batch proving and proof scripting in pvs
play

Batch Proving and Proof Scripting in PVS C esar A. Mu noz - PowerPoint PPT Presentation

Mar 06, 2023 •95 likes •442 views

Batch Proving and Proof Scripting in PVS C esar A. Mu noz munoz@nianet.org National Institute of Aerospace AFM 2006 NIA @ NASA LaRC 1 The PVS Theorem Prover PVS is a powerful interactive theorem prover. For expert users: PVS provides

  1. Batch Proving and Proof Scripting in PVS C´ esar A. Mu˜ noz munoz@nianet.org National Institute of Aerospace AFM 2006 NIA @ NASA LaRC 1

  2. The PVS Theorem Prover PVS is a powerful interactive theorem prover. For expert users: PVS provides a powerful batch mode as well. Why do we need a batch mode ? NIA @ NASA LaRC 2

  3. The PVS Theorem Prover PVS is a powerful interactive theorem prover. For expert users: PVS provides a powerful batch mode as well. Why do we need a batch mode ? NIA @ NASA LaRC 3

  4. The PVS Theorem Prover PVS is a powerful interactive theorem prover. For expert users: PVS provides a powerful batch mode as well. Why do we need a batch mode ? NIA @ NASA LaRC 4

  5. Scenario 1 After several weeks we have finished the development of an Interval library in PVS: 10 files, 322 lemmas. We want to double check that the status of all the lemmas. A new version of PVS is available. We want to recheck all the proofs. NIA @ NASA LaRC 5

  6. Scenario 2 Consider the function a r ( φ ) = 1 + (1 − f ) 2 tan 2 φ, where a and f are constants. For efficiency reasons, we want to approximate the function r ( φ ) by the polynomial 4439091 � 9023647 2 − φ 2 ) × 2 − φ 2 ) × r ( φ ) ˆ = + ( φ + ( φ 4 4 � 13868737 � 13233647 2 − φ 2 ) × 2 − φ 2 ) × + ( φ + ( φ 64 2048 � − 1898597 ���� − 6661427 2 − φ 2 ) × + ( φ , 16384 131072 where φ = 715 512 and φ ∈ [0 , φ ]. NIA @ NASA LaRC 6

  7. Problem We want to prove that � � e ( φ ) � � 1 . 36 × 10 − 6 , ≤ � � r ( φ ) � � where e ( φ ) = r ( φ ) − ˆ r ( φ ) . In PVS, PHI : Interval = [| 0,715/512 |] RI : LEMMA FORALL (phi:real) : phi ## PHI IMPLIES |e(phi) / r(phi)| ## [| 0,136/1000000000 |] NIA @ NASA LaRC 7

  8. Automatic Proof by Interval Splitting Strategy: Use Interval’s numerical on [0 , φ ]. 1 If step 1 doesn’t work, split interval into [0 , φ 2 ] and [ φ 2 , φ ], and 2 recursively go to step 1. Problem: Very inefficient approach when a large number of splittings are needed (in this case about 10.000). Solution: Compute the splitting outside the theorem prover and generate PVS files with lemmas and proofs (in this case 3 lemmas per splitting). NIA @ NASA LaRC 8

  9. Automatic Proof by Interval Splitting Strategy: Use Interval’s numerical on [0 , φ ]. 1 If step 1 doesn’t work, split interval into [0 , φ 2 ] and [ φ 2 , φ ], and 2 recursively go to step 1. Problem: Very inefficient approach when a large number of splittings are needed (in this case about 10.000). Solution: Compute the splitting outside the theorem prover and generate PVS files with lemmas and proofs (in this case 3 lemmas per splitting). NIA @ NASA LaRC 9

  10. Automatic Proof by Interval Splitting Strategy: Use Interval’s numerical on [0 , φ ]. 1 If step 1 doesn’t work, split interval into [0 , φ 2 ] and [ φ 2 , φ ], and 2 recursively go to step 1. Problem: Very inefficient approach when a large number of splittings are needed (in this case about 10.000). Solution: Compute the splitting outside the theorem prover and generate PVS files with lemmas and proofs (in this case 3 lemmas per splitting). NIA @ NASA LaRC 10

  11. PVS in Batch Mode For Expert Users PVS prover and Emacs interface in batch mode: % pvs -batch Regression testing: ;; file.el (pvs-validate "file.log" "dir" (let ((current-prefix-arg t)) (prove-pvs-file "file.pvs"))) % pvs -batch -l file.el PVS prover without Emacs interface: % pvs -raw NIA @ NASA LaRC 11

  12. PVS in Batch Mode For Expert Users PVS prover and Emacs interface in batch mode: % pvs -batch Regression testing: ;; file.el (pvs-validate "file.log" "dir" (let ((current-prefix-arg t)) (prove-pvs-file "file.pvs"))) % pvs -batch -l file.el PVS prover without Emacs interface: % pvs -raw NIA @ NASA LaRC 12

  13. PVS in Batch Mode For Regular Users (via ProofLite’s proveit utility) % proveit Interval/top.pvs NIA @ NASA LaRC 13

  14. PVS in Batch Mode For Regular Users (via ProofLite’s proveit utility) % proveit -importchain Interval/top.pvs NIA @ NASA LaRC 14

  15. PVS in Batch Mode For Regular Users (via ProofLite’s proveit utility) % proveit -importchain -clean Interval/top.pvs NIA @ NASA LaRC 15

  16. PVS in Batch Mode For Regular Users (via ProofLite’s proveit utility) % proveit -importchain -clean -packages Field Interval/top.pvs NIA @ NASA LaRC 16

  17. PVS in Batch Mode For Regular Users (via ProofLite’s proveit utility) % proveit -importchain -clean -packages Field Interval/top.pvs Processing Interval/top.pvs. Writing output to file Interval/top.out. Proof summary for theory interval IMP_sigma_TCC1........................proved - complete sharp_Proper..........................proved - complete Proper_sharp..........................proved - complete specialbrackets_TCC1..................proved - complete Lt_Ge.................................proved - complete Le_Gt.................................proved - complete Abs_TCC1..............................proved - complete Abs_TCC2..............................proved - complete ... Theory totals: 156 formulas, 156 attempted, 156 succeeded (72.33 s) ... Grand Totals: 322 proofs, 322 attempted, 322 succeeded (122.73 s) NIA @ NASA LaRC 17

  18. PVS Proof Files For Expert Users “The format is: (<theory-id> (<decl-id> <default-proof-posn> (<id> <description> <create-date> <run-date> <script> <status> <refers-to> <real-time> <run-time> <interactive?> <decision-procedure-used>) ...) ...) where <default-proof-posn> is the (0-based) position of the default proof in the list of proofs associated with the declaration. The <create-date> is the time that the proof was first saved, and the <run-date> is the time it was last rerun. The <real-time> and <run-time> are the time it took the last time it was run, and <interactive?> indicates whether that was an interactive run or not [. . . ] Most of the rest of the fields should be self-explanatory . . . ” ∗ NIA @ NASA LaRC ∗ Sam Owre, PVS mailing list, June 2003. 18

  19. PVS Batch Proofs For Regular Users (via ProofLite scripts) PHI0 : Interval = [| 0, 82225/51200000 |] RpI0 : LEMMA phi ## PHI0 IMPLIES |ep(phi)/rp(phi)| ## [| 0, 136/10000000 |] %|- RpI0 : PROOF %|- (instint :taylor "Ep0" :hints "Ep_deriv") %|- QED NIA @ NASA LaRC 19

  20. The ProofLite Package Package for non-interactive proof scripting in PVS: Utility for running the theorem prover in batch mode. A proof scripting notation where proof scripts reside in .pvs files. Suitable for batch generation of specifications and proof scripts. Download: http://research.nianet.org/~munoz/ProofLite NIA @ NASA LaRC 20

  21. The proveit Utility Usage: proveit [OPTION] FILE[@TH1,..,THn]* For each FILE , proveit runs PVS in batch mode and proves theories TH1,..,THn , which are either imported or defined in FILE.pvs . If no theories are provided, proveit proves all theories in FILE . -clean : Removes bin files and .pvscontext before proving -force : Overrides current proofs with ProofLite scripts -importchain : Proves chain of imported theories -packages P1,..,Pn : Loads packages P1,..,Pn -prooftraces : Output proof traces. NIA @ NASA LaRC 21

  22. ProofLite Scripts ProofLite scripts are written in PVS files using the special comment form: l1: LEMMA a*a >= 0 %|- l1 : PROOF (grind) QED ProofLite scripts can extend to multiple lines: l2: LEMMA (nza/2)*(2/nza) = 1 %|- l2 : PROOF %|- (then (skosimp) %|- (grind)) %|- QED NIA @ NASA LaRC 22

  23. Sharing ProofLite Scripts Several lemmas can share the same ProofLite script: l3: LEMMA a*a >= 0 l4: LEMMA (nza/2)*(2/nza) = 1 %|- l3 : PROOF %|- l4 : PROOF %|- (grind) %|- QED NIA @ NASA LaRC 23

  24. ProofLite Scripts for Name-Matching Lemmas Name-matching lemmas can share the same ProofLite script. The symbol * stands for an arbitrary sequence of one or more characters, e.g., l3a: LEMMA a*a >= 0 l4a: LEMMA (nza/2)*(2/nza) = 1 %|- l*a : PROOF %|- (grind) %|- QED NIA @ NASA LaRC 24

  25. Macro Scripts Name-matching lemmas can be used to create macro scripts. The symbol $0 refers to the name of the lemma and the symbol $ n refers to n -th matching string from left to right, e.g., l_5_6 : LEMMA EXISTS (a) : 5 < a AND a < 6 l 6 7 : LEMMA EXISTS (a) : 6 < a AND a < 7 %|- l *_* : PROOF %|- (then (skip-msg "Proving Lemma: $0") %|- (inst 1 "$1 + ($2 - $1)/2") %|- (grind)) %|- QED NIA @ NASA LaRC 25

  26. Parametric Scripts Parametric scripts have the form: %|- <script name>[e1;...;en]: PROOF %|- <steps> %|- QED The symbol # n is substituted by e n , e.g., l_8 : LEMMA EXISTS (a,b) : a+b = 8 l_9 : LEMMA EXISTS (a,b) : a+b = 9 %|- l_8[2;6] : PROOF %|- l_9[4;5] : PROOF %|- (then (skip-msg "Proving Lemma: $0") %|- (inst 1 "#1" "#2") %|- (grind)) %|- QED NIA @ NASA LaRC 26

  27. Installing ProofLite Scripts Interactively ProofLite scripts in the current theory. Without overriding old proofs: M-x install-prooflite-scripts-theory ( C-c it ). Overriding old proofs: M-x install-prooflite-scripts-theory! ( C-c !t ). ProofLite scripts at the cursor position. Without overriding old proofs: M-x install-prooflite-script ( C-c ip ). Overriding old proofs: M-x install-prooflite-script! ( C-c !p ). NIA @ NASA LaRC 27

Recommend

Visual theorem proving with the Incredible Proof Machine The idea Theorem Proving without

Visual theorem proving with the Incredible Proof Machine The idea Theorem Proving without

Interactive Theorem Proving, Nancy August 22, 2016 Joachim Breitner Karlsruhe Institute of Technology University of Pennsylvania, Philadelphia Visual theorem proving with the Incredible Proof Machine The idea Theorem Proving without Syntax

579 views • 43 slides
Source - Level Proof Reconstruction for Interactive Proving Lawrence C. Paulson and Kong W oei

Source - Level Proof Reconstruction for Interactive Proving Lawrence C. Paulson and Kong W oei

Source - Level Proof Reconstruction for Interactive Proving Lawrence C. Paulson and Kong W oei Susanto Computer Laboratory, University of Cambridg e Motivation Interactive provers are good for specifying complex systems, but proving

514 views • 20 slides
An Analysis of f Transition-to to-Proof Course Students Proving Difficulties Ahmed Benkhalti,

An Analysis of f Transition-to to-Proof Course Students Proving Difficulties Ahmed Benkhalti,

An Analysis of f Transition-to to-Proof Course Students Proving Difficulties Ahmed Benkhalti, John Selden, Annie Selden New Mexico State University UTEP/NMSU Workshop November 1, 2014 We analyzed students proving difficulties on a

563 views • 45 slides
A proof-theoretical journey through programming, model checking and theorem proving David Baelde

A proof-theoretical journey through programming, model checking and theorem proving David Baelde

A proof-theoretical journey through programming, model checking and theorem proving David Baelde IT University of Copenhagen ASL Meeting, Structural Proof Theory Session Madison, Wisconsin, April 2012 1 / 26 Logic programming A specification

270 views • 26 slides
Proving discrimination: The shift of the burden of proof and access to evidence Rachel Crasnow

Proving discrimination: The shift of the burden of proof and access to evidence Rachel Crasnow

