DOCSLIB.ORG

Metamath.Pdf

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Metamath.Pdf Metamath A Computer Language for Mathematical Proofs Norman Megill with extensive revisions by David A. Wheeler 2019-06-02 ∼ Public Domain ∼ This book (including its later revisions) has been released into the Public Domain by Norman Megill per the Creative Commons CC0 1.0 Universal (CC0 1.0) Public Domain Dedication (https://creativecommons.org/publicdomain/zero/1.0/). David A. Wheeler has done the same. The public domain release applies worldwide. In case this is not legally possible, the right is granted to use the work for any purpose, without any conditions, unless such conditions are required by law. Several short, attributed quotations from copyrighted works appear in this book under the \fair use" provision of Section 107 of the United States Copyright Act (Title 17 of the United States Code). The public-domain status of this book is not applicable to those quotations. Any trademarks used in this book are the property of their owners. ISBN: 978-0-359-70223-7 Lulu Press Morrisville, North Carolina USA Norman Megill 93 Bridge St., Lexington, MA 02421 E-mail address: [email protected] David A. Wheeler E-mail address: [email protected] http://metamath.org Contents Preface . ix 1 Introduction 1 1.1 Mathematics as a Computer Language . 4 1.1.1 Is Mathematics \User-Friendly"? . 4 1.1.2 Mathematics and the Non-Specialist . 12 1.1.3 An Impossible Dream? . 14 1.1.4 Beauty . 15 1.1.5 Simplicity . 16 1.1.6 Rigor . 18 1.2 Computers and Mathematicians . 20 1.2.1 Trusting the Computer . 21 1.2.2 Trusting the Mathematician . 22 1.3 The Use of Computers in Mathematics . 24 1.3.1 Computer Algebra Systems . 24 1.3.2 Automated Theorem Provers . 25 1.3.3 Interactive Theorem Provers . 27 1.3.4 Proof Verifiers . 28 1.3.5 Creating a Database of Formalized Mathematics . 29 1.3.6 In Summary . 31 1.4 Mathematics and Metamath . 31 1.4.1 Standard Mathematics . 31 1.4.2 Other Formal Systems . 32 1.4.3 Metamath and Its Philosophy . 33 1.4.4 A History of the Approach Behind Metamath . 33 1.4.5 Metamath and First-Order Logic . 34 2 Using the Metamath Program 37 2.1 Installation . 37 2.2 Your First Formal System . 38 2.2.1 From Nothing to Zero . 38 2.2.2 Converting It to Metamath . 40 2.3 A Trial Run . 44 2.3.1 Some Hints for Using the Command Line Interface . 49 iii iv CONTENTS 2.4 Your First Proof . 50 2.5 A Note About Editing a Database File . 57 3 Abstract Mathematics Revealed 59 3.1 Logic and Set Theory . 59 3.2 The Axioms for All of Mathematics . 62 3.2.1 Propositional Calculus . 62 3.2.2 Predicate Calculus . 64 3.2.3 Set Theory . 68 3.2.4 Other Axioms . 70 3.3 The Axioms in the Metamath Language . 70 3.3.1 Propositional Calculus . 70 3.3.2 Axioms of Predicate Calculus with Equality|Tarski's S2 ............................. 71 3.3.3 Axioms of Predicate Calculus with Equality|Auxiliary 71 3.3.4 Set Theory . 71 3.3.5 That's It . 72 3.4 A Hierarchy of Definitions . 72 3.4.1 Definitions for Propositional Calculus . 74 3.4.2 Definitions for Predicate Calculus . 76 3.4.3 Definitions for Set Theory . 77 3.5 Tricks of the Trade . 85 3.6 A Theorem Sampler . 86 3.7 Axioms for Real and Complex Numbers . 89 3.7.1 The Axioms for Real and Complex Numbers Themselves 90 3.7.2 Complex Number Axioms in Analysis Texts . 91 3.7.3 Eliminating Unnecessary Complex Number Axioms . 92 3.8 Two Plus Two Equals Four . 92 3.9 Deduction . 94 3.9.1 The Standard Deduction Theorem . 94 3.9.2 Weak Deduction Theorem . 95 3.9.3 Deduction Style . 97 3.9.4 Natural Deduction . 98 3.9.5 Strengths of Our Approach . 101 3.10 Exploring the Set Theory Database . 101 3.10.1 A Note on the \Compact" Proof Format . 109 4 The Metamath Language 111 4.1 Specification of the Metamath Language . 112 4.1.1 Preliminaries . 112 4.1.2 Preprocessing . 113 4.1.3 Basic Syntax . 113 4.1.4 Proof Verification . 115 4.2 The Basic Keywords . 116 4.2.1 User-Defined Tokens . 117 CONTENTS v 4.2.2 Constants and Variables . 119 4.2.3 The $c and $v Declaration Statements . 119 4.2.4 The $d Statement . 120 4.2.5 The $f and $e Statements . 125 4.2.6 Assertions ($a and $p Statements) . 127 4.2.7 Frames . 129 4.2.8 Scoping Statements ($f and $g) . 132 4.3 The Anatomy of a Proof . 135 4.3.1 The Concept of Unification . 139 4.4 Extensions to the Metamath Language . 139 4.4.1 Comments in the Metamath Language . 139 4.4.2 The Typesetting Comment ($t) . 144 4.4.3 Additional Information Comment ($j) . 147 4.4.4 Including Other Files in a Metamath Source File . 148 4.4.5 Compressed Proof Format . 149 4.4.6 Specifying Unknown Proofs or Subproofs . 150 4.5 Axioms vs. Definitions . 150 4.5.1 What is a Definition? . 151 4.5.2 The Approach to Definitions in set.mm . 152 4.5.3 Adding Constraints on Definitions . 154 4.5.4 Summary of Approach to Definitions . 155 5 The Metamath Program 157 5.1 Invoking Metamath . 157 5.2 Controlling Metamath . 158 5.2.1 exit Command . 159 5.2.2 open log Command . 159 5.2.3 close log Command . 160 5.2.4 submit Command . 160 5.2.5 erase Command . 160 5.2.6 set echo Command . 160 5.2.7 set scroll Command . 160 5.2.8 set width Command . 161 5.2.9 set height Command . 161 5.2.10 beep Command . 161 5.2.11 more Command . 161 5.2.12 Operating System Commands . 161 5.2.13 Size Limitations in Metamath . 162 5.3 Reading and Writing Files . 162 5.3.1 read Command . 162 5.3.2 write source Command . 163 5.4 Showing Status and Statements . 163 5.4.1 show settings Command . 163 5.4.2 show memory Command . 163 5.4.3 show labels Command . 163 vi CONTENTS 5.4.4 show statement Command . 164 5.4.5 search Command . 164 5.5 Displaying and Verifying Proofs . 165 5.5.1 show proof Command . 165 5.5.2 show usage Command . 166 5.5.3 show trace back Command . 166 5.5.4 verify proof Command . 166 5.5.5 verify markup Command . 167 5.5.6 save proof Command . 167 5.6 Creating Proofs . 168 5.6.1 prove Command . 170 5.6.2 set unification timeout Command . 170 5.6.3 set empty substitution Command . 171 5.6.4 set search limit Command . 171 5.6.5 show new proof Command . 171 5.6.6 assign Command . 172 5.6.7 match Command . 172 5.6.8 let Command . 173 5.6.9 unify Command . 173 5.6.10 initialize Command . 174 5.6.11 delete Command . 174 5.6.12 improve Command . 175 5.6.13 save new proof Command . 175 5.7 Creating LATEX Output . 176 5.7.1 open tex Command . 176 5.7.2 close tex Command . 177 5.8 Creating HTML Output . 177 5.8.1 write theorem list Command . 178 5.8.2 write bibliography Command . 178 5.8.3 write recent additions Command . 178 5.9 Text File Utilities . 179 5.9.1 tools Command . 179 5.9.2 help Command (in tools) . 179 5.9.3 Using tools to Build Metamath submit Scripts . 180 5.9.4 Example of a tools Session . 180 A Sample Representations 183 B Compressed Proofs 187 C Metamath's Formal System 189 C.1 Introduction . 189 C.2 The Formal Description . 190 C.2.1 Preliminaries . 190 C.2.2 Constants, Variables, and Expressions . ..
Load more

Recommended publications
  • Experience Implementing a Performant Category-Theory Library in Coq
    Experience Implementing a Performant Category-Theory Library in Coq Jason Gross, Adam Chlipala, and David I. Spivak Massachusetts Institute of Technology, Cambridge, MA, USA [email protected], [email protected], [email protected] Abstract. We describe our experience implementing a broad category- theory library in Coq. Category theory and computational performance are not usually mentioned in the same breath, but we have needed sub- stantial engineering effort to teach Coq to cope with large categorical constructions without slowing proof script processing unacceptably. In this paper, we share the lessons we have learned about how to repre- sent very abstract mathematical objects and arguments in Coq and how future proof assistants might be designed to better support such rea- soning. One particular encoding trick to which we draw attention al- lows category-theoretic arguments involving duality to be internalized in Coq's logic with definitional equality. Ours may be the largest Coq development to date that uses the relatively new Coq version developed by homotopy type theorists, and we reflect on which new features were especially helpful. Keywords: Coq · category theory · homotopy type theory · duality · performance 1 Introduction Category theory [36] is a popular all-encompassing mathematical formalism that casts familiar mathematical ideas from many domains in terms of a few unifying concepts. A category can be described as a directed graph plus algebraic laws stating equivalences between paths through the graph. Because of this spar- tan philosophical grounding, category theory is sometimes referred to in good humor as \formal abstract nonsense." Certainly the popular perception of cat- egory theory is quite far from pragmatic issues of implementation.
    [Show full text]
  • Specifying Verified X86 Software from Scratch
    Specifying verified x86 software from scratch Mario Carneiro Carnegie Mellon University, Pittsburgh, PA, USA [email protected] Abstract We present a simple framework for specifying and proving facts about the input/output behavior of ELF binary files on the x86-64 architecture. A strong emphasis has been placed on simplicity at all levels: the specification says only what it needs to about the target executable, the specification is performed inside a simple logic (equivalent to first-order Peano Arithmetic), and the verification language and proof checker are custom-designed to have only what is necessary to perform efficient general purpose verification. This forms a part of the Metamath Zero project, to build a minimal verifier that is capable of verifying its own binary. In this paper, we will present the specification of the dynamic semantics of x86 machine code, together with enough information about Linux system calls to perform simple IO. 2012 ACM Subject Classification Theory of computation → Program verification; Theory of com- putation → Abstract machines Keywords and phrases x86-64, ISA specification, Metamath Zero, self-verification Digital Object Identifier 10.4230/LIPIcs.ITP.2019.19 Supplement Material The formalization is a part of the Metamath Zero project at https://github. com/digama0/mm0. Funding This material is based upon work supported by AFOSR grant FA9550-18-1-0120 and a grant from the Sloan Foundation. Acknowledgements I would like to thank my advisor Jeremy Avigad for his support and encourage- ment, and for his reviews of early drafts of this work. 1 Introduction The field of software verification is on the verge of a breakthrough.
    [Show full text]
  • Number Theory
    “mcs-ftl” — 2010/9/8 — 0:40 — page 81 — #87 4 Number Theory Number theory is the study of the integers. Why anyone would want to study the integers is not immediately obvious. First of all, what’s to know? There’s 0, there’s 1, 2, 3, and so on, and, oh yeah, -1, -2, . Which one don’t you understand? Sec- ond, what practical value is there in it? The mathematician G. H. Hardy expressed pleasure in its impracticality when he wrote: [Number theorists] may be justified in rejoicing that there is one sci- ence, at any rate, and that their own, whose very remoteness from or- dinary human activities should keep it gentle and clean. Hardy was specially concerned that number theory not be used in warfare; he was a pacifist. You may applaud his sentiments, but he got it wrong: Number Theory underlies modern cryptography, which is what makes secure online communication possible. Secure communication is of course crucial in war—which may leave poor Hardy spinning in his grave. It’s also central to online commerce. Every time you buy a book from Amazon, check your grades on WebSIS, or use a PayPal account, you are relying on number theoretic algorithms. Number theory also provides an excellent environment for us to practice and apply the proof techniques that we developed in Chapters 2 and 3. Since we’ll be focusing on properties of the integers, we’ll adopt the default convention in this chapter that variables range over the set of integers, Z. 4.1 Divisibility The nature of number theory emerges as soon as we consider the divides relation a divides b iff ak b for some k: D The notation, a b, is an abbreviation for “a divides b.” If a b, then we also j j say that b is a multiple of a.
    [Show full text]
  • Lemma Functions for Frama-C: C Programs As Proofs
    Lemma Functions for Frama-C: C Programs as Proofs Grigoriy Volkov Mikhail Mandrykin Denis Efremov Faculty of Computer Science Software Engineering Department Faculty of Computer Science National Research University Ivannikov Institute for System Programming of the National Research University Higher School of Economics Russian Academy of Sciences Higher School of Economics Moscow, Russia Moscow, Russia Moscow, Russia [email protected] [email protected] [email protected] Abstract—This paper describes the development of to additionally specify loop invariants and termination an auto-active verification technique in the Frama-C expression (loop variants) in case the function under framework. We outline the lemma functions method analysis contains loops. Then the verification instrument and present the corresponding ACSL extension, its implementation in Frama-C, and evaluation on a set generates verification conditions (VCs), which can be of string-manipulating functions from the Linux kernel. separated into categories: safety and behavioral ones. We illustrate the benefits our approach can bring con- Safety VCs are responsible for runtime error checks for cerning the effort required to prove lemmas, compared known (modeled) types, while behavioral VCs represent to the approach based on interactive provers such as the functional correctness checks. All VCs need to be Coq. Current limitations of the method and its imple- mentation are discussed. discharged in order for the function to be considered fully Index Terms—formal verification, deductive verifi- proved (totally correct). This can be achieved either by cation, Frama-C, auto-active verification, lemma func- manually proving all VCs discharged with an interactive tions, Linux kernel prover (i. e., Coq, Isabelle/HOL or PVS) or with the help of automatic provers.
    [Show full text]
  • The Metamathematics of Putnam's Model-Theoretic Arguments
    The Metamathematics of Putnam's Model-Theoretic Arguments Tim Button Abstract. Putnam famously attempted to use model theory to draw metaphysical conclusions. His Skolemisation argument sought to show metaphysical realists that their favourite theories have countable models. His permutation argument sought to show that they have permuted mod- els. His constructivisation argument sought to show that any empirical evidence is compatible with the Axiom of Constructibility. Here, I exam- ine the metamathematics of all three model-theoretic arguments, and I argue against Bays (2001, 2007) that Putnam is largely immune to meta- mathematical challenges. Copyright notice. This paper is due to appear in Erkenntnis. This is a pre-print, and may be subject to minor changes. The authoritative version should be obtained from Erkenntnis, once it has been published. Hilary Putnam famously attempted to use model theory to draw metaphys- ical conclusions. Specifically, he attacked metaphysical realism, a position characterised by the following credo: [T]he world consists of a fixed totality of mind-independent objects. (Putnam 1981, p. 49; cf. 1978, p. 125). Truth involves some sort of correspondence relation between words or thought-signs and external things and sets of things. (1981, p. 49; cf. 1989, p. 214) [W]hat is epistemically most justifiable to believe may nonetheless be false. (1980, p. 473; cf. 1978, p. 125) To sum up these claims, Putnam characterised metaphysical realism as an \externalist perspective" whose \favorite point of view is a God's Eye point of view" (1981, p. 49). Putnam sought to show that this externalist perspective is deeply untenable. To this end, he treated correspondence in terms of model-theoretic satisfaction.
    [Show full text]
  • Pure Mathematics Professors Teaching and Leading Research CO-OP OR REGULAR 28
    PURE MATHEMATICS Pure Mathematics professors teaching and leading research CO-OP OR REGULAR 28 Mathematician ranked among top 10 TOP 10 jobs from 2011-2017 – Comcast.com of grads are employed Search for a deeper 96.6% within 2 years understanding of mathematics Pure mathematics is at the foundation of all mathematical reasoning. If first-year calculus ALEX teaches you how to drive the car, Pure Mathematics teaches you how to build one. 3B, PURE MATHEMATICS AND Mathematicians know that there could be no general relativity without differential COMBINATORICS AND geometry, and no computer security without advanced number theory. OPTIMIZATION Pure Mathematics at Waterloo is a small, cohesive, and challenging program that will open countless doors for you. Our graduates have used the program as a springboard into careers WHAT DO YOU LOVE ABOUT in information technology, finance, business, science, education, and insurance, often by way PURE MATHEMATICS? The satisfaction from understanding of some of the most prestigious graduate programs in the world. an idea at a deeper level and tying together unrelated branches of ALEX’S FAVOURITE COURSES mathematics or physics for the › PMATH 320 Euclidean Geometry: This course is everything you love about Geometry: first time is the most rewarding Euclid’s axioms, isometries of the Euclidean plane and of Euclidean space, polygons, part of learning and understanding polyhedral, polytopes, and the kissing problem. mathematics. What I really enjoy is › PMATH 351 Real Analysis: It’s a very intuitive and natural approach to real analysis, and the developing a deep understanding of complexity of the course builds very naturally to the end of the semester.
    [Show full text]
  • Better SMT Proofs for Easier Reconstruction Haniel Barbosa, Jasmin Blanchette, Mathias Fleury, Pascal Fontaine, Hans-Jörg Schurr
    Better SMT Proofs for Easier Reconstruction Haniel Barbosa, Jasmin Blanchette, Mathias Fleury, Pascal Fontaine, Hans-Jörg Schurr To cite this version: Haniel Barbosa, Jasmin Blanchette, Mathias Fleury, Pascal Fontaine, Hans-Jörg Schurr. Better SMT Proofs for Easier Reconstruction. AITP 2019 - 4th Conference on Artificial Intelligence and Theorem Proving, Apr 2019, Obergurgl, Austria. hal-02381819 HAL Id: hal-02381819 https://hal.archives-ouvertes.fr/hal-02381819 Submitted on 26 Nov 2019 HAL is a multi-disciplinary open access L’archive ouverte pluridisciplinaire HAL, est archive for the deposit and dissemination of sci- destinée au dépôt et à la diffusion de documents entific research documents, whether they are pub- scientifiques de niveau recherche, publiés ou non, lished or not. The documents may come from émanant des établissements d’enseignement et de teaching and research institutions in France or recherche français ou étrangers, des laboratoires abroad, or from public or private research centers. publics ou privés. Better SMT Proofs for Easier Reconstruction Haniel Barbosa1, Jasmin Christian Blanchette2;3;4, Mathias Fleury4;5, Pascal Fontaine3, and Hans-J¨orgSchurr3 1 University of Iowa, 52240 Iowa City, USA [email protected] 2 Vrije Universiteit Amsterdam, 1081 HV Amsterdam, the Netherlands [email protected] 3 Universit´ede Lorraine, CNRS, Inria, LORIA, 54000 Nancy, France fjasmin.blanchette,pascal.fontaine,[email protected] 4 Max-Planck-Institut f¨urInformatik, Saarland Informatics Campus, Saarbr¨ucken, Germany fjasmin.blanchette,[email protected] 5 Saarbr¨ucken Graduate School of Computer Science, Saarland Informatics Campus, Saarbr¨ucken, Germany [email protected] Proof assistants are used in verification, formal mathematics, and other areas to provide trust- worthy, machine-checkable formal proofs of theorems.
    [Show full text]
  • Epistemological Consequences of the Incompleteness Theorems
    Epistemological Consequences of the Incompleteness Theorems Giuseppe Raguní UCAM - Universidad Católica de Murcia, Avenida Jerónimos 135, Guadalupe 30107, Murcia, Spain - [email protected] After highlighting the cases in which the semantics of a language cannot be mechanically reproduced (in which case it is called inherent), the main episte- mological consequences of the first incompleteness Theorem for the two funda- mental arithmetical theories are shown: the non-mechanizability for the truths of the first-order arithmetic and the peculiarities for the model of the second- order arithmetic. Finally, the common epistemological interpretation of the second incompleteness Theorem is corrected, proposing the new Metatheorem of undemonstrability of internal consistency. KEYWORDS: semantics, languages, epistemology, paradoxes, arithmetic, in- completeness, first-order, second-order, consistency. 1 Semantics in the Languages Consider an arbitrary language that, as normally, makes use of a countable1 number of characters. Combining these characters in certain ways, are formed some fundamental strings that we call terms of the language: those collected in a dictionary. When the terms are semantically interpreted, i. e. a certain meaning is assigned to them, we have their distinction in adjectives, nouns, verbs, etc. Then, a proper grammar establishes the rules arXiv:1602.03390v1 [math.GM] 13 Jan 2016 of formation of sentences. While the terms are finite, the combinations of grammatically allowed terms form an infinite-countable amount of possible sentences. In a non-trivial language, the meaning associated to each term, and thus to each ex- pression that contains it, is not always unique. The same sentence can enunciate different things, so representing different propositions.
    [Show full text]
  • Video Lessons for Illustrative Mathematics: Grades 6-8 and Algebra I
    Video Lessons for Illustrative Mathematics: Grades 6-8 and Algebra I The Department, in partnership with Louisiana Public Broadcasting (LPB), Illustrative Math (IM), and SchoolKit selected 20 of the critical lessons in each grade level to broadcast on LPB in July of 2020. These lessons along with a few others are still available on demand on the SchoolKit website. To ensure accessibility for students with disabilities, all recorded on-demand videos are available with closed captioning and audio description. Updated on August 6, 2020 Video Lessons for Illustrative Math Grades 6-8 and Algebra I Background Information: Lessons were identified using the following criteria: 1. the most critical content of the grade level 2. content that many students missed due to school closures in the 2019-20 school year These lessons constitute only a portion of the critical lessons in each grade level. These lessons are available at the links below: • Grade 6: http://schoolkitgroup.com/video-grade-6/ • Grade 7: http://schoolkitgroup.com/video-grade-7/ • Grade 8: http://schoolkitgroup.com/video-grade-8/ • Algebra I: http://schoolkitgroup.com/video-algebra/ The tables below contain information on each of the lessons available for on-demand viewing with links to individual lessons embedded for each grade level. • Grade 6 Video Lesson List • Grade 7 Video Lesson List • Grade 8 Video Lesson List • Algebra I Video Lesson List Video Lessons for Illustrative Math Grades 6-8 and Algebra I Grade 6 Video Lesson List 6th Grade Illustrative Mathematics Units 2, 3,
    [Show full text]
  • John P. Burgess Department of Philosophy Princeton University Princeton, NJ 08544-1006, USA [email protected]
    John P. Burgess Department of Philosophy Princeton University Princeton, NJ 08544-1006, USA [email protected] LOGIC & PHILOSOPHICAL METHODOLOGY Introduction For present purposes “logic” will be understood to mean the subject whose development is described in Kneale & Kneale [1961] and of which a concise history is given in Scholz [1961]. As the terminological discussion at the beginning of the latter reference makes clear, this subject has at different times been known by different names, “analytics” and “organon” and “dialectic”, while inversely the name “logic” has at different times been applied much more broadly and loosely than it will be here. At certain times and in certain places — perhaps especially in Germany from the days of Kant through the days of Hegel — the label has come to be used so very broadly and loosely as to threaten to take in nearly the whole of metaphysics and epistemology. Logic in our sense has often been distinguished from “logic” in other, sometimes unmanageably broad and loose, senses by adding the adjectives “formal” or “deductive”. The scope of the art and science of logic, once one gets beyond elementary logic of the kind covered in introductory textbooks, is indicated by two other standard references, the Handbooks of mathematical and philosophical logic, Barwise [1977] and Gabbay & Guenthner [1983-89], though the latter includes also parts that are identified as applications of logic rather than logic proper. The term “philosophical logic” as currently used, for instance, in the Journal of Philosophical Logic, is a near-synonym for “nonclassical logic”. There is an older use of the term as a near-synonym for “philosophy of language”.
    [Show full text]
  • Testing Noninterference, Quickly
    Testing Noninterference, Quickly Cat˘ alin˘ Hrit¸cu1 John Hughes2 Benjamin C. Pierce1 Antal Spector-Zabusky1 Dimitrios Vytiniotis3 Arthur Azevedo de Amorim1 Leonidas Lampropoulos1 1University of Pennsylvania 2Chalmers University 3Microsoft Research Abstract To answer this question, we take as a case study the task of Information-flow control mechanisms are difficult to design and extending a simple abstract stack-and-pointer machine to track dy- labor intensive to prove correct. To reduce the time wasted on namic information flow and enforce termination-insensitive nonin- proof attempts doomed to fail due to broken definitions, we ad- terference [23]. Although our machine is simple, this exercise is vocate modern random testing techniques for finding counterexam- both nontrivial and novel. While simpler notions of dynamic taint ples during the design process. We show how to use QuickCheck, tracking are well studied for both high- and low-level languages, a property-based random-testing tool, to guide the design of a sim- it has only recently been shown [1, 24] that dynamic checks are ple information-flow abstract machine. We find that both sophis- capable of soundly enforcing strong security properties. Moreover, ticated strategies for generating well-distributed random programs sound dynamic IFC has been studied only in the context of lambda- and readily falsifiable formulations of noninterference properties calculi [1, 16, 25] and While programs [24]; the unstructured con- are critically important. We propose several approaches and eval- trol flow of a low-level machine poses additional challenges. (Test- uate their effectiveness on a collection of injected bugs of varying ing of static IFC mechanisms is left as future work.) subtlety.
    [Show full text]
  • Pure Mathematics
    Why Study Mathematics? Mathematics reveals hidden patterns that help us understand the world around us. Now much more than arithmetic and geometry, mathematics today is a diverse discipline that deals with data, measurements, and observations from science; with inference, deduction, and proof; and with mathematical models of natural phenomena, of human behavior, and social systems. The process of "doing" mathematics is far more than just calculation or deduction; it involves observation of patterns, testing of conjectures, and estimation of results. As a practical matter, mathematics is a science of pattern and order. Its domain is not molecules or cells, but numbers, chance, form, algorithms, and change. As a science of abstract objects, mathematics relies on logic rather than on observation as its standard of truth, yet employs observation, simulation, and even experimentation as means of discovering truth. The special role of mathematics in education is a consequence of its universal applicability. The results of mathematics--theorems and theories--are both significant and useful; the best results are also elegant and deep. Through its theorems, mathematics offers science both a foundation of truth and a standard of certainty. In addition to theorems and theories, mathematics offers distinctive modes of thought which are both versatile and powerful, including modeling, abstraction, optimization, logical analysis, inference from data, and use of symbols. Mathematics, as a major intellectual tradition, is a subject appreciated as much for its beauty as for its power. The enduring qualities of such abstract concepts as symmetry, proof, and change have been developed through 3,000 years of intellectual effort. Like language, religion, and music, mathematics is a universal part of human culture.
    [Show full text]