KeYmaera X: An Axiomatic Tactical Theorem Prover for Hybrid Systems
|
|
- Myrtle Blake
- 5 years ago
- Views:
Transcription
1 KeYmaera X: An Axiomatic Tactical Theorem Prover for Hybrid Systems Nathan Fulton, Stefan Mitsch, Jan-David Quesel, Marcus Völp, André Platzer Presented at CADE-25 August 9, 2015
2 Milieu Safety-critical control software is now a fact of every-day life.
3 Milieu Safety-critical control software is now a fact of every-day life. How can we design cyber-physical systems people can bet their lives on? Jeanette Wing
4 A Prototypical Hybrid System Theorem v 0 A > 0 B > 0 [{{a := A a := B}; {x = v, v = a&v 0}} ]v 0
5 A Prototypical Hybrid System Theorem v 0 A > 0 B > 0 [{{a := A a := B}; {x = v, v = a&v 0}} ]v 0 A Prototypical Proof Outline for a ϕ [{ctrl; plant} ]ψ Model: 1. Propositional Reasoning
6 A Prototypical Hybrid System Theorem v 0 A > 0 B > 0 [{{a := A a := B}; {x = v, v = a&v 0}} ]v 0 A Prototypical Proof Outline for a ϕ [{ctrl; plant} ]ψ Model: 1. Propositional Reasoning 2. Identify System Loop Invariant
7 A Prototypical Hybrid System Theorem v 0 A > 0 B > 0 [{{a := A a := B}; {x = v, v = a&v 0}} ]v 0 A Prototypical Proof Outline for a ϕ [{ctrl; plant} ]ψ Model: 1. Propositional Reasoning 2. Identify System Loop Invariant 3. Symbolically Execute Control Program
8 A Prototypical Hybrid System Theorem v 0 A > 0 B > 0 [{{a := A a := B}; {x = v, v = a&v 0}} ]v 0 A Prototypical Proof Outline for a ϕ [{ctrl; plant} ]ψ Model: 1. Propositional Reasoning 2. Identify System Loop Invariant 3. Symbolically Execute Control Program 4. Solve ODE or identify Differential Invariant(s)
9 A Prototypical Hybrid System Theorem v 0 A > 0 B > 0 [{{a := A a := B}; {x = v, v = a&v 0}} ]v 0 A Prototypical Proof Outline for a ϕ [{ctrl; plant} ]ψ Model: 1. Propositional Reasoning 2. Identify System Loop Invariant 3. Symbolically Execute Control Program 4. Solve ODE or identify Differential Invariant(s) 5. Appeal to Decision Procedure for Real Arithmetic
10 4 Motivation: Sketching and Searching Theorem v 0 A > 0 B > 0 [{{a := A a := B}; {x = v, v = a&v 0}} ]v 0 A Prototypical Proof Outline: 1. Propositional Reasoning 2. Identify System Loop Invariant 3. Symbolically Execute Control Program 4. Solve ODE or identify Differential Invariant(s) 5. Appeal to Decision Procedure for Real Arithmetic
11 4 Motivation: Sketching and Searching Theorem v 0 A > 0 B > 0 [{{a := A a := B}; {x = v, v = a&v 0}} ]v 0 A Prototypical Proof Outline: ImplyR & 2. Identify System Loop Invariant 3. Symbolically Execute Control Program 4. Solve ODE or identify Differential Invariant(s) 5. Appeal to Decision Procedure for Real Arithmetic
12 4 Motivation: Sketching and Searching Theorem v 0 A > 0 B > 0 [{{a := A a := B}; {x = v, v = a&v 0}} ]v 0 A Prototypical Proof Outline: ImplyR & Loop("v 0") & 3. Symbolically Execute Control Program 4. Solve ODE or identify Differential Invariant(s) 5. Appeal to Decision Procedure for Real Arithmetic
13 4 Motivation: Sketching and Searching Theorem v 0 A > 0 B > 0 [{{a := A a := B}; {x = v, v = a&v 0}} ]v 0 A Prototypical Proof Outline: ImplyR & Loop("v 0") & Seq & Choice & BoxAssign & 4. Solve ODE or identify Differential Invariant(s) 5. Appeal to Decision Procedure for Real Arithmetic
14 4 Motivation: Sketching and Searching Theorem v 0 A > 0 B > 0 [{{a := A a := B}; {x = v, v = a&v 0}} ]v 0 A Prototypical Proof Outline: ImplyR & Loop("v 0") & Seq & Choice & BoxAssign & DiffInv("v 0") & 5. Appeal to Decision Procedure for Real Arithmetic
15 4 Motivation: Sketching and Searching Theorem v 0 A > 0 B > 0 [{{a := A a := B}; {x = v, v = a&v 0}} ]v 0 A Prototypical Proof Outline: ImplyR & Loop("v 0") & Seq & Choice & BoxAssign & DiffInv("v 0") & Arithmetic & Close
16 4 Motivation: Sketching and Searching Theorem v 0 A > 0 B > 0 [{{a := A a := B}; {x = v, v = a&v 0}} ]v 0 A Prototypical Proof Outline: Prop & Loop("v 0") & SymbolicExecution & DiffInv("v 0") & Arithmetic & Close
17 4 Motivation: Sketching and Searching Theorem v 0 A > 0 B > 0 [{{a := A a := B}; {x = v, v = a&v 0}} ]v 0 A Prototypical Proof Outline: Prop & Loop("v 0") & SymbolicExecution & DiffInv(DIGen) & Arithmetic & Close
18 4 Motivation: Sketching and Searching Theorem v 0 A > 0 B > 0 [{{a := A a := B}; {x = v, v = a&v 0}} ]v 0 A Prototypical Proof Outline: Prop & Loop(LoopInvGen) & SymbolicExecution & DiffInv(DIGen) & Arithmetic & Close
19 4 Motivation: Sketching and Searching Theorem v 0 A > 0 B > 0 [{{a := A a := B}; {x = v, v = a&v 0}} ]v 0 A Prototypical Proof Outline: Prop & Loop(LoopInvGen) & SymbolicExecution & DiffInv(DIGen) & Arithmetic & Close
20 4 Motivation: Sketching and Searching Theorem v 0 A > 0 B > 0 [{{a := A a := B}; {x = v, v = a&v 0}} ]v 0 A Prototypical Proof Outline: Prop & Loop(LoopInvGen) & SymbolicExecution & DiffInv(DIGen) & Arithmetic & Close
21 Contributions Small Core Increases trust, enables experimentation Tactics Bridging between a Hilbert-style Logic and a Gentzen-style deduction systems Extensible New logics, proof rules, axioms Customizable New interfaces (CPS Education, usability research, industry applications)
22 6 HyDRA Server User Interface Proof View REST-API Proof Tree Simplification Tactical Prover Axiomatic Core Scala-API Proof Tree manages KeYmaera X Web UI (JavaScript) Simplified Proof Tree View Tactics dl Tactics Proof Strategies uses Execution Combinators Models Wrappers for Kernel Primitives KeYmaera X Kernel (soundness-critical, Scala) Proof Certificates Axioms Searching start/stop/pause/resume controls Uniform Substitution Bound Renaming Propositional Sequent Calculus with Skolemization Proof Log Proof Storing observes executes combines stores Scheduler executes tactics on tools/ CPU cores Real Quantifier Elimination Differential Equation Solving...
