How to make our system reliable?
Menu
Why we study English?
It is a common language We should know at least one language other than mother language Information in Japanese is rather poor
Various Kind of Computers
Multi CPU Computer GPU Deep Learning Quantum Computer AI
Parallel Computer
It can be simulated by single processor
GPU
It contains large amount of small processor
SIMD one instruction handle multiple data
Deep Learning / AI
sometimes called differentiable computation handling large dimensional numeric space Can we rely on it? How to make it reliable? How about Proof system?
What is reliability?
Keeping secrets are very small part of security.
System must keep working
high availability
correctly working
System may fail (ex. hardware failure, fire)
Backup is important
Accessibility
Unusable system is the most safe one?
compromise ( such as 4 digit password)
Human factor
Technology itself does not make the system reliable
be a reliable person
Specification
Hardware and Software have to satisfies specifications.
What is a specification?
basically logic
Specification is described in logics
P → Q
P ∨ Q
P ∧ Q
¬ P
P and Q can be a formula which has true or false
Satisfiability
P ∨ Q is satisfiable when P = true
P ∨ ¬ P is valid
P ∧ ¬ P is not satisfiable
Sat solver can check a formulas satisfiable or not.
Many practically interesting problems can be encoded as a boolean formula.
it is NP-complete, that is every NP hard problem can be translated to SAT.
Specification / Implementation / Execution
Specification in logic
Implement in functions
Execution result is set
it may contains more than 1 million variables, that is, SAT itself is not enough to show the correctness.
Proof system (Natural deduction)
If we use proof system, we may overcome the limitation.However, proofs are usually very difficult and large.
How about computer supported proof system?
A proof
If we have a proof of B from assumption A, we wrote like this.
A
-----------
B
Logical operator and inference
Every logical operator has two inference rule, introduction and elimination.
[A]
:
B A A → B
------------- →-intro ------------------ →-elim
A → B B
[A] is called discharged A. All assumptions have be discharged in a proof of a formula.
A B A ∧ B A ∧ B
------------- ----------- π1 ---------- π2
A ∧ B A B
⊥
------------- ⊥-elim
A
⊥ has no introduction rule. ¬ A is defined as A → ⊥.
example
A → B ∧ B → C → A → C
use →-intro twice
C
---------------------------------------------------
A → C
---------------------------------------------------
((A → B) ∧ (B → C )) → ( A → C )
We can use (A → B) ∧ (B → C ) and A as assumptions.
C can be infered from A, A → B, B → C
A A → B
-----------------
B B → C
---------------------------------------------------
C
A → B, B → C are dervied fro (A → B) ∧ (B → C ) using π1,π2 ( ∧-elim ).
(A → B) ∧ (B → C )
----------------------
A A → B (A → B) ∧ (B → C )
---------------- -----------------------
B B → C
---------------------------------------------------
C
---------------------------------------------------
A → C
---------------------------------------------------
((A → B) ∧ (B → C )) → ( A → C )
discharge all assumption from →-intro.
[(A → B) ∧ (B → C )]1
------------------------
[A]2 A → B [ (A → B) ∧ (B → C )]1
---------------- ---------------------------
B B → C
---------------------------------------------------
C
--------------------------------------------------- 2
A → C
--------------------------------------------------- 1
((A → B) ∧ (B → C )) → ( A → C )
exercise
Lemma1 : A -> ( A -> B ) -> B Lemma2 : B -> A -> (B ∧ A) Lemma3 : ( A ∧ B ) ∧ C → A ∧ (B ∧ C)
Curry Howard Isomorphism
Formula = Type Proof = λ termProofs system is a functional programming language.
Agda on my github
my agda pageShould we create github account?
What we can do in this proof system?
basically all mathematics such as Set Theory
Is this practical?
Not yet
What is going on?
What are we doing?
Continuation based C (CbC) ( more primitive C language )
Implement Operating system on CbC
Provide model checking and proof system for CbC