Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
|
sav08:proof_and_code_generation_in_lcf_systems [2008/05/28 11:09] vkuncak |
sav08:proof_and_code_generation_in_lcf_systems [2009/03/05 13:52] vkuncak |
||
|---|---|---|---|
| Line 39: | Line 39: | ||
| then this shows that function deriveFact always produces a valid theorem. Whenever we use expression on LHS, we could hace used expression on RHS. While RHS constructs a theorem, the LHS directly computes it, without invoking primitive rules, so it can be much faster. It is the theorem prover in the usual sense. | then this shows that function deriveFact always produces a valid theorem. Whenever we use expression on LHS, we could hace used expression on RHS. While RHS constructs a theorem, the LHS directly computes it, without invoking primitive rules, so it can be much faster. It is the theorem prover in the usual sense. | ||
| + | |||
| ===== Proving Software ===== | ===== Proving Software ===== | ||
| Line 52: | Line 53: | ||
| - use interactive proof to prove these verification conditions | - use interactive proof to prove these verification conditions | ||
| - | Aprooach 1 is | + | Characteristic of Aprooach 1: |
| - more flexible: we choose how to organize the proof, need not use particular VCGen strategy | - more flexible: we choose how to organize the proof, need not use particular VCGen strategy | ||
| - can be more difficult to combine with program analyses: program analysis may need to be programmed as a tactic in the interactive prover | - can be more difficult to combine with program analyses: program analysis may need to be programmed as a tactic in the interactive prover | ||
| - no need to trust verification-condition generator | - no need to trust verification-condition generator | ||
| - | - limitations in terms of generated code | + | - limitations in terms of generated code, especially to generate imperative and concurrent code |
| - need to trust code generator | - need to trust code generator | ||