Results 1  10
of
17
Definitional interpreters for higherorder programming languages
 Reprinted from the proceedings of the 25th ACM National Conference
, 1972
"... Abstract. Higherorder programming languages (i.e., languages in which procedures or labels can occur as values) are usually defined by interpreters that are themselves written in a programming language based on the lambda calculus (i.e., an applicative language such as pure LISP). Examples include ..."
Abstract

Cited by 300 (2 self)
 Add to MetaCart
Abstract. Higherorder programming languages (i.e., languages in which procedures or labels can occur as values) are usually defined by interpreters that are themselves written in a programming language based on the lambda calculus (i.e., an applicative language such as pure LISP). Examples include McCarthy’s definition of LISP, Landin’s SECD machine, the Vienna definition of PL/I, Reynolds ’ definitions of GEDANKEN, and recent unpublished work by L. Morris and C. Wadsworth. Such definitions can be classified according to whether the interpreter contains higherorder functions, and whether the order of application (i.e., call by value versus call by name) in the defined language depends upon the order of application in the defining language. As an example, we consider the definition of a simple applicative programming language by means of an interpreter written in a similar language. Definitions in each of the above classifications are derived from one another by informal but constructive methods. The treatment of imperative features such as jumps and assignment is also discussed.
Application of theorem proving to problem solving
, 1969
"... This paper shows how an extension of the resolution proof procedure can be used to construct problem solutions. The extended proof procedure can solve problems involving state transformations. The paper explores several alternate problem representations and provides a discussion of solutions to samp ..."
Abstract

Cited by 223 (1 self)
 Add to MetaCart
This paper shows how an extension of the resolution proof procedure can be used to construct problem solutions. The extended proof procedure can solve problems involving state transformations. The paper explores several alternate problem representations and provides a discussion of solutions to sample problems including the &quot;Monkey and Bananas &quot; puzzle and the 'Tower of Hanoi &quot; puzzle. The paper exhibits solutions to these problems obtained by QA3, a computer program bused on these theoremproving methods. In addition, the paper shows how QA3 can write simple computer programs and can solve practical problems for a simple robot. Key Words: Theorem proving, resolution, problem solving, automatic programming, program writing, robots, state transformations, question answering. Automatic theorem proving by the resolution proof procedure § represents perhaps the most powerful known method for automatically determining the validity of a statement of firstorder logic. In an earlier paper Green and Raphael&quot; illustrated how an extended resolution procedure can be used as a question answerer—e.g., if the statement (3x)P(x) can be shown to follow from a set of axioms by the resolution proof procedure, then the extended proof procedure will find or construct an x that satisfies P(x). This earlier paper (1) showed how one can axiomatize simple questionanswering subjects, (2) described a questionanswering program called QA2 based on this procedure, and (3) presented examples of simple questionanswering dialogues with QA2. In a more recent paper &quot; the author (1) presents the answer construction method in detail and proves its correctness, (2) describes the latest version of the program, QA3, and (3) introduces statetransformation methods into the constructive proof formalism. In addition to the questionanswering applications illustrated in these earlier papers, QA3 has been used as an SRI robot 4 problem solver and as an automatic
The Applications of Theorem Proving to QuestionAnswering Systems
, 1969
"... This paper shows how a questionanswering system can use firstorder logic as its language and an automatic theorem prover, based upon the resolution inference principle, as its deductive mechanism. The resolution proof procedure is extended to a constructive proof procedure. An answer construction ..."
Abstract

Cited by 26 (0 self)
 Add to MetaCart
This paper shows how a questionanswering system can use firstorder logic as its language and an automatic theorem prover, based upon the resolution inference principle, as its deductive mechanism. The resolution proof procedure is extended to a constructive proof procedure. An answer construction algorithm is given whereby the system is able not only to produce yes or no answers but also to find or construct an object satisfying a specified condition. A working computer program, QA3, based on these ideas, is described. The performance of the program, illustrated by extended examples, compares favorably with several other questionanswering programs. Methods are presented for solving state transformation problems. In addition to questionanswering, the program can do automatic programming
Verification Condition Generation via Theorem Proving
 Proceedings of the 13th International Conference on Logic for Programming, Artificial Intelligence, and Reasoning (LPAR 2006), Vol. 4246 of LNCS
, 2006
"... Abstract. We present a method to convert (i) an operational semantics for a given machine language, and (ii) an offtheshelf theorem prover, into a high assurance verification condition generator (VCG). Given a program annotated with assertions at cutpoints, we show how to use the theorem prover di ..."
Abstract

Cited by 13 (3 self)
 Add to MetaCart
Abstract. We present a method to convert (i) an operational semantics for a given machine language, and (ii) an offtheshelf theorem prover, into a high assurance verification condition generator (VCG). Given a program annotated with assertions at cutpoints, we show how to use the theorem prover directly on the operational semantics to generate verification conditions analogous to those produced by a custombuilt VCG. Thus no separate VCG is necessary, and the theorem prover can be employed both to generate and to discharge the verification conditions. The method handles both partial and total correctness. It is also compositional in that the correctness of a subroutine needs to be proved once, rather than at each call site. The method has been used to verify several machinelevel programs using the ACL2 theorem prover. 1
Verifying the Correctness of Compiler Transformations on Basic Blocks using Abstract Interpretation
 In Symposium on Partial Evaluation and SemanticsBased Program Manipulation (PEPM'91
, 1991
"... Interpretation Timothy S. McNerney Thinking Machines Corporation 245 First Street Cambridge, MA 02142 TimMcN@Think.COM Abstract We seek to develop thorough and reliable methods for testing compiler transformations by systematically generating a set of test cases, and then for each case, autom ..."
Abstract

