dracula acl2 in drscheme
play

DrACuLa: ACL2 in DrScheme Dale Vaillancourt Rex Page Matthias - PowerPoint PPT Presentation

Mar 21, 2024 •47 likes •557 views

DrACuLa: ACL2 in DrScheme Dale Vaillancourt Rex Page Matthias Felleisen ACL2 Workshop August 16, 2006 1 Undergraduate Software Engineering Page teaches two SE courses at Oklahoma U. Covers usual topics - specification, documentation,

  1. DrACuLa: ACL2 in DrScheme Dale Vaillancourt Rex Page Matthias Felleisen ACL2 Workshop August 16, 2006 1

  2. Undergraduate Software Engineering Page teaches two SE courses at Oklahoma U. • Covers usual topics - specification, documentation, time management, teamwork, code reviews, defect control, etc. • Special emphasis on specification and defect control using logic. 2

  3. Undergraduate Software Engineering Two typical course projects: • Read in an image file, rotate it, flip it write a new file. Prove (equal (rotate image 360) image) Prove (equal (flip (flip image)) image) • Read in stock market data, compute statistics. Prove arithmetic properties. 3

  4. Undergraduate Software Engineering Overall, good results • Student course evaluations are (mostly) positive • Industry observers like what they see in code reviews. 4

  5. Three Problems Recur • ACL2 environment is unfriendly & overwhelming. • Projects need to engage students. Text based exercises are too small and boring. Current projects are not representative of what students will work on in the future. • Students are new to (functional) program design. Corollary: Students therefore have trouble reasoning and proving theorems about their programs. 5

  6. Our Proposal • Build a student friendly ACL2 environment: Dracula. • Environment should support development of graphical interactive software. • Integrate program design into curriculum (longer term goal). 6

  7. Dracula: A Student Friendly ACL2 Environment 7

  8. A Friendly Reminder • DrScheme & associated pedagogy represent over a decade of research and experience on friendly programming environments. • Dracula is built on top of DrScheme. • See section 2 of paper for more background on DrScheme. 8

  9. Being Friendly • Smaller language => improved error messages. • Graphically connect errors to the program source. • Use a simple GUI to control the environment. 9

  10. Dracula's ACL2 Language Provided forms: • defun , defconst , defthm • cond , and , or , if • defstructure , deflist • let , quote Provides all documented primitive procedures. 10

  11. Guard Errors 11

  12. Guard Errors 12

  13. Short Demonstration 13

  14. Developing Interactive, Graphical Programs (Functionally!) 14

  15. Structure of an Interactive Program Consider a simple counter program. 15

  16. Represent automaton as an ACL2 program ; An Action is either 'left or 'right ; A World is an integer ; transition : World Action → World (defun transition (a-world action) (case action ((left) (1- a-world)) ((right) (1+ a-world)))) 16

  17. Tick Tock Suppose we want the counter to increment automatically with a given clock period. 17

  18. Counter Program v.2 ; A World is a Natural Number ; Transition function ; tick : World -> World (defun tick (w) (1+ w)) 18

  19. Making it run We must also specify how to render each world: ; render-world : World -> Image ; produce an image of the given world (defun render-world (the-world) (text (int->string the-world) *size* *color*)) And we get the ball rolling with a few macro invocations: (big-bang *width* *height* *clock-period* *initial-world*) (on-key-event transition) (on-tick-event tick) (on-redraw render-world) 19

  20. A Little Fancier: Worm 20

  21. Representing the Worm ; A Segment is (segment natural natural) (defstructure segment x y) (defconst *segment-diameter* 10) ; Velocity is in '(up down left right) ; A Worm is (worm segment Velocity segment-list) (defstructure worm head velocity tail) But, not just any head and segment-list will do. 21

  22. Reasoning about GUI Programs Use the transition functions ; worm-well-formed? : any → Boolean ; Is the given object a well-formed worm? (defun worm-well-formed? (w) (consecutive-pairs-adjacent? (cons (worm-head w) (worm-tail w)))) (defthm initial-worm-well-formed (worm-well-formed? *initial-worm*)) (defthm worm-move-preserves-well-formedness (implies (worm-well-formed? w) (worm-well-formed? (worm-move w)))) Requires fewer than 10 lemmas. 22

