Horaţiu Cheval,David Nowak,Vlad Rusu

DOI: https://doi.org/10.1016/j.jlamp.2024.100999

IF: 1.088

2024-06-20

Journal of Logical and Algebraic Methods in Programming

Abstract:Partial functions are a key concept in programming. Without partiality a programming language has limited expressiveness – it is not Turing-complete, hence, it excludes some constructs such as while-loops. In functional programming languages, partiality mostly originates from the non-termination of recursive functions. Corecursive functions are another source of partiality: here, the issue is not termination, but the inability to produce arbitrary large, finite approximations of a theoretically infinite output. Partial functions have been formally studied in the branch of theoretical computer science called domain theory. In this paper we propose to step up the level of formality by using the Coq proof assistant. The main difficulty is that Coq requires all functions to be total, since partiality would break the soundness of its underlying logic. We propose practical solutions for this issue, and others, which appear when one attempts to define and reason about partial (co)recursive functions in a total functional language.

computer science, theory & methods,logic

Yijing Liu,Quan Long,Qiu Zongyan

2009-01-01

Abstract:For the object oriented paradigm, providing a relatively rich model language equipped with formal semantics for practical reasoning is an important and long-standing open problem. In this work, μJava, a sufficient large subset of sequential Java is defined. An OO Separation Logic with pure reference semantic model is developed. Facilitated by this logic, the Weakest Precondition (WP) semantics for μJavais defined, and its soundness and completeness are proved. As far as we know, this is the first work on the completeness of such a semantics. Some key properties are shown still hold, especially the frame rule that is important for local reasoning. Additionally, we find some properties absent in the original Separation Logic, but important for OO reasoning. We introduce Hoare Triple based on the WP semantics. As the application and illustration of how the WP semantics serve the verification of OO programs, some examples are given, with the class invariant proof in a case study. We anticipate that this work would be helpful for the disciplines of OO software verification and refinement.

David Nowak,Vlad Rusu

DOI: https://doi.org/10.4204/EPTCS.389.8

2023-09-25

Abstract:While loops are present in virtually all imperative programming languages. They are important both for practical reasons (performing a number of iterations not known in advance) and theoretical reasons (achieving Turing completeness). In this paper we propose an approach for incorporating while loops in an imperative language shallowly embedded in the Coq proof assistant. The main difficulty is that proving the termination of while loops is nontrivial, or impossible in the case of non-termination, whereas Coq only accepts programs endowed with termination proofs. Our solution is based on a new, general method for defining possibly non-terminating recursive functions in Coq. We illustrate the approach by proving termination and partial correctness of a program on linked lists.

Programming Languages,Logic in Computer Science

Quan Long,Qiu Zongyan,Wang Shuling

2006-01-01

Abstract:In recent years, many researchers in the programming language and formal methods communities have been investigating weakest precondition (WP) semantics for object-oriented (OO) programs. Based on a modified version of Separation Logic, OO Separation Logic, we develop in this article a WP semantics for an OO language with most important object-oriented features including subtypes, visibility, inheritance, dynamic binding and reference types. Giving a clear comparison to existing work, we conclude that the WP semantics defined here captures the essentials of object-orientation. Further, in the WP semantic model, we define program transformation in terms of refinement. With some case studies, we show that, supported by the semantics defined, it is easier to model many practical program transformations in a reasonable way. keywords: Object Orientation, Weakest Precondition, Separation Logic, Semantics, Refinement

Hai Wan,Anping He,Zhiyang You,Xibin Zhao

DOI: https://doi.org/10.1155/2014/892832

2014-01-01

Journal of Applied Mathematics

Abstract:The paper presents a formal proof of a machine closed theorem of TLA+in the theorem proving system Coq. A shallow embedding scheme is employed for the proof which is independent of concrete syntax. Fundamental concepts need to state that the machine closed theorems are addressed in the proof platform. A useful proof pattern of constructing a trace with desired properties is devised. A number of Coq reusable libraries are established.

Pierre-Yves Strub,Qian Wang

2010-01-01

Logic in Computer Science

Abstract:Coq Modulo Theory (CoqMT) is an extension of the Coq proof assistant incorporating, in its computational mechanism, validity entailment for user-defined first-order equational theories. Such a mechanism strictly enriches the system (more terms are typable), eases the use of dependent types and provides more automation during the development of proofs. CoqMT improves over the Calculus of Congruent Inductive Constructions by getting rid of various restrictions and simplifying the type-checking algorithm and the integration of first-order decision procedures.

Yifeng Chen,J. W. Sanders

2005-01-01

Acta Informatica

Abstract:The weakest specifunction has been introduced to generalise the notions of weakest prespecification and weakest parallel environment. It calculates the weakest specification function whose value refines the target specification when applied to a given component; thus it forms the basis for compositional refinement, an essential ingredient in program derivation. But unlike those previous calculi it is able to deal with several unknown components simultaneously and hence has wider applicability. In this paper we extend the general theory of the weakest specifunction, identifying those spaces in which it behaves miraculously. The par-seq specifunction places an established component in parallel with a required component and the result in sequence with another required component to meet a given specification. We extend the study of the par-seq specifunction in the context of log s , an intermediate-level language for reactive computing in an abstraction of the PRAM and BSP models of computation, and provide a single complete law for its use in program derivation. The resulting calculus is applied to the derivation of a distributed algorithm for dynamic load balancing.

