Formally proving facts in the refinement algebra

VladShcherbina

IlyaMaryassov

Alexander Kogtenkov

Alexander Myltsev

PavelShapkin

Sergey Paramonov

Mentor: Sir Tony Hoare

- Educational (get some experience with interactive theorem provers)
- Relevant to the school
- provers are used in verification
- the theory itself can be used in principle to reason about programs and specifications

- It’s always nice to be absolutely sure

(almost:)

- Concise
- one binary relation
- few operations
- few axioms

- Formal reasoning is unaccustomed
- Intuition could be deceptive

- Most proof steps are automated, but sometimes user intervention is required
- to introduce useful lemma
- to apply some nontrivial substitution
...

- LCF-style (proof is correct by construction)

- to Thomas Thümand Oliver Schwarz for introduction to Coq
- to John Wickersonfor introduction to Isabelle

- First order (for our purposes) intuitionistic logic
- In the form of natural deduction
- Proofs are constructed “backwards”
- Proofs are spells, that are hard to comprehend without running Coq.

- Refinement relation ⊑ is partial
- Binary operations ; and |
- (definition) Milner transition: p -q-> r <=> (q; r) ⊑ p
- Exchange law: (p | p’) ; (q| q’) ⊑ (p ; q) | (p’;q’)
- Parallel rule for Milner transition:p -q-> r & p’ –q’-> r’ => => p|p’ –(q|q’)-> r|r’

Coq demo time

(***********)

(* v *)

(* <O___,, *)

(* \VV/ *)

(* // *)

(* *)

(***********)

- ~30 theorems
- ~500 lines of Coq definitions and proofs
- 5-60 minutes per proof (given the proof plan)
- 2 inaccuracies found

(************)

(* ???? *)

(* ?? ?? *)

(* ?? *)

(* ?? *)

(* *)

(* ?? *)

(************)

(***********)

(* v *)

(* <O___,, *)

(* \VV/ *)

(* // *)

(* *)

(***********)

https://github.com/

Vlad-Shcherbina/

TheoryOfRefinement