23 7 Core: Uniform Substitution UniformSubstitution φ σ(φ) Where σ replaces all predicate symbols p( ) with a corresponding formula.
24 7 Core: Uniform Substitution UniformSubstitution φ σ(φ) Where σ replaces all predicate symbols p( ) with a corresponding formula. Similarly for other syntactic objects (e.g., program constants a).
25 Core: Uniform Substitution Theorem [x := 4 x := 5]x > 3 [x := 4]x > 3 [x := 5]x > 3 Proof. [a b]p(?) [a]p(?) [b]p(?) [x := 4 x := 5]x > 3 [x := 4]x > 3 [x := 5]x > 3 US Definition of substitution σ: a [x := 4] b [x := 5] p(?) x > 3
26 Core: Uniform Substitution Theorem [x := 4 x := 5]x > 3 [x := 4]x > 3 [x := 5]x > 3 Proof. [a b]p(?) [a]p(?) [b]p(?) Axiom [x := 4 x := 5]x > 3 [x := 4]x > 3 [x := 5]x > 3 US Definition of substitution σ: a [x := 4] b [x := 5] p(?) x > 3
27 Core: Axioms The Axiom File contains very nearly verbatim copies of axioms from papers: Axiom "K modal modus ponens ". [a ;]( p(?) - >q (?)) -> (([ a;]p (?)) -> ([a;]q (?))) End. Axiom "DC differential cut ". ([c&h (?);] p (?) <-> [c&(h (?)& r (?));] p (?)) <- [c&h (?);] r (?) End. Axiom " [++] choice ". [a ++ b]p (?) <-> ([a;]p(?) & [b;]p (?)). End.
28 10 HyDRA Server User Interface Proof View REST-API Proof Tree Simplification Tactical Prover Axiomatic Core Scala-API Proof Tree manages KeYmaera X Web UI (JavaScript) Simplified Proof Tree View Tactics dl Tactics Proof Strategies uses Execution Combinators Models Wrappers for Kernel Primitives KeYmaera X Kernel (soundness-critical, Scala) Proof Certificates Axioms Searching start/stop/pause/resume controls Uniform Substitution Bound Renaming Propositional Sequent Calculus with Skolemization Proof Log Proof Storing observes executes combines stores Scheduler executes tactics on tools/ CPU cores Real Quantifier Elimination Differential Equation Solving...
29 11 Sequent Calculus as Tactics QE(Γ ϕ θ 1 x ) Γ ϕ θ 1 x Γ [x := θ 1 ]ϕ QE(Γ ϕ θ 2 x ) Γ ϕ θ 2 x Γ [x := θ 2 ]ϕ Γ [x := θ 1 x := θ 2 ]ϕ
30 12 Sequent Calculus as Tactics QE(Γ ϕ θ 1 x ) Γ ϕ θ 1 x Γ [x := θ 1 ]ϕ QE(Γ ϕ θ 2 x ) Γ ϕ θ 2 x Γ [x := θ 2 ]ϕ Γ [x := θ 1 x := θ 2 ]ϕ
31 13 Tactical Proving BoxChoice Γ [α]ϕ Γ [α β]ϕ Γ [β]ϕ
32 13 Tactical Proving BoxChoice Γ [α]ϕ Γ [α β]ϕ Γ [β]ϕ Γ [x := 4 x := 5]x > 3 }{{} ψ
33 Tactical Proving BoxChoice Γ [α]ϕ Γ [α β]ϕ Γ [β]ϕ [a b]p(?) [a]p(?) [b]p(?) Γ [x := 4 x := 5]x > 3 }{{} ψ σ = a x := 4 b x := 5 p(?) x > 3 13
34 Tactical Proving BoxChoice Γ [α]ϕ Γ [α β]ϕ Γ [β]ϕ [a b]p(?) [a]p(?) [b]p(?) ψ [x := 4]x > 3 [x := 5]x > 3 σ = Γ [x := 4 x := 5]x > 3 }{{} ψ a x := 4 b x := 5 p(?) x > 3 13
35 Tactical Proving BoxChoice Γ [α]ϕ Γ [α β]ϕ Γ [β]ϕ [a b]p(?) [a]p(?) [b]p(?) ψ [x := 4]x > 3 [x := 5]x > 3 σ = Γ, ψ [x := 4]x > 3 [x := 5]x > 3 ψ Γ [x := 4 x := 5]x > 3 }{{} ψ a x := 4 b x := 5 p(?) x > 3 13
36 Tactical Proving BoxChoice Γ [α]ϕ Γ [α β]ϕ Γ [β]ϕ [a b]p(?) [a]p(?) [b]p(?) ψ [x := 4]x > 3 [x := 5]x > 3 σ = Γ, [x := 4]x > 3 [x := 5]x > 3 Γ, ψ [x := 4]x > 3 [x := 5]x > 3 ψ Γ [x := 4 x := 5]x > 3 }{{} ψ a x := 4 b x := 5 p(?) x > 3 13
37 Tactical Proving BoxChoice Γ [α]ϕ Γ [α β]ϕ Γ [β]ϕ [a b]p(?) [a]p(?) [b]p(?) ψ [x := 4]x > 3 [x := 5]x > 3 σ = Γ [x := 4]x > 3 [x := 5]x > 3 Γ, [x := 4]x > 3 [x := 5]x > 3 Γ, ψ [x := 4]x > 3 [x := 5]x > 3 ψ Γ [x := 4 x := 5]x > 3 }{{} ψ a x := 4 b x := 5 p(?) x > 3 13
