H. Rue and N. Shankar. Deconstructing Shostak. In Proceedings of the Conference on Logic in Computer Science (LICS), 2001.  Home/Search   Document Details and Download   Summary   Related Articles   Check

....works tend to nd a better integration between Shostak s algorithm and the Nelson Oppen combination framework [2, 8] Finally, it should be noted that completeness of Shostak s algorithm is not trivial. Subtle mistakes in the original algorithm motivated several new versions until very recently [22]. Our decision procedure is based on the Nelson Oppen framework and algorithm. Inequalities are very often used in the context of program veri cation, and the Nelson Oppen framework is the classical way to treat them. The arguments in favour of the Nelson Oppen congruence algorithm (that is, ....

H. Rue and N. Shankar. Deconstructing shostak. In Proceedings of the 16th Annual IEEE Symposium on Logic in Computer Science (LICS-01), pages 19-28, Los Alamitos, CA, 2001. IEEE Computer Society.

....two (and therefore any nite number of) Shostak theories is a Shostak theory. It was rst discovered in 1996 that there were mistakes in the Sho 1 algorithm [8] Finding a correct version of the algorithm became an active research area, and satisfactory solutions have been obtained only recently [16, 5, 9]. The research reported in this paper was supported by the NSF Grant CCR 9703218. It was performed while S. Conchon was with OGI School of Science Engineering. See de nition in Section 2. Surprisingly, the validity of Sho 2 has received minimal serious attention. Shostak himself provided ....

....X T (X) that inverts . De nition 1. The extended canonizer i : T (X) T (X) is given by i (t) i (t ) if t is an i term t otherwise where is an alien abstraction function for t. This de nition is a slight modi cation of the one given by Rue and Shankar [16, 18]. Using the propery (can 5) it is easy to check that the de nition is correct, i.e. independent of the choice of . Note that if t is an i term, then i (t) is also an i term, unless, as in our introductory example, i (t ) is a variable. In such cases i (t) is an alien subterm of t ....

[Article contains additional citation context not shown here]

H. Rue and N. Shankar. Deconstructing Shostak. In Proceedings of the 16th Annual IEEE Symposium on Logic in Computer Science (LICS-01), pages 19-28. IEEE Computer Society, 2001.

....[10] and by Tinelli and Harandi [16] We work at the level of abstraction that is close to these works, but our system is extended with implementation related details. A series of recent papers is devoted to proofs of correctness of various versions of the Shostak algorithm. Rue and Shankar [11] and Ganzinger [6] consider the algorithm for combining a free theory with one Shostak theory. In Barrett, Dill and Stump [3] the algorithm is for the combination of a Shostak theory with any convex theory. Finally, Shankar and Rue [13] settle the case of a free theory combined with an arbitrary ....

H. Rue and N. Shankar. Deconstructing Shostak. In Proceedings of the 16th Annual IEEE Symposium on Logic in Computer Science (LICS-01), pages 19-28. IEEE Computer Society, 2001.

....called a top term. The syntactic equality of two terms s and t is denoted by s t. The semantics of the theory symbols is given by a theory T , i.e. by a class of structures that is closed under isomorphisms. We assume that T is convex and contains all its models (T ) in the sense of [RS01], that is, all structures M such that (i) M j= 8X:s t whenever s = T t, and (ii) M j= s 6 t for s 6= T t where s and t are ground. The theory models are considered in contexts where additional free functions from exist. To that end, by T we denote the class of those [ structures the ....

H. Rue and N. Shankar. Deconstructing Shostak. In Proceedings of the 16th IEEE Symposium on Logic in Computer Science, pages 19-28. IEEE Computer Society Press, 2001.

No context found.

H. Rue and N. Shankar. Deconstructing Shostak. In 16th LICS, pages 19-28. IEEE Computer Society, 2001.

No context found.

H. Rue and N. Shankar. Deconstructing Shostak. In 16th Symposium on Logic in Computer Science (LICS 2001). IEEE Press, June 2001.

....= t are both in S i . It is possible to define a global canonical form S[ a] for a term a with respect to the solution state S using the individual canonizers # i . Shostak s original algorithm [Sho84] and its proof were both incorrect. The algorithm, as corrected by the author and Harald Ruess [RS01,SR02] checks the validity of a sequent T c = d. It does this by processing each equality a = b into its solved form. If S is the current solution state, then an unprocessed equality a = b in T is processed by first transforming it to a # = b # , where a # = S[ a] and b # = S[ b] The ....

