Results 1  10
of
25
Metatheory and Reflection in Theorem Proving: A Survey and Critique
, 1995
"... One way to ensure correctness of the inference performed by computer theorem provers is to force all proofs to be done step by step in a simple, more or less traditional, deductive system. Using techniques pioneered in Edinburgh LCF, this can be made palatable. However, some believe such an appro ..."
Abstract

Cited by 57 (2 self)
 Add to MetaCart
One way to ensure correctness of the inference performed by computer theorem provers is to force all proofs to be done step by step in a simple, more or less traditional, deductive system. Using techniques pioneered in Edinburgh LCF, this can be made palatable. However, some believe such an approach will never be efficient enough for large, complex proofs. One alternative, commonly called reflection, is to analyze proofs using a second layer of logic, a metalogic, and so justify abbreviating or simplifying proofs, making the kinds of shortcuts humans often do or appealing to specialized decision algorithms. In this paper we contrast the fullyexpansive LCF approach with the use of reflection. We put forward arguments to suggest that the inadequacy of the LCF approach has not been adequately demonstrated, and neither has the practical utility of reflection (notwithstanding its undoubted intellectual interest). The LCF system with which we are most concerned is the HOL proof ...
Formalized mathematics
 TURKU CENTRE FOR COMPUTER SCIENCE
, 1996
"... It is generally accepted that in principle it’s possible to formalize completely almost all of presentday mathematics. The practicability of actually doing so is widely doubted, as is the value of the result. But in the computer age we believe that such formalization is possible and desirable. In c ..."
Abstract

Cited by 24 (0 self)
 Add to MetaCart
It is generally accepted that in principle it’s possible to formalize completely almost all of presentday mathematics. The practicability of actually doing so is widely doubted, as is the value of the result. But in the computer age we believe that such formalization is possible and desirable. In contrast to the QED Manifesto however, we do not offer polemics in support of such a project. We merely try to place the formalization of mathematics in its historical perspective, as well as looking at existing praxis and identifying what we regard as the most interesting issues, theoretical and practical.
Simplification  A general constraint propagation technique for propositional and modal tableaux
, 1998
"... . Tableau and sequent calculi are the basis for most popular interactive theorem provers for formal verification. Yet, when it comes to automatic proof search, tableaux are often slower than DavisPutnam, SAT procedures or other techniques. This is partly due to the absence of a bivalence principle ..."
Abstract

Cited by 24 (2 self)
 Add to MetaCart
. Tableau and sequent calculi are the basis for most popular interactive theorem provers for formal verification. Yet, when it comes to automatic proof search, tableaux are often slower than DavisPutnam, SAT procedures or other techniques. This is partly due to the absence of a bivalence principle (viz. the cutrule) but there is another source of inefficiency: the lack of constraint propagation mechanisms. This paper proposes an innovation in this direction: the rule of simplification, which plays for tableaux the role of subsumption for resolution and of unit for the DavisPutnam procedure. The simplicity and generality of simplification make possible its extension in a uniform way from propositional logic to a wide range of modal logics. This technique gives an unifying view of a number of tableauxlike calculi such as DPLL, KE, HARP, hypertableaux, BCP, KSAT. We show its practical impact with experimental results for random 3SAT and the industrial IFIP benchmarks for hardware ve...
Stalmarck's algorithm as a HOL derived rule
 Verlag LNCS 1125
, 1996
"... Abstract. St˚almarck’s algorithm is a patented technique for tautologychecking which has been used successfully for industrialscale problems. Here we describe the algorithm and explore its implementation as a HOL derived rule. 1 ..."
Abstract

Cited by 17 (0 self)
 Add to MetaCart
Abstract. St˚almarck’s algorithm is a patented technique for tautologychecking which has been used successfully for industrialscale problems. Here we describe the algorithm and explore its implementation as a HOL derived rule. 1
An abstract dynamic semantics for C
 Computer Laboratory, University of Cambridge
, 1997
"... This report is a presentation of a formal semantics for the C programming language. The semantics has been defined operationally in a structured semantics style and covers the bulk of the core of the language. ..."
Abstract

Cited by 16 (1 self)
 Add to MetaCart
This report is a presentation of a formal semantics for the C programming language. The semantics has been defined operationally in a structured semantics style and covers the bulk of the core of the language.
Reflecting BDDs in Coq
 IN ASIAN'2000
, 2000
"... We describe an implementation and a proof of correctness of binary decision diagrams (BDDs), completely formalized in Coq. This allows us to run BDDbased algorithms inside Coq and paves the way for a smooth integration of symbolic model checking in the Coq proof assistant by using reflection. I ..."
Abstract

