front end technologies for formal methods tools
play

Front-end Technologies for Formal-Methods Tools Makarius Wenzel - PowerPoint PPT Presentation

May 29, 2023 •112 likes •461 views

Front-end Technologies for Formal-Methods Tools Makarius Wenzel Univ. Paris-Sud, Laboratoire LRI November 2013 Abstract Looking at the past decades of interactive (and automated) theorem proving, and tools that integrate both for program

  1. Front-end Technologies for Formal-Methods Tools Makarius Wenzel Univ. Paris-Sud, Laboratoire LRI November 2013

  2. Abstract Looking at the past decades of interactive (and automated) theorem proving, and tools that integrate both for program verification, we see a considerable technological gap. On the one hand there are sophisticated IDEs for mainstream languages (notably on the Java platform). On the other hand there are deep logical tools implemented in higher-order languages, but with very poor user-interfaces. The PIDE (Prover IDE) approach combines both the JVM world and the ML world to support sophisticated document-oriented interaction, with semantic information provided by existing logical tools. The architecture is inherently bilingual: Scala is used to bridge the conceptual gap from ML-like languages (SML, OCaml, Haskell) to the JVM, where powerful editors or IDE frameworks already exist. Thus we can extend our tools to a wider world, without giving up good manners of higher-order strongly-typed programming. Isabelle/jEdit is presently the main example of such a Prover IDE, see also http://isabelle.in.tum.de for the current release Isabelle2013-1 (November 2013). The general principles to enhance such formerly command-line tools to work with full-scale IDEs are explained by more basic examples: CoqIDE and Why3. 1

  3. This demonstrates that classic logic-based tools can be reformed and we can hope to address more users eventually. 2

  4. Introduction

  5. Motivation General aims: • renovate and reform interactive (and automated) theorem proving for new generations of users • catch up with technological changes: multicore hardware and non-sequentialism • document-oriented user interaction • mixed-platform tool integration Side-conditions: • routine support for Linux, Windows, Mac OS X • integrated application: download and run • no “installation” • no “packaging” • no “ ./configure; make; make install ” Introduction 4

  6. Example: Isabelle/jEdit Prover IDE Introduction 5

  7. Antiquated “IDEs”

  8. Emacs Proof General Characteristics: • front-end for TTY loop • sequential proof scripting • one frontier between checked/unchecked text • one proof state • one response • synchronous Antiquated “IDEs” 7

  9. CoqIDE Characteristics: • clone of Proof General, without Emacs • OCaml + old GTK • lacks proper editor Antiquated “IDEs” 8

  10. Why3 IDE Characteristics: • small add-on for Why3 • minimal integration with CoqIDE • lacks editor Antiquated “IDEs” 9

  11. PIDE architecture

  12. The connectivity problem ? Editor Prover PIDE architecture 11

  13. Example: Java IDE Netbeans: JVM API Editor: JVM Compiler: JVM Characteristics: + Conceptually simple — no rocket science. + It works well — mainstream technology. −− Provers are not implemented in Java! − Even with Scala, the JVM is not ideal for hardcore FM. PIDE architecture 12

  14. Example: CoqIDE CoqIDE: OCaml API Prover: OCaml Editor: OCaml Characteristics: + Conceptually simple — no rocket science. + − It works . . . mostly. − Many Coq power-users ignore it. − GTK/OCaml is outdated; GTK/SML is unavailable. − − − Need to duplicate editor implementation efforts. PIDE architecture 13

  15. Bilingual approach Realistic assumption: • Prover: ML (SML, OCaml, Haskell) • Editor: Java Big problem: How to integrate the two worlds? • Separate processes: requires marshalling, serialization, protocols. • Different implementation languages and programming paradigms. • Different cultural backgrounds! Front-end (editor) Back-end (prover) “XML” plain text weakly structured data “ λ -calculus” OO programming higher-order FP Java ML PIDE architecture 14

