A Formally Verified Interpreter for a Shell-like Programming Language
Size: px
Start display at page:

Download "A Formally Verified Interpreter for a Shell-like Programming Language"

Transcription

1 A Formally Verified Interpreter for a Shell-like Programming Language Claude Marché Nicolas Jeannerod Ralf Treinen VSTTE, July 22, 2017 Nicolas Jeannerod VSTTE 17 July 22, / 36

2 General goal The CoLiS project. Correctness of Linux Scripts Goal: Apply verification techniques to shell scripts in the Debian packages set -e eval "if true ; then cmd = echo foo ; fi" ( cmd =" $cmd bar " ) exit 1 $cmd " $cmd " Nicolas Jeannerod VSTTE 17 July 22, / 36

3 General goal The CoLiS project. Correctness of Linux Scripts Goal: Apply verification techniques to shell scripts in the Debian packages set -e eval "if true ; then cmd = echo foo ; fi" ( cmd =" $cmd bar " ) exit 1 $cmd " $cmd " Nicolas Jeannerod VSTTE 17 July 22, / 36

4 General goal The CoLiS project. Correctness of Linux Scripts Goal: Apply verification techniques to shell scripts in the Debian packages set -e eval "if true ; then cmd = echo foo ; fi" ( cmd =" $cmd bar " ) exit 1 $cmd " $cmd " Nicolas Jeannerod VSTTE 17 July 22, / 36

5 Big picture Nicolas Jeannerod VSTTE 17 July 22, / 36

6 Big picture Nicolas Jeannerod VSTTE 17 July 22, / 36

7 Big picture Nicolas Jeannerod VSTTE 17 July 22, / 36

8 Big picture Nicolas Jeannerod VSTTE 17 July 22, / 36

9 Big picture Nicolas Jeannerod VSTTE 17 July 22, / 36

10 Big picture Nicolas Jeannerod VSTTE 17 July 22, / 36

11 Table of Contents 1. Language CoLiS Mechanised version 2. Sound and complete interpreter Let us see some code Soundness Completeness Looking for a variant... Skeletons Nicolas Jeannerod VSTTE 17 July 22, / 36

12 Language CoLiS Table of Contents 1. Language CoLiS Mechanised version 2. Sound and complete interpreter Let us see some code Soundness Completeness Looking for a variant... Skeletons Nicolas Jeannerod VSTTE 17 July 22, / 36

13 Language CoLiS Requirements Intermediate language (not a replacement of Shell); Clean; With formal syntax and semantics; Statically typed: strings and lists; Variables and functions explicitely declared in a header; Dangerous structures made more explicit. However, automatic translation from reasonnable Shell must be possible. Nicolas Jeannerod VSTTE 17 July 22, / 36

14 Language CoLiS Requirements Intermediate language (not a replacement of Shell); Clean; With formal syntax and semantics; Statically typed: strings and lists; Variables and functions explicitely declared in a header; Dangerous structures made more explicit. However, automatic translation from reasonnable Shell must be possible. Nicolas Jeannerod VSTTE 17 July 22, / 36

15 Language CoLiS Requirements Intermediate language (not a replacement of Shell); Clean; With formal syntax and semantics; Statically typed: strings and lists; Variables and functions explicitely declared in a header; Dangerous structures made more explicit. However, automatic translation from reasonnable Shell must be possible. Nicolas Jeannerod VSTTE 17 July 22, / 36

16 Language CoLiS Requirements Intermediate language (not a replacement of Shell); Clean; With formal syntax and semantics; Statically typed: strings and lists; Variables and functions explicitely declared in a header; Dangerous structures made more explicit. However, automatic translation from reasonnable Shell must be possible. Nicolas Jeannerod VSTTE 17 July 22, / 36

17 Language CoLiS A glimpse of the language var fruits : list var fruit : string var line : string fruits =" banana apple.." { for fruit in $fruits do echo " $fruit " done } { while read line do echo "- $line " done } begin fruits ::= [ banana ; apple ;.. ] pipe for fruit in [ fruits ] do call [ echo ; { fruit } ] ; done into while call [ read ; line ] do call [ echo ; { -, line } ] ; end end Nicolas Jeannerod VSTTE 17 July 22, / 36

18 Language CoLiS A glimpse of the language var fruits : list var fruit : string var line : string fruits =" banana apple.." { for fruit in $fruits do echo " $fruit " done } { while read line do echo "- $line " done } begin fruits ::= [ banana ; apple ;.. ] pipe for fruit in [ fruits ] do call [ echo ; { fruit } ] ; done into while call [ read ; line ] do call [ echo ; { -, line } ] ; end end Nicolas Jeannerod VSTTE 17 July 22, / 36

19 Language CoLiS How behaviours are handled True False Fatal Return True Return False Exit True Exit False Pipe Normal Sequence Normal Exception Test Success Failure Exception Function call Success Failure Success Failure Exception Subprocess Success Failure Success Failure Success Failure Nicolas Jeannerod VSTTE 17 July 22, / 36

20 Language CoLiS Interactions between Do-While and Fatal DoWhile-Test-Fatal t 1/Γ σ 1 True /Γ1 t 2/Γ1 σ 2 Fatal /Γ2 do t 1 while t 2/Γ σ 1 σ 2 True /Γ2 DoWhile-Body-Fatal t 1/Γ σ 1 Fatal /Γ1 do t 1 while t 2/Γ σ 1 Fatal /Γ1 Nicolas Jeannerod VSTTE 17 July 22, / 36

21 Language CoLiS Interactions between Do-While and Fatal DoWhile-Test-Fatal t 1/Γ σ 1 True /Γ1 t 2/Γ1 σ 2 Fatal /Γ2 do t 1 while t 2/Γ σ 1 σ 2 True /Γ2 DoWhile-Body-Fatal t 1/Γ σ 1 Fatal /Γ1 do t 1 while t 2/Γ σ 1 Fatal /Γ1 Nicolas Jeannerod VSTTE 17 July 22, / 36

22 Language Mechanised version Table of Contents 1. Language CoLiS Mechanised version 2. Sound and complete interpreter Let us see some code Soundness Completeness Looking for a variant... Skeletons Nicolas Jeannerod VSTTE 17 July 22, / 36

23 Language Mechanised version Why3 Deductive verification platform; WhyML: language for both specification and programming; Standard library: integer arithmetic, boolean operations, maps, etc.; Native support of imperative features: references, exceptions, while and for loops; Proof obligations are given to external theorem provers; Possibility to extract WhyML code to OCaml. Nicolas Jeannerod VSTTE 17 July 22, / 36

24 Language Mechanised version Why3 Deductive verification platform; WhyML: language for both specification and programming; Standard library: integer arithmetic, boolean operations, maps, etc.; Native support of imperative features: references, exceptions, while and for loops; Proof obligations are given to external theorem provers; Possibility to extract WhyML code to OCaml. Nicolas Jeannerod VSTTE 17 July 22, / 36

25 Language Mechanised version Why3 Deductive verification platform; WhyML: language for both specification and programming; Standard library: integer arithmetic, boolean operations, maps, etc.; Native support of imperative features: references, exceptions, while and for loops; Proof obligations are given to external theorem provers; Possibility to extract WhyML code to OCaml. Nicolas Jeannerod VSTTE 17 July 22, / 36

26 Language Mechanised version Why3 Deductive verification platform; WhyML: language for both specification and programming; Standard library: integer arithmetic, boolean operations, maps, etc.; Native support of imperative features: references, exceptions, while and for loops; Proof obligations are given to external theorem provers; Possibility to extract WhyML code to OCaml. Nicolas Jeannerod VSTTE 17 July 22, / 36

27 Language Mechanised version Why3 Deductive verification platform; WhyML: language for both specification and programming; Standard library: integer arithmetic, boolean operations, maps, etc.; Native support of imperative features: references, exceptions, while and for loops; Proof obligations are given to external theorem provers; Possibility to extract WhyML code to OCaml. Nicolas Jeannerod VSTTE 17 July 22, / 36

28 Language Mechanised version Why3 Deductive verification platform; WhyML: language for both specification and programming; Standard library: integer arithmetic, boolean operations, maps, etc.; Native support of imperative features: references, exceptions, while and for loops; Proof obligations are given to external theorem provers; Possibility to extract WhyML code to OCaml. Nicolas Jeannerod VSTTE 17 July 22, / 36

29 Language Mechanised version Syntax type term = TTrue TFalse TFatal TReturn term TExit term TAsString svar sexpr TAsList lvar lexpr TSeq term term TIf term term term TFor svar lexpr term TDoWhile term term TProcess term TCall lexpr TShift TPipe term term with sexpr = list sfrag with sfrag = SLiteral string SVar svar SArg int SProcess term with lexpr = list lfrag with lfrag = LSingleton sexpr LSplit sexpr LVar lvar Nicolas Jeannerod VSTTE 17 July 22, / 36

30 Language Mechanised version Semantic judgments (excerpt) inductive eval_ term term context string behaviour context EvalT_DoWhile_False : forall t 1 Γ σ 1 b 1 Γ 1 t 3 σ 3 b 3 Γ 3 t 2. eval_term t 1 Γ σ 1 ( BNormal b 1) Γ 1 -> eval_term t 2 Γ 1 σ 2 b 2 Γ 2 -> ( match b 2 with BNormal False BFatal -> true _ -> false end eval_term ( TDoWhile t 1 t 2) Γ ( concat σ 1 σ 2) ( BNormal b 1) Γ 2 EvalT_DoWhile_Exn_Body : forall t 1 Γ σ 1 b 1 Γ 1 t 2. eval_term t 1 Γ σ 1 b 1 Γ 1 -> ( match b 1 with BNormal _ -> false _ -> true end ) -> eval_term ( TDoWhile t 1 t 2) Γ σ 1 b 1 Γ 1 Nicolas Jeannerod VSTTE 17 July 22, / 36

31 Sound and complete interpreter Let us see some code Table of Contents 1. Language CoLiS Mechanised version 2. Sound and complete interpreter Let us see some code Soundness Completeness Looking for a variant... Skeletons Nicolas Jeannerod VSTTE 17 July 22, / 36

32 Sound and complete interpreter Let us see some code Interpreter (excerpt) let rec interp_ term ( t: term ) (Γ: context ) ( stdout : ref string ) : ( bool, context ) = match t with TDoWhile t 1 t 2 -> let (b 1, Γ 1) = interp_term t 1 Γ stdout in let (b 2, Γ 2) = try interp_term t 2 Γ 1 stdout with EFatal Γ 2 -> ( false, Γ 2) end in if b 2 then interp_term t Γ 2 stdout else (b 1, Γ 2) Nicolas Jeannerod VSTTE 17 July 22, / 36

33 Sound and complete interpreter Soundness Table of Contents 1. Language CoLiS Mechanised version 2. Sound and complete interpreter Let us see some code Soundness Completeness Looking for a variant... Skeletons Nicolas Jeannerod VSTTE 17 July 22, / 36

34 Sound and complete interpreter Soundness Soundness of the interpreter Theorem (Soundness of the interpreter) For all t, Γ, σ, b and Γ : if t /Γ σ b /Γ then t /Γ σ b /Γ Nicolas Jeannerod VSTTE 17 July 22, / 36

35 Sound and complete interpreter Soundness Contract (excerpt) let rec interp_ term ( t: term ) (Γ: context ) ( stdout : ref string ) : ( bool, context ) diverges returns { (b, Γ ) -> exists σ.! stdout = concat ( old! stdout ) σ /\ eval_ term t Γ σ ( BNormal b) Γ } raises { EReturn (b, Γ ) -> exists σ.! stdout = concat ( old! stdout ) σ /\ eval_ term t Γ σ ( BReturn b) Γ } Nicolas Jeannerod VSTTE 17 July 22, / 36

36 Sound and complete interpreter Soundness Contract (excerpt) let rec interp_ term ( t: term ) (Γ: context ) ( stdout : ref string ) : ( bool, context ) diverges returns { (b, Γ ) -> exists σ.! stdout = concat ( old! stdout ) σ /\ eval_ term t Γ σ ( BNormal b) Γ } raises { EReturn (b, Γ ) -> exists σ.! stdout = concat ( old! stdout ) σ /\ eval_ term t Γ σ ( BReturn b) Γ } Nicolas Jeannerod VSTTE 17 July 22, / 36

37 Sound and complete interpreter Soundness Why it is non trivial stdout is a reference: exists σ.! stdout = concat ( old! stdout ) σ /\ eval_ term t Γ σ ( BNormal b) Γ Usual fix: provide a witness as a ghost return value: May only be used for specification, Must not affect the semantics of the program. Does not fit with exceptions; Forces us to use superposition provers. Nicolas Jeannerod VSTTE 17 July 22, / 36

38 Sound and complete interpreter Soundness Why it is non trivial stdout is a reference: exists σ.! stdout = concat ( old! stdout ) σ /\ eval_ term t Γ σ ( BNormal b) Γ Usual fix: provide a witness as a ghost return value: May only be used for specification, Must not affect the semantics of the program. Does not fit with exceptions; Forces us to use superposition provers. Nicolas Jeannerod VSTTE 17 July 22, / 36

39 Sound and complete interpreter Soundness Why it is non trivial stdout is a reference: exists σ.! stdout = concat ( old! stdout ) σ /\ eval_ term t Γ σ ( BNormal b) Γ Usual fix: provide a witness as a ghost return value: May only be used for specification, Must not affect the semantics of the program. Does not fit with exceptions; Forces us to use superposition provers. Nicolas Jeannerod VSTTE 17 July 22, / 36

40 Sound and complete interpreter Soundness Why it is non trivial stdout is a reference: exists σ.! stdout = concat ( old! stdout ) σ /\ eval_ term t Γ σ ( BNormal b) Γ Usual fix: provide a witness as a ghost return value: May only be used for specification, Must not affect the semantics of the program. Does not fit with exceptions; Forces us to use superposition provers. Nicolas Jeannerod VSTTE 17 July 22, / 36

41 Sound and complete interpreter Soundness Why it is non trivial stdout is a reference: exists σ.! stdout = concat ( old! stdout ) σ /\ eval_ term t Γ σ ( BNormal b) Γ Usual fix: provide a witness as a ghost return value: May only be used for specification, Must not affect the semantics of the program. Does not fit with exceptions; Forces us to use superposition provers. Nicolas Jeannerod VSTTE 17 July 22, / 36

42 Sound and complete interpreter Completeness Table of Contents 1. Language CoLiS Mechanised version 2. Sound and complete interpreter Let us see some code Soundness Completeness Looking for a variant... Skeletons Nicolas Jeannerod VSTTE 17 July 22, / 36

43 Sound and complete interpreter Completeness Completeness of the interpreter Theorem (Completeness of the interpreter) For all t, Γ, σ, b and Γ : if t /Γ σ b /Γ then t /Γ σ b /Γ Nicolas Jeannerod VSTTE 17 July 22, / 36

44 Sound and complete interpreter Completeness Proofs dependencies Nicolas Jeannerod VSTTE 17 July 22, / 36

45 Sound and complete interpreter Completeness Why If: t /Γ σ b /Γ then the interpreter terminates: t /Γ σ 1 b 1/Γ1 then (Soundness): t /Γ σ 1 b 1/Γ1 then (Functionality): σ = σ 1 b = b 1 Γ = Γ 1 Nicolas Jeannerod VSTTE 17 July 22, / 36

46 Sound and complete interpreter Completeness Why If: t /Γ σ b /Γ then the interpreter terminates: t /Γ σ 1 b 1/Γ1 then (Soundness): t /Γ σ 1 b 1/Γ1 then (Functionality): σ = σ 1 b = b 1 Γ = Γ 1 Nicolas Jeannerod VSTTE 17 July 22, / 36

47 Sound and complete interpreter Completeness Why If: t /Γ σ b /Γ then the interpreter terminates: t /Γ σ 1 b 1/Γ1 then (Soundness): t /Γ σ 1 b 1/Γ1 then (Functionality): σ = σ 1 b = b 1 Γ = Γ 1 Nicolas Jeannerod VSTTE 17 July 22, / 36

48 Sound and complete interpreter Completeness Why If: t /Γ σ b /Γ then the interpreter terminates: t /Γ σ 1 b 1/Γ1 then (Soundness): t /Γ σ 1 b 1/Γ1 then (Functionality): σ = σ 1 b = b 1 Γ = Γ 1 Nicolas Jeannerod VSTTE 17 July 22, / 36

49 Sound and complete interpreter Completeness Proofs dependencies Nicolas Jeannerod VSTTE 17 July 22, / 36

50 Sound and complete interpreter Completeness Why do we need all this? Case of the sequence: TSeq t 1 t 2 -> let (_, Γ 1) = interp_term t 1 Γ stdout in interp_term t 2 Γ 1 stdout By hypothesis / pre-condition, there is σ, b and Γ such that: (t 1 ; t 2 ) /Γ σ b /Γ By structure of the predicate, there is σ, b, and Γ such that: t 1/Γ σ b /Γ t 2/Γ σ b /Γ By soundness and functionality, Γ = Γ 1. Nicolas Jeannerod VSTTE 17 July 22, / 36

51 Sound and complete interpreter Completeness Why do we need all this? Case of the sequence: TSeq t 1 t 2 -> let (_, Γ 1) = interp_term t 1 Γ stdout in interp_term t 2 Γ 1 stdout By hypothesis / pre-condition, there is σ, b and Γ such that: (t 1 ; t 2 ) /Γ σ b /Γ By structure of the predicate, there is σ, b, and Γ such that: t 1/Γ σ b /Γ t 2/Γ σ b /Γ By soundness and functionality, Γ = Γ 1. Nicolas Jeannerod VSTTE 17 July 22, / 36

52 Sound and complete interpreter Completeness Why do we need all this? Case of the sequence: TSeq t 1 t 2 -> let (_, Γ 1) = interp_term t 1 Γ stdout in interp_term t 2 Γ 1 stdout By hypothesis / pre-condition, there is σ, b and Γ such that: (t 1 ; t 2 ) /Γ σ b /Γ By structure of the predicate, there is σ, b, and Γ such that: t 1/Γ σ b /Γ t 2/Γ σ b /Γ By soundness and functionality, Γ = Γ 1. Nicolas Jeannerod VSTTE 17 July 22, / 36

53 Sound and complete interpreter Completeness Why do we need all this? Case of the sequence: TSeq t 1 t 2 -> let (_, Γ 1) = interp_term t 1 Γ stdout in interp_term t 2 Γ 1 stdout By hypothesis / pre-condition, there is σ, b and Γ such that: (t 1 ; t 2 ) /Γ σ b /Γ By structure of the predicate, there is σ, b, and Γ such that: t 1/Γ σ b /Γ t 2/Γ σ b /Γ By soundness and functionality, Γ = Γ 1. Nicolas Jeannerod VSTTE 17 July 22, / 36

54 Sound and complete interpreter Completeness Why do we need all this? Case of the sequence: TSeq t 1 t 2 -> let (_, Γ 1) = interp_term t 1 Γ stdout in interp_term t 2 Γ 1 stdout By hypothesis / pre-condition, there is σ, b and Γ such that: (t 1 ; t 2 ) /Γ σ b /Γ By structure of the predicate, there is σ, b, and Γ such that: t 1/Γ σ b /Γ t 2/Γ σ b /Γ By soundness and functionality, Γ = Γ 1. Nicolas Jeannerod VSTTE 17 July 22, / 36

55 Sound and complete interpreter Completeness Termination of the interpreter, in Why3 let rec interp_ term ( t: term ) (Γ: context ) ( stdout : ref string ) : ( bool, context ) requires { exists σ b Γ. eval_ term t Γ σ b Γ } returns { (b, Γ ) -> exists σ.! stdout = concat ( old! stdout ) σ /\ eval_ term t Γ σ ( BNormal b) Γ } variant {... } Nicolas Jeannerod VSTTE 17 July 22, / 36

56 Sound and complete interpreter Completeness Termination of the interpreter, in Why3 let rec interp_ term ( t: term ) (Γ: context ) ( stdout : ref string ) : ( bool, context ) requires { exists σ b Γ. eval_ term t Γ σ b Γ } returns { (b, Γ ) -> exists σ.! stdout = concat ( old! stdout ) σ /\ eval_ term t Γ σ ( BNormal b) Γ } variant {... } Nicolas Jeannerod VSTTE 17 July 22, / 36

57 Sound and complete interpreter Completeness Termination of the interpreter, in Why3 let rec interp_ term ( t: term ) (Γ: context ) ( stdout : ref string ) : ( bool, context ) requires { exists σ b Γ. eval_ term t Γ σ b Γ } returns { (b, Γ ) -> exists σ.! stdout = concat ( old! stdout ) σ /\ eval_ term t Γ σ ( BNormal b) Γ } variant {... } Nicolas Jeannerod VSTTE 17 July 22, / 36

58 Sound and complete interpreter Looking for a variant... Table of Contents 1. Language CoLiS Mechanised version 2. Sound and complete interpreter Let us see some code Soundness Completeness Looking for a variant... Skeletons Nicolas Jeannerod VSTTE 17 July 22, / 36

59 Sound and complete interpreter Looking for a variant... Let us find a variant CoLiS programs are structurally decreasing? Wrong. DoWhile-True t 1/Γ σ 1 True /Γ1 t 2/Γ1 σ 2 True /Γ2 do t 1 while t 2/Γ2 σ 3 b 3/Γ3 do t 1 while t 2/Γ σ 1 σ 2 σ 3 b 3/Γ3 Derivation trees of the semantics are structurally decreasing? True, but we cannot manipulate them in Why3. Can we use the height or the size of the proof tree? Nicolas Jeannerod VSTTE 17 July 22, / 36

60 Sound and complete interpreter Looking for a variant... Let us find a variant CoLiS programs are structurally decreasing? Wrong. DoWhile-True t 1/Γ σ 1 True /Γ1 t 2/Γ1 σ 2 True /Γ2 do t 1 while t 2/Γ2 σ 3 b 3/Γ3 do t 1 while t 2/Γ σ 1 σ 2 σ 3 b 3/Γ3 Derivation trees of the semantics are structurally decreasing? True, but we cannot manipulate them in Why3. Can we use the height or the size of the proof tree? Nicolas Jeannerod VSTTE 17 July 22, / 36

61 Sound and complete interpreter Looking for a variant... Let us find a variant CoLiS programs are structurally decreasing? Wrong. DoWhile-True t 1/Γ σ 1 True /Γ1 t 2/Γ1 σ 2 True /Γ2 do t 1 while t 2/Γ2 σ 3 b 3/Γ3 do t 1 while t 2/Γ σ 1 σ 2 σ 3 b 3/Γ3 Derivation trees of the semantics are structurally decreasing? True, but we cannot manipulate them in Why3. Can we use the height or the size of the proof tree? Nicolas Jeannerod VSTTE 17 July 22, / 36

62 Sound and complete interpreter Looking for a variant... Let us find a variant CoLiS programs are structurally decreasing? Wrong. DoWhile-True t 1/Γ σ 1 True /Γ1 t 2/Γ1 σ 2 True /Γ2 do t 1 while t 2/Γ2 σ 3 b 3/Γ3 do t 1 while t 2/Γ σ 1 σ 2 σ 3 b 3/Γ3 Derivation trees of the semantics are structurally decreasing? True, but we cannot manipulate them in Why3. Can we use the height or the size of the proof tree? Nicolas Jeannerod VSTTE 17 July 22, / 36

63 Sound and complete interpreter Looking for a variant... Let us find a variant CoLiS programs are structurally decreasing? Wrong. DoWhile-True t 1/Γ σ 1 True /Γ1 t 2/Γ1 σ 2 True /Γ2 do t 1 while t 2/Γ2 σ 3 b 3/Γ3 do t 1 while t 2/Γ σ 1 σ 2 σ 3 b 3/Γ3 Derivation trees of the semantics are structurally decreasing? True, but we cannot manipulate them in Why3. Can we use the height or the size of the proof tree? Nicolas Jeannerod VSTTE 17 July 22, / 36

64 Sound and complete interpreter Looking for a variant... Why it does not work Superposition provers are bad with arithmetic. SMT solvers are bad with existential quantifications. We cannot deduce from the height of a derivation tree the heights of the premises. We cannot deduce from the size of a derivation tree the sizes of the premises. Nicolas Jeannerod VSTTE 17 July 22, / 36

65 Sound and complete interpreter Looking for a variant... Why it does not work Superposition provers are bad with arithmetic. SMT solvers are bad with existential quantifications. We cannot deduce from the height of a derivation tree the heights of the premises. We cannot deduce from the size of a derivation tree the sizes of the premises. Nicolas Jeannerod VSTTE 17 July 22, / 36

66 Sound and complete interpreter Looking for a variant... Why it does not work Superposition provers are bad with arithmetic. SMT solvers are bad with existential quantifications. We cannot deduce from the height of a derivation tree the heights of the premises. We cannot deduce from the size of a derivation tree the sizes of the premises. Nicolas Jeannerod VSTTE 17 July 22, / 36

67 Sound and complete interpreter Skeletons Table of Contents 1. Language CoLiS Mechanised version 2. Sound and complete interpreter Let us see some code Soundness Completeness Looking for a variant... Skeletons Nicolas Jeannerod VSTTE 17 July 22, / 36

68 Sound and complete interpreter Skeletons Back to square one We still want to say that proofs are structurally decreasing. We add a skeleton type: type skeleton = S0 S1 skeleton S2 skeleton skeleton S3 skeleton skeleton skeleton It represents the shape of the proof. Nicolas Jeannerod VSTTE 17 July 22, / 36

69 Sound and complete interpreter Skeletons Back to square one We still want to say that proofs are structurally decreasing. We add a skeleton type: type skeleton = S0 S1 skeleton S2 skeleton skeleton S3 skeleton skeleton skeleton It represents the shape of the proof. Nicolas Jeannerod VSTTE 17 July 22, / 36

70 Sound and complete interpreter Skeletons Back to square one We still want to say that proofs are structurally decreasing. We add a skeleton type: type skeleton = S0 S1 skeleton S2 skeleton skeleton S3 skeleton skeleton skeleton It represents the shape of the proof. Nicolas Jeannerod VSTTE 17 July 22, / 36

71 Sound and complete interpreter Skeletons Put them everywhere In the predicate inductive eval_ term term context string behaviour context skeleton = EvalT_DoWhile_True : forall t 1 Γ σ 1 b 1 Γ 1 t 2 σ 2 b 2 Γ 2 t 3 sk1 sk2 sk3. eval_term t 1 Γ σ 1 ( BNormal b 1) Γ 1 sk1 -> eval_term t 2 Γ 1 σ 2 ( BNormal True ) Γ 2 sk2 -> eval_term ( TDoWhile t 1 t 2) Γ 2 σ 3 b 3 Γ 3 sk3 -> eval_term ( TDoWhile t 1 t 2) Γ ( concat ( concat σ 1 σ 2) σ 3) b 3 Γ 3 (S3 sk1 sk2 sk3 ) EvalT_DoWhile_False : forall t 1 Γ σ 1 b 1 Γ 1 t 3 σ 3 b 3 Γ 3 t 2 sk1 sk2. eval_term t 1 Γ σ 1 ( BNormal b 1) Γ 1 sk1 -> eval_term t 2 Γ 1 σ 2 b 2 Γ 2 sk2 -> ( match b 2 with BNormal False BFatal -> true _ -> false end eval_term ( TDoWhile t 1 t 2) Γ ( concat σ 1 σ 2) ( BNormal b 1) Γ 2 (S2 sk1 sk2 ) Nicolas Jeannerod VSTTE 17 July 22, / 36

72 Sound and complete interpreter Skeletons Put them everywhere In the contract let rec interp_ term ( t: term ) (Γ: context ) ( stdout : ref string ) ( ghost sk: skeleton ) : (bool, context ) requires { exists s b g. eval_ term t g s b g sk } returns { (b, Γ ) -> exists σ.! stdout = concat ( old! stdout ) σ /\ eval_ term t Γ σ ( BNormal b) Γ sk } variant { sk } Nicolas Jeannerod VSTTE 17 July 22, / 36

