A Formal Model of IEEE Floating Point Arithmetic
by Lei Yu đ§
diff --git a/web/authors/yu/index.html b/web/authors/yu/index.html --- a/web/authors/yu/index.html +++ b/web/authors/yu/index.html @@ -1,99 +1,99 @@
November 28, 2022
Angeliki Koutsoukou-Argyraki đ, Mantas BakĆĄys đ and Chelsea Edmonds đ
November 11, 2022
Ć tÄpĂĄn Holub đ§ and Martin RaĆĄka
January 3, 2023
December 6, 2022
Christoph BenzmĂŒller đ§, David Fuenmayor đ§, Alexander Steen and Geoff Sutcliffe
December 5, 2022
November 25, 2022
February 2, 2023
August 14, 2023
August 16, 2023
Paul Hofmeier đ§ and Emin Karayel đ§
November 11, 2022
March 15, 2023
Information flow security ensures that the secret data manipulated by a program does not influence its observable output. Proving information flow security is especially challenging for concurrent programs, where operations on secret data may influence the execution time of a thread and, thereby, the interleaving between threads. Such internal timing channels may affect the observable outcome of a program even if an attacker does not observe execution times. Existing verification techniques for information flow security in concurrent programs attempt to prove that secret data does not influence the relative timing of threads. However, these techniques are often restrictive (for instance because they disallow branching on secret data) and make strong assumptions about the execution platform (ignoring caching, processor instructions with data-dependent execution time, and other common features that affect execution time).
In this entry, we formalize and prove the soundness of CommCSL, a novel relational concurrent separation logic for proving secure information flow in concurrent programs that lifts these restrictions and does not make any assumptions about timing behavior. The key idea is to prove that all mutating operations performed on shared data commute, such that different thread interleavings do not influence its final value. Crucially, commutativity is required only for an abstraction of the shared data that contains the information that will be leaked to a public output. Abstract commutativity is satisfied by many more operations than standard commutativity, which makes our technique widely applicable.
January 8, 2023
In this set of theories, we express well-known crytographic standards in the language of Isabelle. The standards we have translated so far are:
  FIPS 180-4 |
NIST's Secure Hash Standard, rev 4. |
  FIPS 186-4 |
Only the elliptic curves over prime fields, i.e. NIST's "P-" curves |
  FIPS 198-1 |
NIST's The Keyed-Hash Message Authentication Code (HMAC Standard) |
  PKCS #1 v2.2 |
RSA Laboratories' RSA Cryptography Standard, version 2.2 |
  SEC1 v2.0 |
SEC's Elliptic Curve Cryptography, version 2.0 Â Â |
The intention is that these translations will be used to prove that any particular implementation matches the relevant standard. With that in mind, the overriding principle is to adhere as closely as possible, given the syntax of HOL, to the written standard. It should be obvious to any reader, regardless of their past experience with Isabelle, that these translations exactly match the  standards. Thus we use the same function and variable names as in the written standards whenever possible and explain in the comments the few times when that is not possible.Â
We want the users of these theories to have faith that errors were not made in the translations. We do two things to achieve this. First, in addition to translating a standard, we provide a robust supporting theory that proves anything that one might wish to know about the primitives that the standard defines. For example, we prove that encryption and decryption are inverse  operations. We prove when RSA keys are equivalent. We prove that if a message is signed, then that signature and message will pass the verification operation. Any fact that you may need in using these standards, we hope and believe we have already proved for you.Â
Second, we prove (by evaluation) that the test vectors provided by NIST, et al, check as intended (whether a passing or failing test case.) The test vectors may be found in theories named *_Test_Vectors.thy. These files can be large and take time for Isabelle to process. Thus, they are not imported by this main Crypto_Standards theory. Users may open those separately. As an aside, Isabelle must be told how to compute certain operations efficiently. For example, modular exponentiation or scalar multiplication of a point on an elliptic curve. The Efficient*.thy files are necessary to check the test vectors.Â
We attempt to be as agnostic to implementation details as possible. For example, we do not  assume any particular data type has been used as input or output. Many standards operate on octets, or 8-bit values. For these theories, an octet string is modeled as a list of natural numbers. Then a nat x is a "valid octet" exactly when x < 256. Words.thy contains all the  operations needed to convert natural number to a string of n-bit values and back to a natural number. There you will also find definitions for handling padding and bit manipulations that are found in the above standards. Again, we believe that we have proved anything you may need to apply these theories. We have erred on the side of including lemmas that may be of practical use as opposed to proving a minimal set of lemmas required.Â
Axel Christfort đ§ and SĂžren Debois
June 16, 2023
April 3, 2023
April 3, 2023
July 16, 2023
February 16, 2023
RenĂ© Thiemann đ and Elias Wenninger
June 1, 2023
The Weighted Path Order (WPO) of Yamada is a powerful technique for proving termination. In a previous AFP entry, the WPO was defined and properties of WPO have been formally verified. However, the implementation of WPO was naive, leading to an exponential runtime in the worst case.
Therefore, in this AFP entry we provide a poly-time implementation of WPO. The implementation is based on memoization. Since WPO generalizes the recursive path order (RPO), we also easily derive an efficient implementation of RPO.
February 25, 2004
This is an example submission to the Archive of Formal Proofs. It shows submission requirements and explains the structure of a simple typical submission.
Note that you can use HTML tags and LaTeX formulae like $\sum_{n=1}^\infty \frac{1}{n^2} = \frac{\pi^2}{6}$ in the abstract. Display formulae like $$ \int_0^1 x^{-x}\,\text{d}x = \sum_{n=1}^\infty n^{-n}$$ are also possible. Please read the submission guidelines before using this.
Emin Karayel đ§ and Manuel Eberl đ§
June 19, 2023
March 3, 2023
August 14, 2023
Jasmin Christian Blanchette đ§, Qi Qiu đ§ and Sophie Tourret đ§
January 25, 2023
July 11, 2023
Johannes Ă man Pohjola đ§, Magnus O. Myreen đ§ and Miki Tanaka đ§
January 20, 2023
April 3, 2023
Lei Yu đ§ with contributions from Fabian Hellauer đ§, Fabian Immler đ and Tjark Weber đ§
July 27, 2013
Mantas BakĆĄys đ§ and Angeliki Koutsoukou-Argyraki đ§
November 21, 2022
April 29, 2023
May 5, 2023
Walter Guttmann đ§ and Georg Struth đ§
May 22, 2023
Christian Dalvit and RenĂ© Thiemann đ§
November 30, 2022
Mike Stannett đ§, Edward Higgins, Hajnal Andreka đ, Judit Madarasz đ, IstvĂĄn NĂ©meti đ and Gergely Szekely đ
March 5, 2023
ThĂ©o Delemazure đ, Tom Demeulemeester đ, Manuel Eberl đ, Jonas Israel đ and Patrick Lederer đ
November 10, 2022
In party-approval multi-winner elections, the goal is to allocate the seats of a fixed-size committee to parties based on approval ballots of the voters over the parties. In particular, each can approve multiple parties and each party can be assigned multiple seats.
Three central requirements in this settings are:
We show that these three basic axioms are incompatible for party-approval multi-winner voting rules, thus proving a far-reaching impossibility theorem.
The proof of this result is obtained by formulating the problem in propositional logic and then letting a SAT solver show that the formula is unsatisfiable. The DRUP proof output by the SAT solver is then converted into Lammich's GRAT format and imported into Isabelle/HOL with some custom-written ML code.
This transformation is proof-producing, so the final Isabelle/HOL theorem does not rely on any oracles or other trusted external trusted components.
Kevin Lee đ§, Zhengkun Ye đ§ and Angeliki Koutsoukou-Argyraki đ§
August 10, 2023
We formalize the proofs of Cauchy's and Legendre's Polygonal Number Theorems given in Melvyn B. Nathanson's book "Additive Number Theory: The Classical Bases".
For $m \geq 1$, the $k$-th polygonal number of order $m+2$ is defined to be $p_m(k)=\frac{mk(k-1)}{2}+k$. The theorems state that:
1. If $m \ge 4$ and $N \geq 108m$, then $N$ can be written as the sum of $m+1$ polygonal numbers of order $m+2$, at most four of which are different from $0$ or $1$. If $N \geq 324$, then $N$ can be written as the sum of five pentagonal numbers, at least one of which is $0$ or $1$.
2. Let $m \geq 3$ and $N \geq 28m^3$. If $m$ is odd, then $N$ is the sum of four polygonal numbers of order $m+2$. If $m$ is even, then $N$ is the sum of five polygonal numbers of order $m+2$, at least one of which is $0$ or $1$.
We also formalize the proof of Gauss's theorem which states that every non-negative integer is the sum of three triangular numbers.
February 20, 2023
December 15, 2022
Georg Struth đ§ and Cameron Calk
July 25, 2023
Katherine Kosaian đ§, Yong Kiam Tan đ§ and AndrĂ© Platzer đ§
December 15, 2022
February 28, 2023
November 24, 2022
Sunpill Kim and Yong Kiam Tan đ§
April 27, 2023
April 20, 2023
Anthony Bordg đ§ and AdriĂĄn Doña Mateo đ§
January 14, 2023
January 22, 2023
January 9, 2023
In this work, I provide an abstract framework for proving the completeness of a logical calculus using the synthetic method. The synthetic method is based on maximal consistent saturated sets (MCSs). A set of formulas is consistent (with respect to the calculus) when we cannot derive a contradiction from it. It is maximally consistent when it contains every formula that is consistent with it. For logics where it is relevant, it is saturated when it contains a witness for every existential formula. To prove completeness using these maximal consistent saturated sets, we prove a truth lemma: every formula in an MCS has a satisfying model. Here, Hintikka sets provide a useful stepping stone. These can be seen as characterizations of the MCSs based on simple subformula conditions rather than via the calculus. We then prove that every Hintikka set gives rise to a satisfying model and that MCSs are Hintikka sets. Now, assume a valid formula cannot be derived. Then its negation must be consistent and therefore satisfiable. This contradicts validity and the original formula must be derivable.
To start, I build maximal consistent saturated sets for any logic that satisfies a small set of assumptions. I do this using a transfinite version of Lindenbaum's lemma, which allows me to support languages of any cardinality. I then prove useful abstract results about derivations and refutations as they relate to MCSs. Finally, I show how Hintikka sets can be derived from the logic's semantics, outlining one way to prove the required truth lemma.
To demonstrate the versatility of the framework, I instantiate it with five different examples. The formalization contains soundness and completeness results for: a propositional tableau calculus, a propositional sequent calculus, an axiomatic system for modal logic, a labelled natural deduction system for hybrid logic and a natural deduction system for first-order logic. The tableau example uses custom Hintikka sets based on the calculus, but the other four examples derive them from the semantics in the style of the framework. The hybrid and first-order logic examples rely on saturated MCSs. This places requirements on the cardinalities of their languages to ensure that there are enough witnesses available. In both cases, the type of witnesses must be infinite and have cardinality at least that of the type of propositional/predicate symbols.
Anton Danilkin and LoĂŻc Chevalier
May 3, 2023
May 9, 2023
Mnacho Echenim đ§, Mehdi Mhalla đ§ and Coraline Mori đ§
April 18, 2023
November 14, 2022
Ć tÄpĂĄn Holub đ§ and Ć tÄpĂĄn Starosta đ§
January 3, 2023
June 12, 2023