Results 1  10
of
22
Termination of Nested and Mutually Recursive Algorithms
, 1996
"... This paper deals with automated termination analysis for functional programs. Previously developed methods for automated termination proofs of functional programs often fail for algorithms with nested recursion and they cannot handle algorithms with mutual recursion. We show that termination proofs ..."
Abstract

Cited by 39 (9 self)
 Add to MetaCart
This paper deals with automated termination analysis for functional programs. Previously developed methods for automated termination proofs of functional programs often fail for algorithms with nested recursion and they cannot handle algorithms with mutual recursion. We show that termination proofs for nested and mutually recursive algorithms can be performed without having to prove the correctness of the algorithms simultaneously. Using this result, nested and mutually recursive algorithms do no longer constitute a special problem and the existing methods for automated termination analysis can be extended to nested and mutual recursion in a straightforward way. We give some examples of algorithms whose termination can now be proved automatically (including wellknown challenge problems such as McCarthy's f_91 function).
A Verified Operating System Kernel
 UNIVERSITY OF TEXAS AT AUSTIN
, 1987
"... We present a multitasking operating system kernel, called KIT, written in the machine language of a uniprocessor von Neumann computer. The kernel is proved to implement, on this shared computer, a fixed number of conceptually distributed communicating processes. In addition to implementing process ..."
Abstract

Cited by 30 (1 self)
 Add to MetaCart
We present a multitasking operating system kernel, called KIT, written in the machine language of a uniprocessor von Neumann computer. The kernel is proved to implement, on this shared computer, a fixed number of conceptually distributed communicating processes. In addition to implementing processes, the kernel provides the following verified services: process scheduling, error handling, message passing, and an interface to asynchronous devices. The problem is stated in the BoyerMoore logic, and the proof is mechanically checked with the BoyerMoore theorem prover.
The BoyerMoore Theorem Prover and Its Interactive Enhancement
, 1995
"... . The socalled "BoyerMoore Theorem Prover" (otherwise known as "Nqthm") has been used to perform a variety of verification tasks for two decades. We give an overview of both this system and an interactive enhancement of it, "PcNqthm," from a number of perspectives. First we introduce the logic in ..."
Abstract

Cited by 30 (0 self)
 Add to MetaCart
. The socalled "BoyerMoore Theorem Prover" (otherwise known as "Nqthm") has been used to perform a variety of verification tasks for two decades. We give an overview of both this system and an interactive enhancement of it, "PcNqthm," from a number of perspectives. First we introduce the logic in which theorems are proved. Then we briefly describe the two mechanized theorem proving systems. Next, we present a simple but illustrative example in some detail in order to give an impression of how these systems may be used successfully. Finally, we give extremely short descriptions of a large number of applications of these systems, in order to give an idea of the breadth of their uses. This paper is intended as an informal introduction to systems that have been described in detail and similarly summarized in many other books and papers; no new results are reported here. Our intention here is merely to present Nqthm to a new audience. This research was supported in part by ONR Contract N...
A Theorem Prover for a Computational Logic
, 1990
"... We briefly review a mechanical theoremprover for a logic of recursive functions over finitely generated objects including the integers, ordered pairs, and symbols. The prover, known both as NQTHM and as the BoyerMoore prover, contains a mechanized principle of induction and implementations of line ..."
Abstract

Cited by 24 (0 self)
 Add to MetaCart
We briefly review a mechanical theoremprover for a logic of recursive functions over finitely generated objects including the integers, ordered pairs, and symbols. The prover, known both as NQTHM and as the BoyerMoore prover, contains a mechanized principle of induction and implementations of linear resolution, rewriting, and arithmetic decision procedures. We describe some applications of the prover, including a proof of the correct implementation of a higher level language on a microprocessor defined at the gate level. We also describe the ongoing project of recoding the entire prover as an applicative function within its own logic.
A Verified Code Generator For A Subset Of Gypsy
, 1988
"... A VERIFIED CODE GENERATOR FOR A SUBSET OF GYPSY Publication No. William David Young, Ph.D. The University of Texas at Austin, 1988 Supervising Professors: Robert S. Boyer, J Strother Moore This report describes the specification and mechanical proof of a code generator for a subset of Gypsy 2.05 cal ..."
Abstract

