The automated proof of a trace transformation for a bitonic sort

AbstractIn his third volume of The Art of Computer Programming, Knuth presents Batcher's bitonic sorting network. With concurrency, this sorting network can be executed in logarithmic time. Knuth suggests a formal argument for the correctness of the bitonic sorting algorithm (as an exercise), but addresses the question of concurrency only informally. We develop a program for the bitonic sort by (1) deriving a stepwise refinement from Knuth's informal description of the algorithm, (2) deriving from the refinement a sequential execution or ‘trace’ of order O (n log n) in the length n of the sequence to be sorted, and (3) transforming the sequential trace into a parallel trace of order O(log n) while preserving its semantics. We shall be informal in Steps 1 and 2—although these steps can be formalized. But we will provide a formal treatment of Step 3 and report on the certification of this treatment in a mechanized logic. This work is a contribution to the optimization of programs (via concurrency) through transformation and the automation of program proofs

A Fully Verified Executable LTL Model Checker

International audienceWe present an LTL model checker whose code has been completely verified using the Isabelle theorem prover. The checker consists of over 4000 lines of ML code. The code is produced using recent Isabelle technology called the Refinement Framework, which allows us to split its correctness proof into (1) the proof of an abstract version of the checker, consisting of a few hundred lines of “formalized pseudocode”, and (2) a verified refinement step in which mathematical sets and other abstract structures are replaced by implementations of efficient structures like red-black trees and functional arrays. This leads to a checker that, while still slower than unverified checkers, can already be used as a trusted reference implementation against which advanced implementations can be tested. We report on the structure of the checker, the development process, and some experiments on standard benchmarks

Specification and refinement of discrete timing properties in Event-B

Event-B is a formal language for systems modeling, based on set theoryand predicate logic. It has the advantage of mechanized proof, and it is possible tomodel a system in several levels of abstraction by using refinement. Discrete timingproperties are important in many critical systems. However, modeling of timingproperties is not directly supported in Event-B. In this paper we identify three maincategories of discrete timing properties for trigger-response pattern, deadline, delayand expiry. We introduce language constructs for each of these timing properties thataugment the Event-B language. We describe how these constructs can be mappedto standard Event-B constructs. To ease the process of using the timing constructsin a refinement-based development, we introduce patterns for refining the timingconstructs that allow timing properties on abstract models to be replaced by timingproperties on refined models. The language constructs and refinement patternsare illustrated through some generic examples. Event-B refinement allows atomicevents at the abstract level to be broken down into sub-steps at the refined level.The goal of our refinement patterns is to provide an easy way to represent and correctlyrefine timing constraints on abstract atomic events with more elaborate timingconstraints on the refined events. This paper presents an initial set of patterns

Fiat: Deductive Synthesis of Abstract Data Types in a Proof Assistant

We present Fiat, a library for the Coq proof assistant supporting refinement of declarative specifications into efficient functional programs with a high degree of automation. Each refinement process leaves a proof trail, checkable by the normal Coq kernel, justifying its soundness. We focus on the synthesis of abstract data types that package methods with private data. We demonstrate the utility of our framework by applying it to the synthesis of query structures--abstract data types with SQL-like query and insert operations. Fiat includes a library for writing specifications of query structures in SQL-inspired notation, expressing operations over relations (tables) in terms of mathematical sets. This library includes a suite of tactics for automating the refinement of specifications into efficient, correct- by-construction OCaml code. Using these tactics, a programmer can generate such an implementation completely automatically by only specifying the equivalent of SQL indexes, data structures capturing useful views of the abstract data. Throughout we speculate on the new programming modularity possibilities enabled by an automated refinement system with proved-correct rules. “Every block of stone has a statue inside it and it is the task of the sculptor to discover it.”--MichelangeloNational Science Foundation (U.S.) (NSF grant CCF-1253229)United States. Defense Advanced Research Projects Agency (DARPA, agreement number FA8750-12-2- 0293