A Refinement Framework for Monadic Programs in Isabelle/HOL
Size: px
Start display at page:

Download "A Refinement Framework for Monadic Programs in Isabelle/HOL"

Transcription

1 A Refinement Framework for Monadic Programs in Isabelle/HOL Peter Lammich TU Munich, Institut für Informatik, Theorem Proving Group Easter 2013 Peter Lammich (TUM) Refinement Framework Easter / 17

2 Motivation Goal: Verified (model checking) algorithms Use theorem prover Isabelle/HOL Extract efficient implementations Problem Implementation details obfuscate algorithmic idea Proofs tend to get large and unmanageable Solution: Top-Down development by stepwise refinement Spec P 1... P n Impl Prove that each step preserves correctness Advantage Separation of concerns More modular and manageable proofs Peter Lammich (TUM) Refinement Framework Easter / 17

3 Program representation Requirements Nondeterminism by relations (or stronger) Choice operator and parameterization do not work in general Good fit to HOL (functional programming style) Solution: Shallowly embedded monad Advantages Shallow embedding: Simple proofs, extendable Monads: Nondeterminism + elegant functional programming style Deterministic fragment translated to functional program Peter Lammich (TUM) Refinement Framework Easter / 17

4 Refinement Monad Set/Exception monad datatype r nres ::= res (r set) fail Complete lattice: x fail and res X res Y iff X Y Monad operations: return x := res {x} { fail bind m f := x X f x if m = fail if m = res X Peter Lammich (TUM) Refinement Framework Easter / 17

5 Useful Programming Constructs assert Φ := if Φ then return () else fail µf, νf Least, greatest fixed point for recursion µf: partial correctness νf: total correctness while b f := µf x. if b x then bind (f x) F else return x while T b f := νf x. if b x then bind (f x) F else return x foreach Iteration over finite set if, let, case Standard HOL constructs do{...} Do notation (like in Haskell)... Peter Lammich (TUM) Refinement Framework Easter / 17

6 Programs Program is HOL-function f : a r nres Refinement: f x f x Possible results of f x are also results of f x Correctness: Φ x = f x res (Ψ x) If argument satisfies precondition, results satisfy postcondition Peter Lammich (TUM) Refinement Framework Easter / 17

7 Example: Dijkstra s Algorithm (Available from Archive of Formal Proofs) dijkstra do { σ0 dinit; (_,r) while dinvar T (λ(wl,_). wl {}) (λσ. do { (v,σ ) pop_min σ; update v σ }) σ0; return r } update v σ do { assert (update_pre v σ); res (update_spec v σ)} theorem dijkstra_correct: dijkstra res (is_shortest_path_map v0) Peter Lammich (TUM) Refinement Framework Easter / 17

8 Data Refinement Replace abstract data type by concrete one e. g. implement (finite) sets by red-black trees Abstraction relation R = {(c, a) a = α R c I R c} Lift to nres yields abstraction and concretization functions: R : c nres a nres and R : a nres c nres Galois connection: R m m iff m R m Transitive: m R m m S m = m RS m Peter Lammich (TUM) Refinement Framework Easter / 17

9 Refinement preserves correctness Correctness w. r. t. data refinement (x, x ) R Φ x = f x S res (Ψ x ) If argument s abstraction satisfies precondition, the result s abstraction satisfies postcondition Peter Lammich (TUM) Refinement Framework Easter / 17

10 Monadic Refinement Calculus Rules for showing programs correct x Y return x res Y m res {x. f x res X} bind m f res X... Rules for showing data refinement (x,y) R return x R (return y) m R m (x,x ) R. f x S f bind m f R bind m f... Peter Lammich (TUM) Refinement Framework Easter / 17

11 Refinement Framework for Isabelle/HOL Formalization of monadic refinement calculus Syntax driven verification condition generator For goals of the forms m res X and m R m Produces trusted code in ML/OCaml/Haskell/Scala For deterministic programs Integration with Isabelle Collection Framework (ICF) Peter Lammich (TUM) Refinement Framework Easter / 17

12 Example: Refine update update v σ do { assert (update_pre v σ); let (wl,r) = σ; let wv = path_weight (r v); let pv = r v; foreach uinvar v wl r (succ G v) (λ(w,v ) (wl,r). if (wv + Num w < path_weight (r v )) then do { assert (v wl pv None); return (wl,r(v the pv@[(v,w,v )])) } else return (wl,r) ) (wl,r)} lemma update _refines: "update v σ Id (update v σ)" Peter Lammich (TUM) Refinement Framework Easter / 17

13 Dijkstra: Chain of Refinements 1 dijkstra res (is_shortest_path_map v0) 2 dijkstra Id dijkstra 3 mdijkstra (build_rel αr res_invarm) dijkstra 4 cdijkstra g v0 (build_rel mr.α mr.invar) mdijkstra (in locale with (g,ga) br g.α g.invar) 5 g.invar g = return (idijkstra g v0) cdijkstra g v0 Peter Lammich (TUM) Refinement Framework Easter / 17

