y(S^Bn y~d#q#[ Y&UאjWJ4oKakq5x6|3no4BE=?Uuȸn_НwC` ,O,ӗA{Ĝ)9x }4EҡoB~edR2]geolc1Lnfch덉r1U5{tʘ̑׀_KJ-mX*ˠ/CR/2 ̓lO>uch%C^qr!!s1>;1F h"W仈ðSMx:LNr2)'ұr<(ѩr,ct9؟GbIC~X,[r@%0?!=~(a+P7F@:JC@tb<0NC]<ҡ1F#8?"G#XdZvLjruGy.`![9UCIԫ/@A\=J<hWnx[{tTy{uu 8vck]\ /+해>EJbiLIi{ҤiN:1qc;mNN_9mjNmlof>X:57sgfw%DjN4 M6`BzooZͶpHSB. fޖlR-Zƽqɶkd\iSdۈOpݚn;$9L(I6Ydtit?+~F<=_#2y-Zǩ?.H*YQ"-IQzS[[oڈ$;Jdq6irQ'&3I1왱Dd`s\`2ScpVCh,=A38v2GUA4c,f.u ]1č1ȵG3Fp<6aY 3Ly,[f1- L651aDY2飹:ͱ9XKst,)JXEZ,%bl'F{_m Gܖ[,,,7鹥HYM1s,%̕` u$iOx*cޘ 1km,Zu !V>p\MH|WCƧK2&s )+MR.t$GF!VޅhQ96`ߴ13'?Zڶ#2zcX6nt*5$;KfS6uEI6ҙX*M.ōI#Ѽ1o;Ǳbf-ns9nvpƸnMؖP>SGXr4n⛢;h26#GiaNۓѝDHf3}Sk"oʈVXl%=MOD$G}8utdf Œb9 *fңCevN+o,>tf%b|h3z:b,5t.6A7kWvdN~Cg`n~8k.4q(J^^;þ=A\2Fi0ۛFb74߀ĩ`.ZQ,)6 |KBi9EԘZ*Pn[/ fûכ˃&6깹/nosONY8RU8Ū'*俘zz24zZ/\l%}t.U̓.́ "όYIt^p%/>/RʕB'[~ԛ`~U{ Sf~_q]@[X/B^>^4?yU\]Efa;tsmj2.lNo^gvF/\l졙P*pc.e 30COy1d[xNWyvxl^s>Km]H<6}`%>ܼ/OAq)xEp5+0t!) ;J3kk$1Wz]~*?y75SZEdXJ?,H'^)Azm KsZ{bj@sm=$~m-4.ZAV[6mN :hʃMy;$ ӔwAwnp1=ϔ!&GtȔGtؔ1~c= jbqEVZ/V Gm0]FOp.;UZ&+ZrQ^>yS~ny8b.R\+b87h^( hZA @63AAG;/]tZ]{@7nC;/G)4Amv>% ӔwݠMy7l8z@g#:dCȍ#:lG?~Sޏr[.zwʺd }?v-:$rޮAZ۵~-E613ǈW=וΨ":ڙv=99VUggT[c?_*\j~?beVyhh}m'l*m9^֖^i/Oj*迵3X \:@ż2zCDoj[m{uGߴfl@\~NrcxƇ^O,|ϳfo=gk#_j\ a=]X 6!%O^VD~WYs=HpJAzWRa0i?3? $?! c? Go_gH!2>5i;}9BE|ߖvC1v ƭێaѷ\jC t@v?~qD.t<(+AZ:XO 7_HfEȾ0 }#6} ,ϧw<Ba4y%eo*}9'נBR^N|+l9b,E:ة'D_>*U_rm&HB.Ǡ;\sf{[t[s{F$=+fzTC@OBx13Oc Ð~vFJ'~u]@;הԊVʹKv#ǽʍ軅Bo e?+!r6!0ݭ)t+Yn`ĴxIQ0B"n>8S]wC ϭg>{{ҫn^uDUu{T'yQojo/UO}sW;c[`URD]z)t7_V7ѠH4A 州 tP&l;@ (|F_x#:uk:y{NuP߅#F{c c샮W}D~WQ YL߃.fз&Ieխ5::()PXY~Л!l0Y S172_̭Du`!͂;f-7B=XgXBbbx] չ @$LWwW/ @a0]3t7s@%.8*2@jKxF31{zz{ '~Ur4RIRIҗO$AR4bZ'L1r6e2p}.x<_Qͫ̚|.-UkO\8LKʗgs+"Ymhup7]\\M@kS/I[g]"nQ6墢+f˹]LD_=Û 0u+R]>nb>"@6-I-<>dV4fLmze&mK=̙gj1kԬDZSkXf$͙hhuZ3hiBɌ3R*Z`rh^%z5ݧێTWYV<7ij5U3gFu,:'GV>\k^@3Wϲ#?5oWnèdKܩtb3Nf/k5B-au(f$-'+Y-qg3cͬlrWۃbcߒ0lvwf5 dEL`J6%n:h&fEzontO`6[6kUHnW[ %n-qRsgjp,Fǂv@9eg;͍YZ kmQdU<J2*mPkh֟Yf=:dkٵٽAE3AR9%Oc`-.JTsRcL'h7bӦT4|^*]=+f3c/!pMtex| bfrXm"]Y6(DتEEj\dΦsd _.>֠g dxg/+/Զ@^^-/:$O=b8ECݛȜ+ž,yWwF[ZG5]ymMj1x{&oAL6DQ{mMkk@^3uLLS|4Z,rY;[K W0OoF%_gaAGPjj N./8CprQAQ!QahD{& :gs&`jj3(1,h:0(}>E59Ãy9bP Y|vfo(,y}Yc>"=z2>Q~nhc>!: ]¢+[ꥀOz;?k7{>ߝ֥m=#^ xش-l &û) hc^.@we;~~+B{x0=A0vͧ^OMEuZDt꺰NwǼL dc)g|+Z^ukc^;8~x9vO@d,Y||Ӗ=eZꀑ6 0St[Duu::czl 2}a1o=8n=9 [y<_~y$A!~k!~ahok$Aϐΰ荑n=MZU> 3֭ygoz \aAgPA< \f ic=KqxH$s`ߝɩ`]#p5TP r5x:^5v%b^@+%hh] wc\yu|>:AG[n鸎Q;z:FV4ѸV:Wkw8mwG Wgh/Кmݎ;ՓUOXc0fanϞd^lH1A`!q: 9.&*L2"c-I[y;`$*Ŕ0B]wc?ù&Eք52% 2_ڭ#s1>:5p u'k:XW:K=]ydLY}KոqcNձko̵+gq]bսkŪ`/v×ߺ`P7BM7)ZgIWŢyS9EI@HIޏ#[>=ʣ9^kL3jPɦ)_ϞJ%58% J'W8o40 z!=Dzx6JP4x7^#| л0'J#7Iϐ GXpFxݵ\ZOKk"!߅fvvÿ]г6/qRfOǊWdm\:E˥t)?i#z ߕa6VmdE1F14SCJKF8I{&}:N+tFzdtc!T ])D6p8kux Fo7SGǴ w SFod>N#w c%z15'=a0>ۇWl7 O> S^).ZZ<>)Oax㲇)뀍fs(ei oVԛߛ#dJL"?G6BykȗHr=oT< |fg6"J`p#bQw$ڦ"_;J#<Pp~ ATv.rN3t)e(pD=(Kzv(xW|9x@yo.tȾݔ+lwU^%%F]YkI_5/W6@f\ zr0dpn[:e:mTn[cHo 7Ǒ^Y# Tԛ XGHO)I qO5@#u=^!ε)Ĵ>Fķ 嫔ܯY׳WE?үnMj_rhW=8[ik%7ǵڸ^]6UD7]y3ze݇h_k1M _ ? A>tߥU\oǁȿF]Q~@' v×WQ:gmI| |fx6O"w1:*GaA|=Urpu?תר8&E)}C#cP?N S߀OdG=H `;t 0>ۇWl7 VÔl?HMe7w$3Wg6.|e"y[)/'Kd,&+!% s+?$߇C>apWΣS'/:`= ?7|#x ԡ<އCV}DG]:cd*0|%7O u&uDu#7ǰH7|,ܨ>E&ducı0')9 sVܿUaR CUy(VaX˱_/ ]B=Rn\Q]KMHV>'E5(_}!^]~/}e>˅ՅP\d҅,SJwr҃X7EF@W"-?S>m/|9ʙ\Q]]ݟ]`_77v=/+ʻ;/'vw-FsaraFu!/t:UOetGUoAT!>(eB>zQ/"̿Ri̿UʢpMN3( /0DArial NeH,0z[ 0"DCourier NewH,0z[ 01 DSymbol NewH,0z[ 0@. @n?" dd@ @@``x ">?2$㱴ҁ[N!k$2$[9UCIԫ/@A$2$͂;f-7B=50AA@3ʚ;ʚ;g4BdBd z[ 0ppp@<4ddddL 0 ,80___PPT10 ? %-8Certifying and SynthesizingMembership Equational Proofs99(' iPatrick Lincoln (SRI) joint work with Steven Eker (SRI), Jose Meseguer (Urbana) and Grigore Rosu (Urbana)"jTP- OverviewMotivation Our approach to certification Membership Equational Logic (MEL) Maude Formalizing MEL Proof Objects Certifying MEL Proof Objects Synthesizing MEL Proof Objects Handling decision procedures (AC matching) ConclusionZZ"ZZZZ+ZZ"Z+4 Motivation`Software certification In order to trust the result of a verification task, one should first trust the theorem prover Heterogeneous formalisms and proofs Practice showed there is no silver-bullet logic Each feature can be best expressed in a specific formalism Efficient equational engines: ELAN, Maude How can one trust them in heterogeneous settings?`_$2_$2,o HOur Approach to Certification IXProvers or decision procedures synthesize correctness certificates (proofs) Independent and straightforward checkers certify the generated proofs Product-oriented certification approach Avoid verifying the theorem provers or the decission procedures involved Hard tasks, because they are big and changing Check each correctness proof separatelyZIZ.Z(Z*"); I.(6 k Our Approach to Certification IITo be trusted, easily validated, effective and general, certifiers must be Straightforward and small Preferably less than 1,000 lines of C Fast Linear in the size of the certificate Which implies that Proof objects need to be very detailed Can be quite large Proof object synthesizers should follow the logic not the particular prover, which is typically complex Go down to axioms and inference rules only Decision procedures need to output proofsKZZ&ZZ&ZZ'ZZhZ+Z*ZK&&'h+*HrEquational Logics fFor now, we focus on equational logics Simple and used by other more general provers Few inference rules Very fast engines: ELAN, Maude Millions of rewrites per second Specialized decision procedures A,C,I (and combinations) matching, etc. Why would a general prover accept their equational computations? Why would a certifying authority trust such systems?'.@)v'.@)vP . D Membership Equational Logic A very general variant of equational logic Adds membership assertions t : s Sentences are Horn clauses over Equations Membership assertions Generalizes Order sorted equational logics Partial equational logics Adds one more inference rule: membershipm 9)G 9> 1 Maude(MEL engine Based on a fast implementation of rewriting Can output execution traces Series of axiom applications with corresponding substitutions Contain gaps Decision procedures A,C,I matching and combinations Least sort computations Memoization Sharing of subterms (right-hand-side of equations),Kw,Fw, Formalizing MEL Proof ObjectsIntroduced a formalization of MEL proofs Proof object = series of labeled proof steps Proof step = application of one of the six complete inference rules of MEL Reflexivity, Symmetry, Transitivity, Congruence, Substitution, Membership Can contain references to previous stepsNs)! As Certifying MEL Proof ObjectsDesigned and implemented a prototype MEL proof certifier (~ 200 lines in PERL) Checks each proof step Based entirely on string comparison No parsing needed Very simple Does not do anything intelligent Proof object contains any needed piece of information; certifier only makes trivial checks This is exactly what a certifying authority wants As opposed to trusting a complex, highly optimized rewriting engine like Maudef6|2Of$|2O Synthesizing MEL Proof ObjectsoIn order for the certifier to be simple, the proof object must be very low level The following are considered too high-level to be recognized by a certifier Proofs by replacement or by rewriting A, C, I matching and combinations Sharing of subterms Memoization Least sort calculation So we provide solutions on how to push these down to MEL axioms and inference rules<TT,lReplacement ProofsMost usual equational proofs The problem is that replacements can be applied anywhere in the term Lots of congruences, transitivities and potentially one symmetry are implicit Procedure is given to generate all these applications of rules formally in a proof object>QR Z> XRewriting ProofsSpecial case of replacements proofs Most rewritings are done in depth-first order This allows to obtain much smaller proofs by delaying the applications of congruences:W,- Matching ModuloRMatching modulo A, C, I, or any of their combinations is typically implemented via highly specialized decision procedures One does not want a simple and trusted certifier to know about these Therefore, one has to generate proofs making concrete use of A, C, I axioms In Maude, e.g., matchings modulo appear as gaps in the rewriting traces(S~ /AC MatchingfThe most complicated one Nguyen and Kirchner 2002 gave a solution, where the proof has size O(|a|2) We have sorting-based solutions generating proofs of size O(|a| " log(|a|))Z,+L:DHigh-Level Idea(Right Associativity inLinear Proof Size))( From Balanced to any Right Associative Permutation in O(n " log(n)) FE6$$F$ $,6Order the elements as they appear in br The goal now is, given some ordering on element, to sort any balanced tree into a right associative list We have two methods, based on Merge sort Selection sortlZZ%4O%Sorting a Balanced Tree byMerge Sort&&(4Step 1: Sort recursively the left and right subtrees"5/,%Sorting a Balanced Tree byMerge Sort&&(2Step 2: Merging the left and right sorted subtrees"3-*Sorting a Balanced Tree8The size of the AC proof generated by the merge-sort procedure is O(|a| " log(|a|)) More precisely, it is 5 " |a| " log(|a|) Similar numbers are obtained for a selection-sort based procedure These procedures can be easily extended to handle multiple A,C,I (and combinations) operatorsBDDDMaude Specific IssuesMaude has several other decision procedures, for which we also developed proof synthesis algorithms, such as Overloading operators, disambiguation and desugaring specifications&mDmD ` 33` Sf3f` 33g` f` www3PP` ZXdbmo` \ғ3y`Ӣ` 3f3ff` 3f3FKf` hk]wwwfܹ` ff>>\`Y{ff` R>&- {p_/̴>?" dd@,|?" dd@ " @ ` n?" dd@ @@``PR @ ` `p>>f( 6| `} T Click to edit Master title style! ! 0 ` RClick to edit Master text styles Second level Third level Fourth level Fifth level! S 0 ^ ` >* 0 ^ @* 0L ^ ` @*H 0h ? 3380___PPT10.s Default Design$ $( r SF>F r SLF PpF H 0h ? 3380___PPT10.s0"$ 0$( r SHF `} F r SF `F H 0h ? 3380___PPT10.sPI$ @$( r SF `} F r SF F H 0h ? 3380___PPT10.si$ P$( r SF `} F r SF `F H 0h ? 3380___PPT10.s !0 p0( x c$,F `} F x c$F} PF H 0h ? 3380___PPT10.s !$ `$( r Sx. `} . r S. . H 0h ? 3380___PPT10.sppY d\ ( r S. `} . r S\!.. <".Y"` & Nf |- t : s and |- t = t implies |- t : s 4F$$$F$$$F$$$BH 0h ? 3380___PPT10.sf$ $$( $r $ S;. `} . r $ S;.` . H $0h ? 3380___PPT10.s`'p (p( (r ( S@. `} . r ( SA. `P. D ( <B.k"`I :... (18 transitivity +(a,b) = *(c,d) follows by 15 13) ...@;c3cc,H (0h ? 3380___PPT10.s0$ ,$( ,r , S4S. `} . r , ST.` . H ,0h ? 3380___PPT10.sP)$ 0$( 0r 0 S<`. `} . r 0 Sa. `P. H 00h ? 3380___PPT10.s#S ~v4( 4r 4 Sq. `} . r 4 Sr.`. 4 <s.Ha"` e h\Theorem: |- t = t iff t ( )* t /$$ $$$N$$N$$\ H 40h ? 3380___PPT10.s@Uv @v( @r @ S4. `} . x @ c$. . @ <.Ha"`P` 2J |- t = t when t ()*;()* t &$ $$$N$$N$$B @ PArew@P .H @0h ? 3380___PPT10.spbT$ H$( Hr H S4 `} r H S `P H H0h ? 3380___PPT10.sm^? XP0L( Lr L S `} r L S ` L Bff"`+^Y <Given two AC-equivalent terms a and b, generate a proof of their equality using the A and C axioms\c( = H L0h ? 3380___PPT10.s @P( Pr P S& `} P \AproofPlan ` X P 0d P dPut a and b in right associative forms ar and br by AC equational proofs of size O(|a|) Pick a special term ab, which is a balanced version of a, and put it in right associative form, i.e., the same ar,in proof size O(|a|) Generate a proof of size O(|a| " log(|a|)) for the AC equivalence between ab and brD3!!7D,7 gH P0h ? 3380___PPT10.s$ `X( Xr X SF `} F X ^ArightAssoc FV X 0l P ~Apply right associativity in a bottom-up fashion, until we get a right associative term Delay congruences as much as possible (X, EH X0h ? 3380___PPT10.s~ d,( dr d Sl } a r d Sl ` l 8 dh d c8A proofPlan h d s*"`h d s*"`Ph d s*"`0H d0h ? 33___PPT10i.s+D=' = @B +V !l ( lr l Sa `} a r l SpaPa R l <M"`_uI[ Da&( R l <f"`` [ ^a1>( J R l <8a"`@[ ^a2>( J L l@c$; bL lc$;aXB l 0DԔ]k]XB l 0DԔkR l <3f"`kd La1, l <aw 4( l BC@f"`E 2 l H8fL 3 Fa1& l Hf lX 5rR l < "`qsF La2, l <Y 4( l BC8a"`' 2 l H aR 9 Fa2& l H47l O ^ 5rl l 68c"`F l@SwP F lSw!P l <CLJ"` x 2 l Bg&*N Fa1& l B7l8s 5r l <Cmf"` O 2 l Bkf_fjF Fa2& !l BTsfxk 5rH l0h ?Ollllll 3380___PPT10.sN e]*=p( px p c$^ `} x p c$fP p <Cf"``~ 2 p B f Fa1& p Ba 5rF p@SI9F pS7D p <C$"``A 2 p B@89e Ha 1& p BJ < 5r p <Lm7 <a1HRB p s*D8cRB !p s*D8c "p <C(H"`{~0 2 #p Bz Fa2& $p B}! 5rF %p@SI9F &pS7D 'p <Cf"`{A 2 (p BVfS 9e : Ha 2& )p Bl J W 5r *p <ylR9 <a2HRB +p s*D8cRB ,p s*D8c+ + X -p 00 0`F .p@SwgF /pSwo 0p <xa7 x <a2HF 1p@So _ 2p <DBG x <a1HF 3pSg_ F 4p@SW G F 5pSW O 6p <C0G"`, d$ 2 7p BDkGH Ha 1& 8p BG[- 5r 9p <CDG"`' T 2 :p Bf 8 Ha 2& ;p BfV 5r PSUX$\`bftnP*rv? '4( /0DArial NeH,On-screen ShowUniveristy of IllinoisA ArialCourier NewSymbolDefault Design9Certifying and Synthesizing Membership Equational Proofs OverviewMotivation Our Approach to Certification I!Our Approach to Certification IIEquational LogicsMembership Equational LogicMaudeFormalizing MEL Proof ObjectsCertifying MEL Proof ObjectsSynthesizing MEL Proof ObjectsReplacement ProofsRewriting ProofsMatching ModuloAC MatchingHigh-Level Idea)Right Associativity in Linear Proof SizeEFrom Balanced to any Right Associative Permutation in O(n log(n)) &Sorting a Balanced Tree by Merge Sort&Sorting a Balanced Tree by Merge SortSorting a Balanced TreeMaude Specific IssuesConclusion and Future WorkFonts UsedDesign Template Slide Titles$_nGrigore RosuGrigore Rosu .-@Arial-. 2 oProofs%.-@Arial-. '2 9Patrick Lincoln (SRI)n .-@Arial-.| ">?2$㱴ҁ[N!k$2$[9UCIԫ/@A$2$͂;f-7B=50AA@3ʚ;ʚ;g4BdBd z[ 0ppp@<4ddddL 0 ,80___PPT10 ? %08Certifying and SynthesizingMembership Equational Proofs99(' iPatrick Lincoln (SRI) joint work with Steven Eker (SRI), Jose Meseguer (Urbana) and Grigore Rosu (Urbana)"jTP- OverviewMotivation Our approach to certification Membership Equational Logic (MEL) Maude Formalizing MEL Proof Objects Certifying MEL Proof Objects Synthesizing MEL Proof Objects Handling decision procedures (AC matching) ConclusionZZ"ZZZZ+ZZ"Z+4 Motivation`Software certification In order to trust the result of a verification task, one should first trust the theorem prover Heterogeneous formalisms and proofs Practice showed there is no silver-bullet logic Each feature can be best expressed in a specific formalism Efficient equational engines: ELAN, Maude How can one trust them in heterogeneous settings?`_$2_$2,o HOur Approach to Certification IXProvers or decision procedures synthesize correctness certificates (proofs) Independent and straightforward checkers certify the generated proofs Product-oriented certification approach Avoid verifying the theorem provers or the decission procedures involved Hard tasks, because they are big and changing Check each correctness proof separatelyZIZ.Z(Z*"); I.(6 k Our Approach to Certification IITo be trusted, easily validated, effective and general, certifiers must be Straightforward and small Preferably less than 1,000 lines of C Fast Linear in the size of the certificate Which implies that Proof objects need to be very detailed Can be quite large Proof object synthesizers should follow the logic not the particular prover, which is typically complex Go down to axioms and inference rules only Decision procedures need to output proofsKZZ&ZZ&ZZ'ZZhZ+Z*ZK&&'h+*HrEquational Logics fFor now, we focus on equational logics Simple and used by other more general provers Few inference rules Very fast engines: ELAN, Maude Millions of rewrites per second Specialized decision procedures A,C,I (and combinations) matching, etc. Why would a general prover accept their equational computations? Why would a certifying authority trust such systems?'.@)v'.@)vP . D Membership Equational Logic A very general variant of equational logic Adds membership assertions t : s Sentences are Horn clauses over Equations Membership assertions Generalizes Order sorted equational logics Partial equational logics Adds one more inference rule: membershipm 9)G 9> 1 Maude(MEL engine Based on a fast implementation of rewriting Can output execution traces Series of axiom applications with corresponding substitutions Contain gaps Decision procedures A,C,I matching and combinations Least sort computations Memoization Sharing of subterms (right-hand-side of equations),Kw,Fw, Formalizing MEL Proof ObjectsIntroduced a formalization of MEL proofs Proof object = series of labeled proof steps Proof step = application of one of the six complete inference rules of MEL Reflexivity, Symmetry, Transitivity, Congruence, Substitution, Membership Can contain references to previous stepsNs)! As Certifying MEL Proof ObjectsDesigned and implemented a prototype MEL proof certifier (~ 200 lines in PERL) Checks each proof step Based entirely on string comparison No parsing needed Very simple Does not do anything intelligent Proof object contains any needed piece of information; certifier only makes trivial checks This is exactly what a certifying authority wants As opposed to trusting a complex, highly optimized rewriting engine like Maudef6|2Of$|2O Synthesizing MEL Proof ObjectsoIn order for the certifier to be simple, the proof object must be very low level The following are considered too high-level to be recognized by a certifier Proofs by replacement or by rewriting A, C, I matching and combinations Sharing of subterms Memoization Least sort calculation So we provide solutions on how to push these down to MEL axioms and inference rules<TT,lReplacement ProofsMost usual equational proofs The problem is that replacements can be applied anywhere in the term Lots of congruences, transitivities and potentially one symmetry are implicit Procedure is given to generate all these applications of rules formally in a proof object>QR Z> XRewriting ProofsSpecial case of replacements proofs Most rewritings are done in depth-first order This allows to obtain much smaller proofs by delaying the applications of congruences:W,- Matching ModuloRMatching modulo A, C, I, or any of their combinations is typically implemented via highly specialized decision procedures One does not want a simple and trusted certifier to know about these Therefore, one has to generate proofs making concrete use of A, C, I axioms In Maude, e.g., matchings modulo appear as gaps in the rewriting traces(S~ /AC MatchingfThe most complicated one Nguyen and Kirchner 2002 gave a solution, where the proof has size O(|a|2) We have sorting-based solutions generating proofs of size O(|a| " log(|a|))Z,+L:DHigh-Level Idea(Right Associativity inLinear Proof Size))( From Balanced to any Right Associative Permutation in O(n " log(n)) FE6$$F$ $,6Order the elements as they appear in br The goal now is, given some ordering on element, to sort any balanced tree into a right associative list We have two methods, based on Merge sort Selection sortlZ !"#$%&')*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|~}Root EntrydO)KsPicturesHNCurrent User@DSummaryInformation(0PowerPoint Document((DocumentSummaryInformation8-0z[ 0"DCourier NewH,0z[ 01 DSymbol NewH,0z[ 0@. @n?" dd@ @@``x ">?2$㱴ҁ[N!k$2$[9UCIԫ/@A$2$͂;f-7B=50AA@3ʚ;ʚ;g4BdBd z[ 0ppp@<4ddddL 0 ,80___PPT10 ? %.8Certifying and SynthesizingMembership Equational Proofs99(' iPatrick Lincoln (SRI) joint work with Steven Eker (SRI), Jose Meseguer (Urbana) and Grigore Rosu (Urbana)"jTP- OverviewMotivation Our approach to certification Membership Equational Logic (MEL) Maude Formalizing MEL Proof Objects Certifying MEL Proof Objects Synthesizing MEL Proof Objects Handling decision procedures (AC matching) ConclusionZZ"ZZZZ+ZZ"Z+4 Motivation`Software certification In order to trust the result of a verification task, one should first trust the theorem prover Heterogeneous formalisms and proofs Practice showed there is no silver-bullet logic Each feature can be best expressed in a specific formalism Efficient equational engines: ELAN, Maude How can one trust them in heterogeneous settings?`_$2_$2,o HOur Approach to Certification IXProvers or decision procedures synthesize correctness certificates (proofs) Independent and straightforward checkers certify the generated proofs Product-oriented certification approach Avoid verifying the theorem provers or the decission procedures involved Hard tasks, because they are big and changing Check each correctness proof separatelyZIZ.Z(Z*"); I.(6 k Our Approach to Certification IITo be trusted, easily validated, effective and general, certifiers must be Straightforward and small Preferably less than 1,000 lines of C Fast Linear in the size of the certificate Which implies that Proof objects need to be very detailed Can be quite large Proof object synthesizers should follow the logic not the particular prover, which is typically complex Go down to axioms and inference rules only Decision procedures need to output proofsKZZ&ZZ&ZZ'ZZhZ+Z*ZK&&'h+*HrEquational Logics fFor now, we focus on equational logics Simple and used by other more general provers Few inference rules Very fast engines: ELAN, Maude Millions of rewrites per second Specialized decision procedures A,C,I (and combinations) matching, etc. Why would a general prover accept their equational computations? Why would a certifying authority trust such systems?'.@)v'.@)vP . D Membership Equational Logic A very general variant of equational logic Adds membership assertions t : s Sentences are Horn clauses over Equations Membership assertions Generalizes Order sorted equational logics Partial equational logics Adds one more inference rule: membershipm 9)G 9> 1 Maude(MEL engine Based on a fast implementation of rewriting Can output execution traces Series of axiom applications with corresponding substitutions Contain gaps Decision procedures A,C,I matching and combinations Least sort computations Memoization Sharing of subterms (right-hand-side of equations),Kw,Fw, Formalizing MEL Proof ObjectsIntroduced a formalization of MEL proofs Proof object = series of labeled proof steps Proof step = application of one of the six complete inference rules of MEL Reflexivity, Symmetry, Transitivity, Congruence, Substitution, Membership Can contain references to previous stepsNs)! As Certifying MEL Proof ObjectsDesigned and implemented a prototype MEL proof certifier (~ 200 lines in PERL) Checks each proof step Based entirely on string comparison No parsing needed Very simple Does not do anything intelligent Proof object contains any needed piece of information; certifier only makes trivial checks This is exactly what a certifying authority wants As opposed to trusting a complex, highly optimized rewriting engine like Maudef6|2Of$|2O Synthesizing MEL Proof ObjectsoIn order for the certifier to be simple, the proof object must be very low level The following are considered too high-level to be recognized by a certifier Proofs by replacement or by rewriting A, C, I matching and combinations Sharing of subterms Memoization Least sort calculation So we provide solutions on how to push these down to MEL axioms and inference rules<TT,lReplacement ProofsMost usual equational proofs The problem is that replacements can be applied anywhere in the term Lots of congruences, transitivities and potentially one symmetry are implicit Procedure is given to generate all these applications of rules formally in a proof object>QR Z> XRewriting ProofsSpecial case of replacements proofs Most rewritings are done in depth-first order This allows to obtain much smaller proofs by delaying the applications of congruences:W,- Matching ModuloRMatching modulo A, C, I, or any of their combinations is typically implemented via highly specialized decision procedures One does not want a simple and trusted certifier to know about these Therefore, one has to generate proofs making concrete use of A, C, I axioms In Maude, e.g., matchings modulo appear as gaps in the rewriting traces(S~ /AC MatchingfThe most complicated one Nguyen and Kirchner 2002 gave a solution, where the proof has size O(|a|2) We have sorting-based solutions generating proofs of size O(|a| " log(|a|))Z,+L:DHigh-Level Idea(Right Associativity inLinear Proof Size))( From Balanced to any Right Associative Permutation in O(n " log(n)) FE6$$F$ $,6Order the elements as they appear in br The goal now is, given some ordering on element, to sort any balanced tree into a right associative list We have two methods, based on Merge sort Selection sortlZZ%4O%Sorting a Balanced Tree byMerge Sort&&(4Step 1: Sort recursively the left and right subtrees"5/,%Sorting a Balanced Tree byMerge Sort&&(2Step 2: Merging the left and right sorted subtrees"3-*Sorting a Balanced Tree8The size of the AC proof generated by the merge-sort procedure is O(|a| " log(|a|)) More precisely, it is 5 " |a| " log(|a|) Similar numbers are obtained for a selection-sort based procedure These procedures can be easily extended to handle multiple A,C,I (and combinations) operatorsBDDDMaude Specific Issues?Maude has several other decision procedures, for which we also developed proof synthesis algorithms, such as Memoization and subterm sharing Least sort calculation Also, due to overloaded operations, mix-fix notation, and syntactic sugar conventions, specialized procedures are also needed for Desugaring DisambiguationLm7m7>m $ x$( xr x ST9c `} c r x SOG`5PG H x0h ? 3380___PPT10.sǈrx? T6( /0DArial NeH,0z[ 0"DCourier NewH,0z[ 01 DSymbol NewH,0z[ 0@. @n?" dd@ @@`` !"#$%&'()*+,./0123456789:;<=>?AOh+'0`h ,49Certifying and Synthesizing Membership Equational Proofsr Grigore Rosud S Grigore Rosud S86gMicrosoft PowerPointsiz@.@bs@puKs^G g 0--@ !--'@Arial-. 02 ,Certifying and Synthesizing( % ."System-@Arial-. 2 owMembership // .-@Arial-. 2 o Equational% .-@Arial-. 2 oProofs%.-@Arial-. '2 9Patrick Lincoln (SRI)n .-@Arial-. *2 joint work with Steven .-@Arial-. 2 >Eker.-@Arial-. 2 (SRI), .-@Arial-. 2 NdJose , .-@Arial-. 2 NMeseguer.-@Arial-. 2 NP (Urbana) and 8 .-@Arial-. 2 NGrigorer.-@Arial-. 2 NRosu.-@Arial-. 2 N(Urbana).-՜.+,0 +Z%4O%Sorting a Balanced Tree byMerge Sort&&(4Step 1: Sort recursively the left and right subtrees"5/,%Sorting a Balanced Tree byMerge Sort&&(2Step 2: Merging the left and right sorted subtrees"3-*Sorting a Balanced Tree8The size of the AC proof generated by the merge-sort procedure is O(|a| " log(|a|)) More precisely, it is 5 " |a| " log(|a|) Similar numbers are obtained for a selection-sort based procedure These procedures can be easily extended to handle multiple A,C,I (and combinations) operatorsBDDDMaude Specific Issues?Maude has several other decision procedures, for which we also developed proof synthesis algorithms, such as Memoization and subterm sharing Least sort calculation Also, due to overloaded operations, mix-fix notation, and syntactic sugar conventions, specialized procedures are also needed for Desugaring DisambiguationLm7m7>m Conclusion and Future Work6A MEL proof formalization, certification and synthesis has been presented Had Maude as a test case, but the ideas work for any equational engine Hardest part was to deal with decision procedures The proof synthesis algorithms will be soon implemented for Maude, probably within its ITP tool (a theorem prover)7Z7, $ |$( |r | S `} c r | S ` H |0h ? 3380___PPT10.spr*? V