FAQ for Proof Producing Synthesis in HOL Konrad Slind, Scott Owens, Juliano Iyoda, Mike Gordon [Project web page: http://www.cl.cam.ac.uk/ ∼ mjcg/dev/] 1 What is proof producing synthesis? Proof producing synthesis compiles a source specification (see 2) to an implementation and generates a theorem certifying that the implementation is correct. The specification is expressed in higher order logic. 2 What is the synthesisable subset of HOL? The compiler automatically translates functions f : σ 1 ×···× σ m → τ 1 ×···× τ n , where the argument (σ i ) and result (τ j ) types are words. It can translate any tail recursive definition of such a function as long as the sub-functions used in the definition are in the library of primitive or previously defined functions. Formal refinement into this subset is by proof in the HOL4 system (13, 14, 31, 30, 34 have more discussion and examples). 3 Why not verify synthesis functions? Synthesis functions would need to be coded inside higher order logic if they were to be proved correct. This would be impractical as the compiler uses many HOL4 system tools to automatically infer circuits – it would not be feasible to represent these tools (a substantial chunk of the HOL4 theorem proving infrastructure) in higher order logic. 4 Is proof producing synthesis really theorem-proving? The compiler that synthesises circuits is a derived proof rule in the HOL4 system which is implemented by rewriting and a variety of custom proof strategies. It is a special purpose automatic theorem prover for proving correctness certifying theorems (see 12). 5 Is proof producing synthesis the same as formal synthesis? Proof producing synthesis is a kind of formal synthesis [14] in which the synthesised circuit is not only formally inferred from the specification, but, in addition, a certifying theorem is produced (see 38 also). 6 Are there benefits of formal synthesis besides assurance? Formal synthesis by theorem proving ensures that circuits are correct by construction. Users can safely tinker with the proof scripts used by the compiler, confident that they cannot produce incorrect implementations. Users familiar with the underlying HOL4 theorem proving infrastructure can easily experiment with application-specific extensions or optimisations. An example of an optimisation is combinational inlining (see 26). An example of an extension is let-expressions (see 30). Safe extensibility is thus a benefit. 1