previous day
all days

View: session overviewtalk overviewside by side with other conferences

09:00-10:30 Session 58
Invited Talk: Verification in the Age of Integration
SPEAKER: John O'Leary
Extending ACL2 with SMT Solvers
SPEAKER: unknown

ABSTRACT. We present a sound way of extending ACL2 with Satisfiability Modulo Theories (SMT) technique using ACL2’s trusted clause processor mechanism. We are particularly interested in the verification of physical systems including Analog and Mixed Signal (AMS) designs. ACL2 offers strong induction abilities for reasoning about sequences and SMT complements deduction methods like ACL2 with fast nonlinear arithmetic solving procedures. While SAT solvers have been integrated into ACL2 in previous work, SMT methods raise new issues because of their support for a broader range of domains including real numbers and uninterpreted functions. This paper presents Smtlink, our clause processor for integrating SMT solvers into ACL2. We describe key design and implementation issues and describe our experience with its use.

11:00-12:30 Session 59
Reasoning about LLVM code using Codewalker
SPEAKER: David Hardin

ABSTRACT. This paper reports on initial experiments using J Moore's Codewalker to reason about programs compiled to the Low-Level Virtual Machine (LLVM) intermediate form. Previously, we reported on a translator from LLVM to the applicative subset of Common Lisp accepted by the ACL2 theorem prover, producing executable ACL2 formal models, and allowing us to both prove theorems about the translated models as well as validate those models by testing. That translator provided many of the benefits of a pure decompilation into logic approach, but had the disadvantage of not being verified. The availability of Codewalker as of ACL2 7.0 has provided an opportunity to revisit this idea, and employ a more trustworthy decompilation into logic tool. Thus, we have employed the Codewalker method to create an interpreter for a subset of the LLVM instruction set, and have used Codewalker to analyze some simple array-based C programs compiled to LLVM form. We discuss advantages and limitations of the Codewalker-based method compared to the previous method, and provide some challenge problems for future Codewalker development.

Stateman: Using Metafunctions to Manage Large Terms Representing Machine States

ABSTRACT. When ACL2 is used to model the operational semantics of computing machines, machine states are typically represented by terms recording the contents of the state components. When models are realistic and are stepped through thousands of machine cycles, these terms can grow quite large and the cost of simplifying them on each step grows. In this paper we describe an ACL2 book that uses HIDE and metafunctions to facilitate the management of large terms representing such states. Because the metafunctions for each state component updater are solely responsible for creating state expressions (i.e., ``writing'') and the metafunctions for each state component accessor are solely responsible for extracting values (i.e., ``reading'') from such state expressions, they can maintain their own normal form, use HIDE to prevent other parts of ACL2 from inspecting them, and use honsing to uniquely represent state expressions. The last feature makes it possible to memoize the metafunctions, which can improve proof performance in some machine models. This paper describes a general-purpose ACL2 book modeling a byte-addressed memory supporting ``mixed'' reads and writes. By ``mixed'' we mean that reads need not correspond (in address or number of bytes) with writes. Verified metafunctions simplify such ``read-over-write'' expressions while hiding the potentially large state expression. A key utility is a function that determines (an upper bound on) the value a symbolic arithmetic expression can attain, which plays a role in resolving writes to addresses given by symbolic expressions. We also report on a preliminary experiment with the book, which involves the production of states containing several million function calls.

Proving Skipping Refinement with ACL2s
SPEAKER: unknown

ABSTRACT. We describe three case studies illustrating how ACL2s is used to prove the correctness of optimized reactive systems using skipping refinement. Reasoning about reactive systems using refinement involves defining an abstract, high-level specification system and a concrete, low-level implementation system. Next, one shows that the behaviors of the implementation system are allowed by the specification system. The exact meaning depends on the notion of refinement. Skipping refinement allows us to reason about implementation systems that can ``skip'' specification states due to optimizations that allow the implementation system to take several specification steps at once. Skipping refinement also allows implementation systems to stutter, i.e. to take several steps before completing a specification step. We show how ACL2s can be used to prove skipping refinement theorems by modeling and proving the correctness of three systems: a JVM-inspired stack machine, a simple memory controller, and a scalar to vector compiler transformation.

13:30-15:00 Session 60
SPEAKER: Rump Session
What's New in the Community Books
SPEAKER: Jared Davis
What's New in ACL2