batch proving and proof scripting in pvs
play

Batch Proving and Proof Scripting in PVS C esar A. Mu noz - PowerPoint PPT Presentation

Mar 06, 2023 •95 likes •442 views

Batch Proving and Proof Scripting in PVS C esar A. Mu noz munoz@nianet.org National Institute of Aerospace AFM 2006 NIA @ NASA LaRC 1 The PVS Theorem Prover PVS is a powerful interactive theorem prover. For expert users: PVS provides

  1. Batch Proving and Proof Scripting in PVS C´ esar A. Mu˜ noz munoz@nianet.org National Institute of Aerospace AFM 2006 NIA @ NASA LaRC 1

  2. The PVS Theorem Prover PVS is a powerful interactive theorem prover. For expert users: PVS provides a powerful batch mode as well. Why do we need a batch mode ? NIA @ NASA LaRC 2

  3. The PVS Theorem Prover PVS is a powerful interactive theorem prover. For expert users: PVS provides a powerful batch mode as well. Why do we need a batch mode ? NIA @ NASA LaRC 3

  4. The PVS Theorem Prover PVS is a powerful interactive theorem prover. For expert users: PVS provides a powerful batch mode as well. Why do we need a batch mode ? NIA @ NASA LaRC 4

  5. Scenario 1 After several weeks we have finished the development of an Interval library in PVS: 10 files, 322 lemmas. We want to double check that the status of all the lemmas. A new version of PVS is available. We want to recheck all the proofs. NIA @ NASA LaRC 5

  6. Scenario 2 Consider the function a r ( φ ) = 1 + (1 − f ) 2 tan 2 φ, where a and f are constants. For efficiency reasons, we want to approximate the function r ( φ ) by the polynomial 4439091 � 9023647 2 − φ 2 ) × 2 − φ 2 ) × r ( φ ) ˆ = + ( φ + ( φ 4 4 � 13868737 � 13233647 2 − φ 2 ) × 2 − φ 2 ) × + ( φ + ( φ 64 2048 � − 1898597 ���� − 6661427 2 − φ 2 ) × + ( φ , 16384 131072 where φ = 715 512 and φ ∈ [0 , φ ]. NIA @ NASA LaRC 6

  7. Problem We want to prove that � � e ( φ ) � � 1 . 36 × 10 − 6 , ≤ � � r ( φ ) � � where e ( φ ) = r ( φ ) − ˆ r ( φ ) . In PVS, PHI : Interval = [| 0,715/512 |] RI : LEMMA FORALL (phi:real) : phi ## PHI IMPLIES |e(phi) / r(phi)| ## [| 0,136/1000000000 |] NIA @ NASA LaRC 7

  8. Automatic Proof by Interval Splitting Strategy: Use Interval’s numerical on [0 , φ ]. 1 If step 1 doesn’t work, split interval into [0 , φ 2 ] and [ φ 2 , φ ], and 2 recursively go to step 1. Problem: Very inefficient approach when a large number of splittings are needed (in this case about 10.000). Solution: Compute the splitting outside the theorem prover and generate PVS files with lemmas and proofs (in this case 3 lemmas per splitting). NIA @ NASA LaRC 8

  9. Automatic Proof by Interval Splitting Strategy: Use Interval’s numerical on [0 , φ ]. 1 If step 1 doesn’t work, split interval into [0 , φ 2 ] and [ φ 2 , φ ], and 2 recursively go to step 1. Problem: Very inefficient approach when a large number of splittings are needed (in this case about 10.000). Solution: Compute the splitting outside the theorem prover and generate PVS files with lemmas and proofs (in this case 3 lemmas per splitting). NIA @ NASA LaRC 9

  10. Automatic Proof by Interval Splitting Strategy: Use Interval’s numerical on [0 , φ ]. 1 If step 1 doesn’t work, split interval into [0 , φ 2 ] and [ φ 2 , φ ], and 2 recursively go to step 1. Problem: Very inefficient approach when a large number of splittings are needed (in this case about 10.000). Solution: Compute the splitting outside the theorem prover and generate PVS files with lemmas and proofs (in this case 3 lemmas per splitting). NIA @ NASA LaRC 10

  11. PVS in Batch Mode For Expert Users PVS prover and Emacs interface in batch mode: % pvs -batch Regression testing: ;; file.el (pvs-validate "file.log" "dir" (let ((current-prefix-arg t)) (prove-pvs-file "file.pvs"))) % pvs -batch -l file.el PVS prover without Emacs interface: % pvs -raw NIA @ NASA LaRC 11

