## Fault-tolerant distributed theorem proving (1999)

### Cached

### Download Links

- [www.nuprl.org]
- [www.cs.cornell.edu]
- [www.cs.cornell.edu]
- DBLP

### Other Repositories/Bibliography

Citations: | 7 - 4 self |

### BibTeX

@INPROCEEDINGS{Hickey99fault-tolerantdistributed,

author = {Jason Hickey},

title = {Fault-tolerant distributed theorem proving},

booktitle = {},

year = {1999},

pages = {227--231},

publisher = {Springer-Verlag}

}

### Years of Citing Articles

### OpenURL

### Abstract

Higher-order logics are expressive tools for tasks ranging from formalizing the foundations of mathematics to large-scale software verification and synthesis. Because of their complexity, proofs in higher-order logics often use a combination of interactive proving together with computationally-intensive tactic applications that perform proof automation. As problems and proof automation become more sophisticated, these proofs represent substantial investments -- each interactive step may represent several hours of design time. We present an implementation of a distributed proving architecture to address the problems of speed, availability, and reliability in tactic provers. This architecture is implemented as a module in the MetaPRL logical framework. The implementation supports arbitrary process joins and allbut-one process failures at any time during a proof. Proof distribution is completely transparent; the existing tactic base is unmodified.

### Citations

420 | Isabelle: A generic theorem prover
- Paulson
- 1994
(Show Context)
Citation Context ... the original design. Proofs in higher-order logic can be computationally complex. It is easy for proof search to wander into areas of intractability, and many systems like HOL [9], Coq [5], Isabelle =-=[16]-=-, and Nuprl [6] combine interactive guidance with automated proving using tactics, which are programs that define domain-specific proof procedures and heuristics. While this model has been successful,... |

322 | The implementation of the Cilk-5 multithreaded language
- Frigo, Leiserson, et al.
- 1998
(Show Context)
Citation Context ... and the insight gained from first-order provers may lead to a more general scheduling policy mechanism in our framework. Our communication model (the DMA) is quite similar to Leiserson's CILK system =-=[8]-=-, in which parallel and distributed programs are written using annotated C code. Program distribution shares many of the mechanisms we describe for the Ensemble shared memory. The Nuprl proof developm... |

248 | The Ensemble System - Hayden - 1998 |

104 |
Introduction to HOL
- Gordon, Melham
- 1993
(Show Context)
Citation Context ...seness and intuition of the original design. Proofs in higher-order logic can be computationally complex. It is easy for proof search to wander into areas of intractability, and many systems like HOL =-=[9]-=-, Coq [5], Isabelle [16], and Nuprl [6] combine interactive guidance with automated proving using tactics, which are programs that define domain-specific proof procedures and heuristics. While this mo... |

49 | Specifications and proofs for ensemble layers
- Hickey, Lynch, et al.
- 1999
(Show Context)
Citation Context ...rification of the SCI cache-coherency protocol [7], Miller and Srivas's verification of the AAMP5 avionics processor [14] in PVS [3], the verification and automated optimization of Ensemble protocols =-=[11]-=-, and many others. Higher-order logics are often chosen for these endeavors not only because they can formalize meta-principles, but also because they retain the conciseness and intuition of the origi... |

44 | Enhancing the Nuprl proof-development system and applying it to computational abstract algebra - Jackson - 1995 |

36 |
G.: The COQ Proof Assistant Userâ€™s Guide
- Dowek, Felty, et al.
- 1993
(Show Context)
Citation Context ...d intuition of the original design. Proofs in higher-order logic can be computationally complex. It is easy for proof search to wander into areas of intractability, and many systems like HOL [9], Coq =-=[5]-=-, Isabelle [16], and Nuprl [6] combine interactive guidance with automated proving using tactics, which are programs that define domain-specific proof procedures and heuristics. While this model has b... |

31 |
Rushby, Natarajan Shankar, and Mandayam Srivas. A tutorial introduction to PVS
- Crow, Owre, et al.
- 1995
(Show Context)
Citation Context ...-order logics, including Nipkow's formalization of Java [15], Howe's verification of the SCI cache-coherency protocol [7], Miller and Srivas's verification of the AAMP5 avionics processor [14] in PVS =-=[3]-=-, the verification and automated optimization of Ensemble protocols [11], and many others. Higher-order logics are often chosen for these endeavors not only because they can formalize meta-principles,... |

14 |
Mandayam Srivas. Formal Verification of the AAMP5 Microprocessor: A Case Study in the Industrial Use of Formal Methods
- Miller
- 1995
(Show Context)
Citation Context ...ts in higher-order logics, including Nipkow's formalization of Java [15], Howe's verification of the SCI cache-coherency protocol [7], Miller and Srivas's verification of the AAMP5 avionics processor =-=[14]-=- in PVS [3], the verification and automated optimization of Ensemble protocols [11], and many others. Higher-order logics are often chosen for these endeavors not only because they can formalize meta-... |

12 |
Distributed theorem proving by Peers
- Bonacina, McCune
- 1994
(Show Context)
Citation Context ...y occurring subgoals can be identified. We leave these two issues as future work. 7 Related Work There are several examples of first-order proving and limited higher-order distributed theorem provers =-=[1, 17, 2, 4]-=-. These efforts differ from ours in at least two respects: we focus on general-purpose provers that use a mixture of interactive and automated proof, and we require fault-tolerance. However, the sched... |

12 | Nuprl-Light: An implementation framework for higherâ€“order logics
- Hickey
- 1997
(Show Context)
Citation Context ... 6 and we finish with a discussion of related work in Section 7. 2 Refinement Architecture and Tactics Foundational LCF-style tactic provers like Coq [5], Nuprl [6], and the MetaPRL logical framework =-=[12]-=- perform proofs in a backward-chaining goal-directed style. Given a goal sentence like the sequent A; A ) B ` B, the user selects a tactic to apply to the sentence in an attempt to either prove it, or... |

12 | A Heterogeneous Parallel Deduction System
- Sutcliffe
- 1992
(Show Context)
Citation Context ...y occurring subgoals can be identified. We leave these two issues as future work. 7 Related Work There are several examples of first-order proving and limited higher-order distributed theorem provers =-=[1, 17, 2, 4]-=-. These efforts differ from ours in at least two respects: we focus on general-purpose provers that use a mixture of interactive and automated proof, and we require fault-tolerance. However, the sched... |

11 | Protocol verification in Nuprl
- Felty, Howe, et al.
- 1998
(Show Context)
Citation Context ...years, there have been many example of significant formalization efforts in higher-order logics, including Nipkow's formalization of Java [15], Howe's verification of the SCI cache-coherency protocol =-=[7]-=-, Miller and Srivas's verification of the AAMP5 avionics processor [14] in PVS [3], the verification and automated optimization of Ensemble protocols [11], and many others. Higher-order logics are oft... |

10 |
von Oheimb. Java `ight is type-safe --- definitely
- Nipkow, David
- 1998
(Show Context)
Citation Context ... existing tactic base is unmodified. 1 Introduction In recent years, there have been many example of significant formalization efforts in higher-order logics, including Nipkow's formalization of Java =-=[15]-=-, Howe's verification of the SCI cache-coherency protocol [7], Miller and Srivas's verification of the AAMP5 avionics processor [14] in PVS [3], the verification and automated optimization of Ensemble... |

9 | Adaptive Parallel Iterative Deepening Search
- Cook, Varnell
- 1998
(Show Context)
Citation Context ...y occurring subgoals can be identified. We leave these two issues as future work. 7 Related Work There are several examples of first-order proving and limited higher-order distributed theorem provers =-=[1, 17, 2, 4]-=-. These efforts differ from ours in at least two respects: we focus on general-purpose provers that use a mixture of interactive and automated proof, and we require fault-tolerance. However, the sched... |

5 |
Renesse. Speci cations and proofs for ensemble layers
- Hickey, Lynch, et al.
- 1999
(Show Context)
Citation Context ... veri cation of the SCI cache-coherency protocol [7], Miller and Srivas's veri cation of the AAMP5 avionics processor [14] in PVS [3], the veri cation and automated optimization of Ensemble protocols =-=[11]-=-, and many others. Higher-order logics are often chosen for these endeavors not only because they can formalize meta-principles, but also because they retain the conciseness and intuition of the origi... |

4 |
von Oheimb. Java`ight is Type-Safe | De - nitely
- Nipkow, David
- 1998
(Show Context)
Citation Context ... the existing tactic base is unmodi ed. 1 Introduction In recentyears, there have been many example of signi cant formalization e orts in higher-order logics, including Nipkow's formalization of Java =-=[15]-=-, Howe's veri cation of the SCI cache-coherency protocol [7], Miller and Srivas's veri cation of the AAMP5 avionics processor [14] in PVS [3], the veri cation and automated optimization of Ensemble pr... |

3 |
Nipkow andDavid von Oheimb. Java`ight is type-safe de nitely
- Tobias
- 1998
(Show Context)
Citation Context ... the existing tactic base is unmodi ed. 1 Introduction In recentyears, there have been many example of signi cant formalization e orts in higher-order logics, including Nipkow's formalization of Java =-=[15]-=-, Howe's veri cation of the SCI cache-coherency protocol [7], Miller and Srivas's veri cation of the AAMP5 avionics processor [14] in PVS [3], the veri cation and automated optimization of Ensemble pr... |

2 | Cooperation in theorem proving by loosely coupled heuristics
- Denzinger, Fuchs
- 1997
(Show Context)
Citation Context |

2 |
Protocol veri cation in Nuprl
- Felty, Howe, et al.
- 1998
(Show Context)
Citation Context ...entyears, there have been many example of signi cant formalization e orts in higher-order logics, including Nipkow's formalization of Java [15], Howe's veri cation of the SCI cache-coherency protocol =-=[7]-=-, Miller and Srivas's veri cation of the AAMP5 avionics processor [14] in PVS [3], the veri cation and automated optimization of Ensemble protocols [11], and many others. Higher-order logics are often... |

1 |
Mandayam Srivas. Formal veri cation of the AAMP5 microprocessor: A case study in the industrial use of formal methods
- Miller
- 1995
(Show Context)
Citation Context ...orts in higher-order logics, including Nipkow's formalization of Java [15], Howe's veri cation of the SCI cache-coherency protocol [7], Miller and Srivas's veri cation of the AAMP5 avionics processor =-=[14]-=- in PVS [3], the veri cation and automated optimization of Ensemble protocols [11], and many others. Higher-order logics are often chosen for these endeavors not only because they can formalize meta-p... |

1 |
A heterogeneous parallel deduction system
- e, Pinakis
- 1992
(Show Context)
Citation Context ...only occurring subgoals can be identi ed. We leave these two issues as future work. 7 Related Work There are several examples of rst-order proving and limited higher-order distributed theorem provers =-=[1, 17, 2, 4]-=-. These e orts di er from ours in at least two respects: we focus on general-purpose provers that use a mixture of interactive and automated proof, and we require fault-tolerance. However, the schedul... |

1 |
Cooperation in theorem proving by looselycoupled heuristics
- Denzinger, Fuchs
- 1997
(Show Context)
Citation Context ...monly occurring subgoals can be identi ed. We leavethese two issues as future work. 7 Related Work There are several examples of rst-order proving and limited higher-order distributed theorem provers =-=[1, 17, 2, 4]-=-. These e orts di er from ours in at least two respects: we focus on general-purpose provers that use a mixture of interactive and automated proof, and we require fault-tolerance. However, the schedul... |