combining agda with external tools
play

Combining Agda with External Tools Stephan Adelsberger 1 and Anton - PowerPoint PPT Presentation

Feb 07, 2024 •474 likes •769 views

Combining Agda with External Tools Stephan Adelsberger 1 and Anton Setzer 2 Agda Implementors meeting XXXII Online 1 June 2020 1 WU Vienna, Austria, https://nm.wu.ac.at/nm/en:adelsberger 2 Swansea University, UK,

  1. Combining Agda with External Tools Stephan Adelsberger 1 and Anton Setzer 2 Agda Implementors meeting XXXII Online 1 June 2020 1 WU Vienna, Austria, https://nm.wu.ac.at/nm/en:adelsberger 2 Swansea University, UK, http://www.cs.swan.ac.uk/~csetzer/index.html Stephan Adelsberger and Anton Setzer Combining Agda with External Tools 1/ 28

  2. Integrating External Tools via Builtins Integrating λ -Prolog into Agda Connecting Agda with why3 and SPARK Ada Stephan Adelsberger and Anton Setzer Combining Agda with External Tools 2/ 28

  3. Integrating External Tools via Builtins Integrating External Tools via Builtins Integrating λ -Prolog into Agda Connecting Agda with why3 and SPARK Ada Stephan Adelsberger and Anton Setzer Combining Agda with External Tools 3/ 28

  4. Integrating External Tools via Builtins Karim Kanso (PhD thesis) Verification of Real World Railway Interlocking Systems using Agda Example of Railway Interlocking System: sig9 sig10 s6 p1 p2 s2 s4 sig7 s5 sig8 s1 sig6 s3 sig5 sig1 sig2 sig3 sig4 Stephan Adelsberger and Anton Setzer Combining Agda with External Tools 4/ 28

  5. Integrating External Tools via Builtins Approach ◮ We have a control program P which depending on commands and detected trains in segments sets the signals and sets of points. ◮ So we have vectors of Booleans expressing ◮ the state of the system − − − → State , ◮ and the inputs − − − → Input . ◮ P can be expressed as Boolean valued formulae ϕ P ( − State in , − − − − → Input , − − − → − − − − → State out ) Stephan Adelsberger and Anton Setzer Combining Agda with External Tools 5/ 28

  6. Integrating External Tools via Builtins Proof of Safety in Agda ◮ We can write a simulator in Agda for this programs, which moves trains, around, provided they obey signals and executes P . ◮ A ✿✿✿✿✿ state ✿✿✿ of ✿✿✿✿ the ✿✿✿✿✿✿✿✿✿ program ✿✿✿ is ✿✿✿✿✿ safe if ◮ there are never two trains in the same train segment, ◮ more conditions esp. regarding sets of points. P ✿✿ is safe if from specific allowed initial states when running the ◮ ✿✿ ✿✿✿✿✿ program and moving trains one never reaches an unsafe state. ◮ Difficult to do directly in Agda because ϕ P is very complex. ◮ Instead separate tasks between interactive theorem proving ( ✿✿✿ ITP ) and automated theorem proving ( ✿✿✿✿ ATP ). ◮ By ATP we mean here SAT solvers and model checkers ◮ Later we discuss as well other ATP tools. Stephan Adelsberger and Anton Setzer Combining Agda with External Tools 6/ 28

  7. Integrating External Tools via Builtins Distribution of Tasks between interactive and automated theorem proving ◮ Introduce safety conditions ϕ safe ( − − − → State ) and invariants ϕ invariant ( − − − → State ) ◮ Prove using ATP certain ✿✿✿✿✿✿✿✿✿✿ signalling principles ✿✿✿✿✿✿✿✿✿✿✿ ( ϕ safe ( − State in ) ∧ ϕ invariant ( − − − − → State in ) ∧ ϕ P ( − − − − → State in , − − − − → Input , − − − → − − − − → State out )) → ϕ safe ( − State out ) ∧ ϕ invariant ( − − − − − → − − − − → State out ) ◮ Prove using ITP that signalling principles imply that P is safe. ◮ In order to get a complete proof in Agda, we need ◮ not only that ATP returns value true, ◮ but as well that this implies that the checked formula is true. Stephan Adelsberger and Anton Setzer Combining Agda with External Tools 7/ 28

  8. Integrating External Tools via Builtins Approach in Karim’s Thesis [1, 2, 3, 4]. ◮ Develop a naive SAT solver or model checker in Agda, and show it is sound: check : Formula → Bool : ( ϕ : Formula ) → T ( check ϕ ) → ( ξ : Env ) → [[ ϕ ]] ξ sound ◮ We override the check function by a Builtin , which calls an efficient SAT solver or model checker. ◮ Function sound links the result check from ATP to the validity of a formula which can be used in ITP. ◮ Now we get ◮ Using ATP we check that signalling principles hold ◮ Using the Builtin we translate the results into validity of the signalling principles in Agda. ◮ Using ITP we prove that this implies that the system is safe. Stephan Adelsberger and Anton Setzer Combining Agda with External Tools 8/ 28

  9. Integrating External Tools via Builtins Need for Flexible Builtins ◮ In order to get this machinery work we need two Builtins. ◮ The function check . ◮ The type of formulas Formula . ◮ For more complex logics (e.g. for model checking) one needs a cascade of Builtins . ◮ Approach relies on trusting the ATP tool giving correct result. Stephan Adelsberger and Anton Setzer Combining Agda with External Tools 9/ 28

  10. Integrating External Tools via Builtins Using Builtins for Proof Search ◮ Karim linked as well tools for proof search to Agda using Builtins. ◮ Karim used a SAT solver so the tool was total. ◮ Here we show how to extend this to semi decision procedures. ◮ Assume you have an ATP tool which searches for proofs for certain formulas. ◮ We have : Formula Set : Formula → Set Proof ◮ The ATP tool gives a function poofsearch : ( ϕ : Formula ) → Maybe ( Proof ϕ ) ◮ In Agda we can postulate such a function postulate poofsearch : ( ϕ : Formula ) → Maybe ( Proof ϕ ) and override it using a builtin by the ATP tool. Stephan Adelsberger and Anton Setzer Combining Agda with External Tools 10/ 28

  11. Integrating External Tools via Builtins Using Builtins for Proof Search ◮ In Agda we prove soundness sound : ( ϕ : Formula ) → Proof ϕ → ( ξ : Env ) → [[ ϕ ]] ξ ◮ We define extract : { X : Set } → ( p : Maybe X ) → IsJust p → X ◮ Therefore we get a proof sound ϕ ( extract ( poofsearch ϕ ) isJust ) : ( ξ : Env ) → [[ ϕ ]] ξ provided poofsearch ϕ returns a just value (type checking will run the external tool when checking isJust : IsJust ( poofsearch ϕ )). Stephan Adelsberger and Anton Setzer Combining Agda with External Tools 11/ 28

  12. Integrating External Tools via Builtins Advantages/Disadvantages of Approach using Profs ◮ Advantages ◮ No reliance on the soundness of the ATP tool. ◮ No need to write a naive implementation of the tool. ◮ Allows as well ATP tools for semi decidable logics or which for other reasons don’t always give an answer. ◮ Disadvantages ◮ Slower to use since ATP tool needs to create a proof. ◮ Restricts ATP tools available. ◮ Especially model checkers usually don’t provide proofs. ◮ Tedious to translate ATP proofs into Agda ◮ lack of documentation, ◮ scripts not intended to be converted into Agda proofs. Stephan Adelsberger and Anton Setzer Combining Agda with External Tools 12/ 28

  13. Integrating External Tools via Builtins Flexible Builtin Mechanism ◮ Builtins can be used for other purposes as well ◮ cryptographic functions, ◮ any computational complex functions. ◮ Karim added a flexible mechanism for adding builtins to Agda. Stephan Adelsberger and Anton Setzer Combining Agda with External Tools 13/ 28

  14. Integrating External Tools via Builtins Caveats ◮ Allowing to add new builtins in Agda code causes a security problem , because it allows to execute arbitrary programs during type checking. ◮ Solution: require that adding new builtin mechanism requires recompilation of Agda. ◮ Builtins are only consistent if the output of the builtin tool coincides with the the output of Agda. ◮ Requires checks in Agda. ◮ In case of overridden postulates requires that the original function was indeed a postulate. ◮ Karim’s approach is reasonably flexible but still requires some programming. ◮ A too generic approach will probably become inefficient. ◮ Karim wrote a domain specific language for this to make it easy to add Builtins. Stephan Adelsberger and Anton Setzer Combining Agda with External Tools 14/ 28

