mechanizing meta theory in beluga
play

Mechanizing Meta-Theory in Beluga Brigitte Pientka School of - PowerPoint PPT Presentation

Jan 27, 2024 •27 likes •687 views

Introduction Beluga:Design and implementation Mechanizing Meta-Theory in Beluga Brigitte Pientka School of Computer Science McGill University Montreal, Canada B. Pientka Mechanizing Meta-Theory in Beluga 1 / 35 Introduction Beluga:Design

  1. Introduction Beluga:Design and implementation Mechanizing Meta-Theory in Beluga Brigitte Pientka School of Computer Science McGill University Montreal, Canada B. Pientka Mechanizing Meta-Theory in Beluga 1 / 35

  2. Introduction Beluga:Design and implementation Mechanizing formal systems and proofs: How and Why? B. Pientka Mechanizing Meta-Theory in Beluga 2 / 35

  3. Introduction Beluga:Design and implementation Mechanizing formal systems and proofs: How and Why? • Formal systems (given via axioms and inference rules) play an important role when designing languages and more generally ensure that software are reliable, safe, and trustworthy. • Proofs ( that a given property is satisfied ) are becoming pervasive and an integral part of certified software. (see: CompCert, DeepSpec, RustBelt, Sel4, Cogent) B. Pientka Mechanizing Meta-Theory in Beluga 2 / 35

  4. Introduction Beluga:Design and implementation Mechanizing formal systems and proofs: How and Why? • Formal systems (given via axioms and inference rules) play an important role when designing languages and more generally ensure that software are reliable, safe, and trustworthy. • Proofs ( that a given property is satisfied ) are becoming pervasive and an integral part of certified software. (see: CompCert, DeepSpec, RustBelt, Sel4, Cogent) Meta-Theory Properties: Program (in Assembler, C, – Memory/Type Safety : Prog. doesn’t crash ML, Java, Rust, ...) – Contextual Equivalence : Two programs are indistinguishable in any valid program context – Bisimulation : Two systems behave the same B. Pientka Mechanizing Meta-Theory in Beluga 2 / 35

  5. Introduction Beluga:Design and implementation Challenges in Establishing Formal Guarantees B. Pientka Mechanizing Meta-Theory in Beluga 3 / 35

  6. Introduction Beluga:Design and implementation Challenges in Establishing Formal Guarantees • Costly B. Pientka Mechanizing Meta-Theory in Beluga 3 / 35

  7. Introduction Beluga:Design and implementation Challenges in Establishing Formal Guarantees • Costly • Large size of formal developments - CompCert: 4,400 lines of compiler code vs 28,000 lines of verification - A specification of dependent Haskel [ICFP’17]: 17K Coq code + 13K generated code from Ott Spec.; 1.4K Ott Specification; B. Pientka Mechanizing Meta-Theory in Beluga 3 / 35

  8. Introduction Beluga:Design and implementation Challenges in Establishing Formal Guarantees • Costly • Large size of formal developments - CompCert: 4,400 lines of compiler code vs 28,000 lines of verification - A specification of dependent Haskel [ICFP’17]: 17K Coq code + 13K generated code from Ott Spec.; 1.4K Ott Specification; • Low-level representations (variables are modelled via de Bruijn indices) - D. Hirschkoff [TPHOLs’97]: Bisimulation Proofs for the π -calculus in Coq (600 out of 800 lemmas are infrastructural) - Ambler and Crole [TPHOLs’99]: Precongruence of bisimulation for PCFL ( ≈ 160 infrastructural lemmas about de Brujn representation;main lemmas ≈ 34) - J. Kaiser et. al [FSCD’17]: Relating System F and λ 2 (PTS) de Bruijn over 1K lines of infrastructural code in Coq; over 500 lines in Abella; about 100 in Beluga B. Pientka Mechanizing Meta-Theory in Beluga 3 / 35

  9. Introduction Beluga:Design and implementation Challenges in Establishing Formal Guarantees • Costly • Large size of formal developments - CompCert: 4,400 lines of compiler code vs 28,000 lines of verification - A specification of dependent Haskel [ICFP’17]: 17K Coq code + 13K generated code from Ott Spec.; 1.4K Ott Specification; • Low-level representations (variables are modelled via de Bruijn indices) - D. Hirschkoff [TPHOLs’97]: Bisimulation Proofs for the π -calculus in Coq (600 out of 800 lemmas are infrastructural) - Ambler and Crole [TPHOLs’99]: Precongruence of bisimulation for PCFL ( ≈ 160 infrastructural lemmas about de Brujn representation;main lemmas ≈ 34) - J. Kaiser et. al [FSCD’17]: Relating System F and λ 2 (PTS) de Bruijn over 1K lines of infrastructural code in Coq; over 500 lines in Abella; about 100 in Beluga • Scalability, reusability, maintainability, automation B. Pientka Mechanizing Meta-Theory in Beluga 3 / 35

  10. Introduction Beluga:Design and implementation Proofs: The tip of the iceberg “We may think of [the] proof as an iceberg. In the top of it, we find what we usually consider the real proof; underwater, the most of the matter, consisting of all mathematical preliminaries a reader must know in order to understand what is going on.” S. Berardi [1990] B. Pientka Mechanizing Meta-Theory in Beluga 4 / 35

  11. Introduction Beluga:Design and implementation Proofs: The tip of the iceberg Main Proof Scope Renaming Binding Hypothesis Variables Context Substitution s l e b Derivation Tree a i a r v n e g E i “We may think of [the] proof as an iceberg. In the top of it, we find what we usually consider the real proof; underwater, the most of the matter, consisting of all mathematical preliminaries a reader must know in order to understand what is going on.” S. Berardi [1990] B. Pientka Mechanizing Meta-Theory in Beluga 5 / 35

  12. Introduction Beluga:Design and implementation Question What are good meta-languages to program and reason with formal systems and proofs? “The motivation behind the work in very-high-level languages is to ease the programming task by providing the programmer with a language containing primitives or abstractions suitable to his problem area. The programmer is then able to spend his effort in the right place; he concentrates on solving his problem, and the resulting program will be more reliable as a result. Clearly, this is a worthwhile goal.” B. Liskov [1974] B. Pientka Mechanizing Meta-Theory in Beluga 6 / 35

  13. Introduction Beluga:Design and implementation Above and Below the Surface Beluga : Dependently typed Programming and Proof Environment Functional Programmming Main Proof with Indexed Types Scope Renaming Binding Hypothesis Variables Contextual LF Context Substitution s e b l Derivation Tree a r i a v n e g i E • Below the surface: Support for key concepts based on Contextual LF • Above the surface: (Co)Inductive Proofs = (Co)Recursive Programs using (Co)pattern Matching with built-in index language of Contextual LF objects B. Pientka Mechanizing Meta-Theory in Beluga 7 / 35

  14. Introduction Beluga:Design and implementation Design of Beluga • Top : Functional programming with indexed (co)data types [POPL’08,POPL’12,POPL’13,ICFP’16] On paper proof In Beluga [IJCAR’10,CADE’15] Case analysis of inputs Case analysis via pattern matching Inversion Pattern matching using let-expression Observations on output Case analysis via copattern matching (Co)Induction hypothesis (Co)Recursive call • Bottom: Contextual LF Well-formed derivations Dependent types Renaming,Substitution α -renaming, β -reduction in LF Well-scoped derivation Contextual types and objects [TOCL’08] Context Context schemas Properties of contexts Typing for schemas (weakening, uniqueness) Simultaneous Substitutions Substitution type [LFMTP’13,15] (composition, identity) B. Pientka Mechanizing Meta-Theory in Beluga 8 / 35

  15. Introduction Beluga:Design and implementation This Talk Design and implementation of Beluga • Introduction • Example: Proof by logical relation • Writing a proof in Beluga . . . • Conclusion and curent work “The limits of my language mean the limits of my world.” - L. Wittgenstein B. Pientka Mechanizing Meta-Theory in Beluga 9 / 35

  16. Introduction Beluga:Design and implementation This Talk Design and implementation of Beluga • Introduction • Example: Proof by logical relations • Writing a proof in Beluga . . . • Conclusion and curent work “The limits of my language mean the limits of my world.” - L. Wittgenstein B. Pientka Mechanizing Meta-Theory in Beluga 9 / 35

