embedding acl2 in hol
play

Embedding ACL2 in HOL Mike Gordon, Warren A. Hunt, Jr., Matt - PowerPoint PPT Presentation

Oct 31, 2022 •101 likes •350 views

Title Embedding ACL2 in HOL Mike Gordon, Warren A. Hunt, Jr., Matt Kaufmann, James Reynolds Gordon, Hunt, Kaufmann, Reynolds Embedding ACL2 in HOL (ACL206 Workshop, Seattle) 1 / 23 Title Embedding ACL2 in HOL Mike Gordon, Warren A. Hunt,

  1. Title Embedding ACL2 in HOL Mike Gordon, Warren A. Hunt, Jr., Matt Kaufmann, James Reynolds Gordon, Hunt, Kaufmann, Reynolds Embedding ACL2 in HOL (ACL206 Workshop, Seattle) 1 / 23

  2. Title Embedding ACL2 in HOL Mike Gordon, Warren A. Hunt, Jr., Matt Kaufmann, James Reynolds Higher-order logic proof in HOL4 First-order ACL2 logic in HOL trusted code translating ML and LISP S-expressions ACL2 input file proof in ACL2 Optimised ACL2 specification Gordon, Hunt, Kaufmann, Reynolds Embedding ACL2 in HOL (ACL206 Workshop, Seattle) 2 / 23

  3. Title HOL and ACL2 Higher order logic (HOL) can express pretty much anything traditional textbook semantics denotational semantics needs higher order functions operational semantics needs inductive relations arbitrary mathematics classical analysis (e.g. measure theory) infinite stream processing (e.g. Cryptol semantics) ACL2 is a programming language and a theorem prover ACL2 logic terms = Common Lisp programs theorem prover for first order logic (FOL) + induction high assurance + fast execution + strong proof automation Some projects committed to HOL, others to ACL2 Cambridge ARM project committed to HOL Rockwell-Collins AAMP7 committed to ACL2 Galois SHADE project uses both HOL and ACL2 Gordon, Hunt, Kaufmann, Reynolds Embedding ACL2 in HOL (ACL206 Workshop, Seattle) 3 / 23

  4. Title Motivating examples for linking HOL and ACL2 ACL2 as a HOL simulation engine translate HOL specifications into first-order ACL2 export ACL2-in-HOL to ACL2 system run on ground data using ACL2 stobj -execution Validate the Galois Connections Cryptol-to-ACL2 compiler Cryptol semantics easier in HOL than in ACL2 Galois SHADE tool translates Cryptol to AAMP7 via ACL2 validate SHADE compilation of D by HOL proof of ⊢ CryptolSemantics ( D ) ≡ Acl 2 ToHol ( SHADE ( D )) Use HOL measure theory to validate ACL2 primality test Miller-Rabin test easy to code in ACL2, but hard to specify HOL has a library supporting measure theory (Hurd) validate ACL2 checker against HOL measure theory spec Gordon, Hunt, Kaufmann, Reynolds Embedding ACL2 in HOL (ACL206 Workshop, Seattle) 4 / 23

  5. Title This talk, the workshop paper, the companion paper This talk is background, motivation and simple overview workshop proceedings contain technical details emphasises low level logical issues Companion paper to be presented at FMCAD 2006 more comprehensive emphasises automatic encoding/decoding tools in HOL Code and examples in SourceForge repository for HOL4 http://hol.cvs.sourceforge.net/hol/hol98/examples/acl2/ Gordon, Hunt, Kaufmann, Reynolds Embedding ACL2 in HOL (ACL206 Workshop, Seattle) 5 / 23

  6. Title Previous work PM (Proof Manager) by Fink, Archer and Yang (UC Davis) low emphasis on logical issues main effort on unified UI for various provers ACL2PII by Staples uses Prosper Integration Interface (PII) more emphasis on logic issues than PM tricky translation from HOL to FOL by ML scripts used by Susanto to run his unverified ARM model Gordon, Hunt, Kaufmann, Reynolds Embedding ACL2 in HOL (ACL206 Workshop, Seattle) 6 / 23

  7. Title Requirements of current work Believable soundness story earlier attempt not accepted by ACL2 community Handle big examples robustly run software on Fox’s verified ARM6 model Ease of use value can be realised with only minimal knowledge of ACL2 Compatible with Isabelle/HOL Galois (Matthews) uses Isabelle/HOL for Cryptol semantics Gordon, Hunt, Kaufmann, Reynolds Embedding ACL2 in HOL (ACL206 Workshop, Seattle) 7 / 23

  8. Title Our approach: HOL theory SEXP of ACL2 logic Machine verified translation between higher order logic Higher-order logic and first order SEXP theory proof in HOL4 First-order ACL2 logic in HOL Clean translations between HOL/SEXP and ACL2 trusted code ML tool writes HOL/SEXP to translating ACL2 input files ML and LISP S-expressions LISP tool writes ACL2 to HOL/SEXP input files ACL2 input file proof in ACL2 Machine verified translation between expanded ACL2 and Optimised ACL2 specification conventional style ACL2 Gordon, Hunt, Kaufmann, Reynolds Embedding ACL2 in HOL (ACL206 Workshop, Seattle) 8 / 23

  9. Title ACL2: programming language or logic? (EQUAL (* (* X Y) Z) (* X (* Y Z))) [ ASSOCIATIVITY-OF-* from ACL2 file axioms.lisp ] An S-expression in Lisp? 1 valid because if X , Y and Z are replaced by any S-expressions, then the resulting instance of the axiom will evaluate to t in Lisp A formula of first order logic? 2 defines what it means for evaluation to be correct: it is a partial semantics of Lisp evaluation Second approach adopted: axioms.lisp defines the ACL2 logic differences between this and Lisp behaviour (when there are no guard violations) viewed as bugs in Lisp, not in the ACL2 axioms. Gordon, Hunt, Kaufmann, Reynolds Embedding ACL2 in HOL (ACL206 Workshop, Seattle) 9 / 23

  10. Title ACL2 inside HOL (1) First, a datatype of S-expressions in higher order logic type_abbrev("packagename", ‘ ‘:string‘ ‘) type_abbrev("name", ‘ ‘:string‘ ‘) Hol_datatype ‘sexp = ACL2_SYMBOL of packagename => name | ACL2_STRING of string | ACL2_CHARACTER of char | ACL2_NUMBER of complex_rational | ACL2_PAIR of sexp => sexp‘ Similar to Staples’ ML definition, but inside the HOL logic complex_rational built from rationals (Jens Brandt) Gordon, Hunt, Kaufmann, Reynolds Embedding ACL2 in HOL (ACL206 Workshop, Seattle) 10 / 23

  11. Title ACL2 inside HOL (2) Overloading used to manage ACL2 names acl2Define " acl2Name " ‘ holName ...‘ constant acl2Name defined, then overloaded on holName full ACL2 names simplify SEXP ↔ ACL2 correspondence Simple examples: overload sym on ACL2_SYMBOL , then: acl2Define "COMMON-LISP::NIL" ‘nil = sym "COMMON-LISP" "NIL"‘ acl2Define "COMMON-LISP::T" ‘t = sym "COMMON-LISP" "T"‘ acl2Define "COMMON-LISP::EQUAL" ‘equal x y = if x = y then t else nil‘ Gordon, Hunt, Kaufmann, Reynolds Embedding ACL2 in HOL (ACL206 Workshop, Seattle) 11 / 23

  12. Title ACL2 inside HOL (3) More examples: overload cons on ACL2_PAIR , then: acl2Define "COMMON-LISP::CAR" ‘(car(cons x _) = x) ∧ (car _ = nil)‘ acl2Define "COMMON-LISP::CDR" ‘(cdr(cons _ y) = y) ∧ (cdr _ = nil)‘ acl2Define "COMMON-LISP::IF" ‘ite x y z = if x = nil then z else y‘ 31 ACL2 primitives in axioms.lisp : acl2-numberp bad-atom<= binary-* binary-+ unary-- unary-/ < car cdr char-code characterp code-char complex complex-rationalp coerce cons consp denominator equal if imagpart integerp intern-in-package-of-symbol numerator pkg-witness rationalp realpart stringp symbol-name symbol-package-name symbolp All these ACL2 primitives have been defined in HOL Some tricky to get right (e.g. symbolp – see paper)! Gordon, Hunt, Kaufmann, Reynolds Embedding ACL2 in HOL (ACL206 Workshop, Seattle) 12 / 23

  13. Title Proving the ACL2 axioms in HOL S-expression p corresponds to formula ¬ (p = nil) so define: ( | = p) = ¬ (p = nil) Note that 1 is a theorem of ACL2: ⊢ | = 1 Some ACL2 axioms are trivial to prove ⊢ ∀ x y. | = equal (car(cons x y)) x ⊢ ∀ x y. | = equal (cdr(cons x y)) y Others are harder may just be hard (e.g. validity of ε 0 -induction) or have lots of fiddly details 78 axioms: we are slowly working through their proofs ... Gordon, Hunt, Kaufmann, Reynolds Embedding ACL2 in HOL (ACL206 Workshop, Seattle) 13 / 23

  14. Title Coding HOL values as S-expressions sexp Universe of HOL types Gordon, Hunt, Kaufmann, Reynolds Embedding ACL2 in HOL (ACL206 Workshop, Seattle) 14 / 23

  15. Title Simple example (type encoding) A simple HOL type definition: Hol_datatype ‘colour = R | B‘ The following theorems are generated automatically ⊢ encode_colour t = case t of R -> nat 0 | | B -> nat 1 ⊢ decode_colour x = if x = nat 0 then R else if x = nat 1 then B else ARB ⊢ colourp x = ite (equal (nat 0) x) t (equal (nat 1) x) ⊢ decode_colour(encode_colour x) = x ⊢ ( | = colourp x) ==> (encode_colour(decode_colour x) = x) ⊢ | = colourp(encode_colour x) ⊢ | = f(case a of R -> C0 | | B -> C1) = ite (equal(encode_colour a)(nat 0)) (f C0) (f C1) Can handle recursive datatypes (e.g. red-black trees) Gordon, Hunt, Kaufmann, Reynolds Embedding ACL2 in HOL (ACL206 Workshop, Seattle) 15 / 23

  16. Title Simple example (function encoding) From a HOL function definition: ⊢ (flip_colour R = B) ∧ (flip_colour B = R) The following are generated automatically: definition of encoding function ⊢ acl2_flip_colour a = ite (colourp a) (ite (equal a (nat 0)) (nat 1) (nat 0)) (nat 1) recogniser theorem ⊢ | = colourp(acl2_flip_colour a) correctness theorem ⊢ encode_colour(flip_colour a) = acl2_flip_colour(encode_colour a) Can handle recursively defined functions Gordon, Hunt, Kaufmann, Reynolds Embedding ACL2 in HOL (ACL206 Workshop, Seattle) 16 / 23

  17. Title Summary ACL2 is faster and/or more secure than ML computation has higher assurance than ML can execute industrial scale models ACL2 combines a programming language with a logic maybe uniquely has this property HOL can express things hard to express in ACL2 e.g. the definition of a measurable set Using ACL2 with HOL enlarges ‘circle of trust’ but can attach ACL2 tag to HOL theorems Extra trusted code minimised HOL, ACL2 assumed trusted clean translations SEXP-in-HOL ↔ SEXP-in-ACL2 Gordon, Hunt, Kaufmann, Reynolds Embedding ACL2 in HOL (ACL206 Workshop, Seattle) 17 / 23

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

A Simple Java Code Generator for ACL2 Based on a Deep Embedding of ACL2 in Java Alessandro

A Simple Java Code Generator for ACL2 Based on a Deep Embedding of ACL2 in Java Alessandro

