Locally-Nameless-Sigma", "title": "Locally Nameless Sigma Calculus", "topic_links": [ "computer-science/programming-languages/language-definitions" ], "topics": [ "Computer science/Programming languages/Language definitions" ], "used_by": 0 }, { "abstract": "This theory defines a type constructor representing the free Boolean algebra over a set of generators. Values of type (α)\u003ci\u003eformula\u003c/i\u003e represent propositional formulas with uninterpreted variables from type α, ordered by implication. In addition to all the standard Boolean algebra operations, the library also provides a function for building homomorphisms to any other Boolean algebra type.", "authors": [ "Brian Huffman" ], "date": "2010-03-29", - "id": 636, + "id": 637, "link": "/entries/Free-Boolean-Algebra.html", "permalink": "/entries/Free-Boolean-Algebra.html", "shortname": "Free-Boolean-Algebra", "title": "Free Boolean Algebra", "topic_links": [ "logic/general-logic/classical-propositional-logic" ], "topics": [ "Logic/General logic/Classical propositional logic" ], "used_by": 0 }, { "abstract": "\u003cp\u003e In this contribution, we show how correctness proofs for \u003ca href=\"Slicing.html\"\u003eintra-\u003c/a\u003e and \u003ca href=\"HRB-Slicing.html\"\u003einterprocedural slicing\u003c/a\u003e can be used to prove that slicing is able to guarantee information flow noninterference. Moreover, we also illustrate how to lift the control flow graphs of the respective frameworks such that they fulfil the additional assumptions needed in the noninterference proofs. A detailed description of the intraprocedural proof and its interplay with the slicing framework can be found in the PLAS'09 paper by Wasserrab et al. \u003c/p\u003e \u003cp\u003e This entry contains the part for intra-procedural slicing. See entry \u003ca href=\"InformationFlowSlicing_Inter.html\"\u003eInformationFlowSlicing_Inter\u003c/a\u003e for the inter-procedural part. \u003c/p\u003e", "authors": [ "Daniel Wasserrab" ], "date": "2010-03-23", - "id": 637, + "id": 638, "link": "/entries/InformationFlowSlicing.html", "permalink": "/entries/InformationFlowSlicing.html", "shortname": "InformationFlowSlicing", "title": "Information Flow Noninterference via Slicing", "topic_links": [ "computer-science/security" ], "topics": [ "Computer science/Security" ], "used_by": 0 }, { "abstract": "\u003cp\u003e In this contribution, we show how correctness proofs for \u003ca href=\"Slicing.html\"\u003eintra-\u003c/a\u003e and \u003ca href=\"HRB-Slicing.html\"\u003einterprocedural slicing\u003c/a\u003e can be used to prove that slicing is able to guarantee information flow noninterference. Moreover, we also illustrate how to lift the control flow graphs of the respective frameworks such that they fulfil the additional assumptions needed in the noninterference proofs. A detailed description of the intraprocedural proof and its interplay with the slicing framework can be found in the PLAS'09 paper by Wasserrab et al. \u003c/p\u003e \u003cp\u003e This entry contains the part for inter-procedural slicing. See entry \u003ca href=\"InformationFlowSlicing.html\"\u003eInformationFlowSlicing\u003c/a\u003e for the intra-procedural part. \u003c/p\u003e", "authors": [ "Daniel Wasserrab" ], "date": "2010-03-23", - "id": 638, + "id": 639, "link": "/entries/InformationFlowSlicing_Inter.html", "permalink": "/entries/InformationFlowSlicing_Inter.html", "shortname": "InformationFlowSlicing_Inter", "title": "Inter-Procedural Information Flow Noninterference via Slicing", "topic_links": [ "computer-science/security" ], "topics": [ "Computer science/Security" ], "used_by": 0 }, { "abstract": "This theory provides functions for finding the index of an element in a list, by predicate and by value.", "authors": [ "Tobias Nipkow" ], "date": "2010-02-20", - "id": 639, + "id": 640, "link": "/entries/List-Index.html", "permalink": "/entries/List-Index.html", "shortname": "List-Index", "title": "List Index", "topic_links": [ "computer-science/data-structures" ], "topics": [ "Computer science/Data structures" ], - "used_by": 21 + "used_by": 22 }, { "abstract": "This article collects formalisations of general-purpose coinductive data types and sets. Currently, it contains coinductive natural numbers, coinductive lists, i.e. lazy lists or streams, infinite streams, coinductive terminated lists, coinductive resumptions, a library of operations on coinductive lists, and a version of König's lemma as an application for coinductive lists.\u003cbr\u003eThe initial theory was contributed by Paulson and Wenzel. Extensions and other coinductive formalisations of general interest are welcome.", "authors": [ "Andreas Lochbihler" ], "date": "2010-02-12", - "id": 640, + "id": 641, "link": "/entries/Coinductive.html", "permalink": "/entries/Coinductive.html", "shortname": "Coinductive", "title": "Coinductive", "topic_links": [ "computer-science/functional-programming" ], "topics": [ "Computer science/Functional programming" ], "used_by": 12 }, { "abstract": "This contribution contains a fast SAT solver for Isabelle written in Standard ML. By loading the theory \u003ctt\u003eDPT_SAT_Solver\u003c/tt\u003e, the SAT solver installs itself (under the name ``dptsat'') and certain Isabelle tools like Refute will start using it automatically. This is a port of the DPT (Decision Procedure Toolkit) SAT Solver written in OCaml.", "authors": [ "Armin Heller" ], "date": "2009-12-09", - "id": 641, + "id": 642, "link": "/entries/DPT-SAT-Solver.html", "permalink": "/entries/DPT-SAT-Solver.html", "shortname": "DPT-SAT-Solver", "title": "A Fast SAT Solver for Isabelle in Standard ML", "topic_links": [ "tools" ], "topics": [ "Tools" ], "used_by": 0 }, { "abstract": "This work presents a formalization of a library for automata on bit strings. It forms the basis of a reflection-based decision procedure for Presburger arithmetic, which is efficiently executable thanks to Isabelle's code generator. With this work, we therefore provide a mechanized proof of a well-known connection between logic and automata theory. The formalization is also described in a publication [TPHOLs 2009].", "authors": [ "Stefan Berghofer", "Markus Reiter" ], "date": "2009-12-03", - "id": 642, + "id": 643, "link": "/entries/Presburger-Automata.html", "permalink": "/entries/Presburger-Automata.html", "shortname": "Presburger-Automata", "title": "Formalizing the Logic-Automaton Connection", "topic_links": [ "computer-science/automata-and-formal-languages", "logic/general-logic/decidability-of-theories" ], "topics": [ "Computer science/Automata and formal languages", "Logic/General logic/Decidability of theories" ], "used_by": 0 }, { "abstract": "This development provides an efficient, extensible, machine checked collections framework. The library adopts the concepts of interface, implementation and generic algorithm from object-oriented programming and implements them in Isabelle/HOL. The framework features the use of data refinement techniques to refine an abstract specification (using high-level concepts like sets) to a more concrete implementation (using collection datastructures, like red-black-trees). The code-generator of Isabelle/HOL can be used to generate efficient code.", "authors": [ "Peter Lammich" ], "date": "2009-11-25", - "id": 643, + "id": 644, "link": "/entries/Collections.html", "permalink": "/entries/Collections.html", "shortname": "Collections", "title": "Collections Framework", "topic_links": [ "computer-science/data-structures" ], "topics": [ "Computer science/Data structures" ], - "used_by": 18 + "used_by": 19 }, { "abstract": "This work presents a machine-checked tree automata library for Standard-ML, OCaml and Haskell. The algorithms are efficient by using appropriate data structures like RB-trees. The available algorithms for non-deterministic automata include membership query, reduction, intersection, union, and emptiness check with computation of a witness for non-emptiness. The executable algorithms are derived from less-concrete, non-executable algorithms using data-refinement techniques. The concrete data structures are from the Isabelle Collections Framework. Moreover, this work contains a formalization of the class of tree-regular languages and its closure properties under set operations.", "authors": [ "Peter Lammich" ], "date": "2009-11-25", - "id": 644, + "id": 645, "link": "/entries/Tree-Automata.html", "permalink": "/entries/Tree-Automata.html", "shortname": "Tree-Automata", "title": "Tree Automata", "topic_links": [ "computer-science/automata-and-formal-languages" ], "topics": [ "Computer science/Automata and formal languages" ], "used_by": 0 }, { "abstract": "These theories present the mechanised proof of the Perfect Number Theorem.", "authors": [ "Mark Ijbema" ], "date": "2009-11-22", - "id": 645, + "id": 646, "link": "/entries/Perfect-Number-Thm.html", "permalink": "/entries/Perfect-Number-Thm.html", "shortname": "Perfect-Number-Thm", "title": "Perfect Number Theorem", "topic_links": [ "mathematics/number-theory" ], "topics": [ "Mathematics/Number theory" ], "used_by": 0 }, { "abstract": "After verifying \u003ca href=\"Slicing.html\"\u003edynamic and static interprocedural slicing\u003c/a\u003e, we present a modular framework for static interprocedural slicing. To this end, we formalized the standard two-phase slicer from Horwitz, Reps and Binkley (see their TOPLAS 12(1) 1990 paper) together with summary edges as presented by Reps et al. (see FSE 1994). The framework is again modular in the programming language by using an abstract CFG, defined via structural and well-formedness properties. Using a weak simulation between the original and sliced graph, we were able to prove the correctness of static interprocedural slicing. We also instantiate our framework with a simple While language with procedures. This shows that the chosen abstractions are indeed valid.", "authors": [ "Daniel Wasserrab" ], "date": "2009-11-13", - "id": 646, + "id": 647, "link": "/entries/HRB-Slicing.html", "permalink": "/entries/HRB-Slicing.html", "shortname": "HRB-Slicing", "title": "Backing up Slicing: Verifying the Interprocedural Two-Phase Horwitz-Reps-Binkley Slicer", "topic_links": [ "computer-science/programming-languages/static-analysis" ], "topics": [ "Computer science/Programming languages/Static analysis" ], "used_by": 1 }, { "abstract": "Gill and Hutton formalise the worker/wrapper transformation, building on the work of Launchbury and Peyton-Jones who developed it as a way of changing the type at which a recursive function operates. This development establishes the soundness of the technique and several examples of its use.", "authors": [ "Peter Gammie" ], "date": "2009-10-30", - "id": 647, + "id": 648, "link": "/entries/WorkerWrapper.html", "permalink": "/entries/WorkerWrapper.html", "shortname": "WorkerWrapper", "title": "The Worker/Wrapper Transformation", "topic_links": [ "computer-science/functional-programming" ], "topics": [ "Computer science/Functional programming" ], "used_by": 0 }, { "abstract": "We develop a basic theory of ordinals and cardinals in Isabelle/HOL, up to the point where some cardinality facts relevant for the ``working mathematician\" become available. Unlike in set theory, here we do not have at hand canonical notions of ordinal and cardinal. Therefore, here an ordinal is merely a well-order relation and a cardinal is an ordinal minim w.r.t. order embedding on its field.", "authors": [ "Andrei Popescu" ], "date": "2009-09-01", - "id": 648, + "id": 649, "link": "/entries/Ordinals_and_Cardinals.html", "permalink": "/entries/Ordinals_and_Cardinals.html", "shortname": "Ordinals_and_Cardinals", "title": "Ordinals and Cardinals", "topic_links": [ "logic/set-theory" ], "topics": [ "Logic/Set theory" ], "used_by": 0 }, { "abstract": "The invertibility of the rules of a sequent calculus is important for guiding proof search and can be used in some formalised proofs of Cut admissibility. We present sufficient conditions for when a rule is invertible with respect to a calculus. We illustrate the conditions with examples. It must be noted we give purely syntactic criteria; no guarantees are given as to the suitability of the rules.", "authors": [ "Peter Chapman" ], "date": "2009-08-28", - "id": 649, + "id": 650, "link": "/entries/SequentInvertibility.html", "permalink": "/entries/SequentInvertibility.html", "shortname": "SequentInvertibility", "title": "Invertibility in Sequent Calculi", "topic_links": [ "logic/proof-theory" ], "topics": [ "Logic/Proof theory" ], "used_by": 0 }, { "abstract": "We formalize the usual proof that the group generated by the function k -\u003e k + 1 on the integers gives rise to a cofinitary group.", "authors": [ "Bart Kastermans" ], "date": "2009-08-04", - "id": 650, + "id": 651, "link": "/entries/CofGroups.html", "permalink": "/entries/CofGroups.html", "shortname": "CofGroups", "title": "An Example of a Cofinitary Group in Isabelle/HOL", "topic_links": [ "mathematics/algebra" ], "topics": [ "Mathematics/Algebra" ], "used_by": 0 }, { "abstract": "FinFuns are total functions that are constant except for a finite set of points, i.e. a generalisation of finite maps. They are formalised as a new type in Isabelle/HOL such that the code generator can handle equality tests and quantification on FinFuns. On the code output level, FinFuns are explicitly represented by constant functions and pointwise updates, similarly to associative lists. Inside the logic, they behave like ordinary functions with extensionality. Via the update/constant pattern, a recursion combinator and an induction rule for FinFuns allow for defining and reasoning about operators on FinFun that are also executable.", "authors": [ "Andreas Lochbihler" ], "date": "2009-05-06", - "id": 651, + "id": 652, "link": "/entries/FinFun.html", "permalink": "/entries/FinFun.html", "shortname": "FinFun", "title": "Code Generation for Functions as Data", "topic_links": [ "computer-science/data-structures" ], "topics": [ "Computer science/Data structures" ], "used_by": 4 }, { "abstract": "Stream Fusion is a system for removing intermediate list structures from Haskell programs; it consists of a Haskell library along with several compiler rewrite rules. (The library is available \u003ca href=\"http://hackage.haskell.org/package/stream-fusion\"\u003eonline\u003c/a\u003e.)\u003cbr\u003e\u003cbr\u003eThese theories contain a formalization of much of the Stream Fusion library in HOLCF. Lazy list and stream types are defined, along with coercions between the two types, as well as an equivalence relation for streams that generate the same list. List and stream versions of map, filter, foldr, enumFromTo, append, zipWith, and concatMap are defined, and the stream versions are shown to respect stream equivalence.", "authors": [ "Brian Huffman" ], "date": "2009-04-29", - "id": 652, + "id": 653, "link": "/entries/Stream-Fusion.html", "permalink": "/entries/Stream-Fusion.html", "shortname": "Stream-Fusion", "title": "Stream Fusion", "topic_links": [ "computer-science/functional-programming" ], "topics": [ "Computer science/Functional programming" ], "used_by": 0 }, { "abstract": "This document contains the Isabelle/HOL sources underlying the paper \u003ci\u003eA bytecode logic for JML and types\u003c/i\u003e by Beringer and Hofmann, updated to Isabelle 2008. We present a program logic for a subset of sequential Java bytecode that is suitable for representing both, features found in high-level specification language JML as well as interpretations of high-level type systems. To this end, we introduce a fine-grained collection of assertions, including strong invariants, local annotations and VDM-reminiscent partial-correctness specifications. Thanks to a goal-oriented structure and interpretation of judgements, verification may proceed without recourse to an additional control flow analysis. The suitability for interpreting intensional type systems is illustrated by the proof-carrying-code style encoding of a type system for a first-order functional language which guarantees a constant upper bound on the number of objects allocated throughout an execution, be the execution terminating or non-terminating. Like the published paper, the formal development is restricted to a comparatively small subset of the JVML, lacking (among other features) exceptions, arrays, virtual methods, and static fields. This shortcoming has been overcome meanwhile, as our paper has formed the basis of the Mobius base logic, a program logic for the full sequential fragment of the JVML. Indeed, the present formalisation formed the basis of a subsequent formalisation of the Mobius base logic in the proof assistant Coq, which includes a proof of soundness with respect to the Bicolano operational semantics by Pichardie.", "authors": [ "Lennart Beringer", "Martin Hofmann" ], "date": "2008-12-12", - "id": 653, + "id": 654, "link": "/entries/BytecodeLogicJmlTypes.html", "permalink": "/entries/BytecodeLogicJmlTypes.html", "shortname": "BytecodeLogicJmlTypes", "title": "A Bytecode Logic for JML and Types", "topic_links": [ "computer-science/programming-languages/logics" ], "topics": [ "Computer science/Programming languages/Logics" ], "used_by": 0 }, { "abstract": "We present interpretations of type systems for secure information flow in Hoare logic, complementing previous encodings in relational program logics. We first treat the imperative language IMP, extended by a simple procedure call mechanism. For this language we consider base-line non-interference in the style of Volpano et al. and the flow-sensitive type system by Hunt and Sands. In both cases, we show how typing derivations may be used to automatically generate proofs in the program logic that certify the absence of illicit flows. We then add instructions for object creation and manipulation, and derive appropriate proof rules for base-line non-interference. As a consequence of our work, standard verification technology may be used for verifying that a concrete program satisfies the non-interference property.\u003cbr\u003e\u003cbr\u003eThe present proof development represents an update of the formalisation underlying our paper [CSF 2007] and is intended to resolve any ambiguities that may be present in the paper.", "authors": [ "Lennart Beringer", "Martin Hofmann" ], "date": "2008-11-10", - "id": 654, + "id": 655, "link": "/entries/SIFPL.html", "permalink": "/entries/SIFPL.html", "shortname": "SIFPL", "title": "Secure information flow and program logics", "topic_links": [ "computer-science/programming-languages/logics", "computer-science/security" ], "topics": [ "Computer science/Programming languages/Logics", "Computer science/Security" ], "used_by": 0 }, { "abstract": "Drawing on Sen's landmark work \"Collective Choice and Social Welfare\" (1970), this development proves Arrow's General Possibility Theorem, Sen's Liberal Paradox and May's Theorem in a general setting. The goal was to make precise the classical statements and proofs of these results, and to provide a foundation for more recent results such as the Gibbard-Satterthwaite and Duggan-Schwartz theorems.", "authors": [ "Peter Gammie" ], "date": "2008-11-09", - "id": 655, + "id": 656, "link": "/entries/SenSocialChoice.html", "permalink": "/entries/SenSocialChoice.html", "shortname": "SenSocialChoice", "title": "Some classical results in Social Choice Theory", "topic_links": [ "mathematics/games-and-economics" ], "topics": [ "Mathematics/Games and economics" ], "used_by": 0 }, { "abstract": "Tilings are defined inductively. It is shown that one form of mutilated chess board cannot be tiled with dominoes, while another one can be tiled with L-shaped tiles. Please add further fun examples of this kind!", "authors": [ "Tobias Nipkow", "Lawrence C. Paulson" ], "date": "2008-11-07", - "id": 656, + "id": 657, "link": "/entries/FunWithTilings.html", "permalink": "/entries/FunWithTilings.html", "shortname": "FunWithTilings", "title": "Fun With Tilings", "topic_links": [ "mathematics/misc" ], "topics": [ "Mathematics/Misc" ], "used_by": 0 }, { "abstract": "Huffman's algorithm is a procedure for constructing a binary tree with minimum weighted path length. This report presents a formal proof of the correctness of Huffman's algorithm written using Isabelle/HOL. Our proof closely follows the sketches found in standard algorithms textbooks, uncovering a few snags in the process. Another distinguishing feature of our formalization is the use of custom induction rules to help Isabelle's automatic tactics, leading to very short proofs for most of the lemmas.", "authors": [ "Jasmin Christian Blanchette" ], "date": "2008-10-15", - "id": 657, + "id": 658, "link": "/entries/Huffman.html", "permalink": "/entries/Huffman.html", "shortname": "Huffman", "title": "The Textbook Proof of Huffman's Algorithm", "topic_links": [ "computer-science/data-structures" ], "topics": [ "Computer science/Data structures" ], "used_by": 1 }, { "abstract": "Slicing is a widely-used technique with applications in e.g. compiler technology and software security. Thus verification of algorithms in these areas is often based on the correctness of slicing, which should ideally be proven independent of concrete programming languages and with the help of well-known verifying techniques such as proof assistants. As a first step in this direction, this contribution presents a framework for dynamic and static intraprocedural slicing based on control flow and program dependence graphs. Abstracting from concrete syntax we base the framework on a graph representation of the program fulfilling certain structural and well-formedness properties.\u003cbr\u003e\u003cbr\u003eThe formalization consists of the basic framework (in subdirectory Basic/), the correctness proof for dynamic slicing (in subdirectory Dynamic/), the correctness proof for static intraprocedural slicing (in subdirectory StaticIntra/) and instantiations of the framework with a simple While language (in subdirectory While/) and the sophisticated object-oriented bytecode language of Jinja (in subdirectory JinjaVM/). For more information on the framework, see the TPHOLS 2008 paper by Wasserrab and Lochbihler and the PLAS 2009 paper by Wasserrab et al.", "authors": [ "Daniel Wasserrab" ], "date": "2008-09-16", - "id": 658, + "id": 659, "link": "/entries/Slicing.html", "permalink": "/entries/Slicing.html", "shortname": "Slicing", "title": "Towards Certified Slicing", "topic_links": [ "computer-science/programming-languages/static-analysis" ], "topics": [ "Computer science/Programming languages/Static analysis" ], "used_by": 2 }, { "abstract": "The Volpano/Smith/Irvine security type systems requires that variables are annotated as high (secret) or low (public), and provides typing rules which guarantee that secret values cannot leak to public output ports. This property of a program is called confidentiality. For a simple while-language without threads, our proof shows that typeability in the Volpano/Smith system guarantees noninterference. Noninterference means that if two initial states for program execution are low-equivalent, then the final states are low-equivalent as well. This indeed implies that secret values cannot leak to public ports. The proof defines an abstract syntax and operational semantics for programs, formalizes noninterference, and then proceeds by rule induction on the operational semantics. The mathematically most intricate part is the treatment of implicit flows. Note that the Volpano/Smith system is not flow-sensitive and thus quite unprecise, resulting in false alarms. However, due to the correctness property, all potential breaks of confidentiality are discovered.", "authors": [ "Gregor Snelting", "Daniel Wasserrab" ], "date": "2008-09-02", - "id": 659, + "id": 660, "link": "/entries/VolpanoSmith.html", "permalink": "/entries/VolpanoSmith.html", "shortname": "VolpanoSmith", "title": "A Correctness Proof for the Volpano/Smith Security Typing System", "topic_links": [ "computer-science/programming-languages/type-systems", "computer-science/security" ], "topics": [ "Computer science/Programming languages/Type systems", "Computer science/Security" ], "used_by": 0 }, { "abstract": "This article formalizes two proofs of Arrow's impossibility theorem due to Geanakoplos and derives the Gibbard-Satterthwaite theorem as a corollary. One formalization is based on utility functions, the other one on strict partial orders.\u003cbr\u003e\u003cbr\u003eAn article about these proofs is found \u003ca href=\"http://www21.in.tum.de/~nipkow/pubs/arrow.html\"\u003ehere\u003c/a\u003e.", "authors": [ "Tobias Nipkow" ], "date": "2008-09-01", - "id": 660, + "id": 661, "link": "/entries/ArrowImpossibilityGS.html", "permalink": "/entries/ArrowImpossibilityGS.html", "shortname": "ArrowImpossibilityGS", "title": "Arrow and Gibbard-Satterthwaite", "topic_links": [ "mathematics/games-and-economics" ], "topics": [ "Mathematics/Games and economics" ], "used_by": 0 }, { "abstract": "This is a collection of cute puzzles of the form ``Show that if a function satisfies the following constraints, it must be ...'' Please add further examples to this collection!", "authors": [ "Tobias Nipkow" ], "date": "2008-08-26", - "id": 661, + "id": 662, "link": "/entries/FunWithFunctions.html", "permalink": "/entries/FunWithFunctions.html", "shortname": "FunWithFunctions", "title": "Fun With Functions", "topic_links": [ "mathematics/misc" ], "topics": [ "Mathematics/Misc" ], "used_by": 0 }, { "abstract": "This document contains formal correctness proofs of modern SAT solvers. Following (Krstic et al, 2007) and (Nieuwenhuis et al., 2006), solvers are described using state-transition systems. Several different SAT solver descriptions are given and their partial correctness and termination is proved. These include: \u003cul\u003e \u003cli\u003e a solver based on classical DPLL procedure (using only a backtrack-search with unit propagation),\u003c/li\u003e \u003cli\u003e a very general solver with backjumping and learning (similar to the description given in (Nieuwenhuis et al., 2006)), and\u003c/li\u003e \u003cli\u003e a solver with a specific conflict analysis algorithm (similar to the description given in (Krstic et al., 2007)).\u003c/li\u003e \u003c/ul\u003e Within the SAT solver correctness proofs, a large number of lemmas about propositional logic and CNF formulae are proved. This theory is self-contained and could be used for further exploring of properties of CNF based SAT algorithms.", "authors": [ "Filip Marić" ], "date": "2008-07-23", - "id": 662, + "id": 663, "link": "/entries/SATSolverVerification.html", "permalink": "/entries/SATSolverVerification.html", "shortname": "SATSolverVerification", "title": "Formal Verification of Modern SAT Solvers", "topic_links": [ "computer-science/algorithms" ], "topics": [ "Computer science/Algorithms" ], "used_by": 0 }, { "abstract": "This document presents the formalization of introductory material from recursion theory --- definitions and basic properties of primitive recursive functions, Cantor pairing function and computably enumerable sets (including a proof of existence of a one-complete computably enumerable set and a proof of the Rice's theorem).", "authors": [ "Michael Nedzelsky" ], "date": "2008-04-05", - "id": 663, + "id": 664, "link": "/entries/Recursion-Theory-I.html", "permalink": "/entries/Recursion-Theory-I.html", "shortname": "Recursion-Theory-I", "title": "Recursion Theory I", "topic_links": [ "logic/computability" ], "topics": [ "Logic/Computability" ], "used_by": 1 }, { "abstract": "We present the theory of Simpl, a sequential imperative programming language. We introduce its syntax, its semantics (big and small-step operational semantics) and Hoare logics for both partial as well as total correctness. We prove soundness and completeness of the Hoare logic. We integrate and automate the Hoare logic in Isabelle/HOL to obtain a practically usable verification environment for imperative programs. Simpl is independent of a concrete programming language but expressive enough to cover all common language features: mutually recursive procedures, abrupt termination and exceptions, runtime faults, local and global variables, pointers and heap, expressions with side effects, pointers to procedures, partial application and closures, dynamic method invocation and also unbounded nondeterminism.", "authors": [ "Norbert Schirmer" ], "date": "2008-02-29", - "id": 664, + "id": 665, "link": "/entries/Simpl.html", "permalink": "/entries/Simpl.html", "shortname": "Simpl", "title": "A Sequential Imperative Programming Language Syntax, Semantics, Hoare Logics and Verification Environment", "topic_links": [ "computer-science/programming-languages/language-definitions", "computer-science/programming-languages/logics" ], "topics": [ "Computer science/Programming languages/Language definitions", "Computer science/Programming languages/Logics" ], "used_by": 2 }, { "abstract": "We present the verification of the normalisation of a binary decision diagram (BDD). The normalisation follows the original algorithm presented by Bryant in 1986 and transforms an ordered BDD in a reduced, ordered and shared BDD. The verification is based on Hoare logics.", "authors": [ "Veronika Ortner", "Norbert Schirmer" ], "date": "2008-02-29", - "id": 665, + "id": 666, "link": "/entries/BDD.html", "permalink": "/entries/BDD.html", "shortname": "BDD", "title": "BDD Normalisation", "topic_links": [ "computer-science/data-structures" ], "topics": [ "Computer science/Data structures" ], "used_by": 0 }, { "abstract": "This article formalizes normalization by evaluation as implemented in Isabelle. Lambda calculus plus term rewriting is compiled into a functional program with pattern matching. It is proved that the result of a successful evaluation is a) correct, i.e. equivalent to the input, and b) in normal form.", "authors": [ "Klaus Aehlig", "Tobias Nipkow" ], "date": "2008-02-18", - "id": 666, + "id": 667, "link": "/entries/NormByEval.html", "permalink": "/entries/NormByEval.html", "shortname": "NormByEval", "title": "Normalization by Evaluation", "topic_links": [ "computer-science/programming-languages/compiling" ], "topics": [ "Computer science/Programming languages/Compiling" ], "used_by": 0 }, { "abstract": "This article formalizes quantifier elimination procedures for dense linear orders, linear real arithmetic and Presburger arithmetic. In each case both a DNF-based non-elementary algorithm and one or more (doubly) exponential NNF-based algorithms are formalized, including the well-known algorithms by Ferrante and Rackoff and by Cooper. The NNF-based algorithms for dense linear orders are new but based on Ferrante and Rackoff and on an algorithm by Loos and Weisspfenning which simulates infenitesimals. All algorithms are directly executable. In particular, they yield reflective quantifier elimination procedures for HOL itself. The formalization makes heavy use of locales and is therefore highly modular.", "authors": [ "Tobias Nipkow" ], "date": "2008-01-11", - "id": 667, + "id": 668, "link": "/entries/LinearQuantifierElim.html", "permalink": "/entries/LinearQuantifierElim.html", "shortname": "LinearQuantifierElim", "title": "Quantifier Elimination for Linear Arithmetic", "topic_links": [ "logic/general-logic/decidability-of-theories" ], "topics": [ "Logic/General logic/Decidability of theories" ], "used_by": 0 }, { "abstract": "In this work we formally verify the soundness and precision of a static program analysis that detects conflicts (e. g. data races) in programs with procedures, thread creation and monitors with the Isabelle theorem prover. As common in static program analysis, our program model abstracts guarded branching by nondeterministic branching, but completely interprets the call-/return behavior of procedures, synchronization by monitors, and thread creation. The analysis is based on the observation that all conflicts already occur in a class of particularly restricted schedules. These restricted schedules are suited to constraint-system-based program analysis. The formalization is based upon a flowgraph-based program model with an operational semantics as reference point.", "authors": [ "Peter Lammich", "Markus Müller-Olm" ], "date": "2007-12-14", - "id": 668, + "id": 669, "link": "/entries/Program-Conflict-Analysis.html", "permalink": "/entries/Program-Conflict-Analysis.html", "shortname": "Program-Conflict-Analysis", "title": "Formalization of Conflict Analysis of Programs with Procedures, Thread Creation, and Monitors", "topic_links": [ "computer-science/programming-languages/static-analysis" ], "topics": [ "Computer science/Programming languages/Static analysis" ], "used_by": 1 }, { "abstract": "We extend the Jinja source code semantics by Klein and Nipkow with Java-style arrays and threads. Concurrency is captured in a generic framework semantics for adding concurrency through interleaving to a sequential semantics, which features dynamic thread creation, inter-thread communication via shared memory, lock synchronisation and joins. Also, threads can suspend themselves and be notified by others. We instantiate the framework with the adapted versions of both Jinja source and byte code and show type safety for the multithreaded case. Equally, the compiler from source to byte code is extended, for which we prove weak bisimilarity between the source code small step semantics and the defensive Jinja virtual machine. On top of this, we formalise the JMM and show the DRF guarantee and consistency. For description of the different parts, see Lochbihler's papers at FOOL 2008, ESOP 2010, ITP 2011, and ESOP 2012.", "authors": [ "Andreas Lochbihler" ], "date": "2007-12-03", - "id": 669, + "id": 670, "link": "/entries/JinjaThreads.html", "permalink": "/entries/JinjaThreads.html", "shortname": "JinjaThreads", "title": "Jinja with Threads", "topic_links": [ "computer-science/programming-languages/language-definitions" ], "topics": [ "Computer science/Programming languages/Language definitions" ], "used_by": 0 }, { "abstract": "This article is an Isabelle formalisation of a paper with the same title. In a similar way as Knuth's 0-1-principle for sorting algorithms, that paper develops a 0-1-2-principle for parallel prefix computations.", "authors": [ "Sascha Böhme" ], "date": "2007-11-06", - "id": 670, + "id": 671, "link": "/entries/MuchAdoAboutTwo.html", "permalink": "/entries/MuchAdoAboutTwo.html", "shortname": "MuchAdoAboutTwo", "title": "Much Ado About Two", "topic_links": [ "computer-science/algorithms" ], "topics": [ "Computer science/Algorithms" ], "used_by": 0 }, { "abstract": "This document presents the mechanised proofs of\u003cul\u003e\u003cli\u003eFermat's Last Theorem for exponents 3 and 4 and\u003c/li\u003e\u003cli\u003ethe parametrisation of Pythagorean Triples.\u003c/li\u003e\u003c/ul\u003e", "authors": [ "Roelof Oosterhuis" ], "date": "2007-08-12", - "id": 671, + "id": 672, "link": "/entries/Fermat3_4.html", "permalink": "/entries/Fermat3_4.html", "shortname": "Fermat3_4", "title": "Fermat's Last Theorem for Exponents 3 and 4 and the Parametrisation of Pythagorean Triples", "topic_links": [ "mathematics/number-theory" ], "topics": [ "Mathematics/Number theory" ], "used_by": 0 }, { "abstract": "This document presents the mechanised proofs of the following results:\u003cul\u003e\u003cli\u003eany prime number of the form 4m+1 can be written as the sum of two squares;\u003c/li\u003e\u003cli\u003eany natural number can be written as the sum of four squares\u003c/li\u003e\u003c/ul\u003e", "authors": [ "Roelof Oosterhuis" ], "date": "2007-08-12", - "id": 672, + "id": 673, "link": "/entries/SumSquares.html", "permalink": "/entries/SumSquares.html", "shortname": "SumSquares", "title": "Sums of Two and Four Squares", "topic_links": [ "mathematics/number-theory" ], "topics": [ "Mathematics/Number theory" ], "used_by": 0 }, { "abstract": "Convergence with respect to a valuation is discussed as convergence of a Cauchy sequence. Cauchy sequences of polynomials are defined. They are used to formalize Hensel's lemma.", "authors": [ "Hidetsune Kobayashi" ], "date": "2007-08-08", - "id": 673, + "id": 674, "link": "/entries/Valuation.html", "permalink": "/entries/Valuation.html", "shortname": "Valuation", "title": "Fundamental Properties of Valuation Theory and Hensel's Lemma", "topic_links": [ "mathematics/algebra" ], "topics": [ "Mathematics/Algebra" ], "used_by": 0 }, { "abstract": "We present a formalization of parts of Melvin Fitting's book \"First-Order Logic and Automated Theorem Proving\". The formalization covers the syntax of first-order logic, its semantics, the model existence theorem, a natural deduction proof calculus together with a proof of correctness and completeness, as well as the Löwenheim-Skolem theorem.", "authors": [ "Stefan Berghofer" ], "date": "2007-08-02", - "id": 674, + "id": 675, "link": "/entries/FOL-Fitting.html", "permalink": "/entries/FOL-Fitting.html", "shortname": "FOL-Fitting", "title": "First-Order Logic According to Fitting", "topic_links": [ "logic/general-logic/classical-first-order-logic" ], "topics": [ "Logic/General logic/Classical first-order logic" ], "used_by": 2 }, { "abstract": "We present a solution to the POPLmark challenge designed by Aydemir et al., which has as a goal the formalization of the meta-theory of System F\u003csub\u003e\u0026lt;:\u003c/sub\u003e. The formalization is carried out in the theorem prover Isabelle/HOL using an encoding based on de Bruijn indices. We start with a relatively simple formalization covering only the basic features of System F\u003csub\u003e\u0026lt;:\u003c/sub\u003e, and explain how it can be extended to also cover records and more advanced binding constructs.", "authors": [ "Stefan Berghofer" ], "date": "2007-08-02", - "id": 675, + "id": 676, "link": "/entries/POPLmark-deBruijn.html", "permalink": "/entries/POPLmark-deBruijn.html", "shortname": "POPLmark-deBruijn", "title": "POPLmark Challenge Via de Bruijn Indices", "topic_links": [ "computer-science/programming-languages/lambda-calculi" ], "topics": [ "Computer science/Programming languages/Lambda calculi" ], "used_by": 0 }, { "abstract": "Two models of an electronic hotel key card system are contrasted: a state based and a trace based one. Both are defined, verified, and proved equivalent in the theorem prover Isabelle/HOL. It is shown that if a guest follows a certain safety policy regarding her key cards, she can be sure that nobody but her can enter her room.", "authors": [ "Tobias Nipkow" ], "date": "2006-09-09", - "id": 676, + "id": 677, "link": "/entries/HotelKeyCards.html", "permalink": "/entries/HotelKeyCards.html", "shortname": "HotelKeyCards", "title": "Hotel Key Card System", "topic_links": [ "computer-science/security" ], "topics": [ "Computer science/Security" ], "used_by": 0 }, { "abstract": "These therories describe Hoare logics for a number of imperative language constructs, from while-loops to mutually recursive procedures. Both partial and total correctness are treated. In particular a proof system for total correctness of recursive procedures in the presence of unbounded nondeterminism is presented.", "authors": [ "Tobias Nipkow" ], "date": "2006-08-08", - "id": 677, + "id": 678, "link": "/entries/Abstract-Hoare-Logics.html", "permalink": "/entries/Abstract-Hoare-Logics.html", "shortname": "Abstract-Hoare-Logics", "title": "Abstract Hoare Logics", "topic_links": [ "computer-science/programming-languages/logics" ], "topics": [ "Computer science/Programming languages/Logics" ], "used_by": 0 }, { "abstract": "These theories present the verified enumeration of \u003ci\u003etame\u003c/i\u003e plane graphs as defined by Thomas C. Hales in his proof of the Kepler Conjecture in his book \u003ci\u003eDense Sphere Packings. A Blueprint for Formal Proofs.\u003c/i\u003e [CUP 2012]. The values of the constants in the definition of tameness are identical to those in the \u003ca href=\"https://code.google.com/p/flyspeck/\"\u003eFlyspeck project\u003c/a\u003e. The \u003ca href=\"http://www21.in.tum.de/~nipkow/pubs/Flyspeck/\"\u003eIJCAR 2006 paper by Nipkow, Bauer and Schultz\u003c/a\u003e refers to the original version of Hales' proof, the \u003ca href=\"http://www21.in.tum.de/~nipkow/pubs/itp11.html\"\u003eITP 2011 paper by Nipkow\u003c/a\u003e refers to the Blueprint version of the proof.", "authors": [ "Gertrud Bauer", "Tobias Nipkow" ], "date": "2006-05-22", - "id": 678, + "id": 679, "link": "/entries/Flyspeck-Tame.html", "permalink": "/entries/Flyspeck-Tame.html", "shortname": "Flyspeck-Tame", "title": "Flyspeck I: Tame Graphs", "topic_links": [ "mathematics/graph-theory" ], "topics": [ "Mathematics/Graph theory" ], "used_by": 1 }, { "abstract": "We present an operational semantics and type safety proof for multiple inheritance in C++. The semantics models the behavior of method calls, field accesses, and two forms of casts in C++ class hierarchies. For explanations see the OOPSLA 2006 paper by Wasserrab, Nipkow, Snelting and Tip.", "authors": [ "Daniel Wasserrab" ], "date": "2006-05-15", - "id": 679, + "id": 680, "link": "/entries/CoreC++.html", "permalink": "/entries/CoreC++.html", "shortname": "CoreC++", "title": "CoreC++", "topic_links": [ "computer-science/programming-languages/language-definitions" ], "topics": [ "Computer science/Programming languages/Language definitions" ], "used_by": 0 }, { "abstract": "We formalize the type system, small-step operational semantics, and type soundness proof for Featherweight Java, a simple object calculus, in Isabelle/HOL.", "authors": [ "J. Nathan Foster", "Dimitrios Vytiniotis" ], "date": "2006-03-31", - "id": 680, + "id": 681, "link": "/entries/FeatherweightJava.html", "permalink": "/entries/FeatherweightJava.html", "shortname": "FeatherweightJava", "title": "A Theory of Featherweight Java in Isabelle/HOL", "topic_links": [ "computer-science/programming-languages/language-definitions" ], "topics": [ "Computer science/Programming languages/Language definitions" ], "used_by": 0 }, { "abstract": "F. B. Schneider (\"Understanding protocols for Byzantine clock synchronization\") generalizes a number of protocols for Byzantine fault-tolerant clock synchronization and presents a uniform proof for their correctness. In Schneider's schema, each processor maintains a local clock by periodically adjusting each value to one computed by a convergence function applied to the readings of all the clocks. Then, correctness of an algorithm, i.e. that the readings of two clocks at any time are within a fixed bound of each other, is based upon some conditions on the convergence function. To prove that a particular clock synchronization algorithm is correct it suffices to show that the convergence function used by the algorithm meets Schneider's conditions. Using the theorem prover Isabelle, we formalize the proofs that the convergence functions of two algorithms, namely, the Interactive Convergence Algorithm (ICA) of Lamport and Melliar-Smith and the Fault-tolerant Midpoint algorithm of Lundelius-Lynch, meet Schneider's conditions. Furthermore, we experiment on handling some parts of the proofs with fully automatic tools like ICS and CVC-lite. These theories are part of a joint work with Alwen Tiu and Leonor P. Nieto \u003ca href=\"http://users.rsise.anu.edu.au/~tiu/clocksync.pdf\"\u003e\"Verification of Clock Synchronization Algorithms: Experiments on a combination of deductive tools\"\u003c/a\u003e in proceedings of AVOCS 2005. In this work the correctness of Schneider schema was also verified using Isabelle (entry \u003ca href=\"GenClock.html\"\u003eGenClock\u003c/a\u003e in AFP).", "authors": [ "Damián Barsotti" ], "date": "2006-03-15", - "id": 681, + "id": 682, "link": "/entries/ClockSynchInst.html", "permalink": "/entries/ClockSynchInst.html", "shortname": "ClockSynchInst", "title": "Instances of Schneider's generalized protocol of clock synchronization", "topic_links": [ "computer-science/algorithms/distributed" ], "topics": [ "Computer science/Algorithms/Distributed" ], "used_by": 0 }, { "abstract": "This document presents the mechanised proofs of two popular theorems attributed to Augustin Louis Cauchy - Cauchy's Mean Theorem and the Cauchy-Schwarz Inequality.", "authors": [ "Benjamin Porter" ], "date": "2006-03-14", - "id": 682, + "id": 683, "link": "/entries/Cauchy.html", "permalink": "/entries/Cauchy.html", "shortname": "Cauchy", "title": "Cauchy's Mean Theorem and the Cauchy-Schwarz Inequality", "topic_links": [ "mathematics/analysis" ], "topics": [ "Mathematics/Analysis" ], "used_by": 1 }, { "abstract": "This development defines a well-ordered type of countable ordinals. It includes notions of continuous and normal functions, recursively defined functions over ordinals, least fixed-points, and derivatives. Much of ordinal arithmetic is formalized, including exponentials and logarithms. The development concludes with formalizations of Cantor Normal Form and Veblen hierarchies over normal functions.", "authors": [ "Brian Huffman" ], "date": "2005-11-11", - "id": 683, + "id": 684, "link": "/entries/Ordinal.html", "permalink": "/entries/Ordinal.html", "shortname": "Ordinal", "title": "Countable Ordinals", "topic_links": [ "logic/set-theory" ], "topics": [ "Logic/Set theory" ], "used_by": 1 }, { "abstract": "We formalise a functional implementation of the FFT algorithm over the complex numbers, and its inverse. Both are shown equivalent to the usual definitions of these operations through Vandermonde matrices. They are also shown to be inverse to each other, more precisely, that composition of the inverse and the transformation yield the identity up to a scalar.", "authors": [ "Clemens Ballarin" ], "date": "2005-10-12", - "id": 684, + "id": 685, "link": "/entries/FFT.html", "permalink": "/entries/FFT.html", "shortname": "FFT", "title": "Fast Fourier Transform", "topic_links": [ "computer-science/algorithms/mathematical" ], "topics": [ "Computer science/Algorithms/Mathematical" ], "used_by": 0 }, { "abstract": "We formalize the generalized Byzantine fault-tolerant clock synchronization protocol of Schneider. This protocol abstracts from particular algorithms or implementations for clock synchronization. This abstraction includes several assumptions on the behaviors of physical clocks and on general properties of concrete algorithms/implementations. Based on these assumptions the correctness of the protocol is proved by Schneider. His proof was later verified by Shankar using the theorem prover EHDM (precursor to PVS). Our formalization in Isabelle/HOL is based on Shankar's formalization.", "authors": [ "Alwen Tiu" ], "date": "2005-06-24", - "id": 685, + "id": 686, "link": "/entries/GenClock.html", "permalink": "/entries/GenClock.html", "shortname": "GenClock", "title": "Formalization of a Generalized Protocol for Clock Synchronization", "topic_links": [ "computer-science/algorithms/distributed" ], "topics": [ "Computer science/Algorithms/Distributed" ], "used_by": 0 }, { "abstract": "Disk Paxos is an algorithm for building arbitrary fault-tolerant distributed systems. The specification of Disk Paxos has been proved correct informally and tested using the TLC model checker, but up to now, it has never been fully formally verified. In this work we have formally verified its correctness using the Isabelle theorem prover and the HOL logic system, showing that Isabelle is a practical tool for verifying properties of TLA+ specifications.", "authors": [ "Mauro Jaskelioff", "Stephan Merz" ], "date": "2005-06-22", - "id": 686, + "id": 687, "link": "/entries/DiskPaxos.html", "permalink": "/entries/DiskPaxos.html", "shortname": "DiskPaxos", "title": "Proving the Correctness of Disk Paxos", "topic_links": [ "computer-science/algorithms/distributed" ], "topics": [ "Computer science/Algorithms/Distributed" ], "used_by": 0 }, { "abstract": "This document presents the formalization of an object-oriented data and store model in Isabelle/HOL. This model is being used in the Java Interactive Verification Environment, Jive.", "authors": [ "Nicole Rauch", "Norbert Schirmer" ], "date": "2005-06-20", - "id": 687, + "id": 688, "link": "/entries/JiveDataStoreModel.html", "permalink": "/entries/JiveDataStoreModel.html", "shortname": "JiveDataStoreModel", "title": "Jive Data and Store Model", "topic_links": [ "computer-science/programming-languages/misc" ], "topics": [ "Computer science/Programming languages/Misc" ], "used_by": 0 }, { "abstract": "We introduce Jinja, a Java-like programming language with a formal semantics designed to exhibit core features of the Java language architecture. Jinja is a compromise between realism of the language and tractability and clarity of the formal semantics. The following aspects are formalised: a big and a small step operational semantics for Jinja and a proof of their equivalence; a type system and a definite initialisation analysis; a type safety proof of the small step semantics; a virtual machine (JVM), its operational semantics and its type system; a type safety proof for the JVM; a bytecode verifier, i.e. data flow analyser for the JVM; a correctness proof of the bytecode verifier w.r.t. the type system; a compiler