Getting results from programs extracted from classical proofs

AbstractWe present a new method to extract from a classical proof of ∀x(I[x]→∃y(O[y]∧S[x,y])) a program computing y from x. This method applies when O is a data type and S is a decidable predicate. Algorithms extracted this way are often far better than a stupid enumeration of all the possible outputs and this is verified on a nontrivial example: a proof of Dickson's lemma

Formal Verification of Security Protocol Implementations: A Survey

Automated formal verification of security protocols has been mostly focused on analyzing high-level abstract models which, however, are significantly different from real protocol implementations written in programming languages. Recently, some researchers have started investigating techniques that bring automated formal proofs closer to real implementations. This paper surveys these attempts, focusing on approaches that target the application code that implements protocol logic, rather than the libraries that implement cryptography. According to these approaches, libraries are assumed to correctly implement some models. The aim is to derive formal proofs that, under this assumption, give assurance about the application code that implements the protocol logic. The two main approaches of model extraction and code generation are presented, along with the main techniques adopted for each approac

Certified Impossibility Results for Byzantine-Tolerant Mobile Robots

We propose a framework to build formal developments for robot networks using the COQ proof assistant, to state and to prove formally various properties. We focus in this paper on impossibility proofs, as it is natural to take advantage of the COQ higher order calculus to reason about algorithms as abstract objects. We present in particular formal proofs of two impossibility results forconvergence of oblivious mobile robots if respectively more than one half and more than one third of the robots exhibit Byzantine failures, starting from the original theorems by Bouzid et al.. Thanks to our formalization, the corresponding COQ developments are quite compact. To our knowledge, these are the first certified (in the sense of formally proved) impossibility results for robot networks

Formal Proof of SCHUR Conjugate Function

The main goal of our work is to formally prove the correctness of the key commands of the SCHUR software, an interactive program for calculating with characters of Lie groups and symmetric functions. The core of the computations relies on enumeration and manipulation of combinatorial structures. As a first "proof of concept", we present a formal proof of the conjugate function, written in C. This function computes the conjugate of an integer partition. To formally prove this program, we use the Frama-C software. It allows us to annotate C functions and to generate proof obligations, which are proved using several automated theorem provers. In this paper, we also draw on methodology, discussing on how to formally prove this kind of program.Comment: To appear in CALCULEMUS 201

Buying Logical Principles with Ontological Coin: The Metaphysical Lessons of Adding epsilon to Intuitionistic Logic

We discuss the philosophical implications of formal results showing the con- sequences of adding the epsilon operator to intuitionistic predicate logic. These results are related to Diaconescu’s theorem, a result originating in topos theory that, translated to constructive set theory, says that the axiom of choice (an “existence principle”) implies the law of excluded middle (which purports to be a logical principle). As a logical choice principle, epsilon allows us to translate that result to a logical setting, where one can get an analogue of Diaconescu’s result, but also can disentangle the roles of certain other assumptions that are hidden in mathematical presentations. It is our view that these results have not received the attention they deserve: logicians are unlikely to read a discussion because the results considered are “already well known,” while the results are simultaneously unknown to philosophers who do not specialize in what most philosophers will regard as esoteric logics. This is a problem, since these results have important implications for and promise signif i cant illumination of contem- porary debates in metaphysics. The point of this paper is to make the nature of the results clear in a way accessible to philosophers who do not specialize in logic, and in a way that makes clear their implications for contemporary philo- sophical discussions. To make the latter point, we will focus on Dummettian discussions of realism and anti-realism. Keywords: epsilon, axiom of choice, metaphysics, intuitionistic logic, Dummett, realism, antirealis

Meta-F*: Proof Automation with SMT, Tactics, and Metaprograms

We introduce Meta-F*, a tactics and metaprogramming framework for the F* program verifier. The main novelty of Meta-F* is allowing the use of tactics and metaprogramming to discharge assertions not solvable by SMT, or to just simplify them into well-behaved SMT fragments. Plus, Meta-F* can be used to generate verified code automatically. Meta-F* is implemented as an F* effect, which, given the powerful effect system of F*, heavily increases code reuse and even enables the lightweight verification of metaprograms. Metaprograms can be either interpreted, or compiled to efficient native code that can be dynamically loaded into the F* type-checker and can interoperate with interpreted code. Evaluation on realistic case studies shows that Meta-F* provides substantial gains in proof development, efficiency, and robustness.Comment: Full version of ESOP'19 pape