isabelle theories for machine words
play

Isabelle Theories for Machine Words Jeremy Dawson Logic and - PowerPoint PPT Presentation

Sep 04, 2023 •297 likes •624 views

Introduction The word- n theories Isabelle Theories for Machine Words Jeremy Dawson Logic and Computation Program, NICTA 1 Automated Reasoning Group, Australian National University, Canberra, ACT 0200, Australia http://users.rsise.anu.edu.au/

  1. Introduction The word- n theories Isabelle Theories for Machine Words Jeremy Dawson Logic and Computation Program, NICTA 1 Automated Reasoning Group, Australian National University, Canberra, ACT 0200, Australia http://users.rsise.anu.edu.au/ ∼ jeremy/ September 4, 2007 1 National ICT Australia is funded by the Australian Government’s Dept of Communications, Information Technology and the Arts and the Australian Research Council through Backing Australia’s Ability and the ICT Centre of Excellence program.

  2. Introduction The word- n theories Outline Introduction 1 The Isabelle theorem prover Comparing Related Work The word- n theories 2 Numerical n -bit quantities: the bin and obin types Using datatype-like properties of bin s The type of fixed-length words of given length Sets isomorphic to the set of words Simplifications for arithmetic expressions Miscellaneous techniques

  3. Introduction The word- n theories Outline Introduction 1 The Isabelle theorem prover Comparing Related Work The word- n theories 2 Numerical n -bit quantities: the bin and obin types Using datatype-like properties of bin s The type of fixed-length words of given length Sets isomorphic to the set of words Simplifications for arithmetic expressions Miscellaneous techniques

  4. Introduction The word- n theories Introduction NICTA’s L4.verified project: to provide a mathematical, machine-checked proof of the correctness of the L4 microkernel In formally verifying machine hardware, we need to be able to systematically deal with the properties of machine words. These differ from ordinary numbers in that, for example, addition and multiplication can overflow, with overflow bits being lost, and there are bit-wise operations which are simply defined in a natural way.

  5. Introduction The word- n theories The Isabelle theorem prover Logical framework: logic (“meta-logic”) is intuitionistic polymorphically-typed higher-order logic Choice of “object logic”: we use HOL, “Higher-Order Logic”: uses type system of meta-logic classical Axiom of Choice This HOL object logic inspired by HOL theorem prover Both Isabelle and HOL are LCF-based, written in Standard ML User interaction via Standard ML or Isar

  6. Introduction The word- n theories Related Work in the HOL prover Wai Wong words are lists of bits. The type is all words of any length; Some theorems conditional on word length Bit-wise operations, but no arithmetic operations.

  7. Introduction The word- n theories Related Work in the HOL prover Wai Wong words are lists of bits. The type is all words of any length; Some theorems conditional on word length Bit-wise operations, but no arithmetic operations. Fox machine word type is isomorphic to the naturals, W32 n is the word with unsigned value n mod 2 32 . equality of machine words is not equality of their representations.

  8. Introduction The word- n theories Related Work in the HOL prover Wai Wong words are lists of bits. The type is all words of any length; Some theorems conditional on word length Bit-wise operations, but no arithmetic operations. Fox machine word type is isomorphic to the naturals, W32 n is the word with unsigned value n mod 2 32 . equality of machine words is not equality of their representations. Harrison encodes vectors of dimension n of (reals, bits, etc) a type cannot be parameterised over the value n . uses type N → A , where N is a type with exactly n values.

  9. Introduction The word- n theories Other Related Work PVS in PVS, a type can be parameterised over a value n a bit-vector is a function from { 0 , . . . , N − 1 } to the booleans PVS bit-vector library provides interpretations of a bit-vector as unsigned or signed integers may be better when concatenating or splitting words (involving words of length n , m , n + m )

  10. Introduction The word- n theories Our Formalisation each type of words in our formalization is of a given length. word types related to integers mod 2 n and to lists of booleans many results re arithmetic and logical (bit-wise) operations. recent collaboration with Galois Connections (theirs more general: integers modulo m , for ours m = 2 n ). Lots of operations on words which are not discussed here Isabelle code files are available

  11. Introduction The word- n theories Outline Introduction 1 The Isabelle theorem prover Comparing Related Work The word- n theories 2 Numerical n -bit quantities: the bin and obin types Using datatype-like properties of bin s The type of fixed-length words of given length Sets isomorphic to the set of words Simplifications for arithmetic expressions Miscellaneous techniques

  12. Introduction The word- n theories the bin type Isabelle’s bin type explicitly represents bit strings, important as used for encoding numbers literally, an integer entered is converted to a bin , thus read "3" gives number of (Pls BIT B1 BIT B1 :: bin) much built-in numeric simplification for numbers expressed as bin s, for example for negation, addition and multiplication, using usual rules for twos-complement integers.

  13. Introduction The word- n theories the old and new bin types Isabelle had changed: formerly bin was a datatype: constructors Pls (a sequence of 0, extending infinitely leftwards) Min (a sequence of 1, extending infinitely leftwards) (for the integer − 1) BIT (where (w::bin) BIT (b::bool) is w with b appended on the right) Now call these oPls, oMin, OBIT , for the datatype obin . After the change (in Isabelle 2005) bin is an abstract type, isomorphic to the set of all integers w BIT b = 2 w + b Pls = 0 Min = -1

  14. Introduction The word- n theories Natural definitions using the obin datatype Using obin datatype allows natural definition of functions by their action on bits primrec obin not Pls : "obin not oPls = oMin" obin not Min : "obin not oMin = oPls" obin not OBIT : "obin not (w OBIT x) = (obin not w OBIT Not x)" Defining arithmetic operations: close to twos-complement arithmetic as in the hardware Easy to be sure that it is accurate: this is important for formal verification!!

  15. Introduction The word- n theories Normalising obin s We normalise an obin by changing oPls OBIT False to oPls , as they represent the same sequence of bits and likewise oMin OBIT True to oMin . Set of normalised obin s isomorphic to the set of integers, via the usual twos-complement representation (PROVE IT!) This issue added to the complexity of using obin s

  16. Introduction The word- n theories More problems of using the obin type need to deal with words entered literally: 6 :: ’a word is read as number of (Pls BIT B1 BIT B1 BIT B0) need simplifications for bit-wise (eg) conjunction of such bin s As bin is not a datatype, we first defined bin and from obin and bin and def : "bin and v w == onum of (obin and (int to obin v, int to obin w))" Lots of simplification theorems about obin s had to be transferred to bin s — complex programming required

  17. Introduction The word- n theories Using datatype-like properties of bin s Want to define functions in terms of the bit-representation of a bin What properties of bin type resemble properties of a datatype? The properties of a datatype are: 1 Different constructors give distinct values 2 Each constructor is injective (in each of its arguments) 3 All values of the type are obtained using the constructors consider bin type with “pseudo-constructors” Pls , Min and BIT In terms of these “pseudo-constructors” 2 and 3 above hold: in fact 3 holds using BIT alone

  18. Introduction The word- n theories Defining functions on bin s Those properties give these theorems; bin exhaust enables us to express any bin appearing in a proof as w BIT b BIT eq = "u BIT b = v BIT c ==> u = v & b = c" bin exhaust = "(!!x b. bin = x BIT b ==> Q) ==> Q" bin rl def : "bin rl w == SOME (r, l). w = r BIT l" Since there is a unique choice of r and l to satisfy w = r BIT l , this means that bin rl (r BIT l) = (r, l) Induction principle for bin s: bin induct = "[| P Pls; P Min; !!bin bit. P bin ==> P (bin BIT bit) |] ==> P bin"

