automating the diagram method to prove correctness of
play

Automating the Diagram Method to Prove Correctness of Program - PowerPoint PPT Presentation

Aug 05, 2023 •462 likes •766 views

Automating the Diagram Method to Prove Correctness of Program Transformations David Sabel Goethe-University Frankfurt am Main, Germany WPTE 2018, July 8th, Oxford, UK Research supported by the Deutsche Forschungsgemeinschaft (DFG) under

  1. Automating the Diagram Method to Prove Correctness of Program Transformations David Sabel † Goethe-University Frankfurt am Main, Germany WPTE 2018, July 8th, Oxford, UK † Research supported by the Deutsche Forschungsgemeinschaft (DFG) under grant SA 2908/3-1.

  2. Motivation reasoning on program transformations w.r.t. operational semantics for program calculi with higher-order constructs and recursive bindings, e.g. letrec-expressions : letrec x 1 = s 1 ; . . . ; x n = s n in t extended call-by-need lambda calculi with letrec that model core languages of lazy functional programming languages like Haskell 2/22

  3. Correctness of Program Transformations A program transformation T is a binary relation on expressions. It is correct iff e T → e ′ = ⇒ C [ e ′ ] ↓ ) − ⇒ ( ∀ contexts C : C [ e ] ↓ ⇐ sr, ∗ → e ′ and e ′ is a successful result ↓ means successful evaluation e ↓ := e − − where sr − → is the small-step operational semantics (standard reduction) sr, ∗ → is the reflexive-transitive closure of sr and − − − → As a core proof method, we need to show convergence preservation: e T ′ ⇒ e ′ ↓ ) → e ′ = − ⇒ ( e ↓ = where T ′ is a contextual closure of T 3/22

  4. Idea of the Diagram Method Base case: For all successful e Inductive construction program transformation e e ′ e e ′ successful standard reduction steps e ′′′ e ′′ successful . . . General case: For all programs e by the program induction transformation hypothesis e ′ e standard standard reduction reduction steps e 4 e 5 e ′′ e ′′ e ′′′ program succ. successful successful transformation steps 4/22

  5. Focused Languages and Previous Results The diagram technique was, for instance, used for call-by-need lambda calculi with letrec, data constructors, case, and seq [SSSS08, JFP] and non-determinism [SSS08, MSCS] process calculi with call-by-value [NSSSS07, MFPS] or call-by-need evaluation [SSS11, PPDP] and [SSS12, LICS] reasoning on whether program transformations are improvements w.r.t. the run-time [SSS15, PPDP], [SSS17, SCP], [SSSD18,PPDP] and space [SSD18,WPTE] 5/22

  6. Focused Languages and Previous Results The diagram technique was, for instance, used for call-by-need lambda calculi with letrec, data constructors, case, and seq [SSSS08, JFP] and non-determinism [SSS08, MSCS] process calculi with call-by-value [NSSSS07, MFPS] or call-by-need evaluation [SSS11, PPDP] and [SSS12, LICS] reasoning on whether program transformations are improvements w.r.t. the run-time [SSS15, PPDP], [SSS17, SCP], [SSSD18,PPDP] and space [SSD18,WPTE] Conclusions from these works The diagram method works well The method requires to compute overlaps (error-prone, tedious,...) Automation of the method would be valuable 5/22

  7. Automation of the Diagram-Method compute translate overlaps diagrams calculus description overlaps (I)TRS diagrams program join prove termination transformations (AProVE/CeTA) overlaps Diagram Automated Input calculator induction Structure of the LRSX-Tool 6/22

  8. Representation of the Input compute translate overlaps diagrams calculus description overlaps (I)TRS diagrams program join prove termination transformations (AProVE/CeTA) overlaps Diagram Automated Input calculator induction Structure of the LRSX-Tool 7/22

  9. Requirements on the Meta-Syntax Operational semantics of typical call-by-need calculi (excerpt) Reduction contexts: A ::= [ · ] | ( A e ) R ::= A | letrec Env in A | letrec { x i = A i [ x i +1 ] } n − 1 i =1 , x n = A n , Env , in A [ x 1 ] Standard-reduction rules and some program transformations: (SR,lbeta) R [( λx.e 1 ) e 2 ] → R [ letrec x = e 2 in e 1 ] . . . (T,cpx) T [ letrec x = y, Env in C [ x ]] → T [ letrec x = y, Env in C [ y ]] T [ letrec Env , Env ′ in e ] → T [ letrec Env ′ in e ] , (T,gc,1) if LetV ars ( Env ) ∩ FV ( e, Env ′ ) = ∅ (T,gc,2) T [ letrec Env in e ] → T [ e ] if LetVars ( Env ) ∩ FV ( e ) = ∅ Meta-syntax must be capable to represent: contexts of different classes environments Env i and environment chains { x i = A i [ x i +1 ] } n − 1 i =1 8/22

