Results 1  10
of
18
Automating the Meta Theory of Deductive Systems
, 2000
"... not be interpreted as representing the o cial policies, either expressed or implied, of NSF or the U.S. Government. This thesis describes the design of a metalogical framework that supports the representation and veri cation of deductive systems, its implementation as an automated theorem prover, a ..."
Abstract

Cited by 88 (16 self)
 Add to MetaCart
(Show Context)
not be interpreted as representing the o cial policies, either expressed or implied, of NSF or the U.S. Government. This thesis describes the design of a metalogical framework that supports the representation and veri cation of deductive systems, its implementation as an automated theorem prover, and experimental results related to the areas of programming languages, type theory, and logics. Design: The metalogical framework extends the logical framework LF [HHP93] by a metalogic M + 2. This design is novel and unique since it allows higherorder encodings of deductive systems and induction principles to coexist. On the one hand, higherorder representation techniques lead to concise and direct encodings of programming languages and logic calculi. Inductive de nitions on the other hand allow the formalization of properties about deductive systems, such as the proof that an operational semantics preserves types or the proof that a logic is is a proof calculus whose proof terms are recursive functions that may be consistent.M +
Proofproducing Congruence Closure
 16th International Conference on Rewriting Techniques and Applications
, 2005
"... www.lsi.upc.es/{~roberto,~oliveras} Abstract. Many applications of congruence closure nowadays require the ability of recovering, among the thousands of input equations, the small subset that caused the equivalence of a given pair of terms. For this purpose, here we introduce an incremental congruen ..."
Abstract

Cited by 37 (2 self)
 Add to MetaCart
www.lsi.upc.es/{~roberto,~oliveras} Abstract. Many applications of congruence closure nowadays require the ability of recovering, among the thousands of input equations, the small subset that caused the equivalence of a given pair of terms. For this purpose, here we introduce an incremental congruence closure algorithm that has an additional Explain operation. First, two variations of unionfind data structures with Explain are introduced. Then, these are applied inside a congruence closure algorithm with Explain, whereakstep proof can be recovered in almost optimal time (quasilinear in k), without increasing the overall O(n log n)runtime of the fastest known congruence closure algorithms. This nontrivial (ground) equational reasoning result has been quite intensively sought after (see, e.g., [SD99, dMRS04, KS04]), and moreover has important applications to verification.
Fast Congruence Closure and Extensions
, 2006
"... Congruence closure algorithms for deduction in ground equational theories are ubiquitous in many (semi)decision procedures used for verification and automated deduction. In many of these applications one needs an incremental algorithm that is moreover capable of recovering, among the thousands of i ..."
Abstract

Cited by 26 (1 self)
 Add to MetaCart
Congruence closure algorithms for deduction in ground equational theories are ubiquitous in many (semi)decision procedures used for verification and automated deduction. In many of these applications one needs an incremental algorithm that is moreover capable of recovering, among the thousands of input equations, the small subset that explains the equivalence of a given pair of terms. In this paper we present an algorithm satisfying all these requirements. First, building on ideas from abstract congruence closure algorithms [Kapur (1997,RTA), Bachmair & Tiwari (2000,CADE)], we present a very simple and clean incremental congruence closure algorithm and show that it runs in the best known time O(n log n). After that, we introduce a proofproducing unionfind data structure that is then used for extending our congruence closure algorithm, without increasing the overall O(n log n) time, in order to produce a kstep explanation for a given equation in almost optimal time (quasilinear in k). Finally, we show that the previous algorithms can be smoothly extended, while still obtaining the same asymptotic time bounds, in order to support the interpreted functions symbols successor and predecessor, which have been shown to be very useful in applications such as microprocessor verification.
Translation Validation: From SIGNAL to C
 Proceedings of Conference on Correct System Design, E. R. Olderog and B. Steffen, (Eds.), LNCS 1710, SpringerVerlag
, 1999
"... . Translation validation is an alternative to the verification of translators (compilers, code generators). Rather than proving in advance that the compiler always produces a target code which correctly implements the source code (compiler verification), each individual translation (i.e. a run of th ..."
Abstract

Cited by 22 (1 self)
 Add to MetaCart
(Show Context)
. Translation validation is an alternative to the verification of translators (compilers, code generators). Rather than proving in advance that the compiler always produces a target code which correctly implements the source code (compiler verification), each individual translation (i.e. a run of the compiler) is followed by a validation phase which verifies that the target code produced on this run correctly implements the submitted source program. In order to be a practical alternative to compiler verification, a key feature of this validation is its full automation. Since the validation process attempts to "unravel" the transformation effected by the translators, its task becomes increasingly more difficult (and necessary) with the increase of sophistication and variety of the optimizations methods employed by the translator. In this paper we address the practicability of translation validation for highly optimizing, industrial code generators from Signal, a widely used synchronous...
Proof Generation in the Touchstone Theorem Prover
 In Proceedings of the International Conference on Automated Deduction
, 2000
"... . The ability of a theorem prover to generate explicit derivations for the theorems it proves has major benets for the testing and maintenance of the prover. It also eliminates the need to trust the correctness of the prover at the expense of trusting a much simpler proof checker. However, it is ..."
Abstract

Cited by 19 (0 self)
 Add to MetaCart
(Show Context)
. The ability of a theorem prover to generate explicit derivations for the theorems it proves has major benets for the testing and maintenance of the prover. It also eliminates the need to trust the correctness of the prover at the expense of trusting a much simpler proof checker. However, it is not always obvious how to generate explicit proofs in a theorem prover that uses decision procedures whose operation does not directly model the axiomatization of the underlying theories. In this paper we describe the modications that are necessary to support proof generation in a congruenceclosure decision procedure for equality and in a Simplexbased decision procedure for linear arithmetic. Both of these decision procedures have been integrated using a modied NelsonOppen cooperation mechanism in the Touchstone theorem prover, which we use to produce proofcarrying code. Our experience with designing and implementing Touchstone is that proof generation has a relatively low c...
Intensionality, Extensionality, and Proof Irrelevance in Modal Type Theory
 Pages 221–230 of: Symposium on Logic in Computer Science
, 2001
"... We develop a uniform type theory that integrates intensionality, extensionality, and proof irrelevance as judgmental concepts. Any object may be treated intensionally (subject only to #conversion), extensionally (subject also to ##conversion), or as irrelevant (equal to any other object at the sam ..."
Abstract

Cited by 6 (4 self)
 Add to MetaCart
(Show Context)
We develop a uniform type theory that integrates intensionality, extensionality, and proof irrelevance as judgmental concepts. Any object may be treated intensionally (subject only to #conversion), extensionally (subject also to ##conversion), or as irrelevant (equal to any other object at the same type), depending on where it occurs. Modal restrictions developed in prior work for simple types are generalized and employed to guarantee consistency between these views of objects. Potential applications are in logical frameworks, functional programming, and the foundations of firstorder modal logics.
Automated Techniques for Provably Safe Mobile Code
 THEOR. COMPUT. SCI
, 2000
"... We present a general framework for provably safe mobile code. It relies on a formal definition of a safety policy and explicit evidence for compliance with this policy which is attached to a binary. Concrete realizations of this framework are proofcarrying code (PCC), where the evidence for safety i ..."
Abstract

Cited by 5 (0 self)
 Add to MetaCart
We present a general framework for provably safe mobile code. It relies on a formal definition of a safety policy and explicit evidence for compliance with this policy which is attached to a binary. Concrete realizations of this framework are proofcarrying code (PCC), where the evidence for safety is a formal proof generated by a certifying compiler, and typed assembly language (TAL), where the evidence for safety is given via type annotations propagated throughout the compilation process in typed intermediate languages. Validity of the evidence is established via a small trusted type checker, either directly on the binary or indirectly on proof representations in a logical framework (LF).
Proof Optimization Using Lemma Extraction
, 2001
"... information presented here does not necessarily re ect the position or the policy of the Government and no oÆcial endorsement should be inferred. Logical proofs are playing an increasingly important role in the design of reliable software systems. In several applications, it is necessary to store, m ..."
Abstract

Cited by 4 (0 self)
 Add to MetaCart
(Show Context)
information presented here does not necessarily re ect the position or the policy of the Government and no oÆcial endorsement should be inferred. Logical proofs are playing an increasingly important role in the design of reliable software systems. In several applications, it is necessary to store, manipulate and transfer explicit representations of such proofs. It is desirable that the proofs be represented in a compact format, without incurring any loss of information and without performance penalties with respect to access and manipulation. This thesis describes methods for proof optimization in the context of ProofCarrying Code (PCC). Most of the proofs we encounter in program verication are proofs in rstorder logic. Furthermore, in many cases predicates contain portions whose proof is uniquely determined by the logic. A proof checker can be made to internally reconstruct the proof in such cases, thus freeing the proof producer from encoding explicit proofs for them. This simple optimization, which we call inversion optimization reduces the size of proofs by 37%. We also describe an orthogonal optimization, which we call lemma extraction,
UnionFind and Congruence Closure Algorithms that Produce Proofs
 2nd International Workshop on Pragmatics of Decision Procedures in Automated Reasoning
, 2004
"... Congruence closure algorithms are nowadays central in many modern applications in automated deduction and verification, where it is frequently required to recover the set of merge operations that caused the equivalence of a given pair of terms. For this purpose we study, from the algorithmic point o ..."
Abstract

Cited by 3 (0 self)
 Add to MetaCart
Congruence closure algorithms are nowadays central in many modern applications in automated deduction and verification, where it is frequently required to recover the set of merge operations that caused the equivalence of a given pair of terms. For this purpose we study, from the algorithmic point of view, the problem of extracting such small proofs.
Automated Techniques for Provably Safe Mobile Code
 IN PROCEEDINGS OF THE DARPA INFORMATION SURVIVABILITY CONFERENCE AND EXPOSITION
, 2000
"... We present a general framework for provably safe mobile code. It relies on a formal definition of a safety policy and explicit evidence for compliance with this policy that is attached to a binary. Concrete realizations of this framework are proofcarrying code (PCC), where the evidence for safety i ..."
Abstract

Cited by 2 (1 self)
 Add to MetaCart
We present a general framework for provably safe mobile code. It relies on a formal definition of a safety policy and explicit evidence for compliance with this policy that is attached to a binary. Concrete realizations of this framework are proofcarrying code (PCC), where the evidence for safety is a formal proof generated by a certifying compiler, and typed assembly language (TAL), where the evidence for safety is given via type annotations propagated throughout the compilation process in typed intermediate languages. Validity of the evidence is established via a small trusted type checker, either directly on the binary or indirectly on proof representations in a logical framework (LF).