142 research outputs found
Proof Planning Coinduction
Centre for Intelligent Systems and their ApplicationsCoinduction is a proof rule which is the dual of induction. It allows reasoning about non-well-founded sets and is of particular use for reasoning about equivalences.In this thesis I present an automation of coinductive theorem proving. This automation is based on the ideas of proof planning [Bundy 88]. Proof planning as the name suggests, plans the higher level steps in a proof without performing the formal checking which is also required for a verification. The automation has focused on the use of coinduction to prove the equivalence of programs in a small lazy functional language which is similar to Haskell.One of the hardest parts in a coinductive proof is the choice of a relation, called a bisimulation. The automation here described makes an initial simplified guess at a bisimulation and then uses critics, revisions based on failure, and generalisation techniques to refine this guess.The proof plan for coinduction and the critic have been implemented in CLAM [Bundy et al 90b] with encouraging results. The planner has been successfully tested on a number of theorems. Comparison of the proof planner for coinduction with the proof plan for induction implemented in CLAM has gighlighted a number of equivalences and dualities in the process of these proofs and has also suggested improvements to both systems.This work has demonstrated not only the possibility of fully automated theorem provers for coinduction but has also demonstrated the uses of proof planning for comparison of proof techniques.This work has demonstrated not only the possibility of fully automated theorem provers for coinduction but has also demonstrated the uses of proof planning for comparison of proof techniques
Using a generalisation critic to find bisimulations for coinductive proofs
Coinduction is a method of growing importance in reasoning about functional languages, due to the increasing prominence of lazy data structures. Through the use of bisimulations and proofs that observational equivalence is a congruence in various domains it can be used to proof the congruence of two processes. Several proof tools have been developed to aid coinductive proofs but all require user interaction. Crucially they require the user to supply an appropriate relation which the system can then prove to be a bisimulation. A method is proposed which uses the idea of proof plans to make a heuristic guess at a suitable relation. If the proof fails for that relation the reasons for failure are analysed using a proof critic and a new relation is proposed to allow the proof to go through
Coiterative Morphisms: Interactive Equational Reasoning for Bisimulation, using Coalgebras
ter: SEN 3
Abstract: We study several techniques for interactive equational reasoning with the bisimulation equivalence. Our work is based on a modular library, formalised in Coq, that axiomatises weakly final coalgebras and bisimulation. As a theory we derive some coalgebraic schemes and an associated coinduction principle. This will help in interactive proofs by coinduction, modular derivation of congruence and co-fixed point equations and enables an extensional treatment of bisimulation. Finally we present a version of the lambda-coinduction proof principle in our framework
Modeling Infinite Behaviour by Corules
open3openDavide Ancona; Francesco Dagnino; Elena ZuccaAncona, Davide; Dagnino, Francesco; Zucca, Elen
Parametric trace expressions for runtime verification of Java-like programs
Parametric trace expressions are a formalism expressly designed for parametric runtime verification (RV) which has been introduced and successfully employed in the context of runtime monitoring of multiagent systems. Trace expressions are built on the general notion of event type, which allows them to be adopted in different contexts. In this paper we show how trace expressions can be used for conveniently specifying the expected behavior of a Java-like program to be monitored at runtime. Furthermore, we investigate the basic properties of the primitive operators on which trace expressions are coinductively defined in terms of a labeled transition system; this provides a basis for formal reasoning about equivalence of trace expressions and for adopting useful optimization techniques to speed up runtime verification
A Proof Strategy Language and Proof Script Generation for Isabelle/HOL
We introduce a language, PSL, designed to capture high level proof strategies
in Isabelle/HOL. Given a strategy and a proof obligation, PSL's runtime system
generates and combines various tactics to explore a large search space with low
memory usage. Upon success, PSL generates an efficient proof script, which
bypasses a large part of the proof search. We also present PSL's monadic
interpreter to show that the underlying idea of PSL is transferable to other
ITPs.Comment: This paper has been submitted to CADE2
Partially Typed Multiparty Sessions
A multiparty session formalises a set of concurrent communicating
participants. We propose a type system for multiparty sessions where some
communications between participants can be ignored. This allows us to type some
sessions with global types representing interesting protocols, which have no
type in the standard type systems. Our type system enjoys Subject Reduction,
Session Fidelity and "partial" Lock-freedom. The last property ensures the
absence of locks for participants with non ignored communications. A sound and
complete type inference algorithm is also discussed.Comment: In Proceedings ICE 2023, arXiv:2308.0892
Ain't No Stopping Us Monitoring Now
Not all properties are monitorable. This is a well-known fact, and it means
there exist properties that cannot be fully verified at runtime. However, given
a non-monitorable property, a monitor can still be synthesised, but it could
end up in a state where no verdict will ever be concluded on the satisfaction
(resp., violation) of the property. For this reason, non-monitorable properties
are usually discarded. In this paper, we carry out an in-depth analysis on
monitorability, and how non-monitorable properties can still be partially
verified. We present our theoretical results at a semantic level, without
focusing on a specific formalism. Then, we show how our theory can be applied
to achieve partial runtime verification of Linear Temporal Logic (LTL)
- âŠ