Manna, Z., and Waldinger, R., The Deductive Foundations of Computer Programming, AddisonWesley, 1993.  Home/Search   Document Not in Database   Summary   Related Articles   Check

....4. Experimental results are provided in Section 5, and some concluding remarks are given in Section 6. 2 Generating Invariants There are existing methods to find invariants automatically. Manna and Pnueli show how to generate invariants for proving safety properties in fair transition systems [11], and these methods have been extended by Bensalem et al. [13] Their methods can be classified as either top down or bottom up. Top down invariant generation begins with an assertion that we desire to prove for a given system. If this assertion is not valid in general, then various heuristics are ....

Z. Manna and R. Waldinger, "The Deductive Foundations of Computer Programming", Addison Wesley, 1993.

....[8, 4, 18, 3] which transforms recursive definitions by the introduction of additional arguments over which intermediate results are computed. The accumulation technique is strongly connected with the familiar procedure of generalization for induction that arises in the field of theorem proving [7, 1, 26]: A proof by induction often fails because the property to be proved is too particular. Then it is necessary to modify generalize the induction hypothesis before starting the proof. This situation often appears during program verification, for instance, when a given program is proved to satisfy ....

Z. Manna and R. Waldinger. The Deductive Foundations of Computer Programming. Addison-Wesley, 1993. 22

....this is not a trivial issue. We make 13 this step easier for this problem using tools such as predicate logic which captures the English description of the problem more directly. Much previous work has studied speci cation and derivation starting with predicate logic, e.g. deductive synthesis [8]. However existing techniques are not systematic or automatable, unlike Paige s methods (when they apply of course) and system [13] How to make these methods and techniques more systematic is a subject for future research. Acknowledgments. We would like to thank Ernie Cohen for initially ....

Z. Manna and R. Waldinger. The Deductive Foundations of Computer Programming. Addison-Wesley, Reading, Mass., 1993.

....that this is not a trivial issue. We make this step easier for this problem using tools such as predicate logic which captures the English description of the problem more directly. Much previous work has studied speci cation and derivation starting with predicate logic, e.g. deductive synthesis [8]. However existing techniques are not systematic or automatable, unlike Paige s method (when it applies of course) and system [13] How to make these methods and techniques more systematic is a subject for future research. Acknowledgments. We would like to thank Ernie Cohen for initially ....

Z. Manna and R. Waldinger. The Deductive Foundations of Computer Programming. Addison-Wesley, Reading, Mass., 1993.

....corresponds to discovering appropriate auxiliary information and deriving incremental programs that maintain such information. Work on loop invariants stressed mental tools for programming, rather than mechanical assistance, so no systematic procedures were proposed. Induction and generalization [11,59] are the logical foundations for recursive calls and iterative loops in deductive program synthesis [57] and constructive logics [18] These corpora have for the most part ignored the eciency of the programs derived, and the resulting programs are often wantonly wasteful of time and space [58] ....

.... are often wantonly wasteful of time and space [58] In contrast, the approach in this paper is particularly concerned with the eciency of the derived programs. Moreover, we can see that induction, whether course of value induction [44] structural induction [11,13] or well founded induction [11,59], enables derived programs to use results of previous iterations in each iteration, and generalization [11,59] enables derived programs to use appropriate auxiliary information by strengthening induction hypotheses, just like strengthening loop invariants. The approach in this paper may be used ....

[Article contains additional citation context not shown here]

Z. Manna and R. Waldinger. The Deductive Foundations of Computer Programming. Addison-Wesley, Reading, Mass., 1993.

.... on inductive variables [28, 26, 27] by Paige, Schwartz, and Koenig on finite differencing [57, 61, 58] by Dijkstra, Gries, and Reynolds [21, 35, 74, 36] on maintaining and strengthening loop invariants, by Boyle, Moore, Manna, and Waldinger on induction, generalization, and deductive synthesis [13, 53, 54], by Dershowitz on extension techniques [20] by Bird on promotion and accumulation [9, 10] by Broy, Bauer, Partsch, and others on transforming recursive functional programs in CIP [14, 7, 63] by Smith on finite differencing of functional programs in KIDS [79] as well as the work pioneered by ....

Z. Manna and R. Waldinger. The Deductive Foundations of Computer Programming. Addison-Wesley, Reading, Mass., 1993.

....2 l 1 x 2 l 2 perm(l 1 y l 2 ; t 1 y t 2 ) perm(l 1 y [a] y l 2 ; t 1 y [a] y t 2 ) ord( ord( a] ord(a: b: l) a b) ord(b: l) minl(a; minl(a; b : l ) a b minl(a; l ) maxl(a; maxl(a; b : l ) a b maxl(a; l ) Figure 1. Background theory (cf. [10, 3]) 4. Extracting queries from synthesis proofs In this section we describe how we integrate deductive component retrieval into deductive program synthesis. We assume that synthesis is done interactively in the typed, higher order framework of [3] and that retrieval is done automatically. The ....

Z. Manna and R. Waldinger. "The Deductive Foundations of Computer Programming", Addison-Wesley, New York, 1993.

.... by Paige, Schwartz, and Koenig on finite differencing [PS77,Pai81,PK82] by Dijkstra, Gries, and Reynolds [Dij76,Gri81,Rey81,Gri84] on maintaining and strengthening loop invariants, by Boyle, Moore, Manna, and Waldinger on induction, generalization, and deductive synthesis [BM79,MW80,MW93] by Dershowitz on extension techniques [Der83] by Bird on promotion and accumulation [Bir84,Bir85] by Broy, Bauer, Partsch, etc. on transforming recursive functional programs in CIP [Bro84,BMPP89, Par90] by Smith on finite differencing of functional programs in KIDS [Smi90,Smi91] as well as ....

....to discovering appropriate auxiliary information and deriving incremental programs that maintain such information. Work on loop invariants stressed mental tools for programming, rather than mechanical assistance, so no systematic procedures were proposed. Induction and generalization [BM79,MW93] are the logical foundations for recursive calls and iterative loops in deductive program synthesis [MW80] and constructive logics [C 86] These corpora have for the most part ignored the efficiency of the programs derived, and the resulting programs are often wantonly wasteful of time and ....

[Article contains additional citation context not shown here]

Zohar Manna and Richard Waldinger. The Deductive Foundations of Computer Programming. Addison-Wesley, Reading, Massachusetts, 1993.

....out in Isabelle. Full machine checked proofs scripts may be found in (Ayari, 1995) 2. Deductive Tableau Our account of the Deductive Tableau is based on Manna and Waldinger (1992) with additional input from (Manna and Waldinger, 1980; Manna and Waldinger, 1981; Manna and Waldinger, 1985; Manna and Waldinger, 1993). It is abbreviated and the original sources should be consulted for the full story. As explained in the introduction, the Deductive Tableau can be understood as a formal system with an associated methodology for program development. A program is specified by formalizing its behavior (its ....

....symbol cons denotes the list constructor, the symbol denotes the append function, and head and tail are the head and tail functions. In the above specification, l ranges over lists whose elements admit a total order . 1 Our definitions of the predicates perm and ordered are taken directly from Manna and Waldinger (1993) and formalize the standard permutation and ordered relation on lists. perm( perm(l1 [u] l 2 ; t1 [u] t2 ) perm(l1 l 2 ; t1 t2 ) perm(l1 ; l 2) Gamma 8 x: member(x; l 1) member(x; l 2 ) ordered( ordered( a] ordered(cons(a; cons(b; t) a b) ordered(cons(b; t) We ....

Manna, Z., Waldinger, R. (1993). The Deductive Foundations of Computer Programming. AddisonWesley, New York, N.Y.

....and Motivation Various axiomatisations of data and programs can be found in the literature. For logic programming, Clark and Tarnlund [4] formulated a first order theory of programs and data. Other examples of first order theories of general interest to Computer Science are presented in [12]. However, a systematic use of axiomatisations to specify data and programs has been studied mainly in the field of algebraic specifications of abstract data types (ADT s) We refer in particular to the so called initial algebra approach, which has been popularised by many authors (e.g. 8, 6, 7, ....

Z. Manna and R. Waldinger. The Deductive Foundations of Computer Programming . Addison-Wesley, 1993.

....and t 1 ; t n are terms. e is the result of simultaneously replacing all free occurrences of x i by t i in the expression e. We also write e[t=x] for e fx 7 tg. Replacement is always safe, in that quantifiers are renamed to prevent capture, and bound variables are not replaced (see [ 21 ] ) For substitutions and ae, Delta ae is the substitution such that x( Delta ae) x )ae. is more general than ae if Delta fl = ae for some fl. The empty substitution is written as fg. An atom is a formula with no boolean connectives; a literal is an atom or its negation. A ....

....Fn , and F otherwise. A top level literal is a top level conjunct that is a literal. We write F [e] for a formula with one or more occurrences of subexpression e, where e does not occur within the scope of a quantifier. Polarity: We define the polarity of a subexpression in F in the usual way [ 21 ] : an occurrence of a subexpression e is positive (resp. negative) in F if it occurs within an even (resp. odd) number of negations, written as F [e] resp. F [e] Gamma ) An occurrence has both polarities, written as F [e] Sigma , if it appears under the boolean connective or in the ....

Manna, Z., and Waldinger, R. The Deductive Foundations of Computer Programming. Addison-Wesley, Reading, MA, 1993.

....of natural numbers m and n, m = f(n) iff F (m; n) where m and n are the numerals corresponding to m and n respectively, is provable in PA. Thus, in PA we can specify any computable function by a formula. Other examples of first order theories interesting for Computer Science are presented in [14]. Thus we define a specification in a general framework as follows: Definition 2.1 A specification framework is a first order theory with identity, and we shall assume that it is consistent. We will denote specification frameworks by F ; G; In a framework F with language LF , a ....

Z. Manna and R. Waldinger. The Deductive Foundations of Computer Programming . Addison-Wesley, 1993.

....8x : 8y x x : P (y) P (x) is sound in the sense that 8x : 8y x x : P (y) P (x) 8x : P (x) holds, and give counterexamples demonstrating that these conditions are indeed essential. 1 Introduction and Motivation In proofs by well founded induction (cf. e.g. Coh65] Fef77] [MW93]) one usually tries to verify 8x : P (x) 1) by showing 8x : 8 y x : P (y) P (x) 2) where is a fixed well founded partial ordering on the domain of interest. In fact, need not be a partial ordering. Any well founded or terminating relation suffices. This paper is a revised ....

Z. Manna and R. Waldinger. The Deductive Foundations of Computer Programming. Addison Wesley, 1993.

....corresponds to discovering appropriate auxiliary information and deriving incremental programs that maintain such information. Work on loop invariants stressed mental tools for programming, rather than mechanical assistance, so no systematic procedures were proposed. Induction and generalization [10, 44] are the logical foundations for recursive calls and iterative loops in deductive program synthesis [42] and constructive logics [16] These corpora have for the most part ignored the efficiency of the programs derived, and the resulting programs are often wantonly wasteful of time and space ....

.... are often wantonly wasteful of time and space [43] In contrast, the approach in this paper is particularly concerned with the efficiency of the derived programs. Moreover, we can see that induction, whether course of value induction [36] structural induction [10, 12] or well founded induction [10, 44], enables derived programs to use results of previous iterations in each iteration, and generalization [10, 44] enables derived programs to use appropriate auxiliary information by strengthening induction hypotheses, just like strengthening loop invariants. The approach in this paper may be used ....

[Article contains additional citation context not shown here]

Z. Manna and R. Waldinger. The Deductive Foundations of Computer Programming. Addison-Wesley, Reading, Massachusetts, 1993.

....so they do not have to be declared either: Forall t: tree, f: forest . is Nil(Nil) is Nil(Cons(t,f) Forall t: tree, f: forest . is Cons(Nil) is Cons(Cons(t,f) Forall t: tree . is Node(t) The complete axiomatization of datatypes also includes well founded induction schemas (see [ Manna and Waldinger, 1993 ] These can be used when proving properties by induction in the Interactive Prover. 2.5.2 Value and Macro Declarations Program and specification files may contain value and macro declarations. Their syntax is given by the following grammar: 24 CHAPTER 2. SYSTEMS AND SPECIFICATIONS value decl ....

Z. Manna and R. Waldinger. The Deductive Foundations of Computer Programming. Addison-Wesley, Reading, MA, 1993.

....of lists, which employs standard notation: the empty list is represented by [ the symbol cons denotes the list constructor, the symbol denotes the append function, and head and tail are the head and tail functions. Our de nitions of the predicates perm and ordered are taken directly from Manna and Waldinger (1993) and formalize the standard permutation and ordered relation on lists. perm( 24 A. Ayari and D. Basin perm(l1 [u] l 2 ; t1 [u] t2 ) perm(l1 l 2 ; t1 t2 ) perm(l1 ; l 2) 8 x: member(x; l 1) member(x; l 2 ) ordered( ordered( a] ordered(cons(a; cons(b; t) a b) ....

Manna, Z., Waldinger, R. (1993). The Deductive Foundations of Computer Programming. AddisonWesley, New York, N.Y.

....experiment with the system. It does not purport 1 PREFACE 5 to introduce mathematical logic or resolution theorem proving; Chang] provides an introduction to this style of theorem proving that does not assume any prior knowledge of logic. The guide also uses some notions introduced more fully in [Manna] and [Waldinger] particularly nonclausal resolution, quantifier force, and answer extraction. Knowledge of lisp syntax and basics is also assumed here (e.g. see [Graham] or [Pitman] Nevertheless, it is intended that a reader who is willing to suspend incomprehension will be able to read this ....

Z. Manna and R. Waldinger, Deductive Foundations of Computer Programming, Addison-Wesley, Reading, MA (1993).

....experiment with the system. It does not purport 1 PREFACE 5 to introduce mathematical logic or resolution theorem proving; Chang] provides an introduction to this style of theorem proving that does not assume any prior knowledge of logic. The guide also uses some notions introduced more fully in [Manna] and [Waldinger] particularly nonclausal resolution, quantifier force, and answer extraction. Knowledge of lisp syntax and basics is also assumed here (e.g. see [Graham] or [Pitman] Nevertheless, it is intended that a reader who is willing to suspend incomprehension will be able to read this ....

Z. Manna and R. Waldinger, Deductive Foundations of Computer Programming, Addison-Wesley, Reading, MA (1993).

....so they do not have to be declared either: Forall t: tree, f: forest . is Nil(Nil) is Nil(Cons(t,f) Forall t: tree, f: forest . is Cons(Nil) is Cons(Cons(t,f) Forall t: tree . is Node(t) The complete axiomatization of datatypes also includes well founded induction schemas (see [ Manna and Waldinger, 1993 ] These can be used when proving properties by induction in the Interactive Prover. 2.4.2 Value and Macro Declarations Program and specification files may contain value and macro declarations. Their syntax is given by the following grammar: value decl : value [ac] ids : type ] type ....

Z. Manna and R. Waldinger. The Deductive Foundations of Computer Programming. Addison-Wesley, Reading, MA, 1993.

....needed to prove the validity of certain first order formulas that arise in verification. Such theorems are seldom deep, and can often be proved by applying a few mechanical inference rules with very little heuristic guidance. A theorem prover based on non clausal resolution and paramodulation [MW93] is available as a semi decision procedure for the full first order predicate calculus with equality, automated in a style similar to the SNARK [SWL 94] and Otter [McC94] provers: the search is agenda based, term indexing is used for efficient demodulation and subsumption, and paramodulation ....

Z. Manna and R. Waldinger. The Deductive Foundations of Computer Programming. Addison-Wesley, Reading, MA, 1993.

.... [WR 69] rules for handling the constructs of first order logic with equality, like McCune s otter [McC 90] It also will employ the principle of mathematical induction, like Boyer and Moore s nqthm [BM 88] Proofs are developed within Manna and Waldinger s deductive tableau framework [MW 93] and can be restricted to be constructive so that programs can be extracted. Clause form is optional if the user prefers, formulas may employ a full set of logical connectives in arbitrary form. It is intended that the snark user will be able to introduce new inference rules, but in the current ....

Z. Manna and R. Waldinger, Deductive Foundations of Computer Programming, Addison-Wesley, Reading, MA (1993).

....is specified by a set A of formulas which are called the axioms of the theory. A formula is valid within the theory specified by the set A if for every model oe that satisfies all the axioms A, oe j= 3 Deduction I: Fundamentals Our deductive framework, using deductive tableaux, is that of [MW93]. 3.1 Notation: Deductive Tableaux A deductive tableau is a table with four columns and any positive number of rows. The leftmost column simply contains row numbers; the middle two columns, titled Assertions and Goals , contain complete atl formulas (only one per row) and the rightmost ....

....can be used for time. 3.3 The Rewriting Rule This rule generates a new row from a prior one by replacing a target subformula with an equivalent (sub)formula. Examples of rewriting schemas are: 1 2 ) 1 : 2 ) and (8 1 ) 8 2 ) 8 2 ) 8 1 ) Nontemporal rewritings are listed in [MW93]. Temporal ones are as follows. First: 2 , fl 2 3 , fl 3 ( 1 U 2 ) 2 Theta 1 fl( 1 U 2 ) 2 [MW93] gives formal semantics for deductive tableaux. When used from left to right, these rewritings are called expansions. Next, there are rewritings which specify ....

[Article contains additional citation context not shown here]

Manna, Z., and Waldinger, R.: The Deductive Foundations of Computer Programming. Addison-Wesley, Reading, Massachusetts, 1993.

No context found.

Manna, Z., and Waldinger, R., The Deductive Foundations of Computer Programming, AddisonWesley, 1993.

No context found.

Zohar Manna and Richard Waldinger. The Deductive Foundations Computer Programming. Addison-Wesley, 1993. The One-Volume version of "The Logical Basis for Computer Programming".

No context found.

Z. Manna, R. Waldinger, "The deductive foundations of computer programming ", Addison-Wesley, 1993.

No context found.

Z. Manna and R. Waldinger. The Deductive Foundations of Computer Programming. AddisonWesley,

No context found.

Z. Manna, R. Waldinger, "The deductive foundations of computer programming ", Addison-Wesley, 1993.

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC