support for trusted extension in acl2
play

Support for Trusted Extension in ACL2 J Strother Moore (joint work - PowerPoint PPT Presentation

Feb 04, 2024 •287 likes •639 views

Support for Trusted Extension in ACL2 J Strother Moore (joint work with Matt Kaufmann) Department of Computer Sciences University of Texas at Austin August, 2010 1 A C omputational L ogic for A pplicative C ommon L isp = ACL2 a

  1. Support for “Trusted” Extension in ACL2 J Strother Moore (joint work with Matt Kaufmann) Department of Computer Sciences University of Texas at Austin August, 2010 1

  2. A C omputational L ogic for A pplicative C ommon L isp = ACL2 • a functional programming language • a first-order mathematical theory • a mechanized theorem prover • implemented primarily in ACL2 2

  3. Primary Concerns • soundness • industrial-scale usability Our primary “customers” are AMD, Rockwell-Collins, Centaur Technology, IBM, and various government agencies 3

  4. We must adhere to Common Lisp 4

  5. We must adhere to Common Lisp . . . because efficient execution of ACL2 models is a major (driving?) concern 5

  6. Soundness is based on the care Kaufmann and Moore have taken in the implementation ACL2 is not “foundational” – we strive for good design and elegance in our coding, but we are willing to add logically “redundant” features as necessary 6

  7. “Blessed” extension mechanisms are primarily based on proof of appropriate properties Our “trust story” is that if users stick with certain features, they preserve as much soundness as we had in the first place Users can always go “under the hood” and do anything in Lisp 7

  8. Keys to ACL2’s extensibility include • expressions “are” objects • user can access the state of the system • system is coded in ACL2 so system functions are available in many contexts 8

  9. Two Senses of “Extension” • Logical – changing the logical theory • Behaviorial – changing the behavior of the prover 9

  10. Logical Extension Facilities • Ground-zero theory (starting point) • Theory Extension Events ◦ Simple axiomatic events · DEFUN - intro new rec fns; conservative · DEFCHOOSE (basis for DEFUN-SK ) - witness fns; conservative · DEFAXIOM - risky; rarely used ◦ Non-axiomatic events: DEFTHM - prove a theorem ◦ Compound · PROGN - grouping · LOCAL - scoping · INCLUDE-BOOK - import pre-certified events · ENCAPSULATE - intro constrained un-interp fns • Syntax extensions ◦ DEFCONST - abbrev constants ◦ DEFMACRO - computed trans of new syntax 10

  11. DEMO: Logical Extension Facilities • Ground-zero theory (starting point) • Theory Extension Events ◦ Simple axiomatic events · DEFUN - intro new rec fns; conservative · DEFCHOOSE (basis for DEFUN-SK ) - witness fns; conservative · DEFAXIOM - risky; rarely used ◦ Non-axiomatic events: DEFTHM - prove a theorem ◦ Compound · PROGN - grouping · LOCAL - scoping · INCLUDE-BOOK - import pre-certified events · ENCAPSULATE - intro constrained un-interp fns • Syntax extensions ◦ DEFCONST - abbrev constants ◦ DEFMACRO - computed trans of new syntax 11

  12. Two Senses of “Extension” • Logical – changing the logical theory • Behaviorial – changing the behavior of the prover 12

  13. Destructor Elimination Simplification Equality User Generalization formula pool Elimination of Irrelevance Induction 13

  14. Destructor Elimination Simplification evaluation propositional calculus Equality BDDs equality uninterpreted function symbols rational linear arithmetic User rewrite rules recursive definitions Generalization back− and forward−chaining metafunctions congruence−based rewriting Elimination of Irrelevance Induction 14

  15. axiom key lemma rule of inference proof theorem main theorem 15

  16. database composed of ‘‘books’’ of definitions, theorems, and advice proposed definitions conjectures and User advice Memory Gates Arith Vectors proofs Q.E.D. theorem prover 16

  17. database composed of ‘‘books’’ of definitions, theorems, and advice proposed definitions conjectures and User advice Memory Gates Arith Vectors proofs Q.E.D. theorem prover 17

  18. database composed of ‘‘books’’ of definitions, theorems, and advice proposed definitions conjectures and User advice Memory Gates Arith Vectors proofs Q.E.D. theorem prover 18

  19. database composed of ‘‘books’’ of definitions, theorems, and advice proposed definitions conjectures and User advice Memory Gates Arith Vectors proofs Q.E.D. theorem prover 19

  20. Destructor Elimination Simplification Equality User Generalization formula pool Elimination of Irrelevance Induction 20

  21. Behavorial Extension Facilities • Customization of Built-in Features ◦ Extending automation through rule-classes · Rewriting (conditional, contextual, congruence-based) · Metafunctions and Verified Clause-Processors · Pragmas -- syntaxp, bind-free, force, case-split, double-rewrite ◦ Static (Goal Specific) Hints • Programmatic (analogous to tactics) ◦ Computed Hints ◦ Make-event • Extending evaluation capabilities: ◦ Prototype without proof -- e.g., program mode, skip-proofs ◦ Optimizing Evaluation -- guard, mbe • Unverified (but useful) extensions · · · • Verified extensions · · · • Using ACL2 as a System-Building Shell 21

  22. DEMO: Behavorial Extension Facilities • Customization of Built-in Features ◦ Extending automation through rule-classes · Rewriting (conditional, contextual, congruence-based) · Metafunctions and Verified Clause-Processors · Pragmas -- syntaxp, bind-free, force, case-split, double-rewrite ◦ Static (Goal Specific) Hints • Programmatic (analogous to tactics) ◦ Computed Hints ◦ Make-event • Extending evaluation capabilities: ◦ Prototype without proof -- e.g., program mode, skip-proofs ◦ Optimizing Evaluation -- guard, mbe • Unverified (but useful) extensions · · · • Verified extensions · · · • Using ACL2 as a System-Building Shell 22

  23. Behavorial Extension Facilities • Customization of Built-in Features ◦ Extending automation through rule-classes · Rewriting (conditional, contextual, congruence-based) · Metafunctions and Verified Clause-Processors · Pragmas -- syntaxp, bind-free, force, case-split, double-rewrite ◦ Static (Goal Specific) Hints • Programmatic (analogous to tactics) ◦ Computed Hints ◦ Make-event • Extending evaluation capabilities: ◦ Prototype without proof -- e.g., program mode, skip-proofs ◦ Optimizing Evaluation -- guard, mbe • Unverified (but useful) extensions · · · • Verified extensions · · · • Using ACL2 as a System-Building Shell 23

  24. Clause Processors Destructor Elimination Simplification Equality User Generalization formula pool Elimination of Irrelevance Induction 24

  25. Verified clause processors are like metafunctions except operate at the goal level rather than the subterm level Unverified clause processors are external tools (like SAT-solvers, IBM’s SixthSense, etc.) 25

  26. It is possible to introduce partially constrained functions whose execution is carried out by calls to external tools. Matt Kaufmann, J S. Moore, Sandip Ray, and Erik Reeber. Integrating External Deduction Tools with ACL2. Journal of Applied Logic (Special Issue: Empirically Successful Computerized Reasoning), Volume 7, Issue 1, March 2009, pp. 3–25. Also published online (DOI 10.1016/j.jal.2007.07.002). 26

  27. DEMO: Behavorial Extension Facilities • Customization of Built-in Features ◦ Extending automation through rule-classes · Rewriting (conditional, contextual, congruence-based) · Metafunctions and Verified Clause-Processors · Pragmas -- syntaxp, bind-free, force, case-split, double-rewrite ◦ Static (Goal Specific) Hints • Programmatic (analogous to tactics) ◦ Computed Hints ◦ Make-event • Extending evaluation capabilities: ◦ Prototype without proof -- e.g., program mode, skip-proofs ◦ Optimizing Evaluation -- guard, mbe • Unverified (but useful) extensions · · · • Verified extensions · · · • Using ACL2 as a System-Building Shell 27

  28. Behavorial Extension Facilities • Customization of Built-in Features ◦ Extending automation through rule-classes · Rewriting (conditional, contextual, congruence-based) · Metafunctions and Verified Clause-Processors · Pragmas -- syntaxp, bind-free, force, case-split, double-rewrite ◦ Static (Goal Specific) Hints • Programmatic (analogous to tactics) ◦ Computed Hints ◦ Make-event • Extending evaluation capabilities: ◦ Prototype without proof -- e.g., program mode, skip-proofs ◦ Optimizing Evaluation -- guard, mbe • Unverified (but useful) extensions · · · • Verified extensions · · · • Using ACL2 as a System-Building Shell 28

