## Single-Threaded Objects in ACL2 (1999)

Venue: | Practical Aspects of Declarative Languages (PADL), volume 2257 of LNCS |

Citations: | 10 - 2 self |

### BibTeX

@INPROCEEDINGS{Boyer99single-threadedobjects,

author = {Robert S. Boyer and J. Strother Moore},

title = {Single-Threaded Objects in ACL2},

booktitle = {Practical Aspects of Declarative Languages (PADL), volume 2257 of LNCS},

year = {1999},

pages = {9--27},

publisher = {Springer-Verlag}

}

### Years of Citing Articles

### OpenURL

### Abstract

ACL2 is a first-order applicative programming language based on Common Lisp. It is also a mathematical logic for which a mechanical theoremprover has been implemented in the style of the Boyer-Moore theorem prover. The ACL2 system is used primarily in the modeling and verification of computer hardware and software, where the executability of the language allows models to be used as prototype designs or "simulators." To support efficient execution of certain kinds of models, especially models of microprocessors, ACL2 provides "single-threaded objects," structures with the usual "copy on write" applicative semantics but for which writes are implemented destructively. Syntactic restrictions insure consistency between the formal semantics and the implementation. The design of single-threaded objects has been influenced both by the need to make execution efficient and the need to make proofs about them simple. We discuss the issues. 1 Background "ACL2" stands for "A Computational Logic for...

### Citations

1309 | Monads for Functional Programming
- Wadler
- 1995
(Show Context)
Citation Context ... semantics of update is "copy on write." This work is thus addressing the classic problem of how to implement updates efficiently in an applicative setting. In that sense, our work is akin t=-=o that of [23, 13, 26, 27]. Indeed, Schmidt in-=-troduced the term "single threaded" in [23]. [27] contains a good survey of the most popular alternative in applicative languages, Haskell's "monads". But ACL2 is unusual among pur... |

530 |
A computational logic
- Boyer, Moore
- 1979
(Show Context)
Citation Context ...24] and for a mechanized theorem proving system for that logic developed by Matt Kaufmann and author Moore. ACL2 is closely related to the Boyer-Moore logic and system and its interactive enhancement =-=[2, 3, 4]-=-. ACL2's primary use is in modeling microprocessors and proving theorems about those models. The key reason we abandoned the Nqthm logic and adopted applicative Common Lisp is that the latter can prod... |

220 |
Call-by-name, call-by-value, and the #-calculus
- Plotkin
- 1975
(Show Context)
Citation Context ...ctic restrictions under which such hierarchies of objects may be safely used. The paper [27] relates monads to other popular alternative approaches, including synchronized streams [25], continuations =-=[19]-=-, linear logic [8], and sideeffects. Our approach shares a lot with linear logic, but we do not regard the provision of single-threaded objects as having produced a new logic. Indeed, the situation is... |

107 | An Industrial Strength Theorem Prover for a Logic Based on Common Lisp - Kaufmann, Moore - 1997 |

96 | How to declare an imperative
- Wadler
- 1997
(Show Context)
Citation Context ... semantics of update is "copy on write." This work is thus addressing the classic problem of how to implement updates efficiently in an applicative setting. In that sense, our work is akin t=-=o that of [23, 13, 26, 27]. Indeed, Schmidt in-=-troduced the term "single threaded" in [23]. [27] contains a good survey of the most popular alternative in applicative languages, Haskell's "monads". But ACL2 is unusual among pur... |

68 | ACL2 theorems about commercial microprocessors
- Brock, Kaufmann, et al.
- 1996
(Show Context)
Citation Context ...o model the Motorola CAP digital signal processor, to prove that the CAP pipeline architecture correctly implements the instruction set architecture, and to prove properties of CAP microcode programs =-=[6, 7]-=-. ACL2 has been used to study the problem of specifying advanced microprocessor architectures, in particular the interaction of such features as multi-issue, speculative execution and exceptions and h... |

56 |
Detecting global variables in denotational specifications. ACM transactions on programming languages and systems
- Schmidt
- 1985
(Show Context)
Citation Context ... semantics of update is "copy on write." This work is thus addressing the classic problem of how to implement updates efficiently in an applicative setting. In that sense, our work is akin t=-=o that of [23, 13, 26, 27]. Indeed, Schmidt in-=-troduced the term "single threaded" in [23]. [27] contains a good survey of the most popular alternative in applicative languages, Haskell's "monads". But ACL2 is unusual among pur... |

49 | Structured theory development for a mechanized logic
- Kaufmann, Moore
(Show Context)
Citation Context ...c restrictions have to do with syntactic limitations on the use of certain primitives so as to allow efficient execution, as discussed in this paper. Encapsulation and related issues are discussed in =-=[14]-=-, where admissibility requirements are extended to the full logic and insure not just consistency but conservativity. 2.2 The Relation to Common Lisp Logically speaking, all ACL2 functions are total, ... |

45 | Processor verification with precise exceptions and speculative execution
- Sawada, Hunt
- 1998
(Show Context)
Citation Context ...res, in particular the interaction of such features as multi-issue, speculative execution and exceptions and has been used to prove that one such design correctly implements a sequential architecture =-=[22]-=-. ACL2 was used to model the Rockwell-Collins JEM1, the world's first silicon Java Virtual Machine [9, 10, 11, 12]. The use of ACL2 to prove theorems about simple Java-like byte code programs is repor... |

38 |
Linear logic,” Theoretical
- Girard
- 1987
(Show Context)
Citation Context ...nder which such hierarchies of objects may be safely used. The paper [27] relates monads to other popular alternative approaches, including synchronized streams [25], continuations [19], linear logic =-=[8]-=-, and sideeffects. Our approach shares a lot with linear logic, but we do not regard the provision of single-threaded objects as having produced a new logic. Indeed, the situation is exactly the oppos... |

37 | Uniqueness typing for functional languages with graph rewriting semantics
- Barendsen, Smetsers
- 1995
(Show Context)
Citation Context ...strate these restrictions in the next section. What makes ACL2 different from other functional languages supporting such operations (e.g., Haskell's "monads" [26] and Clean's "uniquenes=-=s type system" [1]-=-) is that ACL2 also implements an explicit axiomatic semantics so that theorems can be proved about them. In particular, the syntactic restrictions noted 2 Actually, for reasons explained later, we re... |

28 | Mechanized formal reasoning about programs and computing machines
- Boyer, Moore
- 1996
(Show Context)
Citation Context .... Other memory configurations are possible under the model and are indeed studied with theorems about other programs. These theorems can then be combined to prove facts about systems of programs. See =-=[5, 17] for some -=-simple examples of how this is done and citations of applications of industrial interest. In [27] the question is raised, in regard to linear logic, whether "mentioning state explicitly" is ... |

19 |
A computational logic handbook. Second edition
- Boyer, Moore
- 1998
(Show Context)
Citation Context ...24] and for a mechanized theorem proving system for that logic developed by Matt Kaufmann and author Moore. ACL2 is closely related to the Boyer-Moore logic and system and its interactive enhancement =-=[2, 3, 4]-=-. ACL2's primary use is in modeling microprocessors and proving theorems about those models. The key reason we abandoned the Nqthm logic and adopted applicative Common Lisp is that the latter can prod... |

19 |
Message-based functional operating systems
- Stoye
- 1986
(Show Context)
Citation Context ...ssible to find syntactic restrictions under which such hierarchies of objects may be safely used. The paper [27] relates monads to other popular alternative approaches, including synchronized streams =-=[25]-=-, continuations [19], linear logic [8], and sideeffects. Our approach shares a lot with linear logic, but we do not regard the provision of single-threaded objects as having produced a new logic. Inde... |

17 | Proving Theorems about Java-like Byte Code
- Moore
- 1999
(Show Context)
Citation Context ...was used to model the Rockwell-Collins JEM1, the world's first silicon Java Virtual Machine [9, 10, 11, 12]. The use of ACL2 to prove theorems about simple Java-like byte code programs is reported in =-=[17]-=-. One of the main reasons ACL2 has found industrial application is that it is both a logic and an efficient applicative programming language. Once a formal model is created it is possible to test it o... |

15 | Mutable abstract datatypes -or- How to have your state and munge it too
- Hudak
- 1992
(Show Context)
Citation Context |

13 | Transforming the theorem prover into a digital design tool: From concept car to off-road vehicle
- Hardin, Wilding, et al.
- 1998
(Show Context)
Citation Context ...s and has been used to prove that one such design correctly implements a sequential architecture [22]. ACL2 was used to model the Rockwell-Collins JEM1, the world's first silicon Java Virtual Machine =-=[9, 10, 11, 12]-=-. The use of ACL2 to prove theorems about simple Java-like byte code programs is reported in [17]. One of the main reasons ACL2 has found industrial application is that it is both a logic and an effic... |

12 |
A T M Mechanically Checked Proof of the AMD5K86 Floating-Point Division Program
- Moore, Lynch, et al.
- 1998
(Show Context)
Citation Context ...rover is used primarily in hardware and software verification. For example, the correctness of floating point division and square root on the AMD K5 microprocessor was proved using the theorem prover =-=[18, 20]-=-. ACL2 has been used to prove the correctness of hardware designs for floating point addition, subtraction, multiplication, division, and square root on the AMD K7 [21]. It has been used to model the ... |

11 |
A Mechanically Checked Proof of
- Russinoff
- 1999
(Show Context)
Citation Context ...ed using the theorem prover [18, 20]. ACL2 has been used to prove the correctness of hardware designs for floating point addition, subtraction, multiplication, division, and square root on the AMD K7 =-=[21]-=-. It has been used to model the Motorola CAP digital signal processor, to prove that the CAP pipeline architecture correctly implements the instruction set architecture, and to prove properties of CAP... |

8 |
The Boyer-Moore Theorem
- Boyer, Kaufmann, et al.
- 1995
(Show Context)
Citation Context ...24] and for a mechanized theorem proving system for that logic developed by Matt Kaufmann and author Moore. ACL2 is closely related to the Boyer-Moore logic and system and its interactive enhancement =-=[2, 3, 4]-=-. ACL2's primary use is in modeling microprocessors and proving theorems about those models. The key reason we abandoned the Nqthm logic and adopted applicative Common Lisp is that the latter can prod... |

8 | A mechanically checked proof of a comparator sort algorithm
- Brock, Moore
- 2005
(Show Context)
Citation Context ...o model the Motorola CAP digital signal processor, to prove that the CAP pipeline architecture correctly implements the instruction set architecture, and to prove properties of CAP microcode programs =-=[6, 7]-=-. ACL2 has been used to study the problem of specifying advanced microprocessor architectures, in particular the interaction of such features as multi-issue, speculative execution and exceptions and h... |

8 |
A Mechanically Checked Proof of Correctness of the AMD5K 86 Floating-Point Square Root Microcode
- Russinoff
- 1997
(Show Context)
Citation Context ...rover is used primarily in hardware and software verification. For example, the correctness of floating point division and square root on the AMD K5 microprocessor was proved using the theorem prover =-=[18, 20]-=-. ACL2 has been used to prove the correctness of hardware designs for floating point addition, subtraction, multiplication, division, and square root on the AMD K7 [21]. It has been used to model the ... |

7 |
Stack-based Java a back-to-future step. Electronic Engineering Times
- Greve, Wilding
- 1998
(Show Context)
Citation Context ...s and has been used to prove that one such design correctly implements a sequential architecture [22]. ACL2 was used to model the Rockwell-Collins JEM1, the world's first silicon Java Virtual Machine =-=[9, 10, 11, 12]-=-. The use of ACL2 to prove theorems about simple Java-like byte code programs is reported in [17]. One of the main reasons ACL2 has found industrial application is that it is both a logic and an effic... |

4 |
Symbolic Simulation of the JEM1
- Greve
- 1998
(Show Context)
Citation Context ...s and has been used to prove that one such design correctly implements a sequential architecture [22]. ACL2 was used to model the Rockwell-Collins JEM1, the world's first silicon Java Virtual Machine =-=[9, 10, 11, 12]-=-. The use of ACL2 to prove theorems about simple Java-like byte code programs is reported in [17]. One of the main reasons ACL2 has found industrial application is that it is both a logic and an effic... |

3 |
Efficient Simulation Using a Simple Formal
- Greve, Hardin, et al.
- 1998
(Show Context)
Citation Context |

1 |
A Precise Description of the ACL2 Logic," http://www.cs.utexas.edu/users/moore/publications/- km97a.ps.Z
- Kaufmann, Moore
- 1998
(Show Context)
Citation Context ...joint work in which Kaufmann was a major contributor. 2.1 The Logic The kernel of the ACL2 logic consists of a syntax, some rules of inference, and some axioms. The kernel logic is given precisely in =-=[16]-=-. The logic supported by the mechanized ACL2 system is an extension of the kernel logic. The kernel syntax describes terms composed of variables, constants, and function symbols applied to fixed numbe... |