adding 32 bit mode to the acl2 model of the x86 isa
play

Adding 32-bit Mode to the ACL2 Model of the x86 ISA Alessandro - PowerPoint PPT Presentation

Dec 23, 2022 •621 likes •2.01k views

Adding 32-bit Mode to the ACL2 Model of the x86 ISA Alessandro Coglio Shilpi Goel Kestrel Centaur Technology Technology Workshop 2018 x86 Modes of Operation x86 Modes of Operation power on Real-Address or reset Mode no memory management,

  1. X86ISA: Views Modes of Operation of the Model (NOT of the Processor) Application View System View • Lowest level of memory address: linear address . - User-level segmentation visible. Access only to segment selector and its hidden part; none to segmentation data structures. - Paging abstracted away. Logical Address Segmentation Paging Linear Address Physical Address Segment E ff ective Selector Address

  2. X86ISA: Views Modes of Operation of the Model (NOT of the Processor) Application View System View • Lowest level of memory address: linear address . - User-level segmentation visible. Access only to segment selector and its hidden part; none to segmentation data structures. - Paging abstracted away. • Suitable level of abstraction for verification of application programs. Logical Address Segmentation Paging Linear Address Physical Address Segment E ff ective Selector Address

  3. X86ISA: Views Modes of Operation of the Model (NOT of the Processor) Application View System View • Lowest level of memory address: • Lowest level of memory address: linear address . physical address . - User-level segmentation visible. Access only to segment selector and its hidden part; none to segmentation data structures. - Paging abstracted away. • Suitable level of abstraction for verification of application programs. Logical Address Segmentation Paging Linear Address Physical Address Segment E ff ective Selector Address

  4. X86ISA: Views Modes of Operation of the Model (NOT of the Processor) Application View System View • Lowest level of memory address: • Lowest level of memory address: linear address . physical address . - User-level segmentation visible. - Full access to segmentation Access only to segment selector and paging data structures. and its hidden part; none to segmentation data structures. - Paging abstracted away. • Suitable level of abstraction for verification of application programs. Logical Address Segmentation Paging Linear Address Physical Address Segment E ff ective Selector Address

  5. X86ISA: Views Modes of Operation of the Model (NOT of the Processor) Application View System View • Lowest level of memory address: • Lowest level of memory address: linear address . physical address . - User-level segmentation visible. - Full access to segmentation Access only to segment selector and paging data structures. and its hidden part; none to • Necessary level of operation for segmentation data structures. verification of system programs. - Paging abstracted away. • Suitable level of abstraction for verification of application programs. Logical Address Segmentation Paging Linear Address Physical Address Segment E ff ective Selector Address

  6. Coverage of the Model

  7. Coverage of the Model IA-32e Mode Real-Address Protected Compatibility 64-bit Mode (Sub-)Mode (32-bit) Mode (Sub-)Mode Virtual-8086 Mode System Management Mode

  8. Coverage of the Model before the work in this paper IA-32e Mode Real-Address Protected Compatibility 64-bit Mode (Sub-)Mode (32-bit) Mode (Sub-)Mode Virtual-8086 Mode System Management Mode

  9. Coverage of the Model after the work in this paper (application view only in 32-bit mode: no paging yet) (no floating point instructions before the work in 32-bit more yet either) in this paper IA-32e Mode Real-Address Protected Compatibility 64-bit Mode (Sub-)Mode (32-bit) Mode (Sub-)Mode Virtual-8086 Mode System Management Mode

  10. Challenges of Extending the Model to 32-bit Mode

  11. Challenges of Extending the Model to 32-bit Mode • Much more than generalizing the sizes of operands and addresses manipulated by instructions.

  12. Challenges of Extending the Model to 32-bit Mode • Much more than generalizing the sizes of operands and addresses manipulated by instructions. • Memory accesses are more complicated in 32-bit mode.

  13. Challenges of Extending the Model to 32-bit Mode • Much more than generalizing the sizes of operands and addresses manipulated by instructions. • Memory accesses are more complicated in 32-bit mode. • Add full (application-visible) segmentation.

  14. Challenges of Extending the Model to 32-bit Mode • Much more than generalizing the sizes of operands and addresses manipulated by instructions. • Memory accesses are more complicated in 32-bit mode. • Add full (application-visible) segmentation. • Make small, incremental changes.

  15. Challenges of Extending the Model to 32-bit Mode • Much more than generalizing the sizes of operands and addresses manipulated by instructions. • Memory accesses are more complicated in 32-bit mode. • Add full (application-visible) segmentation. • Make small, incremental changes. • Keep all existing proofs working — guards, return types, 64-bit programs.

  16. Distinguish between Effective and Linear Addresses

  17. Distinguish between Effective and Linear Addresses Logical Address Segmentation Paging Segment E ff ective Linear Address Physical Address Selector Address

  18. Distinguish between Effective and Linear Addresses Logical Address Segmentation Paging Segment E ff ective Linear Address Physical Address Selector Address they were essentially the same in the 64-bit model (except for adding FS/GS.base as needed)

  19. Distinguish between Effective and Linear Addresses they had to be separated in the 64/32-bit model Logical Address Segmentation Paging Segment E ff ective Linear Address Physical Address Selector Address they were essentially the same in the 64-bit model (except for adding FS/GS.base as needed)

  20. Add Mode Discrimination 64-bit model 64/32-bit model

  21. Add Mode Discrimination 64-bit model 64/32-bit model (defun 64-bit-modep (x86) t) predicate to check whether the current mode is 64-bit (always true, rarely called)

  22. Add Mode Discrimination 64-bit model 64/32-bit model (defun 64-bit-modep (x86) (defun 64-bit-modep (x86) t) ;; return T iff ;; IA32_EFER.LMA = 1 ;; and CS.D = 1 ) predicate to check whether the current mode is 64-bit modify definition to check for (always true, rarely called) IA-32e mode (1st condition) and 64-bit sub-mode (2nd condition)

  23. Add Mode Discrimination 64-bit model 64/32-bit model (defun 64-bit-modep (x86) (defun 64-bit-modep (x86) t) ;; return T iff ;; IA32_EFER.LMA = 1 ;; and CS.D = 1 ) predicate to check whether the current mode is 64-bit modify definition to check for (always true, rarely called) IA-32e mode (1st condition) and 64-bit sub-mode (2nd condition) IA-32e Mode Real-Address Protected Compatibility 64-bit Mode (Sub-)Mode (32-bit) Mode (Sub-)Mode

  24. Add Temporary Wrappers in Top-Level Instruction Dispatch 64-bit model 64/32-bit model

  25. Add Temporary Wrappers in Top-Level Instruction Dispatch 64-bit model 64/32-bit model ;; fetch and decode... ;; dispatch: (case opcode (#x00 (execute-00 x86)) (#x01 (execute-01 x86)) ...) simplified version of the actual code

  26. Add Temporary Wrappers in Top-Level Instruction Dispatch 64-bit model 64/32-bit model ;; fetch and decode... ;; fetch and decode... ;; dispatch: ;; dispatch: (case opcode (case opcode (#x00 (execute-00 x86)) (#x00 (if (64-bit-modep x86) (#x01 (execute-01 x86)) (execute-00 x86) ...) <throw-error>) (#x01 (if (64-bit-modep x86) (execute-01 x86) <throw-error>)) ...) simplified version of the actual code return ‘unimplemented error’ initially; remove wrappers as each execute-XX is extended to work in 32-bit mode

  27. Add Translation from Logical to Linear Address 64-bit model 64/32-bit model

  28. Add Translation from Logical to Linear Address 64-bit model 64/32-bit model Logical Address Segmentation Paging Segment E ff ective Linear Address Physical Address Selector Address

