proof pearl proving a simple von neumann machine turing
play

Proof Pearl: Proving a Simple Von Neumann Machine Turing Complete J - PowerPoint PPT Presentation

Feb 28, 2024 •272 likes •1.15k views

Proof Pearl: Proving a Simple Von Neumann Machine Turing Complete J Strother Moore Department of Computer Science University of Texas at Austin presented by Matt Kaufmann at ITP 2014, Vienna July, 2014 1 Introduction M1 is a simple

  1. Proof Pearl: Proving a Simple Von Neumann Machine Turing Complete J Strother Moore Department of Computer Science University of Texas at Austin presented by Matt Kaufmann at ITP 2014, Vienna July, 2014 1

  2. Introduction M1 is a simple (“toy”) model of the JVM, developed by Moore to teach formal modeling and mechanized code proof. Details are in the paper and in ACL2 input scripts distributed with the ACL2 Community Books (as per the paper). Feel free to email questions to moore@cs.utexas.edu. 2

  3. Typical M1 Programming Challenge Write a program that takes two natural numbers, i and j , in reg [0] and reg [1] and halts with 1 on the stack if i < j and 0 on the stack otherwise.

  4. Typical M1 Programming Challenge Write a program that takes two natural numbers, i and j , in reg [0] and reg [1] and halts with 1 on the stack if i < j and 0 on the stack otherwise. Difficulty : The only test in the M1 language is “jump if top-of-stack equals 0”!

  5. Typical M1 Programming Challenge Write a program that takes two natural numbers, i and j , in reg [0] and reg [1] and halts with 1 on the stack if i < j and 0 on the stack otherwise. Difficulty : The only test in the M1 language is “jump if top-of-stack equals 0”! Solution : Count both variables down by 1 and stop when one or the other is 0. 3

  6. Java Bytecode Solution ILOAD 1 // 0 IFEQ 12 // 1 if reg[1]=0, jump to 13; ILOAD 0 // 2 IFEQ 12 // 3 if reg[0]=0, jump to 15; ILOAD 0 // 4 ICONST 1 // 5 ISUB // 6 ISTORE 0 // 7 reg[0] := reg[0] - 1; ILOAD 1 // 8 ICONST 1 // 9 ISUB // 10 ISTORE 1 // 11 reg[1] := reg[1] - 1; GOTO -12 // 12 jump to 0; ICONST 0 // 13 IRETURN // 14 halt with 0 on stack; ICONST 1 // 15 IRETURN // 16 halt with 1 on stack; Output by javac compiler, except pcs shown as instruction counts. 4

  7. An M1 Programming Solution ’((ILOAD 1) ; 0 (IFEQ 12) ; 1 if reg[1]=0, jump to 13; (ILOAD 0) ; 2 (IFEQ 12) ; 3 if reg[0]=0, jump to 15; (ILOAD 0) ; 4 (ICONST 1) ; 5 (ISUB) ; 6 (ISTORE 0) ; 7 reg[0] := reg[0] - 1; (ILOAD 1) ; 8 (ICONST 1) ; 9 (ISUB) ; 10 (ISTORE 1) ; 11 reg[1] := reg[1] - 1; (GOTO -12) ; 12 jump to 0; (ICONST 0) ; 13 (HALT) ; 14 halt with 0 on stack; (ICONST 1) ; 15 (HALT)) ; 16 halt with 1 on stack; Call this constant κ . 5

  8. Outline • M1 • Turing Machines • Turing Completeness • Implementation • Verifying Compiler • Some Statistics • Emulating Turing Machines with M1 • Conclusion 6

  9. M1 The M1 state provides • a program counter • a fixed (but arbitrary) number of registers whose values are unbounded integers • an unbounded push down stack • a program which is a fixed, finite list of instructions 7

  10. M1 The M1 instruction set: • load/store between top-of-stack and registers • push numeric constants • add, subtract, and multiply • jump, conditional jump (if 0), and halt

  11. M1 The M1 instruction set: • load/store between top-of-stack and registers • push numeric constants • add, subtract, and multiply • jump, conditional jump (if 0), and halt M1 does not provide subroutine call and return! 8

  12. Each instruction is formalized with a state transition function. Given a state s and a natural n , we define M 1( s, n ) to be the result of stepping n times from s .

  13. Each instruction is formalized with a state transition function. Given a state s and a natural n , we define M 1( s, n ) to be the result of stepping n times from s . It is possible to prove properties of M1 programs, e.g., that if reg [0] and reg [1] contain natural numbers, program κ halts and leaves 1 or 0 on the stack, depending on whether reg [0] < reg [1] .

  14. Each instruction is formalized with a state transition function. Given a state s and a natural n , we define M 1( s, n ) to be the result of stepping n times from s . It is possible to prove properties of M1 programs, e.g., that if reg [0] and reg [1] contain natural numbers, program κ halts and leaves 1 or 0 on the stack, depending on whether reg [0] < reg [1] . Partial correctness results can be proved too, e.g., κ does not terminate if reg [0] and reg [1] are negative integers. 9

  15. Outline • M1 • Turing Machines • Turing Completeness • Implementation • Verifying Compiler • Some Statistics • Emulating Turing Machines with M1 • Conclusion 10

  16. Turing Machines Description ∗ trace of TMI ( st, tape, tm, n ) tm = *rogers-tm* n st tape � ((Q0 1 0 Q1) 0 Q0 (1 1 1 1 1) � (Q1 0 R Q2) 1 Q1 (0 1 1 1 1) � (Q2 1 0 Q3) 2 Q2 (0 1 1 1 1) � (Q3 0 R Q4) 3 Q3 (0 0 1 1 1) � (Q4 1 R Q4) 4 Q4 (0 0 1 1 1) � (Q4 0 R Q5) 5 Q4 (0 0 1 1 1) � (Q5 1 R Q5) 6 Q4 (0 0 1 1 1) � (Q5 0 1 Q6) 7 Q4 (0 0 1 1 1 0) � (Q6 1 R Q6) 8 Q5 (0 0 1 1 1 0 0) � (Q6 0 1 Q7) 9 Q6 (0 0 1 1 1 0 1) � (Q7 1 L Q7) 10 Q6 (0 0 1 1 1 0 1 0) � (Q7 0 L Q8) . . . . . . . . . � (Q8 1 L Q1) 75 Q7 (0 0 0 0 0 0 1 1 1 1 1 1 1 1) � (Q1 1 L Q1)) 76 Q7 (0 0 0 0 0 0 1 1 1 1 1 1 1 1) � 77 Q7 (0 0 0 0 0 0 1 1 1 1 1 1 1 1) � (0 0 0 0 0 0 1 1 1 1 1 1 1 1) ⇐ halted 78 Q8 ∗ A Theory of recursive functions and effective computability , Hartley Rogers, McGraw-Hill, 1967 11

  17. A Turing Machine Interpreter in ACL2 � final tape if halts within n steps tmi ( st, tape, tm, n ) = otherwise nil

  18. A Turing Machine Interpreter in ACL2 � final tape if halts within n steps tmi ( st, tape, tm, n ) = otherwise nil A tape is represented as a pair of extensible half-tapes < Left, Right > , where the read/write head is at the start of Right .

  19. A Turing Machine Interpreter in ACL2 � final tape if halts within n steps tmi ( st, tape, tm, n ) = otherwise nil A tape is represented as a pair of extensible half-tapes < Left, Right > , where the read/write head is at the start of Right . A tape is never nil .

  20. A Turing Machine Interpreter in ACL2 � final tape if halts within n steps tmi ( st, tape, tm, n ) = otherwise nil A tape is represented as a pair of extensible half-tapes < Left, Right > , where the read/write head is at the start of Right . A tape is never nil . The definition of tmi is the ACL2 translation of the definition of NQTHM’s tmi used in [Boyer-Moore 1984]. 12

  21. Outline • M1 • Turing Machines • Turing Completeness • Implementation • Verifying Compiler • Some Statistics • Emulating Turing Machines with M1 • Conclusion 13

  22. Turing Completeness “M1 can emulate TMI” Approach: Implement TMI as an M1 program and prove it correct.

  23. Turing Completeness “M1 can emulate TMI” Approach: Implement TMI as an M1 program and prove it correct. The types of objects in the TMI model of computation are different from the types of objects in the M1 model. TMI deals with symbols (e.g., Q1 , L , R , etc) and conses (e.g., machine descriptions and tapes) whereas M1 only has integers .

  24. Turing Completeness “M1 can emulate TMI” Approach: Implement TMI as an M1 program and prove it correct. The types of objects in the TMI model of computation are different from the types of objects in the M1 model. TMI deals with symbols (e.g., Q1 , L , R , etc) and conses (e.g., machine descriptions and tapes) whereas M1 only has integers . We must set up a correspondence a la G¨ odel so that TMI objects can be represented as integers and manipulated by M1 programs. 14

  25. Turing Completeness “M1 can emulate TMI (modulo correspondence)” Approach: Implement TMI as an M1 program and prove it correct. The types of objects in the TMI model of computation are different from the types of objects in the M1 model. TMI deals with symbols (e.g., Q1 , L , R , etc) and conses (e.g., machine descriptions and tapes) whereas M1 only has integers . We must set up a correspondence a la G¨ odel so that TMI objects can be represented as integers and manipulated by M1 programs. 15

  26. Conventions Let tm , st , and tape be a Turing machine description, initial state symbol, and initial tape. Define s 0 be the corresponding M1 state with

  27. Conventions Let tm , st , and tape be a Turing machine description, initial state symbol, and initial tape. Define s 0 be the corresponding M1 state with • pc = 0 • 13 registers, initially containing 0s, • a stack containing (the numeric correspondents of) tm , st , tape and certain constants used to decode them, and • the program Ψ discussed below. 16

  28. Theorems Theorem A: If TMI runs forever on st , tape , and tm , then M1 runs forever on s 0 . Theorem B: If TMI halts on st , tape , and tm after n steps, then M1 halts on s 0 after some k steps and returns the same tape (modulo correspondence). 17

  29. Theorems Theorem A: If TMI runs forever on st , tape , and tm , then M1 runs forever on s 0 . Theorem B: If TMI halts on st , tape , and tm after n steps, then M1 halts on s 0 after some k steps and returns the same tape (modulo correspondence). 18

  30. Theorems Theorem A: If TMI runs forever on st , tape , and tm , then M1 runs forever on s 0 . Theorem B: If TMI halts on st , tape , and tm after n steps, then M1 halts on s 0 after find-k ( st, tape, tm, n ) steps and returns the same tape (modulo correspondence). 19

  31. Theorems Theorem A: If TMI runs forever on st , tape , and tm , then M1 runs forever on s 0 . Theorem B: If TMI halts on st , tape , and tm after n steps, then M1 halts on s 0 after find-k ( st, tape, tm, n ) steps and returns the same tape (modulo correspondence). 20

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Proof Pearl: Proving a Simple Von Neumann Machine Turing Complete J Strother Moore Department of

Proof Pearl: Proving a Simple Von Neumann Machine Turing Complete J Strother Moore Department of

Proof Pearl: Proving a Simple Von Neumann Machine Turing Complete J Strother Moore Department of Computer Science University of Texas at Austin presented by Matt Kaufmann at ITP 2014, Vienna July, 2014 1 Introduction M1 is a simple

594 views • 46 slides
Visual theorem proving with the Incredible Proof Machine The idea Theorem Proving without

Visual theorem proving with the Incredible Proof Machine The idea Theorem Proving without

Interactive Theorem Proving, Nancy August 22, 2016 Joachim Breitner Karlsruhe Institute of Technology University of Pennsylvania, Philadelphia Visual theorem proving with the Incredible Proof Machine The idea Theorem Proving without Syntax

579 views • 43 slides
Turing Machines (TM) Deterministic Turing Machine (DTM) Nondeterministic Turing Machine

Turing Machines (TM) Deterministic Turing Machine (DTM) Nondeterministic Turing Machine

Turing Machines (TM) Deterministic Turing Machine (DTM) Nondeterministic Turing Machine (NDTM) 1 Deterministic Turing Machine (DTM) .. .. B B 0 1 1 0 0 B B Finite Control Two-way, infinite tape, broken into

616 views • 14 slides
Turing machine recap A Turing machine TM is a tuple M = ( , Q , ) where : set of symbols

Turing machine recap A Turing machine TM is a tuple M = ( , Q , ) where : set of symbols

Turing machine recap A Turing machine TM is a tuple M = ( , Q , ) where : set of symbols that TM s tapes can contain. Universal Turing Machines and Undecidability Q : possible states TM can be in. q start : the TM starts in this state

391 views • 6 slides
Proving the Church-Turing Thesis? Kerry Ojakian 1 1 SQIG/IT Lisbon and IST, Portugal Logic Seminar

Proving the Church-Turing Thesis? Kerry Ojakian 1 1 SQIG/IT Lisbon and IST, Portugal Logic Seminar

Introduction Device-Dependent Approaches and The Abstract State Machine Device-Independent approaches? Proving the Church-Turing Thesis? Kerry Ojakian 1 1 SQIG/IT Lisbon and IST, Portugal Logic Seminar 2008 Ojakian Proving the Church-Turing

439 views • 28 slides
Proof Pearl: Using Combinators to Manipulate let -Expressions Michael Norrish 1 Konrad Slind 2 1

Proof Pearl: Using Combinators to Manipulate let -Expressions Michael Norrish 1 Konrad Slind 2 1

Proof Pearl: Using Combinators to Manipulate let -Expressions Proof Pearl: Using Combinators to Manipulate let -Expressions Michael Norrish 1 Konrad Slind 2 1 National ICT Australia 2 University of Utah 23 August 2005 Proof Pearl: Using

525 views • 37 slides
Mechanical Turing Machine in Wood R. Ridel LEGO Turing Machine Built by J. van den Bos &amp; D.

Mechanical Turing Machine in Wood R. Ridel LEGO Turing Machine Built by J. van den Bos &amp; D.

Mechanical Turing Machine in Wood R. Ridel LEGO Turing Machine Built by J. van den Bos &amp; D. Landman Video by A. Theelen Come visit the one in my office! Turing Tumble What counts as a problem? Decision problems on finite,

658 views • 34 slides
TURING MACHINE VARIATIONS ENCODING TURING MACHINES UNIVERSAL TURING MACHINE Your Questions?

TURING MACHINE VARIATIONS ENCODING TURING MACHINES UNIVERSAL TURING MACHINE Your Questions?

5/7/2018 Variations: Multiple tracks Multiple tapes Non-deterministic TURING MACHINE VARIATIONS ENCODING TURING MACHINES UNIVERSAL TURING MACHINE Your Questions? Previous class days' material Reading Assignments HW 14b

542 views • 26 slides
Turing Machines Our most powerful model of a computer is the Turing Machine. This is an FA with

Turing Machines Our most powerful model of a computer is the Turing Machine. This is an FA with

Turing Machines Our most powerful model of a computer is the Turing Machine. This is an FA with an infinite tape for storage. A Turing Machine A Turing Machine (TM) has three components: An infinite tape divided into cells. Each cell

731 views • 25 slides
IV. Turing Machine Yuxi Fu BASICS, Shanghai Jiao Tong University Alan Turing Alan Turing

IV. Turing Machine Yuxi Fu BASICS, Shanghai Jiao Tong University Alan Turing Alan Turing

IV. Turing Machine Yuxi Fu BASICS, Shanghai Jiao Tong University Alan Turing Alan Turing (23Jun.1912-7Jun.1954), an English student of Church, introduced a machine model for effective calculation in On Computable Numbers, with an Application

732 views • 17 slides
Universal Turing Machine Lecture 20 1 Turing Machine move the head left or right by one

Universal Turing Machine Lecture 20 1 Turing Machine move the head left or right by one

Universal Turing Machine Lecture 20 1 Turing Machine move the head left or right by one cell sequentially accessed read write infinite memory finite memory (state) next- action look-up table CS 374 Variants dont change which

1.08k views • 27 slides
1 Undecidability; the Church-Turing Thesis The Church-Turing thesis: A Turing machine that halts

1 Undecidability; the Church-Turing Thesis The Church-Turing thesis: A Turing machine that halts

1 Undecidability; the Church-Turing Thesis The Church-Turing thesis: A Turing machine that halts on all inputs is the precise, formal notion corresponding to the intuitive notion of an algorithm. Note that algorithms existed before Turing

388 views • 4 slides
Foundations of Computer Science Lecture 26 Turing Machines The Turing Machine: DFA with Random

Foundations of Computer Science Lecture 26 Turing Machines The Turing Machine: DFA with Random

Foundations of Computer Science Lecture 26 Turing Machines The Turing Machine: DFA with Random Access Memory (RAM) Transducer Turing Machines Infinite Loops Encodings of Turing Machines Last Time: CFGs and Pushdown Automata L = { w # w r | w

1.04k views • 79 slides
Foundations of Computer Science Lecture 26 Turing Machines The Turing Machine: DFA with Random

Foundations of Computer Science Lecture 26 Turing Machines The Turing Machine: DFA with Random

Foundations of Computer Science Lecture 26 Turing Machines The Turing Machine: DFA with Random Access Memory (RAM) Transducer Turing Machines Infinite Loops Encodings of Turing Machines Last Time: CFGs and Pushdown Automata L = { w # w r | w

647 views • 13 slides
Turing Machine properties There are many ways to skin a cat Turing Machines And many ways

Turing Machine properties There are many ways to skin a cat Turing Machines And many ways

Turing Machine properties There are many ways to skin a cat Turing Machines And many ways to define a TM The books Standard Turing Machines Tape unbounded on both sides Deterministic (at most 1 move / configuration) TM

173 views • 5 slides
Set-theoretical aspects of proof theory via Turing progressions Joost J. Joosten Universitat de

Set-theoretical aspects of proof theory via Turing progressions Joost J. Joosten Universitat de

A personal note Proof Theory Turing progressions and ordinal analysis Set-theoretical aspects of proof theory via Turing progressions Joost J. Joosten Universitat de Barcelona Saturday 17-11-2018 Reflections on Set-Theoretic Reflection,

1.12k views • 96 slides
Actinide Behaviour during Severe Nuclear Accident Three Mile Island Andriy Sizov, PhD,

Actinide Behaviour during Severe Nuclear Accident Three Mile Island Andriy Sizov, PhD,

Actinide Behaviour during Severe Nuclear Accident Three Mile Island Andriy Sizov, PhD, Senior researcher/Technical Expert Institute for Safety Problems of NPPs/ENCO Joint ICTP-IAEA International School on 10 14 September 2018 1

557 views • 29 slides
MADISON GRANTEE DEI SURVEY DRAFT RESULTS Other Hewlett Grantees TMI Grantees M E A N P E R C E

MADISON GRANTEE DEI SURVEY DRAFT RESULTS Other Hewlett Grantees TMI Grantees M E A N P E R C E

MADISON GRANTEE DEI SURVEY DRAFT RESULTS Other Hewlett Grantees TMI Grantees M E A N P E R C E N T A G E P E O P L E O F C O L O R A C R O S S G R A N T E E S Board Members All Staff 36% 31% 31% 24% Foundation Grantees TMI Grantees

483 views • 6 slides
(and the teens coming of age behind them) are the most problematic generation in modern history.

(and the teens coming of age behind them) are the most problematic generation in modern history.

(and the teens coming of age behind them) are the most problematic generation in modern history. Beyond their kombucha-fueled rampage through DoSomething.org and its consultancy arm, TMI countless industries, young people are consistently

314 views • 4 slides
In-Kernel TLS Framing and Encryp6on for FreeBSD John Baldwin vBSDCon September 6, 2019

In-Kernel TLS Framing and Encryp6on for FreeBSD John Baldwin vBSDCon September 6, 2019

In-Kernel TLS Framing and Encryp6on for FreeBSD John Baldwin vBSDCon September 6, 2019 Overview Mo6va6on Kernel TLS SoJware TLS NIC TLS Numbers Why KTLS? The story of KTLS is really a repeat of the story of sendfile(2)

531 views • 35 slides
MICROWAVE DATASETS Marilyn Drewry Data Management Lead mdrewry@itsc.uah.edu Presented at the

MICROWAVE DATASETS Marilyn Drewry Data Management Lead mdrewry@itsc.uah.edu Presented at the

MICROWAVE DATASETS Marilyn Drewry Data Management Lead mdrewry@itsc.uah.edu Presented at the GHRC User Working Group Meeting September 25-26, 2014 Presentation Overview Data Management Group Team Microwave Data at GHRC Satellite

594 views • 32 slides
Thomas Campbell TMI March 21 - 23, 2010 www.monroeinstitute.org www.MyBigTOE.com 1 22 ND

Thomas Campbell TMI March 21 - 23, 2010 www.monroeinstitute.org www.MyBigTOE.com 1 22 ND

22 ND PROFESSIONAL SEMINAR Thomas Campbell TMI March 21 - 23, 2010 www.monroeinstitute.org www.MyBigTOE.com 1 22 ND PROFESSIONAL SEMINAR TMI Keynote Address Physics, Metaphysics, and the Nature of Consciousness March 21, 2010

531 views • 39 slides
Lean Leadership Frank Hayden Competitive advantage No.1 selling small car in US Lowest

Lean Leadership Frank Hayden Competitive advantage No.1 selling small car in US Lowest

Lean Leadership Frank Hayden Competitive advantage No.1 selling small car in US Lowest cost per seat mile One platform - Air Force, Navy, STOVL 50 year risk sharing partnership Lean leadership Safety Value stream mapping

354 views • 8 slides
The Nuclear Renaissance have we been here before? Malcolm Grimston, Chatham House Help

The Nuclear Renaissance have we been here before? Malcolm Grimston, Chatham House Help

The Nuclear Renaissance have we been here before? Malcolm Grimston, Chatham House Help Rescue the Planet Conference RIBA, London, May 8 2012 I N OUT IN OUT , SHAKE IT ALL ABOUT Three phases of nuclear power so far: Good idea (1960

668 views • 32 slides

More recommend