Daron Vroon

Termination analysis with calling context graphs

We introduce calling context graphs and various static and theorem proving based analyses that together provide a powerful method for proving termination of programs written in feature-rich, first order, functional programming languages. In contrast to previous work, our method is highly automated and handles any source of looping behavior in such languages, including recursive definitions, mutual recursion, the use of recursive data structures, etc. We have implemented our method for the ACL2 programming language and evaluated the result using the ACL2 regression suite, which consists of numerous libraries with a total of over 10,000 function definitions. Our method was able to automatically detect termination of over 98% of these functions.

Verification condition generation via theorem proving

We present a method to convert (i) an operational semantics for a given machine language, and (ii) an off-the-shelf theorem prover, into a high assurance verification condition generator (VCG). Given a program annotated with assertions at cutpoints, we show how to use the theorem prover directly on the operational semantics to generate verification conditions analogous to those produced by a custom-built VCG. Thus no separate VCG is necessary, and the theorem prover can be employed both to generate and to discharge the verification conditions. The method handles both partial and total correctness. It is also compositional in that the correctness of a subroutine needs to be proved once, rather than at each call site. The method has been used to verify several machine-level programs using the ACL2 theorem prover.

BAT: the bit-level analysis tool

While effective methods for bit-level verification of low-level properties exist, system-level properties that entail reasoning about a significant part of the design pose a major verification challenge. We present the Bit-level Analysis Tool (BAT), a state-of-the-art decision procedure for bit-level reasoning that implements a novel collection of techniques targeted towards enabling the verification of system-level properties. Key features of the BAT system are an expressive strongly-typed modeling and specification language, a fully automatic and efficient memory abstraction algorithm for extensional arrays, and a novel CNF generation algorithm. The BAT system can be used to automatically solve system-level RTL verification problems that were previously intractable, such as refinement-based verification of RTL-level pipelined machines.

Efficient execution in an automated reasoning environment

We describe a method that permits the user of a mechanized mathematical logic to write elegant logical definitions while allowing sound and efficient execution. In particular, the features supporting this method allow the user to install, in a logically sound way, alternative executable counterparts for logically defined functions. These alternatives are often much more efficient than the logically equivalent terms they replace. These features have been implemented in the ACL2 theorem prover, and we discuss several applications of the features in ACL2.

Automating component-based system assembly

One of the major challenges in the development of large component-based software systems is the system assembly problem: from a sea of available components, which should be selected and how should they be connected, integrated, and assembled so that the overall system requirements are satisfied? We present a powerful framework for automatically solving the system assembly problem directly from system requirements. Our framework includes an expressive language for declaratively describing system-level requirements, including component interfaces and dependencies, resource requirements, safety properties, objective functions, and various types of constraints. We show how to automatically solve system assembly problems using verification technology that takes advantage of current advances in Boolean satisfiability methods. We have implemented our techniques in the CoBaSA tool (Component-Based System Assembly), and we have successfully applied it to several large-scale industrial examples.

Efficient circuit to CNF conversion

Modern SAT solvers are proficient at solving Boolean satisfiability problems in Conjunctive Normal Form (CNF). However, these problems mostly arise from general Boolean circuits that are then translated to CNF. We outline a simple and expressive data structure for describing arbitrary circuits, as well as an algorithm for converting circuits to CNF. Our experimental results over a large benchmark suite show that the CNF problems we generate are consistently smaller and more quickly solved by modern SAT solvers than the CNF problems generated by current CNF generation methods.

Faster SAT solving with better CNF generation

Boolean satisfiability (SAT) solving has become an enabling technology with wide-ranging applications in numerous disciplines. These applications tend to be most naturally encoded using arbitrary Boolean expressions, but to use modern SAT solvers, one has to generate expressions in conjunctive normal form (CNF). This process can significantly affect SAT solving times. In this paper, we introduce a new linear-time CNF generation algorithm. We have implemented our algorithm and have conducted extensive experiments, which show that our algorithm leads to faster SAT solving times and smaller CNF than existing approaches.

The ACL2 sedan theorem proving system

The ACL2 Sedan theorem prover (ACL2s) is an Eclipse plugin that provides a modern integrated development environment, supports several modes of interaction, provides a powerful termination analysis engine, and includes fully automatic bug-finding methods based on a synergistic combination of theorem proving and random testing. ACL2s is publicly available and open source. It has also been used in several sections of a required freshman course at Northeastern University to teach over 200 undergraduate students how to reason about programs.

Ordinal Arithmetic: Algorithms and Mechanization

Termination proofs are of critical importance for establishing the correct behavior of both transformational and reactive computing systems. A general setting for establishing termination proofs involves the use of the ordinal numbers, an extension of the natural numbers into the transfinite that were introduced by Cantor in the nineteenth century and are at the core of modern set theory. We present the first comprehensive treatment of ordinal arithmetic on compact ordinal notations and give efficient algorithms for various operations, including addition, subtraction, multiplication, and exponentiation. Using the ACL2 theorem proving system, we implemented our ordinal arithmetic algorithms, mechanically verified their correctness, and developed a library of theorems that can be used to significantly automate reasoning involving the ordinals. To enable users of the ACL2 system to fully utilize our work required that we modify ACL2, e.g., we replaced the underlying representation of the ordinals and added a large library of definitions and theorems. Our modifications are available starting with ACL2 version 2.8.

Algorithms for Ordinal Arithmetic

Proofs of termination are essential for establishing the correct behavior of computing systems. There are various ways of establishing termination, but the most general involves the use of ordinals. An example of a theorem proving system in which ordinals are used to prove termination is ACL2. In ACL2, every function defined must be shown to terminate using the ordinals up to e 0. We use a compact notation for the ordinals up to e 0 (exponentially more succinct than the one used by ACL2) and define efficient algorithms for ordinal addition, subtraction, multiplication, and exponentiation. In this paper we describe our notation and algorithms, prove their correctness, and analyze their complexity.