- William McCune, Olga Shumsky
- CADE
- 2000

IVY is a veriied theorem prover for rst-order logic with equality. It is coded in ACL2, and it makes calls to the theorem prover Otter to search for proofs and to the program MACE to search for coun-termodels. Veriications of Otter and MACE are not practical because they are coded in C. Instead, Otter and MACE give detailed proofs and models that are… (More)

This case study shows how non-ACL2 programs can be combined with ACL2 functions in such a way that useful properties can be proved about the composite programs. Nothing is proved about the non-ACL2 programs. Instead, the results of the non-ACL2 programs are checked at run time by ACL2 functions, and properties of these checker functions are proved. The… (More)

This paper describes a simulator for SDL, a formal description technique for distributed, concurrent, communicating systems. The simulator consists of three main components: the translator, the activator, and the process execution and interleaving mechanism. All components are written in a subset of Common Lisp, and their desired properties are proved in… (More)

An automated finite first-order model generator has been developed. The problem is viewed as a firstorder satisfiability problem. Most existing model generators reduce the problem to propositional satisfiability by converting the input first-order clauses into propositional clauses. This generator, unlike others, stores the input first-order clauses and… (More)

