Formalizing alternating-time temporal logic in the coq proof assistant

This work presents a complete formalization of Alternating-time Temporal Logic (ATL) and its semantic model, Concurrent Game Structures (CGS), in the Calculus of (Co)Inductive Constructions, using the logical framework Coq. Unlike standard ATL semantics, temporal operators are formalized in terms of inductive and coinductive types, employing a fixpoint characterization of these operators. The formalization is used to model a concurrent system with an unbounded number of players and states, and to verify some properties expressed as ATL formulas. Unlike automatic techniques, our formal model has no restrictions in the size of the CGS, and arbitrary state predicates can be used as atomic propositions of ATL. Keywords: Reactive Systems and Open Systems, Alternating-time Temporal Logic, Concurrent Game Structures, Calculus of (Co)Inductive Constructions, Coq Proof Assistant

Lazy Evaluation: From natural semantics to a machine-checked compiler transformation

In order to solve a long-standing problem with list fusion, a new compiler transformation, \u27Call Arity\u27 is developed and implemented in the Haskell compiler GHC. It is formally proven to not degrade program performance; the proof is machine-checked using the interactive theorem prover Isabelle. To that end, a formalization of Launchbury`s Natural Semantics for Lazy Evaluation is modelled in Isabelle, including a correctness and adequacy proof

Application de techniques de preuve assistée pour la spécification, la vérification et le test.

The increasing complexity of reactive systems and the expected reliability of their implementation require formal techniques to be used. Traditionally, three main techniques are distinguished : model-checking, theorem-proving and testing.This work describes the development of a formal environment as a set of theories of the proof assistant Isabelle/HOL, the root is being a theory of transition systems and their behavior's. Subtheories define particular families of systems, like constrained and timed automata. Several techniques are available in order to prove statements on systems, along them induction, coinduction, rewriting, abstraction and automatic computations. Moreover, we have experimented a new approach of the test activity where conformance test cases are build by formally proving mathematical statements.Les méthodes formelles ont pour objectif d'augmenter le niveau de confiance que l'on peut avoir en un système informatique, en proposant des techniques d'analyse dont les fondements sont mathématiques. Traditionnellement, ces méthodes sont classées en trois grandes familles : le model-checking, la preuve interactive et le test.Ce mémoire décrit le développement d'un environnement formel qui autorise à la fois une activité de vérification et dont l'objectif est de permettre l'étude de systèmes complexes modélisés sous la forme d'automates. Cet environnement prend la forme d'un ensemble de théories Isabelle/HOL dont la racine est formée par la formalisation des systèmes de transitions et leur comportements.Plusieurs mécanismes de preuve sont présentés et il est mit en évidence l'importance du mécanisme de réécritures. Nous nous intéressons également à une nouvelle approche du test qui consiste à envisager la création d'un test comme la démonstration d'un énoncé

Lazy Evaluation: From natural semantics to a machine-checked compiler transformation

In order to solve a long-standing problem with list fusion, a new compiler transformation, “Call Arity” is developed and implemented in the Haskell compiler GHC. It is formally proven to not degrade program performance; the proof is machine-checked using the interactive theorem prover Isabelle. To that end, a formalization of Launchbury’s Natural Semantics for Lazy Evaluation is modelled in Isabelle, including a correctness and adequacy proof

Arrows for knowledge-based circuits

Knowledge-based programs (KBPs) are a formalism for directly relating agents' knowledge and behaviour in a way that has proven useful for specifying distributed systems. Here we present a scheme for compiling KBPs to executable automata in finite environments with a proof of correctness in Isabelle/HOL. We use Arrows, a functional programming abstraction, to structure a prototype domain-specific synchronous language embedded in Haskell. By adapting our compilation scheme to use symbolic representations we can apply it to several examples of reasonable size

Modelling and Proving Safety in Autonomous Cars Scenarios in HOL-CSP

We present an approach to model scenarios of autonomous cars in HOL-CSP [10] and prove particular safety properties via interactive proofs in the Isabelle/HOL system (https: //en.wikipedia.org/wiki/Isabelle_(proof_assistant)).The basis of this work is an ontology for Autonomous Car Scenarios given in MOSAR (https://www.mosar.io) that describes a collection of actors (e.g. cars, trucks, bicycles), equipments (e.g. signals, vehicle lights, etc.), infrastructures (e.g. expressways, intersec- tions, etc.) and their dynamic interactions throughout driving scenarios.We represent the behaviour of actors and (rudimentarily) equipments as processes, i.e. infinite sets of traces denoting classes of scenarios. In particular, actors were represented as HOL-CSP processes. Due to the non-determinism and event-polymorphism of HOL-CSP, actor descriptions can be partially defined wrt. to data and arbitrarily ”chaotic” in their behaviour. A translation scheme of MOSAR-ontologies into actor processes in HOL-CSP is sketched.For a particular scenario described in [9] (two cars in a linear line, no backwards driving) we specialize our framework and demonstrate a machine-checked safety proof: If all the actors apply a particular driving strategy taking into account position, speed and acceleration as well as distance to the car in front, there will be no situation with a collision. This strategy — called Responsibility-Sensitive Safety — is formulated as a function and the resulting invariant formally proven in Isabelle/HOL, while overcoming a number of short-comings in both the original modeling and the original paper-and-pencil proof

The Hob system for verifying software design properties

Thesis (Ph. D.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, 2007.Includes bibliographical references (p. 157-164).This dissertation introduces novel techniques for verifying that programs conform to their designs. My Hob system, as described in this dissertation, allows developers to statically ensure that implementations preserve certain specified properties. Hob verifies heap-based properties that can express important aspects of a program's design. The key insight behind my approach is that Hob can establish detailed software design properties--properties that lie beyond the reach of extant static analysis techniques due to scalability or precision issues-by focusing the verification task. In particular, the Hob approach applies scalable static analysis techniques to the majority of the modules of a program and very precise, unscalable, static analysis or automated theorem proving techniques to certain specific modules of that program: those that require the precision that such analyses can deliver. The use of assume/guarantee reasoning allows the analysis engine to harness the strengths of both scalable and precise static analysis techniques to analyze large programs (which would otherwise require scalable, imprecise analyses) with sufficient precision to establish detailed data structure consistency properties, e.g. heap shape properties.(cont.) A set-based specification language enables the different analysis techniques to cooperate in verifying the specified design properties. My preliminary results show that it is possible to successfully verify detailed design-level properties of benchmark applications: I have used the Hob system to verify user-relevant properties of a water molecule simulator, a web server, and a minesweeper game. These properties constrain the behaviour of the program by stating that selected sets of objects are always equal or disjoint throughout the program's execution.by Patrick Lam.Ph.D

Traces of I/O-Automata in Isabelle/HOLCF

This paper presents a formalization of finite and infinite sequences in domain theory carried out in the theorem prover Isabelle. The result