J. Harrison. Binary Decision Diagrams as a HOL derived rule. The Computer Journal, 38:162-- 170, 1995.  Home/Search   Document Not in Database   Summary   Related Articles   Check

....for decidable sub theories would be impractical for hw sw verification. Rather, non sequent based systems (outside the prover) should be consulted as oracles. For instance the use of particularly efficient algorithms for propositional logics as one off derived rules for HOL has been proposed in [22, 23]. Yet the risk is that the concept of proof (and verification) would then be shaded by many black box steps. To fill the computational gap, a number of works have improved the effectiveness of tableaux method by switching from ground calculi to free variables versions [31, 16] with smart ....

J. Harrison. Binary decision diagrams as a HOL derived rule. The Computer Journal, 38:162--170, 1995.

....sub theories would be impractical for hw sw verification. Rather, non sequent based systems (outside the prover) should be consulted as oracles. For instance the use of particularly etficient algorithms for propositional logics as one off derived rules for H0L has been proposed by Harrison [83, 84]. The concept of proof (and verification) would then be shaded by many black box steps. 1.3 A First Step. Efficient Deductive Systems The design of flexible tableau calculi (with related provers) for a wide range classical and non classical logics, faces a number of problems in the attempt to ....

J. Harrison. Binary decision diagrams as a HOL derived rule. The Computer Journal, 38:162-170, 1995.

....for a proof in HOL of the correctness of some C code. Because Cholera doesn t deal with system and library calls, this verification can t attempt anything like the thttpd code of [3] but will rather look at the C code written by John Harrison as part of his work on binary decision diagrams in [13]. This code is Although the improvements mentioned might result in the big step non determinism of [12] 29 over 300 lines long, uses a hash table, linked lists as buckets, and a promote tofront strategy when searching the lists. It is thus quite a complicated example of data structure use, ....

John Harrison. Binary decision diagrams as a HOL derived rule. Computer Journal, 38(2), 1995.

....6. 3 The failed BDD example In wanting to demonstrate the applicability of the ideas of software verification in general and the Cholera system in particular, we pursued the goal of verifying a binary decision diagram implementation (see Bryant [Bry92] for a description of BDDs) by John Harrison [Har95a]. This choice had the advantage of being both interesting for a theorem proving audience, and having a challenging, but seemingly not overly complicated, implementation. Further, the code to be verified did not require a model of system calls or any other features not modelled by Cholera. We did ....

John Harrison. Binary decision diagrams as a HOL derived rule. Computer Journal, 38(2), 1995.

....however, augmenting the capabilites of proof assistants by external tools is now standard. This is shallow reflection, where the external tool constructs a trace of its verification, which can then be checked by the machinery of the given proof assistant. For instance, this is how Harrison [10, 11] integrates computations done by an external binary decision diagram package, resp. an implementation of Stalmarck s algorithm into HOL. Similarly, the model checker of Yu and Luo [17] outputs a proof that can be checked by Lego. Shallow reflection has many advantages. First, it is a safe way to ....

....[15] where binary decision diagrams are integrated in Coq through total reflection. In the last two cases, total reflection was called for, as traces produced by external tools would have grown far too much to be usable in practice: this is the case for binary decision diagrams, as Harrison shows [10]. Total reflection can roughly be thought as replacing proofs in the logic by computations , and will be described in more detail in Section 3. 3 A Short Tour of Coq Coq is a proof assistant based on the Calculus of Inductive Constructions (CIC) a type theory that is powerful enough to ....

[Article contains additional citation context not shown here]

J. Harrison. Binary decision diagrams as a HOL derived rule. The Computer Journal, 38:162--170, 1995.

....experimental results, and discuss speed and space issues. We then conclude in Section 7. The complete Coq code and proofs can be found at http: www.dyade.fr fr actions vip bdd.tgz. Related work. Closely related to our work is John Harrison s interfacing of a BDD library with the HOL prover [19]. The author s goal was to solve the validity problem for propositional logic formulae rather than to perform model checking. Reflection cannot be employed in HOL, since its logical language does not contain a programming sub language. To be precise, it does contain a calculus with fij equality, ....

....of applications of these proof rules to establish that be is valid (which is possible provided these proof rules are complete) and the proof assistant will then re check that this sequence of applications is correct. This is what Boutin [6] calls partial reflection. This is also what Harrison [19] implemented in HOL, using BDDs as decision procedure; we have already seen in Section 1 why this solution was not completely satisfactory. Our solution is to use total reflection [6] we write a function istauto in Coq s calculus that takes a Boolean expression be as input and returns whether ....

[Article contains additional citation context not shown here]

J. Harrison. Binary decision diagrams as a HOL derived rule. The Computer Journal, 38, 1995.

....we used contained 9000 lines of Coq code. The implementation of quanti cation, substitution and the implementation of the model checker took around 3700 lines more. 8. 1 Related Work One piece of work very much related to ours is John Harrison s interfacing of a BDD library with the HOL prover [Har95]. The author s goal is not to do any model checking, rather to solve the validity problem for propositional logic formulae. Because the logical language of HOL does not contain a programming sublanguage as NQTHM or Coq, re ection is not an option: the BDD library must log every BDD reduction step ....

....as it may be for simple veri cation conditions, this technique does not scale up much to more complex hardware circuit problems. In fact, for such problems, BDDs are mostly the only choice, and we have already seen that, although Harrison had managed to interface BDDs with HOL in such a way [Har95], the results were not entirely satisfactory. Gordon and his colleagues have combined the HOL proof assistant with an external BDD package [Gor99, GL99] They allow the HOL prover to accept results from an external BDD package, without any rechecking by HOL. While this is likely to work faster, ....

John Harrison. Binary decision diagrams as a HOL derived rule. The Computer Journal, 38:162{ 170, 1995.

....and to prove that they all work as expected. In Section 5 we discuss experimental results, and discuss speed and space issues. We then conclude in Section 6. 1 Related Works One piece of work very much related to ours is John Harrison s interfacing of a BDD library with the HOL prover [Har95] The author s goal is not to do any model checking, rather to solve the validity problem for propositional logic formulae in an efficient way. Because the logical language of HOL does not contain a programming sublanguage as NQTHM or Coq, reflection is not an option: the BDD library must log ....

....as it may be for simple verification conditions, this technique does not scale up much to more complex hardware circuit problems. In fact, for such problems, BDDs are mostly the only choice, and we have already seen that, although Harrison had managed to interface BDDs with HOL in such a way [Har95] the results were not entirely satisfactory. Finally, we should mention that modelling BDDs in Coq has already been done, by Emmanuel Ledinot [Led93] For the sake of simplicity, BDDs were actually modelled as binary decision trees, and sharing was simply ignored. As the goal of this ....

[Article contains additional citation context not shown here]

John Harrison. Binary decision diagrams as a HOL derived rule. The Computer Journal, 38:162-- 170, 1995.

....condition BDD(a) BDD(b) Then it returns a validation which is the computational part of an (informal) constructive proof that BDD(a) BDD(b) a = b instantiated with the informal proof that BDD(a) BDD(b) i.e. the validation must actually build the object proof of a = b . Harrison [Har95a] describes a BDD decision procedure for HOL based on a different viewpoint. If I understand [Har95a] correctly, whereas I suggested making the test for BDD(a) BDD(b) and executing the proof that this test decides equality of expressions, both at the meta level, Harrison has proved a = ....

....constructive proof that BDD(a) BDD(b) a = b instantiated with the informal proof that BDD(a) BDD(b) i.e. the validation must actually build the object proof of a = b . Harrison [Har95a] describes a BDD decision procedure for HOL based on a different viewpoint. If I understand [Har95a] correctly, whereas I suggested making the test for BDD(a) BDD(b) and executing the proof that this test decides equality of expressions, both at the meta level, Harrison has proved a = BDD(a) as an object theorem in HOL, where BDD( is some internal HOL representation. Little computation ....

John Harrison. Binary decision diagrams as a HOL derived rule. The Computer Journal, 38(5), 1995.

....the attention of many researchers in this decade. Therefore, BDD technique should be a considerable alternative to computational functions. This section describes the possibility to apply proof term generation to create a BDD propositional simplifier. Harrison has implemented BDD technique in HOL [Har95] that can be a good reference for the implementation issue. 156 BDD The basic idea of BDDs is to build up a binary decision diagram with the variables at the nodes and either 1 (true) or 0 (false) at the leaves. Each node has two branches which represent the expressions formed by ....

John Harrison. Binary Decision Diagrams as a HOL Derived rule. The Computer Journal, 38(1), 1995.

....for a proof in HOL of the correctness of some C code. Because Cholera doesn t deal with system and library calls, this verification can t attempt anything like the thttpd code of [3] but will rather look at the C code written by John Harrison as part of his work on binary decision diagrams in [13]. This code is 12 Although the improvements mentioned might result in the big step non determinism of [12] 29 over 300 lines long, uses a hash table, linked lists as buckets, and a promote tofront strategy when searching the lists. It is thus quite a complicated example of data structure use, ....

John Harrison. Binary decision diagrams as a HOL derived rule. Computer Journal, 38(2), 1995.

....Certain classes of problem can be solved very efficiently with purpose built proof tools, e.g. BDD based tautology checkers and model checkers for temporal logics. A purpose built BDD checker should be at least an order of magnitude faster than one implemented as a derived inference rule in HOL [10] (though the speedup is approximately a constant factor) The PVS theorem prover makes considerable use of special purpose decision procedures alongside HOL style deductive machinery. Muller and Nipkow propose a proof method implemented in a HOL like theorem prover in which a (possibly infinite ....

Harrison, J: Binary Decision Diagrams as a HOL Derived Rule, Higher Order Logic Theorem Proving and Its Applications, 7th International Workshop, Valletta, Malta, September, 1994. LNCS 859, Springer-Verlag (1994), 254--268

.... proof rules at a high level of abstraction with tool support from a general purpose theorem prover [2, 8, 11, 12] An increasingly popular approach, which is also adopted in this paper, is to combine the two methods with the aim of gaining the advantages of both automation and abstraction [5, 7, 13, 15, 16]. This paper introduces a deductive proof theory together with an automatic proof method to support the following intuitive style of correctness argument. Department of Computer Science, University of Essex, ESSEX CO4 3SQ, England, email:cardr essex.ac.uk tel: 44 1206 87 3586 fax: 44 1206 87 ....