73 Sound and complete interpreter Skeletons Put them everywhere In the code TDoWhile t 1 t 2 -> let ghost sk1 = get_ skeleton123 sk in let (b 1, Γ 1) = interp_term t 1 Γ stdout sk1 in let (b 2, Γ 2) = try let ghost (_, sk2 ) = get_ skeleton23 sk in interp_term t 2 Γ 1 stdout sk2 with EFatal Γ 2 -> ( false, Γ 2) end in if b 2 then let ghost (_, _, sk3 ) = get_ skeleton3 sk in interp_term t Γ 2 stdout else (b 1, Γ 2) Nicolas Jeannerod VSTTE 17 July 22, / 36

74 Sound and complete interpreter Skeletons And it works! Soundness proof: 120 proof obligations; 190 seconds (i7 processor, no parallelisation); Uses Alt-Ergo, Z3 and E (crucially); Entirely automatic. Termination proof: 230 proof obligations; 510 seconds; Uses Alt-Ergo, Z3 and E; Still entirely automatic. Nicolas Jeannerod VSTTE 17 July 22, / 36

75 Conclusion CoLiS is an abstraction of a subset of Shell; Its syntax and semantics are formalised in Why3; The reference interpreter is proven sound and complete w.r.t. the semantics; This proof uses SMT solvers, superposition provers and proof trees as first class values. Thank you for your attention! Questions? Comments? Suggestions? Nicolas Jeannerod VSTTE 17 July 22, / 36

76 Conclusion CoLiS is an abstraction of a subset of Shell; Its syntax and semantics are formalised in Why3; The reference interpreter is proven sound and complete w.r.t. the semantics; This proof uses SMT solvers, superposition provers and proof trees as first class values. Thank you for your attention! Questions? Comments? Suggestions? Nicolas Jeannerod VSTTE 17 July 22, / 36

77 Shell exemple f () { echo $1 $a; } a= foo a= bar f $a ## echoes " foo bar " echo $a ## echoes " bar " Nicolas Jeannerod VSTTE 17 July 22, / 36

78 Shell exemple f () { echo $1 $a; } a= foo a= bar f $a ## echoes " foo bar " echo $a ## echoes " bar " Nicolas Jeannerod VSTTE 17 July 22, / 36

79 Syntax 1 String variables x s SVar List variables x l LVar Procedures names c F Programs p ::= vdecl pdecl program t Variables decl. vdecl ::= varstring x s varlist x l Procedures decl. pdecl ::= proc c is t Nicolas Jeannerod VSTTE 17 July 22, / 36

80 Syntax 2 Terms t ::= true false fatal return t exit t x s := s x l := l t ; t if t then t else t for x s in l do t while t do t process t pipe t into t call l shift Nicolas Jeannerod VSTTE 17 July 22, / 36

81 Syntax 3 String expressions s ::= nil s f s :: s String fragments f s ::= σ x s n t List expressions l ::= nil l f l :: l List fragments f l ::= s split s x l Nicolas Jeannerod VSTTE 17 July 22, / 36

82 Semantics First definitions Behaviours: terms b {True, False, Fatal, Return True Return False, Exit True, Exit False} Behaviours: expressions β {True, Fatal, None} Environments: strings Environments: lists SEnv [SVar String] LEnv [LVar StringList] Contexts Γ F S String StringList SEnv LEnv In a context: file system, standard input, arguments line, string environment, list environment. Nicolas Jeannerod VSTTE 17 July 22, / 36

83 Semantics First definitions Behaviours: terms b {True, False, Fatal, Return True Return False, Exit True, Exit False} Behaviours: expressions β {True, Fatal, None} Environments: strings Environments: lists SEnv [SVar String] LEnv [LVar StringList] Contexts Γ F S String StringList SEnv LEnv In a context: file system, standard input, arguments line, string environment, list environment. Nicolas Jeannerod VSTTE 17 July 22, / 36

84 Semantic judgments Judgments: terms t /Γ σ b /Γ Judgments: string fragment f s /Γ sf σ β /Γ Judgments: string expression s /Γ s σ β /Γ Judgments: list fragment f l /Γ lf λ β /Γ Judgments: list expression l /Γ l λ β /Γ Nicolas Jeannerod VSTTE 17 July 22, / 36

85 A few rules Sequence Sequence-Normal t 1/Γ σ 1 b 1/Γ1 b 1 {True, False} t 2/Γ1 σ 2 b 2/Γ2 (t 1 ; t 2 ) /Γ σ 1 σ 2 b 2/Γ2 Sequence-Exception t 1/Γ σ 1 b 1/Γ1 b 1 {Fatal, Return, Exit } (t 1 ; t 2 ) /Γ σ 1 b 1/Γ1 Nicolas Jeannerod VSTTE 17 July 22, / 36

86 A few rules Sequence Sequence-Normal t 1/Γ σ 1 b 1/Γ1 b 1 {True, False} t 2/Γ1 σ 2 b 2/Γ2 (t 1 ; t 2 ) /Γ σ 1 σ 2 b 2/Γ2 Sequence-Exception t 1/Γ σ 1 b 1/Γ1 b 1 {Fatal, Return, Exit } (t 1 ; t 2 ) /Γ σ 1 b 1/Γ1 Nicolas Jeannerod VSTTE 17 July 22, / 36

87 A few rules Branching Branching-True t 1/Γ σ 1 b 1/Γ1 b 1 = True t 2/Γ2 σ 2 b 2/Γ2 (if t 1 then t 2 else t 3 ) /Γ σ 1 σ 2 b 2/Γ2 Branching-False t 1/Γ σ 1 b 1/Γ1 b 1 {False, Fatal} t 3/Γ3 σ 3 b 3/Γ3 (if t 1 then t 2 else t 3 ) /Γ σ 1 σ 3 b 3/Γ3 Branching-Exception t 1/Γ σ 1 b 1/Γ1 b 1 {Return, Exit } (if t 1 then t 2 else t 3 ) /Γ σ 1 b 1/Γ1 Nicolas Jeannerod VSTTE 17 July 22, / 36

88 A few rules Branching Branching-True t 1/Γ σ 1 b 1/Γ1 b 1 = True t 2/Γ2 σ 2 b 2/Γ2 (if t 1 then t 2 else t 3 ) /Γ σ 1 σ 2 b 2/Γ2 Branching-False t 1/Γ σ 1 b 1/Γ1 b 1 {False, Fatal} t 3/Γ3 σ 3 b 3/Γ3 (if t 1 then t 2 else t 3 ) /Γ σ 1 σ 3 b 3/Γ3 Branching-Exception t 1/Γ σ 1 b 1/Γ1 b 1 {Return, Exit } (if t 1 then t 2 else t 3 ) /Γ σ 1 b 1/Γ1 Nicolas Jeannerod VSTTE 17 July 22, / 36

89 A few rules Branching Branching-True t 1/Γ σ 1 b 1/Γ1 b 1 = True t 2/Γ2 σ 2 b 2/Γ2 (if t 1 then t 2 else t 3 ) /Γ σ 1 σ 2 b 2/Γ2 Branching-False t 1/Γ σ 1 b 1/Γ1 b 1 {False, Fatal} t 3/Γ3 σ 3 b 3/Γ3 (if t 1 then t 2 else t 3 ) /Γ σ 1 σ 3 b 3/Γ3 Branching-Exception t 1/Γ σ 1 b 1/Γ1 b 1 {Return, Exit } (if t 1 then t 2 else t 3 ) /Γ σ 1 b 1/Γ1 Nicolas Jeannerod VSTTE 17 July 22, / 36

90 A few rules Sequence EvalT_Seq_Normal : forall t 1 Γ σ 1 b 1 Γ 1 t 2 σ 2 b 2 Γ 2. eval_term t 1 Γ σ 1 ( BNormal b 1) Γ 1 -> eval_term t 2 Γ 1 σ 2 b 2 Γ 2 -> eval_term ( TSeq t 1 t 2) Γ ( concat σ 1 σ 2) b 2 Γ 2 EvalT_Seq_Error : forall t 1 Γ σ 1 b 1 Γ 1 t 2. eval_term t 1 Γ σ 1 b 1 Γ 1 -> ( match b 1 with BNormal _ -> false _ -> true end ) -> eval_term ( TSeq t 1 t 2) Γ σ 1 b 1 Γ 1 Nicolas Jeannerod VSTTE 17 July 22, / 36

91 A few rules Sequence EvalT_Seq_Normal : forall t 1 Γ σ 1 b 1 Γ 1 t 2 σ 2 b 2 Γ 2. eval_term t 1 Γ σ 1 ( BNormal b 1) Γ 1 -> eval_term t 2 Γ 1 σ 2 b 2 Γ 2 -> eval_term ( TSeq t 1 t 2) Γ ( concat σ 1 σ 2) b 2 Γ 2 EvalT_Seq_Error : forall t 1 Γ σ 1 b 1 Γ 1 t 2. eval_term t 1 Γ σ 1 b 1 Γ 1 -> ( match b 1 with BNormal _ -> false _ -> true end ) -> eval_term ( TSeq t 1 t 2) Γ σ 1 b 1 Γ 1 Nicolas Jeannerod VSTTE 17 July 22, / 36

92 A few rules Branching EvalT_If_True : forall t 1 Γ σ 1 Γ 1 t 2 σ 2 b 2 Γ 2 t 3. eval_term t 1 Γ σ 1 ( BNormal True ) Γ 1 -> eval_term t 2 Γ 1 σ 2 b 2 Γ 2 -> eval_term ( TIf t 1 t 2 t 3) Γ ( concat σ 1 σ 2) b 2 Γ 2 EvalT_If_False : forall t 1 Γ σ 1 b 1 Γ 1 t 3 σ 3 b 3 Γ 3 t 2. eval_term t 1 Γ σ 1 b 1 Γ 1 -> ( match b 1 with BNormal False BFatal -> true _ -> false end eval_term t 3 Γ 1 σ 3 b 3 Γ 3 -> eval_term ( TIf t 1 t 2 t 3) Γ ( concat σ 1 σ 3) b 3 Γ 3 EvalT_If_Transmit : forall t 1 Γ σ 1 b 1 Γ 1 t 2 t 3. eval_term t 1 Γ σ 1 b 1 Γ 1 -> ( match b 1 with BReturn _ BExit _ -> true _ -> false end ) - eval_term ( TIf t 1 t 2 t 3) Γ σ 1 b 1 Γ 1 Nicolas Jeannerod VSTTE 17 July 22, / 36