A Simple Java Code Generator for ACL2 Based on a Deep Embedding of ACL2 in Java Alessandro Coglio Kestrel Institute Workshop 2018 ATJ Java code generator for ACL2 (ACL2 To Java) based on AIJ deep embedding of ACL2 in Java (ACL2 In Java)

901 views • 38 slides
ACL2(ml): Machine-Learning for ACL2 J. Heras and E. Komendantskaya

ACL2(ml): Machine-Learning for ACL2 J. Heras and E. Komendantskaya

ACL2(ml): Machine-Learning for ACL2 J. Heras and E. Komendantskaya http://staff.computing.dundee.ac.uk/katya/acl2ml/ 12 July 2014 ACL214 J. Heras ACL2(ml): Machine-Learning for ACL2 1/23 Outline Some Challenges in ACL2 1 An overview of

871 views • 56 slides
Axiomatic Events in ACL2 ( r ) Ruben Gamboa, John Cowles, and Nadya Kuzmina University of Wyoming

Axiomatic Events in ACL2 ( r ) Ruben Gamboa, John Cowles, and Nadya Kuzmina University of Wyoming

Axiomatic Events in ACL2 ( r ) Ruben Gamboa, John Cowles, and Nadya Kuzmina University of Wyoming Introduction ACL2 ( r ) is a variant of ACL2 that supports the irrational numbers It is distributed with the ACL2 sources The foundations of ACL2

479 views • 29 slides
Double Rewriting for Equivalential Reasoning in ACL2 Matt Kaufmann and J Strother Moore ACL2

Double Rewriting for Equivalential Reasoning in ACL2 Matt Kaufmann and J Strother Moore ACL2

Double Rewriting for Equivalential Reasoning in ACL2 Matt Kaufmann and J Strother Moore ACL2 Workshop, FLoC, Seattle, August 16, 2006 1 Introduction ACL2 provides a powerful congruence-based rewriting capability. However, some have

537 views • 19 slides
Planarity Embedding Embedding For a given graph G = ( V , E ) , an embedding (into R 2 ) assigns

Planarity Embedding Embedding For a given graph G = ( V , E ) , an embedding (into R 2 ) assigns

Planarity Embedding Embedding For a given graph G = ( V , E ) , an embedding (into R 2 ) assigns each vertex a coordinate and each edge a (not necessarily straight) line connecting the corresponding coordinates. 0 1 3 4 1 1 0 2 5 2 5

754 views • 18 slides
Graph Drawing Embedding Embedding For a given graph G = ( V , E ) , an embedding (into R 2 )

Graph Drawing Embedding Embedding For a given graph G = ( V , E ) , an embedding (into R 2 )

Graph Drawing Embedding Embedding For a given graph G = ( V , E ) , an embedding (into R 2 ) assigns each vertex a coordinate and each edge a (not necessarily straight) line connecting the corresponding coordinates. 0 1 3 4 1 1 0 2 5 2

541 views • 18 slides
How Can I Do That with ACL2? Recent Enhancements to ACL2 Matt Kaufmann and J Strother Moore 1

How Can I Do That with ACL2? Recent Enhancements to ACL2 Matt Kaufmann and J Strother Moore 1

How Can I Do That with ACL2? Recent Enhancements to ACL2 Matt Kaufmann and J Strother Moore 1 Introduction (1) ACL2 Version 3.5 was released in May, 2009. Release note items (see :DOC release-notes) since then: (+ 41 ; 3.6 (8/2009) 3 ;

622 views • 49 slides
Flat Domains and Recursive Equations in ACL2 by John Cowles University of Wyoming 1 ACL2 is a

Flat Domains and Recursive Equations in ACL2 by John Cowles University of Wyoming 1 ACL2 is a

Flat Domains and Recursive Equations in ACL2 by John Cowles University of Wyoming 1 ACL2 is a logic of total functions. Some recursive equations have no satisfying ACL2 functions: No ACL2 function g satisfies this recursive equation