  15. Integrating External Tools via Builtins Code Sprint ◮ Karim created a branch [3] of Agda with his implementation of Builtins. ◮ Documented esp. in Appendix D and Sect. 5 of his PhD Thesis [1]. ◮ Agda code and other material available from [2] (linked as well from the AIM XXXII webpage, see Code Sprint on Builtins) ◮ Goal of code sprint is to update it and integrate it into main Agda. Stephan Adelsberger and Anton Setzer Combining Agda with External Tools 15/ 28

  16. Integrating λ -Prolog into Agda Integrating External Tools via Builtins Integrating λ -Prolog into Agda Connecting Agda with why3 and SPARK Ada Stephan Adelsberger and Anton Setzer Combining Agda with External Tools 16/ 28

  17. Integrating λ -Prolog into Agda Presented by Stephan Adelsberger Stephan Adelsberger and Anton Setzer Combining Agda with External Tools 17/ 28

  18. Connecting Agda with why3 and SPARK Ada Integrating External Tools via Builtins Integrating λ -Prolog into Agda Connecting Agda with why3 and SPARK Ada Stephan Adelsberger and Anton Setzer Combining Agda with External Tools 18/ 28

  19. Connecting Agda with why3 and SPARK Ada SPARK Ada ◮ SPARK Ada is a tool set used in industry for developing safety critical systems. ◮ It extends Ada programs by adding data/information flow analysis and Hoare logic. ◮ Hoare logic allows to add pre-, post conditions to a program plus intermediate conditions, especially loop invariants. Stephan Adelsberger and Anton Setzer Combining Agda with External Tools 19/ 28

Recommend

Combining Automated and Interactive Theorem Proving in Agda Anton Setzer (Joint work with Karim

Combining Automated and Interactive Theorem Proving in Agda Anton Setzer (Joint work with Karim

Combining Automated and Interactive Theorem Proving in Agda Anton Setzer (Joint work with Karim Kanso) May 21, 2010 1/ 38 1. An Introduction to Agda 2. Integrating Automated Theorem Proving into Agda 3. Defining the Mini SAT Solver in Agda

556 views • 38 slides
Interactive Programs in Agda Anton Setzer (Swansea) 1. Defining IO in Agda. 2. Execution of IO

Interactive Programs in Agda Anton Setzer (Swansea) 1. Defining IO in Agda. 2. Execution of IO

Interactive Programs in Agda Anton Setzer (Swansea) 1. Defining IO in Agda. 2. Execution of IO Programs. 3. Dealing with Complex Programs. 4. A Graphics Library for Agda Anton Setzer: Interactive programs in dependent type theory 1 1. Defining

810 views • 35 slides
Homotopy Type Theory in Agda 17|7|7 1 Goal synthetic homotopy theory in Agda + other needed

Homotopy Type Theory in Agda 17|7|7 1 Goal synthetic homotopy theory in Agda + other needed

Homotopy Type Theory in Agda 17|7|7 1 Goal synthetic homotopy theory in Agda + other needed theories 2 Goal synthetic homotopy theory in Agda + other needed theories Agda and Coq were the only two immediately usable systems for HoTT 2

360 views • 14 slides
Coinduction in Agda via Copatterns and Sized Types Andreas Abel Department of Computer Science

Coinduction in Agda via Copatterns and Sized Types Andreas Abel Department of Computer Science

Coinduction in Agda via Copatterns and Sized Types Andreas Abel Department of Computer Science and Engineering Chalmers and Universitt Gteborg Dagstuhl Seminar 16131 Language Based Verification Tools for Functional Programs 30 March 2016

308 views • 7 slides
Combination and certification of proof tools John Harrison Intel Corporation 30th October 2013

Combination and certification of proof tools John Harrison Intel Corporation 30th October 2013

Combination and certification of proof tools John Harrison Intel Corporation 30th October 2013 (11:0012:00) Summary of talk Motivation for combining proof tools Intel verification work The Flyspeck project Combining tools and

670 views • 51 slides
Inheritance and Overloading in Agda Paolo Capriotti June 17, 2013 Notation Abuses of

Inheritance and Overloading in Agda Paolo Capriotti June 17, 2013 Notation Abuses of

Inheritance and Overloading in Agda Paolo Capriotti June 17, 2013 Notation Abuses of notation are very common in mathematics Ambiguities are used to make formulas more expressive We want to do the same in Agda! Example: algebra and

335 views • 16 slides
Staff has concerns over the setbacks of the second floor patio and will be conditioning that the

Staff has concerns over the setbacks of the second floor patio and will be conditioning that the

From: Liska, Andrew <Andrew.Liska@minneapolismn.gov> Sent: Wednesday, August 19, 2020 2:34 PM To: Michael Subject: RE: [EXTERNAL] RE: [EXTERNAL] RE: [EXTERNAL] RE: [EXTERNAL] RE: [EXTERNAL] RE: [EXTERNAL] 1219 31st W Joyce Church Hi,

366 views • 3 slides
Sprinkles of extensionality for your vanilla type theory Adding custom rewrite rules to Agda

Sprinkles of extensionality for your vanilla type theory Adding custom rewrite rules to Agda

Sprinkles of extensionality for your vanilla type theory Adding custom rewrite rules to Agda Jesper Cockx Andreas Abel DistriNet KU Leuven 24 May 2016 What are we doing? Take some vanilla Agda . . . 1 / 17 What are we doing? Take

606 views • 29 slides
HNS Reporting Guidelines and Tools Thomas Liebert Head, External Relations & Conference 27

HNS Reporting Guidelines and Tools Thomas Liebert Head, External Relations & Conference 27

Workshop on the 2010 HNS Convention IMO, London HNS Reporting Guidelines and Tools Thomas Liebert Head, External Relations & Conference 27 April 2018 HNS Fund Four separate accounts There is one general account (bulk solid sector and

419 views • 13 slides
Environment Setup Assignment 0 The Technology Stack Manages node_modules (external tools)

Environment Setup Assignment 0 The Technology Stack Manages node_modules (external tools)

Environment Setup Assignment 0 The Technology Stack Manages node_modules (external tools) Creates web server Stores data persistently with JSON logic. Utilizes NoSQL instead of SQL Facilitates HTTP requests and

350 views • 11 slides
--- === Agda Tactics Programming === --- --- --- Ulf Norell --- wg2.8 Kefalonia, May

--- === Agda Tactics Programming === --- --- --- Ulf Norell --- wg2.8 Kefalonia, May

--- === Agda Tactics Programming === --- --- --- Ulf Norell --- wg2.8 Kefalonia, May 27, 2015 module module Slides where where open open import import Prelude -- https://github.com/UlfNorell/agda-prelude open open import

391 views • 5 slides
Latency Outliers Root Cause Analysis in the Field by Combining Aggregation and Tracing Tools

Latency Outliers Root Cause Analysis in the Field by Combining Aggregation and Tracing Tools

LinuxCon North America 2016 Latency Outliers Root Cause Analysis in the Field by Combining Aggregation and Tracing Tools mathieu.desnoyers@efcios.com julien.desfossez@efcios.com Presenters Mathieu Desnoyers CEO at EfficiOS

411 views • 29 slides
Cutting Edge Tools for Pricing and Underwriting Seminar Integrating External Data into the

Cutting Edge Tools for Pricing and Underwriting Seminar Integrating External Data into the

Version 10/1/11 Cutting Edge Tools for Pricing and Underwriting Seminar Integrating External Data into the Decision Making / Predictive Modeling Process Casualty Actuarial Society Ron Zaleski, Jr., FCAS, MAAA Fall 2011 1 Version 10/1/11

547 views • 29 slides
Tools to access job markets for academics Dr. sc. nat. Daniela Gunz External consultant at

Tools to access job markets for academics Dr. sc. nat. Daniela Gunz External consultant at

Career Services Tools to access job markets for academics Dr. sc. nat. Daniela Gunz External consultant at Career Services Universitt Zrich / Director of Research Partnerships / HR manager at healthbank innovation AG 17.04.2018 Seite 1

413 views • 12 slides
Multimedia Design (1) What is this course about? The media media (text, graphics, audio,

Multimedia Design (1) What is this course about? The media media (text, graphics, audio,

Multimedia Multimedia Design (1) What is this course about? The media media (text, graphics, audio, video, haptics,) Choosing Choosing the right media Combining Combining them effectively Tools / technologies Tools

241 views • 6 slides
Outline Combining different programs with Perl: writing a short Pipeline in Perl UniProt

Outline Combining different programs with Perl: writing a short Pipeline in Perl UniProt

EMBnet Course: PERL for biomedical researchers Command line tools scripting Basel, 11 September 2008 Lorenza Bordoli Swiss Institute of Bioinformatics Outline Combining different programs with Perl: writing a short Pipeline in Perl

659 views • 36 slides
Combining GLM and ABI Data for Enhanced GOES-R Rainfall Estimates A New GOES-R3 Project (combining

Combining GLM and ABI Data for Enhanced GOES-R Rainfall Estimates A New GOES-R3 Project (combining

Combining GLM and ABI Data for Enhanced GOES-R Rainfall Estimates A New GOES-R3 Project (combining with Nai- Yu Wangs R3 Project) PIs/Co - Is: R. Adler, N. Wang, W. Xu (U. of Maryland/CICS) Collaborators: Kuligowski, Bruning, Albrecht,

231 views • 4 slides
Combining Instrumentation and Sampling for Trace-based Application Performance Analysis 8th

Combining Instrumentation and Sampling for Trace-based Application Performance Analysis 8th

Center for Information Services and High Performance Computing (ZIH) Combining Instrumentation and Sampling for Trace-based Application Performance Analysis 8th International Parallel Tools Workshop Stuttgart, Germany, October 2, 2014 Thomas

812 views • 35 slides
I made a website! Now what? Sebastian Witowski 1 Disclaimer There are many great tools at CERN

I made a website! Now what? Sebastian Witowski 1 Disclaimer There are many great tools at CERN

I made a website! Now what? Sebastian Witowski 1 Disclaimer There are many great tools at CERN (OpenShift). This presentation is not about those tools. 2 This presentation is about external tools 3 Free to use Open source Good

694 views • 41 slides
Combining Forecasts Forty Years Later Kenneth F. Wallis Emeritus Professor of Econometrics,

Combining Forecasts Forty Years Later Kenneth F. Wallis Emeritus Professor of Econometrics,

6 th Eurostat Colloquium on Modern Tools for Business Cycle Analysis Luxembourg, 26-29 September 2010 Combining Forecasts Forty Years Later Kenneth F. Wallis Emeritus Professor of Econometrics, University of Warwick

540 views • 14 slides
General Schemes of Combining Rules and the Quality Characteristics of Combining Alexander Lepskiy

General Schemes of Combining Rules and the Quality Characteristics of Combining Alexander Lepskiy

General Schemes of Combining Rules and the Quality Characteristics of Combining Alexander Lepskiy National Research University Higher School of Economics, Moscow, Russia The 3 rd International Conference on Belief Functions, September 26

484 views • 26 slides
Eliminators in Agda and in general, by Mathijs Swint and Tom Lokhorst on the 2nd of October 2008

Eliminators in Agda and in general, by Mathijs Swint and Tom Lokhorst on the 2nd of October 2008

Eliminators in Agda and in general, by Mathijs Swint and Tom Lokhorst on the 2nd of October 2008 for the course Dependently Typed Programming. Eliminators are like folds, but cooler. foldList : forall {A} {B : Set} -> B -> (A -> B

606 views • 42 slides
The Calculus of Computation: Decision Procedures with 10. Combining Decision Procedures

The Calculus of Computation: Decision Procedures with 10. Combining Decision Procedures

The Calculus of Computation: Decision Procedures with 10. Combining Decision Procedures Applications to Verification by Aaron Bradley Zohar Manna Springer 2007 10- 1 10- 2 Combining Decision Procedures: Nelson-Oppen Method Combining

271 views • 8 slides
combining electron Density-based docking microscopy with Does not need one-to-one correspondence

combining electron Density-based docking microscopy with Does not need one-to-one correspondence

Scripps Cryo Course, November 2005 Approaches to docking We need proper tools to do proper docking combining electron Density-based docking microscopy with Does not need one-to-one correspondence of atomic models map and model Can

187 views • 4 slides

More recommend