viktor kuncak
play

Viktor Kuncak EPFL Laboratory for Automated Reasoning and Analysis - PowerPoint PPT Presentation

Mar 05, 2024 •593 likes •974 views

Propositions as Programs, Proofs as Programs Viktor Kuncak EPFL Laboratory for Automated Reasoning and Analysis http://lara.epfl.ch http://leon.epfl.ch EPFL France Lac Lman 10 minute walk from EPFL Mont Blanc Steam Ship (1926 look and

  1. Propositions as Programs, Proofs as Programs Viktor Kuncak EPFL Laboratory for Automated Reasoning and Analysis http://lara.epfl.ch http://leon.epfl.ch

  3. EPFL France Lac Léman

  4. 10 minute walk from EPFL Mont Blanc Steam Ship (1926 look and engine) Lac Léman Plage du pélican

  5. EPFL is Hiring • MSc students (stipends, exchanges, thesis) • PhD students: phd.epfl.ch/edic • Postdocs (in my group) • Faculty hiring in 2016 (check later ic.epfl.ch)

  6. Scala programming language Invented at EPFL by Prof. Martin Odersky http://scala-lang.org/ - hundreds of thousands of Scala programmers. Used by: Twitter, Foursquare, Coursera , The Guardian , New York Times , Huffington Post, UBS , LinkedIn , Meetup ,Verizon , Intel, Markus Wenzel, Lars Hupel Libghtbend Inc. supports Scala commercially EPFL Scala Center : industrial advisory board, courses, open source development Apache Spark : “an open-source cluster computing framework with in-memory processing to speed analytic applications up to 100 times faster compared to technologies on the market today. Developed in the AMPLab at UC Berkeley, Apache Spark can help reduce data interaction complexity, increase processing speed and enhance mission-critical applications with deep intelligence .” “… IBM is making a major commitment to the future of Apache Spark, with a series of initiatives announced today. IBM will offer Apache Spark as a service on Bluemix; commit 3,500 researchers to work on Spark-related projects; donate IBM SystemML to the Spark ecosystem; and offer courses to train 1 million data scientists and engineers to use Spark .”

  7. Leon: a system to verify Scala programs Try at http://leon.epfl.ch /doc/ Check http://github.com/epfl-lara/

  8. Thanks to Leon Contributors M. Antognini R. Edelmann R. Blanc E. Darulova S. Gruetter A.S. Koeksal L. Hupel S. Kulal E. Kneuss M. Koukoutos I. Kuraj R. K. Madhavan R. Piskac M. Mayer G. Schmid R. Ruetschi S. Stucki P. Suter N. Voirol

  9. Simple Binary Search Trees in Leon import leon.lang._; import leon.collection._ sealed abstract class Tree { def content: Set[BigInt] = this match { case Leaf() => Set.empty[BigInt] case Node(l, v, r) => l.content ++ Set(v) ++ r.content } def insert(value: BigInt): Node = (this match { case Leaf() => Node(Leaf(), value, Leaf()) case Node(l, v, r) => if (v < value) Node(l, v, r.insert(value)) else if (v > value) Node(l.insert(value), v, r) else Node(l, v, r) }) ensuring (_.content == content ++ Set(value)) def contains(value: BigInt): Boolean = (this match { case Leaf() => false case Node(l, v, r) => if (v == value) true else if (v < value) r.contains(value) else l.contains(value) }) ensuring (_ == (content contains value)) } case class Leaf() extends Tree case class Node(left: Tree, value: BigInt, right: Tree) extends Tree { require ( forall ((x:BigInt) => (left.content contains x) ==> x < value) && forall ((x:BigInt) => (right.content contains x) ==> value < x)) }

  10. Writing Properties and Lemmas We write universally quantified properties as functions taking arguments, returning Boolean: def containsInserted(value: BigInt): Boolean = { insert(value).contains(value) } holds holds is a shorthand for: ensuring(res => res==true) res binds to the result of the function this – an implicit receiver parameter, desugared into explicit one Ɐ this:Tree. Ɐ value: Z . contains(insert(this, value), value) Proves immediately: decision procedure for (finite) sets after unfolding ensuring of insert and contains

  11. How Leon Proves Expression Valid (by default) Repeat: • Pretend user functions are arbitrary functions and check if valid using an SMT solver (Z3, CVC4) – if there is a counterexample not relying on any user function, report it as a real counterexample, else: • Unfold body and the corresponding ensuring spec , once for each user function application “Bounded model checking for recursive functions” “k - induction on termination relation for defined functions” On top of this, we add quantifier instantiation, and modeling higher-order functions using dynamic dispatch

  12. Example: List Size sealed abstract class List case class Cons(head:BigInt,tail:List) extends List case object Nil extends List def size(l : List) : BigInt = (l match { case Nil => BigInt(0) case Cons(_, xs) => 1 + size(xs) }) def notFifteen(l:List): Boolean = {  counterexample found fast size(l) != 15 } holds  Without postcondition on size, fails to prove def aboveZero(l:List): Boolean = { size(l) >= 0 } holds

  13. Example: List Size sealed abstract class List case class Cons(head:BigInt,tail:List) extends List case object Nil extends List def size(l : List) : BigInt = (l match { case Nil => BigInt(0) case Cons(_, xs) => 1 + size(xs)  essential postcondition for size }) ensuring(_ >= 0) def notFifteen(l:List): Boolean = {  counterexample found fast size(l) != 15 } holds  Without postcondition on size, fails to prove def aboveZero(l:List): Boolean = { size(l) >= 0 } holds

  14. Append Associativity sealed abstract class List { def ++(that: List): List = (this match { case Nil => that case Cons(x, xs) => Cons(x, xs ++ that) }) ensuring { res => (res.size == this.size + that.size) && ((that == Nil) ==> (res == this)) @induct } def appendAssoc(l1: List, def size : BigInt = (this match { l2: List, case Nil => BigInt(0) l3: List)= { case Cons(_, t) => 1 + t.size (l1 ++ l2) ++ l3 == l1 ++ (l2 ++ l3) }) ensuring(res => res >= 0) } holds } case class Cons(head: BigInt, tail: List) extends List case object Nil extends List

  15. Append Associativity Explicitly def appendAssocExp(l1: List, l2: List, l3: List): Boolean = { (l1 match { case Cons(h,t) => appendAssocExp(t, l2, l3) case _ => true }) && ((l1 ++ l2) ++ l3 == l1 ++ (l2 ++ l3)) } holds

  16. Append Associativity with Sugar def appendAssocExp(l1: List, l2: List, l3: List): Boolean = { ((l1 ++ l2) ++ l3 == l1 ++ (l2 ++ l3)) because (l1 match { case Cons(h,t) => appendAssocExp(t, l2, l3) case _ => true }) } holds

  17. With Refined Sugar def appendAssocExp(l1: List, l2: List, l3: List)= { (l1 ++ l2) ++ l3 == l1 ++ (l2 ++ l3) } holds because (l1 match { case Cons(h,t) => appendAssocExp(t, l2, l3) case _ => true })

  18. Expression to Stack Machine Compiler By structural induction on e prove Ɐ S. run(compile(e), S) == interpret(e) :: S def compileInterpretEquivalenceLemma[A](e: ExprTree[A], S: List[A]) = { run(compile(e), S) == interpret(e) :: S } holds because (e match { case Const(c) => true case Op(e1, e2) => val c1 = compile(e1) val c2 = compile(e2) runAppendLemma((c1 ++ c2), Cons[ByteCode[A]](OpInst[A](), Nil()), S)&& runAppendLemma(c1, c2, S) && compileInterpretEquivalenceLemma(e1, S) && compileInterpretEquivalenceLemma(e2, Cons[A](interpret(e1), S)) })

  19. Proof Domain-Specific Language Course project: S. Stucki and M. Antognini def reverseReverse[T](l: List[T]): Boolean = { l.reverse.reverse == l }.holds because { l match { case Nil() => trivial case Cons(x, xs) => { (xs.reverse :+ x).reverse ==| snocReverse[T](xs.reverse, x) | x :: xs.reverse.reverse ==| reverseReverse[T](xs) | (x :: xs) } .qed }} Implemented entirely as a library (no change to Leon!): implicit conversion to new type that has additional method such as ==| https://github.com/epfl-lara/leon/tree/master/library/leon/proof http://leondev.epfl.ch/doc/neon.html

  20. Resource Verification Problem def sortedIns(e: BigInt, l: List)= { require(isSorted(l)) l match { case Nil() => Cons(e, Nil()) case Cons(x,xs) => if (x <= e) Cons(x, sortedIns(e, xs)) else Cons(e, l) } } ensuring(res => // completes in O (size(l)) time/space )

  21. Specifying Resource Bounds def sortedIns(e: BigInt, l: List)= { require(isSorted(l)) l match { case Nil() => Cons(e, Nil()) case Cons(x,xs) => if (x <= e) Cons(x, sortedIns(e, xs)) else Cons(e, l) } } ensuring(res => time <= ?*size(l)+? && stack <= ?*size(l)+? ) time <= a*size(l)+b && stack <= c*size(l)+d Ensuring clauses with holes to be inferred

  22. Example Programs & Templates t delete ≤ a*height(t)+b AVL tree Red-black tree t insert ≤ a*blackHeight(t)+b t rem ≤ a*rightHeight(t.left)+b Leftist Heap t remove ≤ a*numTrees(h)+ Binomial Heap b*minChildren(h)+c t sort ≤ a*size(l)*size(l)+b Insertion Sort

  23. Bounds Inferred by the Tool t delete ≤ 145 *height(t)+ 19 AVL tree Red-black tree t insert ≤ 178 *blackHeight(t)+ 96 t rem ≤ 44 *rightHeight(t.left)+ 5 Leftist Heap t remove ≤ 70 *numTrees(h)+ Binomial Heap 31 *minChildren(h)+ 22 t sort ≤ 9 *size(l)*size(l)+ 2 Insertion Sort

  24. Also Inferred Red-black tree 2 blackHeight(t) ≤ size(t)+1 2 rightHeight(t) ≤ size(t)+1 Leftist Heap Binary inc. t inc ≤ 15*nop+3 (Amortized) Implies logarithmic time for access

  25. Extended to Lazy Evaluation and Memoization Verified about 10k lines - correctness and resource bounds • Heaps: Leftist heap, binomial heap • Sorting algorithms • Balanced search trees • Tries • Stream library • Cyclic streams: fibonacci stream, hamming stream • Lazy persistent data structures: real-time queues, deques • Dynamic programming algorithms: packrat parsing instance, Viterbi algorithm We used proof hints in the more difficult examples

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Max Planck Institute for Software Systems, Germany 1 Joint work with Viktor Kuncak, Mikael

Max Planck Institute for Software Systems, Germany 1 Joint work with Viktor Kuncak, Mikael

Ruzica Piskac Max Planck Institute for Software Systems, Germany 1 Joint work with Viktor Kuncak, Mikael Mayer and Philippe Suter 2 Software Synthesis val bigSet = .... val (setA, setB) = choose ((a: Set, b: Set) ) =&gt; ( a.size ==

612 views • 57 slides
Complete Completion using Types and Weights Tihomir Gvero, Viktor Kuncak, Ivan Kuraj and Ruzica

Complete Completion using Types and Weights Tihomir Gvero, Viktor Kuncak, Ivan Kuraj and Ruzica

Complete Completion using Types and Weights Tihomir Gvero, Viktor Kuncak, Ivan Kuraj and Ruzica Piskac 1 Motivation Large APIs and libraries ~4000 classes in Java 6.0 standard library Using those APIs (for the first time) can be

841 views • 58 slides
Full Functional Verification of Linked Data Structures Karen Zee , Viktor Kuncak , and

Full Functional Verification of Linked Data Structures Karen Zee , Viktor Kuncak , and

Full Functional Verification of Linked Data Structures Karen Zee , Viktor Kuncak , and Martin Rinard MIT CSAIL EPFL, I&amp;C Goal Verify full functional correctness of linked data structure implementations What is Full

968 views • 69 slides
Combining Theories Sharing Set Operations Ruzica Piskac joint work with Thomas Wies and Viktor

Combining Theories Sharing Set Operations Ruzica Piskac joint work with Thomas Wies and Viktor

Combining Theories Sharing Set Operations Ruzica Piskac joint work with Thomas Wies and Viktor Kuncak Fragment of Insertion into Tree root right left size: 6 5 p left right data left tmp data data data e Program Verification

718 views • 28 slides
Counterexample-Guided Quantifjer Instantiation for Synthesis in SMT Andrew Reynolds, Morgan

Counterexample-Guided Quantifjer Instantiation for Synthesis in SMT Andrew Reynolds, Morgan

Counterexample-Guided Quantifjer Instantiation for Synthesis in SMT Andrew Reynolds, Morgan Deters, Viktor Kuncak, Cesare Tinelli, and Clark Barrett Kumar Madhukar TCS Research, Pune Formal Methods Update Meet, IIT Mandi, 17-18 July, 2017

490 views • 46 slides
Towards an Optimizing Compiler for Numerical Kernels joint work with: Heiko Becker, Anastasiia

Towards an Optimizing Compiler for Numerical Kernels joint work with: Heiko Becker, Anastasiia

Photo by Sebastian Bruggisser Towards an Optimizing Compiler for Numerical Kernels joint work with: Heiko Becker, Anastasiia Izycheva, Debasmita Lohar, Viktor Kuncak, Magnus Myreen, Sylvie Putot, Eric Goubault, Helmut Seidl Eva Darulova

849 views • 51 slides
Sound Reasoning about Integral Data Types with a Reusable SMT Solver Interface R egis Blanc

Sound Reasoning about Integral Data Types with a Reusable SMT Solver Interface R egis Blanc

Sound Reasoning about Integral Data Types with a Reusable SMT Solver Interface R egis Blanc Viktor Kuncak Laboratory for Automated Reasoning and Analysis Ecole Polytechnique F ed erale de Lausanne June 13, 2015 The Leon

277 views • 17 slides
Counter-Example Complete Verification for Higher-Order Functions N. Voirol, E. Kneuss, V. Kuncak

Counter-Example Complete Verification for Higher-Order Functions N. Voirol, E. Kneuss, V. Kuncak

Counter-Example Complete Verification for Higher-Order Functions N. Voirol, E. Kneuss, V. Kuncak EPFL Scala Symposium 2015 Program Verification Aims to guarantee (or disprove) properties about programs Performed statically at

768 views • 21 slides
Decision Procedures for Algebraic Data Types with Abstractions Philippe Suter, Mirco Dotta and

Decision Procedures for Algebraic Data Types with Abstractions Philippe Suter, Mirco Dotta and

Decision Procedures for Algebraic Data Types with Abstractions Philippe Suter, Mirco Dotta and Viktor Kuncak Verification of functional programs proof counterexample (input, trace) sealed abstract class Tree case class Node(left: Tree, value:

694 views • 55 slides
Enhanced Unsatisfiable Cores for QBF: Weakening Universal to Existential Quantifiers Viktor

Enhanced Unsatisfiable Cores for QBF: Weakening Universal to Existential Quantifiers Viktor

Enhanced Unsatisfiable Cores for QBF: Weakening Universal to Existential Quantifiers Viktor Schuppan Viktor.Schuppan@gmx.de http://schuppan.de/viktor/ ICTAI 2018, Volos, Greece, 57 November 2018 Intro Some Problems with Natural

503 views • 15 slides
Processes at UC RUSAL Aluminium Smelters Mikhail Grinishin, Viktor Buzunov Presented by: Viktor

Processes at UC RUSAL Aluminium Smelters Mikhail Grinishin, Viktor Buzunov Presented by: Viktor

Applying Digitalization to Processes at UC RUSAL Aluminium Smelters Mikhail Grinishin, Viktor Buzunov Presented by: Viktor Buzunov, Director Aluminium Technology &amp; Technical Implementation, ETC Rusal Contents About UC RUSAL

414 views • 26 slides
Design Methodologies Power Consumption Power Consumption Area Viktor wall Viktor

Design Methodologies Power Consumption Power Consumption Area Viktor wall Viktor

Digital IC Design Digital IC Design Design Trade-offs Speed (throughput and clock frequency) Design Methodologies Power Consumption Power Consumption Area Viktor wall Viktor wall and Dept. of Electrical and Infomation

844 views • 15 slides
Adjustable References Viktor Vafeiadis Max Planck Institute for Software Systems (MPI-SWS)

Adjustable References Viktor Vafeiadis Max Planck Institute for Software Systems (MPI-SWS)

Adjustable References Viktor Vafeiadis Max Planck Institute for Software Systems (MPI-SWS) Viktor Vafeiadis Adjustable References Introduction Reasoning about imperative programs How to represent mutable state? Two standard approaches Deep

372 views • 18 slides
Baksan EAS array Carpet-2 and Carpet-3 experiment Romanenko Viktor Baksan Neutrino Observatory

Baksan EAS array Carpet-2 and Carpet-3 experiment Romanenko Viktor Baksan Neutrino Observatory

Baksan EAS array Carpet-2 and Carpet-3 experiment Romanenko Viktor Baksan Neutrino Observatory of Institute for Nuclear Research of the Russian Academy of Sciences VI th CNRS thematic School of Astroparticle Physics Romanenko Viktor Outlines 1

466 views • 21 slides
Morsel-Driven Parallelism: A NUMA-Aware Query Evaluation Framework for the Many-Core Age Viktor

Morsel-Driven Parallelism: A NUMA-Aware Query Evaluation Framework for the Many-Core Age Viktor

Morsel-Driven Parallelism: A NUMA-Aware Query Evaluation Framework for the Many-Core Age Viktor Leis, Peter Boncz*, Alfons Kemper, Thomas Neumann Technische Universitt Mnchen *CWI with some modifications by: S. Sudarshan Viktor Leis 1 /

736 views • 24 slides
UML Model Refactoring Viktor Stojkovski University of Antwerpen, Faculty of Computer Science,

UML Model Refactoring Viktor Stojkovski University of Antwerpen, Faculty of Computer Science,

UML Model Refactoring Viktor Stojkovski University of Antwerpen, Faculty of Computer Science, Masters of Software Engineering January, 2013, Belgium Email: Viktor.Stojkovski@student.ua.ac.be Introduction to UML Model Refactoring Because of

139 views • 12 slides
Clojure Hash Maps: plenty of room at the bottom @spinningtopsofdoom @2kliph @bendyworks

Clojure Hash Maps: plenty of room at the bottom @spinningtopsofdoom @2kliph @bendyworks

Clojure Hash Maps: plenty of room at the bottom @spinningtopsofdoom @2kliph @bendyworks Building an alien space ship Avoiding the gray goo scenario when making nano machines What cup of tea is best to power your Infinite Improbability

856 views • 71 slides
Interactions and Protocols Distributed systems of autonomous, heterogeneous agents Enable

Interactions and Protocols Distributed systems of autonomous, heterogeneous agents Enable

BSPL, the Blindingly Simple Protocol Language Interactions and Protocols Distributed systems of autonomous, heterogeneous agents Enable interoperation Maintain independence from internal reasoning (policies) Support composition of

538 views • 43 slides
Types 8 lectures for CST Part II by Andrew Pitts www . cl . cam . ac . uk / teaching / 1112 /

Types 8 lectures for CST Part II by Andrew Pitts www . cl . cam . ac . uk / teaching / 1112 /

Types 8 lectures for CST Part II by Andrew Pitts www . cl . cam . ac . uk / teaching / 1112 / Types / One of the most helpful concepts in the whole of programming is the notion of type , used to classify the kinds of object which are

1.1k views • 67 slides
Advances in Programming Languages APL17: XML processing with CDuce David Aspinall (see final

Advances in Programming Languages APL17: XML processing with CDuce David Aspinall (see final

Advances in Programming Languages APL17: XML processing with CDuce David Aspinall (see final slide for the credits and pointers to sources) School of Informatics The University of Edinburgh Friday 26th November 2010 Semester 1 Week 10 N I

822 views • 41 slides
FrameNet Resource Grammar Library for GF (FN-CNL) Normunds

FrameNet Resource Grammar Library for GF (FN-CNL) Normunds

FrameNet Resource Grammar Library for GF (FN-CNL) Normunds Grz4s, Pteris Paikens, Gun4s Brzdi Ins4tute of Mathema4cs and Computer Science, University

927 views • 33 slides
Programming, Block C Todays Topics http://www.win.tue.nl/wstomv/2ip05/ Branching dynamic

Programming, Block C Todays Topics http://www.win.tue.nl/wstomv/2ip05/ Branching dynamic

Programming, Block C Todays Topics http://www.win.tue.nl/wstomv/2ip05/ Branching dynamic data structures with pointers: Lecture 15 Trees Tom Verhoe ff Kees Hemerik Binary Trees (BTs) Binary Search Trees (BSTs) Technische

424 views • 7 slides
Kac-Moody quantum superalgebras and global crystal bases Sean Clark Joint work with D. Hill and

Kac-Moody quantum superalgebras and global crystal bases Sean Clark Joint work with D. Hill and

I NTRODUCTION B ACKGROUND The rank 1 case KM quantum supergroups Crystals Kac-Moody quantum superalgebras and global crystal bases Sean Clark Joint work with D. Hill and W. Wang University of Virginia Workshop on Super Representation Theory

602 views • 33 slides
tr tr Psr

tr tr Psr

tr tr Psr rr t rts rt

1.14k views • 54 slides

More recommend