Results 1  10
of
14
Natural termination
 Theoretical Computer Science
"... Abstract. We generalize the various path orderings and the conditions under which they work, and describe an implementation of this general ordering. We look at methods for proving termination of orthogonal systems and give a new solution to a problem of Zantema's. 1 ..."
Abstract

Cited by 83 (11 self)
 Add to MetaCart
Abstract. We generalize the various path orderings and the conditions under which they work, and describe an implementation of this general ordering. We look at methods for proving termination of orthogonal systems and give a new solution to a problem of Zantema's. 1
Constructing Recursion Operators in Intuitionistic Type Theory
 Journal of Symbolic Computation
, 1984
"... MartinLöf's Intuitionistic Theory of Types is becoming popular for formal reasoning about computer programs. To handle recursion schemes other than primitive recursion, a theory of wellfounded relations is presented. Using primitive recursion over higher types, induction and recursion are formally ..."
Abstract

Cited by 22 (5 self)
 Add to MetaCart
MartinLöf's Intuitionistic Theory of Types is becoming popular for formal reasoning about computer programs. To handle recursion schemes other than primitive recursion, a theory of wellfounded relations is presented. Using primitive recursion over higher types, induction and recursion are formally derived for a large class of wellfounded relations. Included are < on natural numbers, and relations formed by inverse images, addition, multiplication, and exponentiation of other relations. The constructions are given in full detail to allow their use in theorem provers for Type Theory, such as Nuprl. The theory is compared with work in the field of ordinal recursion over higher types.
Proving theorems about Java and the JVM with ACL2
 Models, Algebras and Logic of Engineering Software
, 2003
"... We describe a methodology for proving theorems mechanically about Java methods. The theorem prover used is the ACL2 system, an industrialstrength version of the BoyerMoore theorem prover. An operational semantics for a substantial subset of the Java Virtual Machine (JVM) has been defined in ACL2. ..."
Abstract

Cited by 19 (10 self)
 Add to MetaCart
We describe a methodology for proving theorems mechanically about Java methods. The theorem prover used is the ACL2 system, an industrialstrength version of the BoyerMoore theorem prover. An operational semantics for a substantial subset of the Java Virtual Machine (JVM) has been defined in ACL2. Theorems are proved about Java methods and classes by compiling them with javac and then proving the corresponding theorem about the JVM. Certain automatically applied strategies are implemented with rewrite rules (and other proofguiding pragmas) in ACL2 “books” to control the theorem prover when operating on problems involving the JVM model. The Java Virtual Machine or JVM [27] is the basic abstraction Java [17] implementors are expected to respect. We speculate that the JVM is an appropriate level of abstraction at which to model Java programs with the intention of mechanically verifying their properties. The most complex features of the Java subset we handle – construction and initialization of new objects, synchronization, thread management, and virtual method invocation – are all supported directly and with full abstraction as single atomic instructions in the JVM. The complexity of verifying JVM bytecode program stems from the complexity of Java’s semantics, not
A Precise Description of the ACL2 Logic
 Department of Computer Sciences, University of Texas at Austin
, 1998
"... The ACL2 logic is a firstorder, essentially quantifierfree logic of total recursive functions providing mathematical induction and several extension principles, including symbol package definition and recursive function definition. In this document we describe the logic more precisely. 1 Backgroun ..."
Abstract

Cited by 11 (4 self)
 Add to MetaCart
The ACL2 logic is a firstorder, essentially quantifierfree logic of total recursive functions providing mathematical induction and several extension principles, including symbol package definition and recursive function definition. In this document we describe the logic more precisely. 1 Background Naively speaking, a mathematical logic is given by a formal language, some axioms in that language, and some rules of inference that permit one to derive new formulas, called "theorems," from those axioms. To "prove" a theorem one shows how to derive it from the axioms using the rules of inference. This game is very challenging. Even for very simple sets of axioms and rules, the resulting theorems are often nonobvious. What prevents logic from being merely an academic game is that, like most of mathematics, it can be related to our ordinary experience. In particular, it is often possible to give meaning to the formulas in such a way that the axioms are all accepted as truths and the rule...
Dependent type theory of stateful higherorder functions
, 2005
"... In this paper we investigate a logic for reasoning about programs with higherorder functions and effectful features like nontermination and state with aliasing. We propose a dependent type theory HTT (short for Hoare Type Theory), where types serve as program specifications. In case of effectful p ..."
Abstract

Cited by 7 (2 self)
 Add to MetaCart
In this paper we investigate a logic for reasoning about programs with higherorder functions and effectful features like nontermination and state with aliasing. We propose a dependent type theory HTT (short for Hoare Type Theory), where types serve as program specifications. In case of effectful programs, the type of Hoare triples {P}x:A{Q} specifies the precondition P, the type of the return result A, and the postcondition Q. By CurryHoward isomorphism, a dependent type theory may be viewed as a functional programming language. From this perspective, the type of Hoare triples is a monad, and HTT is a monadic language, whose pure fragment consists of higherorder functions, while the effectful fragment is a full Turingcomplete imperative language with conditionals, loops, recursion and commands for stateful operations like allocation, lookup and mutation of location content. 1
Strong Normalisation Proofs for Cut Elimination in Gentzen's Sequent Calculi
, 1996
"... We define a variant LKsp of the Gentzen sequent calculus LK. In LKsp weakenings or contractions can be done in parallel. This modification allows us to interpret a symmetrical system of mix elimination rules ELKsp by a finite rewriting system; the termination of this rewriting system can be checked ..."
Abstract

