A Proof Strategy Language and Proof Script Generation for Isabelle/HOL

We introduce a language, PSL, designed to capture high level proof strategies in Isabelle/HOL. Given a strategy and a proof obligation, PSL's runtime system generates and combines various tactics to explore a large search space with low memory usage. Upon success, PSL generates an efficient proof script, which bypasses a large part of the proof search. We also present PSL's monadic interpreter to show that the underlying idea of PSL is transferable to other ITPs.Comment: This paper has been submitted to CADE2

Modeling the Optical Properties of Biomass Burning Aerosols: Young Smoke Aerosols From Savanna Fires and Comparisons to Observations from SAFARI 2000

Annually, farmers in southern Africa manage their land resources and prepare their fields for cultivation by burning crop residual debris, with a peak in the burning season occurring during August and September. The emissions from these fires in southern Africa are among the greatest from fires worldwide, and the gases and aerosol particles produced adversely affect air quality large distances from their source regions, and can even be tracked in satellite imagery as they cross the Atlantic and Pacific Ocean basins. During August and September 2000 an international group of researchers participating in the Southern African Regional Science Initiate field experiment (SAFARI 2000) made extensive ground-based, airborne, and satellite measurements of these gases and aerosols in order to quantify their amounts and effects on Earth's atmosphere. In this study we interpreted the measurements of smoke aerosol particles made during SAFARI 2000 in order to better represent these particles in a numerical model simulating their transport and fate. Typically, smoke aerosols emitted from fires are concentrated by mass in particles about 0.3 micrometers in diameter (1,000,000 micrometers = 1 meter, about 3 feet); for comparison, the thickness of a human hair is about 50 micrometers, almost 200 times as great. Because of the size of these particles, at the surface they can be easily inhaled into the lungs, and in high concentrations have deleterious health effects on humans. Additionally, these particles reflect and absorb sunlight, impacting both visibility and the balance of sunlight reaching -Earth's surface, and ultimately play a role in modulating Earth's climate. Because of these important effects, it is important that numerical models used to estimate Earth's climate response to changes in atmospheric composition accurately represent the quantity and evolution of smoke particles. In our model, called the Community Aerosol and Radiation Model for Atmospheres (CARMA) we used estimates of smoke emissions based on field studies and observations made with the NASA Terra and TRMM satellites. The meteorology used to calculate the transport was based on an assimilation of observed meteorological conditions provided by the National Center for Atmospheric Research

Mining the Archive of Formal Proofs

International audienceThe Archive of Formal Proofs is a vast collection of computer-checked proofs developed using the proof assistant Isabelle. We perform an in-depth analysis of the archive, looking at various properties of the proof developments, including size, dependencies, and proof style. This gives some insights into the nature of formal proofs

Evaluation of the Community Multiscale Air Quality Model for Simulating Winter Ozone Formation in the Uinta Basin

The Weather Research and Forecasting (WRF) and Community Multiscale Air Quality (CMAQ) models were used to simulate a 10 day high-ozone episode observed during the 2013 Uinta Basin Winter Ozone Study (UBWOS). The baseline model had a large negative bias when compared to ozone (O3) and volatile organic compound (VOC) measurements across the basin. Contrary to other wintertime Uinta Basin studies, predicted nitrogen oxides (NOx) were typically low compared to measurements. Increases to oil and gas VOC emissions resulted in O3 predictions closer to observations, and nighttime O3 improved when reducing the deposition velocity for all chemical species. Vertical structures of these pollutants were similar to observations on multiple days. However, the predicted surface layer VOC mixing ratios were generally found to be underestimated during the day and overestimated at night. While temperature profiles compared well to observations, WRF was found to have a warm temperature bias and too low nighttime mixing heights. Analyses of more realistic snow heat capacity in WRF to account for the warm bias and vertical mixing resulted in improved temperature profiles, although the improved temperature profiles seldom resulted in improved O3 profiles. While additional work is needed to investigate meteorological impacts, results suggest that the uncertainty in the oil and gas emissions contributes more to the underestimation of O3. Further, model adjustments based on a single site may not be suitable across all sites within the basin

LiFtEr: Language to Encode Induction Heuristics for Isabelle/HOL

Proof assistants, such as Isabelle/HOL, offer tools to facilitate inductive theorem proving. Isabelle experts know how to use these tools effectively; however, there is a little tool support for transferring this expert knowledge to a wider user audience. To address this problem, we present our domain-specific language, LiFtEr. LiFtEr allows experienced Isabelle users to encode their induction heuristics in a style independent of any problem domain. LiFtEr's interpreter mechanically checks if a given application of induction tool matches the heuristics, thus automating the knowledge transfer loop.Comment: This is the pre-print of our paper of the same title accepted at APLAS2019 (https://doi.org/10.1007/978-3-030-34175-6_14). We updated the draft after fixing the errata found by Kenji Miyamot

Lassie: HOL4 Tactics by Example

Proof engineering efforts using interactive theorem proving have yielded several impressive projects in software systems and mathematics. A key obstacle to such efforts is the requirement that the domain expert is also an expert in the low-level details in constructing the proof in a theorem prover. In particular, the user needs to select a sequence of tactics that lead to a successful proof, a task that in general requires knowledge of the exact names and use of a large set of tactics. We present Lassie, a tactic framework for the HOL4 theorem prover that allows individual users to define their own tactic language by example and give frequently used tactics or tactic combinations easier-to-remember names. The core of Lassie is an extensible semantic parser, which allows the user to interactively extend the tactic language through a process of definitional generalization. Defining tactics in Lassie thus does not require any knowledge in implementing custom tactics, while proofs written in Lassie retain the correctness guarantees provided by the HOL4 system. We show through case studies how Lassie can be used in small and larger proofs by novice and more experienced interactive theorem prover users, and how we envision it to ease the learning curve in a HOL4 tutorial

Evaluations of tropospheric aerosol properties simulated by the community earth system model with a sectional aerosol microphysics scheme

A sectional aerosol model (CARMA) has been developed and coupled with the Community Earth System Model (CESM1). Aerosol microphysics, radiative properties, and interactions with clouds are simulated in the size-resolving model. The model described here uses 20 particle size bins for each aerosol component including freshly nucleated sulfate particles, as well as mixed particles containing sulfate, primary organics, black carbon, dust, and sea salt. The model also includes five types of bulk secondary organic aerosols with four volatility bins. The overall cost of CESM1-CARMA is approximately ∼2.6 times as much computer time as the standard three-mode aerosol model in CESM1 (CESM1-MAM3) and twice as much computer time as the seven-mode aerosol model in CESM1 (CESM1-MAM7) using similar gas phase chemistry codes. Aerosol spatial-temporal distributions are simulated and compared with a large set of observations from satellites, ground-based measurements, and airborne field campaigns. Simulated annual average aerosol optical depths are lower than MODIS/MISR satellite observations and AERONET observations by ∼32%. This difference is within the uncertainty of the satellite observations. CESM1/CARMA reproduces sulfate aerosol mass within 8%, organic aerosol mass within 20%, and black carbon aerosol mass within 50% compared with a multiyear average of the IMPROVE/EPA data over United States, but differences vary considerably at individual locations. Other data sets show similar levels of comparison with model simulations. The model suggests that in addition to sulfate, organic aerosols also significantly contribute to aerosol mass in the tropical UTLS, which is consistent with limited data

Automatic Function Annotations for Hoare Logic

In systems verification we are often concerned with multiple, inter-dependent properties that a program must satisfy. To prove that a program satisfies a given property, the correctness of intermediate states of the program must be characterized. However, this intermediate reasoning is not always phrased such that it can be easily re-used in the proofs of subsequent properties. We introduce a function annotation logic that extends Hoare logic in two important ways: (1) when proving that a function satisfies a Hoare triple, intermediate reasoning is automatically stored as function annotations, and (2) these function annotations can be exploited in future Hoare logic proofs. This reduces duplication of reasoning between the proofs of different properties, whilst serving as a drop-in replacement for traditional Hoare logic to avoid the costly process of proof refactoring. We explain how this was implemented in Isabelle/HOL and applied to an experimental branch of the seL4 microkernel to significantly reduce the size and complexity of existing proofs.