In the decade of the 1990s, formal methods have progressed from an academic curiosity at best, and a target of ridicule at worst, to a point where the leading manufacturer of microprocessors has indicated that its next design will be formally veri ed. In this short paper, I sketch a plausible history of the developments that led to this transformation, present a snapshot of the current state of...

(51) We apply 8I to (51) and prove (49). P and t are deened inductively over the structure of sequent trees. In the base case, we have P and t such that (47) is 8x (T(x) T(x)). Consider now the step case. We write (47) in the following form. (52) where P x 1 ; :::; x n ] does not contain occurrences of T. We assume the hypotheses of (52) and derive Tac(x 1) ^ ::: ^ Tac(x m). From (29) we obtain...

Formal reasoning on Peer-to-Peer (P2P) systems is an intimidating task. This paper focuses on broadcast algorithms for Content Addressable Network (CAN). Since these algorithms run on top of complex P2P systems, finding the right level of abstraction in order to prove their functional correctness is difficult. This paper presents a mechanized model for both CAN and broadcast protocols over thos...

Motivation Type systems are a natural discipline for ensuring that programs maintain certain runtime invariants. Of course, language designers cannot anticipate all the invariants that programmers will want to enforce. Therefore, it is desirable to allow programmers to specify and statically check invariants of interest for their applications. Researchers have designed expressive type systems t...

In order to prove that a sequence of actions can transform an initial situation of the world to a goal situation when complete knowledge of the world is never available, default rules that serve to complete partial descriptions of the world are usually deemed necessary. This leads to non-monotonic reasoning which has proven to be difficult to formalize. In this paper, we present a mechanized fo...

We introduce a Sumii-Pierce-Koutavas-Wand-style bisimulation for Pitts and Stark’s nucalculus, a simply-typed lambda calculus with fresh name generation. This bisimulation coincides with contextual equivalence and provides a usable and elementary method for establishing all the subtle equivalences given by Stark [29]. We also describe the formalization of soundness and of the examples in the Co...

Various mechanisms have been used for adapting functional languages to parallel machines, ranging from semantics{preserving annotations to concurrent language extensions. Concurrent extensions are applicable to both lazy and strict languages, and give the programmer full control over parallel evaluation; however, they complicate the proofs of program correct-ness. This paper pursues the concurr...

Cleaning and shaping are important steps in the root canal treatment. Despite the technological advances in endodontics, K and Hedstroen files are still widely used. In an attempt to be more effective in preparing the root canals, faster and more cutting efficient kinematic, alloys and design alternatives utilizing mechanically oscillating or rotary files are proposed. Even with all these techn...

The probabilistic guarded-command language pGCL [15] contains both demonic and probabilistic nondeterminism, which makes it suitable for reasoning about distributed random algorithms [14]. Proofs are based on weakest precondition semantics, using an underlying logic of real(rather than Boolean-) valued functions. We present a mechanization of the quantitative logic for pGCL [16] using the HOL t...

It is widely recognised that the integration of diierent (sub)-provers is a key issue in the construction of reasoning tools of practical usage. Unfortunately experience shows that eeective integration is very diicult to achieve. The Open Mechanized Reasoning Systems (OMRS) Project started in 1992 with the objective to design a formal framework for the speciication of state-of-the-art provers. ...