Larch Prover

Last updated • 5 min readFrom Wikipedia, The Free Encyclopedia

The Larch Prover, or LP for short, is an interactive theorem proving system for multi-sorted first-order logic. It was used at MIT and elsewhere during the 1990s to reason about designs for circuits, concurrent algorithms, hardware, and software. [1]

Contents

Unlike most theorem provers, which attempt to find proofs automatically for correctly stated conjectures, LP was intended to assist users in finding and correcting flaws in conjecturesthe predominant activity in the early stages of the design process. It worked efficiently on large problems, had many important user amenities, and could be used by relatively naïve users.

Development

LP was developed by Stephen Garland and John Guttag at the MIT Laboratory for Computer Science with assistance from James Horning and James Saxe at the DEC Systems Research Center, as part of the Larch project on formal specifications. [2] It extended the REVE 2 equational term rewriting system developed by Pierre Lescanne, [3] Randy Forgaard [4] with assistance from David Detlefs and Katherine Yelick. It supports proofs by equational term rewriting (for terms with associative-commutative operators), cases, contradiction, induction, generalization, and specialization.

LP was written in the CLU programming language.

Sample LP Axiomatization

declare sorts E, S declare variables e, e1, e2: E, x, y, z: S declare operators   {}:                   -> S   {__}:            E    -> S   insert:          E, S -> S   __ \union __:    S, S -> S   __ \in __:       E, S -> Bool   __ \subseteq __: S, S -> Bool   ..  set name setAxioms assert   sort S generated by {}, insert;   {e} = insert(e, {});   ~(e \in {});   e \in insert(e1, x) <=> e = e1 \/ e \in x;   {} \subseteq x;   insert(e, x) \subseteq y <=> e \in y /\ x \subseteq y;   e \in (x \union y) <=> e \in x \/ e \in y   .. set name extensionality assert \A e (e \in x <=> e \in y) => x = y

Sample LP Proofs

set name setTheorems prove e \in {e} qed  prove \E x \A e (e \in x <=> e = e1 \/ e = e2)   resume by specializing x to insert(e2, {e1}) qed  % Three theorems about union (proved using extensionality)  prove x \union {} = x   instantiate y by x \union {} in extensionality qed  prove x \union insert(e, y) = insert(e, x \union y)   resume by contradiction     set name lemma     critical-pairs *Hyp with extensionality qed  prove ac \union     resume by contradiction       set name lemma       critical-pairs *Hyp with extensionality     resume by contradiction       set name lemma       critical-pairs *Hyp with extensionality qed  % Three theorems about subset  set proof-methods =>, normalization  prove e \in x /\ x \subseteq y => e \in y by induction on x       resume by case ec = e1c         set name lemma         complete qed  prove x \subseteq y /\ y \subseteq x => x = y     set name lemma     prove e \in xc <=> e \in yc by <=>         complete         complete     instantiate x by xc, y by yc in extensionality qed  prove (x \union y) \subseteq z <=> x \subseteq z /\ y \subseteq z by induction on x qed  % An alternate induction rule  prove sort S generated by {}, {__}, \union     set name lemma     resume by induction       critical-pairs *GenHyp with *GenHyp       critical-pairs *InductHyp with lemma qed

Bibliography

Pascal André, Annya Romanczuk, Jean-Claude Royer, and Aline Vasconcelos, "Checking the consistency of UML class diagrams using Larch Prover", Proceedings of the 2000 International Conference on Rigorous Object-Oriented Methods, page 1, York, UK, BCS Learning & Development Ltd., Swindon, GBR, January 2000.

Boutheina Chetali, "Formal verification of concurrent programs using the Larch Prover", IEEE Transactions on Software Engineering 24:1, pages 4662, January 1998. doi: 10.1109/32.663997.

Manfred Broy, "Experiences with software specification and verification using LP, the Larch proof assistant", Formal Methods in System Design 8:3, pages 221272, 1996.

Urban Engberg, Peter Grønning, and Leslie Lamport, "Mechanical Verification of Concurrent Systems with TLA", Computer-Aided Verification, G. v. Bochmann and D. K. Probst editors, Proceedings of the Fourth International Conference CAV'92), Lecture Notes in Computer Science 663, Springer-Verlag, June 1992, pages 4455.