Cited by 22 (4 self)
 Add to MetaCart
A VERIFIED CODE GENERATOR FOR A SUBSET OF GYPSY Publication No. William David Young, Ph.D. The University of Texas at Austin, 1988 Supervising Professors: Robert S. Boyer, J Strother Moore This report describes the specification and mechanical proof of a code generator for a subset of Gypsy 2.05 called MicroGypsy. MicroGypsy is a highlevel language containing many of the Gypsy control structures, simple data types and arrays, and predefined and userdefined procedure definitions including recursive procedure definitions. The language is formally specified by a recognizer and interpreter written as functions in the BoyerMoore logic. The target language for the MicroGypsy code generator is the Piton highlevel assembly language verified by J Moore to be correctly implemented on the FM8502 hardware. The semantics of Piton is specified by another interpreter written in the logic. A BoyerMoore function maps a MicroGypsy state containing program and data structures into an initial Pit...
A Verified Implementation of an Applicative Language with Dynamic Storage Allocation
, 1993
"... A compiler for a subset of the Nqthm logic and a mechanically checked proof of its correctness is described. The Nqthm logic defines an applicative programming language very similar to McCarthy's pure Lisp[20]. The compiler compiles programs in the Nqthm logic into the Piton assembly level language ..."
Abstract

Cited by 18 (0 self)
 Add to MetaCart
A compiler for a subset of the Nqthm logic and a mechanically checked proof of its correctness is described. The Nqthm logic defines an applicative programming language very similar to McCarthy's pure Lisp[20]. The compiler compiles programs in the Nqthm logic into the Piton assembly level language [23]. The correctness of the compiler is proven by showing that the result of executing the Piton code is the same as produced by the Nqthm interpreter V&C$. The Nqthm logic defines several different abstract data types, or shells, as they are called in Nqthm. The user can also define additional shells. The definition of a shell includes the definition of a constructor function that returns new objects with the type of that shell. These objects can become garbage, so the runtime system of the compiler includes a garbage collector. The proof of the correctness of the compiler has not been entirely mechanically checked. A plan for completing the proof is described.
Comparing Verification Systems: Interactive Consistency in ACL2
 PROCEEDINGS OF 11TH ANNUAL CONFERENCE ON COMPUTER ASSURANCE
, 1996
"... Achieving interactive consistency among processors in the presence of faults is an important problem in fault tolerant computing, first cleanly formulated by Lamport, Pease and Shostak and solved in selected cases with their Oral Messages (OM) Algorithm. Several machinesupported verifications of th ..."
Abstract

Cited by 13 (0 self)
 Add to MetaCart
Achieving interactive consistency among processors in the presence of faults is an important problem in fault tolerant computing, first cleanly formulated by Lamport, Pease and Shostak and solved in selected cases with their Oral Messages (OM) Algorithm. Several machinesupported verifications of this algorithm have been presented, including a particularly elegant formulation and proof by John Rushby using EHDM and PVS. Rushby proposes interactive consistency as a benchmark problem for specification and verification systems. We present a formalization of the OM algorithm in the ACL2 logic and compare our formalization and proof to his. We draw some conclusions concerning the range of desirable features for verification systems. In particular, while higherorder functions, strong typing, lambda abstraction and full quantification have some value they come with a cost; moreover, many uses of such feature can be easily translated into simpler logical constructs which facilitate more autom...
Termination Analysis for Partial Functions
 IN PROCEEDINGS OF THE THIRD INTERNATIONAL STATIC ANALYSIS SYMPOSIUM (SAS'96
, 1996
"... This paper deals with automated termination analysis for partial functional programs, i.e. for functional programs which do not terminate for each input. We present a method to determine their domains (resp. nontrivial subsets of their domains) automatically. More precisely, for each functional p ..."
Abstract

Cited by 11 (6 self)
 Add to MetaCart
This paper deals with automated termination analysis for partial functional programs, i.e. for functional programs which do not terminate for each input. We present a method to determine their domains (resp. nontrivial subsets of their domains) automatically. More precisely, for each functional program a termination predicate algorithm is synthesized, which only returns true for inputs where the program is terminating. To ease subsequent reasoning about the generated termination predicates we also present a procedure for their simplification.
Termination analysis for functional programs
 AUTOMATED DEDUCTION  A BASIS FOR APPLICATIONS, VOL. III, APPLIED LOGIC SERIES 10
, 1998
"... Proving termination is a central problem in software development and formal methods for termination analysis are essential for program verification. However, since the halting problem is undecidable and totality of functions is not even semidecidable, there is no procedure to prove or disprove the ..."
Abstract

Cited by 8 (4 self)
 Add to MetaCart
Proving termination is a central problem in software development and formal methods for termination analysis are essential for program verification. However, since the halting problem is undecidable and totality of functions is not even semidecidable, there is no procedure to prove or disprove the