handling fjrst order proofs
play

Handling fjrst-order proofs Michael Raskin , raskin@mccme.ru - PowerPoint PPT Presentation

Jan 06, 2024 •298 likes •642 views

. . . . . . . . . . . . . . Handling fjrst-order proofs Michael Raskin , raskin@mccme.ru Christoph Welzel Dept. of CS, TU Munich April 1, 2019 The project has received funding from the European Research Council (ERC) under the

  1. . . . . . . . . . . . . . . Handling fjrst-order proofs Michael Raskin , raskin@mccme.ru Christoph Welzel Dept. of CS, TU Munich April 1, 2019 The project has received funding from the European Research Council (ERC) under the European Union’s Horizon 2020 research and innovation programme under grant agreement No 787367 M. Raskin, C. Welzel (TUM) Handling fjrst-order proofs April 1, 2019 . . . . . . . . . . . . . . . . . . . . . . . . . . 1 / 29

  2. . . . . . . . . . . . . . . Overview Direction: algorithm and program verifjcation Local goal: formal proofs for distributed algorithms Approach: fjrst-order logic and help from automated systems Example: mutual exclusion Our tooling and workfmow M. Raskin, C. Welzel (TUM) Handling fjrst-order proofs April 1, 2019 . . . . . . . . . . . . . . . . . . . . . . . . . . 2 / 29

  3. . . . . . . . . . . . . General context . Some programs have bugs More complex tasks; hardware rewards more complex approaches Bugs harder to detect, reproduce, eliminate Testing? Strict in-language restrictions (types, lifetimes, …)? Static analysis? Proofs? All the approaches are useful — let developers choose We want to expand the options for proofs M. Raskin, C. Welzel (TUM) Handling fjrst-order proofs April 1, 2019 . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 / 29

  4. . . . . . . . . . . . . General context . Some programs have bugs More complex tasks; hardware rewards more complex approaches Bugs harder to detect, reproduce, eliminate Testing? Strict in-language restrictions (types, lifetimes, …)? Static analysis? Proofs? All the approaches are useful — let developers choose We want to expand the options for proofs M. Raskin, C. Welzel (TUM) Handling fjrst-order proofs April 1, 2019 . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 / 29

  5. . proofs . . . . . . . . . Proofs: what kind of proofs? We currently work on verifying distributed algorithm design via formal What kind of proofs and tools can we use? . First-order logic proofs (with support from Automated Theorem Provers) More compatible tools, more automation available, simpler logic, cannot use theory-specifjc knowledge Proofs in specifjc fjrst-order theories (via SMT) Reliance on complicated tools for a more complex problem Higher-order logic proofs (probably with interactive provers) More expressive logics — difgerent for difgerent tools We use fjrst-order logic and ATP systems M. Raskin, C. Welzel (TUM) Handling fjrst-order proofs April 1, 2019 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 / 29

  6. . Second-order logic puts function variables into language . . . . . . . . . . First-order logic and higher-order logic: illustration (setf f (lambda (x) …)) . (funcall f arg) First-order logic: function variables not supported directly; … so interface-passing style is needed (defmethod call-f ((f (eql :something)) x) …) (defmethod call-f ((f (eql :something-else)) x) …) (setf f :something) (call-f f arg) Our current experiments don’t use that (yet) M. Raskin, C. Welzel (TUM) Handling fjrst-order proofs April 1, 2019 . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 / 29

  7. . Second-order logic puts function variables into language . . . . . . . . . . First-order logic and higher-order logic: illustration (setf f (lambda (x) …)) . (funcall f arg) First-order logic: function variables not supported directly; … so interface-passing style is needed (defmethod call-f ((f (eql :something)) x) …) (defmethod call-f ((f (eql :something-else)) x) …) (setf f :something) (call-f f arg) Our current experiments don’t use that (yet) M. Raskin, C. Welzel (TUM) Handling fjrst-order proofs April 1, 2019 . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 / 29

  8. . Closest to what is used in mathematics and theoretical CS textbooks for . . . . . . . . . . First-order logic — our view proofs . … if everything goes well, reusing published proofs might become less work after some time A lot of compatible tools — even with the same format (Thousands of Problems for Theorem Provers — TPTP) … hope of cross-verifjcation Most advanced proof search tools Hard to do fully formal proofs — but can ask automated provers to fjnish proof details M. Raskin, C. Welzel (TUM) Handling fjrst-order proofs April 1, 2019 . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 / 29

  9. . (Some code to resolve confmicts faster — who gets priority) . . . . . . . . Example: mutual exclusion — Dijkstra’s algorithm Our current experiments: around Dijkstra’s mutex (single CPU core, multi-threading) Algorithm idea: Process declares intent to enter critical section . Verifjes no other process has declared same intent Executes critical section Cleans up declarations Logical encoding: Some theory of discrete time, and discrete list of agents Variables — functions from time to values Local variables — time and agent to values State of the program (instruction pointer) — local variable Single-threaded execution: active agent is a global variable M. Raskin, C. Welzel (TUM) Handling fjrst-order proofs April 1, 2019 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 / 29

  10. . (Some code to resolve confmicts faster — who gets priority) . . . . . . . . Example: mutual exclusion — Dijkstra’s algorithm Our current experiments: around Dijkstra’s mutex (single CPU core, multi-threading) Algorithm idea: Process declares intent to enter critical section . Verifjes no other process has declared same intent Executes critical section Cleans up declarations Logical encoding: Some theory of discrete time, and discrete list of agents Variables — functions from time to values Local variables — time and agent to values State of the program (instruction pointer) — local variable Single-threaded execution: active agent is a global variable M. Raskin, C. Welzel (TUM) Handling fjrst-order proofs April 1, 2019 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 / 29

  11. . Verifjes no other process has declared same intent . . . . . . . . . Example: Dijkstra’s mutex (cont.) Process declares intent to enter critical section Some theory of discrete time, and discrete list of agents . Variables — functions from time to values Local variables — time and agent to values State of the program (instruction pointer) — local variable Single-threaded execution: active agent is a global variable Want to prove: Safety — two difgerent agents cannot enter critical section simultaneously Actually prove: Defjne invariant; if it holds, it holds at the next moment Invariant as defjned implies safety M. Raskin, C. Welzel (TUM) Handling fjrst-order proofs April 1, 2019 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 / 29

  12. . Want to prove: . . . . . . . . . . Proving induction step Safety — two difgerent agents cannot enter critical section simultaneously . Actually prove: Defjne invariant; if it holds now, it holds at the next moment Invariant as defjned implies safety The base case tends to be obvious Why prove only inductive step? Simpler… and already hard enough for now Easy to also prove the base case — still exploring the options for proving the (harder) step M. Raskin, C. Welzel (TUM) Handling fjrst-order proofs April 1, 2019 . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 / 29

  13. . Want to prove: . . . . . . . . . . Proving induction step Safety — two difgerent agents cannot enter critical section simultaneously . Actually prove: Defjne invariant; if it holds now, it holds at the next moment Invariant as defjned implies safety The base case tends to be obvious Why prove only inductive step? Simpler… and already hard enough for now Easy to also prove the base case — still exploring the options for proving the (harder) step M. Raskin, C. Welzel (TUM) Handling fjrst-order proofs April 1, 2019 . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 / 29

  14. . . . . . . . . . . . . . . Why prove only inductive step? Easy encoding of induction needs infjnitely many axioms Rich theories harder for proof search Clear strategies for encoding fjrst-order theories with induction (for example, in an interface-passing style) This is not our current priority (yet) M. Raskin, C. Welzel (TUM) Handling fjrst-order proofs April 1, 2019 . . . . . . . . . . . . . . . . . . . . . . . . . . 10 / 29

  15. . . . . . . . . . . . . Working with a proof . Defjning axioms (model + algorithm) Defjning the safety condition Defjning invariant Claiming invariant is inductive Claiming invariant implies safety Adding/generating lemmas Verifying the proof M. Raskin, C. Welzel (TUM) Handling fjrst-order proofs April 1, 2019 . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 / 29

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

capabilities / virtual machines 1 Changelog Changes not seen in fjrst lecture: 23 April 2020:

capabilities / virtual machines 1 Changelog Changes not seen in fjrst lecture: 23 April 2020:

capabilities / virtual machines 1 Changelog Changes not seen in fjrst lecture: 23 April 2020: add index slides re: cases for priviliged instruction handling and introduction explaining syscalls as special case 1 last time (1) network fjle

1.71k views • 120 slides
Mechanized proofs in higher-order separation logic Robbert Krebbers Delft University of

Mechanized proofs in higher-order separation logic Robbert Krebbers Delft University of

Mechanized proofs in higher-order separation logic Robbert Krebbers Delft University of Technology, The Netherlands February 5, 2019 @ Vrije Universiteit, Amsterdam, The Netherlands 1 Tactic-style proofs (as in LCF/Coq/HOL/ etc. ) have shown to

978 views • 97 slides
Checkable Proofs for First-Order Theorem Proving Giles Reger 1 , Martin Suda 2 1 School of Computer

Checkable Proofs for First-Order Theorem Proving Giles Reger 1 , Martin Suda 2 1 School of Computer

Checkable Proofs for First-Order Theorem Proving Giles Reger 1 , Martin Suda 2 1 School of Computer Science, University of Manchester, UK 2 TU Wien, Vienna, Austria ARCADE 2017 Gothenburg, August 6, 2017 1/8 Why do we want proofs? (explain

567 views • 29 slides
Changelog Changes made in this version not seen in fjrst lecture: 15 November: vector addr

Changelog Changes made in this version not seen in fjrst lecture: 15 November: vector addr

Changelog Changes made in this version not seen in fjrst lecture: 15 November: vector addr picture: make order of result consistent with order of inputs 15 November: correct square to matmul on several vector slides 15 November: correct mixups

1.03k views • 99 slides
fjrst fru i ts 2 0 1 9 Increasing our heart consecration to God by putting Him fjrst in all

fjrst fru i ts 2 0 1 9 Increasing our heart consecration to God by putting Him fjrst in all

First Fruits Commitment Service First Fruits Ofgering Celebration WITH SIS. JENNIFER COBB PENTECOST SUNDAY FEBRUARY 10, 2019 JUNE 9, 2019 fjrst fru i ts 2 0 1 9 Increasing our heart consecration to God by putting Him fjrst in all

574 views • 8 slides
Tableau Proofs. Preliminaries S with a binary relation (less than, written < , on S which

Tableau Proofs. Preliminaries S with a binary relation (less than, written < , on S which

Spring 2009 IA008 Computational Logic Tableau Proofs Tableau Proofs. Preliminaries S with a binary relation (less than, written < , on S which is transitive and irreflexive . A partial order ... a set T is infinite, it has an A tree K

473 views • 15 slides
The breakdown of photon blockade: a fjrst-order dissipative quantum phase transition cloud-based

The breakdown of photon blockade: a fjrst-order dissipative quantum phase transition cloud-based

The breakdown of photon blockade: a fjrst-order dissipative quantum phase transition cloud-based simulation of open quantum systems Andrs Vukics Wigner Research Centre for Physics, Budapest GPU Day 2020 Budapest, 20 October 2020 Quantum

554 views • 29 slides
virtual machines 1 Changelog Changes made in this version not seen in fjrst lecture: 23 April

virtual machines 1 Changelog Changes made in this version not seen in fjrst lecture: 23 April

virtual machines 1 Changelog Changes made in this version not seen in fjrst lecture: 23 April 2019: rearrange slide order to better match lecture order 23 April 2019: change real page table to shadow page table in some places 23

1.39k views • 113 slides
Towards the Compression of First-Order Resolution Proofs by Lowering Unit Clauses J. Gorzny 1 B.

Towards the Compression of First-Order Resolution Proofs by Lowering Unit Clauses J. Gorzny 1 B.

Towards the Compression of First-Order Resolution Proofs by Lowering Unit Clauses J. Gorzny 1 B. Woltzenlogel Paleo 2 1 University of Victoria 2 Vienna University of Technology 6 August 2015 Gorzny, Woltzenlogel Paleo First-Order Lower Units

687 views • 45 slides
Proofs, Continued Today Proofs : A style guide Proofs should be easy to

Proofs, Continued Today Proofs : A style guide Proofs should be easy to

Euclid (300 BC) Proofs, Continued Today Proofs : A style guide Proofs should be easy to verify. All the cleverness goes into finding/writing the proof, not reading/verifying it! P vs. NP (informally) : P =

682 views • 21 slides
Welcome to PROOFS! PROOFS: Security Proofs for Embedded Systems Introduction to the fifth

Welcome to PROOFS! PROOFS: Security Proofs for Embedded Systems Introduction to the fifth

Welcome to PROOFS! PROOFS: Security Proofs for Embedded Systems Introduction to the fifth workshop Introduction to the workshop PROOFS: Security Proofs for Embedded Systems UCSB August 20, 2016 5th edition of PROOFS PROOFS 2012:

311 views • 7 slides
Engaging fjrst-year students outside of the fjrst-year seminar course David I. Henriques Kendra

Engaging fjrst-year students outside of the fjrst-year seminar course David I. Henriques Kendra

Engaging fjrst-year students outside of the fjrst-year seminar course David I. Henriques Kendra M. Wo Wolgast Asst. Dean, School of Academic Academic Support Center Programs & Services Director & Disability Contact Liaison

625 views • 18 slides
Portable Higher Order Logic Proofs Joe Hurd and Rob Arthan Galois, Inc. and Lemma 1 Ltd.

Portable Higher Order Logic Proofs Joe Hurd and Rob Arthan Galois, Inc. and Lemma 1 Ltd.

Introduction Articles of Proof Theories Compressing Articles Summary Portable Higher Order Logic Proofs Joe Hurd and Rob Arthan Galois, Inc. and Lemma 1 Ltd. joe@galois.com and rda@lemma-one.com TEITP Workshop Wednesday 11 August 2010 Joe

565 views • 19 slides
Interactive Proofs in Higher-Order Concurrent Separation Logic Robbert Krebbers 1 Amin Timany 2

Interactive Proofs in Higher-Order Concurrent Separation Logic Robbert Krebbers 1 Amin Timany 2

Interactive Proofs in Higher-Order Concurrent Separation Logic Robbert Krebbers 1 Amin Timany 2 Lars Birkedal 3 1 Delft University of Technology, The Netherlands 2 imec-Distrinet, KU Leuven, Belgium 3 Aarhus University, Denmark January 18, 2017 @

953 views • 71 slides
Iris Proof Mode Interactive Proofs in Higher-Order Concurrent Separation Logic Robbert Krebbers 1

Iris Proof Mode Interactive Proofs in Higher-Order Concurrent Separation Logic Robbert Krebbers 1

Iris Proof Mode Interactive Proofs in Higher-Order Concurrent Separation Logic Robbert Krebbers 1 Delft University of Technology, The Netherlands June 12, 2017 @ MFPS, Ljubljana, Slovenia 1 Iris is joint work with: Ralf Jung, Jacques-Henri

1.16k views • 87 slides
CETO solutions in intra-logistic Customized & Engineered to Order PALLET HANDLING Antpoda

CETO solutions in intra-logistic Customized & Engineered to Order PALLET HANDLING Antpoda

CETO solutions in intra-logistic Customized & Engineered to Order PALLET HANDLING Antpoda Lda. Rua de Julieta Ubaldina Miranda 106, Lote 17 4470-441 Maia Portugal Phone: +351 229 535 437 Email: antipoda@antipoda.eu Website:

609 views • 31 slides
4.5: Proving the Correctness of Grammars In this section, we consider techniques for proving the

4.5: Proving the Correctness of Grammars In this section, we consider techniques for proving the

4.5: Proving the Correctness of Grammars In this section, we consider techniques for proving the correctness of grammars, i.e., for proving that grammars generate the languages we want them to. 1 / 21 Definition of Suppose G is a grammar and

324 views • 21 slides
Defining the Ethereum Virtual Machine for Interactive Theorem Provers Yoichi Hirai Ethereum

Defining the Ethereum Virtual Machine for Interactive Theorem Provers Yoichi Hirai Ethereum

Overview Some Technicality Own Evaluation Summary Defining the Ethereum Virtual Machine for Interactive Theorem Provers Yoichi Hirai Ethereum Foundation Workshop on Trusted Smart Contracts Malta, Apr. 7, 2017 1/32 Yoichi Hirai Defining

538 views • 32 slides
CS70: Lecture 2. Outline. Quick Background and Notation. Direct Proof. Theorem: For any a , b , c

CS70: Lecture 2. Outline. Quick Background and Notation. Direct Proof. Theorem: For any a , b , c

CS70: Lecture 2. Outline. Quick Background and Notation. Direct Proof. Theorem: For any a , b , c Z , if a | b and a | c then a | ( b c ) . Integers closed under addition. Proof: Assume a | b and a | c Today: Proofs!!! b = aq and c = aq

162 views • 4 slides
CPSC 121: Models of Computation should be able to: Identify the form of statement the strategy

CPSC 121: Models of Computation should be able to: Identify the form of statement the strategy

Pre-Class Learning Goals By the start of class, for each proof strategy below, you CPSC 121: Models of Computation should be able to: Identify the form of statement the strategy can prove. Sketch the structure of a proof that uses the

311 views • 15 slides
Formally Proved Security of Assembly Code Against Power Analysis: A Case Study on Balanced Logic

Formally Proved Security of Assembly Code Against Power Analysis: A Case Study on Balanced Logic

Formally Proved Security of Assembly Code Against Power Analysis: A Case Study on Balanced Logic Pablo Rauzy Sylvain Guilley Zakaria Najm rauzy@enst.fr guilley@enst.fr znajm@enst.fr pablo.rauzy.name perso.enst.fr/ guilley Telecom

718 views • 52 slides
Learn the Financial and Energy Benefits of Becoming a NYSERDA Clean Energy Community EASTERN

Learn the Financial and Energy Benefits of Becoming a NYSERDA Clean Energy Community EASTERN

Learn the Financial and Energy Benefits of Becoming a NYSERDA Clean Energy Community EASTERN NEW YORK TERRITORY September 23, 2016 2 Agenda Introduc)ons Todd Fabozzi, NYSERDA Clean Energy Communi)es Eastern

845 views • 47 slides
Good programs, broken programs? CS 251 Fall 2019 CS 240 Spring 2020 Principles of Programming

Good programs, broken programs? CS 251 Fall 2019 CS 240 Spring 2020 Principles of Programming

Good programs, broken programs? CS 251 Fall 2019 CS 240 Spring 2020 Principles of Programming Languages Foundations of Computer Systems Ben Wood Ben Wood Goal: program works (does not fail) Need: definition of works/correct : a

547 views • 8 slides
Challenges in def bubblesort(x): quantum algorithms for for j in range(len(x)): integer

Challenges in def bubblesort(x): quantum algorithms for for j in range(len(x)): integer

1 2 Challenges in def bubblesort(x): quantum algorithms for for j in range(len(x)): integer factorization for i in reversed(range(j)): x[i],x[i+1] = ( D. J. Bernstein min(x[i],x[i+1]), University of Illinois at Chicago max(x[i],x[i+1])

1.48k views • 118 slides

More recommend