  19. Introduction The word- n theories Imitating primitive recursion for bin s To define a function f by primitive recursion, if bin were a datatype with its three constructors, require values vp and vn for f Pls and f Min , a function fr , where f (w BIT b) is given by fr w b (f w) So, using Isabelle’s recdef (for recursive functions), we defined bin rec : α → α → ( int → bit → α → α ) → int → α which, given vp vn and fr , returns a function f satisfying f Pls = vp f Min = vn and, except where w BIT b equals Pls or Min , f (w BIT b) = fr w b (f w) Usually we can prove that this last equation holds for all w and b

  20. Introduction The word- n theories Examples of definitions on bin s bin not def : "bin not == bin rec Min Pls (%w b s. s BIT bit not b)" After making these definitions, the simplification rules in the desired form (such as those shown below) need to be proved. bin not simps = [... , "bin not (w BIT b) = bin not w BIT bit not b" ] Proving these was fairly straightforward

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Isabelle Theories for Machine Words Jeremy Dawson 1 , 2 Logic and Computation Program, NICTA and

Isabelle Theories for Machine Words Jeremy Dawson 1 , 2 Logic and Computation Program, NICTA and

AVoCS 2007 Isabelle Theories for Machine Words Jeremy Dawson 1 , 2 Logic and Computation Program, NICTA and Automated Reasoning Group, Australian National University, Canberra, ACT 0200, Australia Abstract We describe a collection of

452 views • 15 slides
Towards Machine Learning Induction for Isabelle/HOL This work was supported by the project

Towards Machine Learning Induction for Isabelle/HOL This work was supported by the project

git clone https://github.com/data61/PSL Towards Machine Learning Induction for Isabelle/HOL This work was supported by the project AI&Reasoning (reg. no. CZ.02.1.01/0.0/0.0/15_003/0000466). Yutaka Nagashima University of Innsbruck Czech

1.75k views • 136 slides
Machine learning for lattice theories Real-world lattices 2 Machine learning for lattice

Machine learning for lattice theories Real-world lattices 2 Machine learning for lattice

Machine learning for lattice theories 1 Michael S. Albergo, Gurtej Kanwar , Phiala E. Shanahan Center for Theoretical Physics, MIT Deep Learning and Physics 1 Albergo, GK, Shanahan [PRD 100 (2019) 034515] Kyoto, Japan (November 1, 2019) Machine

786 views • 52 slides
Representing Isabelle in LF Florian Rabe Jacobs University Bremen 1 Slogans Type classes

Representing Isabelle in LF Florian Rabe Jacobs University Bremen 1 Slogans Type classes

Representing Isabelle in LF Florian Rabe Jacobs University Bremen 1 Slogans Type classes are wrong: Type classes should be theories, instances should be morphisms. The Isabelle module system is too complicated: You do not need

255 views • 24 slides
Isabelle/UTP: Mechanised Theory Engineering for Computer Scientists Simon Foster University of

Isabelle/UTP: Mechanised Theory Engineering for Computer Scientists Simon Foster University of

Isabelle/UTP: Mechanised Theory Engineering for Computer Scientists Simon Foster University of York July 31, 2013 1 Outline COMPASS Overview of Isabelle/UTP Automating Proof Mechanising UTP Theories 2 Outline COMPASS Overview of

825 views • 43 slides
Lecture 3: New Trade Theory Isabelle M ejean isabelle.mejean@polytechnique.edu

Lecture 3: New Trade Theory Isabelle M ejean isabelle.mejean@polytechnique.edu

Introduction Krugman, 1980 The Gravity Equation Lecture 3: New Trade Theory Isabelle M ejean isabelle.mejean@polytechnique.edu http://mejean.isabelle.googlepages.com/ Master Economics and Public Policy, International Macroeconomics October

763 views • 32 slides
Isabelle/jEdit for seasoned Isabelle users Isabelle/jEdit NEWS Makarius Wenzel Univ. Paris-Sud,

Isabelle/jEdit for seasoned Isabelle users Isabelle/jEdit NEWS Makarius Wenzel Univ. Paris-Sud,

