Proving Partial-Correctness and Invariance Properties of Transition-System Models

Rusu, Vlad; Grimaud, Gilles; Hauspie, Michaël

doi:10.1109/tase.2018.00016

Cited by 1 publication

(4 citation statements)

References 17 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Hence, completeness is a theoretical property; the practically useful property is Lemma 3, which users have to provide with a suitable q that satisfy the three inclusions therein. In [15] we use this lemmma for verifying an infinite-state transition-system specification of a hypervisor.…”

Section: A One-rule Proof Systemmentioning

confidence: 99%

“…After several applications of [Str] and [Spl] (14) is reduced to proving the three last following subgoals: (15) :…”

Section: Examplementioning

confidence: 99%

“…A proof by coinduction in Coq is ultimately a wellformed corecursive function, where well-formedness is defined as a syntactical guardedness condition, (Co)inductive Proof Systems for Compositional Proofs in Reachability Logic which is quite complex in the theory [4], and even more so in the implementation. We have nonetheless managed to prove the soundness and completeness of using this tactic: cofix-style proofs of soundness and completeness for , described in standard mathematical notation, are reported in [15]. For , however, cofix became useless because, for some reason, it does not accept to be mixed in a proof by induction.…”

Section: Implementations In Isabelle/hol and Coqmentioning

confidence: 99%

“…Several versions of the logic have been proposed over the years [13,19,18]. The formalism has been generalised from programming languages to more abstract models: rewriting logic [8,17] and transition systems [14], which can be used for specifying designs, and verifying them before they are implemented in program code. This does not replace code verification, just as code verification does not replace the for transition systems, and logical, for formulas.…”

Section: Introductionmentioning

confidence: 99%

See 3 more Smart Citations

(Co)inductive Proof Systems for Compositional Proofs in Reachability Logic

Rusu¹,

Nowak²

2019

Electron. Proc. Theor. Comput. Sci.

Self Cite

View full text Add to dashboard Cite

Reachability Logic is a formalism that can be used, among others, for expressing partial-correctness properties of transition systems. In this paper we present three proof systems for this formalism, all of which are sound and complete and inherit the coinductive nature of the logic. The proof systems differ, however, in several aspects. First, they use induction and coinduction in different proportions. The second aspect regards compositionality, broadly meaning their ability to prove simpler formulas on smaller systems, and to reuse those formulas as lemmas for more complex formulas on larger systems. The third aspect is the difficulty of their soundness proofs. We show that the more induction a proof system uses, and the more specialised is its use of coinduction (with respect to our problem domain), the more compositional the proof system is, but the more difficult its soundness proof becomes. We also briefly present mechanisations of these results in the Isabelle/HOL and Coq proof assistants.testing of the final running software; but it enables the early catching of errors and the early discovery of key functional-correctness properties, all of which are known to have practical, cost-effective benefits.Contributions. We further study RL on transition systems (TS). We propose three proof systems for RL, and formalise them in the Coq [1] and Isabelle/HOL [10] proof assistants. One may naturally ask: why having several proof systems and proof assistants -why not one of each? The answer is manyfold:• the proof systems we propose have some common features: the soundness and completenes metaproperties, and the coinductiveness nature inherited from RL. However, they do differ in others aspects: (i) the "amount" of induction they contain; (ii) their degree of compositionality (i.e., their ability to prove local formulas on "components" of a TS, and then to use those formulas as lemmas in proofs of global formulas on the TS); and (iii) the difficulty level of their soundness proofs.• we show that the more induction a proof system uses, and the closest its coinduction style to our problem domain of proving reachability-logic formulas, the more compositional the proof system is, but the more difficult its soundness proof. There is a winner: the most compositional proof system of the three, but we found that the other ones exhibit interesting, worth-presenting features as well. • Coq and Isabelle/HOL have different styles of coinduction: Knaster-Tarski style vs. Curry-Howard style. Experiencing this first-hand with the nontrivial examples constituted by proof systems suggested a spinoff project, which amounts to porting some of the features of one proof assistant into the other one. For the moment, porting Knaster-Tarski features into the Curry-Howard coinduction of Coq produced promising results, with possible practical impact for a broader class of Coq users.Related Work. Regarding RL, most papers in the above-given list of references mention its coinductive nature, but do not actually use it. Several Coq mechanisatio...

show abstract

Section: A One-rule Proof Systemmentioning

confidence: 99%

“…After several applications of [Str] and [Spl] (14) is reduced to proving the three last following subgoals: (15) :…”

Section: Examplementioning

confidence: 99%