R. S. Boyer and J S. Moore. A verification condition generator for FORTRAN. In R. S. Boyer and J S. Moore, editors, The Correctness Problem in Computer Science. Academic Press, London, 1981.  Home/Search   Document Not in Database   Summary   Related Articles   Check

....in order to provide support for simplifying of verification conditions [74] NQTHM has been used as a component of various formal and informal systems where the system (possibly a person or ad hoc program) can reduce the problem to suitable form. Verification Condition checking is described in [8] (for Fortran) and [58] for Pascal) In [13] a general theory, MLP, for defining semantics of synchronous circuits, was developed (informally) using function parameters. A Lisp front end was used to map circuit descriptions to a sequence of definition and prove lemma events for NQTHM. This ....

R. S. Boyer and J S. Moore. A verification condition generator for FORTRAN. In R. S. Boyer and J S. Moore, editors, The Correctness Problem in Computer Science. Academic Press, London, 1981. 43

....to provide support for simplifying of verification conditions [62] NQTHM has been used as a component of various systems in which another component of the system (possibly an ad hoc program or a person) transforms the problem to suitable form. Verification Condition checking is described in [7] (for Fortran) and [48] for Pascal) In [11] a general theory, MLP, for defining semantics of synchronous circuits, was developed (informally) using function parameters. A Lisp front end was used to map circuit descriptions to a sequence of definition and 5 prove lemma events for NQTHM. This ....

R. S. Boyer and J S. Moore. A verification condition generator for FORTRAN. In R. S. Boyer and J S. Moore, editors, The Correctness Problem in Computer Science. Academic Press, London, 1981.

.... proving have been advanced most notably by McCarthy [38] Floyd [18] and Hoare [22] In the last twenty years, many research projects have focused on investigating the formal, mechanical verification of programs written in higher level programming languages such as Pascal [24] Lisp [6] Fortran [5], and Gypsy [15] Most of these projects are based on Floyd s inductive assertion method, and are therefore in the same spirit as the early mechanical verification work of King [32] Our work differs from the previous work in that we address the correctness of programs at the machine code level ....

....has long perplexed the programming language community, and the current theoretical solutions to its semantics are subtle. Many formal program verification systems have deliberately avoided considering this issue by simply working on a language subset with this functional parameter feature excluded [5, 15]. As far as we can tell, handling functional parameters in machine code program proving could be at least as difficult as program proving at higher levels. In this section, we address this important issue in the context of machine code program proving. Our solution is quite intuitive. At the ....

R. S. Boyer and J S. Moore. A verification condition generator for FORTRAN. In R. S. Boyer and J S. Moore, editors, The Correctness Problem in Computer Science. Academic Press, London, 1981.

....support for simplifying of verification conditions [61] NQTHM has been used as a component of various formal and informal systems where the system (possibly a person or ad hoc program) can reduce the problem to suitable form. Examples include Fortran and Pascal Verification Condition checking [7, 52], hardware verification [11] checking application of rules in verification of concurrent programs [51] In [11] a general theory was developed (informally) using function parameters. A Lisp front end was used to map circuit descriptions to a sequence of definition and prove lemma events for ....

R. S. Boyer and J S. Moore. A verification condition generator for FORTRAN. In R. S. Boyer and J S. Moore, editors, The Correctness Problem in Computer Science. Academic Press, London, 1981.

....as primitives, but to more serious issues such as whether to use natural number or integer arithmetic, whether to define list indexing recursively or by direct axioms, whether or not to skolemize the quantifiers away, and so on. For a concrete example, consider the Fortran VCG work described in [5]. There, the loop invariants were formulated as rewrite rules. Thus, knowledge of the target prover was important. The presence of an intervening interface logic would probably have complicated the task of formulating those loop invariants appropriately. 2.3 Builders of formula generators could ....

R. S. Boyer and J S. Moore, "A Verification Condition Generator for FORTRAN", in The Correctness Problem in Computer Science, R. S. Boyer and J S. Moore, eds., Academic Press, London, 1981.

....proving have been advanced by McCarthy [39] Floyd [19] Hoare [23] and others. In the last twenty years, many research projects have focused on investigating the formal, mechanical verification of programs written in higher level programming languages such as Pascal [25] Lisp [6] Fortran [5], and Gypsy [16] Most of these projects are based on Floyd s inductive assertion method, and therefore in the same spirit as the early mechanical verification work of King [33] Our work differs from all these works in that we address the correctness of programs at the machine code level executed ....

