combining agda with external tools
play

Combining Agda with External Tools Stephan Adelsberger 1 and Anton - PowerPoint PPT Presentation

Feb 07, 2024 •474 likes •769 views

Combining Agda with External Tools Stephan Adelsberger 1 and Anton Setzer 2 Agda Implementors meeting XXXII Online 1 June 2020 1 WU Vienna, Austria, https://nm.wu.ac.at/nm/en:adelsberger 2 Swansea University, UK,

  1. Combining Agda with External Tools Stephan Adelsberger 1 and Anton Setzer 2 Agda Implementors meeting XXXII Online 1 June 2020 1 WU Vienna, Austria, https://nm.wu.ac.at/nm/en:adelsberger 2 Swansea University, UK, http://www.cs.swan.ac.uk/~csetzer/index.html Stephan Adelsberger and Anton Setzer Combining Agda with External Tools 1/ 28

  2. Integrating External Tools via Builtins Integrating λ -Prolog into Agda Connecting Agda with why3 and SPARK Ada Stephan Adelsberger and Anton Setzer Combining Agda with External Tools 2/ 28

  3. Integrating External Tools via Builtins Integrating External Tools via Builtins Integrating λ -Prolog into Agda Connecting Agda with why3 and SPARK Ada Stephan Adelsberger and Anton Setzer Combining Agda with External Tools 3/ 28

  4. Integrating External Tools via Builtins Karim Kanso (PhD thesis) Verification of Real World Railway Interlocking Systems using Agda Example of Railway Interlocking System: sig9 sig10 s6 p1 p2 s2 s4 sig7 s5 sig8 s1 sig6 s3 sig5 sig1 sig2 sig3 sig4 Stephan Adelsberger and Anton Setzer Combining Agda with External Tools 4/ 28

  5. Integrating External Tools via Builtins Approach ◮ We have a control program P which depending on commands and detected trains in segments sets the signals and sets of points. ◮ So we have vectors of Booleans expressing ◮ the state of the system − − − → State , ◮ and the inputs − − − → Input . ◮ P can be expressed as Boolean valued formulae ϕ P ( − State in , − − − − → Input , − − − → − − − − → State out ) Stephan Adelsberger and Anton Setzer Combining Agda with External Tools 5/ 28

  6. Integrating External Tools via Builtins Proof of Safety in Agda ◮ We can write a simulator in Agda for this programs, which moves trains, around, provided they obey signals and executes P . ◮ A ✿✿✿✿✿ state ✿✿✿ of ✿✿✿✿ the ✿✿✿✿✿✿✿✿✿ program ✿✿✿ is ✿✿✿✿✿ safe if ◮ there are never two trains in the same train segment, ◮ more conditions esp. regarding sets of points. P ✿✿ is safe if from specific allowed initial states when running the ◮ ✿✿ ✿✿✿✿✿ program and moving trains one never reaches an unsafe state. ◮ Difficult to do directly in Agda because ϕ P is very complex. ◮ Instead separate tasks between interactive theorem proving ( ✿✿✿ ITP ) and automated theorem proving ( ✿✿✿✿ ATP ). ◮ By ATP we mean here SAT solvers and model checkers ◮ Later we discuss as well other ATP tools. Stephan Adelsberger and Anton Setzer Combining Agda with External Tools 6/ 28

  7. Integrating External Tools via Builtins Distribution of Tasks between interactive and automated theorem proving ◮ Introduce safety conditions ϕ safe ( − − − → State ) and invariants ϕ invariant ( − − − → State ) ◮ Prove using ATP certain ✿✿✿✿✿✿✿✿✿✿ signalling principles ✿✿✿✿✿✿✿✿✿✿✿ ( ϕ safe ( − State in ) ∧ ϕ invariant ( − − − − → State in ) ∧ ϕ P ( − − − − → State in , − − − − → Input , − − − → − − − − → State out )) → ϕ safe ( − State out ) ∧ ϕ invariant ( − − − − − → − − − − → State out ) ◮ Prove using ITP that signalling principles imply that P is safe. ◮ In order to get a complete proof in Agda, we need ◮ not only that ATP returns value true, ◮ but as well that this implies that the checked formula is true. Stephan Adelsberger and Anton Setzer Combining Agda with External Tools 7/ 28

  8. Integrating External Tools via Builtins Approach in Karim’s Thesis [1, 2, 3, 4]. ◮ Develop a naive SAT solver or model checker in Agda, and show it is sound: check : Formula → Bool : ( ϕ : Formula ) → T ( check ϕ ) → ( ξ : Env ) → [[ ϕ ]] ξ sound ◮ We override the check function by a Builtin , which calls an efficient SAT solver or model checker. ◮ Function sound links the result check from ATP to the validity of a formula which can be used in ITP. ◮ Now we get ◮ Using ATP we check that signalling principles hold ◮ Using the Builtin we translate the results into validity of the signalling principles in Agda. ◮ Using ITP we prove that this implies that the system is safe. Stephan Adelsberger and Anton Setzer Combining Agda with External Tools 8/ 28

  9. Integrating External Tools via Builtins Need for Flexible Builtins ◮ In order to get this machinery work we need two Builtins. ◮ The function check . ◮ The type of formulas Formula . ◮ For more complex logics (e.g. for model checking) one needs a cascade of Builtins . ◮ Approach relies on trusting the ATP tool giving correct result. Stephan Adelsberger and Anton Setzer Combining Agda with External Tools 9/ 28

  10. Integrating External Tools via Builtins Using Builtins for Proof Search ◮ Karim linked as well tools for proof search to Agda using Builtins. ◮ Karim used a SAT solver so the tool was total. ◮ Here we show how to extend this to semi decision procedures. ◮ Assume you have an ATP tool which searches for proofs for certain formulas. ◮ We have : Formula Set : Formula → Set Proof ◮ The ATP tool gives a function poofsearch : ( ϕ : Formula ) → Maybe ( Proof ϕ ) ◮ In Agda we can postulate such a function postulate poofsearch : ( ϕ : Formula ) → Maybe ( Proof ϕ ) and override it using a builtin by the ATP tool. Stephan Adelsberger and Anton Setzer Combining Agda with External Tools 10/ 28

  11. Integrating External Tools via Builtins Using Builtins for Proof Search ◮ In Agda we prove soundness sound : ( ϕ : Formula ) → Proof ϕ → ( ξ : Env ) → [[ ϕ ]] ξ ◮ We define extract : { X : Set } → ( p : Maybe X ) → IsJust p → X ◮ Therefore we get a proof sound ϕ ( extract ( poofsearch ϕ ) isJust ) : ( ξ : Env ) → [[ ϕ ]] ξ provided poofsearch ϕ returns a just value (type checking will run the external tool when checking isJust : IsJust ( poofsearch ϕ )). Stephan Adelsberger and Anton Setzer Combining Agda with External Tools 11/ 28

  12. Integrating External Tools via Builtins Advantages/Disadvantages of Approach using Profs ◮ Advantages ◮ No reliance on the soundness of the ATP tool. ◮ No need to write a naive implementation of the tool. ◮ Allows as well ATP tools for semi decidable logics or which for other reasons don’t always give an answer. ◮ Disadvantages ◮ Slower to use since ATP tool needs to create a proof. ◮ Restricts ATP tools available. ◮ Especially model checkers usually don’t provide proofs. ◮ Tedious to translate ATP proofs into Agda ◮ lack of documentation, ◮ scripts not intended to be converted into Agda proofs. Stephan Adelsberger and Anton Setzer Combining Agda with External Tools 12/ 28

  13. Integrating External Tools via Builtins Flexible Builtin Mechanism ◮ Builtins can be used for other purposes as well ◮ cryptographic functions, ◮ any computational complex functions. ◮ Karim added a flexible mechanism for adding builtins to Agda. Stephan Adelsberger and Anton Setzer Combining Agda with External Tools 13/ 28

  14. Integrating External Tools via Builtins Caveats ◮ Allowing to add new builtins in Agda code causes a security problem , because it allows to execute arbitrary programs during type checking. ◮ Solution: require that adding new builtin mechanism requires recompilation of Agda. ◮ Builtins are only consistent if the output of the builtin tool coincides with the the output of Agda. ◮ Requires checks in Agda. ◮ In case of overridden postulates requires that the original function was indeed a postulate. ◮ Karim’s approach is reasonably flexible but still requires some programming. ◮ A too generic approach will probably become inefficient. ◮ Karim wrote a domain specific language for this to make it easy to add Builtins. Stephan Adelsberger and Anton Setzer Combining Agda with External Tools 14/ 28

