formal logical environments for building reliable high
play

Formal Logical Environments for Building Reliable, High-Performance - PowerPoint PPT Presentation

Formal Logical Environments for Building Reliable, High-Performance Software Christoph Kreitz Department of Computer Science, Cornell University Ithaca, NY 14853 Why Formal Formal Logical Environments? Too many errors in informal arguments


  1. Formal Logical Environments for Building Reliable, High-Performance Software Christoph Kreitz Department of Computer Science, Cornell University Ithaca, NY 14853

  2. Why Formal Formal Logical Environments? • Too many errors in informal arguments – 40–50% of the published results turn out to be wrong • We can’t afford errors in software development – Errors are annoying (Reboot, loss of data, . . . ) – Errors are expensive (Pentium bug, Ariane 5 rocket, Mars Climate Orbiter) – Errors cost lives (Airbus crashes in the early 1990’s) . . . affects air traffic, banking, government, utilities, schools, e-commerce, . . . • Current software development methods are unreliable – Tested programs still contain errors – Correctness proofs are tedious and error-prone (if done by hand) ⇓ Need formal tools for creating reliable software Formal Logical Environments for ... 1 HMC, March 2002

  3. Formal methods tools are most sucessful when engaged at early stages of system design • Great potential – clarifying critical design concepts – linking abstract and concrete specifications – detecting subtle errors in design and prototype code – generating code of components from specifications – improving system performance • Requires – expressive formal language – knowledge base of formalized facts about systems concepts – proof environment integrating different reasoning techniques – collaboration with systems experts in real applications The Nuprl LPE meets these requirements Formal Logical Environments for ... 2 HMC, March 2002

  4. � � � � The Nuprl Project at • Computational formal logics Type Theory • Proof & program development systems – The Nuprl Logical Programming Environment GUI GUI GUI Structure Web Emacs Mode Editor Library Inference Nuprl Refiner Evaluator Engine – Fast inference engines + proof search techniques THEORY .... Maude Inference defs, thms, tactics MetaPRL rules, structure, code Engine Evaluator Inference MetaPRL THEORY PRL THEORY .... JProver Engine defs, thms, tactics defs, thms, tactics rules, structure, code rules, structure, code Evaluator Inference PVS SoS (Lisp) THEORY THEORY THEORY .... Engine (HOL) (PVS) defs, thms, tactics defs, thms, tactics defs, thms, tactics Evaluator rules, structure, code rules, structure, code rules, structure, code Inference – Natural language generation from formal mathematics MinLog Engine Translator Translator Java OCaml – Program extraction + automated complexity analysis • Application to reliable, high-performance networks – Assigning precise semantics to system software ����������� ����������� ����� ������������� ����� ������������� – Performance Optimizations – Assurance for reliability (verification) – Verified System Design ����� ����� ������� ������� �������������� �������������� Formal Logical Environments for ... 3 HMC, March 2002

  5. The Nuprl Type Theory An Instance of Martin-L¨ of Type Theory • Constructive higher-order logic – Reasoning about types, members of types, propositions, functions . . . • Functional programming language – Similar to core ML : polymorphic, with partial recursive functions • Open-ended, expressive data type system – Function, product, disjoint union, Π- & Σ-types, atoms ❀ programming – Integers, lists, inductive types ❀ inductive definition – Propositions as types, equality type, void, top, universes ❀ logic – Subsets, subtyping, quotient types ❀ mathematics – (Dependent) intersection, union, records ❀ modules, program composition New types can/will be added as needed • Expressions separate from their types ❀ full λ -calculus . . . but must be typeable in proofs ❀ “total” functions • User-defined extensions possible Formal Logical Environments for ... 4 HMC, March 2002

  6. Syntax Issues • Uniform term syntax for all expressions opid { p i : F i } ( x 11 , .., x m 1 1 . t 1 ; . . . ; x 1 n , .., x m n n . t n ) – Operator identifier listed in operator tables – Parameters for base terms (variables, numbers, tokens. . . ) – Sub-terms may contain bound variables No syntactical distinction between types, members, propositions . . . • Separate term display form – Describe visual appearance of terms in “free syntax” �→ Conventional notation, information hiding, auto-parenthesizing, aliases, . . . Internal Term Structure Display Form function {} ( S ; . T ) S → T variable { x :v } () x lambda {} ( x . t ) λx . t apply {} ( f ; t ) f t . . . . . . Formal Logical Environments for ... 5 HMC, March 2002

