M. Gordon, R. Milner, and C.P. Wadsworth. Edinburgh LCF: A Mechanized Logic of Computation. Springer, 1979.  Home/Search   Document Not in Database   Summary   Related Articles   Check

....The Verification Challenge. How do we know that our inference procedures are sound This question is often asked by those who wish to apply inference procedures in contexts where a high level of manifest assurance is required. This question has been addressed in a number of ways. The LCF approach [GMW79] requires inference procedures to be constructed as tactics that generate a fully expanded proof in terms of low level inferences when applied. Proof objects have also been widely used as a way of validating inference procedures and securing mobile code [Nec97] Reflection [Wey80,BM81] is a way ....

M. Gordon, R. Milner, and C. Wadsworth. Edinburgh LCF: A Mechanized Logic of Computation, volume 78 of Lecture Notes in Computer Science. Springer-Verlag, 1979.

....by the user community. Starting from the rather small axiomatic basis of primitive HOL, standard mathematical concepts may be developed with reasonable e#ort. Over the years, HOL users have collected a large body of material. The system architecture of HOL follows the pioneering approach of LCF [Gordon et al. 1979], based on Milner s Correctness by Construction principle. Here a small trusted kernel implements primitive inferences of the basic logic, using a strongly typed functional programming language such as ML. Any further functions written by users may never invent new theorems, but are restricted ....

M. J. C. Gordon, R. Milner, and C. P. Wadsworth. Edinburgh LCF: A Mechanized Logic of Computation, volume 78 of LNCS. Springer, 1979.

....0 1 Introduction Among the many advances in the theory and practice of programming language design, the concepts of polymorphism [14, 28, 39] and continuation passing [38, 41, 43] are of particular interest. The use of polymorphism in a practical programming language was first explored in ML [15, 28, 29]. This style of polymorphism, called implicit polymorphism, is based on the idea that programs are type free, with types interpreted as predicates expressing properties of programs under evaluation. Numerous extensions of these ideas have been explored in the literature ( 7, 25, 31, 45] to name ....

Michael Gordon, Robin Milner, and Christopher Wadsworth. Edinburgh LCF: A Mechanized Logic of Computation, volume 78 of Lecture Notes in Computer Science. SpringerVerlag, 1979.

....et al. in the credible compilation project [11] where an optimizer say, for constant propagation does not only produce a new program but also proves a bisimulation theorem relating the transformed program to the original. Comparison with LCF systems Theorem proving systems of the LCF family [3], such as HOL [4] could also be used for certified computation. HOL, in particular, is a programming language (ML) augmented with an abstract data type them:era and soundness preserving ways of producing values of that type. Manipulating theorems soundly was in fact the primary motivation behind ....

M. J. Gordon, A. J. Miller, and C. P. Wadsworth. Edinburgh LCF: A Mechanized Logic of Computation, volume 78 of Lecture Notes in Computer Science. Springer-Verlag, 1979.

....its power with applications to automating reasoning and describing modes of computation. 1 Introduction Formal proofs of interesting ideas tend to be large objects, so in practice some mechanism is used to shorten and abbreviate proofs. One of the most e#ective is the use of tactics (LCF[17], Nuprl [10] #Prolog [24] HOL [16] and Oyster [9] Proofs then are tactic trees. These are proofs represented as trees in which certain steps are justified by programs (tactics) that compute subtrees. In all heretofore existing systems, the tactic trees use two languages, one the object ....

....of a formal language L (traditionally called the object language) The syntax of L is given by an inductively defined class of terms. This is a type in the observer s language or metalanguage, ML. We are especially interested in those languages L with a computable evaluation relation on terms [14, 10, 17, 19, 25]. We are concerned with languages L in which types can be defined. From outside of L we can see a type T of L as the class of terms which have that type, and we require that for any term t , t and its value t # have the same types, i.e. if t T then t # T ; furthermore, we require that if ....

M. Gordon, R. Milner, and C. Wadsworth. Edinburgh LCF: a mechanized logic of computation. Lecture Notes in Computer Science, 78, 1979.

....instead of making separate decisions at each choice point of proving at the (low) level of logical inferences, based on local clues, proof planning has some sense of the overall direction of the proof. As for large steps, proof planning builds on tactics inherited from tactical theorem proving [15]. The operators in proof planning (called methods) have two aspects: On the one hand, they represent planning operators with declarative preconditions and effects. On the other hand, a method specifies a tactic, where a tactic executes a number of logical inferences. Thereby, larger chunks of ....

