Results 1  10
of
19
Metatheory and Reflection in Theorem Proving: A Survey and Critique
, 1995
"... One way to ensure correctness of the inference performed by computer theorem provers is to force all proofs to be done step by step in a simple, more or less traditional, deductive system. Using techniques pioneered in Edinburgh LCF, this can be made palatable. However, some believe such an appro ..."
Abstract

Cited by 55 (2 self)
 Add to MetaCart
One way to ensure correctness of the inference performed by computer theorem provers is to force all proofs to be done step by step in a simple, more or less traditional, deductive system. Using techniques pioneered in Edinburgh LCF, this can be made palatable. However, some believe such an approach will never be efficient enough for large, complex proofs. One alternative, commonly called reflection, is to analyze proofs using a second layer of logic, a metalogic, and so justify abbreviating or simplifying proofs, making the kinds of shortcuts humans often do or appealing to specialized decision algorithms. In this paper we contrast the fullyexpansive LCF approach with the use of reflection. We put forward arguments to suggest that the inadequacy of the LCF approach has not been adequately demonstrated, and neither has the practical utility of reflection (notwithstanding its undoubted intellectual interest). The LCF system with which we are most concerned is the HOL proof ...
Reasoning Theories  Towards an Architecture for Open Mechanized Reasoning Systems
, 1994
"... : Our ultimate goal is to provide a framework and a methodology which will allow users, and not only system developers, to construct complex reasoning systems by composing existing modules, or to add new modules to existing systems, in a "plug and play" manner. These modules and systems ..."
Abstract

Cited by 47 (11 self)
 Add to MetaCart
: Our ultimate goal is to provide a framework and a methodology which will allow users, and not only system developers, to construct complex reasoning systems by composing existing modules, or to add new modules to existing systems, in a "plug and play" manner. These modules and systems might be based on different logics; have different domain models; use different vocabularies and data structures; use different reasoning strategies; and have different interaction capabilities. This paper makes two main contributions towards our goal. First, it proposes a general architecture for a class of reasoning systems called Open Mechanized Reasoning Systems (OMRSs). An OMRS has three components: a reasoning theory component which is the counterpart of the logical notion of formal system, a control component which consists of a set of inference strategies, and an interaction component which provides an OMRS with the capability of interacting with other systems, including OMRSs and hum...
Integrating Automated and Interactive Theorem Proving
, 1998
"... Machine code ((Schellhorn and Ahrendt, 1997) and Chapter III.2.6). We use it as a reference or benchmark. Parts of it are repeated every now and then to evaluate the success of our integration concepts, see Section 7. In realistic applications in software verification, proof attempts are more likel ..."
Abstract

Cited by 32 (8 self)
 Add to MetaCart
Machine code ((Schellhorn and Ahrendt, 1997) and Chapter III.2.6). We use it as a reference or benchmark. Parts of it are repeated every now and then to evaluate the success of our integration concepts, see Section 7. In realistic applications in software verification, proof attempts are more likely to fail than to go through. This is because specifications, programs, I_3_16mod_a.tex; 9/03/1998; 13:09; p.2 INTEGRATED THEOREM PROVING 549 or userdefined lemmas typically are erroneous. Correct versions usually are only obtained after a number of corrections and failed proof attempts. Therefore, the question is not only how to produce powerful theorem provers but also how to integrate proving and error correction. Current research on this and related topics is discussed in Section 8. There are different approaches of combining interactive methods with automated ones. Their relation to our approach is the subject of Section 9. Finally, in Section 10 we draw conclusions. 2. IDENTIFYING ...
Programming a symbolic model checker in a fully expansive theorem prover
 Proceedings of the 16th International Conference on Theorem Proving in Higher Order Logics, volume 2758 of Lecture Notes in Computer Science
, 2003
"... Abstract. Model checking and theorem proving are two complementary approaches to formal verification. In this paper we show how binary decision diagram (BDD) based symbolic model checking algorithms may be embedded in a theorem prover to take advantage of the comparatively secure environment without ..."
Abstract

Cited by 16 (5 self)
 Add to MetaCart
Abstract. Model checking and theorem proving are two complementary approaches to formal verification. In this paper we show how binary decision diagram (BDD) based symbolic model checking algorithms may be embedded in a theorem prover to take advantage of the comparatively secure environment without incurring an unacceptable performance penalty. 1
Techniques For Efficient Formal Verification Using Binary Decision Diagrams
, 1995
"... The appeal of automatic formal verification is that it's automatic  minimal human labor and expertise should be needed to get useful results and counterexamples. BDD(binary decision diagram)based approaches have promised to allow automatic verification of complex, real systems. For large cl ..."
Abstract