and a proof that it preserves semantics and well-typedness. The emphasis of this work is not on particular language features but on providing a unified model of the source language, the virtual machine and the compiler. The whole development has been carried out in the theorem prover Isabelle/HOL.", "authors": [ "Gerwin Klein", "Tobias Nipkow" ], "date": "2005-06-01", - "id": 688, + "id": 689, "link": "/entries/Jinja.html", "permalink": "/entries/Jinja.html", "shortname": "Jinja", "title": "Jinja is not Java", "topic_links": [ "computer-science/programming-languages/language-definitions" ], "topics": [ "Computer science/Programming languages/Language definitions" ], "used_by": 4 }, { "abstract": "Formal verification is getting more and more important in computer science. However the state of the art formal verification methods in cryptography are very rudimentary. These theories are one step to provide a tool box allowing the use of formal methods in every aspect of cryptography. Moreover we present a proof of concept for the feasibility of verification techniques to a standard signature algorithm.", "authors": [ "Christina Lindenberg", "Kai Wirt" ], "date": "2005-05-02", - "id": 689, + "id": 690, "link": "/entries/RSAPSS.html", "permalink": "/entries/RSAPSS.html", "shortname": "RSAPSS", "title": "SHA1, RSA, PSS and more", "topic_links": [ "computer-science/security/cryptography" ], "topics": [ "Computer science/Security/Cryptography" ], "used_by": 0 }, { "abstract": "This development proves Yoneda's lemma and aims to be readable by humans. It only defines what is needed for the lemma: categories, functors and natural transformations. Limits, adjunctions and other important concepts are not included.", "authors": [ "Greg O'Keefe" ], "date": "2005-04-21", - "id": 690, + "id": 691, "link": "/entries/Category.html", "permalink": "/entries/Category.html", "shortname": "Category", "title": "Category Theory to Yoneda's Lemma", "topic_links": [ "mathematics/category-theory" ], "topics": [ "Mathematics/Category theory" ], "used_by": 0 }, { "abstract": "These theories illustrates the verification of basic file operations (file creation, file read and file write) in the Isabelle theorem prover. We describe a file at two levels of abstraction: an abstract file represented as a resizable array, and a concrete file represented using data blocks.", "authors": [ "Karen Zee", "Viktor Kuncak" ], "date": "2004-12-09", - "id": 691, + "id": 692, "link": "/entries/FileRefinement.html", "permalink": "/entries/FileRefinement.html", "shortname": "FileRefinement", "title": "File Refinement", "topic_links": [ "computer-science/data-structures" ], "topics": [ "Computer science/Data structures" ], "used_by": 0 }, { "abstract": "Lebesgue-style integration plays a major role in advanced probability. We formalize concepts of elementary measure theory, real-valued random variables as Borel-measurable functions, and a stepwise inductive definition of the integral itself. All proofs are carried out in human readable style using the Isar language.", "authors": [ "Stefan Richter" ], "date": "2004-11-19", - "id": 692, + "id": 693, "link": "/entries/Integration.html", "permalink": "/entries/Integration.html", "shortname": "Integration", "title": "Integration theory and random variables", "topic_links": [ "mathematics/analysis" ], "topics": [ "Mathematics/Analysis" ], "used_by": 0 }, { "abstract": "Soundness and completeness for a system of first order logic are formally proved, building on James Margetson's formalization of work by Wainer and Wallen. The completeness proofs naturally suggest an algorithm to derive proofs. This algorithm, which can be implemented tail recursively, is formalized in Isabelle/HOL. The algorithm can be executed via the rewriting tactics of Isabelle. Alternatively, the definitions can be exported to OCaml, yielding a directly executable program.", "authors": [ "Tom Ridge" ], "date": "2004-09-28", - "id": 693, + "id": 694, "link": "/entries/Verified-Prover.html", "permalink": "/entries/Verified-Prover.html", "shortname": "Verified-Prover", "title": "A Mechanically Verified, Efficient, Sound and Complete Theorem Prover For First Order Logic", "topic_links": [ "logic/general-logic/mechanization-of-proofs" ], "topics": [ "Logic/General logic/Mechanization of proofs" ], "used_by": 0 }, { "abstract": "The completeness of first-order logic is proved, following the first five pages of Wainer and Wallen's chapter of the book \u003ci\u003eProof Theory\u003c/i\u003e by Aczel et al., CUP, 1992. Their presentation of formulas allows the proofs to use symmetry arguments. Margetson formalized this theorem by early 2000. The Isar conversion is thanks to Tom Ridge. A paper describing the formalization is available \u003ca href=\"Completeness-paper.pdf\"\u003e[pdf]\u003c/a\u003e.", "authors": [ "James Margetson", "Tom Ridge" ], "date": "2004-09-20", - "id": 694, + "id": 695, "link": "/entries/Completeness.html", "permalink": "/entries/Completeness.html", "shortname": "Completeness", "title": "Completeness theorem", "topic_links": [ "logic/proof-theory" ], "topics": [ "Logic/Proof theory" ], "used_by": 0 }, { "abstract": "This formalization of Ramsey's theorem (infinitary version) is taken from Boolos and Jeffrey, \u003ci\u003eComputability and Logic\u003c/i\u003e, 3rd edition, Chapter 26. It differs slightly from the text by assuming a slightly stronger hypothesis. In particular, the induction hypothesis is stronger, holding for any infinite subset of the naturals. This avoids the rather peculiar mapping argument between kj and aikj on p.263, which is unnecessary and slightly mars this really beautiful result.", "authors": [ "Tom Ridge" ], "date": "2004-09-20", - "id": 695, + "id": 696, "link": "/entries/Ramsey-Infinite.html", "permalink": "/entries/Ramsey-Infinite.html", "shortname": "Ramsey-Infinite", "title": "Ramsey's theorem, infinitary version", "topic_links": [ "mathematics/combinatorics" ], "topics": [ "Mathematics/Combinatorics" ], "used_by": 0 }, { "abstract": "An exception compilation scheme that dynamically creates and removes exception handler entries on the stack. A formalization of an article of the same name by \u003ca href=\"http://www.cs.nott.ac.uk/~gmh/\"\u003eHutton\u003c/a\u003e and Wright.", "authors": [ "Tobias Nipkow" ], "date": "2004-07-09", - "id": 696, + "id": 697, "link": "/entries/Compiling-Exceptions-Correctly.html", "permalink": "/entries/Compiling-Exceptions-Correctly.html", "shortname": "Compiling-Exceptions-Correctly", "title": "Compiling Exceptions Correctly", "topic_links": [ "computer-science/programming-languages/compiling" ], "topics": [ "Computer science/Programming languages/Compiling" ], "used_by": 0 }, { "abstract": "Depth-first search of a graph is formalized with recdef. It is shown that it visits all of the reachable nodes from a given list of nodes. Executable ML code of depth-first search is obtained using the code generation feature of Isabelle/HOL.", "authors": [ "Toshiaki Nishihara", "Yasuhiko Minamide" ], "date": "2004-06-24", - "id": 697, + "id": 698, "link": "/entries/Depth-First-Search.html", "permalink": "/entries/Depth-First-Search.html", "shortname": "Depth-First-Search", "title": "Depth First Search", "topic_links": [ "computer-science/algorithms/graph" ], "topics": [ "Computer science/Algorithms/Graph" ], "used_by": 0 }, { "abstract": "The theory of groups, rings and modules is developed to a great depth. Group theory results include Zassenhaus's theorem and the Jordan-Hoelder theorem. The ring theory development includes ideals, quotient rings and the Chinese remainder theorem. The module development includes the Nakayama lemma, exact sequences and Tensor products.", "authors": [ "Hidetsune Kobayashi", "L. Chen", "H. Murao" ], "date": "2004-05-18", - "id": 698, + "id": 699, "link": "/entries/Group-Ring-Module.html", "permalink": "/entries/Group-Ring-Module.html", "shortname": "Group-Ring-Module", "title": "Groups, Rings and Modules", "topic_links": [ "mathematics/algebra" ], "topics": [ "Mathematics/Algebra" ], "used_by": 1 }, { "abstract": "This theory contains some useful extensions to the LList (lazy list) theory by \u003ca href=\"http://www.cl.cam.ac.uk/~lp15/\"\u003eLarry Paulson\u003c/a\u003e, including finite, infinite, and positive llists over an alphabet, as well as the new constants take and drop and the prefix order of llists. Finally, the notions of safety and liveness in the sense of Alpern and Schneider (1985) are defined.", "authors": [ "Stefan Friedrich" ], "date": "2004-04-26", - "id": 699, + "id": 700, "link": "/entries/Lazy-Lists-II.html", "permalink": "/entries/Lazy-Lists-II.html", "shortname": "Lazy-Lists-II", "title": "Lazy Lists II", "topic_links": [ "computer-science/data-structures" ], "topics": [ "Computer science/Data structures" ], "used_by": 1 }, { "abstract": "This entry contains two theories. The first, \u003ctt\u003eTopology\u003c/tt\u003e, develops the basic notions of general topology. The second, which can be viewed as a demonstration of the first, is called \u003ctt\u003eLList_Topology\u003c/tt\u003e. It develops the topology of lazy lists.", "authors": [ "Stefan Friedrich" ], "date": "2004-04-26", - "id": 700, + "id": 701, "link": "/entries/Topology.html", "permalink": "/entries/Topology.html", "shortname": "Topology", "title": "Topology", "topic_links": [ "mathematics/topology" ], "topics": [ "Mathematics/Topology" ], "used_by": 0 }, { "abstract": "The correctness is shown of binary search tree operations (lookup, insert and remove) implementing a set. Two versions are given, for both structured and linear (tactic-style) proofs. An implementation of integer-indexed maps is also verified.", "authors": [ "Viktor Kuncak" ], "date": "2004-04-05", - "id": 701, + "id": 702, "link": "/entries/BinarySearchTree.html", "permalink": "/entries/BinarySearchTree.html", "shortname": "BinarySearchTree", "title": "Binary Search Trees", "topic_links": [ "computer-science/data-structures" ], "topics": [ "Computer science/Data structures" ], "used_by": 0 }, { "abstract": "This theory defines deterministic and nondeterministic automata in a functional representation: the transition function/relation and the finality predicate are just functions. Hence the state space may be infinite. It is shown how to convert regular expressions into such automata. A scanner (generator) is implemented with the help of functional automata: the scanner chops the input up into longest recognized substrings. Finally we also show how to convert a certain subclass of functional automata (essentially the finite deterministic ones) into regular sets.", "authors": [ "Tobias Nipkow" ], "date": "2004-03-30", - "id": 702, + "id": 703, "link": "/entries/Functional-Automata.html", "permalink": "/entries/Functional-Automata.html", "shortname": "Functional-Automata", "title": "Functional Automata", "topic_links": [ "computer-science/automata-and-formal-languages" ], "topics": [ "Computer science/Automata and formal languages" ], "used_by": 0 }, { "abstract": "Two formalizations of AVL trees with room for extensions. The first formalization is monolithic and shorter, the second one in two stages, longer and a bit simpler. The final implementation is the same. If you are interested in developing this further, please contact \u003ctt\u003egerwin.klein@nicta.com.au\u003c/tt\u003e.", "authors": [ "Tobias Nipkow", "Cornelia Pusch" ], "date": "2004-03-19", - "id": 703, + "id": 704, "link": "/entries/AVL-Trees.html", "permalink": "/entries/AVL-Trees.html", "shortname": "AVL-Trees", "title": "AVL Trees", "topic_links": [ "computer-science/data-structures" ], "topics": [ "Computer science/Data structures" ], "used_by": 0 }, { "abstract": "This theory defines the type inference rules and the type inference algorithm \u003ci\u003eW\u003c/i\u003e for MiniML (simply-typed lambda terms with \u003ctt\u003elet\u003c/tt\u003e) due to Milner. It proves the soundness and completeness of \u003ci\u003eW\u003c/i\u003e w.r.t. the rules.", "authors": [ "Wolfgang Naraschewski", "Tobias Nipkow" ], "date": "2004-03-19", - "id": 704, + "id": 705, "link": "/entries/MiniML.html", "permalink": "/entries/MiniML.html", "shortname": "MiniML", "title": "Mini ML", "topic_links": [ "computer-science/programming-languages/type-systems" ], "topics": [ "Computer science/Programming languages/Type systems" ], "used_by": 0 } ] \ No newline at end of file diff --git a/web/index.xml b/web/index.xml --- a/web/index.xml +++ b/web/index.xml @@ -1,12968 +1,12986 @@ Archive of Formal Proofs / Recent content on Archive of Formal Proofs Hugo -- gohugo.io en-gb - Fri, 23 Sep 2022 00:00:00 +0000 + Wed, 28 Sep 2022 00:00:00 +0000 + + Making Arbitrary Relational Calculus Queries Safe-Range + /entries/Safe_Range_RC.html + Wed, 28 Sep 2022 00:00:00 +0000 + + /entries/Safe_Range_RC.html + + + Stalnaker's Epistemic Logic /entries/Stalnaker_Logic.html Fri, 23 Sep 2022 00:00:00 +0000 /entries/Stalnaker_Logic.html p-adic Fields and p-adic Semialgebraic Sets /entries/Padic_Field.html Thu, 22 Sep 2022 00:00:00 +0000 /entries/Padic_Field.html Risk-Free Lending /entries/Risk_Free_Lending.html Sun, 18 Sep 2022 00:00:00 +0000 /entries/Risk_Free_Lending.html Soundness and Completeness of Implicational Logic /entries/Implicational_Logic.html Tue, 13 Sep 2022 00:00:00 +0000 /entries/Implicational_Logic.html CRYSTALS-Kyber /entries/CRYSTALS-Kyber.html Thu, 08 Sep 2022 00:00:00 +0000 /entries/CRYSTALS-Kyber.html Unbounded Separation Logic /entries/Separation_Logic_Unbounded.html Mon, 05 Sep 2022 00:00:00 +0000 /entries/Separation_Logic_Unbounded.html Khovanskii&#x27;s Theorem /entries/Khovanskii_Theorem.html Fri, 02 Sep 2022 00:00:00 +0000 /entries/Khovanskii_Theorem.html The Hales–Jewett Theorem /entries/Hales_Jewett.html Fri, 02 Sep 2022 00:00:00 +0000 /entries/Hales_Jewett.html Number Theoretic Transform /entries/Number_Theoretic_Transform.html Thu, 18 Aug 2022 00:00:00 +0000 /entries/Number_Theoretic_Transform.html Correctness of a Set-based Algorithm for Computing Strongly Connected Components of a Graph /entries/SCC_Bloemen_Sequential.html Wed, 17 Aug 2022 00:00:00 +0000 /entries/SCC_Bloemen_Sequential.html From THE BOOK: Two Squares via Involutions /entries/Involutions2Squares.html Mon, 15 Aug 2022 00:00:00 +0000 /entries/Involutions2Squares.html Verified Complete Test Strategies for Finite State Machines /entries/FSM_Tests.html Tue, 09 Aug 2022 00:00:00 +0000 /entries/FSM_Tests.html Nano JSON: Working with JSON formatted data in Isabelle/HOL and Isabelle/ML /entries/Nano_JSON.html Fri, 29 Jul 2022 00:00:00 +0000 /entries/Nano_JSON.html Isabelle/Solidity: A deep Embedding of Solidity in Isabelle/HOL /entries/Solidity.html Mon, 18 Jul 2022 00:00:00 +0000 /entries/Solidity.html Simultaneous diagonalization of pairwise commuting Hermitian matrices /entries/Commuting_Hermitian.html Mon, 18 Jul 2022 00:00:00 +0000 /entries/Commuting_Hermitian.html Pólya’s Proof of the Weighted Arithmetic–Geometric Mean Inequality /entries/Weighted_Arithmetic_Geometric_Mean.html Mon, 11 Jul 2022 00:00:00 +0000 /entries/Weighted_Arithmetic_Geometric_Mean.html A Reuse-Based Multi-Stage Compiler Verification for Language IMP /entries/IMP_Compiler_Reuse.html Sun, 10 Jul 2022 00:00:00 +0000 /entries/IMP_Compiler_Reuse.html Real-Time Double-Ended Queue /entries/Real_Time_Deque.html Thu, 23 Jun 2022 00:00:00 +0000 /entries/Real_Time_Deque.html Boolos's Curious Inference in Isabelle/HOL /entries/Boolos_Curious_Inference.html Mon, 20 Jun 2022 00:00:00 +0000 /entries/Boolos_Curious_Inference.html Finite Fields /entries/Finite_Fields.html Wed, 08 Jun 2022 00:00:00 +0000 /entries/Finite_Fields.html IsaNet: Formalization of a Verification Framework for Secure Data Plane Protocols /entries/IsaNet.html Wed, 08 Jun 2022 00:00:00 +0000 /entries/IsaNet.html Diophantine Equations and the DPRM Theorem /entries/DPRM_Theorem.html Mon, 06 Jun 2022 00:00:00 +0000 /entries/DPRM_Theorem.html Reducing Rewrite Properties to Properties on Ground Terms /entries/Rewrite_Properties_Reduction.html Thu, 02 Jun 2022 00:00:00 +0000 /entries/Rewrite_Properties_Reduction.html A Restricted Definition of the Magic Wand to Soundly Combine Fractions of a Wand /entries/Combinable_Wands.html Mon, 30 May 2022 00:00:00 +0000 /entries/Combinable_Wands.html The Plünnecke-Ruzsa Inequality /entries/Pluennecke_Ruzsa_Inequality.html Thu, 26 May 2022 00:00:00 +0000 /entries/Pluennecke_Ruzsa_Inequality.html Formalization of a Framework for the Sound Automation of Magic Wands /entries/Package_logic.html Wed, 18 May 2022 00:00:00 +0000 /entries/Package_logic.html Clique is not solvable by monotone circuits of polynomial size /entries/Clique_and_Monotone_Circuits.html Sun, 08 May 2022 00:00:00 +0000 /entries/Clique_and_Monotone_Circuits.html Fisher's Inequality: Linear Algebraic Proof Techniques for Combinatorics /entries/Fishers_Inequality.html Thu, 21 Apr 2022 00:00:00 +0000 /entries/Fishers_Inequality.html Digit Expansions /entries/Digit_Expansions.html Wed, 20 Apr 2022 00:00:00 +0000 /entries/Digit_Expansions.html The Generalized Multiset Ordering is NP-Complete /entries/Multiset_Ordering_NPC.html Wed, 20 Apr 2022 00:00:00 +0000 /entries/Multiset_Ordering_NPC.html The Sophomore's Dream /entries/Sophomores_Dream.html Sun, 10 Apr 2022 00:00:00 +0000 /entries/Sophomores_Dream.html A Combinator Library for Prefix-Free Codes /entries/Prefix_Free_Code_Combinators.html Fri, 08 Apr 2022 00:00:00 +0000 /entries/Prefix_Free_Code_Combinators.html Formalization of Randomized Approximation Algorithms for Frequency Moments /entries/Frequency_Moments.html Fri, 08 Apr 2022 00:00:00 +0000 /entries/Frequency_Moments.html Constructing the Reals as Dedekind Cuts of Rationals /entries/Dedekind_Real.html Thu, 24 Mar 2022 00:00:00 +0000 /entries/Dedekind_Real.html Ackermann's Function Is Not Primitive Recursive /entries/Ackermanns_not_PR.html Wed, 23 Mar 2022 00:00:00 +0000 /entries/Ackermanns_not_PR.html A Naive Prover for First-Order Logic /entries/FOL_Seq_Calc3.html Tue, 22 Mar 2022 00:00:00 +0000 /entries/FOL_Seq_Calc3.html A Proof from THE BOOK: The Partial Fraction Expansion of the Cotangent /entries/Cotangent_PFD_Formula.html Tue, 15 Mar 2022 00:00:00 +0000 /entries/Cotangent_PFD_Formula.html The Independence of the Continuum Hypothesis in Isabelle/ZF /entries/Independence_CH.html Sun, 06 Mar 2022 00:00:00 +0000 /entries/Independence_CH.html Transitive Models of Fragments of ZFC /entries/Transitive_Models.html Thu, 03 Mar 2022 00:00:00 +0000 /entries/Transitive_Models.html Residuated Transition Systems /entries/ResiduatedTransitionSystem.html Mon, 28 Feb 2022 00:00:00 +0000 /entries/ResiduatedTransitionSystem.html Universal Hash Families /entries/Universal_Hash_Families.html Sun, 20 Feb 2022 00:00:00 +0000 /entries/Universal_Hash_Families.html Wetzel's Problem and the Continuum Hypothesis /entries/Wetzels_Problem.html Fri, 18 Feb 2022 00:00:00 +0000 /entries/Wetzels_Problem.html First-Order Query Evaluation /entries/Eval_FO.html Tue, 15 Feb 2022 00:00:00 +0000 /entries/Eval_FO.html Multi-Head Monitoring of Metric Dynamic Logic /entries/VYDRA_MDL.html Sun, 13 Feb 2022 00:00:00 +0000 /entries/VYDRA_MDL.html Enumeration of Equivalence Relations /entries/Equivalence_Relation_Enumeration.html Fri, 04 Feb 2022 00:00:00 +0000 /entries/Equivalence_Relation_Enumeration.html Duality of Linear Programming /entries/LP_Duality.html Thu, 03 Feb 2022 00:00:00 +0000 /entries/LP_Duality.html Quasi-Borel Spaces /entries/Quasi_Borel_Spaces.html Thu, 03 Feb 2022 00:00:00 +0000 /entries/Quasi_Borel_Spaces.html First-Order Theory of Rewriting /entries/FO_Theory_Rewriting.html Wed, 02 Feb 2022 00:00:00 +0000 /entries/FO_Theory_Rewriting.html A Sequent Calculus Prover for First-Order Logic with Functions /entries/FOL_Seq_Calc2.html Mon, 31 Jan 2022 00:00:00 +0000 /entries/FOL_Seq_Calc2.html Young's Inequality for Increasing Functions /entries/Youngs_Inequality.html Mon, 31 Jan 2022 00:00:00 +0000 /entries/Youngs_Inequality.html Interpolation Polynomials (in HOL-Algebra) /entries/Interpolation_Polynomials_HOL_Algebra.html Sat, 29 Jan 2022 00:00:00 +0000 /entries/Interpolation_Polynomials_HOL_Algebra.html Median Method /entries/Median_Method.html Tue, 25 Jan 2022 00:00:00 +0000 /entries/Median_Method.html Actuarial Mathematics /entries/Actuarial_Mathematics.html Sun, 23 Jan 2022 00:00:00 +0000 /entries/Actuarial_Mathematics.html Irrational numbers from THE BOOK /entries/Irrationals_From_THEBOOK.html Sat, 08 Jan 2022 00:00:00 +0000 /entries/Irrationals_From_THEBOOK.html Knight's Tour Revisited Revisited /entries/Knights_Tour.html Tue, 04 Jan 2022 00:00:00 +0000 /entries/Knights_Tour.html Hyperdual Numbers and Forward Differentiation /entries/Hyperdual.html Fri, 31 Dec 2021 00:00:00 +0000 /entries/Hyperdual.html Gale-Shapley Algorithm /entries/Gale_Shapley.html Wed, 29 Dec 2021 00:00:00 +0000 /entries/Gale_Shapley.html Roth's Theorem on Arithmetic Progressions /entries/Roth_Arithmetic_Progressions.html Tue, 28 Dec 2021 00:00:00 +0000 /entries/Roth_Arithmetic_Progressions.html Markov Decision Processes with Rewards /entries/MDP-Rewards.html Thu, 16 Dec 2021 00:00:00 +0000 /entries/MDP-Rewards.html Verified Algorithms for Solving Markov Decision Processes /entries/MDP-Algorithms.html Thu, 16 Dec 2021 00:00:00 +0000 /entries/MDP-Algorithms.html Regular Tree Relations /entries/Regular_Tree_Relations.html Wed, 15 Dec 2021 00:00:00 +0000 /entries/Regular_Tree_Relations.html Simplicial Complexes and Boolean functions /entries/Simplicial_complexes_and_boolean_functions.html Mon, 29 Nov 2021 00:00:00 +0000 /entries/Simplicial_complexes_and_boolean_functions.html van Emde Boas Trees /entries/Van_Emde_Boas_Trees.html Tue, 23 Nov 2021 00:00:00 +0000 /entries/Van_Emde_Boas_Trees.html Foundation of geometry in planes, and some complements: Excluding the parallel axioms /entries/Foundation_of_geometry.html Mon, 22 Nov 2021 00:00:00 +0000 /entries/Foundation_of_geometry.html The Hahn and Jordan Decomposition Theorems /entries/Hahn_Jordan_Decomposition.html Fri, 19 Nov 2021 00:00:00 +0000 /entries/Hahn_Jordan_Decomposition.html Automating Public Announcement Logic and the Wise Men Puzzle in Isabelle/HOL /entries/PAL.html Mon, 08 Nov 2021 00:00:00 +0000 /entries/PAL.html Exploring Simplified Variants of Gödel’s Ontological Argument in Isabelle/HOL /entries/SimplifiedOntologicalArgument.html Mon, 08 Nov 2021 00:00:00 +0000 /entries/SimplifiedOntologicalArgument.html Factorization of Polynomials with Algebraic Coefficients /entries/Factor_Algebraic_Polynomial.html Mon, 08 Nov 2021 00:00:00 +0000 /entries/Factor_Algebraic_Polynomial.html Real Exponents as the Limits of Sequences of Rational Exponents /entries/Real_Power.html Mon, 08 Nov 2021 00:00:00 +0000 /entries/Real_Power.html Szemerédi's Regularity Lemma /entries/Szemeredi_Regularity.html Fri, 05 Nov 2021 00:00:00 +0000 /entries/Szemeredi_Regularity.html Quantum and Classical Registers /entries/Registers.html Thu, 28 Oct 2021 00:00:00 +0000 /entries/Registers.html Belief Revision Theory /entries/Belief_Revision.html Tue, 19 Oct 2021 00:00:00 +0000 /entries/Belief_Revision.html X86 instruction semantics and basic block symbolic execution /entries/X86_Semantics.html Wed, 13 Oct 2021 00:00:00 +0000 /entries/X86_Semantics.html Algebras for Iteration, Infinite Executions and Correctness of Sequential Computations /entries/Correctness_Algebras.html Tue, 12 Oct 2021 00:00:00 +0000 /entries/Correctness_Algebras.html Verified Quadratic Virtual Substitution for Real Arithmetic /entries/Virtual_Substitution.html Sat, 02 Oct 2021 00:00:00 +0000 /entries/Virtual_Substitution.html Soundness and Completeness of an Axiomatic System for First-Order Logic /entries/FOL_Axiomatic.html Fri, 24 Sep 2021 00:00:00 +0000 /entries/FOL_Axiomatic.html Complex Bounded Operators /entries/Complex_Bounded_Operators.html Sat, 18 Sep 2021 00:00:00 +0000 /entries/Complex_Bounded_Operators.html A Formalization of Weighted Path Orders and Recursive Path Orders /entries/Weighted_Path_Order.html Thu, 16 Sep 2021 00:00:00 +0000 /entries/Weighted_Path_Order.html Category Theory for ZFC in HOL I: Foundations: Design Patterns, Set Theory, Digraphs, Semicategories /entries/CZH_Foundations.html Mon, 06 Sep 2021 00:00:00 +0000 /entries/CZH_Foundations.html Category Theory for ZFC in HOL II: Elementary Theory of 1-Categories /entries/CZH_Elementary_Categories.html Mon, 06 Sep 2021 00:00:00 +0000 /entries/CZH_Elementary_Categories.html Category Theory for ZFC in HOL III: Universal Constructions /entries/CZH_Universal_Constructions.html Mon, 06 Sep 2021 00:00:00 +0000 /entries/CZH_Universal_Constructions.html Conditional Simplification /entries/Conditional_Simplification.html Mon, 06 Sep 2021 00:00:00 +0000 /entries/Conditional_Simplification.html Conditional Transfer Rule /entries/Conditional_Transfer_Rule.html Mon, 06 Sep 2021 00:00:00 +0000 /entries/Conditional_Transfer_Rule.html Extension of Types-To-Sets /entries/Types_To_Sets_Extension.html Mon, 06 Sep 2021 00:00:00 +0000 /entries/Types_To_Sets_Extension.html IDE: Introduction, Destruction, Elimination /entries/Intro_Dest_Elim.html Mon, 06 Sep 2021 00:00:00 +0000 /entries/Intro_Dest_Elim.html A data flow analysis algorithm for computing dominators /entries/Dominance_CHK.html Sun, 05 Sep 2021 00:00:00 +0000 /entries/Dominance_CHK.html Solving Cubic and Quartic Equations /entries/Cubic_Quartic_Equations.html Fri, 03 Sep 2021 00:00:00 +0000 /entries/Cubic_Quartic_Equations.html Logging-independent Message Anonymity in the Relational Method /entries/Logging_Independent_Anonymity.html Thu, 26 Aug 2021 00:00:00 +0000 /entries/Logging_Independent_Anonymity.html The Theorem of Three Circles /entries/Three_Circles.html Sat, 21 Aug 2021 00:00:00 +0000 /entries/Three_Circles.html CoCon: A Confidentiality-Verified Conference Management System /entries/CoCon.html Mon, 16 Aug 2021 00:00:00 +0000 /entries/CoCon.html Compositional BD Security /entries/BD_Security_Compositional.html Mon, 16 Aug 2021 00:00:00 +0000 /entries/BD_Security_Compositional.html CoSMed: A confidentiality-verified social media platform /entries/CoSMed.html Mon, 16 Aug 2021 00:00:00 +0000 /entries/CoSMed.html CoSMeDis: A confidentiality-verified distributed social media platform /entries/CoSMeDis.html Mon, 16 Aug 2021 00:00:00 +0000 /entries/CoSMeDis.html Fresh identifiers /entries/Fresh_Identifiers.html Mon, 16 Aug 2021 00:00:00 +0000 /entries/Fresh_Identifiers.html Combinatorial Design Theory /entries/Design_Theory.html Fri, 13 Aug 2021 00:00:00 +0000 /entries/Design_Theory.html Relational Forests /entries/Relational_Forests.html Tue, 03 Aug 2021 00:00:00 +0000 /entries/Relational_Forests.html Schutz' Independent Axioms for Minkowski Spacetime /entries/Schutz_Spacetime.html Tue, 27 Jul 2021 00:00:00 +0000 /entries/Schutz_Spacetime.html Finitely Generated Abelian Groups /entries/Finitely_Generated_Abelian_Groups.html Wed, 07 Jul 2021 00:00:00 +0000 /entries/Finitely_Generated_Abelian_Groups.html SpecCheck - Specification-Based Testing for Isabelle/ML /entries/SpecCheck.html Thu, 01 Jul 2021 00:00:00 +0000 /entries/SpecCheck.html Van der Waerden's Theorem /entries/Van_der_Waerden.html Tue, 22 Jun 2021 00:00:00 +0000 /entries/Van_der_Waerden.html MiniSail - A kernel language for the ISA specification language SAIL /entries/MiniSail.html Fri, 18 Jun 2021 00:00:00 +0000 /entries/MiniSail.html Public Announcement Logic /entries/Public_Announcement_Logic.html Thu, 17 Jun 2021 00:00:00 +0000 /entries/Public_Announcement_Logic.html A Shorter Compiler Correctness Proof for Language IMP /entries/IMP_Compiler.html Fri, 04 Jun 2021 00:00:00 +0000 /entries/IMP_Compiler.html Combinatorics on Words Basics /entries/Combinatorics_Words.html Mon, 24 May 2021 00:00:00 +0000 /entries/Combinatorics_Words.html Graph Lemma /entries/Combinatorics_Words_Graph_Lemma.html Mon, 24 May 2021 00:00:00 +0000 /entries/Combinatorics_Words_Graph_Lemma.html Lyndon words /entries/Combinatorics_Words_Lyndon.html Mon, 24 May 2021 00:00:00 +0000 /entries/Combinatorics_Words_Lyndon.html Regression Test Selection /entries/Regression_Test_Selection.html Fri, 30 Apr 2021 00:00:00 +0000 /entries/Regression_Test_Selection.html Isabelle's Metalogic: Formalization and Proof Checker /entries/Metalogic_ProofChecker.html Tue, 27 Apr 2021 00:00:00 +0000 /entries/Metalogic_ProofChecker.html Lifting the Exponent /entries/Lifting_the_Exponent.html Tue, 27 Apr 2021 00:00:00 +0000 /entries/Lifting_the_Exponent.html The BKR Decision Procedure for Univariate Real Arithmetic /entries/BenOr_Kozen_Reif.html Sat, 24 Apr 2021 00:00:00 +0000 /entries/BenOr_Kozen_Reif.html Gale-Stewart Games /entries/GaleStewart_Games.html Fri, 23 Apr 2021 00:00:00 +0000 /entries/GaleStewart_Games.html Formalization of Timely Dataflow's Progress Tracking Protocol /entries/Progress_Tracking.html Tue, 13 Apr 2021 00:00:00 +0000 /entries/Progress_Tracking.html Information Flow Control via Dependency Tracking /entries/IFC_Tracking.html Thu, 01 Apr 2021 00:00:00 +0000 /entries/IFC_Tracking.html Grothendieck's Schemes in Algebraic Geometry /entries/Grothendieck_Schemes.html Mon, 29 Mar 2021 00:00:00 +0000 /entries/Grothendieck_Schemes.html Hensel's Lemma for the p-adic Integers /entries/Padic_Ints.html Tue, 23 Mar 2021 00:00:00 +0000 /entries/Padic_Ints.html Constructive Cryptography in HOL: the Communication Modeling Aspect /entries/Constructive_Cryptography_CM.html Wed, 17 Mar 2021 00:00:00 +0000 /entries/Constructive_Cryptography_CM.html Two algorithms based on modular arithmetic: lattice basis reduction and Hermite normal form computation /entries/Modular_arithmetic_LLL_and_HNF_algorithms.html Fri, 12 Mar 2021 00:00:00 +0000 /entries/Modular_arithmetic_LLL_and_HNF_algorithms.html Quantum projective measurements and the CHSH inequality /entries/Projective_Measurements.html Wed, 03 Mar 2021 00:00:00 +0000 /entries/Projective_Measurements.html The Hermite–Lindemann–Weierstraß Transcendence Theorem /entries/Hermite_Lindemann.html Wed, 03 Mar 2021 00:00:00 +0000 /entries/Hermite_Lindemann.html Mereology /entries/Mereology.html Mon, 01 Mar 2021 00:00:00 +0000 /entries/Mereology.html The Sunflower Lemma of Erdős and Rado /entries/Sunflowers.html Thu, 25 Feb 2021 00:00:00 +0000 /entries/Sunflowers.html A Verified Imperative Implementation of B-Trees /entries/BTree.html Wed, 24 Feb 2021 00:00:00 +0000 /entries/BTree.html Formal Puiseux Series /entries/Formal_Puiseux_Series.html Wed, 17 Feb 2021 00:00:00 +0000 /entries/Formal_Puiseux_Series.html The Laws of Large Numbers /entries/Laws_of_Large_Numbers.html Wed, 10 Feb 2021 00:00:00 +0000 /entries/Laws_of_Large_Numbers.html Tarski's Parallel Postulate implies the 5th Postulate of Euclid, the Postulate of Playfair and the original Parallel Postulate of Euclid /entries/IsaGeoCoq.html Sun, 31 Jan 2021 00:00:00 +0000 /entries/IsaGeoCoq.html Solution to the xkcd Blue Eyes puzzle /entries/Blue_Eyes.html Sat, 30 Jan 2021 00:00:00 +0000 /entries/Blue_Eyes.html Hood-Melville Queue /entries/Hood_Melville_Queue.html Mon, 18 Jan 2021 00:00:00 +0000 /entries/Hood_Melville_Queue.html JinjaDCI: a Java semantics with dynamic class initialization /entries/JinjaDCI.html Mon, 11 Jan 2021 00:00:00 +0000 /entries/JinjaDCI.html Cofinality and the Delta System Lemma /entries/Delta_System_Lemma.html Sun, 27 Dec 2020 00:00:00 +0000 /entries/Delta_System_Lemma.html Topological semantics for paraconsistent and paracomplete logics /entries/Topological_Semantics.html Thu, 17 Dec 2020 00:00:00 +0000 /entries/Topological_Semantics.html Relational Minimum Spanning Tree Algorithms /entries/Relational_Minimum_Spanning_Trees.html Tue, 08 Dec 2020 00:00:00 +0000 /entries/Relational_Minimum_Spanning_Trees.html Inline Caching and Unboxing Optimization for Interpreters /entries/Interpreter_Optimizations.html Mon, 07 Dec 2020 00:00:00 +0000 /entries/Interpreter_Optimizations.html The Relational Method with Message Anonymity for the Verification of Cryptographic Protocols /entries/Relational_Method.html Sat, 05 Dec 2020 00:00:00 +0000 /entries/Relational_Method.html Isabelle Marries Dirac: a Library for Quantum Computation and Quantum Information /entries/Isabelle_Marries_Dirac.html Sun, 22 Nov 2020 00:00:00 +0000 /entries/Isabelle_Marries_Dirac.html The HOL-CSP Refinement Toolkit /entries/CSP_RefTK.html Thu, 19 Nov 2020 00:00:00 +0000 /entries/CSP_RefTK.html AI Planning Languages Semantics /entries/AI_Planning_Languages_Semantics.html Thu, 29 Oct 2020 00:00:00 +0000 /entries/AI_Planning_Languages_Semantics.html Verified SAT-Based AI Planning /entries/Verified_SAT_Based_AI_Planning.html Thu, 29 Oct 2020 00:00:00 +0000 /entries/Verified_SAT_Based_AI_Planning.html A Sound Type System for Physical Quantities, Units, and Measurements /entries/Physical_Quantities.html Tue, 20 Oct 2020 00:00:00 +0000 /entries/Physical_Quantities.html Finite Map Extras /entries/Finite-Map-Extras.html Mon, 12 Oct 2020 00:00:00 +0000 /entries/Finite-Map-Extras.html A Formal Model of the Document Object Model with Shadow Roots /entries/Shadow_DOM.html Mon, 28 Sep 2020 00:00:00 +0000 /entries/Shadow_DOM.html A Formal Model of the Safely Composable Document Object Model with Shadow Roots /entries/Shadow_SC_DOM.html Mon, 28 Sep 2020 00:00:00 +0000 /entries/Shadow_SC_DOM.html A Formalization of Safely Composable Web Components /entries/SC_DOM_Components.html Mon, 28 Sep 2020 00:00:00 +0000 /entries/SC_DOM_Components.html A Formalization of Web Components /entries/DOM_Components.html Mon, 28 Sep 2020 00:00:00 +0000 /entries/DOM_Components.html The Safely Composable DOM /entries/Core_SC_DOM.html Mon, 28 Sep 2020 00:00:00 +0000 /entries/Core_SC_DOM.html An Abstract Formalization of G&ouml;del's Incompleteness Theorems /entries/Goedel_Incompleteness.html Wed, 16 Sep 2020 00:00:00 +0000 /entries/Goedel_Incompleteness.html From Abstract to Concrete G&ouml;del's Incompleteness Theorems&mdash;Part I /entries/Goedel_HFSet_Semantic.html Wed, 16 Sep 2020 00:00:00 +0000 /entries/Goedel_HFSet_Semantic.html From Abstract to Concrete G&ouml;del's Incompleteness Theorems&mdash;Part II /entries/Goedel_HFSet_Semanticless.html Wed, 16 Sep 2020 00:00:00 +0000 /entries/Goedel_HFSet_Semanticless.html Robinson Arithmetic /entries/Robinson_Arithmetic.html Wed, 16 Sep 2020 00:00:00 +0000 /entries/Robinson_Arithmetic.html Syntax-Independent Logic Infrastructure /entries/Syntax_Independent_Logic.html Wed, 16 Sep 2020 00:00:00 +0000 /entries/Syntax_Independent_Logic.html A Formal Model of Extended Finite State Machines /entries/Extended_Finite_State_Machines.html Mon, 07 Sep 2020 00:00:00 +0000 /entries/Extended_Finite_State_Machines.html Inference of Extended Finite State Machines /entries/Extended_Finite_State_Machine_Inference.html Mon, 07 Sep 2020 00:00:00 +0000 /entries/Extended_Finite_State_Machine_Inference.html Practical Algebraic Calculus Checker /entries/PAC_Checker.html Mon, 31 Aug 2020 00:00:00 +0000 /entries/PAC_Checker.html Some classical results in inductive inference of recursive functions /entries/Inductive_Inference.html Mon, 31 Aug 2020 00:00:00 +0000 /entries/Inductive_Inference.html Relational Disjoint-Set Forests /entries/Relational_Disjoint_Set_Forests.html Wed, 26 Aug 2020 00:00:00 +0000 /entries/Relational_Disjoint_Set_Forests.html Extensions to the Comprehensive Framework for Saturation Theorem Proving /entries/Saturation_Framework_Extensions.html Tue, 25 Aug 2020 00:00:00 +0000 /entries/Saturation_Framework_Extensions.html Putting the `K' into Bird's derivation of Knuth-Morris-Pratt string matching /entries/BirdKMP.html Tue, 25 Aug 2020 00:00:00 +0000 /entries/BirdKMP.html Amicable Numbers /entries/Amicable_Numbers.html Tue, 04 Aug 2020 00:00:00 +0000 /entries/Amicable_Numbers.html Ordinal Partitions /entries/Ordinal_Partitions.html Mon, 03 Aug 2020 00:00:00 +0000 /entries/Ordinal_Partitions.html A Formal Proof of The Chandy--Lamport Distributed Snapshot Algorithm /entries/Chandy_Lamport.html Tue, 21 Jul 2020 00:00:00 +0000 /entries/Chandy_Lamport.html Relational Characterisations of Paths /entries/Relational_Paths.html Mon, 13 Jul 2020 00:00:00 +0000 /entries/Relational_Paths.html A Formally Verified Checker of the Safe Distance Traffic Rules for Autonomous Vehicles /entries/Safe_Distance.html Mon, 01 Jun 2020 00:00:00 +0000 /entries/Safe_Distance.html A verified algorithm for computing the Smith normal form of a matrix /entries/Smith_Normal_Form.html Sat, 23 May 2020 00:00:00 +0000 /entries/Smith_Normal_Form.html The Nash-Williams Partition Theorem /entries/Nash_Williams.html Sat, 16 May 2020 00:00:00 +0000 /entries/Nash_Williams.html A Formalization of Knuth–Bendix Orders /entries/Knuth_Bendix_Order.html Wed, 13 May 2020 00:00:00 +0000 /entries/Knuth_Bendix_Order.html Irrationality Criteria for Series by Erdős and Straus /entries/Irrational_Series_Erdos_Straus.html Tue, 12 May 2020 00:00:00 +0000 /entries/Irrational_Series_Erdos_Straus.html Recursion Theorem in ZF /entries/Recursion-Addition.html Mon, 11 May 2020 00:00:00 +0000 /entries/Recursion-Addition.html An Efficient Normalisation Procedure for Linear Temporal Logic: Isabelle/HOL Formalisation /entries/LTL_Normal_Form.html Fri, 08 May 2020 00:00:00 +0000 /entries/LTL_Normal_Form.html Formalization of Forcing in Isabelle/ZF /entries/Forcing.html Wed, 06 May 2020 00:00:00 +0000 /entries/Forcing.html Banach-Steinhaus Theorem /entries/Banach_Steinhaus.html Sat, 02 May 2020 00:00:00 +0000 /entries/Banach_Steinhaus.html Attack Trees in Isabelle for GDPR compliance of IoT healthcare systems /entries/Attack_Trees.html Mon, 27 Apr 2020 00:00:00 +0000 /entries/Attack_Trees.html Gaussian Integers /entries/Gaussian_Integers.html Fri, 24 Apr 2020 00:00:00 +0000 /entries/Gaussian_Integers.html Power Sum Polynomials /entries/Power_Sum_Polynomials.html Fri, 24 Apr 2020 00:00:00 +0000 /entries/Power_Sum_Polynomials.html The Lambert W Function on the Reals /entries/Lambert_W.html Fri, 24 Apr 2020 00:00:00 +0000 /entries/Lambert_W.html Matrices for ODEs /entries/Matrices_for_ODEs.html Sun, 19 Apr 2020 00:00:00 +0000 /entries/Matrices_for_ODEs.html Authenticated Data Structures As Functors /entries/ADS_Functor.html Thu, 16 Apr 2020 00:00:00 +0000 /entries/ADS_Functor.html Formalization of an Algorithm for Greedily Computing Associative Aggregations on Sliding Windows /entries/Sliding_Window_Algorithm.html Fri, 10 Apr 2020 00:00:00 +0000 /entries/Sliding_Window_Algorithm.html A Comprehensive Framework for Saturation Theorem Proving /entries/Saturation_Framework.html Thu, 09 Apr 2020 00:00:00 +0000 /entries/Saturation_Framework.html Formalization of an Optimized Monitoring Algorithm for Metric First-Order Dynamic Logic with Aggregations /entries/MFODL_Monitor_Optimized.html Thu, 09 Apr 2020 00:00:00 +0000 /entries/MFODL_Monitor_Optimized.html Automated Stateful Protocol Verification /entries/Automated_Stateful_Protocol_Verification.html Wed, 08 Apr 2020 00:00:00 +0000 /entries/Automated_Stateful_Protocol_Verification.html Stateful Protocol Composition and Typing /entries/Stateful_Protocol_Composition_and_Typing.html Wed, 08 Apr 2020 00:00:00 +0000 /entries/Stateful_Protocol_Composition_and_Typing.html Lucas's Theorem /entries/Lucas_Theorem.html Tue, 07 Apr 2020 00:00:00 +0000 /entries/Lucas_Theorem.html Strong Eventual Consistency of the Collaborative Editing Framework WOOT /entries/WOOT_Strong_Eventual_Consistency.html Wed, 25 Mar 2020 00:00:00 +0000 /entries/WOOT_Strong_Eventual_Consistency.html Furstenberg's topology and his proof of the infinitude of primes /entries/Furstenberg_Topology.html Sun, 22 Mar 2020 00:00:00 +0000 /entries/Furstenberg_Topology.html An Under-Approximate Relational Logic /entries/Relational-Incorrectness-Logic.html Thu, 12 Mar 2020 00:00:00 +0000 /entries/Relational-Incorrectness-Logic.html Hello World /entries/Hello_World.html Sat, 07 Mar 2020 00:00:00 +0000 /entries/Hello_World.html Implementing the Goodstein Function in &lambda;-Calculus /entries/Goodstein_Lambda.html Fri, 21 Feb 2020 00:00:00 +0000 /entries/Goodstein_Lambda.html A Generic Framework for Verified Compilers /entries/VeriComp.html Mon, 10 Feb 2020 00:00:00 +0000 /entries/VeriComp.html Arithmetic progressions and relative primes /entries/Arith_Prog_Rel_Primes.html Sat, 01 Feb 2020 00:00:00 +0000 /entries/Arith_Prog_Rel_Primes.html A Hierarchy of Algebras for Boolean Subsets /entries/Subset_Boolean_Algebras.html Fri, 31 Jan 2020 00:00:00 +0000 /entries/Subset_Boolean_Algebras.html Mersenne primes and the Lucas–Lehmer test /entries/Mersenne_Primes.html Fri, 17 Jan 2020 00:00:00 +0000 /entries/Mersenne_Primes.html Verified Approximation Algorithms /entries/Approximation_Algorithms.html Thu, 16 Jan 2020 00:00:00 +0000 /entries/Approximation_Algorithms.html Closest Pair of Points Algorithms /entries/Closest_Pair_Points.html Mon, 13 Jan 2020 00:00:00 +0000 /entries/Closest_Pair_Points.html Skip Lists /entries/Skip_Lists.html Thu, 09 Jan 2020 00:00:00 +0000 /entries/Skip_Lists.html Bicategories /entries/Bicategory.html Mon, 06 Jan 2020 00:00:00 +0000 /entries/Bicategory.html The Irrationality of ζ(3) /entries/Zeta_3_Irrational.html Fri, 27 Dec 2019 00:00:00 +0000 /entries/Zeta_3_Irrational.html Formalizing a Seligman-Style Tableau System for Hybrid Logic /entries/Hybrid_Logic.html Fri, 20 Dec 2019 00:00:00 +0000 /entries/Hybrid_Logic.html The Poincaré-Bendixson Theorem /entries/Poincare_Bendixson.html Wed, 18 Dec 2019 00:00:00 +0000 /entries/Poincare_Bendixson.html Complex Geometry /entries/Complex_Geometry.html Mon, 16 Dec 2019 00:00:00 +0000 /entries/Complex_Geometry.html Poincaré Disc Model /entries/Poincare_Disc.html Mon, 16 Dec 2019 00:00:00 +0000 /entries/Poincare_Disc.html Gauss Sums and the Pólya–Vinogradov Inequality /entries/Gauss_Sums.html Tue, 10 Dec 2019 00:00:00 +0000 /entries/Gauss_Sums.html An Efficient Generalization of Counting Sort for Large, possibly Infinite Key Ranges /entries/Generalized_Counting_Sort.html Wed, 04 Dec 2019 00:00:00 +0000 /entries/Generalized_Counting_Sort.html Interval Arithmetic on 32-bit Words /entries/Interval_Arithmetic_Word32.html Wed, 27 Nov 2019 00:00:00 +0000 /entries/Interval_Arithmetic_Word32.html Zermelo Fraenkel Set Theory in Higher-Order Logic /entries/ZFC_in_HOL.html Thu, 24 Oct 2019 00:00:00 +0000 /entries/ZFC_in_HOL.html Isabelle/C /entries/Isabelle_C.html Tue, 22 Oct 2019 00:00:00 +0000 /entries/Isabelle_C.html VerifyThis 2019 -- Polished Isabelle Solutions /entries/VerifyThis2019.html Wed, 16 Oct 2019 00:00:00 +0000 /entries/VerifyThis2019.html Aristotle's Assertoric Syllogistic /entries/Aristotles_Assertoric_Syllogistic.html Tue, 08 Oct 2019 00:00:00 +0000 /entries/Aristotles_Assertoric_Syllogistic.html Sigma Protocols and Commitment Schemes /entries/Sigma_Commit_Crypto.html Mon, 07 Oct 2019 00:00:00 +0000 /entries/Sigma_Commit_Crypto.html Clean - An Abstract Imperative Programming Language and its Theory /entries/Clean.html Fri, 04 Oct 2019 00:00:00 +0000 /entries/Clean.html Formalization of Multiway-Join Algorithms /entries/Generic_Join.html Mon, 16 Sep 2019 00:00:00 +0000 /entries/Generic_Join.html Verification Components for Hybrid Systems /entries/Hybrid_Systems_VCs.html Tue, 10 Sep 2019 00:00:00 +0000 /entries/Hybrid_Systems_VCs.html Fourier Series /entries/Fourier.html Fri, 06 Sep 2019 00:00:00 +0000 /entries/Fourier.html A Case Study in Basic Algebra /entries/Jacobson_Basic_Algebra.html Fri, 30 Aug 2019 00:00:00 +0000 /entries/Jacobson_Basic_Algebra.html Formalisation of an Adaptive State Counting Algorithm /entries/Adaptive_State_Counting.html Fri, 16 Aug 2019 00:00:00 +0000 /entries/Adaptive_State_Counting.html Laplace Transform /entries/Laplace_Transform.html Wed, 14 Aug 2019 00:00:00 +0000 /entries/Laplace_Transform.html Communicating Concurrent Kleene Algebra for Distributed Systems Specification /entries/C2KA_DistributedSystems.html Tue, 06 Aug 2019 00:00:00 +0000 /entries/C2KA_DistributedSystems.html Linear Programming /entries/Linear_Programming.html Tue, 06 Aug 2019 00:00:00 +0000 /entries/Linear_Programming.html Selected Problems from the International Mathematical Olympiad 2019 /entries/IMO2019.html Mon, 05 Aug 2019 00:00:00 +0000 /entries/IMO2019.html Stellar Quorum Systems /entries/Stellar_Quorums.html Thu, 01 Aug 2019 00:00:00 +0000 /entries/Stellar_Quorums.html A Formal Development of a Polychronous Polytimed Coordination Language /entries/TESL_Language.html Tue, 30 Jul 2019 00:00:00 +0000 /entries/TESL_Language.html Order Extension and Szpilrajn's Extension Theorem /entries/Szpilrajn.html Sat, 27 Jul 2019 00:00:00 +0000 /entries/Szpilrajn.html A Sequent Calculus for First-Order Logic /entries/FOL_Seq_Calc1.html Thu, 18 Jul 2019 00:00:00 +0000 /entries/FOL_Seq_Calc1.html A Verified Code Generator from Isabelle/HOL to CakeML /entries/CakeML_Codegen.html Mon, 08 Jul 2019 00:00:00 +0000 /entries/CakeML_Codegen.html Formalization of a Monitoring Algorithm for Metric First-Order Temporal Logic /entries/MFOTL_Monitor.html Thu, 04 Jul 2019 00:00:00 +0000 /entries/MFOTL_Monitor.html Complete Non-Orders and Fixed Points /entries/Complete_Non_Orders.html Thu, 27 Jun 2019 00:00:00 +0000 /entries/Complete_Non_Orders.html Priority Search Trees /entries/Priority_Search_Trees.html Tue, 25 Jun 2019 00:00:00 +0000 /entries/Priority_Search_Trees.html Purely Functional, Simple, and Efficient Implementation of Prim and Dijkstra /entries/Prim_Dijkstra_Simple.html Tue, 25 Jun 2019 00:00:00 +0000 /entries/Prim_Dijkstra_Simple.html Linear Inequalities /entries/Linear_Inequalities.html Fri, 21 Jun 2019 00:00:00 +0000 /entries/Linear_Inequalities.html Hilbert's Nullstellensatz /entries/Nullstellensatz.html Sun, 16 Jun 2019 00:00:00 +0000 /entries/Nullstellensatz.html Gröbner Bases, Macaulay Matrices and Dubé's Degree Bounds /entries/Groebner_Macaulay.html Sat, 15 Jun 2019 00:00:00 +0000 /entries/Groebner_Macaulay.html Binary Heaps for IMP2 /entries/IMP2_Binary_Heap.html Thu, 13 Jun 2019 00:00:00 +0000 /entries/IMP2_Binary_Heap.html Differential Game Logic /entries/Differential_Game_Logic.html Mon, 03 Jun 2019 00:00:00 +0000 /entries/Differential_Game_Logic.html Multidimensional Binary Search Trees /entries/KD_Tree.html Thu, 30 May 2019 00:00:00 +0000 /entries/KD_Tree.html Formalization of Generic Authenticated Data Structures /entries/LambdaAuth.html Tue, 14 May 2019 00:00:00 +0000 /entries/LambdaAuth.html Multi-Party Computation /entries/Multi_Party_Computation.html Thu, 09 May 2019 00:00:00 +0000 /entries/Multi_Party_Computation.html HOL-CSP Version 2.0 /entries/HOL-CSP.html Fri, 26 Apr 2019 00:00:00 +0000 /entries/HOL-CSP.html A Compositional and Unified Translation of LTL into ω-Automata /entries/LTL_Master_Theorem.html Tue, 16 Apr 2019 00:00:00 +0000 /entries/LTL_Master_Theorem.html A General Theory of Syntax with Bindings /entries/Binding_Syntax_Theory.html Sat, 06 Apr 2019 00:00:00 +0000 /entries/Binding_Syntax_Theory.html The Transcendence of Certain Infinite Series /entries/Transcendence_Series_Hancl_Rucki.html Wed, 27 Mar 2019 00:00:00 +0000 /entries/Transcendence_Series_Hancl_Rucki.html Quantum Hoare Logic /entries/QHLProver.html Sun, 24 Mar 2019 00:00:00 +0000 /entries/QHLProver.html Safe OCL /entries/Safe_OCL.html Sat, 09 Mar 2019 00:00:00 +0000 /entries/Safe_OCL.html Elementary Facts About the Distribution of Primes /entries/Prime_Distribution_Elementary.html Thu, 21 Feb 2019 00:00:00 +0000 /entries/Prime_Distribution_Elementary.html Kruskal's Algorithm for Minimum Spanning Forest /entries/Kruskal.html Thu, 14 Feb 2019 00:00:00 +0000 /entries/Kruskal.html Probabilistic Primality Testing /entries/Probabilistic_Prime_Tests.html Mon, 11 Feb 2019 00:00:00 +0000 /entries/Probabilistic_Prime_Tests.html Universal Turing Machine /entries/Universal_Turing_Machine.html Fri, 08 Feb 2019 00:00:00 +0000 /entries/Universal_Turing_Machine.html Isabelle/UTP: Mechanised Theory Engineering for Unifying Theories of Programming /entries/UTP.html Fri, 01 Feb 2019 00:00:00 +0000 /entries/UTP.html The Inversions of a List /entries/List_Inversions.html Fri, 01 Feb 2019 00:00:00 +0000 /entries/List_Inversions.html Farkas' Lemma and Motzkin's Transposition Theorem /entries/Farkas.html Thu, 17 Jan 2019 00:00:00 +0000 /entries/Farkas.html An Algebra for Higher-Order Terms /entries/Higher_Order_Terms.html Tue, 15 Jan 2019 00:00:00 +0000 /entries/Higher_Order_Terms.html IMP2 – Simple Program Verification in Isabelle/HOL /entries/IMP2.html Tue, 15 Jan 2019 00:00:00 +0000 /entries/IMP2.html A Reduction Theorem for Store Buffers /entries/Store_Buffer_Reduction.html Mon, 07 Jan 2019 00:00:00 +0000 /entries/Store_Buffer_Reduction.html A Formal Model of the Document Object Model /entries/Core_DOM.html Wed, 26 Dec 2018 00:00:00 +0000 /entries/Core_DOM.html Formalization of Concurrent Revisions /entries/Concurrent_Revisions.html Tue, 25 Dec 2018 00:00:00 +0000 /entries/Concurrent_Revisions.html Verifying Imperative Programs using Auto2 /entries/Auto2_Imperative_HOL.html Fri, 21 Dec 2018 00:00:00 +0000 /entries/Auto2_Imperative_HOL.html Constructive Cryptography in HOL /entries/Constructive_Cryptography.html Mon, 17 Dec 2018 00:00:00 +0000 /entries/Constructive_Cryptography.html Properties of Orderings and Lattices /entries/Order_Lattice_Props.html Tue, 11 Dec 2018 00:00:00 +0000 /entries/Order_Lattice_Props.html Quantales /entries/Quantales.html Tue, 11 Dec 2018 00:00:00 +0000 /entries/Quantales.html Transformer Semantics /entries/Transformer_Semantics.html Tue, 11 Dec 2018 00:00:00 +0000 /entries/Transformer_Semantics.html A Verified Functional Implementation of Bachmair and Ganzinger's Ordered Resolution Prover /entries/Functional_Ordered_Resolution_Prover.html Fri, 23 Nov 2018 00:00:00 +0000 /entries/Functional_Ordered_Resolution_Prover.html Graph Saturation /entries/Graph_Saturation.html Fri, 23 Nov 2018 00:00:00 +0000 /entries/Graph_Saturation.html Auto2 Prover /entries/Auto2_HOL.html Tue, 20 Nov 2018 00:00:00 +0000 /entries/Auto2_HOL.html Matroids /entries/Matroids.html Fri, 16 Nov 2018 00:00:00 +0000 /entries/Matroids.html Deriving generic class instances for datatypes /entries/Generic_Deriving.html Tue, 06 Nov 2018 00:00:00 +0000 /entries/Generic_Deriving.html Formalisation and Evaluation of Alan Gewirth's Proof for the Principle of Generic Consistency in Isabelle/HOL /entries/GewirthPGCProof.html Tue, 30 Oct 2018 00:00:00 +0000 /entries/GewirthPGCProof.html Epistemic Logic: Completeness of Modal Logics /entries/Epistemic_Logic.html Mon, 29 Oct 2018 00:00:00 +0000 /entries/Epistemic_Logic.html Smooth Manifolds /entries/Smooth_Manifolds.html Mon, 22 Oct 2018 00:00:00 +0000 /entries/Smooth_Manifolds.html Formalization of the Embedding Path Order for Lambda-Free Higher-Order Terms /entries/Lambda_Free_EPO.html Fri, 19 Oct 2018 00:00:00 +0000 /entries/Lambda_Free_EPO.html Randomised Binary Search Trees /entries/Randomised_BSTs.html Fri, 19 Oct 2018 00:00:00 +0000 /entries/Randomised_BSTs.html Upper Bounding Diameters of State Spaces of Factored Transition Systems /entries/Factored_Transition_System_Bounding.html Fri, 12 Oct 2018 00:00:00 +0000 /entries/Factored_Transition_System_Bounding.html The Transcendence of π /entries/Pi_Transcendental.html Fri, 28 Sep 2018 00:00:00 +0000 /entries/Pi_Transcendental.html Symmetric Polynomials /entries/Symmetric_Polynomials.html Tue, 25 Sep 2018 00:00:00 +0000 /entries/Symmetric_Polynomials.html Signature-Based Gröbner Basis Algorithms /entries/Signature_Groebner.html Thu, 20 Sep 2018 00:00:00 +0000 /entries/Signature_Groebner.html The Prime Number Theorem /entries/Prime_Number_Theorem.html Wed, 19 Sep 2018 00:00:00 +0000 /entries/Prime_Number_Theorem.html Aggregation Algebras /entries/Aggregation_Algebras.html Sat, 15 Sep 2018 00:00:00 +0000 /entries/Aggregation_Algebras.html Octonions /entries/Octonions.html Fri, 14 Sep 2018 00:00:00 +0000 /entries/Octonions.html Quaternions /entries/Quaternions.html Wed, 05 Sep 2018 00:00:00 +0000 /entries/Quaternions.html The Budan-Fourier Theorem and Counting Real Roots with Multiplicity /entries/Budan_Fourier.html Sun, 02 Sep 2018 00:00:00 +0000 /entries/Budan_Fourier.html An Incremental Simplex Algorithm with Unsatisfiable Core Generation /entries/Simplex.html Fri, 24 Aug 2018 00:00:00 +0000 /entries/Simplex.html Minsky Machines /entries/Minsky_Machines.html Tue, 14 Aug 2018 00:00:00 +0000 /entries/Minsky_Machines.html Pricing in discrete financial models /entries/DiscretePricing.html Mon, 16 Jul 2018 00:00:00 +0000 /entries/DiscretePricing.html Von-Neumann-Morgenstern Utility Theorem /entries/Neumann_Morgenstern_Utility.html Wed, 04 Jul 2018 00:00:00 +0000 /entries/Neumann_Morgenstern_Utility.html Pell's Equation /entries/Pell.html Sat, 23 Jun 2018 00:00:00 +0000 /entries/Pell.html Projective Geometry /entries/Projective_Geometry.html Thu, 14 Jun 2018 00:00:00 +0000 /entries/Projective_Geometry.html The Localization of a Commutative Ring /entries/Localization_Ring.html Thu, 14 Jun 2018 00:00:00 +0000 /entries/Localization_Ring.html Partial Order Reduction /entries/Partial_Order_Reduction.html Tue, 05 Jun 2018 00:00:00 +0000 /entries/Partial_Order_Reduction.html Optimal Binary Search Trees /entries/Optimal_BST.html Sun, 27 May 2018 00:00:00 +0000 /entries/Optimal_BST.html Hidden Markov Models /entries/Hidden_Markov_Models.html Fri, 25 May 2018 00:00:00 +0000 /entries/Hidden_Markov_Models.html Probabilistic Timed Automata /entries/Probabilistic_Timed_Automata.html Thu, 24 May 2018 00:00:00 +0000 /entries/Probabilistic_Timed_Automata.html Axiom Systems for Category Theory in Free Logic /entries/AxiomaticCategoryTheory.html Wed, 23 May 2018 00:00:00 +0000 /entries/AxiomaticCategoryTheory.html Irrational Rapidly Convergent Series /entries/Irrationality_J_Hancl.html Wed, 23 May 2018 00:00:00 +0000 /entries/Irrationality_J_Hancl.html Monadification, Memoization and Dynamic Programming /entries/Monad_Memo_DP.html Tue, 22 May 2018 00:00:00 +0000 /entries/Monad_Memo_DP.html OpSets: Sequential Specifications for Replicated Datatypes /entries/OpSets.html Thu, 10 May 2018 00:00:00 +0000 /entries/OpSets.html An Isabelle/HOL Formalization of the Modular Assembly Kit for Security Properties /entries/Modular_Assembly_Kit_Security.html Mon, 07 May 2018 00:00:00 +0000 /entries/Modular_Assembly_Kit_Security.html WebAssembly /entries/WebAssembly.html Sun, 29 Apr 2018 00:00:00 +0000 /entries/WebAssembly.html VerifyThis 2018 - Polished Isabelle Solutions /entries/VerifyThis2018.html Fri, 27 Apr 2018 00:00:00 +0000 /entries/VerifyThis2018.html Bounded Natural Functors with Covariance and Contravariance /entries/BNF_CC.html Tue, 24 Apr 2018 00:00:00 +0000 /entries/BNF_CC.html The Incompatibility of Fishburn-Strategyproofness and Pareto-Efficiency /entries/Fishburn_Impossibility.html Thu, 22 Mar 2018 00:00:00 +0000 /entries/Fishburn_Impossibility.html Weight-Balanced Trees /entries/Weight_Balanced_Trees.html Tue, 13 Mar 2018 00:00:00 +0000 /entries/Weight_Balanced_Trees.html CakeML /entries/CakeML.html Mon, 12 Mar 2018 00:00:00 +0000 /entries/CakeML.html A Theory of Architectural Design Patterns /entries/Architectural_Design_Patterns.html Thu, 01 Mar 2018 00:00:00 +0000 /entries/Architectural_Design_Patterns.html Hoare Logics for Time Bounds /entries/Hoare_Time.html Mon, 26 Feb 2018 00:00:00 +0000 /entries/Hoare_Time.html A verified factorization algorithm for integer polynomials with polynomial complexity /entries/LLL_Factorization.html Tue, 06 Feb 2018 00:00:00 +0000 /entries/LLL_Factorization.html First-Order Terms /entries/First_Order_Terms.html Tue, 06 Feb 2018 00:00:00 +0000 /entries/First_Order_Terms.html The Error Function /entries/Error_Function.html Tue, 06 Feb 2018 00:00:00 +0000 /entries/Error_Function.html Treaps /entries/Treaps.html Tue, 06 Feb 2018 00:00:00 +0000 /entries/Treaps.html A verified LLL algorithm /entries/LLL_Basis_Reduction.html Fri, 02 Feb 2018 00:00:00 +0000 /entries/LLL_Basis_Reduction.html Formalization of Bachmair and Ganzinger's Ordered Resolution Prover /entries/Ordered_Resolution_Prover.html Thu, 18 Jan 2018 00:00:00 +0000 /entries/Ordered_Resolution_Prover.html Gromov Hyperbolicity /entries/Gromov_Hyperbolicity.html Tue, 16 Jan 2018 00:00:00 +0000 /entries/Gromov_Hyperbolicity.html An Isabelle/HOL formalisation of Green's Theorem /entries/Green.html Thu, 11 Jan 2018 00:00:00 +0000 /entries/Green.html Taylor Models /entries/Taylor_Models.html Mon, 08 Jan 2018 00:00:00 +0000 /entries/Taylor_Models.html The Falling Factorial of a Sum /entries/Falling_Factorial_Sum.html Fri, 22 Dec 2017 00:00:00 +0000 /entries/Falling_Factorial_Sum.html Dirichlet L-Functions and Dirichlet's Theorem /entries/Dirichlet_L.html Thu, 21 Dec 2017 00:00:00 +0000 /entries/Dirichlet_L.html The Mason–Stothers Theorem /entries/Mason_Stothers.html Thu, 21 Dec 2017 00:00:00 +0000 /entries/Mason_Stothers.html The Median-of-Medians Selection Algorithm /entries/Median_Of_Medians_Selection.html Thu, 21 Dec 2017 00:00:00 +0000 /entries/Median_Of_Medians_Selection.html Operations on Bounded Natural Functors /entries/BNF_Operations.html Tue, 19 Dec 2017 00:00:00 +0000 /entries/BNF_Operations.html The string search algorithm by Knuth, Morris and Pratt /entries/Knuth_Morris_Pratt.html Mon, 18 Dec 2017 00:00:00 +0000 /entries/Knuth_Morris_Pratt.html Stochastic Matrices and the Perron-Frobenius Theorem /entries/Stochastic_Matrices.html Wed, 22 Nov 2017 00:00:00 +0000 /entries/Stochastic_Matrices.html The IMAP CmRDT /entries/IMAP-CRDT.html Thu, 09 Nov 2017 00:00:00 +0000 /entries/IMAP-CRDT.html Hybrid Multi-Lane Spatial Logic /entries/Hybrid_Multi_Lane_Spatial_Logic.html Mon, 06 Nov 2017 00:00:00 +0000 /entries/Hybrid_Multi_Lane_Spatial_Logic.html The Kuratowski Closure-Complement Theorem /entries/Kuratowski_Closure_Complement.html Thu, 26 Oct 2017 00:00:00 +0000 /entries/Kuratowski_Closure_Complement.html Büchi Complementation /entries/Buchi_Complementation.html Thu, 19 Oct 2017 00:00:00 +0000 /entries/Buchi_Complementation.html Transition Systems and Automata /entries/Transition_Systems_and_Automata.html Thu, 19 Oct 2017 00:00:00 +0000 /entries/Transition_Systems_and_Automata.html Count the Number of Complex Roots /entries/Count_Complex_Roots.html Tue, 17 Oct 2017 00:00:00 +0000 /entries/Count_Complex_Roots.html Evaluate Winding Numbers through Cauchy Indices /entries/Winding_Number_Eval.html Tue, 17 Oct 2017 00:00:00 +0000 /entries/Winding_Number_Eval.html Homogeneous Linear Diophantine Equations /entries/Diophantine_Eqns_Lin_Hom.html Sat, 14 Oct 2017 00:00:00 +0000 /entries/Diophantine_Eqns_Lin_Hom.html Dirichlet Series /entries/Dirichlet_Series.html Thu, 12 Oct 2017 00:00:00 +0000 /entries/Dirichlet_Series.html Linear Recurrences /entries/Linear_Recurrences.html Thu, 12 Oct 2017 00:00:00 +0000 /entries/Linear_Recurrences.html The Hurwitz and Riemann ζ Functions /entries/Zeta_Function.html Thu, 12 Oct 2017 00:00:00 +0000 /entries/Zeta_Function.html Computer-assisted Reconstruction and Assessment of E. J. Lowe's Modal Ontological Argument /entries/Lowe_Ontological_Argument.html Thu, 21 Sep 2017 00:00:00 +0000 /entries/Lowe_Ontological_Argument.html Representation and Partial Automation of the Principia Logico-Metaphysica in Isabelle/HOL /entries/PLM.html Sun, 17 Sep 2017 00:00:00 +0000 /entries/PLM.html Anselm's God in Isabelle/HOL /entries/AnselmGod.html Wed, 06 Sep 2017 00:00:00 +0000 /entries/AnselmGod.html Microeconomics and the First Welfare Theorem /entries/First_Welfare_Theorem.html Fri, 01 Sep 2017 00:00:00 +0000 /entries/First_Welfare_Theorem.html Orbit-Stabiliser Theorem with Application to Rotational Symmetries /entries/Orbit_Stabiliser.html Sun, 20 Aug 2017 00:00:00 +0000 /entries/Orbit_Stabiliser.html Root-Balanced Tree /entries/Root_Balanced_Tree.html Sun, 20 Aug 2017 00:00:00 +0000 /entries/Root_Balanced_Tree.html The LambdaMu-calculus /entries/LambdaMu.html Wed, 16 Aug 2017 00:00:00 +0000 /entries/LambdaMu.html Stewart's Theorem and Apollonius' Theorem /entries/Stewart_Apollonius.html Mon, 31 Jul 2017 00:00:00 +0000 /entries/Stewart_Apollonius.html Dynamic Architectures /entries/DynamicArchitectures.html Fri, 28 Jul 2017 00:00:00 +0000 /entries/DynamicArchitectures.html Declarative Semantics for Functional Languages /entries/Decl_Sem_Fun_PL.html Fri, 21 Jul 2017 00:00:00 +0000 /entries/Decl_Sem_Fun_PL.html HOLCF-Prelude /entries/HOLCF-Prelude.html Sat, 15 Jul 2017 00:00:00 +0000 /entries/HOLCF-Prelude.html Minkowski's Theorem /entries/Minkowskis_Theorem.html Thu, 13 Jul 2017 00:00:00 +0000 /entries/Minkowskis_Theorem.html Verified Metatheory and Type Inference for a Name-Carrying Simply-Typed Lambda Calculus /entries/Name_Carrying_Type_Inference.html Sun, 09 Jul 2017 00:00:00 +0000 /entries/Name_Carrying_Type_Inference.html A framework for establishing Strong Eventual Consistency for Conflict-free Replicated Datatypes /entries/CRDT.html Fri, 07 Jul 2017 00:00:00 +0000 /entries/CRDT.html Stone-Kleene Relation Algebras /entries/Stone_Kleene_Relation_Algebras.html Thu, 06 Jul 2017 00:00:00 +0000 /entries/Stone_Kleene_Relation_Algebras.html Propositional Proof Systems /entries/Propositional_Proof_Systems.html Wed, 21 Jun 2017 00:00:00 +0000 /entries/Propositional_Proof_Systems.html Partial Semigroups and Convolution Algebras /entries/PSemigroupsConvolution.html Tue, 13 Jun 2017 00:00:00 +0000 /entries/PSemigroupsConvolution.html Buffon's Needle Problem /entries/Buffons_Needle.html Tue, 06 Jun 2017 00:00:00 +0000 /entries/Buffons_Needle.html Flow Networks and the Min-Cut-Max-Flow Theorem /entries/Flow_Networks.html Thu, 01 Jun 2017 00:00:00 +0000 /entries/Flow_Networks.html Formalizing Push-Relabel Algorithms /entries/Prpu_Maxflow.html Thu, 01 Jun 2017 00:00:00 +0000 /entries/Prpu_Maxflow.html Optics /entries/Optics.html Thu, 25 May 2017 00:00:00 +0000 /entries/Optics.html Developing Security Protocols by Refinement /entries/Security_Protocol_Refinement.html Wed, 24 May 2017 00:00:00 +0000 /entries/Security_Protocol_Refinement.html Dictionary Construction /entries/Dict_Construction.html Wed, 24 May 2017 00:00:00 +0000 /entries/Dict_Construction.html The Floyd-Warshall Algorithm for Shortest Paths /entries/Floyd_Warshall.html Mon, 08 May 2017 00:00:00 +0000 /entries/Floyd_Warshall.html CryptHOL /entries/CryptHOL.html Fri, 05 May 2017 00:00:00 +0000 /entries/CryptHOL.html Effect polymorphism in higher-order logic /entries/Monomorphic_Monad.html Fri, 05 May 2017 00:00:00 +0000 /entries/Monomorphic_Monad.html Game-based cryptography in HOL /entries/Game_Based_Crypto.html Fri, 05 May 2017 00:00:00 +0000 /entries/Game_Based_Crypto.html Monad normalisation /entries/Monad_Normalisation.html Fri, 05 May 2017 00:00:00 +0000 /entries/Monad_Normalisation.html Probabilistic while loop /entries/Probabilistic_While.html Fri, 05 May 2017 00:00:00 +0000 /entries/Probabilistic_While.html Monoidal Categories /entries/MonoidalCategory.html Thu, 04 May 2017 00:00:00 +0000 /entries/MonoidalCategory.html Types, Tableaus and Gödel’s God in Isabelle/HOL /entries/Types_Tableaus_and_Goedels_God.html Mon, 01 May 2017 00:00:00 +0000 /entries/Types_Tableaus_and_Goedels_God.html Local Lexing /entries/LocalLexing.html Fri, 28 Apr 2017 00:00:00 +0000 /entries/LocalLexing.html Constructor Functions /entries/Constructor_Funs.html Wed, 19 Apr 2017 00:00:00 +0000 /entries/Constructor_Funs.html Lazifying case constants /entries/Lazy_Case.html Tue, 18 Apr 2017 00:00:00 +0000 /entries/Lazy_Case.html Subresultants /entries/Subresultants.html Thu, 06 Apr 2017 00:00:00 +0000 /entries/Subresultants.html Expected Shape of Random Binary Search Trees /entries/Random_BSTs.html Tue, 04 Apr 2017 00:00:00 +0000 /entries/Random_BSTs.html Lower bound on comparison-based sorting algorithms /entries/Comparison_Sort_Lower_Bound.html Wed, 15 Mar 2017 00:00:00 +0000 /entries/Comparison_Sort_Lower_Bound.html The number of comparisons in QuickSort /entries/Quick_Sort_Cost.html Wed, 15 Mar 2017 00:00:00 +0000 /entries/Quick_Sort_Cost.html The Euler–MacLaurin Formula /entries/Euler_MacLaurin.html Fri, 10 Mar 2017 00:00:00 +0000 /entries/Euler_MacLaurin.html The Group Law for Elliptic Curves /entries/Elliptic_Curves_Group_Law.html Tue, 28 Feb 2017 00:00:00 +0000 /entries/Elliptic_Curves_Group_Law.html Menger's Theorem /entries/Menger.html Sun, 26 Feb 2017 00:00:00 +0000 /entries/Menger.html Differential Dynamic Logic /entries/Differential_Dynamic_Logic.html Mon, 13 Feb 2017 00:00:00 +0000 /entries/Differential_Dynamic_Logic.html Abstract Soundness /entries/Abstract_Soundness.html Fri, 10 Feb 2017 00:00:00 +0000 /entries/Abstract_Soundness.html Stone Relation Algebras /entries/Stone_Relation_Algebras.html Tue, 07 Feb 2017 00:00:00 +0000 /entries/Stone_Relation_Algebras.html Refining Authenticated Key Agreement with Strong Adversaries /entries/Key_Agreement_Strong_Adversaries.html Tue, 31 Jan 2017 00:00:00 +0000 /entries/Key_Agreement_Strong_Adversaries.html Bernoulli Numbers /entries/Bernoulli.html Tue, 24 Jan 2017 00:00:00 +0000 /entries/Bernoulli.html Bertrand's postulate /entries/Bertrands_Postulate.html Tue, 17 Jan 2017 00:00:00 +0000 /entries/Bertrands_Postulate.html Minimal Static Single Assignment Form /entries/Minimal_SSA.html Tue, 17 Jan 2017 00:00:00 +0000 /entries/Minimal_SSA.html The Transcendence of e /entries/E_Transcendental.html Thu, 12 Jan 2017 00:00:00 +0000 /entries/E_Transcendental.html Formal Network Models and Their Application to Firewall Policies /entries/UPF_Firewall.html Sun, 08 Jan 2017 00:00:00 +0000 /entries/UPF_Firewall.html Verification of a Diffie-Hellman Password-based Authentication Protocol by Extending the Inductive Method /entries/Password_Authentication_Protocol.html Tue, 03 Jan 2017 00:00:00 +0000 /entries/Password_Authentication_Protocol.html First-Order Logic According to Harrison /entries/FOL_Harrison.html Sun, 01 Jan 2017 00:00:00 +0000 /entries/FOL_Harrison.html Concurrent Refinement Algebra and Rely Quotients /entries/Concurrent_Ref_Alg.html Fri, 30 Dec 2016 00:00:00 +0000 /entries/Concurrent_Ref_Alg.html The Twelvefold Way /entries/Twelvefold_Way.html Thu, 29 Dec 2016 00:00:00 +0000 /entries/Twelvefold_Way.html Proof Strategy Language /entries/Proof_Strategy_Language.html Tue, 20 Dec 2016 00:00:00 +0000 /entries/Proof_Strategy_Language.html Paraconsistency /entries/Paraconsistency.html Wed, 07 Dec 2016 00:00:00 +0000 /entries/Paraconsistency.html COMPLX: A Verification Framework for Concurrent Imperative Programs /entries/Complx.html Tue, 29 Nov 2016 00:00:00 +0000 /entries/Complx.html Abstract Interpretation of Annotated Commands /entries/Abs_Int_ITP2012.html Wed, 23 Nov 2016 00:00:00 +0000 /entries/Abs_Int_ITP2012.html Separata: Isabelle tactics for Separation Algebra /entries/Separata.html Wed, 16 Nov 2016 00:00:00 +0000 /entries/Separata.html Formalization of Knuth–Bendix Orders for Lambda-Free Higher-Order Terms /entries/Lambda_Free_KBOs.html Sat, 12 Nov 2016 00:00:00 +0000 /entries/Lambda_Free_KBOs.html Formalization of Nested Multisets, Hereditary Multisets, and Syntactic Ordinals /entries/Nested_Multisets_Ordinals.html Sat, 12 Nov 2016 00:00:00 +0000 /entries/Nested_Multisets_Ordinals.html Expressiveness of Deep Learning /entries/Deep_Learning.html Thu, 10 Nov 2016 00:00:00 +0000 /entries/Deep_Learning.html Modal Logics for Nominal Transition Systems /entries/Modal_Logics_for_NTS.html Tue, 25 Oct 2016 00:00:00 +0000 /entries/Modal_Logics_for_NTS.html Stable Matching /entries/Stable_Matching.html Mon, 24 Oct 2016 00:00:00 +0000 /entries/Stable_Matching.html LOFT — Verified Migration of Linux Firewalls to SDN /entries/LOFT.html Fri, 21 Oct 2016 00:00:00 +0000 /entries/LOFT.html A formal model for the SPARCv8 ISA and a proof of non-interference for the LEON3 processor /entries/SPARCv8.html Wed, 19 Oct 2016 00:00:00 +0000 /entries/SPARCv8.html Source Coding Theorem /entries/Source_Coding_Theorem.html Wed, 19 Oct 2016 00:00:00 +0000 /entries/Source_Coding_Theorem.html The Factorization Algorithm of Berlekamp and Zassenhaus /entries/Berlekamp_Zassenhaus.html Fri, 14 Oct 2016 00:00:00 +0000 /entries/Berlekamp_Zassenhaus.html Intersecting Chords Theorem /entries/Chord_Segments.html Tue, 11 Oct 2016 00:00:00 +0000 /entries/Chord_Segments.html Lp spaces /entries/Lp.html Wed, 05 Oct 2016 00:00:00 +0000 /entries/Lp.html Fisher–Yates shuffle /entries/Fisher_Yates.html Fri, 30 Sep 2016 00:00:00 +0000 /entries/Fisher_Yates.html Allen's Interval Calculus /entries/Allen_Calculus.html Thu, 29 Sep 2016 00:00:00 +0000 /entries/Allen_Calculus.html Formalization of Recursive Path Orders for Lambda-Free Higher-Order Terms /entries/Lambda_Free_RPOs.html Fri, 23 Sep 2016 00:00:00 +0000 /entries/Lambda_Free_RPOs.html Iptables Semantics /entries/Iptables_Semantics.html Fri, 09 Sep 2016 00:00:00 +0000 /entries/Iptables_Semantics.html A Variant of the Superposition Calculus /entries/SuperCalc.html Tue, 06 Sep 2016 00:00:00 +0000 /entries/SuperCalc.html Stone Algebras /entries/Stone_Algebras.html Tue, 06 Sep 2016 00:00:00 +0000 /entries/Stone_Algebras.html Stirling's formula /entries/Stirling_Formula.html Thu, 01 Sep 2016 00:00:00 +0000 /entries/Stirling_Formula.html Routing /entries/Routing.html Wed, 31 Aug 2016 00:00:00 +0000 /entries/Routing.html Simple Firewall /entries/Simple_Firewall.html Wed, 24 Aug 2016 00:00:00 +0000 /entries/Simple_Firewall.html Infeasible Paths Elimination by Symbolic Execution Techniques: Proof of Correctness and Preservation of Paths /entries/InfPathElimination.html Thu, 18 Aug 2016 00:00:00 +0000 /entries/InfPathElimination.html Formalizing the Edmonds-Karp Algorithm /entries/EdmondsKarp_Maxflow.html Fri, 12 Aug 2016 00:00:00 +0000 /entries/EdmondsKarp_Maxflow.html The Imperative Refinement Framework /entries/Refine_Imperative_HOL.html Mon, 08 Aug 2016 00:00:00 +0000 /entries/Refine_Imperative_HOL.html Ptolemy's Theorem /entries/Ptolemys_Theorem.html Sun, 07 Aug 2016 00:00:00 +0000 /entries/Ptolemys_Theorem.html Surprise Paradox /entries/Surprise_Paradox.html Sun, 17 Jul 2016 00:00:00 +0000 /entries/Surprise_Paradox.html Pairing Heap /entries/Pairing_Heap.html Thu, 14 Jul 2016 00:00:00 +0000 /entries/Pairing_Heap.html A Framework for Verifying Depth-First Search Algorithms /entries/DFS_Framework.html Tue, 05 Jul 2016 00:00:00 +0000 /entries/DFS_Framework.html Chamber Complexes, Coxeter Systems, and Buildings /entries/Buildings.html Fri, 01 Jul 2016 00:00:00 +0000 /entries/Buildings.html The Resolution Calculus for First-Order Logic /entries/Resolution_FOL.html Thu, 30 Jun 2016 00:00:00 +0000 /entries/Resolution_FOL.html The Z Property /entries/Rewriting_Z.html Thu, 30 Jun 2016 00:00:00 +0000 /entries/Rewriting_Z.html Compositional Security-Preserving Refinement for Concurrent Imperative Programs /entries/Dependent_SIFUM_Refinement.html Tue, 28 Jun 2016 00:00:00 +0000 /entries/Dependent_SIFUM_Refinement.html IP Addresses /entries/IP_Addresses.html Tue, 28 Jun 2016 00:00:00 +0000 /entries/IP_Addresses.html Cardinality of Multisets /entries/Card_Multisets.html Sun, 26 Jun 2016 00:00:00 +0000 /entries/Card_Multisets.html Category Theory with Adjunctions and Limits /entries/Category3.html Sun, 26 Jun 2016 00:00:00 +0000 /entries/Category3.html A Dependent Security Type System for Concurrent Imperative Programs /entries/Dependent_SIFUM_Type_Systems.html Sat, 25 Jun 2016 00:00:00 +0000 /entries/Dependent_SIFUM_Type_Systems.html Catalan Numbers /entries/Catalan_Numbers.html Tue, 21 Jun 2016 00:00:00 +0000 /entries/Catalan_Numbers.html Program Construction and Verification Components Based on Kleene Algebra /entries/Algebraic_VCs.html Sat, 18 Jun 2016 00:00:00 +0000 /entries/Algebraic_VCs.html Conservation of CSP Noninterference Security under Concurrent Composition /entries/Noninterference_Concurrent_Composition.html Mon, 13 Jun 2016 00:00:00 +0000 /entries/Noninterference_Concurrent_Composition.html Finite Machine Word Library /entries/Word_Lib.html Thu, 09 Jun 2016 00:00:00 +0000 /entries/Word_Lib.html Tree Decomposition /entries/Tree_Decomposition.html Tue, 31 May 2016 00:00:00 +0000 /entries/Tree_Decomposition.html Cardinality of Equivalence Relations /entries/Card_Equiv_Relations.html Tue, 24 May 2016 00:00:00 +0000 /entries/Card_Equiv_Relations.html POSIX Lexing with Derivatives of Regular Expressions /entries/Posix-Lexing.html Tue, 24 May 2016 00:00:00 +0000 /entries/Posix-Lexing.html Perron-Frobenius Theorem for Spectral Radius Analysis /entries/Perron_Frobenius.html Fri, 20 May 2016 00:00:00 +0000 /entries/Perron_Frobenius.html The meta theory of the Incredible Proof Machine /entries/Incredible_Proof_Machine.html Fri, 20 May 2016 00:00:00 +0000 /entries/Incredible_Proof_Machine.html A Constructive Proof for FLP /entries/FLP.html Wed, 18 May 2016 00:00:00 +0000 /entries/FLP.html A Formal Proof of the Max-Flow Min-Cut Theorem for Countable Networks /entries/MFMC_Countable.html Mon, 09 May 2016 00:00:00 +0000 /entries/MFMC_Countable.html Randomised Social Choice Theory /entries/Randomised_Social_Choice.html Thu, 05 May 2016 00:00:00 +0000 /entries/Randomised_Social_Choice.html Spivey's Generalized Recurrence for Bell Numbers /entries/Bell_Numbers_Spivey.html Wed, 04 May 2016 00:00:00 +0000 /entries/Bell_Numbers_Spivey.html The Incompatibility of SD-Efficiency and SD-Strategy-Proofness /entries/SDS_Impossibility.html Wed, 04 May 2016 00:00:00 +0000 /entries/SDS_Impossibility.html Gröbner Bases Theory /entries/Groebner_Bases.html Mon, 02 May 2016 00:00:00 +0000 /entries/Groebner_Bases.html No Faster-Than-Light Observers /entries/No_FTL_observers.html Thu, 28 Apr 2016 00:00:00 +0000 /entries/No_FTL_observers.html A formalisation of the Cocke-Younger-Kasami algorithm /entries/CYK.html Wed, 27 Apr 2016 00:00:00 +0000 /entries/CYK.html Algorithms for Reduced Ordered Binary Decision Diagrams /entries/ROBDD.html Wed, 27 Apr 2016 00:00:00 +0000 /entries/ROBDD.html Conservation of CSP Noninterference Security under Sequential Composition /entries/Noninterference_Sequential_Composition.html Tue, 26 Apr 2016 00:00:00 +0000 /entries/Noninterference_Sequential_Composition.html Kleene Algebras with Domain /entries/KAD.html Tue, 12 Apr 2016 00:00:00 +0000 /entries/KAD.html Propositional Resolution and Prime Implicates Generation /entries/PropResPI.html Fri, 11 Mar 2016 00:00:00 +0000 /entries/PropResPI.html The Cartan Fixed Point Theorems /entries/Cartan_FP.html Tue, 08 Mar 2016 00:00:00 +0000 /entries/Cartan_FP.html Timed Automata /entries/Timed_Automata.html Tue, 08 Mar 2016 00:00:00 +0000 /entries/Timed_Automata.html Linear Temporal Logic /entries/LTL.html Tue, 01 Mar 2016 00:00:00 +0000 /entries/LTL.html Analysis of List Update Algorithms /entries/List_Update.html Wed, 17 Feb 2016 00:00:00 +0000 /entries/List_Update.html Verified Construction of Static Single Assignment Form /entries/Formal_SSA.html Fri, 05 Feb 2016 00:00:00 +0000 /entries/Formal_SSA.html Polynomial Factorization /entries/Polynomial_Factorization.html Fri, 29 Jan 2016 00:00:00 +0000 /entries/Polynomial_Factorization.html Polynomial Interpolation /entries/Polynomial_Interpolation.html Fri, 29 Jan 2016 00:00:00 +0000 /entries/Polynomial_Interpolation.html Knot Theory /entries/Knot_Theory.html Wed, 20 Jan 2016 00:00:00 +0000 /entries/Knot_Theory.html Tensor Product of Matrices /entries/Matrix_Tensor.html Mon, 18 Jan 2016 00:00:00 +0000 /entries/Matrix_Tensor.html Cardinality of Number Partitions /entries/Card_Number_Partitions.html Thu, 14 Jan 2016 00:00:00 +0000 /entries/Card_Number_Partitions.html Basic Geometric Properties of Triangles /entries/Triangle.html Mon, 28 Dec 2015 00:00:00 +0000 /entries/Triangle.html Descartes' Rule of Signs /entries/Descartes_Sign_Rule.html Mon, 28 Dec 2015 00:00:00 +0000 /entries/Descartes_Sign_Rule.html Liouville numbers /entries/Liouville_Numbers.html Mon, 28 Dec 2015 00:00:00 +0000 /entries/Liouville_Numbers.html The Divergence of the Prime Harmonic Series /entries/Prime_Harmonic_Series.html Mon, 28 Dec 2015 00:00:00 +0000 /entries/Prime_Harmonic_Series.html Algebraic Numbers in Isabelle/HOL /entries/Algebraic_Numbers.html Tue, 22 Dec 2015 00:00:00 +0000 /entries/Algebraic_Numbers.html Applicative Lifting /entries/Applicative_Lifting.html Tue, 22 Dec 2015 00:00:00 +0000 /entries/Applicative_Lifting.html The Stern-Brocot Tree /entries/Stern_Brocot.html Tue, 22 Dec 2015 00:00:00 +0000 /entries/Stern_Brocot.html Cardinality of Set Partitions /entries/Card_Partitions.html Sat, 12 Dec 2015 00:00:00 +0000 /entries/Card_Partitions.html Latin Square /entries/Latin_Square.html Wed, 02 Dec 2015 00:00:00 +0000 /entries/Latin_Square.html Ergodic Theory /entries/Ergodic_Theory.html Tue, 01 Dec 2015 00:00:00 +0000 /entries/Ergodic_Theory.html Euler's Partition Theorem /entries/Euler_Partition.html Thu, 19 Nov 2015 00:00:00 +0000 /entries/Euler_Partition.html The Tortoise and Hare Algorithm /entries/TortoiseHare.html Wed, 18 Nov 2015 00:00:00 +0000 /entries/TortoiseHare.html Planarity Certificates /entries/Planarity_Certificates.html Wed, 11 Nov 2015 00:00:00 +0000 /entries/Planarity_Certificates.html Positional Determinacy of Parity Games /entries/Parity_Game.html Mon, 02 Nov 2015 00:00:00 +0000 /entries/Parity_Game.html A Meta-Model for the Isabelle API /entries/Isabelle_Meta_Model.html Wed, 16 Sep 2015 00:00:00 +0000 /entries/Isabelle_Meta_Model.html Converting Linear Temporal Logic to Deterministic (Generalized) Rabin Automata /entries/LTL_to_DRA.html Fri, 04 Sep 2015 00:00:00 +0000 /entries/LTL_to_DRA.html Matrices, Jordan Normal Forms, and Spectral Radius Theory /entries/Jordan_Normal_Form.html Fri, 21 Aug 2015 00:00:00 +0000 /entries/Jordan_Normal_Form.html Decreasing Diagrams II /entries/Decreasing-Diagrams-II.html Thu, 20 Aug 2015 00:00:00 +0000 /entries/Decreasing-Diagrams-II.html The Inductive Unwinding Theorem for CSP Noninterference Security /entries/Noninterference_Inductive_Unwinding.html Tue, 18 Aug 2015 00:00:00 +0000 /entries/Noninterference_Inductive_Unwinding.html Representations of Finite Groups /entries/Rep_Fin_Groups.html Wed, 12 Aug 2015 00:00:00 +0000 /entries/Rep_Fin_Groups.html Analysing and Comparing Encodability Criteria for Process Calculi /entries/Encodability_Process_Calculi.html Mon, 10 Aug 2015 00:00:00 +0000 /entries/Encodability_Process_Calculi.html Generating Cases from Labeled Subgoals /entries/Case_Labeling.html Tue, 21 Jul 2015 00:00:00 +0000 /entries/Case_Labeling.html Landau Symbols /entries/Landau_Symbols.html Tue, 14 Jul 2015 00:00:00 +0000 /entries/Landau_Symbols.html The Akra-Bazzi theorem and the Master theorem /entries/Akra_Bazzi.html Tue, 14 Jul 2015 00:00:00 +0000 /entries/Akra_Bazzi.html Hermite Normal Form /entries/Hermite.html Tue, 07 Jul 2015 00:00:00 +0000 /entries/Hermite.html Derangements Formula /entries/Derangements.html Sat, 27 Jun 2015 00:00:00 +0000 /entries/Derangements.html Binary Multirelations /entries/Multirelations.html Thu, 11 Jun 2015 00:00:00 +0000 /entries/Multirelations.html Reasoning about Lists via List Interleaving /entries/List_Interleaving.html Thu, 11 Jun 2015 00:00:00 +0000 /entries/List_Interleaving.html The Generic Unwinding Theorem for CSP Noninterference Security /entries/Noninterference_Generic_Unwinding.html Thu, 11 Jun 2015 00:00:00 +0000 /entries/Noninterference_Generic_Unwinding.html The Ipurge Unwinding Theorem for CSP Noninterference Security /entries/Noninterference_Ipurge_Unwinding.html Thu, 11 Jun 2015 00:00:00 +0000 /entries/Noninterference_Ipurge_Unwinding.html Parameterized Dynamic Tables /entries/Dynamic_Tables.html Sun, 07 Jun 2015 00:00:00 +0000 /entries/Dynamic_Tables.html Derivatives of Logical Formulas /entries/Formula_Derivatives.html Thu, 28 May 2015 00:00:00 +0000 /entries/Formula_Derivatives.html A Zoo of Probabilistic Systems /entries/Probabilistic_System_Zoo.html Wed, 27 May 2015 00:00:00 +0000 /entries/Probabilistic_System_Zoo.html VCG - Combinatorial Vickrey-Clarke-Groves Auctions /entries/Vickrey_Clarke_Groves.html Thu, 30 Apr 2015 00:00:00 +0000 /entries/Vickrey_Clarke_Groves.html Residuated Lattices /entries/Residuated_Lattices.html Wed, 15 Apr 2015 00:00:00 +0000 /entries/Residuated_Lattices.html Concurrent IMP /entries/ConcurrentIMP.html Mon, 13 Apr 2015 00:00:00 +0000 /entries/ConcurrentIMP.html Relaxing Safely: Verified On-the-Fly Garbage Collection for x86-TSO /entries/ConcurrentGC.html Mon, 13 Apr 2015 00:00:00 +0000 /entries/ConcurrentGC.html Trie /entries/Trie.html Mon, 30 Mar 2015 00:00:00 +0000 /entries/Trie.html Consensus Refined /entries/Consensus_Refined.html Wed, 18 Mar 2015 00:00:00 +0000 /entries/Consensus_Refined.html Deriving class instances for datatypes /entries/Deriving.html Wed, 11 Mar 2015 00:00:00 +0000 /entries/Deriving.html The Safety of Call Arity /entries/Call_Arity.html Fri, 20 Feb 2015 00:00:00 +0000 /entries/Call_Arity.html Echelon Form /entries/Echelon_Form.html Thu, 12 Feb 2015 00:00:00 +0000 /entries/Echelon_Form.html QR Decomposition /entries/QR_Decomposition.html Thu, 12 Feb 2015 00:00:00 +0000 /entries/QR_Decomposition.html Finite Automata in Hereditarily Finite Set Theory /entries/Finite_Automata_HF.html Thu, 05 Feb 2015 00:00:00 +0000 /entries/Finite_Automata_HF.html Verification of the UpDown Scheme /entries/UpDown_Scheme.html Wed, 28 Jan 2015 00:00:00 +0000 /entries/UpDown_Scheme.html The Unified Policy Framework (UPF) /entries/UPF.html Fri, 28 Nov 2014 00:00:00 +0000 /entries/UPF.html Loop freedom of the (untimed) AODV routing protocol /entries/AODV.html Thu, 23 Oct 2014 00:00:00 +0000 /entries/AODV.html Lifting Definition Option /entries/Lifting_Definition_Option.html Mon, 13 Oct 2014 00:00:00 +0000 /entries/Lifting_Definition_Option.html Stream Fusion in HOL with Code Generation /entries/Stream_Fusion_Code.html Fri, 10 Oct 2014 00:00:00 +0000 /entries/Stream_Fusion_Code.html A Verified Compiler for Probability Density Functions /entries/Density_Compiler.html Thu, 09 Oct 2014 00:00:00 +0000 /entries/Density_Compiler.html Formalization of Refinement Calculus for Reactive Systems /entries/RefinementReactive.html Wed, 08 Oct 2014 00:00:00 +0000 /entries/RefinementReactive.html Certification Monads /entries/Certification_Monads.html Fri, 03 Oct 2014 00:00:00 +0000 /entries/Certification_Monads.html XML /entries/XML.html Fri, 03 Oct 2014 00:00:00 +0000 /entries/XML.html Imperative Insertion Sort /entries/Imperative_Insertion_Sort.html Thu, 25 Sep 2014 00:00:00 +0000 /entries/Imperative_Insertion_Sort.html The Sturm-Tarski Theorem /entries/Sturm_Tarski.html Fri, 19 Sep 2014 00:00:00 +0000 /entries/Sturm_Tarski.html The Cayley-Hamilton Theorem /entries/Cayley_Hamilton.html Mon, 15 Sep 2014 00:00:00 +0000 /entries/Cayley_Hamilton.html The Jordan-Hölder Theorem /entries/Jordan_Hoelder.html Tue, 09 Sep 2014 00:00:00 +0000 /entries/Jordan_Hoelder.html Priority Queues Based on Braun Trees /entries/Priority_Queue_Braun.html Thu, 04 Sep 2014 00:00:00 +0000 /entries/Priority_Queue_Braun.html Gauss-Jordan Algorithm and Its Applications /entries/Gauss_Jordan.html Wed, 03 Sep 2014 00:00:00 +0000 /entries/Gauss_Jordan.html Real-Valued Special Functions: Upper and Lower Bounds /entries/Special_Function_Bounds.html Fri, 29 Aug 2014 00:00:00 +0000 /entries/Special_Function_Bounds.html Vector Spaces /entries/VectorSpace.html Fri, 29 Aug 2014 00:00:00 +0000 /entries/VectorSpace.html Skew Heap /entries/Skew_Heap.html Wed, 13 Aug 2014 00:00:00 +0000 /entries/Skew_Heap.html Splay Tree /entries/Splay_Tree.html Tue, 12 Aug 2014 00:00:00 +0000 /entries/Splay_Tree.html Haskell's Show Class in Isabelle/HOL /entries/Show.html Tue, 29 Jul 2014 00:00:00 +0000 /entries/Show.html Formal Specification of a Generic Separation Kernel /entries/CISC-Kernel.html Fri, 18 Jul 2014 00:00:00 +0000 /entries/CISC-Kernel.html pGCL for Isabelle /entries/pGCL.html Sun, 13 Jul 2014 00:00:00 +0000 /entries/pGCL.html Amortized Complexity Verified /entries/Amortized_Complexity.html Mon, 07 Jul 2014 00:00:00 +0000 /entries/Amortized_Complexity.html Network Security Policy Verification /entries/Network_Security_Policy_Verification.html Fri, 04 Jul 2014 00:00:00 +0000 /entries/Network_Security_Policy_Verification.html Pop-Refinement /entries/Pop_Refinement.html Thu, 03 Jul 2014 00:00:00 +0000 /entries/Pop_Refinement.html Decision Procedures for MSO on Words Based on Derivatives of Regular Expressions /entries/MSO_Regex_Equivalence.html Thu, 12 Jun 2014 00:00:00 +0000 /entries/MSO_Regex_Equivalence.html Boolean Expression Checkers /entries/Boolean_Expression_Checkers.html Sun, 08 Jun 2014 00:00:00 +0000 /entries/Boolean_Expression_Checkers.html A Fully Verified Executable LTL Model Checker /entries/CAVA_LTL_Modelchecker.html Wed, 28 May 2014 00:00:00 +0000 /entries/CAVA_LTL_Modelchecker.html Converting Linear-Time Temporal Logic to Generalized Büchi Automata /entries/LTL_to_GBA.html Wed, 28 May 2014 00:00:00 +0000 /entries/LTL_to_GBA.html Promela Formalization /entries/Promela.html Wed, 28 May 2014 00:00:00 +0000 /entries/Promela.html The CAVA Automata Library /entries/CAVA_Automata.html Wed, 28 May 2014 00:00:00 +0000 /entries/CAVA_Automata.html Verified Efficient Implementation of Gabow's Strongly Connected Components Algorithm /entries/Gabow_SCC.html Wed, 28 May 2014 00:00:00 +0000 /entries/Gabow_SCC.html Noninterference Security in Communicating Sequential Processes /entries/Noninterference_CSP.html Fri, 23 May 2014 00:00:00 +0000 /entries/Noninterference_CSP.html Transitive closure according to Roy-Floyd-Warshall /entries/Roy_Floyd_Warshall.html Fri, 23 May 2014 00:00:00 +0000 /entries/Roy_Floyd_Warshall.html Regular Algebras /entries/Regular_Algebras.html Wed, 21 May 2014 00:00:00 +0000 /entries/Regular_Algebras.html Formalisation and Analysis of Component Dependencies /entries/ComponentDependencies.html Mon, 28 Apr 2014 00:00:00 +0000 /entries/ComponentDependencies.html A Formalization of Assumptions and Guarantees for Compositional Noninterference /entries/SIFUM_Type_Systems.html Wed, 23 Apr 2014 00:00:00 +0000 /entries/SIFUM_Type_Systems.html A Formalization of Declassification with WHAT-and-WHERE-Security /entries/WHATandWHERE_Security.html Wed, 23 Apr 2014 00:00:00 +0000 /entries/WHATandWHERE_Security.html A Formalization of Strong Security /entries/Strong_Security.html Wed, 23 Apr 2014 00:00:00 +0000 /entries/Strong_Security.html Bounded-Deducibility Security /entries/Bounded_Deducibility_Security.html Tue, 22 Apr 2014 00:00:00 +0000 /entries/Bounded_Deducibility_Security.html A shallow embedding of HyperCTL* /entries/HyperCTL.html Wed, 16 Apr 2014 00:00:00 +0000 /entries/HyperCTL.html Abstract Completeness /entries/Abstract_Completeness.html Wed, 16 Apr 2014 00:00:00 +0000 /entries/Abstract_Completeness.html Discrete Summation /entries/Discrete_Summation.html Sun, 13 Apr 2014 00:00:00 +0000 /entries/Discrete_Summation.html Syntax and semantics of a GPU kernel programming language /entries/GPU_Kernel_PL.html Thu, 03 Apr 2014 00:00:00 +0000 /entries/GPU_Kernel_PL.html Probabilistic Noninterference /entries/Probabilistic_Noninterference.html Tue, 11 Mar 2014 00:00:00 +0000 /entries/Probabilistic_Noninterference.html Mechanization of the Algebra for Wireless Networks (AWN) /entries/AWN.html Sat, 08 Mar 2014 00:00:00 +0000 /entries/AWN.html Mutually Recursive Partial Functions /entries/Partial_Function_MR.html Tue, 18 Feb 2014 00:00:00 +0000 /entries/Partial_Function_MR.html Properties of Random Graphs -- Subgraph Containment /entries/Random_Graph_Subgraph_Threshold.html Thu, 13 Feb 2014 00:00:00 +0000 /entries/Random_Graph_Subgraph_Threshold.html Verification of Selection and Heap Sort Using Locales /entries/Selection_Heap_Sort.html Tue, 11 Feb 2014 00:00:00 +0000 /entries/Selection_Heap_Sort.html Affine Arithmetic /entries/Affine_Arithmetic.html Fri, 07 Feb 2014 00:00:00 +0000 /entries/Affine_Arithmetic.html Implementing field extensions of the form Q[sqrt(b)] /entries/Real_Impl.html Thu, 06 Feb 2014 00:00:00 +0000 /entries/Real_Impl.html Unified Decision Procedures for Regular Expression Equivalence /entries/Regex_Equivalence.html Thu, 30 Jan 2014 00:00:00 +0000 /entries/Regex_Equivalence.html Secondary Sylow Theorems /entries/Secondary_Sylow.html Tue, 28 Jan 2014 00:00:00 +0000 /entries/Secondary_Sylow.html Relation Algebra /entries/Relation_Algebra.html Sat, 25 Jan 2014 00:00:00 +0000 /entries/Relation_Algebra.html Kleene Algebra with Tests and Demonic Refinement Algebras /entries/KAT_and_DRA.html Thu, 23 Jan 2014 00:00:00 +0000 /entries/KAT_and_DRA.html Featherweight OCL: A Proposal for a Machine-Checked Formal Semantics for OCL 2.5 /entries/Featherweight_OCL.html Thu, 16 Jan 2014 00:00:00 +0000 /entries/Featherweight_OCL.html Compositional Properties of Crypto-Based Components /entries/CryptoBasedCompositionalProperties.html Sat, 11 Jan 2014 00:00:00 +0000 /entries/CryptoBasedCompositionalProperties.html Sturm's Theorem /entries/Sturm_Sequences.html Sat, 11 Jan 2014 00:00:00 +0000 /entries/Sturm_Sequences.html A General Method for the Proof of Theorems on Tail-recursive Functions /entries/Tail_Recursive_Functions.html Sun, 01 Dec 2013 00:00:00 +0000 /entries/Tail_Recursive_Functions.html Gödel's Incompleteness Theorems /entries/Incompleteness.html Sun, 17 Nov 2013 00:00:00 +0000 /entries/Incompleteness.html The Hereditarily Finite Sets /entries/HereditarilyFinite.html Sun, 17 Nov 2013 00:00:00 +0000 /entries/HereditarilyFinite.html A Codatatype of Formal Languages /entries/Coinductive_Languages.html Fri, 15 Nov 2013 00:00:00 +0000 /entries/Coinductive_Languages.html Stream Processing Components: Isabelle/HOL Formalisation and Case Studies /entries/FocusStreamsCaseStudies.html Thu, 14 Nov 2013 00:00:00 +0000 /entries/FocusStreamsCaseStudies.html Gödel's God in Isabelle/HOL /entries/GoedelGod.html Tue, 12 Nov 2013 00:00:00 +0000 /entries/GoedelGod.html Decreasing Diagrams /entries/Decreasing-Diagrams.html Fri, 01 Nov 2013 00:00:00 +0000 /entries/Decreasing-Diagrams.html Automatic Data Refinement /entries/Automatic_Refinement.html Wed, 02 Oct 2013 00:00:00 +0000 /entries/Automatic_Refinement.html Native Word /entries/Native_Word.html Tue, 17 Sep 2013 00:00:00 +0000 /entries/Native_Word.html A Formal Model of IEEE Floating Point Arithmetic /entries/IEEE_Floating_Point.html Sat, 27 Jul 2013 00:00:00 +0000 /entries/IEEE_Floating_Point.html Lehmer's Theorem /entries/Lehmer.html Mon, 22 Jul 2013 00:00:00 +0000 /entries/Lehmer.html Pratt's Primality Certificates /entries/Pratt_Certificate.html Mon, 22 Jul 2013 00:00:00 +0000 /entries/Pratt_Certificate.html The Königsberg Bridge Problem and the Friendship Theorem /entries/Koenigsberg_Friendship.html Fri, 19 Jul 2013 00:00:00 +0000 /entries/Koenigsberg_Friendship.html Sound and Complete Sort Encodings for First-Order Logic /entries/Sort_Encodings.html Thu, 27 Jun 2013 00:00:00 +0000 /entries/Sort_Encodings.html An Axiomatic Characterization of the Single-Source Shortest Path Problem /entries/ShortestPath.html Wed, 22 May 2013 00:00:00 +0000 /entries/ShortestPath.html Graph Theory /entries/Graph_Theory.html Sun, 28 Apr 2013 00:00:00 +0000 /entries/Graph_Theory.html Light-weight Containers /entries/Containers.html Mon, 15 Apr 2013 00:00:00 +0000 /entries/Containers.html Nominal 2 /entries/Nominal2.html Thu, 21 Feb 2013 00:00:00 +0000 /entries/Nominal2.html The Correctness of Launchbury's Natural Semantics for Lazy Evaluation /entries/Launchbury.html Thu, 31 Jan 2013 00:00:00 +0000 /entries/Launchbury.html Ribbon Proofs /entries/Ribbon_Proofs.html Sat, 19 Jan 2013 00:00:00 +0000 /entries/Ribbon_Proofs.html Rank-Nullity Theorem in Linear Algebra /entries/Rank_Nullity_Theorem.html Wed, 16 Jan 2013 00:00:00 +0000 /entries/Rank_Nullity_Theorem.html Kleene Algebra /entries/Kleene_Algebra.html Tue, 15 Jan 2013 00:00:00 +0000 /entries/Kleene_Algebra.html Computing N-th Roots using the Babylonian Method /entries/Sqrt_Babylonian.html Thu, 03 Jan 2013 00:00:00 +0000 /entries/Sqrt_Babylonian.html A Separation Logic Framework for Imperative HOL /entries/Separation_Logic_Imperative_HOL.html Wed, 14 Nov 2012 00:00:00 +0000 /entries/Separation_Logic_Imperative_HOL.html Open Induction /entries/Open_Induction.html Fri, 02 Nov 2012 00:00:00 +0000 /entries/Open_Induction.html The independence of Tarski's Euclidean axiom /entries/Tarskis_Geometry.html Tue, 30 Oct 2012 00:00:00 +0000 /entries/Tarskis_Geometry.html Bondy's Theorem /entries/Bondy.html Sat, 27 Oct 2012 00:00:00 +0000 /entries/Bondy.html Possibilistic Noninterference /entries/Possibilistic_Noninterference.html Mon, 10 Sep 2012 00:00:00 +0000 /entries/Possibilistic_Noninterference.html Generating linear orders for datatypes /entries/Datatype_Order_Generator.html Tue, 07 Aug 2012 00:00:00 +0000 /entries/Datatype_Order_Generator.html Proving the Impossibility of Trisecting an Angle and Doubling the Cube /entries/Impossible_Geometry.html Sun, 05 Aug 2012 00:00:00 +0000 /entries/Impossible_Geometry.html Verifying Fault-Tolerant Distributed Algorithms in the Heard-Of Model /entries/Heard_Of.html Fri, 27 Jul 2012 00:00:00 +0000 /entries/Heard_Of.html Logical Relations for PCF /entries/PCF.html Sun, 01 Jul 2012 00:00:00 +0000 /entries/PCF.html Type Constructor Classes and Monad Transformers /entries/Tycon.html Tue, 26 Jun 2012 00:00:00 +0000 /entries/Tycon.html CCS in nominal logic /entries/CCS.html Tue, 29 May 2012 00:00:00 +0000 /entries/CCS.html Psi-calculi in Isabelle /entries/Psi_Calculi.html Tue, 29 May 2012 00:00:00 +0000 /entries/Psi_Calculi.html The pi-calculus in nominal logic /entries/Pi_Calculus.html Tue, 29 May 2012 00:00:00 +0000 /entries/Pi_Calculus.html Isabelle/Circus /entries/Circus.html Sun, 27 May 2012 00:00:00 +0000 /entries/Circus.html Separation Algebra /entries/Separation_Algebra.html Fri, 11 May 2012 00:00:00 +0000 /entries/Separation_Algebra.html Stuttering Equivalence /entries/Stuttering_Equivalence.html Mon, 07 May 2012 00:00:00 +0000 /entries/Stuttering_Equivalence.html Inductive Study of Confidentiality /entries/Inductive_Confidentiality.html Wed, 02 May 2012 00:00:00 +0000 /entries/Inductive_Confidentiality.html Ordinary Differential Equations /entries/Ordinary_Differential_Equations.html Thu, 26 Apr 2012 00:00:00 +0000 /entries/Ordinary_Differential_Equations.html Well-Quasi-Orders /entries/Well_Quasi_Orders.html Fri, 13 Apr 2012 00:00:00 +0000 /entries/Well_Quasi_Orders.html Abortable Linearizable Modules /entries/Abortable_Linearizable_Modules.html Thu, 01 Mar 2012 00:00:00 +0000 /entries/Abortable_Linearizable_Modules.html Executable Transitive Closures /entries/Transitive-Closure-II.html Wed, 29 Feb 2012 00:00:00 +0000 /entries/Transitive-Closure-II.html A Probabilistic Proof of the Girth-Chromatic Number Theorem /entries/Girth_Chromatic.html Mon, 06 Feb 2012 00:00:00 +0000 /entries/Girth_Chromatic.html Dijkstra's Shortest Path Algorithm /entries/Dijkstra_Shortest_Path.html Mon, 30 Jan 2012 00:00:00 +0000 /entries/Dijkstra_Shortest_Path.html Refinement for Monadic Programs /entries/Refine_Monadic.html Mon, 30 Jan 2012 00:00:00 +0000 /entries/Refine_Monadic.html Markov Models /entries/Markov_Models.html Tue, 03 Jan 2012 00:00:00 +0000 /entries/Markov_Models.html A Definitional Encoding of TLA* in Isabelle/HOL /entries/TLA.html Sat, 19 Nov 2011 00:00:00 +0000 /entries/TLA.html Efficient Mergesort /entries/Efficient-Mergesort.html Wed, 09 Nov 2011 00:00:00 +0000 /entries/Efficient-Mergesort.html Algebra of Monotonic Boolean Transformers /entries/MonoBoolTranAlgebra.html Thu, 22 Sep 2011 00:00:00 +0000 /entries/MonoBoolTranAlgebra.html Lattice Properties /entries/LatticeProperties.html Thu, 22 Sep 2011 00:00:00 +0000 /entries/LatticeProperties.html Pseudo Hoops /entries/PseudoHoops.html Thu, 22 Sep 2011 00:00:00 +0000 /entries/PseudoHoops.html The Myhill-Nerode Theorem Based on Regular Expressions /entries/Myhill-Nerode.html Fri, 26 Aug 2011 00:00:00 +0000 /entries/Myhill-Nerode.html Gauss-Jordan Elimination for Matrices Represented as Functions /entries/Gauss-Jordan-Elim-Fun.html Fri, 19 Aug 2011 00:00:00 +0000 /entries/Gauss-Jordan-Elim-Fun.html Maximum Cardinality Matching /entries/Max-Card-Matching.html Thu, 21 Jul 2011 00:00:00 +0000 /entries/Max-Card-Matching.html Knowledge-based programs /entries/KBPs.html Tue, 17 May 2011 00:00:00 +0000 /entries/KBPs.html The General Triangle Is Unique /entries/General-Triangle.html Fri, 01 Apr 2011 00:00:00 +0000 /entries/General-Triangle.html Executable Transitive Closures of Finite Relations /entries/Transitive-Closure.html Mon, 14 Mar 2011 00:00:00 +0000 /entries/Transitive-Closure.html AutoFocus Stream Processing for Single-Clocking and Multi-Clocking Semantics /entries/AutoFocus-Stream.html Wed, 23 Feb 2011 00:00:00 +0000 /entries/AutoFocus-Stream.html Infinite Lists /entries/List-Infinite.html Wed, 23 Feb 2011 00:00:00 +0000 /entries/List-Infinite.html Interval Temporal Logic on Natural Numbers /entries/Nat-Interval-Logic.html Wed, 23 Feb 2011 00:00:00 +0000 /entries/Nat-Interval-Logic.html Lightweight Java /entries/LightweightJava.html Mon, 07 Feb 2011 00:00:00 +0000 /entries/LightweightJava.html RIPEMD-160 /entries/RIPEMD-160-SPARK.html Mon, 10 Jan 2011 00:00:00 +0000 /entries/RIPEMD-160-SPARK.html Lower Semicontinuous Functions /entries/Lower_Semicontinuous.html Sat, 08 Jan 2011 00:00:00 +0000 /entries/Lower_Semicontinuous.html Hall's Marriage Theorem /entries/Marriage.html Fri, 17 Dec 2010 00:00:00 +0000 /entries/Marriage.html Shivers' Control Flow Analysis /entries/Shivers-CFA.html Tue, 16 Nov 2010 00:00:00 +0000 /entries/Shivers-CFA.html Binomial Heaps and Skew Binomial Heaps /entries/Binomial-Heaps.html Thu, 28 Oct 2010 00:00:00 +0000 /entries/Binomial-Heaps.html Finger Trees /entries/Finger-Trees.html Thu, 28 Oct 2010 00:00:00 +0000 /entries/Finger-Trees.html Functional Binomial Queues /entries/Binomial-Queues.html Thu, 28 Oct 2010 00:00:00 +0000 /entries/Binomial-Queues.html Strong Normalization of Moggis's Computational Metalanguage /entries/Lam-ml-Normalization.html Sun, 29 Aug 2010 00:00:00 +0000 /entries/Lam-ml-Normalization.html Executable Multivariate Polynomials /entries/Polynomials.html Tue, 10 Aug 2010 00:00:00 +0000 /entries/Polynomials.html Formalizing Statecharts using Hierarchical Automata /entries/Statecharts.html Sun, 08 Aug 2010 00:00:00 +0000 /entries/Statecharts.html Free Groups /entries/Free-Groups.html Thu, 24 Jun 2010 00:00:00 +0000 /entries/Free-Groups.html Category Theory /entries/Category2.html Sun, 20 Jun 2010 00:00:00 +0000 /entries/Category2.html Executable Matrix Operations on Matrices of Arbitrary Dimensions /entries/Matrix.html Thu, 17 Jun 2010 00:00:00 +0000 /entries/Matrix.html Abstract Rewriting /entries/Abstract-Rewriting.html Mon, 14 Jun 2010 00:00:00 +0000 /entries/Abstract-Rewriting.html Semantics and Data Refinement of Invariant Based Programs /entries/DataRefinementIBP.html Fri, 28 May 2010 00:00:00 +0000 /entries/DataRefinementIBP.html Verification of the Deutsch-Schorr-Waite