We propose a practical verification framework for preemptive OS kernels. The framework models the correctness of API implementations in OS kernels as contextual refinement of their abstract specifications. It provides a specification language for defining the high-level abstract model of OS kernels, a program logic for refinement verification of concurrent kernel code with multi-level hardware ...

It is commonly accepted that tree form has an impact on the productivity of single-grip harvesters. However, it remains unclear, which elements of tree form are significant and to what degree they impact harvesting productivity. This is of particular importance in hardwood dominated stands, where hardwood trees often exhibit complex and variable stem and crown architecture that can complicate a...

This article discusses the relationship between mathematical proof and the digital computer from the viewpoint of the 'sociology of proof': that is, an understanding of what kinds of procedures and arguments count for whom, under what circumstances, as proofs. After describing briefly the first instance of litigation focusing on the nature of mathematical proof, the article describes a variety ...

Ben-Amram and Codish described SCNP [2], a subclass of the size-change termination criterion SCT [8], which permits efficient certificate checking. Termination problems in this class have a global ranking function of a certain form, which can be found using SAT solving. This note describes an automated proof reconstruction for this certificate scheme, implemented in the theorem prover Isabelle/...

It is widely believed that in principle it’s possible to reduce most of present-day mathematics to reasoning in a formal logical system. The technical difficulty of actually doing so is quite formidable. However, the arrival of the computer is changing this situation, since computers are good at helping with such tedious symbolic manipulation. The computer formalization of mathematics is now a ...

We suggest that mechanized multi-agent deontic logics might be appropriate vehicles for engineering trustworthy robots. Mechanically checked proofs in such logics can serve to establish the permissibility (or obligatoriness) of agent actions, and such proofs, when translated into English, can also explain the rationale behind those actions. We use the logical framework Athena to encode a natura...

A novel protocol has been formally analyzed using the prover Isabelle/HOL, following the inductive approach described in earlier work [10]. There is no limit on the length of a run, the nesting of messages or the number of agents involved. A single run of the protocol delivers session keys for all the agents, allowing neighbours to perform mutual authentication. The basic security theorem state...

As airspace becomes ever more crowded, air traffic management must reduce both space and time between aircraft to increase throughput, and on-board collision avoidance systems become ever more important. These systems and the policies that they implement must be extremely reliable. In this paper we consider implementations of distributed collision avoidance policies designed to work in environm...