93 A few rules Branching EvalT_If_True : forall t 1 Γ σ 1 Γ 1 t 2 σ 2 b 2 Γ 2 t 3. eval_term t 1 Γ σ 1 ( BNormal True ) Γ 1 -> eval_term t 2 Γ 1 σ 2 b 2 Γ 2 -> eval_term ( TIf t 1 t 2 t 3) Γ ( concat σ 1 σ 2) b 2 Γ 2 EvalT_If_False : forall t 1 Γ σ 1 b 1 Γ 1 t 3 σ 3 b 3 Γ 3 t 2. eval_term t 1 Γ σ 1 b 1 Γ 1 -> ( match b 1 with BNormal False BFatal -> true _ -> false end eval_term t 3 Γ 1 σ 3 b 3 Γ 3 -> eval_term ( TIf t 1 t 2 t 3) Γ ( concat σ 1 σ 3) b 3 Γ 3 EvalT_If_Transmit : forall t 1 Γ σ 1 b 1 Γ 1 t 2 t 3. eval_term t 1 Γ σ 1 b 1 Γ 1 -> ( match b 1 with BReturn _ BExit _ -> true _ -> false end ) - eval_term ( TIf t 1 t 2 t 3) Γ σ 1 b 1 Γ 1 Nicolas Jeannerod VSTTE 17 July 22, / 36

94 A few rules Branching EvalT_If_True : forall t 1 Γ σ 1 Γ 1 t 2 σ 2 b 2 Γ 2 t 3. eval_term t 1 Γ σ 1 ( BNormal True ) Γ 1 -> eval_term t 2 Γ 1 σ 2 b 2 Γ 2 -> eval_term ( TIf t 1 t 2 t 3) Γ ( concat σ 1 σ 2) b 2 Γ 2 EvalT_If_False : forall t 1 Γ σ 1 b 1 Γ 1 t 3 σ 3 b 3 Γ 3 t 2. eval_term t 1 Γ σ 1 b 1 Γ 1 -> ( match b 1 with BNormal False BFatal -> true _ -> false end eval_term t 3 Γ 1 σ 3 b 3 Γ 3 -> eval_term ( TIf t 1 t 2 t 3) Γ ( concat σ 1 σ 3) b 3 Γ 3 EvalT_If_Transmit : forall t 1 Γ σ 1 b 1 Γ 1 t 2 t 3. eval_term t 1 Γ σ 1 b 1 Γ 1 -> ( match b 1 with BReturn _ BExit _ -> true _ -> false end ) - eval_term ( TIf t 1 t 2 t 3) Γ σ 1 b 1 Γ 1 Nicolas Jeannerod VSTTE 17 July 22, / 36

Similar documents

Programming Languages

Programming Languages CSE 230: Winter 2010 Principles of Programming Languages Lecture 3: Induction, Equivalence Ranjit Jhala UC San Diego Operational Semantics of IMP Evaluation judgement for commands Ternary relation on expression,

More information

Harvard School of Engineering and Applied Sciences CS 152: Programming Languages

Harvard School of Engineering and Applied Sciences CS 152: Programming Languages Harvard School of Engineering and Applied Sciences CS 152: Programming Languages Lecture 3 Tuesday, January 30, 2018 1 Inductive sets Induction is an important concept in the theory of programming language.

More information

Harvard School of Engineering and Applied Sciences CS 152: Programming Languages

Harvard School of Engineering and Applied Sciences CS 152: Programming Languages Harvard School of Engineering and Applied Sciences CS 152: Programming Languages Lecture 2 Thursday, January 30, 2014 1 Expressing Program Properties Now that we have defined our small-step operational

More information

Semantics with Applications 2b. Structural Operational Semantics

Semantics with Applications 2b. Structural Operational Semantics Semantics with Applications 2b. Structural Operational Semantics Hanne Riis Nielson, Flemming Nielson (thanks to Henrik Pilegaard) [SwA] Hanne Riis Nielson, Flemming Nielson Semantics with Applications:

More information

Harvard School of Engineering and Applied Sciences CS 152: Programming Languages

Harvard School of Engineering and Applied Sciences CS 152: Programming Languages Harvard School of Engineering and Applied Sciences CS 152: Programming Languages Lecture 3 Tuesday, February 2, 2016 1 Inductive proofs, continued Last lecture we considered inductively defined sets, and

More information

HW 1 Reminder. Principles of Programming Languages. Lets try another proof. Induction. Induction on Derivations. CSE 230: Winter 2007

HW 1 Reminder. Principles of Programming Languages. Lets try another proof. Induction. Induction on Derivations. CSE 230: Winter 2007 CSE 230: Winter 2007 Principles of Programming Languages Lecture 4: Induction, Small-Step Semantics HW 1 Reminder Due next Tue Instructions about turning in code to follow Send me mail if you have issues

More information

CS 4110 Programming Languages and Logics Lecture #2: Introduction to Semantics. 1 Arithmetic Expressions

CS 4110 Programming Languages and Logics Lecture #2: Introduction to Semantics. 1 Arithmetic Expressions CS 4110 Programming Languages and Logics Lecture #2: Introduction to Semantics What is the meaning of a program? When we write a program, we represent it using sequences of characters. But these strings

More information

CIS 500 Software Foundations Fall October. CIS 500, 6 October 1

CIS 500 Software Foundations Fall October. CIS 500, 6 October 1 CIS 500 Software Foundations Fall 2004 6 October CIS 500, 6 October 1 Midterm 1 is next Wednesday Today s lecture will not be covered by the midterm. Next Monday, review class. Old exams and review questions

More information

In this lecture, we will use the semantics of our simple language of arithmetic expressions,

In this lecture, we will use the semantics of our simple language of arithmetic expressions, CS 4110 Programming Languages and Logics Lecture #3: Inductive definitions and proofs In this lecture, we will use the semantics of our simple language of arithmetic expressions, e ::= x n e 1 + e 2 e

More information

Lecture Notes on Bidirectional Type Checking

Lecture Notes on Bidirectional Type Checking Lecture Notes on Bidirectional Type Checking 15-312: Foundations of Programming Languages Frank Pfenning Lecture 17 October 21, 2004 At the beginning of this class we were quite careful to guarantee that

More information

FMCAD 2011 Effective Word-Level Interpolation for Software Verification

FMCAD 2011 Effective Word-Level Interpolation for Software Verification FMCAD 2011 Effective Word-Level Interpolation for Software Verification Alberto Griggio FBK-IRST Motivations Craig interpolation applied succesfully for Formal Verification of both hardware and software

More information

Formal Techniques for Software Engineering: More on Denotational Semantics

Formal Techniques for Software Engineering: More on Denotational Semantics Formal Techniques for Software Engineering: More on Denotational Semantics Rocco De Nicola IMT Institute for Advanced Studies, Lucca rocco.denicola@imtlucca.it May 2013 Lesson 5 R. De Nicola (IMT-Lucca)

More information

Structural Induction

Structural Induction Structural Induction Jason Filippou CMSC250 @ UMCP 07-05-2016 Jason Filippou (CMSC250 @ UMCP) Structural Induction 07-05-2016 1 / 26 Outline 1 Recursively defined structures 2 Proofs Binary Trees Jason

More information

CS 4110 Programming Languages & Logics. Lecture 2 Introduction to Semantics

CS 4110 Programming Languages & Logics. Lecture 2 Introduction to Semantics CS 4110 Programming Languages & Logics Lecture 2 Introduction to Semantics 29 August 2012 Announcements 2 Wednesday Lecture Moved to Thurston 203 Foster Office Hours Today 11a-12pm in Gates 432 Mota Office

More information

Tableau Theorem Prover for Intuitionistic Propositional Logic

Tableau Theorem Prover for Intuitionistic Propositional Logic Tableau Theorem Prover for Intuitionistic Propositional Logic Portland State University CS 510 - Mathematical Logic and Programming Languages Motivation Tableau for Classical Logic If A is contradictory

More information

Tableau Theorem Prover for Intuitionistic Propositional Logic

Tableau Theorem Prover for Intuitionistic Propositional Logic Tableau Theorem Prover for Intuitionistic Propositional Logic Portland State University CS 510 - Mathematical Logic and Programming Languages Motivation Tableau for Classical Logic If A is contradictory

More information

2 Deduction in Sentential Logic

2 Deduction in Sentential Logic 2 Deduction in Sentential Logic Though we have not yet introduced any formal notion of deductions (i.e., of derivations or proofs), we can easily give a formal method for showing that formulas are tautologies:

More information

Notes on Natural Logic

Notes on Natural Logic Notes on Natural Logic Notes for PHIL370 Eric Pacuit November 16, 2012 1 Preliminaries: Trees A tree is a structure T = (T, E), where T is a nonempty set whose elements are called nodes and E is a relation

More information

Lecture Notes on Type Checking

Lecture Notes on Type Checking Lecture Notes on Type Checking 15-312: Foundations of Programming Languages Frank Pfenning Lecture 17 October 23, 2003 At the beginning of this class we were quite careful to guarantee that every well-typed