  23. Classroom Experience 23

  24. A Subjective Survey Last Fall - Page's SE I students used ACL2 via the console and their favorite editor. Last Spring - same students used Dracula in SE II. Page surveyed SE II class in April to get their thoughts on Dracula. 24

  25. Survey says... • Students like Dracula's error reporting. • Students like developing GUI software in Dracula. • Students like Dracula's GUI to the theorem prover. • Students identified a couple weaknesses in Dracula's implementation. • Students want a debugger for Dracula. • Instructor liked Dracula too. More details in paper. 25

  26. Looking Ahead 26

  27. Future Work • Modules for Dracula for ACL2 • Formalize the World Teachpack framework • Port the HtDP pedagogy to ACL2 program design. 27

  28. What is a module? A module is a collection of definitions and expressions (not necessarily closed). Desideratum: A module can be developed and reasoned about in the absence of implementation modules upon which it may depend. Two benefits: • Namespace management - module authors opt to hide certain names (definitions). • Separate reasoning - programmers can reason about their modules without looking at their colleagues' code (just need a spec). 28

  29. Module example ; Specification for insert: (defthm insert-spec (implies (and (integerp x) (ordered-integer-listp lst)) (ordered-integer-listp (insert x lst)))) (module sort (require insert) (defun sort (lst) (if (endp lst) '() (insert (first lst) (sort (rest lst))))) (defthm sort-theorem (ordered-integer-listp (sort lst)))) 29

  30. ACL2 lacks modules Puzzle: Provide g but hide helper . (defun helper (x) (+ x 2)) (defun g (x) (helper (helper x))) • include-book , encapsulate , and local will not do the trick. • Packages do not suffice. Clients gets to decide which names to "hide" when building packages. 30

  31. Dracula's Modules (module insert (provide/spec insert [integerp ordered-integer-listp -> ordered-integer-listp]) (define insert (x lst) ...)) (module sort (require insert) (define sort (lst) ... (insert (first lst) (sort (rest lst))) ...)) 31

  32. Formalizing the World Teachpack There is still a logical disconnect between World-based programs and the actual behavior of the program. 32

  33. HtDP 33

  34. Data Definition Suppose we want to design function to sort integer lists. Structure of code follows structure of data. An integer-list is either • nil , or • (cons integer integer-list) 34

  35. Design Recipe for Sorting Problem: Design a function that sorts a given list of integers. 35

  36. Design Recipe for Sorting Problem: Design a function that sorts a given list of integers. ; sort : int-list → int-list ; sort the given list (defun sort (alon) ...) 36

  37. Design Recipe for Sorting Problem: Design a function that sorts a given list of integers. ; sort : int-list → int-list ; sort the given list (defun sort (alon) ...) (equal (sort nil) nil) (equal (sort '(3 2 1)) '(1 2 3)) 37

  38. Design Recipe for Sorting Problem: Design a function that sorts a given list of integers. ; sort : int-list → int-list ; sort the given list (defun sort (alon) (cond ((endp alon) ...) ((consp alon) ... (first alon) ... ... (rest alon) ... ... (sort (rest alon)) ...))) (equal (sort nil) nil) (equal (sort '(3 2 1)) '(1 2 3)) 38

  39. Design Recipe for Sorting Problem: Design a function that sorts a given list of integers. ; sort : int-list → int-list ; sort the given list (defun sort (alon) (cond ((endp alon) nil) ((consp alon) ... (first alon) ... ... (rest alon) ... ... (sort (rest alon)) ...))) (equal (sort nil) nil) (equal (sort '(3 2 1)) '(1 2 3)) 39

  40. Design Recipe for Sorting Problem: Design a function that sorts a given list of integers. ; sort : int-list → int-list ; sort the given list (defun sort (alon) (cond ((endp alon) nil) ((consp alon) (insert (first alon) (sort (rest alon)))))) (equal (sort nil) nil) (equal (sort '(3 2 1)) '(1 2 3)) 40

  41. Proving a Theorem ; Prove half the correctness for sort 41

  42. Proving a Theorem ; Prove half the correctness for sort (defthm sort-produces-an-ordered-list (ordered? (sort a-list))) 42

  43. Proving a Theorem ; Prove half the correctness for sort (defthm sort-produces-an-ordered-list (ordered? (sort a-list))) (ordered? (sort nil)) (ordered? (sort '(3 2 1))) 43

