Results 1  10
of
16
ACL2: An Industrial Strength Version of Nqthm
, 1996
"... ACL2 is a reimplemented extended version of Boyer and Moore's Nqthm and Kaufmann's PcNqthm, intended for large scale verification projects. However, the logic supported by ACL2 is compatible with the applicative subset of Common Lisp. The decision to use an "industrial strength" programming languag ..."
Abstract

Cited by 58 (5 self)
 Add to MetaCart
ACL2 is a reimplemented extended version of Boyer and Moore's Nqthm and Kaufmann's PcNqthm, intended for large scale verification projects. However, the logic supported by ACL2 is compatible with the applicative subset of Common Lisp. The decision to use an "industrial strength" programming language as the foundation of the mathematical logic is crucial to our advocacy of ACL2 in the application of formal methods to large systems. However, one of the key reasons Nqthm has been so successful, we believe, is its insistence that functions be total. Common Lisp functions are not total and this is one of the reasons Common Lisp is so efficient. This paper explains how we scaled up Nqthm's logic to Common Lisp, preserving the use of total functions within the logic but achieving Common Lisp execution speeds. 1 History ACL2 is a direct descendent of the BoyerMoore system, Nqthm [8, 12], and its interactive enhancement, PcNqthm [21, 22, 23]. See [7, 25] for introductions to the two ancestr...
Design Goals for ACL2
, 1994
"... ACL2 is a theorem proving system under development at Computational Logic, Inc., by the authors of the BoyerMoore system, Nqthm, and its interactive enhancement, PcNqthm, based on our perceptions of some of the inadequacies of Nqthm when used in largescale verification projects. Foremost among th ..."
Abstract

Cited by 36 (5 self)
 Add to MetaCart
ACL2 is a theorem proving system under development at Computational Logic, Inc., by the authors of the BoyerMoore system, Nqthm, and its interactive enhancement, PcNqthm, based on our perceptions of some of the inadequacies of Nqthm when used in largescale verification projects. Foremost among those inadequacies is the fact that Nqthm's logic is an inefficient programming language. We now recognize that the efficiency of the logic as a programming language is of great importance because the models of microprocessors, operating systems, and languages typically constructed in verification projects must be executed to corroborate them against the realities they model. Simulation of such large scale systems stresses the logic in ways not imagined when Nqthm was designed. In addition, Nqthm does not adequately support certain proof techniques, nor does it encourage the reuse of previously developed libraries or the collaboration of semiautonomous workers on different parts of a verifica...
The BoyerMoore Theorem Prover and Its Interactive Enhancement
, 1995
"... . The socalled "BoyerMoore Theorem Prover" (otherwise known as "Nqthm") has been used to perform a variety of verification tasks for two decades. We give an overview of both this system and an interactive enhancement of it, "PcNqthm," from a number of perspectives. First we introduce the logic in ..."
Abstract

Cited by 31 (0 self)
 Add to MetaCart
. The socalled "BoyerMoore Theorem Prover" (otherwise known as "Nqthm") has been used to perform a variety of verification tasks for two decades. We give an overview of both this system and an interactive enhancement of it, "PcNqthm," from a number of perspectives. First we introduce the logic in which theorems are proved. Then we briefly describe the two mechanized theorem proving systems. Next, we present a simple but illustrative example in some detail in order to give an impression of how these systems may be used successfully. Finally, we give extremely short descriptions of a large number of applications of these systems, in order to give an idea of the breadth of their uses. This paper is intended as an informal introduction to systems that have been described in detail and similarly summarized in many other books and papers; no new results are reported here. Our intention here is merely to present Nqthm to a new audience. This research was supported in part by ONR Contract N...
A Theorem Prover for a Computational Logic
, 1990
"... We briefly review a mechanical theoremprover for a logic of recursive functions over finitely generated objects including the integers, ordered pairs, and symbols. The prover, known both as NQTHM and as the BoyerMoore prover, contains a mechanized principle of induction and implementations of line ..."
Abstract

Cited by 24 (0 self)
 Add to MetaCart
We briefly review a mechanical theoremprover for a logic of recursive functions over finitely generated objects including the integers, ordered pairs, and symbols. The prover, known both as NQTHM and as the BoyerMoore prover, contains a mechanized principle of induction and implementations of linear resolution, rewriting, and arithmetic decision procedures. We describe some applications of the prover, including a proof of the correct implementation of a higher level language on a microprocessor defined at the gate level. We also describe the ongoing project of recoding the entire prover as an applicative function within its own logic.
Program Verification using HOLUNITY
 Higher Order Logic Theorem Proving and Its Applications: HUG ’93, LNCS 780
, 1994
"... . HOLUNITY is an implementation of Chandy and Misra's UNITY theory in the HOL88 and HOL90 theorem provers. This paper shows how to verify safety and progress properties of concurrent programs using HOLUNITY. As an example it is proved that a liftcontrol program satisfies a given progress property ..."
Abstract

Cited by 16 (1 self)
 Add to MetaCart
. HOLUNITY is an implementation of Chandy and Misra's UNITY theory in the HOL88 and HOL90 theorem provers. This paper shows how to verify safety and progress properties of concurrent programs using HOLUNITY. As an example it is proved that a liftcontrol program satisfies a given progress property. The proof is compositional and partly automated. The progress property is decomposed into basic safety and progress properties, which are proved automatically by a developed tactic based on a combination of Gentzenlike proof methods and Pressburger decision procedures. The proof of the decomposition which includes induction is done mechanically using the inference rules of the UNITY logic implemented as theorems in HOL. The paper also contains some empirical results of running the developed tactic in HOL88 and HOL90, respectively. It turns out that HOL90 in average is about 9 times faster than HOL88. Finally, we discuss various ways of improving the tactic. 1 Introduction This paper pres...
Mechanical Verification of Distributed Algorithms in HigherOrder Logic
 The Computer Journal
, 1995
"... this paper we explain how to do so using HOLan interactive proof assistant for higherorder logic developed by Gordon and others [18]. First, we describe how to build an infrastructure in HOL that supports reasoning about distributed algorithms, including formal theories of predicates, temporal l ..."
Abstract

Cited by 12 (1 self)
 Add to MetaCart
this paper we explain how to do so using HOLan interactive proof assistant for higherorder logic developed by Gordon and others [18]. First, we describe how to build an infrastructure in HOL that supports reasoning about distributed algorithms, including formal theories of predicates, temporal logic, labeled transition systems, simulation of programs, translation of properties, and graphs. Then we demonstrate, via an example, how to use the powerful intuition about events and causality to guide and structure correctness proofs of distributed algorithms. The example used is the verification of PIF (propagation of information with feedback), which is a simple but typical distributed algorithm due to Segall [33]. 1 INTRODUCTION
A Survey on Kernel Specification and Verification
 TR 97654 of CS at USC
, 1997
"... Formal methods have been traditionally used to model and verify operating systems. Different methods verify different operating systems properties, such as process management, mutual exclusion and interprocess communication. Moreover, various methods may capture different design errors, such as dea ..."
Abstract

Cited by 8 (7 self)
 Add to MetaCart
Formal methods have been traditionally used to model and verify operating systems. Different methods verify different operating systems properties, such as process management, mutual exclusion and interprocess communication. Moreover, various methods may capture different design errors, such as deadlocks or unspecified receptions. The system kernel supports higherlevel system services. Hence, kernel verification is essential for the proper operation of the system. In addition, providing clear kernel specification improves the interoperability between its various implementations. In this paper, we describe commonly used methods for kernel specification and verification. Some methods provide a mathematical model, and use logic to prove properties of interest. These include PVS and BoyerMoore logic. Others use a programming language to simulate the system, then apply verification tools to capture system errors. These include the SPIN tool. Distributed operating systems are susceptible ...
A Proof Environment for Concurrent Programs
 In In Proceedings FME93 Symposium
, 1993
"... . Unity [CM88, Mer92, Kna90], as action systems approach [BS91], is a formal method that attempts to decouple a program from its implementation. Therefore, Unity separates logical behaviour from implementation, it provides predicates for specifications, and proof rules for deriving specifications di ..."
Abstract

Cited by 7 (2 self)
 Add to MetaCart
. Unity [CM88, Mer92, Kna90], as action systems approach [BS91], is a formal method that attempts to decouple a program from its implementation. Therefore, Unity separates logical behaviour from implementation, it provides predicates for specifications, and proof rules for deriving specifications directly from the program text. This type of proof strategy is often clearer and more succinct than argument about a program's operational behaviour. Our research fits into Unity's methodology. Its aims to develop a proof environment suitable for mechanical proof of concurrent programs. This proof is based on Unity [CM88], and may be used to specify and verify both safety and liveness properties. Our verification method is based on theorem proving, so that an axiomatization of the operational semantics is needed. We use Dijkstra's wpcalculus to formalize the Unity logic, so we can always derive a sound relationship between the operational semantics of a given Unity specification and the axio...
A mechanical formalization of several fairness notions
 VDM ’91: Formal Software Development Methods. SpringerVerlag Lecture Notes in Computer Science 551
, 1991
"... The views and conclusions contained in this document are those of the author and should not be interpreted as representing the official policies, either expressed or ..."
Abstract

Cited by 3 (1 self)
 Add to MetaCart
The views and conclusions contained in this document are those of the author and should not be interpreted as representing the official policies, either expressed or
Mechanically Verifying Safety and Liveness Properties of Delay Insensitive Circuits. Computer Aided Verification
 the BoyerMoore Prover. 1991 International Workshop on Formal Methods in VLSI Design
, 1991
"... The views and conclusions contained in this document are those of the author and should not be interpreted as representing the official policies, either expressed or ..."
Abstract

Cited by 3 (0 self)
 Add to MetaCart
The views and conclusions contained in this document are those of the author and should not be interpreted as representing the official policies, either expressed or