Results 1 
3 of
3
LightWeight Theorem Proving for Debugging and Verifying Units of Code
, 2003
"... Software bugs are very difficult to detect even in small units of code. Several techniques to debug or prove correct such units are based on the generation of a set of formulae whose unsatisfiability reveals the presence of an error. These techniques assume the availability of a theorem prover capab ..."
Abstract

Cited by 47 (25 self)
 Add to MetaCart
Software bugs are very difficult to detect even in small units of code. Several techniques to debug or prove correct such units are based on the generation of a set of formulae whose unsatisfiability reveals the presence of an error. These techniques assume the availability of a theorem prover capable of automatically discharging the resulting proof obligations. Building such a tool is a difficult, long, and errorprone activity. In this paper, we describe techniques to build provers which are highly automatic and flexible by combining stateoftheart superposition theorem provers and BDDs. We report experimental results on formulae extracted from the debugging of C functions manipulating pointers showing that an implementation of our techniques can discharge proof obligations which cannot be handled by Simplify (the theorem prover used in the ESC/Java tool) and performs much better on others. 1.
Algebraic Theories for NamePassing Calculi
, 1996
"... In a theory of processes the names are atomic data items which can be exchanged and tested for identity. A wellknown example of a calculus for namepassing is the πcalculus, where names additionally are used as communication ports. We provide complete axiomatisations of late and early bisimulation ..."
Abstract

Cited by 41 (10 self)
 Add to MetaCart
In a theory of processes the names are atomic data items which can be exchanged and tested for identity. A wellknown example of a calculus for namepassing is the πcalculus, where names additionally are used as communication ports. We provide complete axiomatisations of late and early bisimulation equivalences in such calculi. Since neither of the equivalences is a congruence we also axiomatise the corresponding largest congruences. We consider a few variations of the signature of the language; among these, a calculus of deterministic processes which is reminiscent of sequential functional programs with a conditional construct. Most of our axioms are shown to be independent. The axiom systems differ only by a few simple axioms and reveal the similarities and the symmetries of the calculi and the equivalences.
The Nimble Type Inferencer for Common Lisp84
 Tech. Rept., Nimble Comp
, 1990
"... data types model the semantic intent of the programmer with respect to individual variable values, so that global properties of these individual values (e.g., evenness or primeness of an integer value) are maintained. The assert construct allows for the specification of complex relationships among s ..."
Abstract
 Add to MetaCart
data types model the semantic intent of the programmer with respect to individual variable values, so that global properties of these individual values (e.g., evenness or primeness of an integer value) are maintained. The assert construct allows for the specification of complex relationships among several variables. However, since we are interested in improving runtime efficiency, we will assume that the program is already semantically correct, and will therefore concern ourselves only with the determination of tight lattice bounds on the values of variables. Performing type inference requires proving many small theorems about programs, and therefore runs the risk of being confused with the more difficult task of theoremproving for the purpose of proving programs correct relative to some external criteria. While some of the techniques may be similar to both tasks, the goals are completely different. For example, it is considered acceptable and routine for correctness provers to inte...