  44. Proving a Theorem ; Prove half the correctness for sort (defthm sort-produces-an-ordered-list (ordered? (sort a-list))) (ordered? (sort nil)) (ordered? (sort '(3 2 1))) Induction on a-list leads to: (defthm insert-preserves-ordered? (implies (and (number? num) (ordered? a-list)) (ordered? (insert num a-list)))) 44

  45. Proving a Theorem ; Prove half the correctness for sort (defthm sort-produces-an-ordered-list (ordered? (sort a-list))) (ordered? (sort nil)) (ordered? (sort '(3 2 1))) Induction on a-list leads to: (defthm insert-preserves-ordered? (implies (and (number? num) (ordered? a-list)) (ordered? (insert num a-list)))) 45

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Dracula Reborn: ML-style modules, Racket macros, and ACL2 theorem proving Carl Eastlund Zoe

Dracula Reborn: ML-style modules, Racket macros, and ACL2 theorem proving Carl Eastlund Zoe

Dracula Reborn: ML-style modules, Racket macros, and ACL2 theorem proving Carl Eastlund Zoe Zhang Matthias Felleisen Northeastern University 1 Dracula 2 Modular ACL2 (interface TYPE (sig pred (x))) (interface LIST-OF (extend TYPE)

701 views • 16 slides
ACL2(ml): Machine-Learning for ACL2 J. Heras and E. Komendantskaya

ACL2(ml): Machine-Learning for ACL2 J. Heras and E. Komendantskaya

ACL2(ml): Machine-Learning for ACL2 J. Heras and E. Komendantskaya http://staff.computing.dundee.ac.uk/katya/acl2ml/ 12 July 2014 ACL214 J. Heras ACL2(ml): Machine-Learning for ACL2 1/23 Outline Some Challenges in ACL2 1 An overview of

871 views • 56 slides
Axiomatic Events in ACL2 ( r ) Ruben Gamboa, John Cowles, and Nadya Kuzmina University of Wyoming

Axiomatic Events in ACL2 ( r ) Ruben Gamboa, John Cowles, and Nadya Kuzmina University of Wyoming

Axiomatic Events in ACL2 ( r ) Ruben Gamboa, John Cowles, and Nadya Kuzmina University of Wyoming Introduction ACL2 ( r ) is a variant of ACL2 that supports the irrational numbers It is distributed with the ACL2 sources The foundations of ACL2

479 views • 29 slides
Double Rewriting for Equivalential Reasoning in ACL2 Matt Kaufmann and J Strother Moore ACL2

Double Rewriting for Equivalential Reasoning in ACL2 Matt Kaufmann and J Strother Moore ACL2

Double Rewriting for Equivalential Reasoning in ACL2 Matt Kaufmann and J Strother Moore ACL2 Workshop, FLoC, Seattle, August 16, 2006 1 Introduction ACL2 provides a powerful congruence-based rewriting capability. However, some have

537 views • 19 slides
How Can I Do That with ACL2? Recent Enhancements to ACL2 Matt Kaufmann and J Strother Moore 1

How Can I Do That with ACL2? Recent Enhancements to ACL2 Matt Kaufmann and J Strother Moore 1

How Can I Do That with ACL2? Recent Enhancements to ACL2 Matt Kaufmann and J Strother Moore 1 Introduction (1) ACL2 Version 3.5 was released in May, 2009. Release note items (see :DOC release-notes) since then: (+ 41 ; 3.6 (8/2009) 3 ;

622 views • 49 slides
Flat Domains and Recursive Equations in ACL2 by John Cowles University of Wyoming 1 ACL2 is a

Flat Domains and Recursive Equations in ACL2 by John Cowles University of Wyoming 1 ACL2 is a

Flat Domains and Recursive Equations in ACL2 by John Cowles University of Wyoming 1 ACL2 is a logic of total functions. Some recursive equations have no satisfying ACL2 functions: No ACL2 function g satisfies this recursive equation

518 views • 35 slides
A Simple Java Code Generator for ACL2 Based on a Deep Embedding of ACL2 in Java Alessandro

A Simple Java Code Generator for ACL2 Based on a Deep Embedding of ACL2 in Java Alessandro