Cited by 12 (2 self)
 Add to MetaCart
We describe an implementation and a proof of correctness of binary decision diagrams (BDDs), completely formalized in Coq. This allows us to run BDDbased algorithms inside Coq and paves the way for a smooth integration of symbolic model checking in the Coq proof assistant by using reflection. It also gives us, by Coq's extraction mechanism, certified BDD algorithms implemented in Caml. We also implement and prove correct a garbage collector for our implementation of BDDs inside Coq. Our experiments show that this approach works in practice, and is able to solve both relatively hard propositional problems and actual industrial hardware verification tasks.
Correctness Proof of a BDD Manager in the Context of Satisfiability Checking
 Department of Computer Sciences
, 2000
"... We present a compositional proof of correctness for a binary decision diagram (BDD) manager used in the context of a propositional satisfiability checker implemented using SingleThreaded Objects (stobjs) in ACL2. The use of stobjs affords the definition of an efficient BDD manager which ensures uniq ..."
Abstract

Cited by 8 (2 self)
 Add to MetaCart
We present a compositional proof of correctness for a binary decision diagram (BDD) manager used in the context of a propositional satisfiability checker implemented using SingleThreaded Objects (stobjs) in ACL2. The use of stobjs affords the definition of an efficient BDD manager which ensures unique construction, allows constanttime comparison, and caches previously computed results. The use of ACL2 means we can prove that the BDD manager implements the prescribed task of building a normalform representation of a boolean formula. We divide the proof requirements into (1) showing that a simpler set of BDD functions is correct, and (2) showing that the stobjbased BDD functions return values consistent with these simpler functions. We conclude the paper with a discussion of future extensions and refinements to the BDD manager presented.
On Extensibility of Proof Checkers
 in Dybjer, Nordstrom and Smith (eds), Types for Proofs and Programs: International Workshop TYPES'94, Bastad
, 1995
"... This paper is about mechanical checking of formal mathematics. Given some formal system, we want to construct derivations in that system, or check the correctness of putative derivations; our job is not to ascertain truth (that is the job of the designer of our formal system), but only proof. Howeve ..."
Abstract

Cited by 7 (2 self)
 Add to MetaCart
This paper is about mechanical checking of formal mathematics. Given some formal system, we want to construct derivations in that system, or check the correctness of putative derivations; our job is not to ascertain truth (that is the job of the designer of our formal system), but only proof. However, we are quite rigid about this: only a derivation in our given formal system will do; nothing else counts as evidence! Thus it is not a collection of judgements (provability), or a consequence relation [Avr91] (derivability) we are interested in, but the derivations themselves; the formal system used to present a logic is important. This viewpoint seems forced on us by our intention to actually do formal mathematics. There is still a question, however, revolving around whether we insist on objects that are immediately recognisable as proofs (direct proofs), or will accept some metanotations that only compute to proofs (indirect proofs). For example, we informally refer to previously proved results, lemmas and theorems, without actually inserting the texts of their proofs in our argument. Such an argument could be made into a direct proof by replacing all references to previous results by their direct proofs, so it might be accepted as a kind of indirect proof. In fact, even for very simple formal systems, such an indirect proof may compute to a very much bigger direct proof, and if we will only accept a fully expanded direct proof (in a mechanical proof checker for example), we will not be able to do much mathematics. It is well known that this notion of referring to previous results can be internalized in a logic as a cut rule, or Modus Ponens. In a logic containing a cut rule, proofs containing cuts are considered direct proofs, and can be directly accepted by a proof ch...
Experiments with Finite Tree Automata in Coq
, 2001
"... Tree automata are a fundamental tool in computer science. We report on experiments to integrate tree automata in Coq using shallow and deep reflection techniques. While shallow reflection seems more natural in this context, it turns out to give disappointing results. Deep reflection is more diffi ..."
Abstract

Cited by 4 (2 self)
 Add to MetaCart
Tree automata are a fundamental tool in computer science. We report on experiments to integrate tree automata in Coq using shallow and deep reflection techniques. While shallow reflection seems more natural in this context, it turns out to give disappointing results. Deep reflection is more difficult to apply, but is more promising.
A Reflexive Formalization of a SAT Solver in Coq
 In Proceedings of TPHOLs
, 2008
"... Abstract. We present a Coq formalization of an algorithm deciding the satisfiability of propositional formulas (SAT). This SAT solver is described as a set of inference rules in a manner that is independent of the actual representation of propositional variables and formulas. We prove soundness and ..."
Abstract

Cited by 4 (0 self)
 Add to MetaCart
Abstract. We present a Coq formalization of an algorithm deciding the satisfiability of propositional formulas (SAT). This SAT solver is described as a set of inference rules in a manner that is independent of the actual representation of propositional variables and formulas. We prove soundness and completeness for this system, and instantiate our solver directly on the propositional fragment of Coq’s logic in order to obtain a fully reflexive tactic. Such a tactic represents a first and important step towards our ultimate goal of embedding an automated theorem prover inside the Coq system. We also extract a certified Ocaml implementation of the algorithm. 1