## Towards provably correct system synthesis and extension (1996)

Venue: | JOURNAL OF FUTURE GENERATION COMPUTER SYSTEMS |

Citations: | 1 - 1 self |

### BibTeX

@ARTICLE{Giunchiglia96towardsprovably,

author = {Fausto Giunchiglia and Paolo Pecchiari and Alessandro Armando},

title = {Towards provably correct system synthesis and extension},

journal = {JOURNAL OF FUTURE GENERATION COMPUTER SYSTEMS},

year = {1996},

volume = {12}

}

### OpenURL

### Abstract

Our ultimate goal is to define a framework and a methodology which will allow users to construct or extend complex reasoning systems in such a way that the correctness of the resulting system is guaranteed. Our approach is based on the following principles: (i) construct the prover according to certain general (but precise) criteria, in particular maintain a sharp distinction among the logical, control, and interaction components; (ii) use a uniform framework to specify these three levels; (iii) represent (selected parts of) the code in a classical first order theory, use the inference capabilities of the system to reason deductively about this theory, and, as a result, synthesize new code which can be pushed back in the underlying implementation. This paper describes the approach, what we have done so far and how we intend to proceed to pursue our ultimate goal.

### Citations

530 |
A computational logic
- Boyer, Moore
- 1979
(Show Context)
Citation Context ...m is maintained. To this end, we propose to specify a prover using a uniform framework based on the distinction of these three components. We test our ideas on the Boyer & Moore Theorem Prover, NQTHM =-=[5,4]-=-. We hope to succeed in specifying parts of the NQTHM code, and to prove their correctness. NQTHM is a sophisticated prover with complex reasoning heuristics, data structures and algorithms designed f... |

420 | Isabelle: A generic theorem prover
- Paulson
- 1994
(Show Context)
Citation Context ...ed work Historically, the first methodology for extending the deduction capabilities of a system in a provably correct way was implemented in LCF [20] and its descendants (e.g. NuPRL [9] and Isabelle =-=[26]-=-). We share with this work the idea that control should be expressed using a tactical language. In the case of LCF the tactical language is an extension of the programming language ML [21]. Similarly ... |

395 |
A Computational Logic Handbook
- Boyer, Moore
- 1988
(Show Context)
Citation Context ...m is maintained. To this end, we propose to specify a prover using a uniform framework based on the distinction of these three components. We test our ideas on the Boyer & Moore Theorem Prover, NQTHM =-=[5,4]-=-. We hope to succeed in specifying parts of the NQTHM code, and to prove their correctness. NQTHM is a sophisticated prover with complex reasoning heuristics, data structures and algorithms designed f... |

224 | Natural Deduction. A Proof-Theoretical Study. Almquist and Wiksell - Prawitz - 1965 |

168 |
General logics
- Meseguer
- 1989
(Show Context)
Citation Context ...uct provisional derivations. There is a constraint solving mechanism, j= ` P ! (C ) \Theta C (where P ! (C ) is the set of finite subsets of C ), represented abstractly as a consequence relation (cf. =-=[2,25]-=-). Both sequents and constraints can be schematic. A sequent system contains a set of instantiation maps, I , and an application operation, [], for filling in schemata, that is [] : [S \Theta I ! S ] ... |

102 |
Metafunctions: proving them correct and using them efficiently as new proof proceedures
- Boyer, Moore
- 1981
(Show Context)
Citation Context ...t f ae and P ae we get a metatheory capable of supporting reasoning about general properties of logic tactics. This second approach yields a metatheory which is close in spirit to the one proposed in =-=[7]-=-. 17 5.2 Lifting By inspecting the implementation of the primitive program tactics the lifting procedure can generate axioms of form (1) and (2) (cf. Section 5.1). Example 5.1 By lifting the definitio... |

99 | Simple consequence relations
- Avron
- 1991
(Show Context)
Citation Context ...uct provisional derivations. There is a constraint solving mechanism, j= ` P ! (C ) \Theta C (where P ! (C ) is the set of finite subsets of C ), represented abstractly as a consequence relation (cf. =-=[2,25]-=-). Both sequents and constraints can be schematic. A sequent system contains a set of instantiation maps, I , and an application operation, [], for filling in schemata, that is [] : [S \Theta I ! S ] ... |

99 |
Edinburgh LCF: a mechanized logic of computation
- Gordon, Milner, et al.
- 1979
(Show Context)
Citation Context ...nning into a bug in the interpreter/compiler). 7 Related work Historically, the first methodology for extending the deduction capabilities of a system in a provably correct way was implemented in LCF =-=[20]-=- and its descendants (e.g. NuPRL [9] and Isabelle [26]). We share with this work the idea that control should be expressed using a tactical language. In the case of LCF the tactical language is an ext... |

70 | Specifying theorem provers in a higherorder logic programming language - Felty, Miller - 1988 |

66 | Implementing tactics and tacticals in a higher-order logic programming language - Felty - 1993 |

47 | Reasoning theories – towards an architecture for open mechanized reasoning systems
- Giunchiglia, Pecchiari, et al.
- 1996
(Show Context)
Citation Context ...ally, we characterize a class of reasoning structures corresponding to the usual notion of derivations. The material presented in Section 4.1 summarizes some of the concepts and results introduced in =-=[15]-=-. Section 4.2 describes our approach for the specification of the control level of an OMRS. This description is quite informal as the theory underlying our approach is still work in progress. This the... |

