testing a saturation based theorem prover experiences and
play

Testing a Saturation-Based Theorem Prover: Experiences and - PowerPoint PPT Presentation

Nov 05, 2022 •223 likes •947 views

Testing a Saturation-Based Theorem Prover: Experiences and Challenges Giles Reger 1 , Martin Suda 2 , and Andrei Voronkov 1 , 2 1 School of Computer Science, University of Manchester, UK 2 TU Wien, Vienna, Austria TAP 2017 Marburg, July 19,

  1. Testing a Saturation-Based Theorem Prover: Experiences and Challenges Giles Reger 1 , Martin Suda 2 , and Andrei Voronkov 1 , 2 1 School of Computer Science, University of Manchester, UK 2 TU Wien, Vienna, Austria TAP 2017 – Marburg, July 19, 2017 1/16

  2. Introduction First-order Automatic Theorem Proving: a well-established discipline of automated deduction main approach: refutational, saturation-based proving example systems: E, SPASS, Vampire 1/16

  3. Introduction First-order Automatic Theorem Proving: a well-established discipline of automated deduction main approach: refutational, saturation-based proving example systems: E, SPASS, Vampire Often used in larger projects and systems as black boxes e.g., program verification, static analysis, interpolation, . . . 1/16

  4. Introduction First-order Automatic Theorem Proving: a well-established discipline of automated deduction main approach: refutational, saturation-based proving example systems: E, SPASS, Vampire Often used in larger projects and systems as black boxes e.g., program verification, static analysis, interpolation, . . . ➥ Importance of ensuring correctness 1/16

  5. Introduction First-order Automatic Theorem Proving: a well-established discipline of automated deduction main approach: refutational, saturation-based proving example systems: E, SPASS, Vampire Often used in larger projects and systems as black boxes e.g., program verification, static analysis, interpolation, . . . ➥ Importance of ensuring correctness How are we doing? 1/16

  6. Introduction First-order Automatic Theorem Proving: a well-established discipline of automated deduction main approach: refutational, saturation-based proving example systems: E, SPASS, Vampire Often used in larger projects and systems as black boxes e.g., program verification, static analysis, interpolation, . . . ➥ Importance of ensuring correctness How are we doing? CASC competition: preliminary period for testing soundness 1/16

  7. Introduction First-order Automatic Theorem Proving: a well-established discipline of automated deduction main approach: refutational, saturation-based proving example systems: E, SPASS, Vampire Often used in larger projects and systems as black boxes e.g., program verification, static analysis, interpolation, . . . ➥ Importance of ensuring correctness How are we doing? CASC competition: preliminary period for testing soundness SMT-COMP 2016: 79 answers classified as incorrect 1/16

  8. Our Prover Vampire Automatic Theorem Prover for first-order logic and theories 2/16

  9. Our Prover Vampire Automatic Theorem Prover for first-order logic and theories regular winner of the main divisions of the CASC competition since 2016, also a successful participant of SMT-COMP 2/16

  10. Our Prover Vampire Automatic Theorem Prover for first-order logic and theories regular winner of the main divisions of the CASC competition since 2016, also a successful participant of SMT-COMP Quite complex piece of software ( ≈ 194000 lines of C++) ➥ easy to introduce incorrectness when adding a new feature 2/16

  11. Outline What Does Correctness Means for Us 1 Detecting and Investigating Bugs 2 Challenges 3 Conclusion 4 3/16

  12. Theorem proving basics Standard form of the input: F := ( Axiom 1 ∧ . . . ∧ Axiom n ) → Conjecture 4/16

  13. Theorem proving basics Standard form of the input: F := ( Axiom 1 ∧ . . . ∧ Axiom n ) → Conjecture 1 Negate F (to seek a refutation): ¬ F := Axiom 1 ∧ . . . ∧ Axiom n ∧ ¬ Conjecture 4/16

  14. Theorem proving basics Standard form of the input: F := ( Axiom 1 ∧ . . . ∧ Axiom n ) → Conjecture 1 Negate F (to seek a refutation): ¬ F := Axiom 1 ∧ . . . ∧ Axiom n ∧ ¬ Conjecture 2 Preprocess and transform ¬ F to a normal form S := { C 1 , . . . , C n } 4/16

  15. Theorem proving basics Standard form of the input: F := ( Axiom 1 ∧ . . . ∧ Axiom n ) → Conjecture 1 Negate F (to seek a refutation): ¬ F := Axiom 1 ∧ . . . ∧ Axiom n ∧ ¬ Conjecture 2 Preprocess and transform ¬ F to a normal form S := { C 1 , . . . , C n } 3 saturate S with respect to an inference system I 4/16

  16. Theorem proving basics Standard form of the input: F := ( Axiom 1 ∧ . . . ∧ Axiom n ) → Conjecture 1 Negate F (to seek a refutation): ¬ F := Axiom 1 ∧ . . . ∧ Axiom n ∧ ¬ Conjecture 2 Preprocess and transform ¬ F to a normal form S := { C 1 , . . . , C n } 3 saturate S with respect to an inference system I C 1 ∨ P C 2 ∨ ¬ P Example inference rule: C 1 ∨ C 2 4/16

  17. The Saturation Process Saturation = fixed-point (closure) computation 5/16

  18. The Saturation Process Saturation = fixed-point (closure) computation Does the final set S contain false ? 5/16

  19. The Saturation Process Saturation = fixed-point (closure) computation Does the final set S contain false ? Basic properties: 5/16

  20. The Saturation Process Saturation = fixed-point (closure) computation Does the final set S contain false ? Basic properties: explosive in nature 5/16

  21. The Saturation Process Saturation = fixed-point (closure) computation Does the final set S contain false ? Basic properties: explosive in nature may not terminate 5/16

  22. The Saturation Process Saturation = fixed-point (closure) computation Does the final set S contain false ? Basic properties: explosive in nature may not terminate various tricks to mitigate the explosion 5/16

  23. Possible Answers: Theorem (together with a proof) if the input F is logically valid 6/16

  24. Possible Answers: Theorem (together with a proof) if the input F is logically valid Non-theorem if F is invalid (there is a counter-example) 6/16

  25. Possible Answers: Theorem (together with a proof) if the input F is logically valid Non-theorem if F is invalid (there is a counter-example) relies on a completeness argument 6/16

  26. Possible Answers: Theorem (together with a proof) if the input F is logically valid Non-theorem if F is invalid (there is a counter-example) relies on a completeness argument Unknown 6/16

  27. Possible Answers: Theorem (together with a proof) if the input F is logically valid Non-theorem if F is invalid (there is a counter-example) relies on a completeness argument Unknown time limit / memory limit 1 6/16

  28. Possible Answers: Theorem (together with a proof) if the input F is logically valid Non-theorem if F is invalid (there is a counter-example) relies on a completeness argument Unknown time limit / memory limit 1 incomplete strategy failed 2 6/16

  29. Different Ways of Being Incorrect unsoundness: Reports Theorem for an invalid F . (Derives false for a satisfiable S .) 7/16

  30. Different Ways of Being Incorrect unsoundness: Reports Theorem for an invalid F . (Derives false for a satisfiable S .) Check the proof and see what went wrong. 7/16

  31. Different Ways of Being Incorrect unsoundness: Reports Theorem for an invalid F . (Derives false for a satisfiable S .) Check the proof and see what went wrong. completeness issue: Reports Non-theorem for a valid F . (Finitely saturates unsat. S without deriving false .) 7/16

  32. Different Ways of Being Incorrect unsoundness: Reports Theorem for an invalid F . (Derives false for a satisfiable S .) Check the proof and see what went wrong. completeness issue: Reports Non-theorem for a valid F . (Finitely saturates unsat. S without deriving false .) Should have said Unknown here! 7/16

  33. Different Ways of Being Incorrect unsoundness: Reports Theorem for an invalid F . (Derives false for a satisfiable S .) Check the proof and see what went wrong. completeness issue: Reports Non-theorem for a valid F . (Finitely saturates unsat. S without deriving false .) Should have said Unknown here! fairness issue: Prover runs indefinitely, while a proof exists. (Violation of fairness criteria in saturation.) 7/16

  34. Different Ways of Being Incorrect unsoundness: Reports Theorem for an invalid F . (Derives false for a satisfiable S .) Check the proof and see what went wrong. completeness issue: Reports Non-theorem for a valid F . (Finitely saturates unsat. S without deriving false .) Should have said Unknown here! fairness issue: Prover runs indefinitely, while a proof exists. (Violation of fairness criteria in saturation.) never (strictly) violated after finitely many steps 7/16

  35. Violating the Contract of Proper Behaviour General error conditions shared by any other program: program crash E.g., 8/16

  36. Violating the Contract of Proper Behaviour General error conditions shared by any other program: program crash E.g., unhandled exceptions 8/16

  37. Violating the Contract of Proper Behaviour General error conditions shared by any other program: program crash E.g., unhandled exceptions signal interrupts (SIGFPE, SIGSEG) 8/16

  38. Violating the Contract of Proper Behaviour General error conditions shared by any other program: program crash E.g., unhandled exceptions signal interrupts (SIGFPE, SIGSEG) assertion violation defensive development via assertions around 2500 assertions in total; (one per 77 lines on average) potential errors detected early on 8/16

  39. Outline What Does Correctness Means for Us 1 Detecting and Investigating Bugs 2 Challenges 3 Conclusion 4 9/16

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

AUTO2, a saturation-based heuristic prover for higher-order logic Bohua Zhan Massachusetts

AUTO2, a saturation-based heuristic prover for higher-order logic Bohua Zhan Massachusetts

AUTO2, a saturation-based heuristic prover for higher-order logic Bohua Zhan Massachusetts Institute of Technology bzhan@mit.edu August 23, 2016 Bohua Zhan (MIT) AUTO2, a saturation-based heuristic prover August 23, 2016 1 / 27 Table of

860 views • 71 slides
Saturation-based Theorem Proving and ML Course Machine Learning and Reasoning 2020 MLR 2020 1 1

Saturation-based Theorem Proving and ML Course Machine Learning and Reasoning 2020 MLR 2020 1 1

First-order Logic and Theorem Proving Saturation-based Proving Further Tuning and the Role of Strategies Summary Saturation-based Theorem Proving and ML Course Machine Learning and Reasoning 2020 MLR 2020 1 1 Czech Technical Univeristy in

913 views • 64 slides
1 What is a Theorem Prover? What is a Theorem? Theorem: A formalizable statement which is

1 What is a Theorem Prover? What is a Theorem? Theorem: A formalizable statement which is

Prerequisites Course 2D1453, 2006-07 Undergraduate logic and discrete maths CS literacy Advanced Formal Methods Some functional programming experience useful The theorem prover Isabelle is programming in SML Some SML

644 views • 4 slides
Meditation for a Theorem Prover Reasoning and Consciousness Teaching a Theorem Prover to let

Meditation for a Theorem Prover Reasoning and Consciousness Teaching a Theorem Prover to let

Meditation for a Theorem Prover Reasoning and Consciousness Teaching a Theorem Prover to let its Mind Wander Ulrich Furbach Claudia Schon Univ. Koblenz - DFG Project Cognitive Reasoning Reasoning and Consciousness Teaching a

715 views • 55 slides
A Self-Verifying Theorem Prover Jared Davis (advertisement by J Strother Moore)

A Self-Verifying Theorem Prover Jared Davis (advertisement by J Strother Moore)

A Self-Verifying Theorem Prover Jared Davis (advertisement by J Strother Moore) Department of Computer Sciences University of Texas at Austin September 18, 2009 1 Theorem Prover ? Yes Proof Checker Yes No 2 Rules of

693 views • 40 slides
CML Theorem Prover Simon Foster 2nd Review Brussels, 21 November, 2013 Deliverable: D33.2 (m24)

CML Theorem Prover Simon Foster 2nd Review Brussels, 21 November, 2013 Deliverable: D33.2 (m24)

CML Theorem Prover Simon Foster 2nd Review Brussels, 21 November, 2013 Deliverable: D33.2 (m24) www.compass-research.eu Theorem Prover Usage CML specifications to be verified by the COMPASS tool type-checking alone is insufficient to

311 views • 8 slides
A Parallelized Theorem Prover for Interactive Theorem Proving David L. Rager, Warren A. Hunt Jr.,

A Parallelized Theorem Prover for Interactive Theorem Proving David L. Rager, Warren A. Hunt Jr.,

Introduction Parallelism Primitives Parallelizing ACL2 Evaluate Approach Conclusion A Parallelized Theorem Prover for Interactive Theorem Proving David L. Rager, Warren A. Hunt Jr., and Matt Kaufmann ragerdl@defthm.com, hunt@cs.utexas.edu,

835 views • 59 slides
Automation and Computation in the Lean Theorem Prover Robert Y. Lewis 1 Leonardo de Moura 2 1

Automation and Computation in the Lean Theorem Prover Robert Y. Lewis 1 Leonardo de Moura 2 1

Automation and Computation in the Lean Theorem Prover Robert Y. Lewis 1 Leonardo de Moura 2 1 Carnegie Mellon University 2 Microsoft Research, Redmond April 6, 2016 Goals for this talk Introduce Lean: a new proof assistant based on dependent

673 views • 39 slides
F Martin Mhrmann Agenda Introduction Heuristics for saturating theorem proving

F Martin Mhrmann Agenda Introduction Heuristics for saturating theorem proving

Performance of Clause Selection Heuristics for Saturation-Based Theorem Proving Stephan Schulz R O O P F Martin Mhrmann Agenda Introduction Heuristics for saturating theorem proving Saturation with the given-clause algorithm

1.14k views • 39 slides
SMAC and XGBoost your Theorem Prover Edvard K. Holden Konstantin Korovin The University of

SMAC and XGBoost your Theorem Prover Edvard K. Holden Konstantin Korovin The University of

SMAC and XGBoost your Theorem Prover Edvard K. Holden Konstantin Korovin The University of Manchester 1 Theorem Proving in First-Order Logic Proof Axioms + Conjecture iProver | Counter model | Timeout 2 Heuristics - The Key to Success

1.03k views • 26 slides
Lean Theorem Prover Tom van Bussel June 14, 2017 Goals It aims to bridge the gap between

Lean Theorem Prover Tom van Bussel June 14, 2017 Goals It aims to bridge the gap between

Lean Theorem Prover Tom van Bussel June 14, 2017 Goals It aims to bridge the gap between interactive and automated theorem proving, by situating automated tools and methods in a framework that supports user interaction and the construction

324 views • 21 slides
Hygienic Macros for the ACL2 Theorem Prover Carl Eastlund Matthias Felleisen cce@ccs.neu.edu

Hygienic Macros for the ACL2 Theorem Prover Carl Eastlund Matthias Felleisen cce@ccs.neu.edu

Hygienic Macros for the ACL2 Theorem Prover Carl Eastlund Matthias Felleisen cce@ccs.neu.edu matthias@ccs.neu.edu Northeastern University Boston, MA, USA 1 The ACL2 Theorem Prover 2 (defun double (x) (+ x x)) (defun map-double (lst) (if

898 views • 52 slides
Clause Features for Theorem Prover Guidance uv 1 Josef Urban 1 Jan Jakub AITP19, Obergurgl,

Clause Features for Theorem Prover Guidance uv 1 Josef Urban 1 Jan Jakub AITP19, Obergurgl,

Clause Features for Theorem Prover Guidance uv 1 Josef Urban 1 Jan Jakub AITP19, Obergurgl, Austria, April 2019 1 Czech Technical University in Prague, Czech Republic Jan Jakub uv, Josef Urban Clause Features for Theorem Prover Guidance

589 views • 35 slides
Haskell: Compiler as Theorem-Prover Greg Price ( price ) 2007 Nov 19 code samples:

Haskell: Compiler as Theorem-Prover Greg Price ( price ) 2007 Nov 19 code samples:

Haskell: Compiler as Theorem-Prover Greg Price ( price ) 2007 Nov 19 code samples: http://cluedumps.mit.edu/wiki/2007/11-19 Greg Price ( price ) () Haskell: Compiler as Theorem-Prover 2007 Nov 19 1 / 26 Software Transactional Memory 1

869 views • 48 slides
The Abella Interactive Theorem Prover (System Description) Andrew Gacek Department of Computer

The Abella Interactive Theorem Prover (System Description) Andrew Gacek Department of Computer

The Abella Interactive Theorem Prover (System Description) Andrew Gacek Department of Computer Science and Engineering University of Minnesota IJCAR 08 August 12, 2008 Characteristics of the Abella System Abella is a theorem proving

794 views • 40 slides
Tableau Theorem Prover for Intuitionistic Propositional Logic Larry Diehl Portland State

Tableau Theorem Prover for Intuitionistic Propositional Logic Larry Diehl Portland State

Tableau Theorem Prover for Intuitionistic Propositional Logic Larry Diehl Portland State University CS 510 - Mathematical Logic and Programming Languages Larry Diehl Tableau Theorem Prover for Intuitionistic Propositional Logic Motivation

357 views • 22 slides
2020 Census Program Management Review Decennial Census Programs U.S. Census Bureau April 20,

2020 Census Program Management Review Decennial Census Programs U.S. Census Bureau April 20,

2020 Census Program Management Review Decennial Census Programs U.S. Census Bureau April 20, 2018 Welcome Albert E. Fontenot Jr. Associate Director Decennial Census Programs 2 Welcome Housekeeping Items Meeting is being broadcast via

1.57k views • 144 slides
Web Application Penetration By: Frank Coburn & Haris Mahboob Testing Take Aways Overview

Web Application Penetration By: Frank Coburn & Haris Mahboob Testing Take Aways Overview

Web Application Penetration By: Frank Coburn & Haris Mahboob Testing Take Aways Overview of the web Web proxy tool Reporting Gaps in the process app penetration testing process Penetration testing vs vulnerability assessment What

301 views • 17 slides
Addressing the Testing Challenge with a Web-Based E-Assessment System that Tutors as it Assesses

Addressing the Testing Challenge with a Web-Based E-Assessment System that Tutors as it Assesses

Addressing the Testing Challenge with a Web-Based E-Assessment System that Tutors as it Assesses Mingyu Feng, Worcester Polytechnic Institute (WPI) Neil T. Heffernan, Worcester Polytechnic Institute (WPI) Kenneth R. Koedinger, Carnegie Mellon

333 views • 29 slides
New Challenges In Certification For Aircraft Software John Rushby Computer Science Laboratory

New Challenges In Certification For Aircraft Software John Rushby Computer Science Laboratory

New Challenges In Certification For Aircraft Software John Rushby Computer Science Laboratory SRI International Menlo Park CA USA John Rushby, SR I Aircraft Software Certification 1 Overview The basics of aircraft certification The

430 views • 32 slides
Data Mining with Weka Class 2 Lesson 1 Be a classifier! Ian H. Witten Department of Computer

Data Mining with Weka Class 2 Lesson 1 Be a classifier! Ian H. Witten Department of Computer

Data Mining with Weka Class 2 Lesson 1 Be a classifier! Ian H. Witten Department of Computer Science University of Waikato New Zealand weka.waikato.ac.nz Lesson 2.1: Be a classifier! Class 1 Getting started with Weka Lesson 2.1 Be a classifier!

353 views • 33 slides
CHALLENGES IN INFERRING INTERNET CONGESTION USING THROUGHPUT TESTS Amogh Dhamdhere

CHALLENGES IN INFERRING INTERNET CONGESTION USING THROUGHPUT TESTS Amogh Dhamdhere

CHALLENGES IN INFERRING INTERNET CONGESTION USING THROUGHPUT TESTS Amogh Dhamdhere amogh@caida.org with Srikanth Sundaresan (Princeton) Danny Lee (Georgia Tech) Xiaohong Deng, Yun Feng (UNSW) 1 w w w . cai da. or In the Press

570 views • 54 slides
The Role of Testbeds in Cyber Security Research CSET Washington, DC August 9, 2010 Douglas

The Role of Testbeds in Cyber Security Research CSET Washington, DC August 9, 2010 Douglas

Dept. of Homeland Security Science & Technology Directorate The Role of Testbeds in Cyber Security Research CSET Washington, DC August 9, 2010 Douglas Maughan, Ph.D. Branch Chief / Program Mgr. douglas.maughan@dhs.gov 202-254-6145 /

369 views • 34 slides
The Algonauts Project: Challenge 2019 Radoslaw Martin Cichy, Gemma Roig, Alex Andonian, Kshitij

The Algonauts Project: Challenge 2019 Radoslaw Martin Cichy, Gemma Roig, Alex Andonian, Kshitij

The Algonauts Project: Challenge 2019 Radoslaw Martin Cichy, Gemma Roig, Alex Andonian, Kshitij Dwivedi, Benjamin Lahner, Alex Lascelles, Yalda Mohsenzadeh, Kandan Ramakrishnan, Aude Oliva Interaction Artificial Natural Intelligence High

1.98k views • 22 slides

More recommend