Support for Trusted Extension in ACL2 J Strother Moore (joint work - - PowerPoint PPT Presentation

support for trusted extension in acl2
SMART_READER_LITE
LIVE PREVIEW

Support for Trusted Extension in ACL2 J Strother Moore (joint work - - PowerPoint PPT Presentation

Feb 04, 2024 287 likes •641 views

Support for Trusted Extension in ACL2 J Strother Moore (joint work with Matt Kaufmann) Department of Computer Sciences University of Texas at Austin August, 2010 1 A C omputational L ogic for A pplicative C ommon L isp = ACL2 a

slide-1
SLIDE 1

Support for “Trusted” Extension in ACL2

J Strother Moore

(joint work with Matt Kaufmann)

Department of Computer Sciences University of Texas at Austin

August, 2010

1

slide-2
SLIDE 2

A Computational Logic for Applicative Common Lisp = ACL2

  • a functional programming language
  • a first-order mathematical theory
  • a mechanized theorem prover
  • implemented primarily in ACL2

2

slide-3
SLIDE 3

Primary Concerns

  • soundness
  • industrial-scale usability

Our primary “customers” are AMD, Rockwell-Collins, Centaur Technology, IBM, and various government agencies

3

slide-4
SLIDE 4

We must adhere to Common Lisp

4

slide-5
SLIDE 5

We must adhere to Common Lisp . . . because efficient execution of ACL2 models is a major (driving?) concern

5

slide-6
SLIDE 6

Soundness is based on the care Kaufmann and Moore have taken in the implementation ACL2 is not “foundational” – we strive for good design and elegance in our coding, but we are willing to add logically “redundant” features as necessary

6

slide-7
SLIDE 7

“Blessed” extension mechanisms are primarily based on proof of appropriate properties Our “trust story” is that if users stick with certain features, they preserve as much soundness as we had in the first place Users can always go “under the hood” and do anything in Lisp

7

slide-8
SLIDE 8

Keys to ACL2’s extensibility include

  • expressions “are” objects
  • user can access the state of the system
  • system is coded in ACL2 so system

functions are available in many contexts

8

slide-9
SLIDE 9

Two Senses of “Extension”

  • Logical – changing the logical theory
  • Behaviorial – changing the behavior of

the prover

9

slide-10
SLIDE 10

Logical Extension Facilities

  • Ground-zero theory (starting point)
  • Theory Extension Events
  • Simple axiomatic events

· DEFUN - intro new rec fns; conservative · DEFCHOOSE (basis for DEFUN-SK) - witness fns; conservative · DEFAXIOM - risky; rarely used

  • Non-axiomatic events: DEFTHM - prove a theorem
  • Compound

· PROGN - grouping · LOCAL - scoping · INCLUDE-BOOK - import pre-certified events · ENCAPSULATE - intro constrained un-interp fns

  • Syntax extensions
  • DEFCONST - abbrev constants
  • DEFMACRO - computed trans of new syntax

10

slide-11
SLIDE 11

DEMO: Logical Extension Facilities

  • Ground-zero theory (starting point)
  • Theory Extension Events
  • Simple axiomatic events

· DEFUN - intro new rec fns; conservative · DEFCHOOSE (basis for DEFUN-SK) - witness fns; conservative · DEFAXIOM - risky; rarely used

  • Non-axiomatic events: DEFTHM - prove a theorem
  • Compound

· PROGN - grouping · LOCAL - scoping · INCLUDE-BOOK - import pre-certified events · ENCAPSULATE - intro constrained un-interp fns

  • Syntax extensions
  • DEFCONST - abbrev constants
  • DEFMACRO - computed trans of new syntax

11

slide-12
SLIDE 12

Two Senses of “Extension”

  • Logical – changing the logical theory
  • Behaviorial – changing the behavior of

the prover

12

slide-13
SLIDE 13

Irrelevance Equality Destructor Elimination User Generalization Induction Simplification pool Elimination of

formula

13

slide-14
SLIDE 14

Irrelevance User Equality Destructor Elimination Generalization Induction Elimination of

congruence−based rewriting evaluation propositional calculus BDDs equality uninterpreted function symbols rational linear arithmetic rewrite rules recursive definitions back− and forward−chaining metafunctions

Simplification

14

slide-15
SLIDE 15

key lemma proof axiom theorem rule of inference main theorem

15

slide-16
SLIDE 16

Q.E.D.

  • f ‘‘books’’ of definitions,

database composed theorems, and advice User proofs

Memory Gates Arith Vectors

prover proposed definitions conjectures and advice theorem

16

slide-17
SLIDE 17

Q.E.D.