Proving discrimination: The shift of the burden of proof and access to evidence Rachel Crasnow Barrister Context In 2012, Europeans were asked about which protected characteristics were seen by employers as causing problems for job

184 views • 5 slides
Theorem Proving with Semantic Tableaux 9ai Proof Method : By Refutation. Show by construction

Theorem Proving with Semantic Tableaux 9ai Proof Method : By Refutation. Show by construction

Theorem Proving with Semantic Tableaux 9ai Proof Method : By Refutation. Show by construction that no model can exist for given sentences . i.e. all potential models are contradictory. Do this by following the consequences of the data and

421 views • 10 slides
JProver : Integrating Connection-based Theorem Proving into Interactive Proof Assistants Stephan

JProver : Integrating Connection-based Theorem Proving into Interactive Proof Assistants Stephan

JProver : Integrating Connection-based Theorem Proving into Interactive Proof Assistants Stephan Schmitt 1 , Lori Lorigo 2 , Christoph Kreitz 2 , Aleksey Nogin 2 1 Dept. of Sciences and Engineering 2 Dept. of Computer Science Saint Louis

579 views • 8 slides
Asynchronous processing of proof documents rethinking interactive theorem proving Makarius

Asynchronous processing of proof documents rethinking interactive theorem proving Makarius

Asynchronous processing of proof documents rethinking interactive theorem proving Makarius November 2007 1. Motivation 2. Document processing 3. Main agents: provers, editors, users Motivation General aims Support interactive

380 views • 18 slides
Batch Systems Running calculations on HPC resources Outline What is a batch system? How

Batch Systems Running calculations on HPC resources Outline What is a batch system? How

Batch Systems Running calculations on HPC resources Outline What is a batch system? How do I interact with the batch system Job submission scripts Interactive jobs Common batch systems Converting between different batch

543 views • 17 slides
Proof Pearl: Proving a Simple Von Neumann Machine Turing Complete J Strother Moore Department of

Proof Pearl: Proving a Simple Von Neumann Machine Turing Complete J Strother Moore Department of

Proof Pearl: Proving a Simple Von Neumann Machine Turing Complete J Strother Moore Department of Computer Science University of Texas at Austin presented by Matt Kaufmann at ITP 2014, Vienna July, 2014 1 Introduction M1 is a simple

594 views • 46 slides
Proof Pearl: Proving a Simple Von Neumann Machine Turing Complete J Strother Moore Department of

Proof Pearl: Proving a Simple Von Neumann Machine Turing Complete J Strother Moore Department of

Proof Pearl: Proving a Simple Von Neumann Machine Turing Complete J Strother Moore Department of Computer Science University of Texas at Austin presented by Matt Kaufmann at ITP 2014, Vienna July, 2014 1 Introduction M1 is a simple

1.15k views • 87 slides
Mechanical Theorem Proving in Tarskis Geometry. Julien Narboux under the supervision of Hugo

Mechanical Theorem Proving in Tarskis Geometry. Julien Narboux under the supervision of Hugo

Mechanical Theorem Proving in Tarskis Geometry. Julien Narboux under the supervision of Hugo Herbelin LIX, INRIA Futurs, Ecole Polytechnique 31/08/2006, Pontevedra, Spain Outline 1 Interactive proof / Automated theorem proving 2

1.1k views • 73 slides
HOL C ONTENT Intro &amp; motivation, getting started with Isabelle Foundations &amp;

HOL C ONTENT Intro &amp; motivation, getting started with Isabelle Foundations &amp;

L AST T IME ON HOL Proof rules for propositional and predicate logic Safe and unsafe rules NICTA Advanced Course Forward Proof Theorem Proving The Epsilon Operator Slide 1 Slide 3 Principles, Techniques, Applications Some

292 views • 7 slides
. Needs effective (finitary) representation .. Failed Termination Proof vs. Non- TNT:

. Needs effective (finitary) representation .. Failed Termination Proof vs. Non- TNT:

Runtime Errors Proving Non-Termination Ashutosh K. Gupta Thomas A. Henzinger Rupak Majumdar MPI-SWS EPFL UCLA Andrey Rybalchenko Ru-Gang Xu MPI-SWS UCLA 2 Non-Termination Errors Proving Non-Termination Search for infinite

402 views • 6 slides
Proving the Validity of an Argument Torben Amtoft Kansas State University Torben Amtoft Kansas

Proving the Validity of an Argument Torben Amtoft Kansas State University Torben Amtoft Kansas

Outline Introduction Proving Validity: Examples The Notion of Proof Rules Proving Validity: More Examples Fitch Reasoning about Identity Proving the Validity of an Argument Torben Amtoft Kansas State University Torben Amtoft Kansas State

246 views • 23 slides
Scripting with Objects: A Comparative Presentation of Scripting With Perl and Python Avinash C.