....feasible for very large specifications [4] In all these papers, proofs involve separate theorem proving and model checking phases. In our work, model checking is represented by proof rules and thus there is no need for separate phases. Harrison has defined the decision procedure of BDDs in HOL [7]. A standard BDD procedure is implemented as an ML program in HOL with the additional feature that the apply and reduce steps also generate equivalence theorems. The end result of the proof procedure is a HOL theorem. We have not implemented standard model checking procedures in HOL but instead ....

[Article contains additional citation context not shown here]

Harrison, J.: Binary Decision Diagrams as a HOL Derived Rule, LNCS 859, Springer-Verlag (1994) 254--268.

....logic formula representing a large, complex system is hard to verify by hand, or by testing all possible states. Instead, a theorem prover is used to satisfy the formula automatically. Theorem provers for propositional logic are usually based on either the resolution principle[Rob65] the BDD[Har95] principle or on natural deduction[vD89] We have used a new and powerful theorem prover, the Stalmarck Method, based on the natural deduction scheme. The method has been developed and patented by Logikkonsult NP AB, Stockholm. In a recent investigation[JKvV94] the Stalmarck method was compared ....

John Harrison. Binary decision diagrams as a hol derived rule. Technical report, Univeristy of Cambridge Computer Laboratory, 1995. Published in the Computer Journal Vol.38, No.5 1995.

....this exercise in the prototype implementations, this is a critical step in the production of a tool. However, one should note that there may be a trade off between degree of rigour and performance. For example, in an interesting paper showing how BDDs can be implemented as a HOL derived rule [75], Harrison reports that a HOL implementation of BDDs as being fifty times slower than a Standard ML implementation. Although this work is cited as being superior to any existing tautology checkers implemented in HOL , Harrison points out that other approaches to ensuring correctness can be ....

J. Harrison. Binary decision diagrams as a HOL derived rule. The Computer Journal, 38(2):162--170, 1995.

....a N bits binary adder) or fragments of arithmetics [26] If tableaux are hopeless by nature , then non sequent based systems (outside the prover) should be consulted as oracles. For instance efficient algorithms for propositional logics as one off derived rules for HOL have been proposed in [15]. To fill the computational gap, a number of works have improved the effectiveness of tableau method by switching from ground calculi to free variables versions [23, 11] with smart skolemisation techniques [1] adding ad hoc rules for modus ponens and tollens [24, 7, 16, 21] imposing regularity ....

J. Harrison. Binary decision diagrams as a HOL derived rule. The Computer Journal, 38:162--170, 1995.

No context found.

J. Harrison. Binary decision diagrams as a HOL derived rule. The Computer Journal, 38:162--170, 1995.

No context found.

J. Harrison. Binary decision diagrams as a HOL derived rule. The Computer Journal, 38:162--170, 1995.

....any originality in these ideas: we imagine that many others have had thoughts along these lines. 1. The assumptions could be implemented as a more efficient data structure than a list. This might have a big impact on the efficiency of certain derived decision procedures, as described elsewhere [Har94]. It is likely that such a modification would imply a change in assumption ordering, and cause some existing proofs (especially those relying on FIRST ASSUM) to break. 2. The use of annotations, as proposed by Sara Kalvala [KAL92] could be supported. These allow the maintenance of logically ....

John Harrison. Binary decision diagrams as a hol derived rule. In HUG94 (LNCS 859), Malta, 1994.

....programmers to separate exploratory search from inference explicitly, without incurring much efficiency penalty. Furthermore there may be special situations where inferences may be more efficiently decided on after examining the whole proof ; for an example, see the work on BDDs in HOL by [Har94] 12.3.4 Partial evaluation There is a substantial research area of partial evaluation which aims to optimize functional programs by precomputing parts of them. The idea is similar to the well known idea of constant folding in compilers, but much more sophisticated. A very nice summary is the ....

....to be algorithms making essential use of imperative features (arrays, shared data structures) and not allowing a cheap checking process. Binary Decision Diagrams as described by [Bry92] constitute just such an algorithm. Nevertheless it has been shown in (still somewhat preliminary) work by [Har94] that even here an acceptable implementation in terms of primitive inferences may be possible. Furthermore the second of the above palliatives does apply to some extent, since very often a well chosen variable ordering makes a tremendous difference to the efficiency of a BDD based tautology ....

[Article contains additional citation context not shown here]

John Harrison. Binary decision diagrams as a hol derived rule. In Melham and Camilleri [MC94], pages 254--268.

No context found.

J. Harrison. Binary Decision Diagrams as a HOL derived rule. The Computer Journal, 38:162-- 170, 1995.

No context found.

J. Harrison. Binary Decision Diagrams as a HOL derived rule. The Computer Journal, 38:162{ 170, 1995.

No context found.

J. Harrison. Binary Decision Diagrams as a HOL derived rule, in The Computer Journal. volume 38, 1995.

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC