A Logic of Proofs for Differential Dynamic Logic

Size: px
Start display at page:

Download "A Logic of Proofs for Differential Dynamic Logic"

Transcription

1 1 A Logic of Proofs for Differential Dynamic Logic Toward Independently Checkable Proof Certificates for Differential Dynamic Logic Nathan Fulton Andrè Platzer Carnegie Mellon University CPP 16 February 10, 2016

2 Motivation Strong evidence that Cyber-Physical Systems are safe.

3 Motivation Strong evidence that Cyber-Physical Systems are safe.

4 KeYmaera X 3

5 4 Criteria for Evidence of a Successful Verification Effort Hybrid Systems Proofs (via KeYmaera X) Persistent truth-preservation is insufficient! Permanent Tactics are not proofs Portable Between machines, between logics

6 5 Approach e : φ

7 5 Approach e : φ Outline: The Language of Differential Dynamic Logic Uniform Substitution Calculus of dl LPdL

8 6 Hybrid Programs Model Cyber-Physical Systems Definition (Hybrid Programs) Assign x := θ Test?ϕ Sequence α; β Choice α β Iteration α

9 6 Hybrid Programs Model Cyber-Physical Systems Definition (Hybrid Programs) Assign x := θ Test?ϕ Sequence α; β Choice α β Iteration α ODEs {x 1 = θ 1,..., x n = θ n &ϕ}

10 7 dl Example [ ( (acc := A acc := 0) }{{} Control ; {pos = vel, vel ) ] = acc} }{{} Physical System Model

11 7 dl FOL over Real Closed Fields + [α]ϕ + α ϕ Example vel 0 A > 0 }{{} initial condition [ ( (acc := A acc := 0) }{{} ctrl ; {pos = vel, vel ) ] = acc} vel 0 }{{}}{{} plant postcondition

12 8 Deduction in Differential Dynamic Logic v 0, z < m t 0[z := b 2 t2 + vt + z]z m v 0, z < m [z = v, v DiffSolve = b]z m

13 9 Uniform Substitution Isolates Binding Structure DiffSolve as a single axiom: [x = f &q(x)]p(x) t 0(( 0 s tq(x+fs)) [x := x+ft]p(x)) Sound uniform substitutions are used in deductions: ϕ σ(ϕ) US

14 10 Significant Features of dl BoxChoice Γ [α]ϕ Γ [α β]ϕ Γ [β]ϕ

15 10 Significant Features of dl BoxChoice Γ [α]ϕ Γ [α β]ϕ Γ [β]ϕ Γ [x := 4 x := 5]x > 3 }{{} ψ

16 Significant Features of dl BoxChoice Γ [α]ϕ Γ [α β]ϕ Γ [β]ϕ [a b]p(?) [a]p(?) [b]p(?) Γ [x := 4 x := 5]x > 3 }{{} ψ σ = a x := 4 b x := 5 p(?) x > 3 10

17 10 Significant Features of dl BoxChoice Γ [α]ϕ Γ [α β]ϕ Γ [β]ϕ [a b]p(?) [a]p(?) [b]p(?) ψ [x := 4]x > 3 [x := 5]x > 3 σ = Γ [x := 4 x := 5]x > 3 }{{} ψ a x := 4 b x := 5 p(?) x > 3

18 Significant Features of dl BoxChoice Γ [α]ϕ Γ [α β]ϕ Γ [β]ϕ [a b]p(?) [a]p(?) [b]p(?) ψ [x := 4]x > 3 [x := 5]x > 3 σ = Γ, ψ [x := 4]x > 3 [x := 5]x > 3 ψ Γ [x := 4 x := 5]x > 3 }{{} ψ a x := 4 b x := 5 p(?) x > 3

19 10 Significant Features of dl BoxChoice Γ [α]ϕ Γ [α β]ϕ Γ [β]ϕ [a b]p(?) [a]p(?) [b]p(?) ψ [x := 4]x > 3 [x := 5]x > 3 σ = Γ, [x := 4]x > 3 [x := 5]x > 3 Γ, ψ [x := 4]x > 3 [x := 5]x > 3 ψ Γ [x := 4 x := 5]x > 3 }{{} ψ a x := 4 b x := 5 p(?) x > 3

20 Significant Features of dl BoxChoice Γ [α]ϕ Γ [α β]ϕ Γ [β]ϕ [a b]p(?) [a]p(?) [b]p(?) ψ [x := 4]x > 3 [x := 5]x > 3 σ = Γ [x := 4]x > 3 [x := 5]x > 3 Γ, [x := 4]x > 3 [x := 5]x > 3 Γ, ψ [x := 4]x > 3 [x := 5]x > 3 ψ Γ [x := 4 x := 5]x > 3 }{{} ψ a x := 4 b x := 5 p(?) x > 3

21 Significant Features of dl BoxChoice Γ [α]ϕ Γ [α β]ϕ Γ [β]ϕ [a b]p(?) [a]p(?) [b]p(?) ψ [x := 4]x > 3 [x := 5]x > 3 σ = Γ [x := 4]x > 3 Γ [x := 5]x > 3 Γ [x := 4]x > 3 [x := 5]x > 3 Γ, [x := 4]x > 3 [x := 5]x > 3 Γ, ψ [x := 4]x > 3 [x := 5]x > 3 ψ Γ [x := 4 x := 5]x > 3 }{{} ψ a x := 4 b x := 5 p(?) x > 3

22 Contribution: A Logic of Proofs for dl LPdL extends the grammar of dl with formulas of the form e }{{} : ϕ }{{} LPdL proof term dlformula

23 Contribution: A Logic of Proofs for dl LPdL extends the grammar of dl with formulas of the form e }{{} : ϕ }{{} LPdL proof term dlformula e, d ::= c φ Example (Proof Constants) (i [:=] ) : ([x := t]p(x) p(t)) (j x>y y>z x>z ) : (x > y y > z x > z)

24 11 Contribution: A Logic of Proofs for dl LPdL extends the grammar of dl with formulas of the form e }{{} : ϕ }{{} LPdL proof term dlformula e, d ::= c φ e d Example (Conjunctions) (i := j x>0 ) : (([x := t]p(x) p(t)) x > 0)

25 Contribution: A Logic of Proofs for dl LPdL extends the grammar of dl with formulas of the form e, d ::= c φ e d e d e d e d e }{{} : ϕ }{{} LPdL proof term dlformula Example ( ) If e : ϕ ψ (1) d : ϕ (2) Then e d : ψ. Directional application performs a similar operation on equivalences.

26 Contribution: A Logic of Proofs for dl LPdL extends the grammar of dl with formulas of the form e }{{} : ϕ }{{} LPdL proof term dlformula e, d ::= c φ e d e d e d e d σe Be Example (Uniform Substitution of Axiom [x := t]p(x) p(t)) σ {t 0, p( ) 0} (i [:=] ) : [x := 0]x 0 0 0

27 Contribution: A Logic of Proofs for dl LPdL extends the grammar of dl with formulas of the form e }{{} : ϕ }{{} LPdL proof term dlformula e, d ::= c φ e d e d e d e d σe Be CT σ e CQ σ e CE σ e Example (US Instances of Proof Rules) CE {t 0, p( ) 0} i [x:=t]p(t) p(x) : ([{z = a}][x := 0]x 0) ([{z = a}]0 0)

28 Sampling of Axioms and Proof Rules φ i A : A e : φ d : ψ (e d) : (φ ψ) e : (φ ψ) d : φ e d : ψ e : φ σe : σ(φ) σe : σ(p( x) q( x)) CE σ e : σ(c(p( x) C(q( x))) (dl Axiom) (dl Constants) (And) (Application) (US Proof Term) (CE σ ) Only side-condition: admissibility of σs.

29 13 Semantics of LPdL i A : A φ I = φ I dl i A : A I = S for dl axioms A α j T : T = S for FOL R tautologies T i A : A α i A : A e d : φ ψ I = e : φ I d : ψ I e d : φ I = ψ e : (ψ φ) I d : ψ I α... i A : A

30 14 Correctness Properties Theorem (Proof terms justify theorems) Let e be a proof term and φ a dl formula. If LPdL e : φ then φ.

31 Correctness Properties Theorem (Proof terms justify theorems) Let e be a proof term and φ a dl formula. If LPdL e : φ then φ. HyDRA Server User Interface Proof View REST-API Proof Tree Simplification Tactical Prover Axiomatic Core Scala-API Proof Tree manages KeYmaera X Web UI (JavaScript) Simplified Proof Tree View Tactics Execution Proof Strategies uses dl Tactics Combinators Models Wrappers for Kernel Primitives KeYmaera X Kernel (soundness-critical, Scala) Proof Certificates Axioms Searching start/stop/pause/resume controls Uniform Substitution Bound Renaming Propositional Sequent Calculus with Skolemization Proof Log Proof Storing stores observes executes combines Scheduler executes tactics on tools/ CPU cores Real Quantifier Elimination Differential Equation Solving... 14

32 Correctness Properties Theorem (Proof terms justify theorems) Let e be a proof term and φ a dl formula. If LPdL e : φ then φ. HyDRA Server User Interface Proof View REST-API Proof Tree Simplification Tactical Prover Axiomatic Core Scala-API Proof Tree manages KeYmaera X Web UI (JavaScript) Simplified Proof Tree View Tactics Execution Proof Strategies uses dl Tactics Combinators Models Wrappers for Kernel Primitives KeYmaera X Kernel (soundness-critical, Scala) Proof Certificates Axioms Searching start/stop/pause/resume controls Uniform Substitution Bound Renaming Propositional Sequent Calculus with Skolemization Proof Log Proof Storing stores observes executes combines Scheduler executes tactics on tools/ CPU cores Real Quantifier Elimination Differential Equation Solving... 14

33 Adding Proof Terms Without Adding Soundness-Critical Code Proof. Case σe. Suppose that LPdL σe : φ. By [a lemma], φ = σ(φ ) and LPdL e : φ for some φ. The induction hypothesis for the smaller proof term e gives dl φ. Therefore, dl σ(φ ) (i.e., φ) is provable by US. 1 def ProofChecker ( e : ProofTerm, phi : Formula ) =... 2 case UsubstTerm (e, phiprime, usubst ) => { 3 val phiprimecert = ProofChecker (e, phiprime ) 4 Provable. startproof ( phi ) 5.( UniformSubstitutionRule ( 6 usubst, 7 phiprime ), 0) 8.( phiprimecert, 0) 9 }

34 Ongoing Work Controller Synthesis from Non-deterministic Models A proof term construction semantics for the Bellerophon tactics language of KeYmaera X

35 Conclusion LPdL provides persistent permanent portable proofs 17

36 17 Conclusion LPdL provides persistent permanent portable proofs and furthermore reifies the structure of proofs

37 Conclusion LPdL provides persistent permanent portable proofs and furthermore reifies the structure of proofs by parsimoniously extending existing theory and implementation. keymaerax.org github.com/ls-lab/keymaerax-release 17

KeYmaera X: An Axiomatic Tactical Theorem Prover for Hybrid Systems

KeYmaera X: An Axiomatic Tactical Theorem Prover for Hybrid Systems KeYmaera X: An Axiomatic Tactical Theorem Prover for Hybrid Systems Nathan Fulton, Stefan Mitsch, Jan-David Quesel, Marcus Völp, André Platzer Presented at CADE-25 August 9, 2015 Milieu Safety-critical

More information

KeYmaera X: An Axiomatic Tactical Theorem Prover for Hybrid Systems

KeYmaera X: An Axiomatic Tactical Theorem Prover for Hybrid Systems KeYmaera X: An Axiomatic Tactical Theorem Prover for Hybrid Systems Nathan Fulton 1, Stefan Mitsch 1, Jan-David Quesel 1, Marcus Völp 1,2, and André Platzer 1 1 Computer Science Department, Carnegie Mellon

More information

15-819M: Data, Code, Decisions

15-819M: Data, Code, Decisions 15-819M: Data, Code, Decisions 08: First-Order Logic André Platzer aplatzer@cs.cmu.edu Carnegie Mellon University, Pittsburgh, PA André Platzer (CMU) 15-819M/08: Data, Code, Decisions 1 / 40 Outline 1

More information

A Theorem Prover for Differential Dynamic Logic

A Theorem Prover for Differential Dynamic Logic A Theorem Prover for Differential Dynamic Logic Deductive Verification of Hybrid Systems April 17, 2007 Jan-David Quesel Carl von Ossietzky Universität Oldenburg Fakultät II Department für Informatik Abteilung

More information

Typed Lambda Calculus for Syntacticians

Typed Lambda Calculus for Syntacticians Department of Linguistics Ohio State University January 12, 2012 The Two Sides of Typed Lambda Calculus A typed lambda calculus (TLC) can be viewed in two complementary ways: model-theoretically, as a

More information

From OCL to Propositional and First-order Logic: Part I

From OCL to Propositional and First-order Logic: Part I 22c181: Formal Methods in Software Engineering The University of Iowa Spring 2008 From OCL to Propositional and First-order Logic: Part I Copyright 2007-8 Reiner Hähnle and Cesare Tinelli. Notes originally

More information

Formal Systems II: Applications

Formal Systems II: Applications Formal Systems II: Applications Functional Verification of Java Programs: Java Dynamic Logic Bernhard Beckert Mattias Ulbrich SS 2017 KIT INSTITUT FÜR THEORETISCHE INFORMATIK KIT University of the State

More information

Module 6. Knowledge Representation and Logic (First Order Logic) Version 2 CSE IIT, Kharagpur

Module 6. Knowledge Representation and Logic (First Order Logic) Version 2 CSE IIT, Kharagpur Module 6 Knowledge Representation and Logic (First Order Logic) 6.1 Instructional Objective Students should understand the advantages of first order logic as a knowledge representation language Students

More information

Polarized Rewriting and Tableaux in B Set Theory

Polarized Rewriting and Tableaux in B Set Theory Polarized Rewriting and Tableaux in B Set Theory SETS 2018 Olivier Hermant CRI, MINES ParisTech, PSL Research University June 5, 2018 O. Hermant (MINES ParisTech) Polarized Tableaux Modulo in B June 5,

More information

Typed Lambda Calculus

Typed Lambda Calculus Department of Linguistics Ohio State University Sept. 8, 2016 The Two Sides of A typed lambda calculus (TLC) can be viewed in two complementary ways: model-theoretically, as a system of notation for functions

More information

Revisiting Kalmar completeness metaproof

Revisiting Kalmar completeness metaproof Revisiting Kalmar completeness metaproof Angélica Olvera Badillo 1 Universidad de las Américas, Sta. Catarina Mártir, Cholula, Puebla, 72820 México angelica.olverabo@udlap.mx Abstract In this paper, I

More information

Lecture 5 - Axiomatic semantics

Lecture 5 - Axiomatic semantics Program Verification March 2014 Lecture 5 - Axiomatic semantics Lecturer: Noam Rinetzky Scribes by: Nir Hemed 1.1 Axiomatic semantics The development of the theory is contributed to Robert Floyd, C.A.R

More information

Higher-Order Logic. Specification and Verification with Higher-Order Logic

Higher-Order Logic. Specification and Verification with Higher-Order Logic Higher-Order Logic Specification and Verification with Higher-Order Logic Arnd Poetzsch-Heffter (Slides by Jens Brandt) Software Technology Group Fachbereich Informatik Technische Universität Kaiserslautern

More information

Propositional Logic Formal Syntax and Semantics. Computability and Logic

Propositional Logic Formal Syntax and Semantics. Computability and Logic Propositional Logic Formal Syntax and Semantics Computability and Logic Syntax and Semantics Syntax: The study of how expressions are structured (think: grammar) Semantics: The study of the relationship

More information

Formal Predicate Calculus. Michael Meyling

Formal Predicate Calculus. Michael Meyling Formal Predicate Calculus Michael Meyling May 24, 2013 2 The source for this document can be found here: http://www.qedeq.org/0_04_07/doc/math/qedeq_formal_logic_v1.xml Copyright by the authors. All rights

More information

Packaging Theories of Higher Order Logic

Packaging Theories of Higher Order Logic Packaging Theories of Higher Order Logic Joe Hurd Galois, Inc. joe@galois.com Theory Engineering Workshop Tuesday 9 February 2010 Joe Hurd Packaging Theories of Higher Order Logic 1 / 26 Talk Plan 1 Introduction

More information

Theorem proving. PVS theorem prover. Hoare style verification PVS. More on embeddings. What if. Abhik Roychoudhury CS 6214

Theorem proving. PVS theorem prover. Hoare style verification PVS. More on embeddings. What if. Abhik Roychoudhury CS 6214 Theorem proving PVS theorem prover Abhik Roychoudhury National University of Singapore Both specification and implementation can be formalized in a suitable logic. Proof rules for proving statements in

More information

Foundations of AI. 9. Predicate Logic. Syntax and Semantics, Normal Forms, Herbrand Expansion, Resolution

