recent pvs language developments
play

Recent PVS Language Developments Sam Owre owre@csl.sri.com URL: - PowerPoint PPT Presentation

Feb 12, 2023 •236 likes •518 views

Recent PVS Language Developments Sam Owre owre@csl.sri.com URL: http://www.csl.sri.com/~owre/ Computer Science Laboratory SRI International Menlo Park, CA August 21, 2006 Sam Owre AFM06 tutorial: 1 Recent PVS

  1. ✬ ✩ Recent PVS Language Developments Sam Owre owre@csl.sri.com URL: http://www.csl.sri.com/~owre/ Computer Science Laboratory SRI International Menlo Park, CA August 21, 2006 ✫ ✪ Sam Owre AFM06 tutorial: 1

  2. ✬ ✩ Recent PVS Language Developments • Introduction to PVS • What’s new? - summary • Cotuples • Type Extensions • Structural Subtypes • Recursive Judgements • Theory Interpretations ✫ ✪ Sam Owre AFM06 tutorial: 2

  3. ✬ ✩ Introduction to PVS • PVS is a comprehensive verification system with an expressive language, powerful theorem prover, Emacs-based user interface, and many other components • The language is based on higher-order type theory, with support for functions, tuples, records, cotuples, predicate subtypes, dependent types, and inductive data types. • Typechecking is undecidable, and leads to proof obligations, called Type correctness conditions (TCCs) ✫ ✪ Sam Owre AFM06 tutorial: 3

  4. ✬ ✩ PVS Theories • Specifications consist of a collection of theories , each of which primarily consists of types, constants, and formulas • Theories may be parameterized with types or constants (or theories) • Theories may import other theories, providing instances for the parameters • Theories may include an ASSUMING section, imposing constraints on its parameters ✫ ✪ Sam Owre AFM06 tutorial: 4

  5. ✬ ✩ Declarations Declarations of PVS include: • types - defined or uninterpreted, empty or nonempty • constants and (logical) variables • definitions - recursive definitions need a measure • formulas - axioms, assumptions, lemmas, etc. • inductive and coinductive definitions • judgements - provide typing judgements to the typechecker and prover • conversions - provide automatic conversions • auto-rewrites - used to initialize proofs • libraries - associates names with external directories • macros - expanded during typechecking ✫ ✪ Sam Owre AFM06 tutorial: 5

  6. ✬ ✩ Example Theory list2finseq[T: TYPE]: THEORY BEGIN l: VAR list[T] fs: VAR finseq[T] n: VAR nat list2finseq(l): finseq[T] = (# length := length(l), seq := (LAMBDA (x: below[length(l)]): nth(l, x)) #) finseq2list_rec(fs, (n: nat | n <= length(fs))): RECURSIVE list[T] = IF n = 0 THEN null ELSE cons(fs‘seq(length(fs) - n), finseq2list_rec(fs, n-1)) ENDIF MEASURE n finseq2list(fs): list[T] = finseq2list_rec(fs, length(fs)) CONVERSION list2finseq, finseq2list ✫ END list2finseq ✪ Sam Owre AFM06 tutorial: 6

  7. ✬ ✩ PVS Tool • Emacs user interface, but can be run stand-alone • Proof trees and theory hierarchies may be displayed • Extensive set of prelude theories • Large number of libraries, including analysis, graph theory, finite sets • Primarily implemented in Common Lisp • Recently ported to CMU Common Lisp - started SBCL port • Soon will be open source (GPL) ✫ ✪ Sam Owre AFM06 tutorial: 7

  8. ✬ ✩ What’s New? - Summary • Covered In this talk: ◦ Cotuples ◦ Type Extensions ◦ Structural Subtypes ◦ Recursive Judgements ◦ Theory Interpretations • Not covered: ◦ Random Testing ◦ Yices integration ◦ Coinductive definitions ◦ Codatatypes ◦ PVSio ✫ ✪ ◦ Translation to CLEAN Sam Owre AFM06 tutorial: 8

  9. ✬ ✩ Cotuples • Cotuples (also known as sums or coproducts) create a disjoint union of types: [int + bool + [int -> bool]] • This is roughly equivalent to the (non-recursive) datatype co: DATATYPE BEGIN in_1(out_1: int): in?_1 in_2(out_2: bool): in?_2 in_3(out_3: [int -> bool]): in?_3 END co but without the need to name the type, and without generating extra baggage (axioms, induction schemas, etc.) ✫ ✪ Sam Owre AFM06 tutorial: 9

  10. ✬ ✩ Cotuple Expressions • Cotuples have injections IN i , predicates IN? i , and extractions OUT i • Given cT: TYPE = [int + bool + [int -> int]] • IN 2(true) creates a cT element, and CASES is used to select, e.g., from c: cT : CASES c OF IN_1(i): i + 1, IN_2(b): IF b THEN 1 ELSE 0 ENDIF, IN_3(f): f(0) ENDCASES ✫ ✪ Sam Owre AFM06 tutorial: 10

  11. ✬ ✩ Cotuple Typechecking • Expressions such as IN 1(3) cannot be typechecked inside out • Two extensions made to handle this: ◦ The typechecker now allows (internal) cotuple type variables - must be instantiated from the context ◦ The grammar allows the type to be specified directly: IN 1[cT](3) • The latter is needed for situations where the context cannot determine the type: IN 1(3) = IN 1(4) • These extensions were also applied to tuple projections, e.g., the type of PROJ 1 may be determined from context, or given explicitly as PROJ 1[[int, int, bool]] ✫ ✪ Sam Owre AFM06 tutorial: 11

  12. ✬ ✩ Type Extensions • Type extensions make it easy to extend a record or tuple type by adding more components: location: TYPE = [# x, y, z: real #] vehicle: TYPE = [# c: Class, weight: real, pilot: person #] located_vehicle: TYPE = location WITH vehicle • Fields may be shared, as long as the types are the same: [# x: int, y: above(x) #] WITH [# x: int, z: upfrom(x) #] • Dependencies must stay local: [# x, y: int #] WITH [# z: subrange(x, y)) #] this is not allowed • Similarly for tuple types - the types simply append ✫ ✪ Sam Owre AFM06 tutorial: 12

  13. ✬ ✩ Structural Subtypes Structural subtypes provide partial support for object-oriented specifications by allowing class hierarchies to be modeled genpoints[gpoint: TYPE <: [# x, y: real #]]: THEORY BEGIN move(p: gpoint)(dx, dy: real): gpoint = p WITH [‘x := p‘x + dx, ‘y := p‘y + dy] END genpoints colored_points: THEORY BEGIN Color: TYPE = { red, green, blue } colored_point: TYPE = [# x, y: real, color: Color #] IMPORTING genpoints[colored_point] x, y: real p: VAR colored_point move0: LEMMA move(p)(0, 0) = p same_color: LEMMA move(p)(x, y)‘color = p‘color ✫ ✪ END colored_points Sam Owre AFM06 tutorial: 13

  14. ✬ ✩ Structural and Predicate Subtypes • Structural and predicate subtypes are distinct: unit_disk: THEORY BEGIN point: TYPE = [# x, y: real #] unit_disk: TYPE = { p : point | p‘x * p‘x + p‘y * p‘y < 1 } IMPORTING genpoints[unit_disk] ... END unit_disk • Now move(p)(2,0) is no longer in the unit disk. ✫ ✪ Sam Owre AFM06 tutorial: 14

  15. ✬ ✩ Structural and Predicate Subtypes It is possible to use both: genpoints[gpoint: TYPE <: [# x, y: real #], spoint: TYPE FROM gpoint]: THEORY BEGIN move(p: spoint)(dx, dy: real): spoint = LET newp = p WITH [‘x := p‘x + dx, ‘y := p‘y + dy] IN IF spoint_pred(newp) THEN newp ELSE p ENDIF END genpoints ✫ ✪ Sam Owre AFM06 tutorial: 15

  16. ✬ ✩ Recursive Judgements • Recursive judgements are judgements that apply to recursive functions • As judgements, they work exactly the same as the corresponding non-recursive judgements • The advantage is that the TCCs generated follow the structure of the recursive definition, and thus are generally easier to prove • In effect, the TCCs include the base case(s) and the inductive step(s) separately • The (slight) disadvantage is that it is no longer obvious which TCCs are associated with the judgement • This supports the specification style in which all proofs are pushed into TCCs, and are made as automatic as ✫ ✪ possible Sam Owre AFM06 tutorial: 16

  17. ✬ ✩ Recursive Judgement Example append_int(l1, l2: list[int]): RECURSIVE list[int] = CASES l1 OF null: l2, cons(x, y): cons(x, append_int(y, l2)) ENDCASES MEASURE length(l1) append_nat: JUDGEMENT append_int(a, b: list[nat]) HAS_TYPE list[nat] This yields the TCC append_nat: OBLIGATION FORALL (a, b: list[nat]): every[int]( { i: int | i >= 0 } )(append_int(a, b)); Which is difficult to prove automatically (or manually) ✫ ✪ Sam Owre AFM06 tutorial: 17

  18. ✬ ✩ Recursive Judgement Example Adding the RECURSIVE keyword: append_nat: RECURSIVE JUDGEMENT append_int(a, b: list[nat]) HAS_TYPE list[nat] We get the TCC append_nat_TCC1: OBLIGATION FORALL (a, b: list[nat], x: int, y: list[int]): every( { i: int | i >= 0 } )(append_int(a, b)) AND a = cons(x, y) IMPLIES every[int]( { i: int | i >= 0 } )(cons[int](x, append_int(y, b))); Which is easily discharged with grind ✫ ✪ Sam Owre AFM06 tutorial: 18

  19. ✬ ✩ Theory Interpretations • Theory interpretations allow a given source theory to be viewed as another target theory, for example, viewing the integers as a group over addition. • A theory interpretation gives values to uninterpreted types and constants of the source in terms of the target • Axioms of the source are interpreted as TCCs that must be proved for soundness • All other formulas are interpreted, and considered to be proved if their parent formula is ( proofchain analysis ) ✫ ✪ Sam Owre AFM06 tutorial: 19

  20. ✬ ✩ Uses of Theory Interpretations • Theory Interpretations are used for: consistency - checking that the axioms are not inconsistent refinement - providing an “implementation” of a theory debugging - checking that the intended model(s) are instances of the general theory ✫ ✪ Sam Owre AFM06 tutorial: 20

  21. ✬ ✩ Theory Interpretation Example th[T: TYPE, x: T]: THEORY BEGIN S: TYPE y: S ... END thi: THEORY BEGIN IMPORTING[nat, 0]{{ S := bool, y := true }} ... END thi ✫ ✪ Sam Owre AFM06 tutorial: 21

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Hand arm Vibration &amp; Hand-arm Vibration &amp; Recent Developments Recent Developments

Hand arm Vibration &amp; Hand-arm Vibration &amp; Recent Developments Recent Developments

Hand arm Vibration &amp; Hand-arm Vibration &amp; Recent Developments Recent Developments Stuart McGregor &amp; Bruce Appleton Noise &amp; Vibration Specialists p Health &amp; Safety Executive What we are going to talk about What we are

415 views • 28 slides
Macroeconomic Overview of India: Recent Trends and Developments Recent Trends and Developments

Macroeconomic Overview of India: Recent Trends and Developments Recent Trends and Developments

Macroeconomic Overview of India: Recent Trends and Developments Recent Trends and Developments Mathew Joseph Senior Consultant, ICRIER India-Taiwan Relations ICRIER-CIER Joint Feasibility Study New Delhi 1 7 January 2011 1 Structure 1. An

505 views • 18 slides
Recent Economic Developments Recent Economic Developments January, 2 0 0 9 Published by

Recent Economic Developments Recent Economic Developments January, 2 0 0 9 Published by

REPUBLIC OF INDONESIA Recent Economic Developments Recent Economic Developments January, 2 0 0 9 Published by Investors Relations Unit Republic Indonesia Address Bank Indonesia International Directorate / Division of Foreign Debt Analysis

1.65k views • 115 slides
Fuel Poverty - recent developments and next steps 13 th November 2013 Recent developments

Fuel Poverty - recent developments and next steps 13 th November 2013 Recent developments

Fuel Poverty - recent developments and next steps 13 th November 2013 Recent developments Announcement on definition Fuel Poverty Changing the Framework for Measurement: Government response Steps to amend the fuel poverty target

183 views • 15 slides
Multilingual Europe: News and Recent Developments from the Language Communities Meirion Prys

Multilingual Europe: News and Recent Developments from the Language Communities Meirion Prys

Multilingual Europe: News and Recent Developments from the Language Communities Meirion Prys Jones &amp; Delyth Prys (NPLD), Sabine Kirchmeier (EFNIL), Jan Odijk (Utrecht University) sabine@dsn.dk, meirion.jones@npld.eu META-FORUM 2016

156 views • 11 slides
NTRU Cryptosystem: Recent Developments Ron Steinfeld School of IT Monash University, Australia

NTRU Cryptosystem: Recent Developments Ron Steinfeld School of IT Monash University, Australia

Introduction NTRU Cryptosystem: Review NTRU Security: Recent Developments NTRU Applications: Recent Developments NTRU Cryptosystem: Recent Developments Ron Steinfeld School of IT Monash University, Australia (partly based on joint work with

1.29k views • 76 slides
FDI Recent changes in Policy, Sectoral and other developments CA Shabbir Motorwala 22

FDI Recent changes in Policy, Sectoral and other developments CA Shabbir Motorwala 22

FDI Recent changes in Policy, Sectoral and other developments CA Shabbir Motorwala 22 December 2018 CTC - Intensive study course on FEMA Mumbai 1 Conten Co ents Overview of FEMA Inbound Investment Recent Developments FEMA 20

593 views • 35 slides
Public procurement law recent developments Christopher Brown cbrown@matrixlaw.co.uk

Public procurement law recent developments Christopher Brown cbrown@matrixlaw.co.uk

Public procurement law recent developments Christopher Brown cbrown@matrixlaw.co.uk @CBrownMatrix Overview The reform agenda Recent CJEU developments Recent domestic litigation The reform agenda December 2011: Commission

240 views • 11 slides
Data Protection in Israel Overview &amp; Recent Developments in Financial Sector David

Data Protection in Israel Overview &amp; Recent Developments in Financial Sector David

Data Protection in Israel Overview &amp; Recent Developments in Financial Sector David Mirchin Head of Technology Transactions Group 2009 2 2010-2011 Bad luck 3 Topics 1. Context: Recent Developments 2. EU: Israel Adequately

534 views • 28 slides
Recent Developments in Disjunctive Programming Egon Balas Carnegie Mellon University Recent

Recent Developments in Disjunctive Programming Egon Balas Carnegie Mellon University Recent

Recent Developments in Disjunctive Programming Egon Balas Carnegie Mellon University Recent Developments in Disjunctive Programming 01.09.17 1 / 56 Recent Developments in Disjunctive Programming 1. Background and basic results 2.

886 views • 56 slides
Recent developments in Resource Adequacy in California Karl Meeusen, PhD Senior Advisor

Recent developments in Resource Adequacy in California Karl Meeusen, PhD Senior Advisor

Recent developments in Resource Adequacy in California Karl Meeusen, PhD Senior Advisor Infrastructure and Regulatory Policy WECC Market Interface Committee June 27, 2019 Overview Overview Recent developments at the CPUC

453 views • 8 slides
Graphical Causal Models for Time Series Econometrics: Some Recent Developments and Applications

Graphical Causal Models for Time Series Econometrics: Some Recent Developments and Applications

Introduction SVAR GMs Application to SVAR Recent Developments Graphical Causal Models for Time Series Econometrics: Some Recent Developments and Applications Alessio Moneta Max Planck Institute of Economics, Jena 10 December 2009

900 views • 60 slides
Some recent developments in gravitational lensing to

Some recent developments in gravitational lensing to

Some recent developments in gravitational lensing to professors Toshi Futamase, Hideo Kodama and Misao Sasaki Matthias Bartelmann, Heidelberg University, Institute for Theoretical Astrophysics JGRG22,

614 views • 25 slides
Income-tax w.r.t. Real Estate Transactions Select Issues and Recent Developments Jagdish T

Income-tax w.r.t. Real Estate Transactions Select Issues and Recent Developments Jagdish T

Income-tax w.r.t. Real Estate Transactions Select Issues and Recent Developments Jagdish T Punjabi April 15, 2019 Table of Contents Slide Nos. Sr. No. Particulars From To 1 Synopsis Recent Developments 6 7 2 Synopsis

745 views • 63 slides
Agenda this Month Recent tax cases Other HMRC announcements and other tax developments

Agenda this Month Recent tax cases Other HMRC announcements and other tax developments

Agenda this Month Recent tax cases Other HMRC announcements and other tax developments Whats in the Budget? Recent tax cases Directors Loan Write -Off Scheme Section 415 ITTOIA 2005 taxed as dividend? Espirit

620 views • 36 slides
Assistant Director One Housing Group CIH London 8 July 2014 Current Developments in posts

Assistant Director One Housing Group CIH London 8 July 2014 Current Developments in posts

Home Ownership and Right to Buy - Recent Developments Seminar Matthew Saye Assistant Director One Housing Group CIH London 8 July 2014 Current Developments in posts sales management Recent Developments Primary legislation limited

317 views • 12 slides
Meta-heuristic optimization Nenad Mladenovi c , Mathematical Institute, Serbian Academy of

Meta-heuristic optimization Nenad Mladenovi c , Mathematical Institute, Serbian Academy of

Meta-heuristic optimization Nenad Mladenovi c , Mathematical Institute, Serbian Academy of Sciences and Arts, Belgrade, Serbia Department of Mathematics, Brunel University London UK. Optimization problems (continuous-discrete,

459 views • 25 slides
RTSP ANNOUNCE RTSP ANNOUNCE draft-zeng-mmusic-rtsp-announce-01.txt Thomas Zeng, PVNS (an Alcatel

RTSP ANNOUNCE RTSP ANNOUNCE draft-zeng-mmusic-rtsp-announce-01.txt Thomas Zeng, PVNS (an Alcatel

IETF-60 MMUSIC WG IETF-60 MMUSIC WG RTSP ANNOUNCE RTSP ANNOUNCE draft-zeng-mmusic-rtsp-announce-01.txt Thomas Zeng, PVNS (an Alcatel company) P. Greg Sherwood, PacketVideo July 2004 Introduction Introduction Was

454 views • 9 slides
RTSP NAT Traversal Update RTSP NAT Traversal Update draft-ietf-mmusic-rtsp-nat-03.txt

RTSP NAT Traversal Update RTSP NAT Traversal Update draft-ietf-mmusic-rtsp-nat-03.txt

IETF-60 MMUSIC WG IETF-60 MMUSIC WG RTSP NAT Traversal Update RTSP NAT Traversal Update draft-ietf-mmusic-rtsp-nat-03.txt draft-ietf-mmusic-rtsp-nat-03.txt Magnus Westlund (Ericsson) Thomas Zeng (PVNS, an Alcatel company) Update Since

358 views • 9 slides
Parameterized Power Vertex Cover Eric Angel, Evripidis Bampis, Bruno Escoffier, Michael Lampis

Parameterized Power Vertex Cover Eric Angel, Evripidis Bampis, Bruno Escoffier, Michael Lampis

Parameterized Power Vertex Cover Eric Angel, Evripidis Bampis, Bruno Escoffier, Michael Lampis Universities in Paris WG 2016 Overview Parameterized Power Vertex Cover Parameterized Power Vertex Cover 2 / 17 Overview Parameterized Power

956 views • 83 slides
Lost in Translation: The PVS Prover Landscape N. Shankar shankar@csl.sri.com URL:

Lost in Translation: The PVS Prover Landscape N. Shankar shankar@csl.sri.com URL:

Lost in Translation: The PVS Prover Landscape N. Shankar shankar@csl.sri.com URL: http://www.csl.sri.com/shankar/ Computer Science Laboratory SRI International Menlo Park, CA 1 Overview The goal of this

433 views • 17 slides
Computer-Supported Program Verification with PVS Wolfgang Schreiner

Computer-Supported Program Verification with PVS Wolfgang Schreiner

Computer-Supported Program Verification with PVS Wolfgang Schreiner Wolfgang.Schreiner@risc.uni-linz.ac.at Research Institute for Symbolic Computation (RISC) Johannes Kepler University, Linz, Austria http://www.risc.uni-linz.ac.at Wolfgang

606 views • 41 slides
Qualification of PVS for Systematic Design Verification of a Nuclear Shutdown System Mark Lawford

Qualification of PVS for Systematic Design Verification of a Nuclear Shutdown System Mark Lawford

Qualification of PVS for Systematic Design Verification of a Nuclear Shutdown System Mark Lawford &amp; Many Others McMaster Centre for Software Certification (McSCert) McMaster University Hamilton, ON, Canada Dagstuhl Seminar 15182

902 views • 50 slides
The Correctness of a Code Generator for a Functional Language Nathana el Courant September 8,

The Correctness of a Code Generator for a Functional Language Nathana el Courant September 8,

The Correctness of a Code Generator for a Functional Language Nathana el Courant September 8, 2017 Nathana el Courant Verified code generation September 8, 2017 1 / 21 Context PVS: interactive proof assistant Specification language

383 views • 27 slides

More recommend