Results 1  10
of
15
ACL2 Theorems about Commercial Microprocessors
, 1996
"... ACL2 is a mechanized mathematical logic intended for use in specifying and proving properties of computing machines. In two independent projects, industrial engineers have collaborated with researchers at Computational Logic, Inc. (CLI), to use ACL2 to model and prove properties of stateoftheart ..."
Abstract

Cited by 68 (14 self)
 Add to MetaCart
ACL2 is a mechanized mathematical logic intended for use in specifying and proving properties of computing machines. In two independent projects, industrial engineers have collaborated with researchers at Computational Logic, Inc. (CLI), to use ACL2 to model and prove properties of stateoftheart commercial microprocessors prior to fabrication. In the first project, Motorola, Inc., and CLI collaborated to specify Motorola's complex arithmetic processor (CAP), a singlechip, digital signal processor (DSP) optimized for communications signal processing. Using the specification, we proved the correctness of several CAP microcode programs. The second industrial collaboration involving ACL2 was between Advanced Micro Devices, Inc. (AMD) and CLI. In this work we proved the correctness of the kernel of the floatingpoint division operation on AMD's first Pentiumclass microprocessor, the AMD5K 86. In this paper, we discuss ACL2 and these industrial applications, with particular attention ...
Structured Theory Development for a Mechanized Logic
 Journal of Automated Reasoning
, 1999
"... Experience has shown that large or multiuser interactive proof efforts can benefit significantly from structuring mechanisms, much like those available in many modern programming languages. Such a mechanism can allow some lemmas and definitions to be exported, and others not. In this paper we addre ..."
Abstract

Cited by 48 (14 self)
 Add to MetaCart
Experience has shown that large or multiuser interactive proof efforts can benefit significantly from structuring mechanisms, much like those available in many modern programming languages. Such a mechanism can allow some lemmas and definitions to be exported, and others not. In this paper we address two such structuring mechanisms for the ACL2 theorem prover: encapsulation and books. After presenting an introduction to ACL2, this paper justifies the implementation of ACL2's structuring mechanisms and, more generally, formulates and proves highlevel correctness properties of ACL2. The issues in the present paper are relevant not only for ACL2 but also for other theoremproving environments.
Mechanized Formal Reasoning about Programs and Computing Machines
, 1996
"... ly every instruction will have an opcode and two arguments, a and b. (defun opcode (ins) (nth 0 ins)) (defun a (ins) (nth 1 ins)) (defun b (ins) (nth 2 ins)) Because nth, like put, extends its list argument with nils, we can write instructions in three formats: (op), (op a), and (op a b) and omitte ..."
Abstract

Cited by 28 (11 self)
 Add to MetaCart
ly every instruction will have an opcode and two arguments, a and b. (defun opcode (ins) (nth 0 ins)) (defun a (ins) (nth 1 ins)) (defun b (ins) (nth 2 ins)) Because nth, like put, extends its list argument with nils, we can write instructions in three formats: (op), (op a), and (op a b) and omitted arguments default to nil. For example, the constant (times (movi 2 0) ; 0 mem[2] / 0 (jumpz 0 5) ; 1 if mem[0]=0, go to 5 (add 2 1) ; 2 mem[2] / mem[1] + mem[2] (subi 0 1) ; 3 mem[0] / mem[0]  1 (jump 1) ; 4 go to 1 (ret))) ; 5 return to caller defines one program in our language. The constant is a list of seven elements. The first, times, is the name of the program and the other six elements are the 8 Chapter 4 instructions. For example, the first instruction is (movi 2 0), which has an opcode of movi, an a argument of 2 and a b argument of 0; the last instruction is (ret), which has an opcode of ret and a and b arguments of nil. A typical code memory will contain many such ...
Proving Theorems about Javalike Byte Code
 CORRECT SYSTEM DESIGN { RECENT INSIGHTS AND ADVANCES
, 1999
"... We describe a formalization of an abstract machine very similar to the Java Virtual Machine but far simpler. We develop techniques for specifying the properties of classes and methods for this machine. We ..."
Abstract

Cited by 17 (9 self)
 Add to MetaCart
We describe a formalization of an abstract machine very similar to the Java Virtual Machine but far simpler. We develop techniques for specifying the properties of classes and methods for this machine. We
Structure of a proofproducing compiler for a subset of higher order logic
 16th European Symposium on Programming (ESOP’07
, 2007
"... Abstract. We give an overview of a proofproducing compiler which translates recursion equations, defined in higher order logic, to assembly language. The compiler is implemented and validated with a mix of translation validation and compiler verification techniques. Both the design of the compiler ..."
Abstract

Cited by 8 (6 self)
 Add to MetaCart
Abstract. We give an overview of a proofproducing compiler which translates recursion equations, defined in higher order logic, to assembly language. The compiler is implemented and validated with a mix of translation validation and compiler verification techniques. Both the design of the compiler and its mechanical verification are implemented in the same logic framework.
Robust Computer System Proofs in PVS
 LFM97: FOURTH NASA LANGLEY FORMAL METHODS WORKSHOP. NASA CONFERENCE PUBLICATION NO. 3356
, 1997
"... Practical formal verification of complex computer systems requires proof robustness and efficiency to protect against inevitable mistakes and system specification and design changes. PVS is a theoremproving system based on higherorder logic with which we demonstrate the kind of robust code proofs n ..."
Abstract

Cited by 7 (2 self)
 Add to MetaCart
Practical formal verification of complex computer systems requires proof robustness and efficiency to protect against inevitable mistakes and system specification and design changes. PVS is a theoremproving system based on higherorder logic with which we demonstrate the kind of robust code proofs needed for verification of realisticsized computing systems.
A proofproducing software compiler for a subset of higher order logic
, 2006
"... We discuss a proofproducing compiler which translates first order recursion equations, defined in higher order logic, to assembly language. The front end of the compiler is based on a series of sourcetosource translations, starting with a semantic CPS translation and culminating in graphcolouri ..."
Abstract

Cited by 7 (1 self)
 Add to MetaCart
We discuss a proofproducing compiler which translates first order recursion equations, defined in higher order logic, to assembly language. The front end of the compiler is based on a series of sourcetosource translations, starting with a semantic CPS translation and culminating in graphcolouring register allocation. Equality of the original program and the result of register allocation is proved automatically. A translation validation assertion is then generated, relating values of the original function to the result of running the compiled code on a subset of the ARM machine. Approaches to the automatic proof of this formula are also discussed.
Compilation as Rewriting in Higher Order Logic
"... Abstract. We present an approach based on the use of deductive rewriting to construct a trusted compiler for a subset of the native functions of higher order logic. Program transformations are specified by equality theorems that characterize the transformations; the mechanical application of these r ..."
Abstract

Cited by 7 (5 self)
 Add to MetaCart
Abstract. We present an approach based on the use of deductive rewriting to construct a trusted compiler for a subset of the native functions of higher order logic. Program transformations are specified by equality theorems that characterize the transformations; the mechanical application of these rules is directed by programs written in the metalanguage of the logical framework. Each application of a rule ensures that the transformed code is equivalent to the original one, thus warranting the correctness of the entire compiler. 1
A mechanized program verifier
 In IFIP Working Conference on the Program Verifier Challenge
, 2005
"... Abstract. In my view, the “verification problem ” is the theorem proving problem, restricted to a computational logic. My approach is: adopt a functional programming language, build a general purpose formal reasoning engine around it, integrate it into a program and proof development environment, an ..."
Abstract

Cited by 3 (0 self)
 Add to MetaCart
Abstract. In my view, the “verification problem ” is the theorem proving problem, restricted to a computational logic. My approach is: adopt a functional programming language, build a general purpose formal reasoning engine around it, integrate it into a program and proof development environment, and apply it to model and verify a wide variety of computing artifacts, usually modeled operationally within the functional programming language. Everything done in this approach is software verification since the models are runnable programs in a subset of an ANSI standard programming language (Common Lisp). But this approach is of interest to proponents of other approaches (e.g., verification of procedural programs or synthesis) because of the nature of the mathematics of computing. I summarize the progress so far using this approach, sketch the key research challenges ahead and describe my vision of the role and shape of a useful verification system. 1