A Comparative Study of Coq and HOL

This paper illustrates the differences between the style of theory mechanisation of Coq and of HOL. This comparative study is based on the mechanisation of fragments of the theory of computation in these systems. Examples from these implementations are given to support some of the arguments discussed in this paper. The mechanisms for specifying definitions and for theorem proving are discussed separately, building in parallel two pictures of the different approaches of mechanisation given by these systems

Formalizing Functions as Processes

We present the first formalization of Milner’s classic translation of the λ-calculus into the π-calculus. It is a challenging result with respect to variables, names, and binders, as it requires one to relate variables and binders of the λ-calculus with names and binders in the π-calculus. We formalize it in Abella, merging the set of variables and the set of names, thus circumventing the challenge and obtaining a neat formalization. About the translation, we follow Accattoli’s factoring of Milner’s result via the linear substitution calculus, which is a λ-calculus with explicit substitutions and contextual rewriting rules, mediating between the λ-calculus and the π-calculus. Another aim of the formalization is to investigate to which extent the use of contexts in Accattoli’s refinement can be formalized

Hardware-Independent Proofs of Numerical Programs

On recent architectures, a numerical program may give different answers depending on the execution hardware and the compilation. Our goal is to formally prove properties about numerical programs that are true for multiple architectures and compilers. We propose an approach that states the rounding error of each floating-point computation whatever the environment. This approach is implemented in the Frama-C platform for static analysis of C code. Small case studies using this approach are entirely and automatically prove

Machine learning for function synthesis

Function synthesis is the process of automatically constructing functions that satisfy a given specification. The space of functions as well as the format of the specifications vary greatly with each area of application. In this thesis, we consider synthesis in the context of satisfiability modulo theories. Within this domain, the goal is to synthesise mathematical expressions that adhere to abstract logical formulas. These types of synthesis problems find many applications in the field of computer-aided verification. One of the main challenges of function synthesis arises from the combinatorial explosion in the number of potential candidates within a certain size. The hypothesis of this thesis is that machine learning methods can be applied to make function synthesis more tractable. The first contribution of this thesis is a Monte-Carlo based search method for function synthesis. The search algorithm uses machine learned heuristics to guide the search. This is part of a reinforcement learning loop that trains the machine learning models with data generated from previous search attempts. To increase the set of benchmark problems to train and test synthesis methods, we also present a technique for generating synthesis problems from pre-existing satisfiability modulo theories problems. We implement the Monte-Carlo based synthesis algorithm and evaluate it on standard synthesis benchmarks as well as our newly generated benchmarks. An experimental evaluation shows that the learned heuristics greatly improve on the baseline without trained models. Furthermore, the machine learned guidance demonstrates comparable performance to CVC5 and, in some experiments, even surpasses it. Next, this thesis explores the application of machine learning to more restricted function synthesis domains. We hypothesise that narrowing the scope enables the use of machine learning techniques that are not possible in the general setting. We test this hypothesis by considering the problem of ranking function synthesis. Ranking functions are used in program analysis to prove termination of programs by mapping consecutive program states to decreasing elements of a well-founded set. The second contribution of this dissertation is a novel technique for synthesising ranking functions, using neural networks. The key insight is that instead of synthesising a mathematical expression that represents a ranking function, we can train a neural network to act as a ranking function. Hence, the synthesis procedure is replaced by neural network training. We introduce Neural Termination Analysis as a framework that leverages this. We train neural networks from sampled execution traces of the program we want to prove terminating. We enforce the synthesis specifications of ranking functions using the loss function and network design. After training, we use symbolic reasoning to formally verify that the resulting function is indeed a correct ranking function for the target program. We demonstrate that our method succeeds in synthesising ranking functions for programs that are beyond the reach of state-of-the-art tools. This includes programs with disjunctions and non-linear expressions in the loop guards

Partiality and Recursion in Interactive Theorem Provers - An Overview

To appearInternational audienceThe use of interactive theorem provers to establish the correctness of critical parts of a software development or for formalising mathematics is becoming more common and feasible in practice. However, most mature theorem provers lack a direct treatment of partial and general recursive functions; overcoming this weakness has been the objective of intensive research during the last decades. In this article, we review many techniques that have been proposed in the literature to simplify the formalisation of partial and general recursive functions in interactive theorem provers. Moreover, we classify the techniques according to their theoretical basis and their practical use. This uniform presentation of the different techniques facilitates the comparison and highlights their commonalities and differences, as well as their relative advantages and limitations. We focus on theorem provers based on constructive type theory (in particular, Agda and Coq) and higher-order logic (in particular Isabelle/HOL). Other systems and logics are covered to a certain extent, but not exhaustively. In addition to the description of the techniques, we also demonstrate tools which facilitate working with the problematic functions in particular theorem provers

Proceedings of the Second NASA Formal Methods Symposium

This publication contains the proceedings of the Second NASA Formal Methods Symposium sponsored by the National Aeronautics and Space Administration and held in Washington D.C. April 13-15, 2010. Topics covered include: Decision Engines for Software Analysis using Satisfiability Modulo Theories Solvers; Verification and Validation of Flight-Critical Systems; Formal Methods at Intel -- An Overview; Automatic Review of Abstract State Machines by Meta Property Verification; Hardware-independent Proofs of Numerical Programs; Slice-based Formal Specification Measures -- Mapping Coupling and Cohesion Measures to Formal Z; How Formal Methods Impels Discovery: A Short History of an Air Traffic Management Project; A Machine-Checked Proof of A State-Space Construction Algorithm; Automated Assume-Guarantee Reasoning for Omega-Regular Systems and Specifications; Modeling Regular Replacement for String Constraint Solving; Using Integer Clocks to Verify the Timing-Sync Sensor Network Protocol; Can Regulatory Bodies Expect Efficient Help from Formal Methods?; Synthesis of Greedy Algorithms Using Dominance Relations; A New Method for Incremental Testing of Finite State Machines; Verification of Faulty Message Passing Systems with Continuous State Space in PVS; Phase Two Feasibility Study for Software Safety Requirements Analysis Using Model Checking; A Prototype Embedding of Bluespec System Verilog in the PVS Theorem Prover; SimCheck: An Expressive Type System for Simulink; Coverage Metrics for Requirements-Based Testing: Evaluation of Effectiveness; Software Model Checking of ARINC-653 Flight Code with MCP; Evaluation of a Guideline by Formal Modelling of Cruise Control System in Event-B; Formal Verification of Large Software Systems; Symbolic Computation of Strongly Connected Components Using Saturation; Towards the Formal Verification of a Distributed Real-Time Automotive System; Slicing AADL Specifications for Model Checking; Model Checking with Edge-valued Decision Diagrams; and Data-flow based Model Analysis

Annual Report of the University, 2007-2008, Volumes 1-6

Project Summary and Goals Historically, affirmative action policies have evolved from initial programs aimed at providing equal educational opportunities to all students, to the legitimacy of programs that are aimed at achieving diversity in higher education. In June 2003, a U.S. Supreme Court ruling on affirmative action pushed higher education across the threshold toward creating a new paradigm for diversity in the 21 51 century. The court clearly stale that affirmative action is still viable but that our institutions must reconsider our traditional concepts for building diversity in the next few decades. This shift in historical context of diversity in our society has led to an important objective: If a diverse student body is an essential factor in a quality higher education, then it is imperative that elementary, secondary and undergraduate schools fulfill their missions to successfully educate a diverse population. In NM, the success of graduate programs depends on the state\u27s P-12 schools, the community and institutions of higher education, and their shared task of educating all students. Further, when the lens in broadened to view the entire P - 20 educational pipeline, it becomes apparent that the loss of students from elementary school to high school is enormous, constricting the number of students who go on to college. Not only are these of concern to what is happening in terms of their academic education but as well in terms of the communities that are affected to make critical decision and become and stay involved in the political and policy world that affects them. Guiding Principles Engaging Latino Communities for Education New Mexico (ENLACE NM) is a statewide collaboration of gente who represent the voices of underrepresented children and families- people who have historically not had a say in policy initiatives that directly impact them and their communities. Therefore, they, and others from our community, are at the forefront of this initiative. We have developed this collaboration based on a process that empowers these communities to find their voice in the pursuit of social justice and educational access, equity and success

A Conflictive Triuvirate Consruct of Epidemiologic Systems Failure

Epidemiologic systems failure (ESF) is a major hurdle in minimizing the spread of infectious diseases during outbreaks. The reasons for ESF include the technical limitation of personnel handling epidemic crises, strictly defined health policies that limit the actions of epidemiologists, and personal perspective\u27s reservations towards the intentions of health agencies. The purpose of this triumvirate mixed-methods case study was to examine factors of infectious disease control mechanisms useful for determining ESF. Three juxtaposed pre-emptive factors (technical [T], organizational [O], and personal [P] perspectives were used to determine how the multiple perspectives inquiring systems and fuzzy logic revealed factors causing ESF so that remedial tools may be constructed. The juxtaposed ESF-TOP model formed the research theoretical framework and allowed for clustering the ESF factors. Data sources were direct quotations from TOP based secondary data of 4 well-publicized participants; who had Ebola, HIV-AIDS, Tuberculosis, or Typhoid disease; and randomized quantitative TOP hypothetical data sets were created with Microsoft Excel software and used to model an Ebola outbreak of 10 theoretical subjects. Data were analyzed using TOP guidelines from which T, O, and P perspective themes emerged. The findings indicated that a disjointed TOP perspective specifies a serious ESF, a strictly overlapped TOP indicates an effective containment of ESF, and the overall fuzzy set with T given O and P indicates the actual ESF. The findings may result in positive social change by helping epidemiologists identify critical outbreak control factors which may minimize the outbreak impact

A Conflictive Triuvirate Consruct of Epidemiologic Systems Failure

Epidemiologic systems failure (ESF) is a major hurdle in minimizing the spread of infectious diseases during outbreaks. The reasons for ESF include the technical limitation of personnel handling epidemic crises, strictly defined health policies that limit the actions of epidemiologists, and personal perspective\u27s reservations towards the intentions of health agencies. The purpose of this triumvirate mixed-methods case study was to examine factors of infectious disease control mechanisms useful for determining ESF. Three juxtaposed pre-emptive factors (technical [T], organizational [O], and personal [P] perspectives were used to determine how the multiple perspectives inquiring systems and fuzzy logic revealed factors causing ESF so that remedial tools may be constructed. The juxtaposed ESF-TOP model formed the research theoretical framework and allowed for clustering the ESF factors. Data sources were direct quotations from TOP based secondary data of 4 well-publicized participants; who had Ebola, HIV-AIDS, Tuberculosis, or Typhoid disease; and randomized quantitative TOP hypothetical data sets were created with Microsoft Excel software and used to model an Ebola outbreak of 10 theoretical subjects. Data were analyzed using TOP guidelines from which T, O, and P perspective themes emerged. The findings indicated that a disjointed TOP perspective specifies a serious ESF, a strictly overlapped TOP indicates an effective containment of ESF, and the overall fuzzy set with T given O and P indicates the actual ESF. The findings may result in positive social change by helping epidemiologists identify critical outbreak control factors which may minimize the outbreak impact