1 / 13

VeriML

A language-based, dependently-typed, user-extensible approach to proof assistants. VeriML. DARPA CRASH Project Progress Report Antonis Stampoulis October 5 th , 2012. Large formal proofs are possible and useful!. Software certification. require huge manual effort. CompCert [Leroy et al]

shanna
Télécharger la présentation

VeriML

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. A language-based, dependently-typed,user-extensible approach to proof assistants VeriML DARPA CRASH Project Progress Report AntonisStampoulis October 5th, 2012

  2. Large formal proofsare possible and useful! Software certification require huge manual effort • CompCert [Leroy et al] • seL4 microkernel [Klein et al] Proof – to – code size ratio:~ 8 lines – to - 1 20 p.y. of proof for2 p.y. of development Mathematical theorems Started May 2006Finished last week!~1.3 weeks per page • Four-color theorem [Gonthier et al] • Feit-Thompson (Odd Order Theorem) [same team]

  3. Informal proofs • use “trivially”, “similarly”, omit unnecessary details • require domain-specific intuition • validity extensible Formal proofs • can use domain-specific automation • yet automation reconstructs full details • validity fixed • proofs and automation hard to write

  4. VeriML • easy to develop new automation and extend background reasoning • extensible notion of formal proof (no trivial details!) • novel programming language • focus on writing automation procedures • more generally: programs that construct proofs • serves as a novel proof assistant Safety Rich typesRich programming modelFirst-class support for logic Expressiveness Convenience

  5. Comparison of Architecture Proof scripts invoke tactics Tactics contain proof scripts Every invocation can fail! “proof by juxtaposition” Traditional proof assistants Tactic definition ML type- checking HOL4, HOL-Light Isabelle Coq NuPRL Tactic invocation Run PVS, ACL2 don’t do that! (unsafe) ? Proof object Proof checking

  6. Comparison of Architecture Traditional proof assistants VeriML Tactic definition ML type-checking Tactic invocation Run ? Proof object Proof checking Proof checking

  7. Comparison of Architecture “proof by juxtaposition” Traditional proof assistants VeriML Tactic definition • Reduce possibility of error • Leverage information to help user while writing tactic • Extend traditional interactivity model • Don’t need to produce proof objects Tactic definition ML type-checking VeriML type checking Proof checking Tactic invocation Run ? Proof object Tactic invocation Run Proof checking OK! Proof object

  8. Background reasoning in VeriML • smaller proof checker • can still generate full proof objects • soundness guaranteed • extensions to background reasoning are cheap • extensible static checking for proofs and tactics as well! VeriML proofs, tactics, etc. Normal type-checking VeriML Type- &Proof- checking Stage one evaluationwithout producingproof objects user-defined “intuition” tactics Run Normal evaluation

  9. main milestone: wrote my dissertation on VeriML and defended it! (400 pages and counting…) • implementation milestones: VeriML 0.5 • completed new compilation-based backend for VeriML • proper staging support • separate compilation of VeriML modules • cleaned up various features in the implementation and the examples • technical milestones • cleaned-up presentation of metatheory • initial investigation of user-defined representations for VeriML pattern matching Recent progress

  10. Recent progress: Compilation VeriML proofs, tactics, etc. VeriML proofs, tactics, etc. VeriML Type- &Proof- checking VeriML Type- &Proof- checking ~15 sec ~6mins VeriML to OCaml VeriML interpreter OCamlinterpreter/compiler/JIT Residual program VeriML interpreter OCamlinterpreter/compiler/JIT

  11. Example: Arithmetic simplification

  12. Example: Arithmetic simplification

  13. Future work • Further extensions to type inference • Figure out user-defined representations for pattern matching • Pattern matching for inductive definitions • SMT-like cooperating decision procedures

More Related