Abstract
Computer hardware and software can be modeled precisely in mathematical logic. If expressed appropriately, these models can be executable, i.e., run on concrete data. This allows them to be used as simulation engines or rapid prototypes. But because they are formal they can be manipulated by symbolic means: theorems can be proved about them, directly, with mechanical theorem provers. But how practical is this vision of machines reasoning about machines? In this highly personal talk, I will describe the 45 year history of the “Boyer-Moore theorem prover,” starting with its use in Edinburgh, Scotland, to prove simple list processing theorems by mathematical induction (e.g., the reverse of the reverse of x is x) to its routine commercial use in the microprocessor industry (e.g., the floating point operations of the Via Nano 64-bit X86 microprocessor are compliant with the IEEE standard). Along the way we will see applications in program verification, models of instruction set architectures including the JVM, and security and information flow. I then list some reasons this project has been successful. The paper also serves as an annotated bibliography of the key stepping stones in the applications of the prover.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsNotes
- 1.
For a discussion of why I consider this “reasoning” see [41].
- 2.
For a wonderful narrative of one person’s journey through formal methods applications, mainly with Nqthm and ACL2, see Russinoff’s page http://www.russinoff.com/papers/.
References
Bevier, W.R.: A verified operating system kernel. Ph.D. dissertation, University of Texas at Austin (1987)
Bevier, W., Hunt Jr., W.A., Moore, J.S., Young, W.: Special issue on system verification. J. Autom. Reasoning 5(4), 409–530 (1989)
Boyer, R.S., Moore, J.S.: Proving theorems about pure lisp functions. JACM 22(1), 129–144 (1975)
Boyer, R.S., Moore, J.S.: A lemma driven automatic theorem prover for recursive function theory. In: 5th International Joint Conference on Artificial Intelligence, pp. 511–519 (1977)
Boyer, R.S., Moore, J.S.: A Computational Logic. Academic Press, New York (1979)
Boyer, R.S., Moore, J.S.: Metafunctions: Proving them correct and using them efficiently as new proof procedures. In: Boyer, R.S., Moore, J.S. (eds.) The Correctness Problem in Computer Science. Academic Press, London (1981)
Boyer, R.S., Moore, J.S.: A mechanical proof of the turing completeness of pure lisp. In: Bledsoe, W.W., Loveland, D.W. (eds.) Contemporary Mathematics: Automated Theorem Proving: After 25 Years, vol. 29, pp. 133–168. American Mathematical Society, Providence (1984)
Boyer, R.S., Moore, J.S.: A mechanical proof of the unsolvability of the halting problem. J. Assoc. Comput. Mach. 31(3), 441–458 (1984)
Boyer, R.S., Moore, J.S.: Proof checking the rsa public key encryption algorithm. Am. Math. Monthly 91(3), 181–189 (1984)
Boyer, R.S., Moore, J.S.: Integrating decision procedures into heuristic theorem provers: a case study of linear arithmetic. In: Hayes, J.E., Richards, J., Michie, D. (eds.) Machine Intelligence 11, pp. 83–124. Oxford University Press, Oxford (1988)
Boyer, R.S., Moore, J.S.: Mjrty - a fast majority vote algorithm. In: Boyer, R.S. (ed.) Automated Reasoning: Essays in Honor of Woody Bledsoe. Automated Reasoning Series, pp. 105–117. Kluwer Academic Publishers, Dordrecht (1991)
Boyer, R.S., Moore, J.S.: A Computational Logic Handbook, 2nd edn. Academic Press, New York (1997)
Boyer, R.S., Moore, J.S., Green, M.W.: The use of a formal simulator to verify a simple real time control program. In: Beauty is Our Business: A Birthday Salute to Edsger W. Dijkstra. pp. 54–66. Springer-Verlag Texts and Monographs in Computer Science (1990)
Boyer, R.S., Yu, Y.: Automated proofs of object code for a widely used microprocessor. J. ACM 43(1), 166–192 (1996)
Boyer, R.S., Warren A., Hunt, J.: Function memoization and unique object representation for acl2 functions. In: ACL2 2006: Proceedings of the Sixth International Workshop on the ACL2 Theorem Prover and Its Applications, pp. 81–89. ACM, New York (2006)
Brock, B., Hunt Jr., W.A.: Formal analysis of the motorola CAP DSP. In: Hinchey, M.G., Bowen, J.P. (eds.) Industrial-Strength Formal Methods, pp. 81–115. Springer-Verlag, London (1999)
Brock, B., Kaufmann, M., Moore, J.S.: ACL2 theorems about commercial microprocessors. In: Srivas, M., Camilleri, A. (eds.) FMCAD 1996. LNCS, vol. 1166, pp. 275–293. Springer, Heidelberg (1996). http://www.cs.utexas.edu/users/moore/publications/bkm96.ps.Z
Flatau, A.D.: A verified implementation of an applicative language with dynamic storage allocation. Ph.D. thesis, University of Texas at Austin (1992)
Goel, S., Hunt, W., Kaufmann, M.: Simulation and formal verification of x86 machine-code programs that make system calls. In: Claessen, K., Kuncak, V. (eds.) FMCAD 2014: Proceedings of the 14th Conference on Formal Methods in Computer-Aided Design, pp. 91-98. EPFL, Switzerland (2014). http://www.cs.utexas.edu/users/hunt/FMCAD/FMCAD14/proceedings/final.pdf
Greve, D., Wilding, M.: Evaluatable, high-assurance microprocessors. In: NSA High-Confidence Systems and Software Conference (HCSS), Linthicum, MD, March 2002. http://hokiepokie.org/docs/hcss02/proceedings.pdf
Greve, D., Wilding, M.: A separation kernel formal security policy (2003)
Greve, D.A.: Symbolic simulation of the JEM1 microprocessor. In: Gopalakrishnan, G.C., Windley, P. (eds.) FMCAD 1998. LNCS, vol. 1522, pp. 321–333. Springer, Heidelberg (1998)
Hunt, Jr., W.A.: FM8501: a verified microprocessor. Ph.D. thesis, University of Texas at Austin (1985). (Published as a book by the same title, Cambridge University Press 1994)
Hunt Jr., W.A. (ed.): FM8501: A Verified Microprocessor. LNCS, vol. 795. Springer, Heidelberg (1994)
Hunt, Jr., W.A., Brock, B.: A formal HDL and its use in the FM9001 verification. In: Proceedings of the Royal Society, April 1992
Hunt Jr., W.A., Kaufmann, M., Krug, R.B., Moore, J.S., Smith, E.W.: Meta reasoning in ACL2. In: Hurd, J., Melham, T. (eds.) TPHOLs 2005. LNCS, vol. 3603, pp. 163–178. Springer, Heidelberg (2005)
Hunt Jr., W.A., Krug, R.B., Moore, J.: Linear and nonlinear arithmetic in ACL2. In: Geist, D., Tronci, E. (eds.) CHARME 2003. LNCS, vol. 2860, pp. 319–333. Springer, Heidelberg (2003)
Hunt Jr., W.A., Swords, S.: Centaur technology media unit verification. In: Bouajjani, A., Maler, O. (eds.) CAV 2009. LNCS, vol. 5643, pp. 353–367. Springer, Heidelberg (2009)
Kaufmann, M.: – Invited Talk – ACL2 support for verification projects. In: Kirchner, C., Kirchner, H. (eds.) CADE 1998. LNCS (LNAI), vol. 1421, pp. 220–238. Springer, Heidelberg (1998)
Kaufmann, M., Moore, J.S.: Proof search debugging tools in ACL2. In: A Festschrift in Honour of Prof. Michael J. C. Gordon FRS. Royal Society, London, March 2008
Kaufmann, M., Moore, J.S.: The ACL2 home page. In: Dept. of Computer Sciences, University of Texas at Austin (2014). http://www.cs.utexas.edu/users/moore/acl2/
Kaufmann, M.: Abbreviated output for input in ACL2: an implementation case study. In: Proceedings of ACL2 Workshop 2009, May 2009. http://www.cs.utexas.edu/users/sandip/acl2-09
Kaufmann, M., Moore, J.S., Ray, S., Reeber, E.: Integrating external deduction tools with ACL2. J. Appl. Logic 7(1), 3–25 (2009)
Kernighan, B.W., Ritchie, D.M.: The C Programming Language, 2nd edn. Prentice Hall, Englewood Cliff (1988)
Liu, H., Moore, J.S.: Executable JVM model for analytical reasoning: a study. In: Workshop on Interpreters, Virtual Machines and Emulators 2003 (IVME 2003). ACM SIGPLAN, San Diego, June 2003
Liu, H.: Formal Specification and Verification of a JVM and its Bytecode Verifier. Ph.D. thesis, University of Texas at Austin (2006)
Moore, J.S.: Computational logic: Structure sharing and proof of program properties. Ph.D. dissertation, University of Edinburgh (1973). http://www.era.lib.ed.ac.uk/handle/1842/2245
Moore, J.S.: Automatic proof of the correctness of a binary addition algorithm. ACM SIGARG Newslett. 52, 13–14 (1975)
Moore, J.S.: A mechanical proof of the termination of takeuchi’s function. Inf. Process. Lett. 9(4), 176–181 (1979)
Moore, J.S.: Piton: A Mechanically Verified Assembly-Level Language. Automated Reasoning Series. Kluwer Academic Publishers, Dordrecht (1996)
Moore, J.S.: A mechanized program verifier. In: Meyer, B., Woodcock, J. (eds.) VSTTE 2005. LNCS, vol. 4171, pp. 268–276. Springer, Heidelberg (2008)
Moore, J.S., Lynch, T., Kaufmann, M.: A mechanically checked proof of the correctness of the kernel of the AMD5K86 floating point division algorithm. IEEE Trans. Comput. 47(9), 913–926 (1998)
Hunt Jr., W.A., Reeber, E.: Formalization of the DE2 language. In: Borrione, D., Paul, W. (eds.) CHARME 2005. LNCS, vol. 3725, pp. 20–34. Springer, Heidelberg (2005)
Russinoff, D.: A mechanically checked proof of IEEE compliance of a register-transfer-level specification of the AMD-K7 floating-point multiplication, division, and square root instructions. London Math. Soc. J. Comput. Math. 1, 148–200 (1998). http://www.onr.com/user/russ/david/k7-div-sqrt.html
Russinoff, D.M.: An experiment with the boyer-moore theorem prover: a proof of wilson’s theorem. J. Autom. Reasoning 1(2), 121–139 (1985)
Sawada, J.: Formal verification of divide and square root algorithms using series calculation. In: Proceedings of the ACL2 Workshop, 2002, Grenoble, April 2002. http://www.cs.utexas.edu/users/moore/acl2/workshop-2002
Shankar, N.: Proof-checking metamathematics. Ph.D. thesis, University of Texas at Austin (1986). (Published as the book Metamathematics, Machines, and Gödel’s Proof, Cambridge University Press, 1994)
Shankar, N.: Metamathematics, Machines, and Godel’s Proof. Cambridge University Press, Cambridge (1994)
Slobodova, A., Davis, J., Swords, S., Warren Hunt, J.: A flexible formal verification framework for industrial scale validation. In: Singh, S. (ed.) 9th IEEE/ACM International Conference on Formal Methods and Models for Codesign (MEMOCODE), pp. 89–97. IEEE (2011)
Steele Jr., G.L.: Common Lisp The Language, 2nd edn. Digital Press, Burlington (1990)
Sumners, R.: Correctness proof of a BDD manager in the context of satisfiability checking. In: Proceedings of ACL2 Workshop 2000, Department of Computer Sciences, Technical report TR-00-29, November 2000. http://www.cs.utexas.edu/users/moore/acl2/workshop-2000/final/sumners2/paper.ps
Wilding, M.: A mechanically verified application for a mechanically verified environment. In: Courcoubetis, C. (ed.) CAV 1993. LNCS, vol. 697, pp. 268–279. Springer, Heidelberg (1993)
Young, W.D.: A verified code generator for a subset of Gypsy. Technical report 33, Computational Logic. Inc., Austin, Texas (1988)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Springer International Publishing Switzerland
About this paper
Cite this paper
Moore, J.S. (2015). Machines Reasoning About Machines: 2015. In: Finkbeiner, B., Pu, G., Zhang, L. (eds) Automated Technology for Verification and Analysis. ATVA 2015. Lecture Notes in Computer Science(), vol 9364. Springer, Cham. https://doi.org/10.1007/978-3-319-24953-7_2
Download citation
DOI: https://doi.org/10.1007/978-3-319-24953-7_2
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-24952-0
Online ISBN: 978-3-319-24953-7
eBook Packages: Computer ScienceComputer Science (R0)