RESOLVE VERIFICATION: A New Perspective

1
RESOLVE VERIFICATION A New Perspective

• Joan Krone
• William F. Ogden

2
General Requirements for aVerifying Compiler

• Sound Language
• Specification Mechanisms
• Established Specifiability of Components
• Mathematical Expressiveness
• Math Proof System
• Program Proof System
• Proof Rules
• Soundness and Completeness
• Semantics

3
Justification Checker Use Case

• Programmer submits assertive code to
  Justification Checker.
• In a few minutes Justification Checker returns
• Correct
• Clause thats Incorrect
• Programmer fixes code or spec.
• Clause thats correct
• Programmer adds specification to code or lemma.

4
Justification Checking

• Justification Checker can only do obvious math.
• Examples show that the Justification Checker only
  needs to do clause refinement.
• Typical clause p1 ? (p2 ? p3 ? (p4 ? p5 ? ? ) )
• Difficult Math gets done in Math Units.
• Proofs for Math Units are much more detailed.

5
Meta_Precis Basic_CPO_Theory uses
Basic_Ordinal_Theory Def. Chain( ? (D
MSet)?D?B )?(?(D)) C?(D) ? ? x, y C, x ? y
or y ? x Corollary 1 ?
D MSet, ? ? D?D?B, ? ? Chain(?) and if
Is_Reflexive( ? ), then ? z D, z ? Chain(?)
Corollary 2 ? D MSet, ? ? D?D?B, ?
C Chain(?), ? B?(D), if B ? C, then B ?
Chain(?) Def. Is_CPO( ? (D MSet)?D?B ) B
( Is_Partial_Ordering( ? ) and ? C
Chain(?), ? b D ? ? x C, x ? b and ? u D, if
? x C, x ? u, then b ? u ) Corollary
1 ? D MSet, if ? ? D?D?B ? Is_CPO( ? ), then
D ? ? Corollary 2 ? D MSet, ? ?
D?D?B, if Is_CPO( ? ), then ? z D, z ?
Chain(?) Corollary 3 ? D MSet, ?
? D?D?B, ? C Chain(?), if Is_CPO( ? ),
then ?! b D ? ? x C, x ? b and ? u D, if ? x
C, x ? u, then b ? u Corollary 4 ?
D MSet, ? ? D?D?B, if Is_CPO( ? ), then ?! b D
? ? u D, b ? u Implicit Def. ?(?
(D MSet?)?D?B) D is if Is_CPO( ? ), then
? x D, ?(?) ? x and if ? Is_CPO( ?, ? ),
then ?(?) (D)
6
Proofs Obv_BCPO_Prfs for Basic_CPO_Theory
Def. Chain( ? (D MSet)?D?B )?(?(D))
C?(D) ? ? x, y C, x ? y or y ? x
Corollary 1 ? D MSet, ? ? D?D?B, ? ? Chain(?)
and if Is_Reflexive( ? ), then ? z D,
z ? Chain(?) Proof Supp D MSet and ?
D?D?B Goal ? ? Chain(?)and if Is_Reflexive(
? ), then ? z D, z ? Chain(?) Goal
? ? Chain(?) Goal ? x, y ?, x ? y or y ?
x Supp x, y ? Goal x ? y or y
? x False by supp def. ? x ? y or
y ? x by contradiction deduction if x,
y ?, then x ? y or y ? x ? x, y ?, x ? y or y
? x by universal generalization ? ? Chain(?)
by def Chain QED
7
Math Constructs

• Precis are analogous to Concepts.
• Proofs are analogous to Realizations.
• There will be some built-in Math Units.

8
Theorem Checker for Math

• Programmer submits math theory including proofs.
• The Proof Checker processes them.
• If adequate, precis becomes available for the
  justification checker and other math checking.
• If not adequate, programmer adds lemmas or
  reasons in the proofs.

9
The Verification Process

• The Proof Checker takes care of the mathematics,
  which must be a part of the context for both
  specifying and correctness checking.
• The Justification Checker takes care of program
  correctness.

10
Thesis

• Program verification is just proof checking
• and justification checking!