  15. Integrating External Tools via Builtins Code Sprint ◮ Karim created a branch [3] of Agda with his implementation of Builtins. ◮ Documented esp. in Appendix D and Sect. 5 of his PhD Thesis [1]. ◮ Agda code and other material available from [2] (linked as well from the AIM XXXII webpage, see Code Sprint on Builtins) ◮ Goal of code sprint is to update it and integrate it into main Agda. Stephan Adelsberger and Anton Setzer Combining Agda with External Tools 15/ 28

  16. Integrating λ -Prolog into Agda Integrating External Tools via Builtins Integrating λ -Prolog into Agda Connecting Agda with why3 and SPARK Ada Stephan Adelsberger and Anton Setzer Combining Agda with External Tools 16/ 28

  17. Integrating λ -Prolog into Agda Presented by Stephan Adelsberger Stephan Adelsberger and Anton Setzer Combining Agda with External Tools 17/ 28

  18. Connecting Agda with why3 and SPARK Ada Integrating External Tools via Builtins Integrating λ -Prolog into Agda Connecting Agda with why3 and SPARK Ada Stephan Adelsberger and Anton Setzer Combining Agda with External Tools 18/ 28

  19. Connecting Agda with why3 and SPARK Ada SPARK Ada ◮ SPARK Ada is a tool set used in industry for developing safety critical systems. ◮ It extends Ada programs by adding data/information flow analysis and Hoare logic. ◮ Hoare logic allows to add pre-, post conditions to a program plus intermediate conditions, especially loop invariants. Stephan Adelsberger and Anton Setzer Combining Agda with External Tools 19/ 28

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Combining Automated and Interactive Theorem Proving in Agda Anton Setzer (Joint work with Karim

Combining Automated and Interactive Theorem Proving in Agda Anton Setzer (Joint work with Karim

Combining Automated and Interactive Theorem Proving in Agda Anton Setzer (Joint work with Karim Kanso) May 21, 2010 1/ 38 1. An Introduction to Agda 2. Integrating Automated Theorem Proving into Agda 3. Defining the Mini SAT Solver in Agda

556 views • 38 slides
Interactive Programs in Agda Anton Setzer (Swansea) 1. Defining IO in Agda. 2. Execution of IO

Interactive Programs in Agda Anton Setzer (Swansea) 1. Defining IO in Agda. 2. Execution of IO

Interactive Programs in Agda Anton Setzer (Swansea) 1. Defining IO in Agda. 2. Execution of IO Programs. 3. Dealing with Complex Programs. 4. A Graphics Library for Agda Anton Setzer: Interactive programs in dependent type theory 1 1. Defining

810 views • 35 slides
Homotopy Type Theory in Agda 17|7|7 1 Goal synthetic homotopy theory in Agda + other needed

Homotopy Type Theory in Agda 17|7|7 1 Goal synthetic homotopy theory in Agda + other needed

Homotopy Type Theory in Agda 17|7|7 1 Goal synthetic homotopy theory in Agda + other needed theories 2 Goal synthetic homotopy theory in Agda + other needed theories Agda and Coq were the only two immediately usable systems for HoTT 2

360 views • 14 slides
Coinduction in Agda via Copatterns and Sized Types Andreas Abel Department of Computer Science

Coinduction in Agda via Copatterns and Sized Types Andreas Abel Department of Computer Science

Coinduction in Agda via Copatterns and Sized Types Andreas Abel Department of Computer Science and Engineering Chalmers and Universitt Gteborg Dagstuhl Seminar 16131 Language Based Verification Tools for Functional Programs 30 March 2016

308 views • 7 slides
Combination and certification of proof tools John Harrison Intel Corporation 30th October 2013

Combination and certification of proof tools John Harrison Intel Corporation 30th October 2013

Combination and certification of proof tools John Harrison Intel Corporation 30th October 2013 (11:0012:00) Summary of talk Motivation for combining proof tools Intel verification work The Flyspeck project Combining tools and

670 views • 51 slides
Inheritance and Overloading in Agda Paolo Capriotti June 17, 2013 Notation Abuses of

Inheritance and Overloading in Agda Paolo Capriotti June 17, 2013 Notation Abuses of

Inheritance and Overloading in Agda Paolo Capriotti June 17, 2013 Notation Abuses of notation are very common in mathematics Ambiguities are used to make formulas more expressive We want to do the same in Agda! Example: algebra and

335 views • 16 slides
Staff has concerns over the setbacks of the second floor patio and will be conditioning that the

Staff has concerns over the setbacks of the second floor patio and will be conditioning that the

From: Liska, Andrew <Andrew.Liska@minneapolismn.gov> Sent: Wednesday, August 19, 2020 2:34 PM To: Michael Subject: RE: [EXTERNAL] RE: [EXTERNAL] RE: [EXTERNAL] RE: [EXTERNAL] RE: [EXTERNAL] RE: [EXTERNAL] 1219 31st W Joyce Church Hi,

366 views • 3 slides
Sprinkles of extensionality for your vanilla type theory Adding custom rewrite rules to Agda

Sprinkles of extensionality for your vanilla type theory Adding custom rewrite rules to Agda

Sprinkles of extensionality for your vanilla type theory Adding custom rewrite rules to Agda Jesper Cockx Andreas Abel DistriNet KU Leuven 24 May 2016 What are we doing? Take some vanilla Agda . . . 1 / 17 What are we doing? Take

606 views • 29 slides
HNS Reporting Guidelines and Tools Thomas Liebert Head, External Relations & Conference 27

HNS Reporting Guidelines and Tools Thomas Liebert Head, External Relations & Conference 27

Workshop on the 2010 HNS Convention IMO, London HNS Reporting Guidelines and Tools Thomas Liebert Head, External Relations & Conference 27 April 2018 HNS Fund Four separate accounts There is one general account (bulk solid sector and

419 views • 13 slides
Environment Setup Assignment 0 The Technology Stack Manages node_modules (external tools)

Environment Setup Assignment 0 The Technology Stack Manages node_modules (external tools)

Environment Setup Assignment 0 The Technology Stack Manages node_modules (external tools) Creates web server Stores data persistently with JSON logic. Utilizes NoSQL instead of SQL Facilitates HTTP requests and

350 views • 11 slides
--- === Agda Tactics Programming === --- --- --- Ulf Norell --- wg2.8 Kefalonia, May

--- === Agda Tactics Programming === --- --- --- Ulf Norell --- wg2.8 Kefalonia, May

--- === Agda Tactics Programming === --- --- --- Ulf Norell --- wg2.8 Kefalonia, May 27, 2015 module module Slides where where open open import import Prelude -- https://github.com/UlfNorell/agda-prelude open open import

391 views • 5 slides
Latency Outliers Root Cause Analysis in the Field by Combining Aggregation and Tracing Tools

Latency Outliers Root Cause Analysis in the Field by Combining Aggregation and Tracing Tools

LinuxCon North America 2016 Latency Outliers Root Cause Analysis in the Field by Combining Aggregation and Tracing Tools mathieu.desnoyers@efcios.com julien.desfossez@efcios.com Presenters Mathieu Desnoyers CEO at EfficiOS

411 views • 29 slides
Cutting Edge Tools for Pricing and Underwriting Seminar Integrating External Data into the

Cutting Edge Tools for Pricing and Underwriting Seminar Integrating External Data into the

Version 10/1/11 Cutting Edge Tools for Pricing and Underwriting Seminar Integrating External Data into the Decision Making / Predictive Modeling Process Casualty Actuarial Society Ron Zaleski, Jr., FCAS, MAAA Fall 2011 1 Version 10/1/11

547 views • 29 slides
Tools to access job markets for academics Dr. sc. nat. Daniela Gunz External consultant at

Tools to access job markets for academics Dr. sc. nat. Daniela Gunz External consultant at

Career Services Tools to access job markets for academics Dr. sc. nat. Daniela Gunz External consultant at Career Services Universitt Zrich / Director of Research Partnerships / HR manager at healthbank innovation AG 17.04.2018 Seite 1

413 views • 12 slides
Multimedia Design (1) What is this course about? The media media (text, graphics, audio,

Multimedia Design (1) What is this course about? The media media (text, graphics, audio,

Multimedia Multimedia Design (1) What is this course about? The media media (text, graphics, audio, video, haptics,) Choosing Choosing the right media Combining Combining them effectively Tools / technologies Tools

241 views • 6 slides
Outline Combining different programs with Perl: writing a short Pipeline in Perl UniProt

Outline Combining different programs with Perl: writing a short Pipeline in Perl UniProt

EMBnet Course: PERL for biomedical researchers Command line tools scripting Basel, 11 September 2008 Lorenza Bordoli Swiss Institute of Bioinformatics Outline Combining different programs with Perl: writing a short Pipeline in Perl

659 views • 36 slides
Formal verification of low-level execution platforms Roberto Guanciale Assistant professor

Formal verification of low-level execution platforms Roberto Guanciale Assistant professor

Roberto Guanciale Estonian Winter School Day 01 Formal verification of low-level execution platforms Roberto Guanciale Assistant professor Computer Security Department of Theoretical Computer Science @KTH Research interest in Formal

895 views • 71 slides
Encoding Hoare Logic in Typed Certified Code Nikolaos S. Papaspyrou Michalis A. Papakyriakou

Encoding Hoare Logic in Typed Certified Code Nikolaos S. Papaspyrou Michalis A. Papakyriakou

Encoding Hoare Logic in Typed Certified Code Nikolaos S. Papaspyrou Michalis A. Papakyriakou Angelos Manousaridis National Technical University of Athens School of Electrical and Computer Engineering Software Engineering Laboratory {nickie,

901 views • 45 slides
Verification of Parallel Programs with the Owicki-Gries and Rely-Guarantee Methods in Isabelle/HOL

Verification of Parallel Programs with the Owicki-Gries and Rely-Guarantee Methods in Isabelle/HOL

Verification of Parallel Programs with the Owicki-Gries and Rely-Guarantee Methods in Isabelle/HOL Leonor Prensa Nieto TU M unchen Marseille, 7 January 2002 Isabelle HOL = Overview Motivation. Hoare logic for

263 views • 23 slides
Floyd-Hoare Logic & Verification Conditions Ranjit Jhala, UC San Diego April 16, 2013 A

Floyd-Hoare Logic & Verification Conditions Ranjit Jhala, UC San Diego April 16, 2013 A

Floyd-Hoare Logic & Verification Conditions Ranjit Jhala, UC San Diego April 16, 2013 A Small Imperative Language data Var data Exp data Pred A Small Imperative Language data Com = Asgn Var Expr | Seq Com Com | If Exp Com Com | While

802 views • 45 slides
Coinductive big-step semantics and Hoare logics for nontermination Tarmo Uustalu, Inst of

Coinductive big-step semantics and Hoare logics for nontermination Tarmo Uustalu, Inst of

Coinductive big-step semantics and Hoare logics for nontermination Tarmo Uustalu, Inst of Cybernetics, Tallinn joint work with Keiko Nakata COST Rich Models Toolkit meeting, Madrid, 1718 October 2013 Motivation Standard big-step semantics

725 views • 25 slides
Simplifying Loop Invariant Generation Using Splitter Predicates R. Sharma, I. Dillig, T. Dillig,

Simplifying Loop Invariant Generation Using Splitter Predicates R. Sharma, I. Dillig, T. Dillig,

Simplifying Loop Invariant Generation Using Splitter Predicates R. Sharma, I. Dillig, T. Dillig, A. Aiken Presented by Raphael Fuchs Background Context: (Automatic) Program Verification Floyd-Hoare logic {P} S {Q} Often no

429 views • 13 slides
Hoare Logic for Multiprocessing (Work in progress) Daniel Pellarini joint work with Marina

Hoare Logic for Multiprocessing (Work in progress) Daniel Pellarini joint work with Marina

Varese, September 19-21 2012 Hoare Logic for Multiprocessing (Work in progress) Daniel Pellarini joint work with Marina Lenisa Universit degli studi di Udine, Italy Daniel Pellarini and Marina Lenisa Hoare Logic for Multiprocessing Hoare

507 views • 23 slides
Proving Copyless Message Passing Jules Villard 1 tienne Lozes 1 Cristiano Calcagno 2 1 LSV, ENS

Proving Copyless Message Passing Jules Villard 1 tienne Lozes 1 Cristiano Calcagno 2 1 LSV, ENS

Proving Copyless Message Passing Jules Villard 1 tienne Lozes 1 Cristiano Calcagno 2 1 LSV, ENS Cachan, CNRS 2 Imperial College, London ANR PANDA Sept. 10 PPS Outline Copyless Message Passing Language Highlights Contracts Local

1.08k views • 60 slides

More recommend