Scripting with Objects: A Comparative Presentation of Scripting With Perl and Python Avinash C.

Scripting with Objects: A Comparative Presentation of Scripting With Perl and Python Avinash C. Kak Click here if your download doesn&quot;t start automatically Scripting with Objects: A Comparative Presentation of Scripting With Perl and

269 views • 5 slides
Learning to Prove Theorems via Interacting with Proof Assistants Kaiyu Yang, Jia Deng Automated

Learning to Prove Theorems via Interacting with Proof Assistants Kaiyu Yang, Jia Deng Automated

Learning to Prove Theorems via Interacting with Proof Assistants Kaiyu Yang, Jia Deng Automated Theorem Proving (ATP) 1 + 2 + + = + 1 2 Assumptions Conclusion Automated Theorem Proving (ATP) 1 + 2 +

626 views • 28 slides
Extending LLDB to More Scripting Languages Jonas Devlieghere, Apple C++ API Scripting Bridge

Extending LLDB to More Scripting Languages Jonas Devlieghere, Apple C++ API Scripting Bridge

Extending LLDB to More Scripting Languages Jonas Devlieghere, Apple C++ API Scripting Bridge API Scripting Bridge API SBThread SBDebugger SBBreakpoint SBTarget SBFrame SBSymbol SBValue SBProcess SBFunction Python Python

307 views • 15 slides
Proof of Stake Recap Bitcoin Incentives Block subsidy Transaction fees Recap

Proof of Stake Recap Bitcoin Incentives Block subsidy Transaction fees Recap

Proof of Stake Recap Bitcoin Incentives Block subsidy Transaction fees Recap Proof of Work Mining Transactions UTXO Nakamoto Consensus Longest chain Recap Scripting Bitcoin Stack Machine Recap

4.84k views • 47 slides
A Comparison of Python, JavaScript and Lua Scripting Language Features CS798 Scripting

A Comparison of Python, JavaScript and Lua Scripting Language Features CS798 Scripting

A Comparison of Python, JavaScript and Lua Scripting Language Features CS798 Scripting Languages Project Final Presentation March 31, 2014 Afiya Nusrat, Alexander Pokluda and Michael Wexler Outline Introduction Letter Lizard

758 views • 20 slides
Automated Theorem Proving in Real Applications John Harrison Intel Corporation The cost of

Automated Theorem Proving in Real Applications John Harrison Intel Corporation The cost of

Automated Theorem Proving in Real Applications 1 Automated Theorem Proving in Real Applications John Harrison Intel Corporation The cost of bugs Formal verification Machine-checked proof Automatic and interactive approaches

678 views • 29 slides
What are scripting languages? Unix shells: sh, ksh, bash Scripting Languages job control

What are scripting languages? Unix shells: sh, ksh, bash Scripting Languages job control

10/22/08 What are scripting languages? Unix shells: sh, ksh, bash Scripting Languages job control Perl Slashdot, bioinformatics, financial data processing, cgi Python System administration at Google BitTorrent file

570 views • 7 slides
Foundations of Computer Science Lecture 4 Proofs Proving If . . . then . . .

Foundations of Computer Science Lecture 4 Proofs Proving If . . . then . . .

Foundations of Computer Science Lecture 4 Proofs Proving If . . . then . . . (Implication): Direct proof; Contraposition Contradiction Proofs About Sets Last Time 1 How to make precise statements. 2 Quantifiers which allow us to make

1.47k views • 98 slides
Foundations of Computer Science Lecture 4 Proofs Proving If . . . then . . .

Foundations of Computer Science Lecture 4 Proofs Proving If . . . then . . .

Foundations of Computer Science Lecture 4 Proofs Proving If . . . then . . . (Implication): Direct proof; Contraposition Contradiction Proofs About Sets Last Time 1 How to make precise statements. 2 Quantifiers which allow us to make

352 views • 18 slides

More recommend