Sparkle A theorem prover for the functional language Clean Maarten de Mol University of Nijmegen February 2002.

Slides:

Advertisements

Similar presentations

Technologies for finding errors in object-oriented software K. Rustan M. Leino Microsoft Research, Redmond, WA Lecture 1 Summer school on Formal Models.

Advertisements

Automated Theorem Proving Lecture 1. Program verification is undecidable! Given program P and specification S, does P satisfy S?

Functional Programming Lecture 13 - induction on lists.

Introduction to Compilation of Functional Languages Wanhe Zhang Computing and Software Department McMaster University 16 th, March, 2004.

Semantics Static semantics Dynamic semantics attribute grammars

Computational Models The exam. Models of computation. –The Turing machine. –The Von Neumann machine. –The calculus. –The predicate calculus. Turing.

Copyright , Doron Peled and Cesare Tinelli. These notes are based on a set of lecture notes originally developed by Doron Peled at the University.

© M. Winter COSC 4P41 – Functional Programming Testing vs Proving Testing –uses a set of “typical” examples, –symbolic testing, –may find errors,

8. Introduction to Denotational Semantics. © O. Nierstrasz PS — Denotational Semantics 8.2 Roadmap Overview:  Syntax and Semantics  Semantics of Expressions.

Formal Semantics of Programming Languages 虞慧群 Topic 5: Axiomatic Semantics.

Chapter 11 Proof by Induction. Induction and Recursion Two sides of the same coin.  Induction usually starts with small things, and then generalizes.

MP IP Strategy Stateye-GUI Provided by Edotronik Munich, May 05, 2006.

VIDE als voortzetting van Cocktail SET Seminar 11 september 2008 Dr. ir. Michael Franssen.

ISBN Chapter 3 Describing Syntax and Semantics.

CSE 425: Logic Programming I Logic and Programs Most programs use Boolean expressions over data Logic statements can express program semantics –I.e., axiomatic.

0 PROGRAMMING IN HASKELL Chapter 7 - Higher-Order Functions.

0 PROGRAMMING IN HASKELL Chapter 6 - Recursive Functions Most of this should be review for you.

0 PROGRAMMING IN HASKELL Chapter 6 - Recursive Functions.

Some administrative stuff Class mailing list: –send to with the command “subscribe”

Copyright © 2006 The McGraw-Hill Companies, Inc. Programming Languages 2nd edition Tucker and Noonan Chapter 18 Program Correctness To treat programming.

Towards a HOL Framework for the Deductive Analysis of Hybrid Control Systems ADPM’2000 Norbert Völker University of Essex, England.

Chapter 14 Programming With Streams. Streams  A stream is an infinite sequence of values.  We could define a special data type for them: data Stream.

UNIVERSITY OF SOUTH CAROLINA Department of Computer Science and Engineering Introduction to Functional Programming Notes for CSCE 190 Based on Sebesta,

Describing Syntax and Semantics

Functional Programming Professor Yihjia Tsai Tamkang University.

Computer Science School of Computing Clemson University Discrete Math and Reasoning about Software Correctness Murali Sitaraman

CC0002NI – Computer Programming Computer Programming Er. Saroj Sharan Regmi Week 7.

0 PROGRAMMING IN HASKELL An Introduction Based on lecture notes by Graham Hutton The book “Learn You a Haskell for Great Good” (and a few other sources)

Tutorial 11 Using and Writing Visual Basic for Applications Code

PROGRAMMING IN VISUAL BASIC.NET VISUAL BASIC BUILDING BLOCKS Bilal Munir Mughal 1 Chapter-5.

Introduction to the λ-Calculus and Functional Programming Languages Arne Kutzner Hanyang University 2015.

IFIP WG2.1 meeting, 京都市, Sep Refinement and Transformations in Specware A progress report Alessandro Coglio, Kestrel Institute Stephen Westfold,

Lambda Calculus History and Syntax. History The lambda calculus is a formal system designed to investigate function definition, function application and.

© Kenneth C. Louden, Chapter 11 - Functional Programming, Part III: Theory Programming Languages: Principles and Practice, 2nd Ed. Kenneth C. Louden.

© Copyright 1992–2005 by Deitel & Associates, Inc. and Pearson Education Inc. All Rights Reserved. Tutorial 5 – Dental Payment Application: Introducing.

Chapter 02 (Part III) Introduction to C++ Programming.

Computer Science School of Computing Clemson University Discrete Math and Reasoning about Software Correctness Joseph E. Hollingsworth

Formal Verification Lecture 9. Formal Verification Formal verification relies on Descriptions of the properties or requirements Descriptions of systems.

Type Safety Kangwon National University 임현승 Programming Languages.

Honors Geometry Intro. to Deductive Reasoning. Reasoning based on observing patterns, as we did in the first section of Unit I, is called inductive reasoning.

Sound Haskell Dana N. Xu University of Cambridge Joint work with Simon Peyton Jones Microsoft Research Cambridge Koen Claessen Chalmers University of Technology.

Chapter 1, Part II: Predicate Logic With Question/Answer Animations.

Chapter 3 Part II Describing Syntax and Semantics.

CSE Winter 2008 Introduction to Program Verification January 31 proofs through simplification.

CSE Winter 2008 Introduction to Program Verification January 15 tautology checking.

Lecture 5 1 CSP tools for verification of Sec Prot Overview of the lecture The Casper interface Refinement checking and FDR Model checking Theorem proving.

Advanced Formal Methods Lecture 3: Simply Typed Lambda calculus Mads Dam KTH/CSC Course 2D1453, Some material from B. Pierce: TAPL + some from.

Nikolaj Bjørner Microsoft Research DTU Winter course January 2 nd 2012 Organized by Flemming Nielson & Hanne Riis Nielson.

1 Static Contract Checking for Haskell Dana N. Xu University of Cambridge Joint work with Simon Peyton Jones Microsoft Research Cambridge Koen Claessen.

Static Techniques for V&V. Hierarchy of V&V techniques Static Analysis V&V Dynamic Techniques Model Checking Simulation Symbolic Execution Testing Informal.

CS104:Discrete Structures Chapter 2: Proof Techniques.

June 21, Reasoning about explicit strictness in a lazy language using mixed lazy/strict semantics Marko van Eekelen Maarten de Mol Nijmegen University,

Haskell Chapter 5, Part II. Topics  Review/More Higher Order Functions  Lambda functions  Folds.

Interface specifications At the core of each Larch interface language is a model of the state manipulated by the associated programming language. Each.

Chapter Eight Predicate Logic Semantics. 1. Interpretations in Predicate Logic An argument is valid in predicate logic iff there is no valuation on which.

1 PROGRAMMING IN HASKELL An Introduction Based on lecture notes by Graham Hutton The book “Learn You a Haskell for Great Good” (and a few other sources)

CENG 424-Logic for CS Introduction Based on the Lecture Notes of Konstantin Korovin, Valentin Goranko, Russel and Norvig, and Michael Genesereth.

Control Structures I Chapter 3

Sparkle a functional theorem prover

PROGRAMMING IN HASKELL

PROGRAMMING IN HASKELL

Copyright © Cengage Learning. All rights reserved.

Programming Languages 2nd edition Tucker and Noonan

PROGRAMMING IN HASKELL

Sub-system interfaces

Testing vs Proving Testing uses a set of “typical” examples,

A useful tool for logic proof By Da Kuang, TA for CA2209b, 2009 UWO

OBJ first-order functional language based on equational logic

Programming Languages 2nd edition Tucker and Noonan

Presentation transcript:

Sparkle A theorem prover for the functional language Clean Maarten de Mol University of Nijmegen February 2002

Proof Tools Day / 18 Introduction Sparkle: Yet Another Theorem Prover: Design goals. Why build a new theorem prover? Short description of Sparkle: Specification language (Clean). Logic and semantics. Tactic language. Support for building proofs. User interface. Current status.

Proof Tools Day / 18 Design goals Basic idea: integrate theorem prover with a programming language. Use theorem prover to annotate written programs with useful properties. Goal: enhance programs. Intended users: mainly programmers. “Program” and “Prove”: same person. Proving is side activity. Important: small proofs should be easy.

Proof Tools Day / 18 Why own theorem prover? Integration with Clean: Reason on source code level:  Semantics.  Syntax.  Project structure. Store properties and proofs in programs. Link theorem prover to existing tools, such as editor. Distribute with Clean.

Proof Tools Day / 18 Specification language Clean: Functional programming language.  Referential transparency allows equational reasoning. Developed at University of Nijmegen. Very similar to Haskell. Some concepts:  Higher-order, curried and partial functions.  Lazy evaluation.  User-defined strict evaluation.  Sharing / Overloading / Comprehensions / Uniqueness.

Proof Tools Day / 18 Example program map :: (a  b) [a]  [b] map f [x:xs]= [f x : map f xs] map f []= [] increase :: [Int]  [Int] increase list= map (+ 1) list

Proof Tools Day / 18 Partial functions If in a program the expression “hd []” is evaluated, the program will terminate immediately (and an error message will be shown). hd :: [a]  a hd [x:xs]= x

Proof Tools Day / 18 Lazy evaluation Only parts of expressions that are really needed will actually be built. Allows for infinite intermediate results: Nothing wrong with using “hd (nats 7)”. The evaluation of “last (nats 7)” will either ‘hang’ a program or halt it with an error message (out of resources). nats :: Int  [Int] nats n= [n: nats (n+1)]

Proof Tools Day / 18 Strictness annotations Strictness annotations: argument must be reduced before function is entered. Only changes reduction order. May change termination properties. hd :: ![a]  a hd [x:xs]= x K :: !a b  a K x y= y

Proof Tools Day / 18 Logic First-order propositional logic: Basic units: True, False, e 1 = e 2, x. Operators: , , , , . Quantors: , . No predicates allowed. Quantification allowed over: Expressions of arbitrary type. Propositions.

Proof Tools Day / 18 Semantics (1) Total semantics: The constant expression  is used to represent error values. Reduction may have  as result:  The erronous application of a partial function leads to . hd [] reduces to   Error values propagate stepwise to the outermost level: (hd []) + 7 reduces to  + 7 reduces to .

Proof Tools Day / 18 Semantics (2) Semantics of equality: Based on reduction, but not dependent on reduction strategy. Based on observations:  The observation of an expression is obtained by replacing all its redexes by . e 1 = e 2 is true iff:  for all (e 1 reduces to r 1 )  there exists (e 2 reduces to r 2 )  such that r 1 and r 2 are observationally equal  (and vice-versa)

Proof Tools Day / 18 Semantics (3) Properties of equality: Copes with finite equalities. Copes with infinite equalities. Copes with infinite reductions (equal to  ). Semantics of quantors: All expressions of valid type may be substituted, including:  ‘infinite’ expressions.  the error value .

Proof Tools Day / 18 Semantics: examples xs ++ (ys ++ zs) = (xs ++ ys) ++ zs True for all values of xs, ys and zs, including all finite values, all infinite values and . reverse (reverse xs) = xs True for all finite values of xs. True for xs = . Not true for any infinite values of xs. xs = ones  last xs = 1 (ones = [1:ones]) True for all values of xs, except: Not true for xs = ones!!

Proof Tools Day / 18 Tactics Standard, borrowed from logic and other theorem provers: Intros; Split; Apply; Rewrite; … Special for Clean: Induction. Reduce; SplitCase; Case; ChooseCase; … Only 42 in total; no high-level automated tactics available.

Proof Tools Day / 18 Proving support Command prompt. Tactic list (prove by clicking). Hint mechanism: Sparkle automatically searches for applicable tactics. A score is assigned to each hint. Hints are displayed and can be applied:  Manually.  Automatically (with threshold).

Proof Tools Day / 18 Current status Alpha-version, but fully operational. Released in Clean distribution: Tested on examples found in the book “Introduction to Functional Programming”: Promising results:  Proofs were easily made in Sparkle.  Many proofs were found automatically by Sparkle. Not tested yet by programmers. Not tested yet on larger examples. Largest program: 8Queens

Proof Tools Day / 18 Future plans Development on Sparkle continues. User interface. Tactical language. Hint mechanism. Enhance integration with Clean: Allow properties to be specified in programs. Allow proofs to be stored in programs. Prove the (partial) correctness of a large application written in Clean. Scalability?