518 views • 35 slides
Hygienic Macros for ACL2 Carl Eastlund Matthias Felleisen cce@ccs.neu.edu matthias@ccs.neu.edu

Hygienic Macros for ACL2 Carl Eastlund Matthias Felleisen cce@ccs.neu.edu matthias@ccs.neu.edu

Hygienic Macros for ACL2 Carl Eastlund Matthias Felleisen cce@ccs.neu.edu matthias@ccs.neu.edu Northeastern University Boston, MA, USA 1 ACL2 2 ACL2 Formal verification based on pure, first-order Common Lisp. Used to model critical

909 views • 61 slides
Hint Orchestration Using ACL2's Simplifier Sol Swords Centaur Technology, Inc. ACL2 Workshop

Hint Orchestration Using ACL2's Simplifier Sol Swords Centaur Technology, Inc. ACL2 Workshop

Hint Orchestration Using ACL2's Simplifier Sol Swords Centaur Technology, Inc. ACL2 Workshop 2018 This talk is for hint abusers This might be you if: You cant be bothered to figure out a good rewriting strategy You just dont know

541 views • 30 slides
Adding a typing Adding a typing mechanism to ACL2 mechanism to ACL2 Vernon Austel Vernon

Adding a typing Adding a typing mechanism to ACL2 mechanism to ACL2 Vernon Austel Vernon

Adding a typing Adding a typing mechanism to ACL2 mechanism to ACL2 Vernon Austel Vernon Austel IBM IBM Outline Outline What a typed ACL2 might look like Vague proposal concerning how to change ACL2 to allow experimentation with type

873 views • 19 slides
DrACuLa: ACL2 in DrScheme Dale Vaillancourt Rex Page Matthias Felleisen ACL2 Workshop August

DrACuLa: ACL2 in DrScheme Dale Vaillancourt Rex Page Matthias Felleisen ACL2 Workshop August

DrACuLa: ACL2 in DrScheme Dale Vaillancourt Rex Page Matthias Felleisen ACL2 Workshop August 16, 2006 1 Undergraduate Software Engineering Page teaches two SE courses at Oklahoma U. Covers usual topics - specification, documentation,

557 views • 51 slides
A SAT-Based Procedure for Verifying Finite State Machines in ACL2 Warren A. Hunt, Jr. and Erik

A SAT-Based Procedure for Verifying Finite State Machines in ACL2 Warren A. Hunt, Jr. and Erik

A SAT-Based Procedure for Verifying Finite State Machines in ACL2 Warren A. Hunt, Jr. and Erik Reeber {reeber,hunt}@cs.utexas.edu The University of Texas ACL2 Workshop, August 16 , 2006 Introduction The ACL2 theorem prover is great

252 views • 22 slides
Partial Clock Functions in ACL2 John Matthews and Daron Vroon ACL2 Workshop 2004 Goals

Partial Clock Functions in ACL2 John Matthews and Daron Vroon ACL2 Workshop 2004 Goals

Partial Clock Functions in ACL2 John Matthews and Daron Vroon ACL2 Workshop 2004 Goals Given a state machine, we want : A termination proof: from a set of starting states, a desired goal state will always eventually be reached. An

423 views • 26 slides
Theorems About Programming Languages in ACL2 Sol Swords William Cook

Theorems About Programming Languages in ACL2 Sol Swords William Cook

Theorems About Programming Languages in ACL2 Sol Swords William Cook {sswords,wcook}@cs.utexas.edu Department of Computer Science University of Texas at Austin ACL2 Workshop, FLoC 2006 Outline 1 Introduction: Mechanizing Programming

540 views • 18 slides
Greedy embedding of a graph Greedy embedding of a graph 99 Greedy embedding Greedy embedding

Greedy embedding of a graph Greedy embedding of a graph 99 Greedy embedding Greedy embedding

