Results 1  10
of
14
CakeML: A verified implementation of ML
 In Principles of Programming Languages (POPL
, 2014
"... We have developed and mechanically verified an ML system called CakeML, which supports a substantial subset of Standard ML. CakeML is implemented as an interactive readevalprint loop (REPL) in x8664 machine code. Our correctness theorem ensures that this REPL implementation prints only those resu ..."
Abstract

Cited by 14 (5 self)
 Add to MetaCart
(Show Context)
We have developed and mechanically verified an ML system called CakeML, which supports a substantial subset of Standard ML. CakeML is implemented as an interactive readevalprint loop (REPL) in x8664 machine code. Our correctness theorem ensures that this REPL implementation prints only those results permitted by the semantics of CakeML. Our verification effort touches on a breadth of topics including lexing, parsing, type checking, incremental and dynamic compilation, garbage collection, arbitraryprecision arithmetic, and compiler bootstrapping. Our contributions are twofold. The first is simply in building a system that is endtoend verified, demonstrating that each piece of such a verification effort can in practice be composed with the others, and ensuring that none of the pieces rely on any oversimplifying assumptions. The second is developing novel approaches to some of the more challenging aspects of the verification. In particular, our formally verified compiler can bootstrap itself: we apply the verified compiler to itself to produce a verified machinecode implementation of the compiler. Additionally, our compiler proof handles diverging input programs with a lightweight approach based on logical timeout exceptions. The entire development was carried out in the HOL4 theorem prover.
The reflective Milawa theorem prover is sound
, 2012
"... Abstract. This paper presents, what we believe to be, the most comprehensive evidence of a theorem prover’s soundness to date. We have proved the soundness of the reflective Milawa theorem prover: we formalised its logic, proved the logic sound, and proved that Milawa’s kernel (2,000 lines of Lisp) ..."
Abstract

Cited by 5 (2 self)
 Add to MetaCart
(Show Context)
Abstract. This paper presents, what we believe to be, the most comprehensive evidence of a theorem prover’s soundness to date. We have proved the soundness of the reflective Milawa theorem prover: we formalised its logic, proved the logic sound, and proved that Milawa’s kernel (2,000 lines of Lisp) is faithful to its logic. By combining these results with previous work, we have shown that Milawa can never claim to prove anything that is false when run on top of our previously developed verified runtime. This work was carried out using the HOL4 theorem prover. Dedicated to John McCarthy (1927–2011)
S.: Proofproducing synthesis of ML from higherorder logic
 International Conference on Functional Programming (ICFP). ACM (2012
"... The higherorder logic found in proof assistants such as Coq and various HOL systems provides a convenient setting for the development and verification of pure functional programs. However, to efficiently run these programs, they must be converted (or “extracted”) to functional programs in a program ..."
Abstract

Cited by 4 (3 self)
 Add to MetaCart
(Show Context)
The higherorder logic found in proof assistants such as Coq and various HOL systems provides a convenient setting for the development and verification of pure functional programs. However, to efficiently run these programs, they must be converted (or “extracted”) to functional programs in a programming language such as ML or Haskell. With current techniques, this step, which must be trusted, relates similar looking objects that have very different semantic definitions, such as the settheoretic model of a logic and the operational semantics of a programming language. In this paper, we show how to increase the trustworthiness of this step with an automated technique. Given a functional program expressed in higherorder logic, our technique provides the corresponding program for a functional language defined with an operational semantics, and it provides a mechanically checked theorem relating the two. This theorem can then be used to transfer verified properties of the logical function to the program. We have implemented our technique in the HOL4 theorem prover, translating functions to a core subset of Standard ML, and have applied it to examples including functional data structures, a parser generator, cryptographic algorithms, and a garbage collector.
LCFstyle BitBlasting in HOL4
"... Abstract. This paper describes a new proof tool for deciding bitvector problems in HOL4. The approach is based on “bitblasting”, wherein word expressions are mapped into propositional formulas, which are then handed to a SAT solver. Significantly, the implementation uses the LCF approach, which me ..."
Abstract

Cited by 4 (0 self)
 Add to MetaCart
(Show Context)
Abstract. This paper describes a new proof tool for deciding bitvector problems in HOL4. The approach is based on “bitblasting”, wherein word expressions are mapped into propositional formulas, which are then handed to a SAT solver. Significantly, the implementation uses the LCF approach, which means that the soundness of the tool is guaranteed by the soundness of HOL4’s logical kernel. 1
Proof Pearl: A Verified Bignum Implementation in x8664 Machine Code
"... Abstract. Verification of machine code can easily deteriorate into an endless clutter of lowlevel details. This paper presents a case study which shows that machinecode verification does not necessitate ghastly lowlevel proofs. The case study we describe is the construction of an x8664 implementa ..."
Abstract

