## Integrating model checking and theorem proving in a reflective functional language (2004)

Venue: | In IFM |

Citations: | 2 - 0 self |

### BibTeX

@INPROCEEDINGS{Melham04integratingmodel,

author = {Tom Melham},

title = {Integrating model checking and theorem proving in a reflective functional language},

booktitle = {In IFM},

year = {2004},

pages = {36--39},

publisher = {Springer-Verlag}

}

### OpenURL

### Abstract

Abstract. Forte is a formal verification system developed by Intel’s Strategic CAD Labs for applications in hardware design and verification. Forte integrates model checking and theorem proving within a functional programming language, which both serves as an extensible specification language and allows the system to be scripted and customized. The latest version of this language, called reFLect, has quotation and antiquotation constructs that build and decompose expressions in the language itself. This provides combination of pattern-matching and reflection features tailored especially for the Forte approach to verification. This short paper is an abstract of an invited presentation given at the International Conference on Integrated Formal Methods in 2004, in which the philosophy and architecture of the Forte system are described and an account is given of the role of reFLect in the system. 1 The Forte Verification Environment Forte [17] is a formal verification environment that has been very effective on

### Citations

847 |
A formulation of the simple theory of types
- Church
- 1940
(Show Context)
Citation Context ...mplementation. It also builds reflection [9] into the logic of the theorem prover. In systems like HOL, higher order logic is constructed along the lines of Church’s formulation of simple type theory =-=[5]-=-, in which the logic is defined on top of the λ-calculus. Defining a logic on top of reFLect in the same way gives a higher-order logic that includes the reFLect reduction rules as well as certain ref... |

237 | Multi-Stage Programming with Explicit Annotations
- Taha, Sheard
- 1997
(Show Context)
Citation Context ...however, the target applications for reFLect in Forte give intensional analysis a primary role in the language. Its design is therefore somewhat different from staged functional languages like MetaML =-=[21]-=- and Template Haskell [19], which are aimed more at program generation and the control and optimization of evaluation. Acknowledgements. I thank the organisers of the IFM 2004 for their kind invitatio... |

198 |
Melham, editors. Introduction to HOL: A Theorem Proving Environment for Higher Order Logic
- Gordon, F
- 1993
(Show Context)
Citation Context ...stricted temporal logic. But STE, like any model checker, still has very limited capacity. Forte therefore complements STE with a higher-order logic theorem prover of similar design to the HOL system =-=[6]-=-. Theorem proving bridges the gap between big, practically-important verification tasks and tractable model checking problems. The Forte philosophy is to have as thin a layer of theorem proving as pos... |

172 | Template meta-programming for Haskell
- Sheard, Jones
- 2002
(Show Context)
Citation Context ...ations for reFLect in Forte give intensional analysis a primary role in the language. Its design is therefore somewhat different from staged functional languages like MetaML [21] and Template Haskell =-=[19]-=-, which are aimed more at program generation and the control and optimization of evaluation. Acknowledgements. I thank the organisers of the IFM 2004 for their kind invitation to speak at the conferen... |

99 | Formal Verification by Symbolic Evaluation of Partially-Ordered Trajectories
- Seger, Bryant
- 1995
(Show Context)
Citation Context ...ted effectively. FL also serves as an expressive language for specifying hardware behaviour. Model checking using symbolic trajectory evaluation (‘STE’) lies at the core of the Forte environment. STE =-=[16]-=- can be viewed as a hybrid between a symbolic simulator and a symbolic model checker. As a simulator, STE can compute symbolic expressions giving outputs as a function of arbitrary inputs. As a model ... |

71 | Accomplishments and research challenges in meta-programming
- Sheard
- 2001
(Show Context)
Citation Context ...fy circuit design transformations [20]. ReFLect makes this a built-in part of the language. The reFLect language can been seen as an application-specific contribution to the field of meta-programming =-=[18]-=-. Unlike most meta-programming systems, however, the target applications for reFLect in Forte give intensional analysis a primary role in the language. Its design is therefore somewhat different from ... |

53 | Metatheory and reflection in theorem proving: A survey and critique
- Harrison
- 1995
(Show Context)
Citation Context ...s all the term inspection and manipulation abilities of a conventional theorem prover while borrowing an efficient execution mechanism from the meta-language implementation. It also builds reflection =-=[9]-=- into the logic of the theorem prover. In systems like HOL, higher order logic is constructed along the lines of Church’s formulation of simple type theory [5], in which the logic is defined on top of... |

48 | Executing higher order logic
- Berghofer, Nipkow
- 2002
(Show Context)
Citation Context ... the object-language and meta-language also causes duplication and inefficiency. Many theorem provers, for example, need to include special code for efficient execution of object-language expressions =-=[2,3]-=-. In reFLect, the data-structure used by the underlying language implementation to represent syntax trees is made available as a data-type within the language itself. Functions on that data-structure,... |

33 | Lifted-FL: A pragmatic implementation of combined model checking and theorem proving
- Aagaard, Jones, et al.
- 1999
(Show Context)
Citation Context ...apabilities allow Forte to make a logically principled connection between theorems in higher order logic and the results of invoking a models38 T. Melham checker. A similar mechanism called lifted-FL =-=[1]-=- was available in earlier versions of Forte, but reFLect provides much richer possibilities. For example, one can use quantifiers to create a bookkeeping framework that cleanly separates logical conte... |

32 | An industrially effective environment for formal hardware verification
- Seger, Jones, et al.
- 2005
(Show Context)
Citation Context ...al Methods in 2004, in which the philosophy and architecture of the Forte system are described and an account is given of the role of reFLect in the system. 1 The Forte Verification Environment Forte =-=[17]-=- is a formal verification environment that has been very effective on large-scale, industrial hardware verification problems at Intel [10,11,12,15]. The Forte system combines several model checking an... |

24 | A reflective functional language for hardware design and theorem proving
- Grundy, Melham, et al.
- 2003
(Show Context)
Citation Context ...l programming plays a central role in scripting verification efforts. 2 The reFLect Functional Language The successor to FL for future generations of Forte is a new functional language called reFLect =-=[7]-=-. The reFLect language is strongly typed and similar to ML [8], but has quotation and antiquotation constructs like those in LISP but in a typed setting. This provides combination of pattern-matching ... |

14 |
C.J.H.: Formally Verifying
- O’Leary, Zhao, et al.
- 1999
(Show Context)
Citation Context ...ect in the system. 1 The Forte Verification Environment Forte [17] is a formal verification environment that has been very effective on large-scale, industrial hardware verification problems at Intel =-=[10,11,12,15]-=-. The Forte system combines several model checking and decision algorithms with lightweight theorem proving in higher-order logic. These reasoning tools are tightly integrated within a strongly-typed,... |

10 | Practical formal verification in microprocessor design
- Jones, O’Leary, et al.
(Show Context)
Citation Context ...ect in the system. 1 The Forte Verification Environment Forte [17] is a formal verification environment that has been very effective on large-scale, industrial hardware verification problems at Intel =-=[10,11,12,15]-=-. The Forte system combines several model checking and decision algorithms with lightweight theorem proving in higher-order logic. These reasoning tools are tightly integrated within a strongly-typed,... |

7 |
Lava: Hardware design
- Bjesse, Claessen, et al.
- 1998
(Show Context)
Citation Context ...n to serving as a meta-language for theorem proving, functional programming languages have often been used to describe the structure of hardware designs. Notable examples include work done in Haskell =-=[4,14]-=- and LISP [13]. A key capability exploited by such work is simulation of hardware designs by program execution. In Forte, however, we also wish to do various operations on the abstract syntax of model... |

7 |
Microprocessor specification
- Matthews, Cook, et al.
- 1998
(Show Context)
Citation Context ...n to serving as a meta-language for theorem proving, functional programming languages have often been used to describe the structure of hardware designs. Notable examples include work done in Haskell =-=[4,14]-=- and LISP [13]. A key capability exploited by such work is simulation of hardware designs by program execution. In Forte, however, we also wish to do various operations on the abstract syntax of model... |

6 |
Proof engineering in the large: Formal verification of the Pentium ® 4 floating-point divider
- Kaivola, Kohatsu
- 2001
(Show Context)
Citation Context ...ect in the system. 1 The Forte Verification Environment Forte [17] is a formal verification environment that has been very effective on large-scale, industrial hardware verification problems at Intel =-=[10,11,12,15]-=-. The Forte system combines several model checking and decision algorithms with lightweight theorem proving in higher-order logic. These reasoning tools are tightly integrated within a strongly-typed,... |

3 |
Formal verification of the Pentium ® 4 multiplier
- Kaivola, Narasimhan
- 2001
(Show Context)
Citation Context |

3 |
Leading-edge and future design challenges: Is the classical EDA ready
- Spirakis
- 2003
(Show Context)
Citation Context ... various operations on the abstract syntax of models written in the language, as well as straight simulation. For example, we wish to implement and possibly even verify circuit design transformations =-=[20]-=-. ReFLect makes this a built-in part of the language. The reFLect language can been seen as an application-specific contribution to the field of meta-programming [18]. Unlike most meta-programming sys... |

1 |
Proving and Computing in HOL’, in Theorem Proving in Higher Order Logics
- Barras
(Show Context)
Citation Context ... the object-language and meta-language also causes duplication and inefficiency. Many theorem provers, for example, need to include special code for efficient execution of object-language expressions =-=[2,3]-=-. In reFLect, the data-structure used by the underlying language implementation to represent syntax trees is made available as a data-type within the language itself. Functions on that data-structure,... |