Results 1 
8 of
8
Verification Condition Generation via Theorem Proving
 Proceedings of the 13th International Conference on Logic for Programming, Artificial Intelligence, and Reasoning (LPAR 2006), Vol. 4246 of LNCS
, 2006
"... Abstract. We present a method to convert (i) an operational semantics for a given machine language, and (ii) an offtheshelf theorem prover, into a high assurance verification condition generator (VCG). Given a program annotated with assertions at cutpoints, we show how to use the theorem prover di ..."
Abstract

Cited by 15 (4 self)
 Add to MetaCart
(Show Context)
Abstract. We present a method to convert (i) an operational semantics for a given machine language, and (ii) an offtheshelf theorem prover, into a high assurance verification condition generator (VCG). Given a program annotated with assertions at cutpoints, we show how to use the theorem prover directly on the operational semantics to generate verification conditions analogous to those produced by a custombuilt VCG. Thus no separate VCG is necessary, and the theorem prover can be employed both to generate and to discharge the verification conditions. The method handles both partial and total correctness. It is also compositional in that the correctness of a subroutine needs to be proved once, rather than at each call site. The method has been used to verify several machinelevel programs using the ACL2 theorem prover. 1
An ACL2 Tutorial
"... Abstract. We describe a tutorial that demonstrates the use of the ACL2 theorem prover. We have three goals: to enable a motivated reader to start on a path towards effective use of ACL2; to provide ideas for other interactive theorem prover projects; and to elicit feedback on how we might incorporat ..."
Abstract

Cited by 4 (0 self)
 Add to MetaCart
(Show Context)
Abstract. We describe a tutorial that demonstrates the use of the ACL2 theorem prover. We have three goals: to enable a motivated reader to start on a path towards effective use of ACL2; to provide ideas for other interactive theorem prover projects; and to elicit feedback on how we might incorporate features of other proof tools into ACL2. 1
Directly reflective metaprogramming
 HigherOrder and Symbolic Computation
, 2010
"... Existing metaprogramming languages operate on encodings of programs as data. This paper presents a new metaprogramming language, based on an untyped lambda calculus, in which structurally reflective programming is supported directly, without any encoding. The language features callbyvalue and ..."
Abstract

Cited by 4 (0 self)
 Add to MetaCart
(Show Context)
Existing metaprogramming languages operate on encodings of programs as data. This paper presents a new metaprogramming language, based on an untyped lambda calculus, in which structurally reflective programming is supported directly, without any encoding. The language features callbyvalue and callbyname lambda abstractions, as well as novel reflective features enabling the intensional manipulation of arbitrary program terms. The language is scope safe, in the sense that variables can neither be captured nor escape their scopes. The expressiveness of the language is demonstrated by showing how to implement quotation and evaluation operations, as proposed by Wand. The language’s utility for metaprogramming is further demonstrated through additional representative examples. A prototype implementation is described and evaluated.
Categories and Subject Descriptors
"... We describe how we guide ACL2 to follow a divideandconquer strategy for proving inequalities of the type P (⃗e)  ≤ C. P (⃗e) is a polynomial in variables ⃗e and C is a constant. Our approach involves (1) writing an ACL2 program to estimate the upperbound of such polynomials and (2) using the bin ..."
Abstract
 Add to MetaCart
We describe how we guide ACL2 to follow a divideandconquer strategy for proving inequalities of the type P (⃗e)  ≤ C. P (⃗e) is a polynomial in variables ⃗e and C is a constant. Our approach involves (1) writing an ACL2 program to estimate the upperbound of such polynomials and (2) using the bindfree mechanism to integrate the upperbound estimation program to guide rewriting. We think it is interesting to showcase how we extract the relevant information from the hypothesis and how such information is used to influence rewriting. Techniques like ours can be useful to ACL2 users who want to better control rewriting when their problems share specific characteristics with our P (⃗e)  ≤ C type problem.
The second author was partially supported by
, 2015
"... The reflective Milawa theorem prover is sound ..."
(Show Context)
Integrating External Deduction Tools with
"... We present an interface connecting the ACL2 theorem prover with external deduction tools. The ACL2 logic contains several mechanisms for proof structuring, which are important to the construction of industrialscale proofs. The complexity induced by these mechanisms makes the design of the interface ..."
Abstract
 Add to MetaCart
(Show Context)
We present an interface connecting the ACL2 theorem prover with external deduction tools. The ACL2 logic contains several mechanisms for proof structuring, which are important to the construction of industrialscale proofs. The complexity induced by these mechanisms makes the design of the interface challenging. We discuss some of the challenges, and develop a precise specification of the requirements on the external tools for a sound connection with ACL2. We also develop constructs within ACL2 to enable the developers of external tools to satisfy our specifications. The interface is available with the ACL2 theorem prover starting from Version 3.2, and we describe several applications of the interface. Key words: automated reasoning, decision procedures, firstorder logic, interfaces, theorem proving Preprint submitted to Elsevier 1
SecondOrder Programs with Preconditions
"... The original publication is available at www.springerlink.com. Abstract. In the implementation of procedures, developers often assume that the input satisfies certain properties; for example, binary search assumes the array to be sorted. Such requirements on the input can be formally expressed as p ..."
Abstract
 Add to MetaCart
(Show Context)
The original publication is available at www.springerlink.com. Abstract. In the implementation of procedures, developers often assume that the input satisfies certain properties; for example, binary search assumes the array to be sorted. Such requirements on the input can be formally expressed as preconditions of procedures. If a secondorder procedure p (e.g., map or foldl) is called with a firstorder procedure f that has a precondition, the question arises whether p will call f only with arguments that satisfy the precondition of f. In this paper, we propose a method to statically analyze if all procedure calls in a given secondorder program satisfy the respective preconditions. In particular, we consider indirect calls of procedures that are passed as an argument to a secondorder procedure. 1