Foundations of AI. 9. Predicate Logic. Syntax and Semantics, Normal Forms, Herbrand Expansion, Resolution Foundations of AI 9. Predicate Logic Syntax and Semantics, Normal Forms, Herbrand Expansion, Resolution Wolfram Burgard, Andreas Karwath, Bernhard Nebel, and Martin Riedmiller 09/1 Contents Motivation

More information

Dynamic Logic with Non-rigid Functions

Dynamic Logic with Non-rigid Functions Dynamic Logic with Non-rigid Functions A Basis for Object-oriented Program Verification Bernhard Beckert 1 André Platzer 2 1 University of Koblenz-Landau, Department of Computer Science beckert@uni-koblenz.de

More information

Isabelle/HOL:Selected Features and Recent Improvements

Isabelle/HOL:Selected Features and Recent Improvements /: Selected Features and Recent Improvements webertj@in.tum.de Security of Systems Group, Radboud University Nijmegen February 20, 2007 /:Selected Features and Recent Improvements 1 2 Logic User Interface

More information

EXTENSIONS OF FIRST ORDER LOGIC

EXTENSIONS OF FIRST ORDER LOGIC EXTENSIONS OF FIRST ORDER LOGIC Maria Manzano University of Barcelona CAMBRIDGE UNIVERSITY PRESS Table of contents PREFACE xv CHAPTER I: STANDARD SECOND ORDER LOGIC. 1 1.- Introduction. 1 1.1. General

More information

HOL DEFINING HIGHER ORDER LOGIC LAST TIME ON HOL CONTENT. Slide 3. Slide 1. Slide 4. Slide 2 WHAT IS HIGHER ORDER LOGIC? 2 LAST TIME ON HOL 1

HOL DEFINING HIGHER ORDER LOGIC LAST TIME ON HOL CONTENT. Slide 3. Slide 1. Slide 4. Slide 2 WHAT IS HIGHER ORDER LOGIC? 2 LAST TIME ON HOL 1 LAST TIME ON HOL Proof rules for propositional and predicate logic Safe and unsafe rules NICTA Advanced Course Forward Proof Slide 1 Theorem Proving Principles, Techniques, Applications Slide 3 The Epsilon

More information

Situation Calculus and YAGI

Situation Calculus and YAGI Situation Calculus and YAGI Institute for Software Technology 1 Progression another solution to the projection problem does a sentence hold for a future situation used for automated reasoning and planning

More information

Finite Model Generation for Isabelle/HOL Using a SAT Solver

Finite Model Generation for Isabelle/HOL Using a SAT Solver Finite Model Generation for / Using a SAT Solver Tjark Weber webertj@in.tum.de Technische Universität München Winterhütte, März 2004 Finite Model Generation for / p.1/21 is a generic proof assistant: Highly

More information

Improving Coq Propositional Reasoning Using a Lazy CNF Conversion

Improving Coq Propositional Reasoning Using a Lazy CNF Conversion Using a Lazy CNF Conversion Stéphane Lescuyer Sylvain Conchon Université Paris-Sud / CNRS / INRIA Saclay Île-de-France FroCoS 09 Trento 18/09/2009 Outline 1 Motivation and background Verifying an SMT solver

More information

From Types to Sets in Isabelle/HOL

From Types to Sets in Isabelle/HOL From Types to Sets in Isabelle/HOL Extented Abstract Ondřej Kunčar 1 and Andrei Popescu 1,2 1 Fakultät für Informatik, Technische Universität München, Germany 2 Institute of Mathematics Simion Stoilow

More information

Handling Integer Arithmetic in the Verification of Java Programs

Handling Integer Arithmetic in the Verification of Java Programs Handling Integer Arithmetic in the Verification of Java Programs Steffen Schlager 1st Swedish-German KeY Workshop Göteborg, Sweden, June 2002 KeY workshop, June 2002 p.1 Introduction UML/OCL specification

More information

Kripke-Style Contextual Modal Type Theory

Kripke-Style Contextual Modal Type Theory Kripke-Style Contextual Modal Type Theory YUITO MURASE THE UNIVERSITY OF TOKYO Agenda Background Logic Type System Future Plan/Related Work Background: Syntactical Metaprogramming Extend the syntax of

More information

Refinement Types as Proof Irrelevance. William Lovas with Frank Pfenning

Refinement Types as Proof Irrelevance. William Lovas with Frank Pfenning Refinement Types as Proof Irrelevance William Lovas with Frank Pfenning Overview Refinement types sharpen existing type systems without complicating their metatheory Subset interpretation soundly and completely

More information

Computer-supported Modeling and Reasoning. First-Order Logic. 1 More on Isabelle. 1.1 Isabelle System Architecture

Computer-supported Modeling and Reasoning. First-Order Logic. 1 More on Isabelle. 1.1 Isabelle System Architecture Dipl-Inf Achim D Brucker Dr Burkhart Wolff Computer-supported Modeling and easoning http://wwwinfsecethzch/ education/permanent/csmr/ (rev 16814) Submission date: First-Order Logic In this lecture you

More information

Meta-programming with Names and Necessity p.1

Meta-programming with Names and Necessity p.1 Meta-programming with Names and Necessity Aleksandar Nanevski Carnegie Mellon University ICFP, Pittsburgh, 05 October 2002 Meta-programming with Names and Necessity p.1 Meta-programming Manipulation of

More information

Typed First-order Logic

Typed First-order Logic 22c181: Formal Methods in Software Engineering The University of Iowa Spring 2008 Typed First-order Logic Copyright 2007-8 Reiner Hähnle and Cesare Tinelli. Notes originally developed by Reiner Hähnle

More information

COMP 4161 NICTA Advanced Course. Advanced Topics in Software Verification. Toby Murray, June Andronick, Gerwin Klein

COMP 4161 NICTA Advanced Course. Advanced Topics in Software Verification. Toby Murray, June Andronick, Gerwin Klein COMP 4161 NICTA Advanced Course Advanced Topics in Software Verification Toby Murray, June Andronick, Gerwin Klein λ 1 Last time... λ calculus syntax free variables, substitution β reduction α and η conversion

More information

Knowledge Representation and Reasoning Logics for Artificial Intelligence

Knowledge Representation and Reasoning Logics for Artificial Intelligence Knowledge Representation and Reasoning Logics for Artificial Intelligence Stuart C. Shapiro Department of Computer Science and Engineering and Center for Cognitive Science University at Buffalo, The State

More information

Module 6. Knowledge Representation and Logic (First Order Logic) Version 2 CSE IIT, Kharagpur

Module 6. Knowledge Representation and Logic (First Order Logic) Version 2 CSE IIT, Kharagpur Module 6 Knowledge Representation and Logic (First Order Logic) Lesson 15 Inference in FOL - I 6.2.8 Resolution We have introduced the inference rule Modus Ponens. Now we introduce another inference rule

More information

Integration of SMT Solvers with ITPs There and Back Again

Integration of SMT Solvers with ITPs There and Back Again Integration of SMT Solvers with ITPs There and Back Again Sascha Böhme and University of Sheffield 7 May 2010 1 2 Features: SMT-LIB vs. Yices Translation Techniques Caveats 3 4 Motivation Motivation System

More information

Formally Certified Satisfiability Solving

Formally Certified Satisfiability Solving SAT/SMT Proof Checking Verifying SAT Solver Code Future Work Computer Science, The University of Iowa, USA April 23, 2012 Seoul National University SAT/SMT Proof Checking Verifying SAT Solver Code Future

More information

VS 3 : SMT Solvers for Program Verification

VS 3 : SMT Solvers for Program Verification VS 3 : SMT Solvers for Program Verification Saurabh Srivastava 1,, Sumit Gulwani 2, and Jeffrey S. Foster 1 1 University of Maryland, College Park, {saurabhs,jfoster}@cs.umd.edu 2 Microsoft Research, Redmond,

More information

Hoare Logic. COMP2600 Formal Methods for Software Engineering. Rajeev Goré

Hoare Logic. COMP2600 Formal Methods for Software Engineering. Rajeev Goré Hoare Logic COMP2600 Formal Methods for Software Engineering Rajeev Goré Australian National University Semester 2, 2016 (Slides courtesy of Ranald Clouston) COMP 2600 Hoare Logic 1 Australian Capital

More information

Database Theory VU , SS Codd s Theorem. Reinhard Pichler

Database Theory VU , SS Codd s Theorem. Reinhard Pichler Database Theory Database Theory VU 181.140, SS 2011 3. Codd s Theorem Reinhard Pichler Institut für Informationssysteme Arbeitsbereich DBAI Technische Universität Wien 29 March, 2011 Pichler 29 March,

More information

Fundamentals of Software Engineering

Fundamentals of Software Engineering Fundamentals of Software Engineering Reasoning about Programs with Dynamic Logic - Part I Ina Schaefer Institute for Software Systems Engineering TU Braunschweig, Germany Slides by Wolfgang Ahrendt, Richard

More information

Introduction to Axiomatic Semantics

Introduction to Axiomatic Semantics Introduction to Axiomatic Semantics Meeting 10, CSCI 5535, Spring 2009 Announcements Homework 3 due tonight Homework 2 is graded 13 (mean), 14 (median), out of 21 total, but Graduate class: final project

More information

λ calculus is inconsistent

λ calculus is inconsistent Content Rough timeline COMP 4161 NICTA Advanced Course Advanced Topics in Software Verification Gerwin Klein, June Andronick, Toby Murray λ Intro & motivation, getting started [1] Foundations & Principles

More information

Logic and its Applications

Logic and its Applications Logic and its Applications Edmund Burke and Eric Foxley PRENTICE HALL London New York Toronto Sydney Tokyo Singapore Madrid Mexico City Munich Contents Preface xiii Propositional logic 1 1.1 Informal introduction

More information

The design of a programming language for provably correct programs: success and failure

The design of a programming language for provably correct programs: success and failure The design of a programming language for provably correct programs: success and failure Don Sannella Laboratory for Foundations of Computer Science School of Informatics, University of Edinburgh http://homepages.inf.ed.ac.uk/dts

More information

Chapter 6. Curves and Surfaces. 6.1 Graphs as Surfaces

Chapter 6. Curves and Surfaces. 6.1 Graphs as Surfaces Chapter 6 Curves and Surfaces In Chapter 2 a plane is defined as the zero set of a linear function in R 3. It is expected a surface is the zero set of a differentiable function in R n. To motivate, graphs

More information

Algebraic Processors

Algebraic Processors Algebraic Processors Algebraic Processors By Pouya Larjani, B.Sc. A Thesis Submitted to the School of Graduate Studies in partial fulfilment of the requirements for the degree of Master of Science Department

More information

The Rule of Constancy(Derived Frame Rule)

The Rule of Constancy(Derived Frame Rule) The Rule of Constancy(Derived Frame Rule) The following derived rule is used on the next slide The rule of constancy {P } C {Q} {P R} C {Q R} where no variable assigned to in C occurs in R Outline of derivation

More information

Automatic Reasoning (Section 8.3)

Automatic Reasoning (Section 8.3) Automatic Reasoning (Section 8.3) Automatic Reasoning Can reasoning be automated? Yes, for some logics, including first-order logic. We could try to automate natural deduction, but there are many proof

More information

Hoare logic. A proof system for separation logic. Introduction. Separation logic

Hoare logic. A proof system for separation logic. Introduction. Separation logic Introduction Hoare logic Lecture 6: Examples in separation logic In the previous lecture, we saw how reasoning about pointers in Hoare logic was problematic, which motivated introducing separation logic.

More information

Hw 4 Due Feb 22. D(fg) x y z (

Hw 4 Due Feb 22. D(fg) x y z ( Hw 4 Due Feb 22 2.2 Exercise 7,8,10,12,15,18,28,35,36,46 2.3 Exercise 3,11,39,40,47(b) 2.4 Exercise 6,7 Use both the direct method and product rule to calculate where f(x, y, z) = 3x, g(x, y, z) = ( 1

More information

Preuves Interactives et Applications

Preuves Interactives et Applications Preuves Interactives et Applications Christine Paulin & Burkhart Wolff http://www.lri.fr/ paulin/preuvesinteractives Université Paris-Saclay HOL and its Specification Constructs 10/12/16 B. Wolff - M2

More information

Lambda Logic. Michael Beeson. San José State University, San Jose, CA, USA. Abstract

Lambda Logic. Michael Beeson. San José State University, San Jose, CA, USA. Abstract Michael Beeson San José State University, San Jose, CA, USA Abstract Lambda logic is the union of first order logic and lambda calculus. We prove basic metatheorems for both total and partial versions

More information

Verification and Validation

Verification and Validation Cycle Ingénieur 2 ème année Département Informatique Verification and Validation Part IV : Proof-based Verification (I) Burkhart Wolff Département Informatique Université Paris-Sud / Orsay 2013-2014 What

More information

Verification and Validation

Verification and Validation 2017-2018 Cycle Ingénieur 2 ème année Département Informatique Verification and Validation Part IV : Proof-based Verification (I) Burkhart Wolff Département Informatique Université Paris-Sud / Orsay Difference

More information

Compositional Software Model Checking

Compositional Software Model Checking Compositional Software Model Checking Dan R. Ghica Oxford University Computing Laboratory October 18, 2002 Outline of talk program verification issues the semantic challenge programming languages the logical

More information

CLF: A logical framework for concurrent systems

CLF: A logical framework for concurrent systems CLF: A logical framework for concurrent systems Thesis Proposal Kevin Watkins Carnegie Mellon University Committee: Frank Pfenning, CMU (Chair) Stephen Brookes, CMU Robert Harper, CMU Gordon Plotkin, University

More information

Hoare Logic: Proving Programs Correct

Hoare Logic: Proving Programs Correct Hoare Logic: Proving Programs Correct 17-654/17-765 Analysis of Software Artifacts Jonathan Aldrich Reading: C.A.R. Hoare, An Axiomatic Basis for Computer Programming Some presentation ideas from a lecture

More information

Mathematics for Computer Scientists 2 (G52MC2)

Mathematics for Computer Scientists 2 (G52MC2) Mathematics for Computer Scientists 2 (G52MC2) L03 : More Coq, Classical Logic School of Computer Science University of Nottingham October 8, 2009 The cut rule Sometimes we want to prove a goal Q via an

More information

Lee Pike. June 3, 2005

Lee Pike. June 3, 2005 Proof NASA Langley Formal Methods Group lee.s.pike@nasa.gov June 3, 2005 Proof Proof Quantification Quantified formulas are declared by quantifying free variables in the formula. For example, lem1: LEMMA

More information

Logic and Computation

Logic and Computation Logic and Computation From Conceptualization to Formalization Here's what we do when we build a formal model (or do a computation): 0. Identify a collection of objects/events in the real world. This is

More information

A Typed Lambda Calculus for Input Sanitation

A Typed Lambda Calculus for Input Sanitation A Typed Lambda Calculus for Input Sanitation Nathan Fulton Carthage College nfulton@carthage.edu April 11, 2013 Abstract Programmers often wish to validate or sanitize user input. One common approach to

More information

A First-Order Logic with First-Class Types

A First-Order Logic with First-Class Types A First-Order Logic with First-Class Types joint work with Peter H. Schmitt and Mattias Ulbrich Institute for Theoretical Computer Science The 8th KeY Symposium, Speyer, 2009 Java Card DL modal logic based

More information

Logical Verification Course Notes. Femke van Raamsdonk Vrije Universiteit Amsterdam

Logical Verification Course Notes. Femke van Raamsdonk Vrije Universiteit Amsterdam Logical Verification Course Notes Femke van Raamsdonk femke@csvunl Vrije Universiteit Amsterdam autumn 2008 Contents 1 1st-order propositional logic 3 11 Formulas 3 12 Natural deduction for intuitionistic

More information

Propositional Calculus: Boolean Algebra and Simplification. CS 270: Mathematical Foundations of Computer Science Jeremy Johnson

Propositional Calculus: Boolean Algebra and Simplification. CS 270: Mathematical Foundations of Computer Science Jeremy Johnson Propositional Calculus: Boolean Algebra and Simplification CS 270: Mathematical Foundations of Computer Science Jeremy Johnson Propositional Calculus Topics Motivation: Simplifying Conditional Expressions

More information

DATABASE THEORY. Lecture 11: Introduction to Datalog. TU Dresden, 12th June Markus Krötzsch Knowledge-Based Systems

DATABASE THEORY. Lecture 11: Introduction to Datalog. TU Dresden, 12th June Markus Krötzsch Knowledge-Based Systems DATABASE THEORY Lecture 11: Introduction to Datalog Markus Krötzsch Knowledge-Based Systems TU Dresden, 12th June 2018 Announcement All lectures and the exercise on 19 June 2018 will be in room APB 1004

More information

A Pronominal Account of Binding and Computation

A Pronominal Account of Binding and Computation A Pronominal Account of Binding and Computation Robert Harper Carnegie Mellon University TAASN March 2009 Thanks Thanks to Daniel R. Licata and Noam Zeilberger, my collaborators on this work. Thanks to

More information

Software Engineering Lecture Notes

Software Engineering Lecture Notes Software Engineering Lecture Notes Paul C. Attie August 30, 2013 c Paul C. Attie. All rights reserved. 2 Contents I Hoare Logic 11 1 Propositional Logic 13 1.1 Introduction and Overview..............................

More information

Constructive Coherent Translation of Propositional Logic

Constructive Coherent Translation of Propositional Logic Constructive Coherent Translation of Propositional Logic JRFisher@cpp.edu (started: 2009, latest: January 18, 2016) Abstract Propositional theories are translated to coherent logic rules using what are

More information

Towards a Logical Reconstruction of Relational Database Theory

Towards a Logical Reconstruction of Relational Database Theory Towards a Logical Reconstruction of Relational Database Theory On Conceptual Modelling, Lecture Notes in Computer Science. 1984 Raymond Reiter Summary by C. Rey November 27, 2008-1 / 63 Foreword DB: 2

More information

Verifying Java Programs Verifying Java Programs with KeY

Verifying Java Programs Verifying Java Programs with KeY Verifying Java Programs Verifying Java Programs with KeY Wolfgang Schreiner Wolfgang.Schreiner@risc.jku.at Research Institute for Symbolic Computation (RISC) Johannes Kepler University, Linz, Austria http://www.risc.jku.at

More information

Application: Programming Language Semantics

Application: Programming Language Semantics Chapter 8 Application: Programming Language Semantics Prof. Dr. K. Madlener: Specification and Verification in Higher Order Logic 527 Introduction to Programming Language Semantics Programming Language

More information

Harvard School of Engineering and Applied Sciences CS 152: Programming Languages

Harvard School of Engineering and Applied Sciences CS 152: Programming Languages Harvard School of Engineering and Applied Sciences CS 152: Programming Languages Lecture 19 Tuesday, April 3, 2018 1 Introduction to axiomatic semantics The idea in axiomatic semantics is to give specifications

More information

The Formal Semantics of Programming Languages An Introduction. Glynn Winskel. The MIT Press Cambridge, Massachusetts London, England

The Formal Semantics of Programming Languages An Introduction. Glynn Winskel. The MIT Press Cambridge, Massachusetts London, England The Formal Semantics of Programming Languages An Introduction Glynn Winskel The MIT Press Cambridge, Massachusetts London, England Series foreword Preface xiii xv 1 Basic set theory 1 1.1 Logical notation

More information

1.3 Primitive Recursive Predicates and Bounded Minimalization

1.3 Primitive Recursive Predicates and Bounded Minimalization 12 1 Primitive Recursive Functions 1.3 Primitive Recursive Predicates and Bounded Minimalization 1.3.1 Case discrimination function The case discrimination function D is defined by D(x, y, z) = v x 0 v

More information

LOGIC AND DISCRETE MATHEMATICS

LOGIC AND DISCRETE MATHEMATICS LOGIC AND DISCRETE MATHEMATICS A Computer Science Perspective WINFRIED KARL GRASSMANN Department of Computer Science University of Saskatchewan JEAN-PAUL TREMBLAY Department of Computer Science University

More information

CS 6110 S11 Lecture 25 Typed λ-calculus 6 April 2011

CS 6110 S11 Lecture 25 Typed λ-calculus 6 April 2011 CS 6110 S11 Lecture 25 Typed λ-calculus 6 April 2011 1 Introduction Type checking is a lightweight technique for proving simple properties of programs. Unlike theorem-proving techniques based on axiomatic

More information

Lecture 17 of 41. Clausal (Conjunctive Normal) Form and Resolution Techniques

Lecture 17 of 41. Clausal (Conjunctive Normal) Form and Resolution Techniques Lecture 17 of 41 Clausal (Conjunctive Normal) Form and Resolution Techniques Wednesday, 29 September 2004 William H. Hsu, KSU http://www.kddresearch.org http://www.cis.ksu.edu/~bhsu Reading: Chapter 9,

More information

Verifying Program Invariants with Refinement Types

Verifying Program Invariants with Refinement Types Verifying Program Invariants with Refinement Types Rowan Davies and Frank Pfenning Carnegie Mellon University Princeton and Yale Colloquium Talks February, 2001 Acknowledgments: Robert Harper 1 Overview

More information

Simplification. Chapter General Comments. 5.2 Typical simplification steps

Simplification. Chapter General Comments. 5.2 Typical simplification steps Chapter 5 Simplification 5.1 General Comments Deduction on algebraic specifications in KIV is mainly based on the idea that most proof steps of predicate logic proofs (especially the steps that can be

More information

Fundamentals of Software Engineering

Fundamentals of Software Engineering Fundamentals of Software Engineering Reasoning about Programs - Selected Features Ina Schaefer Institute for Software Systems Engineering TU Braunschweig, Germany Slides by Wolfgang Ahrendt, Richard Bubel,

More information

Program Verification. Program Verification 307/434

Program Verification. Program Verification 307/434 Program Verification Program Verification 307/434 Outline Introduction: What and Why? Pre- and Postconditions Conditionals while-loops and Total Correctness Arrays Program Verification Introduction 308/434

More information

F. Brief review of classical predicate logic (PC)

F. Brief review of classical predicate logic (PC) F. Brief review of classical predicate logic (PC) F.I. Syntax (LfP 4.1) F.I.1. Primitive symbols Primitive vocabulary of PC (LfP 90): connectives: Ñ,, @ variables: x, y,... (with or without numerical subscripts)

More information

Where Can We Draw The Line?

Where Can We Draw The Line? Where Can We Draw The Line? On the Hardness of Satisfiability Problems Complexity 1 Introduction Objectives: To show variants of SAT and check if they are NP-hard Overview: Known results 2SAT Max2SAT Complexity

More information

Automated Theorem Proving in a First-Order Logic with First Class Boolean Sort

Automated Theorem Proving in a First-Order Logic with First Class Boolean Sort Thesis for the Degree of Licentiate of Engineering Automated Theorem Proving in a First-Order Logic with First Class Boolean Sort Evgenii Kotelnikov Department of Computer Science and Engineering Chalmers

More information

KAT and PHL in Coq. 1 Introduction. 2 Revision of KAT and PHL concepts. David Pereira 1 and Nelma Moreira 1

KAT and PHL in Coq. 1 Introduction. 2 Revision of KAT and PHL concepts. David Pereira 1 and Nelma Moreira 1 KAT and PHL in Coq David Pereira 1 and Nelma Moreira 1 LIACC University of Porto {dpereira,nam}@ncc.up.pt Abstract. In this paper we describe an implementation of Kleene Algebras with Tests (KAT) in the

More information

Toward explicit rewrite rules in the λπ-calculus modulo

Toward explicit rewrite rules in the λπ-calculus modulo Toward explicit rewrite rules in the λπ-calculus modulo Ronan Saillard (Olivier Hermant) Deducteam INRIA MINES ParisTech December 14th, 2013 1 / 29 Motivation Problem Checking, in a trustful way, that

More information

Mechanized metatheory revisited

Mechanized metatheory revisited Mechanized metatheory revisited Dale Miller Inria Saclay & LIX, École Polytechnique Palaiseau, France TYPES 2016, Novi Sad 25 May 2016 Theory vs Metatheory When formalizing programming languages, we often

More information

Basic Foundations of Isabelle/HOL

Basic Foundations of Isabelle/HOL Basic Foundations of Isabelle/HOL Peter Wullinger May 16th 2007 1 / 29 1 Introduction into Isabelle s HOL Why Type Theory Basic Type Syntax 2 More HOL Typed λ Calculus HOL Rules 3 Example proof 2 / 29

More information

Physics 235 Chapter 6. Chapter 6 Some Methods in the Calculus of Variations

Physics 235 Chapter 6. Chapter 6 Some Methods in the Calculus of Variations Chapter 6 Some Methods in the Calculus of Variations In this Chapter we focus on an important method of solving certain problems in Classical Mechanics. In many problems we need to determine how a system

More information

From Hoare Logic to Matching Logic Reachability

From Hoare Logic to Matching Logic Reachability From Hoare Logic to Matching Logic Reachability Grigore Roşu 1,2 and Andrei Ştefănescu 1 1 University of Illinois at Urbana-Champaign, USA 2 Alexandru Ioan Cuza University, Iaşi, Romania {grosu, stefane1}@illinois.edu

More information

Beluga: A Framework for Programming and Reasoning with Deductive Systems (System Description)

Beluga: A Framework for Programming and Reasoning with Deductive Systems (System Description) Beluga: A Framework for Programming and Reasoning with Deductive Systems (System Description) Brigitte Pientka and Joshua Dunfield McGill University, Montréal, Canada {bpientka,joshua}@cs.mcgill.ca Abstract.

More information

Lecture Note: Types. 1 Introduction 2. 2 Simple Types 3. 3 Type Soundness 6. 4 Recursive Types Subtyping 17

Lecture Note: Types. 1 Introduction 2. 2 Simple Types 3. 3 Type Soundness 6. 4 Recursive Types Subtyping 17 Jens Palsberg Sep 24, 1999 Contents Lecture Note: Types 1 Introduction 2 2 Simple Types 3 3 Type Soundness 6 4 Recursive Types 12 5 Subtyping 17 6 Decision Procedure for Subtyping 19 7 First-Order Unification

More information

Type Classes and Overloading in Higher-Order Logic

Type Classes and Overloading in Higher-Order Logic Type Classes and Overloading in Higher-Order Logic Markus Wenzel Technische Universität München Institut für Informatik, Arcisstraße 21, 80290 München, Germany http://www4.informatik.tu-muenchen.de/~wenzelm/

More information

Type Safety. Java and ML are type safe, or strongly typed, languages. C and C++ are often described as weakly typed languages.

Type Safety. Java and ML are type safe, or strongly typed, languages. C and C++ are often described as weakly typed languages. Java and ML are type safe, or strongly typed, languages. CMPSCI 630: Programming Languages Spring 2009 (with thanks to Robert Harper) C and C++ are often described as weakly typed languages. What does

More information

3.4 Deduction and Evaluation: Tools Conditional-Equational Logic

3.4 Deduction and Evaluation: Tools Conditional-Equational Logic 3.4 Deduction and Evaluation: Tools 3.4.1 Conditional-Equational Logic The general definition of a formal specification from above was based on the existence of a precisely defined semantics for the syntax

More information

An LCF-Style Interface between HOL and First-Order Logic

An LCF-Style Interface between HOL and First-Order Logic An LCF-Style Interface between HOL and First-Order Logic Joe Hurd Computer Laboratory University of Cambridge, joe.hurd@cl.cam.ac.uk 1 Introduction Performing interactive proof in the HOL theorem prover

More information

Substitution in Structural Operational Semantics and value-passing process calculi

Substitution in Structural Operational Semantics and value-passing process calculi Substitution in Structural Operational Semantics and value-passing process calculi Sam Staton Computer Laboratory University of Cambridge Abstract Consider a process calculus that allows agents to communicate

More information

First-Class Type Classes

First-Class Type Classes First-Class Type Classes Matthieu Sozeau Joint work with Nicolas Oury LRI, Univ. Paris-Sud - Démons Team & INRIA Saclay - ProVal Project Gallium Seminar November 3rd 2008 INRIA Rocquencourt Solutions for

More information

Overview of the KeY System

Overview of the KeY System 22c181: Formal Methods in Software Engineering The University of Iowa Spring 2008 Overview of the KeY System Copyright 2007-8 Reiner Hähnle and Cesare Tinelli. Notes originally developed by Reiner Hähnle

More information