  • f ‘‘books’’ of definitions,

database composed theorems, and advice User proofs

Memory Gates Arith Vectors

prover proposed definitions conjectures and advice theorem

17

slide-18
SLIDE 18

Q.E.D.

  • f ‘‘books’’ of definitions,

database composed theorems, and advice User proofs

Memory Gates Arith Vectors

prover proposed definitions conjectures and advice theorem

18

slide-19
SLIDE 19

Q.E.D. theorems, and advice

  • f ‘‘books’’ of definitions,

database composed User proofs

Memory Gates Arith Vectors

prover proposed definitions conjectures and advice theorem

19

slide-20
SLIDE 20

Irrelevance Equality Destructor Elimination User Generalization Induction Simplification pool Elimination of

formula

20

slide-21
SLIDE 21

Behavorial Extension Facilities

  • Customization of Built-in Features
  • Extending automation through rule-classes

· Rewriting (conditional, contextual, congruence-based) · Metafunctions and Verified Clause-Processors · Pragmas -- syntaxp, bind-free, force, case-split, double-rewrite

  • Static (Goal Specific) Hints
  • Programmatic (analogous to tactics)
  • Computed Hints
  • Make-event
  • Extending evaluation capabilities:
  • Prototype without proof -- e.g., program mode, skip-proofs
  • Optimizing Evaluation -- guard, mbe
  • Unverified (but useful) extensions

· · ·

  • Verified extensions

· · ·

  • Using ACL2 as a System-Building Shell

21

slide-22
SLIDE 22

DEMO: Behavorial Extension Facilities

  • Customization of Built-in Features
  • Extending automation through rule-classes

· Rewriting (conditional, contextual, congruence-based) · Metafunctions and Verified Clause-Processors · Pragmas -- syntaxp, bind-free, force, case-split, double-rewrite

  • Static (Goal Specific) Hints
  • Programmatic (analogous to tactics)
  • Computed Hints
  • Make-event
  • Extending evaluation capabilities:
  • Prototype without proof -- e.g., program mode, skip-proofs
  • Optimizing Evaluation -- guard, mbe
  • Unverified (but useful) extensions

· · ·

  • Verified extensions

· · ·

  • Using ACL2 as a System-Building Shell

22

slide-23
SLIDE 23

Behavorial Extension Facilities

  • Customization of Built-in Features
  • Extending automation through rule-classes

· Rewriting (conditional, contextual, congruence-based) · Metafunctions and Verified Clause-Processors · Pragmas -- syntaxp, bind-free, force, case-split, double-rewrite

  • Static (Goal Specific) Hints
  • Programmatic (analogous to tactics)
  • Computed Hints
  • Make-event
  • Extending evaluation capabilities:
  • Prototype without proof -- e.g., program mode, skip-proofs
  • Optimizing Evaluation -- guard, mbe
  • Unverified (but useful) extensions

· · ·

  • Verified extensions

· · ·

  • Using ACL2 as a System-Building Shell

23

slide-24
SLIDE 24

Clause Processors

Irrelevance Equality Destructor Elimination User Generalization Induction Simplification pool Elimination of

formula

24

slide-25
SLIDE 25

Verified clause processors are like metafunctions except operate at the goal level rather than the subterm level Unverified clause processors are external tools (like SAT-solvers, IBM’s SixthSense, etc.)

25

slide-26
SLIDE 26

It is possible to introduce partially constrained functions whose execution is carried out by calls to external tools.

Matt Kaufmann, J S. Moore, Sandip Ray, and Erik Reeber. Integrating External Deduction Tools with ACL2. Journal of Applied Logic (Special Issue: Empirically Successful Computerized Reasoning), Volume 7, Issue 1, March 2009, pp. 3–25. Also published online (DOI 10.1016/j.jal.2007.07.002).

26

slide-27
SLIDE 27

DEMO: Behavorial Extension Facilities

  • Customization of Built-in Features
  • Extending automation through rule-classes

· Rewriting (conditional, contextual, congruence-based) · Metafunctions and Verified Clause-Processors · Pragmas -- syntaxp, bind-free, force, case-split, double-rewrite

  • Static (Goal Specific) Hints
  • Programmatic (analogous to tactics)
  • Computed Hints
  • Make-event
  • Extending evaluation capabilities:
  • Prototype without proof -- e.g., program mode, skip-proofs
  • Optimizing Evaluation -- guard, mbe
  • Unverified (but useful) extensions

· · ·

  • Verified extensions

· · ·

  • Using ACL2 as a System-Building Shell

27

slide-28
SLIDE 28

Behavorial Extension Facilities

  • Customization of Built-in Features
  • Extending automation through rule-classes

