Daniel Matichuk Makarius Wenzel, Toby Murray

Similar documents
CS Lecture 5. Vidroha debroy. Material adapted courtesy of Prof. Xiangnan Kong and Prof. Carolina Ruiz at Worcester Polytechnic Institute

CSE 3402: Intro to Artificial Intelligence Uninformed Search II

Introduction to Alloy

Bachelor of Computer Applications (Semester-2) Subject Name: Project in C Subject Code: BCA 205. General Guidelines for Project in C

CSE 3401: Intro to AI & LP Uninformed Search II

Polynomial DC decompositions

Taking Your Class for a Walk, Randomly

Better Search Improved Uninformed Search CIS 32

Robust Task Execution: Procedural and Model-based. Outline. Desiderata: Robust Task-level Execution

COMP 406 Lecture 05. Artificial. Fiona Yan Liu Department of Computing The Hong Kong Polytechnic University

if all agents follow RSS s interpretation then there will be zero accidents.

Boyle s Law: Pressure-Volume Relationship in Gases. PRELAB QUESTIONS (Answer on your own notebook paper)

Experiences with Area Assessment Materials

Neural Network in Computer Vision for RoboCup Middle Size League

Communication Amid Uncertainty

Generating None-Plans in Order to Find Plans 1

Flyweight Pattern. Flyweight: Intent. Use sharing to support large numbers of fine-grained objects efficiently. CSIE Department, NTUT Chien-Hung Liu

THE MLU PLAYER DEVELOPMENT CURRICULUM

Iteration: while, for, do while, Reading Input with Sentinels and User-defined Functions

First-Server Advantage in Tennis Matches

DESIGN AND ANALYSIS OF ALGORITHMS (DAA 2017)

Three New Methods to Find Initial Basic Feasible. Solution of Transportation Problems

Shot-by-shot directional source deghosting and directional designature using near-gun measurements

Language Marathon Rules

BFH/HTA Biel/DUE/Course 355/ Software Engineering 2. Suppose you ll write an application that displays a large number of icons:

arxiv: v1 [math.co] 11 Apr 2018

Breaking Up is Hard to Do: An Investigation of Decomposition for Assume-Guarantee Reasoning

DEVELOPING YOUTH FOOTBALL PLAYERS BY HORST WEIN DOWNLOAD EBOOK : DEVELOPING YOUTH FOOTBALL PLAYERS BY HORST WEIN PDF

Coaching Your Best in Competitions. Wade Gilbert, PhD

COMP Intro to Logic for Computer Scientists. Lecture 13

THE REFEREEING IN BASKETBALL- TRENDS AND OPTIMIZATION STRATEGIES OF THE TRAINING AND PERFORMANCE OF REFEREES IN A DIVISION

Introduction to Pattern Recognition

1 SE/P-02. Experimental and Analytical Studies on Thermal-Hydraulic Performance of a Vacuum Vessel Pressure Suppression System in ITER

Bulgarian Olympiad in Informatics: Excellence over a Long Period of Time

CMIMC 2018 Official Contest Information

Wind Flow Model of Area Surrounding the Case Western Reserve University Wind Turbine

Transform Your Classroom and Construct Learning with Geometry Golf

- 2 - Companion Web Site. Back Cover. Synopsis

AC : A LABORATORY EXERCISE TO DEMONSTRATE HOW TO EXPERIMENTALLY DETERMINE THE OPERATING POINT FOR A FAN

TRINITY COLLEGE DUBLIN

Flies and a Frog. Flies and a Frog. 1 of 11. Copyright 2007, Exemplars, Inc. All rights reserved.

A Message from Phil Capelle. Capelle s Course on Pool

Optimal Weather Routing Using Ensemble Weather Forecasts

Swimming Program 2018

Grade 6 Lesson 1. Lesson Plan. Page 2. Guided Practice Handout. Page 4. Student Activity Handout Page 5

Key Concept Culture. Related Concepts expression, structure. Global Context Personal and Cultural Expression

REPORT ON RED-LIGHT MONITORING SYSTEMS

Assignment A7 BREAKOUT CS1110 Fall 2011 Due Sat 3 December 1

STARTING OUT WITH VISUAL C# (4TH EDITION) BY TONY GADDIS DOWNLOAD EBOOK : STARTING OUT WITH VISUAL C# (4TH EDITION) BY TONY GADDIS PDF

Lecture 5. Optimisation. Regularisation

Walking up Scenic Hills: Towards a GIS Based Typology of Crowd Sourced Walking Routes

6.RP Speed Conversions

Blocking time reduction for level crossings using the genetic algorithm

Optimizing Cyclist Parking in a Closed System

Imperfectly Shared Randomness in Communication

OPTIMAL FLOWSHOP SCHEDULING WITH DUE DATES AND PENALTY COSTS

Critical Systems Validation

TERMINATION FOR HYBRID TABLEAUS

2015 GENERAL INFORMATION

INSTRUMENT INSTRUMENTAL ERROR (of full scale) INSTRUMENTAL RESOLUTION. Tutorial simulation. Tutorial simulation

Modelling Today for the Future. Advanced Modelling Control Techniques

D-Case Modeling Guide for Target System

A CONCISE HISTORY OF THEATRE BY JIM A. PATTERSON, TIM DONOHUE DOWNLOAD EBOOK : A CONCISE HISTORY OF THEATRE BY JIM A. PATTERSON, TIM DONOHUE PDF

A quantitative software testing method for hardware and software integrated systems in safety critical applications

1 8 Practice Perimeter Circumference And Area Answers Form G

Japan AWS Summit Sponsorship Opportunities

Mechanical Design Patterns

Student Outcomes. Lesson Notes. Classwork. Discussion (20 minutes)

Presented by. Mr.Danish.D.R. M.Tech Coastal Management Institute for Ocean Management Anna University, Chennai Tamil Nadu, India.

BID APPLICATION QUESTIONNAIRE FOR THE CANDIDATES TO ORGANISE A UNITED WORLD WRESTLING EVENT

Open Research Online The Open University s repository of research publications and other research outputs

Communication Amid Uncertainty

On Almost Feebly Totally Continuous Functions in Topological Spaces

Alpine Certification Standards 2014

Estimating Paratransit Demand Forecasting Models Using ACS Disability and Income Data

EQ: GPE.4 How do I calculate distance, midpoint, and slope?

Decision of the Dispute Resolution Chamber

Statistics Unit Statistics 1A

ATHLETE INFORMATION FORM

Design Project 2 Sizing of a Bicycle Chain Ring Bolt Set ENGR 0135 Sangyeop Lee November 16, 2016 Jordan Gittleman Noah Sargent Seth Strayer Desmond

COMPARISON OF FIXED & VARIABLE RATES (25 YEARS) CHARTERED BANK ADMINISTERED INTEREST RATES - PRIME BUSINESS*

MANUFACTURE OF SUBSTRUCTURE BY AUTOMATED FIBER PLACEMENT

Three-position-jacquard machine

Today. Last update: 5 June Structural Adapter Bridge Composite Decorator Façade Flyweight Proxy APPLICATION_1 APPLICATION_2. class APPLICATION_1

FixedWingLib CGF. Realistic CGF Aircraft Entities ware-in-the-loop Simulations

University Moot Court Selections (UMCS)

The Cooperative Cleaners Case Study: Modelling and Analysis in Real-Time ABS

OPTIMIZATION OF SINGLE STAGE AXIAL FLOW COMPRESSOR FOR DIFFERENT ROTATIONAL SPEED USING CFD

AGA Swiss McMahon Pairing Protocol Standards

italian language SERVICES at the italian cultural institute LONDON telephone: september 2017-july 2018

THE CANDU 9 DISTRffiUTED CONTROL SYSTEM DESIGN PROCESS

Introduction to Pattern Recognition

Princess Nora University Faculty of Computer & Information Systems ARTIFICIAL INTELLIGENCE (CS 370D) Computer Science Department

International olympiads in Informatics in Kazakhstan. A. Iglikov Z. Gamezardashvili B. Matkarimov

Standard Rules Competition Reference Guide

A Complete Practice Manual for Beginner to Advanced coaches U10-U12

NETBALL AUSTRALIA HIGH PERFORMANCE UMPIRE PATHWAY

CprE 288 Final Project Description

LEVEL I INDIVIDUAL TACTICS TACTICAL. September 2007 Page 1

COP CHANGE LOG

Transcription:

THE UNIVERSITY OF NEW SOUTH WALES Eisbach: An Isabelle Proof Method Language Daniel Matichuk Makarius Wenzel, Toby Murray ITP 2014

Proof Engineering 80 000 60 000 40 000 20 000 average 0 Mar-2004 Size distribution of AFP entries in lines of proof, sorted by submission date Feb-2012 2013 2

Proof Engineering 80 000 60 000 40 000 20 000 average 0 Mar-2004 Size distribution of AFP entries in lines of proof, sorted by submission date Feb-2012 2013 2

Proof Engineering 80 000 60 000 40 000 20 000 average 0 Mar-2004 Size distribution of AFP entries in lines of proof, sorted by submission date Feb-2012 2013 2

Proof Engineering 80 000 60 000 40 000 20 000 average 0 Mar-2004 Size distribution of AFP entries in lines of proof, sorted by submission date Feb-2012 2013 2

Outline = Isabelle = Isabelle Isabelle Concepts - Isar - Proof Methods Eisbach - Easy Custom Proof Methods - Demo Evaluation/Future -Existing method rewritten -Tracing/Debugging 3

Isabelle Concepts = Isabelle = Isabelle Isabelle Concepts - Isar - Proof Methods Eisbach - Easy Custom Proof Methods - Demo Evaluation/Future -Existing method rewritten -Tracing/Debugging 4

Isabelle/Isar theorem Knaster-Tarski: assumes mono: V xy. x apple y =) fxapple fy shows f ( d {x. fxapple x}) = d {x. fxapple x} (is f?a=?a) proof have : f?aapple?a (is - apple d?h ) proof fix x assume H : x 2?H then have?a apple x.. also from H have f... apple x.. moreover note mono finally show f?aapple x. qed also have?a apple f?a proof from mono and have f (f?a) apple f?a. then show f?a2?h.. qed finally show f?a=?a. qed 5

Isabelle/Isar theorem Knaster-Tarski: assumes mono: V xy. x apple y =) fxapple fy shows f ( d {x. fxapple x}) = d {x. fxapple x} (is f?a=?a) proof have : f?aapple?a (is - apple d?h ) proof fix x assume H : x 2?H then have?a apple x.. also from H have f... apple x.. moreover note mono finally show f?aapple x. qed also have?a apple f?a proof from mono and have f (f?a) apple f?a. then show f?a2?h.. qed finally show f?a=?a. qed 5

Isabelle/Isar theorem Knaster-Tarski 0 : assumes mono[intro]: V xy. x apple y =) fxapplefy shows f ( d {x. fxapplex}) = d { } ({x. { fxapple x}) } (is f?a=?a) proof have : f?aapple apple?a by (clarsimp,rule order.trans, fastforce) also have?a apple f?aby (fastforce intro: ) finally show f?a=?a. qed 6

Isabelle/Isar theorem Knaster-Tarski 0 : assumes mono[intro]: V xy. x apple y =) fxapplefy shows f ( d {x. fxapplex}) = d { } ({x. { fxapple x}) } (is f?a=?a) proof have : f?aapple apple?a by (clarsimp,rule order.trans, fastforce) also have?a apple f?aby (fastforce intro: ) finally show f?a=?a. qed 6

Proof Methods V d { apple } d { apple } have : f?aapple?a by (clarsimp,rule order.trans, fastforce) apple Goal Method Combinator d V d apple also have?a apple f?aby (fastforce intro: ) Method Parameter 7

Isabelle/ML theorem Knaster-Tarski 0 :( V xy. x apple y =) fxapple fy)=) f ( d {x. fxapple x}) = d ({x. fxapple x}) apply (tactic hh (EqSubst.eqsubst-tac @{context} [0 ]@{thms order-eq-i } 1 ) THEN (Tactic.resolve-tac @{thms context-conji } 1 ) THEN (Tactic.resolve-tac @{thms Inf-greatest} 1 ) THEN (Tactic.forward-tac @{thms Inf-lower} 1 ) THEN (Clasimp.fast-force-tac @{context} 1 ) THEN (Tactic.resolve-tac @{thms Inf-lower} 1 ) THEN (Clasimp.fast-force-tac @{context} 1 ) ii) done 8

Isabelle s AFP Number of files in AFP ML 50 Isar (.thy) 1,663 9

sel4 - our experience Full functional correctness proof Source code and Proof going open source http://sel4.systems for more info July 29 Isabelle proof methods developed WP/WPC - vcg for monadic hoare logic sep-* - automating separation logic Proof Engineers want more Languages like Ltac show this 10

Eisbach = Isabelle = Isabelle Isabelle Concepts - Isar - Proof Methods Eisbach - Easy Custom Proof Methods - Demo Evaluation/Future -Existing method rewritten -Tracing/Debugging 11

12

Eisbach 12

Language Elements Integrates existing/new methods fastforce, simp, auto Abstract over Terms/Facts/Methods Attributes for method hints simp, intro, my_vcg_rules Matching provides control flow Match and bind higher-order patterns against focused subgoal elements 13

Eisbach method-definition induct-list facts simp = (match?concl in?p (?x :: 0 a list) ) (induct?x 7 fastforce simp: simp)) lemma length (xs @ ys) =length xs + length ys by induct-list 14

Eisbach - Design goals Easy for beginners and experts Familiar method syntax from Isar Limited functionality - leave complexity to Isabelle/ML Integration with other Isabelle languages Readable proof procedures 15

Eisbach - Combinators Standard Isar Method Combinators - alternative composition, - sequential composition? - suppress failure (try) + - repeated application New Combinator 7 - compose with emerging subgoals method-definition prop-solver 1 =((rule impi, (erule conje)?) assumption)+ lemma P ^ Q ^ R P by prop-solver 16

Eisbach - Abstraction Parameterize over facts, terms, and methods Method Signature method-definition prop-solver 2 facts intro elim = ((rule intro, (erule elim)?) assumption)+ lemma P ^ Q P by prop-solver intro impi elim Abstracted Facts 17

Eisbach - Abstraction Parameterize over facts, terms, and methods Method Signature method-definition prop-solver 2 facts intro elim = ((rule intro, (erule elim)?) assumption)+ lemma P ^ Q P by prop-solver intro impi elim Abstracted Facts Fact Arguments lemma P ^ Q P by (prop-solver 2 intro: impi elim: conje) 17

Eisbach - Attributes New command: declare-attributes Managed with the usual Isar declare command declare-attributes intro elim method-definition prop-solver declare impi [intro] and conje [elim] lemma P ^ Q P by prop-solver Used at run-time by methods method-definition prop-solver 3 facts [intro] [elim] = ((rule intro, (erule elim)?) assumption)+ declare and 18

Eisbach - Attributes New command: declare-attributes Managed with the usual Isar declare command declare-attributes intro elim method-definition prop-solver declare impi [intro] and conje [elim] lemma P ^ Q P by prop-solver Used at run-time by methods method-definition prop-solver 3 facts [intro] [elim] = ((rule intro, (erule elim)?) assumption)+ declare and Square brackets indicate fact parameter is managed by attribute 18

Eisbach - Attributes New command: declare-attributes Managed with the usual Isar declare command declare-attributes intro elim method-definition prop-solver declare impi [intro] and conje [elim] lemma P ^ Q P by prop-solver Used at run-time by methods method-definition prop-solver 3 facts [intro] [elim] = ((rule intro, (erule elim)?) assumption)+ declare Contains impi ^ and Contains conje Square brackets indicate fact parameter is managed by attribute 18

Eisbach - Attributes New command: declare-attributes Managed with the usual Isar declare command declare-attributes intro elim method-definition prop-solver declare impi [intro] and conje [elim] lemma P ^ Q P by prop-solver Used at run-time by methods Square brackets indicate fact parameter is managed by attribute method-definition prop-solver 3 facts [intro] [elim] = ((rule intro, (erule elim)?) assumption)+ declare Contains impi ^ and Contains conje lemma P ^ Q P by prop-solver 3 18

Eisbach - Matching Higher-order matching for control flow Bind matched patterns method-definition solve-ex = (match?concl in 9 x.?q x ) (match prems in U: Q?y ) (rule exi [where x = y and P = Q, OF U]))) 9 19

Eisbach - Matching Higher-order matching for control flow Bind matched patterns definitio Special term?concl is current subgoal h prems method-definition solve-ex = (match?concl in 9 x.?q x ) (match prems in U: Q?y ) (rule exi [where x = y and P = Q, OF U]))) 9 19

Eisbach - Matching Higher-order matching for control flow Bind matched patterns definitio Special term?concl is current subgoal h prems method-definition solve-ex = (match?concl in 9 x.?q x ) (match prems in U: Q?y ) (rule exi [where x = y and P = Q, OF U]))) 9 Matched pattern is bound?q Q?y 19

Eisbach - Matching Higher-order matching for control flow Bind matched patterns definitio Special term?concl is current subgoal h prems method-definition solve-ex = (match?concl in 9 x.?q x ) (match prems in U: Q?y ) (rule exi [where x = y and P = Q, OF U]))) 9 Matched pattern is bound?q Q?y Special fact prems is current premises 19

Eisbach - Matching Higher-order matching for control flow Bind matched patterns definitio Special term?concl is current subgoal h prems method-definition solve-ex = (match?concl in 9 x.?q x ) (match prems in U: Q?y ) (rule exi [where x = y and P = Q, OF U]))) 9 Matched pattern is bound?q Q?y Special fact prems is current premises Matching singleton fact is bound 9 U: 19

Focus/Matching Problem: Raw subgoals are unstructured V x. Ax=) Bx=) Ax^ Bx V 20

Focus/Matching Problem: Raw subgoals are unstructured V V x. Ax=) Bx=) Ax^ Bx lemma V assumes A: A and B: B show by (rule conji [OF assms(1 ) assms(2 )]) V 20

Focus/Matching Problem: Raw subgoals are unstructured V V x. Ax=) Bx=) Ax^ Bx lemma V assumes A: A and B: B show by (rule conji [OF assms(1 ) assms(2 )]) V 20

Focus/Matching Problem: Raw subgoals are unstructured V V x. Ax=) Bx=) Ax^ Bx lemma V assumes A: A and B: B show by (rule conji [OF assms(1 ) assms(2 )]) Goal: V method-definition solve-conj = (match?concl in?p ^?Q ) (match prems in U : P and U 0 : Q ) (rule conji [OF U U 0 ]))) V 20

Focus/Matching Problem: Raw subgoals are unstructured V V x. Ax=) Bx=) Ax^ Bx lemma V assumes A: A and B: B show by (rule conji [OF assms(1 ) assms(2 )]) Goal: method-definition solve-conj = (match?concl in?p ^?Q ) (match prems in U : P and U 0 : Q ) (rule conji [OF U U 0 ]))) V V Find and name assumptions through matching 20

Focus Solution: Focusing Based on existing work V x. Ax=) Bx=) Ax^ Bx V 21

Focus Solution: Focusing Based on existing work V x. Ax=) Bx=) Ax^ Bx V V emma V x. fixes x assumes Axand Bx shows Ax^ Bx V Ax Ax^ Bx Bx 21

Focus Solution: Focusing Based on existing work V x. Ax=) Bx=) Ax^ Bx V V emma V x. fixes x assumes Axand Bx shows Ax^ Bx V Ax Ax^ Bx Bx prems definiti?concl h prems 21

Demo 22

Evaluation/Future work = Isabelle = Isabelle Isabelle Concepts - Isar - Proof Methods Eisbach - Easy Custom Proof Methods - Demo Evaluation/Future -Existing method rewritten -Tracing/Debugging 23

Tactic Languages are not new Ltac Untyped High-level tactic language for Coq Goal matching, iteration, recursion VeriML Dependently typed tactic language Provides strong static guarantees Mtac Typed tactic language for Coq Leverages built-in Coq notion of computation Strong static guarantees 24

Current Results Eisbach Extension of Isar, Isabelle s proof language Integrates with existing Isar syntax methods attributes Evaluation Existing methods rewritten in Eisbach WP, WPC: l4.verified invariant proof successfully checked Future Work Tracing/Debugging Optimisations 25

Conclusion Proof Engineers need tools to write proofs at scale Isar provides structure/syntax for proofs Most Isabelle users most familiar with Isar Eisbach provides easy mechanisms for writing automation abstraction matching backtracking recursion Coming soon 26

Thank You 27

2024 © sportdocbox.com Privacy Policy | Terms of Service | Feedback