A Verified Runtime for a Verified Theorem Prover

Myreen, Magnus O.; Davis, J. K.

doi:10.1007/978-3-642-22863-6_20

Cited by 21 publications

(26 citation statements)

References 17 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The intention was to make this case study as reusable as possible so that future verified language implementations, e.g. future version of our verified Lisp implementation [16], can make use of arbitrary-precision integer arithmetic.…”

Section: Resultsmentioning

confidence: 99%

Proof Pearl: A Verified Bignum Implementation in x86-64 Machine Code

Myreen

Curello

2013

Certified Programs and Proofs

Self Cite

View full text Add to dashboard Cite

Abstract. Verification of machine code can easily deteriorate into an endless clutter of low-level details. This paper presents a case study which shows that machine-code verification does not necessitate ghastly lowlevel proofs. The case study we describe is the construction of an x86-64 implementation of arbitrary-precision integer arithmetic. Compared with closely related work, our proofs are shorter and, more importantly, the reasoning is at a more convenient high level of abstraction, e.g. pointer reasoning is largely avoided. We achieve this improvement as a result of using an abstraction for arrays and previously developed tools, namely, a proof-producing decompiler and compiler. The work presented in this paper has been developed in the HOL4 theorem prover. The case study resulted in 800 lines of verified 64-bit x86 machine code.

show abstract

Section: Resultsmentioning

confidence: 99%

Proof Pearl: A Verified Bignum Implementation in x86-64 Machine Code

Myreen

Curello

2013

Certified Programs and Proofs

Self Cite

View full text Add to dashboard Cite

show abstract

“…The resulting theorem is very large and calling the SAT solver (to no avail) took up 82 s. 5 However, this gives a false impression. In practice, run-times are typically much more respectable.…”

Section: Bit-blastingmentioning

confidence: 99%

“…32-bit and 64-bit words), the run-times for all three problems are in the order of seconds. 5 The timings do not include the printing of terms. For obvious reasons the maximum print-depth must be limited when working with very large terms.…”

Section: Bit-blastingmentioning

confidence: 99%

See 1 more Smart Citation

LCF-Style Bit-Blasting in HOL4

Fox

2011

Interactive Theorem Proving

View full text Add to dashboard Cite

show abstract

“…The soundness evidence we have proved can be summed up in one top-level soundness theorem: the kernel of the Milawa theorem prover will, when run on our previously verified Lisp runtime [9], only ever prove statements that are true w.r.t. the semantics of Milawa's logic.…”

Section: Introductionmentioning

confidence: 99%

The Reflective Milawa Theorem Prover is Sound (Down to the Machine Code that Runs it)

Davis¹,

Myreen

2015

J Autom Reasoning

Self Cite

View full text Add to dashboard Cite

Abstract. This paper presents, what we believe to be, the most comprehensive evidence of a theorem prover's soundness to date. We have proved the soundness of the reflective Milawa theorem prover: we formalised its logic, proved the logic sound, and proved that Milawa's kernel (2,000 lines of Lisp) is faithful to its logic. By combining these results with previous work, we have shown that Milawa can never claim to prove anything that is false when run on top of our previously developed verified runtime. This work was carried out using the HOL4 theorem prover.

show abstract

A Verified Runtime for a Verified Theorem Prover

Cited by 21 publications

References 17 publications

Proof Pearl: A Verified Bignum Implementation in x86-64 Machine Code

Proof Pearl: A Verified Bignum Implementation in x86-64 Machine Code

LCF-Style Bit-Blasting in HOL4

The Reflective Milawa Theorem Prover is Sound (Down to the Machine Code that Runs it)

Contact Info

Product

Resources

About