Author

# Leonard Lensink

Bio: Leonard Lensink is an academic researcher from Radboud University Nijmegen. The author has contributed to research in topics: Model checking & Recursion. The author has an hindex of 6, co-authored 10 publications receiving 46 citations.

##### Papers

More filters

01 Oct 2009

TL;DR: This paper presents a prototype code genera-tor for the Prototype Verification System (PVS) that translates a subset of PVSfunctional specifications into an intermediate language and subsequently to multi-ple target programming languages.

Abstract: Declarative specifications of digital systems often contain parts that can be automatically translated into executable code. Automated code generation may reduce or eliminate the kinds of errors typically introduced through manual code writing. For this approach to be effective, the generated code should be reasonably efficient and, more importantly, verifiable. This paper presents a prototype code generator for the Prototype Verification System (PVS) that translates a subset of PVS functional specifications into an intermediate language and subsequently to multiple target programming languages. Several case studies are presented to illustrate the tool's functionality. The generated code can be analyzed by software verification tools such as verification condition generators, static analyzers, and software model-checkers to increase the confidence that the generated code is correct.

8 citations

••

TL;DR: This work considered an existing widely used industrial implementation of the reentrant readers-writers problem and modelled and analyzed it using a model checker resulting in the detection of a serious error: a possible deadlock situation.

6 citations

••

01 Jul 2007TL;DR: Using PVS (Prototype Verification System), it is proved that an industry designed scheduler for a smartcard personalization machine is safe and optimal and can be successfully used for industrial problems in cases where model checkers suffer from state explosion.

Abstract: Using PVS (Prototype Verification System), we prove thatan industry designed scheduler for a smartcard personalization machineis safe and optimal. This scheduler has previously been the subject ofresearch in model checked scheduling synthesis and verification. Theseverification and synthesis efforts had only been done for a limited numberof personalization stations. We have created an executable modeland have proven the scheduling algorithm to be optimal and safe forany number of personalization stations. This result shows that theoremprovers can be successfully used for industrial problems in cases wheremodel checkers suffer from state explosion.

6 citations

•

TL;DR: This work modeled an existing widely used industrial implementation of the reentrant readers-writers problem using a model checker revealing a serious error: a possible deadlock situation and converted it to a theorem prover with which it was proven.

6 citations

•

01 Jan 2004TL;DR: A new technique to derive induction schemes for mutually recursive programs by using strongly connected components of complete call graphs to derive a well founded ordering and induction scheme is proposed.

Abstract: Sparkle is a proof assistant designed for the lazy evaluating functional programming language Clean. It is designed with the clear objective in mind that proofs of first order logical predicates on programs should be as easy as possible for programmers. Since recursion is at the heart of functional languages, support for recursive reasoning should be as exhaustive as possible. Until now the induction tactic in Sparkle was rather basic. We have extended Sparkle with two standard techniques to perform inductive and co-inductive reasoning about programs. By means of examples, we show from research papers how they benefit the programmer. More importantly, we propose a new technique to derive induction schemes for mutually recursive programs by using strongly connected components of complete call graphs to derive a well founded ordering and induction scheme. These induction schemes can be used to semi-automatically prove properties of programs out of reach of other automated proof techniques. Together this extends the realm of programs for which easy proofs in Sparkle can be constructed by the programmer.

6 citations

##### Cited by

More filters

•

01 Jan 2009

TL;DR: A simple prototype of a dedicated theorem prover for the functional language Clean is described and an examination is made of the work that needs to be done to extend the prototype to a fully operational and truly useful programming tool.

Abstract: Theorem proving for functional programming languages can be made much easier by the availability of a dedicated theorem prover. A theorem prover is dedicated to a specific programming language when it fully supports the syntax and semantics of the language and offers specialized proving support for it. Using a dedicated theorem prover is easy, because one can reason about a developed program without having to translate it. However, no suited dedicated theorem prover for a functional language exists yet. This paper describes a simple prototype of a dedicated theorem prover for the functional language Clean. A description of the possibilities of the prototype is given and an examination is made of the work that needs to be done to extend the prototype to a fully operational and truly useful programming tool. Also example proofs of some basic properties and of a graph transformation are given.

96 citations

•

01 Jan 1996

TL;DR: A case study on the formal development of a reactor safety system and an example of use of formal methods to debug an embedded software.

Abstract: How did software get so reliable without proof?.- A case study on the formal development of a reactor safety system.- Test automation for safety-critical systems: Industrial application and future developments.- Quantitative analysis of an application of formal methods.- Applying the B technologies to CICS.- Refining action systems within B-Tool.- Integrating action systems and Z in a medical system specification.- Formalizing Anaesthesia: A case study in formal specification.- A new system engineering methodology coupling formal specification and performance evaluation.- Formalizing new navigation requirements for NASA's Space Shuttle.- Combining VDM-SL specifications with C++ code.- Data reification without explicit abstraction functions.- Formal and informal specifications of a secure system component: Final results in a comparative study.- Visual verification of safety and liveness.- Graphical development of consistent system specifications.- Deduction in the Verification Support Environment (VSE).- Consistency and refinement for partial specification in Z.- Combining statecharts and Z for the design of safety-critical control systems.- Integrating real-time scheduling theory and program refinement.- Using a logical and categorical approach for the validation of fault-tolerant systems.- Local nondeterminism in asynchronously communicating processes.- Identification of and solutions to shortcomings of LCL, a Larch/C interface specification language.- Formal specification and verification of the pGVT algorithm.- Automatic verification of a hydroelectric power plant.- Experiences in embedded scheduling.- Model checking in practice: An analysis of the ACCESS.bus (TM) protocol using SPIN.- The incremental development of correct specifications for distributed systems.- A theory of distributing train rescheduling.- An improved translation of SA/RT specification model to high-level timed Petri nets.- From testing theory to test driver implementation.- Program slicing using weakest preconditions.- A formal approach to architectural design patterns.- Modular completeness: Integrating the reuse of specified software in top-down program development.- A strategic approach to transformational design.- Correct and user-friendly implementations of transformation systems.- An example of use of formal methods to debug an embedded software.- Experiments in theorem proving and model checking for protocol verification.- Procedure-level verification of real-time concurrent systems.

70 citations

•

01 Jan 2013

TL;DR: Using PVS (Prototype Verification System), it is proved that an industry designed scheduler for a smartcard personalization machine is safe and optimal and shows that theorem provers can be successfully used for industrial problems in cases where model checkers suffer from state explosion.

Abstract: Using PVS (Prototype Verification System), we prove that an industry designed scheduler for a smartcard personalization machine is safe and optimal. This scheduler has previously been the subject of research in model checked scheduling synthesis and verification. These verification and synthesis efforts had only been done for a limited number of personalization stations. We have created an executable model and have proven the scheduling algorithm to be optimal and safe for any number of personalization stations. This result shows that theorem provers can be successfully used for industrial problems in cases where model checkers suffer from state explosion.

41 citations

••

24 Sep 2013TL;DR: A realistic user interface is rigorously developed for the US Food and Drug Administration (FDA) Generic Patient Controlled Analgesia (GPCA) pump prototype, intended as a realistic workbench for trialling development methods and techniques for improving the safety of such devices.

Abstract: A realistic user interface is rigorously developed for the US Food and Drug Administration (FDA) Generic Patient Controlled Analgesia (GPCA) pump prototype. The GPCA pump prototype is intended as a realistic workbench for trialling development methods and techniques for improving the safety of such devices. A model-based approach based on the use of formal methods is illustrated and implemented within the Prototype Verification System (PVS) verification system. The user interface behaviour is formally specified as an executable PVS model. The specification is verified with the PVS theorem prover against relevant safety requirements provided by the FDA for the GPCA pump. The same specification is automatically translated into executable code through the PVS code generator, and hence a high fidelity prototype is then developed that incorporates the generated executable code.

28 citations

••

22 Jul 2015TL;DR: A new approach to validating software implementations that have been produced from formally-verified algorithms, which is based on animation of formal specifications, compares the outputs computed by the software implementations on a given suite of input values to the outputs compute by the formal models on the same inputs, and determines if they are equal up to a given tolerance.

Abstract: This paper explores a new approach to validating software implementations that have been produced from formally-verified algorithms. Although visual inspection gives some confidence that the implementations faithfully reflect the formal models, it does not provide complete assurance that the software is correct. The proposed approach, which is based on animation of formal specifications, compares the outputs computed by the software implementations on a given suite of input values to the outputs computed by the formal models on the same inputs, and determines if they are equal up to a given tolerance. The approach is illustrated on a prototype air traffic management system that computes simple kinematic trajectories for aircraft. Proofs for the mathematical models of the system’s algorithms are carried out in the Prototype Verification System (PVS). The animation tool PVSio is used to evaluate the formal models on a set of randomly generated test cases. Output values computed by PVSio are compared against output values computed by the actual software. This comparison improves the assurance that the translation from formal models to code is faithful and that, for example, floating point errors do not greatly affect correctness and safety properties.

21 citations