Presentation is loading. Please wait.

Presentation is loading. Please wait.

Integrating Math Units and Proof Checking for Specification and Verification SAVCBS Workshop 2008 SIGSOFT 2008 / FSE 16 November 9th, 2008 Hampton Smith.

Published byAshlie Gibson Modified over 9 years ago

Similar presentations

Presentation on theme: "Integrating Math Units and Proof Checking for Specification and Verification SAVCBS Workshop 2008 SIGSOFT 2008 / FSE 16 November 9th, 2008 Hampton Smith."— Presentation transcript:

1 Integrating Math Units and Proof Checking for Specification and Verification SAVCBS Workshop 2008 SIGSOFT 2008 / FSE 16 November 9th, 2008 Hampton Smith Kim Roche Murali Sitaraman Clemson University Joan Krone Denison University William F. Ogden Ohio State University

2 Overview RESOLVE Verification System Role of Proof Checker in Verification System Requirements of a Proof Checker in such a system 2

3 o Issues o Solutions o Issues o Solutions RESOLVE Verification System Role of Proof Checker in Verification System Requirements of a Proof Checker in such a system Overview 2

4 RESOLVE Verification System 3

5 RESOLVE Reusable Software Research Group at Clemson Integrated Programming, Specification, and Proof Language Full end-to-end verification o Scalability o Performance Isabelle Backend cs.clemson.edu/~resolve 4

6 Proof Checkers in a Verification System 5

7 PROOF OBLIGATIONS 6

8 Precondition 6

9 Postcondition 6

10 Precondition Postcondition Invariant 6

11 Enhancement for Stacks Enhancement Flipping_Capability for Stack_Template; Operation Flip( updates S : Stack ); ensures S = Rev( #S ); end Flipping_Capability; 7

12 Implementation of Flipping Realization Obvious_Flipping_Realization for Flipping_Capability of Stack_Template; Procedure Flip ( updates S : Stack ); Var Next_Entry : Entry; Var S_Flipped : Stack; While ( Depth( S ) /= 0 )‏ changing S, Next_Entry, S_Flipped; maintaining #S = Rev( S_Flipped ) o S; decreasing |S|; do Pop( Next_Entry, S ); Push( Next_Entry, S_Flipped); end; S :=: S_Flipped; end Flip; end Obvious_Flipping_Realization; 8

13 Verification Condition ((|S| <= Max_Depth) and (S = (Rev(?S_Flipped) o ??S) and (|??S| /= 0 and ??S = ( o ?S))))‏ ============================> (Rev(?S_Flipped) o ??S) = (Rev( o ?S_Flipped) o ?S)‏ 9

14 A little help 10

15 Precondition Postcondition Invariant Math Results 11

16 Precondition Postcondition Invariant Math Results 12

17 Precondition Postcondition Invariant Math Results Automated Prover 12

18 Precondition Postcondition Invariant Math Results Automated Prover User Provided Proof + Proof Checker 12

19 Verification System "Requiring programmers to engage in a fine level of proof activity is unlikely to lead to wide-spread verification.... [T]he limitations of automated theorem proving often require substantial human intervention." 13

20 Verification System "Requiring programmers to engage in a fine level of proof activity is unlikely to lead to wide-spread verification.... [T]he limitations of automated theorem proving often require substantial human intervention." Clear division between verification conditions and math results. Rethink the latter as a job for trained mathematicians. 13

21 Requirements for such a Proof Checker 14

22 Precondition Postcondition Invariant Math Results Automated Prover User Provided Proof + Proof Checker 15

23 Reusability Programming Language Abstraction Modules Interfaces Readability Proof Language 16

24 Reusability Programming Language Abstraction Modules Interfaces Readability Proof Language Abstraction Modules Interfaces Readability 16

25 Abstraction and Modules String Theory Stack QueueList... 17

26 Consumers of Theories Proof Checker Automated Prover Mathematicians Programmers 18

27 Header file for theories. Précis vs. Proof Units 19

28 Précis vs. Proof Units Précis Natural_Number_Theory; uses Basic_Function_Properties, Monogenerator_Theory... Inductive Definition on i : N of (a : N) + (b) : N is (i) a + 0 = a; (ii) a + suc(b) = suc(a + b); Theorem N1: Is_Associative( + );... end Natural_Number_Theory; 20

29 Précis vs. Proof Units Précis Natural_Number_Theory; uses Basic_Function_Properties, Monogenerator_Theory... Inductive Definition on i : N of (a : N) + (b) : N is (i) a + 0 = a; (ii) a + suc(b) = suc(a + b); Theorem N1: Is_Associative( + );... end Natural_Number_Theory; Proof unit Natural_Number_Theory_Proofs for Natural_Number_Theory; Uses... Proof of Theorem N1: Goal for all k, m, n: N, k + (m + n) = (k + m) + n; Definition S1: Powerset(N) = {n : N, for all k, m : N, k + (m + n) = (k + m) + n};... 20

30 Precondition Postcondition Invariant Math Results Automated Prover User Provided Proof + Proof Checker 21

31 Popular Proof Checkers Isabelle [2] lemma assumes AB: "large_A /\ large_B" shows "large_B /\ large_A" ( is "?B /\ ?A" )‏ using AB proof assume "?A" "?B" show ?thesis.. qed Coq [1] Variables A B C : Prop. Lemma and_commutative : (A /\ B) -> (B /\ A). intro. elim H. split. exact H1. exact H0. Save. 22

32 Mathematical Proof Supposition k, m: N Goal k + (m + 0) = (k + m) + 0 k + (m + 0) = k + m by (i) of Definition + k + m = (k + m) + 0 by (i) of Definition + Deduction if k ∈ N and m ∈ N then k + (m + 0) = (k + m) + 0 [ZeroAssociativity] For all k: N, for all m: N, k + (m + 0) = (k + m) + 0 by universal generalization 23

33 RESOLVE Proof Language Supposition k, m: N; Goal k + (m + 0) = (k + m) + 0; k + (m + 0) = k + m by (i) of Definition +; k + m = (k + m) + 0 by (i) of Definition +; Deduction if k is_in N and m is_in N then k + (m + 0) = (k + m) + 0; [ZeroAssociativity] For all k: N, for all m: N, k + (m + 0) = (k + m) + 0 by universal generalization; 24

34 Demo Corollary Identity: a : N and a + 0 = a; Proof of Theorem Nothing: Supposition k, m: N; (k + m) + 0 = k + m by Corollary Identity & equality; Deduction if k is_in N and m is_in N then (k + m) + 0 = k + m; QED 25

35 Demo Corollary Identity: a : N and a + 0 = a; Proof of Theorem Nothing: Supposition k, m: N; (k + m) + 0 = m + 0 by Corollary Identity & equality; Deduction if k is_in N and m is_in N then (k + m) + 0 = k + m; QED Error: Simple.mt(10): Could not apply substitution to the justified expression. (k + m) + 0 = m + 0 by Corollary Identity & equality; 26

36 Demo Corollary Identity: a : N and a + 0 = a; Proof of Theorem Nothing: Supposition k, m: N; (k + m) + 0 = k + m by Corollary Identity & or rule; Deduction if k is_in N and m is_in N then (k + m) + 0 = k + m; QED Error: Simple.mt(10): Could not apply the rule Or Rule to the proof expression. (k + m) + 0 = k + m by Corollary Identity & or rule; 27

37 Conclusions A clearer distinction is required between those proof obligations that we expect to be dispatched by an automated prover, and those for which we intend to furnish a proof. Programmers should not be required to provide proofs. Robust mathematical library of theories is required. Techniques from programming languages should be applied to mitigate the complexity of such theories. 28

38 References [1] G. Huet, G. Kahn, and C. Paulin-Mohring, “The Coq Proof Assistant: A Tutorial.” INRIA, 2004, pp. 3-18; 45-47. [2] T. Nipkow. “A Tutorial Introduction to Structured Isar Proofs,” http://www.cl.cam.ac.uk/research/hvg/Isabelle/dist/Isa belle/doc/isar-overview.pdf. 28

Download ppt "Integrating Math Units and Proof Checking for Specification and Verification SAVCBS Workshop 2008 SIGSOFT 2008 / FSE 16 November 9th, 2008 Hampton Smith."

Similar presentations

Automated Theorem Proving Lecture 1. Program verification is undecidable! Given program P and specification S, does P satisfy S?

Automated Theorem Proving Lecture 1. Program verification is undecidable! Given program P and specification S, does P satisfy S?
This research is funded in part the U. S. National Science Foundation grant CCR-0113181. DEET for Component-Based Software Murali Sitaraman, Durga P. Gandi.

This research is funded in part the U. S. National Science Foundation grant CCR DEET for Component-Based Software Murali Sitaraman, Durga P. Gandi.
Isabelle / HOL Theorem Proving System

Isabelle / HOL Theorem Proving System
PZ03D Programming Language design and Implementation -4th Edition Copyright©Prentice Hall, 2000 1 PZ03D - Program verification Programming Language Design.

PZ03D Programming Language design and Implementation -4th Edition Copyright©Prentice Hall, PZ03D - Program verification Programming Language Design.
Addressing the Challenges of Current Software. Questions to Address Why? What? Where? How?

Addressing the Challenges of Current Software. Questions to Address Why? What? Where? How?
Proofs and Programs Wei Hu 11/01/2007. Outline  Motivation  Theory  Lambda calculus  Curry-Howard Isomorphism  Dependent types  Practice  Coq Wei.

Proofs and Programs Wei Hu 11/01/2007. Outline  Motivation  Theory  Lambda calculus  Curry-Howard Isomorphism  Dependent types  Practice  Coq Wei.
Introducing Formal Methods, Module 1, Version 1.1, Oct., 1998 1 Formal Specification and Analytical Verification L 5.

Introducing Formal Methods, Module 1, Version 1.1, Oct., Formal Specification and Analytical Verification L 5.
Programming Paradigms Introduction. 6/15/2005 Copyright 2005, by the authors of these slides, and Ateneo de Manila University. All rights reserved. L1:

Programming Paradigms Introduction. 6/15/2005 Copyright 2005, by the authors of these slides, and Ateneo de Manila University. All rights reserved. L1:
This research has been funded in part by grants from the U. S. National Science Foundation for the past 20 years. Towards Verified Software: Research and.

This research has been funded in part by grants from the U. S. National Science Foundation for the past 20 years. Towards Verified Software: Research and.
LIFE CYCLE MODELS FORMAL TRANSFORMATION

LIFE CYCLE MODELS FORMAL TRANSFORMATION
Key-word Driven Automation Framework Shiva Kumar Soumya Dalvi May 25, 2007.

Key-word Driven Automation Framework Shiva Kumar Soumya Dalvi May 25, 2007.
ISBN 0-321-33025-0 Chapter 3 Describing Syntax and Semantics.

ISBN Chapter 3 Describing Syntax and Semantics.
CS 355 – Programming Languages

CS 355 – Programming Languages
An Integration of Program Analysis and Automated Theorem Proving Bill J. Ellis & Andrew Ireland School of Mathematical & Computer Sciences Heriot-Watt.

An Integration of Program Analysis and Automated Theorem Proving Bill J. Ellis & Andrew Ireland School of Mathematical & Computer Sciences Heriot-Watt.
May 11, 2009 1 ACL2 Panel: What is the Future of Theorem Proving? Arvind Computer Science & Artificial Intelligence Laboratory.

May 11, ACL2 Panel: What is the Future of Theorem Proving? Arvind Computer Science & Artificial Intelligence Laboratory.
Case Study: Using PVS to Analyze Security Protocols Kyle Taylor.

Case Study: Using PVS to Analyze Security Protocols Kyle Taylor.
Katz2004 236386--Formal Specifications Larch 1 Algebraic Specification and Larch Formal Specifications of Complex Systems 236368 Shmuel Katz The Technion.

Katz Formal Specifications Larch 1 Algebraic Specification and Larch Formal Specifications of Complex Systems Shmuel Katz The Technion.
Presentation for Proof Assistant course by Nadya Kalabishka

Presentation for Proof Assistant course by Nadya Kalabishka
Chair of Software Engineering Automatic Verification of Computer Programs.

Chair of Software Engineering Automatic Verification of Computer Programs.
Describing Syntax and Semantics

Describing Syntax and Semantics

Similar presentations

Ads by Google