  17. Introduction Beluga:Design and implementation Simply Typed Lambda-calculus (Gentzen-style) Types A , B ::= i Terms M, N ::= x | c | A ⇒ B | lam x . M | app M N Evaluation Judgment: M − → M ′ read as “ M steps to M ′ ” → [ N / x ] M s / beta → M s / refl app (lam x . M ) N − M − M ′ − → M ′ M − → M ′ M − → N → app M ′ N s / app s / trans app M N − M − → N B. Pientka Mechanizing Meta-Theory in Beluga 10 / 35

  18. Introduction Beluga:Design and implementation Simply Typed Lambda-calculus (Gentzen-style) Types A , B ::= i Terms M, N ::= x | c | A ⇒ B | lam x . M | app M N Evaluation Judgment: M − → M ′ read as “ M steps to M ′ ” → [ N / x ] M s / beta → M s / refl app (lam x . M ) N − M − M ′ − → M ′ M − → M ′ M − → N → app M ′ N s / app s / trans app M N − M − → N Typing Judgment: M : A read as “ M has type A ” (Gentzen-style) x : A u . . . M : B M : A ⇒ B N : A lam x . M : A ⇒ B lam x , u app c : i const app M N : B B. Pientka Mechanizing Meta-Theory in Beluga 10 / 35

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Thinking About Mechanizing the Meta-Theory of Session Types Francisco Ferreira (joint work with

Thinking About Mechanizing the Meta-Theory of Session Types Francisco Ferreira (joint work with

Thinking About Mechanizing the Meta-Theory of Session Types Francisco Ferreira (joint work with Nobuko Yoshida) 17th Dec ABCD Meeting - Imperial College London 1 /27 Engineering the Meta-Theory of Session Types Francisco Ferreira (joint

1.26k views • 76 slides
Mechanizing Set Theory: Cardinal Arithmetic and the Axiom of Choice Krzysztof Gra bczewski ,

Mechanizing Set Theory: Cardinal Arithmetic and the Axiom of Choice Krzysztof Gra bczewski ,

Gra bczewski & Paulson Mechanizing Set Theory 1 Mechanizing Set Theory: Cardinal Arithmetic and the Axiom of Choice Krzysztof Gra bczewski , Copernicus University, Torun, Poland Lawrence C Paulson , Computer Laboratory, Cambridge

223 views • 10 slides
BELUGA GROUP Ma May 2020 PRESENTATION BELUGA GROUP at a glance Diversified business #1 Spirits

BELUGA GROUP Ma May 2020 PRESENTATION BELUGA GROUP at a glance Diversified business #1 Spirits

BELUGA GROUP Ma May 2020 PRESENTATION BELUGA GROUP at a glance Diversified business #1 Spirits producer in Russia with portfolio of own and imported brands #4 In vodka globally One of the largest Growing scale of Importer in Russia export

300 views • 27 slides
BELUGA GROUP Aug August 2019 1H2019 EARNINGS PRESENTATION Disclaimer This presentation has

BELUGA GROUP Aug August 2019 1H2019 EARNINGS PRESENTATION Disclaimer This presentation has

BELUGA GROUP Aug August 2019 1H2019 EARNINGS PRESENTATION Disclaimer This presentation has been prepared by Beluga Group, Co. (the Company , or Beluga changes in consumer preferences and tastes, demographic trends or perceptions

173 views • 15 slides
Getting to the Box of it: proof-theory for meta-programming and modal type theory Murdoch J.

Getting to the Box of it: proof-theory for meta-programming and modal type theory Murdoch J.

Getting to the Box of it: proof-theory for meta-programming and modal type theory Murdoch J. Gabbay and Aleksander Nanevski Thanks to Stephane Lengrand and Roy Dyckhoff November 18, 2011 Congratulations Roy We are all delighted to see you

318 views • 20 slides
1H2018 Earnings Presentation August 2018 This presentation has been prepared by Beluga Group, Co.

1H2018 Earnings Presentation August 2018 This presentation has been prepared by Beluga Group, Co.

1H2018 Earnings Presentation August 2018 This presentation has been prepared by Beluga Group, Co. (the Company , or about health related issues; Beluga Group ) and together with its subsidiaries. By attending the meeting where the

427 views • 19 slides
2017 Earnings Presentation April 2018 This presentation has been prepared by Beluga Group, Co.

2017 Earnings Presentation April 2018 This presentation has been prepared by Beluga Group, Co.

2017 Earnings Presentation April 2018 This presentation has been prepared by Beluga Group, Co. (the Company , or about health related issues; Beluga Group ) and together with its subsidiaries. By attending the meeting where the

445 views • 20 slides
Developing (Meta)Theory of -calculus in the Theory of Contexts Marino Miculan Universit` a

Developing (Meta)Theory of -calculus in the Theory of Contexts Marino Miculan Universit` a

Workshop MERLIN Siena, 18 June 2001 Developing (Meta)Theory of -calculus in the Theory of Contexts Marino Miculan Universit` a di Udine, Italy miculan@dimi.uniud.it A common scenario represent formally ( encode ) syntax and semantics

1.04k views • 35 slides
What can logic do for AI? David McAllester TTI-Chicago Motivating Type Theory Meta-Mathematics:

What can logic do for AI? David McAllester TTI-Chicago Motivating Type Theory Meta-Mathematics:

What can logic do for AI? David McAllester TTI-Chicago Motivating Type Theory Meta-Mathematics: Type Theory as Cognitive Science Mathematics exists as a human social enterprise. Modern mathematicians tend to be untrained in mathematical logic.

403 views • 29 slides
Contextual modal type theory: a foundation for meta-variables Brigitte Pientka School of

Contextual modal type theory: a foundation for meta-variables Brigitte Pientka School of

Contextual modal type theory: a foundation for meta-variables Brigitte Pientka School of Computer Science McGill University Montreal, Canada Joint work with A. Nanevski and F . Pfenning Contextual modal type theory: p.1/39 Outline

846 views • 51 slides
Conditionals: between language and reasoning Class 2, part 1 - The meta-linguistic theory April

Conditionals: between language and reasoning Class 2, part 1 - The meta-linguistic theory April

Conditionals: between language and reasoning Class 2, part 1 - The meta-linguistic theory April 30, 2019 Two classes of conditionals: Ontic (aka counterfactuals): (1) If Oswald hadnt shot Kennedy, someone else would have. Epistemic

985 views • 50 slides
Validating Constructive Meta-Theory with Rogue Aaron Stump Assistant Professor Dept. of

Validating Constructive Meta-Theory with Rogue Aaron Stump Assistant Professor Dept. of

Validating Constructive Meta-Theory with Rogue Aaron Stump Assistant Professor Dept. of Computer Science and Engineering Washington University in St. Louis St. Louis, Missouri, USA http://cl.cse.wustl.edu 2 Overview deductive systems

612 views • 37 slides
Mechanizing the Minimization of Deterministic Generalized B uchi Automata Souheib Baarir 1 , 2

Mechanizing the Minimization of Deterministic Generalized B uchi Automata Souheib Baarir 1 , 2

Mechanizing the Minimization of Deterministic Generalized B uchi Automata Souheib Baarir 1 , 2 Alexandre Duret-Lutz 3 1 Universit e Paris Ouest Nanterre la D efense, Nanterre, France 2 Sorbonne Universit es, UPMC Univ. Paris 6, UMR

795 views • 43 slides
Causal Theory of Intention Phil 255 David Armstrong Armstrong begins with some meta - philosophy:

Causal Theory of Intention Phil 255 David Armstrong Armstrong begins with some meta - philosophy:

Causal Theory of Intention Phil 255 David Armstrong Armstrong begins with some meta - philosophy: Logical positivists generated a crisis in philosophy: Wittgenstein: role for philosophy was to clarify problems Ryle: philosophers were to perform

273 views • 14 slides
Relating System F and 2: A Case Study in Coq, Abella and Beluga Jonas Kaiser Brigitte Pientka

Relating System F and 2: A Case Study in Coq, Abella and Beluga Jonas Kaiser Brigitte Pientka

Relating System F and 2: A Case Study in Coq, Abella and Beluga Jonas Kaiser Brigitte Pientka Gert Smolka FSCD 2017, Oxford September 4, 2017 saarland university computer science saarland System F [Girard 72] / PTLC [Reynolds 74]

401 views • 25 slides
CS 671 Automated Reasoning Reflection Reflection basic methodology Represent object and

CS 671 Automated Reasoning Reflection Reflection basic methodology Represent object and

CS 671 Automated Reasoning Reflection Reflection basic methodology Represent object and meta level in type theory Represent meta-logical concepts as Nuprl terms Express specific object logic in represented meta logic Build

334 views • 9 slides
Einfhrung in Visual Computing Unit 12: Local Operations http://

Einfhrung in Visual Computing Unit 12: Local Operations http://

Einfhrung in Visual Computing Unit 12: Local Operations http:// www.caa.tuwien.ac.at/cvl/teaching/sommersemester/evc Content: Neighborhood Introduction to Local Operations Boundary Problem 2D Convolution Linear Image

896 views • 85 slides
CSSE463: Image Recognition Day 5 Lab 2 due Wednesday. Although you should get it in asap

CSSE463: Image Recognition Day 5 Lab 2 due Wednesday. Although you should get it in asap

CSSE463: Image Recognition Day 5 Lab 2 due Wednesday. Although you should get it in asap to maximize time for: Fruit Finder due Friday, 11:59 pm. Ask questions as they arise, about technique or about Matlab Today: Global vs

622 views • 14 slides
BBM 413 Fundamentals of Image Processing Erkut Erdem Dept. of Computer Engineering Hacettepe

BBM 413 Fundamentals of Image Processing Erkut Erdem Dept. of Computer Engineering Hacettepe

BBM 413 Fundamentals of Image Processing Erkut Erdem Dept. of Computer Engineering Hacettepe University Spatial Filtering Image Filtering Image filtering: computes a function of a local neighborhood at each pixel position Called

1.43k views • 94 slides
CS260 Search Bjrn Hartmann University of California, Berkeley EECS, Computer Science Division

CS260 Search Bjrn Hartmann University of California, Berkeley EECS, Computer Science Division

CS260 Search Bjrn Hartmann University of California, Berkeley EECS, Computer Science Division Fall 2010 Monday, November 22, 2010 Wednesday (before you leave campus) No reading responses . Instead, submit 2 paragraphs about your evaluation

1.09k views • 54 slides
Meta-reasoning in the concurrent logical framework CLF Jorge Luis Sacchini (joint work with

Meta-reasoning in the concurrent logical framework CLF Jorge Luis Sacchini (joint work with

Meta-reasoning in the concurrent logical framework CLF Jorge Luis Sacchini (joint work with Iliano Cervesato) Carnegie Mellon University Qatar campus Nagoya University, 27 June 2014 Jorge Luis Sacchini (joint work with Iliano Cervesato)

1.05k views • 86 slides
Programming and Reasoning about Coinduction using Copatterns David Thibodeau (joint work with A.

Programming and Reasoning about Coinduction using Copatterns David Thibodeau (joint work with A.

Programming and Reasoning about Coinduction using Copatterns David Thibodeau (joint work with A. Abel, B. Pientka, and A. Setzer) McGill University March 5, 2013 David Thibodeau(joint work with A. Abel, B. Pientka, and A. Setzer) (McGill

387 views • 28 slides
Multi-level Contextual Type Theory Mathieu Boespflug Brigitte Pientka McGill University 26

Multi-level Contextual Type Theory Mathieu Boespflug Brigitte Pientka McGill University 26

Multi-level Contextual Type Theory Mathieu Boespflug Brigitte Pientka McGill University 26 August 2011 1 / 25 Motivating example Theory Conclusion 2 / 25 x . ( A [ x ]) B 3 / 25 x . ( A [ x ]) B x . ( A [ x ] B )

399 views • 36 slides
Adventures in Two-Dimensional Type Theory Robert Harper with Daniel R. Licata (thanks to Steve

Adventures in Two-Dimensional Type Theory Robert Harper with Daniel R. Licata (thanks to Steve

Adventures in Two-Dimensional Type Theory Robert Harper with Daniel R. Licata (thanks to Steve Awodey and Peter Lumsdaine) March, 2011 Background Computation with syntax, including binding and scope. Integrate derivability with

538 views • 20 slides

More recommend