testing a saturation based theorem prover experiences and
play

Testing a Saturation-Based Theorem Prover: Experiences and - PowerPoint PPT Presentation

Nov 05, 2022 •223 likes •947 views

Testing a Saturation-Based Theorem Prover: Experiences and Challenges Giles Reger 1 , Martin Suda 2 , and Andrei Voronkov 1 , 2 1 School of Computer Science, University of Manchester, UK 2 TU Wien, Vienna, Austria TAP 2017 Marburg, July 19,

  1. Testing a Saturation-Based Theorem Prover: Experiences and Challenges Giles Reger 1 , Martin Suda 2 , and Andrei Voronkov 1 , 2 1 School of Computer Science, University of Manchester, UK 2 TU Wien, Vienna, Austria TAP 2017 – Marburg, July 19, 2017 1/16

  2. Introduction First-order Automatic Theorem Proving: a well-established discipline of automated deduction main approach: refutational, saturation-based proving example systems: E, SPASS, Vampire 1/16

  3. Introduction First-order Automatic Theorem Proving: a well-established discipline of automated deduction main approach: refutational, saturation-based proving example systems: E, SPASS, Vampire Often used in larger projects and systems as black boxes e.g., program verification, static analysis, interpolation, . . . 1/16

  4. Introduction First-order Automatic Theorem Proving: a well-established discipline of automated deduction main approach: refutational, saturation-based proving example systems: E, SPASS, Vampire Often used in larger projects and systems as black boxes e.g., program verification, static analysis, interpolation, . . . ➥ Importance of ensuring correctness 1/16

  5. Introduction First-order Automatic Theorem Proving: a well-established discipline of automated deduction main approach: refutational, saturation-based proving example systems: E, SPASS, Vampire Often used in larger projects and systems as black boxes e.g., program verification, static analysis, interpolation, . . . ➥ Importance of ensuring correctness How are we doing? 1/16

  6. Introduction First-order Automatic Theorem Proving: a well-established discipline of automated deduction main approach: refutational, saturation-based proving example systems: E, SPASS, Vampire Often used in larger projects and systems as black boxes e.g., program verification, static analysis, interpolation, . . . ➥ Importance of ensuring correctness How are we doing? CASC competition: preliminary period for testing soundness 1/16

  7. Introduction First-order Automatic Theorem Proving: a well-established discipline of automated deduction main approach: refutational, saturation-based proving example systems: E, SPASS, Vampire Often used in larger projects and systems as black boxes e.g., program verification, static analysis, interpolation, . . . ➥ Importance of ensuring correctness How are we doing? CASC competition: preliminary period for testing soundness SMT-COMP 2016: 79 answers classified as incorrect 1/16

  8. Our Prover Vampire Automatic Theorem Prover for first-order logic and theories 2/16

  9. Our Prover Vampire Automatic Theorem Prover for first-order logic and theories regular winner of the main divisions of the CASC competition since 2016, also a successful participant of SMT-COMP 2/16

  10. Our Prover Vampire Automatic Theorem Prover for first-order logic and theories regular winner of the main divisions of the CASC competition since 2016, also a successful participant of SMT-COMP Quite complex piece of software ( ≈ 194000 lines of C++) ➥ easy to introduce incorrectness when adding a new feature 2/16

  11. Outline What Does Correctness Means for Us 1 Detecting and Investigating Bugs 2 Challenges 3 Conclusion 4 3/16

  12. Theorem proving basics Standard form of the input: F := ( Axiom 1 ∧ . . . ∧ Axiom n ) → Conjecture 4/16

  13. Theorem proving basics Standard form of the input: F := ( Axiom 1 ∧ . . . ∧ Axiom n ) → Conjecture 1 Negate F (to seek a refutation): ¬ F := Axiom 1 ∧ . . . ∧ Axiom n ∧ ¬ Conjecture 4/16

  14. Theorem proving basics Standard form of the input: F := ( Axiom 1 ∧ . . . ∧ Axiom n ) → Conjecture 1 Negate F (to seek a refutation): ¬ F := Axiom 1 ∧ . . . ∧ Axiom n ∧ ¬ Conjecture 2 Preprocess and transform ¬ F to a normal form S := { C 1 , . . . , C n } 4/16

  15. Theorem proving basics Standard form of the input: F := ( Axiom 1 ∧ . . . ∧ Axiom n ) → Conjecture 1 Negate F (to seek a refutation): ¬ F := Axiom 1 ∧ . . . ∧ Axiom n ∧ ¬ Conjecture 2 Preprocess and transform ¬ F to a normal form S := { C 1 , . . . , C n } 3 saturate S with respect to an inference system I 4/16

  16. Theorem proving basics Standard form of the input: F := ( Axiom 1 ∧ . . . ∧ Axiom n ) → Conjecture 1 Negate F (to seek a refutation): ¬ F := Axiom 1 ∧ . . . ∧ Axiom n ∧ ¬ Conjecture 2 Preprocess and transform ¬ F to a normal form S := { C 1 , . . . , C n } 3 saturate S with respect to an inference system I C 1 ∨ P C 2 ∨ ¬ P Example inference rule: C 1 ∨ C 2 4/16

  17. The Saturation Process Saturation = fixed-point (closure) computation 5/16

  18. The Saturation Process Saturation = fixed-point (closure) computation Does the final set S contain false ? 5/16

  19. The Saturation Process Saturation = fixed-point (closure) computation Does the final set S contain false ? Basic properties: 5/16

  20. The Saturation Process Saturation = fixed-point (closure) computation Does the final set S contain false ? Basic properties: explosive in nature 5/16

  21. The Saturation Process Saturation = fixed-point (closure) computation Does the final set S contain false ? Basic properties: explosive in nature may not terminate 5/16

  22. The Saturation Process Saturation = fixed-point (closure) computation Does the final set S contain false ? Basic properties: explosive in nature may not terminate various tricks to mitigate the explosion 5/16

  23. Possible Answers: Theorem (together with a proof) if the input F is logically valid 6/16

  24. Possible Answers: Theorem (together with a proof) if the input F is logically valid Non-theorem if F is invalid (there is a counter-example) 6/16

  25. Possible Answers: Theorem (together with a proof) if the input F is logically valid Non-theorem if F is invalid (there is a counter-example) relies on a completeness argument 6/16

  26. Possible Answers: Theorem (together with a proof) if the input F is logically valid Non-theorem if F is invalid (there is a counter-example) relies on a completeness argument Unknown 6/16

  27. Possible Answers: Theorem (together with a proof) if the input F is logically valid Non-theorem if F is invalid (there is a counter-example) relies on a completeness argument Unknown time limit / memory limit 1 6/16

  28. Possible Answers: Theorem (together with a proof) if the input F is logically valid Non-theorem if F is invalid (there is a counter-example) relies on a completeness argument Unknown time limit / memory limit 1 incomplete strategy failed 2 6/16

  29. Different Ways of Being Incorrect unsoundness: Reports Theorem for an invalid F . (Derives false for a satisfiable S .) 7/16

  30. Different Ways of Being Incorrect unsoundness: Reports Theorem for an invalid F . (Derives false for a satisfiable S .) Check the proof and see what went wrong. 7/16

  31. Different Ways of Being Incorrect unsoundness: Reports Theorem for an invalid F . (Derives false for a satisfiable S .) Check the proof and see what went wrong. completeness issue: Reports Non-theorem for a valid F . (Finitely saturates unsat. S without deriving false .) 7/16

  32. Different Ways of Being Incorrect unsoundness: Reports Theorem for an invalid F . (Derives false for a satisfiable S .) Check the proof and see what went wrong. completeness issue: Reports Non-theorem for a valid F . (Finitely saturates unsat. S without deriving false .) Should have said Unknown here! 7/16

  33. Different Ways of Being Incorrect unsoundness: Reports Theorem for an invalid F . (Derives false for a satisfiable S .) Check the proof and see what went wrong. completeness issue: Reports Non-theorem for a valid F . (Finitely saturates unsat. S without deriving false .) Should have said Unknown here! fairness issue: Prover runs indefinitely, while a proof exists. (Violation of fairness criteria in saturation.) 7/16

  34. Different Ways of Being Incorrect unsoundness: Reports Theorem for an invalid F . (Derives false for a satisfiable S .) Check the proof and see what went wrong. completeness issue: Reports Non-theorem for a valid F . (Finitely saturates unsat. S without deriving false .) Should have said Unknown here! fairness issue: Prover runs indefinitely, while a proof exists. (Violation of fairness criteria in saturation.) never (strictly) violated after finitely many steps 7/16

  35. Violating the Contract of Proper Behaviour General error conditions shared by any other program: program crash E.g., 8/16

  36. Violating the Contract of Proper Behaviour General error conditions shared by any other program: program crash E.g., unhandled exceptions 8/16

  37. Violating the Contract of Proper Behaviour General error conditions shared by any other program: program crash E.g., unhandled exceptions signal interrupts (SIGFPE, SIGSEG) 8/16

  38. Violating the Contract of Proper Behaviour General error conditions shared by any other program: program crash E.g., unhandled exceptions signal interrupts (SIGFPE, SIGSEG) assertion violation defensive development via assertions around 2500 assertions in total; (one per 77 lines on average) potential errors detected early on 8/16

  39. Outline What Does Correctness Means for Us 1 Detecting and Investigating Bugs 2 Challenges 3 Conclusion 4 9/16

Recommend

AUTO2, a saturation-based heuristic prover for higher-order logic Bohua Zhan Massachusetts

AUTO2, a saturation-based heuristic prover for higher-order logic Bohua Zhan Massachusetts

AUTO2, a saturation-based heuristic prover for higher-order logic Bohua Zhan Massachusetts Institute of Technology bzhan@mit.edu August 23, 2016 Bohua Zhan (MIT) AUTO2, a saturation-based heuristic prover August 23, 2016 1 / 27 Table of

860 views • 71 slides
Saturation-based Theorem Proving and ML Course Machine Learning and Reasoning 2020 MLR 2020 1 1

Saturation-based Theorem Proving and ML Course Machine Learning and Reasoning 2020 MLR 2020 1 1

First-order Logic and Theorem Proving Saturation-based Proving Further Tuning and the Role of Strategies Summary Saturation-based Theorem Proving and ML Course Machine Learning and Reasoning 2020 MLR 2020 1 1 Czech Technical Univeristy in

913 views • 64 slides
1 What is a Theorem Prover? What is a Theorem? Theorem: A formalizable statement which is

1 What is a Theorem Prover? What is a Theorem? Theorem: A formalizable statement which is

Prerequisites Course 2D1453, 2006-07 Undergraduate logic and discrete maths CS literacy Advanced Formal Methods Some functional programming experience useful The theorem prover Isabelle is programming in SML Some SML

644 views • 4 slides
Meditation for a Theorem Prover Reasoning and Consciousness Teaching a Theorem Prover to let

Meditation for a Theorem Prover Reasoning and Consciousness Teaching a Theorem Prover to let

Meditation for a Theorem Prover Reasoning and Consciousness Teaching a Theorem Prover to let its Mind Wander Ulrich Furbach Claudia Schon Univ. Koblenz - DFG Project Cognitive Reasoning Reasoning and Consciousness Teaching a

715 views • 55 slides
A Self-Verifying Theorem Prover Jared Davis (advertisement by J Strother Moore)

A Self-Verifying Theorem Prover Jared Davis (advertisement by J Strother Moore)

A Self-Verifying Theorem Prover Jared Davis (advertisement by J Strother Moore) Department of Computer Sciences University of Texas at Austin September 18, 2009 1 Theorem Prover ? Yes Proof Checker Yes No 2 Rules of

693 views • 40 slides
CML Theorem Prover Simon Foster 2nd Review Brussels, 21 November, 2013 Deliverable: D33.2 (m24)

CML Theorem Prover Simon Foster 2nd Review Brussels, 21 November, 2013 Deliverable: D33.2 (m24)

CML Theorem Prover Simon Foster 2nd Review Brussels, 21 November, 2013 Deliverable: D33.2 (m24) www.compass-research.eu Theorem Prover Usage CML specifications to be verified by the COMPASS tool type-checking alone is insufficient to

311 views • 8 slides
A Parallelized Theorem Prover for Interactive Theorem Proving David L. Rager, Warren A. Hunt Jr.,

A Parallelized Theorem Prover for Interactive Theorem Proving David L. Rager, Warren A. Hunt Jr.,

Introduction Parallelism Primitives Parallelizing ACL2 Evaluate Approach Conclusion A Parallelized Theorem Prover for Interactive Theorem Proving David L. Rager, Warren A. Hunt Jr., and Matt Kaufmann ragerdl@defthm.com, hunt@cs.utexas.edu,

835 views • 59 slides
Automation and Computation in the Lean Theorem Prover Robert Y. Lewis 1 Leonardo de Moura 2 1

Automation and Computation in the Lean Theorem Prover Robert Y. Lewis 1 Leonardo de Moura 2 1

Automation and Computation in the Lean Theorem Prover Robert Y. Lewis 1 Leonardo de Moura 2 1 Carnegie Mellon University 2 Microsoft Research, Redmond April 6, 2016 Goals for this talk Introduce Lean: a new proof assistant based on dependent

673 views • 39 slides
F Martin Mhrmann Agenda Introduction Heuristics for saturating theorem proving

F Martin Mhrmann Agenda Introduction Heuristics for saturating theorem proving

Performance of Clause Selection Heuristics for Saturation-Based Theorem Proving Stephan Schulz R O O P F Martin Mhrmann Agenda Introduction Heuristics for saturating theorem proving Saturation with the given-clause algorithm

1.14k views • 39 slides
SMAC and XGBoost your Theorem Prover Edvard K. Holden Konstantin Korovin The University of

SMAC and XGBoost your Theorem Prover Edvard K. Holden Konstantin Korovin The University of

SMAC and XGBoost your Theorem Prover Edvard K. Holden Konstantin Korovin The University of Manchester 1 Theorem Proving in First-Order Logic Proof Axioms + Conjecture iProver | Counter model | Timeout 2 Heuristics - The Key to Success

1.03k views • 26 slides
Lean Theorem Prover Tom van Bussel June 14, 2017 Goals It aims to bridge the gap between

Lean Theorem Prover Tom van Bussel June 14, 2017 Goals It aims to bridge the gap between

Lean Theorem Prover Tom van Bussel June 14, 2017 Goals It aims to bridge the gap between interactive and automated theorem proving, by situating automated tools and methods in a framework that supports user interaction and the construction

324 views • 21 slides
Hygienic Macros for the ACL2 Theorem Prover Carl Eastlund Matthias Felleisen cce@ccs.neu.edu

Hygienic Macros for the ACL2 Theorem Prover Carl Eastlund Matthias Felleisen cce@ccs.neu.edu

Hygienic Macros for the ACL2 Theorem Prover Carl Eastlund Matthias Felleisen cce@ccs.neu.edu matthias@ccs.neu.edu Northeastern University Boston, MA, USA 1 The ACL2 Theorem Prover 2 (defun double (x) (+ x x)) (defun map-double (lst) (if

898 views • 52 slides
Clause Features for Theorem Prover Guidance uv 1 Josef Urban 1 Jan Jakub AITP19, Obergurgl,

Clause Features for Theorem Prover Guidance uv 1 Josef Urban 1 Jan Jakub AITP19, Obergurgl,

Clause Features for Theorem Prover Guidance uv 1 Josef Urban 1 Jan Jakub AITP19, Obergurgl, Austria, April 2019 1 Czech Technical University in Prague, Czech Republic Jan Jakub uv, Josef Urban Clause Features for Theorem Prover Guidance

589 views • 35 slides
Haskell: Compiler as Theorem-Prover Greg Price ( price ) 2007 Nov 19 code samples:

Haskell: Compiler as Theorem-Prover Greg Price ( price ) 2007 Nov 19 code samples:

Haskell: Compiler as Theorem-Prover Greg Price ( price ) 2007 Nov 19 code samples: http://cluedumps.mit.edu/wiki/2007/11-19 Greg Price ( price ) () Haskell: Compiler as Theorem-Prover 2007 Nov 19 1 / 26 Software Transactional Memory 1

869 views • 48 slides
The Abella Interactive Theorem Prover (System Description) Andrew Gacek Department of Computer

The Abella Interactive Theorem Prover (System Description) Andrew Gacek Department of Computer

The Abella Interactive Theorem Prover (System Description) Andrew Gacek Department of Computer Science and Engineering University of Minnesota IJCAR 08 August 12, 2008 Characteristics of the Abella System Abella is a theorem proving

794 views • 40 slides
Tableau Theorem Prover for Intuitionistic Propositional Logic Larry Diehl Portland State

Tableau Theorem Prover for Intuitionistic Propositional Logic Larry Diehl Portland State

Tableau Theorem Prover for Intuitionistic Propositional Logic Larry Diehl Portland State University CS 510 - Mathematical Logic and Programming Languages Larry Diehl Tableau Theorem Prover for Intuitionistic Propositional Logic Motivation

357 views • 22 slides
Tableau Theorem Prover for Intuitionistic Propositional Logic Larry Diehl Portland State

Tableau Theorem Prover for Intuitionistic Propositional Logic Larry Diehl Portland State

Tableau Theorem Prover for Intuitionistic Propositional Logic Larry Diehl Portland State University CS 510 - Mathematical Logic and Programming Languages Larry Diehl Tableau Theorem Prover for Intuitionistic Propositional Logic Motivation

289 views • 17 slides
yet another nice and accurate interactive theorem prover (sufficiently similar, sufficiently

yet another nice and accurate interactive theorem prover (sufficiently similar, sufficiently

yet another nice and accurate interactive theorem prover (sufficiently similar, sufficiently different) Freek Wiedijk Radboud University Nijmegen 2018 06 25 0 nice combining the nicest aspects of state-of-the-art provers:

288 views • 25 slides
The Lean Theorem Prover Jeremy Avigad Department of Philosophy and Department of Mathematical

The Lean Theorem Prover Jeremy Avigad Department of Philosophy and Department of Mathematical

The Lean Theorem Prover Jeremy Avigad Department of Philosophy and Department of Mathematical Sciences Carnegie Mellon University (Leans principal developer is Leonardo de Moura, Microsoft Research, Redmond) September 2014 . Automated

965 views • 14 slides
Reachability Analysis in the KeYmaera X Theorem Prover SNR 2017 | Uppsala, Sweden | April 22,

Reachability Analysis in the KeYmaera X Theorem Prover SNR 2017 | Uppsala, Sweden | April 22,

Reachability Analysis in the KeYmaera X Theorem Prover SNR 2017 | Uppsala, Sweden | April 22, 2017 Nathan Fulton Other System Contributors: Stefan Mitsch, Andr Platzer, Brandon Bohrer, Yong Kiam Tan, Jan-David Quesel, ... Trustworthy

932 views • 57 slides
The Lean Theorem Prover Jeremy Avigad Department of Philosophy and Department of Mathematical

The Lean Theorem Prover Jeremy Avigad Department of Philosophy and Department of Mathematical

The Lean Theorem Prover Jeremy Avigad Department of Philosophy and Department of Mathematical Sciences Carnegie Mellon University June 29, 2017 Formal and Symbolic Methods Computers open up new opportunities for mathematical reasoning.

1.24k views • 57 slides
Formalising Filesystems in the ACL2 Theorem Prover An Application To FAT32 Mihir Mehta

Formalising Filesystems in the ACL2 Theorem Prover An Application To FAT32 Mihir Mehta

Formalising Filesystems in the ACL2 Theorem Prover An Application To FAT32 Mihir Mehta Department of Computer Science University of Texas at Austin mihir@cs.utexas.edu 05 November, 2018 1/25 Why filesystem verification matters

486 views • 25 slides
Automating Asymptotics in a Theorem Prover Manuel Eberl Technical University of Munich Formal

Automating Asymptotics in a Theorem Prover Manuel Eberl Technical University of Munich Formal

Automating Asymptotics in a Theorem Prover Manuel Eberl Technical University of Munich Formal Methods in Mathematics 6 January 2020 1 / 31 My Christmas Project I found some lovely 5-pages of lecture notes on Transcendental Number Theory by

1.36k views • 122 slides
Parallelizing an Interactive Theorem Prover Functional Programming and Proofs with ACL2 David L.

Parallelizing an Interactive Theorem Prover Functional Programming and Proofs with ACL2 David L.

Introduction Parallelism Primitives Parallelizing ACL2 Evaluate Approach Conclusion Talking Points Parallelizing an Interactive Theorem Prover Functional Programming and Proofs with ACL2 David L. Rager ragerdl@gmail.com June 17, 2013 1 /

751 views • 57 slides

More recommend