RESOLVE VERIFICATION: A New Perspective Joan Krone William F. Ogden

General Requirements for a Verifying Compiler Sound Language Specification Mechanisms Established Specifiability of Components Mathematical Expressiveness Math Proof System Program Proof System Proof Rules Soundness and Completeness Semantics

Justification Checker Use Case Programmer submits assertive code to Justification Checker. In a few minutes Justification Checker returns: –Correct –Clause that’s Incorrect Programmer fixes code or spec. –Clause that’s correct Programmer adds specification to code or lemma.

Justification Checking Justification Checker can only do obvious math. Examples show that the Justification Checker only needs to do clause refinement. Typical clause: p1  (p2  p3  (p4  p5   ) ) Difficult Math gets done in Math Units. Proofs for Math Units are much more detailed.

Meta_Precis Basic_CPO_Theory; uses Basic_Ordinal_Theory; Def. Chain( ⊑ : (D: MSet) ⊠ D→B ):  (  (D)) = { C:  (D)   x, y: C, x ⊑ y or y ⊑ x }; Corollary 1:  D: MSet,  ⊑ : D ⊠ D→B,   Chain( ⊑ ) and if Is_Reflexive( ⊑ ), then  z: D, {z}  Chain( ⊑ ); Corollary 2:  D: MSet,  ⊑ : D ⊠ D→B,  C: Chain( ⊑ ),  B:  (D), if B  C, then B  Chain( ⊑ ); Def. Is_CPO( ⊑ : (D: MSet) ⊠ D→B ): B = ( Is_Partial_Ordering( ⊑ ) and  C: Chain( ⊑ ),  b: D   x: C, x ⊑ b and  u: D, if  x: C, x ⊑ u, then b ⊑ u ); Corollary 1:  D: MSet, if  ⊑ : D ⊠ D→B  Is_CPO( ⊑ ), then D   ; Corollary 2:  D: MSet,  ⊑ : D ⊠ D→B, if Is_CPO( ⊑ ), then  z: D, {z}  Chain( ⊑ ); Corollary 3:  D: MSet,  ⊑ : D ⊠ D→B,  C: Chain( ⊑ ), if Is_CPO( ⊑ ), then  ! b: D   x: C, x ⊑ b and  u: D, if  x: C, x ⊑ u, then b ⊑ u; Corollary 4:  D: MSet,  ⊑ : D ⊠ D→B, if Is_CPO( ⊑ ), then  ! b: D   u: D, b ⊑ u; Implicit Def.  ( ⊑ : (D: MSet~{  }) ⊠ D→B): D is if Is_CPO( ⊑ ), then  x: D,  ( ⊑ ) ⊑ x and if  Is_CPO( ⊑,  ), then  ( ⊑ ) = ∗ (D);

Proofs Obv_BCPO_Prfs for Basic_CPO_Theory; Def. Chain( ⊑ : (D: MSet) ⊠ D→B ):  (  (D)) = { C:  (D)   x, y: C, x ⊑ y or y ⊑ x }; Corollary 1:  D: MSet,  ⊑ : D ⊠ D→B,   Chain( ⊑ ) and if Is_Reflexive( ⊑ ), then  z: D, {z}  Chain( ⊑ ); Proof Supp D: MSet and ⊑ : D ⊠ D→B Goal   Chain( ⊑ )and if Is_Reflexive( ⊑ ), then  z: D, {z}  Chain( ⊑ ) Goal   Chain( ⊑ ) Goal  x, y: , x ⊑ y or y ⊑ x Supp x, y:  Goal x ⊑ y or y ⊑ x Falseby supp & def.  x ⊑ y or y ⊑ x by contradiction deduction if x, y: , then x ⊑ y or y ⊑ x  x, y: , x ⊑ y or y ⊑ x by universal generalization   Chain( ⊑ ) by def Chain … QED;

Math Constructs Precis’ are analogous to Concepts. Proofs are analogous to Realizations. There will be some built-in Math Units.

Theorem Checker for Math Programmer submits math theory including proofs. The Proof Checker processes them. –If adequate, precis becomes available for the justification checker and other math checking. –If not adequate, programmer adds lemmas or reasons in the proofs.

The Verification Process The Proof Checker takes care of the mathematics, which must be a part of the context for both specifying and correctness checking. The Justification Checker takes care of program correctness.

Thesis Program verification is just proof checking and justification checking!