Cited by 9 (0 self)
 Add to MetaCart
Interpretation Timothy S. McNerney Thinking Machines Corporation 245 First Street Cambridge, MA 02142 TimMcN@Think.COM Abstract We seek to develop thorough and reliable methods for testing compiler transformations by systematically generating a set of test cases, and then for each case, automatically proving that the transformation preserves correctness. We have implemented a specialized program equivalence prover for the domain of assembly language programs emitted by the Connection Machine Fortran compiler and targeted for the CM2 massively parallel SIMD computer. Using abstract interpretation, the prover removes details such as register and stack usage, as well as explicit evaluation order within functional blocks, thereby reducing the problem to a trivial tree comparison. By performing limited loop unrolling, the prover also verifies that the compiler transformation preserves the inductive properties of simple loops. We have used this prover to successfully validate the re...
Structured Inspections of Code
 Software Testing, Verification, and Reliability
, 1993
"... Cleanroom programming and code inspections independently provide evidence that it is more efficient to postpone the testing of code to a later stage than is usually done. This paper argues that an additional gain in quality and efficiency of development can be obtained by structuring inspections ..."
Abstract

Cited by 7 (0 self)
 Add to MetaCart
Cleanroom programming and code inspections independently provide evidence that it is more efficient to postpone the testing of code to a later stage than is usually done. This paper argues that an additional gain in quality and efficiency of development can be obtained by structuring inspections by means of an inspection protocol. The written part of such a protocol is prepared by the programmer before the inspection. It is modelled on Floyd's method for the verification of flowcharts. However, the protocol differs from Floyd's method in being applicable in practice. Structured inspections gain this advantage by not attempting to be a proof ; they are no more than an articulation of existing forms of inspection. With the usual method of structured programming it may be difficult to prepare the inspection protocol. On the other hand, AssertionDriven Programming (of which an example is included in this paper) not only facilitates protocol preparation, but also the coding its...
A mechanical analysis of program verification strategies
 Journal of Automated Reasoning
, 2008
"... Abstract. We analyze three proof strategies commonly used in deductive verification of deterministic sequential programs formalized with operational semantics. The strategies are: (i) stepwise invariants, (ii) clock functions, and (iii) inductive assertions. We show how to formalize the strategies i ..."
Abstract

Cited by 2 (1 self)
 Add to MetaCart
Abstract. We analyze three proof strategies commonly used in deductive verification of deterministic sequential programs formalized with operational semantics. The strategies are: (i) stepwise invariants, (ii) clock functions, and (iii) inductive assertions. We show how to formalize the strategies in the logic of the ACL2 theorem prover. Based on our formalization, we prove that each strategy is both sound and complete. The completeness result implies that given any proof of correctness of a sequential program one can derive a proof in each of the above strategies. The soundness and completeness theorems have been mechanically checked with ACL2.
PROVING THE CORRECTNESS OF REGULA DETERMINISTIC PROGRAMS: A UNIFYING S USING DYNAMIC LOGIC
, 1980
"... The simple set WL of deterministic while programs is defined iand a number of known methods for proving the correctness of these programs are surveyed. Emphasis is placed on the tradeoff existing between datadirected and syntaxdirected methods, and on providing, especially for the latter, a unifo ..."
Abstract
 Add to MetaCart
The simple set WL of deterministic while programs is defined iand a number of known methods for proving the correctness of these programs are surveyed. Emphasis is placed on the tradeoff existing between datadirected and syntaxdirected methods, and on providing, especially for the latter, a uniform description enabling comparison and assessment. Among the works considered are the Floyd/Hoare invariant assertion method for partial correctness, Floyd’s wellfounded sets method for termination, Dijkstra’s notion of weakest precondition, the Burstall/Manna and Waldinger intermittent assertion method and more. Also, a brief comparison is carried out between three logics of programs: dynamic logic, algorithmic logic and programming logic.
A DataParallel Algorithm For MinimumWidth Tree Layout And Its Proofs
, 1995
"... The treelayout problem is to compute the coordinates of nodes of a tree so that the tree, when drawn on a piece of paper, appeals to human understanding. The treelayout problem, which seems inherently sequential at the first glance, can be solved by a dataparallel algorithm. It takes O (height * ..."
Abstract
 Add to MetaCart
The treelayout problem is to compute the coordinates of nodes of a tree so that the tree, when drawn on a piece of paper, appeals to human understanding. The treelayout problem, which seems inherently sequential at the first glance, can be solved by a dataparallel algorithm. It takes O (height * log width ) time on width pro ############################# This work was supported in part by National Science Council, Taiwan, R.O.C. under grants NSC 842213E009043 and NSC 852213E009051. cessors when proper communication links between processors are available, where height and width are the height and width of the tree, respectively. The layout calculated by the algorithm has the minimum width. After studying the proofs of correctness and the minimumwidth property of the layout algorithm, we propose some guidelines concerning the formulation and the proof of dataparallel algorithms in general. KeyWords: Algorithms, Parallel Programming correctness proof, dataparallel algor...
MetaLevel Knowledge: . . .
, 1977
"... We define the concept of metalevel Knowledge, and illustrate it by briefly reviewing four examples that have been described in detail elsewhere [25). The examples include applications of the idea to tasks such as transfer of expertise from a domain expert to a program, and the maintenance and use ..."
Abstract
 Add to MetaCart
We define the concept of metalevel Knowledge, and illustrate it by briefly reviewing four examples that have been described in detail elsewhere [25). The examples include applications of the idea to tasks such as transfer of expertise from a domain expert to a program, and the maintenance and use of large Knowledge bases. We explore common themes that arise from these examples, and examine broader implications of the idea, in particular its impact on the design and construction of large programs. This work