Results 1 
8 of
8
A Theorem Prover for a Computational Logic
, 1990
"... We briefly review a mechanical theoremprover for a logic of recursive functions over finitely generated objects including the integers, ordered pairs, and symbols. The prover, known both as NQTHM and as the BoyerMoore prover, contains a mechanized principle of induction and implementations of line ..."
Abstract

Cited by 24 (0 self)
 Add to MetaCart
We briefly review a mechanical theoremprover for a logic of recursive functions over finitely generated objects including the integers, ordered pairs, and symbols. The prover, known both as NQTHM and as the BoyerMoore prover, contains a mechanized principle of induction and implementations of linear resolution, rewriting, and arithmetic decision procedures. We describe some applications of the prover, including a proof of the correct implementation of a higher level language on a microprocessor defined at the gate level. We also describe the ongoing project of recoding the entire prover as an applicative function within its own logic.
Proof checking the RSA public key encryption algorithm
 American Mathematical Monthly
, 1984
"... The authors describe the use of a mechanical theoremprover to check the published proof of the invertibility of the public key encryption algorithm of Rivest, Shamir and Adleman: (M mod n) mod N=M, provided n is the product of two distinct primes p and q, M
Abstract

Cited by 22 (9 self)
 Add to MetaCart
The authors describe the use of a mechanical theoremprover to check the published proof of the invertibility of the public key encryption algorithm of Rivest, Shamir and Adleman: (M mod n) mod N=M, provided n is the product of two distinct primes p and q, M<n, and e and d are multiplicative inverses in the ring of integers modulo (p1)*(q1). Among the lemmas proved mechanically and used in the main proof are many familiar theorems of number theory, including Fermat’s theorem: M mod p=1, when p M. The axioms underlying the proofs are those of Peano arithmetic and ordered pairs. The development of mathematics toward greater precision has led, as is well known, to the formalization of large tracts of it, so that one can prove any theorem using nothing but a few mechanical rules. Godel [11] But formalized mathematics cannot in practice be written down in full, and therefore we must have confidence in what might be called the common sense of the mathematician... We shall therefore very quickly abandon formalized mathematics... Bourbaki [1] 1.
Program verification
 Journal of Automated Reasoning
, 1985
"... Computer programs may be regarded as formal mathematical objects whose properties are subject to mathematical proof. Program verification is the use of formal, mathematical techniques to debug software and software specifications. 1. Code Verification How are the properties of computer programs prov ..."
Abstract

Cited by 14 (4 self)
 Add to MetaCart
Computer programs may be regarded as formal mathematical objects whose properties are subject to mathematical proof. Program verification is the use of formal, mathematical techniques to debug software and software specifications. 1. Code Verification How are the properties of computer programs proved? We discuss three approaches in this article: inductive invariants, functional semantics, and explicit semantics. Because the first approach has received by far the most attention, it has produced the most impressive results to date. However, the field is now moving away from the inductive invariant approach. 1.1. Inductive Assertions The socalled FloydHoare inductive assertion method of program verification [25, 33] has its roots in the classic Goldstine and von Neumann reports [53] and handles the usual kind of programming language, of which FORTRAN is perhaps the best example. In this style of verification, the specifier "annotates " certain points in the program with mathematical assertions that are supposed to describe relations that hold between the program variables and the initial input values each time "control " reaches the annotated point. Among these assertions are some that characterize acceptable input and the desired output. By exploring all possible paths from one assertion to the next and analyzing the effects of intervening program statements it is possible to reduce the correctness of the program to the problem of proving certain derived formulas called verification conditions. Below we illustrate the idea with a simple program for computing the factorial of its integer input N flowchart assertion start with input(N) input N A: = 1 N = 0 yes stop with? answer A
Foundations of a Theory of Specification for Distributed Systems
, 1984
"... This thesis investigates a particular approach, called statetransition specification, to the problem of describing the behavior of modules in a distributed or concurrent computer ,stem. A statetransition specification consists off (1) a state machine, which incorporates the safety or invariance pr ..."
Abstract

Cited by 13 (2 self)
 Add to MetaCart
This thesis investigates a particular approach, called statetransition specification, to the problem of describing the behavior of modules in a distributed or concurrent computer ,stem. A statetransition specification consists off (1) a state machine, which incorporates the safety or invariance properties of the module, and (2) validity conditions on the computations of the machine, which'capture the desired liveness or eventu;lity properties. The theory and techniques of state. transition specification are developed'from first principles to a point at which it is possible to write example sPeCificatiOns,'to checkthe Specifications for coraiatency, and to perform correctlse examples.
Verification Of The Stenning Protocol
"... This report contains the transcript of a mechanical verification of the Stenning protocol [3]. A description of this protocol, as well as complete documentation on the methods used, can be found in a separate report [2]. Reference to this report is necessary, since the following material is not self ..."
Abstract

Cited by 3 (0 self)
 Add to MetaCart
This report contains the transcript of a mechanical verification of the Stenning protocol [3]. A description of this protocol, as well as complete documentation on the methods used, can be found in a separate report [2]. Reference to this report is necessary, since the following material is not selfcontained. The transcripts themselves were produced by the BoyerMoore theorem prover [1]. 2 VC Proof Log 27Jun82 09:54:20 ++++++++++++++++++++++++++++++++++++++++ Proof of VC 'TRANSPORT#1' (IMPLIES (AND (SENDER.EXT SOURCE ACK.IN PKT.OUT) (RECEIVER.EXT PKT.IN SINK ACK.OUT) (FOLLOWS PKT.IN PKT.OUT) (FOLLOWS ACK.IN ACK.OUT)) (INITIAL SINK SOURCE)) This formula can be simplified, using the abbreviations SENDER.EXT, AND, and IMPLIES, to: (IMPLIES (AND (CONSISTENT (QUOTE SEQNO) (QUOTE EQUAL) PKT.OUT) (EQUAL SOURCE (FAPPLY (QUOTE MSSG) (RANGE (LATEST (QUOTE SEQNO) PKT.OUT)))) (RECEIVER.EXT PKT.IN SINK ACK.OUT) (FOLLOWS PKT.IN PKT.OUT) (FOLLOWS ACK.IN ACK.OUT)) (INITIAL SINK SOURCE)), which we simplify, applying CONSISTENT.FOLLOWS, INITIAL.FAPPLY, INITIAL.CONSEC.FOLLOWS, NUMBERP.SEQNO, FOLLOWS.LATEST.CONSISTENT, PMAPP.LATEST, INITIAL.RANGE, and INITIAL.TRANS, and opening up RECEIVER.EXT and INITIAL, to: T. Q.E.D. 13069 conses 9.963 seconds 0.0 seconds, garbage collection time  VC Proof Log 27Jun82 09:55:11 ++++++++++++++++++++++++++++++++++++++++ Proof of VC 'SENDER#1' (SENDER.INT (NULL) (NULL) (NULL) (QUOTE IDLE) 3 0 0 (NULL) 0) This formula can be simplified, using the abbreviation SENDER.INT, to the following six new conjectures: Case 6. (PMAPP (QUOTE (1QUOTE NULL))), which simplifies, opening up PMAPP, to: T. Case 5. (NUMBERP 0). This simplifies, clearly, to: T. Case 4. (FOLLOWS (RANGE (QUOTE (1QUOTE NULL))) (QUOTE (1QUOTE NULL))),...
Verification of TCPlike Data Transport Functions
, 1982
"... This report contains the transcripts of a mechanical verification of the "Nano TCP protocol, " which is an abstract model of the data transfer functions of the TCP protocol [Postel 80]. A description of the Nano TCP protocol, as well as complete documentation on the verification methods, c ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
This report contains the transcripts of a mechanical verification of the "Nano TCP protocol, " which is an abstract model of the data transfer functions of the TCP protocol [Postel 80]. A description of the Nano TCP protocol, as well as complete documentation on the verification methods, can be found in a separate report [DiVito 82]. Reference to this report is necessary, since the following material is not selfcontained.
Reusable Problem Domain Theories
, 1982
"... One of the main reasons why constructing deductive proofs that programs satisfy their specifications can be very expensive in practice is the absence of reusable problem domain theories. These theories contain functions that define relevant concepts in the application area of the program, and they c ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
One of the main reasons why constructing deductive proofs that programs satisfy their specifications can be very expensive in practice is the absence of reusable problem domain theories. These theories contain functions that define relevant concepts in the application area of the program, and they contain properties that are deduced from these definitions. Presently, the cost of proving programs is highly inflated by the fact that we usually have to build a new problem domain theory for each new application. If we can develop reusable problem domain theories, the cost of specifying and proving programs in actual practice can be greatly reduced. The development of these theories also would have significant benefits for other aspects of computing science. This paper discusses the composition of problem domain theories and their relation to program specification and proof. REUSABLE PROBLEM DOMAIN THEORIES 2 Acknowledgements During its eight year existence, well over 50 people have contr...
Software Verification and Validation with Destiny: A parallel approach to automated theorem proving
"... This paper presents an introduction to computeraided theorem proving and a new approach using parallel processing to increase power and speed of computation. Automated theorem provers, along with human interpretation, have been shown to be powerful tools in verifying and validating computer softwar ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
This paper presents an introduction to computeraided theorem proving and a new approach using parallel processing to increase power and speed of computation. Automated theorem provers, along with human interpretation, have been shown to be powerful tools in verifying and validating computer software. Destiny, while still in developmental stages, has shown promise for deeper and more powerful analysis in the quest to marry a software program with its desired specification. Computer software development is a tedious process. Unlike hardware, software is easily, and therefore often, changed and updated. The ease to build and upgrade programs has yielded ideologies that include “build first, fix later, ” “if it runs, ship it, ” and “there will always be bugs, so only fix the worst ones. ” Additionally, the software development