  10. Syntax of the Meta-Language LRSX x ∈ Var ::= X Variables (variable meta-variable) | x (concrete variable) s ∈ Expr ::= S Expressions (expression meta-variable) | D [ s ] (context meta-variable) | letrec env in s (letrec-expression) | var x (variable) | ( f r 1 . . . r ar ( f ) ) (function application) where r i is o i , s i , or x i specified by f o ∈ HExpr n ::= x 1 . . . . x n .s (higher-order expression) Environments env ∈ Env ::= ∅ (empty environment) | E ; env (environment meta-variable) | Ch [ x, s ]; env (chain meta-variable) | x = s ; env (binding) Ch [ x, s ] represents chains x = C 1 [ var x 1 ]; x 1 = C 2 [ var x 2 ]; . . . ; x n = C n [ s ] where C i are contexts of class cl ( Ch ) 9/22

  11. Binding and Scoping Constraints There are restrictions on scoping and emptiness: . . . (T,cpx) T [ letrec x = y, Env in C [ x ]] → T [ letrec x = y, Env in C [ y ]] x, y are not captured by C in C [ x ] , C [ y ] (T,gc,2) T [ letrec Env in e ] → T [ e ] if Env � = ∅ , LetVars ( Env ) ∩ FV ( e ) = ∅ We express them by constraint tuples ∆ = (∆ 1 , ∆ 2 , ∆ 3 ) : non-empty context constraints ∆ 1 : set of context variables - ground substitution ρ satisfies D ∈ ∆ 1 iff ρ ( D ) � = [ · ] non-empty environment constraints ∆ 2 : set of environment variables - ρ satisfies E ∈ ∆ 2 iff ρ ( E ) � = ∅ non-capture constraints (NCCs) ∆ 3 : set of pairs ( s, d ) - ρ satisfies ( s, d ) iff the hole of ρ ( d ) does not capture variables of ρ ( s ) 10/22

  12. Representation of Rules Standard reductions and transformations are represented as ℓ → ∆ r where ℓ, r are LRSX-expressions and ∆ is a constraint-tuple Example: (T,gc,2) T [ letrec Env in e ] → T [ e ] if LetVars ( Env ) ∩ FV ( e ) = ∅ is represented as D [ letrec E in S ] → ( ∅ , { E } , { ( S, letrec E in [ · ]) } ) D [ S ] 11/22

  13. Computing Overlaps compute translate overlaps diagrams calculus description overlaps (I)TRS diagrams program join prove termination transformations (AProVE/CeTA) overlaps Diagram Automated Input calculator induction Structure of the LRSX-Tool 12/22

  14. Computing Overlaps by Unification program transformation σ ( ℓ A ) = σ ( ℓ B ) σ ( r B ) standard * reduction · σ ( r A ) * unifier σ for { ℓ A . = ℓ B } 13/22

  15. Computing Overlaps by Unification program transformation σ ( ℓ A ) = σ ( ℓ B ) σ ( r B ) standard * reduction · σ ( r A ) * unifier σ for ( { ℓ A . = ℓ B } , ∆ A ∪ ∆ B ) Unification also has to respect the constraints ∆ A ∪ ∆ B 13/22

  16. Computing Overlaps by Unification program transformation σ ( ℓ A ) = σ ( ℓ B ) σ ( r B ) standard * reduction · σ ( r A ) * unifier σ for ( { ℓ A . = ℓ B } , ∆ A ∪ ∆ B ) Unification also has to respect the constraints ∆ A ∪ ∆ B Occurrence Restrictions: S -variables at most twice, E -, Ch -, D -variables at most once The Letrec Unification Problem is NP-complete [SSS16, PPDP] Algorithm UnifLRS [SSS16, PPDP] is sound and complete 13/22

  17. Computing Overlaps by Unification program transformation σ ( ℓ A ) = σ ( ℓ B ) ( σ ( r B ) , ∆) standard * reduction · ( σ ( r A ) , ∆) * output ( σ, ∆) for ( { ℓ A . = ℓ B } , ∆ A ∪ ∆ B ) Unification also has to respect the constraints ∆ A ∪ ∆ B Occurrence Restrictions: S -variables at most twice, E -, Ch -, D -variables at most once The Letrec Unification Problem is NP-complete [SSS16, PPDP] Algorithm UnifLRS [SSS16, PPDP] is sound and complete and computes a finite representation of solutions 13/22

  18. Computing Joins compute translate overlaps diagrams calculus description overlaps (I)TRS diagrams program join prove termination transformations (AProVE/CeTA) overlaps Diagram Automated Input calculator induction Structure of the LRSX-Tool 14/22

  19. Computing Diagrams program transformation . ( t 1 , ∇ ) standard reduction * . ( t 2 , ∇ ) * computing joins ∗ − → : abstract rewriting by rules ℓ → ∆ r meta-variables in ℓ, r are instantiable and meta-variables in t i are fixed rewriting: match ℓ against t i and show that the given constraints ∇ imply the needed constraints ∆ Sound and complete matching algorithm MatchLRS [Sab17, UNIF] 15/22

  20. � � � � � � � � Example: (gc)-Transformation (T,gc) := (T,gc,1) ∪ (T,gc,2) Unification computes 192 overlaps and joining results in 324 diagrams which can be represented by the diagrams T,gc T,gc · · · · SR ,lbeta � SR ,lbeta SR ,cp � SR ,cp � · � · · · T,gc T,gc T,gc T,gc · · · · SR ,lll � SR ,lll SR ,lll � � · T,gc · · T,gc and the answer diagram T,gc � Ans Ans 16/22

  21. Automated Induction compute translate overlaps diagrams calculus description overlaps (I)TRS diagrams program join prove termination transformations (AProVE/CeTA) overlaps Diagram Automated Input calculator induction Structure of the LRSX-Tool 17/22

  22. � Automated Induction: Ideas [RSSS12, IJCAR] Ignore the concrete expressions, only keep: kind of rule (SR or transformation) and rule-names, and answers as abstract constant T,gc � · · T,gc � Ans SR ,lbeta � SR ,lbeta Ans � · · T,gc 18/22

Recommend

Correctness of Program Transformations: Automating Diagram-Based Proofs David Sabel

Correctness of Program Transformations: Automating Diagram-Based Proofs David Sabel

Correctness of Program Transformations: Automating Diagram-Based Proofs David Sabel Goethe-University Frankfurt am Main, Germany Research supported by the Deutsche Forschungsgemeinschaft (DFG) under grant SA 2908/3-1. Motivation reasoning

736 views • 72 slides
Lecture 4-5 : Types Dont prove correctness: just find bugs .. - model checking - light

Lecture 4-5 : Types Dont prove correctness: just find bugs .. - model checking - light

CS6202: Advanced Topics in Rise of Lightweight Formal Methods Rise of Lightweight Formal Methods Programming Languages and Systems Lecture 4-5 : Types Dont prove correctness: just find bugs .. - model checking - light specification and

615 views • 24 slides
How Do We Know What We Know? Scientific Method Science is first and foremost a method to

How Do We Know What We Know? Scientific Method Science is first and foremost a method to

How Do We Know What We Know? Scientific Method Science is first and foremost a method to determine the truth. New theories become accepted when enough evidence is found to prove them, not because well respected scientists propose them. You

591 views • 24 slides
Automating elementary number-theoretic proofs using Gr obner bases John Harrison Intel

Automating elementary number-theoretic proofs using Gr obner bases John Harrison Intel

Automating elementary number-theoretic proofs using Gr obner bases John Harrison Intel Corporation CADE, Bremen Tue 17th July 2007 (12:0012:30) 0 Divisibility properties over the integers Often want to prove tedious lemmas like a n

750 views • 19 slides
Least Squares Method The objective of the scatter diagram is to measure the strength and

Least Squares Method The objective of the scatter diagram is to measure the strength and

1 Least Squares Method The objective of the scatter diagram is to measure the strength and direction of the linear relationship. Both can be more easily judged by drawing a straight line through the data. Which line best describes the