M. Gordon, R. Milner, and C.P. Wadsworth. Edinburgh LCF: A Mechanized Logic of Com- putation. Lecture Notes in Computer Science 78. Springer, Berlin, 1979.

....the control one. 2.3 Tactic Theories While an ARTh speci es how control information is encoded via annotations, an ARTh does not specify the strategies employed by the system. In this paper we focus on an important class of proof strategies speci ed as tactics. Tactics, rst introduced in LCF [11] and later adopted in many popular theorem provers such as NuPrl [8] and Isabelle [17] are an e ective means to specify backward proof strategies in a modular fashion. We rst de ne an (equational) tactic system as a quadruple Tsys = h 0 ; E 0 ; T 0 ; F 0 i. 0 = hS 0 ; 0 ; O ....

....Waterfall] If instead Waterfall fails with totfail, then Nqthm immediately fails with totfail. This re ects the actual behavior of the system (cf. Sect. 3) It is worth pointing out that the semantics of the ORELSE and REPEAT tacticals di ers from the traditional one (as given, for instance, in [11,8]) in that they are sensitive to the identity of the failures generated by the component tactics. This is necessary in our case study as the outermost ORELSE must activate the backtracking tactic only in the event the rst tactic fails with bktfail, and immediately fail if totfail is returned. 5 ....

M.J. Gordon, A.J. Milner, and C.P. Wadsworth. Edinburgh LCF - A mechanized logic of computation, volume 78 of Lecture Notes in Computer Science. Springer Verlag, 1979.

....sfuma nel caso in cui i i passi di deduzione sono tanto potenti quanto un dimostratore. 10 3. il sistema verifica che ogni passo di deduzione sia applicabile ed in caso affermativo lo esegue. I punti precedenti descrivono (le versioni iniziali de) i primi proof checkers [Mil72a, Mil72b] LCF [GMW79, GMW77] AUTOMATH [deB70, deB80] e FOL [Wey80, Wey77] L ovvio problema sorto con questa generazione di proof checkers e che costruire dimostrazioni e un operazione lunga, ripetitiva e noiosa. Una parziale soluzione (applicata, per esempio in FOL [Wey80] e di dotare il verificatore non solo ....

M.J. Gordon, A.J. Milner, and C.P. Wadsworth. Edinburgh LCF - A mechanized logic of computation, volume 78 of Lecture Notes in Computer Science. Springer Verlag, 1979.

....gives rise to the desire for manifestly secure methods of proof: that is, methods of proof that ultimately reduce to applications of elementary, and generally accepted, rules of inference such as those of natural deduction or the sequent calculus. HOL and other veri cation systems derived from LCF [13] accomplish this in a very elegant, and relatively ecient, manner. 2.2 Contributing to Engineering Practice The approach just described values formal veri cation as a method for quality assurance: that is, as a method for certifying that a design is free of (certain) defects. The argument ....

M. Gordon, R. Milner, and C. Wadsworth. Edinburgh LCF: A Mechanized Logic of Computation, volume 78 of Lecture Notes in Computer Science. Springer Verlag, 1979.

....the returned sequents; if it fails, the tactic has not been able to decompose the problem of proving the input sequent into sub problems. 1 This problem is closely related to ours, since reasoning structures are a generalization of proof trees. 2 Re nement tactics are used in Edinburgh LCF [7], GETFOL [5] and NuPRL [4] 3 We give here a simpli ed description of re nement tactics (in particular, we neglect the notion of validation; see [7] for further information) which is adequate to our present discussion. 4 We use reasoning theories terminology (see [6] 1 Tacticals are ....

....is closely related to ours, since reasoning structures are a generalization of proof trees. 2 Re nement tactics are used in Edinburgh LCF [7] GETFOL [5] and NuPRL [4] 3 We give here a simpli ed description of re nement tactics (in particular, we neglect the notion of validation; see [7] for further information) which is adequate to our present discussion. 4 We use reasoning theories terminology (see [6] 1 Tacticals are functions which are applied to tactics to yield more complex tactics: tacticals allow us to invoke a certain tactic and if it fails invoke an alternative ....

M.J. Gordon, A.J. Milner, and C.P. Wadsworth. Edinburgh LCF - A mechanized logic of computation, volume 78 of Lecture Notes in Computer Science. Springer Verlag, 1979. 5

....to adjust their control flow according to the formulas of the theorem being proved and the outcome of other proof steps) such tactic or strategy languages provide a convenient way for developers and users to extend the capabilities of the core mechanization. First introduced in the LCF system [10] (whose metalanguage became the programming language ML) such languages and extension capabilities are found in many verification systems, including PVS. 4 The Challenge of Human Guidance The mechanisms described above are present to some degree in all theorem provers that have proved ....

M. Gordon, R. Milner, and C. Wadsworth. Edinburgh LCF: A Mechanized Logic of Computation, volume 78 of Lecture Notes in Computer Science. SpringerVerlag, 1979.

....2 Background A proof plan is an abstract representation of a proof that consists of trees of method nodes which are connected by sequents, called goals. A method is a (partial) specification of a tactic, represented in a meta level language, where a tactic executes a number of logical inferences [6]. Backward proof planning starts with the conjecture as an open goal g. It searches for a method M applicable to g and introduces a node with M into the proof plan. The subgoals g i produced by the application of M become the new open subgoals and g now has status closed. The planner continues to ....

M. Gordon, R. Milner, and C.P. Wadsworth, Edinburgh LCF: A Mechanized Logic of Computation, Lecture Notes in Computer Science 78, Springer, Berlin, 1979.

....quite different: meta reasoning is studied as a tool for controlling object level inference in automated deduction systems. The important issue here is how meta reasoning can be used to drive object level deduction in a correct, effective and efficient manner. Some examples in proof checking are [11, 17, 9], some examples in theorem proving are [4, 3, 2] We thank Frank van Harmelen for his comments on an early draft of the paper. 1 This paper is a first step towards providing a foundation for meta reasoning in the fields of AI and CS. From this perspective we understand and formalise ....

....issues are successfully dealt with. Note that our requirement of a logical meta theory contrasts with much of the current practice in theorem proving and automated deduction in which the so called meta language is nothing more than a programming language (e.g. in LCF the meta language is ML [11]) Proof plans [3] are a first step towards real meta theoretic reasoning but the meta theory is still partially procedural and the reasoning is performed by planning rather than by theorem proving. Despite our logical approach, our motivations lead us to have working hypotheses quite different ....

M.J. Gordon, A.J. Milner, and C.P. Wadsworth. Edinburgh LCF - A mechanized logic of computation, volume 78 of Lecture Notes in Computer Science. Springer Verlag, 1979.

....sections. A proof plan is an abstract representation of a proof that consists of trees of method nodes which are connected by sequents, called goals. A method is a (partial) specification of a tactic, represented in a meta level language, where a tactic executes a number of logical inferences [8]. Backward proof planning starts with the conjecture as an open goal g. It searches for a method M applicable to g and introduces a node with M into the proof plan. The subgoals g i produced by the application of M become the new open subgoals and g now has status closed. The planner continues to ....

M. Gordon, R. Milner, and C.P. Wadsworth. Edinburgh LCF: A Mechanized Logic of Computation. Lecture Notes in Computer Science 78. Springer, Berlin, 1979.

....crucial for achieving useful results within speci c domains. The primary challenge for interactive theorem proving is that of integrating these procedures within a unifying logic so that they can be combined into a proof development in a coherent manner. In contrast, the Automath [dB80] and LCF [GMW79] systems emphasize formality, foundational reductions, and fully expansive formal proof construction over automation. In the LCF approach, ML is used as a metalanguage in which theorems are an inductively de ned datatype, tactics are de ned as a way of introducing derived inference rules in a ....

M. Gordon, R. Milner, and C. Wadsworth. Edinburgh LCF: A Mechanized Logic of Computation, volume 78 of Lecture Notes in Computer Science. Springer-Verlag, 1979.

....rather powerful and highly automated, but the selection and composition of those primitive steps into an overall proof is performed interactively in response to commands from the user. Proof steps can be composed into higher level strategies that are similar to the tactics of LCF style provers [16]. Speci cations in Ehdm and PVS can be stated constructively using a number of de nitional forms that provide conservative extension, or they can be given axiomatically, or a mixture of both styles can be used. The built in types of Ehdm and PVS include the booleans, integers, and rationals; ....