Graph Marking Algorithm using Data Refinement /entries/GraphMarkingIBP.html Fri, 28 May 2010 00:00:00 +0000 /entries/GraphMarkingIBP.html A Complete Proof of the Robbins Conjecture /entries/Robbins-Conjecture.html Sat, 22 May 2010 00:00:00 +0000 /entries/Robbins-Conjecture.html Regular Sets and Expressions /entries/Regular-Sets.html Wed, 12 May 2010 00:00:00 +0000 /entries/Regular-Sets.html Locally Nameless Sigma Calculus /entries/Locally-Nameless-Sigma.html Fri, 30 Apr 2010 00:00:00 +0000 /entries/Locally-Nameless-Sigma.html Free Boolean Algebra /entries/Free-Boolean-Algebra.html Mon, 29 Mar 2010 00:00:00 +0000 /entries/Free-Boolean-Algebra.html Information Flow Noninterference via Slicing /entries/InformationFlowSlicing.html Tue, 23 Mar 2010 00:00:00 +0000 /entries/InformationFlowSlicing.html Inter-Procedural Information Flow Noninterference via Slicing /entries/InformationFlowSlicing_Inter.html Tue, 23 Mar 2010 00:00:00 +0000 /entries/InformationFlowSlicing_Inter.html List Index /entries/List-Index.html Sat, 20 Feb 2010 00:00:00 +0000 /entries/List-Index.html Coinductive /entries/Coinductive.html Fri, 12 Feb 2010 00:00:00 +0000 /entries/Coinductive.html A Fast SAT Solver for Isabelle in Standard ML /entries/DPT-SAT-Solver.html Wed, 09 Dec 2009 00:00:00 +0000 /entries/DPT-SAT-Solver.html Formalizing the Logic-Automaton Connection /entries/Presburger-Automata.html Thu, 03 Dec 2009 00:00:00 +0000 /entries/Presburger-Automata.html Collections Framework /entries/Collections.html Wed, 25 Nov 2009 00:00:00 +0000 /entries/Collections.html Tree Automata /entries/Tree-Automata.html Wed, 25 Nov 2009 00:00:00 +0000 /entries/Tree-Automata.html Perfect Number Theorem /entries/Perfect-Number-Thm.html Sun, 22 Nov 2009 00:00:00 +0000 /entries/Perfect-Number-Thm.html Backing up Slicing: Verifying the Interprocedural Two-Phase Horwitz-Reps-Binkley Slicer /entries/HRB-Slicing.html Fri, 13 Nov 2009 00:00:00 +0000 /entries/HRB-Slicing.html The Worker/Wrapper Transformation /entries/WorkerWrapper.html Fri, 30 Oct 2009 00:00:00 +0000 /entries/WorkerWrapper.html Ordinals and Cardinals /entries/Ordinals_and_Cardinals.html Tue, 01 Sep 2009 00:00:00 +0000 /entries/Ordinals_and_Cardinals.html Invertibility in Sequent Calculi /entries/SequentInvertibility.html Fri, 28 Aug 2009 00:00:00 +0000 /entries/SequentInvertibility.html An Example of a Cofinitary Group in Isabelle/HOL /entries/CofGroups.html Tue, 04 Aug 2009 00:00:00 +0000 /entries/CofGroups.html Code Generation for Functions as Data /entries/FinFun.html Wed, 06 May 2009 00:00:00 +0000 /entries/FinFun.html Stream Fusion /entries/Stream-Fusion.html Wed, 29 Apr 2009 00:00:00 +0000 /entries/Stream-Fusion.html A Bytecode Logic for JML and Types /entries/BytecodeLogicJmlTypes.html Fri, 12 Dec 2008 00:00:00 +0000 /entries/BytecodeLogicJmlTypes.html Secure information flow and program logics /entries/SIFPL.html Mon, 10 Nov 2008 00:00:00 +0000 /entries/SIFPL.html Some classical results in Social Choice Theory /entries/SenSocialChoice.html Sun, 09 Nov 2008 00:00:00 +0000 /entries/SenSocialChoice.html Fun With Tilings /entries/FunWithTilings.html Fri, 07 Nov 2008 00:00:00 +0000 /entries/FunWithTilings.html The Textbook Proof of Huffman's Algorithm /entries/Huffman.html Wed, 15 Oct 2008 00:00:00 +0000 /entries/Huffman.html Towards Certified Slicing /entries/Slicing.html Tue, 16 Sep 2008 00:00:00 +0000 /entries/Slicing.html A Correctness Proof for the Volpano/Smith Security Typing System /entries/VolpanoSmith.html Tue, 02 Sep 2008 00:00:00 +0000 /entries/VolpanoSmith.html Arrow and Gibbard-Satterthwaite /entries/ArrowImpossibilityGS.html Mon, 01 Sep 2008 00:00:00 +0000 /entries/ArrowImpossibilityGS.html Fun With Functions /entries/FunWithFunctions.html Tue, 26 Aug 2008 00:00:00 +0000 /entries/FunWithFunctions.html Formal Verification of Modern SAT Solvers /entries/SATSolverVerification.html Wed, 23 Jul 2008 00:00:00 +0000 /entries/SATSolverVerification.html Recursion Theory I /entries/Recursion-Theory-I.html Sat, 05 Apr 2008 00:00:00 +0000 /entries/Recursion-Theory-I.html A Sequential Imperative Programming Language Syntax, Semantics, Hoare Logics and Verification Environment /entries/Simpl.html Fri, 29 Feb 2008 00:00:00 +0000 /entries/Simpl.html BDD Normalisation /entries/BDD.html Fri, 29 Feb 2008 00:00:00 +0000 /entries/BDD.html Normalization by Evaluation /entries/NormByEval.html Mon, 18 Feb 2008 00:00:00 +0000 /entries/NormByEval.html Quantifier Elimination for Linear Arithmetic /entries/LinearQuantifierElim.html Fri, 11 Jan 2008 00:00:00 +0000 /entries/LinearQuantifierElim.html Formalization of Conflict Analysis of Programs with Procedures, Thread Creation, and Monitors /entries/Program-Conflict-Analysis.html Fri, 14 Dec 2007 00:00:00 +0000 /entries/Program-Conflict-Analysis.html Jinja with Threads /entries/JinjaThreads.html Mon, 03 Dec 2007 00:00:00 +0000 /entries/JinjaThreads.html Much Ado About Two /entries/MuchAdoAboutTwo.html Tue, 06 Nov 2007 00:00:00 +0000 /entries/MuchAdoAboutTwo.html Fermat's Last Theorem for Exponents 3 and 4 and the Parametrisation of Pythagorean Triples /entries/Fermat3_4.html Sun, 12 Aug 2007 00:00:00 +0000 /entries/Fermat3_4.html Sums of Two and Four Squares /entries/SumSquares.html Sun, 12 Aug 2007 00:00:00 +0000 /entries/SumSquares.html Fundamental Properties of Valuation Theory and Hensel's Lemma /entries/Valuation.html Wed, 08 Aug 2007 00:00:00 +0000 /entries/Valuation.html First-Order Logic According to Fitting /entries/FOL-Fitting.html Thu, 02 Aug 2007 00:00:00 +0000 /entries/FOL-Fitting.html POPLmark Challenge Via de Bruijn Indices /entries/POPLmark-deBruijn.html Thu, 02 Aug 2007 00:00:00 +0000 /entries/POPLmark-deBruijn.html Hotel Key Card System /entries/HotelKeyCards.html Sat, 09 Sep 2006 00:00:00 +0000 /entries/HotelKeyCards.html Abstract Hoare Logics /entries/Abstract-Hoare-Logics.html Tue, 08 Aug 2006 00:00:00 +0000 /entries/Abstract-Hoare-Logics.html Flyspeck I: Tame Graphs /entries/Flyspeck-Tame.html Mon, 22 May 2006 00:00:00 +0000 /entries/Flyspeck-Tame.html CoreC++ /entries/CoreC++.html Mon, 15 May 2006 00:00:00 +0000 /entries/CoreC++.html A Theory of Featherweight Java in Isabelle/HOL /entries/FeatherweightJava.html Fri, 31 Mar 2006 00:00:00 +0000 /entries/FeatherweightJava.html Instances of Schneider's generalized protocol of clock synchronization /entries/ClockSynchInst.html Wed, 15 Mar 2006 00:00:00 +0000 /entries/ClockSynchInst.html Cauchy's Mean Theorem and the Cauchy-Schwarz Inequality /entries/Cauchy.html Tue, 14 Mar 2006 00:00:00 +0000 /entries/Cauchy.html Countable Ordinals /entries/Ordinal.html Fri, 11 Nov 2005 00:00:00 +0000 /entries/Ordinal.html Fast Fourier Transform /entries/FFT.html Wed, 12 Oct 2005 00:00:00 +0000 /entries/FFT.html Formalization of a Generalized Protocol for Clock Synchronization /entries/GenClock.html Fri, 24 Jun 2005 00:00:00 +0000 /entries/GenClock.html Proving the Correctness of Disk Paxos /entries/DiskPaxos.html Wed, 22 Jun 2005 00:00:00 +0000 /entries/DiskPaxos.html Jive Data and Store Model /entries/JiveDataStoreModel.html Mon, 20 Jun 2005 00:00:00 +0000 /entries/JiveDataStoreModel.html Jinja is not Java /entries/Jinja.html Wed, 01 Jun 2005 00:00:00 +0000 /entries/Jinja.html SHA1, RSA, PSS and more /entries/RSAPSS.html Mon, 02 May 2005 00:00:00 +0000 /entries/RSAPSS.html Category Theory to Yoneda's Lemma /entries/Category.html Thu, 21 Apr 2005 00:00:00 +0000 /entries/Category.html File Refinement /entries/FileRefinement.html Thu, 09 Dec 2004 00:00:00 +0000 /entries/FileRefinement.html Integration theory and random variables /entries/Integration.html Fri, 19 Nov 2004 00:00:00 +0000 /entries/Integration.html A Mechanically Verified, Efficient, Sound and Complete Theorem Prover For First Order Logic /entries/Verified-Prover.html Tue, 28 Sep 2004 00:00:00 +0000 /entries/Verified-Prover.html Completeness theorem /entries/Completeness.html Mon, 20 Sep 2004 00:00:00 +0000 /entries/Completeness.html Ramsey's theorem, infinitary version /entries/Ramsey-Infinite.html Mon, 20 Sep 2004 00:00:00 +0000 /entries/Ramsey-Infinite.html Compiling Exceptions Correctly /entries/Compiling-Exceptions-Correctly.html Fri, 09 Jul 2004 00:00:00 +0000 /entries/Compiling-Exceptions-Correctly.html Depth First Search /entries/Depth-First-Search.html Thu, 24 Jun 2004 00:00:00 +0000 /entries/Depth-First-Search.html Groups, Rings and Modules /entries/Group-Ring-Module.html Tue, 18 May 2004 00:00:00 +0000 /entries/Group-Ring-Module.html Lazy Lists II /entries/Lazy-Lists-II.html Mon, 26 Apr 2004 00:00:00 +0000 /entries/Lazy-Lists-II.html Topology /entries/Topology.html Mon, 26 Apr 2004 00:00:00 +0000 /entries/Topology.html Binary Search Trees /entries/BinarySearchTree.html Mon, 05 Apr 2004 00:00:00 +0000 /entries/BinarySearchTree.html Functional Automata /entries/Functional-Automata.html Tue, 30 Mar 2004 00:00:00 +0000 /entries/Functional-Automata.html AVL Trees /entries/AVL-Trees.html Fri, 19 Mar 2004 00:00:00 +0000 /entries/AVL-Trees.html Mini ML /entries/MiniML.html Fri, 19 Mar 2004 00:00:00 +0000 /entries/MiniML.html Abortable_Linearizable_Modules /theories/abortable_linearizable_modules/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/abortable_linearizable_modules/ About /about/ Mon, 01 Jan 0001 00:00:00 +0000 /about/ The Archive of Formal Proofs is a collection of proof libraries, examples, and larger scientific developments, mechanically checked in the theorem prover Isabelle. It is organized in the way of a scientific journal. Submissions are refereed. The archive repository is hosted on Heptapod to provide easy free access to archive entries. The entries are tested and maintained continuously against the current stable release of Isabelle. Older versions of archive entries will remain available. Abs_Int_ITP2012 /theories/abs_int_itp2012/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/abs_int_itp2012/ Abstract-Hoare-Logics /theories/abstract-hoare-logics/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/abstract-hoare-logics/ Abstract-Rewriting /theories/abstract-rewriting/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/abstract-rewriting/ Abstract_Completeness /theories/abstract_completeness/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/abstract_completeness/ Abstract_Soundness /theories/abstract_soundness/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/abstract_soundness/ Ackermanns_not_PR /theories/ackermanns_not_pr/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/ackermanns_not_pr/ Actuarial_Mathematics /theories/actuarial_mathematics/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/actuarial_mathematics/ Adaptive_State_Counting /theories/adaptive_state_counting/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/adaptive_state_counting/ ADS_Functor /theories/ads_functor/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/ads_functor/ Affine_Arithmetic /theories/affine_arithmetic/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/affine_arithmetic/ Aggregation_Algebras /theories/aggregation_algebras/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/aggregation_algebras/ AI_Planning_Languages_Semantics /theories/ai_planning_languages_semantics/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/ai_planning_languages_semantics/ Akra_Bazzi /theories/akra_bazzi/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/akra_bazzi/ Algebraic_Numbers /theories/algebraic_numbers/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/algebraic_numbers/ Algebraic_VCs /theories/algebraic_vcs/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/algebraic_vcs/ Allen_Calculus /theories/allen_calculus/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/allen_calculus/ Amicable_Numbers /theories/amicable_numbers/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/amicable_numbers/ Amortized_Complexity /theories/amortized_complexity/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/amortized_complexity/ AnselmGod /theories/anselmgod/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/anselmgod/ AODV /theories/aodv/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/aodv/ Applicative_Lifting /theories/applicative_lifting/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/applicative_lifting/ Approximation_Algorithms /theories/approximation_algorithms/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/approximation_algorithms/ Architectural_Design_Patterns /theories/architectural_design_patterns/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/architectural_design_patterns/ Aristotles_Assertoric_Syllogistic /theories/aristotles_assertoric_syllogistic/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/aristotles_assertoric_syllogistic/ Arith_Prog_Rel_Primes /theories/arith_prog_rel_primes/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/arith_prog_rel_primes/ ArrowImpossibilityGS /theories/arrowimpossibilitygs/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/arrowimpossibilitygs/ Attack_Trees /theories/attack_trees/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/attack_trees/ Auto2_HOL /theories/auto2_hol/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/auto2_hol/ Auto2_Imperative_HOL /theories/auto2_imperative_hol/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/auto2_imperative_hol/ AutoFocus-Stream /theories/autofocus-stream/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/autofocus-stream/ Automated_Stateful_Protocol_Verification /theories/automated_stateful_protocol_verification/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/automated_stateful_protocol_verification/ Automatic_Refinement /theories/automatic_refinement/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/automatic_refinement/ AVL-Trees /theories/avl-trees/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/avl-trees/ AWN /theories/awn/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/awn/ AxiomaticCategoryTheory /theories/axiomaticcategorytheory/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/axiomaticcategorytheory/ Banach_Steinhaus /theories/banach_steinhaus/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/banach_steinhaus/ BD_Security_Compositional /theories/bd_security_compositional/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/bd_security_compositional/ BDD /theories/bdd/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/bdd/ Belief_Revision /theories/belief_revision/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/belief_revision/ Bell_Numbers_Spivey /theories/bell_numbers_spivey/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/bell_numbers_spivey/ BenOr_Kozen_Reif /theories/benor_kozen_reif/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/benor_kozen_reif/ Berlekamp_Zassenhaus /theories/berlekamp_zassenhaus/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/berlekamp_zassenhaus/ Bernoulli /theories/bernoulli/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/bernoulli/ Bertrands_Postulate /theories/bertrands_postulate/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/bertrands_postulate/ Bicategory /theories/bicategory/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/bicategory/ BinarySearchTree /theories/binarysearchtree/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/binarysearchtree/ Binding_Syntax_Theory /theories/binding_syntax_theory/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/binding_syntax_theory/ Binomial-Heaps /theories/binomial-heaps/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/binomial-heaps/ Binomial-Queues /theories/binomial-queues/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/binomial-queues/ BirdKMP /theories/birdkmp/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/birdkmp/ Blue_Eyes /theories/blue_eyes/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/blue_eyes/ BNF_CC /theories/bnf_cc/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/bnf_cc/ BNF_Operations /theories/bnf_operations/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/bnf_operations/ Bondy /theories/bondy/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/bondy/ Boolean_Expression_Checkers /theories/boolean_expression_checkers/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/boolean_expression_checkers/ Boolos_Curious_Inference /theories/boolos_curious_inference/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/boolos_curious_inference/ Bounded_Deducibility_Security /theories/bounded_deducibility_security/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/bounded_deducibility_security/ BTree /theories/btree/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/btree/ Buchi_Complementation /theories/buchi_complementation/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/buchi_complementation/ Budan_Fourier /theories/budan_fourier/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/budan_fourier/ Buffons_Needle /theories/buffons_needle/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/buffons_needle/ Buildings /theories/buildings/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/buildings/ BytecodeLogicJmlTypes /theories/bytecodelogicjmltypes/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/bytecodelogicjmltypes/ C2KA_DistributedSystems /theories/c2ka_distributedsystems/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/c2ka_distributedsystems/ CakeML /theories/cakeml/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/cakeml/ CakeML_Codegen /theories/cakeml_codegen/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/cakeml_codegen/ Call_Arity /theories/call_arity/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/call_arity/ Card_Equiv_Relations /theories/card_equiv_relations/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/card_equiv_relations/ Card_Multisets /theories/card_multisets/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/card_multisets/ Card_Number_Partitions /theories/card_number_partitions/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/card_number_partitions/ Card_Partitions /theories/card_partitions/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/card_partitions/ Cartan_FP /theories/cartan_fp/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/cartan_fp/ Case_Labeling /theories/case_labeling/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/case_labeling/ Catalan_Numbers /theories/catalan_numbers/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/catalan_numbers/ Category /theories/category/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/category/ Category2 /theories/category2/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/category2/ Category3 /theories/category3/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/category3/ Cauchy /theories/cauchy/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/cauchy/ CAVA_Automata /theories/cava_automata/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/cava_automata/ CAVA_Base /theories/cava_base/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/cava_base/ CAVA_LTL_Modelchecker /theories/cava_ltl_modelchecker/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/cava_ltl_modelchecker/ CAVA_Setup /theories/cava_setup/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/cava_setup/ Cayley_Hamilton /theories/cayley_hamilton/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/cayley_hamilton/ CCS /theories/ccs/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/ccs/ Certification_Monads /theories/certification_monads/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/certification_monads/ Chandy_Lamport /theories/chandy_lamport/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/chandy_lamport/ Chord_Segments /theories/chord_segments/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/chord_segments/ Circus /theories/circus/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/circus/ CISC-Kernel /theories/cisc-kernel/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/cisc-kernel/ Clean /theories/clean/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/clean/ Clique_and_Monotone_Circuits /theories/clique_and_monotone_circuits/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/clique_and_monotone_circuits/ ClockSynchInst /theories/clocksynchinst/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/clocksynchinst/ Closest_Pair_Points /theories/closest_pair_points/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/closest_pair_points/ CoCon /theories/cocon/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/cocon/ CofGroups /theories/cofgroups/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/cofgroups/ Coinductive /theories/coinductive/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/coinductive/ Coinductive_Languages /theories/coinductive_languages/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/coinductive_languages/ Collections /theories/collections/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/collections/ Collections_Examples /theories/collections_examples/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/collections_examples/ Combinable_Wands /theories/combinable_wands/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/combinable_wands/ Combinatorics_Words /theories/combinatorics_words/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/combinatorics_words/ Combinatorics_Words_Graph_Lemma /theories/combinatorics_words_graph_lemma/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/combinatorics_words_graph_lemma/ Combinatorics_Words_Lyndon /theories/combinatorics_words_lyndon/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/combinatorics_words_lyndon/ Commuting_Hermitian /theories/commuting_hermitian/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/commuting_hermitian/ Comparison_Sort_Lower_Bound /theories/comparison_sort_lower_bound/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/comparison_sort_lower_bound/ Compiling-Exceptions-Correctly /theories/compiling-exceptions-correctly/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/compiling-exceptions-correctly/ Complete_Non_Orders /theories/complete_non_orders/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/complete_non_orders/ Completeness /theories/completeness/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/completeness/ Complex_Bounded_Operators /theories/complex_bounded_operators/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/complex_bounded_operators/ Complex_Geometry /theories/complex_geometry/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/complex_geometry/ Complx /theories/complx/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/complx/ ComponentDependencies /theories/componentdependencies/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/componentdependencies/ Concurrent_Ref_Alg /theories/concurrent_ref_alg/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/concurrent_ref_alg/ Concurrent_Revisions /theories/concurrent_revisions/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/concurrent_revisions/ ConcurrentGC /theories/concurrentgc/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/concurrentgc/ ConcurrentIMP /theories/concurrentimp/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/concurrentimp/ Conditional_Simplification /theories/conditional_simplification/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/conditional_simplification/ Conditional_Transfer_Rule /theories/conditional_transfer_rule/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/conditional_transfer_rule/ Consensus_Refined /theories/consensus_refined/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/consensus_refined/ Constructive_Cryptography /theories/constructive_cryptography/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/constructive_cryptography/ Constructive_Cryptography_CM /theories/constructive_cryptography_cm/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/constructive_cryptography_cm/ Constructor_Funs /theories/constructor_funs/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/constructor_funs/ Containers /theories/containers/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/containers/ Containers-Benchmarks /theories/containers-benchmarks/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/containers-benchmarks/ Core_DOM /theories/core_dom/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/core_dom/ Core_SC_DOM /theories/core_sc_dom/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/core_sc_dom/ CoreC++ /theories/corec++/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/corec++/ Correctness_Algebras /theories/correctness_algebras/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/correctness_algebras/ CoSMed /theories/cosmed/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/cosmed/ CoSMeDis /theories/cosmedis/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/cosmedis/ Cotangent_PFD_Formula /theories/cotangent_pfd_formula/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/cotangent_pfd_formula/ Count_Complex_Roots /theories/count_complex_roots/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/count_complex_roots/ CRDT /theories/crdt/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/crdt/ CryptHOL /theories/crypthol/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/crypthol/ CryptoBasedCompositionalProperties /theories/cryptobasedcompositionalproperties/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/cryptobasedcompositionalproperties/ CRYSTALS-Kyber /theories/crystals-kyber/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/crystals-kyber/ CSP_RefTK /theories/csp_reftk/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/csp_reftk/ Cubic_Quartic_Equations /theories/cubic_quartic_equations/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/cubic_quartic_equations/ CYK /theories/cyk/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/cyk/ CZH_Elementary_Categories /theories/czh_elementary_categories/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/czh_elementary_categories/ CZH_Foundations /theories/czh_foundations/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/czh_foundations/ CZH_Universal_Constructions /theories/czh_universal_constructions/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/czh_universal_constructions/ DataRefinementIBP /theories/datarefinementibp/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/datarefinementibp/ Datatype_Order_Generator /theories/datatype_order_generator/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/datatype_order_generator/ Decl_Sem_Fun_PL /theories/decl_sem_fun_pl/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/decl_sem_fun_pl/ Decreasing-Diagrams /theories/decreasing-diagrams/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/decreasing-diagrams/ Decreasing-Diagrams-II /theories/decreasing-diagrams-ii/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/decreasing-diagrams-ii/ Dedekind_Real /theories/dedekind_real/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/dedekind_real/ Deep_Learning /theories/deep_learning/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/deep_learning/ Delta_System_Lemma /theories/delta_system_lemma/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/delta_system_lemma/ Density_Compiler /theories/density_compiler/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/density_compiler/ Dependent_SIFUM_Refinement /theories/dependent_sifum_refinement/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/dependent_sifum_refinement/ Dependent_SIFUM_Type_Systems /theories/dependent_sifum_type_systems/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/dependent_sifum_type_systems/ Depth-First-Search /theories/depth-first-search/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/depth-first-search/ Derangements /theories/derangements/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/derangements/ Deriving /theories/deriving/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/deriving/ Descartes_Sign_Rule /theories/descartes_sign_rule/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/descartes_sign_rule/ Design_Theory /theories/design_theory/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/design_theory/ DFS_Framework /theories/dfs_framework/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/dfs_framework/ Dict_Construction /theories/dict_construction/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/dict_construction/ Differential_Dynamic_Logic /theories/differential_dynamic_logic/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/differential_dynamic_logic/ Differential_Game_Logic /theories/differential_game_logic/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/differential_game_logic/ Digit_Expansions /theories/digit_expansions/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/digit_expansions/ Dijkstra_Shortest_Path /theories/dijkstra_shortest_path/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/dijkstra_shortest_path/ Diophantine_Eqns_Lin_Hom /theories/diophantine_eqns_lin_hom/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/diophantine_eqns_lin_hom/ Dirichlet_L /theories/dirichlet_l/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/dirichlet_l/ Dirichlet_Series /theories/dirichlet_series/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/dirichlet_series/ Discrete_Summation /theories/discrete_summation/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/discrete_summation/ DiscretePricing /theories/discretepricing/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/discretepricing/ DiskPaxos /theories/diskpaxos/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/diskpaxos/ DOM_Components /theories/dom_components/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/dom_components/ Dominance_CHK /theories/dominance_chk/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/dominance_chk/ Download the Archive /download/ Mon, 01 Jan 0001 00:00:00 +0000 /download/ Current stable version (for most recent Isabelle release): Download all sessions: afp-current.tar.gz (~70 MB) Older stable versions: Please use the sourceforge download system to access older versions of the archive. Mercurial access: The AFP repositories with tooling and metadata can be found at Heptapod. In particular, the development version of the Archive (for the development version of Isabelle) is available there. How to refer to AFP entries: You can refer to AFP entries by using the AFP as an Isabelle component. DPRM_Theorem /theories/dprm_theorem/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/dprm_theorem/ DPT-SAT-Solver /theories/dpt-sat-solver/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/dpt-sat-solver/ Dynamic_Tables /theories/dynamic_tables/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/dynamic_tables/ DynamicArchitectures /theories/dynamicarchitectures/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/dynamicarchitectures/ E_Transcendental /theories/e_transcendental/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/e_transcendental/ Echelon_Form /theories/echelon_form/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/echelon_form/ EdmondsKarp_Maxflow /theories/edmondskarp_maxflow/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/edmondskarp_maxflow/ Efficient-Mergesort /theories/efficient-mergesort/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/efficient-mergesort/ Elliptic_Curves_Group_Law /theories/elliptic_curves_group_law/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/elliptic_curves_group_law/ Encodability_Process_Calculi /theories/encodability_process_calculi/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/encodability_process_calculi/ Entry Submission /submission/ Mon, 01 Jan 0001 00:00:00 +0000 /submission/ Submission Guidelines The submission must follow the following Isabelle style rules. For additional guidelines on Isabelle proofs, also see the this guide (feel free to follow all of these; only the below are mandatory). Technical details about the submission process and the format of the submission are explained on the submission site. No use of the commands sorry or back. Instantiations must not use Isabelle-generated names such as xa — use Isar, the subgoal command or rename_tac to avoid such names. Epistemic_Logic /theories/epistemic_logic/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/epistemic_logic/ Equivalence_Relation_Enumeration /theories/equivalence_relation_enumeration/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/equivalence_relation_enumeration/ Ergodic_Theory /theories/ergodic_theory/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/ergodic_theory/ Error_Function /theories/error_function/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/error_function/ Euler_MacLaurin /theories/euler_maclaurin/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/euler_maclaurin/ Euler_Partition /theories/euler_partition/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/euler_partition/ Eval_FO /theories/eval_fo/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/eval_fo/ Extended_Finite_State_Machine_Inference /theories/extended_finite_state_machine_inference/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/extended_finite_state_machine_inference/ Extended_Finite_State_Machines /theories/extended_finite_state_machines/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/extended_finite_state_machines/ Factor_Algebraic_Polynomial /theories/factor_algebraic_polynomial/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/factor_algebraic_polynomial/ Factored_Transition_System_Bounding /theories/factored_transition_system_bounding/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/factored_transition_system_bounding/ Falling_Factorial_Sum /theories/falling_factorial_sum/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/falling_factorial_sum/ Farkas /theories/farkas/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/farkas/ Featherweight_OCL /theories/featherweight_ocl/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/featherweight_ocl/ FeatherweightJava /theories/featherweightjava/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/featherweightjava/ Fermat3_4 /theories/fermat3_4/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/fermat3_4/ FFT /theories/fft/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/fft/ FileRefinement /theories/filerefinement/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/filerefinement/ FinFun /theories/finfun/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/finfun/ Finger-Trees /theories/finger-trees/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/finger-trees/ Finite-Map-Extras /theories/finite-map-extras/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/finite-map-extras/ Finite_Automata_HF /theories/finite_automata_hf/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/finite_automata_hf/ Finite_Fields /theories/finite_fields/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/finite_fields/ Finitely_Generated_Abelian_Groups /theories/finitely_generated_abelian_groups/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/finitely_generated_abelian_groups/ First_Order_Terms /theories/first_order_terms/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/first_order_terms/ First_Welfare_Theorem /theories/first_welfare_theorem/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/first_welfare_theorem/ Fishburn_Impossibility /theories/fishburn_impossibility/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/fishburn_impossibility/ Fisher_Yates /theories/fisher_yates/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/fisher_yates/ Fishers_Inequality /theories/fishers_inequality/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/fishers_inequality/ Flow_Networks /theories/flow_networks/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/flow_networks/ Floyd_Warshall /theories/floyd_warshall/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/floyd_warshall/ FLP /theories/flp/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/flp/ Flyspeck-Tame /theories/flyspeck-tame/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/flyspeck-tame/ Flyspeck-Tame-Computation /theories/flyspeck-tame-computation/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/flyspeck-tame-computation/ FO_Theory_Rewriting /theories/fo_theory_rewriting/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/fo_theory_rewriting/ FocusStreamsCaseStudies /theories/focusstreamscasestudies/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/focusstreamscasestudies/ FOL-Fitting /theories/fol-fitting/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/fol-fitting/ FOL_Axiomatic /theories/fol_axiomatic/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/fol_axiomatic/ FOL_Harrison /theories/fol_harrison/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/fol_harrison/ FOL_Seq_Calc1 /theories/fol_seq_calc1/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/fol_seq_calc1/ FOL_Seq_Calc2 /theories/fol_seq_calc2/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/fol_seq_calc2/ FOL_Seq_Calc3 /theories/fol_seq_calc3/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/fol_seq_calc3/ Forcing /theories/forcing/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/forcing/ Formal_Puiseux_Series /theories/formal_puiseux_series/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/formal_puiseux_series/ Formal_SSA /theories/formal_ssa/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/formal_ssa/ Formula_Derivatives /theories/formula_derivatives/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/formula_derivatives/ Formula_Derivatives-Examples /theories/formula_derivatives-examples/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/formula_derivatives-examples/ Foundation_of_geometry /theories/foundation_of_geometry/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/foundation_of_geometry/ Fourier /theories/fourier/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/fourier/ Free-Boolean-Algebra /theories/free-boolean-algebra/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/free-boolean-algebra/ Free-Groups /theories/free-groups/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/free-groups/ Frequency_Moments /theories/frequency_moments/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/frequency_moments/ Fresh_Identifiers /theories/fresh_identifiers/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/fresh_identifiers/ FSM_Tests /theories/fsm_tests/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/fsm_tests/ Functional-Automata /theories/functional-automata/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/functional-automata/ Functional_Ordered_Resolution_Prover /theories/functional_ordered_resolution_prover/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/functional_ordered_resolution_prover/ FunWithFunctions /theories/funwithfunctions/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/funwithfunctions/ FunWithTilings /theories/funwithtilings/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/funwithtilings/ Furstenberg_Topology /theories/furstenberg_topology/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/furstenberg_topology/ Gabow_SCC /theories/gabow_scc/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/gabow_scc/ Gale_Shapley /theories/gale_shapley/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/gale_shapley/ GaleStewart_Games /theories/galestewart_games/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/galestewart_games/ Game_Based_Crypto /theories/game_based_crypto/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/game_based_crypto/ Gauss-Jordan-Elim-Fun /theories/gauss-jordan-elim-fun/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/gauss-jordan-elim-fun/ Gauss_Jordan /theories/gauss_jordan/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/gauss_jordan/ Gauss_Sums /theories/gauss_sums/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/gauss_sums/ Gaussian_Integers /theories/gaussian_integers/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/gaussian_integers/ GenClock /theories/genclock/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/genclock/ General-Triangle /theories/general-triangle/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/general-triangle/ Generalized_Counting_Sort /theories/generalized_counting_sort/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/generalized_counting_sort/ Generic_Deriving /theories/generic_deriving/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/generic_deriving/ Generic_Join /theories/generic_join/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/generic_join/ GewirthPGCProof /theories/gewirthpgcproof/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/gewirthpgcproof/ Girth_Chromatic /theories/girth_chromatic/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/girth_chromatic/ Goedel_HFSet_Semantic /theories/goedel_hfset_semantic/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/goedel_hfset_semantic/ Goedel_HFSet_Semanticless /theories/goedel_hfset_semanticless/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/goedel_hfset_semanticless/ Goedel_Incompleteness /theories/goedel_incompleteness/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/goedel_incompleteness/ GoedelGod /theories/goedelgod/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/goedelgod/ Goodstein_Lambda /theories/goodstein_lambda/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/goodstein_lambda/ GPU_Kernel_PL /theories/gpu_kernel_pl/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/gpu_kernel_pl/ Graph_Saturation /theories/graph_saturation/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/graph_saturation/ Graph_Theory /theories/graph_theory/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/graph_theory/ GraphMarkingIBP /theories/graphmarkingibp/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/graphmarkingibp/ Green /theories/green/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/green/ Groebner_Bases /theories/groebner_bases/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/groebner_bases/ Groebner_Macaulay /theories/groebner_macaulay/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/groebner_macaulay/ Gromov_Hyperbolicity /theories/gromov_hyperbolicity/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/gromov_hyperbolicity/ Grothendieck_Schemes /theories/grothendieck_schemes/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/grothendieck_schemes/ Group-Ring-Module /theories/group-ring-module/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/group-ring-module/ Hahn_Jordan_Decomposition /theories/hahn_jordan_decomposition/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/hahn_jordan_decomposition/ Hales_Jewett /theories/hales_jewett/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/hales_jewett/ Heard_Of /theories/heard_of/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/heard_of/ Hello_World /theories/hello_world/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/hello_world/ Help /help/ Mon, 01 Jan 0001 00:00:00 +0000 /help/ This section focuses on the Archive of Formal Proofs. For help with Isabelle, see the Isabelle Documentation. More resources are listed in the Isabelle Quick Access Links. Referring to AFP Entries in Isabelle/JEdit Once you have downloaded the AFP, you can include its articles and theories in your own developments. If you would like to make your work available to others without having to include the AFP articles you depend on, here is how to do it. HereditarilyFinite /theories/hereditarilyfinite/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/hereditarilyfinite/ Hermite /theories/hermite/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/hermite/ Hermite_Lindemann /theories/hermite_lindemann/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/hermite_lindemann/ Hidden_Markov_Models /theories/hidden_markov_models/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/hidden_markov_models/ Higher_Order_Terms /theories/higher_order_terms/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/higher_order_terms/ Hoare_Time /theories/hoare_time/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/hoare_time/ HOL-CSP /theories/hol-csp/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/hol-csp/ HOL-ODE-ARCH-COMP /theories/hol-ode-arch-comp/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/hol-ode-arch-comp/ HOL-ODE-Examples /theories/hol-ode-examples/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/hol-ode-examples/ HOL-ODE-Numerics /theories/hol-ode-numerics/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/hol-ode-numerics/ HOLCF-Prelude /theories/holcf-prelude/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/holcf-prelude/ Hood_Melville_Queue /theories/hood_melville_queue/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/hood_melville_queue/ HotelKeyCards /theories/hotelkeycards/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/hotelkeycards/ HRB-Slicing /theories/hrb-slicing/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/hrb-slicing/ Huffman /theories/huffman/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/huffman/ Hybrid_Logic /theories/hybrid_logic/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/hybrid_logic/ Hybrid_Multi_Lane_Spatial_Logic /theories/hybrid_multi_lane_spatial_logic/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/hybrid_multi_lane_spatial_logic/ Hybrid_Systems_VCs /theories/hybrid_systems_vcs/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/hybrid_systems_vcs/ HyperCTL /theories/hyperctl/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/hyperctl/ Hyperdual /theories/hyperdual/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/hyperdual/ IEEE_Floating_Point /theories/ieee_floating_point/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/ieee_floating_point/ IFC_Tracking /theories/ifc_tracking/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/ifc_tracking/ IMAP-CRDT /theories/imap-crdt/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/imap-crdt/ IMO2019 /theories/imo2019/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/imo2019/ IMP2 /theories/imp2/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/imp2/ IMP2_Binary_Heap /theories/imp2_binary_heap/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/imp2_binary_heap/ IMP_Compiler /theories/imp_compiler/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/imp_compiler/ IMP_Compiler_Reuse /theories/imp_compiler_reuse/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/imp_compiler_reuse/ Imperative_Insertion_Sort /theories/imperative_insertion_sort/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/imperative_insertion_sort/ Implicational_Logic /theories/implicational_logic/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/implicational_logic/ Impossible_Geometry /theories/impossible_geometry/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/impossible_geometry/ Incompleteness /theories/incompleteness/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/incompleteness/ Incredible_Proof_Machine /theories/incredible_proof_machine/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/incredible_proof_machine/ Independence_CH /theories/independence_ch/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/independence_ch/ Inductive_Confidentiality /theories/inductive_confidentiality/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/inductive_confidentiality/ Inductive_Inference /theories/inductive_inference/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/inductive_inference/ InformationFlowSlicing /theories/informationflowslicing/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/informationflowslicing/ InformationFlowSlicing_Inter /theories/informationflowslicing_inter/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/informationflowslicing_inter/ InfPathElimination /theories/infpathelimination/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/infpathelimination/ Integration /theories/integration/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/integration/ Interpolation_Polynomials_HOL_Algebra /theories/interpolation_polynomials_hol_algebra/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/interpolation_polynomials_hol_algebra/ Interpreter_Optimizations /theories/interpreter_optimizations/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/interpreter_optimizations/ Interval_Arithmetic_Word32 /theories/interval_arithmetic_word32/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/interval_arithmetic_word32/ Intro_Dest_Elim /theories/intro_dest_elim/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/intro_dest_elim/ Involutions2Squares /theories/involutions2squares/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/involutions2squares/ IP_Addresses /theories/ip_addresses/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/ip_addresses/ Iptables_Semantics /theories/iptables_semantics/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/iptables_semantics/ Iptables_Semantics_Examples /theories/iptables_semantics_examples/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/iptables_semantics_examples/ Iptables_Semantics_Examples_Big /theories/iptables_semantics_examples_big/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/iptables_semantics_examples_big/ Irrational_Series_Erdos_Straus /theories/irrational_series_erdos_straus/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/irrational_series_erdos_straus/ Irrationality_J_Hancl /theories/irrationality_j_hancl/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/irrationality_j_hancl/ Irrationals_From_THEBOOK /theories/irrationals_from_thebook/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/irrationals_from_thebook/ Isabelle_C /theories/isabelle_c/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/isabelle_c/ Isabelle_Marries_Dirac /theories/isabelle_marries_dirac/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/isabelle_marries_dirac/ Isabelle_Meta_Model /theories/isabelle_meta_model/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/isabelle_meta_model/ IsaGeoCoq /theories/isageocoq/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/isageocoq/ IsaNet /theories/isanet/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/isanet/ Jacobson_Basic_Algebra /theories/jacobson_basic_algebra/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/jacobson_basic_algebra/ Jinja /theories/jinja/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/jinja/ JinjaDCI /theories/jinjadci/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/jinjadci/ JinjaThreads /theories/jinjathreads/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/jinjathreads/ JiveDataStoreModel /theories/jivedatastoremodel/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/jivedatastoremodel/ Jordan_Hoelder /theories/jordan_hoelder/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/jordan_hoelder/ Jordan_Normal_Form /theories/jordan_normal_form/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/jordan_normal_form/ KAD /theories/kad/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/kad/ KAT_and_DRA /theories/kat_and_dra/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/kat_and_dra/ KBPs /theories/kbps/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/kbps/ KD_Tree /theories/kd_tree/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/kd_tree/ Key_Agreement_Strong_Adversaries /theories/key_agreement_strong_adversaries/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/key_agreement_strong_adversaries/ Khovanskii_Theorem /theories/khovanskii_theorem/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/khovanskii_theorem/ Kleene_Algebra /theories/kleene_algebra/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/kleene_algebra/ Knights_Tour /theories/knights_tour/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/knights_tour/ Knot_Theory /theories/knot_theory/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/knot_theory/ Knuth_Bendix_Order /theories/knuth_bendix_order/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/knuth_bendix_order/ Knuth_Morris_Pratt /theories/knuth_morris_pratt/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/knuth_morris_pratt/ Koenigsberg_Friendship /theories/koenigsberg_friendship/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/koenigsberg_friendship/ Kruskal /theories/kruskal/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/kruskal/ Kuratowski_Closure_Complement /theories/kuratowski_closure_complement/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/kuratowski_closure_complement/ Lam-ml-Normalization /theories/lam-ml-normalization/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/lam-ml-normalization/ Lambda_Free_EPO /theories/lambda_free_epo/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/lambda_free_epo/ Lambda_Free_KBOs /theories/lambda_free_kbos/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/lambda_free_kbos/ Lambda_Free_RPOs /theories/lambda_free_rpos/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/lambda_free_rpos/ LambdaAuth /theories/lambdaauth/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/lambdaauth/ LambdaMu /theories/lambdamu/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/lambdamu/ Lambert_W /theories/lambert_w/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/lambert_w/ Landau_Symbols /theories/landau_symbols/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/landau_symbols/ Laplace_Transform /theories/laplace_transform/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/laplace_transform/ Latin_Square /theories/latin_square/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/latin_square/ LatticeProperties /theories/latticeproperties/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/latticeproperties/ Launchbury /theories/launchbury/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/launchbury/ Laws_of_Large_Numbers /theories/laws_of_large_numbers/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/laws_of_large_numbers/ Lazy-Lists-II /theories/lazy-lists-ii/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/lazy-lists-ii/ Lazy_Case /theories/lazy_case/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/lazy_case/ Lehmer /theories/lehmer/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/lehmer/ LEM /theories/lem/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/lem/ Lifting_Definition_Option /theories/lifting_definition_option/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/lifting_definition_option/ Lifting_the_Exponent /theories/lifting_the_exponent/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/lifting_the_exponent/ LightweightJava /theories/lightweightjava/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/lightweightjava/ Linear_Inequalities /theories/linear_inequalities/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/linear_inequalities/ Linear_Programming /theories/linear_programming/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/linear_programming/ Linear_Recurrences /theories/linear_recurrences/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/linear_recurrences/ Linear_Recurrences_Solver /theories/linear_recurrences_solver/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/linear_recurrences_solver/ LinearQuantifierElim /theories/linearquantifierelim/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/linearquantifierelim/ Liouville_Numbers /theories/liouville_numbers/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/liouville_numbers/ List-Index /theories/list-index/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/list-index/ List-Infinite /theories/list-infinite/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/list-infinite/ List_Interleaving /theories/list_interleaving/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/list_interleaving/ List_Inversions /theories/list_inversions/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/list_inversions/ List_Update /theories/list_update/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/list_update/ LLL_Basis_Reduction /theories/lll_basis_reduction/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/lll_basis_reduction/ LLL_Factorization /theories/lll_factorization/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/lll_factorization/ Localization_Ring /theories/localization_ring/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/localization_ring/ LocalLexing /theories/locallexing/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/locallexing/ Locally-Nameless-Sigma /theories/locally-nameless-sigma/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/locally-nameless-sigma/ LOFT /theories/loft/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/loft/ Logging_Independent_Anonymity /theories/logging_independent_anonymity/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/logging_independent_anonymity/ Lorenz_Approximation /theories/lorenz_approximation/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/lorenz_approximation/ Lorenz_C0 /theories/lorenz_c0/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/lorenz_c0/ Lorenz_C1 /theories/lorenz_c1/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/lorenz_c1/ Lowe_Ontological_Argument /theories/lowe_ontological_argument/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/lowe_ontological_argument/ Lower_Semicontinuous /theories/lower_semicontinuous/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/lower_semicontinuous/ Lp /theories/lp/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/lp/ LP_Duality /theories/lp_duality/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/lp_duality/ LTL /theories/ltl/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/ltl/ LTL_Master_Theorem /theories/ltl_master_theorem/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/ltl_master_theorem/ LTL_Normal_Form /theories/ltl_normal_form/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/ltl_normal_form/ LTL_to_DRA /theories/ltl_to_dra/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/ltl_to_dra/ LTL_to_GBA /theories/ltl_to_gba/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/ltl_to_gba/ Lucas_Theorem /theories/lucas_theorem/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/lucas_theorem/ Markov_Models /theories/markov_models/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/markov_models/ Marriage /theories/marriage/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/marriage/ Mason_Stothers /theories/mason_stothers/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/mason_stothers/ Matrices_for_ODEs /theories/matrices_for_odes/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/matrices_for_odes/ Matrix /theories/matrix/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/matrix/ Matrix_Tensor /theories/matrix_tensor/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/matrix_tensor/ Matroids /theories/matroids/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/matroids/ Max-Card-Matching /theories/max-card-matching/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/max-card-matching/ MDP-Algorithms /theories/mdp-algorithms/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/mdp-algorithms/ MDP-Rewards /theories/mdp-rewards/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/mdp-rewards/ Median_Method /theories/median_method/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/median_method/ Median_Of_Medians_Selection /theories/median_of_medians_selection/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/median_of_medians_selection/ Menger /theories/menger/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/menger/ Mereology /theories/mereology/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/mereology/ Mersenne_Primes /theories/mersenne_primes/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/mersenne_primes/ Metalogic_ProofChecker /theories/metalogic_proofchecker/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/metalogic_proofchecker/ MFMC_Countable /theories/mfmc_countable/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/mfmc_countable/ MFODL_Monitor_Optimized /theories/mfodl_monitor_optimized/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/mfodl_monitor_optimized/ MFOTL_Monitor /theories/mfotl_monitor/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/mfotl_monitor/ Minimal_SSA /theories/minimal_ssa/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/minimal_ssa/ MiniML /theories/miniml/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/miniml/ MiniSail /theories/minisail/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/minisail/ Minkowskis_Theorem /theories/minkowskis_theorem/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/minkowskis_theorem/ Minsky_Machines /theories/minsky_machines/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/minsky_machines/ Modal_Logics_for_NTS /theories/modal_logics_for_nts/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/modal_logics_for_nts/ Modular_arithmetic_LLL_and_HNF_algorithms /theories/modular_arithmetic_lll_and_hnf_algorithms/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/modular_arithmetic_lll_and_hnf_algorithms/ Modular_Assembly_Kit_Security /theories/modular_assembly_kit_security/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/modular_assembly_kit_security/ Monad_Memo_DP /theories/monad_memo_dp/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/monad_memo_dp/ Monad_Normalisation /theories/monad_normalisation/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/monad_normalisation/ MonoBoolTranAlgebra /theories/monobooltranalgebra/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/monobooltranalgebra/ MonoidalCategory /theories/monoidalcategory/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/monoidalcategory/ Monomorphic_Monad /theories/monomorphic_monad/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/monomorphic_monad/ MSO_Regex_Equivalence /theories/mso_regex_equivalence/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/mso_regex_equivalence/ MuchAdoAboutTwo /theories/muchadoabouttwo/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/muchadoabouttwo/ Multi_Party_Computation /theories/multi_party_computation/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/multi_party_computation/ Multirelations /theories/multirelations/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/multirelations/ Multiset_Ordering_NPC /theories/multiset_ordering_npc/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/multiset_ordering_npc/ Myhill-Nerode /theories/myhill-nerode/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/myhill-nerode/ Name_Carrying_Type_Inference /theories/name_carrying_type_inference/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/name_carrying_type_inference/ Nano_JSON /theories/nano_json/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/nano_json/ Nash_Williams /theories/nash_williams/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/nash_williams/ Nat-Interval-Logic /theories/nat-interval-logic/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/nat-interval-logic/ Native_Word /theories/native_word/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/native_word/ Nested_Multisets_Ordinals /theories/nested_multisets_ordinals/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/nested_multisets_ordinals/ Network_Security_Policy_Verification /theories/network_security_policy_verification/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/network_security_policy_verification/ Neumann_Morgenstern_Utility /theories/neumann_morgenstern_utility/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/neumann_morgenstern_utility/ No_FTL_observers /theories/no_ftl_observers/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/no_ftl_observers/ Nominal2 /theories/nominal2/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/nominal2/ Noninterference_Concurrent_Composition /theories/noninterference_concurrent_composition/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/noninterference_concurrent_composition/ Noninterference_CSP /theories/noninterference_csp/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/noninterference_csp/ Noninterference_Generic_Unwinding /theories/noninterference_generic_unwinding/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/noninterference_generic_unwinding/ Noninterference_Inductive_Unwinding /theories/noninterference_inductive_unwinding/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/noninterference_inductive_unwinding/ Noninterference_Ipurge_Unwinding /theories/noninterference_ipurge_unwinding/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/noninterference_ipurge_unwinding/ Noninterference_Sequential_Composition /theories/noninterference_sequential_composition/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/noninterference_sequential_composition/ NormByEval /theories/normbyeval/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/normbyeval/ Nullstellensatz /theories/nullstellensatz/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/nullstellensatz/ Number_Theoretic_Transform /theories/number_theoretic_transform/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/number_theoretic_transform/ Octonions /theories/octonions/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/octonions/ Old_Datatype_Show /theories/old_datatype_show/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/old_datatype_show/ Open_Induction /theories/open_induction/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/open_induction/ OpSets /theories/opsets/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/opsets/ Optics /theories/optics/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/optics/ Optimal_BST /theories/optimal_bst/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/optimal_bst/ Orbit_Stabiliser /theories/orbit_stabiliser/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/orbit_stabiliser/ Order_Lattice_Props /theories/order_lattice_props/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/order_lattice_props/ Ordered_Resolution_Prover /theories/ordered_resolution_prover/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/ordered_resolution_prover/ Ordinal /theories/ordinal/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/ordinal/ Ordinal_Partitions /theories/ordinal_partitions/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/ordinal_partitions/ Ordinals_and_Cardinals /theories/ordinals_and_cardinals/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/ordinals_and_cardinals/ Ordinary_Differential_Equations /theories/ordinary_differential_equations/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/ordinary_differential_equations/ PAC_Checker /theories/pac_checker/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/pac_checker/ Package_logic /theories/package_logic/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/package_logic/ Padic_Field /theories/padic_field/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/padic_field/ Padic_Ints /theories/padic_ints/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/padic_ints/ Pairing_Heap /theories/pairing_heap/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/pairing_heap/ PAL /theories/pal/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/pal/ Paraconsistency /theories/paraconsistency/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/paraconsistency/ Parity_Game /theories/parity_game/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/parity_game/ Partial_Function_MR /theories/partial_function_mr/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/partial_function_mr/ Partial_Order_Reduction /theories/partial_order_reduction/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/partial_order_reduction/ Password_Authentication_Protocol /theories/password_authentication_protocol/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/password_authentication_protocol/ PCF /theories/pcf/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/pcf/ Pell /theories/pell/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/pell/ Perfect-Number-Thm /theories/perfect-number-thm/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/perfect-number-thm/ Perron_Frobenius /theories/perron_frobenius/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/perron_frobenius/ pGCL /theories/pgcl/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/pgcl/ Physical_Quantities /theories/physical_quantities/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/physical_quantities/ Pi_Calculus /theories/pi_calculus/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/pi_calculus/ Pi_Transcendental /theories/pi_transcendental/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/pi_transcendental/ Planarity_Certificates /theories/planarity_certificates/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/planarity_certificates/ PLM /theories/plm/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/plm/ Pluennecke_Ruzsa_Inequality /theories/pluennecke_ruzsa_inequality/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/pluennecke_ruzsa_inequality/ Poincare_Bendixson /theories/poincare_bendixson/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/poincare_bendixson/ Poincare_Disc /theories/poincare_disc/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/poincare_disc/ Polynomial_Factorization /theories/polynomial_factorization/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/polynomial_factorization/ Polynomial_Interpolation /theories/polynomial_interpolation/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/polynomial_interpolation/ Polynomials /theories/polynomials/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/polynomials/ Pop_Refinement /theories/pop_refinement/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/pop_refinement/ POPLmark-deBruijn /theories/poplmark-debruijn/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/poplmark-debruijn/ Posix-Lexing /theories/posix-lexing/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/posix-lexing/ Possibilistic_Noninterference /theories/possibilistic_noninterference/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/possibilistic_noninterference/ Power_Sum_Polynomials /theories/power_sum_polynomials/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/power_sum_polynomials/ Pratt_Certificate /theories/pratt_certificate/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/pratt_certificate/ Prefix_Free_Code_Combinators /theories/prefix_free_code_combinators/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/prefix_free_code_combinators/ Presburger-Automata /theories/presburger-automata/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/presburger-automata/ Prim_Dijkstra_Simple /theories/prim_dijkstra_simple/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/prim_dijkstra_simple/ Prime_Distribution_Elementary /theories/prime_distribution_elementary/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/prime_distribution_elementary/ Prime_Harmonic_Series /theories/prime_harmonic_series/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/prime_harmonic_series/ Prime_Number_Theorem /theories/prime_number_theorem/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/prime_number_theorem/ Priority_Queue_Braun /theories/priority_queue_braun/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/priority_queue_braun/ Priority_Search_Trees /theories/priority_search_trees/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/priority_search_trees/ Probabilistic_Noninterference /theories/probabilistic_noninterference/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/probabilistic_noninterference/ Probabilistic_Prime_Tests /theories/probabilistic_prime_tests/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/probabilistic_prime_tests/ Probabilistic_System_Zoo /theories/probabilistic_system_zoo/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/probabilistic_system_zoo/ Probabilistic_Timed_Automata /theories/probabilistic_timed_automata/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/probabilistic_timed_automata/ Probabilistic_While /theories/probabilistic_while/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/probabilistic_while/ Program-Conflict-Analysis /theories/program-conflict-analysis/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/program-conflict-analysis/ Progress_Tracking /theories/progress_tracking/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/progress_tracking/ Projective_Geometry /theories/projective_geometry/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/projective_geometry/ Projective_Measurements /theories/projective_measurements/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/projective_measurements/ Promela /theories/promela/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/promela/ Proof_Strategy_Language /theories/proof_strategy_language/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/proof_strategy_language/ Propositional_Proof_Systems /theories/propositional_proof_systems/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/propositional_proof_systems/ PropResPI /theories/proprespi/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/proprespi/ Prpu_Maxflow /theories/prpu_maxflow/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/prpu_maxflow/ PSemigroupsConvolution /theories/psemigroupsconvolution/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/psemigroupsconvolution/ PseudoHoops /theories/pseudohoops/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/pseudohoops/ Psi_Calculi /theories/psi_calculi/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/psi_calculi/ Ptolemys_Theorem /theories/ptolemys_theorem/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/ptolemys_theorem/ Public_Announcement_Logic /theories/public_announcement_logic/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/public_announcement_logic/ QHLProver /theories/qhlprover/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/qhlprover/ QR_Decomposition /theories/qr_decomposition/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/qr_decomposition/ Quantales /theories/quantales/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/quantales/ Quasi_Borel_Spaces /theories/quasi_borel_spaces/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/quasi_borel_spaces/ Quaternions /theories/quaternions/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/quaternions/ Quick_Sort_Cost /theories/quick_sort_cost/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/quick_sort_cost/ Ramsey-Infinite /theories/ramsey-infinite/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/ramsey-infinite/ Random_BSTs /theories/random_bsts/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/random_bsts/ Random_Graph_Subgraph_Threshold /theories/random_graph_subgraph_threshold/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/random_graph_subgraph_threshold/ Randomised_BSTs /theories/randomised_bsts/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/randomised_bsts/ Randomised_Social_Choice /theories/randomised_social_choice/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/randomised_social_choice/ Rank_Nullity_Theorem /theories/rank_nullity_theorem/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/rank_nullity_theorem/ Real_Impl /theories/real_impl/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/real_impl/ Real_Power /theories/real_power/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/real_power/ Real_Time_Deque /theories/real_time_deque/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/real_time_deque/ Recursion-Addition /theories/recursion-addition/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/recursion-addition/ Recursion-Theory-I /theories/recursion-theory-i/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/recursion-theory-i/ Refine_Imperative_HOL /theories/refine_imperative_hol/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/refine_imperative_hol/ Refine_Monadic /theories/refine_monadic/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/refine_monadic/ RefinementReactive /theories/refinementreactive/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/refinementreactive/ Regex_Equivalence /theories/regex_equivalence/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/regex_equivalence/ Registers /theories/registers/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/registers/ Regression_Test_Selection /theories/regression_test_selection/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/regression_test_selection/ Regular-Sets /theories/regular-sets/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/regular-sets/ Regular_Algebras /theories/regular_algebras/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/regular_algebras/ Regular_Tree_Relations /theories/regular_tree_relations/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/regular_tree_relations/ Relation_Algebra /theories/relation_algebra/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/relation_algebra/ Relational-Incorrectness-Logic /theories/relational-incorrectness-logic/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/relational-incorrectness-logic/ Relational_Disjoint_Set_Forests /theories/relational_disjoint_set_forests/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/relational_disjoint_set_forests/ Relational_Forests /theories/relational_forests/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/relational_forests/ Relational_Method /theories/relational_method/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/relational_method/ Relational_Minimum_Spanning_Trees /theories/relational_minimum_spanning_trees/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/relational_minimum_spanning_trees/ Relational_Paths /theories/relational_paths/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/relational_paths/ Rep_Fin_Groups /theories/rep_fin_groups/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/rep_fin_groups/ Residuated_Lattices /theories/residuated_lattices/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/residuated_lattices/ ResiduatedTransitionSystem /theories/residuatedtransitionsystem/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/residuatedtransitionsystem/ Resolution_FOL /theories/resolution_fol/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/resolution_fol/ Rewrite_Properties_Reduction /theories/rewrite_properties_reduction/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/rewrite_properties_reduction/ Rewriting_Z /theories/rewriting_z/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/rewriting_z/ Ribbon_Proofs /theories/ribbon_proofs/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/ribbon_proofs/ RIPEMD-160-SPARK /theories/ripemd-160-spark/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/ripemd-160-spark/ Risk_Free_Lending /theories/risk_free_lending/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/risk_free_lending/ Robbins-Conjecture /theories/robbins-conjecture/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/robbins-conjecture/ ROBDD /theories/robdd/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/robdd/ Robinson_Arithmetic /theories/robinson_arithmetic/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/robinson_arithmetic/ Root_Balanced_Tree /theories/root_balanced_tree/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/root_balanced_tree/ Roth_Arithmetic_Progressions /theories/roth_arithmetic_progressions/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/roth_arithmetic_progressions/ Routing /theories/routing/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/routing/ Roy_Floyd_Warshall /theories/roy_floyd_warshall/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/roy_floyd_warshall/ RSAPSS /theories/rsapss/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/rsapss/ Safe_Distance /theories/safe_distance/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/safe_distance/ Safe_OCL /theories/safe_ocl/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/safe_ocl/ + Safe_Range_RC + /theories/safe_range_rc/ + Mon, 01 Jan 0001 00:00:00 +0000 + + /theories/safe_range_rc/ + + + + SATSolverVerification /theories/satsolververification/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/satsolververification/ Saturation_Framework /theories/saturation_framework/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/saturation_framework/ Saturation_Framework_Extensions /theories/saturation_framework_extensions/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/saturation_framework_extensions/ SC_DOM_Components /theories/sc_dom_components/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/sc_dom_components/ SCC_Bloemen_Sequential /theories/scc_bloemen_sequential/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/scc_bloemen_sequential/ Schutz_Spacetime /theories/schutz_spacetime/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/schutz_spacetime/ SDS_Impossibility /theories/sds_impossibility/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/sds_impossibility/ Search the Archive /search/ Mon, 01 Jan 0001 00:00:00 +0000 /search/ Secondary_Sylow /theories/secondary_sylow/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/secondary_sylow/ Security_Protocol_Refinement /theories/security_protocol_refinement/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/security_protocol_refinement/ Selection_Heap_Sort /theories/selection_heap_sort/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/selection_heap_sort/ SenSocialChoice /theories/sensocialchoice/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/sensocialchoice/ Separata /theories/separata/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/separata/ Separation_Algebra /theories/separation_algebra/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/separation_algebra/ Separation_Logic_Imperative_HOL /theories/separation_logic_imperative_hol/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/separation_logic_imperative_hol/ Separation_Logic_Unbounded /theories/separation_logic_unbounded/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/separation_logic_unbounded/ Sepref_Basic /theories/sepref_basic/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/sepref_basic/ Sepref_IICF /theories/sepref_iicf/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/sepref_iicf/ Sepref_Prereq /theories/sepref_prereq/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/sepref_prereq/ SequentInvertibility /theories/sequentinvertibility/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/sequentinvertibility/ Shadow_DOM /theories/shadow_dom/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/shadow_dom/ Shadow_SC_DOM /theories/shadow_sc_dom/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/shadow_sc_dom/ Shivers-CFA /theories/shivers-cfa/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/shivers-cfa/ ShortestPath /theories/shortestpath/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/shortestpath/ Show /theories/show/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/show/ SIFPL /theories/sifpl/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/sifpl/ SIFUM_Type_Systems /theories/sifum_type_systems/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/sifum_type_systems/ Sigma_Commit_Crypto /theories/sigma_commit_crypto/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/sigma_commit_crypto/ Signature_Groebner /theories/signature_groebner/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/signature_groebner/ Simpl /theories/simpl/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/simpl/ Simple_Firewall /theories/simple_firewall/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/simple_firewall/ Simplex /theories/simplex/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/simplex/ Simplicial_complexes_and_boolean_functions /theories/simplicial_complexes_and_boolean_functions/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/simplicial_complexes_and_boolean_functions/ SimplifiedOntologicalArgument /theories/simplifiedontologicalargument/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/simplifiedontologicalargument/ Skew_Heap /theories/skew_heap/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/skew_heap/ Skip_Lists /theories/skip_lists/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/skip_lists/ Slicing /theories/slicing/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/slicing/ Sliding_Window_Algorithm /theories/sliding_window_algorithm/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/sliding_window_algorithm/ SM /theories/sm/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/sm/ SM_Base /theories/sm_base/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/sm_base/ Smith_Normal_Form /theories/smith_normal_form/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/smith_normal_form/ Smooth_Manifolds /theories/smooth_manifolds/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/smooth_manifolds/ Solidity /theories/solidity/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/solidity/ Sophomores_Dream /theories/sophomores_dream/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/sophomores_dream/ Sort_Encodings /theories/sort_encodings/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/sort_encodings/ Source_Coding_Theorem /theories/source_coding_theorem/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/source_coding_theorem/ SPARCv8 /theories/sparcv8/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/sparcv8/ SpecCheck /theories/speccheck/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/speccheck/ Special_Function_Bounds /theories/special_function_bounds/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/special_function_bounds/ Splay_Tree /theories/splay_tree/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/splay_tree/ Sqrt_Babylonian /theories/sqrt_babylonian/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/sqrt_babylonian/ Stable_Matching /theories/stable_matching/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/stable_matching/ Stalnaker_Logic /theories/stalnaker_logic/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/stalnaker_logic/ Statecharts /theories/statecharts/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/statecharts/ Stateful_Protocol_Composition_and_Typing /theories/stateful_protocol_composition_and_typing/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/stateful_protocol_composition_and_typing/ Statistics /statistics/ Mon, 01 Jan 0001 00:00:00 +0000 /statistics/ - 705 Entries 426 Authors ~217,200 Lemmas ~3,569,400 Lines of Code Most used AFP entries: Name Used by ? entries 1. List-Index 21 2. Collections 18 3. Show 16 4. Coinductive 12 5. Deriving 12 6. Jordan_Normal_Form 12 7. Polynomial_Factorization 12 8. Regular-Sets 12 9. + 706 Entries 426 Authors ~217,700 Lemmas ~3,572,500 Lines of Code Most used AFP entries: Name Used by ? entries 1. List-Index 22 2. Collections 19 3. Show 16 4. Deriving 13 5. Coinductive 12 6. Jordan_Normal_Form 12 7. Polynomial_Factorization 12 8. Regular-Sets 12 9. Stellar_Quorums /theories/stellar_quorums/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/stellar_quorums/ Stern_Brocot /theories/stern_brocot/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/stern_brocot/ Stewart_Apollonius /theories/stewart_apollonius/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/stewart_apollonius/ Stirling_Formula /theories/stirling_formula/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/stirling_formula/ Stochastic_Matrices /theories/stochastic_matrices/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/stochastic_matrices/ Stone_Algebras /theories/stone_algebras/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/stone_algebras/ Stone_Kleene_Relation_Algebras /theories/stone_kleene_relation_algebras/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/stone_kleene_relation_algebras/ Stone_Relation_Algebras /theories/stone_relation_algebras/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/stone_relation_algebras/ Store_Buffer_Reduction /theories/store_buffer_reduction/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/store_buffer_reduction/ Stream-Fusion /theories/stream-fusion/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/stream-fusion/ Stream_Fusion_Code /theories/stream_fusion_code/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/stream_fusion_code/ Strong_Security /theories/strong_security/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/strong_security/ Sturm_Sequences /theories/sturm_sequences/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/sturm_sequences/ Sturm_Tarski /theories/sturm_tarski/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/sturm_tarski/ Stuttering_Equivalence /theories/stuttering_equivalence/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/stuttering_equivalence/ Subresultants /theories/subresultants/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/subresultants/ Subset_Boolean_Algebras /theories/subset_boolean_algebras/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/subset_boolean_algebras/ SumSquares /theories/sumsquares/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/sumsquares/ Sunflowers /theories/sunflowers/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/sunflowers/ SuperCalc /theories/supercalc/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/supercalc/ Surprise_Paradox /theories/surprise_paradox/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/surprise_paradox/ Symmetric_Polynomials /theories/symmetric_polynomials/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/symmetric_polynomials/ Syntax_Independent_Logic /theories/syntax_independent_logic/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/syntax_independent_logic/ Szemeredi_Regularity /theories/szemeredi_regularity/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/szemeredi_regularity/ Szpilrajn /theories/szpilrajn/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/szpilrajn/ Tail_Recursive_Functions /theories/tail_recursive_functions/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/tail_recursive_functions/ Tarskis_Geometry /theories/tarskis_geometry/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/tarskis_geometry/ Taylor_Models /theories/taylor_models/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/taylor_models/ TESL_Language /theories/tesl_language/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/tesl_language/ Three_Circles /theories/three_circles/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/three_circles/ Timed_Automata /theories/timed_automata/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/timed_automata/ TLA /theories/tla/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/tla/ Topological_Semantics /theories/topological_semantics/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/topological_semantics/ Topology /theories/topology/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/topology/ TortoiseHare /theories/tortoisehare/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/tortoisehare/ Transcendence_Series_Hancl_Rucki /theories/transcendence_series_hancl_rucki/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/transcendence_series_hancl_rucki/ Transformer_Semantics /theories/transformer_semantics/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/transformer_semantics/ Transition_Systems_and_Automata /theories/transition_systems_and_automata/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/transition_systems_and_automata/ Transitive-Closure /theories/transitive-closure/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/transitive-closure/ Transitive-Closure-II /theories/transitive-closure-ii/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/transitive-closure-ii/ Transitive_Models /theories/transitive_models/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/transitive_models/ Treaps /theories/treaps/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/treaps/ Tree-Automata /theories/tree-automata/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/tree-automata/ Tree_Decomposition /theories/tree_decomposition/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/tree_decomposition/ Triangle /theories/triangle/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/triangle/ Trie /theories/trie/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/trie/ Twelvefold_Way /theories/twelvefold_way/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/twelvefold_way/ Tycon /theories/tycon/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/tycon/ Types_Tableaus_and_Goedels_God /theories/types_tableaus_and_goedels_god/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/types_tableaus_and_goedels_god/ Types_To_Sets_Extension /theories/types_to_sets_extension/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/types_to_sets_extension/ Universal_Hash_Families /theories/universal_hash_families/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/universal_hash_families/ Universal_Turing_Machine /theories/universal_turing_machine/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/universal_turing_machine/ UpDown_Scheme /theories/updown_scheme/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/updown_scheme/ UPF /theories/upf/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/upf/ UPF_Firewall /theories/upf_firewall/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/upf_firewall/ UTP /theories/utp/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/utp/ UTP-Toolkit /theories/utp-toolkit/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/utp-toolkit/ Valuation /theories/valuation/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/valuation/ Van_der_Waerden /theories/van_der_waerden/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/van_der_waerden/ Van_Emde_Boas_Trees /theories/van_emde_boas_trees/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/van_emde_boas_trees/ VectorSpace /theories/vectorspace/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/vectorspace/ VeriComp /theories/vericomp/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/vericomp/ Verified-Prover /theories/verified-prover/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/verified-prover/ Verified_SAT_Based_AI_Planning /theories/verified_sat_based_ai_planning/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/verified_sat_based_ai_planning/ VerifyThis2018 /theories/verifythis2018/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/verifythis2018/ VerifyThis2019 /theories/verifythis2019/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/verifythis2019/ Vickrey_Clarke_Groves /theories/vickrey_clarke_groves/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/vickrey_clarke_groves/ Virtual_Substitution /theories/virtual_substitution/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/virtual_substitution/ VolpanoSmith /theories/volpanosmith/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/volpanosmith/ VYDRA_MDL /theories/vydra_mdl/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/vydra_mdl/ WebAssembly /theories/webassembly/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/webassembly/ Weight_Balanced_Trees /theories/weight_balanced_trees/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/weight_balanced_trees/ Weighted_Arithmetic_Geometric_Mean /theories/weighted_arithmetic_geometric_mean/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/weighted_arithmetic_geometric_mean/ Weighted_Path_Order /theories/weighted_path_order/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/weighted_path_order/ Well_Quasi_Orders /theories/well_quasi_orders/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/well_quasi_orders/ Wetzels_Problem /theories/wetzels_problem/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/wetzels_problem/ WHATandWHERE_Security /theories/whatandwhere_security/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/whatandwhere_security/ Winding_Number_Eval /theories/winding_number_eval/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/winding_number_eval/ WOOT_Strong_Eventual_Consistency /theories/woot_strong_eventual_consistency/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/woot_strong_eventual_consistency/ Word_Lib /theories/word_lib/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/word_lib/ WorkerWrapper /theories/workerwrapper/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/workerwrapper/ X86_Semantics /theories/x86_semantics/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/x86_semantics/ XML /theories/xml/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/xml/ Youngs_Inequality /theories/youngs_inequality/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/youngs_inequality/ Zeta_3_Irrational /theories/zeta_3_irrational/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/zeta_3_irrational/ Zeta_Function /theories/zeta_function/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/zeta_function/ ZFC_in_HOL /theories/zfc_in_hol/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/zfc_in_hol/ diff --git a/web/sitemap.xml b/web/sitemap.xml --- a/web/sitemap.xml +++ b/web/sitemap.xml @@ -1,5862 +1,5867 @@ / - 2022-09-23T00:00:00+00:00 + 2022-09-28T00:00:00+00:00 /authors/ - 2022-09-23T00:00:00+00:00 + 2022-09-28T00:00:00+00:00 + + /dependencies/collections/ + 2022-09-28T00:00:00+00:00 /dependencies/ - 2022-09-23T00:00:00+00:00 + 2022-09-28T00:00:00+00:00 + + /dependencies/deriving/ + 2022-09-28T00:00:00+00:00 /entries/ - 2022-09-23T00:00:00+00:00 + 2022-09-28T00:00:00+00:00 + + /dependencies/list-index/ + 2022-09-28T00:00:00+00:00 + + /entries/Safe_Range_RC.html + 2022-09-28T00:00:00+00:00 + + /authors/raszyk/ + 2022-09-28T00:00:00+00:00 + + /authors/traytel/ + 2022-09-28T00:00:00+00:00 /dependencies/epistemic_logic/ 2022-09-23T00:00:00+00:00 /authors/guzman/ 2022-09-23T00:00:00+00:00 /entries/Stalnaker_Logic.html 2022-09-23T00:00:00+00:00 /authors/crighton/ 2022-09-22T00:00:00+00:00 /dependencies/localization_ring/ 2022-09-22T00:00:00+00:00 /entries/Padic_Field.html 2022-09-22T00:00:00+00:00 /dependencies/padic_ints/ 2022-09-22T00:00:00+00:00 /authors/doty/ 2022-09-18T00:00:00+00:00 /entries/Risk_Free_Lending.html 2022-09-18T00:00:00+00:00 /authors/from/ 2022-09-13T00:00:00+00:00 /entries/Implicational_Logic.html 2022-09-13T00:00:00+00:00 /authors/villadsen/ 2022-09-13T00:00:00+00:00 /dependencies/berlekamp_zassenhaus/ 2022-09-08T00:00:00+00:00 /entries/CRYSTALS-Kyber.html 2022-09-08T00:00:00+00:00 /authors/kreuzer/ 2022-09-08T00:00:00+00:00 /dependencies/number_theoretic_transform/ 2022-09-08T00:00:00+00:00 /authors/dardinier/ 2022-09-05T00:00:00+00:00 /entries/Separation_Logic_Unbounded.html 2022-09-05T00:00:00+00:00 /authors/argyraki/ 2022-09-02T00:00:00+00:00 /dependencies/bernoulli/ 2022-09-02T00:00:00+00:00 /authors/eberl/ 2022-09-02T00:00:00+00:00 /dependencies/jacobson_basic_algebra/ 2022-09-02T00:00:00+00:00 /entries/Khovanskii_Theorem.html 2022-09-02T00:00:00+00:00 /authors/paulson/ 2022-09-02T00:00:00+00:00 /dependencies/pluennecke_ruzsa_inequality/ 2022-09-02T00:00:00+00:00 /authors/sulejmani/ 2022-09-02T00:00:00+00:00 /entries/Hales_Jewett.html 2022-09-02T00:00:00+00:00 /authors/ammer/ 2022-08-18T00:00:00+00:00 /entries/Number_Theoretic_Transform.html 2022-08-18T00:00:00+00:00 /entries/SCC_Bloemen_Sequential.html 2022-08-17T00:00:00+00:00 /authors/merz/ 2022-08-17T00:00:00+00:00 /authors/trelat/ 2022-08-17T00:00:00+00:00 /authors/bortin/ 2022-08-15T00:00:00+00:00 /entries/Involutions2Squares.html 2022-08-15T00:00:00+00:00 /dependencies/containers/ 2022-08-09T00:00:00+00:00 /dependencies/datatype_order_generator/ 2022-08-09T00:00:00+00:00 /dependencies/native_word/ 2022-08-09T00:00:00+00:00 /authors/sachtleben/ 2022-08-09T00:00:00+00:00 /entries/FSM_Tests.html 2022-08-09T00:00:00+00:00 /authors/brucker/ 2022-07-29T00:00:00+00:00 /entries/Nano_JSON.html 2022-07-29T00:00:00+00:00 /topics/tools/ 2022-07-29T00:00:00+00:00 /topics/ 2022-07-29T00:00:00+00:00 /authors/echenim/ 2022-07-18T00:00:00+00:00 /entries/Solidity.html 2022-07-18T00:00:00+00:00 /authors/marmsoler/ 2022-07-18T00:00:00+00:00 /dependencies/projective_measurements/ 2022-07-18T00:00:00+00:00 /entries/Commuting_Hermitian.html 2022-07-18T00:00:00+00:00 /entries/Weighted_Arithmetic_Geometric_Mean.html 2022-07-11T00:00:00+00:00 /entries/IMP_Compiler_Reuse.html 2022-07-10T00:00:00+00:00 /authors/noce/ 2022-07-10T00:00:00+00:00 /authors/nipkow/ 2022-06-23T00:00:00+00:00 /entries/Real_Time_Deque.html 2022-06-23T00:00:00+00:00 /authors/toth/ 2022-06-23T00:00:00+00:00 /entries/Boolos_Curious_Inference.html 2022-06-20T00:00:00+00:00 /authors/ketland/ 2022-06-20T00:00:00+00:00 /dependencies/dirichlet_series/ 2022-06-08T00:00:00+00:00 /entries/Finite_Fields.html 2022-06-08T00:00:00+00:00 /entries/IsaNet.html 2022-06-08T00:00:00+00:00 /authors/karayel/ 2022-06-08T00:00:00+00:00 /authors/klenze/ 2022-06-08T00:00:00+00:00 /authors/sprenger/ 2022-06-08T00:00:00+00:00 /authors/bayer/ 2022-06-06T00:00:00+00:00 /authors/david/ 2022-06-06T00:00:00+00:00 /dependencies/digit_expansions/ 2022-06-06T00:00:00+00:00 /entries/DPRM_Theorem.html 2022-06-06T00:00:00+00:00 /dependencies/lucas_theorem/ 2022-06-06T00:00:00+00:00 /authors/matiyasevich/ 2022-06-06T00:00:00+00:00 /authors/pal/ 2022-06-06T00:00:00+00:00 /authors/schleicher/ 2022-06-06T00:00:00+00:00 /authors/stock/ 2022-06-06T00:00:00+00:00 /authors/lochmann/ 2022-06-02T00:00:00+00:00 /entries/Rewrite_Properties_Reduction.html 2022-06-02T00:00:00+00:00 /dependencies/regular_tree_relations/ 2022-06-02T00:00:00+00:00 /entries/Combinable_Wands.html 2022-05-30T00:00:00+00:00 /dependencies/package_logic/ 2022-05-30T00:00:00+00:00 /entries/Pluennecke_Ruzsa_Inequality.html 2022-05-26T00:00:00+00:00 /entries/Package_logic.html 2022-05-18T00:00:00+00:00 /entries/Clique_and_Monotone_Circuits.html 2022-05-08T00:00:00+00:00 /dependencies/stirling_formula/ 2022-05-08T00:00:00+00:00 /dependencies/sunflowers/ 2022-05-08T00:00:00+00:00 /authors/thiemann/ 2022-05-08T00:00:00+00:00 /dependencies/benor_kozen_reif/ 2022-04-21T00:00:00+00:00 /dependencies/design_theory/ 2022-04-21T00:00:00+00:00 /authors/edmonds/ 2022-04-21T00:00:00+00:00 /entries/Fishers_Inequality.html 2022-04-21T00:00:00+00:00 /dependencies/groebner_bases/ 2022-04-21T00:00:00+00:00 - /dependencies/list-index/ - 2022-04-21T00:00:00+00:00 - /dependencies/polynomial_factorization/ 2022-04-21T00:00:00+00:00 /entries/Digit_Expansions.html 2022-04-20T00:00:00+00:00 /authors/schmidinger/ 2022-04-20T00:00:00+00:00 /entries/Multiset_Ordering_NPC.html 2022-04-20T00:00:00+00:00 /dependencies/weighted_path_order/ 2022-04-20T00:00:00+00:00 /entries/Sophomores_Dream.html 2022-04-10T00:00:00+00:00 /entries/Prefix_Free_Code_Combinators.html 2022-04-08T00:00:00+00:00 /dependencies/bertrands_postulate/ 2022-04-08T00:00:00+00:00 /dependencies/equivalence_relation_enumeration/ 2022-04-08T00:00:00+00:00 /entries/Frequency_Moments.html 2022-04-08T00:00:00+00:00 /dependencies/interpolation_polynomials_hol_algebra/ 2022-04-08T00:00:00+00:00 /dependencies/lp/ 2022-04-08T00:00:00+00:00 /dependencies/median_method/ 2022-04-08T00:00:00+00:00 /dependencies/prefix_free_code_combinators/ 2022-04-08T00:00:00+00:00 /dependencies/universal_hash_families/ 2022-04-08T00:00:00+00:00 /entries/Dedekind_Real.html 2022-03-24T00:00:00+00:00 /authors/fleuriot/ 2022-03-24T00:00:00+00:00 /entries/Ackermanns_not_PR.html 2022-03-23T00:00:00+00:00 /entries/FOL_Seq_Calc3.html 2022-03-22T00:00:00+00:00 /dependencies/abstract_completeness/ 2022-03-22T00:00:00+00:00 /dependencies/abstract_soundness/ 2022-03-22T00:00:00+00:00 /entries/Cotangent_PFD_Formula.html 2022-03-15T00:00:00+00:00 /authors/gunther/ 2022-03-06T00:00:00+00:00 /authors/pagano/ 2022-03-06T00:00:00+00:00 /authors/steinberg/ 2022-03-06T00:00:00+00:00 /authors/terraf/ 2022-03-06T00:00:00+00:00 /entries/Independence_CH.html 2022-03-06T00:00:00+00:00 /dependencies/transitive_models/ 2022-03-06T00:00:00+00:00 /dependencies/delta_system_lemma/ 2022-03-03T00:00:00+00:00 /entries/Transitive_Models.html 2022-03-03T00:00:00+00:00 /entries/ResiduatedTransitionSystem.html 2022-02-28T00:00:00+00:00 /authors/stark/ 2022-02-28T00:00:00+00:00 /entries/Universal_Hash_Families.html 2022-02-20T00:00:00+00:00 /entries/Wetzels_Problem.html 2022-02-18T00:00:00+00:00 /dependencies/zfc_in_hol/ 2022-02-18T00:00:00+00:00 /entries/Eval_FO.html 2022-02-15T00:00:00+00:00 - /authors/raszyk/ - 2022-02-15T00:00:00+00:00 - /entries/VYDRA_MDL.html 2022-02-13T00:00:00+00:00 /dependencies/card_equiv_relations/ 2022-02-04T00:00:00+00:00 /entries/Equivalence_Relation_Enumeration.html 2022-02-04T00:00:00+00:00 /entries/LP_Duality.html 2022-02-03T00:00:00+00:00 /authors/hirata/ 2022-02-03T00:00:00+00:00 /dependencies/linear_inequalities/ 2022-02-03T00:00:00+00:00 /authors/minamide/ 2022-02-03T00:00:00+00:00 /entries/Quasi_Borel_Spaces.html 2022-02-03T00:00:00+00:00 /authors/sato/ 2022-02-03T00:00:00+00:00 /authors/felgenhauer/ 2022-02-02T00:00:00+00:00 /entries/FO_Theory_Rewriting.html 2022-02-02T00:00:00+00:00 /dependencies/fol-fitting/ 2022-02-02T00:00:00+00:00 /entries/FOL_Seq_Calc2.html 2022-01-31T00:00:00+00:00 - /dependencies/collections/ - 2022-01-31T00:00:00+00:00 - /dependencies/fol_seq_calc1/ 2022-01-31T00:00:00+00:00 /authors/jacobsen/ 2022-01-31T00:00:00+00:00 /entries/Youngs_Inequality.html 2022-01-31T00:00:00+00:00 /entries/Interpolation_Polynomials_HOL_Algebra.html 2022-01-29T00:00:00+00:00 /entries/Median_Method.html 2022-01-25T00:00:00+00:00 /entries/Actuarial_Mathematics.html 2022-01-23T00:00:00+00:00 /authors/ito/ 2022-01-23T00:00:00+00:00 /entries/Irrationals_From_THEBOOK.html 2022-01-08T00:00:00+00:00 /entries/Knights_Tour.html 2022-01-04T00:00:00+00:00 /authors/koller/ 2022-01-04T00:00:00+00:00 /entries/Hyperdual.html 2021-12-31T00:00:00+00:00 /authors/smola/ 2021-12-31T00:00:00+00:00 /entries/Gale_Shapley.html 2021-12-29T00:00:00+00:00 /dependencies/ergodic_theory/ 2021-12-28T00:00:00+00:00 /dependencies/girth_chromatic/ 2021-12-28T00:00:00+00:00 /dependencies/random_graph_subgraph_threshold/ 2021-12-28T00:00:00+00:00 /entries/Roth_Arithmetic_Progressions.html 2021-12-28T00:00:00+00:00 /dependencies/szemeredi_regularity/ 2021-12-28T00:00:00+00:00 /authors/abdulaziz/ 2021-12-16T00:00:00+00:00 /dependencies/gauss_jordan/ 2021-12-16T00:00:00+00:00 /entries/MDP-Rewards.html 2021-12-16T00:00:00+00:00 /dependencies/mdp-rewards/ 2021-12-16T00:00:00+00:00 /authors/schaeffeler/ 2021-12-16T00:00:00+00:00 /entries/MDP-Algorithms.html 2021-12-16T00:00:00+00:00 /dependencies/knuth_bendix_order/ 2021-12-15T00:00:00+00:00 /entries/Regular_Tree_Relations.html 2021-12-15T00:00:00+00:00 /authors/sternagel/ 2021-12-15T00:00:00+00:00 /authors/sternagelt/ 2021-12-15T00:00:00+00:00 /authors/aransay/ 2021-11-29T00:00:00+00:00 /authors/campo/ 2021-11-29T00:00:00+00:00 /dependencies/jordan_normal_form/ 2021-11-29T00:00:00+00:00 /authors/michaelis/ 2021-11-29T00:00:00+00:00 /dependencies/robdd/ 2021-11-29T00:00:00+00:00 /dependencies/sepref_prereq/ 2021-11-29T00:00:00+00:00 /entries/Simplicial_complexes_and_boolean_functions.html 2021-11-29T00:00:00+00:00 /dependencies/automatic_refinement/ 2021-11-23T00:00:00+00:00 - /dependencies/deriving/ - 2021-11-23T00:00:00+00:00 - /authors/lammich/ 2021-11-23T00:00:00+00:00 /entries/Van_Emde_Boas_Trees.html 2021-11-23T00:00:00+00:00 /entries/Foundation_of_geometry.html 2021-11-22T00:00:00+00:00 /authors/iwama/ 2021-11-22T00:00:00+00:00 /authors/cousin/ 2021-11-19T00:00:00+00:00 /authors/guiol/ 2021-11-19T00:00:00+00:00 /entries/Hahn_Jordan_Decomposition.html 2021-11-19T00:00:00+00:00 /dependencies/algebraic_numbers/ 2021-11-08T00:00:00+00:00 /entries/PAL.html 2021-11-08T00:00:00+00:00 /authors/benzmueller/ 2021-11-08T00:00:00+00:00 /entries/SimplifiedOntologicalArgument.html 2021-11-08T00:00:00+00:00 /entries/Factor_Algebraic_Polynomial.html 2021-11-08T00:00:00+00:00 /dependencies/hermite_lindemann/ 2021-11-08T00:00:00+00:00 /dependencies/polynomials/ 2021-11-08T00:00:00+00:00 /entries/Real_Power.html 2021-11-08T00:00:00+00:00 /authors/reiche/ 2021-11-08T00:00:00+00:00 /entries/Szemeredi_Regularity.html 2021-11-05T00:00:00+00:00 /dependencies/complex_bounded_operators/ 2021-10-28T00:00:00+00:00 /entries/Registers.html 2021-10-28T00:00:00+00:00 /authors/unruh/ 2021-10-28T00:00:00+00:00 /entries/Belief_Revision.html 2021-10-19T00:00:00+00:00 /authors/boulanger/ 2021-10-19T00:00:00+00:00 /authors/fouillard/ 2021-10-19T00:00:00+00:00 /authors/sabouret/ 2021-10-19T00:00:00+00:00 /authors/taha/ 2021-10-19T00:00:00+00:00 /authors/bharadwaj/ 2021-10-13T00:00:00+00:00 /authors/bockenek/ 2021-10-13T00:00:00+00:00 /authors/ravindran/ 2021-10-13T00:00:00+00:00 /authors/roessle/ 2021-10-13T00:00:00+00:00 /authors/verbeek/ 2021-10-13T00:00:00+00:00 /authors/weerwag/ 2021-10-13T00:00:00+00:00 /dependencies/word_lib/ 2021-10-13T00:00:00+00:00 /entries/X86_Semantics.html 2021-10-13T00:00:00+00:00 /entries/Correctness_Algebras.html 2021-10-12T00:00:00+00:00 /authors/guttmann/ 2021-10-12T00:00:00+00:00 /dependencies/monobooltranalgebra/ 2021-10-12T00:00:00+00:00 /dependencies/stone_kleene_relation_algebras/ 2021-10-12T00:00:00+00:00 /dependencies/subset_boolean_algebras/ 2021-10-12T00:00:00+00:00 /authors/cordwell/ 2021-10-02T00:00:00+00:00 /authors/mitsch/ 2021-10-02T00:00:00+00:00 /authors/platzer/ 2021-10-02T00:00:00+00:00 /authors/scharager/ 2021-10-02T00:00:00+00:00 /entries/Virtual_Substitution.html 2021-10-02T00:00:00+00:00 /entries/FOL_Axiomatic.html 2021-09-24T00:00:00+00:00 /dependencies/banach_steinhaus/ 2021-09-18T00:00:00+00:00 /authors/caballero/ 2021-09-18T00:00:00+00:00 /entries/Complex_Bounded_Operators.html 2021-09-18T00:00:00+00:00 /dependencies/real_impl/ 2021-09-18T00:00:00+00:00 /entries/Weighted_Path_Order.html 2021-09-16T00:00:00+00:00 /authors/yamada/ 2021-09-16T00:00:00+00:00 /entries/CZH_Foundations.html 2021-09-06T00:00:00+00:00 /entries/CZH_Elementary_Categories.html 2021-09-06T00:00:00+00:00 /entries/CZH_Universal_Constructions.html 2021-09-06T00:00:00+00:00 /entries/Conditional_Simplification.html 2021-09-06T00:00:00+00:00 /entries/Conditional_Transfer_Rule.html 2021-09-06T00:00:00+00:00 /dependencies/conditional_simplification/ 2021-09-06T00:00:00+00:00 /dependencies/conditional_transfer_rule/ 2021-09-06T00:00:00+00:00 /dependencies/czh_elementary_categories/ 2021-09-06T00:00:00+00:00 /dependencies/czh_foundations/ 2021-09-06T00:00:00+00:00 /entries/Types_To_Sets_Extension.html 2021-09-06T00:00:00+00:00 /entries/Intro_Dest_Elim.html 2021-09-06T00:00:00+00:00 /dependencies/intro_dest_elim/ 2021-09-06T00:00:00+00:00 /authors/milehins/ 2021-09-06T00:00:00+00:00 /dependencies/speccheck/ 2021-09-06T00:00:00+00:00 /entries/Dominance_CHK.html 2021-09-05T00:00:00+00:00 /authors/jiang/ 2021-09-05T00:00:00+00:00 /dependencies/jinja/ 2021-09-05T00:00:00+00:00 /dependencies/complex_geometry/ 2021-09-03T00:00:00+00:00 /dependencies/factor_algebraic_polynomial/ 2021-09-03T00:00:00+00:00 /entries/Cubic_Quartic_Equations.html 2021-09-03T00:00:00+00:00 /entries/Logging_Independent_Anonymity.html 2021-08-26T00:00:00+00:00 /dependencies/budan_fourier/ 2021-08-21T00:00:00+00:00 /authors/li/ 2021-08-21T00:00:00+00:00 /dependencies/polynomial_interpolation/ 2021-08-21T00:00:00+00:00 /entries/Three_Circles.html 2021-08-21T00:00:00+00:00 /authors/thomson/ 2021-08-21T00:00:00+00:00 /authors/bauereiss/ 2021-08-16T00:00:00+00:00 /dependencies/bd_security_compositional/ 2021-08-16T00:00:00+00:00 /dependencies/bounded_deducibility_security/ 2021-08-16T00:00:00+00:00 /entries/CoCon.html 2021-08-16T00:00:00+00:00 /entries/BD_Security_Compositional.html 2021-08-16T00:00:00+00:00 /entries/CoSMed.html 2021-08-16T00:00:00+00:00 /entries/CoSMeDis.html 2021-08-16T00:00:00+00:00 /entries/Fresh_Identifiers.html 2021-08-16T00:00:00+00:00 /dependencies/fresh_identifiers/ 2021-08-16T00:00:00+00:00 /authors/popescu/ 2021-08-16T00:00:00+00:00 /dependencies/card_partitions/ 2021-08-13T00:00:00+00:00 /entries/Design_Theory.html 2021-08-13T00:00:00+00:00 /dependencies/graph_theory/ 2021-08-13T00:00:00+00:00 /dependencies/nested_multisets_ordinals/ 2021-08-13T00:00:00+00:00 /entries/Relational_Forests.html 2021-08-03T00:00:00+00:00 /authors/palmer/ 2021-07-27T00:00:00+00:00 /authors/schmoetten/ 2021-07-27T00:00:00+00:00 /entries/Schutz_Spacetime.html 2021-07-27T00:00:00+00:00 /entries/Finitely_Generated_Abelian_Groups.html 2021-07-07T00:00:00+00:00 /authors/thommes/ 2021-07-07T00:00:00+00:00 /authors/bulwahn/ 2021-07-01T00:00:00+00:00 /authors/kappelmann/ 2021-07-01T00:00:00+00:00 /entries/SpecCheck.html 2021-07-01T00:00:00+00:00 /authors/willenbrink/ 2021-07-01T00:00:00+00:00 /entries/Van_der_Waerden.html 2021-06-22T00:00:00+00:00 /entries/MiniSail.html 2021-06-18T00:00:00+00:00 /dependencies/nominal2/ 2021-06-18T00:00:00+00:00 /dependencies/show/ 2021-06-18T00:00:00+00:00 /authors/wassell/ 2021-06-18T00:00:00+00:00 /entries/Public_Announcement_Logic.html 2021-06-17T00:00:00+00:00 /entries/IMP_Compiler.html 2021-06-04T00:00:00+00:00 /entries/Combinatorics_Words.html 2021-05-24T00:00:00+00:00 /dependencies/combinatorics_words/ 2021-05-24T00:00:00+00:00 /entries/Combinatorics_Words_Graph_Lemma.html 2021-05-24T00:00:00+00:00 /authors/holub/ 2021-05-24T00:00:00+00:00 /entries/Combinatorics_Words_Lyndon.html 2021-05-24T00:00:00+00:00 /authors/raska/ 2021-05-24T00:00:00+00:00 /authors/starosta/ 2021-05-24T00:00:00+00:00 /dependencies/szpilrajn/ 2021-05-24T00:00:00+00:00 /dependencies/jinjadci/ 2021-04-30T00:00:00+00:00 /authors/mansky/ 2021-04-30T00:00:00+00:00 /entries/Regression_Test_Selection.html 2021-04-30T00:00:00+00:00 /entries/Metalogic_ProofChecker.html 2021-04-27T00:00:00+00:00 /authors/kadzioka/ 2021-04-27T00:00:00+00:00 /entries/Lifting_the_Exponent.html 2021-04-27T00:00:00+00:00 /authors/rosskopf/ 2021-04-27T00:00:00+00:00 /dependencies/sturm_tarski/ 2021-04-24T00:00:00+00:00 /authors/tan/ 2021-04-24T00:00:00+00:00 /entries/BenOr_Kozen_Reif.html 2021-04-24T00:00:00+00:00 /entries/GaleStewart_Games.html 2021-04-23T00:00:00+00:00 /authors/joosten/ 2021-04-23T00:00:00+00:00 /dependencies/parity_game/ 2021-04-23T00:00:00+00:00 /authors/brun/ 2021-04-13T00:00:00+00:00 /authors/decova/ 2021-04-13T00:00:00+00:00 /entries/Progress_Tracking.html 2021-04-13T00:00:00+00:00 /authors/lattuada/ 2021-04-13T00:00:00+00:00 - /authors/traytel/ - 2021-04-13T00:00:00+00:00 - /entries/IFC_Tracking.html 2021-04-01T00:00:00+00:00 /authors/nordhoff/ 2021-04-01T00:00:00+00:00 /authors/bordg/ 2021-03-29T00:00:00+00:00 /entries/Grothendieck_Schemes.html 2021-03-29T00:00:00+00:00 /entries/Padic_Ints.html 2021-03-23T00:00:00+00:00 /entries/Constructive_Cryptography_CM.html 2021-03-17T00:00:00+00:00 /dependencies/constructive_cryptography/ 2021-03-17T00:00:00+00:00 /dependencies/game_based_crypto/ 2021-03-17T00:00:00+00:00 /authors/lochbihler/ 2021-03-17T00:00:00+00:00 /authors/sefidgar/ 2021-03-17T00:00:00+00:00 /dependencies/sigma_commit_crypto/ 2021-03-17T00:00:00+00:00 /authors/bottesch/ 2021-03-12T00:00:00+00:00 /authors/divason/ 2021-03-12T00:00:00+00:00 /dependencies/hermite/ 2021-03-12T00:00:00+00:00 /dependencies/lll_basis_reduction/ 2021-03-12T00:00:00+00:00 /dependencies/smith_normal_form/ 2021-03-12T00:00:00+00:00 /entries/Modular_arithmetic_LLL_and_HNF_algorithms.html 2021-03-12T00:00:00+00:00 /dependencies/isabelle_marries_dirac/ 2021-03-03T00:00:00+00:00 /dependencies/pi_transcendental/ 2021-03-03T00:00:00+00:00 /dependencies/power_sum_polynomials/ 2021-03-03T00:00:00+00:00 /dependencies/qhlprover/ 2021-03-03T00:00:00+00:00 /entries/Projective_Measurements.html 2021-03-03T00:00:00+00:00 /entries/Hermite_Lindemann.html 2021-03-03T00:00:00+00:00 /authors/blumson/ 2021-03-01T00:00:00+00:00 /entries/Mereology.html 2021-03-01T00:00:00+00:00 /entries/Sunflowers.html 2021-02-25T00:00:00+00:00 /entries/BTree.html 2021-02-24T00:00:00+00:00 /authors/muendler/ 2021-02-24T00:00:00+00:00 /dependencies/refine_imperative_hol/ 2021-02-24T00:00:00+00:00 /entries/Formal_Puiseux_Series.html 2021-02-17T00:00:00+00:00 /entries/Laws_of_Large_Numbers.html 2021-02-10T00:00:00+00:00 /authors/coghetto/ 2021-01-31T00:00:00+00:00 /entries/IsaGeoCoq.html 2021-01-31T00:00:00+00:00 /entries/Blue_Eyes.html 2021-01-30T00:00:00+00:00 /entries/Hood_Melville_Queue.html 2021-01-18T00:00:00+00:00 /authors/londono/ 2021-01-18T00:00:00+00:00 /entries/JinjaDCI.html 2021-01-11T00:00:00+00:00 /entries/Delta_System_Lemma.html 2020-12-27T00:00:00+00:00 /authors/fuenmayor/ 2020-12-17T00:00:00+00:00 /entries/Topological_Semantics.html 2020-12-17T00:00:00+00:00 /dependencies/aggregation_algebras/ 2020-12-08T00:00:00+00:00 /authors/brien/ 2020-12-08T00:00:00+00:00 /entries/Relational_Minimum_Spanning_Trees.html 2020-12-08T00:00:00+00:00 /dependencies/relational_disjoint_set_forests/ 2020-12-08T00:00:00+00:00 /authors/desharnais/ 2020-12-07T00:00:00+00:00 /entries/Interpreter_Optimizations.html 2020-12-07T00:00:00+00:00 /dependencies/vericomp/ 2020-12-07T00:00:00+00:00 /entries/Relational_Method.html 2020-12-05T00:00:00+00:00 /authors/he/ 2020-11-22T00:00:00+00:00 /entries/Isabelle_Marries_Dirac.html 2020-11-22T00:00:00+00:00 /authors/lachnitt/ 2020-11-22T00:00:00+00:00 /dependencies/matrix_tensor/ 2020-11-22T00:00:00+00:00 /dependencies/vectorspace/ 2020-11-22T00:00:00+00:00 /dependencies/hol-csp/ 2020-11-19T00:00:00+00:00 /entries/CSP_RefTK.html 2020-11-19T00:00:00+00:00 /authors/wolff/ 2020-11-19T00:00:00+00:00 /authors/ye/ 2020-11-19T00:00:00+00:00 /entries/AI_Planning_Languages_Semantics.html 2020-10-29T00:00:00+00:00 /dependencies/ai_planning_languages_semantics/ 2020-10-29T00:00:00+00:00 /dependencies/certification_monads/ 2020-10-29T00:00:00+00:00 /authors/kurz/ 2020-10-29T00:00:00+00:00 /dependencies/propositional_proof_systems/ 2020-10-29T00:00:00+00:00 /entries/Verified_SAT_Based_AI_Planning.html 2020-10-29T00:00:00+00:00 /entries/Physical_Quantities.html 2020-10-20T00:00:00+00:00 /authors/fosters/ 2020-10-20T00:00:00+00:00 /authors/diaz/ 2020-10-12T00:00:00+00:00 /entries/Finite-Map-Extras.html 2020-10-12T00:00:00+00:00 /entries/Shadow_DOM.html 2020-09-28T00:00:00+00:00 /entries/Shadow_SC_DOM.html 2020-09-28T00:00:00+00:00 /entries/SC_DOM_Components.html 2020-09-28T00:00:00+00:00 /entries/DOM_Components.html 2020-09-28T00:00:00+00:00 /dependencies/core_dom/ 2020-09-28T00:00:00+00:00 /dependencies/core_sc_dom/ 2020-09-28T00:00:00+00:00 /authors/herzberg/ 2020-09-28T00:00:00+00:00 /dependencies/shadow_dom/ 2020-09-28T00:00:00+00:00 /dependencies/shadow_sc_dom/ 2020-09-28T00:00:00+00:00 /entries/Core_SC_DOM.html 2020-09-28T00:00:00+00:00 /entries/Goedel_Incompleteness.html 2020-09-16T00:00:00+00:00 /entries/Goedel_HFSet_Semantic.html 2020-09-16T00:00:00+00:00 /entries/Goedel_HFSet_Semanticless.html 2020-09-16T00:00:00+00:00 /dependencies/goedel_incompleteness/ 2020-09-16T00:00:00+00:00 /dependencies/hereditarilyfinite/ 2020-09-16T00:00:00+00:00 /dependencies/incompleteness/ 2020-09-16T00:00:00+00:00 /entries/Robinson_Arithmetic.html 2020-09-16T00:00:00+00:00 /entries/Syntax_Independent_Logic.html 2020-09-16T00:00:00+00:00 /dependencies/syntax_independent_logic/ 2020-09-16T00:00:00+00:00 /entries/Extended_Finite_State_Machines.html 2020-09-07T00:00:00+00:00 /authors/derrick/ 2020-09-07T00:00:00+00:00 /dependencies/extended_finite_state_machines/ 2020-09-07T00:00:00+00:00 /dependencies/finfun/ 2020-09-07T00:00:00+00:00 /authors/foster/ 2020-09-07T00:00:00+00:00 /entries/Extended_Finite_State_Machine_Inference.html 2020-09-07T00:00:00+00:00 /authors/taylor/ 2020-09-07T00:00:00+00:00 /authors/balbach/ 2020-08-31T00:00:00+00:00 /authors/fleury/ 2020-08-31T00:00:00+00:00 /authors/kaufmann/ 2020-08-31T00:00:00+00:00 /entries/PAC_Checker.html 2020-08-31T00:00:00+00:00 /dependencies/sepref_iicf/ 2020-08-31T00:00:00+00:00 /entries/Inductive_Inference.html 2020-08-31T00:00:00+00:00 /entries/Relational_Disjoint_Set_Forests.html 2020-08-26T00:00:00+00:00 /authors/blanchette/ 2020-08-25T00:00:00+00:00 /entries/Saturation_Framework_Extensions.html 2020-08-25T00:00:00+00:00 /dependencies/first_order_terms/ 2020-08-25T00:00:00+00:00 /authors/gammie/ 2020-08-25T00:00:00+00:00 /dependencies/holcf-prelude/ 2020-08-25T00:00:00+00:00 /dependencies/ordered_resolution_prover/ 2020-08-25T00:00:00+00:00 /entries/BirdKMP.html 2020-08-25T00:00:00+00:00 /dependencies/saturation_framework/ 2020-08-25T00:00:00+00:00 /authors/tourret/ 2020-08-25T00:00:00+00:00 /dependencies/well_quasi_orders/ 2020-08-25T00:00:00+00:00 /entries/Amicable_Numbers.html 2020-08-04T00:00:00+00:00 /dependencies/pratt_certificate/ 2020-08-04T00:00:00+00:00 /dependencies/nash_williams/ 2020-08-03T00:00:00+00:00 /entries/Ordinal_Partitions.html 2020-08-03T00:00:00+00:00 /entries/Chandy_Lamport.html 2020-07-21T00:00:00+00:00 /authors/fiedler/ 2020-07-21T00:00:00+00:00 /authors/hoefner/ 2020-07-13T00:00:00+00:00 /dependencies/relation_algebra/ 2020-07-13T00:00:00+00:00 /entries/Relational_Paths.html 2020-07-13T00:00:00+00:00 /entries/Safe_Distance.html 2020-06-01T00:00:00+00:00 /authors/immler/ 2020-06-01T00:00:00+00:00 /authors/rizaldi/ 2020-06-01T00:00:00+00:00 /dependencies/sturm_sequences/ 2020-06-01T00:00:00+00:00 /entries/Smith_Normal_Form.html 2020-05-23T00:00:00+00:00 /dependencies/perron_frobenius/ 2020-05-23T00:00:00+00:00 /entries/Nash_Williams.html 2020-05-16T00:00:00+00:00 /entries/Knuth_Bendix_Order.html 2020-05-13T00:00:00+00:00 /dependencies/matrix/ 2020-05-13T00:00:00+00:00 /entries/Irrational_Series_Erdos_Straus.html 2020-05-12T00:00:00+00:00 /dependencies/prime_distribution_elementary/ 2020-05-12T00:00:00+00:00 /dependencies/prime_number_theorem/ 2020-05-12T00:00:00+00:00 /authors/dunaev/ 2020-05-11T00:00:00+00:00 /entries/Recursion-Addition.html 2020-05-11T00:00:00+00:00 /entries/LTL_Normal_Form.html 2020-05-08T00:00:00+00:00 /dependencies/ltl/ 2020-05-08T00:00:00+00:00 /dependencies/ltl_master_theorem/ 2020-05-08T00:00:00+00:00 /authors/sickert/ 2020-05-08T00:00:00+00:00 /entries/Forcing.html 2020-05-06T00:00:00+00:00 /entries/Banach_Steinhaus.html 2020-05-02T00:00:00+00:00 /entries/Attack_Trees.html 2020-04-27T00:00:00+00:00 /authors/kammueller/ 2020-04-27T00:00:00+00:00 /entries/Gaussian_Integers.html 2020-04-24T00:00:00+00:00 /entries/Power_Sum_Polynomials.html 2020-04-24T00:00:00+00:00 /dependencies/symmetric_polynomials/ 2020-04-24T00:00:00+00:00 /entries/Lambert_W.html 2020-04-24T00:00:00+00:00 /dependencies/hybrid_systems_vcs/ 2020-04-19T00:00:00+00:00 /entries/Matrices_for_ODEs.html 2020-04-19T00:00:00+00:00 /authors/munive/ 2020-04-19T00:00:00+00:00 /entries/ADS_Functor.html 2020-04-16T00:00:00+00:00 /authors/maric/ 2020-04-16T00:00:00+00:00 /entries/Sliding_Window_Algorithm.html 2020-04-10T00:00:00+00:00 /authors/heimes/ 2020-04-10T00:00:00+00:00 /authors/schneider/ 2020-04-10T00:00:00+00:00 /entries/Saturation_Framework.html 2020-04-09T00:00:00+00:00 /entries/MFODL_Monitor_Optimized.html 2020-04-09T00:00:00+00:00 /dependencies/generic_join/ 2020-04-09T00:00:00+00:00 /dependencies/ieee_floating_point/ 2020-04-09T00:00:00+00:00 /dependencies/lambda_free_rpos/ 2020-04-09T00:00:00+00:00 /dependencies/mfotl_monitor/ 2020-04-09T00:00:00+00:00 /entries/Automated_Stateful_Protocol_Verification.html 2020-04-08T00:00:00+00:00 /authors/hess/ 2020-04-08T00:00:00+00:00 /authors/moedersheim/ 2020-04-08T00:00:00+00:00 /authors/schlichtkrull/ 2020-04-08T00:00:00+00:00 /entries/Stateful_Protocol_Composition_and_Typing.html 2020-04-08T00:00:00+00:00 /dependencies/stateful_protocol_composition_and_typing/ 2020-04-08T00:00:00+00:00 /entries/Lucas_Theorem.html 2020-04-07T00:00:00+00:00 /authors/gonzalez/ 2020-03-25T00:00:00+00:00 /entries/WOOT_Strong_Eventual_Consistency.html 2020-03-25T00:00:00+00:00 /entries/Furstenberg_Topology.html 2020-03-22T00:00:00+00:00 /entries/Relational-Incorrectness-Logic.html 2020-03-12T00:00:00+00:00 /authors/murray/ 2020-03-12T00:00:00+00:00 /authors/diekmann/ 2020-03-07T00:00:00+00:00 /entries/Hello_World.html 2020-03-07T00:00:00+00:00 /authors/hupel/ 2020-03-07T00:00:00+00:00 /entries/Goodstein_Lambda.html 2020-02-21T00:00:00+00:00 /entries/VeriComp.html 2020-02-10T00:00:00+00:00 /entries/Arith_Prog_Rel_Primes.html 2020-02-01T00:00:00+00:00 /entries/Subset_Boolean_Algebras.html 2020-01-31T00:00:00+00:00 /authors/moeller/ 2020-01-31T00:00:00+00:00 /dependencies/stone_algebras/ 2020-01-31T00:00:00+00:00 /entries/Mersenne_Primes.html 2020-01-17T00:00:00+00:00 /dependencies/pell/ 2020-01-17T00:00:00+00:00 /dependencies/probabilistic_prime_tests/ 2020-01-17T00:00:00+00:00 /authors/essmann/ 2020-01-16T00:00:00+00:00 /authors/robillard/ 2020-01-16T00:00:00+00:00 /entries/Approximation_Algorithms.html 2020-01-16T00:00:00+00:00 /dependencies/akra_bazzi/ 2020-01-13T00:00:00+00:00 /entries/Closest_Pair_Points.html 2020-01-13T00:00:00+00:00 /authors/rau/ 2020-01-13T00:00:00+00:00 /dependencies/root_balanced_tree/ 2020-01-13T00:00:00+00:00 /authors/haslbeck/ 2020-01-09T00:00:00+00:00 /dependencies/monad_normalisation/ 2020-01-09T00:00:00+00:00 /entries/Skip_Lists.html 2020-01-09T00:00:00+00:00 /entries/Bicategory.html 2020-01-06T00:00:00+00:00 /dependencies/monoidalcategory/ 2020-01-06T00:00:00+00:00 /dependencies/e_transcendental/ 2019-12-27T00:00:00+00:00 /entries/Zeta_3_Irrational.html 2019-12-27T00:00:00+00:00 /entries/Hybrid_Logic.html 2019-12-20T00:00:00+00:00 /dependencies/hol-ode-numerics/ 2019-12-18T00:00:00+00:00 /entries/Poincare_Bendixson.html 2019-12-18T00:00:00+00:00 /authors/boutry/ 2019-12-16T00:00:00+00:00 /entries/Complex_Geometry.html 2019-12-16T00:00:00+00:00 /authors/maricf/ 2019-12-16T00:00:00+00:00 /entries/Poincare_Disc.html 2019-12-16T00:00:00+00:00 /authors/simic/ 2019-12-16T00:00:00+00:00 /dependencies/dirichlet_l/ 2019-12-10T00:00:00+00:00 /entries/Gauss_Sums.html 2019-12-10T00:00:00+00:00 /authors/raya/ 2019-12-10T00:00:00+00:00 /entries/Generalized_Counting_Sort.html 2019-12-04T00:00:00+00:00 /authors/bohrer/ 2019-11-27T00:00:00+00:00 /entries/Interval_Arithmetic_Word32.html 2019-11-27T00:00:00+00:00 /entries/ZFC_in_HOL.html 2019-10-24T00:00:00+00:00 /entries/Isabelle_C.html 2019-10-22T00:00:00+00:00 /authors/tuong/ 2019-10-22T00:00:00+00:00 /entries/VerifyThis2019.html 2019-10-16T00:00:00+00:00 /authors/wimmer/ 2019-10-16T00:00:00+00:00 /entries/Aristotles_Assertoric_Syllogistic.html 2019-10-08T00:00:00+00:00 /authors/butler/ 2019-10-07T00:00:00+00:00 /dependencies/crypthol/ 2019-10-07T00:00:00+00:00 /entries/Sigma_Commit_Crypto.html 2019-10-07T00:00:00+00:00 /entries/Clean.html 2019-10-04T00:00:00+00:00 /entries/Generic_Join.html 2019-09-16T00:00:00+00:00 /dependencies/kad/ 2019-09-10T00:00:00+00:00 /dependencies/kat_and_dra/ 2019-09-10T00:00:00+00:00 /dependencies/ordinary_differential_equations/ 2019-09-10T00:00:00+00:00 /dependencies/transformer_semantics/ 2019-09-10T00:00:00+00:00 /entries/Hybrid_Systems_VCs.html 2019-09-10T00:00:00+00:00 /entries/Fourier.html 2019-09-06T00:00:00+00:00 /entries/Jacobson_Basic_Algebra.html 2019-08-30T00:00:00+00:00 /authors/ballarin/ 2019-08-30T00:00:00+00:00 /entries/Adaptive_State_Counting.html 2019-08-16T00:00:00+00:00 /dependencies/transition_systems_and_automata/ 2019-08-16T00:00:00+00:00 /entries/Laplace_Transform.html 2019-08-14T00:00:00+00:00 /authors/buyse/ 2019-08-06T00:00:00+00:00 /entries/C2KA_DistributedSystems.html 2019-08-06T00:00:00+00:00 /dependencies/farkas/ 2019-08-06T00:00:00+00:00 /authors/jaskolka/ 2019-08-06T00:00:00+00:00 /authors/kaliszyk/ 2019-08-06T00:00:00+00:00 /entries/Linear_Programming.html 2019-08-06T00:00:00+00:00 /authors/parsert/ 2019-08-06T00:00:00+00:00 /entries/IMO2019.html 2019-08-05T00:00:00+00:00 /authors/losa/ 2019-08-01T00:00:00+00:00 /entries/Stellar_Quorums.html 2019-08-01T00:00:00+00:00 /entries/TESL_Language.html 2019-07-30T00:00:00+00:00 /authors/van/ 2019-07-30T00:00:00+00:00 /entries/Szpilrajn.html 2019-07-27T00:00:00+00:00 /authors/stevens/ 2019-07-27T00:00:00+00:00 /authors/zeller/ 2019-07-27T00:00:00+00:00 /entries/FOL_Seq_Calc1.html 2019-07-18T00:00:00+00:00 /entries/CakeML_Codegen.html 2019-07-08T00:00:00+00:00 /dependencies/cakeml/ 2019-07-08T00:00:00+00:00 /dependencies/constructor_funs/ 2019-07-08T00:00:00+00:00 /dependencies/dict_construction/ 2019-07-08T00:00:00+00:00 /dependencies/higher_order_terms/ 2019-07-08T00:00:00+00:00 /dependencies/huffman/ 2019-07-08T00:00:00+00:00 /dependencies/pairing_heap/ 2019-07-08T00:00:00+00:00 /entries/MFOTL_Monitor.html 2019-07-04T00:00:00+00:00 /entries/Complete_Non_Orders.html 2019-06-27T00:00:00+00:00 /authors/dubut/ 2019-06-27T00:00:00+00:00 /entries/Priority_Search_Trees.html 2019-06-25T00:00:00+00:00 /dependencies/priority_search_trees/ 2019-06-25T00:00:00+00:00 /entries/Prim_Dijkstra_Simple.html 2019-06-25T00:00:00+00:00 /entries/Linear_Inequalities.html 2019-06-21T00:00:00+00:00 /authors/reynaud/ 2019-06-21T00:00:00+00:00 /entries/Nullstellensatz.html 2019-06-16T00:00:00+00:00 /authors/maletzky/ 2019-06-16T00:00:00+00:00 /entries/Groebner_Macaulay.html 2019-06-15T00:00:00+00:00 /entries/IMP2_Binary_Heap.html 2019-06-13T00:00:00+00:00 /authors/griebel/ 2019-06-13T00:00:00+00:00 /dependencies/imp2/ 2019-06-13T00:00:00+00:00 /entries/Differential_Game_Logic.html 2019-06-03T00:00:00+00:00 /dependencies/median_of_medians_selection/ 2019-05-30T00:00:00+00:00 /entries/KD_Tree.html 2019-05-30T00:00:00+00:00 /entries/LambdaAuth.html 2019-05-14T00:00:00+00:00 /authors/aspinall/ 2019-05-09T00:00:00+00:00 /entries/Multi_Party_Computation.html 2019-05-09T00:00:00+00:00 /entries/HOL-CSP.html 2019-04-26T00:00:00+00:00 /entries/LTL_Master_Theorem.html 2019-04-16T00:00:00+00:00 /authors/seidl/ 2019-04-16T00:00:00+00:00 /entries/Binding_Syntax_Theory.html 2019-04-06T00:00:00+00:00 /authors/gheri/ 2019-04-06T00:00:00+00:00 /entries/Transcendence_Series_Hancl_Rucki.html 2019-03-27T00:00:00+00:00 /dependencies/deep_learning/ 2019-03-24T00:00:00+00:00 /authors/liu/ 2019-03-24T00:00:00+00:00 /authors/liut/ 2019-03-24T00:00:00+00:00 /authors/liy/ 2019-03-24T00:00:00+00:00 /entries/QHLProver.html 2019-03-24T00:00:00+00:00 /authors/wang/ 2019-03-24T00:00:00+00:00 /authors/ying/ 2019-03-24T00:00:00+00:00 /authors/yingm/ 2019-03-24T00:00:00+00:00 /authors/zhan/ 2019-03-24T00:00:00+00:00 /authors/zhann/ 2019-03-24T00:00:00+00:00 /authors/nikiforov/ 2019-03-09T00:00:00+00:00 /entries/Safe_OCL.html 2019-03-09T00:00:00+00:00 /entries/Prime_Distribution_Elementary.html 2019-02-21T00:00:00+00:00 /dependencies/zeta_function/ 2019-02-21T00:00:00+00:00 /authors/biendarra/ 2019-02-14T00:00:00+00:00 /authors/haslbeckm/ 2019-02-14T00:00:00+00:00 /entries/Kruskal.html 2019-02-14T00:00:00+00:00 /dependencies/matroids/ 2019-02-14T00:00:00+00:00 /dependencies/refine_monadic/ 2019-02-14T00:00:00+00:00 /entries/Probabilistic_Prime_Tests.html 2019-02-11T00:00:00+00:00 /authors/stuewe/ 2019-02-11T00:00:00+00:00 /entries/Universal_Turing_Machine.html 2019-02-08T00:00:00+00:00 /authors/urban/ 2019-02-08T00:00:00+00:00 /authors/xu/ 2019-02-08T00:00:00+00:00 /authors/zhangx/ 2019-02-08T00:00:00+00:00 /entries/UTP.html 2019-02-01T00:00:00+00:00 /authors/nemouchi/ 2019-02-01T00:00:00+00:00 /dependencies/optics/ 2019-02-01T00:00:00+00:00 /authors/ribeiro/ 2019-02-01T00:00:00+00:00 /entries/List_Inversions.html 2019-02-01T00:00:00+00:00 /dependencies/utp-toolkit/ 2019-02-01T00:00:00+00:00 /authors/zeyda/ 2019-02-01T00:00:00+00:00 /entries/Farkas.html 2019-01-17T00:00:00+00:00 /dependencies/simplex/ 2019-01-17T00:00:00+00:00 /entries/Higher_Order_Terms.html 2019-01-15T00:00:00+00:00 /entries/IMP2.html 2019-01-15T00:00:00+00:00 /entries/Store_Buffer_Reduction.html 2019-01-07T00:00:00+00:00 /authors/cohen/ 2019-01-07T00:00:00+00:00 /authors/schirmer/ 2019-01-07T00:00:00+00:00 /entries/Core_DOM.html 2018-12-26T00:00:00+00:00 /entries/Concurrent_Revisions.html 2018-12-25T00:00:00+00:00 /authors/overbeek/ 2018-12-25T00:00:00+00:00 /dependencies/auto2_hol/ 2018-12-21T00:00:00+00:00 /entries/Auto2_Imperative_HOL.html 2018-12-21T00:00:00+00:00 /entries/Constructive_Cryptography.html 2018-12-17T00:00:00+00:00 /dependencies/kleene_algebra/ 2018-12-11T00:00:00+00:00 /dependencies/order_lattice_props/ 2018-12-11T00:00:00+00:00 /entries/Order_Lattice_Props.html 2018-12-11T00:00:00+00:00 /dependencies/quantales/ 2018-12-11T00:00:00+00:00 /entries/Quantales.html 2018-12-11T00:00:00+00:00 /authors/struth/ 2018-12-11T00:00:00+00:00 /entries/Transformer_Semantics.html 2018-12-11T00:00:00+00:00 /entries/Functional_Ordered_Resolution_Prover.html 2018-11-23T00:00:00+00:00 /entries/Graph_Saturation.html 2018-11-23T00:00:00+00:00 /dependencies/open_induction/ 2018-11-23T00:00:00+00:00 /entries/Auto2_HOL.html 2018-11-20T00:00:00+00:00 /authors/keinholz/ 2018-11-16T00:00:00+00:00 /entries/Matroids.html 2018-11-16T00:00:00+00:00 /entries/Generic_Deriving.html 2018-11-06T00:00:00+00:00 /authors/raedle/ 2018-11-06T00:00:00+00:00 /entries/GewirthPGCProof.html 2018-10-30T00:00:00+00:00 /entries/Epistemic_Logic.html 2018-10-29T00:00:00+00:00 /entries/Smooth_Manifolds.html 2018-10-22T00:00:00+00:00 /authors/bentkamp/ 2018-10-19T00:00:00+00:00 /entries/Lambda_Free_EPO.html 2018-10-19T00:00:00+00:00 /dependencies/random_bsts/ 2018-10-19T00:00:00+00:00 /entries/Randomised_BSTs.html 2018-10-19T00:00:00+00:00 /entries/Factored_Transition_System_Bounding.html 2018-10-12T00:00:00+00:00 /entries/Pi_Transcendental.html 2018-09-28T00:00:00+00:00 /entries/Symmetric_Polynomials.html 2018-09-25T00:00:00+00:00 /entries/Signature_Groebner.html 2018-09-20T00:00:00+00:00 /entries/Prime_Number_Theorem.html 2018-09-19T00:00:00+00:00 /entries/Aggregation_Algebras.html 2018-09-15T00:00:00+00:00 /entries/Octonions.html 2018-09-14T00:00:00+00:00 /entries/Quaternions.html 2018-09-05T00:00:00+00:00 /entries/Budan_Fourier.html 2018-09-02T00:00:00+00:00 /entries/Simplex.html 2018-08-24T00:00:00+00:00 /authors/spasic/ 2018-08-24T00:00:00+00:00 /dependencies/abstract-rewriting/ 2018-08-14T00:00:00+00:00 /entries/Minsky_Machines.html 2018-08-14T00:00:00+00:00 /dependencies/recursion-theory-i/ 2018-08-14T00:00:00+00:00 /entries/DiscretePricing.html 2018-07-16T00:00:00+00:00 /dependencies/first_welfare_theorem/ 2018-07-04T00:00:00+00:00 /entries/Neumann_Morgenstern_Utility.html 2018-07-04T00:00:00+00:00 /entries/Pell.html 2018-06-23T00:00:00+00:00 /entries/Projective_Geometry.html 2018-06-14T00:00:00+00:00 /entries/Localization_Ring.html 2018-06-14T00:00:00+00:00 /authors/brunner/ 2018-06-05T00:00:00+00:00 /dependencies/coinductive/ 2018-06-05T00:00:00+00:00 /entries/Partial_Order_Reduction.html 2018-06-05T00:00:00+00:00 /dependencies/stuttering_equivalence/ 2018-06-05T00:00:00+00:00 /dependencies/monad_memo_dp/ 2018-05-27T00:00:00+00:00 /entries/Optimal_BST.html 2018-05-27T00:00:00+00:00 /authors/somogyi/ 2018-05-27T00:00:00+00:00 /entries/Hidden_Markov_Models.html 2018-05-25T00:00:00+00:00 /dependencies/markov_models/ 2018-05-25T00:00:00+00:00 /authors/hoelzl/ 2018-05-24T00:00:00+00:00 /entries/Probabilistic_Timed_Automata.html 2018-05-24T00:00:00+00:00 /dependencies/timed_automata/ 2018-05-24T00:00:00+00:00 /entries/AxiomaticCategoryTheory.html 2018-05-23T00:00:00+00:00 /entries/Irrationality_J_Hancl.html 2018-05-23T00:00:00+00:00 /authors/scott/ 2018-05-23T00:00:00+00:00 /authors/hu/ 2018-05-22T00:00:00+00:00 /entries/Monad_Memo_DP.html 2018-05-22T00:00:00+00:00 /authors/beresford/ 2018-05-10T00:00:00+00:00 /authors/gomes/ 2018-05-10T00:00:00+00:00 /authors/kleppmann/ 2018-05-10T00:00:00+00:00 /authors/mulligan/ 2018-05-10T00:00:00+00:00 /entries/OpSets.html 2018-05-10T00:00:00+00:00 /entries/Modular_Assembly_Kit_Security.html 2018-05-07T00:00:00+00:00 /authors/bracevac/ 2018-05-07T00:00:00+00:00 /authors/gay/ 2018-05-07T00:00:00+00:00 /authors/grewe/ 2018-05-07T00:00:00+00:00 /authors/mantel/ 2018-05-07T00:00:00+00:00 /authors/sudbrock/ 2018-05-07T00:00:00+00:00 /authors/tasch/ 2018-05-07T00:00:00+00:00 /authors/watt/ 2018-04-29T00:00:00+00:00 /entries/WebAssembly.html 2018-04-29T00:00:00+00:00 /entries/VerifyThis2018.html 2018-04-27T00:00:00+00:00 /entries/BNF_CC.html 2018-04-24T00:00:00+00:00 /authors/brandt/ 2018-03-22T00:00:00+00:00 /dependencies/randomised_social_choice/ 2018-03-22T00:00:00+00:00 /authors/saile/ 2018-03-22T00:00:00+00:00 /authors/stricker/ 2018-03-22T00:00:00+00:00 /entries/Fishburn_Impossibility.html 2018-03-22T00:00:00+00:00 /authors/dirix/ 2018-03-13T00:00:00+00:00 /entries/Weight_Balanced_Trees.html 2018-03-13T00:00:00+00:00 /entries/CakeML.html 2018-03-12T00:00:00+00:00 /dependencies/lem/ 2018-03-12T00:00:00+00:00 /authors/zhang/ 2018-03-12T00:00:00+00:00 /entries/Architectural_Design_Patterns.html 2018-03-01T00:00:00+00:00 /dependencies/dynamicarchitectures/ 2018-03-01T00:00:00+00:00 /entries/Hoare_Time.html 2018-02-26T00:00:00+00:00 /dependencies/separation_algebra/ 2018-02-26T00:00:00+00:00 /entries/LLL_Factorization.html 2018-02-06T00:00:00+00:00 /dependencies/comparison_sort_lower_bound/ 2018-02-06T00:00:00+00:00 /entries/First_Order_Terms.html 2018-02-06T00:00:00+00:00 /dependencies/landau_symbols/ 2018-02-06T00:00:00+00:00 /entries/Error_Function.html 2018-02-06T00:00:00+00:00 /entries/Treaps.html 2018-02-06T00:00:00+00:00 /entries/LLL_Basis_Reduction.html 2018-02-02T00:00:00+00:00 /entries/Ordered_Resolution_Prover.html 2018-01-18T00:00:00+00:00 /authors/waldmann/ 2018-01-18T00:00:00+00:00 /authors/gouezel/ 2018-01-16T00:00:00+00:00 /entries/Gromov_Hyperbolicity.html 2018-01-16T00:00:00+00:00 /entries/Green.html 2018-01-11T00:00:00+00:00 /dependencies/affine_arithmetic/ 2018-01-08T00:00:00+00:00 /entries/Taylor_Models.html 2018-01-08T00:00:00+00:00 /authors/traut/ 2018-01-08T00:00:00+00:00 /dependencies/discrete_summation/ 2017-12-22T00:00:00+00:00 /entries/Falling_Factorial_Sum.html 2017-12-22T00:00:00+00:00 /entries/Dirichlet_L.html 2017-12-21T00:00:00+00:00 /dependencies/finitely_generated_abelian_groups/ 2017-12-21T00:00:00+00:00 /entries/Mason_Stothers.html 2017-12-21T00:00:00+00:00 /entries/Median_Of_Medians_Selection.html 2017-12-21T00:00:00+00:00 /entries/BNF_Operations.html 2017-12-19T00:00:00+00:00 /authors/hellauer/ 2017-12-18T00:00:00+00:00 /entries/Knuth_Morris_Pratt.html 2017-12-18T00:00:00+00:00 /entries/Stochastic_Matrices.html 2017-11-22T00:00:00+00:00 /dependencies/crdt/ 2017-11-09T00:00:00+00:00 /authors/jungnickel/ 2017-11-09T00:00:00+00:00 /authors/loibl/ 2017-11-09T00:00:00+00:00 /authors/oldenburg/ 2017-11-09T00:00:00+00:00 /entries/IMAP-CRDT.html 2017-11-09T00:00:00+00:00 /entries/Hybrid_Multi_Lane_Spatial_Logic.html 2017-11-06T00:00:00+00:00 /authors/linker/ 2017-11-06T00:00:00+00:00 /authors/gioiosa/ 2017-10-26T00:00:00+00:00 /entries/Kuratowski_Closure_Complement.html 2017-10-26T00:00:00+00:00 /entries/Buchi_Complementation.html 2017-10-19T00:00:00+00:00 /dependencies/dfs_framework/ 2017-10-19T00:00:00+00:00 /dependencies/gabow_scc/ 2017-10-19T00:00:00+00:00 /entries/Transition_Systems_and_Automata.html 2017-10-19T00:00:00+00:00 /entries/Count_Complex_Roots.html 2017-10-17T00:00:00+00:00 /entries/Winding_Number_Eval.html 2017-10-17T00:00:00+00:00 /dependencies/winding_number_eval/ 2017-10-17T00:00:00+00:00 /entries/Diophantine_Eqns_Lin_Hom.html 2017-10-14T00:00:00+00:00 /authors/messner/ 2017-10-14T00:00:00+00:00 /authors/schoepf/ 2017-10-14T00:00:00+00:00 /dependencies/count_complex_roots/ 2017-10-12T00:00:00+00:00 /entries/Dirichlet_Series.html 2017-10-12T00:00:00+00:00 /dependencies/euler_maclaurin/ 2017-10-12T00:00:00+00:00 /entries/Linear_Recurrences.html 2017-10-12T00:00:00+00:00 /dependencies/linear_recurrences/ 2017-10-12T00:00:00+00:00 /entries/Zeta_Function.html 2017-10-12T00:00:00+00:00 /entries/Lowe_Ontological_Argument.html 2017-09-21T00:00:00+00:00 /authors/kirchner/ 2017-09-17T00:00:00+00:00 /entries/PLM.html 2017-09-17T00:00:00+00:00 /entries/AnselmGod.html 2017-09-06T00:00:00+00:00 /entries/First_Welfare_Theorem.html 2017-09-01T00:00:00+00:00 /dependencies/amortized_complexity/ 2017-08-20T00:00:00+00:00 /entries/Orbit_Stabiliser.html 2017-08-20T00:00:00+00:00 /entries/Root_Balanced_Tree.html 2017-08-20T00:00:00+00:00 /authors/matache/ 2017-08-16T00:00:00+00:00 /entries/LambdaMu.html 2017-08-16T00:00:00+00:00 /entries/Stewart_Apollonius.html 2017-07-31T00:00:00+00:00 /dependencies/triangle/ 2017-07-31T00:00:00+00:00 /entries/DynamicArchitectures.html 2017-07-28T00:00:00+00:00 /entries/Decl_Sem_Fun_PL.html 2017-07-21T00:00:00+00:00 /authors/siek/ 2017-07-21T00:00:00+00:00 /authors/breitner/ 2017-07-15T00:00:00+00:00 /entries/HOLCF-Prelude.html 2017-07-15T00:00:00+00:00 /authors/huffman/ 2017-07-15T00:00:00+00:00 /authors/mitchell/ 2017-07-15T00:00:00+00:00 /entries/Minkowskis_Theorem.html 2017-07-13T00:00:00+00:00 /authors/rawson/ 2017-07-09T00:00:00+00:00 /entries/Name_Carrying_Type_Inference.html 2017-07-09T00:00:00+00:00 /entries/CRDT.html 2017-07-07T00:00:00+00:00 /entries/Stone_Kleene_Relation_Algebras.html 2017-07-06T00:00:00+00:00 /dependencies/stone_relation_algebras/ 2017-07-06T00:00:00+00:00 /entries/Propositional_Proof_Systems.html 2017-06-21T00:00:00+00:00 /authors/dongol/ 2017-06-13T00:00:00+00:00 /authors/hayes/ 2017-06-13T00:00:00+00:00 /entries/PSemigroupsConvolution.html 2017-06-13T00:00:00+00:00 /entries/Buffons_Needle.html 2017-06-06T00:00:00+00:00 /dependencies/cava_automata/ 2017-06-01T00:00:00+00:00 /entries/Flow_Networks.html 2017-06-01T00:00:00+00:00 /dependencies/flow_networks/ 2017-06-01T00:00:00+00:00 /entries/Prpu_Maxflow.html 2017-06-01T00:00:00+00:00 /dependencies/program-conflict-analysis/ 2017-06-01T00:00:00+00:00 /entries/Optics.html 2017-05-25T00:00:00+00:00 /entries/Security_Protocol_Refinement.html 2017-05-24T00:00:00+00:00 /entries/Dict_Construction.html 2017-05-24T00:00:00+00:00 /dependencies/lazy_case/ 2017-05-24T00:00:00+00:00 /authors/somaini/ 2017-05-24T00:00:00+00:00 /entries/Floyd_Warshall.html 2017-05-08T00:00:00+00:00 /dependencies/applicative_lifting/ 2017-05-05T00:00:00+00:00 /authors/bhatt/ 2017-05-05T00:00:00+00:00 /entries/CryptHOL.html 2017-05-05T00:00:00+00:00 /entries/Monomorphic_Monad.html 2017-05-05T00:00:00+00:00 /entries/Game_Based_Crypto.html 2017-05-05T00:00:00+00:00 /dependencies/mfmc_countable/ 2017-05-05T00:00:00+00:00 /entries/Monad_Normalisation.html 2017-05-05T00:00:00+00:00 /dependencies/monomorphic_monad/ 2017-05-05T00:00:00+00:00 /entries/Probabilistic_While.html 2017-05-05T00:00:00+00:00 /dependencies/probabilistic_while/ 2017-05-05T00:00:00+00:00 /dependencies/category3/ 2017-05-04T00:00:00+00:00 /entries/MonoidalCategory.html 2017-05-04T00:00:00+00:00 /entries/Types_Tableaus_and_Goedels_God.html 2017-05-01T00:00:00+00:00 /entries/LocalLexing.html 2017-04-28T00:00:00+00:00 /authors/obua/ 2017-04-28T00:00:00+00:00 /entries/Constructor_Funs.html 2017-04-19T00:00:00+00:00 /entries/Lazy_Case.html 2017-04-18T00:00:00+00:00 /entries/Subresultants.html 2017-04-06T00:00:00+00:00 /entries/Random_BSTs.html 2017-04-04T00:00:00+00:00 /dependencies/quick_sort_cost/ 2017-04-04T00:00:00+00:00 /entries/Comparison_Sort_Lower_Bound.html 2017-03-15T00:00:00+00:00 /dependencies/regular-sets/ 2017-03-15T00:00:00+00:00 /entries/Quick_Sort_Cost.html 2017-03-15T00:00:00+00:00 /entries/Euler_MacLaurin.html 2017-03-10T00:00:00+00:00 /authors/berghofer/ 2017-02-28T00:00:00+00:00 /entries/Elliptic_Curves_Group_Law.html 2017-02-28T00:00:00+00:00 /authors/dittmann/ 2017-02-26T00:00:00+00:00 /entries/Menger.html 2017-02-26T00:00:00+00:00 /entries/Differential_Dynamic_Logic.html 2017-02-13T00:00:00+00:00 /entries/Abstract_Soundness.html 2017-02-10T00:00:00+00:00 /entries/Stone_Relation_Algebras.html 2017-02-07T00:00:00+00:00 /authors/lallemand/ 2017-01-31T00:00:00+00:00 /entries/Key_Agreement_Strong_Adversaries.html 2017-01-31T00:00:00+00:00 /entries/Bernoulli.html 2017-01-24T00:00:00+00:00 /entries/Bertrands_Postulate.html 2017-01-17T00:00:00+00:00 /dependencies/formal_ssa/ 2017-01-17T00:00:00+00:00 /authors/lohner/ 2017-01-17T00:00:00+00:00 /entries/Minimal_SSA.html 2017-01-17T00:00:00+00:00 /authors/wagner/ 2017-01-17T00:00:00+00:00 /entries/E_Transcendental.html 2017-01-12T00:00:00+00:00 /authors/bruegger/ 2017-01-08T00:00:00+00:00 /entries/UPF_Firewall.html 2017-01-08T00:00:00+00:00 /dependencies/upf/ 2017-01-08T00:00:00+00:00 /entries/Password_Authentication_Protocol.html 2017-01-03T00:00:00+00:00 /entries/FOL_Harrison.html 2017-01-01T00:00:00+00:00 /authors/jensen/ 2017-01-01T00:00:00+00:00 /entries/Concurrent_Ref_Alg.html 2016-12-30T00:00:00+00:00 /authors/fell/ 2016-12-30T00:00:00+00:00 /authors/velykis/ 2016-12-30T00:00:00+00:00 /dependencies/bell_numbers_spivey/ 2016-12-29T00:00:00+00:00 /dependencies/card_multisets/ 2016-12-29T00:00:00+00:00 /dependencies/card_number_partitions/ 2016-12-29T00:00:00+00:00 /entries/Twelvefold_Way.html 2016-12-29T00:00:00+00:00 /authors/nagashima/ 2016-12-20T00:00:00+00:00 /entries/Proof_Strategy_Language.html 2016-12-20T00:00:00+00:00 /entries/Paraconsistency.html 2016-12-07T00:00:00+00:00 /authors/amani/ 2016-11-29T00:00:00+00:00 /authors/andronick/ 2016-11-29T00:00:00+00:00 /entries/Complx.html 2016-11-29T00:00:00+00:00 /authors/lewis/ 2016-11-29T00:00:00+00:00 /authors/rizkallah/ 2016-11-29T00:00:00+00:00 /authors/tuongj/ 2016-11-29T00:00:00+00:00 /entries/Abs_Int_ITP2012.html 2016-11-23T00:00:00+00:00 /authors/clouston/ 2016-11-16T00:00:00+00:00 /authors/gore/ 2016-11-16T00:00:00+00:00 /authors/hou/ 2016-11-16T00:00:00+00:00 /authors/sanan/ 2016-11-16T00:00:00+00:00 /entries/Separata.html 2016-11-16T00:00:00+00:00 /authors/tiu/ 2016-11-16T00:00:00+00:00 /authors/becker/ 2016-11-12T00:00:00+00:00 /entries/Lambda_Free_KBOs.html 2016-11-12T00:00:00+00:00 /entries/Nested_Multisets_Ordinals.html 2016-11-12T00:00:00+00:00 /dependencies/ordinal/ 2016-11-12T00:00:00+00:00 /authors/wand/ 2016-11-12T00:00:00+00:00 /entries/Deep_Learning.html 2016-11-10T00:00:00+00:00 /authors/borgstroem/ 2016-10-25T00:00:00+00:00 /authors/eriksson/ 2016-10-25T00:00:00+00:00 /authors/gutkovas/ 2016-10-25T00:00:00+00:00 /entries/Modal_Logics_for_NTS.html 2016-10-25T00:00:00+00:00 /authors/parrow/ 2016-10-25T00:00:00+00:00 /authors/weber/ 2016-10-25T00:00:00+00:00 /entries/Stable_Matching.html 2016-10-24T00:00:00+00:00 /dependencies/iptables_semantics/ 2016-10-21T00:00:00+00:00 /entries/LOFT.html 2016-10-21T00:00:00+00:00 /entries/SPARCv8.html 2016-10-19T00:00:00+00:00 /authors/hibon/ 2016-10-19T00:00:00+00:00 /authors/liuy/ 2016-10-19T00:00:00+00:00 /entries/Source_Coding_Theorem.html 2016-10-19T00:00:00+00:00 /dependencies/efficient-mergesort/ 2016-10-14T00:00:00+00:00 /dependencies/subresultants/ 2016-10-14T00:00:00+00:00 /entries/Berlekamp_Zassenhaus.html 2016-10-14T00:00:00+00:00 /entries/Chord_Segments.html 2016-10-11T00:00:00+00:00 /entries/Lp.html 2016-10-05T00:00:00+00:00 /entries/Fisher_Yates.html 2016-09-30T00:00:00+00:00 /entries/Allen_Calculus.html 2016-09-29T00:00:00+00:00 /authors/ghourabi/ 2016-09-29T00:00:00+00:00 /entries/Lambda_Free_RPOs.html 2016-09-23T00:00:00+00:00 /entries/Iptables_Semantics.html 2016-09-09T00:00:00+00:00 /dependencies/iptables_semantics_examples/ 2016-09-09T00:00:00+00:00 /dependencies/routing/ 2016-09-09T00:00:00+00:00 /entries/SuperCalc.html 2016-09-06T00:00:00+00:00 /authors/peltier/ 2016-09-06T00:00:00+00:00 /entries/Stone_Algebras.html 2016-09-06T00:00:00+00:00 /entries/Stirling_Formula.html 2016-09-01T00:00:00+00:00 /entries/Routing.html 2016-08-31T00:00:00+00:00 /dependencies/simple_firewall/ 2016-08-31T00:00:00+00:00 /dependencies/ip_addresses/ 2016-08-24T00:00:00+00:00 /entries/Simple_Firewall.html 2016-08-24T00:00:00+00:00 /authors/aissat/ 2016-08-18T00:00:00+00:00 /entries/InfPathElimination.html 2016-08-18T00:00:00+00:00 /authors/voisin/ 2016-08-18T00:00:00+00:00 /entries/EdmondsKarp_Maxflow.html 2016-08-12T00:00:00+00:00 /dependencies/collections_examples/ 2016-08-08T00:00:00+00:00 /dependencies/dijkstra_shortest_path/ 2016-08-08T00:00:00+00:00 /dependencies/separation_logic_imperative_hol/ 2016-08-08T00:00:00+00:00 /dependencies/sepref_basic/ 2016-08-08T00:00:00+00:00 /entries/Refine_Imperative_HOL.html 2016-08-08T00:00:00+00:00 /entries/Ptolemys_Theorem.html 2016-08-07T00:00:00+00:00 /entries/Surprise_Paradox.html 2016-07-17T00:00:00+00:00 /authors/brinkop/ 2016-07-14T00:00:00+00:00 /entries/Pairing_Heap.html 2016-07-14T00:00:00+00:00 /entries/DFS_Framework.html 2016-07-05T00:00:00+00:00 /authors/neumann/ 2016-07-05T00:00:00+00:00 /entries/Buildings.html 2016-07-01T00:00:00+00:00 /authors/sylvestre/ 2016-07-01T00:00:00+00:00 /authors/nagele/ 2016-06-30T00:00:00+00:00 /authors/oostrom/ 2016-06-30T00:00:00+00:00 /entries/Resolution_FOL.html 2016-06-30T00:00:00+00:00 /entries/Rewriting_Z.html 2016-06-30T00:00:00+00:00 /entries/Dependent_SIFUM_Refinement.html 2016-06-28T00:00:00+00:00 /dependencies/dependent_sifum_type_systems/ 2016-06-28T00:00:00+00:00 /entries/IP_Addresses.html 2016-06-28T00:00:00+00:00 /authors/pierzchalski/ 2016-06-28T00:00:00+00:00 /authors/sison/ 2016-06-28T00:00:00+00:00 /entries/Card_Multisets.html 2016-06-26T00:00:00+00:00 /entries/Category3.html 2016-06-26T00:00:00+00:00 /entries/Dependent_SIFUM_Type_Systems.html 2016-06-25T00:00:00+00:00 /entries/Catalan_Numbers.html 2016-06-21T00:00:00+00:00 /entries/Algebraic_VCs.html 2016-06-18T00:00:00+00:00 /entries/Noninterference_Concurrent_Composition.html 2016-06-13T00:00:00+00:00 /dependencies/noninterference_sequential_composition/ 2016-06-13T00:00:00+00:00 /authors/beeren/ 2016-06-09T00:00:00+00:00 /authors/fernandez/ 2016-06-09T00:00:00+00:00 /entries/Word_Lib.html 2016-06-09T00:00:00+00:00 /authors/gao/ 2016-06-09T00:00:00+00:00 /authors/klein/ 2016-06-09T00:00:00+00:00 /authors/kolanski/ 2016-06-09T00:00:00+00:00 /authors/lim/ 2016-06-09T00:00:00+00:00 /authors/matichuk/ 2016-06-09T00:00:00+00:00 /authors/sewell/ 2016-06-09T00:00:00+00:00 /entries/Tree_Decomposition.html 2016-05-31T00:00:00+00:00 /authors/ausaf/ 2016-05-24T00:00:00+00:00 /entries/Card_Equiv_Relations.html 2016-05-24T00:00:00+00:00 /authors/dyckhoff/ 2016-05-24T00:00:00+00:00 /entries/Posix-Lexing.html 2016-05-24T00:00:00+00:00 /authors/kuncar/ 2016-05-20T00:00:00+00:00 /entries/Perron_Frobenius.html 2016-05-20T00:00:00+00:00 /dependencies/rank_nullity_theorem/ 2016-05-20T00:00:00+00:00 /entries/Incredible_Proof_Machine.html 2016-05-20T00:00:00+00:00 /entries/FLP.html 2016-05-18T00:00:00+00:00 /authors/bisping/ 2016-05-18T00:00:00+00:00 /authors/brodmann/ 2016-05-18T00:00:00+00:00 /authors/nestmann/ 2016-05-18T00:00:00+00:00 /authors/peters/ 2016-05-18T00:00:00+00:00 /authors/rickmann/ 2016-05-18T00:00:00+00:00 /authors/seidler/ 2016-05-18T00:00:00+00:00 /authors/stueber/ 2016-05-18T00:00:00+00:00 /authors/weidner/ 2016-05-18T00:00:00+00:00 /entries/MFMC_Countable.html 2016-05-09T00:00:00+00:00 /dependencies/edmondskarp_maxflow/ 2016-05-09T00:00:00+00:00 /entries/Randomised_Social_Choice.html 2016-05-05T00:00:00+00:00 /entries/Bell_Numbers_Spivey.html 2016-05-04T00:00:00+00:00 /entries/SDS_Impossibility.html 2016-05-04T00:00:00+00:00 /entries/Groebner_Bases.html 2016-05-02T00:00:00+00:00 /authors/nemeti/ 2016-04-28T00:00:00+00:00 /entries/No_FTL_observers.html 2016-04-28T00:00:00+00:00 /authors/stannett/ 2016-04-28T00:00:00+00:00 /entries/CYK.html 2016-04-27T00:00:00+00:00 /entries/ROBDD.html 2016-04-27T00:00:00+00:00 /entries/Noninterference_Sequential_Composition.html 2016-04-26T00:00:00+00:00 /dependencies/noninterference_ipurge_unwinding/ 2016-04-26T00:00:00+00:00 /entries/KAD.html 2016-04-12T00:00:00+00:00 /entries/PropResPI.html 2016-03-11T00:00:00+00:00 /entries/Cartan_FP.html 2016-03-08T00:00:00+00:00 /entries/Timed_Automata.html 2016-03-08T00:00:00+00:00 /dependencies/boolean_expression_checkers/ 2016-03-01T00:00:00+00:00 /entries/LTL.html 2016-03-01T00:00:00+00:00 /entries/List_Update.html 2016-02-17T00:00:00+00:00 /dependencies/slicing/ 2016-02-05T00:00:00+00:00 /authors/ullrich/ 2016-02-05T00:00:00+00:00 /entries/Formal_SSA.html 2016-02-05T00:00:00+00:00 /dependencies/partial_function_mr/ 2016-01-29T00:00:00+00:00 /entries/Polynomial_Factorization.html 2016-01-29T00:00:00+00:00 /entries/Polynomial_Interpolation.html 2016-01-29T00:00:00+00:00 /dependencies/sqrt_babylonian/ 2016-01-29T00:00:00+00:00 /entries/Knot_Theory.html 2016-01-20T00:00:00+00:00 /authors/prathamesh/ 2016-01-20T00:00:00+00:00 /entries/Matrix_Tensor.html 2016-01-18T00:00:00+00:00 /entries/Card_Number_Partitions.html 2016-01-14T00:00:00+00:00 /entries/Triangle.html 2015-12-28T00:00:00+00:00 /entries/Descartes_Sign_Rule.html 2015-12-28T00:00:00+00:00 /entries/Liouville_Numbers.html 2015-12-28T00:00:00+00:00 /entries/Prime_Harmonic_Series.html 2015-12-28T00:00:00+00:00 /entries/Algebraic_Numbers.html 2015-12-22T00:00:00+00:00 /entries/Applicative_Lifting.html 2015-12-22T00:00:00+00:00 /entries/Stern_Brocot.html 2015-12-22T00:00:00+00:00 /entries/Card_Partitions.html 2015-12-12T00:00:00+00:00 /entries/Latin_Square.html 2015-12-02T00:00:00+00:00 /dependencies/marriage/ 2015-12-02T00:00:00+00:00 /entries/Ergodic_Theory.html 2015-12-01T00:00:00+00:00 /entries/Euler_Partition.html 2015-11-19T00:00:00+00:00 /entries/TortoiseHare.html 2015-11-18T00:00:00+00:00 /dependencies/case_labeling/ 2015-11-11T00:00:00+00:00 /authors/noschinski/ 2015-11-11T00:00:00+00:00 /entries/Planarity_Certificates.html 2015-11-11T00:00:00+00:00 /dependencies/simpl/ 2015-11-11T00:00:00+00:00 /dependencies/transitive-closure/ 2015-11-11T00:00:00+00:00 /entries/Parity_Game.html 2015-11-02T00:00:00+00:00 /entries/Isabelle_Meta_Model.html 2015-09-16T00:00:00+00:00 /entries/LTL_to_DRA.html 2015-09-04T00:00:00+00:00 /dependencies/kbps/ 2015-09-04T00:00:00+00:00 /entries/Jordan_Normal_Form.html 2015-08-21T00:00:00+00:00 /entries/Decreasing-Diagrams-II.html 2015-08-20T00:00:00+00:00 /entries/Noninterference_Inductive_Unwinding.html 2015-08-18T00:00:00+00:00 /entries/Rep_Fin_Groups.html 2015-08-12T00:00:00+00:00 /entries/Encodability_Process_Calculi.html 2015-08-10T00:00:00+00:00 /authors/glabbeek/ 2015-08-10T00:00:00+00:00 /entries/Case_Labeling.html 2015-07-21T00:00:00+00:00 /entries/Landau_Symbols.html 2015-07-14T00:00:00+00:00 /entries/Akra_Bazzi.html 2015-07-14T00:00:00+00:00 /dependencies/echelon_form/ 2015-07-07T00:00:00+00:00 /entries/Hermite.html 2015-07-07T00:00:00+00:00 /entries/Derangements.html 2015-06-27T00:00:00+00:00 /entries/Multirelations.html 2015-06-11T00:00:00+00:00 /authors/furusawa/ 2015-06-11T00:00:00+00:00 /dependencies/list_interleaving/ 2015-06-11T00:00:00+00:00 /dependencies/noninterference_csp/ 2015-06-11T00:00:00+00:00 /entries/List_Interleaving.html 2015-06-11T00:00:00+00:00 /entries/Noninterference_Generic_Unwinding.html 2015-06-11T00:00:00+00:00 /entries/Noninterference_Ipurge_Unwinding.html 2015-06-11T00:00:00+00:00 /entries/Dynamic_Tables.html 2015-06-07T00:00:00+00:00 /dependencies/coinductive_languages/ 2015-05-28T00:00:00+00:00 /entries/Formula_Derivatives.html 2015-05-28T00:00:00+00:00 /dependencies/formula_derivatives/ 2015-05-28T00:00:00+00:00 /entries/Probabilistic_System_Zoo.html 2015-05-27T00:00:00+00:00 /authors/caminati/ 2015-04-30T00:00:00+00:00 /authors/kerber/ 2015-04-30T00:00:00+00:00 /authors/lange/ 2015-04-30T00:00:00+00:00 /authors/rowat/ 2015-04-30T00:00:00+00:00 /entries/Vickrey_Clarke_Groves.html 2015-04-30T00:00:00+00:00 /entries/Residuated_Lattices.html 2015-04-15T00:00:00+00:00 /entries/ConcurrentIMP.html 2015-04-13T00:00:00+00:00 /dependencies/concurrentimp/ 2015-04-13T00:00:00+00:00 /authors/engelhardt/ 2015-04-13T00:00:00+00:00 /authors/hosking/ 2015-04-13T00:00:00+00:00 /entries/ConcurrentGC.html 2015-04-13T00:00:00+00:00 /entries/Trie.html 2015-03-30T00:00:00+00:00 /entries/Consensus_Refined.html 2015-03-18T00:00:00+00:00 /dependencies/heard_of/ 2015-03-18T00:00:00+00:00 /entries/Deriving.html 2015-03-11T00:00:00+00:00 /dependencies/launchbury/ 2015-02-20T00:00:00+00:00 /entries/Call_Arity.html 2015-02-20T00:00:00+00:00 /dependencies/cayley_hamilton/ 2015-02-12T00:00:00+00:00 /entries/Echelon_Form.html 2015-02-12T00:00:00+00:00 /entries/QR_Decomposition.html 2015-02-12T00:00:00+00:00 /entries/Finite_Automata_HF.html 2015-02-05T00:00:00+00:00 /entries/UpDown_Scheme.html 2015-01-28T00:00:00+00:00 /entries/UPF.html 2014-11-28T00:00:00+00:00 /dependencies/awn/ 2014-10-23T00:00:00+00:00 /authors/bourke/ 2014-10-23T00:00:00+00:00 /entries/AODV.html 2014-10-23T00:00:00+00:00 /entries/Lifting_Definition_Option.html 2014-10-13T00:00:00+00:00 /authors/maximova/ 2014-10-10T00:00:00+00:00 /entries/Stream_Fusion_Code.html 2014-10-10T00:00:00+00:00 /entries/Density_Compiler.html 2014-10-09T00:00:00+00:00 /entries/RefinementReactive.html 2014-10-08T00:00:00+00:00 /authors/preoteasa/ 2014-10-08T00:00:00+00:00 /entries/Certification_Monads.html 2014-10-03T00:00:00+00:00 /entries/XML.html 2014-10-03T00:00:00+00:00 /entries/Imperative_Insertion_Sort.html 2014-09-25T00:00:00+00:00 /entries/Sturm_Tarski.html 2014-09-19T00:00:00+00:00 /authors/adelsberger/ 2014-09-15T00:00:00+00:00 /authors/hetzl/ 2014-09-15T00:00:00+00:00 /authors/pollak/ 2014-09-15T00:00:00+00:00 /entries/Cayley_Hamilton.html 2014-09-15T00:00:00+00:00 /authors/raumer/ 2014-09-09T00:00:00+00:00 /dependencies/secondary_sylow/ 2014-09-09T00:00:00+00:00 /entries/Jordan_Hoelder.html 2014-09-09T00:00:00+00:00 /entries/Priority_Queue_Braun.html 2014-09-04T00:00:00+00:00 /entries/Gauss_Jordan.html 2014-09-03T00:00:00+00:00 /authors/lee/ 2014-08-29T00:00:00+00:00 /entries/Special_Function_Bounds.html 2014-08-29T00:00:00+00:00 /entries/VectorSpace.html 2014-08-29T00:00:00+00:00 /entries/Skew_Heap.html 2014-08-13T00:00:00+00:00 /entries/Splay_Tree.html 2014-08-12T00:00:00+00:00 /entries/Show.html 2014-07-29T00:00:00+00:00 /authors/blasum/ 2014-07-18T00:00:00+00:00 /authors/feliachi/ 2014-07-18T00:00:00+00:00 /entries/CISC-Kernel.html 2014-07-18T00:00:00+00:00 /authors/havle/ 2014-07-18T00:00:00+00:00 /authors/langenstein/ 2014-07-18T00:00:00+00:00 /authors/schmaltz/ 2014-07-18T00:00:00+00:00 /authors/stephan/ 2014-07-18T00:00:00+00:00 /authors/tverdyshev/ 2014-07-18T00:00:00+00:00 /authors/cock/ 2014-07-13T00:00:00+00:00 /entries/pGCL.html 2014-07-13T00:00:00+00:00 /entries/Amortized_Complexity.html 2014-07-07T00:00:00+00:00 /dependencies/skew_heap/ 2014-07-07T00:00:00+00:00 /dependencies/splay_tree/ 2014-07-07T00:00:00+00:00 /entries/Network_Security_Policy_Verification.html 2014-07-04T00:00:00+00:00 /authors/coglio/ 2014-07-03T00:00:00+00:00 /entries/Pop_Refinement.html 2014-07-03T00:00:00+00:00 /entries/MSO_Regex_Equivalence.html 2014-06-12T00:00:00+00:00 /entries/Boolean_Expression_Checkers.html 2014-06-08T00:00:00+00:00 /entries/CAVA_LTL_Modelchecker.html 2014-05-28T00:00:00+00:00 /dependencies/cava_base/ 2014-05-28T00:00:00+00:00 /dependencies/cava_setup/ 2014-05-28T00:00:00+00:00 /entries/LTL_to_GBA.html 2014-05-28T00:00:00+00:00 /authors/esparza/ 2014-05-28T00:00:00+00:00 /dependencies/ltl_to_gba/ 2014-05-28T00:00:00+00:00 /dependencies/partial_order_reduction/ 2014-05-28T00:00:00+00:00 /dependencies/promela/ 2014-05-28T00:00:00+00:00 /entries/Promela.html 2014-05-28T00:00:00+00:00 /authors/schimpf/ 2014-05-28T00:00:00+00:00 /dependencies/sm/ 2014-05-28T00:00:00+00:00 /dependencies/sm_base/ 2014-05-28T00:00:00+00:00 /authors/smaus/ 2014-05-28T00:00:00+00:00 /entries/CAVA_Automata.html 2014-05-28T00:00:00+00:00 /entries/Gabow_SCC.html 2014-05-28T00:00:00+00:00 /entries/Noninterference_CSP.html 2014-05-23T00:00:00+00:00 /entries/Roy_Floyd_Warshall.html 2014-05-23T00:00:00+00:00 /authors/wenzel/ 2014-05-23T00:00:00+00:00 /entries/Regular_Algebras.html 2014-05-21T00:00:00+00:00 /entries/ComponentDependencies.html 2014-04-28T00:00:00+00:00 /authors/spichkova/ 2014-04-28T00:00:00+00:00 /entries/SIFUM_Type_Systems.html 2014-04-23T00:00:00+00:00 /entries/WHATandWHERE_Security.html 2014-04-23T00:00:00+00:00 /entries/Strong_Security.html 2014-04-23T00:00:00+00:00 /authors/lux/ 2014-04-23T00:00:00+00:00 /authors/sauer/ 2014-04-23T00:00:00+00:00 /authors/schoepe/ 2014-04-23T00:00:00+00:00 /dependencies/strong_security/ 2014-04-23T00:00:00+00:00 /entries/Bounded_Deducibility_Security.html 2014-04-22T00:00:00+00:00 /entries/HyperCTL.html 2014-04-16T00:00:00+00:00 /entries/Abstract_Completeness.html 2014-04-16T00:00:00+00:00 /authors/rabe/ 2014-04-16T00:00:00+00:00 /entries/Discrete_Summation.html 2014-04-13T00:00:00+00:00 /authors/haftmann/ 2014-04-13T00:00:00+00:00 /entries/GPU_Kernel_PL.html 2014-04-03T00:00:00+00:00 /authors/wickerson/ 2014-04-03T00:00:00+00:00 /entries/Probabilistic_Noninterference.html 2014-03-11T00:00:00+00:00 /entries/AWN.html 2014-03-08T00:00:00+00:00 /entries/Partial_Function_MR.html 2014-02-18T00:00:00+00:00 /entries/Random_Graph_Subgraph_Threshold.html 2014-02-13T00:00:00+00:00 /authors/petrovic/ 2014-02-11T00:00:00+00:00 /entries/Selection_Heap_Sort.html 2014-02-11T00:00:00+00:00 /entries/Affine_Arithmetic.html 2014-02-07T00:00:00+00:00 /entries/Real_Impl.html 2014-02-06T00:00:00+00:00 /entries/Regex_Equivalence.html 2014-01-30T00:00:00+00:00 /entries/Secondary_Sylow.html 2014-01-28T00:00:00+00:00 /authors/armstrong/ 2014-01-25T00:00:00+00:00 /entries/Relation_Algebra.html 2014-01-25T00:00:00+00:00 /entries/KAT_and_DRA.html 2014-01-23T00:00:00+00:00 /entries/Featherweight_OCL.html 2014-01-16T00:00:00+00:00 /entries/CryptoBasedCompositionalProperties.html 2014-01-11T00:00:00+00:00 /entries/Sturm_Sequences.html 2014-01-11T00:00:00+00:00 /entries/Tail_Recursive_Functions.html 2013-12-01T00:00:00+00:00 /entries/Incompleteness.html 2013-11-17T00:00:00+00:00 /entries/HereditarilyFinite.html 2013-11-17T00:00:00+00:00 /entries/Coinductive_Languages.html 2013-11-15T00:00:00+00:00 /entries/FocusStreamsCaseStudies.html 2013-11-14T00:00:00+00:00 /entries/GoedelGod.html 2013-11-12T00:00:00+00:00 /authors/paleo/ 2013-11-12T00:00:00+00:00 /entries/Decreasing-Diagrams.html 2013-11-01T00:00:00+00:00 /authors/zankl/ 2013-11-01T00:00:00+00:00 /entries/Automatic_Refinement.html 2013-10-02T00:00:00+00:00 /entries/Native_Word.html 2013-09-17T00:00:00+00:00 /entries/IEEE_Floating_Point.html 2013-07-27T00:00:00+00:00 /authors/yu/ 2013-07-27T00:00:00+00:00 /dependencies/lehmer/ 2013-07-22T00:00:00+00:00 /entries/Lehmer.html 2013-07-22T00:00:00+00:00 /entries/Pratt_Certificate.html 2013-07-22T00:00:00+00:00 /entries/Koenigsberg_Friendship.html 2013-07-19T00:00:00+00:00 /entries/Sort_Encodings.html 2013-06-27T00:00:00+00:00 /entries/ShortestPath.html 2013-05-22T00:00:00+00:00 /entries/Graph_Theory.html 2013-04-28T00:00:00+00:00 /dependencies/finger-trees/ 2013-04-15T00:00:00+00:00 /entries/Containers.html 2013-04-15T00:00:00+00:00 /dependencies/trie/ 2013-04-15T00:00:00+00:00 /entries/Nominal2.html 2013-02-21T00:00:00+00:00 /entries/Launchbury.html 2013-01-31T00:00:00+00:00 /entries/Ribbon_Proofs.html 2013-01-19T00:00:00+00:00 /entries/Rank_Nullity_Theorem.html 2013-01-16T00:00:00+00:00 /entries/Kleene_Algebra.html 2013-01-15T00:00:00+00:00 /dependencies/cauchy/ 2013-01-03T00:00:00+00:00 /entries/Sqrt_Babylonian.html 2013-01-03T00:00:00+00:00 /entries/Separation_Logic_Imperative_HOL.html 2012-11-14T00:00:00+00:00 /authors/meis/ 2012-11-14T00:00:00+00:00 /authors/ogawa/ 2012-11-02T00:00:00+00:00 /entries/Open_Induction.html 2012-11-02T00:00:00+00:00 /authors/makarios/ 2012-10-30T00:00:00+00:00 /entries/Tarskis_Geometry.html 2012-10-30T00:00:00+00:00 /authors/avigad/ 2012-10-27T00:00:00+00:00 /entries/Bondy.html 2012-10-27T00:00:00+00:00 /entries/Possibilistic_Noninterference.html 2012-09-10T00:00:00+00:00 /entries/Datatype_Order_Generator.html 2012-08-07T00:00:00+00:00 /entries/Impossible_Geometry.html 2012-08-05T00:00:00+00:00 /authors/romanos/ 2012-08-05T00:00:00+00:00 /authors/debrat/ 2012-07-27T00:00:00+00:00 /entries/Heard_Of.html 2012-07-27T00:00:00+00:00 /entries/PCF.html 2012-07-01T00:00:00+00:00 /entries/Tycon.html 2012-06-26T00:00:00+00:00 /authors/bengtson/ 2012-05-29T00:00:00+00:00 /entries/CCS.html 2012-05-29T00:00:00+00:00 /entries/Psi_Calculi.html 2012-05-29T00:00:00+00:00 /entries/Pi_Calculus.html 2012-05-29T00:00:00+00:00 /authors/gaudel/ 2012-05-27T00:00:00+00:00 /entries/Circus.html 2012-05-27T00:00:00+00:00 /authors/boyton/ 2012-05-11T00:00:00+00:00 /entries/Separation_Algebra.html 2012-05-11T00:00:00+00:00 /entries/Stuttering_Equivalence.html 2012-05-07T00:00:00+00:00 /authors/bella/ 2012-05-02T00:00:00+00:00 /entries/Inductive_Confidentiality.html 2012-05-02T00:00:00+00:00 /dependencies/lorenz_approximation/ 2012-04-26T00:00:00+00:00 /entries/Ordinary_Differential_Equations.html 2012-04-26T00:00:00+00:00 /entries/Well_Quasi_Orders.html 2012-04-13T00:00:00+00:00 /entries/Abortable_Linearizable_Modules.html 2012-03-01T00:00:00+00:00 /authors/guerraoui/ 2012-03-01T00:00:00+00:00 /authors/kuncak/ 2012-03-01T00:00:00+00:00 /entries/Transitive-Closure-II.html 2012-02-29T00:00:00+00:00 /entries/Girth_Chromatic.html 2012-02-06T00:00:00+00:00 /entries/Dijkstra_Shortest_Path.html 2012-01-30T00:00:00+00:00 /entries/Refine_Monadic.html 2012-01-30T00:00:00+00:00 /dependencies/gauss-jordan-elim-fun/ 2012-01-03T00:00:00+00:00 /entries/Markov_Models.html 2012-01-03T00:00:00+00:00 /entries/TLA.html 2011-11-19T00:00:00+00:00 /authors/grov/ 2011-11-19T00:00:00+00:00 /entries/Efficient-Mergesort.html 2011-11-09T00:00:00+00:00 /entries/MonoBoolTranAlgebra.html 2011-09-22T00:00:00+00:00 /authors/georgescu/ 2011-09-22T00:00:00+00:00 /entries/LatticeProperties.html 2011-09-22T00:00:00+00:00 /dependencies/latticeproperties/ 2011-09-22T00:00:00+00:00 /authors/leustean/ 2011-09-22T00:00:00+00:00 /entries/PseudoHoops.html 2011-09-22T00:00:00+00:00 /entries/Myhill-Nerode.html 2011-08-26T00:00:00+00:00 /authors/wu/ 2011-08-26T00:00:00+00:00 /entries/Gauss-Jordan-Elim-Fun.html 2011-08-19T00:00:00+00:00 /entries/Max-Card-Matching.html 2011-07-21T00:00:00+00:00 /entries/KBPs.html 2011-05-17T00:00:00+00:00 /entries/General-Triangle.html 2011-04-01T00:00:00+00:00 /entries/Transitive-Closure.html 2011-03-14T00:00:00+00:00 /entries/AutoFocus-Stream.html 2011-02-23T00:00:00+00:00 /entries/List-Infinite.html 2011-02-23T00:00:00+00:00 /entries/Nat-Interval-Logic.html 2011-02-23T00:00:00+00:00 /dependencies/list-infinite/ 2011-02-23T00:00:00+00:00 /dependencies/nat-interval-logic/ 2011-02-23T00:00:00+00:00 /authors/trachtenherz/ 2011-02-23T00:00:00+00:00 /entries/LightweightJava.html 2011-02-07T00:00:00+00:00 /authors/parkinson/ 2011-02-07T00:00:00+00:00 /authors/strnisa/ 2011-02-07T00:00:00+00:00 /entries/RIPEMD-160-SPARK.html 2011-01-10T00:00:00+00:00 /authors/grechuk/ 2011-01-08T00:00:00+00:00 /entries/Lower_Semicontinuous.html 2011-01-08T00:00:00+00:00 /entries/Marriage.html 2010-12-17T00:00:00+00:00 /authors/jiangd/ 2010-12-17T00:00:00+00:00 /entries/Shivers-CFA.html 2010-11-16T00:00:00+00:00 /entries/Binomial-Heaps.html 2010-10-28T00:00:00+00:00 /entries/Finger-Trees.html 2010-10-28T00:00:00+00:00 /entries/Binomial-Queues.html 2010-10-28T00:00:00+00:00 /authors/koerner/ 2010-10-28T00:00:00+00:00 /authors/nielsen/ 2010-10-28T00:00:00+00:00 /authors/doczkal/ 2010-08-29T00:00:00+00:00 /entries/Lam-ml-Normalization.html 2010-08-29T00:00:00+00:00 /entries/Polynomials.html 2010-08-10T00:00:00+00:00 /entries/Statecharts.html 2010-08-08T00:00:00+00:00 /authors/helke/ 2010-08-08T00:00:00+00:00 /entries/Free-Groups.html 2010-06-24T00:00:00+00:00 /entries/Category2.html 2010-06-20T00:00:00+00:00 /authors/katovsky/ 2010-06-20T00:00:00+00:00 /entries/Matrix.html 2010-06-17T00:00:00+00:00 /entries/Abstract-Rewriting.html 2010-06-14T00:00:00+00:00 /authors/back/ 2010-05-28T00:00:00+00:00 /dependencies/datarefinementibp/ 2010-05-28T00:00:00+00:00 /entries/DataRefinementIBP.html 2010-05-28T00:00:00+00:00 /entries/GraphMarkingIBP.html 2010-05-28T00:00:00+00:00 /entries/Robbins-Conjecture.html 2010-05-22T00:00:00+00:00 /authors/krauss/ 2010-05-12T00:00:00+00:00 /entries/Regular-Sets.html 2010-05-12T00:00:00+00:00 /authors/henrio/ 2010-04-30T00:00:00+00:00 /entries/Locally-Nameless-Sigma.html 2010-04-30T00:00:00+00:00 /authors/lutz/ 2010-04-30T00:00:00+00:00 /authors/sudhof/ 2010-04-30T00:00:00+00:00 /entries/Free-Boolean-Algebra.html 2010-03-29T00:00:00+00:00 /dependencies/hrb-slicing/ 2010-03-23T00:00:00+00:00 /entries/InformationFlowSlicing.html 2010-03-23T00:00:00+00:00 /entries/InformationFlowSlicing_Inter.html 2010-03-23T00:00:00+00:00 /authors/wasserrab/ 2010-03-23T00:00:00+00:00 /entries/List-Index.html 2010-02-20T00:00:00+00:00 /entries/Coinductive.html 2010-02-12T00:00:00+00:00 /entries/DPT-SAT-Solver.html 2009-12-09T00:00:00+00:00 /authors/heller/ 2009-12-09T00:00:00+00:00 /entries/Presburger-Automata.html 2009-12-03T00:00:00+00:00 /authors/reiter/ 2009-12-03T00:00:00+00:00 /dependencies/binomial-heaps/ 2009-11-25T00:00:00+00:00 /entries/Collections.html 2009-11-25T00:00:00+00:00 /entries/Tree-Automata.html 2009-11-25T00:00:00+00:00 /authors/ijbema/ 2009-11-22T00:00:00+00:00 /entries/Perfect-Number-Thm.html 2009-11-22T00:00:00+00:00 /entries/HRB-Slicing.html 2009-11-13T00:00:00+00:00 /entries/WorkerWrapper.html 2009-10-30T00:00:00+00:00 /entries/Ordinals_and_Cardinals.html 2009-09-01T00:00:00+00:00 /authors/chapman/ 2009-08-28T00:00:00+00:00 /entries/SequentInvertibility.html 2009-08-28T00:00:00+00:00 /entries/CofGroups.html 2009-08-04T00:00:00+00:00 /authors/kastermans/ 2009-08-04T00:00:00+00:00 /entries/FinFun.html 2009-05-06T00:00:00+00:00 /entries/Stream-Fusion.html 2009-04-29T00:00:00+00:00 /entries/BytecodeLogicJmlTypes.html 2008-12-12T00:00:00+00:00 /authors/beringer/ 2008-12-12T00:00:00+00:00 /authors/hofmann/ 2008-12-12T00:00:00+00:00 /entries/SIFPL.html 2008-11-10T00:00:00+00:00 /entries/SenSocialChoice.html 2008-11-09T00:00:00+00:00 /entries/FunWithTilings.html 2008-11-07T00:00:00+00:00 /entries/Huffman.html 2008-10-15T00:00:00+00:00 /entries/Slicing.html 2008-09-16T00:00:00+00:00 /entries/VolpanoSmith.html 2008-09-02T00:00:00+00:00 /authors/snelting/ 2008-09-02T00:00:00+00:00 /entries/ArrowImpossibilityGS.html 2008-09-01T00:00:00+00:00 /entries/FunWithFunctions.html 2008-08-26T00:00:00+00:00 /entries/SATSolverVerification.html 2008-07-23T00:00:00+00:00 /authors/nedzelsky/ 2008-04-05T00:00:00+00:00 /entries/Recursion-Theory-I.html 2008-04-05T00:00:00+00:00 /entries/Simpl.html 2008-02-29T00:00:00+00:00 /entries/BDD.html 2008-02-29T00:00:00+00:00 /authors/ortner/ 2008-02-29T00:00:00+00:00 /authors/aehlig/ 2008-02-18T00:00:00+00:00 /entries/NormByEval.html 2008-02-18T00:00:00+00:00 /entries/LinearQuantifierElim.html 2008-01-11T00:00:00+00:00 /entries/Program-Conflict-Analysis.html 2007-12-14T00:00:00+00:00 /authors/olm/ 2007-12-14T00:00:00+00:00 /entries/JinjaThreads.html 2007-12-03T00:00:00+00:00 /authors/boehme/ 2007-11-06T00:00:00+00:00 /entries/MuchAdoAboutTwo.html 2007-11-06T00:00:00+00:00 /entries/Fermat3_4.html 2007-08-12T00:00:00+00:00 /authors/oosterhuis/ 2007-08-12T00:00:00+00:00 /entries/SumSquares.html 2007-08-12T00:00:00+00:00 /entries/Valuation.html 2007-08-08T00:00:00+00:00 /dependencies/group-ring-module/ 2007-08-08T00:00:00+00:00 /authors/kobayashi/ 2007-08-08T00:00:00+00:00 /entries/FOL-Fitting.html 2007-08-02T00:00:00+00:00 /entries/POPLmark-deBruijn.html 2007-08-02T00:00:00+00:00 /entries/HotelKeyCards.html 2006-09-09T00:00:00+00:00 /entries/Abstract-Hoare-Logics.html 2006-08-08T00:00:00+00:00 /authors/bauer/ 2006-05-22T00:00:00+00:00 /entries/Flyspeck-Tame.html 2006-05-22T00:00:00+00:00 /dependencies/flyspeck-tame/ 2006-05-22T00:00:00+00:00 /entries/CoreC++.html 2006-05-15T00:00:00+00:00 /entries/FeatherweightJava.html 2006-03-31T00:00:00+00:00 /authors/fosterj/ 2006-03-31T00:00:00+00:00 /authors/vytiniotis/ 2006-03-31T00:00:00+00:00 /authors/barsotti/ 2006-03-15T00:00:00+00:00 /entries/ClockSynchInst.html 2006-03-15T00:00:00+00:00 /entries/Cauchy.html 2006-03-14T00:00:00+00:00 /authors/porter/ 2006-03-14T00:00:00+00:00 /entries/Ordinal.html 2005-11-11T00:00:00+00:00 /entries/FFT.html 2005-10-12T00:00:00+00:00 /entries/GenClock.html 2005-06-24T00:00:00+00:00 /authors/jaskelioff/ 2005-06-22T00:00:00+00:00 /entries/DiskPaxos.html 2005-06-22T00:00:00+00:00 /entries/JiveDataStoreModel.html 2005-06-20T00:00:00+00:00 /authors/rauch/ 2005-06-20T00:00:00+00:00 /entries/Jinja.html 2005-06-01T00:00:00+00:00 /authors/lindenberg/ 2005-05-02T00:00:00+00:00 /entries/RSAPSS.html 2005-05-02T00:00:00+00:00 /authors/wirt/ 2005-05-02T00:00:00+00:00 /entries/Category.html 2005-04-21T00:00:00+00:00 /authors/keefe/ 2005-04-21T00:00:00+00:00 /entries/FileRefinement.html 2004-12-09T00:00:00+00:00 /authors/zee/ 2004-12-09T00:00:00+00:00 /entries/Integration.html 2004-11-19T00:00:00+00:00 /authors/richter/ 2004-11-19T00:00:00+00:00 /entries/Verified-Prover.html 2004-09-28T00:00:00+00:00 /authors/ridge/ 2004-09-28T00:00:00+00:00 /entries/Completeness.html 2004-09-20T00:00:00+00:00 /authors/margetson/ 2004-09-20T00:00:00+00:00 /entries/Ramsey-Infinite.html 2004-09-20T00:00:00+00:00 /entries/Compiling-Exceptions-Correctly.html 2004-07-09T00:00:00+00:00 /entries/Depth-First-Search.html 2004-06-24T00:00:00+00:00 /authors/nishihara/ 2004-06-24T00:00:00+00:00 /authors/chen/ 2004-05-18T00:00:00+00:00 /entries/Group-Ring-Module.html 2004-05-18T00:00:00+00:00 /authors/murao/ 2004-05-18T00:00:00+00:00 /authors/friedrich/ 2004-04-26T00:00:00+00:00 /entries/Lazy-Lists-II.html 2004-04-26T00:00:00+00:00 /dependencies/lazy-lists-ii/ 2004-04-26T00:00:00+00:00 /entries/Topology.html 2004-04-26T00:00:00+00:00 /entries/BinarySearchTree.html 2004-04-05T00:00:00+00:00 /entries/Functional-Automata.html 2004-03-30T00:00:00+00:00 /entries/AVL-Trees.html 2004-03-19T00:00:00+00:00 /entries/MiniML.html 2004-03-19T00:00:00+00:00 /authors/naraschewski/ 2004-03-19T00:00:00+00:00 /authors/pusch/ 2004-03-19T00:00:00+00:00 /theories/abortable_linearizable_modules/ /about/ /theories/abs_int_itp2012/ /theories/abstract-hoare-logics/ /theories/abstract-rewriting/ /theories/abstract_completeness/ /theories/abstract_soundness/ /theories/ackermanns_not_pr/ /theories/actuarial_mathematics/ /theories/adaptive_state_counting/ /theories/ads_functor/ /theories/affine_arithmetic/ /theories/aggregation_algebras/ /theories/ai_planning_languages_semantics/ /theories/akra_bazzi/ /theories/algebraic_numbers/ /theories/algebraic_vcs/ /theories/allen_calculus/ /theories/amicable_numbers/ /theories/amortized_complexity/ /theories/anselmgod/ /theories/aodv/ /theories/applicative_lifting/ /theories/approximation_algorithms/ /theories/architectural_design_patterns/ /theories/aristotles_assertoric_syllogistic/ /theories/arith_prog_rel_primes/ /theories/arrowimpossibilitygs/ /theories/attack_trees/ /theories/auto2_hol/ /theories/auto2_imperative_hol/ /theories/autofocus-stream/ /theories/automated_stateful_protocol_verification/ /theories/automatic_refinement/ /theories/avl-trees/ /theories/awn/ /theories/axiomaticcategorytheory/ /theories/banach_steinhaus/ /theories/bd_security_compositional/ /theories/bdd/ /theories/belief_revision/ /theories/bell_numbers_spivey/ /theories/benor_kozen_reif/ /theories/berlekamp_zassenhaus/ /theories/bernoulli/ /theories/bertrands_postulate/ /theories/bicategory/ /theories/binarysearchtree/ /theories/binding_syntax_theory/ /theories/binomial-heaps/ /theories/binomial-queues/ /theories/birdkmp/ /theories/blue_eyes/ /theories/bnf_cc/ /theories/bnf_operations/ /theories/bondy/ /theories/boolean_expression_checkers/ /theories/boolos_curious_inference/ /theories/bounded_deducibility_security/ /theories/btree/ /theories/buchi_complementation/ /theories/budan_fourier/ /theories/buffons_needle/ /theories/buildings/ /theories/bytecodelogicjmltypes/ /theories/c2ka_distributedsystems/ /theories/cakeml/ /theories/cakeml_codegen/ /theories/call_arity/ /theories/card_equiv_relations/ /theories/card_multisets/ /theories/card_number_partitions/ /theories/card_partitions/ /theories/cartan_fp/ /theories/case_labeling/ /theories/catalan_numbers/ /theories/category/ /theories/category2/ /theories/category3/ /theories/cauchy/ /theories/cava_automata/ /theories/cava_base/ /theories/cava_ltl_modelchecker/ /theories/cava_setup/ /theories/cayley_hamilton/ /theories/ccs/ /theories/certification_monads/ /theories/chandy_lamport/ /theories/chord_segments/ /theories/circus/ /theories/cisc-kernel/ /theories/clean/ /theories/clique_and_monotone_circuits/ /theories/clocksynchinst/ /theories/closest_pair_points/ /theories/cocon/ /theories/cofgroups/ /theories/coinductive/ /theories/coinductive_languages/ /theories/collections/ /theories/collections_examples/ /theories/combinable_wands/ /theories/combinatorics_words/ /theories/combinatorics_words_graph_lemma/ /theories/combinatorics_words_lyndon/ /theories/commuting_hermitian/ /theories/comparison_sort_lower_bound/ /theories/compiling-exceptions-correctly/ /theories/complete_non_orders/ /theories/completeness/ /theories/complex_bounded_operators/ /theories/complex_geometry/ /theories/complx/ /theories/componentdependencies/ /topics/computer-science/algorithms/ /topics/computer-science/algorithms/approximation/ /topics/computer-science/algorithms/concurrent/ /topics/computer-science/algorithms/distributed/ /topics/computer-science/algorithms/geometry/ /topics/computer-science/algorithms/graph/ /topics/computer-science/algorithms/mathematical/ /topics/computer-science/algorithms/online/ /topics/computer-science/algorithms/optimization/ /topics/computer-science/algorithms/quantum-computing/ /topics/computer-science/artificial-intelligence/ /topics/computer-science/automata-and-formal-languages/ /topics/computer-science/concurrency/ /topics/computer-science/concurrency/process-calculi/ /topics/computer-science/data-structures/ /topics/computer-science/functional-programming/ /topics/computer-science/hardware/ /topics/computer-science/machine-learning/ /topics/computer-science/networks/ /topics/computer-science/programming-languages/ /topics/computer-science/programming-languages/compiling/ /topics/computer-science/programming-languages/lambda-calculi/ /topics/computer-science/programming-languages/language-definitions/ /topics/computer-science/programming-languages/logics/ /topics/computer-science/programming-languages/misc/ /topics/computer-science/programming-languages/static-analysis/ /topics/computer-science/programming-languages/type-systems/ /topics/computer-science/security/ /topics/computer-science/security/cryptography/ /topics/computer-science/semantics-and-reasoning/ /topics/computer-science/system-description-languages/ /theories/concurrent_ref_alg/ /theories/concurrent_revisions/ /theories/concurrentgc/ /theories/concurrentimp/ /theories/conditional_simplification/ /theories/conditional_transfer_rule/ /theories/consensus_refined/ /theories/constructive_cryptography/ /theories/constructive_cryptography_cm/ /theories/constructor_funs/ /theories/containers/ /theories/containers-benchmarks/ /theories/core_dom/ /theories/core_sc_dom/ /theories/corec++/ /theories/correctness_algebras/ /theories/cosmed/ /theories/cosmedis/ /theories/cotangent_pfd_formula/ /theories/count_complex_roots/ /theories/crdt/ /theories/crypthol/ /theories/cryptobasedcompositionalproperties/ /theories/crystals-kyber/ /theories/csp_reftk/ /theories/cubic_quartic_equations/ /theories/cyk/ /theories/czh_elementary_categories/ /theories/czh_foundations/ /theories/czh_universal_constructions/ /theories/datarefinementibp/ /theories/datatype_order_generator/ /theories/decl_sem_fun_pl/ /theories/decreasing-diagrams/ /theories/decreasing-diagrams-ii/ /theories/dedekind_real/ /theories/deep_learning/ /theories/delta_system_lemma/ /theories/density_compiler/ /theories/dependent_sifum_refinement/ /theories/dependent_sifum_type_systems/ /theories/depth-first-search/ /theories/derangements/ /theories/deriving/ /theories/descartes_sign_rule/ /theories/design_theory/ /theories/dfs_framework/ /theories/dict_construction/ /theories/differential_dynamic_logic/ /theories/differential_game_logic/ /theories/digit_expansions/ /theories/dijkstra_shortest_path/ /theories/diophantine_eqns_lin_hom/ /theories/dirichlet_l/ /theories/dirichlet_series/ /theories/discrete_summation/ /theories/discretepricing/ /theories/diskpaxos/ /theories/dom_components/ /theories/dominance_chk/ /download/ /theories/dprm_theorem/ /theories/dpt-sat-solver/ /theories/dynamic_tables/ /theories/dynamicarchitectures/ /theories/e_transcendental/ /theories/echelon_form/ /theories/edmondskarp_maxflow/ /theories/efficient-mergesort/ /theories/elliptic_curves_group_law/ /theories/encodability_process_calculi/ /submission/ /theories/epistemic_logic/ /theories/equivalence_relation_enumeration/ /theories/ergodic_theory/ /theories/error_function/ /theories/euler_maclaurin/ /theories/euler_partition/ /theories/eval_fo/ /theories/extended_finite_state_machine_inference/ /theories/extended_finite_state_machines/ /theories/factor_algebraic_polynomial/ /theories/factored_transition_system_bounding/ /theories/falling_factorial_sum/ /theories/farkas/ /theories/featherweight_ocl/ /theories/featherweightjava/ /theories/fermat3_4/ /theories/fft/ /theories/filerefinement/ /theories/finfun/ /theories/finger-trees/ /theories/finite-map-extras/ /theories/finite_automata_hf/ /theories/finite_fields/ /theories/finitely_generated_abelian_groups/ /theories/first_order_terms/ /theories/first_welfare_theorem/ /theories/fishburn_impossibility/ /theories/fisher_yates/ /theories/fishers_inequality/ /theories/flow_networks/ /theories/floyd_warshall/ /theories/flp/ /theories/flyspeck-tame/ /theories/flyspeck-tame-computation/ /theories/fo_theory_rewriting/ /theories/focusstreamscasestudies/ /theories/fol-fitting/ /theories/fol_axiomatic/ /theories/fol_harrison/ /theories/fol_seq_calc1/ /theories/fol_seq_calc2/ /theories/fol_seq_calc3/ /theories/forcing/ /theories/formal_puiseux_series/ /theories/formal_ssa/ /theories/formula_derivatives/ /theories/formula_derivatives-examples/ /theories/foundation_of_geometry/ /theories/fourier/ /theories/free-boolean-algebra/ /theories/free-groups/ /theories/frequency_moments/ /theories/fresh_identifiers/ /theories/fsm_tests/ /theories/functional-automata/ /theories/functional_ordered_resolution_prover/ /theories/funwithfunctions/ /theories/funwithtilings/ /theories/furstenberg_topology/ /theories/gabow_scc/ /theories/gale_shapley/ /theories/galestewart_games/ /theories/game_based_crypto/ /theories/gauss-jordan-elim-fun/ /theories/gauss_jordan/ /theories/gauss_sums/ /theories/gaussian_integers/ /theories/genclock/ /theories/general-triangle/ /theories/generalized_counting_sort/ /theories/generic_deriving/ /theories/generic_join/ /theories/gewirthpgcproof/ /theories/girth_chromatic/ /theories/goedel_hfset_semantic/ /theories/goedel_hfset_semanticless/ /theories/goedel_incompleteness/ /theories/goedelgod/ /theories/goodstein_lambda/ /theories/gpu_kernel_pl/ /theories/graph_saturation/ /theories/graph_theory/ /theories/graphmarkingibp/ /theories/green/ /theories/groebner_bases/ /theories/groebner_macaulay/ /theories/gromov_hyperbolicity/ /theories/grothendieck_schemes/ /theories/group-ring-module/ /theories/hahn_jordan_decomposition/ /theories/hales_jewett/ /theories/heard_of/ /theories/hello_world/ /help/ /theories/hereditarilyfinite/ /theories/hermite/ /theories/hermite_lindemann/ /theories/hidden_markov_models/ /theories/higher_order_terms/ /theories/hoare_time/ /theories/hol-csp/ /theories/hol-ode-arch-comp/ /theories/hol-ode-examples/ /theories/hol-ode-numerics/ /theories/holcf-prelude/ /theories/hood_melville_queue/ /theories/hotelkeycards/ /theories/hrb-slicing/ /theories/huffman/ /theories/hybrid_logic/ /theories/hybrid_multi_lane_spatial_logic/ /theories/hybrid_systems_vcs/ /theories/hyperctl/ /theories/hyperdual/ /theories/ieee_floating_point/ /theories/ifc_tracking/ /theories/imap-crdt/ /theories/imo2019/ /theories/imp2/ /theories/imp2_binary_heap/ /theories/imp_compiler/ /theories/imp_compiler_reuse/ /theories/imperative_insertion_sort/ /theories/implicational_logic/ /theories/impossible_geometry/ /theories/incompleteness/ /theories/incredible_proof_machine/ /theories/independence_ch/ /theories/inductive_confidentiality/ /theories/inductive_inference/ /theories/informationflowslicing/ /theories/informationflowslicing_inter/ /theories/infpathelimination/ /theories/integration/ /theories/interpolation_polynomials_hol_algebra/ /theories/interpreter_optimizations/ /theories/interval_arithmetic_word32/ /theories/intro_dest_elim/ /theories/involutions2squares/ /theories/ip_addresses/ /theories/iptables_semantics/ /theories/iptables_semantics_examples/ /theories/iptables_semantics_examples_big/ /theories/irrational_series_erdos_straus/ /theories/irrationality_j_hancl/ /theories/irrationals_from_thebook/ /theories/isabelle_c/ /theories/isabelle_marries_dirac/ /theories/isabelle_meta_model/ /theories/isageocoq/ /theories/isanet/ /theories/jacobson_basic_algebra/ /theories/jinja/ /theories/jinjadci/ /theories/jinjathreads/ /theories/jivedatastoremodel/ /theories/jordan_hoelder/ /theories/jordan_normal_form/ /theories/kad/ /theories/kat_and_dra/ /theories/kbps/ /theories/kd_tree/ /theories/key_agreement_strong_adversaries/ /theories/khovanskii_theorem/ /theories/kleene_algebra/ /theories/knights_tour/ /theories/knot_theory/ /theories/knuth_bendix_order/ /theories/knuth_morris_pratt/ /theories/koenigsberg_friendship/ /theories/kruskal/ /theories/kuratowski_closure_complement/ /theories/lam-ml-normalization/ /theories/lambda_free_epo/ /theories/lambda_free_kbos/ /theories/lambda_free_rpos/ /theories/lambdaauth/ /theories/lambdamu/ /theories/lambert_w/ /theories/landau_symbols/ /theories/laplace_transform/ /theories/latin_square/ /theories/latticeproperties/ /theories/launchbury/ /theories/laws_of_large_numbers/ /theories/lazy-lists-ii/ /theories/lazy_case/ /theories/lehmer/ /theories/lem/ /theories/lifting_definition_option/ /theories/lifting_the_exponent/ /theories/lightweightjava/ /theories/linear_inequalities/ /theories/linear_programming/ /theories/linear_recurrences/ /theories/linear_recurrences_solver/ /theories/linearquantifierelim/ /theories/liouville_numbers/ /theories/list-index/ /theories/list-infinite/ /theories/list_interleaving/ /theories/list_inversions/ /theories/list_update/ /theories/lll_basis_reduction/ /theories/lll_factorization/ /theories/localization_ring/ /theories/locallexing/ /theories/locally-nameless-sigma/ /theories/loft/ /theories/logging_independent_anonymity/ /topics/logic/computability/ /topics/logic/general-logic/ /topics/logic/general-logic/classical-first-order-logic/ /topics/logic/general-logic/classical-propositional-logic/ /topics/logic/general-logic/decidability-of-theories/ /topics/logic/general-logic/logics-of-knowledge-and-belief/ /topics/logic/general-logic/mechanization-of-proofs/ /topics/logic/general-logic/modal-logic/ /topics/logic/general-logic/paraconsistent-logics/ /topics/logic/general-logic/temporal-logic/ /topics/logic/philosophical-aspects/ /topics/logic/proof-theory/ /topics/logic/rewriting/ /topics/logic/set-theory/ /theories/lorenz_approximation/ /theories/lorenz_c0/ /theories/lorenz_c1/ /theories/lowe_ontological_argument/ /theories/lower_semicontinuous/ /theories/lp/ /theories/lp_duality/ /theories/ltl/ /theories/ltl_master_theorem/ /theories/ltl_normal_form/ /theories/ltl_to_dra/ /theories/ltl_to_gba/ /theories/lucas_theorem/ /theories/markov_models/ /theories/marriage/ /theories/mason_stothers/ /topics/mathematics/algebra/ /topics/mathematics/analysis/ /topics/mathematics/category-theory/ /topics/mathematics/combinatorics/ /topics/mathematics/games-and-economics/ /topics/mathematics/geometry/ /topics/mathematics/graph-theory/ /topics/mathematics/measure-and-integration/ /topics/mathematics/misc/ /topics/mathematics/number-theory/ /topics/mathematics/order/ /topics/mathematics/physics/ /topics/mathematics/physics/quantum-information/ /topics/mathematics/probability-theory/ /topics/mathematics/topology/ /theories/matrices_for_odes/ /theories/matrix/ /theories/matrix_tensor/ /theories/matroids/ /theories/max-card-matching/ /theories/mdp-algorithms/ /theories/mdp-rewards/ /theories/median_method/ /theories/median_of_medians_selection/ /theories/menger/ /theories/mereology/ /theories/mersenne_primes/ /theories/metalogic_proofchecker/ /theories/mfmc_countable/ /theories/mfodl_monitor_optimized/ /theories/mfotl_monitor/ /theories/minimal_ssa/ /theories/miniml/ /theories/minisail/ /theories/minkowskis_theorem/ /theories/minsky_machines/ /theories/modal_logics_for_nts/ /theories/modular_arithmetic_lll_and_hnf_algorithms/ /theories/modular_assembly_kit_security/ /theories/monad_memo_dp/ /theories/monad_normalisation/ /theories/monobooltranalgebra/ /theories/monoidalcategory/ /theories/monomorphic_monad/ /theories/mso_regex_equivalence/ /theories/muchadoabouttwo/ /theories/multi_party_computation/ /theories/multirelations/ /theories/multiset_ordering_npc/ /theories/myhill-nerode/ /theories/name_carrying_type_inference/ /theories/nano_json/ /theories/nash_williams/ /theories/nat-interval-logic/ /theories/native_word/ /theories/nested_multisets_ordinals/ /theories/network_security_policy_verification/ /theories/neumann_morgenstern_utility/ /theories/no_ftl_observers/ /theories/nominal2/ /theories/noninterference_concurrent_composition/ /theories/noninterference_csp/ /theories/noninterference_generic_unwinding/ /theories/noninterference_inductive_unwinding/ /theories/noninterference_ipurge_unwinding/ /theories/noninterference_sequential_composition/ /theories/normbyeval/ /theories/nullstellensatz/ /theories/number_theoretic_transform/ /theories/octonions/ /theories/old_datatype_show/ /theories/open_induction/ /theories/opsets/ /theories/optics/ /theories/optimal_bst/ /theories/orbit_stabiliser/ /theories/order_lattice_props/ /theories/ordered_resolution_prover/ /theories/ordinal/ /theories/ordinal_partitions/ /theories/ordinals_and_cardinals/ /theories/ordinary_differential_equations/ /theories/pac_checker/ /theories/package_logic/ /theories/padic_field/ /theories/padic_ints/ /theories/pairing_heap/ /theories/pal/ /theories/paraconsistency/ /theories/parity_game/ /theories/partial_function_mr/ /theories/partial_order_reduction/ /theories/password_authentication_protocol/ /theories/pcf/ /theories/pell/ /theories/perfect-number-thm/ /theories/perron_frobenius/ /theories/pgcl/ /theories/physical_quantities/ /theories/pi_calculus/ /theories/pi_transcendental/ /theories/planarity_certificates/ /theories/plm/ /theories/pluennecke_ruzsa_inequality/ /theories/poincare_bendixson/ /theories/poincare_disc/ /theories/polynomial_factorization/ /theories/polynomial_interpolation/ /theories/polynomials/ /theories/pop_refinement/ /theories/poplmark-debruijn/ /theories/posix-lexing/ /theories/possibilistic_noninterference/ /theories/power_sum_polynomials/ /theories/pratt_certificate/ /theories/prefix_free_code_combinators/ /theories/presburger-automata/ /theories/prim_dijkstra_simple/ /theories/prime_distribution_elementary/ /theories/prime_harmonic_series/ /theories/prime_number_theorem/ /theories/priority_queue_braun/ /theories/priority_search_trees/ /theories/probabilistic_noninterference/ /theories/probabilistic_prime_tests/ /theories/probabilistic_system_zoo/ /theories/probabilistic_timed_automata/ /theories/probabilistic_while/ /theories/program-conflict-analysis/ /theories/progress_tracking/ /theories/projective_geometry/ /theories/projective_measurements/ /theories/promela/ /theories/proof_strategy_language/ /theories/propositional_proof_systems/ /theories/proprespi/ /theories/prpu_maxflow/ /theories/psemigroupsconvolution/ /theories/pseudohoops/ /theories/psi_calculi/ /theories/ptolemys_theorem/ /theories/public_announcement_logic/ /theories/qhlprover/ /theories/qr_decomposition/ /theories/quantales/ /theories/quasi_borel_spaces/ /theories/quaternions/ /theories/quick_sort_cost/ /theories/ramsey-infinite/ /theories/random_bsts/ /theories/random_graph_subgraph_threshold/ /theories/randomised_bsts/ /theories/randomised_social_choice/ /theories/rank_nullity_theorem/ /theories/real_impl/ /theories/real_power/ /theories/real_time_deque/ /theories/recursion-addition/ /theories/recursion-theory-i/ /theories/refine_imperative_hol/ /theories/refine_monadic/ /theories/refinementreactive/ /theories/regex_equivalence/ /theories/registers/ /theories/regression_test_selection/ /theories/regular-sets/ /theories/regular_algebras/ /theories/regular_tree_relations/ /theories/relation_algebra/ /theories/relational-incorrectness-logic/ /theories/relational_disjoint_set_forests/ /theories/relational_forests/ /theories/relational_method/ /theories/relational_minimum_spanning_trees/ /theories/relational_paths/ /theories/rep_fin_groups/ /theories/residuated_lattices/ /theories/residuatedtransitionsystem/ /theories/resolution_fol/ /theories/rewrite_properties_reduction/ /theories/rewriting_z/ /theories/ribbon_proofs/ /theories/ripemd-160-spark/ /theories/risk_free_lending/ /theories/robbins-conjecture/ /theories/robdd/ /theories/robinson_arithmetic/ /theories/root_balanced_tree/ /theories/roth_arithmetic_progressions/ /theories/routing/ /theories/roy_floyd_warshall/ /theories/rsapss/ /theories/safe_distance/ /theories/safe_ocl/ + /theories/safe_range_rc/ + /theories/satsolververification/ /theories/saturation_framework/ /theories/saturation_framework_extensions/ /theories/sc_dom_components/ /theories/scc_bloemen_sequential/ /theories/schutz_spacetime/ /theories/sds_impossibility/ /search/ 0.1 /theories/secondary_sylow/ /theories/security_protocol_refinement/ /theories/selection_heap_sort/ /theories/sensocialchoice/ /theories/separata/ /theories/separation_algebra/ /theories/separation_logic_imperative_hol/ /theories/separation_logic_unbounded/ /theories/sepref_basic/ /theories/sepref_iicf/ /theories/sepref_prereq/ /theories/sequentinvertibility/ /theories/shadow_dom/ /theories/shadow_sc_dom/ /theories/shivers-cfa/ /theories/shortestpath/ /theories/show/ /theories/sifpl/ /theories/sifum_type_systems/ /theories/sigma_commit_crypto/ /theories/signature_groebner/ /theories/simpl/ /theories/simple_firewall/ /theories/simplex/ /theories/simplicial_complexes_and_boolean_functions/ /theories/simplifiedontologicalargument/ /theories/skew_heap/ /theories/skip_lists/ /theories/slicing/ /theories/sliding_window_algorithm/ /theories/sm/ /theories/sm_base/ /theories/smith_normal_form/ /theories/smooth_manifolds/ /theories/solidity/ /theories/sophomores_dream/ /theories/sort_encodings/ /theories/source_coding_theorem/ /theories/sparcv8/ /theories/speccheck/ /theories/special_function_bounds/ /theories/splay_tree/ /theories/sqrt_babylonian/ /theories/stable_matching/ /theories/stalnaker_logic/ /theories/statecharts/ /theories/stateful_protocol_composition_and_typing/ /statistics/ /theories/stellar_quorums/ /theories/stern_brocot/ /theories/stewart_apollonius/ /theories/stirling_formula/ /theories/stochastic_matrices/ /theories/stone_algebras/ /theories/stone_kleene_relation_algebras/ /theories/stone_relation_algebras/ /theories/store_buffer_reduction/ /theories/stream-fusion/ /theories/stream_fusion_code/ /theories/strong_security/ /theories/sturm_sequences/ /theories/sturm_tarski/ /theories/stuttering_equivalence/ /theories/subresultants/ /theories/subset_boolean_algebras/ /theories/sumsquares/ /theories/sunflowers/ /theories/supercalc/ /theories/surprise_paradox/ /theories/symmetric_polynomials/ /theories/syntax_independent_logic/ /theories/szemeredi_regularity/ /theories/szpilrajn/ /theories/tail_recursive_functions/ /theories/tarskis_geometry/ /theories/taylor_models/ /theories/tesl_language/ /theories/ /theories/three_circles/ /theories/timed_automata/ /theories/tla/ /theories/topological_semantics/ /theories/topology/ /theories/tortoisehare/ /theories/transcendence_series_hancl_rucki/ /theories/transformer_semantics/ /theories/transition_systems_and_automata/ /theories/transitive-closure/ /theories/transitive-closure-ii/ /theories/transitive_models/ /theories/treaps/ /theories/tree-automata/ /theories/tree_decomposition/ /theories/triangle/ /theories/trie/ /theories/twelvefold_way/ /theories/tycon/ /theories/types_tableaus_and_goedels_god/ /theories/types_to_sets_extension/ /theories/universal_hash_families/ /theories/universal_turing_machine/ /theories/updown_scheme/ /theories/upf/ /theories/upf_firewall/ /theories/utp/ /theories/utp-toolkit/ /theories/valuation/ /theories/van_der_waerden/ /theories/van_emde_boas_trees/ /theories/vectorspace/ /theories/vericomp/ /theories/verified-prover/ /theories/verified_sat_based_ai_planning/ /theories/verifythis2018/ /theories/verifythis2019/ /theories/vickrey_clarke_groves/ /theories/virtual_substitution/ /theories/volpanosmith/ /theories/vydra_mdl/ /theories/webassembly/ /theories/weight_balanced_trees/ /theories/weighted_arithmetic_geometric_mean/ /theories/weighted_path_order/ /theories/well_quasi_orders/ /theories/wetzels_problem/ /theories/whatandwhere_security/ /theories/winding_number_eval/ /theories/woot_strong_eventual_consistency/ /theories/word_lib/ /theories/workerwrapper/ /theories/x86_semantics/ /theories/xml/ /theories/youngs_inequality/ /theories/zeta_3_irrational/ /theories/zeta_function/ /theories/zfc_in_hol/ diff --git a/web/statistics/index.html b/web/statistics/index.html --- a/web/statistics/index.html +++ b/web/statistics/index.html @@ -1,337 +1,337 @@ Statistics - Archive of Formal Proofs - + - +

Statistics

- + - + - +
705706 Entries
426 Authors
~217,200~217,700 Lemmas
~3,569,400~3,572,500 Lines of Code

Most used AFP entries:

- + - + - - + + - - + +
Name Used by ? entries
1. List-Index2122
2. Collections1819
3. Show 16
4.Coinductive12Deriving13
5.Deriving12Coinductive12
6. Jordan_Normal_Form 12
7. Polynomial_Factorization 12
8. Regular-Sets 12
9. Landau_Symbols 11
10. Abstract-Rewriting 10
11. Automatic_Refinement 10
12. Native_Word 10

Growth in number of entries:

Growth in lines of code:

Growth in number of authors:

Size of entries:

\ No newline at end of file diff --git a/web/theories/index.xml b/web/theories/index.xml --- a/web/theories/index.xml +++ b/web/theories/index.xml @@ -1,6562 +1,6571 @@ Theories on Archive of Formal Proofs /theories/ Recent content in Theories on Archive of Formal Proofs Hugo -- gohugo.io en-gb Abortable_Linearizable_Modules /theories/abortable_linearizable_modules/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/abortable_linearizable_modules/ Abs_Int_ITP2012 /theories/abs_int_itp2012/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/abs_int_itp2012/ Abstract-Hoare-Logics /theories/abstract-hoare-logics/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/abstract-hoare-logics/ Abstract-Rewriting /theories/abstract-rewriting/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/abstract-rewriting/ Abstract_Completeness /theories/abstract_completeness/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/abstract_completeness/ Abstract_Soundness /theories/abstract_soundness/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/abstract_soundness/ Ackermanns_not_PR /theories/ackermanns_not_pr/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/ackermanns_not_pr/ Actuarial_Mathematics /theories/actuarial_mathematics/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/actuarial_mathematics/ Adaptive_State_Counting /theories/adaptive_state_counting/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/adaptive_state_counting/ ADS_Functor /theories/ads_functor/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/ads_functor/ Affine_Arithmetic /theories/affine_arithmetic/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/affine_arithmetic/ Aggregation_Algebras /theories/aggregation_algebras/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/aggregation_algebras/ AI_Planning_Languages_Semantics /theories/ai_planning_languages_semantics/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/ai_planning_languages_semantics/ Akra_Bazzi /theories/akra_bazzi/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/akra_bazzi/ Algebraic_Numbers /theories/algebraic_numbers/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/algebraic_numbers/ Algebraic_VCs /theories/algebraic_vcs/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/algebraic_vcs/ Allen_Calculus /theories/allen_calculus/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/allen_calculus/ Amicable_Numbers /theories/amicable_numbers/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/amicable_numbers/ Amortized_Complexity /theories/amortized_complexity/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/amortized_complexity/ AnselmGod /theories/anselmgod/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/anselmgod/ AODV /theories/aodv/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/aodv/ Applicative_Lifting /theories/applicative_lifting/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/applicative_lifting/ Approximation_Algorithms /theories/approximation_algorithms/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/approximation_algorithms/ Architectural_Design_Patterns /theories/architectural_design_patterns/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/architectural_design_patterns/ Aristotles_Assertoric_Syllogistic /theories/aristotles_assertoric_syllogistic/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/aristotles_assertoric_syllogistic/ Arith_Prog_Rel_Primes /theories/arith_prog_rel_primes/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/arith_prog_rel_primes/ ArrowImpossibilityGS /theories/arrowimpossibilitygs/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/arrowimpossibilitygs/ Attack_Trees /theories/attack_trees/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/attack_trees/ Auto2_HOL /theories/auto2_hol/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/auto2_hol/ Auto2_Imperative_HOL /theories/auto2_imperative_hol/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/auto2_imperative_hol/ AutoFocus-Stream /theories/autofocus-stream/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/autofocus-stream/ Automated_Stateful_Protocol_Verification /theories/automated_stateful_protocol_verification/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/automated_stateful_protocol_verification/ Automatic_Refinement /theories/automatic_refinement/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/automatic_refinement/ AVL-Trees /theories/avl-trees/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/avl-trees/ AWN /theories/awn/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/awn/ AxiomaticCategoryTheory /theories/axiomaticcategorytheory/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/axiomaticcategorytheory/ Banach_Steinhaus /theories/banach_steinhaus/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/banach_steinhaus/ BD_Security_Compositional /theories/bd_security_compositional/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/bd_security_compositional/ BDD /theories/bdd/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/bdd/ Belief_Revision /theories/belief_revision/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/belief_revision/ Bell_Numbers_Spivey /theories/bell_numbers_spivey/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/bell_numbers_spivey/ BenOr_Kozen_Reif /theories/benor_kozen_reif/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/benor_kozen_reif/ Berlekamp_Zassenhaus /theories/berlekamp_zassenhaus/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/berlekamp_zassenhaus/ Bernoulli /theories/bernoulli/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/bernoulli/ Bertrands_Postulate /theories/bertrands_postulate/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/bertrands_postulate/ Bicategory /theories/bicategory/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/bicategory/ BinarySearchTree /theories/binarysearchtree/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/binarysearchtree/ Binding_Syntax_Theory /theories/binding_syntax_theory/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/binding_syntax_theory/ Binomial-Heaps /theories/binomial-heaps/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/binomial-heaps/ Binomial-Queues /theories/binomial-queues/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/binomial-queues/ BirdKMP /theories/birdkmp/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/birdkmp/ Blue_Eyes /theories/blue_eyes/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/blue_eyes/ BNF_CC /theories/bnf_cc/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/bnf_cc/ BNF_Operations /theories/bnf_operations/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/bnf_operations/ Bondy /theories/bondy/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/bondy/ Boolean_Expression_Checkers /theories/boolean_expression_checkers/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/boolean_expression_checkers/ Boolos_Curious_Inference /theories/boolos_curious_inference/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/boolos_curious_inference/ Bounded_Deducibility_Security /theories/bounded_deducibility_security/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/bounded_deducibility_security/ BTree /theories/btree/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/btree/ Buchi_Complementation /theories/buchi_complementation/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/buchi_complementation/ Budan_Fourier /theories/budan_fourier/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/budan_fourier/ Buffons_Needle /theories/buffons_needle/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/buffons_needle/ Buildings /theories/buildings/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/buildings/ BytecodeLogicJmlTypes /theories/bytecodelogicjmltypes/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/bytecodelogicjmltypes/ C2KA_DistributedSystems /theories/c2ka_distributedsystems/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/c2ka_distributedsystems/ CakeML /theories/cakeml/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/cakeml/ CakeML_Codegen /theories/cakeml_codegen/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/cakeml_codegen/ Call_Arity /theories/call_arity/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/call_arity/ Card_Equiv_Relations /theories/card_equiv_relations/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/card_equiv_relations/ Card_Multisets /theories/card_multisets/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/card_multisets/ Card_Number_Partitions /theories/card_number_partitions/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/card_number_partitions/ Card_Partitions /theories/card_partitions/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/card_partitions/ Cartan_FP /theories/cartan_fp/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/cartan_fp/ Case_Labeling /theories/case_labeling/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/case_labeling/ Catalan_Numbers /theories/catalan_numbers/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/catalan_numbers/ Category /theories/category/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/category/ Category2 /theories/category2/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/category2/ Category3 /theories/category3/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/category3/ Cauchy /theories/cauchy/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/cauchy/ CAVA_Automata /theories/cava_automata/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/cava_automata/ CAVA_Base /theories/cava_base/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/cava_base/ CAVA_LTL_Modelchecker /theories/cava_ltl_modelchecker/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/cava_ltl_modelchecker/ CAVA_Setup /theories/cava_setup/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/cava_setup/ Cayley_Hamilton /theories/cayley_hamilton/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/cayley_hamilton/ CCS /theories/ccs/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/ccs/ Certification_Monads /theories/certification_monads/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/certification_monads/ Chandy_Lamport /theories/chandy_lamport/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/chandy_lamport/ Chord_Segments /theories/chord_segments/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/chord_segments/ Circus /theories/circus/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/circus/ CISC-Kernel /theories/cisc-kernel/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/cisc-kernel/ Clean /theories/clean/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/clean/ Clique_and_Monotone_Circuits /theories/clique_and_monotone_circuits/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/clique_and_monotone_circuits/ ClockSynchInst /theories/clocksynchinst/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/clocksynchinst/ Closest_Pair_Points /theories/closest_pair_points/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/closest_pair_points/ CoCon /theories/cocon/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/cocon/ CofGroups /theories/cofgroups/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/cofgroups/ Coinductive /theories/coinductive/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/coinductive/ Coinductive_Languages /theories/coinductive_languages/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/coinductive_languages/ Collections /theories/collections/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/collections/ Collections_Examples /theories/collections_examples/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/collections_examples/ Combinable_Wands /theories/combinable_wands/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/combinable_wands/ Combinatorics_Words /theories/combinatorics_words/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/combinatorics_words/ Combinatorics_Words_Graph_Lemma /theories/combinatorics_words_graph_lemma/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/combinatorics_words_graph_lemma/ Combinatorics_Words_Lyndon /theories/combinatorics_words_lyndon/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/combinatorics_words_lyndon/ Commuting_Hermitian /theories/commuting_hermitian/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/commuting_hermitian/ Comparison_Sort_Lower_Bound /theories/comparison_sort_lower_bound/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/comparison_sort_lower_bound/ Compiling-Exceptions-Correctly /theories/compiling-exceptions-correctly/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/compiling-exceptions-correctly/ Complete_Non_Orders /theories/complete_non_orders/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/complete_non_orders/ Completeness /theories/completeness/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/completeness/ Complex_Bounded_Operators /theories/complex_bounded_operators/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/complex_bounded_operators/ Complex_Geometry /theories/complex_geometry/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/complex_geometry/ Complx /theories/complx/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/complx/ ComponentDependencies /theories/componentdependencies/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/componentdependencies/ Concurrent_Ref_Alg /theories/concurrent_ref_alg/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/concurrent_ref_alg/ Concurrent_Revisions /theories/concurrent_revisions/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/concurrent_revisions/ ConcurrentGC /theories/concurrentgc/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/concurrentgc/ ConcurrentIMP /theories/concurrentimp/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/concurrentimp/ Conditional_Simplification /theories/conditional_simplification/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/conditional_simplification/ Conditional_Transfer_Rule /theories/conditional_transfer_rule/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/conditional_transfer_rule/ Consensus_Refined /theories/consensus_refined/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/consensus_refined/ Constructive_Cryptography /theories/constructive_cryptography/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/constructive_cryptography/ Constructive_Cryptography_CM /theories/constructive_cryptography_cm/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/constructive_cryptography_cm/ Constructor_Funs /theories/constructor_funs/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/constructor_funs/ Containers /theories/containers/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/containers/ Containers-Benchmarks /theories/containers-benchmarks/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/containers-benchmarks/ Core_DOM /theories/core_dom/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/core_dom/ Core_SC_DOM /theories/core_sc_dom/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/core_sc_dom/ CoreC++ /theories/corec++/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/corec++/ Correctness_Algebras /theories/correctness_algebras/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/correctness_algebras/ CoSMed /theories/cosmed/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/cosmed/ CoSMeDis /theories/cosmedis/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/cosmedis/ Cotangent_PFD_Formula /theories/cotangent_pfd_formula/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/cotangent_pfd_formula/ Count_Complex_Roots /theories/count_complex_roots/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/count_complex_roots/ CRDT /theories/crdt/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/crdt/ CryptHOL /theories/crypthol/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/crypthol/ CryptoBasedCompositionalProperties /theories/cryptobasedcompositionalproperties/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/cryptobasedcompositionalproperties/ CRYSTALS-Kyber /theories/crystals-kyber/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/crystals-kyber/ CSP_RefTK /theories/csp_reftk/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/csp_reftk/ Cubic_Quartic_Equations /theories/cubic_quartic_equations/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/cubic_quartic_equations/ CYK /theories/cyk/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/cyk/ CZH_Elementary_Categories /theories/czh_elementary_categories/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/czh_elementary_categories/ CZH_Foundations /theories/czh_foundations/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/czh_foundations/ CZH_Universal_Constructions /theories/czh_universal_constructions/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/czh_universal_constructions/ DataRefinementIBP /theories/datarefinementibp/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/datarefinementibp/ Datatype_Order_Generator /theories/datatype_order_generator/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/datatype_order_generator/ Decl_Sem_Fun_PL /theories/decl_sem_fun_pl/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/decl_sem_fun_pl/ Decreasing-Diagrams /theories/decreasing-diagrams/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/decreasing-diagrams/ Decreasing-Diagrams-II /theories/decreasing-diagrams-ii/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/decreasing-diagrams-ii/ Dedekind_Real /theories/dedekind_real/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/dedekind_real/ Deep_Learning /theories/deep_learning/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/deep_learning/ Delta_System_Lemma /theories/delta_system_lemma/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/delta_system_lemma/ Density_Compiler /theories/density_compiler/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/density_compiler/ Dependent_SIFUM_Refinement /theories/dependent_sifum_refinement/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/dependent_sifum_refinement/ Dependent_SIFUM_Type_Systems /theories/dependent_sifum_type_systems/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/dependent_sifum_type_systems/ Depth-First-Search /theories/depth-first-search/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/depth-first-search/ Derangements /theories/derangements/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/derangements/ Deriving /theories/deriving/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/deriving/ Descartes_Sign_Rule /theories/descartes_sign_rule/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/descartes_sign_rule/ Design_Theory /theories/design_theory/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/design_theory/ DFS_Framework /theories/dfs_framework/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/dfs_framework/ Dict_Construction /theories/dict_construction/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/dict_construction/ Differential_Dynamic_Logic /theories/differential_dynamic_logic/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/differential_dynamic_logic/ Differential_Game_Logic /theories/differential_game_logic/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/differential_game_logic/ Digit_Expansions /theories/digit_expansions/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/digit_expansions/ Dijkstra_Shortest_Path /theories/dijkstra_shortest_path/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/dijkstra_shortest_path/ Diophantine_Eqns_Lin_Hom /theories/diophantine_eqns_lin_hom/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/diophantine_eqns_lin_hom/ Dirichlet_L /theories/dirichlet_l/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/dirichlet_l/ Dirichlet_Series /theories/dirichlet_series/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/dirichlet_series/ Discrete_Summation /theories/discrete_summation/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/discrete_summation/ DiscretePricing /theories/discretepricing/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/discretepricing/ DiskPaxos /theories/diskpaxos/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/diskpaxos/ DOM_Components /theories/dom_components/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/dom_components/ Dominance_CHK /theories/dominance_chk/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/dominance_chk/ DPRM_Theorem /theories/dprm_theorem/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/dprm_theorem/ DPT-SAT-Solver /theories/dpt-sat-solver/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/dpt-sat-solver/ Dynamic_Tables /theories/dynamic_tables/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/dynamic_tables/ DynamicArchitectures /theories/dynamicarchitectures/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/dynamicarchitectures/ E_Transcendental /theories/e_transcendental/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/e_transcendental/ Echelon_Form /theories/echelon_form/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/echelon_form/ EdmondsKarp_Maxflow /theories/edmondskarp_maxflow/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/edmondskarp_maxflow/ Efficient-Mergesort /theories/efficient-mergesort/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/efficient-mergesort/ Elliptic_Curves_Group_Law /theories/elliptic_curves_group_law/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/elliptic_curves_group_law/ Encodability_Process_Calculi /theories/encodability_process_calculi/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/encodability_process_calculi/ Epistemic_Logic /theories/epistemic_logic/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/epistemic_logic/ Equivalence_Relation_Enumeration /theories/equivalence_relation_enumeration/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/equivalence_relation_enumeration/ Ergodic_Theory /theories/ergodic_theory/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/ergodic_theory/ Error_Function /theories/error_function/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/error_function/ Euler_MacLaurin /theories/euler_maclaurin/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/euler_maclaurin/ Euler_Partition /theories/euler_partition/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/euler_partition/ Eval_FO /theories/eval_fo/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/eval_fo/ Extended_Finite_State_Machine_Inference /theories/extended_finite_state_machine_inference/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/extended_finite_state_machine_inference/ Extended_Finite_State_Machines /theories/extended_finite_state_machines/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/extended_finite_state_machines/ Factor_Algebraic_Polynomial /theories/factor_algebraic_polynomial/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/factor_algebraic_polynomial/ Factored_Transition_System_Bounding /theories/factored_transition_system_bounding/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/factored_transition_system_bounding/ Falling_Factorial_Sum /theories/falling_factorial_sum/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/falling_factorial_sum/ Farkas /theories/farkas/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/farkas/ Featherweight_OCL /theories/featherweight_ocl/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/featherweight_ocl/ FeatherweightJava /theories/featherweightjava/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/featherweightjava/ Fermat3_4 /theories/fermat3_4/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/fermat3_4/ FFT /theories/fft/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/fft/ FileRefinement /theories/filerefinement/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/filerefinement/ FinFun /theories/finfun/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/finfun/ Finger-Trees /theories/finger-trees/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/finger-trees/ Finite-Map-Extras /theories/finite-map-extras/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/finite-map-extras/ Finite_Automata_HF /theories/finite_automata_hf/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/finite_automata_hf/ Finite_Fields /theories/finite_fields/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/finite_fields/ Finitely_Generated_Abelian_Groups /theories/finitely_generated_abelian_groups/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/finitely_generated_abelian_groups/ First_Order_Terms /theories/first_order_terms/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/first_order_terms/ First_Welfare_Theorem /theories/first_welfare_theorem/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/first_welfare_theorem/ Fishburn_Impossibility /theories/fishburn_impossibility/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/fishburn_impossibility/ Fisher_Yates /theories/fisher_yates/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/fisher_yates/ Fishers_Inequality /theories/fishers_inequality/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/fishers_inequality/ Flow_Networks /theories/flow_networks/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/flow_networks/ Floyd_Warshall /theories/floyd_warshall/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/floyd_warshall/ FLP /theories/flp/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/flp/ Flyspeck-Tame /theories/flyspeck-tame/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/flyspeck-tame/ Flyspeck-Tame-Computation /theories/flyspeck-tame-computation/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/flyspeck-tame-computation/ FO_Theory_Rewriting /theories/fo_theory_rewriting/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/fo_theory_rewriting/ FocusStreamsCaseStudies /theories/focusstreamscasestudies/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/focusstreamscasestudies/ FOL-Fitting /theories/fol-fitting/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/fol-fitting/ FOL_Axiomatic /theories/fol_axiomatic/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/fol_axiomatic/ FOL_Harrison /theories/fol_harrison/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/fol_harrison/ FOL_Seq_Calc1 /theories/fol_seq_calc1/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/fol_seq_calc1/ FOL_Seq_Calc2 /theories/fol_seq_calc2/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/fol_seq_calc2/ FOL_Seq_Calc3 /theories/fol_seq_calc3/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/fol_seq_calc3/ Forcing /theories/forcing/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/forcing/ Formal_Puiseux_Series /theories/formal_puiseux_series/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/formal_puiseux_series/ Formal_SSA /theories/formal_ssa/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/formal_ssa/ Formula_Derivatives /theories/formula_derivatives/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/formula_derivatives/ Formula_Derivatives-Examples /theories/formula_derivatives-examples/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/formula_derivatives-examples/ Foundation_of_geometry /theories/foundation_of_geometry/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/foundation_of_geometry/ Fourier /theories/fourier/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/fourier/ Free-Boolean-Algebra /theories/free-boolean-algebra/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/free-boolean-algebra/ Free-Groups /theories/free-groups/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/free-groups/ Frequency_Moments /theories/frequency_moments/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/frequency_moments/ Fresh_Identifiers /theories/fresh_identifiers/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/fresh_identifiers/ FSM_Tests /theories/fsm_tests/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/fsm_tests/ Functional-Automata /theories/functional-automata/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/functional-automata/ Functional_Ordered_Resolution_Prover /theories/functional_ordered_resolution_prover/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/functional_ordered_resolution_prover/ FunWithFunctions /theories/funwithfunctions/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/funwithfunctions/ FunWithTilings /theories/funwithtilings/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/funwithtilings/ Furstenberg_Topology /theories/furstenberg_topology/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/furstenberg_topology/ Gabow_SCC /theories/gabow_scc/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/gabow_scc/ Gale_Shapley /theories/gale_shapley/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/gale_shapley/ GaleStewart_Games /theories/galestewart_games/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/galestewart_games/ Game_Based_Crypto /theories/game_based_crypto/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/game_based_crypto/ Gauss-Jordan-Elim-Fun /theories/gauss-jordan-elim-fun/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/gauss-jordan-elim-fun/ Gauss_Jordan /theories/gauss_jordan/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/gauss_jordan/ Gauss_Sums /theories/gauss_sums/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/gauss_sums/ Gaussian_Integers /theories/gaussian_integers/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/gaussian_integers/ GenClock /theories/genclock/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/genclock/ General-Triangle /theories/general-triangle/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/general-triangle/ Generalized_Counting_Sort /theories/generalized_counting_sort/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/generalized_counting_sort/ Generic_Deriving /theories/generic_deriving/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/generic_deriving/ Generic_Join /theories/generic_join/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/generic_join/ GewirthPGCProof /theories/gewirthpgcproof/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/gewirthpgcproof/ Girth_Chromatic /theories/girth_chromatic/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/girth_chromatic/ Goedel_HFSet_Semantic /theories/goedel_hfset_semantic/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/goedel_hfset_semantic/ Goedel_HFSet_Semanticless /theories/goedel_hfset_semanticless/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/goedel_hfset_semanticless/ Goedel_Incompleteness /theories/goedel_incompleteness/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/goedel_incompleteness/ GoedelGod /theories/goedelgod/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/goedelgod/ Goodstein_Lambda /theories/goodstein_lambda/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/goodstein_lambda/ GPU_Kernel_PL /theories/gpu_kernel_pl/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/gpu_kernel_pl/ Graph_Saturation /theories/graph_saturation/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/graph_saturation/ Graph_Theory /theories/graph_theory/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/graph_theory/ GraphMarkingIBP /theories/graphmarkingibp/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/graphmarkingibp/ Green /theories/green/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/green/ Groebner_Bases /theories/groebner_bases/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/groebner_bases/ Groebner_Macaulay /theories/groebner_macaulay/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/groebner_macaulay/ Gromov_Hyperbolicity /theories/gromov_hyperbolicity/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/gromov_hyperbolicity/ Grothendieck_Schemes /theories/grothendieck_schemes/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/grothendieck_schemes/ Group-Ring-Module /theories/group-ring-module/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/group-ring-module/ Hahn_Jordan_Decomposition /theories/hahn_jordan_decomposition/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/hahn_jordan_decomposition/ Hales_Jewett /theories/hales_jewett/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/hales_jewett/ Heard_Of /theories/heard_of/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/heard_of/ Hello_World /theories/hello_world/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/hello_world/ HereditarilyFinite /theories/hereditarilyfinite/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/hereditarilyfinite/ Hermite /theories/hermite/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/hermite/ Hermite_Lindemann /theories/hermite_lindemann/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/hermite_lindemann/ Hidden_Markov_Models /theories/hidden_markov_models/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/hidden_markov_models/ Higher_Order_Terms /theories/higher_order_terms/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/higher_order_terms/ Hoare_Time /theories/hoare_time/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/hoare_time/ HOL-CSP /theories/hol-csp/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/hol-csp/ HOL-ODE-ARCH-COMP /theories/hol-ode-arch-comp/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/hol-ode-arch-comp/ HOL-ODE-Examples /theories/hol-ode-examples/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/hol-ode-examples/ HOL-ODE-Numerics /theories/hol-ode-numerics/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/hol-ode-numerics/ HOLCF-Prelude /theories/holcf-prelude/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/holcf-prelude/ Hood_Melville_Queue /theories/hood_melville_queue/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/hood_melville_queue/ HotelKeyCards /theories/hotelkeycards/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/hotelkeycards/ HRB-Slicing /theories/hrb-slicing/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/hrb-slicing/ Huffman /theories/huffman/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/huffman/ Hybrid_Logic /theories/hybrid_logic/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/hybrid_logic/ Hybrid_Multi_Lane_Spatial_Logic /theories/hybrid_multi_lane_spatial_logic/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/hybrid_multi_lane_spatial_logic/ Hybrid_Systems_VCs /theories/hybrid_systems_vcs/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/hybrid_systems_vcs/ HyperCTL /theories/hyperctl/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/hyperctl/ Hyperdual /theories/hyperdual/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/hyperdual/ IEEE_Floating_Point /theories/ieee_floating_point/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/ieee_floating_point/ IFC_Tracking /theories/ifc_tracking/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/ifc_tracking/ IMAP-CRDT /theories/imap-crdt/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/imap-crdt/ IMO2019 /theories/imo2019/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/imo2019/ IMP2 /theories/imp2/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/imp2/ IMP2_Binary_Heap /theories/imp2_binary_heap/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/imp2_binary_heap/ IMP_Compiler /theories/imp_compiler/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/imp_compiler/ IMP_Compiler_Reuse /theories/imp_compiler_reuse/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/imp_compiler_reuse/ Imperative_Insertion_Sort /theories/imperative_insertion_sort/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/imperative_insertion_sort/ Implicational_Logic /theories/implicational_logic/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/implicational_logic/ Impossible_Geometry /theories/impossible_geometry/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/impossible_geometry/ Incompleteness /theories/incompleteness/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/incompleteness/ Incredible_Proof_Machine /theories/incredible_proof_machine/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/incredible_proof_machine/ Independence_CH /theories/independence_ch/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/independence_ch/ Inductive_Confidentiality /theories/inductive_confidentiality/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/inductive_confidentiality/ Inductive_Inference /theories/inductive_inference/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/inductive_inference/ InformationFlowSlicing /theories/informationflowslicing/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/informationflowslicing/ InformationFlowSlicing_Inter /theories/informationflowslicing_inter/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/informationflowslicing_inter/ InfPathElimination /theories/infpathelimination/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/infpathelimination/ Integration /theories/integration/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/integration/ Interpolation_Polynomials_HOL_Algebra /theories/interpolation_polynomials_hol_algebra/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/interpolation_polynomials_hol_algebra/ Interpreter_Optimizations /theories/interpreter_optimizations/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/interpreter_optimizations/ Interval_Arithmetic_Word32 /theories/interval_arithmetic_word32/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/interval_arithmetic_word32/ Intro_Dest_Elim /theories/intro_dest_elim/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/intro_dest_elim/ Involutions2Squares /theories/involutions2squares/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/involutions2squares/ IP_Addresses /theories/ip_addresses/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/ip_addresses/ Iptables_Semantics /theories/iptables_semantics/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/iptables_semantics/ Iptables_Semantics_Examples /theories/iptables_semantics_examples/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/iptables_semantics_examples/ Iptables_Semantics_Examples_Big /theories/iptables_semantics_examples_big/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/iptables_semantics_examples_big/ Irrational_Series_Erdos_Straus /theories/irrational_series_erdos_straus/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/irrational_series_erdos_straus/ Irrationality_J_Hancl /theories/irrationality_j_hancl/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/irrationality_j_hancl/ Irrationals_From_THEBOOK /theories/irrationals_from_thebook/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/irrationals_from_thebook/ Isabelle_C /theories/isabelle_c/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/isabelle_c/ Isabelle_Marries_Dirac /theories/isabelle_marries_dirac/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/isabelle_marries_dirac/ Isabelle_Meta_Model /theories/isabelle_meta_model/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/isabelle_meta_model/ IsaGeoCoq /theories/isageocoq/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/isageocoq/ IsaNet /theories/isanet/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/isanet/ Jacobson_Basic_Algebra /theories/jacobson_basic_algebra/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/jacobson_basic_algebra/ Jinja /theories/jinja/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/jinja/ JinjaDCI /theories/jinjadci/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/jinjadci/ JinjaThreads /theories/jinjathreads/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/jinjathreads/ JiveDataStoreModel /theories/jivedatastoremodel/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/jivedatastoremodel/ Jordan_Hoelder /theories/jordan_hoelder/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/jordan_hoelder/ Jordan_Normal_Form /theories/jordan_normal_form/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/jordan_normal_form/ KAD /theories/kad/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/kad/ KAT_and_DRA /theories/kat_and_dra/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/kat_and_dra/ KBPs /theories/kbps/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/kbps/ KD_Tree /theories/kd_tree/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/kd_tree/ Key_Agreement_Strong_Adversaries /theories/key_agreement_strong_adversaries/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/key_agreement_strong_adversaries/ Khovanskii_Theorem /theories/khovanskii_theorem/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/khovanskii_theorem/ Kleene_Algebra /theories/kleene_algebra/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/kleene_algebra/ Knights_Tour /theories/knights_tour/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/knights_tour/ Knot_Theory /theories/knot_theory/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/knot_theory/ Knuth_Bendix_Order /theories/knuth_bendix_order/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/knuth_bendix_order/ Knuth_Morris_Pratt /theories/knuth_morris_pratt/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/knuth_morris_pratt/ Koenigsberg_Friendship /theories/koenigsberg_friendship/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/koenigsberg_friendship/ Kruskal /theories/kruskal/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/kruskal/ Kuratowski_Closure_Complement /theories/kuratowski_closure_complement/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/kuratowski_closure_complement/ Lam-ml-Normalization /theories/lam-ml-normalization/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/lam-ml-normalization/ Lambda_Free_EPO /theories/lambda_free_epo/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/lambda_free_epo/ Lambda_Free_KBOs /theories/lambda_free_kbos/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/lambda_free_kbos/ Lambda_Free_RPOs /theories/lambda_free_rpos/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/lambda_free_rpos/ LambdaAuth /theories/lambdaauth/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/lambdaauth/ LambdaMu /theories/lambdamu/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/lambdamu/ Lambert_W /theories/lambert_w/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/lambert_w/ Landau_Symbols /theories/landau_symbols/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/landau_symbols/ Laplace_Transform /theories/laplace_transform/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/laplace_transform/ Latin_Square /theories/latin_square/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/latin_square/ LatticeProperties /theories/latticeproperties/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/latticeproperties/ Launchbury /theories/launchbury/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/launchbury/ Laws_of_Large_Numbers /theories/laws_of_large_numbers/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/laws_of_large_numbers/ Lazy-Lists-II /theories/lazy-lists-ii/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/lazy-lists-ii/ Lazy_Case /theories/lazy_case/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/lazy_case/ Lehmer /theories/lehmer/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/lehmer/ LEM /theories/lem/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/lem/ Lifting_Definition_Option /theories/lifting_definition_option/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/lifting_definition_option/ Lifting_the_Exponent /theories/lifting_the_exponent/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/lifting_the_exponent/ LightweightJava /theories/lightweightjava/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/lightweightjava/ Linear_Inequalities /theories/linear_inequalities/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/linear_inequalities/ Linear_Programming /theories/linear_programming/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/linear_programming/ Linear_Recurrences /theories/linear_recurrences/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/linear_recurrences/ Linear_Recurrences_Solver /theories/linear_recurrences_solver/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/linear_recurrences_solver/ LinearQuantifierElim /theories/linearquantifierelim/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/linearquantifierelim/ Liouville_Numbers /theories/liouville_numbers/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/liouville_numbers/ List-Index /theories/list-index/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/list-index/ List-Infinite /theories/list-infinite/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/list-infinite/ List_Interleaving /theories/list_interleaving/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/list_interleaving/ List_Inversions /theories/list_inversions/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/list_inversions/ List_Update /theories/list_update/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/list_update/ LLL_Basis_Reduction /theories/lll_basis_reduction/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/lll_basis_reduction/ LLL_Factorization /theories/lll_factorization/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/lll_factorization/ Localization_Ring /theories/localization_ring/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/localization_ring/ LocalLexing /theories/locallexing/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/locallexing/ Locally-Nameless-Sigma /theories/locally-nameless-sigma/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/locally-nameless-sigma/ LOFT /theories/loft/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/loft/ Logging_Independent_Anonymity /theories/logging_independent_anonymity/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/logging_independent_anonymity/ Lorenz_Approximation /theories/lorenz_approximation/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/lorenz_approximation/ Lorenz_C0 /theories/lorenz_c0/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/lorenz_c0/ Lorenz_C1 /theories/lorenz_c1/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/lorenz_c1/ Lowe_Ontological_Argument /theories/lowe_ontological_argument/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/lowe_ontological_argument/ Lower_Semicontinuous /theories/lower_semicontinuous/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/lower_semicontinuous/ Lp /theories/lp/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/lp/ LP_Duality /theories/lp_duality/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/lp_duality/ LTL /theories/ltl/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/ltl/ LTL_Master_Theorem /theories/ltl_master_theorem/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/ltl_master_theorem/ LTL_Normal_Form /theories/ltl_normal_form/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/ltl_normal_form/ LTL_to_DRA /theories/ltl_to_dra/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/ltl_to_dra/ LTL_to_GBA /theories/ltl_to_gba/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/ltl_to_gba/ Lucas_Theorem /theories/lucas_theorem/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/lucas_theorem/ Markov_Models /theories/markov_models/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/markov_models/ Marriage /theories/marriage/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/marriage/ Mason_Stothers /theories/mason_stothers/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/mason_stothers/ Matrices_for_ODEs /theories/matrices_for_odes/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/matrices_for_odes/ Matrix /theories/matrix/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/matrix/ Matrix_Tensor /theories/matrix_tensor/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/matrix_tensor/ Matroids /theories/matroids/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/matroids/ Max-Card-Matching /theories/max-card-matching/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/max-card-matching/ MDP-Algorithms /theories/mdp-algorithms/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/mdp-algorithms/ MDP-Rewards /theories/mdp-rewards/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/mdp-rewards/ Median_Method /theories/median_method/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/median_method/ Median_Of_Medians_Selection /theories/median_of_medians_selection/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/median_of_medians_selection/ Menger /theories/menger/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/menger/ Mereology /theories/mereology/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/mereology/ Mersenne_Primes /theories/mersenne_primes/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/mersenne_primes/ Metalogic_ProofChecker /theories/metalogic_proofchecker/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/metalogic_proofchecker/ MFMC_Countable /theories/mfmc_countable/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/mfmc_countable/ MFODL_Monitor_Optimized /theories/mfodl_monitor_optimized/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/mfodl_monitor_optimized/ MFOTL_Monitor /theories/mfotl_monitor/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/mfotl_monitor/ Minimal_SSA /theories/minimal_ssa/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/minimal_ssa/ MiniML /theories/miniml/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/miniml/ MiniSail /theories/minisail/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/minisail/ Minkowskis_Theorem /theories/minkowskis_theorem/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/minkowskis_theorem/ Minsky_Machines /theories/minsky_machines/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/minsky_machines/ Modal_Logics_for_NTS /theories/modal_logics_for_nts/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/modal_logics_for_nts/ Modular_arithmetic_LLL_and_HNF_algorithms /theories/modular_arithmetic_lll_and_hnf_algorithms/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/modular_arithmetic_lll_and_hnf_algorithms/ Modular_Assembly_Kit_Security /theories/modular_assembly_kit_security/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/modular_assembly_kit_security/ Monad_Memo_DP /theories/monad_memo_dp/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/monad_memo_dp/ Monad_Normalisation /theories/monad_normalisation/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/monad_normalisation/ MonoBoolTranAlgebra /theories/monobooltranalgebra/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/monobooltranalgebra/ MonoidalCategory /theories/monoidalcategory/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/monoidalcategory/ Monomorphic_Monad /theories/monomorphic_monad/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/monomorphic_monad/ MSO_Regex_Equivalence /theories/mso_regex_equivalence/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/mso_regex_equivalence/ MuchAdoAboutTwo /theories/muchadoabouttwo/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/muchadoabouttwo/ Multi_Party_Computation /theories/multi_party_computation/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/multi_party_computation/ Multirelations /theories/multirelations/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/multirelations/ Multiset_Ordering_NPC /theories/multiset_ordering_npc/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/multiset_ordering_npc/ Myhill-Nerode /theories/myhill-nerode/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/myhill-nerode/ Name_Carrying_Type_Inference /theories/name_carrying_type_inference/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/name_carrying_type_inference/ Nano_JSON /theories/nano_json/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/nano_json/ Nash_Williams /theories/nash_williams/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/nash_williams/ Nat-Interval-Logic /theories/nat-interval-logic/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/nat-interval-logic/ Native_Word /theories/native_word/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/native_word/ Nested_Multisets_Ordinals /theories/nested_multisets_ordinals/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/nested_multisets_ordinals/ Network_Security_Policy_Verification /theories/network_security_policy_verification/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/network_security_policy_verification/ Neumann_Morgenstern_Utility /theories/neumann_morgenstern_utility/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/neumann_morgenstern_utility/ No_FTL_observers /theories/no_ftl_observers/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/no_ftl_observers/ Nominal2 /theories/nominal2/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/nominal2/ Noninterference_Concurrent_Composition /theories/noninterference_concurrent_composition/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/noninterference_concurrent_composition/ Noninterference_CSP /theories/noninterference_csp/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/noninterference_csp/ Noninterference_Generic_Unwinding /theories/noninterference_generic_unwinding/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/noninterference_generic_unwinding/ Noninterference_Inductive_Unwinding /theories/noninterference_inductive_unwinding/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/noninterference_inductive_unwinding/ Noninterference_Ipurge_Unwinding /theories/noninterference_ipurge_unwinding/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/noninterference_ipurge_unwinding/ Noninterference_Sequential_Composition /theories/noninterference_sequential_composition/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/noninterference_sequential_composition/ NormByEval /theories/normbyeval/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/normbyeval/ Nullstellensatz /theories/nullstellensatz/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/nullstellensatz/ Number_Theoretic_Transform /theories/number_theoretic_transform/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/number_theoretic_transform/ Octonions /theories/octonions/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/octonions/ Old_Datatype_Show /theories/old_datatype_show/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/old_datatype_show/ Open_Induction /theories/open_induction/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/open_induction/ OpSets /theories/opsets/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/opsets/ Optics /theories/optics/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/optics/ Optimal_BST /theories/optimal_bst/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/optimal_bst/ Orbit_Stabiliser /theories/orbit_stabiliser/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/orbit_stabiliser/ Order_Lattice_Props /theories/order_lattice_props/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/order_lattice_props/ Ordered_Resolution_Prover /theories/ordered_resolution_prover/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/ordered_resolution_prover/ Ordinal /theories/ordinal/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/ordinal/ Ordinal_Partitions /theories/ordinal_partitions/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/ordinal_partitions/ Ordinals_and_Cardinals /theories/ordinals_and_cardinals/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/ordinals_and_cardinals/ Ordinary_Differential_Equations /theories/ordinary_differential_equations/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/ordinary_differential_equations/ PAC_Checker /theories/pac_checker/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/pac_checker/ Package_logic /theories/package_logic/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/package_logic/ Padic_Field /theories/padic_field/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/padic_field/ Padic_Ints /theories/padic_ints/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/padic_ints/ Pairing_Heap /theories/pairing_heap/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/pairing_heap/ PAL /theories/pal/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/pal/ Paraconsistency /theories/paraconsistency/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/paraconsistency/ Parity_Game /theories/parity_game/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/parity_game/ Partial_Function_MR /theories/partial_function_mr/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/partial_function_mr/ Partial_Order_Reduction /theories/partial_order_reduction/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/partial_order_reduction/ Password_Authentication_Protocol /theories/password_authentication_protocol/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/password_authentication_protocol/ PCF /theories/pcf/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/pcf/ Pell /theories/pell/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/pell/ Perfect-Number-Thm /theories/perfect-number-thm/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/perfect-number-thm/ Perron_Frobenius /theories/perron_frobenius/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/perron_frobenius/ pGCL /theories/pgcl/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/pgcl/ Physical_Quantities /theories/physical_quantities/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/physical_quantities/ Pi_Calculus /theories/pi_calculus/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/pi_calculus/ Pi_Transcendental /theories/pi_transcendental/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/pi_transcendental/ Planarity_Certificates /theories/planarity_certificates/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/planarity_certificates/ PLM /theories/plm/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/plm/ Pluennecke_Ruzsa_Inequality /theories/pluennecke_ruzsa_inequality/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/pluennecke_ruzsa_inequality/ Poincare_Bendixson /theories/poincare_bendixson/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/poincare_bendixson/ Poincare_Disc /theories/poincare_disc/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/poincare_disc/ Polynomial_Factorization /theories/polynomial_factorization/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/polynomial_factorization/ Polynomial_Interpolation /theories/polynomial_interpolation/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/polynomial_interpolation/ Polynomials /theories/polynomials/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/polynomials/ Pop_Refinement /theories/pop_refinement/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/pop_refinement/ POPLmark-deBruijn /theories/poplmark-debruijn/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/poplmark-debruijn/ Posix-Lexing /theories/posix-lexing/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/posix-lexing/ Possibilistic_Noninterference /theories/possibilistic_noninterference/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/possibilistic_noninterference/ Power_Sum_Polynomials /theories/power_sum_polynomials/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/power_sum_polynomials/ Pratt_Certificate /theories/pratt_certificate/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/pratt_certificate/ Prefix_Free_Code_Combinators /theories/prefix_free_code_combinators/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/prefix_free_code_combinators/ Presburger-Automata /theories/presburger-automata/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/presburger-automata/ Prim_Dijkstra_Simple /theories/prim_dijkstra_simple/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/prim_dijkstra_simple/ Prime_Distribution_Elementary /theories/prime_distribution_elementary/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/prime_distribution_elementary/ Prime_Harmonic_Series /theories/prime_harmonic_series/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/prime_harmonic_series/ Prime_Number_Theorem /theories/prime_number_theorem/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/prime_number_theorem/ Priority_Queue_Braun /theories/priority_queue_braun/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/priority_queue_braun/ Priority_Search_Trees /theories/priority_search_trees/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/priority_search_trees/ Probabilistic_Noninterference /theories/probabilistic_noninterference/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/probabilistic_noninterference/ Probabilistic_Prime_Tests /theories/probabilistic_prime_tests/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/probabilistic_prime_tests/ Probabilistic_System_Zoo /theories/probabilistic_system_zoo/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/probabilistic_system_zoo/ Probabilistic_Timed_Automata /theories/probabilistic_timed_automata/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/probabilistic_timed_automata/ Probabilistic_While /theories/probabilistic_while/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/probabilistic_while/ Program-Conflict-Analysis /theories/program-conflict-analysis/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/program-conflict-analysis/ Progress_Tracking /theories/progress_tracking/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/progress_tracking/ Projective_Geometry /theories/projective_geometry/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/projective_geometry/ Projective_Measurements /theories/projective_measurements/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/projective_measurements/ Promela /theories/promela/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/promela/ Proof_Strategy_Language /theories/proof_strategy_language/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/proof_strategy_language/ Propositional_Proof_Systems /theories/propositional_proof_systems/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/propositional_proof_systems/ PropResPI /theories/proprespi/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/proprespi/ Prpu_Maxflow /theories/prpu_maxflow/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/prpu_maxflow/ PSemigroupsConvolution /theories/psemigroupsconvolution/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/psemigroupsconvolution/ PseudoHoops /theories/pseudohoops/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/pseudohoops/ Psi_Calculi /theories/psi_calculi/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/psi_calculi/ Ptolemys_Theorem /theories/ptolemys_theorem/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/ptolemys_theorem/ Public_Announcement_Logic /theories/public_announcement_logic/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/public_announcement_logic/ QHLProver /theories/qhlprover/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/qhlprover/ QR_Decomposition /theories/qr_decomposition/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/qr_decomposition/ Quantales /theories/quantales/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/quantales/ Quasi_Borel_Spaces /theories/quasi_borel_spaces/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/quasi_borel_spaces/ Quaternions /theories/quaternions/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/quaternions/ Quick_Sort_Cost /theories/quick_sort_cost/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/quick_sort_cost/ Ramsey-Infinite /theories/ramsey-infinite/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/ramsey-infinite/ Random_BSTs /theories/random_bsts/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/random_bsts/ Random_Graph_Subgraph_Threshold /theories/random_graph_subgraph_threshold/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/random_graph_subgraph_threshold/ Randomised_BSTs /theories/randomised_bsts/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/randomised_bsts/ Randomised_Social_Choice /theories/randomised_social_choice/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/randomised_social_choice/ Rank_Nullity_Theorem /theories/rank_nullity_theorem/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/rank_nullity_theorem/ Real_Impl /theories/real_impl/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/real_impl/ Real_Power /theories/real_power/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/real_power/ Real_Time_Deque /theories/real_time_deque/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/real_time_deque/ Recursion-Addition /theories/recursion-addition/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/recursion-addition/ Recursion-Theory-I /theories/recursion-theory-i/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/recursion-theory-i/ Refine_Imperative_HOL /theories/refine_imperative_hol/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/refine_imperative_hol/ Refine_Monadic /theories/refine_monadic/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/refine_monadic/ RefinementReactive /theories/refinementreactive/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/refinementreactive/ Regex_Equivalence /theories/regex_equivalence/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/regex_equivalence/ Registers /theories/registers/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/registers/ Regression_Test_Selection /theories/regression_test_selection/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/regression_test_selection/ Regular-Sets /theories/regular-sets/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/regular-sets/ Regular_Algebras /theories/regular_algebras/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/regular_algebras/ Regular_Tree_Relations /theories/regular_tree_relations/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/regular_tree_relations/ Relation_Algebra /theories/relation_algebra/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/relation_algebra/ Relational-Incorrectness-Logic /theories/relational-incorrectness-logic/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/relational-incorrectness-logic/ Relational_Disjoint_Set_Forests /theories/relational_disjoint_set_forests/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/relational_disjoint_set_forests/ Relational_Forests /theories/relational_forests/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/relational_forests/ Relational_Method /theories/relational_method/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/relational_method/ Relational_Minimum_Spanning_Trees /theories/relational_minimum_spanning_trees/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/relational_minimum_spanning_trees/ Relational_Paths /theories/relational_paths/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/relational_paths/ Rep_Fin_Groups /theories/rep_fin_groups/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/rep_fin_groups/ Residuated_Lattices /theories/residuated_lattices/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/residuated_lattices/ ResiduatedTransitionSystem /theories/residuatedtransitionsystem/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/residuatedtransitionsystem/ Resolution_FOL /theories/resolution_fol/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/resolution_fol/ Rewrite_Properties_Reduction /theories/rewrite_properties_reduction/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/rewrite_properties_reduction/ Rewriting_Z /theories/rewriting_z/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/rewriting_z/ Ribbon_Proofs /theories/ribbon_proofs/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/ribbon_proofs/ RIPEMD-160-SPARK /theories/ripemd-160-spark/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/ripemd-160-spark/ Risk_Free_Lending /theories/risk_free_lending/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/risk_free_lending/ Robbins-Conjecture /theories/robbins-conjecture/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/robbins-conjecture/ ROBDD /theories/robdd/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/robdd/ Robinson_Arithmetic /theories/robinson_arithmetic/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/robinson_arithmetic/ Root_Balanced_Tree /theories/root_balanced_tree/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/root_balanced_tree/ Roth_Arithmetic_Progressions /theories/roth_arithmetic_progressions/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/roth_arithmetic_progressions/ Routing /theories/routing/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/routing/ Roy_Floyd_Warshall /theories/roy_floyd_warshall/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/roy_floyd_warshall/ RSAPSS /theories/rsapss/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/rsapss/ Safe_Distance /theories/safe_distance/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/safe_distance/ Safe_OCL /theories/safe_ocl/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/safe_ocl/ + Safe_Range_RC + /theories/safe_range_rc/ + Mon, 01 Jan 0001 00:00:00 +0000 + + /theories/safe_range_rc/ + + + + SATSolverVerification /theories/satsolververification/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/satsolververification/ Saturation_Framework /theories/saturation_framework/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/saturation_framework/ Saturation_Framework_Extensions /theories/saturation_framework_extensions/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/saturation_framework_extensions/ SC_DOM_Components /theories/sc_dom_components/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/sc_dom_components/ SCC_Bloemen_Sequential /theories/scc_bloemen_sequential/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/scc_bloemen_sequential/ Schutz_Spacetime /theories/schutz_spacetime/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/schutz_spacetime/ SDS_Impossibility /theories/sds_impossibility/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/sds_impossibility/ Secondary_Sylow /theories/secondary_sylow/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/secondary_sylow/ Security_Protocol_Refinement /theories/security_protocol_refinement/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/security_protocol_refinement/ Selection_Heap_Sort /theories/selection_heap_sort/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/selection_heap_sort/ SenSocialChoice /theories/sensocialchoice/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/sensocialchoice/ Separata /theories/separata/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/separata/ Separation_Algebra /theories/separation_algebra/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/separation_algebra/ Separation_Logic_Imperative_HOL /theories/separation_logic_imperative_hol/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/separation_logic_imperative_hol/ Separation_Logic_Unbounded /theories/separation_logic_unbounded/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/separation_logic_unbounded/ Sepref_Basic /theories/sepref_basic/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/sepref_basic/ Sepref_IICF /theories/sepref_iicf/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/sepref_iicf/ Sepref_Prereq /theories/sepref_prereq/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/sepref_prereq/ SequentInvertibility /theories/sequentinvertibility/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/sequentinvertibility/ Shadow_DOM /theories/shadow_dom/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/shadow_dom/ Shadow_SC_DOM /theories/shadow_sc_dom/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/shadow_sc_dom/ Shivers-CFA /theories/shivers-cfa/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/shivers-cfa/ ShortestPath /theories/shortestpath/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/shortestpath/ Show /theories/show/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/show/ SIFPL /theories/sifpl/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/sifpl/ SIFUM_Type_Systems /theories/sifum_type_systems/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/sifum_type_systems/ Sigma_Commit_Crypto /theories/sigma_commit_crypto/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/sigma_commit_crypto/ Signature_Groebner /theories/signature_groebner/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/signature_groebner/ Simpl /theories/simpl/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/simpl/ Simple_Firewall /theories/simple_firewall/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/simple_firewall/ Simplex /theories/simplex/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/simplex/ Simplicial_complexes_and_boolean_functions /theories/simplicial_complexes_and_boolean_functions/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/simplicial_complexes_and_boolean_functions/ SimplifiedOntologicalArgument /theories/simplifiedontologicalargument/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/simplifiedontologicalargument/ Skew_Heap /theories/skew_heap/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/skew_heap/ Skip_Lists /theories/skip_lists/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/skip_lists/ Slicing /theories/slicing/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/slicing/ Sliding_Window_Algorithm /theories/sliding_window_algorithm/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/sliding_window_algorithm/ SM /theories/sm/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/sm/ SM_Base /theories/sm_base/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/sm_base/ Smith_Normal_Form /theories/smith_normal_form/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/smith_normal_form/ Smooth_Manifolds /theories/smooth_manifolds/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/smooth_manifolds/ Solidity /theories/solidity/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/solidity/ Sophomores_Dream /theories/sophomores_dream/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/sophomores_dream/ Sort_Encodings /theories/sort_encodings/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/sort_encodings/ Source_Coding_Theorem /theories/source_coding_theorem/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/source_coding_theorem/ SPARCv8 /theories/sparcv8/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/sparcv8/ SpecCheck /theories/speccheck/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/speccheck/ Special_Function_Bounds /theories/special_function_bounds/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/special_function_bounds/ Splay_Tree /theories/splay_tree/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/splay_tree/ Sqrt_Babylonian /theories/sqrt_babylonian/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/sqrt_babylonian/ Stable_Matching /theories/stable_matching/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/stable_matching/ Stalnaker_Logic /theories/stalnaker_logic/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/stalnaker_logic/ Statecharts /theories/statecharts/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/statecharts/ Stateful_Protocol_Composition_and_Typing /theories/stateful_protocol_composition_and_typing/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/stateful_protocol_composition_and_typing/ Stellar_Quorums /theories/stellar_quorums/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/stellar_quorums/ Stern_Brocot /theories/stern_brocot/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/stern_brocot/ Stewart_Apollonius /theories/stewart_apollonius/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/stewart_apollonius/ Stirling_Formula /theories/stirling_formula/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/stirling_formula/ Stochastic_Matrices /theories/stochastic_matrices/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/stochastic_matrices/ Stone_Algebras /theories/stone_algebras/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/stone_algebras/ Stone_Kleene_Relation_Algebras /theories/stone_kleene_relation_algebras/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/stone_kleene_relation_algebras/ Stone_Relation_Algebras /theories/stone_relation_algebras/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/stone_relation_algebras/ Store_Buffer_Reduction /theories/store_buffer_reduction/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/store_buffer_reduction/ Stream-Fusion /theories/stream-fusion/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/stream-fusion/ Stream_Fusion_Code /theories/stream_fusion_code/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/stream_fusion_code/ Strong_Security /theories/strong_security/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/strong_security/ Sturm_Sequences /theories/sturm_sequences/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/sturm_sequences/ Sturm_Tarski /theories/sturm_tarski/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/sturm_tarski/ Stuttering_Equivalence /theories/stuttering_equivalence/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/stuttering_equivalence/ Subresultants /theories/subresultants/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/subresultants/ Subset_Boolean_Algebras /theories/subset_boolean_algebras/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/subset_boolean_algebras/ SumSquares /theories/sumsquares/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/sumsquares/ Sunflowers /theories/sunflowers/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/sunflowers/ SuperCalc /theories/supercalc/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/supercalc/ Surprise_Paradox /theories/surprise_paradox/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/surprise_paradox/ Symmetric_Polynomials /theories/symmetric_polynomials/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/symmetric_polynomials/ Syntax_Independent_Logic /theories/syntax_independent_logic/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/syntax_independent_logic/ Szemeredi_Regularity /theories/szemeredi_regularity/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/szemeredi_regularity/ Szpilrajn /theories/szpilrajn/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/szpilrajn/ Tail_Recursive_Functions /theories/tail_recursive_functions/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/tail_recursive_functions/ Tarskis_Geometry /theories/tarskis_geometry/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/tarskis_geometry/ Taylor_Models /theories/taylor_models/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/taylor_models/ TESL_Language /theories/tesl_language/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/tesl_language/ Three_Circles /theories/three_circles/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/three_circles/ Timed_Automata /theories/timed_automata/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/timed_automata/ TLA /theories/tla/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/tla/ Topological_Semantics /theories/topological_semantics/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/topological_semantics/ Topology /theories/topology/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/topology/ TortoiseHare /theories/tortoisehare/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/tortoisehare/ Transcendence_Series_Hancl_Rucki /theories/transcendence_series_hancl_rucki/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/transcendence_series_hancl_rucki/ Transformer_Semantics /theories/transformer_semantics/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/transformer_semantics/ Transition_Systems_and_Automata /theories/transition_systems_and_automata/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/transition_systems_and_automata/ Transitive-Closure /theories/transitive-closure/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/transitive-closure/ Transitive-Closure-II /theories/transitive-closure-ii/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/transitive-closure-ii/ Transitive_Models /theories/transitive_models/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/transitive_models/ Treaps /theories/treaps/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/treaps/ Tree-Automata /theories/tree-automata/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/tree-automata/ Tree_Decomposition /theories/tree_decomposition/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/tree_decomposition/ Triangle /theories/triangle/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/triangle/ Trie /theories/trie/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/trie/ Twelvefold_Way /theories/twelvefold_way/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/twelvefold_way/ Tycon /theories/tycon/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/tycon/ Types_Tableaus_and_Goedels_God /theories/types_tableaus_and_goedels_god/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/types_tableaus_and_goedels_god/ Types_To_Sets_Extension /theories/types_to_sets_extension/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/types_to_sets_extension/ Universal_Hash_Families /theories/universal_hash_families/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/universal_hash_families/ Universal_Turing_Machine /theories/universal_turing_machine/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/universal_turing_machine/ UpDown_Scheme /theories/updown_scheme/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/updown_scheme/ UPF /theories/upf/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/upf/ UPF_Firewall /theories/upf_firewall/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/upf_firewall/ UTP /theories/utp/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/utp/ UTP-Toolkit /theories/utp-toolkit/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/utp-toolkit/ Valuation /theories/valuation/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/valuation/ Van_der_Waerden /theories/van_der_waerden/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/van_der_waerden/ Van_Emde_Boas_Trees /theories/van_emde_boas_trees/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/van_emde_boas_trees/ VectorSpace /theories/vectorspace/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/vectorspace/ VeriComp /theories/vericomp/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/vericomp/ Verified-Prover /theories/verified-prover/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/verified-prover/ Verified_SAT_Based_AI_Planning /theories/verified_sat_based_ai_planning/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/verified_sat_based_ai_planning/ VerifyThis2018 /theories/verifythis2018/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/verifythis2018/ VerifyThis2019 /theories/verifythis2019/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/verifythis2019/ Vickrey_Clarke_Groves /theories/vickrey_clarke_groves/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/vickrey_clarke_groves/ Virtual_Substitution /theories/virtual_substitution/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/virtual_substitution/ VolpanoSmith /theories/volpanosmith/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/volpanosmith/ VYDRA_MDL /theories/vydra_mdl/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/vydra_mdl/ WebAssembly /theories/webassembly/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/webassembly/ Weight_Balanced_Trees /theories/weight_balanced_trees/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/weight_balanced_trees/ Weighted_Arithmetic_Geometric_Mean /theories/weighted_arithmetic_geometric_mean/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/weighted_arithmetic_geometric_mean/ Weighted_Path_Order /theories/weighted_path_order/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/weighted_path_order/ Well_Quasi_Orders /theories/well_quasi_orders/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/well_quasi_orders/ Wetzels_Problem /theories/wetzels_problem/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/wetzels_problem/ WHATandWHERE_Security /theories/whatandwhere_security/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/whatandwhere_security/ Winding_Number_Eval /theories/winding_number_eval/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/winding_number_eval/ WOOT_Strong_Eventual_Consistency /theories/woot_strong_eventual_consistency/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/woot_strong_eventual_consistency/ Word_Lib /theories/word_lib/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/word_lib/ WorkerWrapper /theories/workerwrapper/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/workerwrapper/ X86_Semantics /theories/x86_semantics/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/x86_semantics/ XML /theories/xml/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/xml/ Youngs_Inequality /theories/youngs_inequality/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/youngs_inequality/ Zeta_3_Irrational /theories/zeta_3_irrational/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/zeta_3_irrational/ Zeta_Function /theories/zeta_function/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/zeta_function/ ZFC_in_HOL /theories/zfc_in_hol/ Mon, 01 Jan 0001 00:00:00 +0000 /theories/zfc_in_hol/ diff --git a/web/topics/index.html b/web/topics/index.html --- a/web/topics/index.html +++ b/web/topics/index.html @@ -1,120 +1,120 @@ Archive of Formal Proofs

Topics

Computer science

Logic

Mathematics

Tools (21)

    \ No newline at end of file diff --git a/web/topics/logic/general-logic/classical-first-order-logic/index.html b/web/topics/logic/general-logic/classical-first-order-logic/index.html --- a/web/topics/logic/general-logic/classical-first-order-logic/index.html +++ b/web/topics/logic/general-logic/classical-first-order-logic/index.html @@ -1,124 +1,131 @@ Logic/General logic/Classical first-order logic - Archive of Formal Proofs

    Logic/General Logic/Classical First-Order Logic

    \ No newline at end of file diff --git a/web/topics/logic/general-logic/classical-first-order-logic/index.xml b/web/topics/logic/general-logic/classical-first-order-logic/index.xml --- a/web/topics/logic/general-logic/classical-first-order-logic/index.xml +++ b/web/topics/logic/general-logic/classical-first-order-logic/index.xml @@ -1,55 +1,64 @@ Logic/General logic/Classical first-order logic on Archive of Formal Proofs /topics/logic/general-logic/classical-first-order-logic/ Recent content in Logic/General logic/Classical first-order logic on Archive of Formal Proofs Hugo -- gohugo.io en-gb + Making Arbitrary Relational Calculus Queries Safe-Range + /entries/Safe_Range_RC.html + Wed, 28 Sep 2022 00:00:00 +0000 + + /entries/Safe_Range_RC.html + + + + A Naive Prover for First-Order Logic /entries/FOL_Seq_Calc3.html Tue, 22 Mar 2022 00:00:00 +0000 /entries/FOL_Seq_Calc3.html First-Order Query Evaluation /entries/Eval_FO.html Tue, 15 Feb 2022 00:00:00 +0000 /entries/Eval_FO.html A Sequent Calculus Prover for First-Order Logic with Functions /entries/FOL_Seq_Calc2.html Mon, 31 Jan 2022 00:00:00 +0000 /entries/FOL_Seq_Calc2.html Soundness and Completeness of an Axiomatic System for First-Order Logic /entries/FOL_Axiomatic.html Fri, 24 Sep 2021 00:00:00 +0000 /entries/FOL_Axiomatic.html First-Order Logic According to Fitting /entries/FOL-Fitting.html Thu, 02 Aug 2007 00:00:00 +0000 /entries/FOL-Fitting.html diff --git a/web/topics/logic/general-logic/index.html b/web/topics/logic/general-logic/index.html --- a/web/topics/logic/general-logic/index.html +++ b/web/topics/logic/general-logic/index.html @@ -1,430 +1,437 @@ Logic/General logic - Archive of Formal Proofs

    Logic/General Logic

    Subject Classification

    AMS: Mathematical logic and foundations / General logic

    2022

    +

    2021

    2020

    2019

    2018

    2017

    2016

    2015

    2014

    2013

    2011

    2010

    2009

    2008

    2007

    2004

    \ No newline at end of file diff --git a/web/topics/logic/general-logic/index.xml b/web/topics/logic/general-logic/index.xml --- a/web/topics/logic/general-logic/index.xml +++ b/web/topics/logic/general-logic/index.xml @@ -1,415 +1,424 @@ Logic/General logic on Archive of Formal Proofs /topics/logic/general-logic/ Recent content in Logic/General logic on Archive of Formal Proofs Hugo -- gohugo.io en-gb + Making Arbitrary Relational Calculus Queries Safe-Range + /entries/Safe_Range_RC.html + Wed, 28 Sep 2022 00:00:00 +0000 + + /entries/Safe_Range_RC.html + + + + Stalnaker's Epistemic Logic /entries/Stalnaker_Logic.html Fri, 23 Sep 2022 00:00:00 +0000 /entries/Stalnaker_Logic.html Soundness and Completeness of Implicational Logic /entries/Implicational_Logic.html Tue, 13 Sep 2022 00:00:00 +0000 /entries/Implicational_Logic.html A Naive Prover for First-Order Logic /entries/FOL_Seq_Calc3.html Tue, 22 Mar 2022 00:00:00 +0000 /entries/FOL_Seq_Calc3.html A Naive Prover for First-Order Logic /entries/FOL_Seq_Calc3.html Tue, 22 Mar 2022 00:00:00 +0000 /entries/FOL_Seq_Calc3.html First-Order Query Evaluation /entries/Eval_FO.html Tue, 15 Feb 2022 00:00:00 +0000 /entries/Eval_FO.html A Sequent Calculus Prover for First-Order Logic with Functions /entries/FOL_Seq_Calc2.html Mon, 31 Jan 2022 00:00:00 +0000 /entries/FOL_Seq_Calc2.html A Sequent Calculus Prover for First-Order Logic with Functions /entries/FOL_Seq_Calc2.html Mon, 31 Jan 2022 00:00:00 +0000 /entries/FOL_Seq_Calc2.html Automating Public Announcement Logic and the Wise Men Puzzle in Isabelle/HOL /entries/PAL.html Mon, 08 Nov 2021 00:00:00 +0000 /entries/PAL.html Exploring Simplified Variants of Gödel’s Ontological Argument in Isabelle/HOL /entries/SimplifiedOntologicalArgument.html Mon, 08 Nov 2021 00:00:00 +0000 /entries/SimplifiedOntologicalArgument.html Belief Revision Theory /entries/Belief_Revision.html Tue, 19 Oct 2021 00:00:00 +0000 /entries/Belief_Revision.html Soundness and Completeness of an Axiomatic System for First-Order Logic /entries/FOL_Axiomatic.html Fri, 24 Sep 2021 00:00:00 +0000 /entries/FOL_Axiomatic.html Public Announcement Logic /entries/Public_Announcement_Logic.html Thu, 17 Jun 2021 00:00:00 +0000 /entries/Public_Announcement_Logic.html Isabelle's Metalogic: Formalization and Proof Checker /entries/Metalogic_ProofChecker.html Tue, 27 Apr 2021 00:00:00 +0000 /entries/Metalogic_ProofChecker.html Solution to the xkcd Blue Eyes puzzle /entries/Blue_Eyes.html Sat, 30 Jan 2021 00:00:00 +0000 /entries/Blue_Eyes.html Topological semantics for paraconsistent and paracomplete logics /entries/Topological_Semantics.html Thu, 17 Dec 2020 00:00:00 +0000 /entries/Topological_Semantics.html Extensions to the Comprehensive Framework for Saturation Theorem Proving /entries/Saturation_Framework_Extensions.html Tue, 25 Aug 2020 00:00:00 +0000 /entries/Saturation_Framework_Extensions.html An Efficient Normalisation Procedure for Linear Temporal Logic: Isabelle/HOL Formalisation /entries/LTL_Normal_Form.html Fri, 08 May 2020 00:00:00 +0000 /entries/LTL_Normal_Form.html A Comprehensive Framework for Saturation Theorem Proving /entries/Saturation_Framework.html Thu, 09 Apr 2020 00:00:00 +0000 /entries/Saturation_Framework.html Formalization of an Optimized Monitoring Algorithm for Metric First-Order Dynamic Logic with Aggregations /entries/MFODL_Monitor_Optimized.html Thu, 09 Apr 2020 00:00:00 +0000 /entries/MFODL_Monitor_Optimized.html Formalizing a Seligman-Style Tableau System for Hybrid Logic /entries/Hybrid_Logic.html Fri, 20 Dec 2019 00:00:00 +0000 /entries/Hybrid_Logic.html Formalization of a Monitoring Algorithm for Metric First-Order Temporal Logic /entries/MFOTL_Monitor.html Thu, 04 Jul 2019 00:00:00 +0000 /entries/MFOTL_Monitor.html A General Theory of Syntax with Bindings /entries/Binding_Syntax_Theory.html Sat, 06 Apr 2019 00:00:00 +0000 /entries/Binding_Syntax_Theory.html A Verified Functional Implementation of Bachmair and Ganzinger's Ordered Resolution Prover /entries/Functional_Ordered_Resolution_Prover.html Fri, 23 Nov 2018 00:00:00 +0000 /entries/Functional_Ordered_Resolution_Prover.html Epistemic Logic: Completeness of Modal Logics /entries/Epistemic_Logic.html Mon, 29 Oct 2018 00:00:00 +0000 /entries/Epistemic_Logic.html Formalization of Bachmair and Ganzinger's Ordered Resolution Prover /entries/Ordered_Resolution_Prover.html Thu, 18 Jan 2018 00:00:00 +0000 /entries/Ordered_Resolution_Prover.html Hybrid Multi-Lane Spatial Logic /entries/Hybrid_Multi_Lane_Spatial_Logic.html Mon, 06 Nov 2017 00:00:00 +0000 /entries/Hybrid_Multi_Lane_Spatial_Logic.html Differential Dynamic Logic /entries/Differential_Dynamic_Logic.html Mon, 13 Feb 2017 00:00:00 +0000 /entries/Differential_Dynamic_Logic.html First-Order Logic According to Harrison /entries/FOL_Harrison.html Sun, 01 Jan 2017 00:00:00 +0000 /entries/FOL_Harrison.html Paraconsistency /entries/Paraconsistency.html Wed, 07 Dec 2016 00:00:00 +0000 /entries/Paraconsistency.html Modal Logics for Nominal Transition Systems /entries/Modal_Logics_for_NTS.html Tue, 25 Oct 2016 00:00:00 +0000 /entries/Modal_Logics_for_NTS.html Allen's Interval Calculus /entries/Allen_Calculus.html Thu, 29 Sep 2016 00:00:00 +0000 /entries/Allen_Calculus.html The Resolution Calculus for First-Order Logic /entries/Resolution_FOL.html Thu, 30 Jun 2016 00:00:00 +0000 /entries/Resolution_FOL.html Propositional Resolution and Prime Implicates Generation /entries/PropResPI.html Fri, 11 Mar 2016 00:00:00 +0000 /entries/PropResPI.html Linear Temporal Logic /entries/LTL.html Tue, 01 Mar 2016 00:00:00 +0000 /entries/LTL.html Derivatives of Logical Formulas /entries/Formula_Derivatives.html Thu, 28 May 2015 00:00:00 +0000 /entries/Formula_Derivatives.html Decision Procedures for MSO on Words Based on Derivatives of Regular Expressions /entries/MSO_Regex_Equivalence.html Thu, 12 Jun 2014 00:00:00 +0000 /entries/MSO_Regex_Equivalence.html Boolean Expression Checkers /entries/Boolean_Expression_Checkers.html Sun, 08 Jun 2014 00:00:00 +0000 /entries/Boolean_Expression_Checkers.html A shallow embedding of HyperCTL* /entries/HyperCTL.html Wed, 16 Apr 2014 00:00:00 +0000 /entries/HyperCTL.html Sound and Complete Sort Encodings for First-Order Logic /entries/Sort_Encodings.html Thu, 27 Jun 2013 00:00:00 +0000 /entries/Sort_Encodings.html Interval Temporal Logic on Natural Numbers /entries/Nat-Interval-Logic.html Wed, 23 Feb 2011 00:00:00 +0000 /entries/Nat-Interval-Logic.html Free Boolean Algebra /entries/Free-Boolean-Algebra.html Mon, 29 Mar 2010 00:00:00 +0000 /entries/Free-Boolean-Algebra.html Formalizing the Logic-Automaton Connection /entries/Presburger-Automata.html Thu, 03 Dec 2009 00:00:00 +0000 /entries/Presburger-Automata.html Quantifier Elimination for Linear Arithmetic /entries/LinearQuantifierElim.html Fri, 11 Jan 2008 00:00:00 +0000 /entries/LinearQuantifierElim.html First-Order Logic According to Fitting /entries/FOL-Fitting.html Thu, 02 Aug 2007 00:00:00 +0000 /entries/FOL-Fitting.html A Mechanically Verified, Efficient, Sound and Complete Theorem Prover For First Order Logic /entries/Verified-Prover.html Tue, 28 Sep 2004 00:00:00 +0000 /entries/Verified-Prover.html