Recent News

Aug 2010 - May 2011. Magnus Myreen has developed a verified Lisp system, named Jitawa, which can run Milawa. Our paper about this project was accepted to ITP 2011:

Magnus O. Myreen and Jared Davis. A verified runtime for a verified theorem prover. Interactive Theorem Proving, August 2011, Nijmegen, The Netherlands.

For more about this project (such as the source code), please see Magnus's Jitawa page and also my Milawa on Jitawa page.

What is Milawa?

Milawa is a "self-verifying" theorem prover for an ACL2-like logic.

We begin with a simple proof checker, call it A, which is short enough to verify by the "social process" of mathematics.

We then develop a series of increasingly powerful proof checkers, call them B, C, D, and so on. We show each of these programs only accepts the same formulas as A, using A to verify B, and B to verify C, and so on. Then, since we trust A, and A says B is trustworthy, we can trust B. Then, since we trust B, and B says C is trustworthy, we can trust C. And so on for all the rest.

Our final proof checker is really a theorem prover; it can carry out a goal-directed proof search using assumptions, calculation, rewrite rules, and so on. We use this theorem prover to discover the proofs of soundness for B, C, and so on, and to emit these proofs in a format that A can check. Hence, "self verifying."

Milawa is free software released under the GNU General Public License, "version 2 or later."

Getting Milawa

Milawa has changed since my dissertation; the links and instructions here lead to the most recent version. An archive of the "original" Milawa web site is also available, which for instance includes compressed versions of the original, pre-generated proofs, and full proof-checker output, logs, etc.

A full build includes

1. An ACL2 sketch of Milawa's soundness proof
2. A user interface for developing Milawa proofs and translating ACL2 proofs into Milawa
3. Bootstrapping to use Milawa to discover its soundness proof

You can also browse the file listing from the web server without downloading anything. This listing does not include any of the proof files, certifications, logs, etc., which are available in the archived version, because I am no longer doing my development from this directory.

Main Documentation

• A self-verifying theorem prover
  Ph.D. thesis, University of Texas at Austin
  December 2009.
  PDF paper, 2 MB
  Errata
• A self-verifying theorem prover
  Ph.D. defense
  September 18, 2009
  PDF slides; 352 KB
  

Older Papers

• The Milawa rewriter
  and an ACL2 proof of its soundness
  Not published
  October 5, 2007.
  PDF paper, 202 KB
• A trustworthy, extensible theorem prover
  Ph.D. dissertation proposal
  October 22, 2007
  Screen version (PDF, 305 KB)
  Print version (PDF, 305 KB)
  (Also a technical report: The University of Texas at Austin, Department of Computer Sciences, Report #TR-08-14, March 2008. [link])

Older Talks

• The Milawa rewriter
  and an ACL2 proof of its soundness
  PDF slides; 580 KB
  November 16, 2007 (ACL2 '07)
• A trustworthy, extensible theorem prover
  Ph.D. dissertation proposal
  PDF slides; 961 KB
  AVI movie with commentary; 16 MB, 19 minutes
  October 24, 2007
• Tactics and tracing
  PDF slides; 550 KB
  ACL2 seminar, March 28, 2007
• Adding a computation rule
  PDF slides; 387 KB
  Also available as a WMV movie; 88 MB, 67 mins
  ACL2 seminar, August 2, 2006
• Designing a trustworthy, extensible theorem prover
  PDF poster; 350 KB
  Gradfest, March 2006
• Milawa: an extensible proof checker
  PDF slides; 760 KB
  ACL2 seminar, November 16, 2005