In this paper an attempt is made to explore the logical founda-tions of computer programming by use of techniques which were first applied in the study of geometry and have later been extended to other branches of mathematics. This in-volves the elucidation of sets of axioms and rules of inference which can be used in proofs of the properties of computer programs. Examples are given of such axioms and rules, and a formal proof of a simple theorem is displayed. Finally, it is argued that important advantages, both theoretical and prac-tical, may follow from a pursuance of these topics.

A method for combining decision procedures for several theories into a single decision procedure for their combination is described, and a simplifier based on this method is discussed. The simplifier finds a normal form for any expression formed from individual variables, the usual Boolean connectives, the equality predicate =, the conditional function if-then-else, the integers, the arithmetic functions and predicates +,-, and _<, the Lisp functions and predicates car, cdr, cons, and atom, the functions store and select for storing into and selecting from arrays, and uninterpreted function symbols. If the expression is a theorem it is simplified to the constant true, so the simplifier can be used as a decision procedure for the quantifier-free theory containing these functions and predicates. The simplifier is currently used in the Stanford Pascal Verifier.

We study Girard's Linear Logic from the point of view of giving a concrete computational interpretation of the logic, based on the Curry-Howard isomorphism. In the case of Intuitionistic Linear Logic, this leads to a refinement of the lambda calculus, giving finer control over order of evaluation and storage allocation, while maintaining the logical content of programs as proofs, and computation as cut-elimination.

General purpose truth maintenance systems have received considerable attention in the past few years. This paper discusses the functionality of truth maintenance systems and compares various existing algorithms. Applications and directions for future research are also discussed. Introduction In 1978 Jon Doyle wrote a masters thesis at the MIT AI Laboratory entitled "Truth Maintenance Systems for Problem Solving" [ Doyle, 1979 ] . In this thesis Doyle described an independent module called a truth maintenance system, or TMS, which maintained beliefs for general problem solving systems. In the twelve years since the appearance of Doyle's TMS a large body of literature has accumulated on truth maintenance. The seminal idea appears not to have been any particular technical mechanism but rather the general concept of an independent module for truth (or belief) maintenance. All truth maintenance systems manipulate proposition symbols and relationships between proposition symbols. I will use...

A lambda-calculus schema is an expression of the lambda calculus augmented by uninterpreted constant and operator symbols. It is an abstraction of programming languages such as LISP which permit functions to be passed to and returned from other functions. When given an interpretation for its constant and operator symbols, certain schemata, called lambda abstractions, naturally define partial functions over the domain of interpretation. Two implementation strategies are considered: the retention strategy in which all variable bindings are retained until no longer needed (implying the use of some sort of garbage-collected store) and the deletion strategy, modeled after the usual stack implementation of ALGOL 60, in which variable bindings are destroyed when control leaves the procedure (or block) in which they were created. Not all lambda abstractions evaluate correctly under the deletion strategy. Nevertheless, both strategies are equally powerful in the sense that any lambda abstraction can be mechanically translated into another that evaluates correctly under the deletion strategy and defines the same partial function over the domain of interpretation as the original. Proof is by translation into continuation-passing style.

We begin to lay the foundations for reasoning about proofs whose steps include both invocations of programs to build subproofs (tactics) and references to representations of proofs themselves (reflected proofs). The main result is the definition of a single type of proof which can mention itself, using a new technique which finds a fixed point of a mapping between metalanguage and object language. This single type contrasts with hierarchies of types used in other approaches to accomplish the same classification. We show that these proofs are valid, and that every proof can be reduced to a proof involving only primitive inference rules. We also show how to extend the results to proofs from which programs (such as tactics) can be derived, and to proofs that can refer to a library of definitions and previously proven theorems. We believe that the mechanism of reflection is fundamental in building proof development systems, and we illustrate its power with applications to automating reasoning and describing modes of computation.

This paper discusses the technique of structural induction for proving theorems about programs. This technique is closely related to recursion induction but makes use of the inductive definition of the data structures handled by the programs. It treats programs with recursion but without assignments or jumps. Some syntactic extensions to Landin's functional programming language ISWIM are suggested which make it easier to program the manipulation of data structures and to develop proofs about such programs. Two sample proofs are given to demonstrate the technique, one for a tree sorting algorithm and one for a simple compiler for expressions. (First received April 1968 and in revised form August 1968) Since the problem of proving that computer programs really do what their inventors allege them to do was discussed by McCarthy (1963), there has been considerable progress and proofs have been produced for non-trivial programs such as a simple compiler (Painter, 1967;

Abstract. This contribution proposes a set of criteria that distinguish a grand challenge in science or engineering from the many other kinds of short-term or long-term research problems that engage the interest of scientists and engineers. As an example drawn from Computer Science, it revives an old challenge: the construction and application of a verifying compiler that guarantees correctness of a program before running it. Introduction. The primary purpose of the formulation and promulgation of a grand challenge is the advancement of science or engineering. A grand challenge represents a commitment by a significant section of the research community to work together towards a common goal, agreed to be valuable and achievable by a team effort within a predicted timescale. The challenge is formulated by the

We review the origins of structural operational semantics. The main publication ‘A Structural Approach to Operational Semantics, ’ also known as the ‘Aarhus Notes, ’ appeared in 1981 [G.D. Plotkin, A structural approach to operational semantics, DAIMI FN-19, Computer Science Department, Aarhus University, 1981]. The development of the ideas dates back to the early 1970s, involving many people and building on previous work on programming languages and logic. The former included abstract syntax, the SECD machine, and the abstract interpreting machines of the Vienna school; the latter included the λ-calculus and formal systems. The initial development of structural operational semantics was for simple functional languages, more or less variations of the λ-calculus; after that the ideas were gradually extended to include languages with parallel features, such as Milner’s CCS. This experience set the ground for a more systematic exposition, the subject of an invited course of lectures at Aarhus University; some of these appeared in print as the 1981 Notes. We discuss the content of these lectures and some related considerations such as ‘small state’ versus ‘grand state, ’ structural versus compositional semantics, the influence of the Scott–Strachey approach to denotational semantics, the treatment of recursion and jumps, and static semantics. We next discuss relations with other work and some immediate further development. We conclude with an account of an old, previously unpublished, idea: an alternative, perhaps more readable, graphical presentation of systems of rules for operational semantics.

An adaptive computation maintains the relationship between its input and output as the input changes. Although various techniques for adaptive computing have been proposed, they remain limited in their scope of applicability. We propose a general mechanism for adaptive computing that enables one to make any purely-functional program adaptive. We show