Results 1 
4 of
4
Towards the Generation of Efficient Code from Verified Programs
, 1984
"... An investigation was made of the characteristics of computer programming languages intended for the implementation of provably correct programs and of the characteristics of programs written in these languages. It was discovered that potential run time exceptions and the necessity of providing a rig ..."
Abstract

Cited by 6 (1 self)
 Add to MetaCart
An investigation was made of the characteristics of computer programming languages intended for the implementation of provably correct programs and of the characteristics of programs written in these languages. It was discovered that potential run time exceptions and the necessity of providing a rigorously correct implementation of exception handlers so dominate the potential control paths of programs written in verifiable languages that the usual code optimization techniques are ineffective. It was further discovered that the call intensive control structures of these programs, necessitated by verification constraints, also thwart optimization and lead to inefficient code. It is shown that theorems can be derived at potential exception sites which, if true, guarantee that the exception condition will never arise permitting removal of the exception path from the programâ€™s flow graph. These theorems are proved using the automatic theorem prover which is part of the program verification system. Is is also shown that many of the routine calls contained in verifiable programs may be reduced in expense by converting parameters to global variables or eliminated completely by expanding the called routines at their call sites. Both the exception suppression and call reduction techniques reduce the complexity of the programâ€™s call graph and facilitate conventional optimizations. Several examples are presented and the potential improvements in code size resulting from the application of these techniques are discussed.
Secure Mechanical Verification of Mutually Recursive Procedures
 Information and Computation
, 2003
"... . The verification of programs that contain mutually recursive procedures is a difficult task, and one which has not been satisfactorily addressed in the literature. Published proof rules have been later discovered to be unsound. Verification Condition Generator (VCG) tools have been effective in pa ..."
Abstract

Cited by 2 (0 self)
 Add to MetaCart
. The verification of programs that contain mutually recursive procedures is a difficult task, and one which has not been satisfactorily addressed in the literature. Published proof rules have been later discovered to be unsound. Verification Condition Generator (VCG) tools have been effective in partially automating the verification of programs, but in the past these VCG tools have in general not themselves been proven, so any proof using and depending on these VCGs might not be sound. In this paper we present a set of proof rules for proving the partial correctness of programs with mutually recursive procedures, together with a VCG that automates the use of the proof rules in program correctness proofs. The soundness of the proof rules and the VCG itself have been mechanically proven within the Higher Order Logic theorem prover, with respect to the underlying structural operational semantics of the programming language. This proof of soundness then forms the core of an implementation...
PROSPECTUS  Sound Foundations for Effective Proofs of Programs
"... When considering the correctness of programs, the only absolute demonstration of quality is mathematical proof. Yet the complexity of these proofs makes them all but impossible both to construct and read, and the correctness of the proofs themselves come into question. We take an approach to the ..."
Abstract
 Add to MetaCart
When considering the correctness of programs, the only absolute demonstration of quality is mathematical proof. Yet the complexity of these proofs makes them all but impossible both to construct and read, and the correctness of the proofs themselves come into question. We take an approach to the creation of these proofs based on specifying an axiomatic semantics for the programming language, and using that semantics to automatically create a Verification Condition Generator, a program that takes a general program written in the language and creates the proof of that program, modulo a set of verification conditions, to be proven by hand. This automates much of the detailed work of creating the proof. Yet even this VCG technique depends on the soundness of the axiomatic semantics, and in fact, many proposed axiomatic semantics have suffered from unsoundness. We take the difficult but secure approach of foundationally defining an operational semantics of the programming language...
4. Verification Condition Generators..................................................5
, 1993
"... When considering the correctness of programs, the only absolute demonstration of quality is mathematical proof. Yet the complexity of these proofs makes them all but impossible both to construct and read, and the correctness of the proofs themselves come into question. We take an approach to the cre ..."
Abstract
 Add to MetaCart
When considering the correctness of programs, the only absolute demonstration of quality is mathematical proof. Yet the complexity of these proofs makes them all but impossible both to construct and read, and the correctness of the proofs themselves come into question. We take an approach to the creation of these proofs based on specifying an axiomatic semantics for the programming language, and using that semantics to automatically create a Verification Condition Generator, a program that takes a general program written in the language and creates the proof of that program, modulo a set of verification conditions, to be proven by hand. This automates much of the detailed work of creating the proof. Yet even this VCG technique depends on the soundness of the axiomatic semantics, and in fact, many proposed axiomatic semantics have suffered from unsoundness. We take the difficult but secure approach of foundationally defining an operational semantics of the programming language, including concurrency, and then proving the axioms and rules of inference of the axiomatic semantics from the operational semantics as theorems. Once this is done, the correctness of the VCG function itself can be proven, so the proofs of concurrent programs as constructed by the VCG in a way that is known to be sound, modulo the truth of the