  29. Add Translation from Logical to Linear Address 64-bit model 64/32-bit model (defun la-to-pa (lin-addr r-w-x x86) ;; use paging (shown before) ) translate linear address to physical address Logical Address Segmentation Paging Segment E ff ective Linear Address Physical Address Selector Address

  30. Add Translation from Logical to Linear Address 64-bit model 64/32-bit model (defun la-to-pa (lin-addr r-w-x x86) (defun la-to-pa ...) ;; unchanged ;; use paging (shown before) ) (defun ea-to-la (eff-addr seg-reg x86) ;; use segmentation (shown before): ;; retrieve segment base and bounds ;; (handle expand-down segments) ;; and add effective address to base ) translate linear address to physical address translate e ff ective address, in the context of segment, to linear address Logical Address Segmentation Paging Segment E ff ective Linear Address Physical Address Selector Address

  31. Add New Top-Level Memory Access Functions 64-bit model 64/32-bit model

  32. Add New Top-Level Memory Access Functions 64-bit model 64/32-bit model Logical Address Segmentation Paging Segment E ff ective Linear Address Physical Address Selector Address

  33. Add New Top-Level Memory Access Functions 64-bit model 64/32-bit model (defun rm08 (lin-addr ...) ...) (defun rm16 (lin-addr ...) ...) ... (defun wm08 (lin-addr ...) ...) (defun wm16 (lin-addr ...) ...) ... read & write via linear address (paging in system view; “direct” in application view) Logical Address Segmentation Paging Segment E ff ective Linear Address Physical Address Selector Address

  34. Add New Top-Level Memory Access Functions 64-bit model 64/32-bit model (defun rm08 (lin-addr ...) ...) ;; unchanged but renamed: (defun rm16 (lin-addr ...) ...) (defun rml08 (lin-addr ...) ...) ... (defun wml08 (lin-addr ...) ...) (defun wm08 (lin-addr ...) ...) ... (defun wm16 (lin-addr ...) ...) ... read & write via linear address (paging in system view; “direct” in application view) Logical Address Segmentation Paging Segment E ff ective Linear Address Physical Address Selector Address

  35. Add New Top-Level Memory Access Functions 64-bit model 64/32-bit model (defun rm08 (lin-addr ...) ...) ;; unchanged but renamed: (defun rm16 (lin-addr ...) ...) (defun rml08 (lin-addr ...) ...) ... (defun wml08 (lin-addr ...) ...) (defun wm08 (lin-addr ...) ...) ... (defun wm16 (lin-addr ...) ...) ... ;; new: (defun rme08 (eff—addr ...) ...) (defun wme08 (eff-addr ...) ...) ... read & write via linear address (paging in system view; read & write via e ff ective address “direct” in application view) (call ea-to-la and then call rml08 , wml08 , …) Logical Address Segmentation Paging Segment E ff ective Linear Address Physical Address Selector Address

  36. Extend Instruction Fetching 64-bit model 64/32-bit model

  37. Extend Instruction Fetching 64-bit model 64/32-bit model ;; read instruction pointer from RIP: rip := (rip x86) ;; 48-bit (canonical) artistic license stobj field reader

  38. Extend Instruction Fetching 64-bit model 64/32-bit model ;; read instruction pointer from RIP: rip := (rip x86) ;; 48-bit (canonical) artistic license stobj field reader ;; read instruction (via lin. addr.): opcode := (rml08 rip ...) ;; etc.