Reynald Affeldt,Jacques Garrigue,Takafumi Saikawa

DOI: https://doi.org/10.48550/arXiv.2312.06103

2023-12-11

Abstract:One can perform equational reasoning about computational effects with a purely functional programming language thanks to monads. Even though equational reasoning for effectful programs is desirable, it is not yet mainstream. This is partly because it is difficult to maintain pencil-and-paper proofs of large examples. We propose a formalization of a hierarchy of effects using monads in the Coq proof assistant that makes monadic equational reasoning practical. Our main idea is to formalize the hierarchy of effects and algebraic laws as interfaces like it is done when formalizing hierarchy of algebras in dependent type theory. Thanks to this approach, we clearly separate equational laws from models. We can then take advantage of the sophisticated rewriting capabilities of Coq and build libraries of lemmas to achieve concise proofs of programs. We can also use the resulting framework to leverage on Coq's mathematical theories and formalize models of monads. In this article, we explain how we formalize a rich hierarchy of effects (nondeterminism, state, probability, etc.), how we mechanize examples of monadic equational reasoning from the literature, and how we apply our framework to the design of equational laws for a subset of ML with references.

Logic in Computer Science

Linpeng Zhang,Benjamin Lucien Kaminski

DOI: https://doi.org/10.48550/arXiv.2202.06765

2022-02-14

Abstract:We present a novel strongest-postcondition-style calculus for quantitative reasoning about non-deterministic programs with loops. Whereas existing quantitative weakest pre allows reasoning about the value of a quantity after a program terminates on a given initial state, quantitative strongest post allows reasoning about the value that a quantity had before the program was executed and reached a given final state. We show how strongest post enables reasoning about the flow of quantitative information through programs. Similarly to weakest liberal preconditions, we also develop a quantitative strongest liberal post. As a byproduct, we obtain the entirely unexplored notion of strongest liberal postconditions and show how these foreshadow a potential new program logic - partial incorrectness logic - which would be a more liberal version of O'Hearn's recent incorrectness logic.

Logic in Computer Science,Cryptography and Security,Programming Languages

Floris van Doorn

DOI: https://doi.org/10.48550/arXiv.1503.08744

2015-03-30

Logic

Abstract:I formalize important theorems about classical propositional logic in the proof assistant Coq. The main theorems I prove are (1) the soundness and completeness of natural deduction calculus, (2) the equivalence between natural deduction calculus, Hilbert systems and sequent calculus and (3) cut elimination for sequent calculus.

Mario Carneiro

DOI: https://doi.org/10.48550/arXiv.1810.08380

2018-10-19

Logic in Computer Science

Abstract:We present an extension to the $\mathtt{mathlib}$ library of the Lean theorem prover formalizing the foundations of computability theory. We use primitive recursive functions and partial recursive functions as the main objects of study, and we use a constructive encoding of partial functions such that they are executable when the programs in question provably halt. Main theorems include the construction of a universal partial recursive function and a proof of the undecidability of the halting problem. Type class inference provides a transparent way to supply G\"{o}del numberings where needed and encapsulate the encoding details.

Zachary Flores,Angelo Taranto,Eric Bond,Yakir Forman

2023-03-16

Abstract:What provides the highest level of assurance for correctness of execution within a programming language? One answer, and our solution in particular, to this problem is to provide a formalization for, if it exists, the denotational semantics of a programming language. Achieving such a formalization provides a gold standard for ensuring a programming language is correct-by-construction. In our effort on the DARPA V-SPELLS program, we worked to provide a foundation for the denotational semantics of a meta-language using a mathematical object known as an operad. This object has compositional properties which are vital to building languages from smaller pieces. In this paper, we discuss our formalization of an operad in the proof assistant Coq. Moreover, our definition within Coq is capable of providing proofs that objects specified within Coq are operads. This work within Coq provides a formal mathematical basis for our meta-language development within V-SPELLS. Our work also provides, to our knowledge, the first known formalization of operads within a proof assistant that has significant automation, as well as a model that can be replicated without knowledge of Homotopy Type Theory.

Category Theory,Computation and Language,Programming Languages

Linpeng Zhang,Noam Zilberstein,Benjamin Lucien Kaminski,Alexandra Silva

2024-04-08

Abstract:We present a novel \emph{weakest pre calculus} for \emph{reasoning about quantitative hyperproperties} over \emph{nondeterministic and probabilistic} programs. Whereas existing calculi allow reasoning about the expected value that a quantity assumes after program termination from a \emph{single initial state}, we do so for \emph{initial sets of states} or \emph{initial probability distributions}. We thus (i)~obtain a weakest pre calculus for hyper Hoare logic and (ii)~enable reasoning about so-called \emph{hyperquantities} which include expected values but also quantities (e.g. variance) out of scope of previous work. As a byproduct, we obtain a novel strongest post for weighted programs that extends both existing strongest and strongest liberal post calculi. Our framework reveals novel dualities between forward and backward transformers, correctness and incorrectness, as well as nontermination and unreachability.

Logic in Computer Science,Cryptography and Security,Formal Languages and Automata Theory,Programming Languages

Sylvie Boldo,François Clément,Louise Leclerc

DOI: https://doi.org/10.48550/arXiv.2201.03242

2022-02-10

Abstract:The Bochner integral is a generalization of the Lebesgue integral, for functions taking their values in a Banach space. Therefore, both its mathematical definition and its formalization in the Coq proof assistant are more challenging as we cannot rely on the properties of real numbers. Our contributions include an original formalization of simple functions, Bochner integrability defined by a dependent type, and the construction of the proof of the integrability of measurable functions under mild hypotheses (weak separability). Then, we define the Bochner integral and prove several theorems, including dominated convergence and the equivalence with an existing formalization of Lebesgue integral for nonnegative functions.

Logic in Computer Science,Functional Analysis

Tadeusz Litak

2024-02-03

Abstract:In 1984, Wim Ruitenburg published a surprising result about periodic sequences in intuitionistic propositional calculus (IPC). The property established by Ruitenburg naturally generalizes local finiteness (intuitionistic logic is not locally finite, even in a single variable). However, one of the two main goals of this note is to illustrate that most "natural" non-classical logics failing local finiteness also do not enjoy the periodic sequence property; IPC is quite unique in separating these properties. The other goal of this note is to present a Coq formalization of Ruitenburg's heavily syntactic proof. Apart from ensuring its correctness, the formalization allows extraction of a program providing a certified implementation of Ruitenburg's algorithm.

Logic in Computer Science

Yijing Liu,Zongyan Qiu,Quan Long

DOI: https://doi.org/10.1007/978-3-642-23283-1_12

2011-01-01

Abstract:For the object oriented (OO) world, developing formal semantics for theoretical study and practical use is still an important topic despite of a decade's efforts. In this paper, for a sufficiently large subset of sequential Java with a pure reference semantics model, we define a Weakest Precondition (WP) semantics, and prove its soundness and completeness. Based on thisWP semantics, we study specifications of methods and the refinement relationship between specifications, and we propose new definitions for object invariants and behavioral subtyping notation for general OO programs.

Ethan Brauer

DOI: https://doi.org/10.1093/logcom/exad077

2024-01-03

Journal of Logic and Computation

Abstract:Abstract This paper explores how, given a proof, we can systematically transform it into a proof that contains no irrelevancies and which is as strong as possible. I define a weaker and stronger notion of what counts as a proof with no irrelevancies, calling them perfect proofs and gaunt proofs, respectively. Using classical core logic to study classical validities and core logic to study intuitionistic validities, I show that every core proof or classical core proof can be transformed into a perfect proof. In a sequel paper, I show how proofs in core logic can also be transformed into gaunt proofs and I observe that this property fails for classical core logic.

computer science, theory & methods,logic

Ethan Brauer

DOI: https://doi.org/10.1093/logcom/exae003

2024-02-19

Journal of Logic and Computation

Abstract:Abstract This paper is the second part of a series exploring how, given a proof, we can inductively transform it into a proof that contains no irrelevancies and is as strong as possible. In the prequel paper, I defined a weaker and a stronger notion of what counts as a proof with no irrelevancies, calling them perfect proofs and gaunt proofs, respectively. There, I showed how proofs in core logic and classical core logic can be transformed into perfect proofs. In this paper I study gaunt proofs. I show how proofs in core logic can be inductively transformed into gaunt core proofs, but that this property fails for the natural deduction system of classical core logic.

computer science, theory & methods,logic

Zhaowei Xu,Mingsheng Ying,Shenggang Ying

2018-01-01

Abstract:Most modern (classical) programming languages support recursion. Recursion has also been successfully applied to the design of several quantum algorithms and introduced in a couple of quantum programming languages. So, it can be expected that recursion will become one of the fundamental paradigms of quantum programming. Several program logics have been developed for verification of non-recursive quantum programs. However, there are as yet no general methods for reasoning about recursive procedures in quantum computing. We fill the gap in this paper by presenting a logic for recursive quantum programs. This logic is an extension of quantum Hoare logic for quantum While-programs. The (relative) completeness of the logic is proved, and its effectiveness is shown by a running example: fixed-point Groveru0027s search.

Mingsheng Ying,Jianxin Chen,Yuan Feng,Runyao Duan

DOI: https://doi.org/10.1016/j.ipl.2007.06.003

IF: 0.851

2007-01-01

Information Processing Letters

Abstract:The notion of quantum weakest precondition was introduced by D'Hondt and P. Panangaden [E. D'Hondt, P. Panangaden, Quantum weakest preconditions, Mathematical Structures in Computer Science 16 (2006) 429-451], and they presented a representation of weakest precondition of a quantum program in the operator-sum form. In this Letter, we give an intrinsic characterization of the weakest precondition of a quantum program given in a system-environment model. Furthermore, some sufficient conditions for commutativity of quantum weakest preconditions are presented.