Larch Prover

Last updated August 04, 2023

The Larch Prover, or LP for short, is an interactive theorem proving system for multi-sorted first-order logic. It was used at MIT and elsewhere during the 1990s to reason about designs for circuits, concurrent algorithms, hardware, and software.^[1]

Unlike most theorem provers, which attempt to find proofs automatically for correctly stated conjectures, LP was intended to assist users in finding and correcting flaws in conjectures—the predominant activity in the early stages of the design process. It worked efficiently on large problems, had many important user amenities, and could be used by relatively naïve users.

Development

LP was developed by Stephen Garland and John Guttag at the MIT Laboratory for Computer Science with assistance from James Horning and James Saxe at the DEC Systems Research Center, as part of the Larch project on formal specifications.^[2] It extended the REVE 2 equational term rewriting system developed by Pierre Lescanne,^[3] Randy Forgaard^[4] with assistance from David Detlefs and Katherine Yelick. It supports proofs by equational term rewriting (for terms with associative-commutative operators), cases, contradiction, induction, generalization, and specialization.

LP was written in the CLU programming language.

Sample LP Axiomatization

declare sorts E, S declare variables e, e1, e2: E, x, y, z: S declare operators   {}:                   -> S   {__}:            E    -> S   insert:          E, S -> S   __ \union __:    S, S -> S   __ \in __:       E, S -> Bool   __ \subseteq __: S, S -> Bool   ..  set name setAxioms assert   sort S generated by {}, insert;   {e} = insert(e, {});   ~(e \in {});   e \in insert(e1, x) <=> e = e1 \/ e \in x;   {} \subseteq x;   insert(e, x) \subseteq y <=> e \in y /\ x \subseteq y;   e \in (x \union y) <=> e \in x \/ e \in y   .. set name extensionality assert \A e (e \in x <=> e \in y) => x = y

Sample LP Proofs

set name setTheorems prove e \in {e} qed  prove \E x \A e (e \in x <=> e = e1 \/ e = e2)   resume by specializing x to insert(e2, {e1}) qed  % Three theorems about union (proved using extensionality)  prove x \union {} = x   instantiate y by x \union {} in extensionality qed  prove x \union insert(e, y) = insert(e, x \union y)   resume by contradiction     set name lemma     critical-pairs *Hyp with extensionality qed  prove ac \union     resume by contradiction       set name lemma       critical-pairs *Hyp with extensionality     resume by contradiction       set name lemma       critical-pairs *Hyp with extensionality qed  % Three theorems about subset  set proof-methods =>, normalization  prove e \in x /\ x \subseteq y => e \in y by induction on x       resume by case ec = e1c         set name lemma         complete qed  prove x \subseteq y /\ y \subseteq x => x = y     set name lemma     prove e \in xc <=> e \in yc by <=>         complete         complete     instantiate x by xc, y by yc in extensionality qed  prove (x \union y) \subseteq z <=> x \subseteq z /\ y \subseteq z by induction on x qed  % An alternate induction rule  prove sort S generated by {}, {__}, \union     set name lemma     resume by induction       critical-pairs *GenHyp with *GenHyp       critical-pairs *InductHyp with lemma qed

Bibliography

Pascal André, Annya Romanczuk, Jean-Claude Royer, and Aline Vasconcelos, "Checking the consistency of UML class diagrams using Larch Prover", Proceedings of the 2000 International Conference on Rigorous Object-Oriented Methods, page 1, York, UK, BCS Learning & Development Ltd., Swindon, GBR, January 2000.

Boutheina Chetali, "Formal verification of concurrent programs using the Larch Prover", IEEE Transactions on Software Engineering 24:1, pages 46–62, January 1998. doi: 10.1109/32.663997.

Manfred Broy, "Experiences with software specification and verification using LP, the Larch proof assistant", Formal Methods in System Design 8:3, pages 221–272, 1996.

Urban Engberg, Peter Grønning, and Leslie Lamport, "Mechanical Verification of Concurrent Systems with TLA", Computer-Aided Verification, G. v. Bochmann and D. K. Probst editors, Proceedings of the Fourth International Conference CAV'92), Lecture Notes in Computer Science 663, Springer-Verlag, June 1992, pages 44–55.

Urban Engberg, Reasoning in the Temporal Logic of Actions, BRICS Dissertation Series DS 96–1, Department of Computer Science, University of Aarhus, Denmark, August 1996. ISSN 1396-7002.

Stephen J. Garland and John V. Guttag, "Inductive methods for reasoning about abstract data types," Fifteenth Annual ACM Symposium on Principles of Programming Languages, pages 219–228, San Diego, CA, January 1988.

Stephen J. Garland and John V. Guttag, "LP: The Larch Prover," Ninth International Conference on Automated DeductionLecture Notes in Computer Science 310, pages 748–749, Argonne, Illinois, May 1988. Springer-Verlag.

Stephen J. Garland, John V. Guttag, and Jørgen Staunstrup, "Verification of VLSI circuits using LP," The Fusion of Hardware Design and Verification, pages 329–345, Glasgow, Scotland, July 4–6, 1988. IFIP WG 10.2, North Holland.

Stephen J. Garland and John V. Guttag, "An overview of LP, the Larch Prover," Third International Conference on Rewriting Techniques and ApplicationsLecture Notes in Computer Science 355, pages 137–151, Chapel Hill, NC, April 1989. Springer-Verlag.

Stephen J. Garland and John V. Guttag, "Using LP to debug specifications," Programming Concepts and Methods, Sea of Galilee, Israel, April 2–5, 1990. IFIP WG 2.2/2.3, North-Holland.

Stephen J. Garland and John V. Guttag, A Guide to LP: the Larch Prover, MIT Laboratory for Computer Science, December 1991. Also published as Digital Equipment Corporation Systems Research Center Report 82, 1991.

Victor Luchangco, Ekrem Söylemez, Stephen Garland, and Nancy Lynch, "Verifying timing properties of concurrent algorithms," FORTE '94: Seventh International Conference on Formal Description Techniques, pages 259–273, Berne, Switzerland, October 4–7, 1994. Chapman & Hall.

Ursula Martin and Michael Lai, "Some experiments with a completion theorem prover", Journal of Symbolic Computation 13:1, 1992, pages 81–100, ISSN 0747-7171.

Ursula Martin and Jeannette M. Wing, editors, First International Workshop on Larch, Proceedings of the First International Workshop non Larch, Dedham, Massachusetts, July 13–15 1992, Workshops in Computing, Springer-Verlag, 1992.

Michel Bidoit and Rolf Hennicker, "How to prove observational theorems with LP", pages 18–35
Boutheina Chetali and Pierre Lescanne, "An exercise in LP: the proof of a non-restoring division circuit",, pages 55–68
Christine Choppy and Michel Bidoit, "Integrating ASSPEGIQUE and LP", pages 69–85
Niels Mellergaard and Jørgen Staunstrup, "Generating proof obligations for circuits", pages 185–200
E. A. Scott and K. J. Norrie, "Using LP to study the language PL₀⁺", pages 227–245
Frédéric Voisin, "A new front-end for the Larch Prover", pages 282–296
J. M. Wing, E. Rollins, and A. Moorman Zaremski, "Thoughts on a Larch/ML and a new application for LP", pages 297–312

Toh Ne Win, Michael D. Ernst, Stephen J. Garland, Dilsun Kirli, and Nancy Lynch, Using simulated execution in verifying distributed algorithms," Software Tools for Technology Transfer 6:1, Lenore D. Zuck, Paul C. Attie, Agostino Cortesi, and Supratik Mukhopadhyay (editors), pages 67–76. Springer-Verlag, July 2004.

Tsvetomir P. Petrov, Anya Pogosyants, Stephen J. Garland, Victor Luchangco, and Nancy A. Lynch, "Computer-assisted verification of an algorithm for concurrent timestamps," Formal Description Techniques IX: Theory, Application, and Tools (FORTE/PSTV), Reinhard Gotzhein and Jan Bredereke (editors), pages 29–44, Kaiserslautern, Germany, October 8–11, 1996. Chapman & Hall.

James B. Saxe, Stephen J. Garland, John V. Guttag, and James J. Horning, "Using transformations and verification in circuit design," Formal Methods in System Design 3:3 (December 1993), pages 181–209.

Jørgen F. Søgaard-Anderson, Stephen J. Garland, John V. Guttag, Nancy A. Lynch, and Anya Pogosyants, "Computed-assisted simulation proofs," Fifth Conference on Computer-Aided Verification (CAV '03), Costas Courcoubetis (editor), Lecture Notes in Computer Science 697, pages 305–319, Elounda, Greece, June 1993. Springer-Verlag.

Jørgen Staunstrup, Stephen J. Garland, and John V. Guttag, "Localized verification of circuit descriptions," Automatic Verification Methods for Finite State Systems, Lecture Notes in Computer Science 407, pages 349–364, Grenoble, France, June 1989. Springer-Verlag.

Jørgen Staunstrup, Stephen J. Garland, and John V. Guttag, "Mechanized verification of circuit descriptions using the Larch Prover", Theorem Provers in Circuit Design, Victoria Stavridou, Thomas F. Melham, and Raymond T. Boute (editors), IFIP Transactions A-10, pages 277–299, Nijmegen, The Netherlands, June 22–24, 1992. North-Holland.

Mark T. Vandevoorde and Deepak Kapur, "Distributed Larch Prover (DLP): an experiment in parallelizing a rewrite-rule based prover", International Conference on Rewriting Techniques and Applications RTA 1996, Lecture Notes in Computer Science 1103, pages 420–423. Springer-Verlag.

Frédéric Voisin, "A new proof manager and graphic interface for the Larch prover", International Conference on Rewriting Techniques and Applications RTA 1996, Lecture Notes in Computer Science 1103, pages 408–411. Springer-Verlag.

Jeannette M. Wing and Chun Gong, Experience with the Larch Prover, ACM SIGSOFT Software Engineering Notes 15:44, September 1990, pages 140–143 https://doi.org/10.1145/99571.99835

Related Research Articles

In computational complexity theory, the class NC (for "Nick's Class") is the set of decision problems decidable in polylogarithmic time on a parallel computer with a polynomial number of processors. In other words, a problem with input size n is in NC if there exist constants c and k such that it can be solved in time $O ((log n) c)$ using $O (n k)$ parallel processors. Stephen Cook coined the name "Nick's class" after Nick Pippenger, who had done extensive research on circuits with polylogarithmic depth and polynomial size.

In topology, Urysohn's lemma is a lemma that states that a topological space is normal if and only if any two disjoint closed subsets can be separated by a continuous function.

Zorn's lemma, also known as the Kuratowski–Zorn lemma, is a proposition of set theory. It states that a partially ordered set containing upper bounds for every chain necessarily contains at least one maximal element.

The Isabelle automated theorem prover is a higher-order logic (HOL) theorem prover, written in Standard ML and Scala. As an LCF-style theorem prover, it is based on a small logical core (kernel) to increase the trustworthiness of proofs without requiring — yet supporting — explicit proof objects.

The Mizar system consists of a formal language for writing mathematical definitions and proofs, a proof assistant, which is able to mechanically check proofs written in this language, and a library of formalized mathematics, which can be used in the proof of new theorems. The system is maintained and developed by the Mizar Project, formerly under the direction of its founder Andrzej Trybulec.

The QED manifesto was a proposal for a computer-based database of all mathematical knowledge, strictly formalized and with all proofs having been checked automatically.

In computational complexity theory, a complexity class is a set of computational problems "of related resource-based complexity". The two most commonly analyzed resources are time and memory.

The Larch family of formal specification languages are intended for the precise specification of computing systems. They allow the clean specification of computer programs and the formulation of proofs about program behavior.

In mathematics, a fixed-point theorem is a result saying that a function F will have at least one fixed point (a point x for which F(x) = x), under some conditions on F that can be stated in general terms.

<span class="mw-page-title-main">Proof assistant</span> Software tool to assist with the development of formal proofs by human-machine collaboration

In computer science and mathematical logic, a proof assistant or interactive theorem prover is a software tool to assist with the development of formal proofs by human-machine collaboration. This involves some sort of interactive proof editor, or other interface, with which a human can guide the search for proofs, the details of which are stored in, and some steps provided by, a computer.

In theoretical computer science and mathematical logic a string rewriting system (SRS), historically called a semi-Thue system, is a rewriting system over strings from a alphabet. Given a binary relation $between fixed strings over the alphabet, called rewrite rules, denoted by, an SRS extends the rewriting relation to all strings in which the left- and right-hand side of the rules appear as substrings, that is, where,,, and are strings.$

A Dynkin system, named after Eugene Dynkin, is a collection of subsets of another universal set $satisfying a set of axioms weaker than those of 𝜎-algebra. Dynkin systems are sometimes referred to as 𝜆-systems or d-system . These set families have applications in measure theory and probability.$

In complexity theory, the Karp–Lipton theorem states that if the Boolean satisfiability problem (SAT) can be solved by Boolean circuits with a polynomial number of logic gates, then

In mathematics, particularly topology, the tube lemma, also called Wallace's theorem, is a useful tool in order to prove that the finite product of compact spaces is compact.

In geometry, the hyperplane separation theorem is a theorem about disjoint convex sets in n-dimensional Euclidean space. There are several rather similar versions. In one version of the theorem, if both these sets are closed and at least one of them is compact, then there is a hyperplane in between them and even two parallel hyperplanes in between them separated by a gap. In another version, if both disjoint convex sets are open, then there is a hyperplane in between them, but not necessarily any gap. An axis which is orthogonal to a separating hyperplane is a separating axis, because the orthogonal projections of the convex bodies onto the axis are disjoint.

John Vogel Guttag is an American computer scientist, professor, and former head of the department of electrical engineering and computer science at MIT.

Nqthm is a theorem prover sometimes referred to as the Boyer–Moore theorem prover. It was a precursor to ACL2.

In order theory, the Szpilrajn extension theorem, proved by Edward Szpilrajn in 1930, states that every partial order is contained in a total order. Intuitively, the theorem says that any method of comparing elements that leaves some pairs incomparable can be extended in such a way that every pair becomes comparable. The theorem is one of many examples of the use of the axiom of choice in the form of Zorn's lemma to find a maximal set with certain properties.

In arithmetic combinatorics, the corners theorem states that for every $, for large enough, any set of at least points in the grid contains a corner, i.e., a triple of points of the form with . It was first proved by Miklós Ajtai and Endre Szemerédi in 1974 using Szemerédi's theorem. In 2003, József Solymosi gave a short proof using the triangle removal lemma.$

In the mathematical field of set theory, an ultrafilter on a set $is a maximal filter on the set In other words, it is a collection of subsets of that satisfies the definition of a filter on Failed to parse : X and that is maximal with respect to inclusion, in the sense that there does not exist a strictly larger collection of subsets of that is also a filter. Equivalently, an ultrafilter on the set can also be characterized as a filter on with the property that for every subset of either or its complement belongs to the ultrafilter.$

References

↑ 1985 Larch survey, Çarnegie Mellon University
↑ John V. Guttag and James Horning with S. J. Garland, K. D. Jones, A. Modet, and J. M. Wing, Larch: Languages and Tools for Formal Specification, Springer-Verlag Texts and Monographs in Computer Science, 1993. ISBN 978-1-4612-2704-5.
↑ Pierre Lescanne and "Computer experiments with the REVE term rewriting system generator," Proceedings of the 10th ACM SIGACT-SIGPLAN Symposium on Principles of Programming Languages, POPL '83, Austin, Texas, Association for Computing Machinery, New York, NY, pages 99–108.
↑ Randy Forgaard and John Guttag, "REVE: a term rewriting system generator with a failure-resistant Knuth-Bendix", Proceedings of a Workshop on Term Rewriting, edited by D. Kapur and D. Musser, April 1984, pages 5–31.

External links

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.

[1] 1985 Larch survey, Çarnegie Mellon University

[2] John V. Guttag and James Horning with S. J. Garland, K. D. Jones, A. Modet, and J. M. Wing, Larch: Languages and Tools for Formal Specification, Springer-Verlag Texts and Monographs in Computer Science, 1993. ISBN 978-1-4612-2704-5.

[3] Pierre Lescanne and "Computer experiments with the REVE term rewriting system generator," Proceedings of the 10th ACM SIGACT-SIGPLAN Symposium on Principles of Programming Languages, POPL '83, Austin, Texas, Association for Computing Machinery, New York, NY, pages 99–108.

[4] Randy Forgaard and John Guttag, "REVE: a term rewriting system generator with a failure-resistant Knuth-Bendix", Proceedings of a Workshop on Term Rewriting, edited by D. Kapur and D. Musser, April 1984, pages 5–31.

[1]

[2]

[3]

[4]