21 research outputs found
Recommended from our members
Towards justifying computer algebra algorithms in Isabelle/HOL
As verification efforts using interactive theorem proving grow, we are in need of certified algorithms in computer algebra to tackle problems over the real numbers. This is important because uncertified procedures can drastically increase the size of the trust base and under- mine the overall confidence established by interactive theorem provers, which usually rely on a small kernel to ensure the soundness of derived results.
This thesis describes an ongoing effort using the Isabelle theorem prover to certify the cylindrical algebraic decomposition (CAD) algorithm, which has been widely implemented to solve non-linear problems in various engineering and mathematical fields. Because of the sophistication of this algorithm, people are in doubt of the correctness of its implementation when deploying it to safety-critical verification projects, and such doubts motivate this thesis.
In particular, this thesis proposes a library of real algebraic numbers, whose distinguishing features include a modular architecture and a sign determination algorithm requiring only rational arithmetic. With this library, an Isabelle tactic based on univariate CAD has been built in a certificate-based way: external, untrusted code delivers solutions in the form of certificates that are checked within Isabelle. To lay the foundation for the multivariate case, I have formalised various analytical results including Cauchy’s residue theorem and the bivariate case of the projection theorem of CAD. During this process, I have also built a tactic to evaluate winding numbers through Cauchy indices and verified procedures to count complex roots in some domains.
The formalisation effort in this thesis can be considered as the first step towards a certified computer algebra system inside a theorem prover, so that various engineering projections and mathematical calculations can be carried out in a high-confidence framework
Mechanising Euler's use of infinitesimals in the proof of the Basel problem
In 1736 Euler published a proof of an astounding relation between π and the reciprocals of the squares.
π²/6 = 1+ 1/4+ 1/9 + 1/25 …
Until this point, π had not been part of any mathematical relation outside of geometry. This relation would have had an almost supernatural significance to the mathematicians of the time. But even more amazing is Euler's proof. He factorises a transcendental function as if it were a polynomial of infinite degree. He discards infinitely-many infinitely-small numbers. He substitutes 1 for the ratio of two distinct infinite numbers.
Nowadays Euler's proof is held up as an example of both genius intuition and flagrantly unrigorous method. In this thesis we describe how, with the aid of nonstandard analysis, which gives a consistent formal theory of infinitely-small and large numbers, and the proof assistant Isabelle, we construct a partial formal proof of the Basel problem which follows the method of Euler's proof from his 'Introductio in Analysin Infinitorum'. We use our proof to demonstrate that Euler was systematic in his use of infinitely-large and infinitely-small numbers and did not make unjustified leaps of intuition. The concept of 'hidden lemmas' was developed by McKinzie and Tuckey based on Lakatos and Laugwitz to represent general principles which Euler's proof followed. We develop a theory of infinite 'hyperpolynomials' in Isabelle in order to formalise these hidden lemmas and we find that formal reconstruction of his proof using hidden lemmas is an effective way to discover the nuances in Euler's reasoning and demystify the controversial points. In conclusion, we find that Euler's reasoning was consistent and insightful, and yet has some distinct methodology to modern deductive proof
A formalisation of the theory of context-free languages in higher order logic
We present a formalisation of the theory of context-free languages using the HOL4
theorem prover. The formalisation of this theory is not only interesting in its own right,
but also gives insight into the kind of manipulations required to port a pen-and-paper
proof to a theorem prover. The mechanisation proves to be an ideal case study of how
intuitive textbook proofs can blow up in size and complexity, and how details from the
textbook can change during formalisation.
The mechanised theory provides the groundwork for our subsequent results about
SLR parser generation. The theorems, even though well-established in the field, are
interesting for the way they have to be “reproven” in a theorem prover. Proofs must
be recast to be concrete enough for the prover: patching deductive gaps which are
relatively easily grasped in a text proof, but beyond the automatic capabilities of
contemporary tools. The library of proofs, techniques and notations developed here
provides a basis from which further work on verified language theory can proceed at a
quickened pace.
We have mechanised classical results involving context-free grammars and pushdown
automata. These include but are not limited to the equivalence between those two
formalisms, the normalisation of CFGs, and the pumping lemma for proving a language
is not context-free. As an application of this theory, we describe the verification of SLR
parsing. Among the various properties proven about the parser we show, in particular,
soundness: if the parser results in a parse tree on a given input, then the parse tree is
valid with respect to the grammar, and the leaves of the parse tree match the input;
and completeness: if the input belongs in the language of the grammar then the parser
constructs the correct parse tree for the input with respect to the grammar. In addition,
we develop a version of the algorithm that is executable by automatic translation
from HOL to SML. This alternative version of the algorithm requires some interesting
termination proofs.
We conclude with a discussion of the issues we faced while mechanising pen-and-paper
proofs. Carefully written formal proofs are regarded as rigorous for the audience they
target. But when such proofs are implemented in a theorem prover, the level of detail
required increases dramatically. We provide a discussion and a broad categorisation of
the causes that give rise to this
Verification of floating point programs
In this thesis we present an approach to automated verification of floating point programs. Existing techniques for automated generation of correctness theorems are extended to produce proof obligations for accuracy guarantees and absence of floating point exceptions. A prototype automated real number theorem prover is presented, demonstrating a novel application of function interval arithmetic in the context of subdivision-based numerical theorem proving. The prototype is tested on correctness theorems for two simple yet nontrivial programs, proving exception freedom and tight accuracy guarantees automatically. The prover demonstrates a novel application of function interval arithmetic in the context of subdivision-based numerical theorem proving. The experiments show how function intervals can be used to combat the information loss problems that limit the applicability of traditional interval arithmetic in the context of hard real number theorem proving.EThOS - Electronic Theses Online ServiceGBUnited Kingdo
Verification using formalised mathematics and theorem proving of reinforcement and deep learning
In modern artificial intelligence research, frequently there is little emphasis on mathe-
matical certainty; results are often shown by experimentation, and understanding pre-
cisely why a particular method works, or the guarantees that they will be effective, is
often constrained to speculation and discussion.
Formal mathematics via theorem proving brings a precision of explanation and
certainty that can be missing in this field. We present work that applies the benefits
of formal mathematics to two different fields of artificial intelligence, in two different
ways.
Using the Isabelle theorem prover, we formalise Markov Decision Processes (MDPs)
with rewards, fundamental to reinforcement learning, and use this as the basis for a
formalisation of Q learning, a significant reinforcement learning algorithm. Q learning
attempts to learn the reward function of an unknown MDP by estimation, correcting its estimates as it navigates the MDP repeatedly. We also formalise the Dvoretzky Stochastic Approximation theorem, a result fundamental to many stochastic processes.
It is especially relevant to our work as it is necessary to prove that (given certain assumptions) the estimates of the Q learning algorithm converge to the true values of the reward function.
Secondly, we use theorem proving to integrate a formalised logical system with
deep learning, into a neurosymbolic process. We formalise Linear Temporal Logic
over finite paths (LTLf), and develop a loss function (and its derivative) over it that
returns a real value corresponding to the satisfaction of a given LTLf constraint over a
given path. We prove that this is sound with respect to the semantics of LTLf. We use
the code generation capabilities of Isabelle to then integrate this into a PyTorch deep
learning process designed to learn trajectories. Lastly, we demonstrate experimentally
that we can use the resulting neurosymbolic process to learn using LTLf constraints
on the trajectories as well as by imitation of a demonstrator
Verification using formalised mathematics and theorem proving of reinforcement and deep learning
In modern artificial intelligence research, frequently there is little emphasis on mathe-
matical certainty; results are often shown by experimentation, and understanding pre-
cisely why a particular method works, or the guarantees that they will be effective, is
often constrained to speculation and discussion.
