formally verified constraint solvers
play

Formally verified constraint solvers Catherine Dubois 1 Sourour - PowerPoint PPT Presentation

Jan 15, 2024 •201 likes •501 views

Formally verified constraint solvers Catherine Dubois 1 Sourour Elloumi 1 Arnaud Gotlieb 2 1. CEDRIC-ENSIIE, Evry, France 2. Certus V&V Center, SIMULA RESEARCH LAB., Lysaker, Norway Dagstuhl Seminar 15381 1 / 23 Formally verified

  1. Formally verified constraint solvers Catherine Dubois 1 Sourour Elloumi 1 Arnaud Gotlieb 2 1. CEDRIC-ENSIIE, ´ Evry, France 2. Certus V&V Center, SIMULA RESEARCH LAB., Lysaker, Norway Dagstuhl Seminar 15381 1 / 23

  2. Formally verified constraint solvers Catherine Dubois 1 Sourour Elloumi 1 Arnaud Gotlieb 2 1. CEDRIC-ENSIIE, ´ Evry, France 2. Certus V&V Center, SIMULA RESEARCH LAB., Lysaker, Norway Finite Domains (FD) constraint solvers Dagstuhl Seminar 15381 1 / 23

  3. Do you trust your solver (SAT/SMT/FD/ATP etc.) ? More confidence .... Why ? ◮ Crucial when used to verify safety/business-critical software ◮ Necessary if integrated into a skeptical proof assistant as a decision procedure Dagstuhl Seminar 15381 2 / 23

  4. How ? Different approaches exist, e.g. ◮ The solver produces an answer (yes/no, sat/unsat, sol/unsat etc) + evidence/proof witness/trace more or less informative A trusted checker verifies the trace (e.g. Isabelle/Z3, Coq/VeriT, ...) ◮ Verify the code of an existing solver itself : forget it ! ◮ Produce a formally verified solver : correct by construction Sat solvers in PVS (Shankar, Vaucher 2011), Isabelle/HOL (Maric, 2010) , Incremental Simplex Algorithm Isabelle/HOL (Spasic Maric 2012), Ergo in Coq (Lescuyer Conchon 2008) LTL model checker in Isabelle (Esparza et al 2013) . . . Dagstuhl Seminar 15381 3 / 23

  5. A family of verified solvers Our contribution − → through a modular and generic architecture for the solver − → high parametricity : constraints, local consistency, variable-value choices, representation issues . . . − → developed within the Coq proof assistant − → written in OCaml, extracted from Coq − → featuring a raisonnable efficiency − → to serve as a verified reference implementation Dagstuhl Seminar 15381 4 / 23

  6. Definition of a (FD) CSP CSP : Constraint Satisfaction Problem A CSP (or constraint network) is a triple ( X , C , D ) where X : a set of variables, C : a set of constraints (relations btw variables) over variables of X , D : a function that maps each variable of X to its domain (finite set of possible values). A solution of ( X , C , D ) is a valid (compatible with D ) assignment defined for all the variables in X that satisfies all the constraints in C A constraint system is unsatisfiable when it has no solution Dagstuhl Seminar 15381 5 / 23

  7. A verified solver : what does it mean ? Let us define a Coq function solve that solves a csp Either solve csp = Some a ( a is provided as a solution) or solve csp = None (no solution) Prove soundness ∀ csp, ∀ a, wellformed csp → solve csp = Some a → is solution a csp. ∀ csp, wellformed csp → solve csp = None → ∀ a, ¬ (is solution a csp) Prove completeness ∀ csp, ∀ a, wellformed csp → is solution a csp → ∃ a ′ , solve csp = Some a’ ∀ csp, wellformed csp → ( ∀ a, ¬ (is solution a csp)) → solve csp = None Extract OCaml code Dagstuhl Seminar 15381 6 / 23

  8. CSP solving Main idea of solving algorithms = repeatedly pruning of inconsistent values from the domains Constraint filtering Constraint propagation Variable labeling Dagstuhl Seminar 15381 7 / 23

  9. CSP solving Main idea of solving algorithms = repeatedly pruning of inconsistent values from the domains Constraint filtering Constraint propagation local consistency Variable labeling Dagstuhl Seminar 15381 7 / 23

  10. CSP solving Main idea of solving algorithms = repeatedly pruning of inconsistent values from the domains Constraint filtering Constraint propagation local consistency Variable labeling Local consistency : arc-consistency, hyper-arc consistency, bound consistency, etc. A constraint is bound consistent (BC) iff when a variable is assigned the minimum or maximum value in its domain, there exist compatible values for all the other variables. Dagstuhl Seminar 15381 7 / 23