....modularity of these procedures. Methods derived by specializing general purpose methods like resolution and rewriting can also simplify the construction of decision procedures. The Modularity Challenge. As we have already noted, inference procedures need rich programmer interfaces (APIs) BM86,FORS01] Boyer and Moore [BM86] write: the black box nature of the decision procedure is frequently destroyed by the need to integrate it. The integration forces into the theorem prover much knowledge of the inner workings of the procedure and forces into the procedure many features that are ....

[Article contains additional citation context not shown here]

Harald Rue and Natarajan Shankar. Deconstructing Shostak. In 16th Annual IEEE Symposium on Logic in Computer Science, pages 19--28, Boston, MA, July 2001. IEEE Computer Society.

....procedure. Shostak s original algorithm and proof were seriously flawed. His algorithm is neither terminating nor complete (even when terminating) These flaws went unnoticed for a long time even though the method was widely used, implemented, and studied [CLS96,BDL96,Bj99] In earlier work [RS01], we described a correct algorithm for the basic combination of a single canonizable, solvable theory with the theory of equality over uninterpreted terms. That correctness proof has been mechanically verified using PVS [FS02] The generality of the basic combination rests on Shostak s claim that ....

....from the theory of linear arithmetic, select and update from the theory of arrays, and cons, car , and cdr from the theory of lists. The basic Shostak combination algorithm covers the union of equality over uninterpreted function symbols and a single canonizable and solvable equational theory [Sho84,CLS96,RS01]. Shostak [Sho84] had claimed that the basic combination algorithm was su#cient because canonizers and solvers for disjoint theories could be combined into a single canonizer and solver for their union. This claim is incorrect. We present a combined decision procedure for multiple Shostak ....

[Article contains additional citation context not shown here]

Harald Rue and Natarajan Shankar. Deconstructing Shostak. In 16th Annual IEEE Symposium on Logic in Computer Science, pages 19--28, Boston, MA, July 2001. IEEE Computer Society.

....decision procedures for other canonizable and solvable theories. Early treatments of this integration were incorrect and could yield incomplete or nonterminating procedures. The first correct treatment for the integration of congruence closure with one other theory was developed by Shankar and Rue [12]; this construction has been formally verified in PVS by Ford and Shankar [6] The extension to multiple theories is not straightforward because, although the combination of the canonizers for the constituent theories yields a canonizer for the combined theory (which is an independently useful ....

Harald Rue and Natarajan Shankar. Deconstructing Shostak. In 16th Annual IEEE Symposium on Logic in Computer Science, pages 19--28, IEEE Computer Society, Boston, MA, July 2001.

No context found.

H. Rue and N. Shankar. Deconstructing Shostak. In Proceedings of the Conference on Logic in Computer Science (LICS), 2001.

No context found.

Harald Rue and Natarajan Shankar. Deconstructing Shostak. In Proc. LICS-16. IEEE, 2001.

No context found.

H. Rue and N. Shankar. Deconstructing Shostak. In Sixteenth Annual IEEE Symposium on Logic in Computer Science, pages 19-28. IEEE Computer Society, 2001.

No context found.

H. Rue and N. Shankar. Deconstructing Shostak. In Proceedings of the 16th Annual IEEE Symposium on Logic in Computer Science (LICS '01), pages 19{ 28. IEEE Computer Society, 2001.

No context found.

Harald Rue and Natarajan Shankar. Deconstructing Shostak. In Sixteenth Annual IEEE Symposium on Logic in Computer Science, pages 19--28. IEEE Computer Society, 2001.

No context found.

H. Rue and N. Shankar. Deconstructing Shostak. In Proceedings of the 16th Annual IEEE Symposium on Logic in Computer Science (LICS), pages 19-28, Copenhagen, Denmark, 2001. IEEE Computer Society.

No context found.

Harald Rue and Natarajan Shankar. Deconstructing Shostak. In 16th Annual IEEE Symposium on Logic in Computer Science, pages 19--28, Boston, MA, July 2001. IEEE Computer Society.

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC