Reseña: A fully verified executable LTL model checker

PorJosé A. Alonso

Se ha publicado un artículo de verificación formal con Isabelle/HOL titulado A fully verified executable LTL model checker.

Sus autores son Javier Esparza, Peter Lammich, René Neumann, Tobias Nipkow, Alexander Schimpf y Jan-Georg Smaus.

El trabajo se presentará en el CAV 2013 (25th International Conference on Computer Aided Verification).

Su resumen es

We present an LTL model checker whose code has been completely verified using the Isabelle theorem prover. The checker consists of over 4000 lines of ML code. The code is produced using recent Isabelle technology called the Refinement Framework, which allows us to split its correctness proof into (1) the proof of an abstract version of the checker, consisting of a few hundred lines of “formalized pseudocode”, and (2) a verified refinement step in which mathematical sets and other abstract structures are replaced by implementations of efficient structures like red-black trees and functional arrays. This leads to a checker that, while still slower than unverified checkers, can already be used as a trusted reference implementation against which advanced implementations can be tested. We report on the structure of the checker, the development process, and some experiments on standard benchmarks.

El trabajo forma parte del proyecto CAVA (Computer Aided Verification of Automata).

El código de las correspondientes teorías Isabelle/HOL se encuentra aquí.

Reseña: Verifying a plaftorm for digital imaging: a multi-tool strategy

PorJosé A. Alonso

Se ha publicado un trabajo de verificación formal con Why/Krakatoa, Coq y ACL2 titulado Verifying a platform for digital imaging: a multi-tool strategy.

Sus autores son Jónathan Heras, Gadea Mata, Ana Romero, Julio Rubio y Rubén Sáenz (de la Universidad de la Rioja).

Su resumen es

Fiji is a Java platform widely used by biologists and other experimental scientists to process digital images. In particular, in our research – made together with a biologists team; we use Fiji in some pre-processing steps before undertaking a homological digital processing of images. In a previous work, we have formalised the correctness of the programs which use homological techniques to analyse digital images. However, the verification of Fiji’s pre-processing step was missed. In this paper, we present a multi-tool approach filling this gap, based on the combination of Why/Krakatoa, Coq and ACL2.

Los códigos correpondientes al trabajo se encuentran aquí.

Reseña: Contributions to the formal verification of arithmetic algorithms

PorJosé A. Alonso

El pasado mes de septiembre se presentó una tesis sobre verificación formal con Coq titulada Contributions to the formal verification of arithmetic algorithms.

Su autor es Érik Martin-Dorel, dirigido por Micaela Mayero y Jean-Michel Muller.

Su resumen es

The Floating-Point (FP) implementation of a real-valued function is performed with correct rounding if the output is always equal to the rounding of the exact value, which has many advantages. But for implementing a function with correct rounding in a reliable and efficient manner, one has to solve the “Table Maker’s Dilemma” (TMD). Two sophisticated algorithms (L and SLZ) have been designed to solve this problem, relying on some long and complex calculations that are performed by some heavily-optimized implementations. Hence the motivation to provide strong guarantees on these costly pre-computations. To this end, we use the Coq proof assistant. First, we develop a library of “Rigorous Polynomial Approximation”, allowing one to compute an approximation polynomial and an interval that bounds the approximation error in Coq. This formalization is a key building block for verifying the first step of SLZ, as well as the implementation of a mathematical function in general (with or without correct rounding). Then we have implemented, formally verified and made effective 3 interrelated certificates checkers in Coq, whose correctness proof derives from Hensel’s lemma that we have formalized for both univariate and bivariate cases. In particular, our “ISValP verifier” is a key component for formally verifying the results generated by SLZ. Then, we have focused on the mathematical proof of “augmented-precision” FP algorithms for the square root and the Euclidean 2D norm. We give some tight lower bounds on the minimum non-zero distance between sqrt(x²+y²) and a midpoint, allowing one to solve the TMD for this bivariate function. Finally, the “double-rounding” phenomenon can typically occur when several FP precision are available, and may change the behavior of some usual small FP algorithms. We have formally verified in Coq a set of results describing the behavior of the Fast2Sum algorithm with double-roundings.

Las transparencias usadas en la presentación se encuentran aquí.

Reseña: A formally-verified C compiler supporting floating-point arithmetic

PorJosé A. Alonso

Uno de los principales problemas en la verificación de programas consiste en verificación de propiedades de programas con aritmética flotante. Un avance en dicho problema es el reciente trabajo A formally-verified C compiler supporting floating-point arithmetic.

Sus autores son Sylvie Boldo, Jacques-Henri Jourdan, Xavier Leroy y Guillaume Melquiond.

Su resumen es

Floating-point arithmetic is known to be tricky: roundings, formats, exceptional values. The IEEE-754 standard was a push towards straightening the field and made formal reasoning about floating-point computations possible. Unfortunately, this is not sufficient to guarantee the final result of a program, as several other actors are involved: programming language, compiler, architecture. The CompCert formally-verified compiler provides a solution to this problem: this compiler comes with a mathematical specification of the semantics of its source language (ISO C90) and target platforms (ARM, PowerPC, x86-SSE2), and with a proof that compilation preserves semantics. In this paper, we report on our recent success in formally specifying and proving correct CompCert’s compilation of floating-point arithmetic. Since CompCert is verified using the Coq proof assistant, this effort required a suitable Coq formalization of the IEEE-754 standard; we extended the Flocq library for this purpose. As a result, we obtain the first formally verified compiler that provably preserves the semantics of floating-point programs.

El trabajo está integrado en la versión 1.12 de CompCert que se encuentra aquí.

Reseña: Proof pearl – A mechanized proof of GHC’s mergesort

PorJosé A. Alonso

Se publicado un artículo de verificación en Iabelle/HOL titulado Proof pearl – A mechanized proof of GHC’s mergesort.

Su autor es Christian Sternagel (de la Univ. de la Univ. de Insbruck).

Su resumen es

We present our Isabelle/HOL formalization of GHC’s sorting algorithm for lists, proving its correctness and stability. This constitutes another example of applying a state-of-the-art poof assistant to real-world code. Furthermore, it allows users to take advantage of the formalized algorithm in generated code.

La librería estándard de GHC (The Glasgow Haskell Compiler) tiene un algoritmo de ordenación, que es una variante de la ordenación por mezcla. El objetivo del trabajo es la verificación de dicho algortimo en Isabelle/HOL, demostrando su corrección y estabilidad.

La principal característica de este trabajo es la verificación de programas eficientes. El método empleado tiene tres pasos:

  1. formalizar variantes del algoritmo que faciliten la demostración y probar todas las propiedades deseadas;
  2. formalizar variantes eficientes del algoritmo y probar su equivalencia y
  3. usar la generación de código y obtener un programa eficiente del que se tiene garantía que satisface todas las propiedades que se probaron en la formalización inicial.

La formalización es pequeña (menos de 400 líneas de código) y la mayoría de las demostraciones son automáticas. Este éxito se basa en dos principios: la generalización de los conceptos y la definición de esquemas de inducción.

El código en Isabelle/HOL de la teoría correspondiente al trabajo se encuentra en The Archive of Formal Proofs.