combination and certification of proof tools
play

Combination and certification of proof tools John Harrison Intel - PowerPoint PPT Presentation

Dec 21, 2022 •150 likes •670 views

Combination and certification of proof tools John Harrison Intel Corporation 30th October 2013 (11:0012:00) Summary of talk Motivation for combining proof tools Intel verification work The Flyspeck project Combining tools and

  1. Combination and certification of proof tools John Harrison Intel Corporation 30th October 2013 (11:00–12:00)

  2. Summary of talk ◮ Motivation for combining proof tools ◮ Intel verification work ◮ The Flyspeck project ◮ Combining tools and certifying results ◮ Sharing results or sharing proofs? ◮ Interfaces between interactive provers ◮ Primality as a motivating example ◮ Survey of result certification ◮ SAT, FOL, QBF ◮ Linear arithmetic ◮ Algebraically closed fields ◮ Real-closed fields ◮ Other possibilities ◮ Examples ◮ Reciprocal algorithm ◮ Flyspeck inequality

  3. 0: Motivation

  4. Do we need to integrate multiple proof tools? Yes , current applications in both formal verification and the formalization of mathematics most naturally draw on a wide variety of tools. ◮ Formal verification uses a wide range of tools including SAT and SMT solvers, model checkers and theorem provers

  5. Do we need to integrate multiple proof tools? Yes , current applications in both formal verification and the formalization of mathematics most naturally draw on a wide variety of tools. ◮ Formal verification uses a wide range of tools including SAT and SMT solvers, model checkers and theorem provers ◮ The Kepler proof uses linear programming, nonlinear optimization, and other more ad hoc algorithms

  6. Do we need to integrate multiple proof tools? Yes , current applications in both formal verification and the formalization of mathematics most naturally draw on a wide variety of tools. ◮ Formal verification uses a wide range of tools including SAT and SMT solvers, model checkers and theorem provers ◮ The Kepler proof uses linear programming, nonlinear optimization, and other more ad hoc algorithms ◮ Many powerful facilities in computer algebra systems that we’d like to exploit

  7. Do we need to integrate multiple proof tools? Yes , current applications in both formal verification and the formalization of mathematics most naturally draw on a wide variety of tools. ◮ Formal verification uses a wide range of tools including SAT and SMT solvers, model checkers and theorem provers ◮ The Kepler proof uses linear programming, nonlinear optimization, and other more ad hoc algorithms ◮ Many powerful facilities in computer algebra systems that we’d like to exploit ◮ May want to combine work done in different theorem provers, e.g. ACL2, Coq, HOL, Isabelle.

  8. Diversity at Intel Intel is best known as a hardware company, and hardware is still the core of the company’s business. However this entails much more: ◮ Microcode ◮ Firmware ◮ Protocols ◮ Software

  9. Diversity at Intel Intel is best known as a hardware company, and hardware is still the core of the company’s business. However this entails much more: ◮ Microcode ◮ Firmware ◮ Protocols ◮ Software If the Intel  Software and Services Group (SSG) were split off as a separate company, it would be in the top 10 software companies worldwide.

  10. A diversity of verification problems This gives rise to a corresponding diversity of verification problems, and of verification solutions. ◮ Propositional tautology/equivalence checking (FEV) ◮ Symbolic simulation ◮ Symbolic trajectory evaluation (STE) ◮ Temporal logic model checking ◮ Combined decision procedures (SMT) ◮ First order automated theorem proving ◮ Interactive theorem proving Integrating all these is a challenge!

  11. Layers of verification If we want to verify from the level of software down to the transistors, then it’s useful to identify and specify intermediate layers. ◮ Implement high-level floating-point algorithm assuming addition works correctly. ◮ Implement a cache coherence protocol assuming that the abstract protocol ensures coherence. Many similar ideas all over computing: protocol stack, virtual machines etc. If this clean separation starts to break down, we may face much worse verification problems. . . Very often, different tools are better suited to different layers.

  12. Example 1: floating-point algorithms sin correct ✻ fma correct ✻ gate-level description

  13. Example 1: floating-point algorithms Formal proof of sin function assuming fma is correct: Harrison, Formal verification of floating point trigonometric functions , FMCAD 2000. Formal proof of fma correctness at the gate level: Slobodova, Challenges for Formal Verification in Industrial Setting , FMCAD 2007. Yet these verifications were done in different proof systems and do not even share a common fma specification.