Urban Engberg, Reasoning in the Temporal Logic of Actions, BRICS Dissertation Series DS 961, Department of Computer Science, University of Aarhus, Denmark, August 1996. ISSN 1396-7002.

Stephen J. Garland and John V. Guttag, "Inductive methods for reasoning about abstract data types," Fifteenth Annual ACM Symposium on Principles of Programming Languages, pages 219228, San Diego, CA, January 1988.

Stephen J. Garland and John V. Guttag, "LP: The Larch Prover," Ninth International Conference on Automated DeductionLecture Notes in Computer Science 310, pages 748749, Argonne, Illinois, May 1988. Springer-Verlag.

Stephen J. Garland, John V. Guttag, and Jørgen Staunstrup, "Verification of VLSI circuits using LP," The Fusion of Hardware Design and Verification, pages 329–345, Glasgow, Scotland, July 46, 1988. IFIP WG 10.2, North Holland.

Stephen J. Garland and John V. Guttag, "An overview of LP, the Larch Prover," Third International Conference on Rewriting Techniques and ApplicationsLecture Notes in Computer Science 355, pages 137151, Chapel Hill, NC, April 1989. Springer-Verlag.

Stephen J. Garland and John V. Guttag, "Using LP to debug specifications," Programming Concepts and Methods, Sea of Galilee, Israel, April 25, 1990. IFIP WG 2.2/2.3, North-Holland.

Stephen J. Garland and John V. Guttag, A Guide to LP: the Larch Prover, MIT Laboratory for Computer Science, December 1991. Also published as Digital Equipment Corporation Systems Research Center Report 82, 1991.

Victor Luchangco, Ekrem Söylemez, Stephen Garland, and Nancy Lynch, "Verifying timing properties of concurrent algorithms," FORTE '94: Seventh International Conference on Formal Description Techniques, pages 259–273, Berne, Switzerland, October 47, 1994. Chapman & Hall.

Ursula Martin and Michael Lai, "Some experiments with a completion theorem prover", Journal of Symbolic Computation 13:1, 1992, pages 81100, ISSN 0747-7171.

Ursula Martin and Jeannette M. Wing, editors, First International Workshop on Larch, Proceedings of the First International Workshop non Larch, Dedham, Massachusetts, July 1315 1992, Workshops in Computing, Springer-Verlag, 1992.

Toh Ne Win, Michael D. Ernst, Stephen J. Garland, Dilsun Kirli, and Nancy Lynch, Using simulated execution in verifying distributed algorithms," Software Tools for Technology Transfer 6:1, Lenore D. Zuck, Paul C. Attie, Agostino Cortesi, and Supratik Mukhopadhyay (editors), pages 6776. Springer-Verlag, July 2004.

Tsvetomir P. Petrov, Anya Pogosyants, Stephen J. Garland, Victor Luchangco, and Nancy A. Lynch, "Computer-assisted verification of an algorithm for concurrent timestamps," Formal Description Techniques IX: Theory, Application, and Tools (FORTE/PSTV), Reinhard Gotzhein and Jan Bredereke (editors), pages 2944, Kaiserslautern, Germany, October 811, 1996. Chapman & Hall.

James B. Saxe, Stephen J. Garland, John V. Guttag, and James J. Horning, "Using transformations and verification in circuit design," Formal Methods in System Design 3:3 (December 1993), pages 181209.

Jørgen F. Søgaard-Anderson, Stephen J. Garland, John V. Guttag, Nancy A. Lynch, and Anya Pogosyants, "Computed-assisted simulation proofs," Fifth Conference on Computer-Aided Verification (CAV '03), Costas Courcoubetis (editor), Lecture Notes in Computer Science 697, pages 305319, Elounda, Greece, June 1993. Springer-Verlag.

Jørgen Staunstrup, Stephen J. Garland, and John V. Guttag, "Localized verification of circuit descriptions," Automatic Verification Methods for Finite State Systems, Lecture Notes in Computer Science 407, pages 349364, Grenoble, France, June 1989. Springer-Verlag.

