the role of human creativity in mechanized verification
play

The Role of Human Creativity in Mechanized Verification J Strother - PowerPoint PPT Presentation

Apr 05, 2023 •487 likes •1.41k views

The Role of Human Creativity in Mechanized Verification J Strother Moore Department of Computer Science University of Texas at Austin 1 John McCarthy (Sep 4, 1927 Oct 23, 2011) 2 Contributions Lisp, mathematical semantics for

  1. The Role of Human Creativity in Mechanized Verification J Strother Moore Department of Computer Science University of Texas at Austin 1

  2. John McCarthy (Sep 4, 1927 – Oct 23, 2011) 2

  3. Contributions Lisp, mathematical semantics for programming languages, “Artificial Intelligence,” garbage collection, if-then-else, circumscription for non-monotonic logic, . . . 3

  4. In order for a program to be capable of learning something it must first be capable of being told it. — John McCarthy, “Programs with Common Sense” (aka “The Advice Taker”), 1959 4

  5. Instead of debugging a program, one should prove that it meets its specifications, and this proof should be checked by a computer program. — John McCarthy, “A Basis for a Mathematical Theory of Computation,” 1961 5

  6. The meaning of a program is defined by its effect on the state vector. – John McCarthy, “Towards a Mathematical Science of Computation,” 1962 6

  7. If you’d given this talk in 1981, I would have said ‘What took so long?’ — John McCarthy, after a talk by J Moore on applications of ACL2 in the mid-1990s 7

  8. 8

  9. Delusion Mouse Trap (1876) 9

  10. Royal Number 1 Trap (1879) 10

  11. Hotchkiss 5-hole Choker (1890?) 11

  12. 12

  13. 13

  14. 14

  15. 15

  16. 16

  17. 17

  18. 18

  19. 19

  20. Mathematicians Do It Too Virtually every textbook proof has been cleaned up, sometimes to the point where the original proof (or even the original theorem) is completely absent. 20

  21. Probably every theorem of analysis proved in the 17 th and 18 th centuries was proved again more cleanly and rigorously in the 19 th century using the “epsilon-delta” approach. 21

  22. “The original proof of CRT [the Church–Rosser theorem] was fairly long and very complicated. . . . Newman generalized the universe of discourse . . . . He proved a result similar to CRT by topological arguments. Curry . . . generalized the Newman result . . . . 22

  23. Unfortunately, it turned out that neither the Newman result nor the Curry generalization entailed CRT. . . . This was discovered by Schroer . . . . Schroer derived still further generalizations of the Newman and Curry results, which indeed do entail CRT. . . . Schroer 1965 is 627 typed pages . . . . 23

  24. Chapter 4 of Curry and Feys 1958 is devoted to a proof of CRT for λ -calculus and . . . is not recommended for light reading. . . . Meanwhile a genuine simplification of the proof of CRT had come in sight. See Martin-L¨ of 1972. 24

  25. It is agreed that Martin-L¨ of got some of his ideas from lectures by Tait. An exposition of the proof of CRT according to Tait and Martin-L¨ of appears in Appendix I of Hindley, Lercher and Seldin 1972.” – J.B. Rosser 25

  26. It is (apparently) in our natures to polish our work to make it more beautiful, elegant, and understandable. 26

  27. It is (apparently) in our natures to polish our work to make it more beautiful, elegant, and understandable. This is great if your only concern is the beauty/elegance/clarity of the final product. 27

  28. It is (apparently) in our natures to polish our work to make it more beautiful, elegant, and understandable. This is great if your only concern is the beauty/elegance/clarity of the final product. But it is harmful in our business! 28

  29. Our Business Formal methods research is not about proving hardware and software correct. Formal methods research is about mechanizing creativity . By polishing our results we obscure the problems we’re really trying to solve. 29

  30. A Trivial Example from My Class • (endp x ) — determines if x is empty • (car x ) — first element of x (when x is non-empty) • (cdr x ) — rest of x (when x is non-empty) 30

  31. • (member e x ) — determines whether e occurs as an element of list x • (rm! e x ) — deletes every occurrence of e as a element from x 31

  32. A Student’s Definition (defun set-equal (x y) (if (endp x) (endp y) (and (member (car x) y) (set-equal (rm! (car x) x) (rm! (car x) y)))) This function determines whether x and y have the same elements, ignoring order and duplication. 32

  33. The Student’s Goal Theorem (set-equal (append a a) a) 33

  34. The Student’s Goal Theorem (set-equal (append a a) a) (defun append (x y) (if (endp x) y (cons (car x) (append (cdr x) y)))) 34

  35. The Student’s Goal Theorem (set-equal (append a a) a) Axiom (append x y) = (if (endp x) y (cons (car x) (append (cdr x) y))) 35

  36. The Student’s Goal Theorem (set-equal (append a a) a) Axiom Instance (append a a) = (if (endp a) a (cons (car a) (append (cdr a) a))) 36

  37. We tackled this interactively in class. Here is our more general theorem: (defthm crux (implies (subset b a) (set-equal (append a b) a))) (defthm goal (set-equal (append a a) a)) 37

  38. The Definition of Subset (defun subset (x y) (if (endp x) t (and (member (car x) y) (subset (cdr x) y)))) 38

  39. In class we proved several beautiful and helpful lemmas, e.g., (rm! e (append a b)) = (append (rm! e a) (rm! e b)) But with no time remaining in class our still unproved crux looked like this: 39

  40. (defthm crux (implies (subset b a) (set-equal (append a b) a)) :hints (("Goal" :induct (set-equal a b)) ("Subgoal *1/2’’" :use (:instance subset-rm! (x b) (y a) (e (car a)))) ("Subgoal *1/3’" :expand ((set-equal (append a b) a))))) 40

  41. (defthm crux (implies (subset b a) (set-equal (append a b) a)) :hints (("Goal" :induct (set-equal a b)) ("Subgoal *1/2’’" :use (:instance subset-rm! (x b) (y a) (e (car a)))) ("Subgoal *1/3’" :expand ((set-equal (append a b) a))))) 41

  42. Class ended. I went home. I ate, watched TV, read, showered, slept. I woke up with the alarm and knew I should change my approach in two ways. 42

  43. Insight 1: Redefine subset (defun subset (x y) (if (endp x) t (and (member (car x) y) (subset (cdr x) y)))) 43

  44. Insight 1: Redefine subset (defun subset (x y) (if (endp x) t (and (member (car x) y) (subset (cdr x) y)))) 44

  45. Insight 1: Redefine subset (defun subset (x y) (if (endp x) t (and (member (car x) y) (subset (rm! (car x) x) (rm! (car x) y))))) 45

  46. This is Fair It does not change the goal theorem. The definitional principle is conservative. Subset is not mentioned in the final theorem. So how it is defined doesn’t matter – except to the proof. 46

  47. The Proof Plan (defthm crux (implies (subset b a) (set-equal (append a b) a))) (defthm goal (set-equal (append a a) a)) 47

  48. Redefining Subset is a Good Move (defun subset (x y) (if (endp x) t (and (member (car x) y) (subset (rm! (car x) x) (rm! (car x) y))))) (defun set-equal (x y) (if (endp x) (endp y) (and (member (car x) y) (set-equal (rm! (car x) x) (rm! (car x) y))))) 48

  49. Insight 2: Re-state crux (defthm crux ; Old (implies (subset b a) (set-equal (append a b) a))) 49

  50. Insight 2: Re-state crux (defthm crux ; Old (implies (subset b a) (set-equal (append a b) a))) 50

  51. Insight 2: Re-state crux (defthm crux ; New (implies (subset b a) (set-equal (append b a) a))) 51

  52. The Proof Plan Still “Works” (defthm crux ; New (implies (subset b a) (set-equal (append b a) a))) (defthm goal (set-equal (append a a) a)) 52

  53. But the New Crux is Easier to Prove (defthm crux ; Old (implies (subset b a) (set-equal (append a b) a))) (defthm crux ; New (implies (subset b a) (set-equal (append b a) a))) 53

  54. About Induction To prove φ ( x, y ) by induction on x : Base: (endp x ) → φ ( x, y ) Induction Step: ( ¬ (endp x ) ∧ φ ( x ′ , y ′ )) → φ ( x, y ) where x ′ is “shorter than” x . 54

  55. About Induction To prove φ ( x, y ) by induction on x : Base: (endp x ) → φ ( x, y ) Induction Step: ( ¬ (endp x ) ∧ φ ( x ′ , y ′ )) → φ ( x, y ) where x ′ is “shorter than” x . 55

  56. About Induction To prove φ ( x, y ) by induction on x : Base: (endp x ) → φ ( x, y ) Induction Step: ( ¬ (endp x ) ∧ φ ( x ′ , y ′ )) → φ ( x ′ , y ′ ) where x ′ is “shorter than” x . 56

  57. About Induction To prove φ ( x, y ) by induction on x : Base: (endp x ) → φ ( x, y ) Induction Step: ( ¬ (endp x ) ∧ φ ( x ′ , y ′ )) → φ ( x ′ , y ′ ) where x ′ is “shorter than” x . 57

  58. So the key to proving φ ( x, y ) by induction is finding a φ with the property that it can be rewritten to an instance of itself . 58

  59. Rewrite to an Instance? (defthm crux ; Old (implies (subset b a) (set-equal (append a b) a))) (defthm crux ; New (implies (subset b a) (set-equal (append b a) a))) 59

  60. The Old Crux: Rewrite to an Instance? (implies (subset b a) (set-equal (append a b) a)) 60

  61. The Old Crux: Rewrite to an Instance? (implies (subset b a) (set-equal (append a b) a)) 61

  62. The Old Crux: Rewrite to an Instance? (implies (subset b a) (set-equal (append a b) a)) 62

  63. The Old Crux: Rewrite to an Instance? (implies (subset (rm! (car b) b) (rm! (car b) a)) (set-equal (append a b) a)) 63

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

The Role of Human Creativity in Mechanized Verification J Strother Moore Department of Computer

The Role of Human Creativity in Mechanized Verification J Strother Moore Department of Computer

The Role of Human Creativity in Mechanized Verification J Strother Moore Department of Computer Science University of Texas at Austin 1 2 Delusion Mouse Trap (1876) 3 Royal Number 1 Trap (1879) 4 Hotchkiss 5-hole Choker (1890?) 5 US

1.03k views • 87 slides
Mechanized Verification of Fine-grained Concurrent Programs Ilya Sergey Aleks Nanevski

Mechanized Verification of Fine-grained Concurrent Programs Ilya Sergey Aleks Nanevski

Mechanized Verification of Fine-grained Concurrent Programs Ilya Sergey Aleks Nanevski Anindya Banerjee PLDI 2015 Terminology Coarse-grained Concurrency synchronisation between threads via locks ; Fine-grained

973 views • 72 slides
Infrastructure for Creativity and Innovation Infrastructure for Creativity and Innovation Space,

Infrastructure for Creativity and Innovation Infrastructure for Creativity and Innovation Space,

Infrastructure for Creativity and Innovation Infrastructure for Creativity and Innovation Space, Site and the Built Environment Dr Thomas A. Hutton Centre for Human Settlements University of British Columbia thutton@interchange ubc ca

857 views • 75 slides
CREATIVITY Identifying creativity in music You cannot teach creativity, but you can kill

CREATIVITY Identifying creativity in music You cannot teach creativity, but you can kill

Workshop case study 1: Discussing creativity in music CREATIVITY Identifying creativity in music You cannot teach creativity, but you can kill it and education Rating creativity in music (Evans, F. T, in Tornkvist, 1998, p. 5)

241 views • 3 slides
What is Creativity in Research ? Kevin Byron http://www.vitae.ac.uk/ What is Creativity in

What is Creativity in Research ? Kevin Byron http://www.vitae.ac.uk/ What is Creativity in

Promoting Creativity cultivating the research mindset What is Creativity in Research ? Kevin Byron http://www.vitae.ac.uk/ What is Creativity in Research ? Defining Creativity How Research Progresses Creativity Tools and Techniques

533 views • 17 slides
Mechanized semantics for Clight Sandrine Blaxy, Xavier Leroy Pim Jager - Type Theory and Coq The

Mechanized semantics for Clight Sandrine Blaxy, Xavier Leroy Pim Jager - Type Theory and Coq The

Mechanized semantics for Clight Sandrine Blaxy, Xavier Leroy Pim Jager - Type Theory and Coq The CompCert C project Formally proving a compiler The CompCert project investigates the formal verification of realistic compilers usable

948 views • 26 slides
Explanations for Creativity S H A S H A N K SA H U D E PT. O F P H Y S I C S , I . I .T. K A

Explanations for Creativity S H A S H A N K SA H U D E PT. O F P H Y S I C S , I . I .T. K A

Explanations for Creativity S H A S H A N K SA H U D E PT. O F P H Y S I C S , I . I .T. K A N P U R 8 A P R I L , 2 0 1 3 Define creativity or discovery Model of creativity Theoretical Campbells (1960) BVSR Model

726 views • 25 slides
Chapter 6 Role of capital Role of population growth Role of other production factors:

Chapter 6 Role of capital Role of population growth Role of other production factors:

Introduction Chapter 6 Role of capital Role of population growth Role of other production factors: Human Capital A third proximate determinant Role of world trade of long-run growth: Human Capital Role of productivity

530 views • 8 slides
The Power and Creativity of Editing: The Historic Role of A Magazine of Current Issues, A People's

The Power and Creativity of Editing: The Historic Role of A Magazine of Current Issues, A People's

The Power and Creativity of Editing: The Historic Role of A Magazine of Current Issues, A People's Magazine Creating the History through Its Recording - With the case of Monthly Chosun which won the freedom of speech through the power of facts,

218 views • 10 slides
Creativity and Young Learners Zarina Markova, SWU Creativity as a psychological concept 1 st

Creativity and Young Learners Zarina Markova, SWU Creativity as a psychological concept 1 st

Creativity and Young Learners Zarina Markova, SWU Creativity as a psychological concept 1 st approach: Creativity could only be explained through G (general intelligence). Cyril Burt and Charles Spearman IQ tests focus on/measure

125 views • 9 slides
Mechanized Type Soundness Proofs using Definitional Interpreters Hannes Saffrich University of

Mechanized Type Soundness Proofs using Definitional Interpreters Hannes Saffrich University of

Masters Thesis Mechanized Type Soundness Proofs using Definitional Interpreters Hannes Saffrich University of Freiburg Department of Computer Science Programming Languages Chair September 1, 2019 Hannes Saffrich Mechanized Type

1.03k views • 39 slides
Could creativity be taught and evaluated in a nuclear engineering course? Kevin Fernndez-Cosials

Could creativity be taught and evaluated in a nuclear engineering course? Kevin Fernndez-Cosials

Could creativity be taught and evaluated in a nuclear engineering course? Kevin Fernndez-Cosials Gonzalo Jimnez Index Table of Contents 1. Introduction A. Defining Creativity B. Developing Creativity C. Evaluating Creativity 2.

308 views • 16 slides
Taking the machine seriously. A study of mechanized mathematics Liesbeth De Mol Centre for

Taking the machine seriously. A study of mechanized mathematics Liesbeth De Mol Centre for

Taking the machine seriously. A study of mechanized mathematics L. De Mol Taking the machine seriously. A study of mechanized mathematics Liesbeth De Mol Centre for Logic and Philosophy of Science, Belgium elizabeth.demol@ugent.be

969 views • 57 slides
Arkansas Department of Human Services Introduction to Electronic Visit Verification and Other

Arkansas Department of Human Services Introduction to Electronic Visit Verification and Other

Arkansas Department of Human Services Introduction to Electronic Visit Verification and Other Policy Updates January 15, 2019 Agenda 1. Electronic Visit Verification (EVV) Update a. What is EVV & Why b. What are Arkansass plans for

468 views • 20 slides
The earliest ideas are Money is a creativity motivator II. fluency (total number of responses)

The earliest ideas are Money is a creativity motivator II. fluency (total number of responses)

Uses of a Paperclip Your Kick A** Idea I. You have 30 seconds Times Up II. How many uses of a paperclip can you think of? Workshop III. Write them all down bit.ly/AIGen 1 2 3 Scoring Myths about Creativity Creativity comes from

258 views • 4 slides
Mechanized Formal Analysis for Safety-Critical Systems: The Convergence of Need and Opportunity

Mechanized Formal Analysis for Safety-Critical Systems: The Convergence of Need and Opportunity

Mechanized Formal Analysis for Safety-Critical Systems: The Convergence of Need and Opportunity John Rushby Computer Science Laboratory SRI International Menlo Park, California, USA John Rushby, SRI Mechanized Analysis: 1

433 views • 20 slides
FormArch Formal Software Architecture Development using Eclipse Christiano Braga Alexandre

FormArch Formal Software Architecture Development using Eclipse Christiano Braga Alexandre

FormArch Formal Software Architecture Development using Eclipse Christiano Braga Alexandre Sztajnberg cbraga@ic.uff.br alexszt@ime.uerj.br Universidade Federal Fluminense Universidade Estadual do Rio de Janeiro FormArch p.1/21

541 views • 21 slides
Modal Logics of Ordered Trees Ulle Endriss Department of Computing, Imperial College London

Modal Logics of Ordered Trees Ulle Endriss Department of Computing, Imperial College London

Modal Logics of Ordered Trees British Logic Colloquium 2003 Modal Logics of Ordered Trees Ulle Endriss Department of Computing, Imperial College London Email: ue@doc.ic.ac.uk Ulle Endriss, Imperial College London 1 Modal Logics of Ordered

398 views • 12 slides
Tool Interoperability in the Maude Formal Environment e M. an 1 Camilo Rocha 2 Alvarez 1

Tool Interoperability in the Maude Formal Environment e M. an 1 Camilo Rocha 2 Alvarez 1

Tool Interoperability in the Maude Formal Environment e M. an 1 Camilo Rocha 2 Alvarez 1 Francisco Dur Jos 1 Universidad de M alaga 2 University of Illinois at Urbana-Champaign 4th Conference on Algebra and Coalgebra in Computer

413 views • 37 slides
Logic and Computation Zena M. Ariola University Of Oregon Outline of Lectures Lecture 1:

Logic and Computation Zena M. Ariola University Of Oregon Outline of Lectures Lecture 1:

Logic and Computation Zena M. Ariola University Of Oregon Outline of Lectures Lecture 1: - calculus Minimal Propositional Logic and simply typed - calculus as deduction system and as a computation engine

522 views • 40 slides
Nrbox System Description for CoCo 2016 Takahito Aoto (Niigata University) Kentaro Kikuchi

Nrbox System Description for CoCo 2016 Takahito Aoto (Niigata University) Kentaro Kikuchi

Nrbox System Description for CoCo 2016 Takahito Aoto (Niigata University) Kentaro Kikuchi (Tohoku University) nrbox : n ominal r ewriting tool box Confluence Tool for Nominal Rewriting Systems Written in SML/NJ, about 4500 loc

682 views • 7 slides
Central Problems of Equational Reasoning 22.06.2010 Theory 1 - Foundation of Programming

Central Problems of Equational Reasoning 22.06.2010 Theory 1 - Foundation of Programming

15 Foundation of Programming Languages and Software Engineering: The Word Problem The Word Problem Summer Term 2010 Robert Elssser Robert Elssser Central Problems of Equational Reasoning 22.06.2010 Theory 1 - Foundation of Programming

873 views • 24 slides
Canonical Multi-Target Toffoli Circuits Hans-J org Kreowski, Sabine Kuske and Aaron Lye

Canonical Multi-Target Toffoli Circuits Hans-J org Kreowski, Sabine Kuske and Aaron Lye

Canonical Multi-Target Toffoli Circuits Hans-J org Kreowski, Sabine Kuske and Aaron Lye University of Bremen, Department of Computer Science P.O.Box 33 04 40, 28334 Bremen, Germany { kreo,kuske,lye } @informatik.uni-bremen.de 18.03.2016 10th

729 views • 31 slides
Formal Topology and the Correctness of a Haskell Program for Untyped Normalization by Evaluation

Formal Topology and the Correctness of a Haskell Program for Untyped Normalization by Evaluation

Formal Topology and the Correctness of a Haskell Program for Untyped Normalization by Evaluation Peter Dybjer Chalmers University, G oteborg (based on joint work with Denis Kuperberg, ENS Lyon) Aarhus 24 October, 2007 Aarhus, Oct 2007

320 views • 30 slides

More recommend