....the consequences of changed assumptions or requirements. Most of the techniques we employ were pioneered by others. For example, Nuprl [74] and Veritas [75] provide predicate subtypes and dependent types; theory interpretations were used in Iota [76] our theorem proving techniques draw on LCF [16], the Boyer Moore prover [19] 20] and on earlier work at SRI [13] Our systems di er from others in tightly integrating capabilities that usually occur separately; this has allowed us to provide expressive speci cation languages and powerful and very e ective mechanization within a classical ....

M. Gordon, R. Milner, and C. Wadsworth, Edinburgh LCF: A Mechanized Logic of Computation, vol. 78 of Lecture Notes in Computer Science, Springer-Verlag, 1979.

....observe that for type theories with an identifiable computation system, as with constructive type theories, it is possible to write tactics and decision procedures directly in the logic itself. This is true for Nuprl whose computation system is a functional programming language in the spirit of ML [25], which is the language of choice for writing tactics. In this case the decision procedure is both proven correct and directly executable. A critical part of writing tactics inside a type theory is to have a model of the logic inside it. Again this can be done in rich type theories and has been ....

....of a proof; it is given a sequent, and it produces a proof whose goal is the sequent. The resulting proof might be incomplete (usually is) and it might not be possible to complete it if the approach is a dead end. The general idea of tactic oriented theorem proving was pioneered by Edinburgh LCF [25]. Nuprl has extended this method by introducing the concept of a tactic tree and by introducing the concept of a transformation tactic. We will not discuss the later idea. The idea of a tactic tree is that a justification for a proof step can be a tactic. The subproof built is not displayed, but ....

M. Gordon, R. Milner, and C. Wadsworth. Edinburgh LCF: a mechanized logic of computation, Lecture Notes in Computer Science, Vol. 78. Springer-Verlag, NY, 1979.

....reflection rules (so called reflection up and down) are derived inference rules of the system. 1 Introduction Reflective and metatheoretic reasoning are well known techniques applied in knowledge representation and automated deduction (see for instance [Bun88] CAB 86] BK82] Smi83] GMW79] Roughly speaking, in the past, metareasoning has been performed according to two different paradigms. In the first, from now on called procedural, the metalevel consists of a programming language and metareasoning is performed by computation in it. One example in AI is [Smi83] another in ....

....has been performed according to two different paradigms. In the first, from now on called procedural, the metalevel consists of a programming language and metareasoning is performed by computation in it. One example in AI is [Smi83] another in theorem 1 proving is LCF and its metalanguage ML [GMW79] In LCF the user can write control strategies as programs (usually called tactics) in ML to guide the search for a proof of a theorem. In the second paradigm, from now on called declarative, the metalevel is a logical metatheory and metareasoning is performed by deduction on metalevel ....

[Article contains additional citation context not shown here]

M.J. Gordon, A.J. Milner, and C.P. Wadsworth. Edinburgh LCF - A mechanized logic of computation, volume 78 of Lecture Notes in Computer Science. Springer Verlag, 1979.

....the proof, and builds internal control information to prune the search, and to avoid in nite recursion wherever possible (see the discussion on tail biting in [10] In acl2, the heuristics are coded by means of a purely functional language, to be perceived as a subset of Common Lisp. In lcf ([23]) Isabelle ( 32] NuPrl ( 16] and several other systems, strategies are described by means of a tactical language embedded in the functional language ML ( 31] The control level of an OMRS must therefore de ne both the control information used by provers and its possible manipulations, as ....

M. J. Gordon, A. J. Milner, and C. P. Wadsworth. Edinburgh LCF: A mechanized logic of computation. Number 78 in Lecture Notes in Computer Science. Springer-Verlag, 1979.

.... reasoning (see for instance [15, 25, 3] At the second level, which we call the tactic level, bidirectional reasoning is performed by using rules (called tactics) which are built on the underlying logical rules) The most important major examples in theorem proving are LCF and its descendants ([12, 7, 21, 20]) In LCF forward reasoning is performed by using formal inference rules and backward reasoning is performed at the metalevel by using tactics. Another example in AI is GOAL [5] that provides FOL [28] with a goal oriented language for interactive proof construction. At the third level, which we ....

....also made by Lig eza [13] Systems of the kind presented in these papers are often called rule based deduction systems, or also production systems, to emphasize the importance of using rules to make deductions. In other work, more directly related to automated theorem proving, see for instance [12, 7, 5, 26]) only one direction of reasoning is formalized inside a logical system, while the other direction is left implicit in the control. In particular, the intercalation calculi de ned by Sieg [26] see also [6] represent only forward reasoning, and give to both facts and goals a single formal ....

M.J. Gordon, A.J. Milner, and C.P. Wadsworth. Edinburgh LCF - A mechanized logic of computation, volume 78 of Lecture Notes in Computer Science. Springer Verlag, 1979.

....a related work is that of Stephan and Biundo [47] where a tactic based theorem prover is used to generate plans deductively. The constructs we have used for failure handling (e.g. then, orelse, and repeat) have been inspired by the work on tacticbased interactive theorem provers (see for instance [24, 12]) There have been some works treating failure, sensing actions and planning actions. About failure, the closest work is that described in [38] Rao and Georgeff extend the computation 26 A Dynamic Logic for Acting, Sensing, and Planning tree logic CTL introducing explicit notions for ....

M.J. Gordon, A.J. Milner, and C.P. Wadsworth. Edinburgh LCF - A mechanized logic of computation, volume 78 of Lecture Notes in Computer Science. Springer Verlag, 1979.

....proof in the context of relating different semantics of imperative programming constructs. Key words: Domain Theory, Fixed Point Theory, Mechanized Theorem Proving 1. Introduction Domain theory forms the mathematical basis of denotational semantics for programs, and is used in systems like Lcf [7][13] for reasoning about non termination, partial functions, and infinite valued domains. Although Lcf can be tailored to reason about finite valued datatypes and total functions, the resulting proofs tend to be rather unwieldy for the ubiquitous undefined (or bottom) elements. By contrast, logics ....

M. J. Gordon, A. J. R. Milner, and C. P. Wadsworth. Edinburgh LCF: a Mechanized Logic of Computation, volume 78 of Lecture Notes in Computer Science. Springer-Verlag, Berlin, 1979.

....on our results follows. 2 Background A proof plan for a conjecture g is an abstract representation of a proof that consists of trees of method nodes. A method is a (partial) specification of a tactic, represented in a meta level language, where a tactic executes a number of logical inferences [6]. Backward proof planning starts with the conjecture as an open goal g. It searches for a method M applicable to g and introduces a node with M into the proof plan. The subgoals g i produced by the application of M become the new open subgoals and g now has status closed. The planner continues to ....

M. Gordon, R. Milner, and C.P. Wadsworth, Edinburgh LCF: A Mechanized Logic of Computation, Lecture Notes in Computer Science 78, Springer, Berlin, 1979.

....higher order intuitionistic logic. 3. We investigate how datatypes, in particular products, relates to computations (previous work by category theorists is particularly useful here) At the end we get a formal system, the computational lambda calculus ( c calculus for short) similar to PP (see [GMW79]) for proving equivalence and existence of programs, which is sound and complete w.r.t. the categorical semantics of computations. The methodology outlined above is inspired by [Sco80] 2 , in particular the view that category theory comes, logically, before the calculus led us to consider a ....

....a program M has a value according to the operational semantics iff it is provably equivalent to a value (not necessarily the same) in the calculus, but they are too weak for proving equivalences of programs. The denotational approach may suggest important principles, e.g. fix point induction (see [Sco93, GMW79]) that can be found only after developing a semantics based on mathematical structures rather than term models, but it does not give clear criteria to single out the general principles among the properties satisfied by the model. The approach adopted in this paper generalises the one followed in ....

M.J.C. Gordon, R. Milner, and C.P. Wadsworth. Edinburgh LCF: A Mechanized Logic of Computation, volume 78 of LNCS. Springer Verlag, 1979.

....terms, and possibly the proofs, of the logic in the machine, and some representation of the methods of manipulation to be used. It is usual for terms to be represented by data structures and methods to be represented by programs. Proofs are variously represented by data structures [8] by programs [12], or by computations [2] Some important judgements that we wish to make about these representations are This research is supported in part by UK EPSRC grant GR J46616 and an HCM fellowship (ERBCHBG CT940733) held by the first author. This paper is to appear in the Proceedings of the 1995 Annual ....

M. Gordon, R, Milner and C. Wadsworth. Edinburgh LCF: A Mechanized Logic of Computation. In volume 78 of LNCS. Springer-Verlag, 1979.

....to be safe under the termination condition. The implementation within the GETFOL system is described and the synthesis of a logic tactic implementing a normalizer in negative normal form is presented as a case study. 1 Introduction As pointed out in [GMMW77] interactive theorem proving [GMW79, CAB 86, Pau89] has been growing up in the continuum existing between proof checking [deB70, Wey80] on one side and automated theorem proving [Rob65, And81, Bib81] on the other. Interactive theorem provers were built with the goal in mind to overtake the deficiencies of the extreme solutions: ....

M.J. Gordon, A.J. Milner, and C.P. Wadsworth. Edinburgh LCF - A mechanized logic of computation, volume 78 of Lecture Notes in Computer Science. Springer Verlag, 1979.

....The second, and truly novel, feature of our extension is the provision of terms as data structures. There has been a growing interest in recent years in programming environments in which complex syntactic objects such as formulas, programs and proofs can be represented and manipulated easily [6, 11, 31]. In developing environments of this kind, programming languages that facilitate the representation and manipulation of these kinds of objects play a fundamental role. As is evident from the arguments provided elsewhere [16, 22, 30, 28] the representation of objects involving the notion of ....

....to it as a programming language. A second theoretical issue is the provision of a richer term language within Prolog. The use of simply typed terms has turned out to be a limiting factor in the programming context, and we have therefore incorporated a form of polymorphism inspired by ML [11, 24]. A complete theoretical analysis for this extension is, however, yet to be provided. Further, there is reason to believe that a term language that permits an explicit quantification over types, e.g. the one discussed in [8] may be a better choice in this context. In a similar vein, a richer term ....

Gordon, M., Milner, A., and Wadsworth, C. Edinburgh LCF: A Mechanized Logic of Computation, LNCS 78, Springer-Verlag, 1972.

.... tactics, where by tactics we mean formulas of MT which specify how to compose primitive tactics (namely, possibly failing applications of object logic inference rules) Notice that in this paper, the word tactic has a different meaning from that used in most of the previous literature, e.g. in [32, 31, 14, 45], where tactics are programs written in a procedural metalanguage, e.g. in ML [34] We call these latter tactics, program tactics. The second feature makes it possible to give tactics a procedural content, i.e. to use them to assert object level theorems (possibly proofs) This can be done in two ....

....[1] 22 7 Expressing and proving tactics Program tactics are programs which generate proofs. They may involve any programming control construct (e.g. conditionals, loops, calls to defined program tactics) Moreover, complex program tactics are often constructed using tacticals (see for instance [32, 44, 14]) In this paper we focus on a limited class of program tactics, i.e. those that express a finite composition of proof steps. We show that 1. there exist wffs of MT which can be put in isomorphic correspondence with program tactics, and that 2. these wffs can be proved by building proofs where ....

[Article contains additional citation context not shown here]

M.J. Gordon, A.J. Milner, and C.P. Wadsworth. Edinburgh LCF - A mechanized logic of computation, volume 78 of Lecture Notes in Computer Science. Springer Verlag, 1979.

....or information it requires, or can use. A reasoning system consists of a reasoning theory and a set of control strategies used to search the space of possible inference rule applications. Control must be able to specify the usual backward or forward rule composition ( a la tactics, see e.g. [36]) but also all the usual tricks and annotations used in automated theorem provers, e.g. the fact that a formula has already been used, or that a formula should not be used. A reasoning theory is obtained by adding a set of inference rules to a sequent system which defines the kind of assertions ....

M. J. Gordon, A. J. Milner, and C. P. Wadsworth. Edinburgh LCF: A mechanized logic of computation. Number 78 in Lecture Notes in Computer Science. Springer-Verlag, 1979.

....central reasoner is presented together with the main features of the implementation language. Sections 4 and 5 are a brief description of the navigation system and the interaction system respectively. Some conclusions are given in section 7. 1 The terms tactic and tactical are borrowed from ML [8], a procedural metalanguage for the specification of theorem proving strategies. There actually exist some similarities between the two languages, but there are rather strong conceptual and technical differences, mainly due to the different domains of application. 3 2 The multilevel ....

M.J. Gordon, A.J. Milner, and C.P. Wadsworth. Edinburgh LCF - A mechanized logic of computation, volume 78 of Lecture Notes in Computer Science. Springer Verlag, 1979. 23

....to (representations of) direct proof notations for the object system. That is, the imprecise notion of indirect proof notation discussed above, is made precise as the notion non canonical in a formal meta system. What is all this obscure discussion about Haven t I just proposed the LCF [GMW79] notion of tactic, a program in some computational meta language that is proved (by properties of the meta language type system) to compute a direct 4 I do not suggest that any single system will do for all of mathematics. object language proof, and which is used to allow extensibility of a ....