A Simple Java Code Generator for ACL2 Based on a Deep Embedding of ACL2 in Java Alessandro Coglio Kestrel Institute Workshop 2018 ATJ Java code generator for ACL2 (ACL2 To Java) based on AIJ deep embedding of ACL2 in Java (ACL2 In Java)

901 views • 38 slides
Hygienic Macros for ACL2 Carl Eastlund Matthias Felleisen cce@ccs.neu.edu matthias@ccs.neu.edu

Hygienic Macros for ACL2 Carl Eastlund Matthias Felleisen cce@ccs.neu.edu matthias@ccs.neu.edu

Hygienic Macros for ACL2 Carl Eastlund Matthias Felleisen cce@ccs.neu.edu matthias@ccs.neu.edu Northeastern University Boston, MA, USA 1 ACL2 2 ACL2 Formal verification based on pure, first-order Common Lisp. Used to model critical

909 views • 61 slides
Hint Orchestration Using ACL2's Simplifier Sol Swords Centaur Technology, Inc. ACL2 Workshop

Hint Orchestration Using ACL2's Simplifier Sol Swords Centaur Technology, Inc. ACL2 Workshop

Hint Orchestration Using ACL2's Simplifier Sol Swords Centaur Technology, Inc. ACL2 Workshop 2018 This talk is for hint abusers This might be you if: You cant be bothered to figure out a good rewriting strategy You just dont know

541 views • 30 slides
Adding a typing Adding a typing mechanism to ACL2 mechanism to ACL2 Vernon Austel Vernon

Adding a typing Adding a typing mechanism to ACL2 mechanism to ACL2 Vernon Austel Vernon

Adding a typing Adding a typing mechanism to ACL2 mechanism to ACL2 Vernon Austel Vernon Austel IBM IBM Outline Outline What a typed ACL2 might look like Vague proposal concerning how to change ACL2 to allow experimentation with type

873 views • 19 slides
A SAT-Based Procedure for Verifying Finite State Machines in ACL2 Warren A. Hunt, Jr. and Erik

A SAT-Based Procedure for Verifying Finite State Machines in ACL2 Warren A. Hunt, Jr. and Erik

A SAT-Based Procedure for Verifying Finite State Machines in ACL2 Warren A. Hunt, Jr. and Erik Reeber {reeber,hunt}@cs.utexas.edu The University of Texas ACL2 Workshop, August 16 , 2006 Introduction The ACL2 theorem prover is great

252 views • 22 slides
Partial Clock Functions in ACL2 John Matthews and Daron Vroon ACL2 Workshop 2004 Goals

Partial Clock Functions in ACL2 John Matthews and Daron Vroon ACL2 Workshop 2004 Goals

Partial Clock Functions in ACL2 John Matthews and Daron Vroon ACL2 Workshop 2004 Goals Given a state machine, we want : A termination proof: from a set of starting states, a desired goal state will always eventually be reached. An

423 views • 26 slides
Theorems About Programming Languages in ACL2 Sol Swords William Cook

Theorems About Programming Languages in ACL2 Sol Swords William Cook

Theorems About Programming Languages in ACL2 Sol Swords William Cook {sswords,wcook}@cs.utexas.edu Department of Computer Science University of Texas at Austin ACL2 Workshop, FLoC 2006 Outline 1 Introduction: Mechanizing Programming

540 views • 18 slides
So#ware Synthesis with ACL2 Eric Smith Kestrel Ins9tute

So#ware Synthesis with ACL2 Eric Smith Kestrel Ins9tute

So#ware Synthesis with ACL2 Eric Smith Kestrel Ins9tute ACL2 Workshop 2015 Outline Overview of Refinement-Based Synthesis Proof-EmiJng Transforma9ons

460 views • 21 slides
Literate Proofs Ruben Gamboa July 14, 2003 Motivation Make it easier to understand ACL2 books

Literate Proofs Ruben Gamboa July 14, 2003 Motivation Make it easier to understand ACL2 books

Literate Proofs Ruben Gamboa July 14, 2003 Motivation Make it easier to understand ACL2 books after the fact Organize ACL2 books in a human-oriented, not a proof-oriented manner Publish ACL2 books in different formats (web, print, ...) and

372 views • 15 slides
Formal Verification of Arithmetic RTL: Translating Verilog to C++ to ACL2 David M. Russinoff Arm

