Christian Sternagel,René Thiemann,Sarah Winkler,Harald Zankl

DOI: https://doi.org/10.48550/arXiv.1208.1591

2012-08-08

Abstract:Since the first termination competition in 2004 it is of great interest, whether a proof that has been automatically generated by a termination tool, is indeed correct. The increasing number of termination proving techniques as well as the increasing complexity of generated proofs (e.g., combinations of several techniques, exhaustive labelings, tree automata, etc.), make certifying (i.e., checking the correctness of) such proofs more and more tedious for humans. Hence the interest in automated certification of termination proofs. This led to the general approach of using proof assistants (like Coq and Isabelle) for certification. We present the latest developments for IsaFoR/CeTA (version 1.03) which is the certifier CeTA, based on the Isabelle/HOL formalization of rewriting IsaFoR.

Logic in Computer Science

Christian Sternagel,René Thiemann

DOI: https://doi.org/10.4204/EPTCS.167.8

2014-10-30

Abstract:We provide an overview of CPF, the certification problem format, and explain some design decisions. Whereas CPF was originally invented to combine three different formats for termination proofs into a single one, in the meanwhile proofs for several other properties of term rewrite systems are also expressible: like confluence, complexity, and completion. As a consequence, the format is already supported by several tools and certifiers. Its acceptance is also demonstrated in international competitions: the certified tracks of both the termination and the confluence competition utilized CPF as exchange format between automated tools and trusted certifiers.

Logic in Computer Science

Julian Nagele,Bertram Felgenhauer,Harald Zankl

DOI: https://doi.org/10.23638/LMCS-13%282%3A4%292017

2017-05-10

Abstract:The rule labeling heuristic aims to establish confluence of (left-)linear term rewrite systems via decreasing diagrams. We present a formalization of a confluence criterion based on the interplay of relative termination and the rule labeling in the theorem prover Isabelle. Moreover, we report on the integration of this result into the certifier CeTA, facilitating the checking of confluence certificates based on decreasing diagrams. The power of the method is illustrated by an experimental evaluation on a (standard) collection of confluence problems.

Logic in Computer Science

Thomas Sternagel,Christian Sternagel

DOI: https://doi.org/10.48550/arXiv.1709.05162

2017-09-15

Abstract:We present three methods to check CTRSs for non-confluence: (1) an ad hoc method for 4-CTRSs, (2) a specialized method for unconditional critical pairs, and finally, (3) a method that employs conditional narrowing to find non-confluence witnesses. We shortly describe our implementation of these methods in ConCon, then look into their certification with CeTA, and finally conclude with experiments on the confluence problems database (Cops).

Logic in Computer Science

Christian Sternagel,René Thiemann

DOI: https://doi.org/10.48550/arXiv.1208.1594

2012-08-08

Abstract:There are termination proofs that are produced by termination tools for which certifiers are not powerful enough. However, a similar situation also occurs in the other direction. We have formalized termination techniques in a more general setting as they have been introduced. Hence, we can certify proofs using techniques that no termination tool supports so far. In this paper we shortly present two of these formalizations: Polynomial orders with negative constants and Arctic termination.

Logic in Computer Science

Raúl Gutiérrez,Salvador Lucas,Miguel Vítores

2024-08-28

Abstract:This article describes the *Confluence Framework*, a novel framework for proving and disproving confluence using a divide-and-conquer modular strategy, and its implementation in CONFident. Using this approach, we are able to automatically prove and disprove confluence of *Generalized Term Rewriting Systems*, where (i) only selected arguments of function symbols can be rewritten and (ii) a rather general class of conditional rules can be used. This includes, as particular cases, several variants of rewrite systems such as (context-sensitive) *term rewriting systems*, *string rewriting systems*, and (context-sensitive) *conditional term rewriting systems*. The divide-and-conquer modular strategy allows us to combine in a proof tree different techniques for proving confluence, including modular decompositions, checking joinability of (conditional) critical and variable pairs, transformations, etc., and auxiliary tasks required by them, e.g., joinability of terms, joinability of conditional pairs, etc.

Logic in Computer Science,Programming Languages

Xinliang Miao,Rui Chang,Jianhong Zhao,Yongwang Zhao,Shuang Cao,Tao Wei,Liehui Jiang,Kui Ren

DOI: https://doi.org/10.1109/TDSC.2021.3133576

2023-01-01

Abstract:Sensitive resources in Trusted Execution Environment (TEE) have suffered serious security threats in recent years. Previous protection approaches either lack a strong assurance of TEE security properties or are limited to a single platform. We propose a compatible verified TEE architecture, called CVTEE, which delegates a security monitor to manage TEE resources securely. This architecture has two key advantages: i) its functional correctness and security are guaranteed by a machine-checkable proof of security objectives of Trusted Application (TA) isolation, runtime confidentiality, and runtime integrity, and ii) it is applicable to different TEE platforms and implementation-independent due to its high level of abstraction and non-determinism of data types. Note that access control policy and information flow control policy are the core for security management of resources. After formally specifying the security attributes of TEE resources, we develop these policies based on Common Criteria (CC) in the security monitor and provide atomic interfaces. CVTEE is formally verified with 386 lemmas/theorems and similar to 10,000 LOC of Isabelle/HOL. In addition, we implement a proof of concept for the access control module of Teaclave, and prove that the constructed access control model meets the security requirements through 5 theorems.

Nils Froleyks,Emily Yu,Armin Biere,Keijo Heljanko

2024-05-07

Abstract:Certification helps to increase trust in formal verification of safety-critical systems which require assurance on their correctness. In hardware model checking, a widely used formal verification technique, phase abstraction is considered one of the most commonly used preprocessing techniques. We present an approach to certify an extended form of phase abstraction using a generic certificate format. As in earlier works our approach involves constructing a witness circuit with an inductive invariant property that certifies the correctness of the entire model checking process, which is then validated by an independent certificate checker. We have implemented and evaluated the proposed approach including certification for various preprocessing configurations on hardware model checking competition benchmarks. As an improvement on previous work in this area, the proposed method is able to efficiently complete certification with an overhead of a fraction of model checking time.

Symbolic Computation

K. L. Man,A. Fedeli,M. Mercaldi,M. Schellekens

2006-01-01

Abstract:Verification of Transaction Level Modelling descriptions has so far been addressed either in a simulation context or by implicitly proposing some form of translation of the TLM into a formal model, the translation just being presented as an unavoidable intermediate step to reach the verification goal. In this work, we propose a change of perspective, by explicitly introducing an intermediate formalism, SystemCFL, aimed on one side at enabling the verification engineer to test the TLM description with respect to a set of desired functional properties it should possess and to check that those properties are preserved during design refinement steps, and on the other side at establishing a framework, featuring a prototype translator, that would give tool developing teams a reference format in terms of which designs under verification can be represented, relieving those teams from the burden of building a TLM parsing front-end. To exemplificate the depicted scenario we present a basic infrastructure intended to support three different model checking tools utilised in direct connection with SystemCFL, to allow checking properties of different natures on automatic transformations of the original TLM description.

Andrew T. Walter,Ankit Kumar,Panagiotis Manolios

2023-07-23

Abstract:Teaching college students how to write rigorous proofs is a critical objective in courses that introduce formal reasoning. Over the course of several years, we have developed a mechanically-checkable style of calculational reasoning that we used to teach over a thousand freshman-level undergraduate students how to reason about computation in our "Logic and Computation" class at Northeastern University. We were inspired by Dijkstra, who advocated the use of calculational proofs, writing "calculational proofs are almost always more effective than all informal alternatives, ..., the design of calculational proofs seems much more teachable than the elusive art of discovering an informal proof." Our calculational proof checker is integrated into ACL2s and is available as an Eclipse IDE plugin, via a Web interface, and as a stand-alone tool. It automatically checks proofs for correctness and provides useful feedback. We describe the architecture of the checker, its proof format, its underlying algorithms, its correctness and provide examples using proofs from our undergraduate class and from Dijkstra. We also describe our experiences using the proof checker to teach undergraduates how to formally reason about computation.

Logic in Computer Science

Emmanuel Gunther,Miguel Pagano,Pedro Sánchez Terraf,Matías Steinberg

DOI: https://doi.org/10.1016/j.apal.2024.103413

IF: 0.776

2024-01-31

Annals of Pure and Applied Logic

Abstract:We discuss some highlights of our computer-verified proof of the construction, given a countable transitive set-model M of ZFC , of generic extensions satisfying ZFC+¬CH and ZFC+CH . Moreover, let R be the set of instances of the Axiom of Replacement. We isolated a 21-element subset Ω⊆R and defined F:R→R such that for every Φ⊆R and M -generic G , M⊨ZC∪F"Φ∪Ω implies M[G]⊨ZC∪Φ∪{¬CH} , where ZC is Zermelo set theory with Choice. To achieve this, we worked in the proof assistant Isabelle , basing our development on the Isabelle/ZF library by L. Paulson and others.

mathematics, applied,logic

Ludovic Font,Philippe R. Richard,Michel Gagnon

DOI: https://doi.org/10.48550/arXiv.1803.01468

IF: 14.4

2018-03-05

Artificial Intelligence

Abstract:The idea of assisting teachers with technological tools is not new. Mathematics in general, and geometry in particular, provide interesting challenges when developing educative softwares, both in the education and computer science aspects. QED-Tutrix is an intelligent tutor for geometry offering an interface to help high school students in the resolution of demonstration problems. It focuses on specific goals: 1) to allow the student to freely explore the problem and its figure, 2) to accept proofs elements in any order, 3) to handle a variety of proofs, which can be customized by the teacher, and 4) to be able to help the student at any step of the resolution of the problem, if the need arises. The software is also independent from the intervention of the teacher. QED-Tutrix offers an interesting approach to geometry education, but is currently crippled by the lengthiness of the process of implementing new problems, a task that must still be done manually. Therefore, one of the main focuses of the QED-Tutrix' research team is to ease the implementation of new problems, by automating the tedious step of finding all possible proofs for a given problem. This automation must follow fundamental constraints in order to create problems compatible with QED-Tutrix: 1) readability of the proofs, 2) accessibility at a high school level, and 3) possibility for the teacher to modify the parameters defining the "acceptability" of a proof. We present in this paper the result of our preliminary exploration of possible avenues for this task. Automated theorem proving in geometry is a widely studied subject, and various provers exist. However, our constraints are quite specific and some adaptation would be required to use an existing prover. We have therefore implemented a prototype of automated prover to suit our needs. The future goal is to compare performances and usability in our specific use-case between the existing provers and our implementation.

Jan Olaf Blech

DOI: https://doi.org/10.48550/arXiv.1102.3529

2011-02-17

Abstract:In this report we describe a tool framework for certifying properties of PLCs: CERTPLC. CERTPLC can handle PLC descriptions provided in the Sequential Function Chart (SFC) language of the IEC 61131-3 standard. It provides routines to certify properties of systems by delivering an independently checkable formal system description and proof (called certificate) for the desired properties. We focus on properties that can be described as inductive invariants. System descriptions and certificates are generated and handled using the COQ proof assistant. Our tool framework is used to provide supporting evidence for the safety of embedded systems in the industrial automation domain to third-party authorities. In this document we describe the tool framework: usage scenarios, the archi-tecture, semantics of PLCs and their realization in COQ, proof generation and the construction of certificates.

Software Engineering

Henning Christiansen,Maja H. Kirkeby

DOI: https://doi.org/10.1007/s00165-016-0396-9

2016-11-11

Abstract:Previous results on proving confluence for Constraint Handling Rules are extended in two ways in order to allow a larger and more realistic class of CHR programs to be considered confluent. Firstly, we introduce the relaxed notion of confluence modulo equivalence into the context of CHR: while confluence for a terminating program means that all alternative derivations for a query lead to the exact same final state, confluence modulo equivalence only requires the final states to be equivalent with respect to an equivalence relation tailored for the given program. Secondly, we allow non-logical built-in predicates such as var/1 and incomplete ones such as is/2, that are ignored in previous work on confluence. To this end, a new operational semantics for CHR is developed which includes such predicates. In addition, this semantics differs from earlier approaches by its simplicity without loss of generality, and it may also be recommended for future studies of CHR. For the purely logical subset of CHR, proofs can be expressed in first-order logic, that we show is not sufficient in the present case. We have introduced a formal meta-language that allows reasoning about abstract states and derivations with meta-level restrictions that reflect the non-logical and incomplete predicates. This language represents subproofs as diagrams, which facilitates a systematic enumeration of proof cases, pointing forward to a mechanical support for such proofs.

Logic in Computer Science

Jürgen Giesl,René Thiemann,Peter Schneider-Kamp,Stephan Falke

DOI: https://doi.org/10.1007/978-3-540-25979-4_15

2004-01-01

Abstract:We describe the system ProVE, an automated prover to verify (innermost) termination of term rewrite systems (TRSs). For this system, we have developed and implemented efficient algorithms based on classical simplification orders, dependency pairs, and the size-change principle. In particular, it contains many new improvements of the dependency pair approach that make automated termination proving more powerful and efficient. In ProVE, termination proofs can be performed with a user-friendly graphical interface and the system is currently among the most powerful termination provers available.

Mario Frank,Christoph Kreitz

DOI: https://doi.org/10.4204/EPTCS.267.4

2018-03-05

Abstract:We present a prototype of an integrated reasoning environment for educational purposes. The presented tool is a fragment of a proof assistant and automated theorem prover. We describe the existing and planned functionality of the theorem prover and especially the functionality of the educational fragment. This currently supports working with terms of the untyped lambda calculus and addresses both undergraduate students and researchers. We show how the tool can be used to support the students' understanding of functional programming and discuss general problems related to the process of building theorem proving software that aims at supporting both research and education.

Human-Computer Interaction,Logic in Computer Science,Software Engineering

Roberto Blanco,Dale Miller

DOI: https://doi.org/10.48550/arXiv.1511.04178

2015-11-13

Logic in Computer Science

Abstract:We apply the foundational proof certificate (FPC) framework to the problem of designing high-level outlines of proofs. The FPC framework provides a means to formally define and check a wide range of proof evidence. A focused proof system is central to this framework and such a proof system provides an interesting approach to proof reconstruction during the process of proof checking (relying on an underlying logic programming implementation). Here, we illustrate how the FPC framework can be used to design proof outlines and then to exploit proof checkers as a means for expanding outlines into fully detailed proofs. In order to validate this approach to proof outlines, we have built the ACheck system that allows us to take a sequence of theorems and apply the proof outline "do the obvious induction and close the proof using previously proved lemmas".

Leroy Chew,Friedrich Slivovsky

DOI: https://doi.org/10.46298/lmcs-20(1:14)2024

2024-02-14

Logical Methods in Computer Science

Abstract:We pioneer a new technique that allows us to prove a multitude of previously open simulations in QBF proof complexity. In particular, we show that extended QBF Frege p-simulates clausal proof systems such as IR-Calculus, IRM-Calculus, Long-Distance Q-Resolution, and Merge Resolution. These results are obtained by taking a technique of Beyersdorff et al. (JACM 2020) that turns strategy extraction into simulation and combining it with new local strategy extraction arguments. This approach leads to simulations that are carried out mainly in propositional logic, with minimal use of the QBF rules. Our proofs therefore provide a new, largely propositional interpretation of the simulated systems. We argue that these results strengthen the case for uniform certification in QBF solving, since many QBF proof systems now fall into place underneath extended QBF Frege.

computer science, theory & methods,logic

Pierre Fraigniaud,Pedro Montealegre,Ivan Rapaport,Ioan Todinca

DOI: https://doi.org/10.48550/arXiv.2112.03195

2021-12-07

Abstract:Distributed certification, whether it be proof-labeling schemes, locally checkable proofs, etc., deals with the issue of certifying the legality of a distributed system with respect to a given boolean predicate. A certificate is assigned to each process in the system by a non-trustable oracle, and the processes are in charge of verifying these certificates, so that two properties are satisfied: completeness, i.e., for every legal instance, there is a certificate assignment leading all processes to accept, and soundness, i.e., for every illegal instance, and for every certificate assignment, at least one process rejects. The verification of the certificates must be fast, and the certificates themselves must be small. A large quantity of results have been produced in this framework, each aiming at designing a distributed certification mechanism for specific boolean predicates. This paper presents a "meta-theorem", applying to many boolean predicates at once. Specifically, we prove that, for every boolean predicate on graphs definable in the monadic second-order (MSO) logic of graphs, there exists a distributed certification mechanism using certificates on $O(\log^2n)$ bits in $n$-node graphs of bounded treewidth, with a verification protocol involving a single round of communication between neighbors.

Distributed, Parallel, and Cluster Computing