Presentation is loading. Please wait.

Presentation is loading. Please wait.

Certifying and Synthesizing Membership Equational Proofs Patrick Lincoln (SRI) joint work with Steven Eker (SRI), Jose Meseguer (Urbana) and Grigore Rosu.

Published byRoberta Norton Modified over 8 years ago

Similar presentations

Presentation on theme: "Certifying and Synthesizing Membership Equational Proofs Patrick Lincoln (SRI) joint work with Steven Eker (SRI), Jose Meseguer (Urbana) and Grigore Rosu."— Presentation transcript:

1 Certifying and Synthesizing Membership Equational Proofs Patrick Lincoln (SRI) joint work with Steven Eker (SRI), Jose Meseguer (Urbana) and Grigore Rosu (Urbana)

2 Overview Motivation –Our approach to certification Membership Equational Logic (MEL) –Maude Formalizing MEL Proof Objects Certifying MEL Proof Objects Synthesizing MEL Proof Objects –Handling decision procedures (AC matching) Conclusion

3 Motivation Software certification –In order to trust the result of a verification task, one should first trust the theorem prover Heterogeneous formalisms and proofs –Practice showed there is no silver-bullet logic –Each feature can be best expressed in a specific formalism –Efficient equational engines: ELAN, Maude How can one trust them in heterogeneous settings?

4 Our Approach to Certification I Provers or decision procedures synthesize correctness certificates (proofs) Independent and straightforward checkers certify the generated proofs Product-oriented certification approach –Avoid verifying the theorem provers or the decission procedures involved Hard tasks, because they are big and changing –Check each correctness proof separately

5 Our Approach to Certification II To be trusted, easily validated, effective and general, certifiers must be –Straightforward and small Preferably less than 1,000 lines of C –Fast Linear in the size of the certificate Which implies that –Proof objects need to be very detailed Can be quite large –Proof object synthesizers should follow the logic not the particular prover, which is typically complex Go down to axioms and inference rules only –Decision procedures need to output proofs

6 Equational Logics For now, we focus on equational logics –Simple and used by other more general provers Few inference rules –Very fast engines: ELAN, Maude Millions of rewrites per second Specialized decision procedures –A,C,I (and combinations) matching, etc. Why would a general prover accept their equational computations? Why would a certifying authority trust such systems?

7 Membership Equational Logic A very general variant of equational logic Adds membership assertions t : s Sentences are Horn clauses over –Equations –Membership assertions Generalizes –Order sorted equational logics –Partial equational logics Adds one more inference rule: membership Γ |- t : s and Γ |- t = t’ implies Γ |- t’ : s

8 Maude MEL engine –Based on a fast implementation of rewriting Can output execution traces –Series of axiom applications with corresponding substitutions –Contain gaps Decision procedures –A,C,I matching and combinations –Least sort computations –Memoization –Sharing of subterms (right-hand-side of equations)

9 Formalizing MEL Proof Objects Introduced a formalization of MEL proofs Proof object = series of labeled proof steps Proof step = application of one of the six complete inference rules of MEL –Reflexivity, Symmetry, Transitivity, Congruence, Substitution, Membership –Can contain references to previous steps... (18 transitivity +(a,b) = *(c,d) follows by 15 13)...

10 Certifying MEL Proof Objects Designed and implemented a prototype MEL proof certifier (~ 200 lines in PERL) Checks each proof step –Based entirely on string comparison –No parsing needed Very simple –Does not do anything intelligent –Proof object contains any needed piece of information; certifier only makes trivial checks This is exactly what a certifying authority wants –As opposed to trusting a complex, highly optimized rewriting engine like Maude

11 Synthesizing MEL Proof Objects In order for the certifier to be simple, the proof object must be very low level The following are considered too high-level to be recognized by a certifier –Proofs by replacement or by rewriting –A, C, I matching and combinations –Sharing of subterms –Memoization –Least sort calculation So we provide solutions on how to push these down to MEL axioms and inference rules

12 Replacement Proofs Most usual “equational proofs” The problem is that replacements can be applied anywhere in the term Lots of congruences, transitivities and potentially one symmetry are implicit Procedure is given to generate all these applications of rules formally in a proof object Theorem: Γ |- t = t’ iff t (  Γ   Γ )* t’

13 Rewriting Proofs Special case of replacements proofs Most rewritings are done in depth-first order This allows to obtain much smaller proofs by delaying the applications of congruences Γ |- t = t’ when t (  Γ )*;(  Γ )* t’

14 Matching Modulo Matching modulo A, C, I, or any of their combinations is typically implemented via highly specialized decision procedures One does not want a simple and trusted certifier to know about these Therefore, one has to generate proofs making concrete use of A, C, I axioms In Maude, e.g., matchings modulo appear as gaps in the rewriting traces

15 AC Matching The most complicated one Nguyen and Kirchner 2002 gave a solution, where the proof has size O(|  | 2 ) We have sorting-based solutions generating proofs of size O(|  | log(|  |)) Given two AC-equivalent terms  and , generate a proof of their equality using the A and C axioms

16 High-Level Idea Put  and  in right associative forms  r and  r by AC equational proofs of size O(|  |) Pick a special term  b, which is a balanced version of , and put it in right associative form, i.e., the same  r,in proof size O(|  |) Generate a proof of size O(|  | log(|  |)) for the AC equivalence between  b and  r

17 Right Associativity in Linear Proof Size Apply right associativity in a bottom-up fashion, until we get a right associative term Delay congruences as much as possible

18 From Balanced to any Right Associative Permutation in O(n log(n)) Order the elements as they appear in  r The goal now is, given some ordering on element, to sort any balanced tree into a right associative list We have two methods, based on –Merge sort –Selection sort

19 Sorting a Balanced Tree by Merge Sort Step 1: Sort recursively the left and right subtrees  11 22 11  11 r 22  22 r 11 r 22 r

20 Sorting a Balanced Tree by Merge Sort Step 2: Merging the left and right sorted subtrees 11 r ’1’1 r a1a1 22 r ’2’2 r a2a2 a2a2 a1a1 ’1’1 r ’2’2 r Suppose a 2 < a 1 We can do the above in a small, constant number of applications of AC. So we can merge the two right associative lists in a linear number of proof steps.

21 The size of the AC proof generated by the merge-sort procedure is O(|  | log(|  |)) More precisely, it is 5 |  | log(|  |) Similar numbers are obtained for a selection-sort based procedure These procedures can be easily extended to handle multiple A,C,I (and combinations) operators Sorting a Balanced Tree

22 Maude Specific Issues Maude has several other decision procedures, for which we also developed proof synthesis algorithms, such as –Memoization and subterm sharing –Least sort calculation Also, due to overloaded operations, mix-fix notation, and syntactic sugar conventions, specialized procedures are also needed for –Desugaring –Disambiguation

23 Conclusion and Future Work A MEL proof formalization, certification and synthesis has been presented Had Maude as a test case, but the ideas work for any equational engine Hardest part was to deal with decision procedures The proof synthesis algorithms will be soon implemented for Maude, probably within its ITP tool (a theorem prover)

Download ppt "Certifying and Synthesizing Membership Equational Proofs Patrick Lincoln (SRI) joint work with Steven Eker (SRI), Jose Meseguer (Urbana) and Grigore Rosu."

Similar presentations

Automated Theorem Proving Lecture 1. Program verification is undecidable! Given program P and specification S, does P satisfy S?

Automated Theorem Proving Lecture 1. Program verification is undecidable! Given program P and specification S, does P satisfy S?
Introduction to Algorithms Quicksort

Introduction to Algorithms Quicksort
1 Nondeterministic Space is Closed Under Complement Presented by Jing Zhang and Yingbo Wang Theory of Computation II Professor: Geoffrey Smith.

1 Nondeterministic Space is Closed Under Complement Presented by Jing Zhang and Yingbo Wang Theory of Computation II Professor: Geoffrey Smith.
Rigorous Software Development CSCI-GA 3033-011 Instructor: Thomas Wies Spring 2012 Lecture 11.

Rigorous Software Development CSCI-GA Instructor: Thomas Wies Spring 2012 Lecture 11.
SOFTWARE TESTING. INTRODUCTION  Software Testing is the process of executing a program or system with the intent of finding errors.  It involves any.

SOFTWARE TESTING. INTRODUCTION  Software Testing is the process of executing a program or system with the intent of finding errors.  It involves any.
A simple example finding the maximum of a set S of n numbers.

A simple example finding the maximum of a set S of n numbers.
Theory of Computing Lecture 3 MAS 714 Hartmut Klauck.

Theory of Computing Lecture 3 MAS 714 Hartmut Klauck.
Recursion. Recursion is a powerful technique for thinking about a process It can be used to simulate a loop, or for many other kinds of applications In.

Recursion. Recursion is a powerful technique for thinking about a process It can be used to simulate a loop, or for many other kinds of applications In.
Theoretical Program Checking Greg Bronevetsky. Background The field of Program Checking is about 13 years old. Pioneered by Manuel Blum, Hal Wasserman,

Theoretical Program Checking Greg Bronevetsky. Background The field of Program Checking is about 13 years old. Pioneered by Manuel Blum, Hal Wasserman,
Solving Partial Order Constraints for LPO termination.

Solving Partial Order Constraints for LPO termination.
Data Structures, Spring 2004 © L. Joskowicz 1 Data Structures – LECTURE 3 Recurrence equations Formulating recurrence equations Solving recurrence equations.

Data Structures, Spring 2004 © L. Joskowicz 1 Data Structures – LECTURE 3 Recurrence equations Formulating recurrence equations Solving recurrence equations.
Validating Streaming XML Documents Luc Segoufin & Victor Vianu Presented by Harel Paz.

Validating Streaming XML Documents Luc Segoufin & Victor Vianu Presented by Harel Paz.
Data Structures, Spring 2006 © L. Joskowicz 1 Data Structures – LECTURE 3 Recurrence equations Formulating recurrence equations Solving recurrence equations.

Data Structures, Spring 2006 © L. Joskowicz 1 Data Structures – LECTURE 3 Recurrence equations Formulating recurrence equations Solving recurrence equations.
ISBN 0-321-19362-8 Chapter 4 Lexical and Syntax Analysis The Parsing Problem Recursive-Descent Parsing.

ISBN Chapter 4 Lexical and Syntax Analysis The Parsing Problem Recursive-Descent Parsing.
Dr. Muhammed Al-Mulhem 1ICS535-101 ICS 535 Design and Implementation of Programming Languages Part 1 Fundamentals (Chapter 4) Axiomatic Semantics ICS 535.

Dr. Muhammed Al-Mulhem 1ICS ICS 535 Design and Implementation of Programming Languages Part 1 Fundamentals (Chapter 4) Axiomatic Semantics ICS 535.
Chapter 11: Limitations of Algorithmic Power

Chapter 11: Limitations of Algorithmic Power
Artificial Intelligence

Artificial Intelligence
Lecture 20: April 12 Introduction to Randomized Algorithms and the Probabilistic Method.

Lecture 20: April 12 Introduction to Randomized Algorithms and the Probabilistic Method.
DAST 2005 Week 4 – Some Helpful Material Randomized Quick Sort & Lower bound & General remarks…

DAST 2005 Week 4 – Some Helpful Material Randomized Quick Sort & Lower bound & General remarks…
Chapter 11 Limitations of Algorithm Power Copyright © 2007 Pearson Addison-Wesley. All rights reserved.

Chapter 11 Limitations of Algorithm Power Copyright © 2007 Pearson Addison-Wesley. All rights reserved.

Similar presentations

Ads by Google