· Rewriting (conditional, contextual, congruence-based) · Metafunctions and Verified Clause-Processors · Pragmas -- syntaxp, bind-free, force, case-split, double-rewrite

  • Static (Goal Specific) Hints
  • Programmatic (analogous to tactics)
  • Computed Hints
  • Make-event
  • Extending evaluation capabilities:
  • Prototype without proof -- e.g., program mode, skip-proofs
  • Optimizing Evaluation -- guard, mbe
  • Unverified (but useful) extensions

· · ·

  • Verified extensions

· · ·

  • Using ACL2 as a System-Building Shell

28

slide-29
SLIDE 29

(defp run (s) (if (haltedp s) s (run (step s))))

defp (“define partial function”) book: establishes that generic (uninterpreted) tail-recursive equation is satisfiable by an admissible function and then functionally instantiates that result for the user’s fns

29

slide-30
SLIDE 30

Behavorial Extension Facilities

  • Customization of Built-in Features
  • Extending automation through rule-classes

· Rewriting (conditional, contextual, congruence-based) · Metafunctions and Verified Clause-Processors

  • Hints -- Static (Goal Specific) and/or Computed
  • Programmatic (analogous to tactics)
  • Macros to generate events -- e.g., support for partial functions
  • Extending evaluation capabilities:
  • Prototype without proof -- e.g., program mode, skip-proofs
  • Optimizing Evaluation -- guard, mbe
  • Unverified (but useful) extensions

· · ·

  • Verified extensions

· · ·

  • Using ACL2 as a System-Building Shell

30

slide-31
SLIDE 31

Behavorial Extension Facilities

  • Customization of Built-in Features
  • Extending automation through rule-classes

· Rewriting (conditional, contextual, congruence-based) · Metafunctions and Verified Clause-Processors

  • Hints -- Static (Goal Specific) and/or Computed
  • Programmatic (analogous to tactics)
  • Macros to generate events -- e.g., support for partial functions
  • Extending evaluation capabilities:
  • Prototype without proof -- e.g., program mode, skip-proofs
  • Optimizing Evaluation -- guard, mbe
  • Unverified (but useful) extensions
  • Trust tags (used at Centaur and in ACL2s)
  • Feature-based

· Hash-cons, memoization, applicative hash tables · ACL2(r) · Parallel ACL2

  • Verified extensions

31

slide-32
SLIDE 32

Behavorial Extension Facilities

  • Customization of Built-in Features
  • Extending automation through rule-classes

· Rewriting (conditional, contextual, congruence-based) · Metafunctions and Verified Clause-Processors

  • Hints -- Static (Goal Specific) and/or Computed
  • Programmatic (analogous to tactics)
  • Macros to generate events -- e.g., support for partial functions
  • Extending evaluation capabilities:
  • Prototype without proof -- e.g., program mode, skip-proofs
  • Optimizing Evaluation -- guard, mbe
  • Unverified (but useful) extensions

· · ·

  • Verified extensions

· · ·

  • Using ACL2 as a System-Building Shell

32

slide-33
SLIDE 33

Behavorial Extension Facilities

  • Customization of Built-in Features
  • Extending automation through rule-classes

· Rewriting (conditional, contextual, congruence-based) · Metafunctions and Verified Clause-Processors

  • Hints -- Static (Goal Specific) and/or Computed
  • Programmatic (analogous to tactics)
  • Macros to generate events -- e.g., support for partial functions
  • Extending evaluation capabilities:
  • Prototype without proof -- e.g., program mode, skip-proofs
  • Optimizing Evaluation -- guard, mbe
  • Unverified (but useful) extensions

· · ·

  • Verified extensions
  • Defattach (also for testing) -- contributed talk
  • Untranslate and untranslate-preprocess
  • Verified clause-processors

33

slide-34
SLIDE 34

Behavorial Extension Facilities

  • Customization of Built-in Features
  • Extending automation through rule-classes

· Rewriting (conditional, contextual, congruence-based) · Metafunctions and Verified Clause-Processors

  • Hints -- Static (Goal Specific) and/or Computed
  • Programmatic (analogous to tactics)
  • Macros to generate events -- e.g., support for partial functions
  • Extending evaluation capabilities:
  • Prototype without proof -- e.g., program mode, skip-proofs
  • Optimizing Evaluation -- guard, mbe
  • Unverified (but useful) extensions

· · ·

  • Verified extensions

· · ·

  • Using ACL2 as a System-Building Shell

34

slide-35
SLIDE 35

Questions?

35