43,875 research outputs found
Combining Proofs and Programs
Programming languages based on dependent type theory promise two great advances: flexibility and security. With the type-level computation afforded by dependent types, algorithms can be more generic, as the type system can express flexible interfaces via programming. Likewise, type-level computation can also express data structure invariants, so that programs can be proved correct through type checking. Furthermore, despite these extensions, programmers already know everything. Via the Curry-Howard isomorphism, the language of type-level computation and the verification logic is the programming language itself.
There are two current approaches to the design of dependently-typed languages: Coq, Epigram, Agda, which grew out of the logics of proof assistants, require that all expressions terminate. These languages provide decidable type checking and strong correctness guarantees. In contrast, functional programming languages, like Haskell and Omega, have adapted the features dependent type theories, but retain a strict division between types and programs. These languages trade termination obligations for more limited correctness assurances.
In this talk, I present a work-in-progress overview of the Trellys project. Trellys is new core language, designed to provide a smooth path from functional programming to dependently-typed programming. Unlike traditional dependent type theories and functional languages, Trellys allows programmers to work with total and partial functions uniformly. The language itself is composed of two fragments that share a common syntax and overlapping semantics: a simple logical language that guarantees total correctness and an expressive call-by-value programming language that guarantees types safety but not termination.
Importantly, these two fragments interact. The logical fragment may soundly reason about effectful, partial functions. Program values may be used as evidence by the logic. We call this principle freedom of speech: whereas proofs themselves must terminate, they must be allowed to reason about any function a programmer might write. To retain consistency, the Trellys type system keeps track of where potentially non-terminating computations may appear, so that it can prevent them from being used as proofs
Termination Proofs for Logic Programs with Tabling
Tabled logic programming is receiving increasing attention in the Logic
Programming community. It avoids many of the shortcomings of SLD execution and
provides a more flexible and often extremely efficient execution mechanism for
logic programs. In particular, tabled execution of logic programs terminates
more often than execution based on SLD-resolution. In this article, we
introduce two notions of universal termination of logic programming with
Tabling: quasi-termination and (the stronger notion of) LG-termination. We
present sufficient conditions for these two notions of termination, namely
quasi-acceptability and LG-acceptability, and we show that these conditions are
also necessary in case the tabling is well-chosen. Starting from these
conditions, we give modular termination proofs, i.e., proofs capable of
combining termination proofs of separate programs to obtain termination proofs
of combined programs. Finally, in the presence of mode information, we state
sufficient conditions which form the basis for automatically proving
termination in a constraint-based way.Comment: 48 pages, 6 figures, submitted to ACM Transactions on Computational
Logic (TOCL
Combining Proofs and Programs in a Dependently Typed Language
Most dependently-typed programming languages either require that all expressions terminate (e.g. Coq, Agda, and Epigram), or allow infinite loops but are inconsistent when viewed as logics (e.g. Haskell, ATS, mega). Here, we combine these two approaches into a single dependently-typed core language. The language is composed of two fragments that share a common syntax and overlapping semantics: a logic that guarantees total correctness, and a call-by-value programming language that guarantees type safety but not termination. The two fragments may interact: logical expressions may be used as programs; the logic may soundly reason about potentially nonterminating programs; programs can require logical proofs as arguments; and “mobile” program values, including proofs computed at runtime, may be used as evidence by the logic. This language allows programmers to work with total and partial functions uniformly, providing a smooth path from functional programming to dependently-typed programming. Categories and Subject Descriptors D.3.1 [Programming Languages]: Formal Definitions and Theory Keywords Dependent types; Termination; General recursio
Reasoning about functional programs by combining interactive and automatic proofs
We propose a new approach to computer-assisted verification of lazy
functional programs where functions can be defined by general
recursion. We work in first-order theories of functional programs
which are obtained by translating Dybjer's programming logic
(Dybjer, P. [1985]. Program Verification in a Logical Theory of
Constructions. In: Functional Programming Languages and Computer
Architecture. Ed. by Jouannaud, J. P. Vol. 201. Lecture Notes in
Computer Science. Springer, pp. 334–349) into a first-order theory,
and by extending this programming logic with new (co-)inductive
predicates. Rather than building a special purpose system, we
formalise our theories in Agda, a proof assistant for dependent type
theory which can be used as a generic theorem prover. Agda provides
support for interactive reasoning by representing first-order theories
using the propositions-as-types principle. Further support is provided
by off-the-shelf automatic theorem provers for first-order-logic
called by a Haskell program that translates our Agda representations
of first-order formulae into the TPTP language understood by the
provers. We show some examples where we combine interactive and
automatic reasoning, covering both proofs by induction and
co-induction. The examples include functions defined by structural
recursion, simple general recursion, nested recursion, higher-order
recursion, guarded and unguarded co-recursion.Proponemos un nuevo enfoque a la verificación asistida por computador de programas funcionales perezosos, en los cuales las funciones pueden ser definidas por recursión general. Empleamos teorías de primer orden para programas funcionales las cuales fueron obtenidas de traducir la lógica para la programación de Dybjer (Dybjer, P. [1985]. Program Verification in a Logical Theory of Constructions. En: Functional Programming Languages and Computer Architecture. Ed. by Jouannaud,
J.-P. Vol. 201. Lecture Notes in Computer Science. Springer,
págs. 334–349) a una teoría de primer orden, y de extender esta lógica para la programación con nuevos predicados (co-)inductivos. En lugar de construir un sistema para formalizar nuestras teorías, formalizamos éstas en Agda, un asistente de pruebas para teoría de tipos dependientes que puede ser usado como un demostrador de teoremas genérico. Agda proporciona soporte para el razonamiento interactivo representando las teorías de primer orden mediante el principio de propositions-as-types. Se obtiene soporte adicional mediante demostradores automáticos de teoremas genéricos para lógica de primer orden, los cuales son llamados por un programa desarrollado en Haskell, que traslada nuestra representación en Agda de las fórmulas de primer orden al lenguaje TPTP entendido por los demostradores automáticos. Mostramos ejemplos de combinación de razonamiento interactivo y automático en pruebas por inducción y por co-inducción. Nuestros ejemplos incluyen funciones definidas por recursión estructural, recursión general simple, recursión anidada, recursión de orden superior y co-recursión
Synthesizing Certified Code
Code certification is a lightweight approach for formally demonstrating software quality. Its basic idea is to require code producers to provide formal proofs that their code satisfies certain quality properties. These proofs serve as certificates that can be checked independently. Since code certification uses the same underlying technology as program verification, it requires detailed annotations (e.g., loop invariants) to make the proofs possible. However, manually adding annotations to the code is time-consuming and error-prone. We address this problem by combining code certification with automatic program synthesis. Given a high-level specification, our approach simultaneously generates code and all annotations required to certify the generated code. We describe a certification extension of AutoBayes, a synthesis tool for automatically generating data analysis programs. Based on built-in domain knowledge, proof annotations are added and used to generate proof obligations that are discharged by the automated theorem prover E-SETHEO. We demonstrate our approach by certifying operator- and memory-safety on a data-classification program. For this program, our approach was faster and more precise than PolySpace, a commercial static analysis tool
A Two-Level Linear Dependent Type Theory
We present a type theory combining both linearity and dependency by
stratifying typing rules into a level for logics and a level for programs. The
distinction between logics and programs decouples their semantics, allowing the
type system to assume tight resource bounds. A natural notion of irrelevancy is
established where all proofs and types occurring inside programs are fully
erasable without compromising their operational behavior. Through a heap-based
operational semantics, we show that extracted programs always make
computational progress and run memory clean. Additionally, programs can be
freely reflected into the logical level for conducting deep proofs in the style
of standard dependent type theories. This enables one to write resource safe
programs and verify their correctness using a unified language
Work it, wrap it, fix it, fold it
The worker/wrapper transformation is a general-purpose technique for refactoring recursive programs to improve their performance. The two previous approaches to formalising the technique were based upon different recursion operators and different correctness conditions. In this paper we show how these two approaches can be generalised in a uniform manner by combining their correctness conditions, extend the theory with new conditions that are both necessary and sufficient to ensure the correctness of the worker/wrapper technique, and explore the benefits that result. All the proofs have been mechanically verified using the Agda system
Combining k-Induction with Continuously-Refined Invariants
Bounded model checking (BMC) is a well-known and successful technique for
finding bugs in software. k-induction is an approach to extend BMC-based
approaches from falsification to verification. Automatically generated
auxiliary invariants can be used to strengthen the induction hypothesis. We
improve this approach and further increase effectiveness and efficiency in the
following way: we start with light-weight invariants and refine these
invariants continuously during the analysis. We present and evaluate an
implementation of our approach in the open-source verification-framework
CPAchecker. Our experiments show that combining k-induction with
continuously-refined invariants significantly increases effectiveness and
efficiency, and outperforms all existing implementations of k-induction-based
software verification in terms of successful verification results.Comment: 12 pages, 5 figures, 2 tables, 2 algorithm
On the Implementation of the Probabilistic Logic Programming Language ProbLog
The past few years have seen a surge of interest in the field of
probabilistic logic learning and statistical relational learning. In this
endeavor, many probabilistic logics have been developed. ProbLog is a recent
probabilistic extension of Prolog motivated by the mining of large biological
networks. In ProbLog, facts can be labeled with probabilities. These facts are
treated as mutually independent random variables that indicate whether these
facts belong to a randomly sampled program. Different kinds of queries can be
posed to ProbLog programs. We introduce algorithms that allow the efficient
execution of these queries, discuss their implementation on top of the
YAP-Prolog system, and evaluate their performance in the context of large
networks of biological entities.Comment: 28 pages; To appear in Theory and Practice of Logic Programming
(TPLP
Step-Indexed Normalization for a Language with General Recursion
The Trellys project has produced several designs for practical dependently
typed languages. These languages are broken into two
fragments-a_logical_fragment where every term normalizes and which is
consistent when interpreted as a logic, and a_programmatic_fragment with
general recursion and other convenient but unsound features. In this paper, we
present a small example language in this style. Our design allows the
programmer to explicitly mention and pass information between the two
fragments. We show that this feature substantially complicates the metatheory
and present a new technique, combining the traditional Girard-Tait method with
step-indexed logical relations, which we use to show normalization for the
logical fragment.Comment: In Proceedings MSFP 2012, arXiv:1202.240
- …