Cited by 6 (0 self)
 Add to MetaCart
We define a variant LKsp of the Gentzen sequent calculus LK. In LKsp weakenings or contractions can be done in parallel. This modification allows us to interpret a symmetrical system of mix elimination rules ELKsp by a finite rewriting system; the termination of this rewriting system can be checked by machines. We give also a selfcontained strong normalisation proof by structural induction. We give another strong normalisation proof by a strictly monotone subrecursive interpretation; this interpretation gives subrecursive bounds for the length of derivations. We give a strong normalisation proof by applying orthogonal term rewriting results for a confluent restriction of the mix elimination system ELKsp .
Ordinals and Interactive Programs
, 2000
"... The work reported in this thesis arises from the old idea, going back to the origins of constructive logic, that a proof is fundamentally a kind of program. If proofs can be ..."
Abstract

Cited by 5 (2 self)
 Add to MetaCart
The work reported in this thesis arises from the old idea, going back to the origins of constructive logic, that a proof is fundamentally a kind of program. If proofs can be
Strong Normalization Proofs for Cut Elimination in Gentzen's Sequent Calculi
 Banach Center Publication
, 1999
"... We define an equivalent variant LK sp of the Gentzen sequent calculus LK. In LK sp weakenings or contractions can be performed in parallel. This modification allows us to interpret a symmetrical system of mix elimination rules by a finite rewriting system; the termination of this rewriting system ..."
Abstract

Cited by 4 (0 self)
 Add to MetaCart
We define an equivalent variant LK sp of the Gentzen sequent calculus LK. In LK sp weakenings or contractions can be performed in parallel. This modification allows us to interpret a symmetrical system of mix elimination rules by a finite rewriting system; the termination of this rewriting system can be machine checked. We give also a selfcontained strong normalization proof by structural induction. We give another strong normalization proof by a strictly monotone subrecursive interpretation; this interpretation gives subrecursive bounds for the length of derivations. We give a strong normalization proof by applying orthogonal term rewriting results for a confluent restriction of the mix elimination system .
Lexicographic Path Induction
"... Abstract. Programming languages theory is full of problems that reduce to proving the consistency of a logic, such as the normalization of typed lambdacalculi, the decidability of equality in type theory, equivalence testing of traces in security, etc. Although the principle of transfinite inductio ..."
Abstract
 Add to MetaCart
Abstract. Programming languages theory is full of problems that reduce to proving the consistency of a logic, such as the normalization of typed lambdacalculi, the decidability of equality in type theory, equivalence testing of traces in security, etc. Although the principle of transfinite induction is routinely employed by logicians in proving such theorems, it is rarely used by programming languages researchers who often prefer alternatives such as proofs by logical relations and model theoretic constructions. In this paper we harness the wellfoundedness of the lexicographic path ordering to derive an induction principle that combines the comfort of structural induction with the expressive strength of transfinite induction. Using lexicographic path induction, we give a consistency proof of MartinLöf’s intuitionistic theory of inductive definitions. The consistency of Heyting arithmetic follows directly, and weak normalization for Gödel’s T follows indirectly; both have been formalized in a prototypical extension of Twelf. 1
Mechanized Operational Semantics: The M Story
"... In this paper we explain how to formalize an “operational” or “statetransition” semantics of a von Neumann programming language in a functional programming language. By adopting an “interpretive” style, one can execute the model in the functional language to “run” programs in the von Neumann langua ..."
Abstract
 Add to MetaCart
In this paper we explain how to formalize an “operational” or “statetransition” semantics of a von Neumann programming language in a functional programming language. By adopting an “interpretive” style, one can execute the model in the functional language to “run” programs in the von Neumann language. Given the ability to reason about the functional language, one can use the model to reason about programs in the von Neumann language. In theory at least, such a formal semantics thus has a dual use: as a simulation engine and as an axiomatic basis for code proofs. The beauty of this approach is that no more logical machinery is needed than to support execution and proof in a functional language: no new program logics and no new metalogical tools like “verification condition generators” are needed. In this paper we will illustrate the techniques by formalizing a simple programming language called “M1,” for “Machine (or Model) 1.” It is loosely based on the Java Virtual Machine but has been simplified for pedagogical purposes. We will demonstrate the executability of M1 models. We will develop several styles of code proofs, including direct (symbolic simulation) proofs based on BoyerMoore “clock functions” and FloydHoare inductive assertion proofs. We construct proofs only for the the simplest of programs, namely an iterative factorial example. But to illustrate a more realistic use of the model, we discuss the correctness proof for an M1 implementation of the BoyerMoore fast string searching algorithm. We also define a compiler for a higher level language called “J1” and show how to do proofs about J1 code without benefit of a formal semantics for that code. Throughout we use the ACL2 logic and theorem proving system.