R.S. Boyer and J.S. Moore. Metafunctions: proving them correct and using them efficiently as new proof procedures. In R.S. Boyer and J.S. Moore, editors, The correctness problem in computer science, pages 103--184. Academic Press, 1981.  Home/Search   Document Not in Database   Summary   Related Articles   Check

....approach [GMW79] requires inference procedures to be constructed as tactics that generate a fully expanded proof in terms of low level inferences when applied. Proof objects have also been widely used as a way of validating inference procedures and securing mobile code [Nec97] Reflection [Wey80,BM81] is a way of reasoning about the metatheory of a theory within the theory itself. The di#cult tradeo# with reflection is that the theory has to be simple in order to be reasoned about, but rich enough to reason with. The verification of decision procedures is actually well within the realm of ....

R. S. Boyer and J S. Moore. Metafunctions: Proving them correct and using them e#ciently as new proof procedures. In R. S. Boyer and J S. Moore, editors, The Correctness Problem in Computer Science. Academic Press, London, 1981.

....check a series of computations done by an external algorithm A that to prove that A itself is correct. However, some applications seem to require the latter, where algorithm A itself is coded, proved and run inside the proof assistant. This approach is called deep reflection, and was pioneered in [16, 3]. In Coq, one first application is Boutin s Ring tactic [2] deciding equalities in the theory of rings, mixing shallow and deep reflection. One of the largest deep reflection endeavours is certainly the work by Verma et al. 15] where binary decision diagrams are integrated in Coq through total ....

R. Boyer and J. S. Moore. Metafunctions: Proving them correct and using them efficiently as new proof procedures. In The Correctness Problem in Computer Science. Acad. Press, 1981.

....una metateoria logica in cui il ragionamento viene effettuato per deduzione logica automatica (analogamente a quanto avviene nella teoria oggetto) 20 al lavoro di Alan Bundy (si vedano, per esmpio i lavori di M. Davis e T. Schwartz [DS79] R. Weyehrauch [Wey80, Wey82] in FOL, Boyer e Moore [BM81] nel BMTP e Howe, Constable e Knoblock [How88, KC86] in NuPrl) In questi lavori la metateoria semplicemente descrive la teoria oggetto ed e utilizzata per rappresentare le regole di inferenza della teoria oggetto, per costruirne di nuove (per deduzione metateorica) DS79, Wey82, How88, KC86] o ....

.... e Knoblock [How88, KC86] in NuPrl) In questi lavori la metateoria semplicemente descrive la teoria oggetto ed e utilizzata per rappresentare le regole di inferenza della teoria oggetto, per costruirne di nuove (per deduzione metateorica) DS79, Wey82, How88, KC86] o dimostrare la correttezza [BM81] di nuove regole derivate. Nell approccio di Alan Bundy, d altra parte, a run time, la fase di dimostrazione e preceduta (ma anche alternata) da una fase di pianificazione (proof planning usando la terminologia di Alan Bundy) il cui scopo e di dare un senso della direzione in cui cercare la ....

R.S. Boyer and J.S. Moore. Metafunctions: proving them correct and using them efficiently as new proof procedures. In R.S. Boyer and J.S. Moore, editors, The correctness problem in computer science, pages 103-- 184. Academic Press, 1981.

....are a subject of active research, they are often experimental rather than mature and trusted tools. Despite the premium on performance, the results from a decision procedure must still have a strong guarantee of correctness for applications to verification and safety critical systems. 12] and [3] address this problem by proving the correctness of new proof procedures in their theorem provers before incorporating them into their systems. Nevertheless, formally verifying highly optimized decision procedures remains infeasible both because of their complexity and because as experimental ....

R. Boyer and J. Moore. Metafunctions: proving them correct and using them efficiently as new proof procedures. In R. Boyer and J. Moore, editors, The Correctness Problem in Computer Science, pages 103--184. Academic Press, 1981.

....will receive considerable attention in the future . Bun83] pag 222. A lot of research has been developed along the lines suggested by Alan Bundy. The idea underlying most of this work is to perform theory reasoning at the object level and to use the metalevel to control the search [BM81, BW81, BvHH 89, GMW79] The The implementation of the ideas described in this paper relies heavily on the work of the other members of the Mechanized Reasoning Group (MRG) GETFOL has been implemented, under the direction of the first author, as a joint effort of almost all the members of ....

....theory, it is possible to generate a provably correct and complete metatheory . 2. where it is possible to prove metatheoretic representations of object level deductions. This allows to generate them at run time by deduction in the metatheory, rather than to define them off line , as in [BM81, GMW79, CAB 86] or to plan them by proof planning, as in [Bun88] These metatheoretic representations can be executed to generate object level proofs. 3. It is possible to combine, in a provably correct way, object level reasoning and metareasoning. This allows us to decide, as part of ....

R.S. Boyer and J.S. Moore. Metafunctions: proving them correct and using them efficiently as new proof procedures. In R.S. Boyer and J.S. Moore, editors, The correctness problem in computer science, pages 103-- 184. Academic Press, 1981.

....from PVS to other high level languages. The compilers for these language can be used to perform low level optimizations while high level transformations can be carried out within the logic. The generated code can also be integrated with other, possibly non critical, code. 4 Boyer and Moore [BM81] were the rst to emphasize executability in the context of theorem provers. A surprisingly large fraction of higher order logic turns out to be executable. The executable PVS expressions are those that do not contain any free variables, uninterpreted constants, or equalities between unbounded ....

....encoding has emerged as an important medium for metaprogramming [NM90] A number of useful decision procedures from computer algebra, operations research, and engineering, can also be usefully incorporated into a theorem proving environment. Drawing inspiration from the work of Boyer and Moore [BM81] a metaprogramming capability can be used to re ectively develop a theorem proving system within itself in a bootstrapped manner. Proof search is an area where PVS is currently inadequate. First order proof search methods have been successfully used in Isabelle [Pau98] Proof search methods ....

R. S. Boyer and J S. Moore. Metafunctions: Proving them correct and using them eciently as new proof procedures. In R. S. Boyer and J S. Moore, editors, The Correctness Problem in Computer Science. Academic Press, London, 1981.

....using relfection to justify decision procedures and for type checking in programming languages [10] I think that this will be an important technique for modern provers that employ decision procedures. There are many other uses of reflection, and I recommend looking at articles by Boyer and Moore [8], Weyrauch [50] Howe [29] as well as [3, 6, 16, 37, 47, 48] Acknowledgements I want to thank Kate Ricks for preparing this manuscript in L a T E X and for cheerfully tolerating such complexity in her first such project. I appreciate Stuart Allen s comments on an earlier draft. 32 ....

R. S. Boyer and J. S. Moore. Metafunctions: Proving them correct and using them efficiently as new proof procedures. In The Correctness Problem in Computer Science, pages 103--84. Academic Press, New York, 1981.

....Wey80] 13 As far as we know, this approach is new and has never been proposed before. However, some comparisons with existing systems can nevertheless be made. The idea of a metatheory mapped directly from the system code is somehow similar to the idea underlying the work on metafunctions [BM81] in the Boyer and Moore theorem prover the code is the metatheory) In [BM81] user defined term rewriting functions can be checked to verify whether they preserve the meaning of terms. Aside from the technical differences, a fundamental difference is that we provide a metatheory in which we ....

....before. However, some comparisons with existing systems can nevertheless be made. The idea of a metatheory mapped directly from the system code is somehow similar to the idea underlying the work on metafunctions [BM81] in the Boyer and Moore theorem prover the code is the metatheory) In [BM81] user defined term rewriting functions can be checked to verify whether they preserve the meaning of terms. Aside from the technical differences, a fundamental difference is that we provide a metatheory in which we can perform automatic deduction to build correct control strategies, while ....

[Article contains additional citation context not shown here]

R.S. Boyer and J.S. Moore. Metafunctions: proving them correct and using them efficiently as new proof procedures. In R.S. Boyer and J.S. Moore, editors, The correctness problem in computer science, pages 103-- 184. Academic Press, 1981.

....logicians, where the pioneering work has been carried out by Godel [14] From a more application oriented 4 Note that Q need not be well typed in context Gamma if some x i occurs free in Q. 8 view, meta level architectures have been used extensively in the realm of mechanical theorem proving [3, 2, 18, 20], since in many cases it is quite straightforward to construct a proof by means of syntactic analysis of the problem at hand [34, 1] Here, the important issue is how meta programming and meta reasoning can be used to represent software development steps together with expressing a certain ....

R.S. Boyer and J.S. Moore. Metafunctions: proving them correct and using them efficiently as new proof procedures. In R.S. Boyer and J.S. Moore, editors, The Correctness Problem in Computer Science, chapter 3. Academic Press, 1981.

....state spaces of astronomical sizes, and mimicking this enumeration at least naively, see related work below with proof rules inside the proof assistant would be foolish. One remedy to this model checker (automatic, fast) vs proof assistant (expressive, safe) antinomy is to use reflection [32, 7, 1, 4, 6], which in this context can roughly be thought of as replacing proofs in the logic by computations (see Section 3) Reflection is particularly applicable in Coq, since Coq is based on the calculus of inductive constructions, a logic which is essentially a typed lambda calculus, a quintessential ....

R. Boyer and J. S. Moore. Metafunctions: Proving them correct and using them efficiently as new proof procedures. In The Correctness Problem in Computer Science, London, 1981. Academic Press.

....state spaces of astronomical sizes, and mimicking this enumeration at least naively, see Section 1 with proof rules inside the proof assistant would be foolish. One remedy to this model checker (automatic, fast) vs. proof assistant (expressive, safe) antinomy is to use reflection [Wey80, BM81, ACHA90, BC93, Bou97] The general idea to prove a given property P applied to some term t is as follows. Assume we have a proof assistant in which you can also describe and prove programs: NQTHM [BM79] Coq and Lego are three examples. Then write a program that takes t as input and returns true ....

Robert Boyer and J. Strother Moore. Metafunctions: Proving them correct and using them efficiently as new proof procedures. In The Correctness Problem in Computer Science, London, 1981. Academic Press.

....gives the right perspective for describing inference mechanisms. In general one would like to prove that a new inference procedure is derived from, admissible or consistent with the already existing ones. This is the kind of results that metatheoretic reasoning provides (see for instance [BM81, GS88, Pau89] However MT is different from any other metatheory defined in the past. Not only does it describe the object level logic, but it also takes into account the computations implementing it. Its theorems can be interpreted in terms of both the object level logic and its mechanization. ....

....able to reason about this kind of inference rules gives the system the capability of extending itself with non trivial functionalities: typical examples are a tautology decider or a normalization procedure. Our treatment of admissible rules is similar to Boyer and Moore s work on metafunctions [BM81] As a simple example, consider the inference rule performing the universal closure of an arbitrary sequent. This rule succeeds provided that none of the free variables of the formula occurs free in the dependencies. This rule can be represented in MT by the function symbol uniclosetac, defined ....

R.S. Boyer and J.S. Moore. Metafunctions: proving them correct and using them efficiently as new proof procedures. In R.S. Boyer and J.S. Moore, editors, The correctness problem in computer science, pages 103--184. Academic Press, 1981.

....tactics containing tacticals, extending naturally the results presented in Section 9.3. 42 A second step is to provide MT with induction principles. Induction principles are necessary in order to synthesize or prove the correctness of certain derived inference rules (see for instance [8, 38]) Some preliminary experiments of theorem proving in such extensions of MT have been performed. 1] describes a proof of the theorem about formulas containing only equivalences stated in [54] the same theorem is also stated and proved in [3] A problem which we are now starting to investigate ....

....limited in at least three respects. First, it does not allow the use of expressive control structures and tacticals, as it is the case, for instance in [16, 38, 30] but this has been fixed in [25] Second, it does not allow induction, which is used for instance in the metatheories described in [8, 38]. Third, so far the system has been used only to synthesize simple tactics. As described in Section 10, these topics are currently being investigated. We actually hope that the techniques elaborated in the past will largely apply to MT and its extensions (the extent to which this is true is still ....

[Article contains additional citation context not shown here]

R.S. Boyer and J.S. Moore. Metafunctions: proving them correct and using them efficiently as new proof procedures. In R.S. Boyer and J.S. Moore, editors, The correctness problem in computer science, pages 103--184. Academic Press, 1981.

....is necessary to use an object theorem, but serious computation is needed to eliminate the object level notion BDD. This seems close to partial reflection [How88] which, in spite of the name, does not add any new principle to the object language) and the metafunctions of the Boyer Moore prover [BM81] where some representation (BDD in this case) is shown in the object logic to be a correct semantics for some operation on some class of terms. 3 A Variation on LCF style We change the kernel of the LCF style implementation above to make explicit the structure of derivations as part of the ....

Robert S. Boyer and J S. Moore. Metafunctions: Proving them correct and using them efficiently as new proof procedures. In Robert S. Boyer and J S. Moore, editors, The Correctness Problem in Computer Science, pages 103--184. Academic Press, New York, 1981.

No context found.

R.S. Boyer and J.S. Moore. Metafunctions: proving them correct and using them efficiently as new proof procedures. In R.S. Boyer and J.S. Moore, editors, The correctness problem in computer science, pages 103--184. Academic Press, 1981.

....of proof is convincing enough for your fellow mathematicians . The question arises, suppose we tried to mimic this proof in a truly formal system, what would happen The observation that syntactic transformations of this kind are often useful has led to what are called meta rules in ACL2 (see [1]) However, meta rules have to be proved correct. Presumably, one cannot prove the above meta rule correct. For the third example, we quote from page 0 of EWD1219 [10] Consider the statements a0 and a1: a0) I have a proof that true (holds) a1) true (holds) Then, a0 and a1 are equivalent. ....

Robert Stephen Boyer and J Strother Moore. Metafunctions: Proving them correct and using them eciently as new proof procedures. In Robert Stephen Boyer and J Strother Moore, editors, The Correctness Problem in Computer Science, pages 103-184. Academic Press, 1981.

.... change commands besides DIVE which change the current subterm are UP, TOP, NX, and BK, all of which are of course explained by the help facility (and in the final appendix) 11 An exception is that both commands print explicit value terms using the quote notation, which is explained in detail in [6]. So for example, LIST A B) is printed as (A B) with both commands. 15 We continue with our description of the fields of a STATE. GOAL is the current goal, in the sense of goal described in the previous subsections (i.e. a record consisting of a CONC, HYPS, DEPENDS ON, and GOAL NAME) The ....

R.S. Boyer and J S. Moore, Metafunctions: Proving Them Correct and Using Them Efficiently as New Proof Procedures, Academic Press, 1981, pp. 103-185.

.... Theorem: add associativity add (n, add (n, x , y) z ) add (n, x , add (n, y , z ) It is worth noting that some meta lemmas about modulo arithmetic have been proved by Nqthm and incorporated into our theory, which demonstrates the usefulness of the Nqthm s meta extension mechanism [3, 6]. This meta extension technique permits the proof of the correctness of simplification procedures, which once proved are then embedded into Nqthm s simplification machinery. A simple example of such a meta lemma is the statement that identical terms may be cancelled from opposite sides of an ....

R. S. Boyer and J S. Moore. Metafunctions: Proving them correct and using them efficiently as new proof procedures. In R. S. Boyer and J S. Moore, editors, The Correctness Problem in Computer Science, pages 103-- 184. Academic Press, London, 1981.

No context found.

R.S. Boyer and J.S. Moore. Metafunctions: proving them correct and using them efficiently as new proof procedures. In R.S. Boyer and J.S. Moore, editors, The correctness problem in computer science, pages 103--184. Academic Press, 1981.

No context found.

R. S. Boyer and J S. Moore. Metafunctions: Proving them correct and using them e#ciently as new proof procedures. In R. S. Boyer and J S. Moore, editors, The Correctness Problem in Computer Science. Academic Press, London, 1981.

No context found.

R. S. Boyer and J. S. Moore. Metafunctions: Proving them correct and using them eciently as new proof procedures. In The Correctness Problem in Computer Science, pages 103-84. Academic Press, New York, 1981.

No context found.

R. S. Boyer and J Strother Moore. Metafunctions: proving them correct and using them efficiently as new proof procedures. In Robert Boyer and J Moore, editors, The Correctness Problem in Computer Science, pages 103-- 185. Academic Press, 1981.

No context found.

R. S. Boyer and J S. Moore. Metafunctions: Proving them correct and using them eciently as new proof procedures. In R. S. Boyer and J S. Moore, editors, The Correctness Problem in Computer Science. Academic Press, London, 1981.

No context found.

R. Boyer and J. Moore. Metafunctions: proving them correct and using them e#ciently as new proof procedures. In The Correctness Problem in Computer Science., pages 103--84. NY:Academic Press, 1981.

No context found.

R. S. Boyer and J. S. Moore. Metafunctions: Proving them correct and using them e#ciently as new proof procedures. In The Correctness Problem in Computer Science, pages 103--84. Academic Press, New York, 1981.

First 50 documents  Next 50

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC