## Coinductive Verification of Program Optimizations using Similarity Relations

Citations: | 2 - 0 self |

### BibTeX

@MISC{Glesner_coinductiveverification,

author = {Sabine Glesner and Johannes Leitner and Jan Olaf Blech},

title = {Coinductive Verification of Program Optimizations using Similarity Relations},

year = {}

}

### OpenURL

### Abstract

Formal verification methods have gained increased importance due to their ability to guarantee system correctness and improve reliability. Nevertheless, the question how proofs are to be formalized in theorem provers is far from being trivial, yet very important as one needs to spend much more time on verification if the formalization was not cleverly chosen. In this paper, we develop and compare two different possibilities to express coinductive proofs in the theorem prover Isabelle/HOL. Coinduction is a proof method that allows for the verification of properties of also non-terminating state-transition systems. Since coinduction is not as widely used as other proof techniques as e.g. induction, there are much fewer “recipes ” available how to formalize corresponding proofs and there are also fewer proof strategies implemented in theorem provers for coinduction. In this paper, we investigate formalizations for coinductive proofs of properties on state transition sequences. In particular, we compare two different possibilities for their formalization and show their equivalence. The first of these two formalizations captures the mathematical intuition, while the second can be used more easily in a theorem prover. We have formally verified the equivalence of these criteria in Isabelle/HOL, thus establishing a coalgebraic verification framework. To demonstrate that our verification framework is suitable for the verification of compiler optimizations, we have introduced three different, rather simple transformations that capture typical problems in the verification of optimizing compilers, even for non-terminating source programs.

### Citations

3387 |
Communication and Concurrency
- Milner
- 1989
(Show Context)
Citation Context ... specification language CCSL. Coalgebraic proof methods are not the only formalism capturing the characteristics of semantics for non-terminating programs. One can also use labeled transition systems =-=[Mil95]-=-. Bisimulation can be used within both formalisms. Our notion of bisimulation with collapsings (operating on coalgebraic datatypes) und the notion of weak bisimulation [Mil95] (operating on labeled tr... |

1360 | A Structural Approach to Operational Semantics
- Plotkin
- 1981
(Show Context)
Citation Context ...ervations. This view is in line with the intention of the two classical approaches to operational semantics which are abstract state machines (ASMs) [Gur95] and structural operational semantics (SOS) =-=[Plo81]-=-. We concentrate here on SOS but all our developments can be applied to ASMs as well. This holds because every SOS semantics can be transformed into an equivalent ASM semantics and vice versa [Gle03].... |

778 |
Isabelle/HOL: A Proof Assistant for Higher-Order Logic,” LNCS 2283
- Nipkow, Paulson, et al.
- 2002
(Show Context)
Citation Context ...alized our framework for the coinductive definition of programming language semantics together with the equivalence proof for the two definitions of collapsings within the theorem prover Isabelle/HOL =-=[NPW02]-=-. Moreover, also within Isabelle/HOL, we have instantiated our framework with a simple imperative programming language together with example proofs for program equivalence for typical cases. With thes... |

416 | Evolving algebra 1993: Lipari guide
- Gurevich
- 1995
(Show Context)
Citation Context ...t and output a new state together with possible observations. This view is in line with the intention of the two classical approaches to operational semantics which are abstract state machines (ASMs) =-=[Gur95]-=- and structural operational semantics (SOS) [Plo81]. We concentrate here on SOS but all our developments can be applied to ASMs as well. This holds because every SOS semantics can be transformed into ... |

73 | Isabelle/Isar — a versatile environment for human-readable formal proof documents
- Wenzel
- 2002
(Show Context)
Citation Context ...L1) = merging(L2) ⇐⇒ L1 ≈ L2 One direction of the proof is simple. We show that every lazy list is similar to its own merging. A shortened version of this direction of the proof is given here in ISAR =-=[Wen02]-=- notation: lemma abs_sim : shows "A ≈ merging A" proof - let ?X = " � L. {( L, merging L ) }" have "∀ x. x ∈ ?X −→ ( x = ( ♦ , ♦ ) ∨ ( ∃ L M p q. x = (p@L, q@M) ∧ p ∼ =q ∧ (L, M) ∈ ?X ∪ absRel ) )" pr... |

63 |
Verified bytecode verifiers
- Nipkow
- 2001
(Show Context)
Citation Context ...rk has concentrated on transformations taking place in compiler frontends. The formal verification of the translation from Java to Java byte code and formal byte code verification was investigated in =-=[KN03]-=-. This latter work was preceeded by the work on the formalization of Java and the proof of its type safety within the theorem prover Isabelle/HOL [NvO98] Lately, also coalgebraic methods have been use... |

52 | A mechanically verified language implementation
- Moore
- 1989
(Show Context)
Citation Context ...estigated in the area of compiler verification. Early research on compiler verification was carried out in the Boyer-Moore theorem prover considering the translation of the programming language Piton =-=[Moo89]-=-. The german Verifix project investigated the construction of correct compilers without performance loss, see [GGZ04] for an overview. Recent work has concentrated on transformations taking place in c... |

41 | Oheimb. Java light is Type-Safe— Definitely
- Nipkow, von
- 1998
(Show Context)
Citation Context ...rmal byte code verification was investigated in [KN03]. This latter work was preceeded by the work on the formalization of Java and the proof of its type safety within the theorem prover Isabelle/HOL =-=[NvO98]-=- Lately, also coalgebraic methods have been used successfully in the specification of and reasoning about programming languages and systems. In [HHJT98,Hui01], the semantics of object-oriented program... |

39 | The Coalgebraic Class Specification Language CCSL
- Rothe, Tews, et al.
- 2001
(Show Context)
Citation Context ..., the semantics of object-oriented programming languages has been defined coalgebraically. The goal of the VFiasco project [HST02] is the verification of an operating system with coalgebraic methods. =-=[RTJ01]-=- describes the coalgebraic class specification language CCSL. Coalgebraic proof methods are not the only formalism capturing the characteristics of semantics for non-terminating programs. One can also... |

36 | Reasoning about Java Programs in higher order logic with PVS and Isabelle - Huisman - 2001 |

35 | Reasoning about classes in object-oriented languages: Logical models and tools - Hensel, Huisman, et al. - 1998 |

33 | Applying source-code verification to a microkernel — the VFiasco project
- Hohmuth, Tews, et al.
- 2002
(Show Context)
Citation Context ...n of and reasoning about programming languages and systems. In [HHJT98,Hui01], the semantics of object-oriented programming languages has been defined coalgebraically. The goal of the VFiasco project =-=[HST02]-=- is the verification of an operating system with coalgebraic methods. [RTJ01] describes the coalgebraic class specification language CCSL. Coalgebraic proof methods are not the only formalism capturin... |

22 | A fixedpoint approach to (co)inductive and (co)datatype definitions
- Paulson
(Show Context)
Citation Context ...der the operations of the coalgebra is contained in the equality relation. 3.2 Coalgebras and Coinduction in Isabelle/HOL Coalgebraic types are available in Isabelle/HOL in the extension described in =-=[Pau04]-=-. This extension makes use of coinductively defined sets, a definition principle available in Isabelle/HOL, and uses it to define lazy lists. As an example, consider the coinductive definition of poss... |

11 |
Formal verification of dead code elimination in Isabelle/HOL
- Blech, Gesellensetter, et al.
- 2005
(Show Context)
Citation Context ...atatypes) und the notion of weak bisimulation [Mil95] (operating on labeled transition systems) may be used for the same purposes: defining program equivalence up to observable steps. In our own work =-=[BGG05]-=- we have proved a dead code elimination algorithm as used in compilers correct using bisimulation on Kripke structures. In [Gle04], we describe how coalgebras and coinduction may be used in compiler v... |

10 |
Verifix: Konstruktion und Architektur verifizierender Uebersetzer(Verifix: Construction and Architecture of Verifying Compilers). it
- Glesner, Goos, et al.
(Show Context)
Citation Context ...Moore theorem prover considering the translation of the programming language Piton [Moo89]. The german Verifix project investigated the construction of correct compilers without performance loss, see =-=[GGZ04]-=- for an overview. Recent work has concentrated on transformations taking place in compiler frontends. The formal verification of the translation from Java to Java byte code and formal byte code verifi... |

4 |
A Comparison between two Formal Correctness Proofs in Isabelle/HOL
- Blech, Glesner, et al.
- 2005
(Show Context)
Citation Context ...n on Kripke structures. In [Gle04], we describe how coalgebras and coinduction may be used in compiler verification. Finally, our work on formalizing and transforming data flow dependent computations =-=[BGLM05]-=- also shows, as the work presented in this paper, that the choice of formalization is vital for the proof success when using theorem provers. 16s8 Conclusions Glesner, Leitner, Blech We have presented... |

4 |
A proof calculus for natural semantics based on greatest fixed point semantics
- Glesner
- 2004
(Show Context)
Citation Context ... defining program equivalence up to observable steps. In our own work [BGG05] we have proved a dead code elimination algorithm as used in compilers correct using bisimulation on Kripke structures. In =-=[Gle04]-=-, we describe how coalgebras and coinduction may be used in compiler verification. Finally, our work on formalizing and transforming data flow dependent computations [BGLM05] also shows, as the work p... |

2 | ASMs versus natural semantics: a comparison with new insights. Abstract State
- Glesner
- 2003
(Show Context)
Citation Context ... [Plo81]. We concentrate here on SOS but all our developments can be applied to ASMs as well. This holds because every SOS semantics can be transformed into an equivalent ASM semantics and vice versa =-=[Gle03]-=-. 4.1 Structural operational semantics (SOS) Structural operational semantics (SOS), also called small-step semantics, concentrates on individual steps of program execution and how these single steps ... |

2 |
Coalgebraic Methods in the Verification of Optimizing Program Transformations Using Theorem Provers
- Leitner
- 2005
(Show Context)
Citation Context ...ion is closer to the one introduced in [JR97], we prefer it in our proofs. We have easily shown that it implies the one required to apply llist equalityI (for the detailed Isabelle proof, we refer to =-=[Lei05]-=-): pauls_equiv : bisimulation r =⇒ r ⊆ llistD_Fun (r ∪ range (λx. (x, x))) To use coalgebraically defined types, we need to be able to define not necessarily terminating recursive functions. For lazy ... |