747 views • 37 slides
Towards less painful verification of the full correctness for C Keiko Nakata 25 October 2008

Towards less painful verification of the full correctness for C Keiko Nakata 25 October 2008

Towards less painful verification of the full correctness for C Keiko Nakata 25 October 2008 The content of the talk A report on my experience in combining an automatic decision procedure (Ergo) and interactive reasoning (Coq) to prove both

1.2k views • 102 slides
Sankey Diagram: A Method to Visualize Student Flow and Success Hanyan Wang, Beverly King, Ying

Sankey Diagram: A Method to Visualize Student Flow and Success Hanyan Wang, Beverly King, Ying

Sankey Diagram: A Method to Visualize Student Flow and Success Hanyan Wang, Beverly King, Ying Zhou Institutional Planning, Assessment and Research ECU Student Success Conference January 25, 2019 1 What is a Sankey Diagram? 2 Charles

804 views • 28 slides
Proving Program Correctness The Axiomatic Approach What is Correctness? Correctness:

Proving Program Correctness The Axiomatic Approach What is Correctness? Correctness:

3/10/10 Proving Program Correctness The Axiomatic Approach What is Correctness? Correctness: partial correctness + termination Partial correctness: Program implements its specification 1 3/10/10 Proving Partial Correctness

420 views • 13 slides
Dragon1 Features Presentation 1. Import.xls and .bpmn files 2. Create UML use case diagram,

Dragon1 Features Presentation 1. Import.xls and .bpmn files 2. Create UML use case diagram,

Dragon1 Features Presentation 1. Import.xls and .bpmn files 2. Create UML use case diagram, class diagram, state transition diagram, activity diagram, sequence diagram 3. Create WSDL / SOA diagram 4. Create layered architecture diagram

646 views • 20 slides
Automating batch fecundity measurements Automating batch fecundity measurements using digital

Automating batch fecundity measurements Automating batch fecundity measurements using digital

W orking Group on Acoustic and Egg Surveys for Sardine and Anchovy in I CES Areas VI I I and I X, Nantes, 2 4 -2 8 / 1 1 / 2 0 0 8 Automating batch fecundity measurements Automating batch fecundity measurements using digital image analysis

391 views • 13 slides
Experience & Status of the LIGO Slow Controls System(s) E1200224, aLIGO, Slow Controls A few

Experience & Status of the LIGO Slow Controls System(s) E1200224, aLIGO, Slow Controls A few

Experience & Status of the LIGO Slow Controls System(s) E1200224, aLIGO, Slow Controls A few specific links that may prove generally useful: D1100683, Block Diagram D1102294, Network Diagram G1200005, EtherCAT for advanced LIGO G1100098,

611 views • 15 slides
08Program Verification II CS 5209: Foundation in Logic and AI Martin Henz and Aquinas Hobor

08Program Verification II CS 5209: Foundation in Logic and AI Martin Henz and Aquinas Hobor

Review Hoare Triples; Partial and Total Correctness Practical Aspects of Correctness Proofs Correctness of the Factorial Function Proof Calculus for Total Correctness 08Program Verification II CS 5209: Foundation in Logic and AI Martin

778 views • 39 slides
Program Correctness Assert formal correctness statements about

Program Correctness Assert formal correctness statements about

Program Correctness Assert formal correctness statements about cri4cal parts of a program and reason effec4vely A program is intended to carry out a

1.01k views • 57 slides
Yogi Bhajans Original Diagram Shannahoffs Diagram 84 Points Gurudass Diagram 84 Points

Yogi Bhajans Original Diagram Shannahoffs Diagram 84 Points Gurudass Diagram 84 Points

Yogi Bhajans Original Diagram Shannahoffs Diagram 84 Points Gurudass Diagram 84 Points Cleaned-up Diagram Effect on Hypothalamus - Overview Hypothalamus Detail Sound Psychological Experiment Sound Psychological Experiment BLUBA

696 views • 35 slides
Today Flow review Augmenting paths Ford-Fulkerson Algorithm Intro to cuts (reason: prove

Today Flow review Augmenting paths Ford-Fulkerson Algorithm Intro to cuts (reason: prove

Today Flow review Augmenting paths Ford-Fulkerson Algorithm Intro to cuts (reason: prove correctness) Flow Networks s = source, t = sink. c(e) = capacity of edge e Capacity condition: 0 f(e) c(e) Conservation condition: for v V

494 views • 28 slides
CS70: Lecture 2. Outline. Today: Proofs!!! 1. By Example (or Counterexample). 2. Direct. (Prove P

CS70: Lecture 2. Outline. Today: Proofs!!! 1. By Example (or Counterexample). 2. Direct. (Prove P

CS70: Lecture 2. Outline. Today: Proofs!!! 1. By Example (or Counterexample). 2. Direct. (Prove P = Q . ) 3. by Contraposition (Prove P = Q ) 4. by Contradiction (Prove P .) 5. by Cases Quick Background and Notation. Integers closed

693 views • 16 slides
RANDOMIZING AND RANDOMIZING AND AUTOMATING ASSESSMENT AUTOMATING ASSESSMENT WITH R WITH R exams

RANDOMIZING AND RANDOMIZING AND AUTOMATING ASSESSMENT AUTOMATING ASSESSMENT WITH R WITH R exams

RANDOMIZING AND RANDOMIZING AND AUTOMATING ASSESSMENT AUTOMATING ASSESSMENT WITH R WITH R exams exams 1 THE THE exams exams PACKAGE PACKAGE by @AchimZeileis and others, Statistics, Universitt Innsbruck www.r-exams.org latest release

379 views • 14 slides
Automating the Automating the configuration of flow configuration of flow monitoring probes

Automating the Automating the configuration of flow configuration of flow monitoring probes

Zurich Research Laboratory Automating the Automating the configuration of flow configuration of flow monitoring probes monitoring probes Xenofontas (Fontas) Dimitropoulos (xed@zurich.ibm.com) Andreas Kind (ank@zurich.ibm.com) IBM | Dec 07

303 views • 14 slides
Automating Authority Work Automating authority work, or, Be your own authority control vendor

Automating Authority Work Automating authority work, or, Be your own authority control vendor

Mike Monaco Coordinator, Cataloging Services May 14, 2018 Automating Authority Work Automating authority work, or, Be your own authority control vendor Ohio Valley Group of Technical Services Librarians Mike Monaco 2018 Conference, May

1.06k views • 67 slides
Automating Registrar Onboarding What is AROS? A utomated R egistrar O nboarding S ystem

Automating Registrar Onboarding What is AROS? A utomated R egistrar O nboarding S ystem

Automating Registrar Onboarding What is AROS? A utomated R egistrar O nboarding S ystem Replacing the current paper/fax based accreditation system Automating what can be automated Providing a better user experience Improving

232 views • 8 slides
II UML Class Diagram & Object Diagram II, Jan Pettersen Nytun, page no 1 Dependency: A

II UML Class Diagram & Object Diagram II, Jan Pettersen Nytun, page no 1 Dependency: A

UML Class & Object Diagram II UML Class Diagram & Object Diagram II, Jan Pettersen Nytun, page no 1 Dependency: A relationship between two modeling elements indicates that a change in the destination may effect the source. Example

650 views • 22 slides
CS 451 Software Engineering Yuanfang Cai Room 104, University Crossings 215.895.0298

CS 451 Software Engineering Yuanfang Cai Room 104, University Crossings 215.895.0298

CS 451 Software Engineering Yuanfang Cai Room 104, University Crossings 215.895.0298 yfcai@cs.drexel.edu 1 Drexel University Design Models Data Flow Diagram Class Diagram Sequence Diagram State Diagram Component Diagram

391 views • 28 slides
Translating an ER diagram to a relational schema Given an ER diagram, we can look for a relational

Translating an ER diagram to a relational schema Given an ER diagram, we can look for a relational

Inf1-DA 20102011 I: 36 / 117 Translating an ER diagram to a relational schema Given an ER diagram, we can look for a relational schema that closely approximates the ER design. The translation is approximate because it is not always feasible

755 views • 16 slides
COMPSCI 326 Web Programming Week 09: ER Diagram Sketches Agenda 4:00 4:35 ER Diagram

COMPSCI 326 Web Programming Week 09: ER Diagram Sketches Agenda 4:00 4:35 ER Diagram

COMPSCI 326 Web Programming Week 09: ER Diagram Sketches Agenda 4:00 4:35 ER Diagram Sketches 4:35 5:10 Team Lightning Data Talks 2 minute presentation on: 1. 1-2 sentences overviewing your startups application 2. 1-2

632 views • 22 slides

More recommend