More information

Two Notions of Sub-behaviour for Session-based Client/Server Systems

Two Notions of Sub-behaviour for Session-based Client/Server Systems Two Notions of Sub-behaviour for Session-based Client/Server Systems Franco Barbanera 1 and Ugo de Liguoro 2 1 Dipartimento di Matematica e Informatica, Università di Catania 2 Dipartimento di Informatica,

More information

TABLEAU-BASED DECISION PROCEDURES FOR HYBRID LOGIC

TABLEAU-BASED DECISION PROCEDURES FOR HYBRID LOGIC TABLEAU-BASED DECISION PROCEDURES FOR HYBRID LOGIC THOMAS BOLANDER AND TORBEN BRAÜNER Abstract. Hybrid logics are a principled generalization of both modal logics and description logics. It is well-known

More information

Full abstraction for multi-language systems ML plus linear types

Full abstraction for multi-language systems ML plus linear types Full abstraction for multi-language systems ML plus linear types Gabriel Scherer, Amal Ahmed, Max New Northeastern University, Boston January 15, 2017 1 Multi-language systems Languages of today tend to

More information

From Concurrent Programs to Simulating Sequential Programs: Correctness of a Transformation

From Concurrent Programs to Simulating Sequential Programs: Correctness of a Transformation From Concurrent s to Simulating Sequential s: Correctness of a Transformation VPT 2017 Allan Blanchard, Frédéric Loulergue, Nikolai Kosmatov April 29 th, 2017 Table of Contents 1 From Concurrent s to Simulating

More information

A CATEGORICAL FOUNDATION FOR STRUCTURED REVERSIBLE FLOWCHART LANGUAGES: SOUNDNESS AND ADEQUACY

A CATEGORICAL FOUNDATION FOR STRUCTURED REVERSIBLE FLOWCHART LANGUAGES: SOUNDNESS AND ADEQUACY Logical Methods in Computer Science Vol. 14(3:16)2018, pp. 1 38 https://lmcs.episciences.org/ Submitted Oct. 12, 2017 Published Sep. 05, 2018 A CATEGORICAL FOUNDATION FOR STRUCTURED REVERSIBLE FLOWCHART

More information

Modelling session types using contracts 1

Modelling session types using contracts 1 Modelling session types using contracts 1 Giovanni Bernardi, Matthew Hennessy University of Dublin, Trinity College 27 th Symposium on Applied Computing soap track 29 th March 2012 1 Research supported

More information

Proof Techniques for Operational Semantics. Questions? Why Bother? Mathematical Induction Well-Founded Induction Structural Induction

Proof Techniques for Operational Semantics. Questions? Why Bother? Mathematical Induction Well-Founded Induction Structural Induction Proof Techniques for Operational Semantics Announcements Homework 1 feedback/grades posted Homework 2 due tonight at 11:55pm Meeting 10, CSCI 5535, Spring 2010 2 Plan Questions? Why Bother? Mathematical

More information

Full abstraction for multi-language systems ML plus linear types

Full abstraction for multi-language systems ML plus linear types Full abstraction for multi-language systems ML plus linear types Gabriel Scherer, Amal Ahmed, Max New Northeastern University, Boston May 5, 2017 1 1 Full Abstraction for Multi-Language Systems: Introduction

More information

Syllogistic Logics with Verbs

Syllogistic Logics with Verbs Syllogistic Logics with Verbs Lawrence S Moss Department of Mathematics Indiana University Bloomington, IN 47405 USA lsm@csindianaedu Abstract This paper provides sound and complete logical systems for

More information

École normale supérieure, MPRI, M2 Year 2007/2008. Course 2-6 Abstract interpretation: application to verification and static analysis P.

École normale supérieure, MPRI, M2 Year 2007/2008. Course 2-6 Abstract interpretation: application to verification and static analysis P. École normale supérieure, MPRI, M2 Year 2007/2008 Course 2-6 Abstract interpretation: application to verification and static analysis P. Cousot Questions and answers of the partial exam of Friday November

More information

UPWARD STABILITY TRANSFER FOR TAME ABSTRACT ELEMENTARY CLASSES

UPWARD STABILITY TRANSFER FOR TAME ABSTRACT ELEMENTARY CLASSES UPWARD STABILITY TRANSFER FOR TAME ABSTRACT ELEMENTARY CLASSES JOHN BALDWIN, DAVID KUEKER, AND MONICA VANDIEREN Abstract. Grossberg and VanDieren have started a program to develop a stability theory for

More information

Cut-free sequent calculi for algebras with adjoint modalities

Cut-free sequent calculi for algebras with adjoint modalities Cut-free sequent calculi for algebras with adjoint modalities Roy Dyckhoff (University of St Andrews) and Mehrnoosh Sadrzadeh (Universities of Oxford & Southampton) TANCL Conference, Oxford, 8 August 2007

More information

CS 6110 S11 Lecture 8 Inductive Definitions and Least Fixpoints 11 February 2011

CS 6110 S11 Lecture 8 Inductive Definitions and Least Fixpoints 11 February 2011 CS 6110 S11 Lecture 8 Inductive Definitions and Least Fipoints 11 Februar 2011 1 Set Operators Recall from last time that a rule instance is of the form X 1 X 2... X n, (1) X where X and the X i are members

More information

Lecture 14: Basic Fixpoint Theorems (cont.)

Lecture 14: Basic Fixpoint Theorems (cont.) Lecture 14: Basic Fixpoint Theorems (cont) Predicate Transformers Monotonicity and Continuity Existence of Fixpoints Computing Fixpoints Fixpoint Characterization of CTL Operators 1 2 E M Clarke and E

More information

A Semantic Framework for Program Debugging

A Semantic Framework for Program Debugging A Semantic Framework for Program Debugging State Key Laboratory of Software Development Environment Beihang University July 3, 2013 Outline 1 Introduction 2 The Key Points 3 A Structural Operational Semantics

More information

5 Deduction in First-Order Logic

5 Deduction in First-Order Logic 5 Deduction in First-Order Logic The system FOL C. Let C be a set of constant symbols. FOL C is a system of deduction for the language L # C. Axioms: The following are axioms of FOL C. (1) All tautologies.

More information

Comparing Goal-Oriented and Procedural Service Orchestration

Comparing Goal-Oriented and Procedural Service Orchestration Comparing Goal-Oriented and Procedural Service Orchestration M. Birna van Riemsdijk 1 Martin Wirsing 2 1 Technische Universiteit Delft, The Netherlands m.b.vanriemsdijk@tudelft.nl 2 Ludwig-Maximilians-Universität

More information

Equational reasoning. Equational reasoning. Equational reasoning. EDAN40: Functional Programming On Program Verification

Equational reasoning. Equational reasoning. Equational reasoning. EDAN40: Functional Programming On Program Verification Equational reasoning EDAN40: Functional Programming On Program Jacek Malec Dept. of Computer Science, Lund University, Sweden May18th, 2017 xy = yx x +(y + z) =(x + y)+z x(y + z) =xy + xz (x + y)z = xz

More information

The Traveling Salesman Problem. Time Complexity under Nondeterminism. A Nondeterministic Algorithm for tsp (d)

The Traveling Salesman Problem. Time Complexity under Nondeterminism. A Nondeterministic Algorithm for tsp (d) The Traveling Salesman Problem We are given n cities 1, 2,..., n and integer distances d ij between any two cities i and j. Assume d ij = d ji for convenience. The traveling salesman problem (tsp) asks

More information

Tel Aviv University. and. Universitat des Saarlandes

Tel Aviv University. and. Universitat des Saarlandes Compiling Simple Assignments Mooly Sagiv el Aviv University sagiv@math.tau.ac.il and Reinhard Wilhelm Universitat des Saarlandes wilhelm@cs.uni-sb.de April 21, 1997 { Wilhelm/Maurer: Compiler Design {

More information

Half baked talk: Invariant logic

Half baked talk: Invariant logic Half baked talk: Invariant logic Quentin Carbonneaux November 6, 2015 1 / 21 Motivation Global invariants often show up: 1. resource safety (mem 0) 2. low-level code analysis (machine not crashed) 3. domain

More information

A Type System For Safe SN Resource Allocation

A Type System For Safe SN Resource Allocation A Type System For Safe SN Resource Allocation Michael Ocean Assaf Kfoury Azer Bestavros Computer Science Department Boston University Boston, MA 02215 Technical Report: BUCS-TR-2008-011 June 14, 2008 Abstract

More information

Semantics and Verification of Software

Semantics and Verification of Software Semantics and Verification of Software Thomas Noll Software Modeling and Verification Group RWTH Aachen University http://moves.rwth-aachen.de/teaching/ws-1718/sv-sw/ Recap: CCPOs and Continuous Functions

More information

Syllogistic Logics with Verbs

Syllogistic Logics with Verbs Syllogistic Logics with Verbs Lawrence S Moss Department of Mathematics Indiana University Bloomington, IN 47405 USA lsm@csindianaedu Abstract This paper provides sound and complete logical systems for

More information

Structural Resolution

Structural Resolution Structural Resolution Katya Komendantskaya School of Computing, University of Dundee, UK 12 May 2015 Outline Motivation Coalgebraic Semantics for Structural Resolution The Three Tier Tree calculus for

More information

ExpTime Tableau Decision Procedures for Regular Grammar Logics with Converse

ExpTime Tableau Decision Procedures for Regular Grammar Logics with Converse ExpTime Tableau Decision Procedures for Regular Grammar Logics with Converse Linh Anh Nguyen 1 and Andrzej Sza las 1,2 1 Institute of Informatics, University of Warsaw Banacha 2, 02-097 Warsaw, Poland

More information

Semantics of an Intermediate Language for Program Transformation

Semantics of an Intermediate Language for Program Transformation Semantics of an Intermediate Language for Program Transformation Sigurd Schneider Master Thesis Proposal Talk Advisors: Prof. Dr. Sebastian Hack, Prof. Dr. Gert Smolka Saarland University Graduate School

More information

arxiv: v1 [math.co] 31 Mar 2009

arxiv: v1 [math.co] 31 Mar 2009 A BIJECTION BETWEEN WELL-LABELLED POSITIVE PATHS AND MATCHINGS OLIVIER BERNARDI, BERTRAND DUPLANTIER, AND PHILIPPE NADEAU arxiv:0903.539v [math.co] 3 Mar 009 Abstract. A well-labelled positive path of

More information

A Translation of Intersection and Union Types

A Translation of Intersection and Union Types A Translation of Intersection and Union Types for the λ µ-calculus Kentaro Kikuchi RIEC, Tohoku University kentaro@nue.riec.tohoku.ac.jp Takafumi Sakurai Department of Mathematics and Informatics, Chiba

More information

arxiv: v1 [math.lo] 24 Feb 2014

arxiv: v1 [math.lo] 24 Feb 2014 Residuated Basic Logic II. Interpolation, Decidability and Embedding Minghui Ma 1 and Zhe Lin 2 arxiv:1404.7401v1 [math.lo] 24 Feb 2014 1 Institute for Logic and Intelligence, Southwest University, Beibei

More information

CS792 Notes Henkin Models, Soundness and Completeness

CS792 Notes Henkin Models, Soundness and Completeness CS792 Notes Henkin Models, Soundness and Completeness Arranged by Alexandra Stefan March 24, 2005 These notes are a summary of chapters 4.5.1-4.5.5 from [1]. 1 Review indexed family of sets: A s, where

More information

Schema-Based Independence Analysis for XML Updates

Schema-Based Independence Analysis for XML Updates Schema-Based Independence Analysis for XML Updates Michael Benedikt 1 and James Cheney 2 1 Oxford University Computing Laboratory 2 Laboratory for Foundations of Computer Science, University of Edinburgh

More information

Max Registers, Counters and Monotone Circuits

Max Registers, Counters and Monotone Circuits James Aspnes 1 Hagit Attiya 2 Keren Censor 2 1 Yale 2 Technion Counters Model Collects Our goal: build a cheap counter for an asynchronous shared-memory system. Two operations: increment and read. Read

More information

Lecture 5: Tuesday, January 27, Peterson s Algorithm satisfies the No Starvation property (Theorem 1)

Lecture 5: Tuesday, January 27, Peterson s Algorithm satisfies the No Starvation property (Theorem 1) Com S 611 Spring Semester 2015 Advanced Topics on Distributed and Concurrent Algorithms Lecture 5: Tuesday, January 27, 2015 Instructor: Soma Chaudhuri Scribe: Nik Kinkel 1 Introduction This lecture covers

More information

Calculational Design of Information Flow Monitors

Calculational Design of Information Flow Monitors Calculational Design of Information Flow Monitors Mounir Assaf David Naumann Stevens Institute of Technology, Hoboken, NJ November 9th, 2016 SoSySec Seminar, Rennes Mounir Assaf Calculational Design of

More information

A language for access control

A language for access control A language for access control Kumar Avijit July 17, 2007 CMU-CS-XX-XXX School of Computer Science Carnegie Mellon University Pittsburgh, PA 15213 Abstract We present a language for access control. The

More information

On Existence of Equilibria. Bayesian Allocation-Mechanisms

On Existence of Equilibria. Bayesian Allocation-Mechanisms On Existence of Equilibria in Bayesian Allocation Mechanisms Northwestern University April 23, 2014 Bayesian Allocation Mechanisms In allocation mechanisms, agents choose messages. The messages determine

More information

Security issues in contract-based computing

Security issues in contract-based computing Security issues in contract-based computing Massimo Bartoletti 1 and Roberto Zunino 2 1 Dipartimento di Matematica e Informatica, Università degli Studi di Cagliari, Italy 2 Dipartimento di Ingegneria

More information

A Knowledge-Theoretic Approach to Distributed Problem Solving

A Knowledge-Theoretic Approach to Distributed Problem Solving A Knowledge-Theoretic Approach to Distributed Problem Solving Michael Wooldridge Department of Electronic Engineering, Queen Mary & Westfield College University of London, London E 4NS, United Kingdom

More information

First-Order Logic in Standard Notation Basics

First-Order Logic in Standard Notation Basics 1 VOCABULARY First-Order Logic in Standard Notation Basics http://mathvault.ca April 21, 2017 1 Vocabulary Just as a natural language is formed with letters as its building blocks, the First- Order Logic

More information

Matching of Meta-Expressions with Recursive Bindings

Matching of Meta-Expressions with Recursive Bindings Matching of Meta-Expressions with Recursive Bindings David Sabel Goethe-University Frankfurt am Main, Germany UNIF 2017, Oxford, UK Research supported by the Deutsche Forschungsgemeinschaft (DFG) under

More information

COMBINATORICS OF REDUCTIONS BETWEEN EQUIVALENCE RELATIONS

COMBINATORICS OF REDUCTIONS BETWEEN EQUIVALENCE RELATIONS COMBINATORICS OF REDUCTIONS BETWEEN EQUIVALENCE RELATIONS DAN HATHAWAY AND SCOTT SCHNEIDER Abstract. We discuss combinatorial conditions for the existence of various types of reductions between equivalence

More information

How not to prove Strong Normalisation

How not to prove Strong Normalisation How not to prove Strong Normalisation based on joint work with James Chapman School of Computer Science and IT University of Nottingham April 11, 2007 Long time ago... 1993 A formalization of the strong

More information

DOT. (Dependent Object Types) Nada Amin. February 28, ECOOP PC Workshop

DOT. (Dependent Object Types) Nada Amin. February 28, ECOOP PC Workshop DOT (Dependent Object Types) Nada Amin ECOOP PC Workshop February 28, 2016 1 DOT: Dependent Object Types DOT is a core calculus for path-dependent types. Goals simplify Scala s type system by desugaring

More information

Strongly compact Magidor forcing.

Strongly compact Magidor forcing. Strongly compact Magidor forcing. Moti Gitik June 25, 2014 Abstract We present a strongly compact version of the Supercompact Magidor forcing ([3]). A variation of it is used to show that the following

More information

Maximum Contiguous Subsequences

Maximum Contiguous Subsequences Chapter 8 Maximum Contiguous Subsequences In this chapter, we consider a well-know problem and apply the algorithm-design techniques that we have learned thus far to this problem. While applying these

More information

Unary PCF is Decidable

Unary PCF is Decidable Unary PCF is Decidable Ralph Loader Merton College, Oxford November 1995, revised October 1996 and September 1997. Abstract We show that unary PCF, a very small fragment of Plotkin s PCF [?], has a decidable

More information

Brief Notes on the Category Theoretic Semantics of Simply Typed Lambda Calculus

Brief Notes on the Category Theoretic Semantics of Simply Typed Lambda Calculus University of Cambridge 2017 MPhil ACS / CST Part III Category Theory and Logic (L108) Brief Notes on the Category Theoretic Semantics of Simply Typed Lambda Calculus Andrew Pitts Notation: comma-separated

More information

Proof Techniques for Operational Semantics

Proof Techniques for Operational Semantics Proof Techniques for Operational Semantics Wei Hu Memorial Lecture I will give a completely optional bonus survey lecture: A Recent History of PL in Context It will discuss what has been hot in various

More information

A Core Calculus of Dependency

A Core Calculus of Dependency A Core Calculus of Dependency Martín Abadi Systems Research Center Compaq ma@pa.dec.com Anindya Banerjee Stevens Institute of Technology ab@cs.stevens-tech.edu Nevin Heintze Bell Laboratories nch@bell-labs.com

More information

Characterisation of Strongly Normalising λµ-terms

Characterisation of Strongly Normalising λµ-terms Characterisation of Strongly Normalising λµ-terms Ugo de Liguoro joint work with Steffen van Bakel and Franco Barbanera ITRS - June 2012, Dubrovnik Introduction Parigot s λµ-calculus is an extension of

More information

FORCING AND THE HALPERN-LÄUCHLI THEOREM. 1. Introduction This document is a continuation of [1]. It is intended to be part of a larger paper.