37 | Computational Metatheory in Nuprl - Howe - 1988 |

36 | J.S.: Design goals of ACL2
- Kaufmann, Moore
- 1994
(Show Context)
Citation Context ...cked a posteriori by the checking tool. Instead, we aim at providing a tool which guarantees the correctness of all possible proofs a priori, when constructing the system. The work on the ACL2 system =-=[6,23]-=- is very relevant for the achievement of our ultimate goal. ACL2 is an extension/reimplementation of NQTHM that supports an extension of the applicative subset of common lisp as its logic. In this sys... |

29 |
EVES: An overview
- Craigen, Kromodimoeljo, et al.
- 1991
(Show Context)
Citation Context ...nformation which is used by a large number of systems and a general system independent syntax for describing and manipulating it, i.e. an algebra of annotations. Work in progress with the EVES system =-=[24,10]-=- shares with us the goal of providing a framework which certifies with a high confidence that the consequences computed by a system are correct. In EVES this is obtained by separating the search for a... |

29 | Higher-order functions considered unnecessary for higher-order programming - Goguen - 1990 |

28 |
A metalanguage for interactive proof in LCF
- Gordon, Milner, et al.
- 1978
(Show Context)
Citation Context ...nd Isabelle [26]). We share with this work the idea that control should be expressed using a tactical language. In the case of LCF the tactical language is an extension of the programming language ML =-=[21]-=-. Similarly to our approach, the soundness of LCF relies on the correctness of the implementation of a set of primitive tactics and on the underlying evaluator. However it crucially depends also on th... |

25 |
The GETFOL Manual - GETFOL version 1
- Giunchiglia
- 1992
(Show Context)
Citation Context ...mostly by means of examples. This is because our previous work was mainly focused on a careful analysis of the logical component (cf. [14] which reports lessons learned implementing the GETFOL system =-=[13]-=-). Work in progress is devoted to the analysis of the other two levels (cf. for instance [3] which characterizes (parts of) the GETFOL control component). In Section 4 we discuss how a prover can be o... |

24 | J.S.: A theorem prover for a computational logic
- Boyer, Moore
- 1990
(Show Context)
Citation Context ...cked a posteriori by the checking tool. Instead, we aim at providing a tool which guarantees the correctness of all possible proofs a priori, when constructing the system. The work on the ACL2 system =-=[6,23]-=- is very relevant for the achievement of our ultimate goal. ACL2 is an extension/reimplementation of NQTHM that supports an extension of the applicative subset of common lisp as its logic. In this sys... |

22 | A Metatheory of a Mechanized Object Theory
- Sera, Giunchiglia, et al.
- 1996
(Show Context)
Citation Context ... the specification of the control level of an OMRS. This description is quite informal as the theory underlying our approach is still work in progress. This theory aims at extending work presented in =-=[17,18]-=-. In Section 4.3 we discuss briefly about the interaction level of an OMRS. This discussion is very 3 informal and incomplete, as work on this level is left for future research. In Section 5 we show h... |

19 | Program Tactics and Logic Tactics
- Giunchiglia, Traverso
(Show Context)
Citation Context ... the specification of the control level of an OMRS. This description is quite informal as the theory underlying our approach is still work in progress. This theory aims at extending work presented in =-=[17,18]-=-. In Section 4.3 we discuss briefly about the interaction level of an OMRS. This discussion is very 3 informal and incomplete, as work on this level is left for future research. In Section 5 we show h... |

15 | Introspective Metatheoretic Reasoning
- Giunchiglia, Cimatti
- 1994
(Show Context)
Citation Context ...prover. Notice that these components are described informally and mostly by means of examples. This is because our previous work was mainly focused on a careful analysis of the logical component (cf. =-=[14]-=- which reports lessons learned implementing the GETFOL system [13]). Work in progress is devoted to the analysis of the other two levels (cf. for instance [3] which characterizes (parts of) the GETFOL... |

10 |
The EVES System
- Kromodimoeljo, Pase, et al.
(Show Context)
Citation Context ...nformation which is used by a large number of systems and a general system independent syntax for describing and manipulating it, i.e. an algebra of annotations. Work in progress with the EVES system =-=[24,10]-=- shares with us the goal of providing a framework which certifies with a high confidence that the consequences computed by a system are correct. In EVES this is obtained by separating the search for a... |

8 | Recursive Programs as Functions in a First Order Theory. AI Memo AIM-324 - McCarthy, Cartwright - 1979 |

2 | Metafol: Program tactics and logic tactics plus reflection, in this issue
- Benerecetti, Spalazzi
- 1996
(Show Context)
Citation Context ...l analysis of the logical component (cf. [14] which reports lessons learned implementing the GETFOL system [13]). Work in progress is devoted to the analysis of the other two levels (cf. for instance =-=[3]-=- which characterizes (parts of) the GETFOL control component). In Section 4 we discuss how a prover can be organized as an Open Mechanized Reasoning System (OMRS). The notion of OMRS provides us with ... |

1 |
Backward logic tactics
- Armando
- 1996
(Show Context)
Citation Context ...y. However it can be proven (under a few reasonable assumptions, e.g., T , f ae , and f ae must be new symbols) that the extended reasoning theory is a conservative extension of the initial one. (See =-=[1]-=- for the details of the proof). It is worth stressing that for a successful application of the lifting procedure it is essential that prover be organized as described in Section 3. It is such an organ... |

1 | An analysis of the interaction among the modules of the simplification process of the boyer-moore prover, in preparation - Giunchiglia, Pecchiari, et al. |