support for trusted extension in acl2
play

Support for Trusted Extension in ACL2 J Strother Moore (joint work - PowerPoint PPT Presentation

Feb 04, 2024 •287 likes •639 views

Support for Trusted Extension in ACL2 J Strother Moore (joint work with Matt Kaufmann) Department of Computer Sciences University of Texas at Austin August, 2010 1 A C omputational L ogic for A pplicative C ommon L isp = ACL2 a

  1. Support for “Trusted” Extension in ACL2 J Strother Moore (joint work with Matt Kaufmann) Department of Computer Sciences University of Texas at Austin August, 2010 1

  2. A C omputational L ogic for A pplicative C ommon L isp = ACL2 • a functional programming language • a first-order mathematical theory • a mechanized theorem prover • implemented primarily in ACL2 2

  3. Primary Concerns • soundness • industrial-scale usability Our primary “customers” are AMD, Rockwell-Collins, Centaur Technology, IBM, and various government agencies 3

  4. We must adhere to Common Lisp 4

  5. We must adhere to Common Lisp . . . because efficient execution of ACL2 models is a major (driving?) concern 5

  6. Soundness is based on the care Kaufmann and Moore have taken in the implementation ACL2 is not “foundational” – we strive for good design and elegance in our coding, but we are willing to add logically “redundant” features as necessary 6

  7. “Blessed” extension mechanisms are primarily based on proof of appropriate properties Our “trust story” is that if users stick with certain features, they preserve as much soundness as we had in the first place Users can always go “under the hood” and do anything in Lisp 7

  8. Keys to ACL2’s extensibility include • expressions “are” objects • user can access the state of the system • system is coded in ACL2 so system functions are available in many contexts 8

  9. Two Senses of “Extension” • Logical – changing the logical theory • Behaviorial – changing the behavior of the prover 9

  10. Logical Extension Facilities • Ground-zero theory (starting point) • Theory Extension Events ◦ Simple axiomatic events · DEFUN - intro new rec fns; conservative · DEFCHOOSE (basis for DEFUN-SK ) - witness fns; conservative · DEFAXIOM - risky; rarely used ◦ Non-axiomatic events: DEFTHM - prove a theorem ◦ Compound · PROGN - grouping · LOCAL - scoping · INCLUDE-BOOK - import pre-certified events · ENCAPSULATE - intro constrained un-interp fns • Syntax extensions ◦ DEFCONST - abbrev constants ◦ DEFMACRO - computed trans of new syntax 10

  11. DEMO: Logical Extension Facilities • Ground-zero theory (starting point) • Theory Extension Events ◦ Simple axiomatic events · DEFUN - intro new rec fns; conservative · DEFCHOOSE (basis for DEFUN-SK ) - witness fns; conservative · DEFAXIOM - risky; rarely used ◦ Non-axiomatic events: DEFTHM - prove a theorem ◦ Compound · PROGN - grouping · LOCAL - scoping · INCLUDE-BOOK - import pre-certified events · ENCAPSULATE - intro constrained un-interp fns • Syntax extensions ◦ DEFCONST - abbrev constants ◦ DEFMACRO - computed trans of new syntax 11

  12. Two Senses of “Extension” • Logical – changing the logical theory • Behaviorial – changing the behavior of the prover 12

  13. Destructor Elimination Simplification Equality User Generalization formula pool Elimination of Irrelevance Induction 13

  14. Destructor Elimination Simplification evaluation propositional calculus Equality BDDs equality uninterpreted function symbols rational linear arithmetic User rewrite rules recursive definitions Generalization back− and forward−chaining metafunctions congruence−based rewriting Elimination of Irrelevance Induction 14

  15. axiom key lemma rule of inference proof theorem main theorem 15

  16. database composed of ‘‘books’’ of definitions, theorems, and advice proposed definitions conjectures and User advice Memory Gates Arith Vectors proofs Q.E.D. theorem prover 16

  17. database composed of ‘‘books’’ of definitions, theorems, and advice proposed definitions conjectures and User advice Memory Gates Arith Vectors proofs Q.E.D. theorem prover 17

  18. database composed of ‘‘books’’ of definitions, theorems, and advice proposed definitions conjectures and User advice Memory Gates Arith Vectors proofs Q.E.D. theorem prover 18

  19. database composed of ‘‘books’’ of definitions, theorems, and advice proposed definitions conjectures and User advice Memory Gates Arith Vectors proofs Q.E.D. theorem prover 19

  20. Destructor Elimination Simplification Equality User Generalization formula pool Elimination of Irrelevance Induction 20

  21. Behavorial Extension Facilities • Customization of Built-in Features ◦ Extending automation through rule-classes · Rewriting (conditional, contextual, congruence-based) · Metafunctions and Verified Clause-Processors · Pragmas -- syntaxp, bind-free, force, case-split, double-rewrite ◦ Static (Goal Specific) Hints • Programmatic (analogous to tactics) ◦ Computed Hints ◦ Make-event • Extending evaluation capabilities: ◦ Prototype without proof -- e.g., program mode, skip-proofs ◦ Optimizing Evaluation -- guard, mbe • Unverified (but useful) extensions · · · • Verified extensions · · · • Using ACL2 as a System-Building Shell 21

  22. DEMO: Behavorial Extension Facilities • Customization of Built-in Features ◦ Extending automation through rule-classes · Rewriting (conditional, contextual, congruence-based) · Metafunctions and Verified Clause-Processors · Pragmas -- syntaxp, bind-free, force, case-split, double-rewrite ◦ Static (Goal Specific) Hints • Programmatic (analogous to tactics) ◦ Computed Hints ◦ Make-event • Extending evaluation capabilities: ◦ Prototype without proof -- e.g., program mode, skip-proofs ◦ Optimizing Evaluation -- guard, mbe • Unverified (but useful) extensions · · · • Verified extensions · · · • Using ACL2 as a System-Building Shell 22

  23. Behavorial Extension Facilities • Customization of Built-in Features ◦ Extending automation through rule-classes · Rewriting (conditional, contextual, congruence-based) · Metafunctions and Verified Clause-Processors · Pragmas -- syntaxp, bind-free, force, case-split, double-rewrite ◦ Static (Goal Specific) Hints • Programmatic (analogous to tactics) ◦ Computed Hints ◦ Make-event • Extending evaluation capabilities: ◦ Prototype without proof -- e.g., program mode, skip-proofs ◦ Optimizing Evaluation -- guard, mbe • Unverified (but useful) extensions · · · • Verified extensions · · · • Using ACL2 as a System-Building Shell 23

  24. Clause Processors Destructor Elimination Simplification Equality User Generalization formula pool Elimination of Irrelevance Induction 24

  25. Verified clause processors are like metafunctions except operate at the goal level rather than the subterm level Unverified clause processors are external tools (like SAT-solvers, IBM’s SixthSense, etc.) 25

  26. It is possible to introduce partially constrained functions whose execution is carried out by calls to external tools. Matt Kaufmann, J S. Moore, Sandip Ray, and Erik Reeber. Integrating External Deduction Tools with ACL2. Journal of Applied Logic (Special Issue: Empirically Successful Computerized Reasoning), Volume 7, Issue 1, March 2009, pp. 3–25. Also published online (DOI 10.1016/j.jal.2007.07.002). 26

  27. DEMO: Behavorial Extension Facilities • Customization of Built-in Features ◦ Extending automation through rule-classes · Rewriting (conditional, contextual, congruence-based) · Metafunctions and Verified Clause-Processors · Pragmas -- syntaxp, bind-free, force, case-split, double-rewrite ◦ Static (Goal Specific) Hints • Programmatic (analogous to tactics) ◦ Computed Hints ◦ Make-event • Extending evaluation capabilities: ◦ Prototype without proof -- e.g., program mode, skip-proofs ◦ Optimizing Evaluation -- guard, mbe • Unverified (but useful) extensions · · · • Verified extensions · · · • Using ACL2 as a System-Building Shell 27

  28. Behavorial Extension Facilities • Customization of Built-in Features ◦ Extending automation through rule-classes · Rewriting (conditional, contextual, congruence-based) · Metafunctions and Verified Clause-Processors · Pragmas -- syntaxp, bind-free, force, case-split, double-rewrite ◦ Static (Goal Specific) Hints • Programmatic (analogous to tactics) ◦ Computed Hints ◦ Make-event • Extending evaluation capabilities: ◦ Prototype without proof -- e.g., program mode, skip-proofs ◦ Optimizing Evaluation -- guard, mbe • Unverified (but useful) extensions · · · • Verified extensions · · · • Using ACL2 as a System-Building Shell 28

  29. (defp run (s) (if ( haltedp s) s ( run ( step s)))) defp (“define partial function”) book: establishes that generic (uninterpreted) tail-recursive equation is satisfiable by an admissible function and then functionally instantiates that result for the user’s fns 29

  30. Behavorial Extension Facilities • Customization of Built-in Features ◦ Extending automation through rule-classes · Rewriting (conditional, contextual, congruence-based) · Metafunctions and Verified Clause-Processors ◦ Hints -- Static (Goal Specific) and/or Computed • Programmatic (analogous to tactics) ◦ Macros to generate events -- e.g., support for partial functions • Extending evaluation capabilities: ◦ Prototype without proof -- e.g., program mode, skip-proofs ◦ Optimizing Evaluation -- guard, mbe • Unverified (but useful) extensions · · · • Verified extensions · · · • Using ACL2 as a System-Building Shell 30

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

ACL2(ml): Machine-Learning for ACL2 J. Heras and E. Komendantskaya

ACL2(ml): Machine-Learning for ACL2 J. Heras and E. Komendantskaya

ACL2(ml): Machine-Learning for ACL2 J. Heras and E. Komendantskaya http://staff.computing.dundee.ac.uk/katya/acl2ml/ 12 July 2014 ACL214 J. Heras ACL2(ml): Machine-Learning for ACL2 1/23 Outline Some Challenges in ACL2 1 An overview of

871 views • 56 slides
Axiomatic Events in ACL2 ( r ) Ruben Gamboa, John Cowles, and Nadya Kuzmina University of Wyoming

Axiomatic Events in ACL2 ( r ) Ruben Gamboa, John Cowles, and Nadya Kuzmina University of Wyoming

Axiomatic Events in ACL2 ( r ) Ruben Gamboa, John Cowles, and Nadya Kuzmina University of Wyoming Introduction ACL2 ( r ) is a variant of ACL2 that supports the irrational numbers It is distributed with the ACL2 sources The foundations of ACL2

479 views • 29 slides
Double Rewriting for Equivalential Reasoning in ACL2 Matt Kaufmann and J Strother Moore ACL2

Double Rewriting for Equivalential Reasoning in ACL2 Matt Kaufmann and J Strother Moore ACL2

Double Rewriting for Equivalential Reasoning in ACL2 Matt Kaufmann and J Strother Moore ACL2 Workshop, FLoC, Seattle, August 16, 2006 1 Introduction ACL2 provides a powerful congruence-based rewriting capability. However, some have

537 views • 19 slides
How Can I Do That with ACL2? Recent Enhancements to ACL2 Matt Kaufmann and J Strother Moore 1

How Can I Do That with ACL2? Recent Enhancements to ACL2 Matt Kaufmann and J Strother Moore 1

How Can I Do That with ACL2? Recent Enhancements to ACL2 Matt Kaufmann and J Strother Moore 1 Introduction (1) ACL2 Version 3.5 was released in May, 2009. Release note items (see :DOC release-notes) since then: (+ 41 ; 3.6 (8/2009) 3 ;

622 views • 49 slides
Flat Domains and Recursive Equations in ACL2 by John Cowles University of Wyoming 1 ACL2 is a

Flat Domains and Recursive Equations in ACL2 by John Cowles University of Wyoming 1 ACL2 is a

Flat Domains and Recursive Equations in ACL2 by John Cowles University of Wyoming 1 ACL2 is a logic of total functions. Some recursive equations have no satisfying ACL2 functions: No ACL2 function g satisfies this recursive equation

518 views • 35 slides
A Simple Java Code Generator for ACL2 Based on a Deep Embedding of ACL2 in Java Alessandro

A Simple Java Code Generator for ACL2 Based on a Deep Embedding of ACL2 in Java Alessandro

A Simple Java Code Generator for ACL2 Based on a Deep Embedding of ACL2 in Java Alessandro Coglio Kestrel Institute Workshop 2018 ATJ Java code generator for ACL2 (ACL2 To Java) based on AIJ deep embedding of ACL2 in Java (ACL2 In Java)

901 views • 38 slides
Hygienic Macros for ACL2 Carl Eastlund Matthias Felleisen cce@ccs.neu.edu matthias@ccs.neu.edu

Hygienic Macros for ACL2 Carl Eastlund Matthias Felleisen cce@ccs.neu.edu matthias@ccs.neu.edu

Hygienic Macros for ACL2 Carl Eastlund Matthias Felleisen cce@ccs.neu.edu matthias@ccs.neu.edu Northeastern University Boston, MA, USA 1 ACL2 2 ACL2 Formal verification based on pure, first-order Common Lisp. Used to model critical

909 views • 61 slides
Hint Orchestration Using ACL2's Simplifier Sol Swords Centaur Technology, Inc. ACL2 Workshop

Hint Orchestration Using ACL2's Simplifier Sol Swords Centaur Technology, Inc. ACL2 Workshop

Hint Orchestration Using ACL2's Simplifier Sol Swords Centaur Technology, Inc. ACL2 Workshop 2018 This talk is for hint abusers This might be you if: You cant be bothered to figure out a good rewriting strategy You just dont know

541 views • 30 slides
Adding a typing Adding a typing mechanism to ACL2 mechanism to ACL2 Vernon Austel Vernon

Adding a typing Adding a typing mechanism to ACL2 mechanism to ACL2 Vernon Austel Vernon

Adding a typing Adding a typing mechanism to ACL2 mechanism to ACL2 Vernon Austel Vernon Austel IBM IBM Outline Outline What a typed ACL2 might look like Vague proposal concerning how to change ACL2 to allow experimentation with type

873 views • 19 slides
DrACuLa: ACL2 in DrScheme Dale Vaillancourt Rex Page Matthias Felleisen ACL2 Workshop August

DrACuLa: ACL2 in DrScheme Dale Vaillancourt Rex Page Matthias Felleisen ACL2 Workshop August

DrACuLa: ACL2 in DrScheme Dale Vaillancourt Rex Page Matthias Felleisen ACL2 Workshop August 16, 2006 1 Undergraduate Software Engineering Page teaches two SE courses at Oklahoma U. Covers usual topics - specification, documentation,

557 views • 51 slides
A SAT-Based Procedure for Verifying Finite State Machines in ACL2 Warren A. Hunt, Jr. and Erik

A SAT-Based Procedure for Verifying Finite State Machines in ACL2 Warren A. Hunt, Jr. and Erik

A SAT-Based Procedure for Verifying Finite State Machines in ACL2 Warren A. Hunt, Jr. and Erik Reeber {reeber,hunt}@cs.utexas.edu The University of Texas ACL2 Workshop, August 16 , 2006 Introduction The ACL2 theorem prover is great

252 views • 22 slides
Partial Clock Functions in ACL2 John Matthews and Daron Vroon ACL2 Workshop 2004 Goals

Partial Clock Functions in ACL2 John Matthews and Daron Vroon ACL2 Workshop 2004 Goals

Partial Clock Functions in ACL2 John Matthews and Daron Vroon ACL2 Workshop 2004 Goals Given a state machine, we want : A termination proof: from a set of starting states, a desired goal state will always eventually be reached. An

423 views • 26 slides
Theorems About Programming Languages in ACL2 Sol Swords William Cook

Theorems About Programming Languages in ACL2 Sol Swords William Cook

Theorems About Programming Languages in ACL2 Sol Swords William Cook {sswords,wcook}@cs.utexas.edu Department of Computer Science University of Texas at Austin ACL2 Workshop, FLoC 2006 Outline 1 Introduction: Mechanizing Programming

540 views • 18 slides
So#ware Synthesis with ACL2 Eric Smith Kestrel Ins9tute

So#ware Synthesis with ACL2 Eric Smith Kestrel Ins9tute

So#ware Synthesis with ACL2 Eric Smith Kestrel Ins9tute ACL2 Workshop 2015 Outline Overview of Refinement-Based Synthesis Proof-EmiJng Transforma9ons

460 views • 21 slides
Literate Proofs Ruben Gamboa July 14, 2003 Motivation Make it easier to understand ACL2 books

Literate Proofs Ruben Gamboa July 14, 2003 Motivation Make it easier to understand ACL2 books

Literate Proofs Ruben Gamboa July 14, 2003 Motivation Make it easier to understand ACL2 books after the fact Organize ACL2 books in a human-oriented, not a proof-oriented manner Publish ACL2 books in different formats (web, print, ...) and

372 views • 15 slides
Formal Verification of Arithmetic RTL: Translating Verilog to C++ to ACL2 David M. Russinoff Arm

Formal Verification of Arithmetic RTL: Translating Verilog to C++ to ACL2 David M. Russinoff Arm

Formal Verification of Arithmetic RTL: Translating Verilog to C++ to ACL2 David M. Russinoff Arm May 28, 2020 1/27 V ERIFICATION OF RTL D ESIGN WITH ACL2 Requirements for RTL verification by theorem proving: Semantics-preserving

422 views • 27 slides
Research Approach Presented 14Feb2020 Required Documents Documents Page limit Comments Cover

Research Approach Presented 14Feb2020 Required Documents Documents Page limit Comments Cover

OPE GRA GRANTS Education, Resources, Support Research Approach Presented 14Feb2020 Required Documents Documents Page limit Comments Cover Letter No limit Individual fellowship applicants must include a cover letter that contains a list of

265 views • 26 slides
Errata Last updated May 6, 2020 Errata for Ghallab, Nau, and Traverso, Automated Planning and

Errata Last updated May 6, 2020 Errata for Ghallab, Nau, and Traverso, Automated Planning and

Errata Last updated May 6, 2020 Errata for Ghallab, Nau, and Traverso, Automated Planning and Acting , Cambridge University Press, 2016. This list is a work in progress. Some of the following corrections are tentative and may be revised, and

308 views • 3 slides
Stanford CS193p Developing Applications for iOS Winter 2017 CS193p Winter 2017 Today Demo

Stanford CS193p Developing Applications for iOS Winter 2017 CS193p Winter 2017 Today Demo

Stanford CS193p Developing Applications for iOS Winter 2017 CS193p Winter 2017 Today Demo Cassini Continued Multiple MVC app which shows images related to Cassini space probe Multithreading Keeping the UI responsive Multithreaded Cassini

702 views • 27 slides
Expanded Very Large Array (EVLA) SRS This file shows each sentence with "only". When the

Expanded Very Large Array (EVLA) SRS This file shows each sentence with "only". When the

https://www.student.cs.uwaterloo.ca/~se463/Examples/array-sw-rqmts.pdf Expanded Very Large Array (EVLA) SRS This file shows each sentence with "only". When the "only" in a sentence is positioned correctly, only the sentence is

554 views • 3 slides
The Logic of Conditional Beliefs: Neighbourhood Semantics and Sequent Calculus Marianna Girlando,

The Logic of Conditional Beliefs: Neighbourhood Semantics and Sequent Calculus Marianna Girlando,

The Logic of Conditional Beliefs: Neighbourhood Semantics and Sequent Calculus Marianna Girlando, Sara Negri, Nicola Olivetti, Vincent Risch Aix Marseille Universit e, Laboratoire des Sciences de lInformation et des Syst` emes; University

600 views • 37 slides
St Star art t St Stoc ochas hastic tic En Envi viro ronment nments Computer ter Sc

St Star art t St Stoc ochas hastic tic En Envi viro ronment nments Computer ter Sc

Fi Fini nish sh Lo Logi gics cs St Star art t St Stoc ochas hastic tic En Envi viro ronment nments Computer ter Sc Science ce cpsc3 c322 22, , Lectur ture e 8 Te Textbo tbook ok Chpt 5.2 & & Chpt 12 12 Chpt

1.25k views • 88 slides
Disclosures Transplanting Interstitial Lung Disease I have nothing to disclose Steven Hays, MD

Disclosures Transplanting Interstitial Lung Disease I have nothing to disclose Steven Hays, MD

11/5/2016 Disclosures Transplanting Interstitial Lung Disease I have nothing to disclose Steven Hays, MD Associate Professor Medical Director, Lung Transplantation UCSF Medical Center Lung Transplantation Adult Lung Transplants

388 views • 14 slides
Briefing on eHR Content By Veronica HUNG Health Informatician, eHRISO Domains Domains eHR

Briefing on eHR Content By Veronica HUNG Health Informatician, eHRISO Domains Domains eHR

Briefing on eHR Content By Veronica HUNG Health Informatician, eHRISO Domains Domains eHR Participant Encounter Immunisation ENCOUNTER ENCOUNTER Encounter Encounter Encounter data A list of booked appointments and attended

471 views • 34 slides

More recommend