Results 1 
8 of
8
Efficient execution in an automated reasoning environment
 Journal of Functional Programming
, 2006
"... Abstract We describe a method to permit the user of a mathematical logic to write elegant logical definitions while allowing sound and efficient execution. We focus on the ACL2 logic and automated reasoning environment. ACL2 is used by industrial researchers to describe microprocessor designs and ot ..."
Abstract

Cited by 8 (4 self)
 Add to MetaCart
Abstract We describe a method to permit the user of a mathematical logic to write elegant logical definitions while allowing sound and efficient execution. We focus on the ACL2 logic and automated reasoning environment. ACL2 is used by industrial researchers to describe microprocessor designs and other complicated digital systems. Properties of the designs can be formally established with the theorem prover. But because ACL2 is also a functional programming language, the formal models can be executed as simulation engines. We implement features that afford these dual applications, namely formal proof and execution on industrial test suites. In particular, the features allow the user to install, in a logically sound way, alternative executable counterparts for logicallydefined functions. These alternatives are often much more efficient than the logically equivalent terms they replace. We discuss several applications of these features. 1 Introduction This paper is about a way to permit the functional programmer to prove efficientprograms correct. The idea is to allow the provision of two definitions of the program: an elegant definition that supports effective reasoning by a mechanizedtheorem prover, and an efficient definition for evaluation. A bridge of this sort,
Automated Induction with Constrained Tree Automata ⋆,⋆⋆
"... Abstract. We propose a procedure for automated implicit inductive theorem proving for equational specifications made of rewrite rules with conditions and constraints. The constraints are interpreted over constructor terms (representing data values), and may express syntactic equality, disequality, o ..."
Abstract

Cited by 7 (2 self)
 Add to MetaCart
Abstract. We propose a procedure for automated implicit inductive theorem proving for equational specifications made of rewrite rules with conditions and constraints. The constraints are interpreted over constructor terms (representing data values), and may express syntactic equality, disequality, ordering and also membership in a fixed tree language. Constrained equational axioms between constructor terms are supported and can be used in order to specify complex data structures like sets, sorted lists, trees, powerlists... Our procedure is based on tree grammars with constraints, a formalism which can describe exactly the initial model of the given specification (when it is sufficiently complete and terminating). They are used in the inductive proofs first as an induction scheme for the generation of subgoals at induction steps, second for checking validity and redundancy criteria by reduction to an emptiness problem, and third for defining and solving membership constraints. We show that the procedure is sound and refutationally complete. It generalizes former test set induction techniques and yields natural proofs for several nontrivial examples presented in the paper, these examples are difficult (if not impossible) to specify and carry on automatically with other induction procedures. 1
Adding parallelism capabilities to ACL2
 In Proceedings of the Sixth International Workshop on the ACL2 Theorem Prover and its applications
, 2006
"... We have implemented parallelism primitives that permit an ACL2 programmer to parallelize execution of ACL2 functions. We (1) introduce logical definitions for these primitives, (2) explain the features of our extension, (3) give an evaluation strategy for our implementation, and (4) use the parallel ..."
Abstract

Cited by 5 (3 self)
 Add to MetaCart
We have implemented parallelism primitives that permit an ACL2 programmer to parallelize execution of ACL2 functions. We (1) introduce logical definitions for these primitives, (2) explain the features of our extension, (3) give an evaluation strategy for our implementation, and (4) use the parallelism primitives in examples to show speedup. Categories and Subject Descriptors D.1 [Programming Techniques]: Concurrent Programming—parallel programming; D.2.4 [Software Engineering]: Software/Program Verification—correctness proofs, formal methods; D.3.2 [Programming Languages]: Language Classifications—applicative (functional) languages
Proving Invariants via Rewriting and Abstraction
, 2005
"... We present a deductive method for proving invariants of reactive systems. Our approach uses term rewriting to reduce invariant proofs to reachability analysis on a finite graph. This substantially automates invariant proofs by obviating the need to define inductive invariants while still benefitting ..."
Abstract