  16. PIDE architecture: conceptual view API API Document Editor: JVM Prover: ML model PIDE architecture 15

  17. PIDE architecture: implementation view Scala ML TCP/IP servers JVM bridge private POSIX processes POSIX processes protocol API API Scala ML Java threads ML threads Scala actors ML futures Design principles: • private protocol for prover connectivity (asynchronous interaction, parallel evaluation) • public Scala API (timeless, stateless, static typing) PIDE architecture 16

  18. Scala

  19. JVM platform problems − reasonably fast only after long startup time − small stack/heap default size, determined at boot time − no tail recursion for methods − delicate semantics of object initialization; mutual scopes but se- quential (strict) evaluation − plain values (e.g. int ) vs. objects (e.g. Integer ) live in separate worlds — cannot have bignums that are unboxed for small values − multi-platform GUI support is subject to subtle issues (“write once, debug everywhere”) − null (cf. Tony Hoare: Historically Bad Ideas: ”Null References: The Billion Dollar Mistake” ) Scala 18

  20. Java language problems − very verbose, code inflation factor ≈ 2–10 − outdated language design, inability of further evolution − huge development tools (software Heavy Industry) But: + reasonably well-established on a broad range of platforms (Linux, Windows, Mac OS X) + despite a lot of junk, some good frameworks are available (e.g. jEdit editor) + Scala can use existing JVM libraries (with minimal exposure to Java legacy) Scala 19

  21. Scala language concepts (Martin Odersky et al) • full compatibility with existing Java/JVM libraries — asymmetric upgrade path • about as efficient as Java • fully object-oriented (unlike Java) • higher-order functional concepts (like ML/Haskell) • algebraic datatypes (“case classes”) with usual constructor terms and pattern matching (“extractors”) • good standard libraries – tuples, lists, options, functions, partial functions – iterators and collections – actors (concurrency, interaction, parallel computation) • flexible syntax, supporting a broad range of styles, e.g. deflated Java, scripting languages, “domain-specific languages” Scala 20

  22. • very powerful static type-system: – parametric polymorphism (similar to ML) – subtyping (“OO” typing) – coercions (“conversions”, “views”) – auto-boxing – self types – existential types – higher-kinded parameters – type-inference • incremental compiler (“toplevel loop”) • mainstream IDE support (IntelliJ IDEA, Eclipse, Netbeans) Scala 21

  23. Isabelle/ML versus Scala Isabelle/ML: • efficient functional programming with parallel evaluation • implementation and extension language of logical framework • ML embedded into the formal context • leverages decades of research into prover technology Scala: • functional object-oriented programming with concurrency • system programming environment for the prover • Scala access to formal document content • leverages JVM frameworks (IDEs, editors, web servers etc.) Scala 22

  24. OCaml versus Scala Left as an exercise for OCaml experts! Scala 23

  25. PIDE backend implementation

  26. Example: CoqPIDE • https://bitbucket.org/makarius/coq-pide/src/443d088a72e6/ README.PIDE?at=v8.4 • coq-pide/ide/pide.ml (25 kB total; 2 kB payload for Coq) • formal checking limited to lexical analysis (CoqIDE tokenizer) PIDE backend implementation 25

  27. Example: Why3PIDE • https://bitbucket.org/makarius/why3pide • why3pide/why3pide.ml (32 kB total; 8 kB payload for Why3) • formal checking via reports about theory and term structure • static syntax tables in jEdit (derived from share/lang/why.lang ) PIDE backend implementation 26

  28. PIDE protocol layers (1) Bidirectional byte-channel: • pure byte streams • block-buffering • high throughput • Unix: named pipes; Windows: TCP socket; not stdin/stdout Message chunks: • explicit length indication • block-oriented I/O Text encoding and character positions: • reconcile ASCII, ISO-Latin-1, UTF-8, UTF-16 • unify Unix / Windows line-endings • occasional readjustment of positions PIDE backend implementation 27

  29. PIDE protocol layers (2) YXML transfer syntax: • markup trees over plain text • simple and robust transfer syntax • easy upgrade of text-based application XML/ML data representation • canonical encoding / decoding of ML-like datatypes • combinator library for each participating language, e.g. OCaml: type ’a Encode.t = ’a -> XML.tree list Encode.string: string Encode.t Encode.pair: ’a Encode.t -> ’b Encode.t -> (’a * ’b) Encode.t Encode.list: ’a Encode.t -> ’a list Encode.t • untyped data representation of typed data • typed conversion functions PIDE backend implementation 28

  30. Protocol functions • type protocol_command = name -> input -> unit • type protocol_message = name -> output -> unit • outermost state of protocol handlers on each side (pure values) • asynchronous streaming in each direction → editor and prover as stream-procession functions − commands Editor Prover messages PIDE backend implementation 29

  31. Markup reports Problem: round-trip through several sophisticated syntax layers Solution: execution trace with markup reports text text p t o r s o i p t i e o t r n r o p e r term PIDE backend implementation 30

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Formal Methods && Tools Group Stefania Gnesi F F F M&&T M&&T

Formal Methods && Tools Group Stefania Gnesi F F F M&&T M&&T

F F F Formal Methods && Tools Group Stefania Gnesi F F F M&&T M&&T M&&T June 27, 03 Formal Methods && Tools Group - ISTI CNR CAF - 1 F F F Outline Overview of the Formal Methods

276 views • 23 slides
Software Verification/Validation Methods and Tools . . . or Practical Formal Methods John Rushby

Software Verification/Validation Methods and Tools . . . or Practical Formal Methods John Rushby

Software Verification/Validation Methods and Tools . . . or Practical Formal Methods John Rushby Computer Science Laboratory SRI International Menlo Park, CA John Rushby, SR I Practical Formal Methods: 1 Need: Growing Importance and Cost of

278 views • 12 slides
Formal Methods and Cryptography Lecture 24 1 Formal Methods 2 Formal Methods Logical

Formal Methods and Cryptography Lecture 24 1 Formal Methods 2 Formal Methods Logical

Formal Methods and Cryptography Lecture 24 1 Formal Methods 2 Formal Methods Logical foundations of computer science 2 Formal Methods Logical foundations of computer science A language that machines can understand 2 Formal Methods

1.22k views • 121 slides
formal methods & tools. SpinS : Extending LTSmin with Promela through SpinJa Alfons Laarman

formal methods & tools. SpinS : Extending LTSmin with Promela through SpinJa Alfons Laarman

UNIVERSITY OF TWENTE. formal methods & tools. SpinS : Extending LTSmin with Promela through SpinJa Alfons Laarman Joint with Freark van der Berg Sept 17, 2012 Imperial College, London, UK ... ... Spin Model Checker Process Meta-Language (

1.23k views • 39 slides
Methods and tools for design time and runtime formal analysis of security protocols and web

Methods and tools for design time and runtime formal analysis of security protocols and web

Methods and tools for design time and runtime formal analysis of security protocols and web applications Marco Rocchetto REsearch Group in I nformation S ecurity Department of Computer Science University of Verona, Italy Verona, May 8, 2015

731 views • 62 slides
Formal Methods Michael Collins. 18-849, Section B Spring 1999 Formal Methods Why

Formal Methods Michael Collins. 18-849, Section B Spring 1999 Formal Methods Why

Formal Methods Michael Collins. 18-849, Section B Spring 1999 Formal Methods Why Formalisms? Relationships Flaws Some systems Conclusions Why Formal Methods? We already can build systems. Roman Engineers built

671 views • 12 slides
Lecture Outline 1. The lecturer 2. Introduction to Formal Methods DD2452 Formal Methods 3.

Lecture Outline 1. The lecturer 2. Introduction to Formal Methods DD2452 Formal Methods 3.

Lecture Outline 1. The lecturer 2. Introduction to Formal Methods DD2452 Formal Methods 3. Course syllabus 4. Course objectives Introductory Lecture 5. Course organization 1. Lecturer 2. Formal Methods Name: Dilian Gurov Formal

56 views • 3 slides
Machine Learning in Formal Verification Manish Pandey, PhD Chief Architect, New Technologies

Machine Learning in Formal Verification Manish Pandey, PhD Chief Architect, New Technologies

Machine Learning in Formal Verification Manish Pandey, PhD Chief Architect, New Technologies Synopsys, Inc. June 18, 2017 1 Build Better Formal Verification Tools? CAR BICYCLE DOG S oftware that learns from experience and enables

767 views • 40 slides
Formal Methods and Cryptography Lecture 25 Formal Methods Formal Methods Logical foundations

Formal Methods and Cryptography Lecture 25 Formal Methods Formal Methods Logical foundations

Formal Methods and Cryptography Lecture 25 Formal Methods Formal Methods Logical foundations of computer science Formal Methods Logical foundations of computer science A language that machines can understand Formal Methods Logical

1.67k views • 123 slides
Formal Methods and Tools for Distributed Systems Thomas Ball Microsoft

Formal Methods and Tools for Distributed Systems Thomas Ball Microsoft

Formal Methods and Tools for Distributed Systems Thomas Ball Microsoft http://research.microsoft.com/~tball Outline 20 Years at Microsoft (1999-present) The great work of others at Microsoft 20 Years at Microsoft From EULA to SLA

888 views • 72 slides
Tools for Formal Methods: ICS, SAL, and Stateflow John Rushby Computer Science Laboratory SRI

Tools for Formal Methods: ICS, SAL, and Stateflow John Rushby Computer Science Laboratory SRI

Tools for Formal Methods: ICS, SAL, and Stateflow John Rushby Computer Science Laboratory SRI International Menlo Park, California, USA John Rushby, SRI ICS, SAL, and Stateflow: 1 Introduction Weve distributed the PVS Verification

978 views • 45 slides
Testing/Simulation Formal Analysis Real System Formal Model Partial coverage Complete coverage

Testing/Simulation Formal Analysis Real System Formal Model Partial coverage Complete coverage

Formal Methods Assurance for TTP John Rushby Computer Science Laboratory SRI International Menlo Park CA USA John Rushby, SR I Formal Methods Assurance for TTP: 1 Formal Methods for Analysis and Assurance: The Idea Testing/Simulation Formal

200 views • 6 slides
Generating and Solving Symbolic Parity Games Gijs Kant Jaco van de Pol Formal Methods &

Generating and Solving Symbolic Parity Games Gijs Kant Jaco van de Pol Formal Methods &

Generating and Solving Symbolic Parity Games Gijs Kant Jaco van de Pol Formal Methods & Tools University of Twente The Netherlands Games 2012, Napoli, Italia 1 / 26 Motivation Application: formal verification of process algebraic

531 views • 26 slides
Specifying circuit properties in PSL Formal methods Mathematical and logical methods used in

Specifying circuit properties in PSL Formal methods Mathematical and logical methods used in

Specifying circuit properties in PSL Formal methods Mathematical and logical methods used in system development Aim to increase confidence in riktighet of system Apply to both hardware and software 1 Formal methods Complement other

524 views • 25 slides
A Review of Formal Methods : 200514170 : (T4) (T4)

A Review of Formal Methods : 200514170 : (T4) (T4)

A Review of Formal Methods : 200514170 : (T4) (T4) Contents INTRODUCTION INTRODUCTION DEFINITION AND OVERVIEW OF FORMAL METHODS SPECIFICATION METHODS LIFE CYCLES AND

317 views • 19 slides
Requirements and Formal Methods Softw are Engineering Overview Overview on the RE process

Requirements and Formal Methods Softw are Engineering Overview Overview on the RE process

Requirements and Formal Methods Softw are Engineering Overview Overview on the RE process What are Formal Methods? Advantages and Disadvantages of Formal Methods Formal Methods in the Requirement Process Mathematical Formulas

561 views • 20 slides
in the CBM experiment J. Lehnert (GSI Darmstadt) for the CBM Collaboration TWEPP 2016 - Topical

in the CBM experiment J. Lehnert (GSI Darmstadt) for the CBM Collaboration TWEPP 2016 - Topical

CBM GBT based readout in the CBM experiment J. Lehnert (GSI Darmstadt) for the CBM Collaboration TWEPP 2016 - Topical Workshop on Electronics in Particle Physics Karlsruhe Institute of Technology Wed. 28.09.2016 1 FAIR - Facility for Antiproton

380 views • 23 slides
newlyweds THE THE AGE OF INNOCENCE CHAPTERS 19 - 22 Chapter Outline Ch 18 The Separation

newlyweds THE THE AGE OF INNOCENCE CHAPTERS 19 - 22 Chapter Outline Ch 18 The Separation

LITERATURE PAPER ONE LECTURE EIGHT newlyweds THE THE AGE OF INNOCENCE CHAPTERS 19 - 22 Chapter Outline Ch 18 The Separation Ch 19 The Wedding Ch 20 London (Mrs Carfry and M. Riviere) Ch 21 Newport Archery Club + Mrs Ms + The shore Ch

570 views • 29 slides
Routing Table Status Report November 2005 IPv4 Routing Table Size - Aug IPv4 Routing Table Size

Routing Table Status Report November 2005 IPv4 Routing Table Size - Aug IPv4 Routing Table Size

Geoff Huston APNIC Routing Table Status Report November 2005 IPv4 Routing Table Size - Aug IPv4 Routing Table Size - Nov Data assembled from Route Views data. Each colour represents a time series for a single AS. The major point here is

686 views • 45 slides
Trimethoxyphenyl Conjugates Kevin D. OShea 1 , Michael M. Cahill 1 , Larry T. Pierce 1 ,

Trimethoxyphenyl Conjugates Kevin D. OShea 1 , Michael M. Cahill 1 , Larry T. Pierce 1 ,

Synthesis and Anticancer Activity of Novel Indole- Trimethoxyphenyl Conjugates Kevin D. OShea 1 , Michael M. Cahill 1 , Larry T. Pierce 1 , Florence O. McCarthy 1,* 1 School of Chemistry and ABCRF, Cavanagh Building, University College Cork,

539 views • 24 slides
Disclaimer Opinions Expressed Herein or Otherwise are those of the Speaker and do not Necessarily

Disclaimer Opinions Expressed Herein or Otherwise are those of the Speaker and do not Necessarily

9/9/2016 Steven E. Gordon Assistant United States Attorney Civil Rights Enforcement Coordinator USAO Eastern District of Virginia 1 Disclaimer Opinions Expressed Herein or Otherwise are those of the Speaker and do not Necessarily Reflect the

686 views • 45 slides
Towar ards a s a Motivat vated A Annotat ation Sc Schema of of Col olloc ocation on Er

Towar ards a s a Motivat vated A Annotat ation Sc Schema of of Col olloc ocation on Er

Towar ards a s a Motivat vated A Annotat ation Sc Schema of of Col olloc ocation on Er Error ors i in n Learne ner C Corpor ora M. Alonso Ramos, L. Wanner, O. Vincze, G. Casamayor, N. Vzquez, E. Mosqueira y S. Prieto

232 views • 22 slides
CAMPUS UPDATE DECEMBER 7, 2016 Format Timed Questions Discussion International Plan

CAMPUS UPDATE DECEMBER 7, 2016 Format Timed Questions Discussion International Plan

CAMPUS UPDATE DECEMBER 7, 2016 Format Timed Questions Discussion International Plan Implementation beginning 4 areas of international impact 1. International development, health and education 2. Science, technology

370 views • 13 slides
The shapes of level curves of real polynomials near strict local minima Miruna-tefana Sorea

The shapes of level curves of real polynomials near strict local minima Miruna-tefana Sorea

The shapes of level curves of real polynomials near strict local minima Miruna-tefana Sorea Max Planck Institute for Mathematics in the Sciences, Leipzig Algebraic and combinatorial perspectives in the mathematical sciences (ACPMS)

670 views • 63 slides

More recommend