Jørgen Staunstrup, Stephen J. Garland, and John V. Guttag, "Mechanized verification of circuit descriptions using the Larch Prover", Theorem Provers in Circuit Design, Victoria Stavridou, Thomas F. Melham, and Raymond T. Boute (editors), IFIP Transactions A-10, pages 277299, Nijmegen, The Netherlands, June 2224, 1992. North-Holland.

Mark T. Vandevoorde and Deepak Kapur, "Distributed Larch Prover (DLP): an experiment in parallelizing a rewrite-rule based prover", International Conference on Rewriting Techniques and Applications RTA 1996, Lecture Notes in Computer Science 1103, pages 420423. Springer-Verlag.

Frédéric Voisin, "A new proof manager and graphic interface for the Larch prover", International Conference on Rewriting Techniques and Applications RTA 1996, Lecture Notes in Computer Science 1103, pages 408411. Springer-Verlag.

Jeannette M. Wing and Chun Gong, Experience with the Larch Prover, ACM SIGSOFT Software Engineering Notes 15:44, September 1990, pages 140143 https://doi.org/10.1145/99571.99835

Related Research Articles

<span class="mw-page-title-main">Intermediate value theorem</span> Continuous function on an interval takes on every value between its values at the ends

In mathematical analysis, the intermediate value theorem states that if is a continuous function whose domain contains the interval [a, b], then it takes on any given value between and at some point within the interval.

In computational complexity theory, the class NC (for "Nick's Class") is the set of decision problems decidable in polylogarithmic time on a parallel computer with a polynomial number of processors. In other words, a problem with input size n is in NC if there exist constants c and k such that it can be solved in time O((log n)c) using O(nk) parallel processors. Stephen Cook coined the name "Nick's class" after Nick Pippenger, who had done extensive research on circuits with polylogarithmic depth and polynomial size.

In topology, Urysohn's lemma is a lemma that states that a topological space is normal if and only if any two disjoint closed subsets can be separated by a continuous function.

<span class="mw-page-title-main">Zorn's lemma</span> Mathematical proposition equivalent to the axiom of choice

Zorn's lemma, also known as the Kuratowski–Zorn lemma, is a proposition of set theory. It states that a partially ordered set containing upper bounds for every chain necessarily contains at least one maximal element.

In mathematics, Hilbert's Nullstellensatz is a theorem that establishes a fundamental relationship between geometry and algebra. This relationship is the basis of algebraic geometry. It relates algebraic sets to ideals in polynomial rings over algebraically closed fields. This relationship was discovered by David Hilbert, who proved the Nullstellensatz in his second major paper on invariant theory in 1893.

<span class="mw-page-title-main">Isabelle (proof assistant)</span> Higher-order logic (HOL) automated theorem prover

The Isabelle automated theorem prover is a higher-order logic (HOL) theorem prover, written in Standard ML and Scala. As a Logic for Computable Functions (LCF) style theorem prover, it is based on a small logical core (kernel) to increase the trustworthiness of proofs without requiring, yet supporting, explicit proof objects.

In mathematics, the uniform boundedness principle or Banach–Steinhaus theorem is one of the fundamental results in functional analysis. Together with the Hahn–Banach theorem and the open mapping theorem, it is considered one of the cornerstones of the field. In its basic form, it asserts that for a family of continuous linear operators whose domain is a Banach space, pointwise boundedness is equivalent to uniform boundedness in operator norm.

<span class="mw-page-title-main">Complexity class</span> Set of problems in computational complexity theory

In computational complexity theory, a complexity class is a set of computational problems "of related resource-based complexity". The two most commonly analyzed resources are time and memory.

In functional analysis and related branches of mathematics, the Banach–Alaoglu theorem states that the closed unit ball of the dual space of a normed vector space is compact in the weak* topology. A common proof identifies the unit ball with the weak-* topology as a closed subset of a product of compact sets with the product topology. As a consequence of Tychonoff's theorem, this product, and hence the unit ball within, is compact.

<span class="mw-page-title-main">Coq (software)</span> Proof assistant

Coq is an interactive theorem prover first released in 1989. It allows for expressing mathematical assertions, mechanically checks proofs of these assertions, helps find formal proofs, and extracts a certified program from the constructive proof of its formal specification. Coq works within the theory of the calculus of inductive constructions, a derivative of the calculus of constructions. Coq is not an automated theorem prover but includes automatic theorem proving tactics (procedures) and various decision procedures.