  29. (defp run (s) (if ( haltedp s) s ( run ( step s)))) defp (“define partial function”) book: establishes that generic (uninterpreted) tail-recursive equation is satisfiable by an admissible function and then functionally instantiates that result for the user’s fns 29

  30. Behavorial Extension Facilities • Customization of Built-in Features ◦ Extending automation through rule-classes · Rewriting (conditional, contextual, congruence-based) · Metafunctions and Verified Clause-Processors ◦ Hints -- Static (Goal Specific) and/or Computed • Programmatic (analogous to tactics) ◦ Macros to generate events -- e.g., support for partial functions • Extending evaluation capabilities: ◦ Prototype without proof -- e.g., program mode, skip-proofs ◦ Optimizing Evaluation -- guard, mbe • Unverified (but useful) extensions · · · • Verified extensions · · · • Using ACL2 as a System-Building Shell 30

Recommend

ACL2(ml): Machine-Learning for ACL2 J. Heras and E. Komendantskaya

ACL2(ml): Machine-Learning for ACL2 J. Heras and E. Komendantskaya

ACL2(ml): Machine-Learning for ACL2 J. Heras and E. Komendantskaya http://staff.computing.dundee.ac.uk/katya/acl2ml/ 12 July 2014 ACL214 J. Heras ACL2(ml): Machine-Learning for ACL2 1/23 Outline Some Challenges in ACL2 1 An overview of

871 views • 56 slides
Axiomatic Events in ACL2 ( r ) Ruben Gamboa, John Cowles, and Nadya Kuzmina University of Wyoming

Axiomatic Events in ACL2 ( r ) Ruben Gamboa, John Cowles, and Nadya Kuzmina University of Wyoming

Axiomatic Events in ACL2 ( r ) Ruben Gamboa, John Cowles, and Nadya Kuzmina University of Wyoming Introduction ACL2 ( r ) is a variant of ACL2 that supports the irrational numbers It is distributed with the ACL2 sources The foundations of ACL2

479 views • 29 slides
Double Rewriting for Equivalential Reasoning in ACL2 Matt Kaufmann and J Strother Moore ACL2

Double Rewriting for Equivalential Reasoning in ACL2 Matt Kaufmann and J Strother Moore ACL2

Double Rewriting for Equivalential Reasoning in ACL2 Matt Kaufmann and J Strother Moore ACL2 Workshop, FLoC, Seattle, August 16, 2006 1 Introduction ACL2 provides a powerful congruence-based rewriting capability. However, some have

537 views • 19 slides
How Can I Do That with ACL2? Recent Enhancements to ACL2 Matt Kaufmann and J Strother Moore 1

How Can I Do That with ACL2? Recent Enhancements to ACL2 Matt Kaufmann and J Strother Moore 1

How Can I Do That with ACL2? Recent Enhancements to ACL2 Matt Kaufmann and J Strother Moore 1 Introduction (1) ACL2 Version 3.5 was released in May, 2009. Release note items (see :DOC release-notes) since then: (+ 41 ; 3.6 (8/2009) 3 ;

622 views • 49 slides
Flat Domains and Recursive Equations in ACL2 by John Cowles University of Wyoming 1 ACL2 is a

Flat Domains and Recursive Equations in ACL2 by John Cowles University of Wyoming 1 ACL2 is a

Flat Domains and Recursive Equations in ACL2 by John Cowles University of Wyoming 1 ACL2 is a logic of total functions. Some recursive equations have no satisfying ACL2 functions: No ACL2 function g satisfies this recursive equation

518 views • 35 slides
A Simple Java Code Generator for ACL2 Based on a Deep Embedding of ACL2 in Java Alessandro

A Simple Java Code Generator for ACL2 Based on a Deep Embedding of ACL2 in Java Alessandro

A Simple Java Code Generator for ACL2 Based on a Deep Embedding of ACL2 in Java Alessandro Coglio Kestrel Institute Workshop 2018 ATJ Java code generator for ACL2 (ACL2 To Java) based on AIJ deep embedding of ACL2 in Java (ACL2 In Java)

901 views • 38 slides
Hygienic Macros for ACL2 Carl Eastlund Matthias Felleisen cce@ccs.neu.edu matthias@ccs.neu.edu

Hygienic Macros for ACL2 Carl Eastlund Matthias Felleisen cce@ccs.neu.edu matthias@ccs.neu.edu

Hygienic Macros for ACL2 Carl Eastlund Matthias Felleisen cce@ccs.neu.edu matthias@ccs.neu.edu Northeastern University Boston, MA, USA 1 ACL2 2 ACL2 Formal verification based on pure, first-order Common Lisp. Used to model critical

909 views • 61 slides
Hint Orchestration Using ACL2's Simplifier Sol Swords Centaur Technology, Inc. ACL2 Workshop

Hint Orchestration Using ACL2's Simplifier Sol Swords Centaur Technology, Inc. ACL2 Workshop

Hint Orchestration Using ACL2's Simplifier Sol Swords Centaur Technology, Inc. ACL2 Workshop 2018 This talk is for hint abusers This might be you if: You cant be bothered to figure out a good rewriting strategy You just dont know

541 views • 30 slides
Adding a typing Adding a typing mechanism to ACL2 mechanism to ACL2 Vernon Austel Vernon

Adding a typing Adding a typing mechanism to ACL2 mechanism to ACL2 Vernon Austel Vernon

Adding a typing Adding a typing mechanism to ACL2 mechanism to ACL2 Vernon Austel Vernon Austel IBM IBM Outline Outline What a typed ACL2 might look like Vague proposal concerning how to change ACL2 to allow experimentation with type

873 views • 19 slides
DrACuLa: ACL2 in DrScheme Dale Vaillancourt Rex Page Matthias Felleisen ACL2 Workshop August

DrACuLa: ACL2 in DrScheme Dale Vaillancourt Rex Page Matthias Felleisen ACL2 Workshop August

DrACuLa: ACL2 in DrScheme Dale Vaillancourt Rex Page Matthias Felleisen ACL2 Workshop August 16, 2006 1 Undergraduate Software Engineering Page teaches two SE courses at Oklahoma U. Covers usual topics - specification, documentation,

557 views • 51 slides
A SAT-Based Procedure for Verifying Finite State Machines in ACL2 Warren A. Hunt, Jr. and Erik

A SAT-Based Procedure for Verifying Finite State Machines in ACL2 Warren A. Hunt, Jr. and Erik

A SAT-Based Procedure for Verifying Finite State Machines in ACL2 Warren A. Hunt, Jr. and Erik Reeber {reeber,hunt}@cs.utexas.edu The University of Texas ACL2 Workshop, August 16 , 2006 Introduction The ACL2 theorem prover is great

252 views • 22 slides
Partial Clock Functions in ACL2 John Matthews and Daron Vroon ACL2 Workshop 2004 Goals

Partial Clock Functions in ACL2 John Matthews and Daron Vroon ACL2 Workshop 2004 Goals

Partial Clock Functions in ACL2 John Matthews and Daron Vroon ACL2 Workshop 2004 Goals Given a state machine, we want : A termination proof: from a set of starting states, a desired goal state will always eventually be reached. An

423 views • 26 slides
Theorems About Programming Languages in ACL2 Sol Swords William Cook

Theorems About Programming Languages in ACL2 Sol Swords William Cook

Theorems About Programming Languages in ACL2 Sol Swords William Cook {sswords,wcook}@cs.utexas.edu Department of Computer Science University of Texas at Austin ACL2 Workshop, FLoC 2006 Outline 1 Introduction: Mechanizing Programming

540 views • 18 slides
So#ware Synthesis with ACL2 Eric Smith Kestrel Ins9tute

So#ware Synthesis with ACL2 Eric Smith Kestrel Ins9tute

So#ware Synthesis with ACL2 Eric Smith Kestrel Ins9tute ACL2 Workshop 2015 Outline Overview of Refinement-Based Synthesis Proof-EmiJng Transforma9ons

460 views • 21 slides
Literate Proofs Ruben Gamboa July 14, 2003 Motivation Make it easier to understand ACL2 books

Literate Proofs Ruben Gamboa July 14, 2003 Motivation Make it easier to understand ACL2 books

Literate Proofs Ruben Gamboa July 14, 2003 Motivation Make it easier to understand ACL2 books after the fact Organize ACL2 books in a human-oriented, not a proof-oriented manner Publish ACL2 books in different formats (web, print, ...) and

