Results 1  10
of
11
Inductive assertions and operational semantics
 CHARME 2003. Volume 2860 of LNCS., SpringerVerlag
, 2003
"... Abstract. This paper shows how classic inductive assertions can be used in conjunction with an operational semantics to prove partial correctness properties of programs. The method imposes only the proof obligations that would be produced by a verification condition generator but does not require th ..."
Abstract

Cited by 28 (8 self)
 Add to MetaCart
(Show Context)
Abstract. This paper shows how classic inductive assertions can be used in conjunction with an operational semantics to prove partial correctness properties of programs. The method imposes only the proof obligations that would be produced by a verification condition generator but does not require the definition of a verification condition generation. The paper focuses on iterative programs but recursive programs are briefly discussed. Assertions are attached to the program by defining a predicate on states. This predicate is then “completed ” to an alleged invariant by the definition of a partial function defined in terms of the state transition function of the operational semantics. If this alleged invariant can be proved to be an invariant under the state transition function, it follows that the assertions are true every time they are encountered in execution and thus that the postcondition is true if reached from a state satisfying the precondition. But because of the manner in which the alleged invariant is defined, the verification conditions are sufficient to prove invariance. Indeed, the “natural ” proof generates the classical verification conditions as subgoals. The invariant function may be thought of as a statebased verification condition generator for the annotated program. The method allows standard inductive assertion style proofs to be constructed directly in an operational semantics setting. The technique is demonstrated by proving the partial correctness of simple bytecode programs with respect to a preexisting operational model of the Java Virtual Machine. 1
D.: Partial Clock Functions in ACL2
 5th ACL2 Workshop. (2004
, 2004
"... Abstract J Moore has discovered an elegant approach for verifying state invariants of imperative programs without having to write a verification condition generator (VCG) or clock function. Users need only make assertions about selected cutpoint instructions of a program, such as loop tests and subr ..."
Abstract

Cited by 4 (3 self)
 Add to MetaCart
(Show Context)
Abstract J Moore has discovered an elegant approach for verifying state invariants of imperative programs without having to write a verification condition generator (VCG) or clock function. Users need only make assertions about selected cutpoint instructions of a program, such as loop tests and subroutine entry and exit points. ACL2's rewriter is then used to automatically propagate these assertions through the intervening instructions.
A mechanized program verifier
 In IFIP Working Conference on the Program Verifier Challenge
, 2005
"... Abstract. In my view, the “verification problem ” is the theorem proving problem, restricted to a computational logic. My approach is: adopt a functional programming language, build a general purpose formal reasoning engine around it, integrate it into a program and proof development environment, an ..."
Abstract

Cited by 3 (0 self)
 Add to MetaCart
(Show Context)
Abstract. In my view, the “verification problem ” is the theorem proving problem, restricted to a computational logic. My approach is: adopt a functional programming language, build a general purpose formal reasoning engine around it, integrate it into a program and proof development environment, and apply it to model and verify a wide variety of computing artifacts, usually modeled operationally within the functional programming language. Everything done in this approach is software verification since the models are runnable programs in a subset of an ANSI standard programming language (Common Lisp). But this approach is of interest to proponents of other approaches (e.g., verification of procedural programs or synthesis) because of the nature of the mathematics of computing. I summarize the progress so far using this approach, sketch the key research challenges ahead and describe my vision of the role and shape of a useful verification system. 1
Using Theorem Proving and Algorithmic Decision Procedures for LargeScale System Verification
, 2005
"... To the few people who believed I could do it even when I myself didn’t Acknowledgments This dissertation has been shaped by many people, including my teachers, collaborators, friends, and family. I would like to take this opportunity to acknowledge the influence they have had in my development as a ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
(Show Context)
To the few people who believed I could do it even when I myself didn’t Acknowledgments This dissertation has been shaped by many people, including my teachers, collaborators, friends, and family. I would like to take this opportunity to acknowledge the influence they have had in my development as a person and as a scientist. First and foremost, I wish to thank my advisor J Strother Moore. J is an amazing advisor, a marvellous collaborator, an insightful researcher, an empathetic teacher, and a truly great human being. He gave me just the right balance of freedom, encouragement, and direction to guide the course of this research. My stimulating discussions with him made the act of research an experience of pure enjoyment, and helped pull me out of many low ebbs. At one point I used to believe that whenever I was stuck with a problem one meeting with J would get me back on track. Furthermore, my times together with J and Jo during Thanksgivings and other occasions always made me feel part of his family. There was no problem, technical or otherwise, that I could not discuss with J, and there was no time when
Proof Pearl: Proving a Simple Von Neumann Machine Turing Complete
"... Abstract. In this paper we sketch an ACL2checked proof that a simple but unbounded Von Neumann machine model is Turing Complete, i.e., can do anything a Turing machine can do. The project formally revisits the roots of computer science. It requires refamiliarizing oneself with the definitive model ..."
Abstract
 Add to MetaCart
(Show Context)
Abstract. In this paper we sketch an ACL2checked proof that a simple but unbounded Von Neumann machine model is Turing Complete, i.e., can do anything a Turing machine can do. The project formally revisits the roots of computer science. It requires refamiliarizing oneself with the definitive model of computation from the 1930s, dealing with a simple “modern ” machine model, thinking carefully about the formal statement of an important theorem and the specification of both total and partial programs, writing a verifying compiler, including implementing an X86like call/return protocol and implementing computed jumps, codifying a code proof strategy, and a little “creative ” reasoning about the nontermination of two machines.
Greg LavenderFormal Specification and Verification of a JVM and its Bytecode Verifier
, 2006
"... I would like to first thank my advisor J Strother Moore for his support and advice. He gave me just the right balance of freedom, encouragement, and direction for me to pursue the research work that leads to this dissertation. I am grateful to my committee members for their helpful feedbacks. Specia ..."
Abstract
 Add to MetaCart
(Show Context)
I would like to first thank my advisor J Strother Moore for his support and advice. He gave me just the right balance of freedom, encouragement, and direction for me to pursue the research work that leads to this dissertation. I am grateful to my committee members for their helpful feedbacks. Special thanks are due to William Cook and David Hardin for their careful critique and helpful suggestions. I am in debt to Sandip Ray and Robert Krug for reading and commenting on drafts of this dissertation. The remaining errors are solely mine. I also thank my fellow members of the ACL2 research group at University of Texas for many things. These people helped to make my years in
General Terms
"... We investigate the logical issues behind axiomatizing equations that contain both recursive calls and quantifiers in ACL2. We identify a class of such equations, named extended tailrecursive equations, that can be uniformly introduced in the logic. We point out some potential benefits of this axiom ..."
Abstract
 Add to MetaCart
(Show Context)
We investigate the logical issues behind axiomatizing equations that contain both recursive calls and quantifiers in ACL2. We identify a class of such equations, named extended tailrecursive equations, that can be uniformly introduced in the logic. We point out some potential benefits of this axiomatization, and discuss the logical impediments behind introducing more general quantified formulas.
Integrating External Deduction Tools with
"... We present an interface connecting the ACL2 theorem prover with external deduction tools. The ACL2 logic contains several mechanisms for proof structuring, which are important to the construction of industrialscale proofs. The complexity induced by these mechanisms makes the design of the interface ..."
Abstract
 Add to MetaCart
We present an interface connecting the ACL2 theorem prover with external deduction tools. The ACL2 logic contains several mechanisms for proof structuring, which are important to the construction of industrialscale proofs. The complexity induced by these mechanisms makes the design of the interface challenging. We discuss some of the challenges, and develop a precise specification of the requirements on the external tools for a sound connection with ACL2. We also develop constructs within ACL2 to enable the developers of external tools to satisfy our specifications. The interface is available with the ACL2 theorem prover starting from Version 3.2, and we describe several applications of the interface. Key words: automated reasoning, decision procedures, firstorder logic, interfaces, theorem proving Preprint submitted to Elsevier 1
General Terms
"... We investigate the logical issues behind axiomatizing equations that contain both recursive calls and quantifiers in ACL2. We identify a class of such equations, named extended tailrecursive equations, that can be uniformly introduced in the logic. We point out some potential benefits of this axiom ..."
Abstract
 Add to MetaCart
(Show Context)
We investigate the logical issues behind axiomatizing equations that contain both recursive calls and quantifiers in ACL2. We identify a class of such equations, named extended tailrecursive equations, that can be uniformly introduced in the logic. We point out some potential benefits of this axiomatization, and discuss the logical impediments behind introducing more general quantified formulas.
Quantification in Tailrecursive Function Definitions
"... ABSTRACT We investigate the logical issues behind axiomatizing equations that contain both recursive calls and quantifiers in ACL2. We identify a class of such equations, named extended tailrecursive equations, that can be uniformly introduced in the logic. We point out some potential benefits of t ..."
Abstract
 Add to MetaCart
(Show Context)
ABSTRACT We investigate the logical issues behind axiomatizing equations that contain both recursive calls and quantifiers in ACL2. We identify a class of such equations, named extended tailrecursive equations, that can be uniformly introduced in the logic. We point out some potential benefits of this axiomatization, and discuss the logical impediments behind introducing more general quantified formulas.