170 research outputs found
POPLMark reloaded: Mechanizing proofs by logical relations
We propose a new collection of benchmark problems in mechanizing the metatheory of programming languages, in order to compare and push the state of the art of proof assistants. In particular, we focus on proofs using logical relations (LRs) and propose establishing strong normalization of a simply typed calculus with a proof by Kripke-style LRs as a benchmark. We give a modern view of this well-understood problem by formulating our LR on well-typed terms. Using this case study, we share some of the lessons learned tackling this problem in different dependently typed proof environments. In particular, we consider the mechanization in Beluga, a proof environment that supports higher-order abstract syntax encodings and contrast it to the development and strategies used in general-purpose proof assistants such as Coq and Agda. The goal of this paper is to engage the community in discussions on what support in proof environments is needed to truly bring mechanized metatheory to the masses and engage said community in the crafting of future benchmarks
Martin-L\"of \`a la Coq
We present an extensive mechanization of the meta-theory of Martin-L\"of Type
Theory (MLTT) in the Coq proof assistant. Our development builds on
pre-existing work in Agda to show not only the decidability of conversion, but
also the decidability of type checking, using an approach guided by
bidirectional type checking. From our proof of decidability, we obtain a
certified and executable type checker for a full-fledged version of MLTT with
support for , , , and identity types, and one
universe. Furthermore, our development does not rely on impredicativity,
induction-recursion or any axiom beyond MLTT with a schema for indexed
inductive types and a handful of predicative universes, narrowing the gap
between the object theory and the meta-theory to a mere difference in
universes. Finally, we explain our formalization choices, geared towards a
modular development relying on Coq's features, e.g. meta-programming facilities
provided by tactics and universe polymorphism
Toward Semantic Foundations for Program Editors
Programming language definitions assign formal meaning to complete programs. Programmers, however, spend a substantial amount of time interacting with incomplete programs - programs with holes, type inconsistencies and binding inconsistencies - using tools like program editors and live programming environments (which interleave editing and evaluation). Semanticists have done comparatively little to formally characterize (1) the static and dynamic semantics of incomplete programs; (2) the actions available to programmers as they edit and inspect incomplete programs; and (3) the behavior of editor services that suggest likely edit actions to the programmer based on semantic information extracted from the incomplete program being edited, and from programs that the system has encountered in the past.
This paper serves as a vision statement for a research program that seeks to develop these "missing" semantic foundations. Our hope is that these contributions, which will take the form of a series of simple formal calculi equipped with a tractable metatheory, will guide the design of a variety of current and future interactive programming tools, much as various lambda calculi have guided modern language designs. Our own research will apply these principles in the design of Hazel, an experimental live lab notebook programming environment designed for data science tasks. We plan to co-design the Hazel language with the editor so that we can explore concepts such as edit-time semantic conflict resolution mechanisms and mechanisms that allow library providers to install library-specific editor services
αCheck: a mechanized metatheory model-checker
The problem of mechanically formalizing and proving metatheoretic properties
of programming language calculi, type systems, operational semantics, and
related formal systems has received considerable attention recently. However,
the dual problem of searching for errors in such formalizations has attracted
comparatively little attention. In this article, we present Check, a
bounded model-checker for metatheoretic properties of formal systems specified
using nominal logic. In contrast to the current state of the art for metatheory
verification, our approach is fully automatic, does not require expertise in
theorem proving on the part of the user, and produces counterexamples in the
case that a flaw is detected. We present two implementations of this technique,
one based on negation-as-failure and one based on negation elimination, along
with experimental results showing that these techniques are fast enough to be
used interactively to debug systems as they are developed.Comment: Under consideration for publication in Theory and Practice of Logic
Programming (TPLP
Mechanizing Abstract Interpretation
It is important when developing software to verify the absence of undesirable
behavior such as crashes, bugs and security vulnerabilities. Some settings
require high assurance in verification results, e.g., for embedded software in
automobiles or airplanes. To achieve high assurance in these verification
results, formal methods are used to automatically construct or check proofs of
their correctness. However, achieving high assurance for program analysis
results is challenging, and current methods are ill suited for both complex
critical domains and mainstream use.
To verify the correctness of software we consider program analyzers---automated
tools which detect software defects---and to achieve high assurance in
verification results we consider mechanized verification---a rigorous process
for establishing the correctness of program analyzers via computer-checked
proofs.
The key challenges to designing verified program analyzers are: (1) achieving
an analyzer design for a given programming language and correctness property;
(2) achieving an implementation for the design; and (3) achieving a mechanized
verification that the implementation is correct w.r.t. the design. The state of
the art in (1) and (2) is to use abstract interpretation: a guiding
mathematical framework for systematically constructing analyzers directly from
programming language semantics. However, achieving (3) in the presence of
abstract interpretation has remained an open problem since the late 1990's.
Furthermore, even the state-of-the art which achieves (3) in the absence of
abstract interpretation suffers from the inability to be reused in the presence
of new analyzer designs or programming language features.
First, we solve the open problem which has prevented the combination of
abstract interpretation (and in particular, calculational abstract
interpretation) with mechanized verification, which advances the state of the
art in designing, implementing, and verifying analyzers for critical software.
We do this through a new mathematical framework Constructive Galois Connections
which supports synthesizing specifications for program analyzers, calculating
implementations from these induced specifications, and is amenable to
mechanized verification.
Finally, we introduce reusable components for implementing analyzers for a wide
range of designs and semantics. We do this though two new frameworks Galois
Transformers and Definitional Abstract Interpreters. These frameworks tightly
couple analyzer design decisions, implementation fragments, and verification
properties into compositional components which are (target)
programming-language independent and amenable to mechanized verification.
Variations in the analysis design are then recovered by simply re-assembling
the combination of components. Using this framework, sophisticated program
analyzers can be assembled by non-experts, and the result are guaranteed to be
verified by construction
Mechanized semantics
The goal of this lecture is to show how modern theorem provers---in this
case, the Coq proof assistant---can be used to mechanize the specification of
programming languages and their semantics, and to reason over individual
programs and over generic program transformations, as typically found in
compilers. The topics covered include: operational semantics (small-step,
big-step, definitional interpreters); a simple form of denotational semantics;
axiomatic semantics and Hoare logic; generation of verification conditions,
with application to program proof; compilation to virtual machine code and its
proof of correctness; an example of an optimizing program transformation (dead
code elimination) and its proof of correctness
- …