  39. Extend Instruction Fetching 64-bit model 64/32-bit model ;; read instruction pointer from RIP: rip := (rip x86) ;; 48-bit (canonical) artistic license stobj field reader ;; read instruction (via lin. addr.): opcode := (rml08 rip ...) ;; etc. ;; increment instruction pointer: new-rip := (+ rip delta) ;; if new-rip not canonical then fault

  40. Extend Instruction Fetching 64-bit model 64/32-bit model ;; read instruction pointer from RIP: rip := (rip x86) ;; 48-bit (canonical) artistic license stobj field reader ;; read instruction (via lin. addr.): opcode := (rml08 rip ...) ;; etc. ;; increment instruction pointer: new-rip := (+ rip delta) ;; if new-rip not canonical then fault ;; write instruction pointer to RIP: x86 := (!rip new-rip x86) stobj field writer

  41. Extend Instruction Fetching 64-bit model 64/32-bit model ;; read instruction pointer from RIP: ;; read instr. pointer from RIP/EIP/IP: rip := (rip x86) ;; 48-bit (canonical) *ip := (read-*ip x86) ;; 48/32/16-bit artistic license stobj field reader new function ;; read instruction (via lin. addr.): opcode := (rml08 rip ...) ;; etc. ;; increment instruction pointer: new-rip := (+ rip delta) ;; if new-rip not canonical then fault ;; write instruction pointer to RIP: x86 := (!rip new-rip x86) stobj field writer

  42. Extend Instruction Fetching 64-bit model 64/32-bit model ;; read instruction pointer from RIP: ;; read instr. pointer from RIP/EIP/IP: rip := (rip x86) ;; 48-bit (canonical) *ip := (read-*ip x86) ;; 48/32/16-bit artistic license stobj field reader new function ;; read instruction (via lin. addr.): ;; read instruction (via eff. addr.): opcode := (rml08 rip ...) ;; etc. opcode := (rme08 *ip ...) ;; etc. ;; increment instruction pointer: new-rip := (+ rip delta) ;; if new-rip not canonical then fault ;; write instruction pointer to RIP: x86 := (!rip new-rip x86) stobj field writer

  43. Extend Instruction Fetching 64-bit model 64/32-bit model ;; read instruction pointer from RIP: ;; read instr. pointer from RIP/EIP/IP: rip := (rip x86) ;; 48-bit (canonical) *ip := (read-*ip x86) ;; 48/32/16-bit artistic license stobj field reader new function ;; read instruction (via lin. addr.): ;; read instruction (via eff. addr.): opcode := (rml08 rip ...) ;; etc. opcode := (rme08 *ip ...) ;; etc. ;; increment instruction pointer: ;; increment instruction pointer: new-*ip := (add-to-*ip *ip delta x86) new-rip := (+ rip delta) ;; if new-rip not canonical then fault new function (includes canonical and segment checks) ;; write instruction pointer to RIP: x86 := (!rip new-rip x86) stobj field writer

  44. Extend Instruction Fetching 64-bit model 64/32-bit model ;; read instruction pointer from RIP: ;; read instr. pointer from RIP/EIP/IP: rip := (rip x86) ;; 48-bit (canonical) *ip := (read-*ip x86) ;; 48/32/16-bit artistic license stobj field reader new function ;; read instruction (via lin. addr.): ;; read instruction (via eff. addr.): opcode := (rml08 rip ...) ;; etc. opcode := (rme08 *ip ...) ;; etc. ;; increment instruction pointer: ;; increment instruction pointer: new-*ip := (add-to-*ip *ip delta x86) new-rip := (+ rip delta) ;; if new-rip not canonical then fault new function (includes canonical and segment checks) ;; write instruction pointer to RIP: ;; write instr. pointer to RIP/EIP/IP: x86 := (!rip new-rip x86) x86 := (write-*ip new-*ip x86) stobj field writer new function

  45. Other Infrastructural Extensions

  46. Other Infrastructural Extensions • Generalize stack manipulation analogously to instruction fetching.

  47. Other Infrastructural Extensions • Generalize stack manipulation analogously to instruction fetching. • Add 16-bit addressing modes — for e ff ective address calculation (base, index, scale, displacement, …).

  48. Other Infrastructural Extensions • Generalize stack manipulation analogously to instruction fetching. • Add 16-bit addressing modes — for e ff ective address calculation (base, index, scale, displacement, …). • Generalize the functions to read/write memory operands.

  49. Other Infrastructural Extensions • Generalize stack manipulation analogously to instruction fetching. • Add 16-bit addressing modes — for e ff ective address calculation (base, index, scale, displacement, …). • Generalize the functions to read/write memory operands. - Use e ff ective addresses instead of linear addresses.

  50. Other Infrastructural Extensions • Generalize stack manipulation analogously to instruction fetching. • Add 16-bit addressing modes — for e ff ective address calculation (base, index, scale, displacement, …). • Generalize the functions to read/write memory operands. - Use e ff ective addresses instead of linear addresses. - Handle segment defaults and override prefixes.

  51. Other Infrastructural Extensions • Generalize stack manipulation analogously to instruction fetching. • Add 16-bit addressing modes — for e ff ective address calculation (base, index, scale, displacement, …). • Generalize the functions to read/write memory operands. - Use e ff ective addresses instead of linear addresses. - Handle segment defaults and override prefixes. - Use 32-bit or 16-bit addressing modes.

  52. Other Infrastructural Extensions • Generalize stack manipulation analogously to instruction fetching. • Add 16-bit addressing modes — for e ff ective address calculation (base, index, scale, displacement, …). • Generalize the functions to read/write memory operands. - Use e ff ective addresses instead of linear addresses. - Handle segment defaults and override prefixes. - Use 32-bit or 16-bit addressing modes. • No changes to the x86 stobj were needed.

  53. Instruction Extensions

  54. Instruction Extensions • Comparatively easy, after all the previous infrastructural extensions were in place.

  55. Instruction Extensions • Comparatively easy, after all the previous infrastructural extensions were in place. • Extend one instruction at a time, removing each 64-bit-modep wrapper in the top-level instruction dispatch.

  56. Instruction Extensions • Comparatively easy, after all the previous infrastructural extensions were in place. • Extend one instruction at a time, removing each 64-bit-modep wrapper in the top-level instruction dispatch. • Generalize determination of operand, address, and stack size.

  57. Instruction Extensions • Comparatively easy, after all the previous infrastructural extensions were in place. • Extend one instruction at a time, removing each 64-bit-modep wrapper in the top-level instruction dispatch. • Generalize determination of operand, address, and stack size. • No changes to existing core arithmetic and logical functions, which already handled operands of di ff erent sizes.

  58. Instruction Extensions • Comparatively easy, after all the previous infrastructural extensions were in place. • Extend one instruction at a time, removing each 64-bit-modep wrapper in the top-level instruction dispatch. • Generalize determination of operand, address, and stack size. • No changes to existing core arithmetic and logical functions, which already handled operands of di ff erent sizes. • Call the new or extended functions to read & write stack, immediate, and (other) memory operands.

  59. Instruction Extensions • Comparatively easy, after all the previous infrastructural extensions were in place. • Extend one instruction at a time, removing each 64-bit-modep wrapper in the top-level instruction dispatch. • Generalize determination of operand, address, and stack size. • No changes to existing core arithmetic and logical functions, which already handled operands of di ff erent sizes. • Call the new or extended functions to read & write stack, immediate, and (other) memory operands. • Slightly better code factoring as a byproduct (e.g. alignment checks).

  60. Proof Adaptations: Add 64-bit Mode Hypotheses 64-bit model 64/32-bit model

  61. Proof Adaptations: Add 64-bit Mode Hypotheses 64-bit model 64/32-bit model (defthm program-is-correct formula<(run ... x86)>) an existing theorem about a 64-bit program

  62. Proof Adaptations: Add 64-bit Mode Hypotheses 64-bit model 64/32-bit model (defthm program-is-correct formula<(run ... x86)>) an existing theorem about a 64-bit program (defun run ... step ...)

