DOCSLIB.ORG

Veriml: a Dependently-Typed, User-Extensible and Language-Centric Approach to Proof Assistants

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Veriml: a Dependently-Typed, User-Extensible and Language-Centric Approach to Proof Assistants Abstract VeriML: A dependently-typed, user-extensible and language-centric approach to proof assistants Antonios Michael Stampoulis 2013 Software certification is a promising approach to producing programs which are virtually free of bugs. It requires the construction of a formal proof which establishes that the code in question will behave according to its specification – a higher-level description of its functionality. The construction of such formal proofs is carried out in tools called proof assistants. Advances in the current state-of-the-art proof assistants have enabled the certification of a number of complex and realistic systems software. Despite such success stories, large-scale proof development is an arcane art that requires significant manual effort and is extremely time-consuming. The widely accepted best practice for limiting this effort is to develop domain- specific automation procedures to handle all but the most essential steps of proofs. Yet this practice is rarely followed or needs comparable development effort as well. This is due to a profound architectural shortcoming of existing proof assistants: developing automation procedures is currently overly complicated and error-prone. It involves the use of an amalgam of extension languages, each with a different programming model and a set of limitations, and with significant interfacing problems between them. This thesis posits that this situation can be significantly improved by designing a proof assistant with extensibil- ity as the central focus. Towards that effect, I have designed a novel programming language called VeriML, which combines the benefits of the different extension languages used in current proof assistants while eschewing their limitations. The key insight of the VeriML design is to combine a rich programming model with a rich type system, which retains at the level of types information about the proofs manipulated inside automation procedures. The ef- fort required for writing new automation procedures is significantly reduced by leveraging this typing information accordingly. I show that generalizations of the traditional features of proof assistants are a direct consequence of the VeriML design. Therefore the language itself can be seen as the proof assistant in its entirety and also as the single language the user has to master. Also, I show how traditional automation mechanisms offered by current proof assistants can be programmed directly within the same language; users are thus free to extend them with domain-specific sophistication of arbitrary complexity. In this dissertation I present all aspects of the VeriML language: the formal definition of the language; an ex- tensive study of its metatheoretic properties; the details of a complete prototype implementation; and a number of examples implemented and tested in the language. VeriML: A dependently-typed, user-extensible and language-centric approach to proof assistants A Dissertation Presented to the Faculty of the Graduate School of Yale University in Candidacy for the Degree of Doctor of Philosophy by Antonios Michael Stampoulis Dissertation Director: Zhong Shao May 2013 Copyright c 2013 by Antonios Michael Stampoulis All rights reserved. ii Contents List of Figures v List of Tables viii List of Code Listings ix Acknowledgements xi 1 Introduction 1 1.1 Problem description . .2 1.2 Thesis statement . .4 1.3 Summary of results . .5 2 Informal overview 8 2.1 Proof assistant architecture . .8 2.1.1 Preliminary notions . .8 2.1.2 Variations . 11 2.1.3 Issues . 18 2.2 A new architecture: VeriML . 19 2.3 Brief overview of the language . 23 3 The logic λHOL: Basic framework 35 3.1 The base λHOL logic . 35 3.2 Adding equality . 39 3.3 λHOL as a Pure Type System . 42 3.4 λHOL using hybrid deBruijn variables . 44 4 The logic λHOL: Extension variables 54 4.1 λHOL with metavariables . 54 4.2 λHOL with extension variables . 62 4.3 Constant schemata in signatures . 73 4.4 Named extension variables . 74 5 The logic λHOL: Pattern matching 77 5.1 Pattern matching . 77 5.2 Collapsing extension variables . 105 iii 6 The VeriML computational language 112 6.1 Base computation language . 112 6.1.1 Presentation and formal definition . 112 6.1.2 Metatheory . 121 6.2 Derived pattern matching forms . 128 6.3 Staging . 134 6.4 Proof erasure . 141 7 User-extensible static checking 145 7.1 User-extensible static checking for proofs . 149 7.1.1 The extensible conversion rule . 149 7.1.2 Proof object expressions as certificates . 158 7.2 User-extensible static checking for tactics . 160 7.3 Programming with dependently-typed data structures . 167 8 Prototype implementation 176 8.1 Overview............................................................ 176 8.2 Logic implementation . 178 8.2.1 Type inference for logical terms . 180 8.2.2 Inductive definitions . 184 8.3 Computational language implementation . 187 8.3.1 Surface syntax extensions . 188 8.3.2 Translation to OCaml . 192 8.3.3 Staging . 194 8.3.4 Proof erasure . 195 8.3.5 VeriML as a toplevel and VeriML as a translator . 195 9 Examples and Evaluation 197 9.1 Basic support code . 197 9.2 Extensible rewriters . 200 9.3 Naive equality rewriting . 205 9.4 Equality with uninterpreted functions . 205 9.5 Automated proof search for first-order formulas . 212 9.6 Natural numbers . 215 9.7 Normalizing natural number expressions . 220 9.8 Evaluation . 224 10 Related work 227 10.1 Development of tactics and proof automation . 227 10.2 Proof assistant architecture . 233 10.3 Extensibility of the conversion rule . 234 10.4 Type-safe manipulation of languages with binding . 235 10.5 Mixing logic with computation . 236 11 Conclusion and future work 238 iv Bibliography 244 v List of Figures 2.1 Basic architecture of proof assistants . .9 2.2 Programming languages available for writing automation procedures in the Coq architecture . 15 2.3 Comparison of architecture between current proof assistants and VeriML . 19 2.4 Comparison of small-scale automation approach between current proof assistants and VeriML . 21 3.1 The base syntax of the logic λHOL........................................... 36 3.2 The typing rules of the logic λHOL .......................................... 36 3.3 The typing rules of the logic λHOL (continued) . 37 3.4 Capture avoiding substitution . 37 3.5 The logic λHOLE : syntax and typing extensions for equality . 41 3.6 The syntax of the logic λHOL given as a PTS . 42 3.7 The typing rules of the logic λHOL in PTS style . ..
Load more

Recommended publications
  • Ecaccess User Guide
    ECaccess User Guide User Support Operations Department Version 3.3.0 May 2009 c Copyright 2009 European Centre for Medium-Range Weather Forecasts Shinfield Park, Reading, RG2 9AX, United Kingdom Literary and scientific copyrights belong to ECMWF and are reserved in all countries. The information within this publication is given in good faith and considered to be true, but ECMWF accepts no liability for error, omission and for loss or damage arising from its use. CONTENTS Contents 1 Introduction 3 2 Ecaccess concepts 4 2.1 ECaccess gateway ......................................... 4 2.2 Using an ECaccess gateway ................................... 5 2.3 Plugins ............................................... 5 3 Security authentication 7 3.1 ECaccess certificate ........................................ 7 3.2 ECcert command ......................................... 7 4 Unattended file transfers initiated from ECMWF 10 4.1 Target location ........................................... 10 4.2 ECtrans command ......................................... 11 4.2.1 Transfer to a Member State host via gateway ....................... 12 4.2.2 Transfer from a Member State host via gateway ...................... 12 5 Shell commands 14 5.1 Environment ............................................ 14 5.2 Access to Shell commands .................................... 15 5.3 General information ........................................ 15 5.4 File management ......................................... 15 5.5 Batch job management .....................................
    [Show full text]
  • Argus Research (July 2020)
    EQUITY RESEARCH REPORT July 13, 2020 MOLECULAR DATA INC. (NCM: MKD) Founded in 2013, China-based Molecular Data operates an e-commerce platform that KEY STATISTICS connects and serves participants of the Chinese chemicals industry across the value chain. Key Stock Statistics COMPANY HIGHLIGHTS Recent price (7/7/20) $2.40 * MKD: Connecting China’s Chemical Industry Value Chain 52 week high/low $11.80/$0.57 ADS Outstanding (M) 115 * In our view, Molecular Data has assembled a comprehensive network that can capture value across multiple previous pain points in China’s fragmented chemicals industry. Market cap (M) $276.0 Dividend Nil * After several years of organically building platform capabilities to include financial services, warehousing, logistics and software as a service (SaaS) offerings, Molecular Yield Nil Data should now be able to diversify its revenue stream beyond its core chemical direct e-commerce sales. This should lead to enhanced profit margins and, ultimately, sustainable Sector Overview profitability. Sector Materials * At the end of 2019, Molecular Data completed an initial public offering that yielded net Sector % of S&P 500 2.5% proceeds of approximately $55 million. As a result, we view the company as well posi- tioned to invest in its integrated e-commerce platform with new higher-margin services, and to pursue the acquisition of new capabilities and services globally. Financials ($M) * Although we expect near-term financial results to be impacted by the COVID-19 outbreak, Cash & Mkt Securities 8.3 which forced many customers and suppliers to halt operations throughout the first half of Debt 2.0 2020, we are encouraged by continued robust traffic on the Molbase platform.
    [Show full text]
  • Openvms: an Introduction
    The Operating System Handbook or, Fake Your Way Through Minis and Mainframes by Bob DuCharme VMS Table of Contents Chapter 7 OpenVMS: An Introduction.............................................................................. 7.1 History..........................................................................................................................2 7.1.1 Today........................................................................................................................3 7.1.1.1 Popular VMS Software..........................................................................................4 7.1.2 VMS, DCL................................................................................................................4 Chapter 8 Getting Started with OpenVMS........................................................................ 8.1 Starting Up...................................................................................................................7 8.1.1 Finishing Your VMS Session...................................................................................7 8.1.1.1 Reconnecting..........................................................................................................7 8.1.2 Entering Commands..................................................................................................8 8.1.2.1 Retrieving Previous Commands............................................................................9 8.1.2.2 Aborting Screen Output.........................................................................................9
    [Show full text]
  • Supplementary Material for Traditional Agricultural Practices and the Sex Ratio Today Alberto Alesina1,2, Paola Giuliano3,2,*, Nathan Nunn1,2
    Supplementary Material for Traditional agricultural practices and the sex ratio today Alberto Alesina1,2, Paola Giuliano3,2,*, Nathan Nunn1,2 1 Harvard University. 2 NBER. 3 UCLA. *Correspondence to: [email protected] The Supplementary Material provides details on the data sources and the robustness of the analysis for the results derived in the paper. Additional details on the Ethnographic Atlas The Ethnographic Atlas was constructed by George Peter Murdock. It contains ethnographic information for 1,265 ethnic groups worldwide. The period in which the information was collected varies by ethnicity, with the earliest observation dates coming from ethnicities in the Old World (where early written evidence is available) and the most recent information dating around the 20th century, for those parts of the world without a written history and directly observed by anthropologists. All societies are observed prior to industrialization. In total, 23 ethnicities are observed during the 17th century or earlier, 16 during the 18th century, 310 during the 19th century, 876 between 1900 and 1950, and 31 after 1950. For nine ethnicities, an exact year is not provided. The variable v39 classifies each ethnic group as being in one of the following three categories: (1) the plough was absent, (2) the plough existed at the time the group was observed, but it was not aboriginal, and (3) the plough was aboriginal, having existed prior to contact. Using this information, we construct an indicator variable that equals one if the plough was ever adopted during the pre-industrial period (whether aboriginal or not) and zero otherwise. Of the 1,156 ethnicities for which information exists, for 997 the plough was absent, for 141 the plough was adopted (and aboriginal), and for 18 it was adopted, but after European contact.
    [Show full text]
  • Resource Management: Linux Kernel Namespaces and Cgroups
    Resource management: Linux kernel Namespaces and cgroups Rami Rosen [email protected] Haifux, May 2013 www.haifux.org 1/121 http://ramirose.wix.com/ramirosen TOC Network Namespace PID namespaces UTS namespace Mount namespace user namespaces cgroups Mounting cgroups links Note: All code examples are from for_3_10 branch of cgroup git tree (3.9.0-rc1, April 2013) 2/121 http://ramirose.wix.com/ramirosen General The presentation deals with two Linux process resource management solutions: namespaces and cgroups. We will look at: ● Kernel Implementation details. ●what was added/changed in brief. ● User space interface. ● Some working examples. ● Usage of namespaces and cgroups in other projects. ● Is process virtualization indeed lightweight comparing to Os virtualization ? ●Comparing to VMWare/qemu/scaleMP or even to Xen/KVM. 3/121 http://ramirose.wix.com/ramirosen Namespaces ● Namespaces - lightweight process virtualization. – Isolation: Enable a process (or several processes) to have different views of the system than other processes. – 1992: “The Use of Name Spaces in Plan 9” – http://www.cs.bell-labs.com/sys/doc/names.html ● Rob Pike et al, ACM SIGOPS European Workshop 1992. – Much like Zones in Solaris. – No hypervisor layer (as in OS virtualization like KVM, Xen) – Only one system call was added (setns()) – Used in Checkpoint/Restart ● Developers: Eric W. biederman, Pavel Emelyanov, Al Viro, Cyrill Gorcunov, more. – 4/121 http://ramirose.wix.com/ramirosen Namespaces - contd There are currently 6 namespaces: ● mnt (mount points, filesystems) ● pid (processes) ● net (network stack) ● ipc (System V IPC) ● uts (hostname) ● user (UIDs) 5/121 http://ramirose.wix.com/ramirosen Namespaces - contd It was intended that there will be 10 namespaces: the following 4 namespaces are not implemented (yet): ● security namespace ● security keys namespace ● device namespace ● time namespace.
    [Show full text]
  • HP ESA-L1500A Spectrum Analyzer Programmer's Guide
    Programmer’s Guide HP ESA-L1500A Spectrum Analyzer HEWLETT@’ r!!a PACKARD HP Part No. E4411-90003 Printed in USA January 1997 0 Copyright Hewlett-Packard Company 1997. All Rights Reserved. Reproduction, adaptation, or translation without prior written permission is prohibited, except as allowed under the copyright laws. 1400 Fountaingrove Parkway, Santa Rosa CA, 95403-1799, USA The information contained in this document is subject to change without notice. Hewlett-Packard makes no warranty of any kind with regard to this material, in- cluding but not limited to, the implied warranties of merchantability and fitness for a particular purpose. Hewlett-Packard shall not be liable for errors contained herein or for incidental or consequential damages in connection with the furnishing, per- formance, or use of this material. The following safety symbols are used throughout this manual. Familiarize your- self with the symbols and their meaning before operating this instrument. CAUTION Caution denotes a hazard. It calls attention to a procedure that, if not correctly performed or adhered to, would result in damage to or destruction of the instrument. Do not proceed beyond a caution until the indicated conditions are fully understood and met. WARNING: Warning denotes a hazard. It calls attention to a procedure which, if not correctly performed or adhered to, could result in injury or loss of life. Do not proceed beyond a warning note until the indicated conditions are fully understood and met. WARNING: This is a Safety Class 1 Product (provided with a protective earthing ground incorporated inthe power cord). The mains plug shall only be inserted in a socket outlet provided with a protective earth contact.
