Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision | |||
sav08:proof_and_code_generation_in_lcf_systems [2009/03/05 13:45] vkuncak |
sav08:proof_and_code_generation_in_lcf_systems [2009/03/05 13:52] (current) vkuncak |
||
---|---|---|---|
Line 39: | Line 39: | ||
then this shows that function deriveFact always produces a valid theorem. Whenever we use expression on LHS, we could hace used expression on RHS. While RHS constructs a theorem, the LHS directly computes it, without invoking primitive rules, so it can be much faster. It is the theorem prover in the usual sense. | then this shows that function deriveFact always produces a valid theorem. Whenever we use expression on LHS, we could hace used expression on RHS. While RHS constructs a theorem, the LHS directly computes it, without invoking primitive rules, so it can be much faster. It is the theorem prover in the usual sense. | ||
+ | |||
===== Proving Software ===== | ===== Proving Software ===== | ||
Line 56: | Line 57: | ||
- can be more difficult to combine with program analyses: program analysis may need to be programmed as a tactic in the interactive prover | - can be more difficult to combine with program analyses: program analysis may need to be programmed as a tactic in the interactive prover | ||
- no need to trust verification-condition generator | - no need to trust verification-condition generator | ||
- | - limitations in terms of generated code | + | - limitations in terms of generated code, especially to generate imperative and concurrent code |
- need to trust code generator | - need to trust code generator | ||