Isabelle/jEdit for seasoned Isabelle users Isabelle/jEdit NEWS Makarius Wenzel Univ. Paris-Sud, LRI 13-Jul-2014 There is nothing to prove or even to suppose that the Serbian government is accessory to the inducement for the crime, its

347 views • 30 slides
Machine Translation without Words through Substring Alignment Graham Neubig 1,2,3 , Taro Watanabe

Machine Translation without Words through Substring Alignment Graham Neubig 1,2,3 , Taro Watanabe

Machine Translation without Words through Substring Alignment Machine Translation without Words through Substring Alignment Graham Neubig 1,2,3 , Taro Watanabe 2 , Shinsuke Mori 1 , Tatsuya Kawahara 1 1 2 3 now at 1 Machine Translation

491 views • 37 slides
Machine Learning for Pairwise Data Adriana B rlut iu A few words about myself 2012

Machine Learning for Pairwise Data Adriana B rlut iu A few words about myself 2012

Machine Learning for Pairwise Data Adriana B rlut iu A few words about myself 2012 Scientific programmer S.A.I.A.&OncoPredict: working on applications of machine learning and computational intelligence in medical oncology.

310 views • 20 slides
Induction in Isabelle: Lecture 14 1 Notation In lecture 14 we introduced some recursive

Induction in Isabelle: Lecture 14 1 Notation In lecture 14 we introduced some recursive

Induction in Isabelle: Lecture 14 1 Notation In lecture 14 we introduced some recursive definitions for lists. Isabelle has most of these already defined in a theory List.thy . This can be found locally at /usr/share/Isabelle/src/HOL There

411 views • 6 slides
Concrete Semantics with Isabelle/HOL Tobias Nipkow Fakult at f ur Informatik Technische

Concrete Semantics with Isabelle/HOL Tobias Nipkow Fakult at f ur Informatik Technische

Concrete Semantics with Isabelle/HOL Tobias Nipkow Fakult at f ur Informatik Technische Universit at M unchen 2017-3-8 1 Part I Isabelle 2 Chapter 2 Programming and Proving 3 1 Overview of Isabelle/HOL 2 Type and function

2.13k views • 186 slides
Outline Classification of first-order theories Simple theories NIP theories NTP 2 Space of

Outline Classification of first-order theories Simple theories NIP theories NTP 2 Space of

Generalizations of stability and NTP 2 Artem Chernikov University Lyon 1 / HUJI Geometrie et Theorie des Modeles, Paris, 6 Apr 2012 Outline Classification of first-order theories Simple theories NIP theories NTP 2 Space of types Let T be

480 views • 30 slides
Functional Programming with Isabelle/HOL e H O l L l e b a s = I

Functional Programming with Isabelle/HOL e H O l L l e b a s = I

Functional Programming with Isabelle/HOL e H O l L l e b a s = I Florian Haftmann Technische Universit at M unchen January 2009 Overview Viewing Isabelle / HOL as a functional programming language: 1.

464 views • 34 slides
Words and Morphology Philipp Koehn 20 October 2020 Philipp Koehn Machine Translation: Words and

Words and Morphology Philipp Koehn 20 October 2020 Philipp Koehn Machine Translation: Words and

Words and Morphology Philipp Koehn 20 October 2020 Philipp Koehn Machine Translation: Words and Morphology 20 October 2020 A Naive View of Language 1 Language needs to name nouns: objects in the world ( dog ) verbs: actions ( jump

1.31k views • 53 slides
The Relative Consistency of the Axiom of Choice Mechanized Using Isabelle/ZF Lawrence C. Paulson

The Relative Consistency of the Axiom of Choice Mechanized Using Isabelle/ZF Lawrence C. Paulson

The Relative Consistency of the Axiom of Choice Mechanized Using Isabelle/ZF Lawrence C. Paulson Computer Laboratory Why Do Proofs By Machine? Too many been done already! Gdels incompleteness theorem ( Shankar ) thousands of

