Readable semi-automatic formal proofs of Depth-First Search in graphs using Why3

Quite often formal proofs are not published in conferences or journal articles, because formal proofs are usually too long. A typical article states the ability of having implemented a formal proof, but the proof itself is often sketched in terms of a natural language. At best, some formal lemmas and definitions are stated. Can we do better ? We try here to publish the details of a formal proof of the white-paths theorem about depth-first search in graphs. We use Why3 as the proving platform, because Why3 uses first-order logic augmented with inductive definitions of predicates and because Why3 makes possible to delegate bits of proofs to on-the-shelf automatic provers at same time as Why3 provides interfaces with interactive proof checkers such that Coq, PVS or Isabelle. Algorithms on graphs are also a good testbed since graphs are combinatorial structures whose algebraic properties are not fully obvious. Depth-first search may look over-simple, but it is the first step of the construction of a library of readable formal proofs for more complex algorithms on graphs with more realistic data structures

Readable semi-automatic formal proofs of Depth-First Search in graphs using Why3

Quite often formal proofs are not published in conferences or journal articles, because formal proofs are usually too long. A typical article states the ability of having implemented a formal proof, but the proof itself is often sketched in terms of a natural language. At best, some formal lemmas and definitions are stated. Can we do better ? We try here to publish the details of a formal proof of the white-paths theorem about depth-first search in graphs. We use Why3 as the proving platform, because Why3 uses first-order logic augmented with inductive definitions of predicates and because Why3 makes possible to delegate bits of proofs to on-the-shelf automatic provers at same time as Why3 provides interfaces with interactive proof checkers such that Coq, PVS or Isabelle. Algorithms on graphs are also a good testbed since graphs are combinatorial structures whose algebraic properties are not fully obvious. Depth-first search may look over-simple, but it is the first step of the construction of a library of readable formal proofs for more complex algorithms on graphs with more realistic data structures

Physics and Proof Theory

Axiomatization of Physics (and Science in general) has many drawbacks that are correctly criticized by opposing philosophical views of Science. This paper shows that, by giving formal proofs a more promi- nent role in the formalization, many of the drawbacks can be solved and many of the opposing views are naturally conciliated. Moreover, this ap- proach allows, by means of Proof Theory, to open new conceptual bridges between the disciplines of Physics and Computer Science

Verifying Quantum Phase Estimation (QPE) using Prove-It

The general-purpose interactive theorem-proving assistant called Prove-It was used to verify the Quantum Phase Estimation (QPE) algorithm, specifically claims about its outcome probabilities. Prove-It is unique in its ability to express sophisticated mathematical statements, including statements about quantum circuits, integrated firmly within its formal theorem-proving framework. We demonstrate our ability to follow a textbook proof to produce a formally certified proof, highlighting useful automation features to fill in obvious steps and make formal proving nearly as straightforward as informal theorem proving. Finally, we make comparisons with formal theorem-proving in other systems where similar claims about QPE have been proven.Comment: 28 pages, 18 figures, 5 tables. Prove-It theorem-proving results available at http://pyproveit.org/ and Prove-It code available at https://github.com/PyProveIt/Prove-I

IPDL: A Probabilistic Dataflow Logic for Cryptography

While there have been many successes in verifying cryptographic security proofs of noninter- active primitives such as encryption and signatures, less attention has been paid to interactive cryptographic protocols. Interactive protocols introduce the additional verification challenge of concurrency, which is notoriously hard to reason about in a cryptographically sound manner. When proving the (approximate) observational equivalance of protocols, as is required by simulation based security in the style of Universal Composability (UC), a bisimulation is typically performed in order to reason about the nontrivial control flows induced by concurrency. Unfortunately, bisimulations are typically very tedious to carry out manually and do not capture the high-level intuitions which guide informal proofs of UC security on paper. Because of this, there is currently a large gap of formality between proofs of cryptographic protocols on paper and in mechanized theorem provers. We work towards closing this gap through a new methodology for iteratively constructing bisimulations in a manner close to on-paper intuition. We present this methodology through Interactive Probabilistic Dependency Logic (IPDL), a simple calculus and proof system for specifying and reasoning about (a certain subclass of) distributed probabilistic computations. The IPDL framework exposes an equational logic on protocols; proofs in our logic consist of a number of rewriting rules, each of which induce a single low-level bisimulation between protocols. We show how to encode simulation-based security in the style of UC in our logic, and evaluate our logic on a number of case studies; most notably, a semi-honest secure Oblivious Transfer protocol, and a simple multiparty computation protocol robust to Byzantine faults. Due to the novel design of our logic, we are able to deliver mechanized proofs of protocols which we believe are comprehensible to cryptographers without verification expertise. We provide a mechanization in Coq of IPDL and all case studies presented in this work

Flexible Coinduction in Agda

Theorem provers are tools that help users to write machine readable proofs. Some of this tools are also interactive. The need of such softwares is increasing since they provide proofs that are more certified than the hand written ones. Agda is based on type theory and on the propositions-as-types correspondence and has a Haskell-like syntax. This means that a proof of a statement is turned into a function. Inference systems are a way of defining inductive and coinductive predicates and induction and coinduction principles are provided to help proving their correctness with respect to a given specification in terms of soundness and completeness. Generalized inference systems deal with predicates whose inductive and coinductive interpretations do not provide the expected set of judgments. In this case inference systems are enriched by corules that are rules that can be applied at infinite depth in a proof tree. Induction and coinduction principles cannot be used in case of generalized inference systems and the bounded coinduction one has been proposed. We first present how Agda supports inductive and coinductive types highlighting the fact that data structures and predicates are defined using the same constructs. Then we move to the main topic of this thesis, which is investigating how generalized inference systems can be implemented and how their correctness can be proved

Formaalien todistusten interaktiivinen tarkastelu matematiikan oppikirjoissa

Electronic textbooks of mathematics would benefit from interactively explorable proofs, where the reader can request a more detailed explanation for any part of the proof he or she does not understand. This requires that definitions, theorem statements, and proofs are written in some formal language. In this thesis we investigate the theoretical and practical challenges of producing such textbooks. Any particular choice of language cannot be adequate for all textbooks, so we construct a theoretical framework for discussing extensible languages. Under this framework we define three languages for expressing definitions and theorem statements. The first two correspond to the standard languages of propositional and first-order logics. The third language is expressive enough for most definitions and theorem statements in discrete mathematics, but conceptually less problematic than the languages of set theory and higher-order logic, because it cannot express unrestricted quantification over sets that are larger than the set of real numbers. In addition, an implementation of an interactive proof explorer is presented. Its capabilities are demonstrated with an explorable proof of Bertrand’s postulate. The focus of this thesis is on the experience of the reader, and the results seem promising in that regard. With further work on making the authoring tools more efficient to use, it should be feasible to formalize an entire textbook.Sähköisissä matematiikan oppikirjoissa olisi hyötyä interaktiivisista todistuksista, joiden avulla lukija voisi pyytää tarkentavaa selitystä mihin tahansa kohtaan, jota hän ei ymmärrä. Tällaisen kirjan kirjoittaminen vaatii, että määritelmät, lauseet ja todistukset on kirjoitettu jollain formaalilla kielellä. Tässä diplomityössä tutkitaan sekä käytännön että teorian tasolla interaktiivisia todistuksia sisältävien oppikirjojen kirjoittamiseen liittyviä haasteita. Koska mikään yksittäinen kieli ei voi olla riittävä kaikkien oppikirjojen tarpeisiin, työssä määritellään kielen laajentamisen käsite. Tämän viitekehyksen sisällä kehitetään määritelmille ja lauseille kolme kieltä, joista kaksi ensimmäistä vastaavat lauselogiikkaa ja ensimmäisen kertaluvun predikaattilogiikkaa. Kolmas kieli, joka on näiden laajennus, on ilmaisuvoimaltaan riittävä monien diskreettiin matematiikkaan keskittyvien oppikirjojen formalisoimiseen. Tämä kieli on käsitteellisesti yksinkertaisempi kuin joukko-opin tai korkeamman kertaluvun predikaattilogiikan kielet, koska siinä ei pysty rajoittamattomasti kvantifioimaan sellaisten joukkojen yli, jotka ovat suurempia kuin reaalilukujen joukko. Lisäksi työssä esitellään tietokoneohjelma, jonka avulla interaktiivisesti tarkasteltavia formaaleja todistuksia voi lukea, sekä tämän ohjelman avulla kirjoitettu Bertrandin postulaatin todistus. Tässä työssä keskitytään todistuksiin lukijan näkökulmasta, ja tulokset ovat siltä osin lupaavia. Kokonaisen oppikirjan formalisoimiseksi vaaditaan vielä lisätyötä oppikirjan kirjoittajan työn helpottamiseksi