Implementing an Automatic Differentiator in ACL2

The foundational theory of differentiation was developed as part of the original release of ACL2(r). In work reported at the last ACL2 Workshop, we presented theorems justifying the usual differentiation rules, including the chain rule and the derivative of inverse functions. However, the process of applying these theorems to formalize the derivative of a particular function is completely manual. More recently, we developed a macro and supporting functions that can automate this process. This macro uses the ACL2 table facility to keep track of functions and their derivatives, and it also interacts with the macro that introduces inverse functions in ACL2(r), so that their derivatives can also be automated. In this paper, we present the implementation of this macro and related functions.

💡 Research Summary

The paper presents a complete implementation of an automatic differentiator (AD) for the theorem prover ACL2(r). The authors begin by recalling that the original ACL2(r) differentiation theory, built on non‑standard analysis, focused on differentiability rather than explicit derivative formulas. Consequently, deriving the concrete derivative of a particular function required manual proof work. To automate this process the authors introduce a pair of cooperating macros: defderivative and derivative‑hyps.

The defderivative macro is the entry point. It receives a prefix (used for naming generated theorems) and an arithmetic expression composed of numbers, variables, basic arithmetic operators, and calls to functions whose derivatives are already known or that are registered as inverses. The macro first expands the expression to eliminate syntactic sugar (e.g., replacing “+” with the internal binary‑+ form), then symbolically computes the derivative by repeatedly applying the chain rule, product rule, sum rule, and inverse‑function rule. During this symbolic pass the macro records every sub‑expression that requires a proof of correctness.

The recorded sub‑expressions are handed to derivative‑hyps, which automatically generates a suite of lemmas for each function f in the expression. The generated lemmas follow a strict naming convention: f‑number, f‑standard, f‑continuous, f‑prime‑number, f‑prime‑standard, f‑prime‑continuous, and f‑close. These lemmas encode, respectively, that f maps its domain to numbers, that it preserves standardness, that it is continuous on its domain, that its derivative f‑prime has the same basic properties, and that the difference quotient converges to f‑prime. The lemmas are packaged inside an encapsulate form that constrains the abstract functions used in the composition theorems.

To make the AD system aware of elementary derivatives, the authors provide two registration macros: def‑elem‑derivative and def‑elem‑inverse. For example, the derivative of the unary division function unary‑/ (x ↦ 1/x) is registered by supplying the domain condition (acl2-numberp x ∧ x ≠ 0) and the derivative expression (- (/ (* x x))). Similarly, the inverse of a function (e.g., the square root as the inverse of squaring) is registered with both domain and inverse‑domain predicates. Once a function is registered, defderivative can treat it as a primitive during symbolic differentiation.

A crucial technical innovation is the use of make‑event to give macros read‑only access to ACL2’s definition database. This allows defderivative to look up the definitions of user‑defined functions, expand them, and apply the appropriate derivative rules without requiring the user to manually supply the expansions. The macro also controls the active theory during proof attempts, enabling only the minimal set of rewrite rules (primarily those generated by derivative‑hyps and inverse‑hyps) so that automated proofs are not derailed by unrelated lemmas.

The authors discuss several challenges. First, the original ACL2(r) theorems expressed differentiation in terms of Δf/Δx and relied on interval‑based domain specifications, which made it difficult to handle complex‑valued functions or domains that are not simple intervals. The new approach replaces interval predicates with explicit domain functions (e.g., f‑domain‑p) and uses the naming convention to tie each function to its derivative and domain. This enables the AD system to work with functions such as |x| or 1/x where the domain is a set rather than a contiguous interval. Second, the original chain rule was proved only for real‑valued functions, but many ACL2(r) trigonometric functions are defined via the complex exponential. The authors therefore re‑prove a complex‑valued chain rule and integrate it into the AD macros.

Despite the successes, the implementation has limitations. After a derivative is generated, the resulting expression is only lightly “cleaned up”: binary‑+ is converted back to +, and trivial arithmetic simplifications are performed manually. The authors attempted to invoke ACL2’s rewriting engine for deeper simplifications (e.g., turning (+ (* x 1) (* x 1)) into (* 2 x)) but could not find a satisfactory set of rewrite rules that would not interfere with the automated proofs. Consequently, users must supply additional lemmas or perform manual simplifications when a more compact form is desired.

The paper also notes that the current system does not support recursive functions or functions that use conditional constructs (if, cond). Only functions built from known primitives, their inverses, or explicit arithmetic expressions are admissible. Extending the AD to handle recursion or piecewise definitions is identified as future work.

In the concluding section, the authors reflect on broader implications for the ACL2 community. They highlight that macros can now share information via the ACL2 state (tables), enabling a higher level of automation than previously possible. They also stress the importance of carefully curating libraries so that automatically generated lemmas cooperate with ACL2’s heuristics; uncontrolled rewrite rules can easily break the proof plans of complex macros. By explicitly managing the active theory and providing precise hint structures, the AD macros achieve a high degree of automation while still allowing user‑supplied guidance when necessary.

Future directions include: (1) richer post‑processing of derivative expressions using a more powerful rewrite system; (2) integration of interval‑based reasoning to reconnect with classical theorems such as the Mean Value Theorem; (3) support for piecewise and recursive definitions; and (4) broader coverage of complex‑valued functions and higher‑order compositions. Overall, the paper demonstrates a practical, extensible framework for automatically generating and proving derivative formulas within ACL2(r), marking a significant step toward more automated mathematical reasoning in the theorem prover.