Results 1 
5 of
5
ACL2: An Industrial Strength Version of Nqthm
, 1996
"... ACL2 is a reimplemented extended version of Boyer and Moore's Nqthm and Kaufmann's PcNqthm, intended for large scale verification projects. However, the logic supported by ACL2 is compatible with the applicative subset of Common Lisp. The decision to use an "industrial strength" ..."
Abstract

Cited by 65 (7 self)
 Add to MetaCart
ACL2 is a reimplemented extended version of Boyer and Moore's Nqthm and Kaufmann's PcNqthm, intended for large scale verification projects. However, the logic supported by ACL2 is compatible with the applicative subset of Common Lisp. The decision to use an "industrial strength" programming language as the foundation of the mathematical logic is crucial to our advocacy of ACL2 in the application of formal methods to large systems. However, one of the key reasons Nqthm has been so successful, we believe, is its insistence that functions be total. Common Lisp functions are not total and this is one of the reasons Common Lisp is so efficient. This paper explains how we scaled up Nqthm's logic to Common Lisp, preserving the use of total functions within the logic but achieving Common Lisp execution speeds. 1 History ACL2 is a direct descendent of the BoyerMoore system, Nqthm [8, 12], and its interactive enhancement, PcNqthm [21, 22, 23]. See [7, 25] for introductions to the two ancestr...
Design Goals for ACL2
, 1994
"... ACL2 is a theorem proving system under development at Computational Logic, Inc., by the authors of the BoyerMoore system, Nqthm, and its interactive enhancement, PcNqthm, based on our perceptions of some of the inadequacies of Nqthm when used in largescale verification projects. Foremost among th ..."
Abstract

Cited by 37 (5 self)
 Add to MetaCart
(Show Context)
ACL2 is a theorem proving system under development at Computational Logic, Inc., by the authors of the BoyerMoore system, Nqthm, and its interactive enhancement, PcNqthm, based on our perceptions of some of the inadequacies of Nqthm when used in largescale verification projects. Foremost among those inadequacies is the fact that Nqthm's logic is an inefficient programming language. We now recognize that the efficiency of the logic as a programming language is of great importance because the models of microprocessors, operating systems, and languages typically constructed in verification projects must be executed to corroborate them against the realities they model. Simulation of such large scale systems stresses the logic in ways not imagined when Nqthm was designed. In addition, Nqthm does not adequately support certain proof techniques, nor does it encourage the reuse of previously developed libraries or the collaboration of semiautonomous workers on different parts of a verifica...
An Instructive Example for Beginning Users of the BoyerMoore Theorem Prover
 Internal Note 185, Computational Logic, Inc
, 1990
"... ..."
(Show Context)
NASA Contractor Report 182099 Machine Checked Proofs of the Design and Implementation of a FaultTolerant Circuit
, 1990
"... We describe a formally verified implementation of the ‘‘Oral Messages’ ’ algorithm of Pease, Shostak, and Lamport [7, 8]. An abstract implementation of the algorithm is verified to achieve interactive consistency in the presence of faults. This abstract characterization is then mapped down to a hard ..."
Abstract
 Add to MetaCart
(Show Context)
We describe a formally verified implementation of the ‘‘Oral Messages’ ’ algorithm of Pease, Shostak, and Lamport [7, 8]. An abstract implementation of the algorithm is verified to achieve interactive consistency in the presence of faults. This abstract characterization is then mapped down to a hardware level implementation which inherits the faulttolerant characteristics of the abstract version. All steps in the proof were checked with the BoyerMoore theorem prover. A significant result of this work is the demonstration of a faulttolerant device that is formally specified and whose implementation is proved correct with respect to this specification. A significant simplifying assumption is that the redundant processors behave synchronously. We also describe a mechanically checked proof that the Oral Messages algorithm is ‘‘optimal’ ’ in the sense that no algorithm which achieves agreement via similar message passing can tolerate a larger proportion of faulty processors. Key words. Fault tolerance, mechanical theorem proving, program verification, specification. iii
Quantification in Nqthm: a Recognizer and Some Constructive Implementations
, 1992
"... N0001491C0130. The views and conclusions contained in this document are those of the author(s) and should not be interpreted as representing the official policies, either expressed or implied, of Computational Logic, Inc., the Office of Naval Research or the U.S. Government. ABSTRACT: We present ..."
Abstract
 Add to MetaCart
(Show Context)
N0001491C0130. The views and conclusions contained in this document are those of the author(s) and should not be interpreted as representing the official policies, either expressed or implied, of Computational Logic, Inc., the Office of Naval Research or the U.S. Government. ABSTRACT: We present an implementation of a recognizer for quantified notions in the BoyerMoore Theorem Prover, Nqthm. That is, we provide a method for checking that a given function does indeed represent a quantified notion. We also present methods for generating constructivelypresented functions that represent quantified notions, including definitions using only bounded quantifiers. 1.