372 views • 15 slides
Formal Verification of Arithmetic RTL: Translating Verilog to C++ to ACL2 David M. Russinoff Arm

Formal Verification of Arithmetic RTL: Translating Verilog to C++ to ACL2 David M. Russinoff Arm

Formal Verification of Arithmetic RTL: Translating Verilog to C++ to ACL2 David M. Russinoff Arm May 28, 2020 1/27 V ERIFICATION OF RTL D ESIGN WITH ACL2 Requirements for RTL verification by theorem proving: Semantics-preserving

422 views • 27 slides
Parallelizing an Interactive Theorem Prover Functional Programming and Proofs with ACL2 David L.

Parallelizing an Interactive Theorem Prover Functional Programming and Proofs with ACL2 David L.

Introduction Parallelism Primitives Parallelizing ACL2 Evaluate Approach Conclusion Talking Points Parallelizing an Interactive Theorem Prover Functional Programming and Proofs with ACL2 David L. Rager ragerdl@gmail.com June 17, 2013 1 /

751 views • 57 slides
Measurement of IPv6 Extension Header Support Geoff Huston APNIC Labs IPv6 Extension Header The

Measurement of IPv6 Extension Header Support Geoff Huston APNIC Labs IPv6 Extension Header The

Measurement of IPv6 Extension Header Support Geoff Huston APNIC Labs IPv6 Extension Header The extension header sits between the IPv6 packet header and the upper level protocol header for the leading fragged packet, and sits between the

830 views • 21 slides
Challenge Problems for Challenge Problems for the ACL2 Community the ACL2 Community David

Challenge Problems for Challenge Problems for the ACL2 Community the ACL2 Community David

Challenge Problems for Challenge Problems for the ACL2 Community the ACL2 Community David Hardin David Hardin First, the good news First, the good news ACL2 has been shown to scale to industrial problems ACL2 has been shown to scale

239 views • 11 slides
A challenge problem: Toward better ACL2 proof technique Matt Kaufmann The University of Texas at

A challenge problem: Toward better ACL2 proof technique Matt Kaufmann The University of Texas at

A challenge problem: Toward better ACL2 proof technique Matt Kaufmann The University of Texas at Austin Dept. of Computer Science, GDC 7.804 ACL2 Workshop 2015 October 1, 2015 I NTRODUCTION I took a break this summer to return to my roots as

805 views • 61 slides
A Suite of Hard ACL2 Theorems Arising in Refinement-Based Processor Verification Panagiotis

A Suite of Hard ACL2 Theorems Arising in Refinement-Based Processor Verification Panagiotis

A Suite of Hard ACL2 Theorems Arising in Refinement-Based Processor Verification Panagiotis (Pete) Manolios Sudarshan Srinivasan Georgia Institute of Technology 1 Introduction Hardware verification is an area of strength for ACL2.

422 views • 20 slides
DMA Support for the Sancus Architecture Lightweight and Open-Source Trusted Computing for the IoT

DMA Support for the Sancus Architecture Lightweight and Open-Source Trusted Computing for the IoT

DMA Support for the Sancus Architecture Lightweight and Open-Source Trusted Computing for the IoT Sergio Seminara seminara@kth.se KTH - Kungliga Tekniska Hgskola Examiner: prof. Mads Dam Supervisor: prof. Roberto Guanciale Seminara (KTH)

545 views • 50 slides
Initial Presentation: Conception and implementation of an extension for the support and

Initial Presentation: Conception and implementation of an extension for the support and

Fakultt fr Informatik Technische Universitt Mnchen Initial Presentation: Conception and implementation of an extension for the support and Coordination in an Enterprise based on Enterprise-Wiki Confluence Student: Mario Guma Advisors:

271 views • 16 slides
Certifying Compositional Model Checking Algorithms in ACL2 Sandip Ray John Matthews Mark Tuttle

Certifying Compositional Model Checking Algorithms in ACL2 Sandip Ray John Matthews Mark Tuttle

Certifying Compositional Model Checking Algorithms in ACL2 Sandip Ray John Matthews Mark Tuttle ACL2 Workshop Presentation July 14, 2003 Outline Motivation and Goals Technical Background Comments on Our Work Issues and

609 views • 31 slides

More recommend