• Top
  • Documentation
    • Xdoc
    • ACL2-doc
    • Recursion-and-induction
    • Loop$-primer
    • Operational-semantics
      • Operational-semantics-3__annotated-bibliography
        • Bib::bhmy89
        • Bib::liu06
        • Bib::bm96
        • Bib::plotkin04b
        • Bib::bgm90
        • Bib::hkms17
        • Bib::bkm96
        • Bib::moore15
        • Bib::bh99
        • Bib::wilding93
        • Bib::plotkin04a
        • Bib::moore03b
        • Bib::mp02
        • Bib::moore19
        • Bib::manolios00
        • Bib::flatau92
        • Bib::hb92
        • Bib::bm05
        • Bib::goel16
        • Bib::bm73
        • Bib::ghk17
        • Bib::wilding92
        • Bib::moore17
        • Bib::moore96
        • Bib::ghkg14
        • Bib::yu92
        • Bib::hunt85
        • Bib::boh03
        • Bib::mmrv06
        • Bib::bm80
        • Bib::bh97
        • Bib::moore99b
        • Bib::moore14
        • Bib::rm04
        • Bib::by96
        • Bib::sawada00
        • Bib::mccarthy62
        • Bib::bm79
        • Bib::moore99a
        • Bib::sh98
        • Bib::rhmm07
        • Bib::kmm00a
        • Bib::ghk13
        • Bib::moore03a
        • Bib::hk12
        • Bib::mp67
        • Bib::young88
        • Bib::bm97
        • Bib::moore73
        • Bib::kmm00b
        • Bib::bevier87
      • Operational-semantics-1__simple-example
      • Operational-semantics-2__other-examples
      • Operational-semantics-5__history-etc
      • Operational-semantics-4__how-to-find-things
    • Pointers
    • Doc
    • Documentation-copyright
    • Course-materials
    • Args
    • ACL2-doc-summary
    • Finding-documentation
    • Broken-link
    • Doc-terminal-test-2
    • Doc-terminal-test-1
  • Books
  • Boolean-reasoning
  • Projects
  • Debugging
  • Std
  • Proof-automation
  • Macro-libraries
  • ACL2
  • Interfacing-tools
  • Hardware-verification
  • Software-verification
  • Math
  • Testing-utilities

• Operational-semantics-3__annotated-bibliography

Bib::bm96

R. S. Boyer and J S. Moore, “Mechanized Formal Reasoning about Programs and Computing Machines”, in R. Veroff, editor, Automated Reasoning and Its Applications: Essays in Honor of Larry Wos, MIT Press, 1966.



Relevance: the basic Nqthm/ACL2 style of operational semantics as a book chapter

———

Abstract

The design of a new processor often requires the invention and use of a new machine-level programming language, especially when the processor is meant to serve some special purpose. It is possible to specify formally the semantics of such a programming language so that one obtains a simulator for the new language from the formal semantics. Furthermore, it is possible to configure some mechanical theorem provers so that they can be used directly to reason about the behavior of programs in the new language, permitting the expeditious formal modeling of the new design as well as experimentation with and mechanically checked proofs about new programs. We here study a very simple machine-level language to illustrate how such modeling, experimentation, and reasoning may be done using the ACL2 automated reasoning system. Of particular importance is how we control the reasoning system so that it can deal with the complexity of the machine being modeled. The methodology we describe has been used on industrial problems and has been shown to scale to the complexity of state-of-the-art processors.

———

This paper describes the basic methodology used to model and reason about machines with ACL2: states as objects, a step function, a run function, clock functions for programs, lemmas to control expansion, and the basic methodology for specifying and verifying programs. The vehicle for this explanation here is a machine almost identical to M1 and this paper covers essentially the same ground as the documentation topic operational-semantics-1__simple-example. Referring to the work described in operational-semantics-5__history-etc and early ACL2 work, the paper says

The approach we describe is essentially that used in the Nqthm and ACL2 projects described above. Furthermore, the Nqthm and ACL2 users above were taught this method of formalization via examples very similar to this one, primarily in our graduate class, Recursion and Induction, at the University of Texas at Austin. That this technique scales up to languages that are many orders of magnitude more complicated than this one is demonstrated by [5, 9]. Therefore, simplicity here should be looked upon as a virtue.

While the paper does not name the machine being formalized, it was in fact called small-machine rather than m1 and it goes all the way back to Nqthm. Indeed, among the students who learned this methodology in Recursion and Induction in the early 1980s were Bevier, Hunt, Young, Flatau, and Wilding — all principals in the CLI Verified Stack work bib::bhmy89. See the 1991 Nqthm script examples/basic/small-machine.events, which demonstrates that most of the methodology described here was developed before ACL2. Coincidentally, it also shows that what we're calling m1 today — informally described as a “toy” Java Virtual Machine — predates the Java and the JVM.

The ACL2 version of the small-machine proof script may be found in the ACL2 book at https://www.cs.utexas.edu/~moore/publications/small-machine.lisp.

By the way, notes for Recursion and Induction have been incorporated into ACL2's documentation. See recursion-and-induction. But when the course was taught by Boyer and Moore in the 1980s the notes were essentially just a list of conjectures to prove or disprove and the class was rather free-form in the sense that student participation was critical and often determined the kinds of problems posed in the latter part of the semester. Operational semantics is not mentioned in the recursion-and-induction documentation.