Making Induction Manifest in Modular ACL2 ∗

ACL2, a Common Lisp-based language for programming and theorem proving, has enjoyed industrial success despite lacking modern language features such as a module system. In previous work, we equipped ACL2 with modules, interfaces, and explicit linking and measured our system with a series of experiments. One experiment revealed a serious lack of expressivity; the interfaces cannot describe the induction schemes necessary to reason about exported functions with nontrivial patterns of recursion. In this paper we revise our language, Modular ACL2, to overcome this weakness. The first novelty is the inclusion of manifest function definitions in interfaces from which ACL2 can infer induction schemes. The second novelty consists of the first proofs of soundness and expressivity for Modular ACL2; we also reaffirm the usefulness of our system with updated benchmarks. Categories and Subject Descriptors D [2]: 2—Modules and interfaces; D [2]: 4—Formal methods; D [3]: 3—Modules, packages