Recommend

Adding 32-bit Mode to the ACL2 Model of the x86 ISA Alessandro Coglio Shilpi Goel Kestrel

Adding 32-bit Mode to the ACL2 Model of the x86 ISA Alessandro Coglio Shilpi Goel Kestrel

Adding 32-bit Mode to the ACL2 Model of the x86 ISA Alessandro Coglio Shilpi Goel Kestrel Centaur Technology Technology Workshop 2018 x86 Modes of Operation larger addresses and operands, memory management, simplified memory management

437 views • 25 slides
Adding a typing Adding a typing mechanism to ACL2 mechanism to ACL2 Vernon Austel Vernon

Adding a typing Adding a typing mechanism to ACL2 mechanism to ACL2 Vernon Austel Vernon

Adding a typing Adding a typing mechanism to ACL2 mechanism to ACL2 Vernon Austel Vernon Austel IBM IBM Outline Outline What a typed ACL2 might look like Vague proposal concerning how to change ACL2 to allow experimentation with type

873 views • 19 slides
Consistently Adding Primitive Recursive Definitions in ACL2 by John Cowles University of

Consistently Adding Primitive Recursive Definitions in ACL2 by John Cowles University of

Consistently Adding Primitive Recursive Definitions in ACL2 by John Cowles University of Wyoming 1 defpun A macro for consistently introducing partial functions into CAL2. Described in Pete &amp; Js paper, Partial Functions in ACL2

295 views • 27 slides
ACL2(ml): Machine-Learning for ACL2 J. Heras and E. Komendantskaya

ACL2(ml): Machine-Learning for ACL2 J. Heras and E. Komendantskaya

ACL2(ml): Machine-Learning for ACL2 J. Heras and E. Komendantskaya http://staff.computing.dundee.ac.uk/katya/acl2ml/ 12 July 2014 ACL214 J. Heras ACL2(ml): Machine-Learning for ACL2 1/23 Outline Some Challenges in ACL2 1 An overview of

871 views • 56 slides
Hygienic Macros for ACL2 Carl Eastlund Matthias Felleisen cce@ccs.neu.edu matthias@ccs.neu.edu

Hygienic Macros for ACL2 Carl Eastlund Matthias Felleisen cce@ccs.neu.edu matthias@ccs.neu.edu

Hygienic Macros for ACL2 Carl Eastlund Matthias Felleisen cce@ccs.neu.edu matthias@ccs.neu.edu Northeastern University Boston, MA, USA 1 ACL2 2 ACL2 Formal verification based on pure, first-order Common Lisp. Used to model critical

909 views • 61 slides
Certifying Compositional Model Checking Algorithms in ACL2 Sandip Ray John Matthews Mark Tuttle

Certifying Compositional Model Checking Algorithms in ACL2 Sandip Ray John Matthews Mark Tuttle

Certifying Compositional Model Checking Algorithms in ACL2 Sandip Ray John Matthews Mark Tuttle ACL2 Workshop Presentation July 14, 2003 Outline Motivation and Goals Technical Background Comments on Our Work Issues and

609 views • 31 slides
GLMC Connecting ACL2 with Hardware Model Checkers Proving Invariants in Hardware Verification

GLMC Connecting ACL2 with Hardware Model Checkers Proving Invariants in Hardware Verification

GLMC Connecting ACL2 with Hardware Model Checkers Proving Invariants in Hardware Verification Inductive invariants are easy to prove Provable by SAT for finite state machines In ACL2, can use GL. Downsides:

596 views • 12 slides
Axiomatic Events in ACL2 ( r ) Ruben Gamboa, John Cowles, and Nadya Kuzmina University of Wyoming

Axiomatic Events in ACL2 ( r ) Ruben Gamboa, John Cowles, and Nadya Kuzmina University of Wyoming

Axiomatic Events in ACL2 ( r ) Ruben Gamboa, John Cowles, and Nadya Kuzmina University of Wyoming Introduction ACL2 ( r ) is a variant of ACL2 that supports the irrational numbers It is distributed with the ACL2 sources The foundations of ACL2

479 views • 29 slides
Double Rewriting for Equivalential Reasoning in ACL2 Matt Kaufmann and J Strother Moore ACL2

Double Rewriting for Equivalential Reasoning in ACL2 Matt Kaufmann and J Strother Moore ACL2

Double Rewriting for Equivalential Reasoning in ACL2 Matt Kaufmann and J Strother Moore ACL2 Workshop, FLoC, Seattle, August 16, 2006 1 Introduction ACL2 provides a powerful congruence-based rewriting capability. However, some have

537 views • 19 slides
Memory CS Basics Introduction: memory? 3) Memory Real mode flat model Registers

Memory CS Basics Introduction: memory? 3) Memory Real mode flat model Registers

Memory CS Basics Introduction: memory? 3) Memory Real mode flat model Registers Emmanuel Benoist Fall Term 2016-17 The three assembly programming models Real Mode Flat Model Real Mode Segmented Model Protected Mode Flat

301 views • 12 slides
How Can I Do That with ACL2? Recent Enhancements to ACL2 Matt Kaufmann and J Strother Moore 1

How Can I Do That with ACL2? Recent Enhancements to ACL2 Matt Kaufmann and J Strother Moore 1

How Can I Do That with ACL2? Recent Enhancements to ACL2 Matt Kaufmann and J Strother Moore 1 Introduction (1) ACL2 Version 3.5 was released in May, 2009. Release note items (see :DOC release-notes) since then: (+ 41 ; 3.6 (8/2009) 3 ;

622 views • 49 slides
Flat Domains and Recursive Equations in ACL2 by John Cowles University of Wyoming 1 ACL2 is a

Flat Domains and Recursive Equations in ACL2 by John Cowles University of Wyoming 1 ACL2 is a

Flat Domains and Recursive Equations in ACL2 by John Cowles University of Wyoming 1 ACL2 is a logic of total functions. Some recursive equations have no satisfying ACL2 functions: No ACL2 function g satisfies this recursive equation

518 views • 35 slides
1 Miniature Mode Estimation Example ACS Subsystem GHe Pressure Transducer (S) Model

1 Miniature Mode Estimation Example ACS Subsystem GHe Pressure Transducer (S) Model

Outline Motivation Previous Mode Estimation Approaches Example ACS System Improving Model-based Mode Estimation Miniature Mode Estimation System Through Offline Compilation Rule-based system comparison Conclusions

495 views • 4 slides
A Simple Java Code Generator for ACL2 Based on a Deep Embedding of ACL2 in Java Alessandro

A Simple Java Code Generator for ACL2 Based on a Deep Embedding of ACL2 in Java Alessandro

A Simple Java Code Generator for ACL2 Based on a Deep Embedding of ACL2 in Java Alessandro Coglio Kestrel Institute Workshop 2018 ATJ Java code generator for ACL2 (ACL2 To Java) based on AIJ deep embedding of ACL2 in Java (ACL2 In Java)

901 views • 38 slides
Hint Orchestration Using ACL2's Simplifier Sol Swords Centaur Technology, Inc. ACL2 Workshop

Hint Orchestration Using ACL2's Simplifier Sol Swords Centaur Technology, Inc. ACL2 Workshop

Hint Orchestration Using ACL2's Simplifier Sol Swords Centaur Technology, Inc. ACL2 Workshop 2018 This talk is for hint abusers This might be you if: You cant be bothered to figure out a good rewriting strategy You just dont know

541 views • 30 slides
DrACuLa: ACL2 in DrScheme Dale Vaillancourt Rex Page Matthias Felleisen ACL2 Workshop August

DrACuLa: ACL2 in DrScheme Dale Vaillancourt Rex Page Matthias Felleisen ACL2 Workshop August

DrACuLa: ACL2 in DrScheme Dale Vaillancourt Rex Page Matthias Felleisen ACL2 Workshop August 16, 2006 1 Undergraduate Software Engineering Page teaches two SE courses at Oklahoma U. Covers usual topics - specification, documentation,

557 views • 51 slides
A SAT-Based Procedure for Verifying Finite State Machines in ACL2 Warren A. Hunt, Jr. and Erik

A SAT-Based Procedure for Verifying Finite State Machines in ACL2 Warren A. Hunt, Jr. and Erik

A SAT-Based Procedure for Verifying Finite State Machines in ACL2 Warren A. Hunt, Jr. and Erik Reeber {reeber,hunt}@cs.utexas.edu The University of Texas ACL2 Workshop, August 16 , 2006 Introduction The ACL2 theorem prover is great

252 views • 22 slides
Partial Clock Functions in ACL2 John Matthews and Daron Vroon ACL2 Workshop 2004 Goals

Partial Clock Functions in ACL2 John Matthews and Daron Vroon ACL2 Workshop 2004 Goals

Partial Clock Functions in ACL2 John Matthews and Daron Vroon ACL2 Workshop 2004 Goals Given a state machine, we want : A termination proof: from a set of starting states, a desired goal state will always eventually be reached. An

423 views • 26 slides
Theorems About Programming Languages in ACL2 Sol Swords William Cook

Theorems About Programming Languages in ACL2 Sol Swords William Cook

Theorems About Programming Languages in ACL2 Sol Swords William Cook {sswords,wcook}@cs.utexas.edu Department of Computer Science University of Texas at Austin ACL2 Workshop, FLoC 2006 Outline 1 Introduction: Mechanizing Programming

540 views • 18 slides
So#ware Synthesis with ACL2 Eric Smith Kestrel Ins9tute

So#ware Synthesis with ACL2 Eric Smith Kestrel Ins9tute

So#ware Synthesis with ACL2 Eric Smith Kestrel Ins9tute ACL2 Workshop 2015 Outline Overview of Refinement-Based Synthesis Proof-EmiJng Transforma9ons

460 views • 21 slides
Literate Proofs Ruben Gamboa July 14, 2003 Motivation Make it easier to understand ACL2 books

Literate Proofs Ruben Gamboa July 14, 2003 Motivation Make it easier to understand ACL2 books

Literate Proofs Ruben Gamboa July 14, 2003 Motivation Make it easier to understand ACL2 books after the fact Organize ACL2 books in a human-oriented, not a proof-oriented manner Publish ACL2 books in different formats (web, print, ...) and

372 views • 15 slides
Formal Verification of Arithmetic RTL: Translating Verilog to C++ to ACL2 David M. Russinoff Arm

Formal Verification of Arithmetic RTL: Translating Verilog to C++ to ACL2 David M. Russinoff Arm

Formal Verification of Arithmetic RTL: Translating Verilog to C++ to ACL2 David M. Russinoff Arm May 28, 2020 1/27 V ERIFICATION OF RTL D ESIGN WITH ACL2 Requirements for RTL verification by theorem proving: Semantics-preserving

422 views • 27 slides
Parallelizing an Interactive Theorem Prover Functional Programming and Proofs with ACL2 David L.

Parallelizing an Interactive Theorem Prover Functional Programming and Proofs with ACL2 David L.

Introduction Parallelism Primitives Parallelizing ACL2 Evaluate Approach Conclusion Talking Points Parallelizing an Interactive Theorem Prover Functional Programming and Proofs with ACL2 David L. Rager ragerdl@gmail.com June 17, 2013 1 /

751 views • 57 slides
Support for Trusted Extension in ACL2 J Strother Moore (joint work with Matt Kaufmann)

Support for Trusted Extension in ACL2 J Strother Moore (joint work with Matt Kaufmann)

Support for Trusted Extension in ACL2 J Strother Moore (joint work with Matt Kaufmann) Department of Computer Sciences University of Texas at Austin August, 2010 1 A C omputational L ogic for A pplicative C ommon L isp = ACL2 a

639 views • 35 slides

More recommend