Orc and ACL2. Nathan Wetzler May 4, University of Texas, Austin

Similar documents
A Tool for Simplifying ACL2 Definitions

Improving Eliminate-Irrelevance for ACL2

A Futures Library and Parallelism Abstractions for a Functional Subset of Lisp

Mechanically-Verified Validation of Satisfiability Solvers

Midterm Exam 2 CS313K Logic, Sets, and Functions Spring, 2009

Introduction to ACL2. CS 680 Formal Methods for Computer Verification. Jeremy Johnson Drexel University

handled appropriately. The design of MILS/MSL systems guaranteed to perform correctly with respect to security considerations is a daunting challenge.

Mechanized Operational Semantics

Backtracking and Induction in ACL2

Modeling Asynchronous Circuits in ACL2 Using the Link-Joint Interface

An Overview of the DE Hardware Description Language and Its Application in Formal Verification of the FM9001 Microprocessor

Machines Reasoning about Machines

Industrial Hardware and Software Verification with ACL2

An Industrially Useful Prover

Reasoning About Programs Panagiotis Manolios

Milawa an extensible proof checker

Models and Languages for Service-Oriented and Cloud Computing

Verifying Centaur s Floating Point Adder

Describing Simulations in the Orc Programming Language

Finite Set Theory. based on Fully Ordered Lists. Jared Davis UT Austin. ACL2 Workshop 2004

A Mechanically Checked Proof of the Correctness of the Boyer-Moore Fast String Searching Algorithm

An ACL2 Proof of Write Invalidate Cache Coherence

ACL2: A Program Verifier for Applicative Common Lisp. Matt Kaufmann - AMD, Austin, TX J Strother Moore UT CS Dept, Austin, TX

Symbolic Programming. Dr. Zoran Duric () Symbolic Programming 1/ 89 August 28, / 89

Copyright. John D. Erickson

Copyright by Sol Otis Swords 2010

An Executable Model for JFKr

Functional programming with Common Lisp

Reasoning About Programs Panagiotis Manolios

TEITP User and Evaluator Expectations for Trusted Extensions. David Hardin Rockwell Collins Advanced Technology Center Cedar Rapids, Iowa USA

Mathematica for the symbolic. Combining ACL2 and. ACL2 Workshop 2003 Boulder,CO. TIMA Laboratory -VDS Group, Grenoble, France

A Functional Specification and Validation Model for Networks on Chip in the ACL2 Logic

Proving Theorems about Java and the JVM

Induction Schemes. Math Foundations of Computer Science

ACL2 Challenge Problem: Formalizing BitCryptol April 20th, John Matthews Galois Connections

Efficient execution in an automated reasoning environment

Imperative, OO and Functional Languages A C program is

Proof-Pattern Recognition and Lemma Discovery in ACL2

Lisp. Versions of LISP

INF4820: Algorithms for Artificial Intelligence and Natural Language Processing. Common Lisp Fundamentals

Reasoning About LLVM Code Using Codewalker

John McCarthy IBM 704

Functional Programming

Polymorphic Types in ACL2

Computation Orchestration

Software Verification with ACL2

A Framework for Asynchronous Circuit Modeling and Verification in ACL2

Logic and Computation Lecture 20 CSU 290 Spring 2009 (Pucella) Thursday, Mar 12, 2009

Function Memoization and Unique Object Representation for ACL2 Functions

Heuristic and Formal Methods in Automatic Program Debugging

Common LISP Tutorial 1 (Basic)

Reasoning About Programs Panagiotis Manolios

Development of a Translator from LLVM to ACL2

MIDTERM EXAMINATION - CS130 - Spring 2005

Verification Condition Generation via Theorem Proving

Scheme. Functional Programming. Lambda Calculus. CSC 4101: Programming Languages 1. Textbook, Sections , 13.7

Reasoning About Programs Panagiotis Manolios

Fifth Generation CS 4100 LISP. What do we need? Example LISP Program 11/13/13. Chapter 9: List Processing: LISP. Central Idea: Function Application

FP Foundations, Scheme

Function Memoization and Unique Object Representation for ACL2 Functions

Symbolic Computation and Common Lisp

The Formalization of a Simple Hardware Description Language

Verifying Cache Coherence in ACL2. Ben Selfridge Oracle / UT Austin

2 Chapter 4 driver and the state changes induced by each instruction (in terms of certain still undened bit-level functions such as the 8-bit signed a

Parameterized Congruences in ACL2

Intro. Scheme Basics. scm> 5 5. scm>

Progress Report: Term Dags Using Stobjs

Mechanized Operational Semantics

The reflective Milawa theorem prover is sound

Refinement and Theorem Proving

Lambda Calculus see notes on Lambda Calculus

Architecture as coordination: the Orc perspective

Well-Formedness Guarantees for ACL2 Metafunctions and Clause Processors

Efficient, Formally Verifiable Data Structures using ACL2 Single-Threaded Objects for High-Assurance Systems

A formalisation of XMAS

Department of Computer and information Science Norwegian University of Science and Technology

Towards A Formal Theory of On Chip Communications in the ACL2 Logic

Symbolic Reasoning. Dr. Neil T. Dantam. Spring CSCI-561, Colorado School of Mines. Dantam (Mines CSCI-561) Symbolic Reasoning Spring / 86

Machines Reasoning About Machines (2015) J Strother Moore Department of Computer Science University of Texas at Austin

Pattern Matching WIlensky Chapter 21

Formal Verification of Stack Manipulation in the SCIP Processor. J. Aaron Pendergrass

A verified runtime for a verified theorem prover

Bit-Blasting ACL2 Theorems

CSCI337 Organisation of Programming Languages LISP

Compositional Cutpoint Verification

A Brief Introduction to Oracle's Use of ACL2 in Verifying Floating- Point and Integer Arithmetic

Look at the outermost list first, evaluate each of its arguments, and use the results as arguments to the outermost operator.

Structured Interacting Computations

Modeling Algorithms in SystemC and ACL2. John O Leary, David Russinoff Intel Corporation

Tool demonstration: Spin

From Digital Images to Simplicial Complexes: A Report

Implementation Outline for Orc

Introduction to Locks. Intrinsic Locks

FUNKCIONÁLNÍ A LOGICKÉ PROGRAMOVÁNÍ 3. LISP: ZÁKLADNÍ FUNKCE, POUŽÍVÁNÍ REKURZE,

Assigning Coordinates to Events: Solving Combinatorial problems using Discrete Event Simulation

History overview Critical discussion What next (includes cool ideas from Matt)

Client-Server Interaction and Network Applications

Lambda Calculus and Lambda notation in Lisp II. Based on Prof. Gotshalks notes on Lambda Calculus and Chapter 9 in Wilensky.

SOFTWARE VERIFICATION AND COMPUTER PROOF (lesson 1) Enrico Tassi Inria Sophia-Antipolis

Macros & Streams Spring 2018 Discussion 9: April 11, Macros

Transcription:

Orc and ACL2 Nathan Wetzler nwetzler@cs.utexas.edu University of Texas, Austin May 4, 2008

Outline Orc Problem Overview of Orc Sites Combinators Parallel Combinator Sequential Combinator Pruning Combinator Fundamental Sites Functions ACL2 Motivation ACL2 Definition Example - Definition Example - Theorems Industrial-strength Utility

ORC

Problem Parallel/Distributed programming is hard Manage threads Handle external resources (delays, unreliability, etc)

Problem Parallel/Distributed programming is hard Manage threads Handle external resources (delays, unreliability, etc) Design Pattern 1. Acquire data from an remote service 2. Perform some calculation 3. Invoke other remote services with the results

Overview of Orc High-level Syntax Sites are basic services or components Three concurrency combinators integrate sites New concepts are implemented with sites and combinators Structure of an Orc Program An Orc program has: a goal expression a set of definitions The goal expression: calls sites publishes values

Sites Sites Nearly everything is a site in Orc Sites look and feel like functions BUT they are not functions Sites can be local or remote Remote sites can be unreliable, i.e. they may not respond to your call Sites return AT MOST one value Basic infix operators like +, -, % are actually sites in Orc The value returned from a site is published

Sites Sites Nearly everything is a site in Orc Sites look and feel like functions BUT they are not functions Sites can be local or remote Remote sites can be unreliable, i.e. they may not respond to your call Sites return AT MOST one value Basic infix operators like +, -, % are actually sites in Orc The value returned from a site is published Examples Prompt("What is your name?")

Sites Sites Nearly everything is a site in Orc Sites look and feel like functions BUT they are not functions Sites can be local or remote Remote sites can be unreliable, i.e. they may not respond to your call Sites return AT MOST one value Basic infix operators like +, -, % are actually sites in Orc The value returned from a site is published Examples Prompt("What is your name?") 5 + 3

Combinators Parallel (or Symmetric) Combinator Written as: f g Executes f and g in parallel No direct communication between f and g Can publish 0, 1, or 2 values

Combinators Parallel (or Symmetric) Combinator Written as: f g Executes f and g in parallel No direct communication between f and g Can publish 0, 1, or 2 values Example Prompt("Name?") Prompt ("Age?")

Combinators Sequential Combinator Written as: f >x> g Executes f passing any results as x to g Calls g as results become available Only publishes the values of g

Combinators Sequential Combinator Written as: f >x> g Executes f passing any results as x to g Calls g as results become available Only publishes the values of g Examples Prompt("Name?") >x> "Hello, " + x

Combinators Sequential Combinator Written as: f >x> g Executes f passing any results as x to g Calls g as results become available Only publishes the values of g Examples Prompt("Name?") >x> "Hello, " + x (Prompt("Name?") Prompt("Alias?")) >x> "Hello, " + x

Combinators Pruning Combinator Used for selection, blocking, or termination Written as: f <x< g Executes f and g in parallel Any site in f that needs x is suspended The first result from g is passed as x to f. Then g is terminated

Combinators Pruning Combinator Used for selection, blocking, or termination Written as: f <x< g Executes f and g in parallel Any site in f that needs x is suspended The first result from g is passed as x to f. Then g is terminated Example "Hello, " + x <x< Prompt("Name?") Prompt("Alias?")

Fundamental Sites if Rtimer stop

Fundamental Sites if Rtimer stop Example if(3 == 4) >> "this will never print"

Fundamental Sites if Rtimer stop Example if(3 == 4) >> "this will never print" "immediately" Rtimer(3000) >> "...three seconds later..." Rtimer(5000) >> "...five seconds later..."

Fundamental Sites if Rtimer stop Example if(3 == 4) >> "this will never print" "immediately" Rtimer(3000) >> "...three seconds later..." Rtimer(5000) >> "...five seconds later..." Prompt("I m not listening...") >> stop

Functions Functions Functions will begin evaluation immediately Can publish as many values as it wants Both functions and sites can be first-class objects

Functions Functions Functions will begin evaluation immediately Can publish as many values as it wants Both functions and sites can be first-class objects Example def nfib(n) = if (n <= 1) then 1 else nfib(n-2) + n1 <n1< nfib(n-1)

Professors at UT Dr. William Cook Dr. Jayadev Misra URL http://orc.csres.utexas.edu/

ACL2

Motivation Verification How can you verify that an implementation does what you wanted to? Specifically, how do you know if your implementation has a bug? You d like a proof of correctness over all possible input

ACL2 What is ACL2? A Computational Logic for Applicative Common LISP Functional subset of LISP First-order propositional logic Semi-automated

Example Definition of app: (defun app (x y) (if (consp x) (cons (car x) (app (cdr x) y)) y))

Example Theorem: (defthm app-nil-l (equal (app nil x) x))

Example Theorem: (defthm app-associative (equal (app (app a b) c) (app a (app b c))))

Example Theorem??? (defthm app-nil-r (equal (app x nil) x))

Example Theorem??? (defthm app-nil-r (implies (consp x) (equal (app x nil) x)))

Example Theorem: (defthm app-nil-r (implies (true-listp x) (equal (app x nil) x)))

Industrial-strength Utility Uses of ACL2 Highly used in hardware design I believe that Intel, AMD, Centaur all use ACL2 at some level of their verification process Won the 2005 ACM Software System Award (other winners are make, Java, Apache, Tcl/Tk, WWW)

Professors at UT Dr. Warren Hunt Dr. J Moore URL http://www.cs.utexas.edu/ moore/acl2/

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback