a self verifying theorem prover
play

A Self-Verifying Theorem Prover Jared Davis (advertisement by J - PowerPoint PPT Presentation

Dec 18, 2022 •282 likes •693 views

A Self-Verifying Theorem Prover Jared Davis (advertisement by J Strother Moore) Department of Computer Sciences University of Texas at Austin September 18, 2009 1 Theorem Prover ? Yes Proof Checker Yes No 2 Rules of

  1. A “Self-Verifying” Theorem Prover Jared Davis (advertisement by J Strother Moore) Department of Computer Sciences University of Texas at Austin September 18, 2009 1

  2. φ Theorem Prover ? Yes π Proof Checker Yes No 2

  3. Rules of Inference Prop Schema ¬ A ∨ A A ∨ A Contraction A A Expansion B ∨ A A ∨ ( B ∨ C ) Associativity ( A ∨ B ) ∨ C A ∨ B, ¬ A ∨ C Cut B ∨ C 3

  4. A Instantiation A/σ Induction (ordinals below ǫ 0 ) Rec Defn (ordinals below ǫ 0 ) 4

  5. Axioms Reflexivity x = x Equality x 1 = y 1 → x 2 = y 2 → x 1 = x 2 → y 1 = y 2 Functional Reflexivity x 1 = y 1 → . . . → x n = y n → f ( x 1 , . . . , x n ) = f ( y 1 , . . . , y n ) 5

  6. Beta Reduction (( λx 1 . . . x n .β ) t 1 , . . . , t n ) = β/ [ x 1 ← t 1 , . . . , x n ← t n ] Base Evaluation e.g., 1 + 2 = 3 6

  7. 52 Lisp Axioms e.g., car ( cons ( x, y )) = x 7

  8. Assumed Characteristics Proof Checker: Small (1500 LOC), Trusted, Impractical Theorem Prover: Big (100K LOC), Untrusted, Practical How can we trust the Theorem Prover? 8

  9. Related Work LCF-style (trust depends on type system, time-inefficient) Constructive type theory (trust depends on type system, space-inefficient) Proof Objects (trust depends on proof checker, space- and time-inefficient) 9

  10. Related Work LCF-style (trust depends on type system, time-inefficient) Constructive type theory (trust depends on type system, space-inefficient) Proof Objects (trust depends on proof checker, space- and time-inefficient) 10

  11. � ✁ � � ✁ ✁ ✁ ✁ ✁ ✁ ✁ ✁ ✁ � ✁ ✁ ✁ ✁ ✁ ✁ ✁ ✁ ✁ ✁ ✁ ✁ � ✁ � ✁ � � � � � � � � � � � � � � � � � � � ✁ φ Theorem Prover Proof Generator π Proof Checker Yes No 11

  12. φ Theorem Prover Proof Generator π Proof Checker Yes No 12

  13. Two Alternatives (1) Run the Proof Generator every time and check the proof with the trusted Proof Checker. (2) Prove that the Proof Generator will always generate a proof that succeeds. 13

  14. Two Alternatives (1) Run the Proof Generator every time and check the proof with the trusted Proof Checker. (2) Prove that the Proof Generator will always generate a proof that succeeds. 14

  15. Two Alternatives (1) Run the Proof Generator every time and check the proof with the trusted Proof Checker. (2) Prove that the Proof Generator will always generate a proof that succeeds. But what prover do you use? 15

  16. Correctness wrt Proof Checker (“Fidelity”) When Theorem Prover (“A”) returns “Yes” on φ , • Proof Generator produces a well-formed proof π • Proof π concludes with φ • Proof Checker (“C”) accepts π 16

  17. The Project Suppose you’ve defined the proof checker C as an executable Lisp program. Then use it to • admit the definition of C as an axiom • admit the definition of A as an axiom • check a proof of the correctness formula: 17

  18. Correctness Formula formula ( φ ) ∧ A ( φ ) → ( ∃ π. proof ( π ) ∧ concl ( π ) = φ ∧ C ( π )) 18

  19. What You Must Trust • the program C • the hardware/software platform it runs on • the statement of the correctness theorem (you needn’t bother to read the definition of A if you don’t care how it works) • the fact that there is a proof file that C certifies as a proof of the statement 19

  20. Jared’s Problem generating a checkable proof of the correctness statement 20

  21. ✁ ✁ � ✁ ✁ ✁ ✁ ✁ ✁ ✁ ✁ ✁ � ✁ ✁ ✁ ✁ ✁ ✁ ✁ ✁ ✁ ✁ � � ✁ � ✁ ✁ � � � � � � � � � � � � � � � � � � � � ✁ Plan ‘‘I am correct’’ • Prove “I am correct” with Theorem Prover Theorem Prover Proof Generator Π • Generate that proof Π Proof Checker • Check Π with Proof Checker Yes No • Never generate another proof 21

  22. Plan • Prove “I am correct” with φ Theorem Prover Theorem Prover ? Yes • Generate that proof Π • Check Π with Proof Checker • Never generate another proof 22

  23. Unfortunately The proof of correctness, Π , of a practical theorem prover is too big to generate and check. 23

  24. ...because • to be trustworthy, the Proof Checker takes tiny inference steps, so proofs are big, and • the Theorem Prover is a big system 24

  25. Solution ( . . . sort of) Introduce a more powerful trusted proof checker and prove it correct. 25

  26. ✂ ✂ ✂ ✂ ✂ ✂ ✂ ✂ ✂ ✂ ✂ ✂ ✂ ✂ ✂ ✂ ✂ ✂ ✂ ✂ ✂ ✂ ✄ ✂ ✂ ✂ ✂ ✂ ✂ ✄ ✄ ✄ ✄ ✄ ✄ ✄ ✄ ✄ ✄ ✄ ✄ ✄ ✄ ✂ ✄ ✄ ✄ ✄ ✄ ✂ ✂ ✂ ✂ ✂ ✂ ✂ ✄ ✄ ✄ � � � � � � � � � � � � � � � � � � � � � � � � � � � � ✄ ✁ ✁ ✁ ✁ ✁ ✁ ✁ ✁ ✁ ✁ ✁ ✁ ✁ ✁ � ✁ ✁ ✁ ✁ ✁ ✁ ✁ ✁ ✁ ✁ ✁ � ✄ Solution ( . . . sort of) • Use A to prove A correct wrt B A Gen A • Run Gen A to get B -Level proof Π A B Gen B • Use A to prove B correct wrt C C • Run Gen B ◦ Gen A to get C -Level proof Π B • Check Π B with C • Check Π A with B 26

  27. Solution ( . . . sort of) Let Γ = Gen A ( Gen B (Π A )) . Then: Γ is a C -level proof of the correctness of A Γ is certified by C Γ is (might be) too large to actually construct 27

  28. Unfortunately Just one intermediate proof checker is not enough, i.e., even Π A and Π B are too large to construct. 28

  29. It is important to • increase the size of the inference step, and • decrease the complexity differences between the software systems 29

  30. ✡ ✌ ✌ ✌ ✌ ✌ ✌ ✌ ✌ ☞ ✌ ✌ ✌ ✌ ✌ ✌ ✌ ☞ ☞ ✌ ☞ ☞ ☞ ☞ ☞ ☞ ☞ ☞ ☞ ☞ ☞ ☞ ☞ ☞ ☞ ☞ ✌ ✌ ☞ ✍ ✍ ✍ ✍ ✍ ✍ ✍ ✍ ✍ ✍ ✍ ✍ ✍ ✍ ✍ ✍ ✍ ✍ ✌ ✍ ✌ ✌ ✌ ✌ ✌ ✌ ✍ ✍ ✍ ✍ ✍ ✍ ✍ ✍ ✍ ☞ ☞ ✍ ✡ ✡ ✡ ✡ ✡ ✡ ✡ ✡ ✡ ✡ ✡ ✡ ✡ ✡ ✡ ✡ ✡ ✡ ☛ ✡ ✠ ✠ ✠ ✠ ✓ ✡ ✡ ✡ ✡ ✡ ✡ ✡ ✡ ✡ ✡ ☛ ☛ ☞ ☞ ☛ ☛ ☞ ☞ ☞ ☞ ☞ ☛ ☞ ☞ ☞ ☞ ☞ ☞ ☞ ☛ ☛ ☛ ☛ ☛ ☛ ☛ ☛ ☛ ☛ ☛ ☛ ☛ ☛ ☛ ☛ ☛ ☛ ☛ ✍ ✍ ✠ ✒ ✒ ✒ ✒ ✒ ✒ ✒ ✒ ✑ ✒ ✒ ✒ ✒ ✒ ✒ ✒ ✑ ✑ ✒ ✑ ✑ ✑ ✑ ✑ ✑ ✑ ✑ ✑ ✑ ✑ ✑ ✑ ✑ ✑ ✑ ✒ ✒ ✑ ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✒ ✒ ✒ ✒ ✒ ✒ ✒ ✒ ✒ ✒ ✒ ✒ ✒ ✒ ✒ ✒ ✒ ✒ ✑ ✑ ✍ ✎ ✎ ✎ ✎ ✎ ✎ ✎ ✎ ✎ ✎ ✎ ✎ ✎ ✎ ✎ ✎ ✎ ✎ ✏ ✎ ✍ ✍ ✍ ✍ ✎ ✎ ✎ ✎ ✎ ✎ ✎ ✎ ✎ ✎ ✎ ✏ ✏ ✑ ✏ ✏ ✏ ✏ ✏ ✏ ✏ ✏ ✏ ✏ ✏ ✏ ✏ ✏ ✑ ✑ ✏ ✏ ✏ ✏ ✏ ✏ ✏ ✏ ✏ ✏ ✏ ✏ ✏ ✏ ✏ ✏ ✏ ✏ ✏ ✠ ✠ ✓ ✂ ✂ ✂ ✂ ✂ ✂ ✂ ✂ ✂ ✂ ✂ ✂ ✂ ✄ ✄ ✄ ✂ ✂ ✄ ✂ ✂ ✂ ✂ ✂ ✂ ✂ ✂ ✂ ✂ ✂ ✂ ✂ ✂ ✂ ✂ ✄ ✄ ✂ ☎ ✄ ✄ ✄ ✄ ☎ ☎ ☎ ✄ ☎ ☎ ☎ ☎ ☎ ☎ ☎ ✄ ✄ ✄ ✄ ✄ ✄ ✄ ✄ ✄ ✄ ✄ ✄ ✄ ✄ ✄ ✄ ✄ ✄ ✄ ✂ ✂ ☎ � � � � � � � � � � � � � � � � � � � ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ � ✓ ✓ � � � � � � � ✂ ✁ ✁ ✁ ✁ ✁ ✁ ✁ ✁ ✁ ✁ ✁ ✁ ✁ ✁ ✁ ✂ ✁ ✁ � � � � � � � � � ✁ ✁ ✁ ✁ ✁ ✁ ✁ ✁ ☎ ☎ ✠ ✟ ✞ ✞ ✞ ✞ ✞ ✞ ✟ ✞ ✟ ✟ ✟ ✟ ✟ ✟ ✟ ✞ ✞ ✟ ✞ ✞ ✞ ✞ ✞ ✞ ✞ ✞ ✞ ✞ ✞ ✞ ✞ ✞ ✞ ✞ ✟ ✟ ✝ ✠ ✠ ✠ ✠ ✠ ✠ ✠ ✠ ✠ ✠ ✠ ✠ ✠ ✠ ✠ ✠ ✠ ✟ ✟ ✟ ✟ ✟ ✟ ✟ ✟ ✟ ✟ ✟ ✟ ✟ ✟ ✟ ✟ ✟ ✟ ✝ ✝ ☎ ✆ ☎ ☎ ✆ ✆ ✆ ✆ ✆ ☎ ✆ ✆ ✆ ✆ ✆ ✆ ✆ ☎ ☎ ✆ ☎ ☎ ☎ ☎ ☎ ☎ ☎ ☎ ☎ ☎ ☎ ☎ ☎ ☎ ☎ ☎ ✆ ✆ ✝ ✝ ✝ ✝ ✝ ✝ ✝ ✝ ✝ ✝ ✝ ✝ ✝ ✝ ✝ ✝ ✝ ✝ ✝ ✆ ✆ ✆ ✆ ✆ ✆ ✆ ✆ ✆ ✝ ✝ ✝ ✝ ✝ ✝ ✝ ✝ ✓ 30 9 Evaluation and unconditional rewriting 8 Audit trails (in prep for rewriting) 3 Rules about primitive functions 4 Miscellaneous ground work 11 Induction and other tactics 5 Assumptions and clauses 2 Propositional reasoning 6 Factoring, splitting help 1 Primitive proof checker 10 Conditional rewriting 7 Case splitting Level Jared’s Stack

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

1 What is a Theorem Prover? What is a Theorem? Theorem: A formalizable statement which is

1 What is a Theorem Prover? What is a Theorem? Theorem: A formalizable statement which is

Prerequisites Course 2D1453, 2006-07 Undergraduate logic and discrete maths CS literacy Advanced Formal Methods Some functional programming experience useful The theorem prover Isabelle is programming in SML Some SML

644 views • 4 slides
Meditation for a Theorem Prover Reasoning and Consciousness Teaching a Theorem Prover to let

Meditation for a Theorem Prover Reasoning and Consciousness Teaching a Theorem Prover to let

Meditation for a Theorem Prover Reasoning and Consciousness Teaching a Theorem Prover to let its Mind Wander Ulrich Furbach Claudia Schon Univ. Koblenz - DFG Project Cognitive Reasoning Reasoning and Consciousness Teaching a

715 views • 55 slides
CML Theorem Prover Simon Foster 2nd Review Brussels, 21 November, 2013 Deliverable: D33.2 (m24)

CML Theorem Prover Simon Foster 2nd Review Brussels, 21 November, 2013 Deliverable: D33.2 (m24)

CML Theorem Prover Simon Foster 2nd Review Brussels, 21 November, 2013 Deliverable: D33.2 (m24) www.compass-research.eu Theorem Prover Usage CML specifications to be verified by the COMPASS tool type-checking alone is insufficient to

311 views • 8 slides
A Parallelized Theorem Prover for Interactive Theorem Proving David L. Rager, Warren A. Hunt Jr.,

A Parallelized Theorem Prover for Interactive Theorem Proving David L. Rager, Warren A. Hunt Jr.,

Introduction Parallelism Primitives Parallelizing ACL2 Evaluate Approach Conclusion A Parallelized Theorem Prover for Interactive Theorem Proving David L. Rager, Warren A. Hunt Jr., and Matt Kaufmann ragerdl@defthm.com, hunt@cs.utexas.edu,

835 views • 59 slides
SMAC and XGBoost your Theorem Prover Edvard K. Holden Konstantin Korovin The University of

SMAC and XGBoost your Theorem Prover Edvard K. Holden Konstantin Korovin The University of

SMAC and XGBoost your Theorem Prover Edvard K. Holden Konstantin Korovin The University of Manchester 1 Theorem Proving in First-Order Logic Proof Axioms + Conjecture iProver | Counter model | Timeout 2 Heuristics - The Key to Success

1.03k views • 26 slides
Lean Theorem Prover Tom van Bussel June 14, 2017 Goals It aims to bridge the gap between

Lean Theorem Prover Tom van Bussel June 14, 2017 Goals It aims to bridge the gap between

Lean Theorem Prover Tom van Bussel June 14, 2017 Goals It aims to bridge the gap between interactive and automated theorem proving, by situating automated tools and methods in a framework that supports user interaction and the construction

324 views • 21 slides
Hygienic Macros for the ACL2 Theorem Prover Carl Eastlund Matthias Felleisen cce@ccs.neu.edu

Hygienic Macros for the ACL2 Theorem Prover Carl Eastlund Matthias Felleisen cce@ccs.neu.edu

Hygienic Macros for the ACL2 Theorem Prover Carl Eastlund Matthias Felleisen cce@ccs.neu.edu matthias@ccs.neu.edu Northeastern University Boston, MA, USA 1 The ACL2 Theorem Prover 2 (defun double (x) (+ x x)) (defun map-double (lst) (if

898 views • 52 slides
Clause Features for Theorem Prover Guidance uv 1 Josef Urban 1 Jan Jakub AITP19, Obergurgl,

Clause Features for Theorem Prover Guidance uv 1 Josef Urban 1 Jan Jakub AITP19, Obergurgl,

Clause Features for Theorem Prover Guidance uv 1 Josef Urban 1 Jan Jakub AITP19, Obergurgl, Austria, April 2019 1 Czech Technical University in Prague, Czech Republic Jan Jakub uv, Josef Urban Clause Features for Theorem Prover Guidance

589 views • 35 slides
A SAT-Based Procedure for Verifying Finite State Machines in ACL2 Warren A. Hunt, Jr. and Erik

A SAT-Based Procedure for Verifying Finite State Machines in ACL2 Warren A. Hunt, Jr. and Erik

A SAT-Based Procedure for Verifying Finite State Machines in ACL2 Warren A. Hunt, Jr. and Erik Reeber {reeber,hunt}@cs.utexas.edu The University of Texas ACL2 Workshop, August 16 , 2006 Introduction The ACL2 theorem prover is great

252 views • 22 slides
Haskell: Compiler as Theorem-Prover Greg Price ( price ) 2007 Nov 19 code samples:

Haskell: Compiler as Theorem-Prover Greg Price ( price ) 2007 Nov 19 code samples:

Haskell: Compiler as Theorem-Prover Greg Price ( price ) 2007 Nov 19 code samples: http://cluedumps.mit.edu/wiki/2007/11-19 Greg Price ( price ) () Haskell: Compiler as Theorem-Prover 2007 Nov 19 1 / 26 Software Transactional Memory 1

869 views • 48 slides
The Abella Interactive Theorem Prover (System Description) Andrew Gacek Department of Computer

The Abella Interactive Theorem Prover (System Description) Andrew Gacek Department of Computer

The Abella Interactive Theorem Prover (System Description) Andrew Gacek Department of Computer Science and Engineering University of Minnesota IJCAR 08 August 12, 2008 Characteristics of the Abella System Abella is a theorem proving

794 views • 40 slides
Tableau Theorem Prover for Intuitionistic Propositional Logic Larry Diehl Portland State

Tableau Theorem Prover for Intuitionistic Propositional Logic Larry Diehl Portland State

Tableau Theorem Prover for Intuitionistic Propositional Logic Larry Diehl Portland State University CS 510 - Mathematical Logic and Programming Languages Larry Diehl Tableau Theorem Prover for Intuitionistic Propositional Logic Motivation

357 views • 22 slides
Tableau Theorem Prover for Intuitionistic Propositional Logic Larry Diehl Portland State

Tableau Theorem Prover for Intuitionistic Propositional Logic Larry Diehl Portland State

Tableau Theorem Prover for Intuitionistic Propositional Logic Larry Diehl Portland State University CS 510 - Mathematical Logic and Programming Languages Larry Diehl Tableau Theorem Prover for Intuitionistic Propositional Logic Motivation

289 views • 17 slides
yet another nice and accurate interactive theorem prover (sufficiently similar, sufficiently

yet another nice and accurate interactive theorem prover (sufficiently similar, sufficiently

yet another nice and accurate interactive theorem prover (sufficiently similar, sufficiently different) Freek Wiedijk Radboud University Nijmegen 2018 06 25 0 nice combining the nicest aspects of state-of-the-art provers:

288 views • 25 slides
The Lean Theorem Prover Jeremy Avigad Department of Philosophy and Department of Mathematical

The Lean Theorem Prover Jeremy Avigad Department of Philosophy and Department of Mathematical

The Lean Theorem Prover Jeremy Avigad Department of Philosophy and Department of Mathematical Sciences Carnegie Mellon University (Leans principal developer is Leonardo de Moura, Microsoft Research, Redmond) September 2014 . Automated

965 views • 14 slides
Reachability Analysis in the KeYmaera X Theorem Prover SNR 2017 | Uppsala, Sweden | April 22,

Reachability Analysis in the KeYmaera X Theorem Prover SNR 2017 | Uppsala, Sweden | April 22,

Reachability Analysis in the KeYmaera X Theorem Prover SNR 2017 | Uppsala, Sweden | April 22, 2017 Nathan Fulton Other System Contributors: Stefan Mitsch, Andr Platzer, Brandon Bohrer, Yong Kiam Tan, Jan-David Quesel, ... Trustworthy

932 views • 57 slides
Checkable Proofs for First-Order Theorem Proving Giles Reger 1 , Martin Suda 2 1 School of Computer

Checkable Proofs for First-Order Theorem Proving Giles Reger 1 , Martin Suda 2 1 School of Computer

Checkable Proofs for First-Order Theorem Proving Giles Reger 1 , Martin Suda 2 1 School of Computer Science, University of Manchester, UK 2 TU Wien, Vienna, Austria ARCADE 2017 Gothenburg, August 6, 2017 1/8 Why do we want proofs? (explain

567 views • 29 slides
APPG Energy Studies Briefing Neil Kenward 9 June 2020 The UK has made good progress to date,

APPG Energy Studies Briefing Neil Kenward 9 June 2020 The UK has made good progress to date,

Ofgems role in decarbonisation APPG Energy Studies Briefing Neil Kenward 9 June 2020 The UK has made good progress to date, especially in decarbonising power. Net zero represents a step change in ambition and challenge The UK has reduced

476 views • 8 slides
Generalization of Cycle-Covering Heuristics Clemens B uchner Department of Mathematics and

Generalization of Cycle-Covering Heuristics Clemens B uchner Department of Mathematics and

Generalization of Cycle-Covering Heuristics Masters Thesis Presentation Generalization of Cycle-Covering Heuristics Clemens B uchner Department of Mathematics and Computer Science University of Basel May 14, 2020 Generalization of

877 views • 54 slides
Parsing OSM XML iD OSMCha To-Fix Frontend Developer kepta kushan2020 Breaking down iD

Parsing OSM XML iD OSMCha To-Fix Frontend Developer kepta kushan2020 Breaking down iD

Parsing OSM XML iD OSMCha To-Fix Frontend Developer kepta kushan2020 Breaking down iD Breaking down iD 15% Rendering Painting 21% Javascript 64% HTML A sample of what iD is doing behind the scenes Breaking down JS 13% Draw Vector

426 views • 27 slides
Delegation with (nearly) optimal time/space overhead Justin Holmgren Ron Rothblum MIT MIT

Delegation with (nearly) optimal time/space overhead Justin Holmgren Ron Rothblum MIT MIT

Delegation with (nearly) optimal time/space overhead Justin Holmgren Ron Rothblum MIT MIT Verifiable Computation Verifiable Computation Verifiable Computation M(x)=? M(x) = y Verifiable Computation M(x)=? , challenge , proof

1.73k views • 119 slides
Foundational Proof Certificates Making proof universal and permanent Dale Miller INRIA-Saclay

Foundational Proof Certificates Making proof universal and permanent Dale Miller INRIA-Saclay

Foundational Proof Certificates Making proof universal and permanent Dale Miller INRIA-Saclay & LIX, Ecole Polytechnique 23 September 2013 Can we standardize, communicate, and trust formal proofs? Joint work with Zakaria Chihani and

864 views • 37 slides
Practical Proof Systems for SAT and QBF Marijn J.H. Heule Dagstuhl Seminar on SAT and

Practical Proof Systems for SAT and QBF Marijn J.H. Heule Dagstuhl Seminar on SAT and

Practical Proof Systems for SAT and QBF Marijn J.H. Heule Dagstuhl Seminar on SAT and Interactions September 20, 2016 1/47 Introduction to SAT and QBF Proof Checking Clausal Proof Systems for SAT and QBF Abstract Proof System for SAT

924 views • 67 slides
the Correctness of math.h Implementations Wonyeol Lee 1,2 Rahul Sharma 3 Alex Aiken 1 1 Stanford

the Correctness of math.h Implementations Wonyeol Lee 1,2 Rahul Sharma 3 Alex Aiken 1 1 Stanford

On Automatically Proving the Correctness of math.h Implementations Wonyeol Lee 1,2 Rahul Sharma 3 Alex Aiken 1 1 Stanford University 2 KAIST 3 Microsoft Research POPL 2018 1 /146 Our Goal mathematical specification Industry

2.05k views • 146 slides

More recommend