12 research outputs found
A Constructive Framework for Galois Connections
Abstract interpretation-based static analyses rely on abstract domains of
program properties, such as intervals or congruences for integer variables.
Galois connections (GCs) between posets provide the most widespread and useful
formal tool for mathematically specifying abstract domains. Recently, Darais
and Van Horn [2016] put forward a notion of constructive Galois connection for
unordered sets (rather than posets), which allows to define abstract domains in
a so-called mechanized and calculational proof style and therefore enables the
use of proof assistants like Coq and Agda for automatically extracting verified
algorithms of static analysis. We show here that constructive GCs are
isomorphic, in a precise and comprehensive meaning including sound abstract
functions, to so-called partitioning GCs--an already known class of GCs which
allows to cast standard set partitions as an abstract domain. Darais and Van
Horn [2016] also provide a notion of constructive GC for posets, which we prove
to be isomorphic to plain GCs and therefore lose their constructive attribute.
Drawing on these findings, we put forward and advocate the use of purely
partitioning GCs, a novel class of constructive abstract domains for a
mechanized approach to abstract interpretation. We show that this class of
abstract domains allows us to represent a set partition with more flexibility
while retaining a constructive approach to Galois connections
Mechanizing Abstract Interpretation
It is important when developing software to verify the absence of undesirable
behavior such as crashes, bugs and security vulnerabilities. Some settings
require high assurance in verification results, e.g., for embedded software in
automobiles or airplanes. To achieve high assurance in these verification
results, formal methods are used to automatically construct or check proofs of
their correctness. However, achieving high assurance for program analysis
results is challenging, and current methods are ill suited for both complex
critical domains and mainstream use.
To verify the correctness of software we consider program analyzers---automated
tools which detect software defects---and to achieve high assurance in
verification results we consider mechanized verification---a rigorous process
for establishing the correctness of program analyzers via computer-checked
proofs.
The key challenges to designing verified program analyzers are: (1) achieving
an analyzer design for a given programming language and correctness property;
(2) achieving an implementation for the design; and (3) achieving a mechanized
verification that the implementation is correct w.r.t. the design. The state of
the art in (1) and (2) is to use abstract interpretation: a guiding
mathematical framework for systematically constructing analyzers directly from
programming language semantics. However, achieving (3) in the presence of
abstract interpretation has remained an open problem since the late 1990's.
Furthermore, even the state-of-the art which achieves (3) in the absence of
abstract interpretation suffers from the inability to be reused in the presence
of new analyzer designs or programming language features.
First, we solve the open problem which has prevented the combination of
abstract interpretation (and in particular, calculational abstract
interpretation) with mechanized verification, which advances the state of the
art in designing, implementing, and verifying analyzers for critical software.
We do this through a new mathematical framework Constructive Galois Connections
which supports synthesizing specifications for program analyzers, calculating
implementations from these induced specifications, and is amenable to
mechanized verification.
Finally, we introduce reusable components for implementing analyzers for a wide
range of designs and semantics. We do this though two new frameworks Galois
Transformers and Definitional Abstract Interpreters. These frameworks tightly
couple analyzer design decisions, implementation fragments, and verification
properties into compositional components which are (target)
programming-language independent and amenable to mechanized verification.
Variations in the analysis design are then recovered by simply re-assembling
the combination of components. Using this framework, sophisticated program
analyzers can be assembled by non-experts, and the result are guaranteed to be
verified by construction
On the existence of right adjoints for surjective mappings between fuzzy structures0
En este trabajo los autores continúan su estudio de la caracterización de la existencia de adjunciones (conexiones de Galois isótonas) cuyo codominio no está dotado de estructura en principio. En este artículo se considera el caso difuso en el que se tiene un orden difuso R definido en un conjunto A y una aplicación sobreyectiva f:A-> B compatible respecto de dos relaciones de similaridad definidas en el dominio A y en el condominio B, respectivamente. Concretamente, el problema es encontrar un orden difuso S en B y una aplicación g:B-> A compatible también con las correspondientes similaridades definidas en A y en B, de tal forma que el par (f,g) constituya un adjunción
On the Existence of Right Adjoints for Surjective Mappings between Fuzzy Structures
Abstract. We continue our study of the characterization of existence of adjunctions (isotone Galois connections) whose codomain is insufficiently structured. This paper focuses on the fuzzy case in which we have a fuzzy ordering ρA on A and a surjective mapping f : A, ≈A → B, ≈B compatible with respect to the fuzzy equivalences ≈A and ≈B. Specifically, the problem is to find a fuzzy ordering ρB and a compatible mapping g : B, ≈B → A, ≈A such that the pair (f, g) is a fuzzy adjunction
Implication operators generating pairs of weak negations and their algebraic structure
Negations operators have been developed and applied in many fields such as image processing, decision making, mathematical morphology, fuzzy logic, etc. One of the most effective non-monotonic operators are weak negations. This paper studies the algebraic structure and the characterization of the adjoint triples and Galois implication pairs which provides a fixed pair of weak negations. The obtained results allow the user to select the best conjunctor and implications associated with the most suitable negation to be used in the computations of the problem to be solved.Partially supported by the State Research Agency (AEI) and the European Regional Development Fund (ERDF) project TIN2016-76653-P, European Cooperation in Science & Technology (COST) Action CA17124
Transport via Partial Galois Connections and Equivalences
Multiple types can represent the same concept. For example, lists and trees
can both represent sets. Unfortunately, this easily leads to incomplete
libraries: some set-operations may only be available on lists, others only on
trees. Similarly, subtypes and quotients are commonly used to construct new
type abstractions in formal verification. In such cases, one often wishes to
reuse operations on the representation type for the new type abstraction, but
to no avail: the types are not the same.
To address these problems, we present a new framework that transports
programs via equivalences. Existing transport frameworks are either designed
for dependently typed, constructive proof assistants, use univalence, or are
restricted to partial quotient types. Our framework (1) is designed for simple
type theory, (2) generalises previous approaches working on partial quotient
types, and (3) is based on standard mathematical concepts, particularly Galois
connections and equivalences. We introduce the notion of partial Galois
connections and equivalences and prove their closure properties under
(dependent) function relators, (co)datatypes, and compositions. We formalised
the framework in Isabelle/HOL and provide a prototype.
This is the extended version of "Transport via Partial Galois Connections and
Equivalences", 21st Asian Symposium on Programming Languages and Systems, 2023.Comment: 18 pages; will appear at 21st Asian Symposium on Programming
Languages and Systems, 202
Imperative functional programs that explain their work
Program slicing provides explanations that illustrate how program outputs
were produced from inputs. We build on an approach introduced in prior work by
Perera et al., where dynamic slicing was defined for pure higher-order
functional programs as a Galois connection between lattices of partial inputs
and partial outputs. We extend this approach to imperative functional programs
that combine higher-order programming with references and exceptions. We
present proofs of correctness and optimality of our approach and a
proof-of-concept implementation and experimental evaluation.Comment: Full version of ICFP 2017 paper, with appendice