coinductive program verification
play

Coinductive Program Verification Thesis Proposal Brandon Moore - PowerPoint PPT Presentation

Dec 26, 2022 •155 likes •1.16k views

Coinductive Program Verification Thesis Proposal Brandon Moore University of Illinois December 12, 2013 Brandon Moore (University of Illinois) Coinductive Program Verification December 12, 2013 1 / 58 Outline Introduction 1 Goals and

  1. Coinductive Program Verification Thesis Proposal Brandon Moore University of Illinois December 12, 2013 Brandon Moore (University of Illinois) Coinductive Program Verification December 12, 2013 1 / 58

  2. Outline Introduction 1 Goals and Motivation Operational Semantics Specifications as Reachability Approach 2 Reachability by Coinduction Coinduction with Derived Rules Higher-Order Specifications Proposed Work 3 Coinduction Principles Operational Semantics Automating Verification Validation Brandon Moore (University of Illinois) Coinductive Program Verification December 12, 2013 2 / 58

  3. Goal Program Verification for every language Brandon Moore (University of Illinois) Coinductive Program Verification December 12, 2013 3 / 58

  4. Goal Program Verification from (multi-step) Operational Semantics Always need executable semantics, to test formalization Can we avoid axiomatic semantics? Why operational? ◮ Denotational is a whole different story ◮ Don’t know how to handle big step Brandon Moore (University of Illinois) Coinductive Program Verification December 12, 2013 4 / 58

  5. Goal Program Verification from (multi-step) Operational Semantics Always need executable semantics, to test formalization Can we avoid axiomatic semantics? Why operational? ◮ Denotational is a whole different story ◮ Don’t know how to handle big step Brandon Moore (University of Illinois) Coinductive Program Verification December 12, 2013 4 / 58

  6. Goal Program Verification from (multi-step) Operational Semantics Always need executable semantics, to test formalization Can we avoid axiomatic semantics? Why operational? ◮ Denotational is a whole different story ◮ Don’t know how to handle big step Brandon Moore (University of Illinois) Coinductive Program Verification December 12, 2013 4 / 58

  7. Program verifiers should be at least certifying Certifying A certifying verifier produces a proof certificate along with claims Certified A certified verifier has a proof that it returns only true claims. Semantics in certificate language Translate specifications to claims about semantics Certificates are proofs claims are true Coq for certificate language, proof checker Brandon Moore (University of Illinois) Coinductive Program Verification December 12, 2013 5 / 58

  8. General Perspective Language independence by passing from syntax to extension ◮ Semantics, specifications, proof principles, etc. Truth/Proof as inclusion Coinduction Brandon Moore (University of Illinois) Coinductive Program Verification December 12, 2013 6 / 58

  9. Project Structure Brandon Moore (University of Illinois) Coinductive Program Verification December 12, 2013 7 / 58

  10. Operational semantics Definition An Operational Semantics is a set cfg of configurations and a one-step transition relation S ⊆ cfg × cfg Brandon Moore (University of Illinois) Coinductive Program Verification December 12, 2013 8 / 58

  11. A simple imperative language cfg = Stmt × ( Var ⇀ Z ), written � code , store � S contains steps like � while(n!=0) {s=s+n; n=n-1} , { s �→ 1 , n �→ 10 }� to � s=s+n; n=n-1; while(n!=0) {s=s+n; n=n-1} , { s �→ 1 , n �→ 10 }� Brandon Moore (University of Illinois) Coinductive Program Verification December 12, 2013 9 / 58

  12. Multiple Steps Transitive closure S ∗ takes multiple steps, e.g. � while(n!=0) {s=s+n; n=n -1}; x=s , { s �→ 1 , n �→ 10 , x �→ 0 }� to � x = s , { s �→ 56 , n �→ 10 , x �→ 1 }� Brandon Moore (University of Illinois) Coinductive Program Verification December 12, 2013 10 / 58

  13. Reachability Definition A configuration x ∈ cfg reaches a set P ⊆ cfg of configurations when x S ∗ y for some y ∈ P , or x diverges in S Brandon Moore (University of Illinois) Coinductive Program Verification December 12, 2013 11 / 58

  14. Reachability in Pictures Brandon Moore (University of Illinois) Coinductive Program Verification December 12, 2013 12 / 58

  15. Reachability from Hoare Triples Start with a standard Hoare Triple { s = s 0 , n = n 0 } while(n!=0) {s=s+n; n=n-1} { s = s 0 + � n 0 i =0 i } Brandon Moore (University of Illinois) Coinductive Program Verification December 12, 2013 13 / 58

  16. Drop special syntax for variables Ordinary predicates on store of configuration { store ( s ) = s 0 ∧ store ( n ) = n 0 } while(n!=0) {s=s+n; n=n-1} { store ( s ) = s 0 + � n 0 i =0 i } Brandon Moore (University of Illinois) Coinductive Program Verification December 12, 2013 14 / 58

  17. Drop special role of code Ordinary predicates on configuration γ { γ. store ( s ) = s 0 ∧ γ. store ( n ) = n 0 ∧ γ. code = while(n!=0) {s=s+n; n=n -1}; R } { γ. store ( s ) = s 0 + � n 0 i =0 i ∧ γ. code = R } Brandon Moore (University of Illinois) Coinductive Program Verification December 12, 2013 15 / 58

  18. Matching Logic Reachability Spec became a matching logic reachability property: ϕ ⇒ RL ϕ ′ ( ϕ, ϕ ′ predicates on cfg ) Brandon Moore (University of Illinois) Coinductive Program Verification December 12, 2013 16 / 58

  19. Back to Basic Reachability Expands to reachability claims ϕ ⇒ RL ϕ ′ iff � γ ⇒ { γ ′ | ∃ fv ( ϕ ′ ) \ fv ( ϕ ) , ϕ ′ ( γ ′ ) } � ∀ γ, ∀ fv ( ϕ ) , ϕ ( γ ) → Brandon Moore (University of Illinois) Coinductive Program Verification December 12, 2013 17 / 58

  20. Approach Specifications become sets of claims Proving sets of claims Coinduction Derived rules Brandon Moore (University of Illinois) Coinductive Program Verification December 12, 2013 18 / 58

  21. Truth as Set Definition Let claims = cfg ×P ( cfg ), naming the set of all reachability claims Definition Let reaches ⊆ claims be the set of true reachability claims, reaches = { ( x , P ) | x reaches P } Brandon Moore (University of Illinois) Coinductive Program Verification December 12, 2013 19 / 58

  22. Proof by Inclusion x ⇒ P for all ( x , P ) ∈ R iff R ⊆ reaches Brandon Moore (University of Illinois) Coinductive Program Verification December 12, 2013 20 / 58

  23. Inclusion by Coinduction Definition Given set A and function F : P ( A ) → P ( A ), X ⊆ A is F-stable if X ⊆ F ( X ) Coinduction If G is the greatest fixpoint of a monotone F , X ⊆ F ( X ) implies X ⊆ G Brandon Moore (University of Illinois) Coinductive Program Verification December 12, 2013 21 / 58

  24. Reachability as a Fixpoint reaches is the greatest fixpoint of step : P ( claims ) → P ( claims ) step [ R ] = done ∪ next [ R ] where done : P ( claims ), next : P ( claims ) → P ( claims ) done = { ( x , P ) | x ∈ P } next [ R ] = { ( x , P ) | ∃ y . x S y ∧ ( y , P ) ∈ R } (Proof) Brandon Moore (University of Illinois) Coinductive Program Verification December 12, 2013 22 / 58

  25. done in pictures ( a , P ) ∈ done ( b , P ) ∈ done ( c , P ) ∈ done ( d , P ) �∈ done ( a , Q ) �∈ done ( b , Q ) �∈ done ( c , Q ) ∈ done ( d , Q ) ∈ done Brandon Moore (University of Illinois) Coinductive Program Verification December 12, 2013 23 / 58

  26. next in pictures R Brandon Moore (University of Illinois) Coinductive Program Verification December 12, 2013 24 / 58

  27. next in pictures next [ R ] Brandon Moore (University of Illinois) Coinductive Program Verification December 12, 2013 24 / 58

  28. next in pictures next [ next [ R ]] Brandon Moore (University of Illinois) Coinductive Program Verification December 12, 2013 24 / 58

  29. Reachability as a Fixpoint reaches is the greatest fixpoint of step : P ( claims ) → P ( claims ) step [ R ] = done ∪ next [ R ] where done : P ( claims ), next : P ( claims ) → P ( claims ) done = { ( x , P ) | x ∈ P } next [ R ] = { ( x , P ) | ∃ y . x S y ∧ ( y , P ) ∈ R } Brandon Moore (University of Illinois) Coinductive Program Verification December 12, 2013 25 / 58

  30. Direct coinduction 1 Goal: d ⇒ P Brandon Moore (University of Illinois) Coinductive Program Verification December 12, 2013 26 / 58

  31. Direct coinduction 1 Expand to stable set R Brandon Moore (University of Illinois) Coinductive Program Verification December 12, 2013 26 / 58

  32. Direct coinduction 1 step [ R ] Brandon Moore (University of Illinois) Coinductive Program Verification December 12, 2013 26 / 58

  33. Direct coinduction 1 ( e , P ) ∈ done ⊆ step [ R ] Brandon Moore (University of Illinois) Coinductive Program Verification December 12, 2013 26 / 58

  34. Direct coinduction 1 ( e , P ) ∈ done ⊆ step [ R ] Brandon Moore (University of Illinois) Coinductive Program Verification December 12, 2013 26 / 58

  35. Direct coinduction 1 ( e , P ) ∈ R → ( d , P ) ∈ next [ R ] ⊆ step [ R ] Brandon Moore (University of Illinois) Coinductive Program Verification December 12, 2013 26 / 58

  36. Direct coinduction 1 ( e , P ) ∈ R → ( d , P ) ∈ next [ R ] ⊆ step [ R ] Brandon Moore (University of Illinois) Coinductive Program Verification December 12, 2013 26 / 58

  37. Direct coinduction 2 Goal: a ⇒ P Brandon Moore (University of Illinois) Coinductive Program Verification December 12, 2013 27 / 58

  38. Direct coinduction 2 Expand to stable set R Brandon Moore (University of Illinois) Coinductive Program Verification December 12, 2013 27 / 58

  39. Direct coinduction 2 step [ R ] Brandon Moore (University of Illinois) Coinductive Program Verification December 12, 2013 27 / 58

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Simultaneous inductive/coinductive definition of continuous functions Helmut Schwichtenberg

Simultaneous inductive/coinductive definition of continuous functions Helmut Schwichtenberg

Semantics Inductive/coinductive definitions Computational content Simultaneous inductive/coinductive definition of continuous functions Helmut Schwichtenberg (j.w.w. Kenji Miyamoto) Mathematisches Institut, LMU, M unchen Schlo Dagstuhl,

497 views • 27 slides
Coinductive Stream Calculus in Haskell Joost Winter Centrum Wiskunde & Informatica June 4,

Coinductive Stream Calculus in Haskell Joost Winter Centrum Wiskunde & Informatica June 4,

Coinductive Stream Calculus in Haskell Joost Winter Centrum Wiskunde & Informatica June 4, 2013 Joost Winter Coinductive Stream Calculus in Haskell A short motivation Haskell has nice built-in support or infinitary, or coinductive

835 views • 17 slides
Program Verification (Rosen, Sections 5.5) TOPICS Program Correctness Preconditions &

Program Verification (Rosen, Sections 5.5) TOPICS Program Correctness Preconditions &

Program Verification (Rosen, Sections 5.5) TOPICS Program Correctness Preconditions & Postconditions Program Verification Assignments Composition Conditionals Loops Proofs about Programs Why

537 views • 36 slides
Program Verification as a Toolbox 2005Now Todays Verification A Brief, Subjective History

Program Verification as a Toolbox 2005Now Todays Verification A Brief, Subjective History

Program Verification as a Toolbox David Cock Is Your System Correct? Verified Systems Program Verification as a Toolbox 2005Now Todays Verification A Brief, Subjective History Toolbox Whats Next? David Cock January 23, 2015 1

432 views • 32 slides
From Program Verification to Program Synthesis Overview Jaak Ristioja March 30, 2010 1 / 91

From Program Verification to Program Synthesis Overview Jaak Ristioja March 30, 2010 1 / 91

From Program Verification to Program Synthesis Overview Jaak Ristioja March 30, 2010 1 / 91 Reference From Program Verification to Program Synthesis. @ POPL10; January 17-23, 2010 Saurabh Srivastava , University of Maryland, College Park

1.21k views • 91 slides
Preparing for Re-Verification Brief Mr. Terrence Moultrie Chief, Verification and Executive

Preparing for Re-Verification Brief Mr. Terrence Moultrie Chief, Verification and Executive

The Center for Verification and Evaluation (CVE) Preparing for Re-Verification Brief Mr. Terrence Moultrie Chief, Verification and Executive Support Services Agenda What is Re-Verification? o Simplified Reverification Program VIP

320 views • 21 slides
Efficient lambda encodings for Mendler-style coinductive types in Cedille Chris Jenkins , Aaron

Efficient lambda encodings for Mendler-style coinductive types in Cedille Chris Jenkins , Aaron

Efficient lambda encodings for Mendler-style coinductive types in Cedille Chris Jenkins , Aaron Stump, Larry Diehl August 30, 2020 University of Iowa, Dept. of Computer Science Introduction Coinductive types and their lambda encodings

1.05k views • 29 slides
Towards full verification of concurrent libraries Viktor Vafeiadis Program verification

Towards full verification of concurrent libraries Viktor Vafeiadis Program verification

Towards full verification of concurrent libraries Viktor Vafeiadis Program verification Programs considered: Small (<100 LOC) Medium (KLOC) Large (MLOC) Simple

577 views • 45 slides
Verification of Redecoration for Infinite Triangular Matrices in Coq Celia Picard joint work

Verification of Redecoration for Infinite Triangular Matrices in Coq Celia Picard joint work

Introduction Reference Representation with a Coinductive Family Another Conception of Triangles Conclusion Verification of Redecoration for Infinite Triangular Matrices in Coq Celia Picard joint work with Ralph Matthes 13/09/2012 13/09/2012

379 views • 23 slides
Quo Vadis Program Verification Krzysztof R. Apt CWI, Amsterdam, the Netherlands , University of

Quo Vadis Program Verification Krzysztof R. Apt CWI, Amsterdam, the Netherlands , University of

Quo Vadis Program Verification Krzysztof R. Apt CWI, Amsterdam, the Netherlands , University of Amsterdam Quo Vadis Program Verification p. 1/1 One Page Summary Assertional approach to program verification is here to stay. Gap between

629 views • 19 slides
DIVS DL/ID Verification Systems Verification of Legal Status DIVS Passport Verification

DIVS DL/ID Verification Systems Verification of Legal Status DIVS Passport Verification

DIVS DL/ID Verification Systems Verification of Legal Status DIVS Passport Verification Projects Birth Record Verification State to State Verification DIVS State to State Verification Service (S2S) Program Benefits Mission

349 views • 8 slides
Verification & Validation Verification is getting the system right : Verification and

Verification & Validation Verification is getting the system right : Verification and

Verification & Validation Verification is getting the system right : Verification and Validation Does the program you built do what you designed it to do? Dr. James A. Bednar Validation is getting the right system : jbednar@inf.ed.ac.uk

331 views • 8 slides
The Coinductive Approach to Verifying Cryptographic Protocols Jesse Hughes joint work with

The Coinductive Approach to Verifying Cryptographic Protocols Jesse Hughes joint work with

The Coinductive Approach to Verifying Cryptographic Protocols Jesse Hughes joint work with Martijn Warnier jesseh@cs.kun.nl University of Nijmegen The Coinductive Approach to Verifying Cryptographic Protocols p.1/27 Outline I.