  14. Example 2: protocol verification Many successes with Chou-Mannava-Park method for parametrized systems: Chou, Mannava and Park: A simple method for parameterized verification of cache coherence protocols , FMCAD 2004. Krstic, Parametrized System Verification with Guard Strengthening and Parameter Abstraction , AVIS 2005. Talupur, Krstic, O’Leary and Tuttle, Parametric Verification of Industrial Strength Cache Coherence Protocols , DCC 2008. Bingham, Automatic non-interference lemmas for parameterized model checking , FMCAD 2008. Talupur and Tuttle, Going with the Flow: Parameterized Verification Using Message Flows , FMCAD 2008.

  15. Example 2: protocol verification The CMP method applies to parametrized systems with N equivalent replicated components, so the state space involves some Cartesian product N times � �� � Σ = Σ 0 × Σ 1 × · · · × Σ 1 The method abstracts the system to a finite-state one and then uses a conventional model checker to prove the abstraction. Currently, the abstraction is done by ad hoc programs, even though it would be desirable to encompass it all in a formal proof system.

  16. Pure mathematics: the Kepler conjecture The Kepler conjecture states that no arrangement of identical balls in ordinary 3-dimensional space has a higher packing density than the obvious ‘cannonball’ arrangement. Hales, working with Ferguson, arrived at a proof in 1998: ◮ 300 pages of mathematics: geometry, measure, graph theory and related combinatorics, . . . ◮ 40,000 lines of supporting computer code: graph enumeration, nonlinear optimization and linear programming. Hales submitted his proof to Annals of Mathematics . . .

  17. The response of the reviewers After a full four years of deliberation, the reviewers returned: “The news from the referees is bad, from my perspective. They have not been able to certify the correctness of the proof, and will not be able to certify it in the future, because they have run out of energy to devote to the problem. This is not what I had hoped for. Fejes Toth thinks that this situation will occur more and more often in mathematics. He says it is similar to the situation in experimental science — other scientists acting as referees can’t certify the correctness of an experiment, they can only subject the paper to consistency checks. He thinks that the mathematical community will have to get used to this state of affairs.”

  18. The birth of Flyspeck Hales’s proof was eventually published, and no significant error has been found in it. Nevertheless, the verdict is disappointingly lacking in clarity and finality. As a result of this experience, the journal changed its editorial policy on computer proof so that it will no longer even try to check the correctness of computer code. Dissatisfied with this state of affairs, Hales initiated a project called Flyspeck to completely formalize the proof.

  19. Flyspeck Flyspeck = ‘Formal Proof of the Kepler Conjecture’. “In truth, my motivations for the project are far more complex than a simple hope of removing residual doubt from the minds of few referees. Indeed, I see formal methods as fundamental to the long-term growth of mathematics. (Hales, The Kepler Conjecture ) The formalization effort has been running for a few years now with a significant group of people involved, some doing their PhD on Flyspeck-related formalization. In parallel, Hales has simplified the non-formal proof using ideas from Marchal, significantly cutting down on the formalization work.

  20. Flyspeck: a diversity of methods The Flyspeck proof combines large amounts of pure mathematics, optimization programs and special-purpose programs: ◮ Standard mathematics including Euclidean geometry and measure theory ◮ More specialized theoretical results on hypermaps , fans and packing. ◮ Enumeration procedure for ‘tame’ graphs ◮ Many linear programming problems. ◮ Many nonlinear programming problems.

  21. 1: Combining tools and certifying results

  22. Sharing results or sharing proofs? A key dichotomy is whether we want to simply: ◮ Transfer results , effectively assuming the soundness of tools ◮ Transfer proofs or other ‘certificates’ and actually check them in a systematic way. The first is general speaking easier and still useful. The latter gives better assurance and is the approach I, and probably most people here, are interested in.

  23. Matching semantics Even for the relatively easy case of transferring results, we need a precise match between the semantics of the tools. In the case of importing a tool in some specific mathematical domain (e.g. an integer programming package) into a general theorem prover, this is usually pretty easy, though there can be subtle corners. It becomes much more complex and difficult if we want to transfer results between general mathematical frameworks with significantly different foundations.

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Combination and PDF Fit tools Used in ATLAS. A. Cooper-Sarkar, S. Glazov, V. Radescu, A.

Combination and PDF Fit tools Used in ATLAS. A. Cooper-Sarkar, S. Glazov, V. Radescu, A.

Combination and PDF Fit tools Used in ATLAS. A. Cooper-Sarkar, S. Glazov, V. Radescu, A. Sapronov, S. Whitehead. Data Combination. QCD Fit Programs. Including LHC data in QCD Fits. CERN, April 2011 1 Combination of Data H1 and

448 views • 26 slides
How much is a mechanized proof worth, certification-wise? Xavier Leroy Inria Paris-Rocquencourt

How much is a mechanized proof worth, certification-wise? Xavier Leroy Inria Paris-Rocquencourt

How much is a mechanized proof worth, certification-wise? Xavier Leroy Inria Paris-Rocquencourt PiP 2014: Principles in Practice In this talk. . . Some feedback from the aircraft industry concerning the potential usefulness of the CompCert

890 views • 36 slides
Certification and qualification concerns in the development of safety critical systems Ricardo

Certification and qualification concerns in the development of safety critical systems Ricardo

Safe MDE concerns Certification and Qualification Application to Code generation tools Application to Static analysis tools Certification and qualification concerns in the development of safety critical systems Ricardo Bedin-Frana,

621 views • 61 slides
MT System Combination Silja Hildebrand MT System Combination System Combination in MT

MT System Combination Silja Hildebrand MT System Combination System Combination in MT

MT System Combination Silja Hildebrand MT System Combination System Combination in MT Methods of machine translation Rule based Statistical Hierarchical Syntax based Output is different Make use of the individual strengths of the

722 views • 70 slides
WE ARE ASEFA 2 ASEFA A SEFA is internationally recognized Certification Body for

WE ARE ASEFA 2 ASEFA A SEFA is internationally recognized Certification Body for

1 WE ARE ASEFA 2 ASEFA A SEFA is internationally recognized Certification Body for certification of your electrical products. ASEFA can satisfy all your needs by providing you a solid proof of quality and conformity of your products thanks

361 views • 23 slides
Warm up Pg 89, " Check Skills You'll Need" , #15 Geometric proof tools 1.

Warm up Pg 89, " Check Skills You'll Need" , #15 Geometric proof tools 1.

Warm up Pg 89, " Check Skills You'll Need" , #15 Geometric proof tools 1. Definitions & undefined terms (points for instance) 2. Postulates 3. Previously accepted or proven geometric conjectures (theorems) 4. Properties of

624 views • 21 slides
1 2 3 KASS Certification Procedure Operation System Certification Certification Training

1 2 3 KASS Certification Procedure Operation System Certification Certification Training

1 2 3 KASS Certification Procedure Operation System Certification Certification Training Inspection/Audit Establish MoC Status of Operator/ Maintainer Manual, Function Identify CRB Record and Interfaces Result of Form Ground/

618 views • 24 slides
CAPLA CERTIFICATION PROGRAM EVERYTHING YOU NEED TO KNOW ABOUT THE CERTIFICATION EXAM HOW TO

CAPLA CERTIFICATION PROGRAM EVERYTHING YOU NEED TO KNOW ABOUT THE CERTIFICATION EXAM HOW TO

CAPLA CERTIFICATION PROGRAM EVERYTHING YOU NEED TO KNOW ABOUT THE CERTIFICATION EXAM HOW TO APPLY TO WRITE Once you have logged into the Then under Certification The Certification committee Application Forms may be CAPLA website using

687 views • 37 slides
1 CERTIFICATION Coming to you soon! 2 What is OPTA VIA Certification? OPTA VIA

1 CERTIFICATION Coming to you soon! 2 What is OPTA VIA Certification? OPTA VIA

1 CERTIFICATION Coming to you soon! 2 What is OPTA VIA Certification? OPTA VIA Certification is based on Dr. As Habits of Health Transformational System and is available to all Coaches who want to apply and reinforce their knowledge of

613 views • 19 slides
3515ICT Theory of Computation Some sample proofs 4-0 Proof types 1. Proof

3515ICT Theory of Computation Some sample proofs 4-0 Proof types 1. Proof

Griffith University 3515ICT Theory of Computation Some sample proofs 4-0 Proof types 1. Proof by construction 2. Proof by equivalence 3. Proof by contradiction 4. Proof by case analysis 5. Proof by induction

549 views • 11 slides
Certification Pathway to CCC-A Todd R. Philbrick, CAE Director, Certification Ex Officio to the

Certification Pathway to CCC-A Todd R. Philbrick, CAE Director, Certification Ex Officio to the

ASHA Certification Pathway to CCC-A Todd R. Philbrick, CAE Director, Certification Ex Officio to the CFCC Presentation Overview What is Certification? CCC-A Certification Standards CCC-A Application Process FAQs Keep your

209 views • 19 slides
A very complicated proof of the minimax theorem Jonathan Borwein FRSC FAAS FAA FBAS Centre for

A very complicated proof of the minimax theorem Jonathan Borwein FRSC FAAS FAA FBAS Centre for

Abstract Introduction Various proof techniques Five Prerequisite Tools Proof of minimax Conclusions A very complicated proof of the minimax theorem Jonathan Borwein FRSC FAAS FAA FBAS Centre for Computer Assisted Research Mathematics and its

832 views • 61 slides
LSI system Input v v1 x v1 x v2 x v2 x + + L + v3 x + v3 x v4 x + v4 x + Output

LSI system Input v v1 x v1 x v2 x v2 x + + L + v3 x + v3 x v4 x + v4 x + Output

Mathematical Tools for Neural and Cognitive Science Fall semester, 2017 Section 3: Linear Shift-invariant Systems 1 Linear shift-invariant (LSI) systems Linearity (previously discussed): linear combination in, linear combination out

497 views • 24 slides
Bioinformatics Bioinformatics is the combination of biology and information technology. The

Bioinformatics Bioinformatics is the combination of biology and information technology. The

Bioinformatics Bioinformatics is the combination of biology and information technology. The discipline encompasses any computational tools and methods used to manage, analyze and manipulate large sets of biological data. Essentially,

594 views • 14 slides
1 Collaboration overview Established in 2015, the Certification and Ratings Collaboration is

1 Collaboration overview Established in 2015, the Certification and Ratings Collaboration is

1 Collaboration overview Established in 2015, the Certification and Ratings Collaboration is an effort among five global seafood certification and ratings programs to coordinate our tools and increase our impact so that more seafood producers

421 views • 12 slides
Timer Certification Clinic Timer Certification A prerequisite for training and certification in

Timer Certification Clinic Timer Certification A prerequisite for training and certification in

Timer Certification Clinic Timer Certification A prerequisite for training and certification in all other positions (Descriptions in some of the following slides are as indicated in the rules, although it is not unusual for the referee to

378 views • 10 slides
Certification of Inequalities involving Transcendental Functions: combining SDP and Max-plus

Certification of Inequalities involving Transcendental Functions: combining SDP and Max-plus

Flyspeck-Like Global Optimization Classical Approach: Taylor + SOS Max-Plus Estimators Certified Global Optimization Certification of Inequalities involving Transcendental Functions: combining SDP and Max-plus Approximation Joint Work withX.

807 views • 58 slides
Flyspeck Inequalities and Semidefinite Programming Victor Magron , RA Imperial College Memory

Flyspeck Inequalities and Semidefinite Programming Victor Magron , RA Imperial College Memory

Flyspeck Inequalities and Semidefinite Programming Victor Magron , RA Imperial College Memory Optimization and Co-Design Meeting 29 June 2015 Victor Magron Flyspeck Inequalities and Semidefinite Programming 1 / 18 Errors and Proofs

1.11k views • 38 slides
CS640: Introduction to Computer Networks Aditya Akella Lecture 21 QoS The Road Ahead

CS640: Introduction to Computer Networks Aditya Akella Lecture 21 QoS The Road Ahead

CS640: Introduction to Computer Networks Aditya Akella Lecture 21 QoS The Road Ahead Admission Control Integrated services RSVP Differentiated Services 2 Why a New Service Model? Best-effort is clearly

119 views • 10 slides
Design of capacitated networks with unsplittable shortest path routing Andreas Bley Zuse

Design of capacitated networks with unsplittable shortest path routing Andreas Bley Zuse

Design of capacitated networks with unsplittable shortest path routing Andreas Bley Zuse Institute Berlin (ZIB) Overview Practical background: Internet = shortest path routing Properties of unsplittable shortest path systems Integer

460 views • 17 slides
The HOL Light formalization of Euclidean space John Harrison Intel Corporation JMM special

The HOL Light formalization of Euclidean space John Harrison Intel Corporation JMM special

The HOL Light formalization of Euclidean space John Harrison Intel Corporation JMM special session on Formal Mathematics for Mathematicians January 8th, 2011 (09:3010:00) 0 Summary History of this formalization Encoding trick for R

327 views • 20 slides
Verified Enumeration of Plane Graphs Modulo Isomorphism Tobias Nipkow Fakult at f ur

Verified Enumeration of Plane Graphs Modulo Isomorphism Tobias Nipkow Fakult at f ur

Verified Enumeration of Plane Graphs Modulo Isomorphism Tobias Nipkow Fakult at f ur Informatik TU M unchen 1 Background 2 Generic enumeration 3 Application 1 Background 2 Generic enumeration 3 Application Kepler Conjecture (1611)

643 views • 30 slides
Outline Why (and why not) proof assistants Science Fiction Proof Assistant Demo Informal and

Outline Why (and why not) proof assistants Science Fiction Proof Assistant Demo Informal and

L EARNING TO P ARSE ON A LIGNED C ORPORA Cezary Kaliszyk Josef Urban Ji r Vysko cil University of Innsbruck, Austria Czech Technical University - CIIRC 1 / 22 Outline Why (and why not) proof assistants Science Fiction Proof

477 views • 25 slides
s trt

s trt

s trt Ps s r rs t s rsrr r

1.52k views • 92 slides

More recommend