The -calculus is considered an useful mathematical tool in the study of programming languages, since programs can be identified with -terms. However, if one goes further and uses fij-conversion to prove equivalence of programs, then a gross simplification 1 is introduced, that may jeopardise the applicability of theoretical results to real situations. In this paper we introduce a new calculus based on a categorical semantics for computations. This calculus provides a correct basis for proving equivalence of programs, independent from any specific computational model. 1 Introduction This paper is about logics for reasoning about programs, in particular for proving equivalence of programs. Following a consolidated tradition in theoretical computer science we identify programs with the closed -terms, possibly containing extra constants, corresponding to some features of the programming language under consideration. There are three approaches to proving equivalence of programs: ffl T...

This paper introduces the theory of a particular kind of computation domains called concrete domains. The purpose of this theory is to find a satisfactory framework for the notions of coroutine computation and sequentiality of evaluation. Diagrams are emphasized because I believe that an important part of learning lattice theory is the acquisition of skill in drawing diagrams. George Gratzer 1 Domains of computation In general, we follow Scott's approach [Sco70]. To every syntactic object one associates a semantic object which is found in an appropriate semantic domain. For technical details, we follow [Mil73] and [Plo78] rather than Scott. Definition 1.1 A partial order is a pair ! D; ? where D is a non-empty set and is a binary relation satisfying: i) 8x 2 D x x (reflexivity) ii) 8x; y 2 D x y; y x ) x = y (antisymmetry) iii) 8x; y; z 2 D x y; y z ) x z (transitivity) One writes x ! y when x y and x 6= y. Two elements x and y are comparable when either x y or y x. W...

This paper describes a the integration of computer algebra systems and constraint solvers into proof planners. It shows how efficient external reasoners can be employed in proof planning and how the shortcuts of the external reasoners can be expanded to verifiable natural deduction proofs in the proof planning framework. It illustrates the integration and cooperation of the external reasoners with an example from proof planning limit theorems.

: When observing termination of closed terms at all types in Plotkin's interpreter for PCF [11], the standard cpo model A V is not adequate. We define a new model, A Y , with lifted functional types and prove its adequacy for this notion of observation. We prove that with the addition of a parallel conditional and a convergence testing operator to the language, the model becomes fully abstract; with the addition of an existential-like operator, the language becomes universal. Using the model as a guide, we develop a sound logic for the language. 1 Introduction The denotational semantics most appropriate for a programming language depends crucially upon the observations one makes about computations. In general, an observation is some important behavior of the interpreter [8]. For example, in the arithmetic, higher-order programming language PCF [11, 13], one usually chooses to observe the results of arithmetic expressions---that a term of integer type reduces to a numeral. One may also...

Interactive formal proof and automated verification based on decision graphs are two contrasting formal hardware verification techniques. In this paper, we compare these two approaches. In particular, we consider HOL and MDG. The former is an interactive theorem-proving system based on higher-order logic, while the latter is an automatic system based on Multiway Decision Graphs. As the basis for our comparison we have used both systems to independently verify a fabricated ATM communications chip, the Fairisle 4 by 4 switch fabric.

MDG Model Checking and submitted in partial fulfilment of the requirements for the degree of Master of Applied Science complies with the regulations of this University and meets the accepted standards with respect to originality and quality. Signed by the final examining committee: Dr. M. Reza Soleymani Dr. Otmane Ait Mohamed Dr. Patrice Chalin Dr. Sofi`ene Tahar Approved by Chair of the ECE Department

There exist a wide range of hardware verification tools, some based on interactive theorem proving and other more automated tools based on decision diagrams. In this paper, we compare three different verification systems covering the spectrum of today's verification technology. In particular, we consider HOL, MDG and VIS. HOL is an interactive theorem proving system based on higher-order logic. VIS is an automatic system based on ROBDDs and integrating verification with simulation and synthesis. The MDG system is an intermediate approach based on Multiway Decision Graphs providing automation while accommodating abstract data sorts, uninterpreted functions and rewriting. As the basis for our comparison we used all three systems to independently model and verify a fabricated ATM communications chip: the Fairisle 4 4 switch fabric.

Introduction CL (Clausal Language) is an extremely simple, yet powerful, programming and specification language which is coupled with its own proof system. CL has a precise characterization of both its definable functions and provable properties. The former are exactly the unary primitive recursive functions and the latter correspond exactly to the \Pi 2 -theorems of I \Sigma 1 -arithmetic which is a rather simple fragment of the well-known Peano arithmetic (see [9]). The fact that the functions of CL are over natural numbers and that their properties are proved in Peano arithmetic is extremely important for its intended application in teaching at the introductory levels of undegraduate studies. We use CL in three courses: Declarative programming, Program verification, and Specification of programs and data. Our experience (and the marks we get from students in teacher evaluations)

We present techniques for automating many of the tedious aspects of hardware verification in a higher order logic theorem proving environment. We employ two complementary approaches. The first involves intelligent tactics which incorporate many of the smaller steps currently applied by the user. The second uses hardware combinators to partially automate inductive proofs for iterated hardware structures. We envision a system that captures most of this reasoning in one tactic, SuperDuperHWTac. Ideally, users would use this tactic on a goal for proving that a hardware component meets its specification, and get back a proof documented at a level they would have written by hand. This paper presents preliminary work toward SuperDuperHWTac in both the HOL and Nuprl proof development systems. 1 Introduction Higher order logic makes specifying hardware designs natural. Unfortunately, it also makes verification tedious. If verification engineers adopt a specific style for doing hardwa...

We propose an approach to the problem of proof control for our new first-order inductive theorem prover QuodLibet that is characterized by a great deal of flexibility w.r.t. the forms of proof control the prover supports. The approach is based on so-called (proof) tactics, i.e. proof control routines written in a special proof control language named QML. QuodLibet provides a set of tactics (in addition to the elementary inference rules), which range from tactics for trivial simplification steps to tactics representing comprehensive inductive proof strategies. Moreover, QuodLibet allows new tactics that are written by the user in QML to be integrated into the system to dynamically extend its functionality.