Formal mathematics via theorem proving brings a precision of explanation and
certainty that can be missing in this field. We present work that applies the benefits
of formal mathematics to two different fields of artificial intelligence, in two different
ways.
Using the Isabelle theorem prover, we formalise Markov Decision Processes (MDPs)
with rewards, fundamental to reinforcement learning, and use this as the basis for a
formalisation of Q learning, a significant reinforcement learning algorithm. Q learning
attempts to learn the reward function of an unknown MDP by estimation, correcting its estimates as it navigates the MDP repeatedly. We also formalise the Dvoretzky Stochastic Approximation theorem, a result fundamental to many stochastic processes.
It is especially relevant to our work as it is necessary to prove that (given certain assumptions) the estimates of the Q learning algorithm converge to the true values of the reward function.
Secondly, we use theorem proving to integrate a formalised logical system with
deep learning, into a neurosymbolic process. We formalise Linear Temporal Logic
over finite paths (LTLf), and develop a loss function (and its derivative) over it that
returns a real value corresponding to the satisfaction of a given LTLf constraint over a
given path. We prove that this is sound with respect to the semantics of LTLf. We use
the code generation capabilities of Isabelle to then integrate this into a PyTorch deep
learning process designed to learn trajectories. Lastly, we demonstrate experimentally
that we can use the resulting neurosymbolic process to learn using LTLf constraints
on the trajectories as well as by imitation of a demonstrator
Reasoning about correctness properties of a coordination programming language
Safety critical systems place additional requirements to the programming
language used to implement them with respect to traditional environments.
Examples of features that in
uence the suitability of a programming language
in such environments include complexity of de nitions, expressive
power, bounded space and time and veri ability. Hume is a novel programming
language with a design which targets the rst three of these, in some
ways, contradictory features: fully expressive languages cannot guarantee
bounds on time and space, and low-level languages which can guarantee
space and time bounds are often complex and thus error-phrone. In Hume,
this contradiction is solved by a two layered architecture: a high-level fully
expressive language, is built on top of a low-level coordination language
which can guarantee space and time bounds.
This thesis explores the veri cation of Hume programs. It targets safety
properties, which are the most important type of correctness properties,
of the low-level coordination language, which is believed to be the most
error-prone. Deductive veri cation in Lamport's temporal logic of actions
(TLA) is utilised, in turn validated through algorithmic experiments. This
deductive veri cation is mechanised by rst embedding TLA in the Isabelle
theorem prover, and then embedding Hume on top of this. Veri cation of
temporal invariants is explored in this setting.
In Hume, program transformation is a key feature, often required to guarantee
space and time bounds of high-level constructs. Veri cation of transformations
is thus an integral part of this thesis. The work with both invariant
veri cation, and in particular, transformation veri cation, has pinpointed
several weaknesses of the Hume language. Motivated and in
uenced by
this, an extension to Hume, called Hierarchical Hume, is developed and
embedded in TLA. Several case studies of transformation and invariant veri
cation of Hierarchical Hume in Isabelle are conducted, and an approach
towards a calculus for transformations is examined.James Watt ScholarshipEngineering and Physical Sciences Research Council (EPSRC) Platform grant GR/SO177
Direct methods for deductive verification of temporal properties in continuous dynamical systems
This thesis is concerned with the problem of formal verification of correctness
specifications for continuous and hybrid dynamical systems. Our main focus will
be on developing and automating general proof principles for temporal properties
of systems described by non-linear ordinary differential equations (ODEs) under
evolution constraints. The proof methods we consider will work directly with the
differential equations and will not rely on the explicit knowledge of solutions,
which are in practice rarely available. Our ultimate goal is to increase the
scope of formal deductive verification tools for hybrid system designs. We
give a comprehensive survey and comparison of available methods for checking
set invariance in continuous systems, which provides a foundation for safety
verification using inductive invariants. Building on this, we present a technique
for constructing discrete abstractions of continuous systems in which spurious
transitions between discrete states are entirely eliminated, thereby extending
previous work. We develop a method for automatically generating inductive
invariants for continuous systems by efficiently extracting reachable sets from
their discrete abstractions. To reason about liveness properties in ODEs, we
introduce a new proof principle that extends and generalizes methods that have
been reported previously and is highly amenable to use as a rule of inference
in a deductive verification calculus for hybrid systems. We will conclude with a
summary of our contributions and directions for future work
Ontology evolution in physics
With the advent of reasoning problems in dynamic environments, there is an increasing
need for automated reasoning systems to automatically adapt to unexpected changes
in representations. In particular, the automation of the evolution of their ontologies
needs to be enhanced without substantially sacrificing expressivity in the underlying
representation. Revision of beliefs is not enough, as adding to or removing from beliefs
does not change the underlying formal language. General reasoning systems employed
in such environments should also address situations in which the language for representing
knowledge is not shared among the involved entities, e.g., the ontologies in
a multi-ontology environment or the agents in a multi-agent environment. Our techniques
involve diagnosis of faults in existing, possibly heterogeneous, ontologies and
then resolution of these faults by manipulating the signature and/or the axioms.
This thesis describes the design, development and evaluation of GALILEO (Guided
Analysis of Logical Inconsistencies Lead to Evolution of Ontologies), a system designed
to detect conflicts in highly expressive ontologies and resolve the detected conflicts
by performing appropriate repair operations. The integrated mechanism that
handles ontology evolution is able to distinguish between various types of conflicts,
each corresponding to a unique kind of ontological fault. We apply and develop our
techniques in the domain of Physics. This an excellent domain because many of its
seminal advances can be seen as examples of ontology evolution, i.e. changing the
way that physicists perceive the world, and case studies are well documented – unlike
many other domains. Our research covers analysing a wide ranging development set
of case studies and evaluating the performance of the system on a test set. Because
the formal representations of most of the case studies are non-trivial and the underlying
logic has a high degree of expressivity, we face some tricky technical challenges,
including dealing with the potentially large number of choices in diagnosis and repair.
In order to enhance the practicality and the manageability of the ontology evolution
process, GALILEO incorporates the functionality of generating physically meaningful
diagnoses and repairs and, as a result, narrowing the search space to a manageable size
Continuous probability distributions in model-based specification languages
PhD ThesisModel-based speci cation languages provide a means for obtaining assurance of dependability
of complex computer-based systems, but provide little support for modelling and
analysing fault behaviour, which is inherently probabilistic in nature. In particular,
the need for a detailed account of the role of continuous probability has been largely
overlooked.
This thesis addresses the role of continuous probability in model-based speci cation
languages. A model-based speci cation language (sGCL) that supports continuous
probability distributions is de ned. The use of sGCL and how it interacts with engineering
practices is also explored. In addition, a re nement ordering for continuous
probability distributions is given, and the challenge of combining non-determinism and
continuous probability is discussed in depth.
The thesis is presented in three parts. The rst uses two case studies to explore the
use of probability in formal methods. The rst case study, on
ash memory, is used
to present the capabilities of probabilistic formal methods and to determine the kinds
of questions that require continuous probability distributions to answer. The second,
on an emergency brake system, illustrates the strengths and weaknesses of existing languages
and provides a basis for exploring a prototype language that includes continuous
probability.
The second part of the thesis gives the formal de nition of sGCL's syntax and semantics.
The semantics is made up of two parts, the proof theory (transformer semantics)
and the underpinning mathematics (relational semantics). The additional language
constructs and semantical features required to include non-determinism as well as continuous
probability are also discussed. The most challenging aspect lies in proving the
consistency of the semantics when non-determinism is also included.
The third part uses a nal case study, on an aeroplane pitch monitor, to demonstrate
the use of sGCL. The new analysis techniques provided by sGCL, and how they t in
with engineering practices, are explored.EPSRC:
The School of Computing Science, Newcastle University:
DEPLOY project