14 Dijkstra: Implementation theorem (in dijkstrac) idijkstra_correct: assumes g.invar g assumes v0 nodes (g.α g) assumes v w v. (v,w,v ) edges (g.α g) = 0 w shows weighted_graph.is_shortest_path_map (g.α g) v0 (Dijkstra.αr (mr.α (idijkstra g v0))) and "Dijkstra.res_invarm (mr.α (idijkstra g v0)) interpretation hrf!: dijkstrac hlg_ops rm_ops aluprioi_ops Yields executable constant hrf.idijkstra and theorem hrf.idijkstra_correct. Peter Lammich (TUM) Refinement Framework Easter / 17

15 Automatic Data Refinement (ITP-2013) Automatically synthesize implementation from abstract program Use heuristics to choose adequate data structures Based on parametricity Automatic instantiation of generic algorithms In Dijkstra example: Generate executable code from mdijkstra Peter Lammich (TUM) Refinement Framework Easter / 17

16 Applications Implemented Algorithms BFS, DFS graph traversals [Lammich] Dijkstra s shortest paths algorithm [Nordhoff, Lammich] Nested DFS (Büchi automata acceptance) [Neumann], [Lammich] Hopcroft s algorithm for automata minimization [Tuerk] Gerth s algorithm (LTL to Büchi automata) [Schimpf] Saturation algorithm for pre of PDS/DPN, work in progress [Lammich] Algorithm of Ilie, Navarro, and Yu (simulation relations on NFAs) [Eberl] Conversion of NFAs to RExps [Eberl] Executable code uses efficient data structures Peter Lammich (TUM) Refinement Framework Easter / 17

17 Conclusion Refinement framework for monadic programs Based on refinement calculus Available in Archive of Formal Proofs ( Automatic Refinement ( Many case studies show its applicability Some would not have been manageable without refinement Current/Future work: Automatic refinement to Imperative/HOL Complexity proofs Peter Lammich (TUM) Refinement Framework Easter / 17

Similar documents

Applying Data Refinement for Monadic Programs to Hopcroft s Algorithm

Applying Data Refinement for Monadic Programs to Hopcroft s Algorithm Applying Data Refinement for Monadic Programs to Hopcroft s Algorithm Peter Lammich, Thomas Tuerk ITP 2012, 13th August 2012 Background Peter Lammich (lammich@in.tum.de) Isabelle Collection Framework (ICF)

More information

Refinement to Imperative HOL

Refinement to Imperative HOL Journal of Automated Reasoning manuscript No. (will be inserted by the editor) Refinement to Imperative HOL Peter Lammich Received: date / Accepted: date Abstract Many algorithms can be implemented most

More information

Applying Data Refinement for Monadic Programs to Hopcroft s Algorithm

Applying Data Refinement for Monadic Programs to Hopcroft s Algorithm Applying Data Refinement for Monadic Programs to Hopcroft s Algorithm Peter Lammich and Thomas Tuerk TU München, {peter.lammich,thomas.tuerk}@in.tum.de Abstract. We provide a framework for program and

More information

Refinement Based Verification of Imperative Data Structures

Refinement Based Verification of Imperative Data Structures Refinement Based Verification of Imperative Data Structures Peter Lammich Technische Universität München, Germany lammich@in.tum.de Abstract In this paper we present a stepwise refinement based top-down

More information

This is an author-deposited version published in : Eprints ID : 12671

This is an author-deposited version published in : Eprints ID : 12671 Open Archive TOULOUSE Archive Ouverte (OATAO) OATAO is an open access repository that collects the work of Toulouse researchers and makes it freely available over the web where possible. This is an author-deposited

More information

A Framework for Verified Depth-First Algorithms

A Framework for Verified Depth-First Algorithms René Neumann Technische Universität München Garching, Germany rene.neumann@in.tum.de Abstract We present a framework in Isabelle/HOL for formalizing variants of depth-first search. This framework allows

More information

FAKULTÄT FÜR INFORMATIK DER TECHNI S CHEN UNIVER SITÄT MÜNCHEN. Efficient and Verified Computation of Simulation Relations on NFAs

FAKULTÄT FÜR INFORMATIK DER TECHNI S CHEN UNIVER SITÄT MÜNCHEN. Efficient and Verified Computation of Simulation Relations on NFAs FAKULTÄT FÜR INFORMATIK DER TECHNI S CHEN UNIVER SITÄT MÜNCHEN Bachelor s thesis in Computer Science Efficient and Verified Computation of Simulation Relations on NFAs Manuel Eberl FAKULTÄT FÜR INFORMATIK

More information

Formalization of Incremental Simplex Algorithm by Stepwise Refinement

Formalization of Incremental Simplex Algorithm by Stepwise Refinement Formalization of Incremental Simplex Algorithm by Stepwise Refinement Mirko Spasić, Filip Marić Faculty of Mathematics, University of Belgrade FM2012, 30. August 2012. Overview 1 Introduction 2 Approach

More information

Theorem proving. PVS theorem prover. Hoare style verification PVS. More on embeddings. What if. Abhik Roychoudhury CS 6214

Theorem proving. PVS theorem prover. Hoare style verification PVS. More on embeddings. What if. Abhik Roychoudhury CS 6214 Theorem proving PVS theorem prover Abhik Roychoudhury National University of Singapore Both specification and implementation can be formalized in a suitable logic. Proof rules for proving statements in

More information

Verification Condition Generation via Theorem Proving

Verification Condition Generation via Theorem Proving Verification Condition Generation via Theorem Proving John Matthews Galois Connections Inc. J Strother Moore University of Texas at Austin Sandip Ray University of Texas at Austin Daron Vroon Georgia Institute

More information

Integration of SMT Solvers with ITPs There and Back Again

Integration of SMT Solvers with ITPs There and Back Again Integration of SMT Solvers with ITPs There and Back Again Sascha Böhme and University of Sheffield 7 May 2010 1 2 Features: SMT-LIB vs. Yices Translation Techniques Caveats 3 4 Motivation Motivation System

More information

From Types to Sets in Isabelle/HOL

From Types to Sets in Isabelle/HOL From Types to Sets in Isabelle/HOL Extented Abstract Ondřej Kunčar 1 and Andrei Popescu 1,2 1 Fakultät für Informatik, Technische Universität München, Germany 2 Institute of Mathematics Simion Stoilow

More information

How Efficient Can Fully Verified Functional Programs Be - A Case Study of Graph Traversal Algorithms

How Efficient Can Fully Verified Functional Programs Be - A Case Study of Graph Traversal Algorithms How Efficient Can Fully Verified Functional Programs Be - A Case Study of Graph Traversal Algorithms Mirko Stojadinović Faculty of Mathematics, University of Belgrade Abstract. One approach in achieving

More information

COMP 4161 NICTA Advanced Course. Advanced Topics in Software Verification. Toby Murray, June Andronick, Gerwin Klein

COMP 4161 NICTA Advanced Course. Advanced Topics in Software Verification. Toby Murray, June Andronick, Gerwin Klein COMP 4161 NICTA Advanced Course Advanced Topics in Software Verification Toby Murray, June Andronick, Gerwin Klein λ 1 Last time... λ calculus syntax free variables, substitution β reduction α and η conversion

More information

Theorem Proving Principles, Techniques, Applications Recursion

Theorem Proving Principles, Techniques, Applications Recursion NICTA Advanced Course Theorem Proving Principles, Techniques, Applications Recursion 1 CONTENT Intro & motivation, getting started with Isabelle Foundations & Principles Lambda Calculus Higher Order Logic,

More information

Basic Foundations of Isabelle/HOL

Basic Foundations of Isabelle/HOL Basic Foundations of Isabelle/HOL Peter Wullinger May 16th 2007 1 / 29 1 Introduction into Isabelle s HOL Why Type Theory Basic Type Syntax 2 More HOL Typed λ Calculus HOL Rules 3 Example proof 2 / 29

More information

Why. an intermediate language for deductive program verification

Why. an intermediate language for deductive program verification Why an intermediate language for deductive program verification Jean-Christophe Filliâtre CNRS Orsay, France AFM workshop Grenoble, June 27, 2009 Jean-Christophe Filliâtre Why tutorial AFM 09 1 / 56 Motivations

More information

FAKULTÄT FÜR INFORMATIK

FAKULTÄT FÜR INFORMATIK FAKULTÄT FÜR INFORMATIK DER TECHNISCHEN UNIVERSITÄT MÜNCHEN Lehrstuhl für Informatik VII CAVA A Verified Model Checker René Neumann FAKULTÄT FÜR INFORMATIK DER TECHNISCHEN UNIVERSITÄT MÜNCHEN Lehrstuhl

More information

Formally Certified Satisfiability Solving

Formally Certified Satisfiability Solving SAT/SMT Proof Checking Verifying SAT Solver Code Future Work Computer Science, The University of Iowa, USA April 23, 2012 Seoul National University SAT/SMT Proof Checking Verifying SAT Solver Code Future

More information

Key Features. Defect Rates. Traditional Unit testing: 25 faults / KLOC System testing: 25 / KLOC Inspections: / KLOC

Key Features. Defect Rates. Traditional Unit testing: 25 faults / KLOC System testing: 25 / KLOC Inspections: / KLOC Cleanroom attempt to mathematically-based, scientific engineering process of software development Cleanroom software engineering yields software that is correct by mathematically sound design, and software

More information

CIS 1.5 Course Objectives. a. Understand the concept of a program (i.e., a computer following a series of instructions)

CIS 1.5 Course Objectives. a. Understand the concept of a program (i.e., a computer following a series of instructions) By the end of this course, students should CIS 1.5 Course Objectives a. Understand the concept of a program (i.e., a computer following a series of instructions) b. Understand the concept of a variable

More information

3.7 Denotational Semantics

3.7 Denotational Semantics 3.7 Denotational Semantics Denotational semantics, also known as fixed-point semantics, associates to each programming language construct a well-defined and rigorously understood mathematical object. These

More information

Distributed Systems Programming (F21DS1) Formal Verification

Distributed Systems Programming (F21DS1) Formal Verification Distributed Systems Programming (F21DS1) Formal Verification Andrew Ireland Department of Computer Science School of Mathematical and Computer Sciences Heriot-Watt University Edinburgh Overview Focus on

More information

Runtime Checking for Program Verification Systems

Runtime Checking for Program Verification Systems Runtime Checking for Program Verification Systems Karen Zee, Viktor Kuncak, and Martin Rinard MIT CSAIL Tuesday, March 13, 2007 Workshop on Runtime Verification 1 Background Jahob program verification

More information

A CRASH COURSE IN SEMANTICS

A CRASH COURSE IN SEMANTICS LAST TIME Recdef More induction NICTA Advanced Course Well founded orders Slide 1 Theorem Proving Principles, Techniques, Applications Slide 3 Well founded recursion Calculations: also/finally {P}... {Q}

More information

Formally-Proven Kosaraju s algorithm

Formally-Proven Kosaraju s algorithm Formally-Proven Kosaraju s algorithm Laurent Théry Laurent.Thery@sophia.inria.fr Abstract This notes explains how the Kosaraju s algorithm that computes the strong-connected components of a directed graph

More information

Unit- and Sequence Test Generation with HOL-TestGen

Unit- and Sequence Test Generation with HOL-TestGen Unit- and Sequence Test Generation with HOL-TestGen Tests et Methodes Formelles Prof. Burkhart Wolff Univ - Paris-Sud / LRI 16.6.2015 B.Wolff - HOL-TestGen 1 Overview HOL-TestGen and its Business-Case

More information

Inductive datatypes in HOL. lessons learned in Formal-Logic Engineering

Inductive datatypes in HOL. lessons learned in Formal-Logic Engineering Inductive datatypes in HOL lessons learned in Formal-Logic Engineering Stefan Berghofer and Markus Wenzel Institut für Informatik TU München = Isabelle λ β HOL α 1 Introduction Applications of inductive

More information

Provably Correct Software

Provably Correct Software Provably Correct Software Max Schäfer Institute of Information Science/Academia Sinica September 17, 2007 1 / 48 The Need for Provably Correct Software BUT bugs are annoying, embarrassing, and cost gazillions

More information

Lectures 20, 21: Axiomatic Semantics

Lectures 20, 21: Axiomatic Semantics Lectures 20, 21: Axiomatic Semantics Polyvios Pratikakis Computer Science Department, University of Crete Type Systems and Static Analysis Based on slides by George Necula Pratikakis (CSD) Axiomatic Semantics

More information

Modular implicits for OCaml how to assert success. Gallium Seminar,

Modular implicits for OCaml how to assert success. Gallium Seminar, Modular implicits for OCaml how to assert success Jacques Garrigue Nagoya University Frédéric Bour Sponsored by Jane Street LLC Gallium Seminar, 14-03-2016 Garrigue & Bour Mdular implicits and success

More information

Translation Validation of System Abstractions

Translation Validation of System Abstractions Translation Validation of System Abstractions Jan Olaf Blech, Ina Schaefer, Arnd Poetzsch-Heffter Software Technology Group University of Kaiserslautern Germany Abstract. Abstraction is intensively used

More information

locales ISAR IS BASED ON CONTEXTS CONTENT Slide 3 Slide 1 proof - fix x assume Ass: A. x and Ass are visible Slide 2 Slide 4 inside this context

locales ISAR IS BASED ON CONTEXTS CONTENT Slide 3 Slide 1 proof - fix x assume Ass: A. x and Ass are visible Slide 2 Slide 4 inside this context LAST TIME Syntax and semantics of IMP Hoare logic rules NICTA Advanced Course Soundness of Hoare logic Slide 1 Theorem Proving Principles, Techniques, Applications Slide 3 Verification conditions Example

More information

Programming Languages Third Edition

Programming Languages Third Edition Programming Languages Third Edition Chapter 12 Formal Semantics Objectives Become familiar with a sample small language for the purpose of semantic specification Understand operational semantics Understand

More information

Formalizing Dijkstra

Formalizing Dijkstra Formalizing Dijkstra 1 Formalizing Dijkstra John Harrison Intel Corporation A Discipline of Programming Mechanizing programming logics Relational semantics Weakest preconditions Guarded commands Theorems

More information

λ calculus is inconsistent

λ calculus is inconsistent Content Rough timeline COMP 4161 NICTA Advanced Course Advanced Topics in Software Verification Gerwin Klein, June Andronick, Toby Murray λ Intro & motivation, getting started [1] Foundations & Principles

More information

Formalization of Incremental Simplex Algorithm by Stepwise Refinement

Formalization of Incremental Simplex Algorithm by Stepwise Refinement Formalization of Incremental Simplex Algorithm by Stepwise Refinement Mirko Spasić and Filip Marić Faculty of Mathematics, University of Belgrade Abstract. We present an Isabelle/HOL formalization and

More information

A Verified SAT Solver with Watched Literals Using Imperative HOL

A Verified SAT Solver with Watched Literals Using Imperative HOL A Verified SAT Solver with Watched Literals Using Imperative HOL Mathias Fleury Max-Planck-Institut für Informatik Saarbrücken, Germany mathias.fleury@mpi-inf.mpg.de Abstract Based on our earlier formalization

More information

Part II. Hoare Logic and Program Verification. Why specify programs? Specification and Verification. Code Verification. Why verify programs?

Part II. Hoare Logic and Program Verification. Why specify programs? Specification and Verification. Code Verification. Why verify programs? Part II. Hoare Logic and Program Verification Part II. Hoare Logic and Program Verification Dilian Gurov Props: Models: Specs: Method: Tool: safety of data manipulation source code logic assertions Hoare

More information

A Simpl Shortest Path Checker Verification

A Simpl Shortest Path Checker Verification A Simpl Shortest Path Checker Verification Christine Rizkallah Max-Planck-Institut für Informatik, Saarbrücken, Germany Abstract. Verification of complex algorithms with current verification tools in reasonable

More information

Refinements for free! 1

Refinements for free! 1 Refinements for free! Refinements for free! 1 Cyril Cohen joint work with Maxime Dénès and Anders Mörtberg University of Gothenburg and Inria Sophia-Antipolis May 8, 2014 1 This work has been funded by

More information

Adam Chlipala University of California, Berkeley ICFP 2006

Adam Chlipala University of California, Berkeley ICFP 2006 Modular Development of Certified Program Verifiers with a Proof Assistant Adam Chlipala University of California, Berkeley ICFP 2006 1 Who Watches the Watcher? Program Verifier Might want to ensure: Memory

More information

Abstract Interpretation

Abstract Interpretation Abstract Interpretation Ranjit Jhala, UC San Diego April 22, 2013 Fundamental Challenge of Program Analysis How to infer (loop) invariants? Fundamental Challenge of Program Analysis Key issue for any analysis

More information

From OCL to Propositional and First-order Logic: Part I

From OCL to Propositional and First-order Logic: Part I 22c181: Formal Methods in Software Engineering The University of Iowa Spring 2008 From OCL to Propositional and First-order Logic: Part I Copyright 2007-8 Reiner Hähnle and Cesare Tinelli. Notes originally

More information

Refinements to techniques for verifying shape analysis invariants in Coq

Refinements to techniques for verifying shape analysis invariants in Coq Refinements to techniques for verifying shape analysis invariants in Coq Kenneth Roe and Scott Smith The Johns Hopkins University Abstract. We describe the PEDANTIC framework for verifying the correctness

More information

Higher-Order Model Checking

Higher-Order Model Checking Higher-Order Model Checking I: Relating Families of Generators of Infinite Structures Luke Ong University of Oxford http://www.cs.ox.ac.uk/people/luke.ong/personal/ http://mjolnir.cs.ox.ac.uk Estonia Winter

More information

Numerical Computations and Formal Methods

Numerical Computations and Formal Methods Program verification Formal arithmetic Decision procedures Proval, Laboratoire de Recherche en Informatique INRIA Saclay IdF, Université Paris Sud, CNRS October 28, 2009 Program verification Formal arithmetic

More information

Total No. of Questions : 18] [Total No. of Pages : 02. M.Sc. DEGREE EXAMINATION, DEC First Year COMPUTER SCIENCE.

Total No. of Questions : 18] [Total No. of Pages : 02. M.Sc. DEGREE EXAMINATION, DEC First Year COMPUTER SCIENCE. (DMCS01) Total No. of Questions : 18] [Total No. of Pages : 02 M.Sc. DEGREE EXAMINATION, DEC. 2016 First Year COMPUTER SCIENCE Data Structures Time : 3 Hours Maximum Marks : 70 Section - A (3 x 15 = 45)

More information

Combining Static and Dynamic Contract Checking for Curry

Combining Static and Dynamic Contract Checking for Curry Michael Hanus (CAU Kiel) Combining Static and Dynamic Contract Checking for Curry LOPSTR 2017 1 Combining Static and Dynamic Contract Checking for Curry Michael Hanus University of Kiel Programming Languages

More information

Guarded Operations, Refinement and Simulation

Guarded Operations, Refinement and Simulation Guarded Operations, Refinement and Simulation Steve Reeves and David Streader Department of Computer Science University of Waikato Hamilton, New Zealand stever,dstr@cs.waikato.ac.nz Abstract Simulation

More information

Translation Validation for a Verified OS Kernel

Translation Validation for a Verified OS Kernel To appear in PLDI 13 Translation Validation for a Verified OS Kernel Thomas Sewell 1, Magnus Myreen 2, Gerwin Klein 1 1 NICTA, Australia 2 University of Cambridge, UK L4.verified sel4 = a formally verified

More information

Context-Free Languages & Grammars (CFLs & CFGs) Reading: Chapter 5

Context-Free Languages & Grammars (CFLs & CFGs) Reading: Chapter 5 Context-Free Languages & Grammars (CFLs & CFGs) Reading: Chapter 5 1 Not all languages are regular So what happens to the languages which are not regular? Can we still come up with a language recognizer?

More information

Light-weight containers for Isabelle: efficient, extensible, nestable

Light-weight containers for Isabelle: efficient, extensible, nestable Light-weight containers for Isabelle: efficient, extensible, nestable Andreas Lochbihler Institute of Information Security, ETH Zurich andreas.lochbihler@inf.ethz.ch Abstract. In Isabelle/HOL, we develop

More information

Verified Characteristic Formulae for CakeML. Armaël Guéneau, Magnus O. Myreen, Ramana Kumar, Michael Norrish April 27, 2017

Verified Characteristic Formulae for CakeML. Armaël Guéneau, Magnus O. Myreen, Ramana Kumar, Michael Norrish April 27, 2017 Verified Characteristic Formulae for CakeML Armaël Guéneau, Magnus O. Myreen, Ramana Kumar, Michael Norrish April 27, 2017 Goal: write programs in a high-level (ML-style) language, prove them correct interactively,

More information

The design of a programming language for provably correct programs: success and failure

The design of a programming language for provably correct programs: success and failure The design of a programming language for provably correct programs: success and failure Don Sannella Laboratory for Foundations of Computer Science School of Informatics, University of Edinburgh http://homepages.inf.ed.ac.uk/dts

More information

Types and Programming Languages. Lecture 8. Recursive type

Types and Programming Languages. Lecture 8. Recursive type Types and Programming Languages Lecture 8. Recursive type Xiaojuan Cai cxj@sjtu.edu.cn BASICS Lab, Shanghai Jiao Tong University Fall, 2016 List[T] List[T] is a type constructor whose elements are lists

More information

Functional Programming and Modeling

Functional Programming and Modeling Chapter 2 2. Functional Programming and Modeling 2.0 2. Functional Programming and Modeling 2.0 Overview of Chapter Functional Programming and Modeling 2. Functional Programming and Modeling 2.1 Overview

More information

Invariant Based Programming

Invariant Based Programming Invariant Based Programming Ralph-Johan Back Abo Akademi and TUCS June 2006 Constructing correct programs: alternative approaches A posteriori correctness proof (Floyd, Naur, Hoare,...). Prove correctness

More information

Packaging Theories of Higher Order Logic

Packaging Theories of Higher Order Logic Packaging Theories of Higher Order Logic Joe Hurd Galois, Inc. joe@galois.com Theory Engineering Workshop Tuesday 9 February 2010 Joe Hurd Packaging Theories of Higher Order Logic 1 / 26 Talk Plan 1 Introduction

More information

HOL DEFINING HIGHER ORDER LOGIC LAST TIME ON HOL CONTENT. Slide 3. Slide 1. Slide 4. Slide 2 WHAT IS HIGHER ORDER LOGIC? 2 LAST TIME ON HOL 1

HOL DEFINING HIGHER ORDER LOGIC LAST TIME ON HOL CONTENT. Slide 3. Slide 1. Slide 4. Slide 2 WHAT IS HIGHER ORDER LOGIC? 2 LAST TIME ON HOL 1 LAST TIME ON HOL Proof rules for propositional and predicate logic Safe and unsafe rules NICTA Advanced Course Forward Proof Slide 1 Theorem Proving Principles, Techniques, Applications Slide 3 The Epsilon

More information

A Verified SAT Solver Framework with Learn, Forget, Restart, and Incrementality

A Verified SAT Solver Framework with Learn, Forget, Restart, and Incrementality J. Autom. Reasoning manuscript No. (will be inserted by the editor) A Verified SAT Solver Framework with Learn, Forget, Restart, and Incrementality Jasmin Christian Blanchette Mathias Fleury Peter Lammich

More information

Automating Construction of Lexers

Automating Construction of Lexers Automating Construction of Lexers Regular Expression to Programs Not all regular expressions are simple. How can we write a lexer for (a*b aaa)? Tokenizing aaaab Vs aaaaaa Regular Expression Finite state

More information

First-Class Type Classes

First-Class Type Classes First-Class Type Classes Matthieu Sozeau Joint work with Nicolas Oury LRI, Univ. Paris-Sud - Démons Team & INRIA Saclay - ProVal Project Gallium Seminar November 3rd 2008 INRIA Rocquencourt Solutions for

More information

CS 6110 S14 Lecture 38 Abstract Interpretation 30 April 2014

CS 6110 S14 Lecture 38 Abstract Interpretation 30 April 2014 CS 6110 S14 Lecture 38 Abstract Interpretation 30 April 2014 1 Introduction to Abstract Interpretation At this point in the course, we have looked at several aspects of programming languages: operational

More information

Foundations of AI. 9. Predicate Logic. Syntax and Semantics, Normal Forms, Herbrand Expansion, Resolution

Foundations of AI. 9. Predicate Logic. Syntax and Semantics, Normal Forms, Herbrand Expansion, Resolution Foundations of AI 9. Predicate Logic Syntax and Semantics, Normal Forms, Herbrand Expansion, Resolution Wolfram Burgard, Andreas Karwath, Bernhard Nebel, and Martin Riedmiller 09/1 Contents Motivation

More information

Denotational Semantics. Domain Theory

Denotational Semantics. Domain Theory Denotational Semantics and Domain Theory 1 / 51 Outline Denotational Semantics Basic Domain Theory Introduction and history Primitive and lifted domains Sum and product domains Function domains Meaning

More information

ACL2 Challenge Problem: Formalizing BitCryptol April 20th, John Matthews Galois Connections

ACL2 Challenge Problem: Formalizing BitCryptol April 20th, John Matthews Galois Connections ACL2 Challenge Problem: Formalizing BitCryptol April 20th, 2005 John Matthews Galois Connections matthews@galois.com Roadmap SHADE verifying compiler Deeply embedding Cryptol semantics in ACL2 Challenge

More information

Isabelle/HOL:Selected Features and Recent Improvements

Isabelle/HOL:Selected Features and Recent Improvements /: Selected Features and Recent Improvements webertj@in.tum.de Security of Systems Group, Radboud University Nijmegen February 20, 2007 /:Selected Features and Recent Improvements 1 2 Logic User Interface

More information

Dynamic Logic David Harel, The Weizmann Institute Dexter Kozen, Cornell University Jerzy Tiuryn, University of Warsaw The MIT Press, Cambridge, Massac

Dynamic Logic David Harel, The Weizmann Institute Dexter Kozen, Cornell University Jerzy Tiuryn, University of Warsaw The MIT Press, Cambridge, Massac Dynamic Logic David Harel, The Weizmann Institute Dexter Kozen, Cornell University Jerzy Tiuryn, University of Warsaw The MIT Press, Cambridge, Massachusetts, 2000 Among the many approaches to formal reasoning

More information

Programming Language Pragmatics

Programming Language Pragmatics Chapter 10 :: Functional Languages Programming Language Pragmatics Michael L. Scott Historical Origins The imperative and functional models grew out of work undertaken Alan Turing, Alonzo Church, Stephen

More information

Overview. A Compact Introduction to Isabelle/HOL. Tobias Nipkow. System Architecture. Overview of Isabelle/HOL

Overview. A Compact Introduction to Isabelle/HOL. Tobias Nipkow. System Architecture. Overview of Isabelle/HOL Overview A Compact Introduction to Isabelle/HOL Tobias Nipkow TU München 1. Introduction 2. Datatypes 3. Logic 4. Sets p.1 p.2 System Architecture Overview of Isabelle/HOL ProofGeneral Isabelle/HOL Isabelle

More information

Symbolic Trajectory Evaluation - A Survey

Symbolic Trajectory Evaluation - A Survey Automated Verification Symbolic Trajectory Evaluation - A Survey by Mihaela Gheorghiu Department of Computer Science University of Toronto Instructor: Prof. Marsha Chechik January 3, 24 Motivation Simulation

More information

LOGIC AND DISCRETE MATHEMATICS

LOGIC AND DISCRETE MATHEMATICS LOGIC AND DISCRETE MATHEMATICS A Computer Science Perspective WINFRIED KARL GRASSMANN Department of Computer Science University of Saskatchewan JEAN-PAUL TREMBLAY Department of Computer Science University

More information

Using Promela in a Fully Verified Executable LTL Model Checker

Using Promela in a Fully Verified Executable LTL Model Checker Using Promela in a Fully Verified Executable LTL Model Checker René Neumann Technische Universität München, rene.neumann@in.tum.de Abstract. In [4] we presented an LTL model checker whose code has been

More information

Logik für Informatiker Logic for computer scientists

Logik für Informatiker Logic for computer scientists Logik für Informatiker for computer scientists WiSe 2011/12 Overview Motivation Why is logic needed in computer science? The LPL book and software Scheinkriterien Why is logic needed in computer science?

More information

CMSC 330: Organization of Programming Languages. Operational Semantics

CMSC 330: Organization of Programming Languages. Operational Semantics CMSC 330: Organization of Programming Languages Operational Semantics Notes about Project 4, Parts 1 & 2 Still due today (7/2) Will not be graded until 7/11 (along with Part 3) You are strongly encouraged

More information

Reasoning about programs

Reasoning about programs Reasoning about programs Last time Coming up This Thursday, Nov 30: 4 th in-class exercise sign up for group on moodle bring laptop to class Final projects: final project presentations: Tue Dec 12, in

More information

Verified Firewall Policy Transformations for Test Case Generation

Verified Firewall Policy Transformations for Test Case Generation Verified Firewall Policy Transformations for Test Case Generation Achim D. Brucker 1 Lukas Brügger 2 Paul Kearney 3 Burkhart Wolff 4 1 SAP Research, Germany 2 Information Security, ETH Zürich, Switzerland

More information

Last time. Reasoning about programs. Coming up. Project Final Presentations. This Thursday, Nov 30: 4 th in-class exercise

Last time. Reasoning about programs. Coming up. Project Final Presentations. This Thursday, Nov 30: 4 th in-class exercise Last time Reasoning about programs Coming up This Thursday, Nov 30: 4 th in-class exercise sign up for group on moodle bring laptop to class Final projects: final project presentations: Tue Dec 12, in

More information

Formal Systems II: Applications

Formal Systems II: Applications Formal Systems II: Applications Functional Verification of Java Programs: Java Dynamic Logic Bernhard Beckert Mattias Ulbrich SS 2017 KIT INSTITUT FÜR THEORETISCHE INFORMATIK KIT University of the State

More information

Lambda Calculus and Type Inference

Lambda Calculus and Type Inference Lambda Calculus and Type Inference Björn Lisper Dept. of Computer Science and Engineering Mälardalen University bjorn.lisper@mdh.se http://www.idt.mdh.se/ blr/ October 13, 2004 Lambda Calculus and Type

More information

Lecture 2 Finite Automata

Lecture 2 Finite Automata Lecture 2 Finite Automata August 31, 2007 This lecture is intended as a kind of road map to Chapter 1 of the text just the informal examples that I ll present to motivate the ideas. 1 Expressions without

More information

type classes & locales

type classes & locales Content Rough timeline Intro & motivation, getting started [1] COMP 4161 NICTA Advanced Course Advanced Topics in Software Verification Gerwin Klein, June Andronick, Toby Murray type classes & locales

More information

Implementation of Lexical Analysis

Implementation of Lexical Analysis Implementation of Lexical Analysis Lecture 4 (Modified by Professor Vijay Ganesh) Tips on Building Large Systems KISS (Keep It Simple, Stupid!) Don t optimize prematurely Design systems that can be tested

More information

axiomatic semantics involving logical rules for deriving relations between preconditions and postconditions.

axiomatic semantics involving logical rules for deriving relations between preconditions and postconditions. CS 6110 S18 Lecture 18 Denotational Semantics 1 What is Denotational Semantics? So far we have looked at operational semantics involving rules for state transitions, definitional semantics involving translations

More information

Introduction to lambda calculus Part 3

Introduction to lambda calculus Part 3 Introduction to lambda calculus Part 3 Antti-Juhani Kaijanaho 2017-01-27... 1 Untyped lambda calculus... 2 Typed lambda calculi In an untyped lambda calculus extended with integers, it is required that

More information

Topic: Orientation, Surfaces, and Euler characteristic

Topic: Orientation, Surfaces, and Euler characteristic Topic: Orientation, Surfaces, and Euler characteristic The material in these notes is motivated by Chapter 2 of Cromwell. A source I used for smooth manifolds is do Carmo s Riemannian Geometry. Ideas of

More information

A Short Introduction to First-Order Theorem Proving with KeY

A Short Introduction to First-Order Theorem Proving with KeY 1 What is KeY? 1.1 Software Verification Karlsruher Institut für Technologie Institut für Theoretische Informatik Prof. Dr. Peter H. Schmitt Mattias Ulbrich A Short Introduction to First-Order Theorem

More information

Getting Started with AutoCorres

Getting Started with AutoCorres Getting Started with AutoCorres Japheth Lim Rohan Jacob-Rao David Greenaway September 10, 2018 Contents 1 Introduction 2 2 A First Proof with AutoCorres 2 2.1 Two simple functions: min and max...............

More information

Negations in Refinement Type Systems

Negations in Refinement Type Systems Negations in Refinement Type Systems T. Tsukada (U. Tokyo) 14th March 2016 Shonan, JAPAN This Talk About refinement intersection type systems that refute judgements of other type systems. Background Refinement

More information

LTCS Report. Concept Descriptions with Set Constraints and Cardinality Constraints. Franz Baader. LTCS-Report 17-02

LTCS Report. Concept Descriptions with Set Constraints and Cardinality Constraints. Franz Baader. LTCS-Report 17-02 Technische Universität Dresden Institute for Theoretical Computer Science Chair for Automata Theory LTCS Report Concept Descriptions with Set Constraints and Cardinality Constraints Franz Baader LTCS-Report

More information

Efficient Verification of Imperative Programs Using Auto2

Efficient Verification of Imperative Programs Using Auto2 Efficient Verification of Imperative Programs Using Auto2 Bohua Zhan (B) Technical University of Munich, Munich, Germany zhan@in.tum.de Abstract. Auto2 is a recently introduced prover for the proof assistant

More information

Embedding Cryptol in Higher Order Logic

Embedding Cryptol in Higher Order Logic Embedding Cryptol in Higher Order Logic Joe Hurd Computer Laboratory Cambridge University joe.hurd@cl.cam.ac.uk 10 March 2007 Abstract This report surveys existing approaches to embedding Cryptol programs

More information

Handling Integer Arithmetic in the Verification of Java Programs

Handling Integer Arithmetic in the Verification of Java Programs Handling Integer Arithmetic in the Verification of Java Programs Steffen Schlager 1st Swedish-German KeY Workshop Göteborg, Sweden, June 2002 KeY workshop, June 2002 p.1 Introduction UML/OCL specification

More information

LOGIC SYNTHESIS AND VERIFICATION ALGORITHMS. Gary D. Hachtel University of Colorado. Fabio Somenzi University of Colorado.

LOGIC SYNTHESIS AND VERIFICATION ALGORITHMS. Gary D. Hachtel University of Colorado. Fabio Somenzi University of Colorado. LOGIC SYNTHESIS AND VERIFICATION ALGORITHMS by Gary D. Hachtel University of Colorado Fabio Somenzi University of Colorado Springer Contents I Introduction 1 1 Introduction 5 1.1 VLSI: Opportunity and

More information

Parametricity of Inductive Predicates

Parametricity of Inductive Predicates Proposal for a Master s thesis Parametricity of Inductive Predicates Supervisors: Dr. Andreas Lochbihler, Dr. Dmitriy Traytel Professor: Prof. David Basin Issue date: May 19, 2017 Prerequisites Good skills

More information

Appendix Set Notation and Concepts

Appendix Set Notation and Concepts Appendix Set Notation and Concepts In mathematics you don t understand things. You just get used to them. John von Neumann (1903 1957) This appendix is primarily a brief run-through of basic concepts from

More information

Harvard School of Engineering and Applied Sciences CS 152: Programming Languages

Harvard School of Engineering and Applied Sciences CS 152: Programming Languages Harvard School of Engineering and Applied Sciences CS 152: Programming Languages Lecture 19 Tuesday, April 3, 2018 1 Introduction to axiomatic semantics The idea in axiomatic semantics is to give specifications

More information

Specification, Verification, and Interactive Proof

Specification, Verification, and Interactive Proof Specification, Verification, and Interactive Proof SRI International May 23, 2016 PVS PVS - Prototype Verification System PVS is a verification system combining language expressiveness with automated tools.

More information

Rule Formats for Nominal Modal Transition Systems

Rule Formats for Nominal Modal Transition Systems Rule Formats for Nominal Modal Transition Systems Anke Stüber Universitet Uppsala, Uppsala, Sweden anke.stuber@it.uu.se Abstract. Modal transition systems are specification languages that allow the expression

More information
2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback