1 / 11

Formally proving facts in the refinement algebra - PowerPoint PPT Presentation

Formally proving facts in the refinement algebra. Vlad Shcherbina Ilya Maryassov Alexander Kogtenkov Alexander Myltsev Pavel Shapkin Sergey Paramonov Mentor: Sir Tony Hoare. Project motivation. Educational (get some experience with interactive theorem provers )

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.

PowerPoint Slideshow about 'Formally proving facts in the refinement algebra' - jesus

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

Formally proving facts in the refinement algebra

IlyaMaryassov

Alexander Kogtenkov

Alexander Myltsev

PavelShapkin

Sergey Paramonov

Mentor: Sir Tony Hoare

• Educational (get some experience with interactive theorem provers)

• Relevant to the school

• provers are used in verification

• the theory itself can be used in principle to reason about programs and specifications

• It’s always nice to be absolutely sure

(almost:)

• Concise

• one binary relation

• few operations

• few axioms

• Formal reasoning is unaccustomed

• Intuition could be deceptive

Interactive theorem provers

• Most proof steps are automated, but sometimes user intervention is required

• to introduce useful lemma

• to apply some nontrivial substitution

...

• LCF-style (proof is correct by construction)

• to Thomas Thümand Oliver Schwarz for introduction to Coq

• to John Wickersonfor introduction to Isabelle

• First order (for our purposes) intuitionistic logic

• In the form of natural deduction

• Proofs are constructed “backwards”

• Proofs are spells, that are hard to comprehend without running Coq.

• Refinement relation ⊑ is partial

• Binary operations ; and |

• (definition) Milner transition: p -q-> r <=> (q; r) ⊑ p

• Exchange law: (p | p’) ; (q| q’) ⊑ (p ; q) | (p’;q’)

• Parallel rule for Milner transition:p -q-> r & p’ –q’-> r’ => => p|p’ –(q|q’)-> r|r’

Coq demo time

(***********)

(* v *)

(* <O___,, *)

(* \VV/ *)

(* // *)

(* *)

(***********)

• ~30 theorems

• ~500 lines of Coq definitions and proofs

• 5-60 minutes per proof (given the proof plan)

• 2 inaccuracies found

(* ???? *)

(* ?? ?? *)

(* ?? *)

(* ?? *)

(* *)

(* ?? *)

(************)

(***********)

(* v *)

(* <O___,, *)

(* \VV/ *)

(* // *)

(* *)

(***********)

https://github.com/