    [Show full text]
  • FTP Plug-In User Guide 2017.1 May 2017 Copyright © 2001-2017 Perforce Software
    FTP Plug-In User Guide 2017.1 May 2017 Copyright © 2001-2017 Perforce Software. All rights reserved. Perforce software and documentation is available from www.perforce.com. You can download and use Perforce programs, but you can not sell or redistribute them. You can download, print, copy, edit, and redistribute the documentation, but you can not sell it, or sell any documentation derived from it. You can not modify or attempt to reverse engineer the programs. This product is subject to U.S. export control laws and regulations including, but not limited to, the U.S. Export Administration Regulations, the International Traffic in Arms Regulation requirements, and all applicable end-use, end-user and destination restrictions. Licensee shall not permit, directly or indirectly, use of any Perforce technology in or by any U.S. embargoed country or otherwise in violation of any U.S. export control laws and regulations. Perforce programs and documents are available from our Web site as is. No warranty or support is provided. Warranties and support, along with higher capacity servers, are sold by Perforce Software. Perforce Software assumes no responsibility or liability for any errors or inaccuracies that might appear in this book. By downloading and using our programs and documents you agree to these terms. Perforce and Inter-File Branching are trademarks of Perforce Software. All other brands or product names are trademarks or registered trademarks of their respective companies or organizations. Any additional software included within Perforce
    [Show full text]
  • How Is Dynamic Symbolic Execution Different from Manual Testing? an Experience Report on KLEE
    How is Dynamic Symbolic Execution Different from Manual Testing? An Experience Report on KLEE Xiaoyin Wang, Lingming Zhang, Philip Tanofsky University of Texas at San Antonio University of Texas at Dallas Outline ๏ Background ๏ Research Goal ๏ Study Setup ๏ Quantitative Analysis ๏ Qualitative Analysis ๏ Summary and Future Work "2 /27 Background ๏ Dynamic Symbolic Execution (DSE) •A promising approach to automated test generation •Aims to explore all/specific paths in a program •Generates and solves path constraints at runtime ๏ KLEE •A state-of-the-art DSE tool for C programs •Specially tuned for Linux Coreutils •Reported higher coverage than manual testing "3 /27 Research Goal ๏ Understand the ability of state-of-art DSE tools ! ๏ Identify proper scenarios to apply DSE tools ! ๏ Discover potential opportunities for enhancement "4 /27 Research Questions ๏ Are KLEE-based test suites comparable with manually developed test suites on test sufciency? ๏ How do KLEE-based test suites compare with manually test suites on harder testing problems? ๏ How much extra value can KLEE-based test suites provide to manually test suites? ๏ What are the characteristics of the code/mutants covered/killed by one type of test suites, but not by the other? "5 /27 Study Process KLEE tests reduced KLEE tests program manual tests coverage bug finding quality metrics "6 /27 Study Setup: Tools ๏ KLEE •Default setting for ๏ GCOV test generation •Statement coverage •Execute each program collection for 20 minutes ๏ MutGen •Generates 100 mutation faults for each program
    [Show full text]
  • IBM I Version 7.2
    IBM i Version 7.2 Networking File Transfer Protocol IBM Note Before using this information and the product it supports, read the information in “Notices” on page 157. This document may contain references to Licensed Internal Code. Licensed Internal Code is Machine Code and is licensed to you under the terms of the IBM License Agreement for Machine Code. © Copyright International Business Machines Corporation 1998, 2013. US Government Users Restricted Rights – Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp. Contents FTP on IBM® i.........................................................................................................1 What's new for IBM i 7.2..............................................................................................................................1 PDF file for File Transfer Protocol................................................................................................................1 Scenarios: FTP..............................................................................................................................................1 Scenario: Transferring a file from a remote host...................................................................................2 Scenario: Securing FTP with SSL............................................................................................................3 Configuration details.........................................................................................................................4 Creating
    [Show full text]
  • RSX - 11 M-PLUS Mini-Reference
    RSX - 11 M-PLUS Mini-Reference Order No. AV-H435F-TC RSX - 11M-PLUS Mini-Reference Order Number. AV-H435F-TC RSX-ll M-PLUS Version 4.2 Digital Equipment Corporation Maynard, Massachusetts First Printing, September 1977 Revised, April 1982 Revised, April 1983 Revised, July 1985 R~vised, .September 1987 Revised, January 1989 The information in this document is subject to change without notice and should not be construed as a commitment by Digital Equipment Corporation. Digital Equipment Corporation assumes no responsibility for any errors that may appear in this document. The software described in this document is furnished under a license and may be used or copied only in accordance with the terms of such license. No responsibility is assumed for the use or reliability of software on equipment that is not supplied by Digital Equipment Corporation or its affiliated companies. © Digital Equipment Corporation 1977, 1982, 1983, 1985, 1987, 1989. All Rights Reserved. Printed in U.S.A. The postpaid Reader's Comments forms at the end of this document request your critical evaluation to assist in preparing future documentation. The following are trademarks of Digital Equipment Corporation: DEC DIBOL UNIBUS DEC/CMS EduSystem VAX DEC/MMS lAS VAXcluster DECnet MASSBUS VMS DECsystem-lO PDP VT DECSYSTEM-20 PDT DECUS RSTS DECwriter RSX ~U~UIl~DTM ZK5077 Contents Preface vii Conventions ............................................... viii Online Help Files Online Help Files ............................................. 3 Command Line Interpreters Monitor Console Routine (MCR) Commands ......................... 7 Digital Command Language (DCL) ............................... 21 utilities BAD Command Summary ...................................... 67 iii BRU Command Summary ...................................... 69 CMP Command Summary ...................................... 74 DMP Command Summary .....................................
    [Show full text]
  • Electrical Engineering and Computer Science Department
    Electrical Engineering and Computer Science Department Technical Report NWU-EECS-07-02 February 3, 2006 Network-based and Attack-resilient Length Signature Generation for Zero-day Polymorphic Worms Zhichun Li, Lanjia Wang, Yan Chen and Zhi (Judy) Fu Abstract It is crucial to detect zero-day polymorphic worms and to generate signatures at the edge network gateways or honeynets so that we can prevent the worms from propagating at their early phase. However, most existing network-based signatures generated are not vulnerability based and can be easily evaded under attacks. In this paper, we propose to design vulnerability based signatures without any host-level analysis of worm execution or vulnerable programs. As the first step, we design a network-based Length-based Signature Generator (LESG) for worms based on buffer overflow vulnerabilities. The signatures generated are intrinsic to buffer overflows, and are very hard for attackers to evade. We further prove the attack resilience bounds even under worst case attacks with deliberate noise injection. Moreover, LESG is fast, noise-tolerant, and has efficient signature matching. Evaluation based on real-world vulnerabilities of various protocols and real network traffic demonstrates that LESG is promising in achieving these goals. Keywords: zero-day vulnerability; polymorphic worm; worm signature generation; network intrusion detection/prevention system (IDS/IPS); protocol field length based signature Network-based and Attack-resilient Length Signature Generation for Zero-day Polymorphic Worms Zhichun Li, Lanjia Wangy, Yan Chen and Zhi (Judy) Fuz Northwestern University, Evanston, IL, USA yTsinghua University, Beijing, China zMotorola Labs, Schaumburg IL, USA Abstract It is crucial to detect zero-day polymorphic worms and to generate signatures at the edge network gateways or honeynets so that we can prevent the worms from propagating at its early phase.
    [Show full text]
  • Introduction to I N D and Recursive Partitioning
    NASA-CR-191220 Research Institute for Advanced Computer Science NASA Ames Research Center • i _ / / -- , t Introduction to I N D and Recursive Partitioning WRAY BUNTINE Unc 1 -_, 01_!i306 RIACS Technical Report 91.23 September 1991 Introduction to I N D and Recursive Partitioning RIACS TR 91.23 WRAY BUNTINE The Research Institute of Advanced Computer Science is operated by Universities Space Research Association, The American City Building, Suite 212, Columbia, MD 21044, (301)730-2656 Work reported herein was supported in part by Coopertive Agreement NCC2-387 between the National Aeronautics and Space Administration (NASA) and The Universities Space Research Association (USRA) Work was perfomed at the Research Institute for Advanced Computer Science (RIACS), NASA Ames Research Center, Moffett Field, California 94035-1000 Introduction to IND and Recursive Partitioning Wray Buntine, RIACS Rich Caruana, SJSU/NASA NASA Ames Research Center Mail Stop 269-2 Moffet Field, CA 94035 Version 1.0 September 23, 1991 Copyright (_) 1991 Research Institute for Advanced Computer Science. Abstract This manual describes the IND package for learning tree classifiers from data. The package is an integrated C and C shen re-implementation of tree learning routines such as CART, C4, and various MDL and Bayesian variations. The package includes routines for experiment control, interactive operation, and analysis of tree building. The manual introduces the system and its many options, gives a basic review of tree ]earning, contains a guide to the literature and a glossary, lists the manual pages for the routines, and instructions on installation. Contents Preface Getting Started I-I 1.1 About This Manual ..................................
    [Show full text]