Cited by 2 (2 self)
 Add to MetaCart
We present a deductive method for proving invariants of reactive systems. Our approach uses term rewriting to reduce invariant proofs to reachability analysis on a finite graph. This substantially automates invariant proofs by obviating the need to define inductive invariants while still benefitting from the expressiveness of deductive methods. We implement a procedure supporting this approach which interfaces with the ACL2 theorem prover. The interface affords sound extension of our procedure with rewrite rules based on proven theorems. We demonstrate the method in the verification of cache coherence protocols. 1
Deductive Mechanical Verification of Concurrent Systems
, 2005
"... In the tenure of a graduate student, one often has the distinct pleasure to interact and work with a number of different colleagues with different perspectives in general and on research problems in particular. This has certainly been the case with my time as a fulltime and parttime graduate stude ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
In the tenure of a graduate student, one often has the distinct pleasure to interact and work with a number of different colleagues with different perspectives in general and on research problems in particular. This has certainly been the case with my time as a fulltime and parttime graduate student. Unfortunately, while the length of my tenure has thankfully increased the number of colleagues whom I have had the opportunity to work with, it has also increased the likelihood that I will forget to acknowledge those whom I truly should. To those individuals whom I do not include here, I offer my apology. I wish to first acknowledge the members of my committee: Don Fussell, Adnan Aziz, Warren Hunt, J Strother Moore, and Jacob Abraham. I am thankful to each of the committee members for their consideration and examination of my work and in general, for their time and patience. I wish to thank J Moore for his continued interest and support. I have been truly inspired by J’s focus, energy, and standards in the his work on ACL2. I also wish to thank my supervisor Jacob Abraham. Jacob has demonstrated an impressive amount of patience and allowed me the freedom to explore areas which we may not have otherwise considered. I have always been impressed with Jacob’s imagination and he has provided keen insights and constructive advice on my work which have proven very useful over the years.
Categories and Subject Descriptors F.4.1 [Mathematical Logic]: Mechanical Theorem Proving General Terms Quantification
"... ACL2 allows users to define predicates whose logical behavior mimics that of universally or existentially quantified formulae. Proof support for such quantification, however, is quite limited. We present an ACL2 framework that employs tables, computed hints and clause processing to identify quantifi ..."
Abstract
 Add to MetaCart
ACL2 allows users to define predicates whose logical behavior mimics that of universally or existentially quantified formulae. Proof support for such quantification, however, is quite limited. We present an ACL2 framework that employs tables, computed hints and clause processing to identify quantified formulae and to skolemize or instantiate them when possible. We demonstrate how the framework can be used to prove automatically the forallpappend example presented in the ACL2 documentation.
Verified AIG Algorithms in ACL2
"... AndInverter Graphs (AIGs) are a popular way to represent Boolean functions (like circuits). AIG simplification algorithms can dramatically reduce an AIG, and play an important role in modern hardware verification tools like equivalence checkers. In practice, these tricky algorithms are implemented ..."
Abstract
 Add to MetaCart
AndInverter Graphs (AIGs) are a popular way to represent Boolean functions (like circuits). AIG simplification algorithms can dramatically reduce an AIG, and play an important role in modern hardware verification tools like equivalence checkers. In practice, these tricky algorithms are implemented with optimized C or C++ routines with no guarantee of correctness. Meanwhile, many interactive theorem provers can now employ SAT or SMT solvers to automatically solve finite goals, but no theorem prover makes use of these advanced, AIGbased approaches. We have developed two ways to represent AIGs within the ACL2 theorem prover. One representation, HonsAIGs, is especially convenient to use and reason about. The other, Aignet, is the opposite; it is styled after modern AIG packages and allows for efficient algorithms. We have implemented functions for converting between these representations, random vector simulation, conversion to CNF, etc., and developed reasoning strategies for verifying these algorithms. Aside from these contributions towards verifying AIG algorithms, this work has an immediate, practical benefit for ACL2 users who are using GL to bitblast finite ACL2 theorems: they can now optionally trust an offtheshelf SAT solver to carry out the proof, instead of using the builtin BDD package. Looking to the future, it is a first step toward implementing verified AIG simplification algorithms that might further improve GL performance. 1
Automated Specification Analysis Using an Interactive Theorem Prover
"... Abstract—A method for analyzing designs and their specifications is presented. The method makes essential use of an interactive theorem prover, but is fully automatic. Given a design and a specification, the method returns one of three possible answers. It can report that the design does not satisfy ..."
Abstract
 Add to MetaCart
Abstract—A method for analyzing designs and their specifications is presented. The method makes essential use of an interactive theorem prover, but is fully automatic. Given a design and a specification, the method returns one of three possible answers. It can report that the design does not satisfy the specification, in which case a concrete counterexample is provided. It can report that the design does satisfy the specification, in which case a formal proof to that effect is provided. If neither of these cases hold, then a summary of the analysis is reported. We have implemented and experimentally validated the method in ACL2s, the ACL2 Sedan. I.