isabelle utp a mechanised theory engineering framework
play

Isabelle/UTP: A mechanised theory engineering framework Simon - PowerPoint PPT Presentation

Nov 15, 2023 •169 likes •543 views

Isabelle/UTP: A mechanised theory engineering framework Simon Foster Frank Zeyda Jim Woodcock University of York June 3, 2014 1 Outline Introduction Parametric Predicate Model Harnessing Isabelle typing Proof by Transfer Verification in

  1. Isabelle/UTP: A mechanised theory engineering framework Simon Foster Frank Zeyda Jim Woodcock University of York June 3, 2014 1

  2. Outline Introduction Parametric Predicate Model Harnessing Isabelle typing Proof by Transfer Verification in Isabelle/UTP Conclusions 2

  3. Outline Introduction Parametric Predicate Model Harnessing Isabelle typing Proof by Transfer Verification in Isabelle/UTP Conclusions 3

  4. Semantic Heterogeneity ◮ languages increasingly semantically heterogeneous ◮ need to compose features from a number of areas ◮ concurrency, object-orientation, design by contract ◮ continuous time, probability, · · · ◮ case in point: Cyber-Physical Systems ◮ our solution: Unifying Theories of Programming ◮ how to put this to work? (cf. UToPiA) ◮ need dependable tools 4

  5. Tool-chain foundations ◮ a UTP-based tool-chain requires firm mechanised foundations ◮ mechanically construct and verify UTP theories ◮ formally prove correspondence between semantic models 5

  6. Motivation: Symphony ◮ developed on the COMPASS project ◮ Eclipse-based modelling environment for Systems of Systems ◮ CML – a formal modelling language based on VDM and Circus ◮ denotational and operational semantics based in the UTP ◮ variety of components for analysis of CML models ◮ unified semantics ensure integrity of analysis results ◮ download: http://www.symphonytool.org 6

  7. Symphony Components 7

  8. Mechanisation Criteria 1. Consistency : is it possible to prove contradictions? 2. Expressivity : can we express all the laws need in UTP? 3. Proof Automation : how do we make use of existing tools? 4. Well-formedness : how to ensure predicates are well-formed? 5. Modularity : how to ensure separation of concerns? 8

  9. Current mechanisations ◮ ProofPower-Z UTP – “deep” embedding in ProofPower ◮ expressive predicate model ◮ little proof automation ◮ manual type checking ◮ Isabelle/Circus – “shallow” embedding in Isabelle/HOL ◮ directly use type system ◮ directly use tactics ◮ no explicit support for variables (TP) 2 – fresh UTP theorem prover in Haskell ◮ U · ◮ faithful implementation of the logic ◮ consistency? ◮ cannot take advantage of automated proof 9

  10. Isabelle/UTP ◮ a semantic embedding of the UTP logic in Isabelle/HOL ◮ inspiration: ProofPower-Z UTP and Isabelle/Circus ◮ aim: reconcile (as much as possible) deep and shallow ◮ why? ◮ deep embeddings best for meta-logical proofs (more control) ◮ allows embeddings best for verification (efficiency) ◮ can we do both in the same system? ◮ how? harness the HOL type-system, proof tactics and laws ◮ but still retain deep concepts from ProofPower-Z UTP ◮ enable a more disciplined approach to UTP theory engineering 10

  11. Why Isabelle? ◮ Higher Order Logic – ideal for semantic embeddings ◮ LCF architecture – reliability of proofs ◮ (dis)proof automation – simp, auto, sledgehammer, nitpick... ◮ readable proofs – supported by Isar ◮ overall: balance of mathematical principal and automation ◮ aim: achieve a faithful embedding whilst harnessing Isabelle 11

  12. Outline Introduction Parametric Predicate Model Harnessing Isabelle typing Proof by Transfer Verification in Isabelle/UTP Conclusions 12

  13. Overview ◮ purely semantic model of predicates (no fixed syntax) ◮ generic value space model supporting different languages ◮ layered predicate model consisting of ◮ core predicates (binding sets – cf. Z in HOL) ◮ alphabetised predicates (core predicate + alphabet) ◮ expression model supporting substitutions P [ e / x ] ◮ usual UTP operators (predicates, relations, etc.) ◮ based on ProofPower-Z UTP but well-formed by construction 13

  14. Value space axiomatisation ◮ type-classes: local theory context with a signature and assumptions, linked to a polymorphic type variable class DEFINED = :: ′ a ⇒ bool ( D ) fixes Defined class VALUE = DEFINED + fixes utype-rel :: ′ a ⇒ nat ⇒ bool ( infix : u 50 ) assumes utype-nonempty : ∃ t v . v : u t ∧ D v typedef ′ a utype = { t . ∃ v :: ′ a . v : u t ∧ D v } by ( smt mem-Collect-eq utype-nonempty ) definition type-rel :: ′ a ⇒ ′ a utype ⇒ bool ( infix : 50 ) where x : t ← → x : u Rep-utype t 14

  15. Bindings and Core Predicates ◮ variables: name + type + auxiliary flag ◮ bindings: (total) functions from variables to values ◮ core predicate: set of bindings typedef ′ a binding = { b . ∀ v :: ′ a uvar . b v ⊲ v } typedef ′ a pred = UNIV :: ′ a binding set set morphisms rep-pred abs-pred .. notation rep-pred ( � - � p ) ◮ binding override: b 1 ⊕ b b 2 on vs ◮ binding update: b ( x := b v ) 15

  16. Predicate Operators lift-definition TrueP :: ′ a pred is UNIV :: ′ a binding set . lift-definition NotP :: ′ a pred ⇒ ′ a pred is uminus . lift-definition AndP :: ′ a pred ⇒ ′ a pred ⇒ ′ a pred is λ x y . ( x ∩ y :: ′ a binding set ) . lift-definition AndDistP :: ′ a pred set ⇒ ′ a pred is λ ps . � {� p � p | p . p ∈ ps } . lift-definition ExistsP :: ′ a uvar set ⇒ ′ a pred ⇒ ′ a pred is λ vs p . { b 1 ⊕ b b 2 on vs | b 1 b 2 . b 1 ∈ p } . 16

  17. Expressions typedef ′ a expr = { f :: ′ a binding ⇒ ′ a . ∃ t . ∀ b . f b : t } lift-definition LitE :: ′ a utype ⇒ ′ a ⇒ ′ a expr is λ t v b :: ′ a binding . if ( v : t ) then v else somev ( t ) by ( metis ( full-types ) somev-type ) lift-definition EqualP :: ′ a expr ⇒ ′ a expr ⇒ ′ a pred is λ u v . { b :: ′ a binding . u ( b ) = v ( b ) } .. lift-definition SubstP :: ′ a pred ⇒ ′ a expr ⇒ ′ a uvar ⇒ ′ a pred is λ p v x . { b . b ( x := b v ( b )) ∈ p } .. 17

  18. Alphabets and Unrestriction ◮ xs ♯ P – P ’s value independent of variables xs definition UNR :: ′ a uvar set ⇒ ′ a pred ⇒ bool ( infixr ♯ 60 ) where UNR vs p = ( ∀ b 1 ∈ � p � p . ∀ b 2 . b 1 ⊕ b b 2 on vs ∈ � p � p ) lemma UNR-TrueP : vs ♯ true by ( metis TrueP . rep-eq UNIV-I UNR-def ) lemma UNR-AndP : [ [ vs ♯ p ; vs ♯ q ] ] = ⇒ vs ♯ p ∧ p q by ( smt AndP . rep-eq IntD1 IntD2 IntI UNR-def ) typedef ′ a apred = { ( a :: ′ a uvar set , p :: ′ a pred ) . − a ♯ p } by ( metis UNR-TrueP mem-Collect-eq split-conv ) lift-definition AndA :: ′ a apred ⇒ ′ a apred ⇒ ′ a apred is λ ( A 1 , P ) ( A 2 , Q ) . ( A 1 ∪ A 2 , P ∧ p Q ) 18

  19. Why the dichotomy? ◮ core predicates ◮ provide an easy link into existing HOL algberas ◮ (e.g. a single relational identity) ◮ easier syntax – no need for alphabet in x := v ◮ proofs need not respect the alphabet in each step ◮ alphabetised predicates ◮ are necessary for UTP (particular theories) ◮ lattice / fixed-point theory don’t quite work for core preds ◮ restricted to a finite set of variables ◮ can be easier to prove freeness properties ◮ can often switch between the two in proof 19

  20. Outline Introduction Parametric Predicate Model Harnessing Isabelle typing Proof by Transfer Verification in Isabelle/UTP Conclusions 20

  21. Typing ◮ expression model is typed, but via an Isabelle predicate ◮ hence type correctness must be manually proved ◮ unacceptable for predicates of reasonable size ◮ problem of a deep embedding: we have captured typing ◮ cf. Isabelle/Circus which directly uses the type system ◮ but there are advantages to deep e.g. ◮ enables implementation of dependent products ◮ can express sets of heterogeneous variables (alphabets) ◮ what’s the solution? 21

  22. Part 1: Sort Classes ◮ a sort class extends VALUE with a type axiomatisation class BOOL-SORT = VALUE + fixes MkBool :: bool ⇒ ′ a fixes DestBool :: ′ a ⇒ bool fixes BoolType :: ′ a utype assumes Inverse [ simp ] : DestBool ( MkBool b ) = b and BoolType-dcarrier : dcarrier BoolType = range MkBool ◮ InjU and ProjU represented by polymorphic constants ◮ use sort classes to populate particular instances 22

  23. � � � � � � � � � Part 1: Sort Classes VALUE BOOL SORT EVENT SORT LIST SORT SET SORT DESIGN SORT REACTIVE SORT 23

  24. Part 2: Type embeddings ◮ sort classes can provide instances for specific types 24

  25. Typed Expressions typedef ( ′ a , ′ m ) pvar = UNIV :: ( NAME ∗ bool ) set by auto typedef ( ′ a , ′ m ) pexpr = UNIV :: ( ′ m binding ⇒ ′ a ) set morphisms DestPExpr MkPExpr .. lift-definition LitPE :: ′ a ⇒ ( ′ a , ′ m ) pexpr is λ v . λ b :: ′ m binding ⇒ v . 25

  26. Type erasure ◮ HOL disallows heterogeneous collections of data ◮ provides the ability to move from HOL typed to UTP typed ◮ operator written: x ↓ definition erase-pvar :: ( ′ a , ′ m :: VALUE ) pvar ⇒ ′ m uvar where erase-pvar x = MkVar ( pvname x ) TYPEU ( ′ a ) ( pvaux x ) definition erase-pexpr :: ( ′ a , ′ m :: VALUE ) pexpr ⇒ ′ m uexpr where erase-pexpr e = MkExpr ( λ b . InjU ( DestPExpr e b )) 26

  27. Outline Introduction Parametric Predicate Model Harnessing Isabelle typing Proof by Transfer Verification in Isabelle/UTP Conclusions 27

  28. Proof in UTP Question ◮ how to make use of Isabelle proof tools in the UTP? ◮ want to reach the same level of complexity as book proofs ◮ solution: transfer Isabelle proofs to UTP proofs 28

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Isabelle/UTP: Mechanised Theory Engineering for Computer Scientists Simon Foster University of

Isabelle/UTP: Mechanised Theory Engineering for Computer Scientists Simon Foster University of

Isabelle/UTP: Mechanised Theory Engineering for Computer Scientists Simon Foster University of York July 31, 2013 1 Outline COMPASS Overview of Isabelle/UTP Automating Proof Mechanising UTP Theories 2 Outline COMPASS Overview of

825 views • 43 slides
Lecture 3: New Trade Theory Isabelle M ejean isabelle.mejean@polytechnique.edu

Lecture 3: New Trade Theory Isabelle M ejean isabelle.mejean@polytechnique.edu

Introduction Krugman, 1980 The Gravity Equation Lecture 3: New Trade Theory Isabelle M ejean isabelle.mejean@polytechnique.edu http://mejean.isabelle.googlepages.com/ Master Economics and Public Policy, International Macroeconomics October

763 views • 32 slides
Mark Batty University of Kent It is time for mechanised industrial standards

Mark Batty University of Kent It is time for mechanised industrial standards

Mechanised industrial concurrency specification: C/C++ and GPUs Mark Batty University of Kent It is time for mechanised industrial standards Specifications are written in English prose: this is insufficient Write mechanised specs instead

1.11k views • 51 slides
Mechanised Relation-Algebraic Order Theory in Ordered Categories without Meets Musa Al-hassy and

Mechanised Relation-Algebraic Order Theory in Ordered Categories without Meets Musa Al-hassy and

Mechanised Relation-Algebraic Order Theory in Ordered Categories without Meets Musa Al-hassy and Wolfram Kahl McMaster University, Hamilton, Ontario, Canada 29 September 2015 15th RAMiCS Braga, Portugal This research is supported by

699 views • 27 slides
Structured Induction Proofs in Isabelle/Isar Makarius April 2006 1. Motivation 2. The

Structured Induction Proofs in Isabelle/Isar Makarius April 2006 1. Motivation 2. The

Structured Induction Proofs in Isabelle/Isar Makarius April 2006 1. Motivation 2. The Isabelle/Isar framework 3. The induct method 4. Common induction patterns Motivation Introduction Isabelle/Pure: simple logical framework (models abstract

585 views • 24 slides
Using the Isabelle Ontology Framework Using the Isabelle Ontology Framework Linking the Formal

Using the Isabelle Ontology Framework Using the Isabelle Ontology Framework Linking the Formal

Using the Isabelle Ontology Framework Using the Isabelle Ontology Framework Linking the Formal with the Informal Linking the Formal with the Informal Achim D. Brucker, Idir Ait-Sadoune Achim D. Brucker, Idir Ait-Sadoune Paolo Crisafulli and

453 views • 21 slides
Induction in Isabelle: Lecture 14 1 Notation In lecture 14 we introduced some recursive

Induction in Isabelle: Lecture 14 1 Notation In lecture 14 we introduced some recursive

Induction in Isabelle: Lecture 14 1 Notation In lecture 14 we introduced some recursive definitions for lists. Isabelle has most of these already defined in a theory List.thy . This can be found locally at /usr/share/Isabelle/src/HOL There

411 views • 6 slides
Shotcrete for Africa Application of Mechanised Wet Shotcreting in the Gautrain Tunnels 3 rd

Shotcrete for Africa Application of Mechanised Wet Shotcreting in the Gautrain Tunnels 3 rd

Shotcrete for Africa Application of Mechanised Wet Shotcreting in the Gautrain Tunnels 3 rd March 2009 Presented by Richard McIntyre & Robert Pettit Introduction The Application of Mechanised Wet Shotcreting in the Gautrain Tunnels

407 views • 37 slides
Isabelle/jEdit for seasoned Isabelle users Isabelle/jEdit NEWS Makarius Wenzel Univ. Paris-Sud,

Isabelle/jEdit for seasoned Isabelle users Isabelle/jEdit NEWS Makarius Wenzel Univ. Paris-Sud,

Isabelle/jEdit for seasoned Isabelle users Isabelle/jEdit NEWS Makarius Wenzel Univ. Paris-Sud, LRI 13-Jul-2014 There is nothing to prove or even to suppose that the Serbian government is accessory to the inducement for the crime, its

347 views • 30 slides
A Generic Tableau Prover and Its Integration with Isabelle Lawrence C. Paulson Computer

A Generic Tableau Prover and Its Integration with Isabelle Lawrence C. Paulson Computer

A Generic Tableau Prover and Its Integration with Isabelle Lawrence C. Paulson Computer Laboratory University of Cambridge 1 Overview of Isabelle a generic interactive prover for FOL, set theory, HOL, . . . Prolog influence: resolution

226 views • 10 slides
Getting started with Isabelle/Isar Makarius Wenzel TU M unchen August 2007 1. Foundations:

Getting started with Isabelle/Isar Makarius Wenzel TU M unchen August 2007 1. Foundations:

Getting started with Isabelle/Isar Makarius Wenzel TU M unchen August 2007 1. Foundations: logical framework 2. Forward reasoning: proof context 3. Backward reasoning: proof state PRELUDE: Notions of proof Isabelle tactic scripts lemma A

1.02k views • 63 slides
Pure Reasoning in Isabelle/Isar Makarius Wenzel TU M unchen January 2009 1. The Pure

Pure Reasoning in Isabelle/Isar Makarius Wenzel TU M unchen January 2009 1. The Pure

Pure Reasoning in Isabelle/Isar Makarius Wenzel TU M unchen January 2009 1. The Pure framework 2. Pure rules everywhere 3. Isar statements 4. Inductive definitions Introduction Aims improved understanding how Isabelle and Isar really

572 views • 28 slides
Concrete Semantics with Isabelle/HOL Tobias Nipkow Fakult at f ur Informatik Technische

Concrete Semantics with Isabelle/HOL Tobias Nipkow Fakult at f ur Informatik Technische

Concrete Semantics with Isabelle/HOL Tobias Nipkow Fakult at f ur Informatik Technische Universit at M unchen 2017-3-8 1 Part I Isabelle 2 Chapter 2 Programming and Proving 3 1 Overview of Isabelle/HOL 2 Type and function

2.13k views • 186 slides
Functional Programming with Isabelle/HOL e H O l L l e b a s = I

Functional Programming with Isabelle/HOL e H O l L l e b a s = I

Functional Programming with Isabelle/HOL e H O l L l e b a s = I Florian Haftmann Technische Universit at M unchen January 2009 Overview Viewing Isabelle / HOL as a functional programming language: 1.

464 views • 34 slides
Reasoning with Nonlinear Formulas in Isabelle/HOL Wenda Li University of Cambridge

Reasoning with Nonlinear Formulas in Isabelle/HOL Wenda Li University of Cambridge

Reasoning with Nonlinear Formulas in Isabelle/HOL Wenda Li University of Cambridge wl302@cam.ac.uk January 7, 2020 Joint work with Grant Passmore and Larry Paulson 1 / 36 Alfred Tarski (1930s): the first-order theory of real closed fields is

572 views • 36 slides
Mechanised Underground Mining And Hydrocarbon Contamination Presented by Lubritech

Mechanised Underground Mining And Hydrocarbon Contamination Presented by Lubritech

Mechanised Underground Mining And Hydrocarbon Contamination Presented by Lubritech Manufacturing INDEX 1. The Problem p4 2. Ignoring pro-active hydrocarbon contamination control p5 3. Negative Consequences 4. Safety Risks p6 a)

671 views • 27 slides
Machine Learning with Quantum-Inspired Tensor Networks E.M. Stoudenmire and David J. Schwab

Machine Learning with Quantum-Inspired Tensor Networks E.M. Stoudenmire and David J. Schwab

Machine Learning with Quantum-Inspired Tensor Networks E.M. Stoudenmire and David J. Schwab Advances in Neural Information Processing 29 arxiv:1605.05775 RIKEN AICS - Mar 2017 Collaboration with David J. Schwab, Northwestern and CUNY Graduate

1.13k views • 81 slides
in the Era of Renewed Artificial Intelligence Biswanath Dutta Assistant Professor DRTC, Indian

in the Era of Renewed Artificial Intelligence Biswanath Dutta Assistant Professor DRTC, Indian

Libraries and Librarianship in the Era of Renewed Artificial Intelligence Biswanath Dutta Assistant Professor DRTC, Indian Statistical Institute (Bangalore Centre) Bangalore, INDIA Email: bisu@drtc.isibang.ac.in ICDT 2019 (Patiala Punjab)

925 views • 56 slides
Knowledge preservation and PLM: a cultural perspective Bruno Bachimont Universit de Technologie

Knowledge preservation and PLM: a cultural perspective Bruno Bachimont Universit de Technologie

Knowledge preservation and PLM: a cultural perspective Bruno Bachimont Universit de Technologie de Universit de Technologie de Compigne Prologue Prologue PLM deals with information related to product life : The issue is to collect

658 views • 36 slides
Preference-based Pattern Mining Bruno Crmilleux, Marc Plantevit, Arnaud Soulet Nancy, France -

Preference-based Pattern Mining Bruno Crmilleux, Marc Plantevit, Arnaud Soulet Nancy, France -

Preference-based Pattern Mining Bruno Crmilleux, Marc Plantevit, Arnaud Soulet Nancy, France - November 16, 2017 Introduction 2/97 Who are we? Bruno Crmilleux, Professor, Univ. Caen, France. Marc Plantevit, Associate Professor, Univ.

2.06k views • 178 slides
Semantic Web Techniques for Multiple Views on Heterogeneous Collections A Case Study Marjolein

Semantic Web Techniques for Multiple Views on Heterogeneous Collections A Case Study Marjolein

Semantic Web Techniques for Multiple Views on Heterogeneous Collections A Case Study Marjolein van Gendt, Antoine Isaac , Lourens van der Meij, Stefan Schlobach ECDL 2006 ECDL 2006 Outline Motivations and project Experiment

702 views • 43 slides
Normalizing Flows on Tori and Spheres ICML 2020 DeepMind Collaborators Danilo Rezende George

Normalizing Flows on Tori and Spheres ICML 2020 DeepMind Collaborators Danilo Rezende George

Normalizing Flows on Tori and Spheres ICML 2020 DeepMind Collaborators Danilo Rezende George Papamakarios Sbastien Racanire Center for Cosmology and Particle Physics, NYU Center for Theoretical Physics, MIT Gurtej Kanwar Phiala

630 views • 22 slides
Improving knowledge discovery from synthetic aperture radar images using the linked open data

Improving knowledge discovery from synthetic aperture radar images using the linked open data

Improving knowledge discovery from synthetic aperture radar images using the linked open data cloud and Sextant Charalampos Nikolaou, Kostis Kyzirakos, Daniela E. Molina, Octavian C. Dumitru, Konstantina Bereta, Kallirroi Dogani, Stella

801 views • 30 slides
Be Your Own Curator with the CHIP Tour Wizard Yiwen Wang 1 , Rody Sambeek 1 , Yuri Schuurmans 1 ,

Be Your Own Curator with the CHIP Tour Wizard Yiwen Wang 1 , Rody Sambeek 1 , Yuri Schuurmans 1 ,

Be Your Own Curator with the CHIP Tour Wizard Yiwen Wang 1 , Rody Sambeek 1 , Yuri Schuurmans 1 , Lora Aroyo 1,4 , Natalia Stash 1 , Lloyd Rutledge 2 and Peter Gorgels 3 1 Technische Universiteit Eindhoven, The Netherlands, http://www.tue.nl 2

385 views • 10 slides

More recommend