Industrial hardware and software verification with ACL2

@article{Hunt2017IndustrialHA,
  title={Industrial hardware and software verification with ACL2},
  author={Warren A. Hunt and Matt Kaufmann and J. Strother Moore and Anna Slobodov{\'a}},
  journal={Philosophical Transactions of the Royal Society A: Mathematical, Physical and Engineering Sciences},
  year={2017},
  volume={375}
}
  • W. Hunt, Matt Kaufmann, A. Slobodová
  • Published 13 October 2017
  • Computer Science
  • Philosophical Transactions of the Royal Society A: Mathematical, Physical and Engineering Sciences
The ACL2 theorem prover has seen sustained industrial use since the mid-1990s. Companies that have used ACL2 regularly include AMD, Centaur Technology, IBM, Intel, Kestrel Institute, Motorola/Freescale, Oracle and Rockwell Collins. This paper introduces ACL2 and focuses on how and why ACL2 is used in industry. ACL2 is well-suited to its industrial application to numerous software and hardware systems, because it is an integrated programming/proof environment supporting a subset of the ANSI… 

Milestones from the Pure Lisp theorem prover to ACL2

  • J. S. Moore
  • Computer Science
    Formal Aspects of Computing
  • 2019
We discuss the evolutionary path from the Edinburgh Pure Lisp Theorem Prover of the early 1970s to its modern counterpart, AComputational Logic for Applicative Common Lisp, aka ACL2, which is in

Milestones from The Pure Lisp Theorem Prover to ACL 2 Draft 4 – 5 March , 2019

The evolutionary path from the Edinburgh Pure Lisp Theorem Prover of the early 1970s to today’s ACL2 is discussed, which includes the adoption of a first-order subset of a programming language as a logic.

Rigorous engineering for hardware security: Formal modelling and proof in the CHERI design and implementation process

This paper formalises key intended security properties of the design, and establishes that these hold with mechanised proof for CHERI, an architecture with hardware capabilities that supports fine-grained memory protection and scalable secure compartmentalisation, while offering a smooth adoption path for existing software.

Verifying x86 instruction implementations

A current contribution of formal methods to the validation of modern x86 microprocessors at Centaur Technology is described, which focuses on proving correctness of instruction implementations, which includes the decoding of an instruction, its translation into a sequence of micro-operations, any subsequent execution of traps to microcode ROM, and the implementation of these micro- operations in execution units.

Industrial Use of ACL2: Applications, Achievements, Challenges, and Directions

The penetration of the ACL2 theorem proving system into the microprocessor industry is described, some of milestones achieved, the obstacles standing in the way, and some future research directions are listed.

Verified compilation on a verified processor

This paper shows how to extend the trustworthy development methodology of the CakeML project, including its verified compiler, with a connection to verified hardware, and results are an approach to producing verified stacks that scales to proving correctness, at the hardware level, of the execution of realistic software including compilers and proof checkers.

Exemplary Achievements Industrial Use of ACL 2 : Applications , Achievements , Challenges , and Directions

The penetration of the ACL2 theorem proving system into the microprocessor industry is described, some of milestones achieved, the obstacles standing in the way, and some future research directions are listed.

Balancing Automation and Control for Formal Verification of Microprocessors

The current status of formal verification at Centaur Technology is described and the main engine is described—a powerful symbolic simulator with rewriting capabilities that is integrated in a theorem prover and proven correct.

A Proof-Producing Translator for Verilog Development in HOL

We present an automatic proof-producing translator targeting the hardware description language Verilog. The tool takes a circuit represented as a HOL function as input, translates the input function

ACL2 Induction Heuristics

This article describes how ACL2 mechanizes mathematical induction. The techniques, which involve three well-known mathematical ideas and a handful of heuristics, were first demonstrated in Boyer and

References

SHOWING 1-10 OF 83 REFERENCES

Industrial-Strength Documentation for ACL2

XDOC, a flexible, scalable documentation tool that can incorporate the documentation for ACL2 itself, the Community Books, and an organization’s internal formal verification projects, and which has many features that help to keep the resulting manuals up to date, is developed.

Embedding ACL 2 Models in End-User Applications

A way to embed functions from the ACL2 theorem prover into software that is written in mainstream programming languages, which lets us reuse formal ACL2 models to develop modern applications with features like graphics, networking, databases, etc.

Single-Threaded Objects in ACL2

This work provides "singlethreaded objects," structures with the usual "copy on write" applicative semantics but for which writes are implemented destructively.

ACL2 Theorems About Commercial Microprocessors

This work proved the correctness of the kernel of the floating-point division operation on AMD's first Pentium-class microprocessor, the AMD5 K 86, and discussed ACL2 and industrial applications, with particular attention to the microcode verification work.

Use of Formal Verification at Centaur Technology

The formal methodology to verify components of a commercial 64-bit, x86-compatible microprocessor design at Centaur Technology, based on the ACL2 theorem prover, is described, which uses AIG- and BDD-based symbolic simulation and theorem proving techniques to show that the hardware models satisfy their specifications.

Proof Search Debugging Tools in ACL 2

ACL2 provides a wide variety of search debugging tools to allow the user to answer the questions “what is happening?" and "what went wrong?” and these tools are discussed.

Integrating external deduction tools with ACL2

Verified AIG Algorithms in ACL2

This work has an immediate, practical benefit for ACL2 users who are using GL to bit-blast finite ACL2 theorems: they can now optionally trust an off-the-shelf SAT solver to carry out the proof, instead of using the built-in BDD package.

Simulation and formal verification of x86 machine-code programs that make system calls

This work adds support for system calls to their formal, executable model of the user-level x86 instruction-set architecture (ISA), and is the first that enables mechanical proofs of functional correctness of user- level x86 machine-code programs that make system calls.

Replacing Testing with Formal Verification in Intel CoreTM i7 Processor Execution Engine Validation

The experiences show that under the right circumstances, full formal verification of a design component is a feasible, industrially viable and competitive validation approach.
...