p r o v e r s
play

P R O V E R S by Niki Vazou, Leonidas Lampropoulos and Jeff - PowerPoint PPT Presentation

Jul 22, 2023 •19 likes •349 views

A TALE of TWO P R O V E R S by Niki Vazou, Leonidas Lampropoulos and Jeff Polakow Haskell take :: Int [a] [a] Haskell Liquid take :: i:{Int|0 i} xs:{[a]|i len xs} [a] Int [a] [a] Liquid Haskell take ::

  1. A TALE of TWO P R O V E R S by Niki Vazou, Leonidas Lampropoulos and Jeff Polakow

  2. Haskell take :: Int � [a] � [a]

  3. Haskell Liquid take :: i:{Int|0 ≤ i} � xs:{[a]|i ≤ len xs} � [a] Int � [a] � [a]

  4. Liquid Haskell take :: i:{Int|0 ≤ i} � xs:{[a]|i ≤ len xs} � [a] Int � [a] � take 2 [1,2,3] OK take 9 [1,2,3] Error

  5. Liquid Haskell take :: i:{Int|0 ≤ i} � xs:{[a]|i ≤ len xs} � [a] Int � [a] take 2 [1,2,3] 0 ≤ 2 ≤ 3 OK SMT take 9 [1,2,3] 0 ≤ 9 ≤ 3 Error

  6. Is Liquid Haskell a Theorem Prover?

  7. Is Liquid Haskell a Theorem Prover? Theorem: Parallelism Equivalence If f is a morphism*between two lists, * then f can be applied in parallel. * f is a morphism when f []=[] ∧ f (x<>y) = f x <> f y

  8. Is Liquid Haskell a Theorem Prover? Theorem: Parallelism Equivalence If f is a morphism*between two lists, * then . f x = concat (pmap f (chunk i x)) * f is a morphism when f []=[] ∧ f (x<>y) = f x <> f y

  9. Is Liquid Haskell a Theorem Prover? pEquiv :: f:([a] -> [b]) -> Morphism [a] [b] f -> x:[a] -> i:Pos -> { f x = concat (pmap f (chunk i x)) } f x = concat (pmap f (chunk i x)) * f is a morphism when f []=[] ∧ f (x<>y) = f x <> f y

  10. Is Liquid Haskell a Theorem Prover? pEquiv :: f:([a] -> [b]) -> Morphism [a] [b] f -> x:[a] -> i:Pos -> { f x = concat (pmap f (chunk i x)) } f x = concat (pmap f (chunk i x)) * type Morphism a b f = x:a -> y:b -> { f []=[] ∧ f (x<>y) = f x <> f y }

  11. Is Liquid Haskell a Theorem Prover? Yes! pEquiv :: f:([a] -> [b]) -> Morphism [a] [b] f -> x:[a] -> i:Pos -> { f x = concat (pmap f (chunk i x)) } f x = concat (pmap f (chunk i x)) Theorems: Refinement Types Proofs: (Terminating) Haskell Terms Correctness: Liquid Type Checking

  12. Is Liquid Haskell a Theorem Prover? Yes! pEquiv :: f:([a] -> [b]) -> Morphism [a] [b] f -> x:[a] -> i:Pos -> { f x = concat (pmap f (chunk i x)) } f x = concat (pmap f (chunk i x)) Demo

  13. Morphism Parallelism Equivalence (Chunkable n, Monoid m) (Monoid m) pEquiv :: RightId [b] -> f:([a] -> [b]) => f:(n -> m) => f:([a] -> m) -> Morphism n m f -> Morphism [a] [b] f -> Morphism [a] m f -> x:[a] -> i:Pos -> x:n -> i:Pos -> { f x = concat (pmap f (chunk i x)) } -> { f x = mconcat (pmap f (chunk i x)) } Application: String Matching

  14. Application: String Matching Find all the occurrences of a target string in an input string.

  15. Application: String Matching Find all the occurrences of a target string in an input string. “the best of times”

  16. Application: String Matching Find all the occurrences of a target string in an input string. 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 “the best of times” Target “es” matches at [6, 16] .

  17. Application: String Matching 800 669LoC 600 400 285LoC 200 180LoC 0 Exec Spec Proof LoC (Proofs/Exec): 5x Verification Time: 20 min Human Effort: 2 months

  18. VS. 800 766LoC 669LoC 600 400 285LoC 200 248LoC 180LoC 122LoC 0 Exec Spec Proof 5x 8x LoC (Proofs/Exec): Verification Time: 20 min 38 sec Human Effort: 2 months 2 weeks

  19. VS. Haskell VS. Non-Haskell Proofs

  20. VS. Haskell VS. Non-Haskell Proofs SMT- VS. Tactic- Based Automations

  21. VS. Haskell VS. Non-Haskell Proofs SMT- VS. Tactic- Based Automations Intrinsic VS. Extrinsic Verification

  22. Intrinsic VS. Extrinsic Verification take :: i:Nat � xs:{i ≤ len xs} � {v|len v=i} take 0 _ = [] take i xs = x:take (i-1) xs

  23. Intrinsic VS. Extrinsic Verification take :: i:Nat � xs:{i ≤ len xs} � {v|len v=i} take 0 _ = [] take i xs = x:take (i-1) xs Definition take := seq.take. Theorem take_spec: ∀ i x, i ≤ length x � length (take i x) = i.

  24. VS. Haskell VS. Non-Haskell Proofs SMT- VS. Tactic- Based Automations Intrinsic VS. Extrinsic Verification

  25. VS. Haskell VS. Non-Haskell Proofs SMT- VS. Tactic- Based Automations Intrinsic VS. Extrinsic Verification Semantic VS. Syntactic Termination

  26. Semantic VS. Syntactic Termination chunk :: i:Pos � xs:[a] � [[a]] / [len xs]

  27. Semantic VS. Syntactic Termination chunk :: i:Pos � xs:[a] � [[a]] / [len xs] Fixpoint chunk {M: Type} (fuel: nat) (i: nat) (x: M) : option (list M)

  28. Big VS. Tiny Trusted Code Base chunk :: i:Pos � xs:[a] � [[a]] / [len xs] OK / ghc SMT Error

  29. Big VS. Tiny Trusted Code Base OK / .hs ghc SMT Error

  30. VS. Haskell VS. Non-Haskell Proofs SMT- VS. Tactic- Based Automations Intrinsic VS. Extrinsic Verification Semantic VS. Syntactic Termination Big VS. Tiny Trusted Code Base

  31. VS. Haskell VS. Non-Haskell Proofs SMT- VS. Tactic- Based Automations Intrinsic VS. Extrinsic Verification Semantic VS. Syntactic Termination Big VS. Tiny Trusted Code Base Proof Verifier VS. Assistant

  32. A Tale of Two Provers Conclusion Liquid Haskell is a promising prover, but needs a lot of Coq -inspired future work.

  33. A Tale of Two Provers Conclusion Liquid Haskell is a promising prover, but needs a lot of Coq -inspired future work. Fast “tactics” Liquid GUI Proof Assistant Hackage Sharing Proofs Thanks!

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Detecting Financial Misreporting in 2019 March 2019 Dr. Richard M. Crowley rcrowley@smu.edu.sg

Detecting Financial Misreporting in 2019 March 2019 Dr. Richard M. Crowley rcrowley@smu.edu.sg

Detecting Financial Misreporting in 2019 March 2019 Dr. Richard M. Crowley rcrowley@smu.edu.sg http://rmc.link/ 1 What is Misreporting? 2 . 1 Misreporting: Simple definition Misstatements that affect firms accounting statements and

722 views • 25 slides
The Rise of the Missing Middle in an Emerging Economy: The Case of South Africa Haroon

The Rise of the Missing Middle in an Emerging Economy: The Case of South Africa Haroon

The Rise of the Missing Middle in an Emerging Economy: The Case of South Africa Haroon Bhorat, Morne Oosthuizen, Kezia Lilenstein &amp; Amy Thornton Development Policy Research Unit School of Economics, University of Cape Town

649 views • 31 slides
The Fraud Examiners Tool Kit Neutral Third-Party Witnesses A neutral third-party witness is

The Fraud Examiners Tool Kit Neutral Third-Party Witnesses A neutral third-party witness is

The Fraud Examiners Tool Kit Neutral Third-Party Witnesses A neutral third-party witness is a person not involved in a specific instance of fraud . For example, if the fraud examination of John Brown progressed past the stage of analysing

228 views • 9 slides
Modern Port Infrastructure The Port of Kingston currently handles 2.7 million TEUs of import

Modern Port Infrastructure The Port of Kingston currently handles 2.7 million TEUs of import

Modern Port Infrastructure The Port of Kingston currently handles 2.7 million TEUs of import and export cargo. Highways and Bridges Linking Jamaicas Economic Centres Montego Bay Freezone The MFZ is a highly rated near shore ICT

492 views • 11 slides
III iiiiesarmr.utawsfh.az rejen In pxlxh f.tn O O W x _In iejen excitht Fx i II exam nm