The Larch family of formal specification languages are intended for the precise specification of computing systems. They allow the clean specification of computer programs and the formulation of proofs about program behavior.

In theoretical computer science and mathematical logic a string rewriting system (SRS), historically called a semi-Thue system, is a rewriting system over strings from a alphabet. Given a binary relation between fixed strings over the alphabet, called rewrite rules, denoted by , an SRS extends the rewriting relation to all strings in which the left- and right-hand side of the rules appear as substrings, that is , where , , , and are strings.

A Dynkin system, named after Eugene Dynkin, is a collection of subsets of another universal set satisfying a set of axioms weaker than those of 𝜎-algebra. Dynkin systems are sometimes referred to as 𝜆-systems or d-system. These set families have applications in measure theory and probability.

In complexity theory, the Karp–Lipton theorem states that if the Boolean satisfiability problem (SAT) can be solved by Boolean circuits with a polynomial number of logic gates, then

In mathematics, particularly topology, the tube lemma, also called Wallace's theorem, is a useful tool in order to prove that the finite product of compact spaces is compact.

<span class="mw-page-title-main">Hyperplane separation theorem</span> On the existence of hyperplanes separating disjoint convex sets

In geometry, the hyperplane separation theorem is a theorem about disjoint convex sets in n-dimensional Euclidean space. There are several rather similar versions. In one version of the theorem, if both these sets are closed and at least one of them is compact, then there is a hyperplane in between them and even two parallel hyperplanes in between them separated by a gap. In another version, if both disjoint convex sets are open, then there is a hyperplane in between them, but not necessarily any gap. An axis which is orthogonal to a separating hyperplane is a separating axis, because the orthogonal projections of the convex bodies onto the axis are disjoint.

<span class="mw-page-title-main">John Guttag</span> American computer scientist

John Vogel Guttag is an American computer scientist, professor, and former head of the department of electrical engineering and computer science at MIT. He conducts research on computer networks and medical applications of AI as co-lead of the MIT Computer Science and Artificial Intelligence Laboratory's Networks and Mobile Systems Group.

Nqthm is a theorem prover sometimes referred to as the Boyer–Moore theorem prover. It was a precursor to ACL2.

<span class="mw-page-title-main">Corners theorem</span> Statement in arithmetic combinatorics

In arithmetic combinatorics, the corners theorem states that for every , for large enough , any set of at least points in the grid contains a corner, i.e., a triple of points of the form with . It was first proved by Miklós Ajtai and Endre Szemerédi in 1974 using Szemerédi's theorem. In 2003, József Solymosi gave a short proof using the triangle removal lemma.

<span class="mw-page-title-main">Ultrafilter on a set</span> Maximal proper filter

In the mathematical field of set theory, an ultrafilter on a set is a maximal filter on the set In other words, it is a collection of subsets of that satisfies the definition of a filter on and that is maximal with respect to inclusion, in the sense that there does not exist a strictly larger collection of subsets of that is also a filter. Equivalently, an ultrafilter on the set can also be characterized as a filter on with the property that for every subset of either or its complement belongs to the ultrafilter.

References

  1. 1985 Larch survey, Çarnegie Mellon University
  2. John V. Guttag and James Horning with S. J. Garland, K. D. Jones, A. Modet, and J. M. Wing, Larch: Languages and Tools for Formal Specification, Springer-Verlag Texts and Monographs in Computer Science, 1993. ISBN 978-1-4612-2704-5.
  3. Pierre Lescanne and "Computer experiments with the REVE term rewriting system generator," Proceedings of the 10th ACM SIGACT-SIGPLAN Symposium on Principles of Programming Languages, POPL '83, Austin, Texas, Association for Computing Machinery, New York, NY, pages 99108.
  4. Randy Forgaard and John Guttag, "REVE: a term rewriting system generator with a failure-resistant Knuth-Bendix", Proceedings of a Workshop on Term Rewriting, edited by D. Kapur and D. Musser, April 1984, pages 531.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.