Assuming termination

Greve, David

doi:10.1145/1637837.1637856

Cited by 9 publications

(11 citation statements)

References 4 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…If the footprint function for a program happens to be recursive, its termination proof may well fail, thus stopping processing. There are known techniques for defining partial functions [6,9], obtaining recursion equations and induction theorems constrained by termination requirements. These techniques remove this flaw, allowing the deferral of termination arguments while the partial correctness proof is addressed.…”

Section: Discussionmentioning

confidence: 99%

The Guardol Language and Verification System

Hardin

Slind

Whalen

et al. 2012

Tools and Algorithms for the Construction and Analysis of Systems

View full text Add to dashboard Cite

Guardol is a domain-specific language designed to facilitate the construction of correct network guards operating over treeshaped data. The Guardol system generates Ada code from Guardol programs and also provides specification and automated verification support. Guard programs and specifications are translated to higher order logic, then deductively transformed to a form suitable for a SMT-style decision procedure for recursive functions over tree-structured data. The result is that difficult properties of Guardol programs can be proved fully automatically.

show abstract

Section: Discussionmentioning

confidence: 99%

The Guardol Language and Verification System

Hardin

Slind

Whalen

et al. 2012

Tools and Algorithms for the Construction and Analysis of Systems

View full text Add to dashboard Cite

show abstract

“…While his semantic arguments involving a special notion of partial truth are hard to adapt to a formal setting within type theory or HOL, it turns out that inductive domain predicates and the associated induction principles permit the same convenient reasoning style (Krauss 2006). Greve (2009) describes a tool for function definitions in ACL2, which also constructs domain predicates. Due to the restricted logic of ACL2, which does not support inductive definitions, the domain predicate must be constructed in an intricate bootstrapping process that involves a reduction to tail-recursive form (see Section 5.5.2).…”

Section: Partiality and Recursion In Interactive Theorem Provers -An mentioning

confidence: 99%

Partiality and recursion in interactive theorem provers – an overview

Bove¹,

Krauß²,

Sozeau³

2014

Math. Struct. Comp. Sci.

View full text Add to dashboard Cite

The use of interactive theorem provers to establish the correctness of critical parts of a software development or for formalizing mathematics is becoming more common and feasible in practice. However, most mature theorem provers lack a direct treatment of partial and general recursive functions; overcoming this weakness has been the objective of intensive research during the last decades. In this article, we review several techniques that have been proposed in the literature to simplify the formalization of partial and general recursive functions in interactive theorem provers. Moreover, we classify the techniques according to their theoretical basis and their practical use. This uniform presentation of the different techniques facilitates the comparison and highlights their commonalities and differences, as well as their relative advantages and limitations. We focus on theorem provers based on constructive type theory (in particular, Agda and Coq) and higher-order logic (in particular Isabelle/HOL). Other systems and logics are covered to a certain extent, but not exhaustively. In addition to the description of the techniques, we also demonstrate tools which facilitate working with the problematic functions in particular theorem provers.

show abstract

“…This definition employs features of Greve's def package, provided as part of the ACL2 community books [7] [8]. The def::un macro, found in the coi/util/defun book, improves upon ACL2 defun by providing both input and output "type" signatures.…”

Section: Completing the Translationmentioning

confidence: 99%

Development of a Translator from LLVM to ACL2

Hardin

Davis

Greve

et al. 2014

Electron. Proc. Theor. Comput. Sci.

View full text Add to dashboard Cite

In our current work a library of formally verified software components is to be created, and assembled, using the Low-Level Virtual Machine (LLVM) intermediate form, into subsystems whose top-level assurance relies on the assurance of the individual components. We have thus undertaken a project to build a translator from LLVM to the applicative subset of Common Lisp accepted by the ACL2 theorem prover. Our translator produces executable ACL2 formal models, allowing us to both prove theorems about the translated models as well as validate those models by testing. The resulting models can be translated and certified without user intervention, even for code with loops, thanks to the use of the def::ung macro which allows us to defer the question of termination. Initial measurements of concrete execution for translated LLVM functions indicate that performance is nearly 2.4 million LLVM instructions per second on a typical laptop computer. In this paper we overview the translation process and illustrate the translator's capabilities by way of a concrete example, including both a functional correctness theorem as well as a validation test for that example.

show abstract

Assuming termination

Cited by 9 publications

References 4 publications

The Guardol Language and Verification System

The Guardol Language and Verification System

Partiality and recursion in interactive theorem provers – an overview

Development of a Translator from LLVM to ACL2

Contact Info

Product

Resources

About