III iiiiesarmr.utawsfh.az rejen In pxlxh f.tn O O W x _In iejen excitht Fx i II exam nm

Random Variables Continuous Discrete Randurans r prob space p in IR Range integuvalued Xi I e.g Pr X p lxl FXlxl pmf PxCxi i Pr XE FxH CDI F Fx Xia p Cxi xi In I to model contra we want that Suppose t takes in that

288 views • 3 slides
Quantum Attacks on Symmetric Cryptography Gregor Leander (joint work with Alex May) MMC 2017

Quantum Attacks on Symmetric Cryptography Gregor Leander (joint work with Alex May) MMC 2017

Introduction Quantum Basics Grover Grover and Simon on Symmetric Crypto The FX Construction Conclusion Quantum Attacks on Symmetric Cryptography Gregor Leander (joint work with Alex May) MMC 2017 Introduction Quantum Basics Grover Grover

1.45k views • 97 slides
Lambda Calculus Variables and Functions cs3723 1 Lambda Calculus Mathematical system for

Lambda Calculus Variables and Functions cs3723 1 Lambda Calculus Mathematical system for

Lambda Calculus Variables and Functions cs3723 1 Lambda Calculus Mathematical system for functions Computation with functions Captures essence of variable binding Function parameters and substitution Can be extended with

400 views • 17 slides
Abstract Machines What is an abstract machine? a set of legal states - final and initial

Abstract Machines What is an abstract machine? a set of legal states - final and initial

Concepts of Program Design Abstract Machines Gabriele Keller Abstract Machines What is an abstract machine? a set of legal states - final and initial states as subset A set of instructions altering the state of the machine - it should

584 views • 29 slides
JavaFX Pitfalls What no documentation tells you Speaker Andy Moncsek Senior Consultant

JavaFX Pitfalls What no documentation tells you Speaker Andy Moncsek Senior Consultant

JavaFX Pitfalls What no documentation tells you Speaker Andy Moncsek Senior Consultant Application Development @andyahcp Trivadis AG Switzerland - Zrich 600 employees in Switzerland, Germany and Austria consulting, development, BI,

807 views • 42 slides
Independence, conditional distributions So far density of X specified explicitly. Often modelling

Independence, conditional distributions So far density of X specified explicitly. Often modelling

Independence, conditional distributions So far density of X specified explicitly. Often modelling leads to a specification in terms of marginal and conditional distributions. Defn : Events A and B are independent if P ( AB ) = P ( A ) P ( B ) .

197 views • 5 slides
8.6 Joint Production by Many Agents: The Holmstrom Teams Model The existence of a group of

8.6 Joint Production by Many Agents: The Holmstrom Teams Model The existence of a group of

8.6 Joint Production by Many Agents: The Holmstrom Teams Model The existence of a group of agents results in destroying the effectiveness of the individual risk-sharing contracts, because observed output is a joint function of the

709 views • 44 slides
Third Quarter Fiscal 2017 Conference Call August 1, 2017 Preliminary Statements Forward Looking

Third Quarter Fiscal 2017 Conference Call August 1, 2017 Preliminary Statements Forward Looking

Third Quarter Fiscal 2017 Conference Call August 1, 2017 Preliminary Statements Forward Looking Statements This document contains certain forward-looking statements. These statements are based on the companys current expectations as to the

496 views • 30 slides
trtr rt t

trtr rt t

r stt P ts s trtr rt t

582 views • 40 slides
Heb. 11:7, By faith Noah, being divinely warned of things not yet seen, moved with godly fear,

Heb. 11:7, By faith Noah, being divinely warned of things not yet seen, moved with godly fear,

Heb. 11:7, By faith Noah, being divinely warned of things not yet seen, moved with godly fear, prepared an ark for the saving of his household, by which he condemned the world and became heir of the righteousness which is according to

853 views • 43 slides
Ephesians Series Lesson #036 July 21, 2019 Dean Bible Ministries www.deanbibleministries.org

Ephesians Series Lesson #036 July 21, 2019 Dean Bible Ministries www.deanbibleministries.org

Ephesians Series Lesson #036 July 21, 2019 Dean Bible Ministries www.deanbibleministries.org Dr. Robert L. Dean, Jr. Are We Living in Light of Eternity? Ephesians 1:14 Eph. 1:14, who is the guarantee of our inheritance until the

698 views • 46 slides
MWKA ONLINE TALKS 2 Speaker Speaker VIVIEN FAN WONG CHEE EN Associate Associate MWKA ONLINE

MWKA ONLINE TALKS 2 Speaker Speaker VIVIEN FAN WONG CHEE EN Associate Associate MWKA ONLINE

Speaker Speaker VIVIEN FAN WONG CHEE EN Associate Associate MWKA ONLINE TALKS 2 Speaker Speaker VIVIEN FAN WONG CHEE EN Associate Associate MWKA ONLINE TALKS About Us Welcome to MahWengKwai &amp; Associates! Trusted by

856 views • 53 slides
Cardinal Welfarism yardstick to compare states of the world In cardinal version individual

Cardinal Welfarism yardstick to compare states of the world In cardinal version individual

Welfarism Welfarist postulate: distribution of individual welfare across agents is only legitimate Cardinal Welfarism yardstick to compare states of the world In cardinal version individual welfare measured by an index of utility and

1.24k views • 13 slides
Welcome Back PL Lites! 13 Jan 2020 Shaw Hall 2019 Singapore-Cambridge GCE O-Level

Welcome Back PL Lites! 13 Jan 2020 Shaw Hall 2019 Singapore-Cambridge GCE O-Level

2019 Singapore-Cambridge GCE O-Level Examinations Release of Examination Results Welcome Back PL Lites! 13 Jan 2020 Shaw Hall 2019 Singapore-Cambridge GCE O-Level Examinations Programme Briefing

642 views • 51 slides
Welcome Back PL Lites! 14 Jan 2019 Shaw Hall 2018 Singapore-Cambridge GCE O-Level

Welcome Back PL Lites! 14 Jan 2019 Shaw Hall 2018 Singapore-Cambridge GCE O-Level

2018 Singapore-Cambridge GCE O-Level Examinations Release of Examination Results Welcome Back PL Lites! 14 Jan 2019 Shaw Hall 2018 Singapore-Cambridge GCE O-Level Examinations Programme Briefing

457 views • 45 slides
Cryptanalysis of NORX v2.0 Colin Chaigneau 1 Thomas Fuhr 2 Henri Gilbert 2 Jrmy Jean 2

Cryptanalysis of NORX v2.0 Colin Chaigneau 1 Thomas Fuhr 2 Henri Gilbert 2 Jrmy Jean 2

Cryptanalysis of NORX v2.0 Colin Chaigneau 1 Thomas Fuhr 2 Henri Gilbert 2 Jrmy Jean 2 Jean-Ren Reinhard 2 1 Universit de Versailles, France 2 ANSSI, France FSE 2017 - March 7, 2017 Chaigneau, Fuhr, Gilbert, Jean, Reinhard Cryptanalysis

603 views • 25 slides
Authenticated Encryption Kazuhiko Minematsu NEC Corporation Joint work with Akiko Inoue Asian

Authenticated Encryption Kazuhiko Minematsu NEC Corporation Joint work with Akiko Inoue Asian

An Analysis of Parallelizable Authenticated Encryption Kazuhiko Minematsu NEC Corporation Joint work with Akiko Inoue Asian Symmetric-key Workshop 2018 Nov 14 Kolkata, India 1 Cryptanalysis of OCB2 (ePrint 2018/1040) Kazuhiko Minematsu NEC

783 views • 32 slides
Stronger security bounds Standard polynomial-evaluation for Wegman-Carter-Shoup MAC: sender

Stronger security bounds Standard polynomial-evaluation for Wegman-Carter-Shoup MAC: sender

Stronger security bounds Standard polynomial-evaluation for Wegman-Carter-Shoup MAC: sender sends ) + authenticators (1 1 ( 1 ); 1 ) + (2 2 ( 2 ); 2 D. J. Bernstein

716 views • 27 slides
Detecting Fake Paintings Robert Jacobsen Centre for Stochastic Geometry and Advanced Bioimaging

Detecting Fake Paintings Robert Jacobsen Centre for Stochastic Geometry and Advanced Bioimaging

Detecting Fake Paintings Robert Jacobsen Centre for Stochastic Geometry and Advanced Bioimaging Department of Mathematical Sciences Aalborg University 9th SSIAB Workshop, 2012 Joint work with Morten Nielsen Robert Jacobsen | Detecting Fake

490 views • 26 slides
Digital Signatures Dennis Hofheinz (slides based on slides by Bjrn Kaidel and Gunnar Hartung)

Digital Signatures Dennis Hofheinz (slides based on slides by Bjrn Kaidel and Gunnar Hartung)

Digital Signatures Dennis Hofheinz (slides based on slides by Bjrn Kaidel and Gunnar Hartung) Digital Signatures 2020-05-12 1 Outline Recap: programmable hash functions Waters PHF Waters signatures Digital Signatures 2020-05-12 2

1.02k views • 71 slides

More recommend