Results 1  10
of
13
Efficient execution in an automated reasoning environment
 Journal of Functional Programming
, 2006
"... Abstract We describe a method to permit the user of a mathematical logic to write elegant logical definitions while allowing sound and efficient execution. We focus on the ACL2 logic and automated reasoning environment. ACL2 is used by industrial researchers to describe microprocessor designs and ot ..."
Abstract

Cited by 8 (4 self)
 Add to MetaCart
(Show Context)
Abstract We describe a method to permit the user of a mathematical logic to write elegant logical definitions while allowing sound and efficient execution. We focus on the ACL2 logic and automated reasoning environment. ACL2 is used by industrial researchers to describe microprocessor designs and other complicated digital systems. Properties of the designs can be formally established with the theorem prover. But because ACL2 is also a functional programming language, the formal models can be executed as simulation engines. We implement features that afford these dual applications, namely formal proof and execution on industrial test suites. In particular, the features allow the user to install, in a logically sound way, alternative executable counterparts for logicallydefined functions. These alternatives are often much more efficient than the logically equivalent terms they replace. We discuss several applications of these features. 1 Introduction This paper is about a way to permit the functional programmer to prove efficientprograms correct. The idea is to allow the provision of two definitions of the program: an elegant definition that supports effective reasoning by a mechanizedtheorem prover, and an efficient definition for evaluation. A bridge of this sort,
Adding parallelism capabilities to ACL2
 In Proceedings of the Sixth International Workshop on the ACL2 Theorem Prover and its applications
, 2006
"... We have implemented parallelism primitives that permit an ACL2 programmer to parallelize execution of ACL2 functions. We (1) introduce logical definitions for these primitives, (2) explain the features of our extension, (3) give an evaluation strategy for our implementation, and (4) use the parallel ..."
Abstract

Cited by 8 (4 self)
 Add to MetaCart
(Show Context)
We have implemented parallelism primitives that permit an ACL2 programmer to parallelize execution of ACL2 functions. We (1) introduce logical definitions for these primitives, (2) explain the features of our extension, (3) give an evaluation strategy for our implementation, and (4) use the parallelism primitives in examples to show speedup. Categories and Subject Descriptors D.1 [Programming Techniques]: Concurrent Programming—parallel programming; D.2.4 [Software Engineering]: Software/Program Verification—correctness proofs, formal methods; D.3.2 [Programming Languages]: Language Classifications—applicative (functional) languages
Automated Induction with Constrained Tree Automata
, 2008
"... We propose a procedure for automated implicit inductive theorem proving for equational specifications made of rewrite rules with conditions and constraints. The constraints are interpreted over constructor terms (representing data values), and may express syntactic equality, disequality, ordering ..."
Abstract

Cited by 7 (2 self)
 Add to MetaCart
(Show Context)
We propose a procedure for automated implicit inductive theorem proving for equational specifications made of rewrite rules with conditions and constraints. The constraints are interpreted over constructor terms (representing data values), and may express syntactic equality, disequality, ordering and also membership in a fixed tree language. Constrained equational axioms between constructor terms are supported and can be used in order to specify complex data structures like sets, sorted lists, trees, powerlists... Our procedure is based on tree grammars with constraints, a formalism which can describe exactly the initial model of the given specification (when it is sufficiently complete and terminating). They are used in the inductive proofs first as an induction scheme for the generation of subgoals at induction steps, second for checking validity and redundancy criteria by reduction to an emptiness problem, and third for defining and solving membership constraints. We show that the procedure is sound and refutationally complete. It generalizes former test set induction techniques and yields natural proofs for several nontrivial examples presented in the paper, these examples are difficult (if not impossible) to specify and carry on automatically with other induction procedures.
Automated induction for complex data structures. Research Report LSV0511, Laboratoire Spécification et Vérification, 2005. personal communication
 of Joe Hendrix Adel Bouhoula and Florent Jacquemard inria00579017, version 1  22 Mar 2011
"... Abstract. We propose a procedure for automated implicit inductive theorem proving for equational specifications made of rewrite rules with conditions and constraints. The constraints are interpreted over constructor terms (representing data values), and may express syntactic equality, disequality, o ..."
Abstract

Cited by 4 (3 self)
 Add to MetaCart
Abstract. We propose a procedure for automated implicit inductive theorem proving for equational specifications made of rewrite rules with conditions and constraints. The constraints are interpreted over constructor terms (representing data values), and may express syntactic equality, disequality, ordering and also membership in a fixed tree language. Constrained equational axioms between constructor terms are supported and can be used in order to specify complex data structures like sets, sorted lists, trees, powerlists... Our procedure is based on tree grammars with constraints, a formalism which can describe exactly the initial model of the given specification (when it is sufficiently complete and terminating). They are used in the inductive proofs first as an induction scheme for the generation of subgoals at induction steps, second for checking validity and redundancy criteria by reduction to an emptiness problem, and third for defining and solving membership constraints. We show that the procedure is sound and refutationally complete. It generalizes former test set induction techniques and yields natural proofs for several nontrivial examples presented in the paper, these examples are difficult to specify and carry on automatically with related induction procedures.
Proving Invariants via Rewriting and Abstraction
, 2005
"... We present a deductive method for proving invariants of reactive systems. Our approach uses term rewriting to reduce invariant proofs to reachability analysis on a finite graph. This substantially automates invariant proofs by obviating the need to define inductive invariants while still benefitting ..."
Abstract