FORCING AND THE HALPERN-LÄUCHLI THEOREM. 1. Introduction This document is a continuation of [1]. It is intended to be part of a larger paper. FORCING AND THE HALPERN-LÄUCHLI THEOREM NATASHA DOBRINEN AND DAN HATHAWAY Abstract. We will show the various effects that forcing has on the Halpern-Läuchli Theorem. We will show that the the theorem at

More information

Principles of Program Analysis: Algorithms

Principles of Program Analysis: Algorithms Principles of Program Analysis: Algorithms Transparencies based on Chapter 6 of the book: Flemming Nielson, Hanne Riis Nielson and Chris Hankin: Principles of Program Analysis. Springer Verlag 2005. c

More information

On the Optimality of a Family of Binary Trees Techical Report TR

On the Optimality of a Family of Binary Trees Techical Report TR On the Optimality of a Family of Binary Trees Techical Report TR-011101-1 Dana Vrajitoru and William Knight Indiana University South Bend Department of Computer and Information Sciences Abstract In this

More information

Simple, partial type-inference for System F based on type-containment. Didier Rémy INRIA-Rocquencourt

Simple, partial type-inference for System F based on type-containment. Didier Rémy INRIA-Rocquencourt Simple, partial type-inference for System F based on type-containment Didier Rémy INRIA-Rocquencourt ML is simple 2(1)/23 ML is simple 2(2)/23 Classes Objects ML is simple, yet expressive 2(3)/23 Classes

More information

Interpolation of κ-compactness and PCF

Interpolation of κ-compactness and PCF Comment.Math.Univ.Carolin. 50,2(2009) 315 320 315 Interpolation of κ-compactness and PCF István Juhász, Zoltán Szentmiklóssy Abstract. We call a topological space κ-compact if every subset of size κ has

More information

Introduction An example Cut elimination. Deduction Modulo. Olivier Hermant. Tuesday, December 12, Deduction Modulo

Introduction An example Cut elimination. Deduction Modulo. Olivier Hermant. Tuesday, December 12, Deduction Modulo Tuesday, December 12, 2006 Deduction and Computation Sequent calculus The cut rule The rewrite rules Sequent calculus The cut rule The rewrite rules Deduction system: Gentzen s sequent calculus Γ, P P

More information

Mathematical Logic Final Exam 14th June PROPOSITIONAL LOGIC

Mathematical Logic Final Exam 14th June PROPOSITIONAL LOGIC Mathematical Logic Final Exam 14th June 2013 1 PROPOSITIONAL LOGIC Exercise 1. [3 marks] Derive the following formulas via Natural Deduction: (A B) (A B) Solution. See slides of propositional reasoning

More information

Binary Decision Diagrams

Binary Decision Diagrams Binary Decision Diagrams Hao Zheng Department of Computer Science and Engineering University of South Florida Tampa, FL 33620 Email: zheng@cse.usf.edu Phone: (813)974-4757 Fax: (813)974-5456 Hao Zheng

More information

The Role of Human Creativity in Mechanized Verification. J Strother Moore Department of Computer Science University of Texas at Austin

The Role of Human Creativity in Mechanized Verification. J Strother Moore Department of Computer Science University of Texas at Austin The Role of Human Creativity in Mechanized Verification J Strother Moore Department of Computer Science University of Texas at Austin 1 John McCarthy(Sep 4, 1927 Oct 23, 2011) 2 Contributions Lisp, mathematical

More information

SAT and DPLL. Introduction. Preliminaries. Normal forms DPLL. Complexity. Espen H. Lian. DPLL Implementation. Bibliography.

SAT and DPLL. Introduction. Preliminaries. Normal forms DPLL. Complexity. Espen H. Lian. DPLL Implementation. Bibliography. SAT and Espen H. Lian Ifi, UiO Implementation May 4, 2010 Espen H. Lian (Ifi, UiO) SAT and May 4, 2010 1 / 59 Espen H. Lian (Ifi, UiO) SAT and May 4, 2010 2 / 59 Introduction Introduction SAT is the problem

More information

Yao s Minimax Principle

Yao s Minimax Principle Complexity of algorithms The complexity of an algorithm is usually measured with respect to the size of the input, where size may for example refer to the length of a binary word describing the input,

More information

α-structural Recursion and Induction

α-structural Recursion and Induction α-structural Recursion and Induction AndrewPitts UniversityofCambridge ComputerLaboratory TPHOLs 2005, - p. 1 Overview TPHOLs 2005, - p. 2 N.B. binding and non-binding constructs are treated just the same

More information

Binary Decision Diagrams

Binary Decision Diagrams Binary Decision Diagrams Hao Zheng Department of Computer Science and Engineering University of South Florida Tampa, FL 33620 Email: zheng@cse.usf.edu Phone: (813)974-4757 Fax: (813)974-5456 Hao Zheng

More information

Conditional Rewriting

Conditional Rewriting Conditional Rewriting Bernhard Gramlich ISR 2009, Brasilia, Brazil, June 22-26, 2009 Bernhard Gramlich Conditional Rewriting ISR 2009, July 22-26, 2009 1 Outline Introduction Basics in Conditional Rewriting

More information

Strong normalisation and the typed lambda calculus

Strong normalisation and the typed lambda calculus CHAPTER 9 Strong normalisation and the typed lambda calculus In the previous chapter we looked at some reduction rules for intuitionistic natural deduction proofs and we have seen that by applying these

More information

MITCHELL S THEOREM REVISITED. Contents

MITCHELL S THEOREM REVISITED. Contents MITCHELL S THEOREM REVISITED THOMAS GILTON AND JOHN KRUEGER Abstract. Mitchell s theorem on the approachability ideal states that it is consistent relative to a greatly Mahlo cardinal that there is no

More information

SAT and DPLL. Espen H. Lian. May 4, Ifi, UiO. Espen H. Lian (Ifi, UiO) SAT and DPLL May 4, / 59

SAT and DPLL. Espen H. Lian. May 4, Ifi, UiO. Espen H. Lian (Ifi, UiO) SAT and DPLL May 4, / 59 SAT and DPLL Espen H. Lian Ifi, UiO May 4, 2010 Espen H. Lian (Ifi, UiO) SAT and DPLL May 4, 2010 1 / 59 Normal forms Normal forms DPLL Complexity DPLL Implementation Bibliography Espen H. Lian (Ifi, UiO)

More information

A Consistent Semantics of Self-Adjusting Computation

A Consistent Semantics of Self-Adjusting Computation A Consistent Semantics of Self-Adjusting Computation Umut A. Acar 1 Matthias Blume 1 Jacob Donham 2 December 2006 CMU-CS-06-168 School of Computer Science Carnegie Mellon University Pittsburgh, PA 15213

More information

Regular Combinators for String Transformations

Regular Combinators for String Transformations Regular Combinators for String Transformations Rajeev Alur Adam Freilich Mukund Raghothaman ExCAPE Annual Meeting, 2014 Tuesday 11 th March, 2014 1 / 21 String Transformations... are all over the place

More information

Tableau-based Decision Procedures for Hybrid Logic

Tableau-based Decision Procedures for Hybrid Logic Tableau-based Decision Procedures for Hybrid Logic Gert Smolka Saarland University Joint work with Mark Kaminski HyLo 2010 Edinburgh, July 10, 2010 Gert Smolka (Saarland University) Decision Procedures

More information

A relation on 132-avoiding permutation patterns

A relation on 132-avoiding permutation patterns Discrete Mathematics and Theoretical Computer Science DMTCS vol. VOL, 205, 285 302 A relation on 32-avoiding permutation patterns Natalie Aisbett School of Mathematics and Statistics, University of Sydney,

More information

Introduction to Type Theory August 2007 Types Summer School Bertinoro, It. Herman Geuvers Nijmegen NL. Lecture 3: Polymorphic λ-calculus

Introduction to Type Theory August 2007 Types Summer School Bertinoro, It. Herman Geuvers Nijmegen NL. Lecture 3: Polymorphic λ-calculus Introduction to Type Theory August 2007 Types Summer School Bertinoro, It Herman Geuvers Nijmegen NL Lecture 3: Polymorphic λ-calculus 1 Why Polymorphic λ-calculus? Simple type theory λ is not very expressive

More information

Operational Semantics

Operational Semantics University of Science and Technology of China (USTC) 10/24/2011 Transition Semantics Program configurations: γ Γ def = Commands Σ Transitions between configurations: Γ ˆΓ where ˆΓ def = Γ {abort} Σ The

More information

Proof Techniques for Operational Semantics

Proof Techniques for Operational Semantics #1 Proof Techniques for Operational Semantics #2 Small-Step Contextual Semantics In small-step contextual semantics, derivations are not tree-structured A contextual semantics derivation is a sequence

More information

3 Arbitrage pricing theory in discrete time.

3 Arbitrage pricing theory in discrete time. 3 Arbitrage pricing theory in discrete time. Orientation. In the examples studied in Chapter 1, we worked with a single period model and Gaussian returns; in this Chapter, we shall drop these assumptions

More information

Lecture 2: The Simple Story of 2-SAT

Lecture 2: The Simple Story of 2-SAT 0510-7410: Topics in Algorithms - Random Satisfiability March 04, 2014 Lecture 2: The Simple Story of 2-SAT Lecturer: Benny Applebaum Scribe(s): Mor Baruch 1 Lecture Outline In this talk we will show that

More information

Matching [for] the Lambda Calculus of Objects

Matching [for] the Lambda Calculus of Objects Matching [for] the Lambda Calculus of Objects Viviana Bono 1 Dipartimento di Informatica, Università di Torino C.so Svizzera 185, I-10149 Torino, Italy e-mail: bono@di.unito.it Michele Bugliesi Dipartimento

More information

monotone circuit value

monotone circuit value monotone circuit value A monotone boolean circuit s output cannot change from true to false when one input changes from false to true. Monotone boolean circuits are hence less expressive than general circuits.

More information

An Application of Ramsey Theorem to Stopping Games

An Application of Ramsey Theorem to Stopping Games An Application of Ramsey Theorem to Stopping Games Eran Shmaya, Eilon Solan and Nicolas Vieille July 24, 2001 Abstract We prove that every two-player non zero-sum deterministic stopping game with uniformly

More information

A Universal Calculus for Stream Processing Languages

A Universal Calculus for Stream Processing Languages 1 A Universal Calculus for Stream Processing Languages Robert Soulé, Martin Hirzel, Robert Grimm, Buğra Gedik, Henrique Andrade, Vibhore Kumar, and Kun-Lung Wu New York University and IBM Research 2 Stream

More information
2024 © financedocbox.com Privacy Policy | Terms of Service | Feedback