Results 1 
6 of
6
A verified runtime for a verified theorem prover
"... rely on the correctness of runtime systems for programming languages like ML, OCaml or Common Lisp. These runtime systems are complex and critical to the integrity of the theorem provers. In this paper, we present a new Lisp runtime which has been formally verified and can run the Milawa theorem pro ..."
Abstract

Cited by 10 (5 self)
 Add to MetaCart
rely on the correctness of runtime systems for programming languages like ML, OCaml or Common Lisp. These runtime systems are complex and critical to the integrity of the theorem provers. In this paper, we present a new Lisp runtime which has been formally verified and can run the Milawa theorem prover. Our runtime consists of 7,500 lines of machine code and is able to complete a 4 gigabyte Milawa proof effort. When our runtime is used to carry out Milawa proofs, less unverified code must be trusted than with any other theorem prover. Our runtime includes a justintime compiler, a copying garbage collector, a parser and a printer, all of which are HOL4verified down to the concrete x86 code. We make heavy use of our previously developed tools for machinecode verification. This work demonstrates that our approach to machinecode verification scales to nontrivial applications. 1
Symbolic Simulation in ACL2
"... We have created an experimental extension to ACL2 that provides a means to symbolically evaluate ACL2 expressions. This modified implementation can be used to compute the ’general ’ application of an ACL2 function to generalized data. In particular, we use uBDDs to represent functions from Boolean v ..."
Abstract

Cited by 1 (1 self)
 Add to MetaCart
We have created an experimental extension to ACL2 that provides a means to symbolically evaluate ACL2 expressions. This modified implementation can be used to compute the ’general ’ application of an ACL2 function to generalized data. In particular, we use uBDDs to represent functions from Boolean variables to finite sets of ACL2 objects, and for guardchecked ACL2 functions we can automatically create corresponding generalized functions to operate on such generalized data. The DEFTHM hint mechanism has been extended to permit the direct application of symbolic simulation as a part of a proof attempt. This extension made it possible to directly verify the Legato Challenge using only symbolic simulation; this challenge involves proving the correctness of a 6502 assemblylanguage program that performs an 8bit by 8bit multiplication through repeated addition. We need only provide the initial symbolic data, i.e., two 8bit, symbolic numbers, and we symbolically simulate the assemblylanguage program by symbolically simulating an ISAlevel 6502program interpreter that produces a symbolic result that we compare to its specification.
2011): BitBlasting ACL2 Theorems
 In: ACL2 ’11, Electronic Proceedings in Theoretical Computer Science 70
"... Interactive theorem proving requires a lot of human guidance. Proving a property involves (1) figuring out why it holds, then (2) coaxing the theorem prover into believing it. Both steps can take a long time. We explain how to use GL, a framework for proving finite ACL2 theorems with BDD or SATbas ..."
Abstract

Cited by 1 (1 self)
 Add to MetaCart
Interactive theorem proving requires a lot of human guidance. Proving a property involves (1) figuring out why it holds, then (2) coaxing the theorem prover into believing it. Both steps can take a long time. We explain how to use GL, a framework for proving finite ACL2 theorems with BDD or SATbased reasoning. This approach makes it unnecessary to deeply understand why a property is true, and automates the process of admitting it as a theorem. We use GL at Centaur Technology to verify execution units for x86 integer, MMX, SSE, and floatingpoint arithmetic. 1
A Trustworthy, Extensible Theorem Prover Ph.D. Dissertation Proposal
"... 2.1 Formal verification........................ 3 2.2 Our choice of logic........................ 4 ..."
Abstract
 Add to MetaCart
2.1 Formal verification........................ 3 2.2 Our choice of logic........................ 4
Verified AIG Algorithms in ACL2
"... AndInverter Graphs (AIGs) are a popular way to represent Boolean functions (like circuits). AIG simplification algorithms can dramatically reduce an AIG, and play an important role in modern hardware verification tools like equivalence checkers. In practice, these tricky algorithms are implemented ..."
Abstract
 Add to MetaCart
AndInverter Graphs (AIGs) are a popular way to represent Boolean functions (like circuits). AIG simplification algorithms can dramatically reduce an AIG, and play an important role in modern hardware verification tools like equivalence checkers. In practice, these tricky algorithms are implemented with optimized C or C++ routines with no guarantee of correctness. Meanwhile, many interactive theorem provers can now employ SAT or SMT solvers to automatically solve finite goals, but no theorem prover makes use of these advanced, AIGbased approaches. We have developed two ways to represent AIGs within the ACL2 theorem prover. One representation, HonsAIGs, is especially convenient to use and reason about. The other, Aignet, is the opposite; it is styled after modern AIG packages and allows for efficient algorithms. We have implemented functions for converting between these representations, random vector simulation, conversion to CNF, etc., and developed reasoning strategies for verifying these algorithms. Aside from these contributions towards verifying AIG algorithms, this work has an immediate, practical benefit for ACL2 users who are using GL to bitblast finite ACL2 theorems: they can now optionally trust an offtheshelf SAT solver to carry out the proof, instead of using the builtin BDD package. Looking to the future, it is a first step toward implementing verified AIG simplification algorithms that might further improve GL performance. 1
Chapter 1 Use of Formal Verification at Centaur Technology
"... We have developed a formalmethodsbased hardware verification toolflow to help ensure the correctness of our X86compatible microprocessors. Our toolflow uses the ACL2 theoremproving system as a design database and a verification engine. We verify Verilog designs by first translating them into a ..."
Abstract
 Add to MetaCart
We have developed a formalmethodsbased hardware verification toolflow to help ensure the correctness of our X86compatible microprocessors. Our toolflow uses the ACL2 theoremproving system as a design database and a verification engine. We verify Verilog designs by first translating them into a