ed to be true under the valuation u iff there exists an a 2 N such that the formula x = y is true under the valuation u[x=a], where u[x=a] agrees with u everywhere except x, on which it takes the value a. This definition involves a metalogical operation that produces u[x=a] from u for all possible values a 2 N. This operation becomes explicit in DL in the form of the program x := ?, called a nondeterministic or wildcard assignment. This is a rather unconventional program, since it is not effective; however, it is quite useful as a descriptive tool. A more conventional way to obtain a square root of y, if it exists, would be the program x := 0 ; while x < y do x := x + 1: (1) In DL, such programs are first-class objects on a par with formulas, complete with a collection of operators for forming compound programs inductively from a basis of primitive programs. To discuss the effect of the execution of a program on the truth of a formula ', DL uses a modal construct <>', which

This thesis is primarily about the design of formal programming environments for building large software systems. This work articulates two principles and uses them to guide the design, implementation, and study of a specific formal programming environment. First, design methods for large software systems will include multiple languages, methodologies, and refinement techniques that are suited to problem subdomains. This means that any formal system must provide the ability to define multiple logics, and it is by definition a logical framework. Second, the framework must provide the ability to express formal relations between logical theories to address the problem of system decomposition. This thesis also presents the the MetaPRL formal system. MetaPRL was built to provide a modular, abstract logical framework where multiple designs can be expressed and related. The MetaPRL design builds on our experience with logical frameworks and with structured programming concepts like inheritance and re-use to provide an efficient, highly abstract, logical machine. The contribution includes several parts. • The development of an untyped meta-logic using explicit substitution. • The definition of a very-dependent function type in the Nuprl type theory. • A system architecture for generic multi-logical development. • A generic refiner that provides automation and enforcement for the multiple logical theories in logical environment. • A module system for logics and theories. • A generic distributed interactive theorem prover. BIOGRAPHICAL SKETCH Jason Jonathan Hickey was born in 1963 in a small town called Delano in the heart of California’s central San Jaoquin valley. Jason’s early experiences included the fulfillment of various agricultural obligations with

We use the appeal of simplicity and an aversion to complexity in selecting a method for handling partial functions in logic. We conclude that avoiding the undefined by using underspecification is the preferred choice.

Dynamic algebras combine the classes of Boolean (B 0 0) and regular (R [ ; ) algebras into a single finitely axiomatized variety (B R 3) resembling an R-module with "scalar" multiplication 3. The basic result is that is reflexive transitive closure, contrary to the intuition that this concept should require quantifiers for its definition. Using this result we give several examples of dynamic algebras arising naturally in connection with additive functions, binary relations, state trajectories, languages, and flowcharts. The main result is that free dynamic algebras are residually finite (i.e. factor as a subdirect product of finite dynamic algebras), important because finite separable dynamic algebras are isomorphic to Kripke structures. Applications include a new completeness proof for the Segerberg axiomatization of propositional dynamic logic, and yet another notion of regular algebra. Key words: Dynamic algebra, logic, program verification, regular algebra. This paper or...

Computer programs may be regarded as formal mathematical objects whose properties are subject to mathematical proof. Program verification is the use of formal, mathematical techniques to debug software and software specifications. 1. Code Verification How are the properties of computer programs proved? We discuss three approaches in this article: inductive invariants, functional semantics, and explicit semantics. Because the first approach has received by far the most attention, it has produced the most impressive results to date. However, the field is now moving away from the inductive invariant approach. 1.1. Inductive Assertions The so-called Floyd-Hoare inductive assertion method of program verification [25, 33] has its roots in the classic Goldstine and von Neumann reports [53] and handles the usual kind of programming language, of which FORTRAN is perhaps the best example. In this style of verification, the specifier &quot;annotates &quot; certain points in the program with mathematical assertions that are supposed to describe relations that hold between the program variables and the initial input values each time &quot;control &quot; reaches the annotated point. Among these assertions are some that characterize acceptable input and the desired output. By exploring all possible paths from one assertion to the next and analyzing the effects of intervening program statements it is possible to reduce the correctness of the program to the problem of proving certain derived formulas called verification conditions. Below we illustrate the idea with a simple program for computing the factorial of its integer input N flowchart assertion start with input(N) input N A: = 1 N = 0 yes stop with? answer A

MetaPRL is the latest system to come out of over twenty five years of research by the Cornell PRL group. While initially created at Cornell, MetaPRL is currently a collaborative project involving several universities in several countries. The MetaPRL system combines the properties of an interactive LCF-style tactic-based proof assistant, a logical framework, a logical programming environment, and a formal methods programming toolkit. MetaPRL is distributed under an open-source license and can be downloaded from http://metaprl.org/. This paper provides an overview of the system focusing on the features that did not exist in the previous generations of PRL systems.

Two major themes of my research have been finite model theory and the automata theoretic approach. Boaz Trakhtenbrot laid the foundations in both areas. In 1950, he proved the undecidability of the satisfiability in the finite problem for first-order logic. His contributions to the automata-theoretic approach are described in this paper. I met Boaz in a seminar in 1981, when I was a doctoral student. Little did I know then that his work would have such a profound impact on my future research. Abstract. One of the surprising developments in the area of program verification is how ideas introduced originally by logicians in the 1950s ended up yielding by 2003 an industrial-standard property-specification language called PSL. This development was enabled by the equally unlikely transformation of the mathematical machinery of automata on infinite words, introduced in the early 1960s for second-order arithmetics, into effective algorithms for model-checking tools. This paper attempts to trace the tangled threads of this development.

This thesis is primarily about the design of formal programming environments for building large software systems. This work articulates two principles and uses them to guide the design, implementation, and study of a specific formal programming environment. First, design methods for large software systems will include multiple languages, methodologies, and refinement techniques that are suited to problem subdomains. This means that any formal system must provide the ability to define multiple logics, and it is by definition a logical framework. Second, the framework must provide the ability to express formal relations between logical theories to address the problem of system decomposition. This thesis also presents the the MetaPRL formal system. MetaPRL was built to provide a modular, abstract logical framework where multiple designs can be expressed and related. The MetaPRL design builds on our experience with logical frameworks and with structured programming concepts like inheritance and re-use to provide an efficient, highly abstract, logical machine. The contribution includes several parts. • The development of an untyped meta-logic using explicit substitution. • The definition of a very-dependent function type in the Nuprl type theory. • A system architecture for generic multi-logical development. • A generic refiner that provides automation and enforcement for the multiple logical theories in logical environment. • A module system for logics and theories. • A generic distributed interactive theorem prover.

Programs are not text; they are hierarchical compositions of computational structures and should be edited, executed, and debugged in an environment that consistently acknowledges and reinforces this viewpoint. The Cornell Program Synthesizer demands a structural perspective at all stages of program development. Its separate features are unified by a common foundation: a grammar for the programming language. Its full-screen derivation-tree editor and syntax-directed diagnostic interpreter combine to make the Synthesizer a powerful and responsive interactive programming tool. Key Words and Phrases: programming environment, program development system, syntax-directed editor,