Results 1  10
of
52
Partial Functions in ACL2
 Journal of Automated Reasoning
"... We describe a macro for introducing \partial functions" into ACL2, i.e., functions not dened everywhere. The function \denitions" are actually admitted via the encapsulation principle. We discuss the basic issues surrounding partial functions in ACL2 and illustrate theorems that can be ..."
Abstract

Cited by 35 (7 self)
 Add to MetaCart
(Show Context)
We describe a macro for introducing \partial functions" into ACL2, i.e., functions not dened everywhere. The function \denitions" are actually admitted via the encapsulation principle. We discuss the basic issues surrounding partial functions in ACL2 and illustrate theorems that can be proved about such functions.
Correctness of Pipelined Machines
 Formal Methods in ComputerAided Design–FMCAD 2000, volume 1954 of LNCS
"... The correctness of pipelined machines is a subject that has been studied extensively. Most of the recent work has used variants of the Burch and Dill notion of correctness [4]. As new features are modeled, e.g., interrupts, new notions of correctness are developed. Given the plethora of correctness ..."
Abstract

Cited by 31 (13 self)
 Add to MetaCart
(Show Context)
The correctness of pipelined machines is a subject that has been studied extensively. Most of the recent work has used variants of the Burch and Dill notion of correctness [4]. As new features are modeled, e.g., interrupts, new notions of correctness are developed. Given the plethora of correctness conditions, the question arises: what is a reasonable notion of correctness? We discuss the issue at length and show, by mechanical proof, that variants of the Burch and Dill notion of correctness are awed. We propose a notion of correctness based on WEBs (Wellfounded Equivalence Bisimulations) [16, 19]. Briey, our notion of correctness implies that the ISA (Instruction Set Architecture) and MA (MicroArchitecture) machines have the same observable in nite paths, up to stuttering. This implies that the two machines satisfy the same CTL* X properties and the same safety and liveness properties (up to stuttering). To test the utility of the idea, we use ACL2 to verify s...
Termination analysis with calling context graphs
 of Lecture Notes in Computer Science
, 2006
"... Abstract. We introduce calling context graphs and various static and theorem proving based analyses that together provide a powerful method for proving termination of programs written in featurerich, first order, functional programming languages. In contrast to previous work, our method is highly a ..."
Abstract

Cited by 30 (7 self)
 Add to MetaCart
(Show Context)
Abstract. We introduce calling context graphs and various static and theorem proving based analyses that together provide a powerful method for proving termination of programs written in featurerich, first order, functional programming languages. In contrast to previous work, our method is highly automated and handles any source of looping behavior in such languages, including recursive definitions, mutual recursion, the use of recursive data structures, etc. We have implemented our method for the ACL2 programming language and evaluated the result using the ACL2 regression suite, which consists of numerous libraries with a total of over 10,000 function definitions. Our method was able to automatically detect termination of over 98 % of these functions. 1
NonStandard Analysis in ACL2
, 2001
"... ACL2 refers to a mathematical logic based on applicative Common Lisp, as well as to an automated theorem prover for this logic. The numeric system of ACL2 reflects that of Common Lisp, including the rational and complexrational numbers and excluding the real and complex irrationals. In conjunction ..."
Abstract

Cited by 28 (11 self)
 Add to MetaCart
ACL2 refers to a mathematical logic based on applicative Common Lisp, as well as to an automated theorem prover for this logic. The numeric system of ACL2 reflects that of Common Lisp, including the rational and complexrational numbers and excluding the real and complex irrationals. In conjunction with the arithmetic completion axioms, this numeric type system makes it possible to prove the nonexistence of specific irrational numbers, such as √2. This paper describes ACL2(r), a version of ACL2 with support for the real and complex numbers. The modifications are based on nonstandard analysis, which interacts better with the discrete flavor of ACL2 than does traditional analysis.
A Mechanically Checked Proof of a Multiprocessor Result via a Uniprocessor View
 Formal Methods in System Design
, 1999
"... We describe a mechanically checked correctness proof for a system of n processes, each running a simple, nonblocking counter algorithm. We prove that if the system runs longer than 5n steps, the counter is increased. The theorem is formalized in applicative Common Lisp and proved with the ACL2 the ..."
Abstract

