Results 1 
9 of
9
ACL2: An Industrial Strength Version of Nqthm
, 1996
"... ACL2 is a reimplemented extended version of Boyer and Moore's Nqthm and Kaufmann's PcNqthm, intended for large scale verification projects. However, the logic supported by ACL2 is compatible with the applicative subset of Common Lisp. The decision to use an "industrial strength" programming languag ..."
Abstract

Cited by 59 (6 self)
 Add to MetaCart
ACL2 is a reimplemented extended version of Boyer and Moore's Nqthm and Kaufmann's PcNqthm, intended for large scale verification projects. However, the logic supported by ACL2 is compatible with the applicative subset of Common Lisp. The decision to use an "industrial strength" programming language as the foundation of the mathematical logic is crucial to our advocacy of ACL2 in the application of formal methods to large systems. However, one of the key reasons Nqthm has been so successful, we believe, is its insistence that functions be total. Common Lisp functions are not total and this is one of the reasons Common Lisp is so efficient. This paper explains how we scaled up Nqthm's logic to Common Lisp, preserving the use of total functions within the logic but achieving Common Lisp execution speeds. 1 History ACL2 is a direct descendent of the BoyerMoore system, Nqthm [8, 12], and its interactive enhancement, PcNqthm [21, 22, 23]. See [7, 25] for introductions to the two ancestr...
A General Framework for Automatic Termination Analysis of Logic Programs
, 2000
"... This paper describes a general framework for automatic termination analysis of logic programs, where we understand by "termination" the finiteness of the LDtree constructed for the program and a given query. A general property of mappings from a certain subset of the branches of an infinite LDtree ..."
Abstract

Cited by 41 (9 self)
 Add to MetaCart
This paper describes a general framework for automatic termination analysis of logic programs, where we understand by "termination" the finiteness of the LDtree constructed for the program and a given query. A general property of mappings from a certain subset of the branches of an infinite LDtree into a finite set is proved. From this result several termination theorems are derived, by using different finite sets. The first two are formulated for the predicate dependency and atom dependency graphs. Then a general result for the case of the querymapping pairs relevant to a program is proved (cf. [29,21]). The correctness of the TermiLog system described in [22] follows from it. In this system it is not possible to prove termination for programs involving arithmetic predicates, since the usual order for the integers is not wellfounded. A new method, which can be easily incorporated in TermiLog or similar systems, is presented, which makes it possible to prove termination for programs involving arithmetic predicates. It is based on combining a finite abstraction of the integers with the technique of the querymapping pairs, and is essentially capable of dividing a termination proof into several cases, such that a simple termination function suffices for each case. Finally several possible extensions are outlined. Key words termination of logic programs  abstract interpretation  constraints ? This research has been partially supported by grants from the Israel Science Foundation 2 Nachum Dershowitz et al. 1
Termination of Nested and Mutually Recursive Algorithms
, 1996
"... This paper deals with automated termination analysis for functional programs. Previously developed methods for automated termination proofs of functional programs often fail for algorithms with nested recursion and they cannot handle algorithms with mutual recursion. We show that termination proofs ..."
Abstract

Cited by 39 (9 self)
 Add to MetaCart
This paper deals with automated termination analysis for functional programs. Previously developed methods for automated termination proofs of functional programs often fail for algorithms with nested recursion and they cannot handle algorithms with mutual recursion. We show that termination proofs for nested and mutually recursive algorithms can be performed without having to prove the correctness of the algorithms simultaneously. Using this result, nested and mutually recursive algorithms do no longer constitute a special problem and the existing methods for automated termination analysis can be extended to nested and mutual recursion in a straightforward way. We give some examples of algorithms whose termination can now be proved automatically (including wellknown challenge problems such as McCarthy's f_91 function).
Design Goals for ACL2
, 1994
"... ACL2 is a theorem proving system under development at Computational Logic, Inc., by the authors of the BoyerMoore system, Nqthm, and its interactive enhancement, PcNqthm, based on our perceptions of some of the inadequacies of Nqthm when used in largescale verification projects. Foremost among th ..."
Abstract

Cited by 36 (5 self)
 Add to MetaCart
ACL2 is a theorem proving system under development at Computational Logic, Inc., by the authors of the BoyerMoore system, Nqthm, and its interactive enhancement, PcNqthm, based on our perceptions of some of the inadequacies of Nqthm when used in largescale verification projects. Foremost among those inadequacies is the fact that Nqthm's logic is an inefficient programming language. We now recognize that the efficiency of the logic as a programming language is of great importance because the models of microprocessors, operating systems, and languages typically constructed in verification projects must be executed to corroborate them against the realities they model. Simulation of such large scale systems stresses the logic in ways not imagined when Nqthm was designed. In addition, Nqthm does not adequately support certain proof techniques, nor does it encourage the reuse of previously developed libraries or the collaboration of semiautonomous workers on different parts of a verifica...
Contributions to the Theory of Tail Recursive Functions
"... It is shown that the existence of an unique total function satisfying a tail recursive definitional axiom ensures the recursion always halts. This is in contrast to the general case, when the adjective tail need not apply to the recursion: The existence of an unique total function satisfying a (gene ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
It is shown that the existence of an unique total function satisfying a tail recursive definitional axiom ensures the recursion always halts. This is in contrast to the general case, when the adjective tail need not apply to the recursion: The existence of an unique total function satisfying a (general) recursive definitional axiom need not force the recursion to always terminate. A similar result is shown to have application to Tail Recursive Interpreters. The result reported in [1] about Knuth’s generalization of McCarthy’s 91 Function is obtained in a different way, as a corollary of more general results about reflexive tail recursive functions.
Knuth's Generalization of Takeuchi's Tarai Function: Preliminary Report
, 2000
"... Donald E. Knuth of Stanford University raises, in [2] and [3, chapter 22], intriguing open questions about his generalization of the tarai function and proposes an interesting candidate for machine verification. We answer some of the open questions and explore the use of ACL2 to meet Knuth's challen ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
Donald E. Knuth of Stanford University raises, in [2] and [3, chapter 22], intriguing open questions about his generalization of the tarai function and proposes an interesting candidate for machine verification. We answer some of the open questions and explore the use of ACL2 to meet Knuth's challenge. 1 Takeuchi's Tarai Function Ikuo Takeuchi devised the following recursive function for benchmarking LISP systems. The recursion can take a long time to terminate without generating large intermediate numerical values. Knuth comments [3, chapter 22]: "Takeuchi called his function tarai, from the word `taraimawashi,' which connotes passing an unpleasant object from one person to another." For integer inputs, x; y; z, t(x; y; z) def ( if x y then y (1) else t(t(x \Gamma 1; y; z); t(y \Gamma 1; z; x); t(z \Gamma 1; x; y)): John McCarthy proved that this recursion terminates and that t can be computed without any recursion, t(x; y; z) = if x y then y (2) else if y z then z else x: 1 J Moore [5] discovered a simpler measure than the one used by McCarthy and used the early BoyerMoore theorem prover, THM, to verify termination and that t satisfies the simpler nonrecursive equation. 2 Knuth's Generalization Knuth generalizes the tarai function to higher dimensions: For integer inputs, x 1 ; x 2 ; : : : ; xm , t(x 1 ; x 2 ; : : : ; xm ) def ( if x 1 x 2 then x 2 else t( t(x 1 \Gamma 1; x 2 ; : : : ; xm ); t(x 2 \Gamma 1; x 3 ; : : : ; xm ; x 1 ); . . .
Automatic Termination Analysis of Programs Containing Arithmetic Predicates
, 2008
"... For logic programs with arithmetic predicates, showing termination is not easy, since the usual order for the integers is not wellfounded. A new method, easily incorporated in the TermiLog system for automatic termination analysis, is presented for showing termination in this case. The method consi ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
For logic programs with arithmetic predicates, showing termination is not easy, since the usual order for the integers is not wellfounded. A new method, easily incorporated in the TermiLog system for automatic termination analysis, is presented for showing termination in this case. The method consists of the following steps: First, a finite abstract domain for representing the range of integers is deduced automatically. Based on this abstraction, abstract interpretation is applied to the program. The result is a finite number of atoms abstracting answers to queries which are used to extend the technique of querymapping pairs. For each querymapping pair that is potentially nonterminating, a bounded (integervalued) termination function is guessed. If traversing the pair decreases the value of the termination function, then termination is established. Simple functions often suffice for each querymapping pair, and that gives our approach an edge over the classical approach of using a single termination function for all loops, which must inevitably be more complicated and harder to guess automatically. It is worth noting that the termination of McCarthy’s 91 function can be shown automatically using our method. In summary, the proposed approach is based on combining a finite abstraction of the integers with the technique of the querymapping pairs, and is essentially capable of dividing a termination proof into several cases, such that a simple termination function suffices for each case. Consequently, the whole process of proving termination can be done automatically in the framework of TermiLog and similar systems.
On the asymptotics of Takeuchi numbers
 Dev. Math
"... I present an asymptotic formula for the Takeuchi numbers Tn. In particular, I give compelling numerical evidence and present a heuristic argument showing that Tn ∼ CT Bn exp 1 2 W(n)2 as n tends to infinity, where Bn are the Bell numbers, W(n) is Lambert’s W function, and CT = 2.239... is a constant ..."
Abstract

Cited by 1 (1 self)
 Add to MetaCart
I present an asymptotic formula for the Takeuchi numbers Tn. In particular, I give compelling numerical evidence and present a heuristic argument showing that Tn ∼ CT Bn exp 1 2 W(n)2 as n tends to infinity, where Bn are the Bell numbers, W(n) is Lambert’s W function, and CT = 2.239... is a constant. Moreover, I show that the method presented here
When Linear Norms Are Not Enough
"... We consider left termination of queries to logic programs ([Apt97, DSD94]). The general approach toproving termination is by showing that during the evaluation of a given program, there is a sequence of terms, such that the size of these terms is decreasing. Usually, orders induced by de ning linear ..."
Abstract
 Add to MetaCart
We consider left termination of queries to logic programs ([Apt97, DSD94]). The general approach toproving termination is by showing that during the evaluation of a given program, there is a sequence of terms, such that the size of these terms is decreasing. Usually, orders induced by de ning linear norms on terms ([UvG88, Plu90, LS97, CT97]) are su cient for showing termination. However, in some cases, termination cannot be shown using a linear norm. Two examples are given below. 1. Consider the program for repeated derivations with a query that is symbolically represented in the form d(Expression, Derivative), where the rst argument is ground. d(der(t) � 1): d(der(A) � 0):;number(A): d(der(X + Y) � DX + DY):;d(der(X) � DX) � d(der(Y) � DY): d(der(X Y) � X DY + Y DX):;d(der(X) � DX) � d(der(Y) � DY): d(der(der(X)) � DDX):;d(der(X) � DX) � d(der(DX) � DDX): 2. Consider McCarthy's 91 function [Knu91] with the query mc carthy 91(Argument, Value), where the rst argument isaninteger. mc carthy 91(X � Y):; X> 100 � Y is X; 10: mc carthy 91(X � Y):; X =< 100 � Z1 is X + 11� mc carthy 91(Z1 � Z2) � mc carthy 91(Z2 � Y): For programs, such as repetitive derivations, we canshowtermination by considering recursively de nable sizes, i.e., the size of a term depends only on its functor and the sizes of its arguments. These recursively de nable sizes, which are not necessarily numerical, are a proper extension of the sizes induced by linear norms. For instance, the depth of a term is a recursively de nable size, but it cannot be expressed by anylinear norm. Norms that are based on recursively de nable sizes can be incorporated into the framework of TermiLog and similar systems [LSS97, CT97]. For programs, such as McCarthy's 91 function, termination depends on arithmetic calculations, and showing termination is di cult, since the usual order for the integers is not wellfounded. For