38 Tactical Proving BoxChoice Γ [α]ϕ Γ [α β]ϕ Γ [β]ϕ [a b]p(?) [a]p(?) [b]p(?) ψ [x := 4]x > 3 [x := 5]x > 3 σ = Γ [x := 4]x > 3 Γ [x := 5]x > 3 Γ [x := 4]x > 3 [x := 5]x > 3 Γ, [x := 4]x > 3 [x := 5]x > 3 Γ, ψ [x := 4]x > 3 [x := 5]x > 3 ψ Γ [x := 4 x := 5]x > 3 }{{} ψ a x := 4 b x := 5 p(?) x > 3 13
39 Hilbert and Gentzen Meet at Church BoxChoice Γ [α]ϕ Γ [α β]ϕ Γ [β]ϕ [a b]p(?) [a]p(?) [b]p(?) ψ [x := 4]x > 3 [x := 5]x > 3 σ = Γ [x := 4]x > 3 Γ [x := 5]x > 3 Γ [x := 4]x > 3 [x := 5]x > 3 Γ, [x := 4]x > 3 [x := 5]x > 3 Γ, ψ [x := 4]x > 3 [x := 5]x > 3 ψ Γ [x := 4 x := 5]x > 3 }{{} ψ a x := 4 b x := 5 p(?) x > 3 13
40 Hilbert and Gentzen Meet at Church Contextual Box Assignment BoxChoice CtxCut("ϕ Γ [α]ϕ ") Γ [β]ϕ & onbranch( Γ [α β]ϕ ("Show", ), [a b]p(?) [a]p(?) [b]p(?) ψ [x := 4]x > 3 [x := 5]x > 3 USubst(a x := 4, b x := 5, p x > 3) & AxiomCtx("[++] choice") ("Use", Γ [x := 4]x > 3 Γ [x := 5]x > 3 Γ [x := 4]x > 3 [x := 5]x > 3 Γ, [x := 4]x > 3 [x := 5]x > 3 Γ, ψ [x := 4]x > 3 [x := 5]x > 3 ψ Γ [x := 4 x := 5]x > 3 }{{} ψ CtxEquiv(ante.length, 0) & AndR σ = ) ) a x := 4 b x := 5 p(?) x > 3 13
41 14 HyDRA Server User Interface Proof View REST-API Proof Tree Simplification Tactical Prover Axiomatic Core Scala-API Proof Tree manages KeYmaera X Web UI (JavaScript) Simplified Proof Tree View Tactics dl Tactics Proof Strategies uses Execution Combinators Models Wrappers for Kernel Primitives KeYmaera X Kernel (soundness-critical, Scala) Proof Certificates Axioms Searching start/stop/pause/resume controls Uniform Substitution Bound Renaming Propositional Sequent Calculus with Skolemization Proof Log Proof Storing observes executes combines stores Scheduler executes tactics on tools/ CPU cores Real Quantifier Elimination Differential Equation Solving...
42 Web-Based User Interface 15
43 System LOC KeYmaera X KeYmaera KeY HOL Light 396 Isabelle/Pure Nuprl Coq Kernel Comparison HSolver Flow PHAVer dreal millions SpaceEx HyCreate user model analysis Disclaimer: These self-reported estimates of the soundness-critical lines of code are to be taken with a grain of salt. Different languages, capabilities, styles...
44 Conclusion Small Core Increases trust, enables experimentation Tactics Bridging between a Hilbert-style Logic and a Gentzen-style deduction systems Extensible New logics, proof rules, axioms Customizable New interfaces (CPS Education, usability research, industry applications) Thanks: Ran Ji, Jean-Baptiste Jeannin, Sarah Loos, João Martins, Khalil Ghorbal Download: Developer contact keymaerax@keymaerax.org
45 18 HyDRA Server User Interface Proof View REST-API Proof Tree Simplification Tactical Prover Axiomatic Core Scala-API Proof Tree manages KeYmaera X Web UI (JavaScript) Simplified Proof Tree View Tactics dl Tactics Proof Strategies uses Execution Combinators Models Wrappers for Kernel Primitives KeYmaera X Kernel (soundness-critical, Scala) Proof Certificates Axioms Searching start/stop/pause/resume controls Uniform Substitution Bound Renaming Propositional Sequent Calculus with Skolemization Proof Log Proof Storing observes executes combines stores Scheduler executes tactics on tools/ CPU cores Real Quantifier Elimination Differential Equation Solving...
