rhetenor/awesome-awesomeness
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
8d4db5d359165d7425f6761803bd6a7cdfdbac7b
awesome-awesomeness/terminal/provable
Jonas Zeunert 8d4db5d359 Update and add index
2024-04-23 15:17:38 +02:00

302 lines
33 KiB
Plaintext
Raw Blame History

This file contains invisible Unicode characters
This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
 Provably Awesome. ! (img/badge.svg) (http://awesome.re)
This is a curated list of links and resources related to mathematical proofs
about the properties of computer programs.
Table of Contents
⟡ Languages (#languages) - Languages with good ability to use formal type
safety
⟡ Proof Assistants (#proof-assistants) - Interactive theorem provers used to
prove properties of programs.
⟡ Projects (#projects) - Projects involving provably correct code.
⟡ Books (#books) - Textbooks commonly referred to 
⟡ Courses (#courses) - Online courses (youtube, university courses)
⟡ More Links (#more) - Video presentations about formal proof of code topics
Languages
⟡ Idris (https://www.idris-lang.org/) : Idris is a general purpose pure 
functional programming language with dependent types. Dependent types allow 
types to be predicated on values, meaning that some aspects of a programs 
behaviour can be specified precisely in the type. It is compiled, with eager 
evaluation. Its features are influenced by Haskell and ML.
  ⟡ Idris docs (http://docs.idris-lang.org/en/latest/)
  ⟡ Idris tutorial (http://docs.idris-lang.org/en/latest/tutorial/index.html#tutorial-index)
  ⟡ Theorem proving with Idris tutorial (http://docs.idris-lang.org/en/latest/proofs/index.html)
⟡ Agda (http://wiki.portal.chalmers.se/agda/pmwiki.php) : Dependently
 typed functional programming language. It has inductive families, i.e., data 
 types which depend on values, such as the type of vectors of a given length. 
 It also has parametrised modules, mixfix operators, Unicode characters, and an
 interactive Emacs interface which can assist the programmer in writing the 
 program.
  ⟡ Agda Github (https://github.com/agda/agda)
  ⟡ Agda User Manual (http://agda.readthedocs.io/en/v2.5.2/)
⟡ UR/Web (http://www.impredicative.com/ur/) : Ur/Web is Ur plus a special 
standard library and associated rules for parsing and optimization. Ur/Web 
supports construction of dynamic web applications backed by SQL databases. 
The signature of the standard library is such that well-typed Ur/Web programs 
"don't go wrong" in a very broad sense. Not only do they not crash during 
particular page generations, but they also may not:
  ⟡ Suffer from any kinds of code-injection attacks
  ⟡ Return invalid HTML
  ⟡ Contain dead intra-application links
  ⟡ Have mismatches between HTML forms and the fields expected by their handlers
  ⟡ Include client-side code that makes incorrect assumptions about the 
"AJAX"-style services that the remote web server provides
  ⟡ Attempt invalid SQL queries
  ⟡ Use improper marshaling or unmarshaling in communication with SQL databases
or between browsers and web servers
⟡ Haskell (https://www.haskell.org/) : An advanced, purely functional 
programming language. 
⟡ Liquid Haskell (https://ucsd-progsys.github.io/liquidhaskell-blog/) :
LiquidHaskell (LH) refines Haskell's types with logical predicates that let 
you enforce critical properties at compile time. (Guarantee functions are total,
keep pointers within bounds, avoid infinite loops, enforce correctness 
properties, prove laws by writing code)
⟡ Elm (http://elm-lang.org/) : A type-safe functional programming language for 
declaratively creating web browser-based graphical user interfaces. 
Implemented in Haskell. It generates JavaScript with great performance and 
no runtime exceptions.
Proof Assistants
⟡ Coq (https://coq.inria.fr/) : Coq is a formal proof management system. It 
provides a formal language to write mathematical definitions, executable 
algorithms and theorems together with an environment for semi-interactive 
development of machine-checked proofs. 
current stable version (https://coq.inria.fr/download) 
reference manual (https://coq.inria.fr/distrib/current/refman) 
* https://github.com/Ptival/PeaCoq
* https://math-comp.github.io/mcb/
⟡ Isabelle (https://isabelle.in.tum.de/) : Isabelle is a generic proof assistant.
 It allows mathematical formulas to be expressed in a formal language and 
 provides tools for proving those formulas in a logical calculus.
 overview (https://isabelle.in.tum.de/overview.html) 
⟡ HOL (https://hol-theorem-prover.org/) : The HOL interactive theorem prover is
 a proof assistant for higher-order logic: a programming environment in which 
 theorems can be proved and proof tools implemented. Built-in decision 
 procedures and theorem provers can automatically establish many simple 
 theorems (users may have to prove the hard theorems themselves!) An oracle 
 mechanism gives access to external programs such as SMT and BDD engines. 
 HOL is particularly suitable as a platform for implementing combinations of 
 deduction, execution and property checking. 
 Other HOLS (https://hol-theorem-prover.org/other-hols.html) 
⟡ LEAN (https://leanprover.github.io/) : Lean is a new open source theorem 
 prover being developed at Microsoft Research, and its standard library at 
 Carnegie Mellon University. Lean aims to bridge the gap between interactive and 
 automated theorem proving, by situating automated tools and methods in a framework 
 that supports user interaction and the construction of fully specified axiomatic 
 proofs. The goal is to support both mathematical reasoning and reasoning about 
 complex systems, and to verify claims in both domains.
 Online version (https://leanprover.github.io/live/latest/)
⟡ K Framework (http://www.kframework.org/index.php/Main_Page) : The K framework
 is a rewrite-based executable semantic framework in which programming languages, 
 type systems and formal analysis tools can be defined using configurations, 
 computations and rules. Configurations organize the state in units called cells, 
 which are labeled and can be nested. Computations carry computational meaning as 
 special nested list structures sequentializing computational tasks, such as fragments 
 of program. Computations extend the original language abstract syntax. K (rewrite) 
 rules make it explicit which parts of the term they read-only, write-only, read-write, 
 or do not care about. This makes K suitable for defining truly concurrent languages 
 even in the presence of sharing. Computations are like any other terms in a rewriting 
 environment: they can be matched, moved from one place to another, modified, or 
 deleted. This makes K suitable for defining control-intensive features such as 
 abrupt termination, exceptions or call/cc.
   ⟡ K Tutorial (http://www.kframework.org/index.php/K_Tutorial) by Grigore Rosu (https://github.com/grosu), video playlist (https://www.youtube.com/watch?v=eSaIKHQOo4c&list=PLx_U8qR-tMtLQEDPvVk1y9gTIdUIWGaQd)
   ⟡ (https://runtimeverification.com/) : Company formed from K Framework people. 
 Runtime Verification Inc. is currently developing three core products:  
 * RV-Predict is a predictive runtime analysis tool focused on automatically  
 detecting concurrency errors in your programs.  
 * RV-Monitor is a development methodology and library generation tool allowing  
 for the monitoring and enforcement of user-selected properties at runtime.  
 * RV-Match is a tool allowing for exhaustive runtime verification to be performed 
 symbolically on all possible program paths, proving certain properties correct  
 for all possible executions of a given program. 
⟡ Viper (https://www.pm.inf.ethz.ch/research/viper.html) : Viper (Verification Infrastructure for Permission-based Reasoning) is a language and suite of tools developed at ETH Zurich, providing an architecture on which new verification 
tools and prototypes can be developed simply and quickly. It comprises a novel intermediate verification language, also named Viper, and automatic verifiers for the language, as well as example front-end tools. The Viper toolset can be 
used to implement verification techniques for front-end programming languages via translations into the Viper language. ETH Zurich has built several verifiers on top of Viper, including the Gobra 
(https://www.pm.inf.ethz.ch/research/gobra.html) verifier for Go, Nagini (https://www.pm.inf.ethz.ch/research/nagini.html) for Python and Prusti (https://www.pm.inf.ethz.ch/research/prusti.html) for Rust.
Projects
⟡ seL4 (https://sel4.systems/) : The world's first operating-system kernel with 
an end-to-end proof of implementation correctness and security enforcement 
is available as open source. 
brochure (https://sel4.systems/Info/Docs/seL4-brochure.pdf) 
white paper (https://sel4.systems/Info/Docs/GD-NICTA-whitepaper.pdf) 
⟡ Certikos (http://flint.cs.yale.edu/certikos/) : Certified Kit Operating 
System.
  ⟡ Certified OS Kernels: Clean-slate design with end-to-end guarantees on 
extensibility, security, and resilience.
Without Zero-Day Kernel Vulnerabilities.
  ⟡ Layered Approach: Divides a complex
 system into multiple certified abstraction layers, which are deep 
 specifications of their underlying implementations. 
  ⟡ Languages and Tools: New formal methods, languages, compilers and other 
 tools for developing, checking, and automating specs and proofs.
⟡ Compcert (http://compcert.inria.fr/) : The CompCert project investigates the 
formal verification of realistic compilers usable for critical embedded 
software. Such verified compilers come with a mathematical, machine-checked 
proof that the generated executable code behaves exactly as prescribed by the 
semantics of the source program. 
C compiler (http://compcert.inria.fr/download.html) 
⟡ Bedrock (http://plv.csail.mit.edu/bedrock/) 
tutorial pdf (http://plv.csail.mit.edu/bedrock/tutorial.pdf) :
Bedrock is a library that turns Coq into a tool much like classical 
verification systems (e.g., ESC, Boogie), but niftier. In particular, 
Bedrock is:
  ⟡ Low-level: You can verify programs that, for performance reasons or 
 otherwise, can't tolerate any abstraction beyond that associated with 
 assembly language.
  ⟡ Foundational: The output of a Bedrock verification is a theorem whose 
 statement depends only on the predicates you choose to use in the key 
 specifications and on the operational semantics of a simple cross-platform 
 machine language. That is, you don't need to trust that the verification 
 framework is bug-free; rather, you need to trust the usual Coq proof-checker
 and the formalization of the machine language semantics.
  ⟡ Higher-order: Bedrock facilitates quite pleasant reasoning about code 
 pointers as data.
  ⟡ Computational: Many useful functions are specified most effectively by 
 comparing with "reference implementations" in a pure functional language. 
 Bedrock supports that model, backed by the full expressive power of Coq's 
 usual programming language.
  ⟡ Structured: Bedrock is an extensible programming language: any client 
 program may add new control flow constructs by providing their proof rules. 
 For example, adding high-level syntax for your own calling convention or 
 exception handling construct is relatively straightforward and does not 
 require tweaking the core library code.
  ⟡ Mostly automated: Tactics automate verification condition generation 
 (in a form inspired by separation logic) and most of the process of 
 discharging those conditions. Many interesting programs can be verified with 
 zero manual proof effort, in stark contrast to most Coq developments.
⟡ HACMS (https://www.darpa.mil/program/high-assurance-cyber-military-systems)
: High-Assurance Cyber Military Systems (HACMS)
. Dr. Raymond Richards. Technology for cyber-physical systems,
functionally correct and satisfying appropriate safety and security properties. 
Clean-slate, formal methods, semi-automated code synthesis from executable, 
formal specifications. HACMS seeks a synthesizer capable of producing a 
machine-checkable proof that generated code satisfies functional 
specs as well as security and safety policies, and development to ensure 
proofs are composable, allowing components.
 more Darpa "formal" tagged links (https://www.darpa.mil/tag-list?tt=78) 
 verigames-crowdsourced formal verification (https://www.darpa.mil/news-events/2013-12-04a) 
⟡ Genode (http://genode.org/) : Genode is a novel OS architecture that is 
able to master complexity by applying a strict organizational structure to all
 software components including device drivers, system services, and applications. 
Books
⟡ The Little Prover (https://mitpress.mit.edu/books/little-prover)
The Little Prover introduces inductive proofs as a way to determine facts about
 computer programs.
⟡ Certified Programming with Dependent Types (http://adam.chlipala.net/cpdt/) by
Adam Chlipala. Textbook about practical engineering with the Coq proof assistant.
The focus is on building programs with proofs of correctness, using dependent 
types and scripted proof automation.
Latest draft (http://adam.chlipala.net/cpdt/cpdt.pdf) 
⟡ Software Foundations (https://softwarefoundations.cis.upenn.edu/) by
Benjamin Pierce and others. The Software Foundations series is a broad 
introduction to the mathematical underpinnings of reliable software.
  ⟡ Vol. 1: (https://softwarefoundations.cis.upenn.edu/lf-current/index.html)
read (https://softwarefoundations.cis.upenn.edu/lf-current/toc.html) 
download (https://softwarefoundations.cis.upenn.edu/lf-current/lf.tgz) 
Logical Foundations, serves as the entry-point to the series. It covers 
functional programming, basic concepts of logic, computer-assisted theorem 
proving,and Coq.
  ⟡ Vol. 2: (https://softwarefoundations.cis.upenn.edu/plf-current/index.html)
read (https://softwarefoundations.cis.upenn.edu/plf-current/toc.html) 
download (https://softwarefoundations.cis.upenn.edu/plf-current/plf.tgz) 
Programming Language Foundations, surveys the theory of programming languages, 
including operational semantics, Hoare logic, and static type systems.
  ⟡ Vol. 3: Verified Functional Algorithms (https://softwarefoundations.cis.upenn.edu/vfa-current/index.html)
read (https://softwarefoundations.cis.upenn.edu/vfa-current/index.html) 
download (https://softwarefoundations.cis.upenn.edu/vfa-current/vfa.tgz) 
Learn how to specify and verify (prove the correctness of) sorting algorithms, 
binary search trees, balanced binary search trees, and priority queues.
⟡ HoTT : Homotopy Type Theory: Univalent Foundations of Mathematics (https://homotopytypetheory.org/book/)
pdf (http://saunders.phil.cmu.edu/book/hott-online.pdfUnivalent) 
Foundations of Mathematics is Vladimir Voevodskys new program for a 
comprehensive, computational foundation for mathematics based on the homotopical
interpretation of type theory. The type theoretic univalence axiom relates 
propositional equality on the universe with homotopy equivalence of small types. 
The program is currently being implemented with the help of the automated proof 
assistant Coq.
⟡ https://math-comp.github.io/mcb/
Courses
⟡ DeepSpec Summer School (https://www.youtube.com/channel/UC5yB0ZRgc4A99ttkwer-dDw)
41 Videos about deep specification. Coq videos, examples, tutorials.
⟡ Adam Chlipala Videos:
  ⟡ 2017-12-29 CCC Presentation: Coming Soon Machine-Checked Mathematical Proofs in Everyday Software and Hardware Development 
(https://media.ccc.de/v/34c3-9105-coming_soon_machine-checked_mathematical_proofs_in_everyday_software_and_hardware_development)
  ⟡ Adam Chlipala Lecture 1, OPLSS 2015 (https://www.youtube.com/watch?v=ORKAy_CHDYM)
  ⟡ Bedrock: A Software Development Ecosystem Inside a Proof Assistant (https://www.youtube.com/watch?v=BSyrp-iYBMo)
  ⟡ CACM August 2016 - Ur/Web: A Simple Model for Programming the Web (https://www.youtube.com/watch?v=J3XI6-aZZXk)
  ⟡ Proof engineering Adam Chlipala (https://www.youtube.com/watch?v=yXLeyANzAC4)
  ⟡ 2015 Coq Proof Assistant and Its Applications to Programming-Language Semantics (https://www.youtube.com/playlist?list=PLt7hcIEdZLAnO7AawDQkHwE7RtwPDOFEc)
⟡ Type-Drive Development in Idris - Edwin Brady (https://www.youtube.com/watch?v=X36ye-1x_HQ)
⟡ Benjamin Pierce - Software Foundations Course (https://www.youtube.com/playlist?list=PLGCr8P_YncjUT7gXUVJWSoefQ40gTOz89)
⟡ Learning Automated Theorem Proving (https://cs.stackexchange.com/questions/820/learning-automated-theorem-proving) : Stackexchange post about learning
More
⟡ Curry-Howard (https://en.wikipedia.org/wiki/Curry%E2%80%93Howard_correspondence) :
CurryHoward correspondence refers to the direct relationship between computer
programs and mathematical proofs. This is also the idea of "proofs as programs",
and "propositions (formulas)-as-types".
⟡ Hoare logic (https://en.wikipedia.org/wiki/Hoare_logic)
Hoare logic (also known as FloydHoare logic or Hoare rules) is a formal system 
with a set of logical rules for reasoning rigorously about the correctness of 
computer programs. 
⟡ Designing A Theorem Prover (Paulson, Cambridge, 1990) (https://www.cl.cam.ac.uk/techreports/UCAM-CL-TR-192.pdf)
⟡ Rolf Rolles Program Synthesis in Reverse Engineering (https://www.youtube.com/watch?v=mFjSbxV_1vw)
...Assume you generate all possible programs...
⟡ The Open-Source seL4 Kernel. Military-Grade Security Through Mathematics - SFO17-417 (https://www.youtube.com/watch?v=heSmrHzHcuM)
⟡ DARPA Hack Proof Drones (https://www.defensetech.org/2014/05/21/darpa-unveils-hack-proof-drone/)
 Uses SEL4, other RTOS
⟡ Pentagon Wants Unhackable Helicopters (https://www.engadget.com/2015/03/16/pentagon-wants-unhackable-helicopters/)
⟡ Hacker-Proof Code Confirmed (https://www.quantamagazine.org/formal-verification-creates-hacker-proof-code-20160920/) : 
Computer scientists can prove certain programs to be error-free with the same certainty that mathematicians prove theorems. The advances are being used to secure everything from unmanned drones to the internet.
⟡ CertiKOS enables creation of secure system kernels (http://www.zdnet.com/article/certikos-a-hacker-proof-os/) certikos project (http://flint.cs.yale.edu/certikos/) 
Computer system security stinks, because our 
software is buggy and untestable in full. Great for cyber criminals, but not 
for us. So why doesn't someone build a mathematically verified, secure, 
concurrent kernel that can run on x86 and ARM? A team at Yale has.
⟡ seL4 Is Free What Does This Mean For You? (https://www.youtube.com/watch?v=lRndE7rSXiI)
⟡ From L3 to seL4 what have we learnt in 20 years of L4 microkernels? (https://www.youtube.com/watch?v=RdoaFc5-1Rk)
⟡ seL4 introduction: Capability--based Access Model (https://www.youtube.com/watch?v=x3P6Y6VO0UI) <- Chinese, translation?
⟡ seL4 playlist (https://www.youtube.com/playlist?list=PL8UO9ZG39Nx43YCAKGCtj9Rb6p2_3utdc)
⟡ Creating drones that can't be hacked (https://www.youtube.com/watch?v=4oONdV5RYp8)
⟡ HACMS: Protecting Military Systems from Hackers (https://www.youtube.com/watch?v=OyqNpn6JpBk)
⟡ Formal Methods for Avionics Software Verification pt1 (https://www.youtube.com/watch?v=tRtK4xOK-8o
)
⟡ TODO: find Heartbleed Example with Agda Showing Proofs
Reference in New Issue View Git Blame Copy Permalink