towards formally verified theorem provers
play

Towards Formally Verified Theorem Provers Ramana Kumar Computer - PowerPoint PPT Presentation

Mar 31, 2023 •288 likes •428 views

Towards Formally Verified Theorem Provers Ramana Kumar Computer Laboratory, University of Cambridge Twenty Years of the QED Manifesto Vienna Summer of Logic, 2014 HOL Verified Goals of the Project An implementation of HOL Light 1. that runs

  1. Towards Formally Verified Theorem Provers Ramana Kumar Computer Laboratory, University of Cambridge Twenty Years of the QED Manifesto Vienna Summer of Logic, 2014

  2. HOL Verified Goals of the Project An implementation of HOL Light 1. that runs existing developments (e.g. Flyspeck), 2. whose soundness, from the semantics of HOL to the semantics of the processor running the machine-code, is verified. 3. And which runs the verification of its own soundness! Achievements to date 1. Implementation of HOL Light kernel in CakeML proved sound against HOL semantics. 2. Verified compiler for CakeML proved sound against machine-code semantics.

  3. HOL Verified Goals of the Project An implementation of HOL Light 1. that runs existing developments (e.g. Flyspeck), 2. whose soundness, from the semantics of HOL to the semantics of the processor running the machine-code, is verified. 3. And which runs the verification of its own soundness! Achievements to date 1. Implementation of HOL Light kernel in CakeML proved sound against HOL semantics. 2. Verified compiler for CakeML proved sound against machine-code semantics.

  4. How did we get here? Key Ideas 1. Simple, well-understood, but expressive logic. 2. LCF architecture, supporting substantial packages. ◮ inductive datatypes, ◮ recursive functions, ◮ inductive relations, ◮ rewriting, ◮ custom automation: 3. Certifying translations between shallow and deep embeddings. 4. Bootstrapping by evaluation in the logic.

  5. A reflection principle for HOL? Compared to Milawa ◮ Larger gap between underlying logic (HOL) and executable model (CakeML) ◮ No explicit proofs: uses ephemeral proofs represented by the protected type of theorems But it probably could be done! Compared to Coq ◮ Computational reflection rule for HOL? Worth investigation.

  6. Tiling Trust (Very Preliminary!) Another Kind of Reflection ◮ Certifying translation from HOL terms to deeply-embedded HOL terms. ◮ Ultimately, for each φ : [ ] ⊢ ∀ n . Pr(“ ∀ l . LCA( l ) = ⇒ φ ( l , n )”) = ⇒ ∀ l . LCA( l + 1) = ⇒ φ ( l , n ) ◮ Instantiate φ ( l , n ) with “The l th printed theorem by prover with code n is true”.

  7. Tiling Trust (Very Preliminary!) More reflection than Milawa ◮ Spec for Milawa: “Every printed theorem is true (according to the semantics of Milawa logic)” ◮ Milawa method: Prove “Every printed theorem has a proof in the initial Milawa inference system” ◮ Less restrictive: Prove “Every printed theorem is true” directly, allowing extensions to the inference system.

  8. Is Self-Verification Useful? Run a Prover on a Proof of its soundness. Suppose the Prover accepts the proof. What could this mean? Prover Sound Prover Not Sound Proof Valid Good! Impossible 1 Proof Not Valid Impossible 2 Danger Impossible 1 Valid proof that prover is sound, but prover not sound. (Modelling problem.) Impossible 2 Prover sound, but accepts an invalid proof. Danger A real possibility where we have learned nothing.

  9. Is Self-Verification Useful? Run a Prover on a Proof of its soundness. Suppose the Prover accepts the proof. What could this mean? Prover Sound Prover Not Sound Proof Valid Good! Impossible 1 Proof Not Valid Impossible 2 Danger Impossible 1 Valid proof that prover is sound, but prover not sound. (Modelling problem.) Impossible 2 Prover sound, but accepts an invalid proof. Danger A real possibility where we have learned nothing.

  10. Is Self-Verification Useful? Run a Prover on a Proof of its soundness. Suppose the Prover accepts the proof. What could this mean? Prover Sound Prover Not Sound Proof Valid Good! Impossible 1 Proof Not Valid Impossible 2 Danger Impossible 1 Valid proof that prover is sound, but prover not sound. (Modelling problem.) Impossible 2 Prover sound, but accepts an invalid proof. Danger A real possibility where we have learned nothing.

  11. Need to Trust Something What is missing is independent evidence that either the proof is valid or the prover is sound. But if we had either of those, why bother with self-verification? Formal Proof as Evidence ◮ Ultimately verification is just one kind of evidence affecting the probability that something is true. ◮ Self-verification is a stress test for a theorem prover in multiple ways.

  12. Need to Trust Something What is missing is independent evidence that either the proof is valid or the prover is sound. But if we had either of those, why bother with self-verification? Formal Proof as Evidence ◮ Ultimately verification is just one kind of evidence affecting the probability that something is true. ◮ Self-verification is a stress test for a theorem prover in multiple ways.

  13. Relevance to QED? ◮ Interoperability is still the main obstacle to QED. ◮ Applying formal methods to our formal methods to gain some control?

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Cache Storage Channels Alias-driven Attacks Formally Verified Platforms Formally Verified

Cache Storage Channels Alias-driven Attacks Formally Verified Platforms Formally Verified

Roberto Guanciale Mads Dam Hamed Nemati Christoph Baumann Cache Storage Channels Alias-driven Attacks Formally Verified Platforms Formally Verified Platforms Caches Excluded Formally Verified from the analysis Platforms Caches Excluded

675 views • 64 slides
Formally verified constraint solvers Catherine Dubois 1 Sourour Elloumi 1 Arnaud Gotlieb 2 1.

Formally verified constraint solvers Catherine Dubois 1 Sourour Elloumi 1 Arnaud Gotlieb 2 1.

Formally verified constraint solvers Catherine Dubois 1 Sourour Elloumi 1 Arnaud Gotlieb 2 1. CEDRIC-ENSIIE, Evry, France 2. Certus V&V Center, SIMULA RESEARCH LAB., Lysaker, Norway Dagstuhl Seminar 15381 1 / 23 Formally verified

501 views • 28 slides
Formally Verified Cryptographic Web Applications J. Protzenko et al. MSR + INRIA Verified

Formally Verified Cryptographic Web Applications J. Protzenko et al. MSR + INRIA Verified

Formally Verified Cryptographic Web Applications J. Protzenko et al. MSR + INRIA Verified Cryptographic Web Applications in WASM May. 22 st , 2019 1 / 22 in WebAssembly Jonathan Protzenko Microsoft Research Benjamin Beurdouche INRIA

1.5k views • 57 slides
A Formally Verified Quadratic Unification Algorithm J.-L. Ruiz-Reina, J.-A. Alonso, M.-J. Hidalgo

A Formally Verified Quadratic Unification Algorithm J.-L. Ruiz-Reina, J.-A. Alonso, M.-J. Hidalgo

A Formally Verified Quadratic Unification Algorithm J.-L. Ruiz-Reina, J.-A. Alonso, M.-J. Hidalgo and F .-J. Mart n-Mateos Computational Logic Group Dept. of Computer Science and Artificial Intelligence University of Seville A Formally

356 views • 32 slides
VigNAT: A Formally Verified NAT Arseniy Zaostrovnykh, Solal Pirelli, Luis Pedrosa, Katerina

VigNAT: A Formally Verified NAT Arseniy Zaostrovnykh, Solal Pirelli, Luis Pedrosa, Katerina

VigNAT: A Formally Verified NAT Arseniy Zaostrovnykh, Solal Pirelli, Luis Pedrosa, Katerina Argyraki, George Candea Formally verify a stateful NF with competitive performance and reasonable human effort 2 Formally verify a stateful NF with

836 views • 81 slides
Theorem Provers Seminar Resources for Anna Mndelein Computational Linguists (SS 2007)

Theorem Provers Seminar Resources for Anna Mndelein Computational Linguists (SS 2007)

Theorem Provers Seminar Resources for Anna Mndelein Computational Linguists (SS 2007) 02.07.2007 Magda Wolska, Michaela Regneri Outline Theorem Proving for Text Adventures Introduction Knowledge Base System

508 views • 25 slides
Formally Verified Differential Dynamic Logic (in Isabelle/HOL and Coq) Brandon Bohrer ,

Formally Verified Differential Dynamic Logic (in Isabelle/HOL and Coq) Brandon Bohrer ,

Formally Verified Differential Dynamic Logic (in Isabelle/HOL and Coq) Brandon Bohrer , Vincent Rahli, Ivana Vukotic, Marcus Vlp, Andr Platzer Thanks to: Johannes Hlzl, Fabian Immler, Tobias Nipkow, et. al. + Coquelicot team

540 views • 38 slides
A Formally Verified Symmetry Breaking Tool for SAT David E. Narv aez den9562@rit.edu

A Formally Verified Symmetry Breaking Tool for SAT David E. Narv aez den9562@rit.edu

A Formally Verified Symmetry Breaking Tool for SAT David E. Narv aez den9562@rit.edu Rochester Institute of Technology Rochester, NY, USA FMCAD-18 Student Forum David E. Narv aez (RIT) Formally Verified Symmetry Breaking Tool FMCAD-18

215 views • 6 slides
ATP and the Working Mathematician Interactive Theorem Provers (ITPs) are great for assisting

ATP and the Working Mathematician Interactive Theorem Provers (ITPs) are great for assisting

H INT S ELECTION AND P RIORITIZATION Robert Veroff Josef Urban Michael Kinyon U. New Mexico Czech Tech U. U. Denver AITP 2019, Obergurgl, Austria, 9 April 2019 ATP and the Working Mathematician Interactive Theorem Provers (ITPs) are great

552 views • 36 slides
Splitting and Propositional Variables in Resolution Theorem Provers Splitting and Propositional

Splitting and Propositional Variables in Resolution Theorem Provers Splitting and Propositional

Splitting and Propositional Variables in Resolution Theorem Provers Splitting and Propositional Variables in Resolution Theorem Provers Andrei Voronkov (The University of Manchester) Splitting and Propositional Variables in Resolution Theorem

913 views • 68 slides
A Qualitative Comparison of the Suitability of Four Theorem Provers for Basic Auction Theory

A Qualitative Comparison of the Suitability of Four Theorem Provers for Basic Auction Theory

Outline Motivation Requirements Problem Language/System Comparison Conclusion A Qualitative Comparison of the Suitability of Four Theorem Provers for Basic Auction Theory MKM@CICM 2013 Christoph Lange 1 , Marco B. Caminati 2 , Manfred

441 views • 29 slides
Towards an Open-Source, Formally-Verified Secure Processor Srini Devadas Massachusetts

Towards an Open-Source, Formally-Verified Secure Processor Srini Devadas Massachusetts

Towards an Open-Source, Formally-Verified Secure Processor Srini Devadas Massachusetts Institute of Technology Architectural Isolation of Processes Fundamental to maintaining correctness and privacy! 2 Performance Dictates

959 views • 43 slides
Theorem Provers, SMT, and Interpolation Philipp Rmmer Uppsala University Sweden CP meets CAV

Theorem Provers, SMT, and Interpolation Philipp Rmmer Uppsala University Sweden CP meets CAV

Theorem Provers, SMT, and Interpolation Philipp Rmmer Uppsala University Sweden CP meets CAV June 27th 2012 1 / 49 Outline Some SMT challenges from verification Quantifiers in SMT First-order version of SMT Computation of Craig

1.53k views • 107 slides
Theorem Provers Michael Rawson, Giles Reger University of Manchester, UK The problem with all

Theorem Provers Michael Rawson, Giles Reger University of Manchester, UK The problem with all

Towards an Efficient Architecture for Intelligent Theorem Provers Michael Rawson, Giles Reger University of Manchester, UK The problem with all this deep neural stuff is that its slow. AITP 19 participant, paraphrased Background

411 views • 26 slides
Introduc)on To Standard ML for specifying theorem provers. It since has evolved into a general

Introduc)on To Standard ML for specifying theorem provers. It since has evolved into a general

The ML Programming Language ML (Meta Language) was developed by Robin Milner in 1975 Introduc)on To Standard ML for specifying theorem provers. It since has evolved into a general purpose programming language. Important features of ML: sta;c

784 views • 10 slides
Making Automatic Theorem Provers more Versatile Simon Cruanes Veridis, Inria Nancy

Making Automatic Theorem Provers more Versatile Simon Cruanes Veridis, Inria Nancy

Making Automatic Theorem Provers more Versatile Simon Cruanes Veridis, Inria Nancy https://cedeela.fr/~simon/ August 2017 Simon Cruanes combine all the provers! August 2017 1 / 7 ATPs usefulness ATPs are successfully applied: program

656 views • 21 slides
Reconstructing veriT proofs in Isabelle/HOL VeriDis Retreat + Matryoshka Workshop 2019 Amsterdam

Reconstructing veriT proofs in Isabelle/HOL VeriDis Retreat + Matryoshka Workshop 2019 Amsterdam

Reconstructing veriT proofs in Isabelle/HOL VeriDis Retreat + Matryoshka Workshop 2019 Amsterdam Pays-Bas Hans-Jrg Schurr June 12, 2019 An Adventure N An Adventure N A An Adventure N A Proof

657 views • 37 slides
Programming and Proving in Isabelle/HOL Tobias Nipkow Fakult at f ur Informatik

Programming and Proving in Isabelle/HOL Tobias Nipkow Fakult at f ur Informatik

Programming and Proving in Isabelle/HOL Tobias Nipkow Fakult at f ur Informatik Technische Universit at M unchen 2013 MOD Summer School 1 Notation Implication associates to the right: A = B = C means A = ( B = C

1.92k views • 173 slides
A Coq formalization of an analysis and optimization of While Fedyukovich Grigory Andu, 5 of

A Coq formalization of an analysis and optimization of While Fedyukovich Grigory Andu, 5 of

A Coq formalization of an analysis and optimization of While Fedyukovich Grigory Andu, 5 of February, 2010 1 Introduction We present the formalization of the While language developed in Coq. Then we develop the type systems for live

472 views • 18 slides
Computer-Aided Privacy Proofs C esar Kunz Joint work with Gilles Barthe, Benjamin Gr

Computer-Aided Privacy Proofs C esar Kunz Joint work with Gilles Barthe, Benjamin Gr

Computer-Aided Privacy Proofs C esar Kunz Joint work with Gilles Barthe, Benjamin Gr egoire, Santiago Zanella-B eguelin 2012.07.10 Provable Privacy Workshop 2012 Privacy for Statistical Databases Privacy for Statistical Databases

721 views • 23 slides
Higher Order Proof Engineering Robert White ILLC/INRIA Cool Logic, ILLC 1/23 Higher Order

Higher Order Proof Engineering Robert White ILLC/INRIA Cool Logic, ILLC 1/23 Higher Order

Higher Order Proof Engineering Higher Order Proof Engineering Robert White ILLC/INRIA Cool Logic, ILLC 1/23 Higher Order Proof Engineering Outline Introduction HOL Light and HOL Proof Checking OpenTheory Holide and Dedukti ProofCloud

767 views • 23 slides
Moduli spaces of flat connections on colored surfaces David Li-Bland joint work with Pavol

Moduli spaces of flat connections on colored surfaces David Li-Bland joint work with Pavol

Moduli spaces of flat connections on colored surfaces David Li-Bland joint work with Pavol Severa Tuesday, July 31, 2012 Introduction Moduli space of flat connections Towards a finite dimensional construction Flat connections on the

1.88k views • 91 slides
HOList: An Environment for Machine Learning of Higher-Order Theorem Proving Kshitij Bansal, Sarah

HOList: An Environment for Machine Learning of Higher-Order Theorem Proving Kshitij Bansal, Sarah

HOList: An Environment for Machine Learning of Higher-Order Theorem Proving Kshitij Bansal, Sarah M. Loos, Markus N. Rabe, Christian Szegedy, Stewart Wilcox Google Research Can we create a human level AI to reason about mathematics? HOList

304 views • 11 slides
Implementing the Omega Test in HOL Outline: Basic Fourier-Motzkin variable elimination Omegas

Implementing the Omega Test in HOL Outline: Basic Fourier-Motzkin variable elimination Omegas

Implementing the Omega Test in HOL Outline: Basic Fourier-Motzkin variable elimination Omegas extension to F-M variable elimination Implementing this in HOL On the need for efficiency in conversion to DNF ARG lunch p.1 Fourier-Motzkin

991 views • 59 slides

More recommend