Cited by 15 (0 self)
 Add to MetaCart
The appeal of automatic formal verification is that it's automatic  minimal human labor and expertise should be needed to get useful results and counterexamples. BDD(binary decision diagram)based approaches have promised to allow automatic verification of complex, real systems. For large classes of problems, however, (including many distributed protocols, multiprocessor systems, and network architectures) this promise has yet to be fulfilled. Indeed, the few successes have required extensive time and effort from sophisticated researchers in the field. Clearly, techniques are needed that are more sophisticated than the obvious direct implementation of theoretical results. This thesis addresses that need, emphasizing an application domain that has been particularly difficult for BDDbased methods  highlevel models of systems or distributed protocols  rather than gatelevel descriptions of circuits. Additionally, the emphasis is on providing useful debugging information for the...
Tracking Design Changes with Formal Verification
 International Workshop on Higher Order Logic Theorem Proving and its Applications, volume 859 of Lecture Notes in Computer Science
, 1994
"... . Designs are often modified for use in new circumstances. If formal proof is to be an acceptable verification methodology for industry, it must be capable of tracking design changes quickly. We describe our experiences formally verifying an implementation of an ATM network component, and on our sub ..."
Abstract

Cited by 4 (2 self)
 Add to MetaCart
. Designs are often modified for use in new circumstances. If formal proof is to be an acceptable verification methodology for industry, it must be capable of tracking design changes quickly. We describe our experiences formally verifying an implementation of an ATM network component, and on our subsequent verification of modified designs. Three of the designs verified are in use in a working network. They were designed and implemented with no consideration for formal methods. This case study gives an indication of the difficulties in formally verifying a real design and of subsequently tracking design changes. 1 Introduction Designs are often modified as requirements change. Such modifications often take a fraction of the original design time to complete. Even if a design can initially be validated in an acceptable time scale, formal verification is unlikely to be accepted if a similar amount of time is required to validate subsequent modified designs. It has been suggested that this...
Proof Search and Proof Check for Equational and Inductive Theorems
 Conference on Automated Deduction  CADE19
, 2003
"... Abstract. This paper presents ongoing researches on theoretical and practical issues of combining rewriting based automated theorem proving and userguided proof development, with the strong constraint of safe cooperation of both. In practice, we instantiate the theoretical study on the Coq proof a ..."
Abstract

Cited by 4 (0 self)
 Add to MetaCart
Abstract. This paper presents ongoing researches on theoretical and practical issues of combining rewriting based automated theorem proving and userguided proof development, with the strong constraint of safe cooperation of both. In practice, we instantiate the theoretical study on the Coq proof assistant and the ELAN rewriting based system, focusing first on equational and then on inductive proofs. Different concepts, especially rewriting calculus and deduction modulo, contribute to define and to relate proof search, proof representation and proof check.
Formalizing the translation of CTL into Lµ
 Supplementary Proceedings of the 16th International Conference on Theorem Proving in Higher Order Logics, number 187 in Technical Reports
, 2003
"... Abstract. The translation of the temporal logic CTL [2] into the modal µcalculus Lµ [10] is formalised in the HOL theorem prover [8]. 1 ..."
Abstract

Cited by 2 (1 self)
 Add to MetaCart
Abstract. The translation of the temporal logic CTL [2] into the modal µcalculus Lµ [10] is formalised in the HOL theorem prover [8]. 1
BDD Representation Judgements in HOL: A Performance Evaluation
"... Abstract. This paper describes some preliminary results in evaluating the performance of representation judgements in the Hol98 proof assistant (HOL) [10]. Representation judgements allow “LCFstyle ” fullyexpansive programming of BDDbased symbolic algorithms [6]. They are of the form ρt ↦ → b mean ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
Abstract. This paper describes some preliminary results in evaluating the performance of representation judgements in the Hol98 proof assistant (HOL) [10]. Representation judgements allow “LCFstyle ” fullyexpansive programming of BDDbased symbolic algorithms [6]. They are of the form ρt ↦ → b meaning “HOL term t is represented by BDD b with respect to variable order ρ ” and were introduced in [7] which also evaluated the performance of reachability calculations using this approach. We now extend the evaluation to include a model checker for the Computation Tree Logic (CTL) [1] and provide tentative evidence that the performance is within acceptable bounds. 1