13,891 research outputs found
Synthesizing Certified Code
Code certification is a lightweight approach for formally demonstrating software quality. Its basic idea is to require code producers to provide formal proofs that their code satisfies certain quality properties. These proofs serve as certificates that can be checked independently. Since code certification uses the same underlying technology as program verification, it requires detailed annotations (e.g., loop invariants) to make the proofs possible. However, manually adding annotations to the code is time-consuming and error-prone. We address this problem by combining code certification with automatic program synthesis. Given a high-level specification, our approach simultaneously generates code and all annotations required to certify the generated code. We describe a certification extension of AutoBayes, a synthesis tool for automatically generating data analysis programs. Based on built-in domain knowledge, proof annotations are added and used to generate proof obligations that are discharged by the automated theorem prover E-SETHEO. We demonstrate our approach by certifying operator- and memory-safety on a data-classification program. For this program, our approach was faster and more precise than PolySpace, a commercial static analysis tool
What We Don\u27t Know About Class Actions but Hope to Know Soon
Legislation that would alter class action practice in the federal courts has been pending in Congress. Nearly a decade’s worth of U.S. Supreme Court cases have restricted the scope and ease of use of the class action device. Class action critics argue that class litigation is a “racket” that fails to compensate plaintiffs and instead enriches plaintiffs’ lawyers at the expense of legitimate business practices. On the other hand, defenders of class actions decry the legislative and judicial forces aligned against them, warning that trends in class action law will eviscerate the practical rights held by consumers and workers. In short, there is considerable controversy over whether class actions are an economic menace or a boon to the little guys. We have two purposes in this brief Article. First, we wish to focus continuing attention on the need for more empirical information about the actual functioning of the federal class action system. Second, we wish to share our current efforts to use a one-of-a-kind collection of docket reports, originally harvested from Public Access to Court Electronic Records (PACER), to fill the empirical gap. Presentation of empirical findings resulting from this effort awaits a future article. However, this Article includes suggestions as to how the federal judiciary and Administrative Office of the United States Courts (“AO”) could improve data management and data reporting so as to make information about federal class actions more accessible to scholars and others interested in how the class action device operates in practice and what reforms, if any, would be advisable
SOTER: A Runtime Assurance Framework for Programming Safe Robotics Systems
The recent drive towards achieving greater autonomy and intelligence in
robotics has led to high levels of complexity. Autonomous robots increasingly
depend on third party off-the-shelf components and complex machine-learning
techniques. This trend makes it challenging to provide strong design-time
certification of correct operation.
To address these challenges, we present SOTER, a robotics programming
framework with two key components: (1) a programming language for implementing
and testing high-level reactive robotics software and (2) an integrated runtime
assurance (RTA) system that helps enable the use of uncertified components,
while still providing safety guarantees. SOTER provides language primitives to
declaratively construct a RTA module consisting of an advanced,
high-performance controller (uncertified), a safe, lower-performance controller
(certified), and the desired safety specification. The framework provides a
formal guarantee that a well-formed RTA module always satisfies the safety
specification, without completely sacrificing performance by using higher
performance uncertified components whenever safe. SOTER allows the complex
robotics software stack to be constructed as a composition of RTA modules,
where each uncertified component is protected using a RTA module.
To demonstrate the efficacy of our framework, we consider a real-world
case-study of building a safe drone surveillance system. Our experiments both
in simulation and on actual drones show that the SOTER-enabled RTA ensures the
safety of the system, including when untrusted third-party components have bugs
or deviate from the desired behavior
Learning to Prove Theorems via Interacting with Proof Assistants
Humans prove theorems by relying on substantial high-level reasoning and
problem-specific insights. Proof assistants offer a formalism that resembles
human mathematical reasoning, representing theorems in higher-order logic and
proofs as high-level tactics. However, human experts have to construct proofs
manually by entering tactics into the proof assistant. In this paper, we study
the problem of using machine learning to automate the interaction with proof
assistants. We construct CoqGym, a large-scale dataset and learning environment
containing 71K human-written proofs from 123 projects developed with the Coq
proof assistant. We develop ASTactic, a deep learning-based model that
generates tactics as programs in the form of abstract syntax trees (ASTs).
Experiments show that ASTactic trained on CoqGym can generate effective tactics
and can be used to prove new theorems not previously provable by automated
methods. Code is available at https://github.com/princeton-vl/CoqGym.Comment: Accepted to ICML 201
Termination Analysis by Learning Terminating Programs
We present a novel approach to termination analysis. In a first step, the
analysis uses a program as a black-box which exhibits only a finite set of
sample traces. Each sample trace is infinite but can be represented by a finite
lasso. The analysis can "learn" a program from a termination proof for the
lasso, a program that is terminating by construction. In a second step, the
analysis checks that the set of sample traces is representative in a sense that
we can make formal. An experimental evaluation indicates that the approach is a
potentially useful addition to the portfolio of existing approaches to
termination analysis
- …