Cited by 12 (6 self)
 Add to MetaCart
(Show Context)
We describe a mechanically checked correctness proof for a system of n processes, each running a simple, nonblocking counter algorithm. We prove that if the system runs longer than 5n steps, the counter is increased. The theorem is formalized in applicative Common Lisp and proved with the ACL2 theorem prover. The value of this paper lies not so much in the trivial algorithm addressed as in the method used to prove it correct. The method allows one to reason accurately about the behavior of a concurrent, multiprocess system by reasoning about the sequential computation carried out by a selected process, against a memory that is changed externally. Indeed, we prove general lemmas that allow shifting between the multiprocess and uniprocess views. We prove a safety property using a multiprocess view, project the property to a uniprocess view, and then prove a global progress property via a local, sequential computation argument. 1 Informal Discussion of the Problem Consider a system of ...
Proof styles in operational semantics
 Proceedings of the 5th International Conference on Formal Methods in ComputerAided Design (FMCAD 2004), volume 3312 of LNCS
, 2004
"... Abstract. We relate two wellstudied methodologies in deductive verification of operationally modeled sequential programs, namely the use of inductive invariants and clock functions. We show that the two methodologies are equivalent and one can mechanically transform a proof of a program in one meth ..."
Abstract

Cited by 11 (6 self)
 Add to MetaCart
(Show Context)
Abstract. We relate two wellstudied methodologies in deductive verification of operationally modeled sequential programs, namely the use of inductive invariants and clock functions. We show that the two methodologies are equivalent and one can mechanically transform a proof of a program in one methodology to a proof in the other. Both partial and total correctness are considered. This mechanical transformation is compositional; different parts of a program can be verified using different methodologies to achieve a complete proof of the entire program. The equivalence theorems have been mechanically checked by the ACL2 theorem prover and we implement automatic tools to carry out the transformation between the two methodologies in ACL2.
SingleThreaded Objects in ACL2
 Practical Aspects of Declarative Languages (PADL), volume 2257 of LNCS
, 1999
"... ACL2 is a firstorder applicative programming language based on Common Lisp. It is also a mathematical logic for which a mechanical theoremprover has been implemented in the style of the BoyerMoore theorem prover. The ACL2 system is used primarily in the modeling and verification of computer hardwa ..."
Abstract

Cited by 10 (2 self)
 Add to MetaCart
(Show Context)
ACL2 is a firstorder applicative programming language based on Common Lisp. It is also a mathematical logic for which a mechanical theoremprover has been implemented in the style of the BoyerMoore theorem prover. The ACL2 system is used primarily in the modeling and verification of computer hardware and software, where the executability of the language allows models to be used as prototype designs or "simulators." To support efficient execution of certain kinds of models, especially models of microprocessors, ACL2 provides "singlethreaded objects," structures with the usual "copy on write" applicative semantics but for which writes are implemented destructively. Syntactic restrictions insure consistency between the formal semantics and the implementation. The design of singlethreaded objects has been influenced both by the need to make execution efficient and the need to make proofs about them simple. We discuss the issues. 1 Background "ACL2" stands for "A Computational Logic for...
Formal proofs about rewriting using ACL2
 Annals of Mathematics and Artificial Intelligence
, 2002
"... We present an application of the ACL2 theorem prover to reason about rewrite systems theory. We describe the formalization and representation aspects of our work using the firstorder, quantifierfree logic of ACL2 and we sketch some of the main points of the proof effort. First, we present a formali ..."
Abstract

Cited by 9 (1 self)
 Add to MetaCart
(Show Context)
We present an application of the ACL2 theorem prover to reason about rewrite systems theory. We describe the formalization and representation aspects of our work using the firstorder, quantifierfree logic of ACL2 and we sketch some of the main points of the proof effort. First, we present a formalization of abstract reduction systems and then we show how this abstraction can be instantiated to establish results about term rewriting. The main theorems we mechanically proved are Newman’s lemma (for abstract reductions) and Knuth–Bendix critical pair theorem (for term rewriting).