Results 1  10
of
76
The Semantics of Reflected Proof
 IN PROC. OF FIFTH SYMP. ON LOGIC IN COMP. SCI
, 1990
"... We begin to lay the foundations for reasoning about proofs whose steps include both invocations of programs to build subproofs (tactics) and references to representations of proofs themselves (reflected proofs). The main result is the definition of a single type of proof which can mention itself, ..."
Abstract

Cited by 88 (11 self)
 Add to MetaCart
We begin to lay the foundations for reasoning about proofs whose steps include both invocations of programs to build subproofs (tactics) and references to representations of proofs themselves (reflected proofs). The main result is the definition of a single type of proof which can mention itself, using a new technique which finds a fixed point of a mapping between metalanguage and object language. This single type contrasts with hierarchies of types used in other approaches to accomplish the same classification. We show that these proofs are valid, and that every proof can be reduced to a proof involving only primitive inference rules. We also show how to extend the results to proofs from which programs (such as tactics) can be derived, and to proofs that can refer to a library of definitions and previously proven theorems. We believe that the mechanism of reflection is fundamental in building proof development systems, and we illustrate its power with applications to automating reasoning and describing modes of computation.
Using Typed Lambda Calculus to Implement Formal Systems on a Machine
 Journal of Automated Reasoning
, 1992
"... this paper and the LF. In particular the idea of having an operator T : Prop ! Type appears already in De Bruijn's earlier work, as does the idea of having several judgements. The paper [24] describes the basic features of the LF. In this paper we are going to provide a broader illustration of its a ..."
Abstract

Cited by 83 (14 self)
 Add to MetaCart
this paper and the LF. In particular the idea of having an operator T : Prop ! Type appears already in De Bruijn's earlier work, as does the idea of having several judgements. The paper [24] describes the basic features of the LF. In this paper we are going to provide a broader illustration of its applicability and discuss to what extent it is successful. The analysis (of the formal presentation) of a system carried out through encoding often illuminates the system itself. This paper will also deal with this phenomenon.
Mechanizing Programming Logics in Higher Order Logic
 in Current Trends in Hardware Verification and Automated Theorem Proving, ed. P.A. Subrahmanyam and Graham Birtwistle
, 1989
"... Formal reasoning about computer programs can be based directly on the semantics of the programming language, or done in a special purpose logic like Hoare logic. The advantage of the first approach is that it guarantees that the formal reasoning applies to the language being used (it is well known, ..."
Abstract

Cited by 59 (3 self)
 Add to MetaCart
Formal reasoning about computer programs can be based directly on the semantics of the programming language, or done in a special purpose logic like Hoare logic. The advantage of the first approach is that it guarantees that the formal reasoning applies to the language being used (it is well known, for example, that Hoare’s assignment axiom fails to hold for most programming languages). The advantage of the second approach is that the proofs can be more direct and natural. In this paper, an attempt to get the advantages of both approaches is described. The rules of Hoare logic are mechanically derived from the semantics of a simple imperative programming language (using the HOL system). These rules form the basis for a simple program verifier in which verification conditions are generated by LCFstyle tactics whose validations use the derived Hoare rules. Because Hoare logic is derived, rather than postulated, it is straightforward to mix semantic and axiomatic reasoning. It is also straightforward to combine the constructs of Hoare logic with other applicationspecific notations. This is briefly illustrated for various logical constructs, including termination statements, VDMstyle ‘relational’ correctness specifications, weakest precondition statements and dynamic logic formulae. The theory underlying the work presented here is well known. Our contribution is to propose a way of mechanizing this theory in a way that makes certain practical details work out smoothly.
Reasoning Theories  Towards an Architecture for Open Mechanized Reasoning Systems
, 1994
"... : Our ultimate goal is to provide a framework and a methodology which will allow users, and not only system developers, to construct complex reasoning systems by composing existing modules, or to add new modules to existing systems, in a "plug and play" manner. These modules and systems might be ..."
Abstract

Cited by 47 (11 self)
 Add to MetaCart
: Our ultimate goal is to provide a framework and a methodology which will allow users, and not only system developers, to construct complex reasoning systems by composing existing modules, or to add new modules to existing systems, in a "plug and play" manner. These modules and systems might be based on different logics; have different domain models; use different vocabularies and data structures; use different reasoning strategies; and have different interaction capabilities. This paper makes two main contributions towards our goal. First, it proposes a general architecture for a class of reasoning systems called Open Mechanized Reasoning Systems (OMRSs). An OMRS has three components: a reasoning theory component which is the counterpart of the logical notion of formal system, a control component which consists of a set of inference strategies, and an interaction component which provides an OMRS with the capability of interacting with other systems, including OMRSs and hum...
Promoting Rewriting to a Programming Language: A Compiler for NonDeterministic Rewrite Programs in AssociativeCommutative Theories
, 2001
"... Firstorder languages based on rewrite rules share many features with functional languages. But one difference is that matching and rewriting can be made much more expressive and powerful by incorporating some builtin equational theories. To provide reasonable programming environments, compilation ..."
Abstract

Cited by 30 (6 self)
 Add to MetaCart
Firstorder languages based on rewrite rules share many features with functional languages. But one difference is that matching and rewriting can be made much more expressive and powerful by incorporating some builtin equational theories. To provide reasonable programming environments, compilation techniques for such languages based on rewriting have to be designed. This is the topic addressed in this paper. The proposed techniques are independent from the rewriting language and may be useful to build a compiler for any system using rewriting modulo associative and commutative (AC) theories. An algorithm for manytoone AC matching is presented, that works efficiently for a restricted class of patterns. Other patterns are transformed to fit into this class. A refined data structure, namely compact bipartite graph, allows encoding all matching problems relative to a set of rewrite rules. A few optimisations concerning the construction of the substitution and of the reduced term are described. We also address the problem of nondeterminism related to AC rewriting and show how to handle it through the concept of strategies. We explain how an analysis of the determinism can be performed at compile time and we illustrate the benefits of this analysis for the performance of the compiled evaluation process. Then we briefly introduce the ELAN system and its compiler, in order to give some experimental results and comparisons with other languages or rewrite engines.
A proof environment for the development of group communication systems
 Fifteenth International Conference on Automated Deduction, LNAI 1421
, 1998
"... Abstract. We present a theorem proving environment for the development of reliable and efficient group communication systems. Our approach makes methods of automated deduction applicable to the implementation of realworld systems by linking the Ensemble group communication toolkit to the NuPRL proo ..."
Abstract

Cited by 27 (13 self)
 Add to MetaCart
Abstract. We present a theorem proving environment for the development of reliable and efficient group communication systems. Our approach makes methods of automated deduction applicable to the implementation of realworld systems by linking the Ensemble group communication toolkit to the NuPRL proof development system. We present tools for importing Ensemble’s code into NuPRL and exporting it back into the programming environment. We discuss techniques for reasoning about critical properties of Ensemble as well as verified strategies for reconfiguring the Ensemble system in order to improve its performance in concrete applications. 1
Analogy in Inductive Theorem Proving
, 1998
"... This paper investigates analogydriven proof plan construction in inductive theorem proving. We identify constraints of secondorder mappings that enable a replay of the plan of a source theorem to produce a similar plan for the target theorem. In some cases, differences between the source and ..."
Abstract

Cited by 25 (8 self)
 Add to MetaCart
This paper investigates analogydriven proof plan construction in inductive theorem proving. We identify constraints of secondorder mappings that enable a replay of the plan of a source theorem to produce a similar plan for the target theorem. In some cases, differences between the source and target theorem mean that the target proof plan has to be reformulated. These reformulations are suggested by the mappings. The analogy procedure, implemented in ABALONE, is particularly useful for overriding the default control and suggesting lemmas. Employing analogy has extended the problem solving horizon of the proof planner CLAM : with analogy, some theorems could be proved that neither CLAM nor NQTHM could prove automatically.
The BoyerMoore Prover and Nuprl: An Experimental Comparison
 LOGICAL FRAMEWORKS
, 1991
"... We use an example to compare the BoyerMoore Theorem Prover and the Nuprl Proof Development System. The respective machine verifications of a version of Ramsey's theorem illustrate similarities and differences between the two systems. The proofs are compared using both quantitative and nonquantitat ..."
Abstract

Cited by 24 (8 self)
 Add to MetaCart
We use an example to compare the BoyerMoore Theorem Prover and the Nuprl Proof Development System. The respective machine verifications of a version of Ramsey's theorem illustrate similarities and differences between the two systems. The proofs are compared using both quantitative and nonquantitative measures, and we examine difficulties in making such comparisons.
Reflective Reasoning With and Between a Declarative Metatheory and the Implementation Code
, 1994
"... The goal of this paper is to present a theorem prover where the underlying code has been written to behave as the procedural metalevel of the object logic. We have then defined a logical declarative metatheory MT which can be put in a onetoone relation with the code and automatically generated ..."
Abstract

Cited by 23 (16 self)
 Add to MetaCart
The goal of this paper is to present a theorem prover where the underlying code has been written to behave as the procedural metalevel of the object logic. We have then defined a logical declarative metatheory MT which can be put in a onetoone relation with the code and automatically generated from it. MT is proved correct and complete in the sense that, for any object level deduction, the wff representing it is a theorem of MT, and viceversa. Such theorems can be translated back in the underlying code. This opens up the possibility of deriving control strategies automatically by metatheoretic theorem proving, of mapping them into the code and thus of extending and modifying the system itself. This seems a first step towards "really" selfreflective systems, ie. systems able to reason deductively about and modify their underlying computation mechanisms. We show that the usual logical reflection rules (so called reflection up and down) are derived inference rules of the system.
A Metatheory of a Mechanized Object Theory
, 1994
"... In this paper we propose a metatheory, MT which represents the computation which implements its object theory, OT, and, in particular, the computation which implements deduction in OT. To emphasize this fact we say that MT is a metatheory of a mechanized object theory. MT has some "unusual" prope ..."
Abstract

Cited by 22 (10 self)
 Add to MetaCart
In this paper we propose a metatheory, MT which represents the computation which implements its object theory, OT, and, in particular, the computation which implements deduction in OT. To emphasize this fact we say that MT is a metatheory of a mechanized object theory. MT has some "unusual" properties, e.g. it explicitly represents failure in the application of inference rules, and the fact that large amounts of the code implementing OT are partial, i.e. they work only for a limited class of inputs. These properties allow us to use MT to express and prove tactics, i.e. expressions which specify how to compose possibly failing applications of inference rules, to interpret them procedurally to assert theorems in OT, to compile them into the system implementation code, and, finally, to generate MT automatically from the system code. The definition of MT is part of a larger project which aims at the implementation of selfreflective systems, i.e. systems which are able to intros...