Friends with benefits: implementing corecursion in foundational proof assistants

We introduce AmiCo, a tool that extends a proof assistant, Isabelle/HOL, with flexible function definitions well beyond primitive corecursion. All definitions are certified by the assistant’s inference kernel to guard against inconsistencies. A central notion is that of friends: functions that preserve the productivity of their arguments and that are allowed in corecursive call contexts. As new friends are registered, corecursion benefits by becoming more expressive. We describe this process and its implementation, from the user’s specification to the synthesis of a higher-order definition to the registration of a friend. We show some substantial case studies where our approach makes a difference

A Decision Procedure for (Co)datatypes in SMT Solvers

International audienceWe present a decision procedure that combines reasoning about datatypes and codatatypes. The dual of the acyclicity rule for datatypes is a uniqueness rule that identifies observationally equal codatatype values, including cyclic values. The procedure decides universal problems and is composable via the Nelson–Oppen method. It has been implemented in CVC4, a state-of-the-art SMT solver. An evaluation based on problems generated from theories developed with Isabelle demonstrates the potential of the procedure

MAC-in-the-Box: Verifying a Minimalistic Hardware Design for MAC Computation

We study the verification of security properties at the state machine level of a minimalistic device, called the MAC-in-the-Box (MITB). This device computes a message authentication code based on the SHA-3 hash function and a key that is stored on device, but never output directly. It is designed for secure password storage, but may also be used for secure key-exchange and second-factor authentication. We formally verify, in the HOL4 theorem prover, that no outside observer can distinguish this device from an ideal functionality that provides only access to a hashing oracle. Furthermore, we propose protocols for the MITB’s use in password storage, key-exchange and second-factor authentication, and formally show that it improves resistance against host-compromise in these three application scenarios

A formalized general theory of syntax with bindings

We present the formalization of a theory of syntax with bindings that has been developed and refined over the last decade to support several large formalization efforts. Terms are defined for an arbitrary number of constructors of varying numbers of inputs, quotiented to alpha-equivalence and sorted according to a binding signature. The theory includes a rich collection of properties of the standard operators on terms, such as substitution and freshness. It also includes induction and recursion principles and support for semantic interpretation, all tailored for smooth interaction with the bindings and the standard operators

Anthropogenic intensification of short-duration rainfall extremes

Short- duration (1-3 h) rainfall extremes can cause serious damage to societies through rapidly developing (flash) flooding and are determined by complex, multifaceted processes that are altering as Earth's climate warms. In this Review, we examine evidence from observational, theoretical and modelling studies for the intensification of these rainfall extremes, the drivers and the impact on flash flooding. Both short- duration and long- duration (\textgreater1 day) rainfall extremes are intensifying with warming at a rate consistent with the increase in atmospheric moisture (~7% K-1), while in some regions, increases in short- duration extreme rainfall intensities are stronger than expected from moisture increases alone. These stronger local increases are related to feedbacks in convective clouds, but their exact role is uncertain because of the very small scales involved. Future extreme rainfall intensification is also modulated by changes to temperature stratification and large- scale atmospheric circulation. The latter remains a major source of uncertainty. Intensification of short- duration extremes has likely increased the incidence of flash flooding at local scales and this can further compound with an increase in storm spatial footprint to considerably increase total event rainfall. These findings call for urgent climate change adaptation measures to manage increasing flood risks

Forward to a Promising Future

In many actor-based programming models, asynchronous method calls communicate their results using futures, where the fulfilment occurs under-the-hood. Promises play a similar role to futures, except that they must be explicitly created and explicitly fulfilled; this makes promises more flexible than futures, though promises lack fulfilment guarantees: they can be fulfilled once, multiple times or not at all. Unfortunately, futures are too rigid to exploit many available concurrent and parallel patterns. For instance, many computations block on a future to get its result only to return that result immediately (to fulfil their own future). To make futures more flexible, we explore a construct, forward, that delegates the responsibility for fulfilling the current implicit future to another computation. Forward reduces synchronisation and gives futures promise-like capabilities. This paper presents a formalisation of the forward construct, defined in a high-level source language, and a compilation strategy from the high-level language to a low-level, promised-based target language. The translation is shown to preserve semantics. Based on this foundation, we describe the implementation of forward in the parallel, actor-based language Encore, which compiles to C