  11. Coq formalization of a CSP A key feature : genericity variable : any type equipped with a decidable equality value : any type with a decidable equality constraint : also an abstract type, we ask for 2 functions : Parameter interp : constraint → value → value → bool . It gives the semantics of the constraints Parameter get vars : constraint → variable × variable . It allows us to retrieve the variables of a constraint NB : here definition for binary constraints Dagstuhl Seminar 15381 8 / 23

  12. Record network : Type := Make csp { CVars : list variable ; Doms : mapdomain ; Csts : list constraint } . with mapdomain : type of maps indexed by variables with values as list (without replicates) of elements of type value (built from the Coq map module) Dagstuhl Seminar 15381 9 / 23

  13. Well-formedness of a constraint network Record network inv csp : Prop := Make csp inv { Dwf : ∀ x , In x ( Doms csp ) ↔ In x ( CVars csp ) ; The map of domains is defined on the variables of the csp and only those ones. Cwf1 : ∀ ( c : constraint ) ( x1 x2 : variable ), c ∈ ( Csts csp ) → get vars c = ( x1 , x2 ) → x1 ∈ ( CVars csp ) ∧ x2 ∈ ( CVars csp ) ; The variables appearing in the constraints are variables of the csp. Cwf2 : ∀ x , x ∈ ( CVars csp ) → ∃ c , c ∈ ( Csts csp ) ∧ ( fst ( get vars c ) = x ∨ snd ( get vars c ) = x ) ; Each variable is used at least in one constraint. Norm : ∀ c c’ , c ∈ ( Csts csp ) → c’ ∈ ( Csts csp ) → get vars c = get vars c’ → c = c’ Two different constraints share at most one variable. } . Dagstuhl Seminar 15381 10 / 23

  14. A very general/generic propagation engine .... A formulation close to AC3 (Mackworth 77). .... Function propagate (doms : mapdomain) (qu : queue elem) { wf propagate wf (doms, qu) } : option mapdomain := if empty(qu) then Some (doms) else let p := next(qu) in let (doms’, lvars) := filter p doms in if (notempty lvars) then if has empty dom lvars doms’ then None else propagate doms’ ((remove qu p) ⊕ (visit again p lvars)) else propagate doms (remove qu p) end with red types and functions as generic parameters (and also constraints, values, domains) Dagstuhl Seminar 15381 11 / 23

  15. Termination of propagate We show that each recursive call has decreasing arguments according to some order − → Lexicographic order propagate wf defined on pairs (doms, qu) from the 2 following measures : on qu = number of elements, on doms = sum of lengths of domains. − → The termination proof is also generic : it relies on the fact that when lvars is not empty, some domains strictly decrease (property of filter , aka monotonic propagators ) Property filter true : ∀ p doms doms’ lvars, compat p doms → filter p doms = (doms’, lvars) → notempty lvars = true → ( ∀ v, In v lvars → doms’[v] ⊂ doms[v]). Dagstuhl Seminar 15381 12 / 23

  16. Example : binary constraints and arc-consistency c 1 y x Each constraint c(x,y) is seen as 2 edges in the constraint graph. c 2 c 3 z Definition c ( x , y ) is arc-consistent wrt ( X , C , D ) iff for all u ∈ D ( x ), there exists at least a value (support) v ∈ D ( y ) such that c ( x := u , y := v ) is satisfied. c ≡ x ≥ y arc-consistent c ≡ x > y non arc-consistent D ( x ) D ( y ) D ( x ) D ( y ) 1 1 1 1 support of x=2 2 2 2 2 3 3 3 3 4 4 4 4 No support for x=1 Dagstuhl Seminar 15381 13 / 23

  17. filter (u, c, v) doms : prune the domain of u such that arc-consistency is achieved for c visit again c(u, v) lvars (here lvars=[v]) : computes the list of the arcs (in blue below) whose arc-consistency may have been modified c u v Dagstuhl Seminar 15381 14 / 23

  18. Soundness and completeness of propagation . . . according to a local consistency property The local consistency property is here a parameter : loc consistent c doms : the constraint c is locally consistent with respect to the domains of its variables Dagstuhl Seminar 15381 15 / 23

  19. Soundness and completeness of propagation . . . according to a local consistency property The local consistency property is here a parameter : loc consistent c doms : the constraint c is locally consistent with respect to the domains of its variables - Soundness theorem : local consistency is established for all constraints when fixpoint is achieved Theorem propagate sound : ∀ csp d’, wellformed csp → propagate (Doms csp) (full queue csp) = Some d’ → ( ∀ c, c ∈ (Csts csp) → loc consistent c d’). Dagstuhl Seminar 15381 16 / 23

  20. - Completeness theorem : all the pruned values were inconsistent for some constraint Theorem propagate complete : ∀ csp d’, wellformed csp → propagate d (full queue csp) = Some d’ → ( ∀ x, d(x) � = d’(x) → ( ∀ v, v ∈ d’(x)-d(x), ∃ c, ¬ (loc consistent c d x v ))). where d = Doms csp and d x v defined such that d x v (x)= { v } and d x v (y)=d(y) for y � = x Dagstuhl Seminar 15381 17 / 23

  21. Both theorems require soundness and completeness of filter and also the following property : Property not visit again : ∀ csp p doms doms’, filter p doms = (doms’, lvars) → notempty lvars = true → ( ∀ p’, p’ / ∈ (visit again p lvars) → loc consistent p p’ doms → loc consistent p p’ doms’). − → justify what is -not- added in the worklist after a filtering step Dagstuhl Seminar 15381 18 / 23

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Cache Storage Channels Alias-driven Attacks Formally Verified Platforms Formally Verified

Cache Storage Channels Alias-driven Attacks Formally Verified Platforms Formally Verified

Roberto Guanciale Mads Dam Hamed Nemati Christoph Baumann Cache Storage Channels Alias-driven Attacks Formally Verified Platforms Formally Verified Platforms Caches Excluded Formally Verified from the analysis Platforms Caches Excluded

675 views • 64 slides
Formally Verified Cryptographic Web Applications J. Protzenko et al. MSR + INRIA Verified

Formally Verified Cryptographic Web Applications J. Protzenko et al. MSR + INRIA Verified

Formally Verified Cryptographic Web Applications J. Protzenko et al. MSR + INRIA Verified Cryptographic Web Applications in WASM May. 22 st , 2019 1 / 22 in WebAssembly Jonathan Protzenko Microsoft Research Benjamin Beurdouche INRIA

1.5k views • 57 slides
A Formally Verified Quadratic Unification Algorithm J.-L. Ruiz-Reina, J.-A. Alonso, M.-J. Hidalgo

A Formally Verified Quadratic Unification Algorithm J.-L. Ruiz-Reina, J.-A. Alonso, M.-J. Hidalgo

A Formally Verified Quadratic Unification Algorithm J.-L. Ruiz-Reina, J.-A. Alonso, M.-J. Hidalgo and F .-J. Mart n-Mateos Computational Logic Group Dept. of Computer Science and Artificial Intelligence University of Seville A Formally

356 views • 32 slides
Towards Formally Verified Theorem Provers Ramana Kumar Computer Laboratory, University of

Towards Formally Verified Theorem Provers Ramana Kumar Computer Laboratory, University of

Towards Formally Verified Theorem Provers Ramana Kumar Computer Laboratory, University of Cambridge Twenty Years of the QED Manifesto Vienna Summer of Logic, 2014 HOL Verified Goals of the Project An implementation of HOL Light 1. that runs

428 views • 13 slides
VigNAT: A Formally Verified NAT Arseniy Zaostrovnykh, Solal Pirelli, Luis Pedrosa, Katerina

VigNAT: A Formally Verified NAT Arseniy Zaostrovnykh, Solal Pirelli, Luis Pedrosa, Katerina

VigNAT: A Formally Verified NAT Arseniy Zaostrovnykh, Solal Pirelli, Luis Pedrosa, Katerina Argyraki, George Candea Formally verify a stateful NF with competitive performance and reasonable human effort 2 Formally verify a stateful NF with

836 views • 81 slides
Formally Verified Differential Dynamic Logic (in Isabelle/HOL and Coq) Brandon Bohrer ,

Formally Verified Differential Dynamic Logic (in Isabelle/HOL and Coq) Brandon Bohrer ,

Formally Verified Differential Dynamic Logic (in Isabelle/HOL and Coq) Brandon Bohrer , Vincent Rahli, Ivana Vukotic, Marcus Vlp, Andr Platzer Thanks to: Johannes Hlzl, Fabian Immler, Tobias Nipkow, et. al. + Coquelicot team

540 views • 38 slides
A Formally Verified Symmetry Breaking Tool for SAT David E. Narv aez den9562@rit.edu

A Formally Verified Symmetry Breaking Tool for SAT David E. Narv aez den9562@rit.edu

A Formally Verified Symmetry Breaking Tool for SAT David E. Narv aez den9562@rit.edu Rochester Institute of Technology Rochester, NY, USA FMCAD-18 Student Forum David E. Narv aez (RIT) Formally Verified Symmetry Breaking Tool FMCAD-18

215 views • 6 slides
Towards an Open-Source, Formally-Verified Secure Processor Srini Devadas Massachusetts

Towards an Open-Source, Formally-Verified Secure Processor Srini Devadas Massachusetts

Towards an Open-Source, Formally-Verified Secure Processor Srini Devadas Massachusetts Institute of Technology Architectural Isolation of Processes Fundamental to maintaining correctness and privacy! 2 Performance Dictates

959 views • 43 slides
The Formally Verified seL4 Microkernel High-Assurance Foundation for MCS Gernot Heiser |

The Formally Verified seL4 Microkernel High-Assurance Foundation for MCS Gernot Heiser |

The Formally Verified seL4 Microkernel High-Assurance Foundation for MCS Gernot Heiser | gernot.heiser@data61.csiro.au | @GernotHeiser RTCSA Keynote, Aug20 https://trustworthy.systems What Is Needed For Mixed-Criticality? During a

539 views • 29 slides
Towards A Formally Verified Network-on-Chip Tom van den Broek 1 Julien Schmaltz 12 1 Institute for

Towards A Formally Verified Network-on-Chip Tom van den Broek 1 Julien Schmaltz 12 1 Institute for

Towards A Formally Verified Network-on-Chip Tom van den Broek 1 Julien Schmaltz 12 1 Institute for Computing and Information Sciences Radboud University Nijmegen The Netherlands 2 School of Computer Science Open University The Netherlands

778 views • 62 slides
A Formally Verified Compiler for Lustre Timothy Bourke 1 , 2 Llio Brun 1 , 2 Pierre-variste

A Formally Verified Compiler for Lustre Timothy Bourke 1 , 2 Llio Brun 1 , 2 Pierre-variste

A Formally Verified Compiler for Lustre Timothy Bourke 1 , 2 Llio Brun 1 , 2 Pierre-variste Dagand 4 , 3 , 1 Xavier Leroy 1 Marc Pouzet 4 , 2 , 1 Lionel Rieg 5 , 6 1. Inria Paris 2. DI, cole normale suprieure 3. CNRS 4. Univ. Pierre et

1.15k views • 96 slides
FTCS 93 June 1993 A Formally Verified Algorithm for Interactive Consistency Under a Hybrid Fault

FTCS 93 June 1993 A Formally Verified Algorithm for Interactive Consistency Under a Hybrid Fault

FTCS 93 June 1993 A Formally Verified Algorithm for Interactive Consistency Under a Hybrid Fault Model Patrick Lincoln and John Rushby Computer Science Laboratory SRI International Menlo Park CA USA FTCS 93 1 Summary What we have

494 views • 25 slides
Micro-Policies Formally Verified, Tag-Based Security Monitors Arthur Azevedo de Amorim Maxime

Micro-Policies Formally Verified, Tag-Based Security Monitors Arthur Azevedo de Amorim Maxime

Micro-Policies Formally Verified, Tag-Based Security Monitors Arthur Azevedo de Amorim Maxime Dns Nick Giannarakis Ctlin Hricu Benjamin C. Pierce Antal Spector-Zabusky Andrew Tolmach May 20, 2015 1 How can we design secure

900 views • 79 slides
Fusing Hybrid Remote Attestation with a Formally Verified Microkernel: Lessons Learned Karim

Fusing Hybrid Remote Attestation with a Formally Verified Microkernel: Lessons Learned Karim

Fusing Hybrid Remote Attestation with a Formally Verified Microkernel: Lessons Learned Karim Eldefrawy, Norrathep Rattanavipanon , Gene Tsudik June 28, 2017 nrattana@uci.edu http://sprout.ics.uci.edu IoT/CPS/ES IoT/CPS/ES IoT/CPS/ES Remote

451 views • 33 slides
Obtaining Provably Secure Services from Formally Verified Remote Attestation Gene Tsudik 1 Joint

Obtaining Provably Secure Services from Formally Verified Remote Attestation Gene Tsudik 1 Joint

Obtaining Provably Secure Services from Formally Verified Remote Attestation Gene Tsudik 1 Joint work with: Ivan De Oliveira Nunes 1 , Karim Eldefrawy 2 , Norrathep Rattanavipanon 1 University of California Irvine 1 , SRI International 2 1 In

847 views • 48 slides
Dominance Detection Methods for Lookahead Constraint Solvers I. Razgon and A. Meisels -1-

Dominance Detection Methods for Lookahead Constraint Solvers I. Razgon and A. Meisels -1-

Dominance Detection Methods for Lookahead Constraint Solvers I. Razgon and A. Meisels -1- Contents 1. Problem Presentation 2. Algorithms 3. Preliminary results and further investigation 4. Related work 5. Conclusion -2- Future

257 views • 12 slides
Quantum Versions of k-CSP The Need for . . . k -CSP problems Algorithms: a First Step Known

Quantum Versions of k-CSP The Need for . . . k -CSP problems Algorithms: a First Step Known

Outline General Problem of . . . Probabilistic and . . . Interval . . . Additional Problem: . . . Quantum Versions of k-CSP The Need for . . . k -CSP problems Algorithms: a First Step Known Algorithm for . . . Sch onings Algorithm . .

622 views • 15 slides
Constraint Satisfaction Problems Chapter 6, Sections 15 of; based on AIMA Slides c Artificial

Constraint Satisfaction Problems Chapter 6, Sections 15 of; based on AIMA Slides c Artificial

Constraint Satisfaction Problems Chapter 6, Sections 15 of; based on AIMA Slides c Artificial Intelligence, spring 2013, Peter Ljungl Stuart Russel and Peter Norvig, 2004 Chapter 6, Sections 15 1 Outline CSP examples

663 views • 35 slides
Distance Constraint Satisfaction Problems Manuel Bodirsky CNRS/LIX, Ecole Polytechnique

Distance Constraint Satisfaction Problems Manuel Bodirsky CNRS/LIX, Ecole Polytechnique

Distance Constraint Satisfaction Problems Manuel Bodirsky CNRS/LIX, Ecole Polytechnique Joint work with V ctor Dalmau, Barnaby Martin, Michael Pinsker Brno, August 2010 Distance CSPs 1 Constraint Satisfaction Problems Informal

787 views • 46 slides
Constraint Satisfaction Problems Professor Chris Callison-Burch CIS 550 | Property of Penn

Constraint Satisfaction Problems Professor Chris Callison-Burch CIS 550 | Property of Penn

CIS 521: ARTIFICIAL INTELLIGENCE Constraint Satisfaction Problems Professor Chris Callison-Burch CIS 550 | Property of Penn Engineering | 1 What is Search For? o Assumptions about the world: a single agent, deterministic actions,

1.06k views • 56 slides
Today Reminder: Constraint satisfaction problems See Russell and Norvig, chapter 5 CSP: state is

Today Reminder: Constraint satisfaction problems See Russell and Norvig, chapter 5 CSP: state is

1 2 Today Reminder: Constraint satisfaction problems See Russell and Norvig, chapter 5 CSP: state is defined by variables X i with values from domain D i Constraint satisfaction problems (CSPs) goal test is a set of constraints specifying

450 views • 7 slides
From Weak to Strong LP Gaps for all CSPs Mrinalkanti Ghosh joint work with: Madhur Tulsiani

From Weak to Strong LP Gaps for all CSPs Mrinalkanti Ghosh joint work with: Madhur Tulsiani

From Weak to Strong LP Gaps for all CSPs Mrinalkanti Ghosh joint work with: Madhur Tulsiani MAX k-CSP - n variables - m constraints MAX k-CSP - n variables taking boolean values. - m constraints: each is a k-ary boolean predicate. - Satisfy

1.11k views • 67 slides
TDDC17 So far: F 4 Today: Uninformed search Constraint Satisfaction Problems Constraints

TDDC17 So far: F 4 Today: Uninformed search Constraint Satisfaction Problems Constraints

Representing States TDDC17 So far: F 4 Today: Uninformed search Constraint Satisfaction Problems Constraints Heuristic search Chapter 6. 10 binary variables can describe 2^10 = 10,024 worlds 20 binary variables can describe

1.77k views • 10 slides
Today CS 232: Ar)ficial Intelligence Constraint Sa)sfac)on

Today CS 232: Ar)ficial Intelligence Constraint Sa)sfac)on

Today CS 232: Ar)ficial Intelligence Constraint Sa)sfac)on Problems II Sep 17, 2015 Efficient Solu)on of CSPs Local Search [These slides

938 views • 10 slides

More recommend