mechanized verifjcationof the correctness and asymptotic
play

Mechanized Verifjcationof the Correctness and Asymptotic Complexity - PowerPoint PPT Presentation

Dec 04, 2022 •252 likes •1.45k views

Mechanized Verifjcationof the Correctness and Asymptotic Complexity of Programs Armal Guneau under the supervision of Arthur Charguraud and Franois Pottier Computerprograms: cooking recipes,but forcomputers? Momseasy apple pie 3/4T

  1. Howdo we specify a program’srunningtime? Option 1: as an upper bound on the wall-clock time. Useful for embedded systems, but not realistic for commodity hardware. Option 2: as a number of cycles for an idealized machine model. Knuth: “Merge sort runs in . [This bound] can be re- duced to at the expense of a somewhat longer program.” Option 3: as a number of function calls in a high-level language. More abstract, but still has modularity issues. 11/40

  2. Howdo we specify a program’srunningtime? Option 1: as an upper bound on the wall-clock time. Useful for embedded systems, but not realistic for commodity hardware. Option 2: as a number of cycles for an idealized machine model. Knuth: Option 3: as a number of function calls in a high-level language. More abstract, but still has modularity issues. 11/40 “Merge sort runs in 10 N log N ` 4 . 92 N . [This bound] can be re- duced to 9 N log N at the expense of a somewhat longer program.”

  3. Howdo we specify a program’srunningtime? Option 1: as an upper bound on the wall-clock time. Useful for embedded systems, but not realistic for commodity hardware. Option 2: as a number of cycles for an idealized machine model. Knuth: Option 3: as a number of function calls in a high-level language. More abstract, but still has modularity issues. 11/40 “Merge sort runs in 10 N log N ` 4 . 92 N . [This bound] can be re- duced to 9 N log N at the expense of a somewhat longer program.”

  4. Howdo we specify a program’srunningtime? Describe the “order of growth” of the running time as inputs grow large Less precise, but informative enough in many cases. 11/40 Option 4: specify the running time using asymptotic complexity. e.g. O p log n q , O p n q , O p n log n q , O p n 2 q , ….

  5. Advantagesof asymptotic complexityspecifjcations Specifjcations capturing asymptotic costs: algorithms; the implementation; 12/40 • have been widely applied to a large class of programs and • are independent of the machine, runtime system and the details of • allow modular reasoning . Abstract over implementation details.

  6. A step forward for the verifjcation of the correctnessandcomplexity of at a reasonable cost . Inthis thesis Goal: specify and prove that programs compute a correct result with a bounded asymptotic runtime. Proofs should be: Contribution: imperative,higher-order programs with subtle invariantsandanalysis , 13/40 • static; • machine-checked; • hardware- and runtime- independent; • modular.

  7. Inthis thesis Goal: specify and prove that programs compute a correct result with a bounded asymptotic runtime. Proofs should be: Contribution: imperative,higher-order programs with subtle invariantsand analysis , 13/40 • static; • machine-checked; • hardware- and runtime- independent; • modular. A step forward for the verifjcation of the correctnessand complexity of at a reasonable cost .

  8. Details of the contribution 1. A formal account of O () Existing: Contributed: with lemmas useful for program analysis 14/40 single-variate O (math, programs), multi-variate O on paper Coq library for single and multi-variate O ,

  9. Contributions 2. A methodology for complexity proofs Existing: Contributed: (Separation Logic framework in Coq) 15/40 • manual verifjcation without O pq abstraction • automated analysis restricted to polynomial bounds • general asymptotic bounds • with semi-automated cost inference • implemented as an extension of CFML

  10. Contributions 3. Case studies Existing: polynomial or logarithmic bounds, simple algorithms (quicksort), or Contributed: several algorithms, including a state-of-the-art graph algorithm with nontrivial correctness and complexity 16/40 interactive verifjcation without O

  11. Outline of the rest of the talk Reasoning with abstract cost functions Semi-automatic inference of cost functions Separation Logic with Time Credits Case study—an Incremental Cycle Detection Algorithm 17/40

  12. Reasoningwith abstractcost functions

  13. 18/40 1 …but which statement are we proving? . : • . : • : By induction on Proof: Claim: 8 7 6 5 4 3 2 Informal reasoningprincipleson O canbe abused let rec bsearch a x i j = if j <= i then -1 else let k = i + (j - i) / 2 in if x = a.(k) then k else if x < a.(k) then bsearch a x i j costs O p 1 q . bsearch a x i k else bsearch a x (k+1) j

  14. 18/40 . • 8 1 7 : 6 5 Proof: • 4 : 3 . 2 …but which statement are we proving? Claim: Informal reasoningprincipleson O canbe abused let rec bsearch a x i j = if j <= i then -1 else let k = i + (j - i) / 2 in if x = a.(k) then k else if x < a.(k) then bsearch a x i j costs O p 1 q . bsearch a x i k else bsearch a x (k+1) j By induction on j ´ i :

  15. 18/40 8 …but which statement are we proving? 2 . 3 : 4 • 5 Proof: 6 Claim: 7 1 Informal reasoningprincipleson O canbe abused let rec bsearch a x i j = if j <= i then -1 else let k = i + (j - i) / 2 in if x = a.(k) then k else if x < a.(k) then bsearch a x i j costs O p 1 q . bsearch a x i k else bsearch a x (k+1) j By induction on j ´ i : • j ´ i ď 0 : O p 1 q .

  16. 18/40 5 …but which statement are we proving? Proof: Claim: 8 1 6 7 4 2 3 Informal reasoningprincipleson O canbe abused let rec bsearch a x i j = if j <= i then -1 else let k = i + (j - i) / 2 in if x = a.(k) then k else if x < a.(k) then bsearch a x i j costs O p 1 q . bsearch a x i k else bsearch a x (k+1) j By induction on j ´ i : • j ´ i ď 0 : O p 1 q . • j ´ i ą 0 : O p 1 q ` O p 1 q ` O p 1 q “ O p 1 q .

  17. 18/40 7 …but which statement are we proving? 2 Where is the catch? 3 Proof: 4 Claim: 5 8 6 1 Informal reasoningprincipleson O canbe abused let rec bsearch a x i j = if j <= i then -1 else let k = i + (j - i) / 2 in if x = a.(k) then k else if x < a.(k) then bsearch a x i j costs O p 1 q . bsearch a x i k else bsearch a x (k+1) j By induction on j ´ i : • j ´ i ď 0 : O p 1 q . • j ´ i ą 0 : O p 1 q ` O p 1 q ` O p 1 q “ O p 1 q .

  18. 18/40 5 …but which statement are we proving? Proof: Claim: 8 1 6 7 4 2 3 Informal reasoningprincipleson O canbe abused let rec bsearch a x i j = if j <= i then -1 else let k = i + (j - i) / 2 in if x = a.(k) then k else if x < a.(k) then bsearch a x i j costs O p 1 q . bsearch a x i k else bsearch a x (k+1) j By induction on j ´ i : • j ´ i ď 0 : O p 1 q . • j ´ i ą 0 : O p 1 q ` O p 1 q ` O p 1 q “ O p 1 q .

  19. bsearch a x i j ” performs at most function calls What we just proved: What “ ” means: 19/40 Meaningof O p 1 q @ i j , D c , “ bsearch a x i j ” performs at most c function calls

  20. What we just proved: 19/40 Meaningof O p 1 q @ i j , D c , “ bsearch a x i j ” performs at most c function calls What “ O p 1 q ” means: D c , @ i j , “ bsearch a x i j ” performs at most c function calls

  21. • for every a , x , i , j , “ bsearch a x i j ” performs at most Meaning: there exists a cost function such that, function calls • . 20/40 Meaningof O p log n q Informal specifjcation: “ bsearch a x i j ” runs in O p log p j ´ i qq .

  22. 20/40 function calls Meaningof O p log n q Informal specifjcation: “ bsearch a x i j ” runs in O p log p j ´ i qq . Meaning: there exists a cost function f such that, • for every a , x , i , j , “ bsearch a x i j ” performs at most f p j ´ i q • f P O p λn. log n q .

  23. Construction of the cost function Option 2: Semi-automatically construct the cost function as the proof progresses. Option 3: The cost function is automatically inferred by some clever algorithm... Restricted to specifjc classes of programs. 21/40 Option 1: The user somehow guesses a suitable cost function. Here, “ λn. 3 log n ` 4 ” works.

  24. Construction of the cost function Option 2: Semi-automatically construct the cost function as the proof progresses. Option 3: The cost function is automatically inferred by some clever algorithm... Restricted to specifjc classes of programs. 21/40 Option 1: The user somehow guesses a suitable cost function. Here, “ λn. 3 log n ` 4 ” works.

  25. Construction of the cost function Option 2: Semi-automatically construct the cost function as the proof progresses. Option 3: The cost function is automatically inferred by some clever algorithm... Restricted to specifjc classes of programs. 21/40 Option 1: The user somehow guesses a suitable cost function. Here, “ λn. 3 log n ` 4 ” works.

  26. Semi-automatic synthesis of cost functions

  27. Ourapproachto this problem Part 1: Part 2: 22/40 • Synthesize a cost function with the same structure as the code • For recursive functions, recurrence equations are synthesized • Accounting details are automatically synthesized • User input is requested when some over-approximation is required • In a second step, prove a O pq bound for the inferred cost function

  28. Constraintinferredon the cost functionf 23/40 let rec bsearch a x i j = if j <= i then -1 else let k = i + (j - i) / 2 in if x = Array.get a k then k else if x < Array.get a k then bsearch a x i k else bsearch a x (k+1) j f n >= 1 + ( where n = j-i if n <= 0 then 0 else 0 + 1 + max 0 ( 1 + max (f (n/2)) (f (n - n/2 - 1)) ) )

  29. Interactive construction of the cost functionf 24/40 if j <= i then -1 else let k = i + (j - i) / 2 in if x = Array.get a k then k else if x < Array.get a k then bsearch a x i k else bsearch a x (k+1) j f (j-i) >= 1 + … a hole (“ … ”) is implemented as an evar in Coq

  30. 24/40 Interactive construction of the cost functionf if j <= i then -1 else let k = i + (j - i) / 2 in if x = Array.get a k then k else if x < Array.get a k then bsearch a x i k else bsearch a x (k+1) j f (j-i) >= 1 + (if j <= i then … else …)

  31. 24/40 Interactive construction of the cost functionf if j <= i then -1 else let k = i + (j - i) / 2 in if x = Array.get a k then k else if x < Array.get a k then bsearch a x i k else bsearch a x (k+1) j f (j-i) >= 1 + (if j <= i then … else …)

  32. 24/40 Interactive construction of the cost functionf if j <= i then -1 else let k = i + (j - i) / 2 in if x = Array.get a k then k else if x < Array.get a k then bsearch a x i k else bsearch a x (k+1) j f (j-i) >= 1 + (if (j-i) <= 0 then … else …)

  33. 24/40 Interactive construction of the cost functionf if j <= i then -1 else let k = i + (j - i) / 2 in if x = Array.get a k then k else if x < Array.get a k then bsearch a x i k else bsearch a x (k+1) j f (j-i) >= 1 + (if (j-i) <= 0 then 0 else …)

  34. Interactive construction of the cost functionf 24/40 if j <= i then -1 else let k = i + (j - i) / 2 in if x = Array.get a k then k else if x < Array.get a k then bsearch a x i k else bsearch a x (k+1) j f (j-i) >= 1 + ( if (j-i) <= 0 then 0 else 0 + … )

  35. Interactive construction of the cost functionf 24/40 if j <= i then -1 else let k = i + (j - i) / 2 in if x = Array.get a k then k else if x < Array.get a k then bsearch a x i k else bsearch a x (k+1) j f (j-i) >= 1 + ( if (j-i) <= 0 then 0 else 0 + 1 + … )

  36. Interactive construction of the cost functionf 24/40 if j <= i then -1 else let k = i + (j - i) / 2 in if x = Array.get a k then k else if x < Array.get a k then bsearch a x i k else bsearch a x (k+1) j f (j-i) >= 1 + ( if (j-i) <= 0 then 0 else 0 + 1 + max … … )

  37. Interactive construction of the cost functionf 24/40 if j <= i then -1 else let k = i + (j - i) / 2 in if x = Array.get a k then k else if x < Array.get a k then bsearch a x i k else bsearch a x (k+1) j f (j-i) >= 1 + ( if (j-i) <= 0 then 0 else 0 + 1 + max 0 … )

  38. Interactive construction of the cost functionf 24/40 if j <= i then -1 else let k = i + (j - i) / 2 in if x = Array.get a k then k else if x < Array.get a k then bsearch a x i k else bsearch a x (k+1) j f (j-i) >= 1 + ( if (j-i) <= 0 then 0 else 0 + 1 + max 0 (1 + …) )

  39. Interactive construction of the cost functionf 24/40 if j <= i then -1 else let k = i + (j - i) / 2 in if x = Array.get a k then k else if x < Array.get a k then bsearch a x i k else bsearch a x (k+1) j f (j-i) >= 1 + ( if (j-i) <= 0 then 0 else 0 + 1 + max 0 (1 + max … …) )

  40. Interactive construction of the cost functionf 24/40 if j <= i then -1 else let k = i + (j - i) / 2 in if x = Array.get a k then k else if x < Array.get a k then bsearch a x i k else bsearch a x (k+1) j f (j-i) >= 1 + ( if (j-i) <= 0 then 0 else 0 + 1 + max 0 ( 1 + max (f ((j-i)/2)) … ) )

  41. 24/40 Interactive construction of the cost functionf if j <= i then -1 else let k = i + (j - i) / 2 in if x = Array.get a k then k else if x < Array.get a k then bsearch a x i k else bsearch a x (k+1) j f (j-i) >= 1 + ( if (j-i) <= 0 then 0 else 0 + 1 + max 0 ( 1 + max (f ((j-i)/2)) (f ((j-i) - (j-i)/2 - 1)) ) )

  42. Interactive construction of the cost functionf 24/40 if j <= i then -1 else let k = i + (j - i) / 2 in if x = Array.get a k then k else if x < Array.get a k then bsearch a x i k else bsearch a x (k+1) j f n >= 1 + ( if n <= 0 then 0 else 0 + 1 + max 0 ( 1 + max (f (n/2)) (f (n - n/2 - 1)) ) )

  43. • Use the “Master Theorem”, when applicable • Substitution method: guess that there is a solution of the form Fromcost equation to asymptotic bound (available in Isabelle/HOL, not yet in Coq) , inject it and resolve. 25/40 For bsearch , there remains to fjnd a f P O p λn. log n q such that: # 0 if n ď 0 @ n. f p n q ě 1 ` 1 ` max p 0 , 1 ` max p f p n 2 q , f p n ´ n 2 ´ 1 qqq

  44. (available in Isabelle/HOL, not yet in Coq) Fromcost equation to asymptotic bound 25/40 For bsearch , there remains to fjnd a f P O p λn. log n q such that: # 0 if n ď 0 @ n. f p n q ě 1 ` 1 ` max p 0 , 1 ` max p f p n 2 q , f p n ´ n 2 ´ 1 qqq • Use the “Master Theorem”, when applicable • Substitution method: guess that there is a solution of the form a log n ` b , inject it and resolve.

  45. Can be solved automatically. The substitution method in action The user does not have to manually provide values for , , and . 26/40 D f : Z Ñ Z . # 0 if n ď 0 @ n. f p n q ě 1 ` 1 ` max p 0 , 1 ` max p f p n 2 q , f p n ´ n 2 ´ 1 qqq ^ f P O p λn. log n q

  46. Can be solved automatically. The substitution method in action The user does not have to manually provide values for , , and . 26/40 D f : Z Ñ Z . monotonic f ^ @ n. f p n q ě 0 ^ @ n. n ď 0 ù ñ f p n q ě 1 ^ @ n. n ě 1 ù ñ f p n q ě f p n 2 q ` 3 ^ f P O p λn. log n q

  47. The substitution method in action Can be solved automatically. The user does not have to manually provide values for , , and . 26/40 D a b : Z . f p n q “ a log n ` b ^ monotonic f ^ @ n. f p n q ě 0 ^ @ n. n ď 0 ù ñ f p n q ě 1 ^ @ n. n ě 1 ù ñ f p n q ě f p n 2 q ` 3 ^ f P O p λn. log n q

  48. Can be solved automatically. The substitution method in action The user does not have to manually provide values for , , and . 26/40 D a b : Z . f p n q “ a log n ` b (issue when n “ 0 ) ^ monotonic f ^ @ n. f p n q ě 0 ^ @ n. n ď 0 ù ñ f p n q ě 1 ^ @ n. n ě 1 ù ñ f p n q ě f p n 2 q ` 3 ^ f P O p λn. log n q

  49. The substitution method in action Can be solved automatically. The user does not have to manually provide values for , , and . 26/40 D a b c : Z . f p n q “ if n ą 0 then a log n ` b else c ^ monotonic f ^ @ n. f p n q ě 0 ^ @ n. n ď 0 ù ñ f p n q ě 1 ^ @ n. n ě 1 ù ñ f p n q ě f p n 2 q ` 3 ^ f P O p λn. log n q

  50. The substitution method in action Can be solved automatically. The user does not have to manually provide values for , , and . 26/40 D a b c : Z . f p n q “ if n ą 0 then a log n ` b else c ^ monotonic f ^ @ n. f p n q ě 0 ^ @ n. n ď 0 ù ñ f p n q ě 1 ^ @ n. n ě 1 ù ñ f p n q ě f p n 2 q ` 3 ^ True

  51. Can be solved automatically. The substitution method in action The user does not have to manually provide values for , , and . 26/40 D a b c : Z . f p n q “ if n ą 0 then a log n ` b else c ^ a ě 0 ^ b ě c ^ b ě 0 ^ c ě 0 ^ c ě 1 ^ b ě c ` 3 ^ a ě 3 ^ True

  52. The substitution method in action Can be solved automatically. The user does not have to manually provide values for , , and . 26/40 D a b c : Z . ^ a ě 0 ^ b ě c ^ b ě 0 ^ c ě 0 ^ c ě 1 ^ b ě c ` 3 ^ a ě 3 ^ True

  53. The substitution method in action Can be solved automatically. 26/40 D a b c : Z . ^ a ě 0 ^ b ě c ^ b ě 0 ^ c ě 0 ^ c ě 1 ^ b ě c ` 3 ^ a ě 3 ^ True The user does not have to manually provide values for a , b , and c .

  54. SeparationLogic with Time Credits

  55. Linking code to cost assertions Program specifjcations using Separation Logic precondition program postcondition time credits 27/40 t P u t t Q u

  56. Linking code to cost assertions Program specifjcations using Separation Logic with Time Credits precondition program postcondition time credits 27/40 t $ n ‹ P u t t Q u

  57. Linking code to cost assertions Program specifjcations using Separation Logic with Time Credits precondition program postcondition time credits 27/40 t $ n ‹ P u t t Q u

  58. • Credits are not duplicable: • Enable amortized complexity analysis Time Credits: resourcesin separationlogic 28/40 $ n • $ n describes the right to perform n function calls or loop iterations • $ p n ` m q “ $ n ‹ $ m • $0 “ emp

  59. 28/40 Time Credits: resourcesin separationlogic $ n • $ n describes the right to perform n function calls or loop iterations • $ p n ` m q “ $ n ‹ $ m • $0 “ emp • Credits are not duplicable: $1 ù ñ { $1 ‹ $1 • Enable amortized complexity analysis

  60. 29/40 Using time creditsin the specifjcationof bsearch Specifjcation of the complexity of bsearch using time credits: D f : Z Ñ Z . # f P O p λn. log n q @ a x i j. t $ p f p j ´ i qq ‹ . . . u p bsearch a x i j q t ... u

  61. Contribution: PossiblyNegative Time Credits Corollary: 30/40 Separation Logic with Time Credits in N : $0 ” emp @ m n P N . $ p m ` n q ” $ m ‹ $ n @ n P N . $ n , emp My extension: Possibly Negative Time Credits in Z : $0 ” emp @ m n P Z . $ p m ` n q ” $ m ‹ $ n @ n P Z . $ n ‹ r n ě 0 s , emp $ n ” $ m ‹ $ p n ´ m q

  62. index_of index_of index_of index_of Possibly Negative Time Creditsenable simpler specifjcations (too coarse) (restrictive?) (too complicated) 31/40 let index_of (v: ’ a) (a: ’ a array ): int = (* returns the index of the first occurrence of v in a *)

  63. index_of index_of index_of Possibly Negative Time Creditsenable simpler specifjcations (too coarse) (restrictive?) (too complicated) 31/40 let index_of (v: ’ a) (a: ’ a array ): int = (* returns the index of the first occurrence of v in a *) @ a. t $ p| a | ` 1 qu index_of v a t λi. emp u

  64. index_of index_of index_of Possibly Negative Time Creditsenable simpler specifjcations (too coarse) (restrictive?) (too complicated) 31/40 let index_of (v: ’ a) (a: ’ a array ): int = (* returns the index of the first occurrence of v in a *) @ a. t $ p| a | ` 1 qu index_of v a t λi. emp u

  65. index_of index_of Possibly Negative Time Creditsenable simpler specifjcations (too coarse) (restrictive?) (too complicated) 31/40 let index_of (v: ’ a) (a: ’ a array ): int = (* returns the index of the first occurrence of v in a *) @ a. t $ p| a | ` 1 qu index_of v a t λi. emp u @ a. t $ p| a | ` 1 qu index_of v a t λi. $ p| a | ´ i qu

  66. index_of index_of Possibly Negative Time Creditsenable simpler specifjcations (too coarse) (restrictive?) (too complicated) 31/40 let index_of (v: ’ a) (a: ’ a array ): int = (* returns the index of the first occurrence of v in a *) @ a. t $ p| a | ` 1 qu index_of v a t λi. emp u @ a. t $ p| a | ` 1 qu index_of v a t λi. $ p| a | ´ i qu

  67. index_of Possibly Negative Time Creditsenable simpler specifjcations (too coarse) (restrictive?) (too complicated) 31/40 let index_of (v: ’ a) (a: ’ a array ): int = (* returns the index of the first occurrence of v in a *) @ a. t $ p| a | ` 1 qu index_of v a t λi. emp u @ a. t $ p| a | ` 1 qu index_of v a t λi. $ p| a | ´ i qu @ a. let k : “ min t i | a. p i q “ v u in t $ p k ` 1 qu index_of v a t λi. r i “ k su

  68. index_of Possibly Negative Time Creditsenable simpler specifjcations (too coarse) (restrictive?) (too complicated) 31/40 let index_of (v: ’ a) (a: ’ a array ): int = (* returns the index of the first occurrence of v in a *) @ a. t $ p| a | ` 1 qu index_of v a t λi. emp u @ a. t $ p| a | ` 1 qu index_of v a t λi. $ p| a | ´ i qu @ a. let k : “ min t i | a. p i q “ v u in t $ p k ` 1 qu index_of v a t λi. r i “ k su

  69. Possibly Negative Time Creditsenable simpler specifjcations (too coarse) (restrictive?) (too complicated) 31/40 let index_of (v: ’ a) (a: ’ a array ): int = (* returns the index of the first occurrence of v in a *) @ a. t $ p| a | ` 1 qu index_of v a t λi. emp u @ a. t $ p| a | ` 1 qu index_of v a t λi. $ p| a | ´ i qu @ a. let k : “ min t i | a. p i q “ v u in t $ p k ` 1 qu index_of v a t λi. r i “ k su @ a. t emp u index_of v a t λi. $ p´ i ´ 1 qu

  70. Possibly Negative Time Creditsenable simpler specifjcations (too coarse) (restrictive?) (too complicated) 31/40 let index_of (v: ’ a) (a: ’ a array ): int = (* returns the index of the first occurrence of v in a *) @ a. t $ p| a | ` 1 qu index_of v a t λi. emp u @ a. t $ p| a | ` 1 qu index_of v a t λi. $ p| a | ´ i qu @ a. let k : “ min t i | a. p i q “ v u in t $ p k ` 1 qu index_of v a t λi. r i “ k su @ a. t emp u index_of v a t λi. $ p´ i ´ 1 qu

  71. (when the cost depends on the result) (can accumulate debts and pay them off once at the end) (no need to justify that a number of credits is positive at each step) 32/40 Time Creditsin Z : benefjts • Simpler specifjcations • Signifjcant reduction of the number of intermediate side-conditions • Simpler loop invariants

  72. Case Study: anIncremental Cycle DetectionAlgorithm

  73. Ourmain case study Verifjcation of a state-of-the-art incremental cycle detection algorithm due to Bender, Fineman, Gilbert and Tarjan (2016). The problem: checking for acyclicity of a dynamically constructed graph 33/40

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Proving Program Correctness The Axiomatic Approach What is Correctness? Correctness:

Proving Program Correctness The Axiomatic Approach What is Correctness? Correctness:

3/10/10 Proving Program Correctness The Axiomatic Approach What is Correctness? Correctness: partial correctness + termination Partial correctness: Program implements its specification 1 3/10/10 Proving Partial Correctness

420 views • 13 slides
Mechanized Type Soundness Proofs using Definitional Interpreters Hannes Saffrich University of

Mechanized Type Soundness Proofs using Definitional Interpreters Hannes Saffrich University of

Masters Thesis Mechanized Type Soundness Proofs using Definitional Interpreters Hannes Saffrich University of Freiburg Department of Computer Science Programming Languages Chair September 1, 2019 Hannes Saffrich Mechanized Type

1.03k views • 39 slides
Taking the machine seriously. A study of mechanized mathematics Liesbeth De Mol Centre for

Taking the machine seriously. A study of mechanized mathematics Liesbeth De Mol Centre for

Taking the machine seriously. A study of mechanized mathematics L. De Mol Taking the machine seriously. A study of mechanized mathematics Liesbeth De Mol Centre for Logic and Philosophy of Science, Belgium elizabeth.demol@ugent.be

969 views • 57 slides
Mechanized Formal Analysis for Safety-Critical Systems: The Convergence of Need and Opportunity

Mechanized Formal Analysis for Safety-Critical Systems: The Convergence of Need and Opportunity

Mechanized Formal Analysis for Safety-Critical Systems: The Convergence of Need and Opportunity John Rushby Computer Science Laboratory SRI International Menlo Park, California, USA John Rushby, SRI Mechanized Analysis: 1

433 views • 20 slides
On the Asymptotic Variance of the Estimator of Kendalls Tau Barbara Dengler, Uwe Schmock

On the Asymptotic Variance of the Estimator of Kendalls Tau Barbara Dengler, Uwe Schmock

Definitions of dependence measures and basic properties Asymptotic variance of the tau-estimators for copulas Asymptotic variance for elliptical distributions On the Asymptotic Variance of the Estimator of Kendalls Tau Barbara Dengler, Uwe

1.09k views • 44 slides
Logik Cafe, Vienna 23 May 2016 Mechanized Analysis of Reconstructions of Anselms Ontological

Logik Cafe, Vienna 23 May 2016 Mechanized Analysis of Reconstructions of Anselms Ontological

Logik Cafe, Vienna 23 May 2016 Mechanized Analysis of Reconstructions of Anselms Ontological Argument John Rushby Computer Science Laboratory SRI International Menlo Park, California, USA John Rushby, SR I Mechanized Ontological Argument

764 views • 42 slides
08Program Verification II CS 5209: Foundation in Logic and AI Martin Henz and Aquinas Hobor

08Program Verification II CS 5209: Foundation in Logic and AI Martin Henz and Aquinas Hobor

Review Hoare Triples; Partial and Total Correctness Practical Aspects of Correctness Proofs Correctness of the Factorial Function Proof Calculus for Total Correctness 08Program Verification II CS 5209: Foundation in Logic and AI Martin

778 views • 39 slides
Asymptotic behavior of series of multiple integrals. K. K. Kozlowski CNRS, Institut de

Asymptotic behavior of series of multiple integrals. K. K. Kozlowski CNRS, Institut de

Motivations, predictions, setting Typical results for the asymptotic behavior Asymptotic analysis of multidimensional deformations of Fredholm series Conclusion Asymptotic behavior of series of multiple integrals. K. K. Kozlowski CNRS,

462 views • 22 slides
Program Correctness Assert formal correctness statements about

Program Correctness Assert formal correctness statements about

Program Correctness Assert formal correctness statements about cri4cal parts of a program and reason effec4vely A program is intended to carry out a

1.01k views • 57 slides
Mechanized Metatheory Model-Checking WMM 2006 James Cheney 9/21/06 Mechanized Metatheory

Mechanized Metatheory Model-Checking WMM 2006 James Cheney 9/21/06 Mechanized Metatheory

Mechanized Metatheory Model-Checking WMM 2006 James Cheney 9/21/06 Mechanized Metatheory Model-Checking p. 1/25 Mechanized (partial) Metatheory Model-Checking WMM 2006 James Cheney 9/21/06 Mechanized Metatheory Model-Checking p.

516 views • 25 slides
10/6/2016 Give Asymptotic Analyses for the Following g( n ) = 45 n log n + 2 n 2 + 65 1. 2. g( n

10/6/2016 Give Asymptotic Analyses for the Following g( n ) = 45 n log n + 2 n 2 + 65 1. 2. g( n

10/6/2016 Give Asymptotic Analyses for the Following g( n ) = 45 n log n + 2 n 2 + 65 1. 2. g( n ) = 1000000 n + 0.01 2 n CSE373: Data Structures and Algorithms More Asymptotic Analysis 3. int sum = 0; (Examples) for (int i = 0; i &lt;

208 views • 4 slides
GraphCoQL A mechanized formalization of GraphQL in Coq Toms Daz Federico Olmedo ric

GraphCoQL A mechanized formalization of GraphQL in Coq Toms Daz Federico Olmedo ric

GraphCoQL A mechanized formalization of GraphQL in Coq Toms Daz Federico Olmedo ric Tanter Millennium Institute Foundational Research on Data Certified Programs and Proofs New Orleans, USA January 2020 GraphQL Clases de ctedra

640 views • 52 slides
FUNCTORS IN THE ASYMPTOTIC CATEGORIES Mykhailo Zarichnyi Lviv National University and

FUNCTORS IN THE ASYMPTOTIC CATEGORIES Mykhailo Zarichnyi Lviv National University and

FUNCTORS IN THE ASYMPTOTIC CATEGORIES Mykhailo Zarichnyi Lviv National University and University of Rzesz ow Nipissing Topology Workshop 2018 Asymptotic topology The asymptotic topology (coarse geometry) deals with the large scale

441 views • 40 slides
A Mechanized Proof of Type Safety for the Polymorphic -Calculus with References Michalis A.

A Mechanized Proof of Type Safety for the Polymorphic -Calculus with References Michalis A.

A Mechanized Proof of Type Safety for the Polymorphic -Calculus with References Michalis A. Papakyriakou Prodromos E. Gerakios Nikolaos S. Papaspyrou National Technical University of Athens School of Electrical and Computer Engineering

613 views • 39 slides
MECHANIZED SEMANTICS AND VERIFIED COMPILATION FOR A DATAFLOW SYNCHRONOUS LANGUAGE WITH RESET

MECHANIZED SEMANTICS AND VERIFIED COMPILATION FOR A DATAFLOW SYNCHRONOUS LANGUAGE WITH RESET

MECHANIZED SEMANTICS AND VERIFIED COMPILATION FOR A DATAFLOW SYNCHRONOUS LANGUAGE WITH RESET Timothy Bourke 1,2 Llio Brun 1,2 Marc Pouzet 3,2,1 POPL20 January 24, 2020 1 Inria Paris 2 cole normale suprieure PSL University

1.12k views • 93 slides
mechanized reasoning favonia 1 2 2 2 checked! 2 Peace of Mind 3 *photo credit:

mechanized reasoning favonia 1 2 2 2 checked! 2 Peace of Mind 3 *photo credit:

mechanized reasoning favonia 1 2 2 2 checked! 2 Peace of Mind 3 *photo credit: voltamax@pixabay Dream Everyone can (easily) check their work in computers 4 Notable Projects Four-color theorem

527 views • 37 slides
Conversation mining : Institute for Information Business WU Vienna process mining for @vendiSV

Conversation mining : Institute for Information Business WU Vienna process mining for @vendiSV

Svitlana Vakulenko Conversation mining : Institute for Information Business WU Vienna process mining for @vendiSV conversational data http://vendi12.github.io Conversational assistants Amazon Alexa, Apple Siri, Microsoft Cortana

952 views • 25 slides
Survival of the Weakest? General properties of many competing species R.K.P. Zia Physics

Survival of the Weakest? General properties of many competing species R.K.P. Zia Physics

MPI Dresden, July 2011 Survival of the Weakest? General properties of many competing species R.K.P. Zia Physics Department, Virginia Tech, Blacksburg, Virginia, USA S.O. Case, C.H. Durney, M. Pleimling EPL 92, 58003 (2010), PRE 83 , 051108

643 views • 47 slides
Interviews with Different Users About Their Linux Setups Steven Ovadia My Linux Rig

Interviews with Different Users About Their Linux Setups Steven Ovadia My Linux Rig

The State of Desktop Linux: Interviews with Different Users About Their Linux Setups Steven Ovadia My Linux Rig www.mylinuxrig.com @steven_ovadia *** Associate Professor/Web Services Librarian LaGuardia Community College About My Linux

458 views • 27 slides
Geoprocessing in the Web Browser Erin Hamilton @ErinLHamilton erin@erinhamilton.me Introduction

Geoprocessing in the Web Browser Erin Hamilton @ErinLHamilton erin@erinhamilton.me Introduction

Geoprocessing in the Web Browser Erin Hamilton @ErinLHamilton erin@erinhamilton.me Introduction Geoprocessing Operations BUFFER UNION VORONOI DIAGRAMS Michael Goodchilds Towards an enumeration and classification of GIS functions (1987),

539 views • 35 slides
Signals (next week) pipes and FIFOs. How to program with UNIX signals (Chapter 10)

Signals (next week) pipes and FIFOs. How to program with UNIX signals (Chapter 10)

Overview Last Week: How to program UNIX processes (Chapters 7-9) fork() and exec() Unix System Programming This Week, and next week: UNIX inter-process communication mechanisms: signals, Signals (next week) pipes and FIFOs.

148 views • 13 slides
All work and no play makes Jack enumerate maps Michael La Croix PhD University of Waterloo

All work and no play makes Jack enumerate maps Michael La Croix PhD University of Waterloo

All work and no play makes Jack enumerate maps Michael La Croix PhD University of Waterloo February 15, 2011 Outline Combinatorial Enumeration 1 Graphs, Maps, and Surfaces 2 Rooted Maps and Flags 3 Quantum gravity and the q -Conjecture 4

1.49k views • 115 slides
Cavitandi ciclotriveratrilene OMe MeO OMe CTV OMe MeO MeO Ciclodestrine Cucurbiturili

Cavitandi ciclotriveratrilene OMe MeO OMe CTV OMe MeO MeO Ciclodestrine Cucurbiturili

Cavitandi ciclotriveratrilene OMe MeO OMe CTV OMe MeO MeO Ciclodestrine Cucurbiturili Capsule Molecolari Unione di due cavitandi Connessione covalente Legame idrogeno Legame di coordinazione Pre-organizzazione Protezione dal

965 views • 58 slides
X-ray Spectra with ORCA Computer Exercises COST - EUSPEC Winter School February ! - !&quot; , #$%

X-ray Spectra with ORCA Computer Exercises COST - EUSPEC Winter School February ! - !&quot; , #$%

MPI for Chemical Energy Conversion Mlheim an der Ruhr, Germany X-ray Spectra with ORCA Computer Exercises COST - EUSPEC Winter School February ! - !&quot; , #$% ! Nova Gorica , Slovenia Table of Contents Preface

682 views • 27 slides

More recommend