  12. PVS in Batch Mode For Expert Users PVS prover and Emacs interface in batch mode: % pvs -batch Regression testing: ;; file.el (pvs-validate "file.log" "dir" (let ((current-prefix-arg t)) (prove-pvs-file "file.pvs"))) % pvs -batch -l file.el PVS prover without Emacs interface: % pvs -raw NIA @ NASA LaRC 12

  13. PVS in Batch Mode For Regular Users (via ProofLite’s proveit utility) % proveit Interval/top.pvs NIA @ NASA LaRC 13

  14. PVS in Batch Mode For Regular Users (via ProofLite’s proveit utility) % proveit -importchain Interval/top.pvs NIA @ NASA LaRC 14

  15. PVS in Batch Mode For Regular Users (via ProofLite’s proveit utility) % proveit -importchain -clean Interval/top.pvs NIA @ NASA LaRC 15

  16. PVS in Batch Mode For Regular Users (via ProofLite’s proveit utility) % proveit -importchain -clean -packages Field Interval/top.pvs NIA @ NASA LaRC 16

  17. PVS in Batch Mode For Regular Users (via ProofLite’s proveit utility) % proveit -importchain -clean -packages Field Interval/top.pvs Processing Interval/top.pvs. Writing output to file Interval/top.out. Proof summary for theory interval IMP_sigma_TCC1........................proved - complete sharp_Proper..........................proved - complete Proper_sharp..........................proved - complete specialbrackets_TCC1..................proved - complete Lt_Ge.................................proved - complete Le_Gt.................................proved - complete Abs_TCC1..............................proved - complete Abs_TCC2..............................proved - complete ... Theory totals: 156 formulas, 156 attempted, 156 succeeded (72.33 s) ... Grand Totals: 322 proofs, 322 attempted, 322 succeeded (122.73 s) NIA @ NASA LaRC 17

  18. PVS Proof Files For Expert Users “The format is: (<theory-id> (<decl-id> <default-proof-posn> (<id> <description> <create-date> <run-date> <script> <status> <refers-to> <real-time> <run-time> <interactive?> <decision-procedure-used>) ...) ...) where <default-proof-posn> is the (0-based) position of the default proof in the list of proofs associated with the declaration. The <create-date> is the time that the proof was first saved, and the <run-date> is the time it was last rerun. The <real-time> and <run-time> are the time it took the last time it was run, and <interactive?> indicates whether that was an interactive run or not [. . . ] Most of the rest of the fields should be self-explanatory . . . ” ∗ NIA @ NASA LaRC ∗ Sam Owre, PVS mailing list, June 2003. 18

  19. PVS Batch Proofs For Regular Users (via ProofLite scripts) PHI0 : Interval = [| 0, 82225/51200000 |] RpI0 : LEMMA phi ## PHI0 IMPLIES |ep(phi)/rp(phi)| ## [| 0, 136/10000000 |] %|- RpI0 : PROOF %|- (instint :taylor "Ep0" :hints "Ep_deriv") %|- QED NIA @ NASA LaRC 19

  20. The ProofLite Package Package for non-interactive proof scripting in PVS: Utility for running the theorem prover in batch mode. A proof scripting notation where proof scripts reside in .pvs files. Suitable for batch generation of specifications and proof scripts. Download: http://research.nianet.org/~munoz/ProofLite NIA @ NASA LaRC 20

  21. The proveit Utility Usage: proveit [OPTION] FILE[@TH1,..,THn]* For each FILE , proveit runs PVS in batch mode and proves theories TH1,..,THn , which are either imported or defined in FILE.pvs . If no theories are provided, proveit proves all theories in FILE . -clean : Removes bin files and .pvscontext before proving -force : Overrides current proofs with ProofLite scripts -importchain : Proves chain of imported theories -packages P1,..,Pn : Loads packages P1,..,Pn -prooftraces : Output proof traces. NIA @ NASA LaRC 21

  22. ProofLite Scripts ProofLite scripts are written in PVS files using the special comment form: l1: LEMMA a*a >= 0 %|- l1 : PROOF (grind) QED ProofLite scripts can extend to multiple lines: l2: LEMMA (nza/2)*(2/nza) = 1 %|- l2 : PROOF %|- (then (skosimp) %|- (grind)) %|- QED NIA @ NASA LaRC 22

  23. Sharing ProofLite Scripts Several lemmas can share the same ProofLite script: l3: LEMMA a*a >= 0 l4: LEMMA (nza/2)*(2/nza) = 1 %|- l3 : PROOF %|- l4 : PROOF %|- (grind) %|- QED NIA @ NASA LaRC 23

  24. ProofLite Scripts for Name-Matching Lemmas Name-matching lemmas can share the same ProofLite script. The symbol * stands for an arbitrary sequence of one or more characters, e.g., l3a: LEMMA a*a >= 0 l4a: LEMMA (nza/2)*(2/nza) = 1 %|- l*a : PROOF %|- (grind) %|- QED NIA @ NASA LaRC 24

  25. Macro Scripts Name-matching lemmas can be used to create macro scripts. The symbol $0 refers to the name of the lemma and the symbol $ n refers to n -th matching string from left to right, e.g., l_5_6 : LEMMA EXISTS (a) : 5 < a AND a < 6 l 6 7 : LEMMA EXISTS (a) : 6 < a AND a < 7 %|- l *_* : PROOF %|- (then (skip-msg "Proving Lemma: $0") %|- (inst 1 "$1 + ($2 - $1)/2") %|- (grind)) %|- QED NIA @ NASA LaRC 25

  26. Parametric Scripts Parametric scripts have the form: %|- <script name>[e1;...;en]: PROOF %|- <steps> %|- QED The symbol # n is substituted by e n , e.g., l_8 : LEMMA EXISTS (a,b) : a+b = 8 l_9 : LEMMA EXISTS (a,b) : a+b = 9 %|- l_8[2;6] : PROOF %|- l_9[4;5] : PROOF %|- (then (skip-msg "Proving Lemma: $0") %|- (inst 1 "#1" "#2") %|- (grind)) %|- QED NIA @ NASA LaRC 26

  27. Installing ProofLite Scripts Interactively ProofLite scripts in the current theory. Without overriding old proofs: M-x install-prooflite-scripts-theory ( C-c it ). Overriding old proofs: M-x install-prooflite-scripts-theory! ( C-c !t ). ProofLite scripts at the cursor position. Without overriding old proofs: M-x install-prooflite-script ( C-c ip ). Overriding old proofs: M-x install-prooflite-script! ( C-c !p ). NIA @ NASA LaRC 27

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Visual theorem proving with the Incredible Proof Machine The idea Theorem Proving without

Visual theorem proving with the Incredible Proof Machine The idea Theorem Proving without

Interactive Theorem Proving, Nancy August 22, 2016 Joachim Breitner Karlsruhe Institute of Technology University of Pennsylvania, Philadelphia Visual theorem proving with the Incredible Proof Machine The idea Theorem Proving without Syntax

579 views • 43 slides
Source - Level Proof Reconstruction for Interactive Proving Lawrence C. Paulson and Kong W oei

Source - Level Proof Reconstruction for Interactive Proving Lawrence C. Paulson and Kong W oei

Source - Level Proof Reconstruction for Interactive Proving Lawrence C. Paulson and Kong W oei Susanto Computer Laboratory, University of Cambridg e Motivation Interactive provers are good for specifying complex systems, but proving

514 views • 20 slides
An Analysis of f Transition-to to-Proof Course Students Proving Difficulties Ahmed Benkhalti,

An Analysis of f Transition-to to-Proof Course Students Proving Difficulties Ahmed Benkhalti,

An Analysis of f Transition-to to-Proof Course Students Proving Difficulties Ahmed Benkhalti, John Selden, Annie Selden New Mexico State University UTEP/NMSU Workshop November 1, 2014 We analyzed students proving difficulties on a

563 views • 45 slides
A proof-theoretical journey through programming, model checking and theorem proving David Baelde

A proof-theoretical journey through programming, model checking and theorem proving David Baelde

A proof-theoretical journey through programming, model checking and theorem proving David Baelde IT University of Copenhagen ASL Meeting, Structural Proof Theory Session Madison, Wisconsin, April 2012 1 / 26 Logic programming A specification

270 views • 26 slides
Proving discrimination: The shift of the burden of proof and access to evidence Rachel Crasnow

Proving discrimination: The shift of the burden of proof and access to evidence Rachel Crasnow

Proving discrimination: The shift of the burden of proof and access to evidence Rachel Crasnow Barrister Context In 2012, Europeans were asked about which protected characteristics were seen by employers as causing problems for job

184 views • 5 slides
Theorem Proving with Semantic Tableaux 9ai Proof Method : By Refutation. Show by construction

Theorem Proving with Semantic Tableaux 9ai Proof Method : By Refutation. Show by construction

Theorem Proving with Semantic Tableaux 9ai Proof Method : By Refutation. Show by construction that no model can exist for given sentences . i.e. all potential models are contradictory. Do this by following the consequences of the data and

420 views • 10 slides
JProver : Integrating Connection-based Theorem Proving into Interactive Proof Assistants Stephan

JProver : Integrating Connection-based Theorem Proving into Interactive Proof Assistants Stephan

JProver : Integrating Connection-based Theorem Proving into Interactive Proof Assistants Stephan Schmitt 1 , Lori Lorigo 2 , Christoph Kreitz 2 , Aleksey Nogin 2 1 Dept. of Sciences and Engineering 2 Dept. of Computer Science Saint Louis

579 views • 8 slides
Asynchronous processing of proof documents rethinking interactive theorem proving Makarius

Asynchronous processing of proof documents rethinking interactive theorem proving Makarius

Asynchronous processing of proof documents rethinking interactive theorem proving Makarius November 2007 1. Motivation 2. Document processing 3. Main agents: provers, editors, users Motivation General aims Support interactive

380 views • 18 slides
Batch Systems Running calculations on HPC resources Outline What is a batch system? How

Batch Systems Running calculations on HPC resources Outline What is a batch system? How

Batch Systems Running calculations on HPC resources Outline What is a batch system? How do I interact with the batch system Job submission scripts Interactive jobs Common batch systems Converting between different batch

543 views • 17 slides
Proof Pearl: Proving a Simple Von Neumann Machine Turing Complete J Strother Moore Department of

Proof Pearl: Proving a Simple Von Neumann Machine Turing Complete J Strother Moore Department of

Proof Pearl: Proving a Simple Von Neumann Machine Turing Complete J Strother Moore Department of Computer Science University of Texas at Austin presented by Matt Kaufmann at ITP 2014, Vienna July, 2014 1 Introduction M1 is a simple

594 views • 46 slides
Proof Pearl: Proving a Simple Von Neumann Machine Turing Complete J Strother Moore Department of

Proof Pearl: Proving a Simple Von Neumann Machine Turing Complete J Strother Moore Department of

Proof Pearl: Proving a Simple Von Neumann Machine Turing Complete J Strother Moore Department of Computer Science University of Texas at Austin presented by Matt Kaufmann at ITP 2014, Vienna July, 2014 1 Introduction M1 is a simple

1.15k views • 87 slides
Mechanical Theorem Proving in Tarskis Geometry. Julien Narboux under the supervision of Hugo

Mechanical Theorem Proving in Tarskis Geometry. Julien Narboux under the supervision of Hugo

Mechanical Theorem Proving in Tarskis Geometry. Julien Narboux under the supervision of Hugo Herbelin LIX, INRIA Futurs, Ecole Polytechnique 31/08/2006, Pontevedra, Spain Outline 1 Interactive proof / Automated theorem proving 2

1.1k views • 73 slides
HOL C ONTENT Intro &amp; motivation, getting started with Isabelle Foundations &amp;

HOL C ONTENT Intro &amp; motivation, getting started with Isabelle Foundations &amp;

L AST T IME ON HOL Proof rules for propositional and predicate logic Safe and unsafe rules NICTA Advanced Course Forward Proof Theorem Proving The Epsilon Operator Slide 1 Slide 3 Principles, Techniques, Applications Some

292 views • 7 slides
. Needs effective (finitary) representation .. Failed Termination Proof vs. Non- TNT:

. Needs effective (finitary) representation .. Failed Termination Proof vs. Non- TNT:

Runtime Errors Proving Non-Termination Ashutosh K. Gupta Thomas A. Henzinger Rupak Majumdar MPI-SWS EPFL UCLA Andrey Rybalchenko Ru-Gang Xu MPI-SWS UCLA 2 Non-Termination Errors Proving Non-Termination Search for infinite

402 views • 6 slides
Proving the Validity of an Argument Torben Amtoft Kansas State University Torben Amtoft Kansas

Proving the Validity of an Argument Torben Amtoft Kansas State University Torben Amtoft Kansas

Outline Introduction Proving Validity: Examples The Notion of Proof Rules Proving Validity: More Examples Fitch Reasoning about Identity Proving the Validity of an Argument Torben Amtoft Kansas State University Torben Amtoft Kansas State

246 views • 23 slides
Scripting with Objects: A Comparative Presentation of Scripting With Perl and Python Avinash C.

