Metatheory and Reflection in Theorem Proving: A Survey and Critique
, 1995
"One way to ensure correctness of the inference performed by computer theorem provers is to force all proofs to be done step by step in a simple, more or less traditional, deductive system. Using techniques pioneered in Edinburgh LCF, this can be made palatable. However, some believe such an appro ..."
Abstract

One way to ensure correctness of the inference performed by computer theorem provers is to force all proofs to be done step by step in a simple, more or less traditional, deductive system. Using techniques pioneered in Edinburgh LCF, this can be made palatable. However, some believe such an approach will never be efficient enough for large, complex proofs. One alternative, commonly called reflection, is to analyze proofs using a second layer of logic, a metalogic, and so justify abbreviating or simplifying proofs, making the kinds of shortcuts humans often do or appealing to specialized decision algorithms. In this paper we contrast the fullyexpansive LCF approach with the use of reflection. We put forward arguments to suggest that the inadequacy of the LCF approach has not been adequately demonstrated, and neither has the practical utility of reflection (notwithstanding its undoubted intellectual interest). The LCF system with which we are most concerned is the HOL proof ...
FloatingPoint Verification
"This project aims to demonstrate that it is practical, using existing theorem proving technology, to formally verify industrially significant floating point algorithms and their implementations. Models of such algorithms will be mechanically verified with the hol theorem proving system against prec ..."
Abstract
This project aims to demonstrate that it is practical, using existing theorem proving technology, to formally verify industrially significant floating point algorithms and their implementations. Models of such algorithms will be mechanically verified with the hol theorem proving system against precise specifications, often based on real numbers. Industry is sceptical about the value of formal verification. It is hoped that our studies will help convince manufacturers that the potential benefits far outweigh the costs. This could have a tremendous impact on the industrial uptake of `formal methods'. B Scientific/Technological Relevance In most circumstances, even intelligent testing and simulation can still leave considerable doubts as to the correctness of computer systems. This makes formal verification appealing. There are wellrehearsed arguments over the value of verification for safetycritical systems, such as flybywire aircraft, antilock braking systems in cars, radiothera...