Interfacing with Proof Assistants for Domain Specific Programming - - PowerPoint PPT Presentation

interfacing with proof assistants for domain specific
SMART_READER_LITE
LIVE PREVIEW

Interfacing with Proof Assistants for Domain Specific Programming - - PowerPoint PPT Presentation

Mar 09, 2023 154 likes •307 views

Interfacing with Proof Assistants for Domain Specific Programming Using EventML Vincent Rahli PRL team - Cornell University July 13, 2012 Vincent Rahli EventML July 13, 2012 1/15 Credits Mark Bickford Robert Constable David

slide-1
SLIDE 1

Interfacing with Proof Assistants for Domain Specific Programming Using EventML

Vincent Rahli

PRL team - Cornell University

July 13, 2012

Vincent Rahli EventML July 13, 2012 1/15

slide-2
SLIDE 2

Credits

◮ Mark Bickford ◮ Robert Constable ◮ David Guaspari ◮ Richard Eaton ◮ Vincent Rahli ◮ Robbert Van Renesse ◮ Nicolas Schiper ◮ Jason Wu

Vincent Rahli EventML July 13, 2012 2/15

slide-3
SLIDE 3

Problem

Problem: unverified protocols are wrong. Goal: automatic synthesis of verified diversifiable distributed systems. Our solution: building tools that cooperate with a Logical Programming Environment (e.g., a constructive theorem prover).

Vincent Rahli EventML July 13, 2012 3/15

slide-4
SLIDE 4

EventML: specification and programming language

◮ A ML-like functional programming language. ◮ Features logical constructs (Logic of Events combinators). ◮ To specify/code distributed protocols. ◮ EventML translates specifications into event classes.

Logical aspect

◮ EventML synthesizes distributed programs (in the model

underlying the Logic of Events) from specifications. Computational aspect

Vincent Rahli EventML July 13, 2012 4/15

slide-5
SLIDE 5

Cooperation with a Logical Programming Environment

Vincent Rahli EventML July 13, 2012 5/15

slide-6
SLIDE 6

Accomplishments

We have specified many distributed protocols. We have proved the correctness of the following protocols:

◮ Leader election in a ring. ◮ Two-thirds consensus protocol. ◮ Paxos (in progress).

The methodology works! Nicolas Schiper (Cornell postdoc) has implemented a replicated database (ShadowDB)

  • n top of our synthesized

two-thirds consensus protocol. It is used!

Vincent Rahli EventML July 13, 2012 6/15

slide-7
SLIDE 7

An example: Maximum using Memory

We have defined state machines in the Logic of Events. E.g., Memory1. We have automated some reasoning on state machines.

Vincent Rahli EventML July 13, 2012 7/15

slide-8
SLIDE 8

Maximum

input i n t : I n t c l a s s Maximum = Memory1 (\ l o c .{0}) (\ l o c .\ x .\ s . imax x s ) i n t ’ b a s e ; ; Intuition: at any event, computes the maximum of the integers received in the past.

Vincent Rahli EventML July 13, 2012 8/15

slide-9
SLIDE 9

Maximum

Vincent Rahli EventML July 13, 2012 9/15

slide-10
SLIDE 10

Maximum

Vincent Rahli EventML July 13, 2012 10/15

slide-11
SLIDE 11

Maximum

Vincent Rahli EventML July 13, 2012 11/15

slide-12
SLIDE 12

Maximum

Vincent Rahli EventML July 13, 2012 12/15

slide-13
SLIDE 13

Maximum

Vincent Rahli EventML July 13, 2012 13/15

slide-14
SLIDE 14

Maximum

One can specify state machine invariants in EventML:

i n v a r i a n t pos max on n in Maximum == n >= 0 ; ; p r ogr e s s inc max on n1 then n2 in Maximum with n in i n t ’ b a s e and s = > n > s == n2 > n1 ; ; memory mem max on n1 then n2 in Maximum with n in i n t ’ b a s e == n2 >= n /\ n2 >= n1 ; ;

Nuprl automatically proves these invariants.

Vincent Rahli EventML July 13, 2012 14/15

slide-15
SLIDE 15

What’s next?

◮ Automation. ◮ Correct-by-construction optimizations. ◮ More expressive types: refinement types, dependent

types...

Vincent Rahli EventML July 13, 2012 15/15