Given a graph, find an embedding s.t. greedy routing works Greedy embedding of a graph Greedy embedding of a graph 99 Greedy embedding Greedy embedding Given a graph G, find an embedding of the vertices in R d , s.t. for each pair of

361 views • 23 slides
CMSC201 Computer Science I for Majors Lecture 25 Final Exam Review Prof. Katherine Gibson

CMSC201 Computer Science I for Majors Lecture 25 Final Exam Review Prof. Katherine Gibson

CMSC201 Computer Science I for Majors Lecture 25 Final Exam Review Prof. Katherine Gibson Prof. Jeremy Dixon www.umbc.edu Office Hours Tuesday is the last day office hours will be held 2 www.umbc.edu Exam Rules The final is

478 views • 27 slides
Multiband With Contaminated Training Data Results on AURORA 2 TCTS Facult Polytechnique de

Multiband With Contaminated Training Data Results on AURORA 2 TCTS Facult Polytechnique de

Multiband With Contaminated Training Data Results on AURORA 2 TCTS Facult Polytechnique de Mons Belgium INTRODUCTION The noise contamination of speech corpus leads to quasi optimal performance when test noise conditions match

638 views • 10 slides
ITE Early Admissions Exercise Impetus 2017 For those who are clear what they want to pursue, we

ITE Early Admissions Exercise Impetus 2017 For those who are clear what they want to pursue, we

All you need to know about the ITE Early Admissions Exercise Impetus 2017 For those who are clear what they want to pursue, we should support them as much as possible, to facilitate their admission into our PSEIs based on interests and

775 views • 42 slides
MaxSAT and Related Optimization Problems Joao Marques-Silva 1 , 2 1 University College Dublin,

MaxSAT and Related Optimization Problems Joao Marques-Silva 1 , 2 1 University College Dublin,

MaxSAT and Related Optimization Problems Joao Marques-Silva 1 , 2 1 University College Dublin, Ireland 2 IST/INESC-ID, Lisbon, Portugal SAT/SMT Summer School 2012 FBK, Trento, Italy Example Problem: Minimum Vertex Cover The problem: Graph

1.66k views • 145 slides
Design Space Exploration for Memory Subsystems of VLIW Architectures Thorsten Jungeblut 1 ,

Design Space Exploration for Memory Subsystems of VLIW Architectures Thorsten Jungeblut 1 ,

HEINZ NIXDORF INSTITUTE University of Paderborn Schaltungstechnik Dr.-Ing. Mario Porrmann Design Space Exploration for Memory Subsystems of VLIW Architectures Thorsten Jungeblut 1 , Gregor Sievers, Mario Porrmann 1 , Ulrich Rckert 2 1 System

577 views • 20 slides
JUX (Java Universal eXplorer) Pascal Calvat Several grid in the world re ware ddlewa midd

JUX (Java Universal eXplorer) Pascal Calvat Several grid in the world re ware ddlewa midd

vendredi 12 mai 2017 JUX (Java Universal eXplorer) Pascal Calvat Several grid in the world re ware ddlewa midd ARC GOS NAREGI JUX Overview JUX is a file explorer designed to be independent of Operating System full java code

163 views • 12 slides
S u p e r c h a r g e Y o u r S a l e s W i t h M o r t g a g e Q

S u p e r c h a r g e Y o u r S a l e s W i t h M o r t g a g e Q

S u p e r c h a r g e Y o u r S a l e s W i t h M o r t g a g e Q u e s t C h r i s C a r t e r M a r k e t F o c u s , I n c M a r k e t F o c u s , I n c . F i r

704 views • 48 slides
Generalized Data Structure Synthesis Calvin Loncaric Michael D. Ernst Emina Torlak 1

Generalized Data Structure Synthesis Calvin Loncaric Michael D. Ernst Emina Torlak 1

Generalized Data Structure Synthesis Calvin Loncaric Michael D. Ernst Emina Torlak 1 Stateful modules are much more complicated than their specifications Specification Implementation 1992 Lines of code 1383 292 157 3668 41 42

846 views • 27 slides

More recommend