....axiom is an axiom scheme, with one axiom for each pair a , G such that a 2 G . If we used the relational notion of rule, axiom could be a single axiom. On the other hand intro and elim are both single rules. I will not be so careful about such matters in the rest of this paper. 2 LCF LCF [GMW79] is a proof checker for a particular logic of computation developed during the 1970 s. It was so original, presenting a whole concept of how to organize the implementation of a proof checker, that it is mainly cited for its contribution to the technology of mechanical proof tools. One of the most ....

Michael Gordon, Robin Milner, and Christopher Wadsworth. Edinburgh LCF: A Mechanized Logic of Computation. Springer-Verlag, 1979.

....equivalence classes to untyped functional programming languages. 1 Introduction Nuprl [5] and HOL [9] are interactive theorem proving systems with a number of similarities: their logics are higher order type theories, their approaches to automated reasoning are based on that of LCF [8], and their main application has been to formal reasoning about computation. However, the two logics are very different in a number of ways. Nuprl has a constructive type theory, based on a type theory of Martin Lof[16] The theory contains a programming language, and all objects have a ....

M. J. Gordon, R. Milner, and C. P. Wadsworth. Edinburgh LCF: A Mechanized Logic of Computation, volume 78 of Lecture Notes in Computer Science. SpringerVerlag, 1979.

....even if they do not make use of it. The experience of integrating linear arithmetic reasoning into the prover as reported in [8] provides strong evidence that in general it is not adequate to simply integrate a decision procedure as a black box. The LCF family of systems, that includes LCF itself [26, 52], HOL [25] NuPrl [14] and Isabelle [53] all provide capability for user defined proof procedures (tactics and tacticals) along with various builtin procedures. NuPrl provides for extraction of programs from proofs and a reflection principle for turning verified tactics into first class ....

M. J. Gordon, A. J. Milner, and C. P. Wadsworth. Edinburgh LCF: A mechanized logic of computation. Number 78 in Lecture Notes in Computer Science. Springer-Verlag, 1979.

....a completed proof of a sequent is a closed term; the extract of an incomplete proof is a term possibly containing free variables. 2.5 The Nuprl system The Nuprl system supports construction of top down proofs by refinement. The prover is implemented as a tactic based prover in the style of LCF [13] and built on a base of ML. In Nuprl and related constructive systems [18, 20, 8] the so called proposition as types interpretation allows for presentations to be cloaked in either logical or more purely type theoretic terms. Paul Jackson s huge effort to rationally reconstruct the Nuprl V3 ....

M. Gordon, R. Milner, and C. Wadsworth. Edinburgh LCF: a mechanized logic of computation. Lecture Notes in Computer Science, 78, 1979.

....1 Introduction GETFOL [12] 1 is a tactic based interactive theorem prover. In GETFOL, tactics can be developed as programs of the GETFOL programming language [14, 12, 16] These kinds of tactics are conceptually similar to the tactics developed in ML [22] and used in LCF and its descendants [21, 27, 28, 8]. We call these tactics, Program Tactics. This paper describes a first order classical metatheory, called MT, with the following properties: 1. Tactics are terms of the language of MT. We call these tactics, Logic Tactics. 2. There exists a precise correspondence between Logic Tactics and ....

....give tactics a procedural content, i.e. to use them to assert object level theorems, either by interpreting or compiling them into GETFOL code. In this paper, we extend MT to be expressive enough to represent the kind of Program Tactics used in most tactic based interactive theorem provers (e.g. [21, 27, 28, 8]) We axiomatize the most interesting tacticals, i.e. then, orelse, try, progress and repeat. Tacticals provide a powerful and well tested mechanism for controlling proof search. As a consequence, MT can be used to express useful and complex tactics. In particular, the axiomatization of the ....

[Article contains additional citation context not shown here]

M.J. Gordon, A.J. Milner, and C.P. Wadsworth. Edinburgh LCF - A mechanized logic of computation, volume 78 of Lecture Notes in Computer Science. Springer Verlag, 1979. 26

....are too complex to reason about. Concerns about the reliability of such a technology base for truly secure networked applications led to the implementation of Ensemble [11, 12] which is based on Horus but coded almost entirely in the high level programming language Ocaml [16] a member of the ML [9] language family with a clean semantics. Due to the use of ML, Ensemble turned out to be one of the most scalable and portable, but also one of the fastest existing reliable multicast systems. One of the main reasons for choosing Ocaml, however, was to enable formal reasoning about Ensemble s code ....

M. Gordon, R. Milner, C. Wadsworth. Edinburgh LCF: A mechanized Logic of Computation. LNCS 78, Springer Verlag, 1979.

.... provers (and most of those used in practical applications) use (a sequent presentation of) ND, often with the addition of some decision procedures for some particularly interesting classes, e.g. propositional logic, the 89 class, linear arithmetic, Presburger arithmetic (see for instance [Wey77; GMW79; Pau79; CAB 86; Giu92; ORSvH95] The use of decision procedures is motivated by the desire to have bigger inference steps and or to automate hard reasoning steps. The aim of the work described in this paper is to improve on this picture and define a sorted logic, called SND, where sorts are ....

M.J. Gordon, A.J. Milner, and C.P. Wadsworth. Edinburgh LCF - A mechanized logic of computation, volume 78 of Lecture Notes in Computer Science. Springer Verlag, 1979.

....cf. Rob65, Smu68] proof planning employs abstract plan operators, called methods, that encapsulate (mathematical) proof techniques such as diagonalization and induction. Bundy [Bun88] introduced this concept of a method as a (partial) speci cation of a tactic known from tactical theorem proving [GMW79] The idea underlying proof planning is that of classic AI planning [FN71] A planning state is a set of sequents that is divided into goals and assumptions. A proof planning problem is de ned by an initial state speci ed by the proof assumptions and the goal g given by the theorem to be proved. ....

M. Gordon, R. Milner, and Ch. Wadsworth. Edinburgh LCF: A Mechanized Logic of Computation, Volume 78 of LNCS. Springer Verlag, Berlin, Germany, 1979.

No context found.

M. Gordon, R. Milner, and C.P. Wadsworth. Edinburgh LCF: A Mechanized Logic of Computation. Springer, 1979.

No context found.

M. Gordon, R. Milner, and Ch. Wadsworth. Edinburgh LCF: A Mechanized Logic of Computation, LNCS 78. Springer, 1979.

No context found.

M.J. Gordon, A.J. Milner, and C.P. Wadsworth. Edinburgh LCF - A mechanized logic of computation, volume 78 of Lecture Notes in Computer Science. Springer Verlag, 1979.

No context found.

Michael Gordon, Robin Milner, and Christopher Wadsworth. Edinburgh LCF: a mechanized logic of computation, volume 78 of Lecture Notes in Computer Science. Springer-Verlag, NY, 1979.

No context found.

M. J. Gordon, A. J. Miller, and C. P. Wadsworth. Edinburgh LCF: A Mechanized Logic of Computation, volume 78 of Lecture Notes in Computer Science. Springer-Verlag, 1979.

No context found.

Gordon, M., Milner, A., and Wadsworth, C. Edinburgh LCF: A Mechanized Logic of Computation, LNCS 78, Springer-Verlag, 1972.

No context found.

Michael Gordon, Robin Milner, and Christopher Wadsworth. Edinburgh LCF: a mechanized logic of computation, volume 78 of Lecture Notes in Computer Science. Springer-Verlag, NY, 1979.

No context found.

M. Gordon, R. Milner, and C. Wadsworth. Edinburgh LCF: A Mechanized Logic of Computation, volume 78 of Lecture Notes in Computer Science. Springer-Verlag, 1979.

No context found.

Michael Gordon, Robin Milner, and Christopher Wadsworth. Edinburgh LCF: a mechanized logic of computation, volume 78 of Lecture Notes in Computer Science. Springer-Verlag, NY, 1979.

No context found.

Michael Gordon, Robin Milner, and Christopher Wadsworth. Edinburgh LCF: A Mechanized Logic of Computation, volume 78 of Lecture Notes in Computer Science. Springer-Verlag, 1979.

No context found.

M. Gordon, R. Milner, and C. Wadsworth. Edinburgh LCF: A Mechanized Logic of Computation, volume 78 of Lecture Notes in Computer Science. Springer-Verlag, 1979.

No context found.

Michael J. Gordon, Robin Milner, and Christopher P. Wadsworth. Edinburgh LCF: A Mechanized Logic of Computation, volume 78 of Lecture Notes in Computer Science. Springer-Verlag, 1979.

First 50 documents  Next 50

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC