Results 1  10
of
174
PVS: A Prototype Verification System
 CADE
, 1992
"... PVS is a prototype system for writing specifications and constructing proofs. Its development has been shaped by our experiences studying or using several other systems and performing a number of rather substantial formal verifications (e.g., [5,6,8]). PVS is fully implemented and freely available. ..."
Abstract

Cited by 655 (16 self)
 Add to MetaCart
PVS is a prototype system for writing specifications and constructing proofs. Its development has been shaped by our experiences studying or using several other systems and performing a number of rather substantial formal verifications (e.g., [5,6,8]). PVS is fully implemented and freely available. It has been used to construct proofs of nontrivial difficulty with relatively modest amounts of human effort. Here, we describe some of the motivation behind PVS and provide some details of the system. Automated reasoning systems typically fall in one of two classes: those that provide powerful automation for an impoverished logic, and others that feature expressive logics but only limited automation. PVS attempts to tread the middle ground between these two classes by providing mechanical assistance to support clear and abstract specifications, and readable yet sound proofs for difficult theorems. Our goal is to provide mechanicallychecked specificati
PVS: Combining Specification, Proof Checking, and Model Checking
, 1996
"... rem Proving and Typechecking The PVS specification language is based on classical, simply typed higherorder logic, but the type system has been augmented with subtypes and dependent types. Though typechecking is undecidable for the PVS type system, the PVS typechecker automatically checks for simp ..."
Abstract

Cited by 230 (5 self)
 Add to MetaCart
(Show Context)
rem Proving and Typechecking The PVS specification language is based on classical, simply typed higherorder logic, but the type system has been augmented with subtypes and dependent types. Though typechecking is undecidable for the PVS type system, the PVS typechecker automatically checks for simple type correctness and generates proof obligations corresponding to predicate subtypes. These proof obligations can be discharged through the use of the PVS proof checker. PVS also has parametric theories so that it is possible to capture, say, the notion of sorting with respect to arbitrary sizes, types, and ordering relations. By exploiting subtyping, dependent typing, and parametric theories, researchers at NASA Langley Research Center and SRI have developed a very general bitvector library. Paul Miner at NASA ? The development of PVS was funded by SRI International through IR&D funds. Various applications and customizations have been funded by NSF Grant CCR9300
Lazy Satisfiability Modulo Theories
 JOURNAL ON SATISFIABILITY, BOOLEAN MODELING AND COMPUTATION 3 (2007) 141Â224
, 2007
"... Satisfiability Modulo Theories (SMT) is the problem of deciding the satisfiability of a firstorder formula with respect to some decidable firstorder theory T (SMT (T)). These problems are typically not handled adequately by standard automated theorem provers. SMT is being recognized as increasingl ..."
Abstract

Cited by 189 (50 self)
 Add to MetaCart
Satisfiability Modulo Theories (SMT) is the problem of deciding the satisfiability of a firstorder formula with respect to some decidable firstorder theory T (SMT (T)). These problems are typically not handled adequately by standard automated theorem provers. SMT is being recognized as increasingly important due to its applications in many domains in different communities, in particular in formal verification. An amount of papers with novel and very efficient techniques for SMT has been published in the last years, and some very efficient SMT tools are now available. Typical SMT (T) problems require testing the satisfiability of formulas which are Boolean combinations of atomic propositions and atomic expressions in T, so that heavy Boolean reasoning must be efficiently combined with expressive theoryspecific reasoning. The dominating approach to SMT (T), called lazy approach, is based on the integration of a SAT solver and of a decision procedure able to handle sets of atomic constraints in T (Tsolver), handling respectively the Boolean and the theoryspecific components of reasoning. Unfortunately, neither the problem of building an efficient SMT solver, nor even that
Validity Checking for Combinations of Theories with Equality
, 1996
"... . An essential component in many verification methods is a fast decision procedure for validating logical expressions. This paper presents the algorithm used in the Stanford Validity Checker (SVC) which has been used to aid several realistic hardware verification efforts. The logic for this decision ..."
Abstract

Cited by 163 (30 self)
 Add to MetaCart
(Show Context)
. An essential component in many verification methods is a fast decision procedure for validating logical expressions. This paper presents the algorithm used in the Stanford Validity Checker (SVC) which has been used to aid several realistic hardware verification efforts. The logic for this decision procedure includes Boolean and uninterpreted functions and linear arithmetic. We have also successfully incorporated other interpreted functions, such as array operations and linear inequalities. The primary techniques which allow a complete and efficient implementation are expression sharing, heuristic rewriting, and congruence closure with interpreted functions. We discuss these techniques and present the results of initial experiments in which SVC is used as a decision procedure in PVS, resulting in dramatic speedups. 1 Introduction Decision procedures are emerging as a central component of formal verification systems. Such a procedure can be included as a component of a generalpurpos...
Automated Deduction by Theory Resolution
 Journal of Automated Reasoning
, 1985
"... Theory resolution constitutes a set of complete procedures for incorporating theories into a resolution theoremproving program, thereby making it unnecessary to resolve directly upon axioms of the theory. This can greatly reduce the length of proofs and the size of the search space. Theory resoluti ..."
Abstract

Cited by 132 (1 self)
 Add to MetaCart
(Show Context)
Theory resolution constitutes a set of complete procedures for incorporating theories into a resolution theoremproving program, thereby making it unnecessary to resolve directly upon axioms of the theory. This can greatly reduce the length of proofs and the size of the search space. Theory resolution effects a beneficial division of labor, improving the performance of the theorem prover and increasing the applicability of the specialized reasoning procedures. Total theory resolution utilizes a decision procedure that is capable of determining unsatisfiability of any set of clauses using predicates in the theory. Partial theory resolution employs a weaker decision procedure that can determine potential unsatisfiability of sets of literals. Applications include the building in of both mathematical and special decision procedures, e.g., for the taxonomic information furnished by a knowledge representation system. Theory resolution is a generalization of numerous previously known resolution refinements. Its power is demonstrated by comparing solutions of "Schubert's Steamroller" challenge problem with and without building in axioms through theory resolution. 1 1
Formal verification in hardware design: A survey
, 1997
"... In recent years, formal methods have emerged as an alternative approach to ensuring the quality and correctness of hardware designs, overcoming some of the limitations of traditional validation techniques such as simulation and testing. There are two main aspects to the application of formal methods ..."
Abstract

Cited by 113 (0 self)
 Add to MetaCart
In recent years, formal methods have emerged as an alternative approach to ensuring the quality and correctness of hardware designs, overcoming some of the limitations of traditional validation techniques such as simulation and testing. There are two main aspects to the application of formal methods in a design process: The formal framework used to specify desired properties of a design, and the verification techniques and tools used to reason about the relationship between a specification and a corresponding implementation. We survey a variety of frameworks and techniques which have been proposed in the literature and applied to actual designs. The specification frameworks we describe include temporal logics, predicate logic, abstraction and refinement, as well as containment between!regular languages. The verification techniques presented include model checking, automatatheoretic techniques, automated theorem proving, and approaches that integrate the above methods.
A New Correctness Proof of the NelsonOppen Combination Procedure
 Frontiers of Combining Systems, volume 3 of Applied Logic Series
, 1996
"... The NelsonOppen combination procedure, which combines satisfiability procedures for a class of firstorder theories by propagation of equalities between variables, is one of the most general combination methods in the field of theory combination. We describe a new nondeterministic version of the p ..."
Abstract

Cited by 93 (8 self)
 Add to MetaCart
(Show Context)
The NelsonOppen combination procedure, which combines satisfiability procedures for a class of firstorder theories by propagation of equalities between variables, is one of the most general combination methods in the field of theory combination. We describe a new nondeterministic version of the procedure that has been used to extend the Constraint Logic Programming Scheme to unions of constraint theories. The correctness proof of the procedure that we give in this paper not only constitutes a novel and easier proof of Nelson and Oppen's original results, but also shows that equality sharing between the satisfiability procedures of the component theories, the main idea of the method, can be confined to a restricted set of variables.
PartitionBased Logical Reasoning for FirstOrder and Propositional Theories
 Artificial Intelligence
, 2000
"... In this paper we provide algorithms for reasoning with partitions of related logical axioms in propositional and firstorder logic (FOL). We also provide a greedy algorithm that automatically decomposes a set of logical axioms into partitions. Our motivation is twofold. First, we are concerned with ..."
Abstract

Cited by 62 (9 self)
 Add to MetaCart
(Show Context)
In this paper we provide algorithms for reasoning with partitions of related logical axioms in propositional and firstorder logic (FOL). We also provide a greedy algorithm that automatically decomposes a set of logical axioms into partitions. Our motivation is twofold. First, we are concerned with how to reason e#ectively with multiple knowledge bases that have overlap in content. Second, we are concerned with improving the e#ciency of reasoning over a set of logical axioms by partitioning the set with respect to some detectable structure, and reasoning over individual partitions. Many of the reasoning procedures we present are based on the idea of passing messages between partitions. We present algorithms for reasoning using forward messagepassing and using backward messagepassing with partitions of logical axioms. Associated with each partition is a reasoning procedure. We characterize a class of reasoning procedures that ensures completeness and soundness of our messagepassing ...
An Update on STeP: DeductiveAlgorithmic Verification of Reactive Systems
 IN 8TH CAV
, 1998
"... The Stanford Temporal Prover, STeP, is a tool for the computeraided formal verification of reactive systems, including realtime and hybrid systems, based on their temporal specification. STeP integrates methods for deductive and algorithmic verification, including model checking, theorem provin ..."
Abstract

Cited by 56 (12 self)
 Add to MetaCart
The Stanford Temporal Prover, STeP, is a tool for the computeraided formal verification of reactive systems, including realtime and hybrid systems, based on their temporal specification. STeP integrates methods for deductive and algorithmic verification, including model checking, theorem proving, automatic invariant generation, abstraction and modular reasoning. We describe the most recent version of STeP, Version 2.0.