Cited by 2 (2 self)
 Add to MetaCart
(Show Context)
We present a deductive method for proving invariants of reactive systems. Our approach uses term rewriting to reduce invariant proofs to reachability analysis on a finite graph. This substantially automates invariant proofs by obviating the need to define inductive invariants while still benefitting from the expressiveness of deductive methods. We implement a procedure supporting this approach which interfaces with the ACL2 theorem prover. The interface affords sound extension of our procedure with rewrite rules based on proven theorems. We demonstrate the method in the verification of cache coherence protocols. 1
Verified AIG Algorithms in ACL2
"... AndInverter Graphs (AIGs) are a popular way to represent Boolean functions (like circuits). AIG simplification algorithms can dramatically reduce an AIG, and play an important role in modern hardware verification tools like equivalence checkers. In practice, these tricky algorithms are implemented ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
(Show Context)
AndInverter Graphs (AIGs) are a popular way to represent Boolean functions (like circuits). AIG simplification algorithms can dramatically reduce an AIG, and play an important role in modern hardware verification tools like equivalence checkers. In practice, these tricky algorithms are implemented with optimized C or C++ routines with no guarantee of correctness. Meanwhile, many interactive theorem provers can now employ SAT or SMT solvers to automatically solve finite goals, but no theorem prover makes use of these advanced, AIGbased approaches. We have developed two ways to represent AIGs within the ACL2 theorem prover. One representation, HonsAIGs, is especially convenient to use and reason about. The other, Aignet, is the opposite; it is styled after modern AIG packages and allows for efficient algorithms. We have implemented functions for converting between these representations, random vector simulation, conversion to CNF, etc., and developed reasoning strategies for verifying these algorithms. Aside from these contributions towards verifying AIG algorithms, this work has an immediate, practical benefit for ACL2 users who are using GL to bitblast finite ACL2 theorems: they can now optionally trust an offtheshelf SAT solver to carry out the proof, instead of using the builtin BDD package. Looking to the future, it is a first step toward implementing verified AIG simplification algorithms that might further improve GL performance. 1
Categories and Subject Descriptors F.4.1 [Mathematical Logic]: Mechanical Theorem Proving General Terms Quantification
"... ACL2 allows users to define predicates whose logical behavior mimics that of universally or existentially quantified formulae. Proof support for such quantification, however, is quite limited. We present an ACL2 framework that employs tables, computed hints and clause processing to identify quantifi ..."
Abstract
 Add to MetaCart
(Show Context)
ACL2 allows users to define predicates whose logical behavior mimics that of universally or existentially quantified formulae. Proof support for such quantification, however, is quite limited. We present an ACL2 framework that employs tables, computed hints and clause processing to identify quantified formulae and to skolemize or instantiate them when possible. We demonstrate how the framework can be used to prove automatically the forallpappend example presented in the ACL2 documentation.
This work is licensed under the Creative Commons Attribution License. Fix Your Types
"... When using existing ACL2 datatype frameworks, many theorems require type hypotheses. These hypotheses slow down the theorem prover, are tedious to write, and are easy to forget. We describe a principled approach to types that provides strong type safety and execution efficiency while avoiding type h ..."
Abstract
 Add to MetaCart
(Show Context)
When using existing ACL2 datatype frameworks, many theorems require type hypotheses. These hypotheses slow down the theorem prover, are tedious to write, and are easy to forget. We describe a principled approach to types that provides strong type safety and execution efficiency while avoiding type hypotheses, and we present a library that automates this approach. Using this approach, types help you catch programming errors and then get out of the way of theorem proving. 1
Proving Invariants via Rewriting and Abstraction \Lambda
, 2005
"... Abstract We present a deductive method for proving invariants of reactive systems. Our approach uses term rewriting to reduce invariant proofs to reachability analysis on a finite graph. This substantially automates invariant proofs by obviating the need to define inductive invariants while still be ..."
Abstract
 Add to MetaCart
(Show Context)
Abstract We present a deductive method for proving invariants of reactive systems. Our approach uses term rewriting to reduce invariant proofs to reachability analysis on a finite graph. This substantially automates invariant proofs by obviating the need to define inductive invariants while still benefitting from the expressiveness of deductive methods. We implement a procedure supporting this approach which interfaces with the ACL2 theorem prover. The interface affords sound extension of our procedure with rewrite rules based on proven theorems. We demonstrate the method in the verification of cache coherence protocols. 1 Motivation The goal of invariant proving is to show that a certain target property of a reactive system is an invariant. Invariant proving is a key problem in formal verification. Verification of safety properties can be reduced to the proof of an invariant. Even in the proofs of liveness properties, one typically needs to establish some auxiliary invariance condition. Invariant proving is difficult for both model checking and theorem proving. The model checking approach involves a (symbolic or explicit) search to check if all the reachable system states satisfy the target property. If the number of states is tractable, the process is automatic usually with the additional benefit of counterexample generation when the verification fails. However, the method is limited in practice by state explosion. The theorem proving approach involves strengthening the target property to an inductive invariant. This approach is generally insensitive to state explosion but in practice can require significant user interaction for defining the inductive invariant. In addition, inductive invariants are brittle and often require extensive modification to match design changes. However, theorem provers support expressive logics which allow users to succinctly define systems, properties, and any additional functions and lemmas that enable efficient proofs.