....has long perplexed the programming language community, and the current theoretical solutions to its semantics are subtle. Many formal program verification systems have deliberately avoided considering this issue by simply working on a language subset with this functional parameter feature excluded. [5, 16] As far as we can tell, handling functional parameter in machine code program proving could be at least as difficult as program proving at higher levels. In this section, we address this important issue in the context of machine code program proving. Our solution is quite intuitive. At the ....

R. S. Boyer and J S. Moore. A verification condition generator for FORTRAN. In R. S. Boyer and J S. Moore, editors, The Correctness Problem in Computer Science. Academic Press, London, 1981.

....proving have been advanced by McCarthy [39] Floyd [19] Hoare [23] and others. In the last twenty years, many research projects have focused on investigating the formal, mechanical verification of programs written in higher level programming languages such as Pascal [25] Lisp [6] Fortran [5], and Gypsy [16] Most of these projects are based on Floyd s inductive assertion method, and therefore in the same spirit as the early mechanical verification work of King [33] Our work differs from all these works in that we address the correctness of programs at the machine code level executed ....

....has long perplexed the programming language community, and the current theoretical solutions to its semantics are subtle. Many formal program verification systems have deliberately avoided considering this issue by simply working on a language subset with this functional parameter feature excluded. [5, 16] As far as we can tell, handling functional parameter in machine code program proving could be at least as difficult as program proving at higher levels. In this section, we address this important issue in the context of machine code program proving. Our solution is quite intuitive. At the ....

R. S. Boyer and J S. Moore. A verification condition generator for FORTRAN. In R. S. Boyer and J S. Moore, editors, The Correctness Problem in Computer Science. Academic Press, London, 1981.

....exists, the counting phase may be eliminated. The algorithm can then be implemented to poll the delegates in real time (rather than store the votes for batch processing) A FORTRAN version of this algorithm has been mechanically proved correct by the FORTRAN verification system described in [1]. In [3] Misra and Gries describe a generalized version of this algorithm that finds the candidates that receive more than n k votes. They also discuss the complexity of finding repeated elements and show that this algorithm is optimal among algorithms based on comparing candidates. 3 ....

R. S. Boyer and J S. Moore. A Verification Condition Generator for FORTRAN. In The Correctness Problem in Computer Science, R. S. Boyer and J S. Moore, Eds., Academic Press, London, 1981.

.... the proof of invertibility of the RSA public key encryption algorithm [7] the correctness of metatheoretic simplifiers for the logic [3] and the optimality of a transformation for introducing concurrency into sorting networks [13] When connected to a verification condition generator for Fortran [5], the system has proved the correctness of Fortran implementations of the Boyer Moore fast string searching algorithm [4, 5] and Moore s linear time majority vote algorithm [6] 6 2.3 An Interactive Enhancement to the Prover Also available for assistance in proving theorems stated in the ....

.... the logic [3] and the optimality of a transformation for introducing concurrency into sorting networks [13] When connected to a verification condition generator for Fortran [5] the system has proved the correctness of Fortran implementations of the Boyer Moore fast string searching algorithm [4, 5] and Moore s linear time majority vote algorithm [6] 6 2.3 An Interactive Enhancement to the Prover Also available for assistance in proving theorems stated in the Boyer Moore logic is an interactive interface to the prover written by Matt Kaufmann [12] The purpose of the interface is to give ....

R. S. Boyer and J S. Moore. A Verification Condition Generator for FORTRAN. In The Correctness Problem in Computer Science, R. S. Boyer and J S. Moore, Eds., Academic Press, London, 1981.

....behind much automatic theoremproving research certainly ours is to mechanize the often mundane and tedious proofs arising in connection with computer programs. For example, our theorem prover has been used to prove thousands of theorems related to the correctness of various programs [4, 5], communications protocols [9] and computer security [10] Because of the high cost of bugs in software, the increasing impact of software due to cheap microprocessors, and the relatively shallow nature of most program correctness proofs, we expect to see, within the decade, commercial use of ....

R. S. Boyer and J S. Moore. A Verification Condition Generator for FORTRAN. In The Correctness Problem in Computer Science, R. S. Boyer and J S. Moore, Eds., Academic Press, London, 1981.

....fact advocated by Heron of Alexandria before 400 A.D. 2 introduction to program verification, see [9, 10, 11, 1] Because the mathematics involved in program verification is often tedious and elementary, mechanical program verification systems have been developed. One such system is described in [6]. That system handles a subset of ANSI FORTRAN 66 and 77 and has verified the above mentioned square root program [7] among others. To admit mechanical proof, the specifications must be written in a completely formal notation. For example, in the square root example the specification of the ....

....makes them amenable to mechanical proof 5 4. Formalizing the Model To state the conjectures formally we must formalize the model of the control program and its environment. We will define this model as a function in the same mechanized mathematical logic used by the FORTRAN verification system [6]. The logic and a mechanical theoremprover for it are completely described in [5] The syntax of the logic is akin to that of Church s lambda calculus. If f is a function in the logic and e1 and e2 are two expressions in the logic, then we write (f e1 e2) to denote the value of f on the two ....

R. S. Boyer and J S. Moore. A Verification Condition Generator for FORTRAN. In The Correctness Problem in Computer Science, R. S. Boyer and J S. Moore, Eds., Academic Press, London, 1981.

.... of these results are described in [4] Other proofs discovered before the linear algorithm was implemented include the correctness of a recursive descent parser [9] the correctness of an arithmetic simplifier now in routine use in the system [5] and the correctness of several FORTRAN programs [6]. 6 3. Linear Arithmetic The theorem prover described above can easily prove by mathematical induction such simple theorems as: 1 X LTEY Y LTEZ # # X LTEZ 2 X 1 LTEX 3 0 LTEY # # X LTEX Y, But because of search strategic heuristics the system cannot always employ such lemmas intelligently ....

R. S. Boyer and J S. Moore. A Verification Condition Generator for FORTRAN. In The Correctness Problem in Computer Science, R. S. Boyer and J S. Moore, Eds., Academic Press, London, 1981.

....behind much automatic theorem proving research certainly ours is to mechanize the often mundane and tedious proofs arising in connection with computer programs. For example, our theorem prover has been used to prove thousands of theorems related to the correctness of various programs [4, 5], communications protocols [9] and computer security [10] Because of the high cost of bugs in software, the increasing impact of software due to cheap microprocessors, and the relatively shallow nature of most program correctness proofs, we expect to see, within the decade, commercial use of ....

R. S. Boyer and J S. Moore. A Verification Condition Generator for FORTRAN. In The Correctness Problem in Computer Science, R. S. Boyer and J S. Moore, Eds., Academic Press, London, 1981.

.... that under certain conditions a particular program keeps the vehicle within a certain corridor of the desired course and, under more ideal conditions, homes to the course (Cowles, basic fibsums.events ) proofs of several interesting theorems about the sums of Fibonacci numbers (Boyer and Moore, [BM81], basic fortran.events ) supporting definitions for a Fortran verification condition generator (Boyer, Goldschlag, Kaufmann, and Moore, BGKM] basic fs examples.events ) illustrations of the use of constrained functions and functional instantiation (Russinoff, Rus92] ....

....execution time have been proved using Pc Nqthm. Moore, Moo88] fm9001 piton piton.events ) the definition of the Piton assembly language, its implementation on the FM9001 via a compiler, assembler and linker, and a proof of the correctness of the FM9001 implementation (Boyer and Moore, [BM81], fortran vcg fortran.events ) the same file as basic fortran, above, which is duplicated on this subdirectory for technical reasons (Boyer and Moore, BM81] fortran vcg fsrch.events ) proofs of the verification conditions for a Fortran implementation of the Boyer Moore fast string searching ....

[Article contains additional citation context not shown here]

R. S. Boyer and J S. Moore. A verification condition generator for Fortran. In The Correctness Problem in Computer Science. Academic Press, London, 1981.

....of two main subsystems: a verification condition generator and an automatic theorem prover or proof checker to prove the verification conditions. The first mechanical program verification system was developed by King [36] a student of Floyd s. Many verification systems have been developed since [28, 35, 30, 20, 6]. Using techniques similar to the generation of verification conditions it is possible to prove termination and absence of runtime errors. Consider for example the claim made for the system described in [6] If a FORTRAN subprogram is accepted and proved by the system and the program can be ....

....a student of Floyd s. Many verification systems have been developed since [28, 35, 30, 20, 6] Using techniques similar to the generation of verification conditions it is possible to prove termination and absence of runtime errors. Consider for example the claim made for the system described in [6]: If a FORTRAN subprogram is accepted and proved by the system and the program can be loaded onto a FORTRAN processor that meets the ANSI specification of FORTRAN [52, 1] and certain parameterized constraints on the accuracy of arithmetic, then any invocation of the program in an environment ....

[Article contains additional citation context not shown here]

R. S. Boyer and J S. Moore. A Verification Condition Generator for FORTRAN. In The Correctness Problem in Computer Science, R. S. Boyer and J S. Moore, Eds., Academic Press, London, 1981.

....an activity in which the line is drawn somewhere above the highest level executable code in the system. Some verification work addresses code proofs, where traditionally the line has been drawn at the definition of a high level programming language like Gypsy [6, 7, 8] Pascal [19] Fortran [2], and others [20, 5, 13, 17, 4] There has been some work on compiler verification, notably the work of Polak [15] in which a compiler for a Pascal subset is verified. Finally, there has been some recent work closer to the bottom of the system stack. For example, Gordon [9] and Hunt [10] draw the ....

R. S. Boyer and J S. Moore. A Verification Condition Generator for FORTRAN. In The Correctness Problem in Computer Science, R. S. Boyer and J S. Moore, Eds., Academic Press, London, 1981.

....That system has been used to verify MJRTY and other subprograms. Before presenting the formal specifications that were verified, we briefly sketch our verification system. The system handles a subset of both ANSI Fortran 66 [10] and ANSI Fortran 77 [1] The subset is described precisely in [4]. Informally stated, the MJRTY A Fast Majority Vote Algorithm 111 subset includes all the statements of Fortran 66 except the i o, DATA, BLOCK DATA, and EQUIVALENCE statements. Certain restrictions, however, are placed on some of the remaining statements. For example, we allow only named ....

....on the accuracy of arithmetic, then any invocation of the program in an environment satisfying the input condition of the program will terminate without run time errors and will produce an environment satisfying the output condition of the program. This statement is made more precise in [4]. Our Fortran verifier is a standard Floyd King style system [5, 6, 2, 8] consisting of two parts: a Fortran analyzer (syntax checker and verification condition generator) and a mechanical theorem prover. For those readers unfamiliar with Floyd King style verification, we briefly describe our ....

[Article contains additional citation context not shown here]

R. S. Boyer and J S. Moore (1981): A Verification Condition Generator for Fortran. In R. S. Boyer and J S. Moore, eds.: The Correctness Problem in Computer Science. London: Academic Press.

....with Shankar s checking of the Church Rosser theorem. On pp. 4 9 of ACLH, we enumerate many other applications of NQTHM, including those in list processing, elementary number theory, metamathematics, set theory, and concurrent algorithms. Descriptions of some of these applications may be found in [16, 66, 12, 21, 17, 67, 68, 69, 20, 60, 28, 51, 37, 52, 13, 14, 15, 22, 77] and also in [1, 31, 32, 33, 40, 75, 3, 48, 44, 41, 42, 39, 45, 23, 24, 25] Recently colleagues of ours at Computational Logic, Inc. Bill Young and Bill Bevier, have used NQTHM to construct mechanically checked proofs of properties relating to faulttolerance. A key problem facing the designers ....

R. S. Boyer and J S. Moore. A Verification Condition Generator for FORTRAN. In The Correctness Problem in Computer Science, R. S. Boyer and J S. Moore, Eds., Academic Press, London, 1981.

No context found.

R. S. Boyer and J. S. Moore, A Verification Condition Generator for FORTRAN, in The Correctness Problem in Computer Science, R. S. Boyer and J. S. Moore, Eds., Academic Press, London, 1981.

No context found.

Robert S. Boyer and J Strother Moore. A verification condition generator for FORTRAN. In Robert S. Boyer and J Strother Moore, editors, . Academic Press, London, 1981.

No context found.

R. S. Boyer and J. S. Moore. A verification condition generator for FORTRAN. In [64], pages 9--102. Academic Press, 1981.

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC