APLAS/CPP Invited Talks

Engineering Theories with Z3

Abstract

Modern Satisfiability Modulo Theories (SMT) solvers are fundamental to many program analysis, verification, design and testing tools. They are a good fit for the domain of software and hardware engineering because they support many domains that are commonly used by the tools. The meaning of domains are captured by theories that can be axiomatized or supported by efficient theory solvers. Nevertheless, not all domains are handled by all solvers and many domains and theories will never be native to any solver. We here explore different theories that extend Microsoft Research’s SMT solver Z3’s basic support. Some can be directly encoded or axiomatized, others make use of user theory plug-ins. Plug-ins are a powerful way for tools to supply their custom domains.

Nikolaj Bjørner

Algebra, Logic, Locality, Concurrency

Abstract

This talk reports on ongoing work - with Tony Hoare, Akbar Hussain, Bernhard Möller, Rasmus Petersen, Georg Struth, Ian Wehrman, and others - on models and logics for concurrent processes [10,6,5]. The approach we are taking abstracts from syntax or particular models. Message passing and shared memory process interaction, and strong (interleaving) and weak (partial order) approaches to sequencing, are accomodated as different models of the same core axioms. Rules of program logic, related to Hoare and Separation logics, flow at once from the algebraic axioms. So, one gets a generic program logic from the algebra, which holds for a range of concrete models.

Peter W. O’Hearn

Session 1: Logic and Types

Constructive Formalization of Hybrid Logic with Eventualities

Abstract

This paper reports on the formalization of classical hybrid logic with eventualities in the constructive type theory of the proof assistant Coq. We represent formulas and models and define satisfiability, validity, and equivalence of formulas. The representation yields the classical equivalences and does not require axioms. Our main results are an algorithmic proof of a small model theorem and the computational decidability of satisfiability, validity, and equivalence of formulas. We present our work in three steps: propositional logic, modal logic, and finally hybrid logic.

Christian Doczkal, Gert Smolka

Proof-Carrying Code in a Session-Typed Process Calculus

Abstract

Dependent session types allow us to describe not only properties of the I/O behavior of processes but also of the exchanged data. In this paper we show how to exploit dependent session types to express proof-carrying communication. We further introduce two modal operators into the type theory to provide detailed control about how much information is communicated: one based on traditional proof irrelevance and one integrating digital signatures.

Frank Pfenning, Luis Caires, Bernardo Toninho

Session 2: Certificates

Automated Certification of Implicit Induction Proofs

Abstract

Theorem proving is crucial for the formal validation of properties about user specifications. With the help of the Coq proof assistant, we show how to certify properties about conditional specifications that are proved using automated proof techniques like those employed by the Spike prover, a rewrite-based implicit induction proof system. The certification methodology is based on a new representation of the implicit induction proofs for which the underlying induction principle is an instance of Noetherian induction governed by an induction ordering over equalities. We propose improvements of the certification process and show that the certification time is reasonable even for industrial-size applications. As a case study, we automatically prove and certify more than 40% of the lemmas needed for the validation of a conformance algorithm for the ABR protocol.

Sorin Stratulat, Vincent Demange

A Proposal for Broad Spectrum Proof Certificates

Abstract

Recent developments in the theory of focused proof systems provide flexible means for structuring proofs within the sequent calculus. This structuring is organized around the construction of “macro” level inference rules based on the “micro” inference rules which introduce single logical connectives. After presenting focused proof systems for first-order classical logics (one with and one without fixed points and equality) we illustrate several examples of proof certificates formats that are derived naturally from the structure of such focused proof systems. In principle, a proof certificate contains two parts: the first part describes how macro rules are defined in terms of micro rules and the second part describes a particular proof object using the macro rules. The first part, which is based on the vocabulary of focused proof systems, describes a collection of macro rules that can be used to directly present the structure of proof evidence captured by a particular class of computational logic systems. While such proof certificates can capture a wide variety of proof structures, a proof checker can remain simple since it must only understand the micro-rules and the discipline of focusing. Since proofs and proof certificates are often likely to be large, there must be some flexibility in allowing proof certificates to elide subproofs: as a result, proof checkers will necessarily be required to perform (bounded) proof search in order to reconstruct missing subproofs. Thus, proof checkers will need to do unification and restricted backtracking search.

Dale Miller

Session 3: Invited Talk

Univalent Semantics of Constructive Type Theories

Abstract

In this talk I will outline a new semantics for dependent polymorphic type theories with Martin-Lof identity types. It is based on a class of models which interpret types as simplicial sets or topological spaces defined up to homotopy equivalence. The intuition based on the univalent semantics leads to new answers to some long standing questions of type theory providing in particular well-behaved type theoretic definitions of sets and set quotients. So far the main application of these ideas has been to the development of “native” type-theoretic foundations of mathematics which are implemented in a growing library of mathematics for proof assistant Coq. On the other hand the computational issues raised by the univalent semantics may lead in the future to a new class of programming languages.

Vladimir Voevodsky

Session 4: Formalization

Formalization of Wu’s Simple Method in Coq

Abstract

We present in this paper the integration within the Coq proof assistant, of a method for automatic theorem proving in geometry. We use an approach based on the validation of a certificate. The certificate is generated by an implementation in Ocaml of a simple version of Wu’s method.

Jean-David Génevaux, Julien Narboux, Pascal Schreck

Reasoning about Constants in Nominal Isabelle or How to Formalize the Second Fixed Point Theorem

Abstract

Nominal Isabelle is a framework for reasoning about programming languages with named bound variables (as opposed to de Bruijn indices). It is a definitional extension of the HOL object logic of the Isabelle theorem prover. Nominal Isabelle supports the definition of term languages of calculi with bindings, functions on the terms of these calculi and provides mechanisms that automatically rename binders. Functions defined in Nominal Isabelle can be defined with assumptions: The binders can be assumed fresh for any arguments of the functions. Defining functions is often one of the more complicated part of reasoning with Nominal Isabelle, and together with analysing freshness is the part that differs most from paper proofs. In this paper we show how to define terms from λ-calculus and reason about them without having to carry around the freshness conditions. As a case study we formalize the second fixed point theorem of the λ-calculus.

Cezary Kaliszyk, Henk Barendregt

Simple, Functional, Sound and Complete Parsing for All Context-Free Grammars

Abstract

Parsers for context-free grammars can be implemented directly and naturally in a functional style known as “combinator parsing”, using recursion following the structure of the grammar rules. However, naive implementations fail to terminate on left-recursive grammars, and despite extensive research the only complete parsers for general context-free grammars are constructed using other techniques such as Earley parsing. Our main contribution is to show how to construct simple, sound and complete parser implementations directly from grammar specifications, for all context-free grammars, based on combinator parsing. We then construct a generic parser generator and show that generated parsers are sound and complete. The formal proofs are mechanized using the HOL4 theorem prover. Memoized parsers based on our approach are polynomial-time in the size of the input. Preliminary real-world performance testing on highly ambiguous grammars indicates our parsers are faster than those generated by the popular Happy parser generator.

Tom Ridge

A Decision Procedure for Regular Expression Equivalence in Type Theory

Abstract

We describe and formally verify a procedure to decide regular expressions equivalence: two regular expressions are equivalent if and only if they recognize the same language. Our approach to this problem is inspired by Brzozowski’s algorithm using derivatives of regular expressions, with a new definition of finite sets. In this paper, we detail a complete formalization of Brzozowki’s derivatives, a new definition of finite sets along with its basic meta-theory, and a decidable equivalence procedure correctly proved using Coq and Ssreflect.

Thierry Coquand, Vincent Siles

Session 5: Proof Assistants

A Modular Integration of SAT/SMT Solvers to Coq through Proof Witnesses

Abstract

We present a way to enjoy the power of SAT and SMT provers in Coq without compromising soundness. This requires these provers to return not only a yes/no answer, but also a proof witness that can be independently rechecked. We present such a checker, written and fully certified in Coq. It is conceived in a modular way, in order to tame the proofs’ complexity and to be extendable. It can currently check witnesses from the SAT solver ZChaff and from the SMT solver veriT. Experiments highlight the efficiency of this checker. On top of it, new reflexive Coq tactics have been built that can decide a subset of Coq’s logic by calling external provers and carefully checking their answers.

Michael Armand, Germain Faure, Benjamin Grégoire, Chantal Keller, Laurent Théry, Benjamin Werner

Modular SMT Proofs for Fast Reflexive Checking Inside Coq

Abstract

We present a new methodology for exchanging unsatisfiability proofs between an untrusted SMT solver and a sceptical proof assistant with computation capabilities like Coq. We advocate modular SMT proofs that separate boolean reasoning and theory reasoning; and structure the communication between theories using Nelson-Oppen combination scheme. We present the design and implementation of a Coq reflexive verifier that is modular and allows for fine-tuned theory-specific verifiers. The current verifier is able to verify proofs for quantifier-free formulae mixing linear arithmetic and uninterpreted functions. Our proof generation scheme benefits from the efficiency of state-of-the-art SMT solvers while being independent from a specific SMT solver proof format. Our only requirement for the SMT solver is the ability to extract unsat cores and generate boolean models. In practice, unsat cores are relatively small and their proof is obtained with a modest overhead by our proof-producing prover. We present experiments assessing the feasibility of the approach for benchmarks obtained from the SMT competition.

Frédéric Besson, Pierre-Emmanuel Cornilleau, David Pichardie

Tactics for Reasoning Modulo AC in Coq

Abstract

We present a set of tools for rewriting modulo associativity and commutativity (AC) in Coq, solving a long-standing practical problem. We use two building blocks: first, an extensible reflexive decision procedure for equality modulo AC; second, an OCaml plug-in for pattern matching modulo AC. We handle associative only operations, neutral elements, uninterpreted function symbols, and user-defined equivalence relations. By relying on type-classes for the reification phase, we can infer these properties automatically, so that end-users do not need to specify which operation is A or AC, or which constant is a neutral element.

Thomas Braibant, Damien Pous

Reconstruction of Z3’s Bit-Vector Proofs in HOL4 and Isabelle/HOL

Abstract

The Satisfiability Modulo Theories (SMT) solver Z3 can generate proofs of unsatisfiability. We present independent reconstruction of unsatisfiability proofs for bit-vector theories in the theorem provers HOL4 and Isabelle/HOL. Our work shows that LCF-style proof reconstruction for the theory of fixed-size bit-vectors, although difficult because Z3’s proofs provide limited detail, is often possible. We thereby obtain high correctness assurances for Z3’s results, and increase the degree of proof automation for bit-vector problems in HOL4 and Isabelle/HOL.

Sascha Böhme, Anthony C. J. Fox, Thomas Sewell, Tjark Weber

Session 6: Teaching

Teaching Experience: Logic and Formal Methods with Coq

Abstract

During the past three years we have been integrating mechanized theorem proving into a traditional introductory course on formal methods. We explain our goals for adding mechanized provers to the course, and illustrate how we have integrated the provers into our syllabus to meet those goals. We also document some of the teaching materials we have developed for the course to date, and what our experiences have been like.

Martin Henz, Aquinas Hobor

The Teaching Tool CalcCheck A Proof-Checker for Gries and Schneider’s “Logical Approach to Discrete Math”

Abstract

Students following a first-year course based on Gries and Schneider’s LADM textbook had frequently been asking: “How can I know whether my solution is good?”

We now report on the development of a proof-checker designed to answer exactly that question, while intentionally not helping to find the solutions in the first place. CalcCheck provides detailed feedback to \({\rm L\kern-.36em\raise.3ex\hbox{\sc a}\kern-.15em T\kern-.1667em\lower.7ex\hbox{E}\kern-.125emX}\) -formatted calculational proofs, and thus helps students to develop confidence in their own skills in “rigorous mathematical writing”.

Gries and Schneider’s book emphasises rigorous development of mathematical results, while striking one particular compromise between full formality and customary, more informal, mathematical practises, and thus teaches aspects of both. This is one source of several unusual requirements for a mechanised proof-checker; other interesting aspects arise from details of their notational conventions.

Wolfram Kahl

Session 7: Invited Talk

VeriSmall: Verified Smallfoot Shape Analysis

Abstract

We have implemented a version of the Smallfoot shape analyzer, calling upon a paramodulation-based heap theorem prover. Our implementation is done in Coq and is extractable to an efficient ML program. The program is verified correct in Coq with respect to our Separation Logic for C minor; this in turn is proved correct in Coq w.r.t. Leroy’s operational semantics for C minor. Thus when our VeriSmall static analyzer claims some shape property of a program, an end-to-end machine-checked proof guarantees that the assembly language of the compiled program will actually have that property.

Andrew W. Appel

Session 8: Programming Languages

Verification of Scalable Synchronous Queue

Abstract

Lock-free algorithms are extremely hard to be built correct due to their fine-grained concurrency natures. Formal techniques for verifying them are crucial. We present a framework for verification of CAS-based lock-free algorithms, and prove a nontrivial lock-free algorithm Scalable Synchronous Queue that is practically adopted in Java 6. The strength of our approach lies on that it relieves the dependence on auxiliary variables/commands, thus is relatively easier to conduct and comprehend, comparing to existing works.

Jinjiang Lei, Zongyan Qiu

Coq Mechanization of Featherweight Fortress with Multiple Dispatch and Multiple Inheritance

Abstract

In object-oriented languages, overloaded methods with multiple dispatch extend the functionality of existing classes, and multiple inheritance allows a class to reuse code in multiple classes. However, both multiple dispatch and multiple inheritance introduce the possibility of ambiguous method calls that cannot be resolved at run time. To guarantee no ambiguous calls at run time, the overloaded method declarations should be checked statically.

In this paper, we present a core calculus for the Fortress programming language, which provides both multiple dispatch and multiple inheritance. While previous work proposed a set of static rules to guarantee no ambiguous calls at run time, the rules were parametric to the underlying programming language. To implement such rules for a particular language, the rules should be instantiated for the language. Therefore, to concretely realize the overloading rules for Fortress, we formally define a core calculus for Fortress and mechanize the calculus and its type safety proof in Coq.

Jieung Kim, Sukyoung Ryu

Mechanizing the Metatheory of mini-XQuery

Abstract

We present a Nominal Isabelle formalization of an expressive core fragment of XQuery, a W3C standard functional language for querying XML documents. Our formalization focuses on results presented in the literature concerning XQuery’s operational semantics, typechecking, and optimizations. Our core language, called mini-XQuery, omits many complications of XQuery such as ancestor and sibling axes, recursive types and functions, node identity, and unordered processing modes, but does handle distinctive features of XQuery including monadic comprehensions, downward XPath steps and regular expression types. To our knowledge no language with similar features has been mechanically formalized previously. Our formalization is a first step towards a complete formalization of full XQuery.

James Cheney, Christian Urban

Automatically Verifying Typing Constraints for a Data Processing Language

Abstract

In this paper we present a new technique for automatically verifying typing constraints in the setting of Dminor, a first-order data processing language with refinement types and dynamic type-tests. We achieve this by translating Dminor programs into a standard while language and then using a general-purpose verification tool. Our translation generates assertions in the while program that faithfully represent the sophisticated typing constraints in the original program. We use a generic verification condition generator together with an SMT solver to prove statically that these assertions succeed in all executions. We formalise our translation algorithm using an interactive theorem prover and provide a machine-checkable proof of its soundness. We provide a prototype implementation using Boogie and Z3 that can already be used to efficiently verify a large number of test programs.

Michael Backes, Cătălin Hriţcu, Thorsten Tarrach

Session 9: Hardware Certification

Hardware-Dependent Proofs of Numerical Programs

Abstract

We present an approach for proving behavioral properties of numerical programs by analyzing their compiled assembly code. We focus on the issues and traps that may arise on floating-point computations. Direct analysis of the assembly code allows us to take into account architecture- or compiler-dependent features such as the possible use of extended precision registers.

The approach is implemented on top of the generic Why platform for deductive verification, which allows us to perform experiments where proofs are discharged by combining several back-end automatic provers.

Thi Minh Tuyen Nguyen, Claude Marché

Coquet: A Coq Library for Verifying Hardware

Abstract

We propose a new library to model and verify hardware circuits in the Coq proof assistant. This library allows one to easily build circuits by following the usual pen-and-paper diagrams. We define a deep-embedding: we use a (dependently typed) data-type that models the architecture of circuits, and a meaning function. We propose tactics that ease the reasoning about the behavior of the circuits, and we demonstrate that our approach is practicable by proving the correctness of various circuits: a text-book divide and conquer adder of parametric size, some higher-order combinators of circuits, and some sequential circuits: a buffer, and a register.

Thomas Braibant

First Steps towards the Certification of an ARM Simulator Using Compcert

Abstract

The simulation of Systems-on-Chip (SoC) is nowadays a hot topic because, beyond providing many debugging facilities, it allows the development of dedicated software before the hardware is available. Low-consumption CPUs such as ARM play a central role in SoC. However, the effectiveness of simulation depends on the faithfulness of the simulator. To this effect, we propose here to prove significant parts of such a simulator, SimSoC. Basically, on one hand, we develop a Coq formal model of the ARM architecture while on the other hand, we consider a version of the simulator including components written in Compcert-C. Then we prove that the simulation of ARM operations, according to Compcert-C formal semantics, conforms to the expected formal model of ARM. Size issues are partly dealt with using automatic generation of significant parts of the Coq model and of SimSoC from the official textual definition of ARM. However, this is still a long-term project. We report here the current stage of our efforts and discuss in particular the use of Compcert-C in this framework.

Xiaomu Shi, Jean-François Monin, Frédéric Tuong, Frédéric Blanqui

Session 10: Miscellaneous

Full Reduction at Full Throttle

Abstract

Emerging trends in proof styles and new applications of interactive proof assistants exploit the computational facilities of the provided proof language, reaping enormous benefits in proof size and convenience to the user. However, the resulting proof objects really put the proof assistant to the test in terms of computational time required to check them. We present a novel translation of the terms of the full Calculus of (Co)Inductive Constructions to OCaml programs. Building on this translation, we further present a new fully featured version of Coq that offloads much of the computation required during proof checking to a vanilla, state of the art and fine tuned compiler. This modular scheme yields substantial performance improvements over existing systems at a reduced implementation cost.

The work presented here builds on previous work described in [11], but we place particular emphasis in this paper on the fact that this scheme is in fact an instance of untyped normalization by evaluation [8, 14, 1,4].

Mathieu Boespflug, Maxime Dénès, Benjamin Grégoire

Certified Security Proofs of Cryptographic Protocols in the Computational Model: An Application to Intrusion Resilience

Abstract

Security proofs for cryptographic systems can be carried out in different models which reflect different kinds of security assumptions. In the symbolic model, an attacker cannot guess a secret at all and can only apply a pre-defined set of operations, whereas in the computational model, he can hope to guess secrets and apply any polynomial-time operation. Security properties in the computational model are more difficult to establish and to check.

In this paper we present a framework for certified proofs of computational indistinguishability, written using the Coq proof assistant, and based on CIL, a specialized logic for computational frames that can be applied to primitives and protocols. We demonstrate how CIL and its Coq-formalization allow proofs beyond the black-box security framework, where an attacker only uses the input/output relation of the system by executing on chosen inputs without having additional information on the state. More specifically, we use it to prove the security of a protocol against a particular kind of side-channel attack which aims at modeling leakage of information caused by an intrusion into Alice and Bob’s computers.

Pierre Corbineau, Mathilde Duclos, Yassine Lakhnech

Session 11: Proof Pearls

Proof Pearl: The Marriage Theorem

Abstract

We describe two formal proofs of the finite version of Hall’s Marriage Theorem performed with the proof assistant Isabelle/HOL, one by Halmos and Vaughan and one by Rado. The distinctive feature of our formalisation is that instead of sequences (often found in statements of this theorem) we employ indexed families, thus avoiding tedious reindexing of sequences.

Dongchen Jiang, Tobias Nipkow

Springer Professional

Über dieses Buch

Inhaltsverzeichnis

Frontmatter

APLAS/CPP Invited Talks

Engineering Theories with Z3

Algebra, Logic, Locality, Concurrency

Session 1: Logic and Types

Constructive Formalization of Hybrid Logic with Eventualities

Proof-Carrying Code in a Session-Typed Process Calculus

Session 2: Certificates

Automated Certification of Implicit Induction Proofs

A Proposal for Broad Spectrum Proof Certificates

Session 3: Invited Talk

Univalent Semantics of Constructive Type Theories

Session 4: Formalization

Formalization of Wu’s Simple Method in Coq

Reasoning about Constants in Nominal Isabelle or How to Formalize the Second Fixed Point Theorem

Simple, Functional, Sound and Complete Parsing for All Context-Free Grammars

A Decision Procedure for Regular Expression Equivalence in Type Theory

Session 5: Proof Assistants

A Modular Integration of SAT/SMT Solvers to Coq through Proof Witnesses

Modular SMT Proofs for Fast Reflexive Checking Inside Coq

Tactics for Reasoning Modulo AC in Coq

Reconstruction of Z3’s Bit-Vector Proofs in HOL4 and Isabelle/HOL

Session 6: Teaching

Teaching Experience: Logic and Formal Methods with Coq

The Teaching Tool CalcCheck A Proof-Checker for Gries and Schneider’s “Logical Approach to Discrete Math”

Session 7: Invited Talk

VeriSmall: Verified Smallfoot Shape Analysis

Session 8: Programming Languages

Verification of Scalable Synchronous Queue

Coq Mechanization of Featherweight Fortress with Multiple Dispatch and Multiple Inheritance

Mechanizing the Metatheory of mini-XQuery

Automatically Verifying Typing Constraints for a Data Processing Language

Session 9: Hardware Certification

Hardware-Dependent Proofs of Numerical Programs

Coquet: A Coq Library for Verifying Hardware

First Steps towards the Certification of an ARM Simulator Using Compcert

Session 10: Miscellaneous

Full Reduction at Full Throttle

Certified Security Proofs of Cryptographic Protocols in the Computational Model: An Application to Intrusion Resilience

Session 11: Proof Pearls

Proof Pearl: The Marriage Theorem

Backmatter