How to make our system reliable?
Menu Menu
Why we study English?
It is a common language We should know at least one language other than mother language Information in Japanese is rather poor
Various Kind of Computers
Multi CPU Computer GPU Deep Learning Quantum Computer
Parallel Computer
It is simulated by single processor
GPU
It contains large amount of small processor
SIMD one instruction handle multiple data
Deep Learning
sometimes called differentiable computation handling large dimensional numeric space
Quantum computer
Physical status is represented by probabilistic wave function
Eψ = Hψ
E is a constant, H is an operator. By defining H, ψ satisfies some condition.
Quantum computer can find find constraint on multiple boolean value (qbit) at once.
Currently we have 53 qbit machine.
Quantum computer will scale?
Limitation 0 : No Super Turing Powerful
the same type computation with Turing machine
Limitation 1 : Plank constant 10^-23
ΔEΔt < 10^-23 and ΔPΔx < 10^-23
Limitation 2 : Noise or error
very large number of variables on a wave function possibly contains only one particle
At least, 2,000 qbits are required to make it practical
Current SAT solver can handle more than 1000 boolean variables
Limitation 3 : qbit computation model
load/store based qbit computer is no powerful than classical computer
3 or more interactions are required to overcome this limitation
What is reliability?
Keeping secrets are very small part of security.
System must keep working
high availability
correctly working
System may fail (ex. hardware failure, fire)
Backup is important
Accessibility
Unusable system is the most safe one?
compromise ( such as 4 digit password)
Human factor
Technology itself does not make the system reliable
be a reliable person
Specification
Hardware and Software have to satisfies specifications.
What is a specification?
basically logic
Specification is described in logics
P → Q
P ∨ Q
P ∧ Q
¬ P
P and Q can be a formula which has true or false
Satisfiability
P ∨ Q is satisfiable when P = true
P ∨ ¬ P is valid
P ∧ ¬ P is not satisfiable
Sat solver can check a formulas satisfiable or not.
Many practically interesting problems can be encoded as a boolean formula.
it is NP-complete, that is every NP hard problem can be translated to SAT.
Specification / Implementation / Execution
Specification in logic
Implement in functions
Execution result is set
it may contains more than 1 million variables, that is, SAT itself is not enough to show the correctness.
Proof system (Natural deduction)
If we use proof system, we may overcome the limitation.However, proofs are usually very difficult and large.
How about computer supported proof system?
A proof
If we have a proof of B from assumption A, we wrote like this.
A
-----------
B
Logical operator and inference
Every logical operator has two inference rule, introduction and elimination.
[A]
:
B A A → B
------------- →-intro ------------------ →-elim
A → B B
[A] is called discharged A. All assumptions have be discharged in a proof of a formula.
A B A ∧ B A ∧ B
------------- ----------- π1 ---------- π2
A ∧ B A B
⊥
------------- ⊥-elim
A
⊥ has no introduction rule. ¬ A is defined as A → ⊥.
example
A → B ∧ B → C → A → C
use →-intro twice
C
---------------------------------------------------
A → C
---------------------------------------------------
((A → B) ∧ (B → C )) → ( A → C )
We can use (A → B) ∧ (B → C ) and A as assumptions.
C can be infered from A, A → B, B → C
A A → B
-----------------
B B → C
---------------------------------------------------
C
A → B, B → C are dervied fro (A → B) ∧ (B → C ) using π1,π2 ( ∧-elim ).
(A → B) ∧ (B → C )
----------------------
A A → B (A → B) ∧ (B → C )
---------------- -----------------------
B B → C
---------------------------------------------------
C
---------------------------------------------------
A → C
---------------------------------------------------
((A → B) ∧ (B → C )) → ( A → C )
discharge all assumption from →-intro.
[(A → B) ∧ (B → C )]1
------------------------
[A]2 A → B [ (A → B) ∧ (B → C )]1
---------------- ---------------------------
B B → C
---------------------------------------------------
C
--------------------------------------------------- 2
A → C
--------------------------------------------------- 1
((A → B) ∧ (B → C )) → ( A → C )
exercise
Lemma1 : A -> ( A -> B ) -> B Lemma2 : B -> A -> (B ∧ A) Lemma3 : ( A ∧ B ) ∧ C → A ∧ (B ∧ C)
Curry Howard Isomorphism
Formula = Type Proof = λ termProofs system is a functional programming language.
Agda
What we can do in this proof system?
basically all mathematics such as Set Theory
Is this practical?
Not yet
What is going on?
What are we doing?
Continuation based C (CbC) ( more primitive C language )
Implement Operating system on CbC
Provide model checking and proof system for CbC