We present a new approach, certified program models, to establish correctness of distributed protocols. We propose modeling protocols as programs in standard languages like C, where the program simulates the processes in the distributed system as well as the nondeterminism, the communication, the delays, the failures, and the concurrency in the system. The program model allows us to test the pr...

We formalise Kleene algebra with tests (KAT) and demonic refinement algebra (DRA) in Isabelle/HOL. KAT is relevant for program verification and correctness proofs in the partial correctness setting. While DRA targets similar applications in the context of total correctness. Our formalisation contains the two most important models of these algebras: binary relations in the case of KAT and predic...

Relying on a derivation of the Warren Abstract Machine (WAM) by stepwise reenement of Prolog models by BB orger and Rosen-zweig we present a formalization of an operational semantics for Prolog. Then we develop four reenement steps towards the Warren Abstract Machine (WAM). The correctness and completeness proofs for each step have been elaborated with the theorem prover Isabelle using the logi...

The paper describes a new method of requirements specification for concurrent systems modeled as Petri nets. The proposed correctness problem consists of three objects: the checked Petri net, a criterion net specifying requirements and an observation function that maps transitions in the checked model into transitions of the criterion net. The partial and the total correctness are defined and t...

Multi-view modeling and separation of concerns are widely used to decrease the design complexity of the large-scale software system. To ensure the correctness and consistency of multi-view requirement models, the formal verification technology should be applied to the model-driven development process. However, there still lacks unified theory foundation and tool supports for the rigorous modeli...

This paper studies the problem of formally verifying temporal properties of concurrent datatypes. Concurrent datatypes are implementations of classical data abstractions, specially designed to exploit the parallelism available in multiprocessor architectures. The correctness of concurrent datatypes is essential for the overall correctness of the client software. The main difficulty to reason ab...

This paper tackles the problem of the verification of the correctness of Real Time systems. In our approach a Real Time system is modeled as a timed Petri net. We specify requirements using another type of timed Petri net and the observation function that maps transitions in one net into another. The paper introduces both timed Petri net models, defines partial and total correctness and present...

We consider parameterized verification, i.e., proving correctness of a system with an unbounded number of processes. We describe the method of view abstraction whose aim is to provide a small model property, i.e., showing correctness by only inspecting instances of the system consisting of a small fixed number of processes. We illustrate the method through an application to the classical Burns’...

We present the verification of a protocol designed to ensure self-stabilization in a ring of processors. The proof is organized as a series of refinements; it is mechanized based on a combination of theorem proving and model checking to guarantee the correctness of these refinements. We argue that the framework of predicate diagrams is flexible enough to carry out a non-trivial verification tas...

We present lessons learned from using mechanical theorem proving for proof support in software verification, with trusted execution of programs in mind. We will use two realistic running examples, compiler verification, which is central if we want to prove that we can trust a piece of executable software, and an industrial project in which we proved the correctness of a safety critical expert s...