Results 1  10
of
21
Metatheory and Reflection in Theorem Proving: A Survey and Critique
, 1995
"... One way to ensure correctness of the inference performed by computer theorem provers is to force all proofs to be done step by step in a simple, more or less traditional, deductive system. Using techniques pioneered in Edinburgh LCF, this can be made palatable. However, some believe such an appro ..."
Abstract

Cited by 53 (2 self)
 Add to MetaCart
One way to ensure correctness of the inference performed by computer theorem provers is to force all proofs to be done step by step in a simple, more or less traditional, deductive system. Using techniques pioneered in Edinburgh LCF, this can be made palatable. However, some believe such an approach will never be efficient enough for large, complex proofs. One alternative, commonly called reflection, is to analyze proofs using a second layer of logic, a metalogic, and so justify abbreviating or simplifying proofs, making the kinds of shortcuts humans often do or appealing to specialized decision algorithms. In this paper we contrast the fullyexpansive LCF approach with the use of reflection. We put forward arguments to suggest that the inadequacy of the LCF approach has not been adequately demonstrated, and neither has the practical utility of reflection (notwithstanding its undoubted intellectual interest). The LCF system with which we are most concerned is the HOL proof ...
Simplification  A general constraint propagation technique for propositional and modal tableaux
, 1998
"... . Tableau and sequent calculi are the basis for most popular interactive theorem provers for formal verification. Yet, when it comes to automatic proof search, tableaux are often slower than DavisPutnam, SAT procedures or other techniques. This is partly due to the absence of a bivalence principle ..."
Abstract

Cited by 24 (2 self)
 Add to MetaCart
. Tableau and sequent calculi are the basis for most popular interactive theorem provers for formal verification. Yet, when it comes to automatic proof search, tableaux are often slower than DavisPutnam, SAT procedures or other techniques. This is partly due to the absence of a bivalence principle (viz. the cutrule) but there is another source of inefficiency: the lack of constraint propagation mechanisms. This paper proposes an innovation in this direction: the rule of simplification, which plays for tableaux the role of subsumption for resolution and of unit for the DavisPutnam procedure. The simplicity and generality of simplification make possible its extension in a uniform way from propositional logic to a wide range of modal logics. This technique gives an unifying view of a number of tableauxlike calculi such as DPLL, KE, HARP, hypertableaux, BCP, KSAT. We show its practical impact with experimental results for random 3SAT and the industrial IFIP benchmarks for hardware ve...
Formalized mathematics
 TURKU CENTRE FOR COMPUTER SCIENCE
, 1996
"... It is generally accepted that in principle it’s possible to formalize completely almost all of presentday mathematics. The practicability of actually doing so is widely doubted, as is the value of the result. But in the computer age we believe that such formalization is possible and desirable. In c ..."
Abstract

Cited by 23 (0 self)
 Add to MetaCart
It is generally accepted that in principle it’s possible to formalize completely almost all of presentday mathematics. The practicability of actually doing so is widely doubted, as is the value of the result. But in the computer age we believe that such formalization is possible and desirable. In contrast to the QED Manifesto however, we do not offer polemics in support of such a project. We merely try to place the formalization of mathematics in its historical perspective, as well as looking at existing praxis and identifying what we regard as the most interesting issues, theoretical and practical.
Stalmarck's algorithm as a HOL derived rule
 Verlag LNCS 1125
, 1996
"... Abstract. St˚almarck’s algorithm is a patented technique for tautologychecking which has been used successfully for industrialscale problems. Here we describe the algorithm and explore its implementation as a HOL derived rule. 1 ..."
Abstract

Cited by 17 (0 self)
 Add to MetaCart
Abstract. St˚almarck’s algorithm is a patented technique for tautologychecking which has been used successfully for industrialscale problems. Here we describe the algorithm and explore its implementation as a HOL derived rule. 1
An abstract dynamic semantics for C
 Computer Laboratory, University of Cambridge
, 1997
"... This report is a presentation of a formal semantics for the C programming language. The semantics has been defined operationally in a structured semantics style and covers the bulk of the core of the language. ..."
Abstract

Cited by 15 (1 self)
 Add to MetaCart
This report is a presentation of a formal semantics for the C programming language. The semantics has been defined operationally in a structured semantics style and covers the bulk of the core of the language.
Reflecting BDDs in Coq
 IN ASIAN'2000
, 2000
"... We describe an implementation and a proof of correctness of binary decision diagrams (BDDs), completely formalized in Coq. This allows us to run BDDbased algorithms inside Coq and paves the way for a smooth integration of symbolic model checking in the Coq proof assistant by using reflection. I ..."
Abstract

Cited by 12 (2 self)
 Add to MetaCart
We describe an implementation and a proof of correctness of binary decision diagrams (BDDs), completely formalized in Coq. This allows us to run BDDbased algorithms inside Coq and paves the way for a smooth integration of symbolic model checking in the Coq proof assistant by using reflection. It also gives us, by Coq's extraction mechanism, certified BDD algorithms implemented in Caml. We also implement and prove correct a garbage collector for our implementation of BDDs inside Coq. Our experiments show that this approach works in practice, and is able to solve both relatively hard propositional problems and actual industrial hardware verification tasks.
Correctness Proof of a BDD Manager in the Context of Satisfiability Checking
 Department of Computer Sciences
, 2000
"... We present a compositional proof of correctness for a binary decision diagram (BDD) manager used in the context of a propositional satisfiability checker implemented using SingleThreaded Objects (stobjs) in ACL2. The use of stobjs affords the definition of an efficient BDD manager which ensures uniq ..."
Abstract

Cited by 8 (2 self)
 Add to MetaCart
We present a compositional proof of correctness for a binary decision diagram (BDD) manager used in the context of a propositional satisfiability checker implemented using SingleThreaded Objects (stobjs) in ACL2. The use of stobjs affords the definition of an efficient BDD manager which ensures unique construction, allows constanttime comparison, and caches previously computed results. The use of ACL2 means we can prove that the BDD manager implements the prescribed task of building a normalform representation of a boolean formula. We divide the proof requirements into (1) showing that a simpler set of BDD functions is correct, and (2) showing that the stobjbased BDD functions return values consistent with these simpler functions. We conclude the paper with a discussion of future extensions and refinements to the BDD manager presented.
On Extensibility of Proof Checkers
 in Dybjer, Nordstrom and Smith (eds), Types for Proofs and Programs: International Workshop TYPES'94, Bastad
, 1995
"... This paper is about mechanical checking of formal mathematics. Given some formal system, we want to construct derivations in that system, or check the correctness of putative derivations; our job is not to ascertain truth (that is the job of the designer of our formal system), but only proof. Howeve ..."
Abstract

Cited by 6 (2 self)
 Add to MetaCart
This paper is about mechanical checking of formal mathematics. Given some formal system, we want to construct derivations in that system, or check the correctness of putative derivations; our job is not to ascertain truth (that is the job of the designer of our formal system), but only proof. However, we are quite rigid about this: only a derivation in our given formal system will do; nothing else counts as evidence! Thus it is not a collection of judgements (provability), or a consequence relation [Avr91] (derivability) we are interested in, but the derivations themselves; the formal system used to present a logic is important. This viewpoint seems forced on us by our intention to actually do formal mathematics. There is still a question, however, revolving around whether we insist on objects that are immediately recognisable as proofs (direct proofs), or will accept some metanotations that only compute to proofs (indirect proofs). For example, we informally refer to previously proved results, lemmas and theorems, without actually inserting the texts of their proofs in our argument. Such an argument could be made into a direct proof by replacing all references to previous results by their direct proofs, so it might be accepted as a kind of indirect proof. In fact, even for very simple formal systems, such an indirect proof may compute to a very much bigger direct proof, and if we will only accept a fully expanded direct proof (in a mechanical proof checker for example), we will not be able to do much mathematics. It is well known that this notion of referring to previous results can be internalized in a logic as a cut rule, or Modus Ponens. In a logic containing a cut rule, proofs containing cuts are considered direct proofs, and can be directly accepted by a proof ch...
Experiments with Finite Tree Automata in Coq
, 2001
"... Tree automata are a fundamental tool in computer science. We report on experiments to integrate tree automata in Coq using shallow and deep reflection techniques. While shallow reflection seems more natural in this context, it turns out to give disappointing results. Deep reflection is more diffi ..."
Abstract

Cited by 4 (2 self)
 Add to MetaCart
Tree automata are a fundamental tool in computer science. We report on experiments to integrate tree automata in Coq using shallow and deep reflection techniques. While shallow reflection seems more natural in this context, it turns out to give disappointing results. Deep reflection is more difficult to apply, but is more promising.
Formal Verification of Concurrent Programs Based on Type Theory
, 1998
"... Interactive theorem proving provides a general approach to modeling and verification of both finitestate and infinitestate systems but requires significant human efforts to deal with many tedious proofs. On the other hand, modelchecking is limited to some application domain with small finitestate ..."
Abstract

Cited by 3 (0 self)
 Add to MetaCart
Interactive theorem proving provides a general approach to modeling and verification of both finitestate and infinitestate systems but requires significant human efforts to deal with many tedious proofs. On the other hand, modelchecking is limited to some application domain with small finitestate space. A natural thought for this problem is to integrate these two approaches. To keep the consistency of the integration and ensure the correctness of verification, we suggest to use type theory based theorem provers (e.g. Lego) as the platform for the integration and build a modelchecker to do parts of the verification automatically. We formalise a verification system of both CCS and an imperative language in the proof development system Lego which can be used to verify both finitestate and infinitestate problems. Then a modelchecker, LegoMC, is implemented to generate Lego proof terms for finitestate problems automatically. Therefore people can use Lego to verify a general problem ...