Cited by 3 (2 self)
 Add to MetaCart
(Show Context)
Abstract. Verification of machine code can easily deteriorate into an endless clutter of lowlevel details. This paper presents a case study which shows that machinecode verification does not necessitate ghastly lowlevel proofs. The case study we describe is the construction of an x8664 implementation of arbitraryprecision integer arithmetic. Compared with closely related work, our proofs are shorter and, more importantly, the reasoning is at a more convenient high level of abstraction, e.g. pointer reasoning is largely avoided. We achieve this improvement as a result of using an abstraction for arrays and previously developed tools, namely, a proofproducing decompiler and compiler. The work presented in this paper has been developed in the HOL4 theorem prover. The case study resulted in 800 lines of verified 64bit x86 machine code. 1
Functional programs: conversions between deep and shallow embeddings
 Interactive Theorem Proving (ITP), volume 7406 of LNCS
, 2012
"... Abstract. This paper presents a method which simplifies verification of deeply embedded functional programs. We present a technique by which proofcertified equations describing the effect of functional programs (shallow embeddings) can be automatically extracted from their operational semantics. Ou ..."
Abstract

Cited by 3 (3 self)
 Add to MetaCart
(Show Context)
Abstract. This paper presents a method which simplifies verification of deeply embedded functional programs. We present a technique by which proofcertified equations describing the effect of functional programs (shallow embeddings) can be automatically extracted from their operational semantics. Our method can be used in reverse, i.e. from shallow to deep embeddings, and thus for implementing certifying code synthesis: we have implemented a tool which maps HOL functions to equivalent Lisp functions, for which we have a verified Lisp runtime. A key benefit, in both directions, is that the verifier does not need to understand the operational semantics that gives meanings to the deep embeddings. 1
Mechanizing the Metatheory of Sledgehammer
"... Abstract. This paper presents an Isabelle/HOL formalization of recent research in automated reasoning: efficient encodings of sorts in unsorted firstorder logic, as implemented in Isabelle’s Sledgehammer proof tool. The formalization provides the generalpurpose machinery to reason about formulas a ..."
Abstract

Cited by 2 (2 self)
 Add to MetaCart
(Show Context)
Abstract. This paper presents an Isabelle/HOL formalization of recent research in automated reasoning: efficient encodings of sorts in unsorted firstorder logic, as implemented in Isabelle’s Sledgehammer proof tool. The formalization provides the generalpurpose machinery to reason about formulas and models, emulating the theory of institutions. It also establishes classical metatheorems such as completeness, compactness, and downward Löwenheim–Skolem. Quantifiers are represented using a nominallike approach designed for interpreting syntax in semantic domains. 1
Decompilation into Logic — Improved
"... Abstract—This paper presents improvements to a technique which aids verification of machinecode programs. This technique, called decompilation into logic, allows the verifier to only deal with tractable extracted models of the machine code rather than the concrete code itself. Our improvements make ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
(Show Context)
Abstract—This paper presents improvements to a technique which aids verification of machinecode programs. This technique, called decompilation into logic, allows the verifier to only deal with tractable extracted models of the machine code rather than the concrete code itself. Our improvements make decompilation simpler, faster and more generally applicable. In particular, the new technique allows the verifier to avoid tedious reasoning directly in the underlying machinecode Hoare logic or the model of the instruction set architecture. The method described in this paper has been implemented in the HOL4 theorem prover. I.
Towards SelfVerification of Isabelle’s Sledgehammer
"... Abstract. This paper presents an Isabelle/HOL formalisation of recent research in automated reasoning: efficient encodings of sorts in unsorted firstorder logic, as implemented in the Sledgehammer proof tool. The formalisation provides the machinery to reason about models as well as classical metat ..."
Abstract
 Add to MetaCart
(Show Context)
Abstract. This paper presents an Isabelle/HOL formalisation of recent research in automated reasoning: efficient encodings of sorts in unsorted firstorder logic, as implemented in the Sledgehammer proof tool. The formalisation provides the machinery to reason about models as well as classical metatheorems, emulating the theory of institutions. Quantifiers are represented using an approach that avoids some of the tedium and restrictions associated with better known binder representations. Sledgehammer itself has been useful for discharging the proof obligations arising from its own metatheory. 1
The second author was partially supported by
, 2015
"... The reflective Milawa theorem prover is sound ..."
(Show Context)