A Logic of Proofs for Differential Dynamic Logic
1 A Logic of Proofs for Differential Dynamic Logic Toward Independently Checkable Proof Certificates for Differential Dynamic Logic Nathan Fulton Andrè Platzer Carnegie Mellon University CPP 16 February
More informationKeYmaera X: An Axiomatic Tactical Theorem Prover for Hybrid Systems
KeYmaera X: An Axiomatic Tactical Theorem Prover for Hybrid Systems Nathan Fulton 1, Stefan Mitsch 1, Jan-David Quesel 1, Marcus Völp 1,2, and André Platzer 1 1 Computer Science Department, Carnegie Mellon
More informationIntegration of SMT Solvers with ITPs There and Back Again
Integration of SMT Solvers with ITPs There and Back Again Sascha Böhme and University of Sheffield 7 May 2010 1 2 Features: SMT-LIB vs. Yices Translation Techniques Caveats 3 4 Motivation Motivation System
More informationA Theorem Prover for Differential Dynamic Logic
A Theorem Prover for Differential Dynamic Logic Deductive Verification of Hybrid Systems April 17, 2007 Jan-David Quesel Carl von Ossietzky Universität Oldenburg Fakultät II Department für Informatik Abteilung
More informationFormal Systems II: Applications
Formal Systems II: Applications Functional Verification of Java Programs: Java Dynamic Logic Bernhard Beckert Mattias Ulbrich SS 2017 KIT INSTITUT FÜR THEORETISCHE INFORMATIK KIT University of the State
More informationPackaging Theories of Higher Order Logic
Packaging Theories of Higher Order Logic Joe Hurd Galois, Inc. joe@galois.com Theory Engineering Workshop Tuesday 9 February 2010 Joe Hurd Packaging Theories of Higher Order Logic 1 / 26 Talk Plan 1 Introduction
More informationFormal Predicate Calculus. Michael Meyling
Formal Predicate Calculus Michael Meyling May 24, 2013 2 The source for this document can be found here: http://www.qedeq.org/0_04_07/doc/math/qedeq_formal_logic_v1.xml Copyright by the authors. All rights
More informationAn LCF-Style Interface between HOL and First-Order Logic
An LCF-Style Interface between HOL and First-Order Logic Joe Hurd Computer Laboratory University of Cambridge, joe.hurd@cl.cam.ac.uk 1 Introduction Performing interactive proof in the HOL theorem prover
More informationImproving Coq Propositional Reasoning Using a Lazy CNF Conversion
Using a Lazy CNF Conversion Stéphane Lescuyer Sylvain Conchon Université Paris-Sud / CNRS / INRIA Saclay Île-de-France FroCoS 09 Trento 18/09/2009 Outline 1 Motivation and background Verifying an SMT solver
More informationHigher-Order Logic. Specification and Verification with Higher-Order Logic
Higher-Order Logic Specification and Verification with Higher-Order Logic Arnd Poetzsch-Heffter (Slides by Jens Brandt) Software Technology Group Fachbereich Informatik Technische Universität Kaiserslautern
More informationBeluga: A Framework for Programming and Reasoning with Deductive Systems (System Description)
Beluga: A Framework for Programming and Reasoning with Deductive Systems (System Description) Brigitte Pientka and Joshua Dunfield McGill University, Montréal, Canada {bpientka,joshua}@cs.mcgill.ca Abstract.
More informationPolarized Rewriting and Tableaux in B Set Theory
Polarized Rewriting and Tableaux in B Set Theory SETS 2018 Olivier Hermant CRI, MINES ParisTech, PSL Research University June 5, 2018 O. Hermant (MINES ParisTech) Polarized Tableaux Modulo in B June 5,
More informationTyped Lambda Calculus for Syntacticians
Department of Linguistics Ohio State University January 12, 2012 The Two Sides of Typed Lambda Calculus A typed lambda calculus (TLC) can be viewed in two complementary ways: model-theoretically, as a
More informationTheorem proving. PVS theorem prover. Hoare style verification PVS. More on embeddings. What if. Abhik Roychoudhury CS 6214
Theorem proving PVS theorem prover Abhik Roychoudhury National University of Singapore Both specification and implementation can be formalized in a suitable logic. Proof rules for proving statements in
More informationIntroduction to Axiomatic Semantics
Introduction to Axiomatic Semantics Meeting 10, CSCI 5535, Spring 2009 Announcements Homework 3 due tonight Homework 2 is graded 13 (mean), 14 (median), out of 21 total, but Graduate class: final project
More informationProofs are Programs. Prof. Clarkson Fall Today s music: Proof by Paul Simon
Proofs are Programs Prof. Clarkson Fall 2017 Today s music: Proof by Paul Simon Review Previously in 3110: Functional programming in Coq Logic in Coq Today: A fundamental idea that goes by many names...
More informationType Classes and Overloading in Higher-Order Logic
Type Classes and Overloading in Higher-Order Logic Markus Wenzel Technische Universität München Institut für Informatik, Arcisstraße 21, 80290 München, Germany http://www4.informatik.tu-muenchen.de/~wenzelm/
More informationTyped Lambda Calculus
Department of Linguistics Ohio State University Sept. 8, 2016 The Two Sides of A typed lambda calculus (TLC) can be viewed in two complementary ways: model-theoretically, as a system of notation for functions
More informationIntroduction to dependent types in Coq
October 24, 2008 basic use of the Coq system In Coq, you can play with simple values and functions. The basic command is called Check, to verify if an expression is well-formed and learn what is its type.
More informationFormally Certified Satisfiability Solving
SAT/SMT Proof Checking Verifying SAT Solver Code Future Work Computer Science, The University of Iowa, USA April 23, 2012 Seoul National University SAT/SMT Proof Checking Verifying SAT Solver Code Future
More informationRefinement Types as Proof Irrelevance. William Lovas with Frank Pfenning
Refinement Types as Proof Irrelevance William Lovas with Frank Pfenning Overview Refinement types sharpen existing type systems without complicating their metatheory Subset interpretation soundly and completely
More informationPrograms and Proofs in Isabelle/HOL
Programs and Proofs in Isabelle/HOL Makarius Wenzel http://sketis.net March 2016 = Isabelle λ β α Introduction What is Isabelle? Hanabusa Itcho : Blind monks examining an elephant Introduction 2 History:
More informationIsabelle/HOL:Selected Features and Recent Improvements
/: Selected Features and Recent Improvements webertj@in.tum.de Security of Systems Group, Radboud University Nijmegen February 20, 2007 /:Selected Features and Recent Improvements 1 2 Logic User Interface
More informationRevisiting Kalmar completeness metaproof
Revisiting Kalmar completeness metaproof Angélica Olvera Badillo 1 Universidad de las Américas, Sta. Catarina Mártir, Cholula, Puebla, 72820 México angelica.olverabo@udlap.mx Abstract In this paper, I
More informationEXTENSIONS OF FIRST ORDER LOGIC
EXTENSIONS OF FIRST ORDER LOGIC Maria Manzano University of Barcelona CAMBRIDGE UNIVERSITY PRESS Table of contents PREFACE xv CHAPTER I: STANDARD SECOND ORDER LOGIC. 1 1.- Introduction. 1 1.1. General
More informationKnowledge Representation and Reasoning Logics for Artificial Intelligence
Knowledge Representation and Reasoning Logics for Artificial Intelligence Stuart C. Shapiro Department of Computer Science and Engineering and Center for Cognitive Science University at Buffalo, The State
More informationHOL DEFINING HIGHER ORDER LOGIC LAST TIME ON HOL CONTENT. Slide 3. Slide 1. Slide 4. Slide 2 WHAT IS HIGHER ORDER LOGIC? 2 LAST TIME ON HOL 1
LAST TIME ON HOL Proof rules for propositional and predicate logic Safe and unsafe rules NICTA Advanced Course Forward Proof Slide 1 Theorem Proving Principles, Techniques, Applications Slide 3 The Epsilon
More informationThe KeY System 1.0 (Deduction Component)
The KeY System 1.0 (Deduction Component) Bernhard Beckert, Martin Giese, Reiner Hähnle, Vladimir Klebanov, Philipp Rümmer, Steffen Schlager, and Peter H. Schmitt www.key-project.org Abstract. The KeY system
More informationSemi-Automated Verification of Erlang Code
1 Semi-Automated Verification of Erlang Code Lars-Åke Fredlund Dilian Gurov Swedish Institute of Computer Science fred@sics.se dilian@sics.se Thomas Noll Aachen University of Technology noll@cs.rwth-aachen.de
More informationReasoning About Loops Using Vampire in KeY
Reasoning About Loops Using Vampire in KeY Wolfgang Ahrendt, Laura Kovács, and Simon Robillard Chalmers University of Technology Abstract. We describe symbol elimination and consequence nding in the rst-order
More informationLee Pike. June 3, 2005
Proof NASA Langley Formal Methods Group lee.s.pike@nasa.gov June 3, 2005 Proof Proof Quantification Quantified formulas are declared by quantifying free variables in the formula. For example, lem1: LEMMA
More informationConstructive Coherent Translation of Propositional Logic
Constructive Coherent Translation of Propositional Logic JRFisher@cpp.edu (started: 2009, latest: January 18, 2016) Abstract Propositional theories are translated to coherent logic rules using what are
More information15-819M: Data, Code, Decisions
15-819M: Data, Code, Decisions 08: First-Order Logic André Platzer aplatzer@cs.cmu.edu Carnegie Mellon University, Pittsburgh, PA André Platzer (CMU) 15-819M/08: Data, Code, Decisions 1 / 40 Outline 1
More informationFunctional Programming
The Meta Language (ML) and Functional Programming Daniel S. Fava danielsf@ifi.uio.no Department of informatics University of Oslo, Norway Motivation ML Demo Which programming languages are functional?
More informationAutomated Reasoning PROLOG and Automated Reasoning 13.4 Further Issues in Automated Reasoning 13.5 Epilogue and References 13.
13 Automated Reasoning 13.0 Introduction to Weak Methods in Theorem Proving 13.1 The General Problem Solver and Difference Tables 13.2 Resolution Theorem Proving 13.3 PROLOG and Automated Reasoning 13.4
More informationFrom Types to Sets in Isabelle/HOL
From Types to Sets in Isabelle/HOL Extented Abstract Ondřej Kunčar 1 and Andrei Popescu 1,2 1 Fakultät für Informatik, Technische Universität München, Germany 2 Institute of Mathematics Simion Stoilow
More informationBasic Foundations of Isabelle/HOL
Basic Foundations of Isabelle/HOL Peter Wullinger May 16th 2007 1 / 29 1 Introduction into Isabelle s HOL Why Type Theory Basic Type Syntax 2 More HOL Typed λ Calculus HOL Rules 3 Example proof 2 / 29
More informationReasoning About Loops Using Vampire
EPiC Series in Computing Volume 38, 2016, Pages 52 62 Proceedings of the 1st and 2nd Vampire Workshops Reasoning About Loops Using Vampire Laura Kovács and Simon Robillard Chalmers University of Technology,
More informationLambda Logic. Michael Beeson. San José State University, San Jose, CA, USA. Abstract
Michael Beeson San José State University, San Jose, CA, USA Abstract Lambda logic is the union of first order logic and lambda calculus. We prove basic metatheorems for both total and partial versions
More informationImporting HOL-Light into Coq
Outlines Importing HOL-Light into Coq Deep and shallow embeddings of the higher order logic into Coq Work in progress Chantal Keller chantal.keller@ens-lyon.fr Bejamin Werner benjamin.werner@inria.fr 2009
More informationReasoning Using Higher-Order Abstract Syntax in a Higher-Order Logic Proof Environment: Improvements to Hybrid and a Case Study
Reasoning Using Higher-Order Abstract Syntax in a Higher-Order Logic Proof Environment: Improvements to Hybrid and a Case Study Alan J. Martin Thesis Submitted to the Faculty of Graduate and Postdoctoral
More informationCoasterX: A Case Study in Component-Driven Hybrid Systems Proof Automation
CoasterX: A Case Study in Component-Driven Hybrid Systems Proof Automation Brandon Bohrer, Adriel Luo, Xue An Chuang, André Platzer Computer Science Department, Carnegie Mellon University (email: {bbohrer@cs,
More informationCalculus of Inductive Constructions
Calculus of Inductive Constructions Software Formal Verification Maria João Frade Departmento de Informática Universidade do Minho 2008/2009 Maria João Frade (DI-UM) Calculus of Inductive Constructions
More informationComputation Club: Gödel s theorem
Computation Club: Gödel s theorem The big picture mathematicians do a lot of reasoning and write a lot of proofs formal systems try to capture the ideas of reasoning and proof in a purely mechanical set
More informationDeductive Program Verification with Why3, Past and Future
Deductive Program Verification with Why3, Past and Future Claude Marché ProofInUse Kick-Off Day February 2nd, 2015 A bit of history 1999: Jean-Christophe Filliâtre s PhD Thesis Proof of imperative programs,
More informationLecture 17 of 41. Clausal (Conjunctive Normal) Form and Resolution Techniques
Lecture 17 of 41 Clausal (Conjunctive Normal) Form and Resolution Techniques Wednesday, 29 September 2004 William H. Hsu, KSU http://www.kddresearch.org http://www.cis.ksu.edu/~bhsu Reading: Chapter 9,
More informationLost in translation. Leonardo de Moura Microsoft Research. how easy problems become hard due to bad encodings. Vampire Workshop 2015
Lost in translation how easy problems become hard due to bad encodings Vampire Workshop 2015 Leonardo de Moura Microsoft Research I wanted to give the following talk http://leanprover.github.io/ Automated
More informationA First-Order Logic with First-Class Types
A First-Order Logic with First-Class Types joint work with Peter H. Schmitt and Mattias Ulbrich Institute for Theoretical Computer Science The 8th KeY Symposium, Speyer, 2009 Java Card DL modal logic based
More informationThe Formal Semantics of Programming Languages An Introduction. Glynn Winskel. The MIT Press Cambridge, Massachusetts London, England
The Formal Semantics of Programming Languages An Introduction Glynn Winskel The MIT Press Cambridge, Massachusetts London, England Series foreword Preface xiii xv 1 Basic set theory 1 1.1 Logical notation
More informationSimplification. Chapter General Comments. 5.2 Typical simplification steps
Chapter 5 Simplification 5.1 General Comments Deduction on algebraic specifications in KIV is mainly based on the idea that most proof steps of predicate logic proofs (especially the steps that can be
More informationFrom OCL to Propositional and First-order Logic: Part I
22c181: Formal Methods in Software Engineering The University of Iowa Spring 2008 From OCL to Propositional and First-order Logic: Part I Copyright 2007-8 Reiner Hähnle and Cesare Tinelli. Notes originally
More informationVS 3 : SMT Solvers for Program Verification
VS 3 : SMT Solvers for Program Verification Saurabh Srivastava 1,, Sumit Gulwani 2, and Jeffrey S. Foster 1 1 University of Maryland, College Park, {saurabhs,jfoster}@cs.umd.edu 2 Microsoft Research, Redmond,
More informationFinding and Extracting Computational Content in Euclid s Elements
Finding and Extracting Computational Content in Euclid s Elements Ariel Kellison Septemeber 2017 Outline Introduction Computational Content Intro. Why Implement Results and Future Work Implementing Euclid
More informationChapter 1. Introduction
1 Chapter 1 Introduction An exciting development of the 21st century is that the 20th-century vision of mechanized program verification is finally becoming practical, thanks to 30 years of advances in
More informationCompositional Software Model Checking
Compositional Software Model Checking Dan R. Ghica Oxford University Computing Laboratory October 18, 2002 Outline of talk program verification issues the semantic challenge programming languages the logical
More informationKripke-Style Contextual Modal Type Theory
Kripke-Style Contextual Modal Type Theory YUITO MURASE THE UNIVERSITY OF TOKYO Agenda Background Logic Type System Future Plan/Related Work Background: Syntactical Metaprogramming Extend the syntax of
More informationLecture 5 - Axiomatic semantics
Program Verification March 2014 Lecture 5 - Axiomatic semantics Lecturer: Noam Rinetzky Scribes by: Nir Hemed 1.1 Axiomatic semantics The development of the theory is contributed to Robert Floyd, C.A.R
More informationLINEAR LOGIC AS A FRAMEWORK FOR SPECIFYING SEQUENT CALCULUS
LINEAR LOGIC AS A FRAMEWORK FOR SPECIFYING SEQUENT CALCULUS DALE MILLER AND ELAINE PIMENTEL Abstract In recent years, intuitionistic logic and type systems have been used in numerous computational systems
More informationCoq, a formal proof development environment combining logic and programming. Hugo Herbelin
Coq, a formal proof development environment combining logic and programming Hugo Herbelin 1 Coq in a nutshell (http://coq.inria.fr) A logical formalism that embeds an executable typed programming language:
More informationOverview of the KeY System
22c181: Formal Methods in Software Engineering The University of Iowa Spring 2008 Overview of the KeY System Copyright 2007-8 Reiner Hähnle and Cesare Tinelli. Notes originally developed by Reiner Hähnle
More informationAn Evolution of Mathematical Tools
An Evolution of Mathematical Tools From Conceptualization to Formalization Here's what we do when we build a formal model (or do a computation): 0. Identify a collection of objects/events in the real world.
More informationHandling Integer Arithmetic in the Verification of Java Programs
Handling Integer Arithmetic in the Verification of Java Programs Steffen Schlager 1st Swedish-German KeY Workshop Göteborg, Sweden, June 2002 KeY workshop, June 2002 p.1 Introduction UML/OCL specification
More informationDynamic Logic with Non-rigid Functions
Dynamic Logic with Non-rigid Functions A Basis for Object-oriented Program Verification Bernhard Beckert 1 André Platzer 2 1 University of Koblenz-Landau, Department of Computer Science beckert@uni-koblenz.de
More informationProof Carrying Code(PCC)
Discussion p./6 Proof Carrying Code(PCC Languaged based security policy instead of OS-based A mechanism to determine with certainity that it is safe execute a program or not Generic architecture for providing
More informationMechanized metatheory revisited
Mechanized metatheory revisited Dale Miller Inria Saclay & LIX, École Polytechnique Palaiseau, France TYPES 2016, Novi Sad 25 May 2016 Theory vs Metatheory When formalizing programming languages, we often
More informationElectronic Notes in Theoretical Computer Science 58 No. 2 (2001) URL: 14 pages A Proof-Planning Fram
Electronic Notes in Theoretical Computer Science 58 No. 2 (2001) URL: http://www.elsevier.nl/locate/entcs/volume58.html 14 pages A Proof-Planning Framework with explicit Abstractions based on Indexed Formulas
More informationFoundations of AI. 9. Predicate Logic. Syntax and Semantics, Normal Forms, Herbrand Expansion, Resolution
Foundations of AI 9. Predicate Logic Syntax and Semantics, Normal Forms, Herbrand Expansion, Resolution Wolfram Burgard, Andreas Karwath, Bernhard Nebel, and Martin Riedmiller 09/1 Contents Motivation
More informationToward explicit rewrite rules in the λπ-calculus modulo
Toward explicit rewrite rules in the λπ-calculus modulo Ronan Saillard (Olivier Hermant) Deducteam INRIA MINES ParisTech December 14th, 2013 1 / 29 Motivation Problem Checking, in a trustful way, that
More informationEquations: a tool for dependent pattern-matching
Equations: a tool for dependent pattern-matching Cyprien Mangin cyprien.mangin@m4x.org Matthieu Sozeau matthieu.sozeau@inria.fr Inria Paris & IRIF, Université Paris-Diderot May 15, 2017 1 Outline 1 Setting
More informationTyped First-order Logic
22c181: Formal Methods in Software Engineering The University of Iowa Spring 2008 Typed First-order Logic Copyright 2007-8 Reiner Hähnle and Cesare Tinelli. Notes originally developed by Reiner Hähnle
More informationLambda Calculus and Type Inference
Lambda Calculus and Type Inference Björn Lisper Dept. of Computer Science and Engineering Mälardalen University bjorn.lisper@mdh.se http://www.idt.mdh.se/ blr/ August 17, 2007 Lambda Calculus and Type
More informationIsabelle Tutorial: System, HOL and Proofs
Isabelle Tutorial: System, HOL and Proofs Burkhart Wolff, Makarius Wenzel Université Paris-Sud What we will talk about What we will talk about Isabelle with: its System Framework the Logical Framework
More informationModular dependent induction in Coq, Mendler-style. Paolo Torrini
Modular dependent induction in Coq, Mendler-style Paolo Torrini Dept. of Computer Science, KU Leuven ITP 16, Nancy, 22.08.2016 * The Author left the Institution in April 2016 motivation: cost-effective
More informationTypes Summer School Gothenburg Sweden August Dogma oftype Theory. Everything has a type
Types Summer School Gothenburg Sweden August 2005 Formalising Mathematics in Type Theory Herman Geuvers Radboud University Nijmegen, NL Dogma oftype Theory Everything has a type M:A Types are a bit like
More informationLogic and its Applications
Logic and its Applications Edmund Burke and Eric Foxley PRENTICE HALL London New York Toronto Sydney Tokyo Singapore Madrid Mexico City Munich Contents Preface xiii Propositional logic 1 1.1 Informal introduction
More informationEncryption as an Abstract Datatype:
June 2003 1/18 Outline Encryption as an Abstract Datatype: an extended abstract Dale Miller INRIA/Futurs/Saclay and École polytechnique 1. Security protocols specified using multisets rewriting. 2. Eigenvariables
More informationStatic and User-Extensible Proof Checking. Antonis Stampoulis Zhong Shao Yale University POPL 2012
Static and User-Extensible Proof Checking Antonis Stampoulis Zhong Shao Yale University POPL 2012 Proof assistants are becoming popular in our community CompCert [Leroy et al.] sel4 [Klein et al.] Four-color
More informationEmbedding logics in Dedukti
1 INRIA, 2 Ecole Polytechnique, 3 ENSIIE/Cedric Embedding logics in Dedukti Ali Assaf 12, Guillaume Burel 3 April 12, 2013 Ali Assaf, Guillaume Burel: Embedding logics in Dedukti, 1 Outline Introduction
More informationGang Tan, Boston College Andrew W. Appel, Princeton University
A Compositional Logic for Control Flow Gang Tan, Boston College Andrew W. Appel, Princeton University Jan 8, 2006 1 Mobile Code Security Protect trusted system against untrusted code cyberspace ce program
More informationAssuring Software Protection in Virtual Machines
Assuring Software Protection in Virtual Machines Andrew W. Appel Princeton University 1 Software system built from components Less-trusted components More-trusted components (non-core functions) INTERFACE
More informationUsing Agda to Explore Path-Oriented Models of Type Theory
1/22 Using Agda to Explore Path-Oriented Models of Type Theory Andrew Pitts joint work with Ian Orton Computer Laboratory Outline 2/22 The mathematical problem find new models of Homotopy Type Theory Why
More informationProgramming Languages Third Edition
Programming Languages Third Edition Chapter 12 Formal Semantics Objectives Become familiar with a sample small language for the purpose of semantic specification Understand operational semantics Understand
More informationSystem Description: Twelf A Meta-Logical Framework for Deductive Systems
System Description: Twelf A Meta-Logical Framework for Deductive Systems Frank Pfenning and Carsten Schürmann Department of Computer Science Carnegie Mellon University fp@cs.cmu.edu carsten@cs.cmu.edu
More informationThe Prototype Verification System PVS
The Prototype Verification System PVS Wolfgang Schreiner Wolfgang.Schreiner@risc.uni-linz.ac.at Research Institute for Symbolic Computation (RISC) Johannes Kepler University, Linz, Austria http://www.risc.uni-linz.ac.at
More informationRuntime Checking for Program Verification Systems
Runtime Checking for Program Verification Systems Karen Zee, Viktor Kuncak, and Martin Rinard MIT CSAIL Tuesday, March 13, 2007 Workshop on Runtime Verification 1 Background Jahob program verification
More informationComputer-supported Modeling and Reasoning. First-Order Logic. 1 More on Isabelle. 1.1 Isabelle System Architecture
Dipl-Inf Achim D Brucker Dr Burkhart Wolff Computer-supported Modeling and easoning http://wwwinfsecethzch/ education/permanent/csmr/ (rev 16814) Submission date: First-Order Logic In this lecture you
More informationA Short Introduction to First-Order Theorem Proving with KeY
1 What is KeY? 1.1 Software Verification Karlsruher Institut für Technologie Institut für Theoretische Informatik Prof. Dr. Peter H. Schmitt Mattias Ulbrich A Short Introduction to First-Order Theorem
More informationAutomata and Formal Languages - CM0081 Introduction to Agda
Automata and Formal Languages - CM0081 Introduction to Agda Andrés Sicard-Ramírez Universidad EAFIT Semester 2018-2 Introduction Curry-Howard correspondence Dependent types Constructivism Martin-Löf s
More informationFinite Model Generation for Isabelle/HOL Using a SAT Solver
Finite Model Generation for / Using a SAT Solver Tjark Weber webertj@in.tum.de Technische Universität München Winterhütte, März 2004 Finite Model Generation for / p.1/21 is a generic proof assistant: Highly
More informationWhere Can We Draw The Line?
Where Can We Draw The Line? On the Hardness of Satisfiability Problems Complexity 1 Introduction Objectives: To show variants of SAT and check if they are NP-hard Overview: Known results 2SAT Max2SAT Complexity
More informationProofs are Programs. Prof. Clarkson Fall Today s music: Two Sides to Every Story by Dyan Cannon and Willie Nelson
Proofs are Programs Prof. Clarkson Fall 2016 Today s music: Two Sides to Every Story by Dyan Cannon and Willie Nelson Review Currently in 3110: Advanced topics Futures Monads Today: An idea that goes by
More informationFormalization of Incremental Simplex Algorithm by Stepwise Refinement
Formalization of Incremental Simplex Algorithm by Stepwise Refinement Mirko Spasić, Filip Marić Faculty of Mathematics, University of Belgrade FM2012, 30. August 2012. Overview 1 Introduction 2 Approach
More informationSoftware System Design and Implementation
Software System Design and Implementation Motivation & Introduction Gabriele Keller (Manuel M. T. Chakravarty) The University of New South Wales School of Computer Science and Engineering Sydney, Australia
More informationVerified Characteristic Formulae for CakeML. Armaël Guéneau, Magnus O. Myreen, Ramana Kumar, Michael Norrish April 27, 2017
Verified Characteristic Formulae for CakeML Armaël Guéneau, Magnus O. Myreen, Ramana Kumar, Michael Norrish April 27, 2017 Goal: write programs in a high-level (ML-style) language, prove them correct interactively,
More informationAlgebraic Processors
Algebraic Processors Algebraic Processors By Pouya Larjani, B.Sc. A Thesis Submitted to the School of Graduate Studies in partial fulfilment of the requirements for the degree of Master of Science Department
More informationAutomated Theorem Proving in a First-Order Logic with First Class Boolean Sort
Thesis for the Degree of Licentiate of Engineering Automated Theorem Proving in a First-Order Logic with First Class Boolean Sort Evgenii Kotelnikov Department of Computer Science and Engineering Chalmers
More informationCSCI.6962/4962 Software Verification Fundamental Proof Methods in Computer Science (Arkoudas and Musser) Chapter p. 1/27
CSCI.6962/4962 Software Verification Fundamental Proof Methods in Computer Science (Arkoudas and Musser) Chapter 2.1-2.7 p. 1/27 CSCI.6962/4962 Software Verification Fundamental Proof Methods in Computer
More informationProofs-Programs correspondance and Security
Proofs-Programs correspondance and Security Jean-Baptiste Joinet Université de Lyon & Centre Cavaillès, École Normale Supérieure, Paris Third Cybersecurity Japanese-French meeting Formal methods session
More informationLecture 4: January 12, 2015
32002: AI (First Order Predicate Logic, Interpretation and Inferences) Spring 2015 Lecturer: K.R. Chowdhary Lecture 4: January 12, 2015 : Professor of CS (VF) Disclaimer: These notes have not been subjected
More information3.4 Deduction and Evaluation: Tools Conditional-Equational Logic
3.4 Deduction and Evaluation: Tools 3.4.1 Conditional-Equational Logic The general definition of a formal specification from above was based on the existence of a precisely defined semantics for the syntax
More information