  7. Semantics models proof, not denotation • (Lazy) evaluation of expressions – Identify canonical expressions (values) – Define reducible non-canonical expressions (redex) – Define reduction steps in redex–contracta table canonical non-canonical Redex Contractum S → T β λx . t f t λx . u t u [ t/x ] − → • Judgments: semantical truths about expressions – 4 categories: Typehood ( T Type), Type Equality ( S = T ), Membership ( t ∈ T ), Member equality ( s = t ∈ T ) – Defined for values of expressions in semantics tables S 1 → T 1 = S 2 → T 2 iff S 1 = S 2 and T 1 = T 2 λx 1 . t 1 = λx 2 . t 2 ∈ S → T t 1 [ s 1 /x 1 ] = t 2 [ s 2 /x 2 ] ∈ T iff S → T Type and for all s 1 , s 2 with s 1 = s 2 ∈ S . . . . . . Formal Logical Environments for ... 6 HMC, March 2002

  8. Nuprl’s Proof Theory • Sequent x 1 : T 1 ,..., x n : T n ⊢ C ext t ⌊ ⌋ “If x i are variables of type T i then C has a (yet unknown) member t ” – A judgment t ∈ T is represented as T ⌊ ext t ❀ proof term construction ⌋ – Equality is represented as type s = t ∈ T ⌊ ext Ax ❀ propositions as types ⌋ – Typehood represented by (cumulative) universes U U i ⌊ ext T ⌋ • Refinement calculus – Top-down decomposition of proof goal ❀ interactive proof development – Bottom-up construction of proof terms ❀ program extraction Γ ⊢ S → T ext λx . e by lambda-formation x ⌊ ⌋ Γ , x : S ⊢ T ext e ⌊ ⌋ Γ ⊢ S = S ∈ U U i ext Ax ⌊ ⌋ – Computation rules ❀ program evaluation About 8–10 inference rules for each data type in Nuprl Formal Logical Environments for ... 7 HMC, March 2002

  9. Nuprl’s Automated Reasoning Environment GUI GUI GUI Structure Web Emacs Mode Editor Library Inference Nuprl Refiner Evaluator Engine THEORY .... Maude Inference defs, thms, tactics MetaPRL Engine rules, structure, code Evaluator Inference MetaPRL THEORY PRL THEORY .... JProver Engine defs, thms, tactics defs, thms, tactics rules, structure, code rules, structure, code Evaluator Inference PVS Engine SoS (Lisp) THEORY THEORY THEORY .... (HOL) (PVS) defs, thms, tactics defs, thms, tactics defs, thms, tactics Inference Evaluator rules, structure, code rules, structure, code rules, structure, code MinLog Engine Translator Translator Java OCaml • Interactive proof development – Supports program extraction and evaluation – Proof automation through tactics & decision procedures – Highly customizable: conservative language extensions, term display, . . . • Cooperating processes centered around knowledge base – Library of formal algorithmic knowledge – Multiple user interfaces – External proof engines – Asynchronous & collaborative theorem proving Formal Logical Environments for ... 8 HMC, March 2002

  10. Connecting external systems to Nuprl • JProver : first-order intuitionistic logic A 0 B 0 B 1 A 1 a 3 a 5 a 8 a 10 – Automatic proof search based on matrix methods ¬ 1 α ¬ 1 α ¬ 0 α ¬ 0 α + Proof transformation: matrix proof → sequent proof a 2 a 4 a 7 a 9 ∨ 0 α ∨ 1 β a 6 a 1 • Cooperation Methodology ⇒ 0 α a 0 – Communication of formulas in uniform format ¬ A ∨ ¬ B ⇒ ¬ B ∨ ¬ A – Logic module converts between representations – Pre- and postprocessing in Nuprl widens range of applicability List of Subgoal List of Sequent Preprocess Sequent Formula Trees Formulas Prover MathBus JProver Nuprl Logic module Matrix Proof for Nuprl Converter NuPRL List of First-Order Postprocess Sequent Proof Sequent Rules Sequent Proof Formal Logical Environments for ... 9 HMC, March 2002

  11. � � � � Application: Reliable, High-Performance Networks ����������� ����������� ����� ������������� ����� ������������� ����� ������� �������������� ����� ������� �������������� • Ensemble Group Communication Toolkit – System optimization and verification, formal component design • MediaNet Stream Computation Network (ongoing) – Validation of real-time schedules wrt. resource limitations Formal Logical Environments for ... 10 HMC, March 2002

Recommend


More recommend