towards a new type of prover on the benefits of
play

Towards A New Type of Prover: On the Benefits of Discovering - PowerPoint PPT Presentation

Jul 24, 2023 •412 likes •803 views

Towards A New Type of Prover: On the Benefits of Discovering Sequences of Related Proofs David M. Cerna April 10 th , 2019 slide 1/29 State of this work Disclaimer: This investigation is in a very early stage. Essentially, we have

  1. Towards A New Type of Prover: On the Benefits of Discovering Sequences of “Related” Proofs David M. Cerna April 10 th , 2019 slide 1/29

  2. State of this work ◮ Disclaimer: This investigation is in a very early stage. ◮ Essentially, we have just started looking for promising ways to circumvent a fundamental issue concerning the instance generalization prover VIPER. ◮ The instance proofs need to be “related” and/or “uniform”. ◮ For some proof sequences this comes naturally. ◮ For most it is anything but natural. ◮ In this talk we ◮ Introduce the method, ◮ Discuss its capabilities, and ◮ Discuss characterizations of relatedness. slide 2/29

  3. Induction: The Difficultly of Generalization ◮ Inductive theorem proving: find a pattern which follows from the provided axioms and can be used to prove any instance of the goal statement. ◮ This patterns is usually referred to as the induction invariant. ◮ As many here will probably know, invariant discovery is in general undecidable. ◮ Their exists weak theories of arithmetic where this problem is actually decidable, i.e. Pressburger arithmetic and [Aravantinos et al. , 2013]. slide 3/29

  4. Existing Methods ◮ There are many different approaches to invariant discovery, we will only name a few: ◮ Loop-Discovery Provers [ Aravantinos et al. , 2011 ] ◮ Lemma Generation and testing [Claessen et al. , 2013 ] ◮ Rippling [Bundy et al. , 2005] ◮ Superposition based methods [Cruanes, 2015] ◮ Cycle discovery [Brotherston, 2012] ◮ and Instance proof generalization [Pearson, 1995] [Eberhard and Hetzl, 2015] ◮ This last approach will be the focus of this talk. slide 4/29

  5. Background: Gentzen’s Sequent Calculus ◮ The sequent calculus applies inferences to objects referred to as sequents ∆ ⊢ Π, where ∆ and Π are multisets of well-formed formula. Chaining inferences forms proof trees. ◮ Semantically a sequent means given ∆ we may derive Π . ◮ Note that, this interpretation implies that ∆ is essentially a conjunction of formula and Π is a disjunction. ◮ The sequent calculus Inferences are as follows: Axiom Inferences Ax A ⊢ A slide 5/29

  6. Gentzen’s Sequent Calculus Structural Inferences Γ ⊢ ∆ Γ ⊢ ∆ w:r w:l D , Γ ⊢ ∆ Γ ⊢ ∆ , D D , D , Γ ⊢ ∆ c:l Γ ⊢ ∆ , D , D c:r D , Γ ⊢ ∆ Γ ⊢ ∆ , D C , Γ ′ ⊢ ∆ ′ Γ ⊢ ∆ , C cut Γ , Γ ′ ⊢ ∆ , ∆ ′ slide 6/29

  7. Gentzen’s Sequent Calculus Logical Inferences Γ ⊢ ∆ , D D , Γ ⊢ ∆ C , Γ ⊢ ∆ ¬ :r ¬ :l ∧ :l ¬ D , Γ ⊢ ∆ Γ ⊢ ∆ , ¬ D C ∧ D , Γ ⊢ ∆ D , Γ ⊢ ∆ Γ ⊢ ∆ , C Γ ⊢ ∆ , D ∧ :l ∨ :r ∨ :r C ∧ D , Γ ⊢ ∆ Γ ⊢ ∆ , C ∨ D Γ ⊢ ∆ , C ∨ D Γ ⊢ ∆ , C Γ ⊢ ∆ , D ∧ :r C , Γ ⊢ ∆ D , Γ ⊢ ∆ ∨ :l Γ ⊢ ∆ , C ∧ D C ∨ D , Γ ⊢ ∆ C , Γ ⊢ ∆ , D Γ ⊢ ∆ , C D , Γ ⊢ ∆ → :l → :r Γ ⊢ ∆ , C → D C → D , Γ ⊢ ∆ slide 7/29

  8. Gentzen’s Sequent Calculus Quantifier Inferences Γ ⊢ ∆ , F ( α ) F ( t ) , Γ ⊢ ∆ ∀ :r ∀ :l Γ ⊢ ∆ , ∀ xF ( x ) ∀ xF ( x ) , Γ ⊢ ∆ Γ ⊢ ∆ , F ( t ) F ( α ) , Γ ⊢ ∆ ∃ :r ∃ :l Γ ⊢ ∆ , ∃ xF ( x ) ∃ xF ( x ) , Γ ⊢ ∆ ◮ Note that for ∃ : l and ∀ : r α may not occur in Γ or ∆. These rules are referred to as Strong quantification, i.e. require an eigenvariable, the other rules are referred to as Weak. slide 8/29

  9. Gentzen’s Sequent Calculus Quantifier Inferences Γ ⊢ ∆ , F ( α ) F ( t ) , Γ ⊢ ∆ ∀ :r ∀ :l Γ ⊢ ∆ , ∀ xF ( x ) ∀ xF ( x ) , Γ ⊢ ∆ Γ ⊢ ∆ , F ( t ) F ( α ) , Γ ⊢ ∆ ∃ :r ∃ :l Γ ⊢ ∆ , ∃ xF ( x ) ∃ xF ( x ) , Γ ⊢ ∆ ◮ Note that for ∃ : l and ∀ : r α may not occur in Γ or ∆. These rules are referred to as Strong quantification, i.e. require an eigenvariable, the other rules are referred to as Weak. Equational Axioms Re P = ⊢ x = x x 1 = y 1 , · · · , x n = y n , P ( x 1 , · · · , x n ) ⊢ P ( y 1 , · · · , y n ) f = x 1 = y 1 , · · · , x n = y n ⊢ f ( x 1 , · · · , x n ) = f ( y 1 , · · · , y n ) slide 8/29

  10. Example Sequent Proof with Cut ◮ Green sequents represent cuts. slide 9/29

  11. Example Sequent Proof without Cut ◮ Cannot eliminate atomic equational cuts. slide 10/29

  12. Example Sequent Proof with Cut Sun Burst slide 11/29

  13. Example Sequent Proof without Cut Sun Burst slide 12/29

  14. Induction and the LK-calculus ◮ The theory of Peano arithmetic may by formalized as a theory extension of the LK-calculus with equality. ◮ Other than the axioms for successor, addition, and multiplication, one needs to add the following inference: Π ⊢ ∆ , ϕ (0) Π , ϕ ( α ) ⊢ ∆ , ϕ ( s ( α )) IND Π ⊢ ∆ , ϕ ( β ) ◮ Alternatively one could consider adding the ω -rule which requires a proof of each instance of the main formula: Π ⊢ ∆ , ϕ ( n ) ∀ n ∈ N ω Π ⊢ ∆ , ϕ ( β ) ◮ Without restrictions, the ω -rule is seemingly useless for practical cases. slide 13/29

  15. Finitely describable sequences ◮ Fortunately, the primitive recursive ω -rule [J. Shoenfield 1959] is expressive enough to prove totality of all functions provably total in Peano arithmetic. ◮ Great a useful ω -rule, but how does one develop a finite description of a proof sequence? ◮ Maybe a little more specific, what can we do with ϕ (0) , · · · , ϕ ( n ) for n < ∞ ? ◮ This is the topic of “Inductive theorem proving based on tree grammars” by S. Eberhard and S. Hetzl (2015). slide 14/29

  16. Cut-freeness and the Herbrand Instances ◮ Not just any ϕ (0) , · · · , ϕ ( n ) will do, we need the proofs to have particular properties. slide 15/29

  17. Cut-freeness and the Herbrand Instances ◮ Not just any ϕ (0) , · · · , ϕ ( n ) will do, we need the proofs to have particular properties. ◮ They should be proofs of the same statement. slide 15/29

  18. Cut-freeness and the Herbrand Instances ◮ Not just any ϕ (0) , · · · , ϕ ( n ) will do, we need the proofs to have particular properties. ◮ They should be proofs of the same statement. ◮ They should also be cut-free. ◮ Cut-free proofs, other than being Massive and being produced by theorem provers have particular properties. slide 15/29

  19. Cut-freeness and the Herbrand Instances ◮ Not just any ϕ (0) , · · · , ϕ ( n ) will do, we need the proofs to have particular properties. ◮ They should be proofs of the same statement. ◮ They should also be cut-free. ◮ Cut-free proofs, other than being Massive and being produced by theorem provers have particular properties. Theorem (Mid-Sequent Theorem) Let S be a sequent of prenex formulas then there exists a cut-free proof π of S s.t. π contains a sequent S ′ s.t. ◮ S ′ is quantifier free. ◮ Every inference above S ′ is structural or propositional. ◮ Every inference below S ′ is structural or a quantifier inference. slide 15/29

  20. Cut-freeness and the Herbrand Instances ◮ Not just any ϕ (0) , · · · , ϕ ( n ) will do, we need the proofs to have particular properties. ◮ They should be proofs of the same statement. ◮ They should also be cut-free. ◮ Cut-free proofs, other than being Massive and being produced by theorem provers have particular properties. Theorem (Mid-Sequent Theorem) Let S be a sequent of prenex formulas then there exists a cut-free proof π of S s.t. π contains a sequent S ′ s.t. ◮ S ′ is quantifier free. ◮ Every inference above S ′ is structural or propositional. ◮ Every inference below S ′ is structural or a quantifier inference. ◮ What if we limit S to a sequent only containing weak quantification. slide 15/29

  21. Cut-freeness and the Herbrand Instances ◮ No strong quantification means no eigenvariables and thus all terms are existential witnesses. ◮ Collecting those witnesses gives us Herbrand’s Theorem slide 16/29

  22. Cut-freeness and the Herbrand Instances ◮ No strong quantification means no eigenvariables and thus all terms are existential witnesses. ◮ Collecting those witnesses gives us Herbrand’s Theorem Theorem (Herbrand’s Theorem) Let S be a sequent of the form ∀ ¯ x ϕ (¯ x ) ⊢ ∃ ¯ x ψ (¯ x ) . S is valid if and only if there exists a sequence of term vectors ¯ t 1 , · · · , ¯ t n s.t. k k � � ϕ (¯ ψ (¯ t i ) ⊢ t i ) i =0 i =0 is valid. slide 16/29

  23. Cut-freeness and the Herbrand Instances ◮ No strong quantification means no eigenvariables and thus all terms are existential witnesses. ◮ Collecting those witnesses gives us Herbrand’s Theorem Theorem (Herbrand’s Theorem) Let S be a sequent of the form ∀ ¯ x ϕ (¯ x ) ⊢ ∃ ¯ x ψ (¯ x ) . S is valid if and only if there exists a sequence of term vectors ¯ t 1 , · · · , ¯ t n s.t. k k � � ϕ (¯ ψ (¯ t i ) ⊢ t i ) i =0 i =0 is valid. ◮ Cut-free (weakly quantified end sequent) = ⇒ weak mid-sequent = ⇒ Herbrand instances. slide 16/29

  24. Using First-Order Instance Proofs ◮ Let ϕ ( β ) be quantifier-free, ∆ only contains weakly quantified formula, and ∆ ⊢ ϕ ( β ) the main sequent of a sound application of the ω -rule. ◮ Furthermore, each of the instance proofs ϕ ( n ) for n ∈ N is provable without induction. ◮ We can ask a first-order theorem prover for a proof π n of ϕ ( n ). ◮ Each π n is cut-free (atomic cuts don’t count) and thus the Herbrand instances H n may be extracted. ◮ At this point we can build a tree grammar G n whose language is precisely H n . ◮ Notice that G n is specific to a particular π n . slide 17/29

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

CatLog: A Categorial Parser/Theorem-Prover 1 Glyn Morrill Departament de LSI Universitat Polit`

CatLog: A Categorial Parser/Theorem-Prover 1 Glyn Morrill Departament de LSI Universitat Polit`

CatLog: A Categorial Parser/Theorem-Prover 1 Glyn Morrill Departament de LSI Universitat Polit` ecnica de Catalunya Type Dependency, Type Theory with Records, and Natural-Language Flexibility, London, QMUL June 16th17th 2011 1 The

910 views • 65 slides
CML Theorem Prover Simon Foster 2nd Review Brussels, 21 November, 2013 Deliverable: D33.2 (m24)

CML Theorem Prover Simon Foster 2nd Review Brussels, 21 November, 2013 Deliverable: D33.2 (m24)

CML Theorem Prover Simon Foster 2nd Review Brussels, 21 November, 2013 Deliverable: D33.2 (m24) www.compass-research.eu Theorem Prover Usage CML specifications to be verified by the COMPASS tool type-checking alone is insufficient to

311 views • 8 slides
Two-prover entangled games are NP hard Anand Natarajan (MIT) Thomas Vidick (Caltech)

Two-prover entangled games are NP hard Anand Natarajan (MIT) Thomas Vidick (Caltech)

Two-prover entangled games are NP hard Anand Natarajan (MIT) Thomas Vidick (Caltech) arXiv:1710.03062 Interactive proofs MIP IP Completeness: If YES, prover can convince verifier with Pr c (e.g. 2/3) Soundness : If NO, prover cannot

472 views • 19 slides
Meditation for a Theorem Prover Reasoning and Consciousness Teaching a Theorem Prover to let

Meditation for a Theorem Prover Reasoning and Consciousness Teaching a Theorem Prover to let

Meditation for a Theorem Prover Reasoning and Consciousness Teaching a Theorem Prover to let its Mind Wander Ulrich Furbach Claudia Schon Univ. Koblenz - DFG Project Cognitive Reasoning Reasoning and Consciousness Teaching a

715 views • 55 slides
A Self-Verifying Theorem Prover Jared Davis (advertisement by J Strother Moore)

A Self-Verifying Theorem Prover Jared Davis (advertisement by J Strother Moore)

A Self-Verifying Theorem Prover Jared Davis (advertisement by J Strother Moore) Department of Computer Sciences University of Texas at Austin September 18, 2009 1 Theorem Prover ? Yes Proof Checker Yes No 2 Rules of

693 views • 40 slides
Disclaimer Tad Buckingham OD, does not receive any type of reimbursement or other benefits

Disclaimer Tad Buckingham OD, does not receive any type of reimbursement or other benefits

6/16/2020 Disclaimer Tad Buckingham OD, does not receive any type of reimbursement or other benefits from any manufactures, dealers, or groups represented in this lecture. Tad Buckingham OD Pacific University College of Optometry June

280 views • 12 slides
The Journey towards a Reference Implementation of IPSec Automatic Security Analysis with

The Journey towards a Reference Implementation of IPSec Automatic Security Analysis with

1/25 The Journey towards a Reference Implementation of IPSec Automatic Security Analysis with Tamarin-Prover Eike Stadtlnder July 12, 2018 2/25 Outline Motivation Tamarin-Prover Overview Multiset Rewriting Tamarin-Prover in Practice

1.32k views • 117 slides
A Generic Tableau Prover and Its Integration with Isabelle Lawrence C. Paulson Computer

A Generic Tableau Prover and Its Integration with Isabelle Lawrence C. Paulson Computer

A Generic Tableau Prover and Its Integration with Isabelle Lawrence C. Paulson Computer Laboratory University of Cambridge 1 Overview of Isabelle a generic interactive prover for FOL, set theory, HOL, . . . Prolog influence: resolution

226 views • 10 slides
Learning to Advise an Equational Prover Chad E. Brown 1 , Bartosz Piotrowski 1,2 , Josef Urban 1 1

Learning to Advise an Equational Prover Chad E. Brown 1 , Bartosz Piotrowski 1,2 , Josef Urban 1 1

Learning to Advise an Equational Prover Chad E. Brown 1 , Bartosz Piotrowski 1,2 , Josef Urban 1 1 Czech Technical University 2 University of Warsaw AITP 17 September 2020 Aussois Introduction aimleap is a simple prover for solving equations

790 views • 13 slides
Automatic Security Analyses of Network Protocols with Tamarin-Prover Introductory Talk Eike

Automatic Security Analyses of Network Protocols with Tamarin-Prover Introductory Talk Eike

1/18 Automatic Security Analyses of Network Protocols with Tamarin-Prover Introductory Talk Eike Stadtlnder May 17, 2018 2/18 Outline Motivation Tamarin-Prover Overview Language and Environment State Demo Goals for the Lab . 3/18

1.33k views • 99 slides
Parameters of Two-Prover-One-Round Game and The Hardness of Connectivity Problems Bundit

Parameters of Two-Prover-One-Round Game and The Hardness of Connectivity Problems Bundit

Parameters of Two-Prover-One-Round Game and The Hardness of Connectivity Problems Bundit Laekhanukit McGill University 1 This Talk Investigate the connection between 2-Prover-1-Round Game (2P1R) and Hardness of Approximating

540 views • 43 slides
1 What is a Theorem Prover? What is a Theorem? Theorem: A formalizable statement which is

1 What is a Theorem Prover? What is a Theorem? Theorem: A formalizable statement which is

Prerequisites Course 2D1453, 2006-07 Undergraduate logic and discrete maths CS literacy Advanced Formal Methods Some functional programming experience useful The theorem prover Isabelle is programming in SML Some SML

644 views • 4 slides
Characterizing Deterministic- Prover Zero Knowledge Nir Bitansky Arka Rai Choudhuri Tel Aviv

Characterizing Deterministic- Prover Zero Knowledge Nir Bitansky Arka Rai Choudhuri Tel Aviv

Characterizing Deterministic- Prover Zero Knowledge Nir Bitansky Arka Rai Choudhuri Tel Aviv University Johns Hopkins University Zero Knowledge [Goldwasser-Micali- Rackoff85] $ $ $ $ $ $ Prover (, ) Verifier () Zero Knowledge

648 views • 60 slides
From ML to MLF Graphic type constraints with efficient type inference Boris Yakobowski, Didier

From ML to MLF Graphic type constraints with efficient type inference Boris Yakobowski, Didier

From ML to MLF Graphic type constraints with efficient type inference Boris Yakobowski, Didier R emy Who? Where? INRIA, Gallium team ICFP 2008 When? MLF Extends both ML and System F, combining the benefits of both Compared to ML The

590 views • 33 slides
Drafting Irrevocable Trusts to Preserve Medicaid and VA Benefits Selecting Trust Type, Protecting

Drafting Irrevocable Trusts to Preserve Medicaid and VA Benefits Selecting Trust Type, Protecting

Presenting a live 90-minute teleconference with interactive Q&amp;A Drafting Irrevocable Trusts to Preserve Medicaid and VA Benefits Selecting Trust Type, Protecting Assets, and Optimizing Tax Planning for Long-Term Care WEDNESDAY, SEPTEMBER 10,

1.1k views • 84 slides
Drafting Irrevocable Trusts to Preserve Medicaid and VA Benefits Selecting Trust Type, Protecting

Drafting Irrevocable Trusts to Preserve Medicaid and VA Benefits Selecting Trust Type, Protecting

Presenting a 90-Minute Encore Presentation of the Teleconference with Live, Interactive Q&amp;A Drafting Irrevocable Trusts to Preserve Medicaid and VA Benefits Selecting Trust Type, Protecting Assets, and Optimizing Tax Planning for Long-Term

921 views • 81 slides
You Are Anointed Acts 28:1-6 1 Once we were safely ashore, we learned that the island was

You Are Anointed Acts 28:1-6 1 Once we were safely ashore, we learned that the island was

Pastor Patrick D. Owens You Are Anointed Acts 28:1-6 1 Once we were safely ashore, we learned that the island was called Malta. 2 The islanders showed us extraordinary kindness. They kindled a fire and welcomed all of us because it was

453 views • 16 slides
OntoGather Information Gathering in a Dynamic World Thomas Hornung Kai Simon Georg Lausen

OntoGather Information Gathering in a Dynamic World Thomas Hornung Kai Simon Georg Lausen

OntoGather Information Gathering in a Dynamic World Thomas Hornung Kai Simon Georg Lausen Group DBIS Albert-Ludwigs-Universit at Freiburg June 11, 2006 T. Hornung, K.Simon, G.Lausen (DBIS) OntoGather PPSWR 06 1 / 5 Classic Web search

564 views • 8 slides
Le Lever eragin aging g Rust Types es for Modular lar Speci cification and Verification

Le Lever eragin aging g Rust Types es for Modular lar Speci cification and Verification

Le Lever eragin aging g Rust Types es for Modular lar Speci cification and Verification Vytautas Astrauskas Peter Mller Federico Poli Alexander J. Summers Department of Computer Science Analogy with C verification void client(list *

451 views • 18 slides
Using m -Best Solutions S. Hamid Rezatofighi Anton Milan Zhen Zhang Qinfeng Shi Antony Dick

Using m -Best Solutions S. Hamid Rezatofighi Anton Milan Zhen Zhang Qinfeng Shi Antony Dick

Joint Probabilistic Matching Using m -Best Solutions S. Hamid Rezatofighi Anton Milan Zhen Zhang Qinfeng Shi Antony Dick Ian Reid 1 Introduction One-to-One Graph Matching in Computer Vision Action Recognition Feature Point

809 views • 45 slides
OEM brands manufactured (such as: SBS/Scandinavian Blue Steel, KV Zeulo). Viper is trusted

OEM brands manufactured (such as: SBS/Scandinavian Blue Steel, KV Zeulo). Viper is trusted

VIPER SCREENING BUCKETS Made in Finland by Ajutech Oy OEM brands manufactured (such as: SBS/Scandinavian Blue Steel, KV Zeulo). Viper is trusted partner both among AM and OEM customers Product range includes ten basic models of

412 views • 10 slides
SciForum MOL2NET Person Re-identification by Null Space Marginal Fisher Analysis Husheng Dong 1, 2

SciForum MOL2NET Person Re-identification by Null Space Marginal Fisher Analysis Husheng Dong 1, 2

MOL2NET , 2016 , Vol. 2, J; http://sciforum.net/conference/MOL2NET-02/SUIWML-01 SciForum MOL2NET Person Re-identification by Null Space Marginal Fisher Analysis Husheng Dong 1, 2 , Shengrong Gong 3, 1, * , Chunping Liu 1, 4, 5, * , Yi Ji 1 ,

210 views • 3 slides
Consistency Maintenance: Propagation Consistency Maintenance: Propagation Con fl ict Resolution

Consistency Maintenance: Propagation Consistency Maintenance: Propagation Con fl ict Resolution

Consistency Maintenance: Propagation Consistency Maintenance: Propagation Con fl ict Resolution Challenges Activating inactive features Fix incompleteness 9 97 Con fi gurator Con fi guration GUI Con fi guration Language Code Con fi gurator Con

487 views • 31 slides
Challenges of collaborative malware analysis Polichombr S. Le Berre A. Chevalier T. Pourcelot

Challenges of collaborative malware analysis Polichombr S. Le Berre A. Chevalier T. Pourcelot

Challenges of collaborative malware analysis Polichombr S. Le Berre A. Chevalier T. Pourcelot ANSSI/COSSI/DTO/BFS SOGETI ESEC SSTIC Rennes June 1, 2016 Introduction Plan Introduction 1 Needs and challenges 2 3 Polichombr 4

790 views • 34 slides

More recommend