Scripting with Objects: A Comparative Presentation of Scripting With Perl and Python Avinash C.

Scripting with Objects: A Comparative Presentation of Scripting With Perl and Python Avinash C. Kak Click here if your download doesn&quot;t start automatically Scripting with Objects: A Comparative Presentation of Scripting With Perl and

269 views • 5 slides
exp( 161ogm ) (logm) 1 =&lt;exp -(logm)/3 -&lt;2 1/3- 2 10 4 m With similar high

exp( 161ogm ) (logm) 1 =&lt;exp -(logm)/3 -&lt;2 1/3- 2 10 4 m With similar high

SIAM J. COMPUT. 1991 Society for Industrial and Applied Mathemaut;s Vol. 20, No. 1, pp. 22-40, February 1991 002 DETERMINISTIC SAMPLING--A NEW TECHNIQUE FOR FAST PATIERN MATCHING* UZI VISHKIN? Abstract. Consider the following three-stage

356 views • 19 slides
State of the Scala 2 Union Adriaan Moors Scala Team Lead Scala 2.13 Developer survey!

State of the Scala 2 Union Adriaan Moors Scala Team Lead Scala 2.13 Developer survey!

State of the Scala 2 Union Adriaan Moors Scala Team Lead Scala 2.13 Developer survey! scala-lang.org/news/survey-2018.html Apache v2.0! scala-lang.org/news/license-change.html (deadline for any concerns: Aug 10) Library release

1.02k views • 48 slides
1. Motivation 2. Uniform matrix characterizations 3. Conversion into prefixed sequent

1. Motivation 2. Uniform matrix characterizations 3. Conversion into prefixed sequent

Converting Non-Classical Matrix Proofs into Sequent-Style Systems Stephan Schmitt Christoph Kreitz 1. Motivation 2. Uniform matrix characterizations 3. Conversion into prefixed sequent systems 4. Extension to conventional sequent calculi

376 views • 10 slides
Toward Efficient Aspect Mining for Linux Danfeng Zhang, Yao Guo , Xiangqun Chen Institute of

Toward Efficient Aspect Mining for Linux Danfeng Zhang, Yao Guo , Xiangqun Chen Institute of

Toward Efficient Aspect Mining for Linux Danfeng Zhang, Yao Guo , Xiangqun Chen Institute of Software, Peking University, Bejing, PR China Talk Outline Motivation &amp; Background Crosscutting Concerns in Linux Case Study on Current

549 views • 27 slides
Dataplane Specialization for High-performance OpenFlow Software Switching Lszl Molnr,

Dataplane Specialization for High-performance OpenFlow Software Switching Lszl Molnr,

Dataplane Specialization for High-performance OpenFlow Software Switching Lszl Molnr, Gergely Pongrcz, Gbor Enyedi, Zoltn Lajos Kis Levente Csikor, Ferenc Juhsz, Attila K orsi, Gbor Rtvri TrafficLab, Ericsson Research,

457 views • 21 slides
Formal Privacy for Functional Data with Gaussian Perturbations Matthew Reimherr Department of

Formal Privacy for Functional Data with Gaussian Perturbations Matthew Reimherr Department of

Formal Privacy for Functional Data with Gaussian Perturbations Matthew Reimherr Department of Statistics Pennsylvania State University Contributors Current work: Aleksandra Slavkovic, Professor of Statistics and Associate Dean for Graduate

472 views • 18 slides
REDCap Rare Tumour Database A new data base for rare tumour data entry by doctors / hospitals

REDCap Rare Tumour Database A new data base for rare tumour data entry by doctors / hospitals

New Concept/Proposals REDCap Rare Tumour Database A new data base for rare tumour data entry by doctors / hospitals Aim: to collect identical datasets with similar consent (proforma) (phase 1) so that data can be shared internationally once

592 views • 16 slides
ETC5512: Wild Caught Data ETC5512: Wild Caught Data Week 12 Week 12 The proper care and feeding

ETC5512: Wild Caught Data ETC5512: Wild Caught Data Week 12 Week 12 The proper care and feeding

ETC5512: Wild Caught Data ETC5512: Wild Caught Data Week 12 Week 12 The proper care and feeding of wild data Lecturer: Dianne Cook Department of Econometrics and Business Statistics ETC5512.Clayton-x@monash.edu Image source:

486 views • 33 slides

More recommend