Compositional Proofs of Concurrent Programs Lawrence C. Paulson Computer Laboratory, University of Cambridge 1 Previous Research and Track Record This proposal concerns proving the correctness of programs expressed in the UNITY formalism. Under an existing EPSRC project, Paulson has already devel- oped an environment for verifying UNITY programs. The environment is based on and distributed with Isabelle, a proof assistant developed at Cambridge. The nov- elty in this proposal is to allow program components to be specified and verified independently of one another. When a system is built from such components, the correctness proof should refer to the properties previously proved rather than re- garding the composite system as one giant program. Towards this end, researchers have published many proof methods [4, 12, 15]. By mechanizing these methods and performing case studies, the current project will subject their work to formal scrutiny. Should the methods turn out to work well in practice, then the mecha- nization will be useful in itself as a tool. The work will be done within the Cambridge Automated Reasoning Group. Hardware verification was pioneered here by Prof. M. J. C. Gordon and his stu- dents. Techniques such as the use of higher-order logic to model hardware spread from the Computer Laboratory into general acceptance. The group’s work con- tinues to attract worldwide attention. For example, John Harrison won the Distin- guished Dissertation Award for his thesis on verification involving floating-point arithmetic; his recent move to Intel Corp. is evidence that formal proof is relevant to industry. The group has built two of the most important proof environments used today, namely HOL and Isabelle. Isabelle (originated by Paulson) is a generic theorem prover. It supports interactive proof in several formal systems, including first-order logic, higher-order logic and Zermelo-Frankel set theory. Derived logics can be supported as well as primitive formalisms. Researchers have used Isabelle to sup- port complicated specification languages such as TLA [13] and Z [9]. Several recent projects at Cambridge involve Isabelle: • Combining HOL and Isabelle (SERC ref. GR/H40570), 1992-95. This project applied Isabelle to HOL-style problems, the main application being proof support for Lamport’s TLA (Temporal Logic of Actions) [10]. The project produced a detailed comparison between HOL and Isabelle. It sup- ported extensive development of Isabelle, in particular of its classical rea- 1