Automatically Generating Counterexamples to Naive Free Theorems.

We develop formal and implemented tools for counterexample generation in the context of free theorems, i.e., statements derived from polymorphic typesà la relational parametricity. ... In particular, side conditions in a statement about program behavior are sometimes best understood and explored by trying to exhibit a falsifying example in the absence of a condition in question. ... Producing Full Counterexamples In the introduction we proclaimed the construction of complete counterexamples to naive free theorems. ...

doi:10.1007/978-3-642-12251-4_14 fatcat:wmhuq4abb5f2zojybk54vr6yk4

, and includes fully automatic bug-finding methods based on a synergistic combination of theorem proving and random testing. ... It has also been used in several sections of a required freshman course at Northeastern University to teach over 200 undergraduate students how to reason about programs. ... ACL2s provides a new lightweight and fully automatic synergistic integration of testing and theorem proving that often generates counterexamples to false conjectures. ...

doi:10.1007/978-3-642-19835-9_27 fatcat:cjwm6tggdzef3io2ftv53z27oi

We present a synergistic integration of testing with theorem proving, implemented in the ACL2 Sedan (ACL2s), for automatically generating concrete counterexamples. ... In fact, our approach even leads to better theorem proving, e.g. if testing shows that a generalization step leads to a false conjecture, we force the theorem prover to backtrack, allowing it to pursue ... Kaufmann also thanks the Texas -United Kingdom Collaborative for travel support to Cambridge, England, and the Computer Laboratory at the University of Cambridge for hosting him during preliminary preparation ...

doi:10.4204/eptcs.70.1 fatcat:mrs4pqwgnzcfdc7id2pxusltqm

DOAJ Multiple Versions

Also, unlike general purpose theorem provers, Salsa concentrates on a single task and gains efficiency by employing a set of optimized heuristics. ... Unlike model checkers, Salsa returns a state pair as a counterexample and not an execution sequence. Also, due to the incompleteness of induction, users must validate the counterexamples. ... Salsa has the attributes of both a model checker and a theorem prover: It is automatic and provides counterexamples just like a model checker. ...

doi:10.1007/3-540-46419-0_26 fatcat:3lpcdzjt2ra47m2j5qgvra4yje

We then show how to use finite model generation in this context to prove the absence of attacks. ... To address this issue, we investigate an alternative approach (based on first-order logic) that does not require inequalities to be axiomatized. ... Vampire 10.0, an automatic theorem prover for first-order logic, was used to find attacks, and Paradox 2.3 [22] , a finite model generator, was employed to search for models that show security. ...

doi:10.1007/978-3-642-03459-6_11 fatcat:vg652pjy4rgnni2mhgy732jlwi

Isabelle/HOL is a popular interactive theorem prover based on higherorder logic. It owes its success to its ease of use and powerful automation. ... Much of the automation is performed by external tools: The metaprover Sledgehammer relies on resolution provers and SMT solvers for its proof search, the counterexample generator Quickcheck uses the ML ... Interactive theorem proving is still challenging, but thanks to a new generation of automatic proof and disproof tools and the wide availability of multi-core processors with spare CPU cycles, it is much ...

doi:10.1007/978-3-642-24364-6_2 fatcat:y4crzmmegfhybfp5xu2bwlxoae

Nonetheless, in most papers where the GSTT is used, there is no mention on how to automatically and efficiently obtain generators for the first homology group. ... Hence, over the past twenty years, a considerable effort has been invested by the computational electromagnetics community to develop fast and general algorithms to produce cohomology group generators. ... We would like to thank the anonymous referees for some valuable comments which helped to improve the presentation of the paper. ...

doi:10.1137/090766334 fatcat:yruf2otfkfctvmnwpzzevbesqe

We present a novel counterexample generator for the interactive theorem prover Isabelle based on a compiler that synthesizes test data generators for functional programming languages (e.g. ... In contrast to naive type-based test data generators, the smart generators take the preconditions into account and only generate tests that fulfill the preconditions. ... Acknowledgements I would like to thank Andrei Popescua, Sascha Boehme, Tobias Nipkow, Alexander Krauss and the anonymous referees for comments on earlier versions of this paper. ...

doi:10.4230/lipics.iclp.2011.139 dblp:conf/iclp/Bulwahn11 fatcat:g7l7fs27rfamtgfn56krfwz42m

A technique for finding errors in computer programs is to translate a given program and its correctness criteria into a logical formula in mathematics and then let an automatic theorem prover check the ... This paper describes a method for reconstructing, from the theorem prover's mathematical output, error traces that lead to the program errors that the theorem prover discovers. ... Acknowledgments The labeling mechanism in Simplify was developed by Dave Detlefs, Greg Nelson, and one of the authors (Saxe) as part of the ESC/Modula-3 project, which used the labels to report precise ...

doi:10.1016/j.scico.2004.05.016 fatcat:7n22xehtj5flxk6vb3pl2qxfxy

Szczepanski

data that is generated during earlier satisfiability checks. ... Bounded model checking (BMC) is an automatic verification method that is based on finitely unfolding the system's transition relation. ... The lazy theorem proving algorithm can be easily modified to handle quantifier-free formulas over (R, +, ·, <, 0, 1). ...

doi:10.1007/978-3-540-30579-8_26 fatcat:jsw5unx3qzfoba4usht745r2ku

to automatically generate the set of candidate dependent types. ... Then, an interpolating theorem prover is used to validate the counterexample as a real type error or generate additional candidate dependent types to refute the spurious counterexample. ... The above theorems justify us calling (F, i) a counterexample. That is, the unwinding d ′ produced from (F, i) is a counterexample to the typability of d under the current candidate set. ...

doi:10.1145/1706299.1706315 dblp:conf/popl/Terauchi10 fatcat:te5j62p5sffjjkocc6zgtrs6ni

to automatically generate the set of candidate dependent types. ... Then, an interpolating theorem prover is used to validate the counterexample as a real type error or generate additional candidate dependent types to refute the spurious counterexample. ... The above theorems justify us calling (F, i) a counterexample. That is, the unwinding d ′ produced from (F, i) is a counterexample to the typability of d under the current candidate set. ...

doi:10.1145/1707801.1706315 fatcat:u4xhdrygbnenhivktc4mcx3qsm

Model checking is largely automatic but is effective only for programs defined over small state spaces. ... Verification seeks to prove or refute putative properties of a given program. ... on the abstraction generates useful invariants that are fed back to the theorem prover. ...

doi:10.1007/978-3-540-40007-3_23 fatcat:tyj42kb4drho3krraqx6pvy6hi

Pappas and Zhu have recently given a general group-theoretic construction of flat local models with parahoric level structure for any tamely ramified group, but it remains an interesting problem to characterize ... In this paper we propose a further refinement to their moduli problem, which we show is both necessary and sufficient to characterize the (flat) local model in a certain special maximal parahoric case ... In response to the counterexample, in this paper we introduce a further refinement to the moduli problem defining M naive I . ...

doi:10.1093/imrn/rnv095 fatcat:ytkgef6zibbudjtvzlbgul5c2m

observation is that constructing a proof for a small representative set of the runs of the product program (i.e. the product of the several copies of the program by itself), called a reduction, is sufficient to ... It also implements multiple counterexample generation algorithms: (1) Naive: selects the first counterexample in the difference of the program and proof language. (2) Progress-Ensuring: selects a set of ... In our setting, reductions generated by sleep sets are already optimal (Theorem 6.7). ...

doi:10.1007/978-3-030-25540-4_11 fatcat:zecykuzxpberxkpva27ac7okvy

Automatically Generating Counterexamples to Naive Free Theorems [chapter]

Preserved Fulltext

The ACL2 Sedan Theorem Proving System [chapter]

Preserved Fulltext

Integrating Testing and Interactive Theorem Proving

Preserved Fulltext

Other Versions

Salsa: Combining Constraint Solvers with BDDs for Automatic Invariant Checking [chapter]

Preserved Fulltext

Finite Models in FOL-Based Crypto-Protocol Verification [chapter]

Preserved Fulltext

Automatic Proof and Disproof in Isabelle/HOL [chapter]

Preserved Fulltext

Critical Analysis of the Spanning Tree Techniques

Preserved Fulltext

Smart test data generators via logic programming

Preserved Fulltext

Generating error traces from verification-condition counterexamples

Preserved Fulltext

Optimizing Bounded Model Checking for Linear Hybrid Systems [chapter]

Preserved Fulltext

Dependent types from counterexamples

Preserved Fulltext

Dependent types from counterexamples

Preserved Fulltext

Verification by Abstraction [chapter]

Preserved Fulltext

On the Moduli Description of Local Models for Ramified Unitary Groups

Preserved Fulltext

Automated Hypersafety Verification [chapter]

Preserved Fulltext