
ACL2 - tosh
http://www.cs.utexas.edu/users/moore/acl2/
======
lispm
[http://www.cs.utexas.edu/~marijn/publications/ACL2-ARCADE.pd...](http://www.cs.utexas.edu/~marijn/publications/ACL2-ARCADE.pdf)

Uses in industry:

• verification of all elementary floating-point arithmetic on the AMD Athlon,
after running 100M test vectors successfully comparing the ACL2 model with the
AMD RTL simulator;

• verification of all elementary floating-point arithmetic on the AMD Opteron;

• verification of a silicon implementation of a JVM chip by Rockwell-Collins;

• verification of the Rockwell Collins AAMP7 crypto chip (the basis for
obtaining NSA MILS certification);

• verification of the Greenhills operating system;

• verification of important invariants in the Sun JVM class loader and
properties assured by the Sun byte-code verifier;

• verification of the Centaur Technology, Inc., Verilog design for the VIA
Nano floating point adder which handles 32-bit, 64-bit, and 80-bit additions,
is pipelined to deliver 4 results per cycle, has 1074 input signals including
26 clock signals and 374 output signals, consists of 33,700 lines of Verilog
in 680 modules requiring 432,322 transistors;

• checking of a computationally surveyable proof of important properties of an
Intel implementation of the elliptic curve key agreement including that 2^255
− 19 is prime and that the elliptic curve known as Curve25519 is an abelian
group;

• verification of floating point designs at Oracle and ARM.

------
Animats
It's good to know that Boyer and Moore are still at it.

I used their previous system, Nqthm, many years ago. I recently got it running
from the 1992 sources and put it on Github.[1] It's nice seeing it run a
thousand times faster. I still like their logic system. Constructive
mathematics has a basic soundness you don't get from systems with too many
axioms.

[1] [https://github.com/John-Nagle/nqthm](https://github.com/John-Nagle/nqthm)

~~~
carussell
pasv looks interesting, too.

The FOLDOC entry for Pascal-F[1] says the Pascal-F paper was published in
1968, but Wikipedia says at that time Wirth had only just started working on
Pascal. Do you know anyone who might have a copy of the Nelson paper?

1\. [http://foldoc.org/pascal-f](http://foldoc.org/pascal-f)

~~~
Animats
That was Ed Nelson, at Ford Scientific Research Labs. He did that work in the
late 1970s and early 1980s, not the 1960s.

Pascal-F extended Pascal with fixed-point arithmetic, monitors, and interrupt
handling. The "pasv" repository contains the front end of the compiler, which
generates byte code. The back end generated code for the Intel 8061, the Ford
EEC IV engine control processor. The back end was proprietary to Ford. There
was a summer hire trying to write an interpreter for the byte code for test
purposes, but he didn't finish it.

I've been trying to revive "pasv", but I'm stuck on a bug in the rule handling
in the Oppen-Nelson (Greg Nelson, not Ed Nelson) theorem prover. It's in Franz
Lisp, and I'm trying to make it work in GNU Common LISP, which has slightly
different semantics for some of the same constructs.

------
nickpsecurity
A few links follow to show the power of the tool.

Centaur, an x86 vendor, used it for formal verification of CPU's without
paying huge money for typical tools:

[http://fm.csl.sri.com/LAW/2010/law2010-slides-
Hunt.pdf](http://fm.csl.sri.com/LAW/2010/law2010-slides-Hunt.pdf)

Rockwell-Collins verifies a secure CPU, its microcode, and assembly on top of
it:

[http://www.ccs.neu.edu/home/pete/acl206/papers/hardin.pdf](http://www.ccs.neu.edu/home/pete/acl206/papers/hardin.pdf)

Original work on a verified stack that led to ACL2:

ftp://ftp.cs.utexas.edu/pub/boyer/fm9001/index.html

------
sanxiyn
AMD was a major user of ACL2 and verified AMD Athlon FPU using ACL2. Their
case study is IMO an approachable presentation of what realistic verification
of FPU looks like in practice.

[http://www.russinoff.com/papers/fadd.html](http://www.russinoff.com/papers/fadd.html)

------
sigjuice
[https://mitpress.mit.edu/books/little-
prover](https://mitpress.mit.edu/books/little-prover)

The Little Prover Written by Daniel P. Friedman and Carl Eastlund

[https://the-little-prover.github.io](https://the-little-prover.github.io)

J-Bob

J-Bob is our little proof assistant, available on Github. For an introduction
to J-Bob, see Appendix A of The Little Prover.

J-Bob is available for _ACL2_ , Scheme, and Racket

------
adjkant
We used this in my Logic and Computation college class. I've been thinking
recently about if people could take this and use it to make a safer language
for things like contracts in crypto (looking to you Ethereum) so people don't
end up writing million dollar bugs so easily.

~~~
sanxiyn
ACL2 was adopted by AMD, basically after $475 million bug. (I am, of course,
talking about Pentium FDIV bug.) Expensive bugs do motivate adoption of formal
verification technologies.