1.95k views • 184 slides
Program Verification (6EC version only) Erik Poll Digital Security Radboud University Nijmegen

Program Verification (6EC version only) Erik Poll Digital Security Radboud University Nijmegen

Program Verification (6EC version only) Erik Poll Digital Security Radboud University Nijmegen Overview Program Verification using Verification Condition Generators JML a formal specification language for Java Used for the

620 views • 41 slides
7. Refined Verification Condition Generation Program Verification ETH Zurich, Spring Semester

7. Refined Verification Condition Generation Program Verification ETH Zurich, Spring Semester

7. Refined Verification Condition Generation Program Verification ETH Zurich, Spring Semester 2018 Alexander J. Summers 158 Weakest Preconditions So Far Weakest preconditions provide a means of reducing the question: does a program have

339 views • 16 slides
Why3 What is why3? A platform for deductive program verification What is why3? A platform

Why3 What is why3? A platform for deductive program verification What is why3? A platform

Why3 What is why3? A platform for deductive program verification What is why3? A platform for deductive program verification Made by: Franois Bobot Martin Clochard Lon Gondelman Jean-Christophe Fillitre Claude

98 views • 9 slides
Formalizing Bachmair and Ganzinger's Ordered Resolution Prover Anders Jasmin Dmitriy Uwe

Formalizing Bachmair and Ganzinger's Ordered Resolution Prover Anders Jasmin Dmitriy Uwe

Formalizing Bachmair and Ganzinger's Ordered Resolution Prover Anders Jasmin Dmitriy Uwe Schlichtkrull Blanchette Traytel Waldmann Formalizing Automated Reasoning in Proof Assistants Theorem Proof assistants are mature enough to be used

661 views • 40 slides
Verified Construction of Static Single Assignment Form Sebastian Buchwald, Denis Lohner and

Verified Construction of Static Single Assignment Form Sebastian Buchwald, Denis Lohner and

Verified Construction of Static Single Assignment Form Sebastian Buchwald, Denis Lohner and Sebastian Ullrich Institute for Program Structures and Data Organization, Karlsruhe Institute of Technology (KIT) 1 March 17, 2016 S. Buchwald, D.

415 views • 17 slides
Electronic submission and marking of handwritten solutions Ruslan Davidchack, Matt Norris &

Electronic submission and marking of handwritten solutions Ruslan Davidchack, Matt Norris &

Electronic submission and marking of handwritten solutions Ruslan Davidchack, Matt Norris & Octavia Hailes Department of Mathematics Background How its done now: Substantial part of assessment in Mathematics focuses on solving

799 views • 11 slides
Membership Functions Why Not Use . . . Representing a Number vs. A Natural Question This

Membership Functions Why Not Use . . . Representing a Number vs. A Natural Question This

Outline Representing a . . . Analysis of the Situation Relation to Possibility . . . Membership Functions Why Not Use . . . Representing a Number vs. A Natural Question This Question Is Non- . . . Representing a Set: Proof of Main Result

954 views • 29 slides
D

D

(notsne#t

668 views • 52 slides
Graphs and Networks MATH20150 Vincent Astier Room: S1.72, Science South vincent.astier@ucd.ie

Graphs and Networks MATH20150 Vincent Astier Room: S1.72, Science South vincent.astier@ucd.ie

Graphs and Networks MATH20150 Vincent Astier Room: S1.72, Science South vincent.astier@ucd.ie How much should I work? According to UCD: So: 110/12 = 9.16 hours a week A bit much, but about 7 hours is possible How much should I

456 views • 22 slides
CS 401 Midterm review Xiaorui Sun 1 Midterm Exam Midterm exam via gradescope : October 16

CS 401 Midterm review Xiaorui Sun 1 Midterm Exam Midterm exam via gradescope : October 16

CS 401 Midterm review Xiaorui Sun 1 Midterm Exam Midterm exam via gradescope : October 16 (Friday) The exam will be available on Oct 16 0am You must submit no later than Oct 16 11:59pm Usually can be finished in 2 hours

679 views • 35 slides
Computational Social Choice: Autumn 2010 Ulle Endriss Institute for Logic, Language and

Computational Social Choice: Autumn 2010 Ulle Endriss Institute for Logic, Language and

Two-Sided Matching COMSOC 2010 Computational Social Choice: Autumn 2010 Ulle Endriss Institute for Logic, Language and Computation University of Amsterdam Ulle Endriss 1 Two-Sided Matching COMSOC 2010 Plan for Today Todays lecture will

273 views • 15 slides

More recommend