Formal Verification of Arithmetic RTL: Translating Verilog to C++ to ACL2 David M. Russinoff Arm

Formal Verification of Arithmetic RTL: Translating Verilog to C++ to ACL2 David M. Russinoff Arm May 28, 2020 1/27 V ERIFICATION OF RTL D ESIGN WITH ACL2 Requirements for RTL verification by theorem proving: Semantics-preserving

422 views • 27 slides
hrtimers and beyond - transformation of the Linux time(r) system Thomas Gleixner Douglas

hrtimers and beyond - transformation of the Linux time(r) system Thomas Gleixner Douglas

hrtimers and beyond - transformation of the Linux time(r) system Thomas Gleixner Douglas Niehaus OLS 2006 Original time(r) system Arch 1 Timekeeping TOD Clock source HW Tick ISR Clock event source HW Arch 2 Process acc. TOD Clock

320 views • 28 slides
again? Tanya Reilly (@whereistanya) MY SKILLZ Where are you in RESUME the stack? CMS MY

again? Tanya Reilly (@whereistanya) MY SKILLZ Where are you in RESUME the stack? CMS MY

Have you tried turning it off and turning it on again? Tanya Reilly (@whereistanya) MY SKILLZ Where are you in RESUME the stack? CMS MY SKILLZ Where are you in RESUME the stack? CMS MY SKILLZ Where are you in RESUME the stack? CMS

868 views • 59 slides
Exact results for quenched disorder at criticality Gesualdo Delfino SISSA Trieste Based on:

Exact results for quenched disorder at criticality Gesualdo Delfino SISSA Trieste Based on:

Quantissima in the Serenissima III Venice, 19-23 August 2019 Exact results for quenched disorder at criticality Gesualdo Delfino SISSA Trieste Based on: G. Delfino, Phys. Rev. Lett. 118 (2017) 250601 G. Delfino and E. Tartaglia, Phys.

460 views • 27 slides
Trauma-informed approaches in clinic & community settings January 30, 2020 Katy Davis, PhD,

Trauma-informed approaches in clinic & community settings January 30, 2020 Katy Davis, PhD,

Trauma-informed approaches in clinic & community settings January 30, 2020 Katy Davis, PhD, Director of Trauma- Informed Care Initiative, University of California San Francisco Womens HIV Program Michelle Adyniec, RN, Clinical Manager for

407 views • 28 slides
JAVASCRIPT an d th e We b ! JAVASCRIPT popular scripting language on the Web, supported by

JAVASCRIPT an d th e We b ! JAVASCRIPT popular scripting language on the Web, supported by

CS498RK SPRING 2020 JAVASCRIPT an d th e We b ! JAVASCRIPT popular scripting language on the Web, supported by browsers separate scripting from structure (HTML) and presentation (CSS) client- and server-side programming object-oriented,

628 views • 31 slides
Physics Trigger in protoDUNE: Function and Performance David Last, David Rivera, and

Physics Trigger in protoDUNE: Function and Performance David Last, David Rivera, and

Physics Trigger in protoDUNE: Function and Performance David Last, David Rivera, and Jonathan Sensenig June 6, 2019 Physics Performance Meeting 0 Outline Overall Trigger Structure Our Physics Trigger for protoDUNE

544 views • 21 slides
Timekeeping in the Linux Kernel Stephen Boyd Qualcomm Innovation Center, Inc. 1 / 40 In the

Timekeeping in the Linux Kernel Stephen Boyd Qualcomm Innovation Center, Inc. 1 / 40 In the

Timekeeping in the Linux Kernel Stephen Boyd Qualcomm Innovation Center, Inc. 1 / 40 In the beginning ... 2 / 40 there was a counter 0000ec544fef3c8a 3 / 40 Calculating the Passage of Time (in ns) c cycles c cycles c cycles = = ( )

914 views • 40 slides
Scaling Computer Games To Epic Proportions Walker White Cornell University Joint work with Al

Scaling Computer Games To Epic Proportions Walker White Cornell University Joint work with Al

Scaling Computer Games To Epic Proportions Walker White Cornell University Joint work with Al Demers, Johannes Gehrke, Christoph Koch, and Rajamohan Rajagopolan Computer Games $7B in sales in 2005 Outperforming the movie industry

742 views • 60 slides

More recommend