327 views • 19 slides
Enriched Lawvere Theories theories for Operational Semantics Lawvere theories enriched theories

Enriched Lawvere Theories theories for Operational Semantics Lawvere theories enriched theories

Enriched Lawvere Theories for Operational Semantics John C. Baez Christian Williams Introduction Enriched Lawvere Theories theories for Operational Semantics Lawvere theories enriched theories enrichment enriched categories enriched

573 views • 23 slides
(Other) Lessons from Primary School Aka The Diversity Dilemma Paula Burton (Ngov) Shennae Searle

(Other) Lessons from Primary School Aka The Diversity Dilemma Paula Burton (Ngov) Shennae Searle

(Other) Lessons from Primary School Aka The Diversity Dilemma Paula Burton (Ngov) Shennae Searle Kudos: John Sullivan, Co-Founder of original @paulangov @shennaesearle Diversity Dilemma talk #beautyOfTech Transcript for Video 1

596 views • 23 slides
COVID-19: Where are the women? Clare Wenham In order to understand the state of health

COVID-19: Where are the women? Clare Wenham In order to understand the state of health

COVID-19: Where are the women? Clare Wenham In order to understand the state of health security for all people on the planet we need to understand the embodied realities of peoples lives that Feminist result in health security for some

303 views • 27 slides
2020 ASX Limited Annual General Meeting 30 September 2020 ASX Limited Board Rick

2020 ASX Limited Annual General Meeting 30 September 2020 ASX Limited Board Rick

2020 ASX Limited Annual General Meeting 30 September 2020 ASX Limited Board Rick Holliday-Smith Dominic Stevens Independent, Non-Executive Chairman Managing Director and CEO, Executive Director BA (Hons), FAICD BCom (Hons) Damian Roche

557 views • 35 slides
Dementia in Australia A lot has happened! 2004 the Dementia Initiative ($320m over 5 years)

Dementia in Australia A lot has happened! 2004 the Dementia Initiative ($320m over 5 years)

Dementia Care; Turning Rhetoric into Reality Strengthening Dementia Services Glenn Rees AM Chair, ADI Dementia in Australia A lot has happened! 2004 the Dementia Initiative ($320m over 5 years) 2012 Aged Care Reforms ($270m over 5

645 views • 16 slides
The Future of Disability Policy in Australia: Improving the Lives of People w ith Disability,

The Future of Disability Policy in Australia: Improving the Lives of People w ith Disability,

The Future of Disability Policy in Australia: Improving the Lives of People w ith Disability, their Families and Carers Presentation by Senator Louise Pratt Disability Collective Lecture 2011 NDS - Timeline and pathw ays Feb 2007 -

625 views • 7 slides
HOW TO WRITE GREAT COMMUNITY GRANT APPLICATIONS Overview Golden Plains Shire Community Grants

HOW TO WRITE GREAT COMMUNITY GRANT APPLICATIONS Overview Golden Plains Shire Community Grants

HOW TO WRITE GREAT COMMUNITY GRANT APPLICATIONS Overview Golden Plains Shire Community Grants Program The importance of project planning Steps to planning a project Community Grant Guidelines Grant guidelines will provide vital

484 views • 26 slides
About us Healthdirect Australia designs and delivers innovative services for governments to

About us Healthdirect Australia designs and delivers innovative services for governments to

Clinical governance in the dynamic digital health and telehealth services arenas Session Clinical Innovation and ethics Janelle Painter Clinical Analyst, Telephone Services Healthdirect Australia - @healthdirectAU About us

351 views • 10 slides
Agenda Overview of legislation Why preparation is key Clarifying the terms

Agenda Overview of legislation Why preparation is key Clarifying the terms

Agenda Overview of legislation Why preparation is key Clarifying the terms eligible data breach and serious harm Notification requirements and statement content Exceptions to the notification requirement

531 views • 15 slides

More recommend