WS2 05 Agda 最近の更新履歴ソフトウェアエンジニアリングシンポジウム2012

(1)

Agda

^✽ ^✩^✁^✂ ^✪^✄^☎^✆^✝ ^✞❃ ^✩^✟✠✡

❊ ❅ ● ❀

†1

▲ ✷ ☛ ❁

†1

✹❄ ✼☞✌✍✎✏✑✍✒✓

_Agda

✔✕✖✺❂✒ ✓✗✘✙✚✦❑✾ ✶✗✔

_Agda

✒✓ ✛▼✜✢ ✣✤

✥✧★✫✬✕✭❏✮✛✯✰ ✱✚✦ ✲✳✴☞✥✵✸✬✕✻✭✿▼❆❇✜❈✘❖❉✚✦

Verification by Agda in script programming

Yoshifumi Yuasa ^†1 and Yoshiki Kinoshita ^†1

Agda, a functional programming language, is a powerful proof description langage as well.

In this talk, we introduce basic methods to verify software by Agda, and argue their applica-

tions to script programming.

1.

^❋^❍ ^■ ^◆

P◗ ❘ ❙❚

_Agda

❯❱ ❲❳ ❨❩❬❭❪❫❴ ❵ ❛❜

❝❯❞❡❢❣❤

_Agda

✐❚ ❥❦❧♠♥♦♣qr♦s t✐✉❛✈✇①❛②③❙④❣❤ ⑤⑥ ⑦❚ ⑧❭❪⑨⑩r

Chalmers

^{❶❷ ❸❯}❹ ❺❻❼❽ ❾❿➀⑦⑥ ➁❲❣

❤

1)

Agda

^{❚❵➂➃➄st✐}^➅^➁^❛➆➇➈^{➉➊❳➀➋} ^➌

✇❵➂ ❝❻➍❣❨❩❬❭❪❫❴❵➎⑨➏✐➅➁➈➐❱

➑⑥❣❤ ❫➏ ➒➓➔→❯

_Agda

♠♥♦♣→✐➅➁➃➄

➅➁✉❛➣↔❯❵➂❢❣➋ ✐❲↕❜❝❾➙➛✐⑦⑥❣

❾➋ ➜➝⑦✐❲ ➞➁➋ ❴❵❙➟❣➠➡❾❥❦❧st❻

➢⑦⑥❣➤➥❙❚➦❲❤

_Agda

st❛➧➝➦➨➩➫❯

❱❲⑥➭➋ st❛➯➲➳❯➵➸❣❦➺➻➼⑩➏❯➨➩

❢❣⑤✐❾ ❙➟➋ ⑤⑥ ❻➍➽➋ ⑧➾➓♠❬✈✇❻❱❲

⑦⑥❣➍↕➦➚➪ ❧st ❛❴ ❵➈➶ ➹✐➦❣❤

2. Agda

^➘➴ ^➷^➬➮➱✃

♠♥♦♣qr♦st✐➅➁❛

_Agda

❚

_Martin-

L¨ of

^{❧✇➳❻❐ ❒➛}^{❮➫ ➦}^{❧❰⑧Ï→}^❯^➉➞^➁^❲❣^❤

Ð❛➙➛Ñ⑦⑥❳❥❦❧st✐❚Ò➦❣ÓÔ➞❳Õ

Ö❚➋ ❥❦❧

_{“X → Y ”}

❯×ØÙ➅❳➋ ÚÛÜ❧

“(x : X) → Y (x)”

^❾ÝÞ➑^⑥➁^❲❣^ß❙④❣^❤ ^à

á❯➨❢❧➨➩❻â♣ã⑨ä❾å➑⑥ ➁æ➽➋ ➌çá

❹ ❛

_x

❾è➝↕é❯

_x

❻

_“

ÚÛ ➅➁

_”

ê➀⑦⑥❣➋ ✐

❲↕❛❾Ú Û Ü❳❣ë ì❙④❣❤

❧❯➚í✐î➸➁➋ ✉❛❧❯➉➊♠♥♦♣→❯❵➂

†1 (

^ï

)

^{ðñòóôõö ÷ø}

National Institute of Advanced Industrial Science and

Technology (AIST)

data nat : Set where

zero : nat

succ : nat

^ù

nat

data _==_ (n : nat) : nat

^ù

Set where

refl : n == n

_+_ : nat

^ù

nat

^ù

nat

zero + m = m

succ y + m = succ (y + m)

succ-eq :

{x y : nat}

^ù

x == y

^ù

succ x == succ y

succ-eq refl = refl

assoc :

(n m l : nat)

^ù

(n + m) + l == n + (m + l)

assoc zero m l = refl

assoc (succ y) m l = succ-eq (assoc y m l)

ú

_{1 Agda}

ûüýþÿ✩✼õ◆ ✩❃▲

✐î➸❣

Curry-Howard

❋❧➠ ✶❛✽ ❇ ❙❚➋ ❥ ❦

❧❚✹➯➚í➋ÚÛÜ❚➄t❛ ❆③ ●❻✷❁➑⑥❣❤

❖s✁✂ s❛➍↕➦➚í❘❀✁➋ ➄t ❛Õ ③ ●➈➋

⑩⑨ä❧❻➍➽

➌ç❢❣

⑤✐❾ ❙➟

❣❤

⑤⑥ ⑦❻➍➽

Agda

st❚✾ ✸➄t➳✇ ❻✄ ❊ ❢❣➨ ➩ ➫❯➉➊❤

Agda

^❻^➍^❣^{❵➂➃➄❛×☎❯}^❄

1

^❻④^✆❳^❤ ^⑤

⑤❙❚➋ ✝✞✟✠❦✐✉❛✡ ❛☛ ☞ ❯➌ ç➅➁❲❣❤

Agda

^❙❚^☛☞^❚✌✍✝^{⑥ ❳}^♠➓^q^Ï✪^✎❙❚➦^➛^➋

➌ç➑⑥❣✏➟

➈

❛ ❙④❣

❤

⑤❛ ➍

↕➦

➄t➃☞❛➌

ç❚ ⑩⑨ä❧✐➅➁ÝÞ❢❣⑤✐❾✑❲❤ ✉❛✒➋ ✓

❝❛➌ç❯❉✔❛ ❜❝❙✕❲➋✖❈➦❏í❯ÝÞ➅➁➋

(2)

[_] : {S : Set}

^ù

Trans S

^ù

Prop S

^ù

Prop S

[ P ] A s = (t : S)

^ù

P s t

^ù

A t

_#_ : {S : Set}

^ù

Trans S

^ù

Trans S

^ù

Trans S

_#_ P Q s u =

^✫

S ( t

^ù

(P s t)

^✦

(Q t u))

seq : {S : Set}

^ù

{P Q : Trans S}

^ù

{A : Prop S}

^ù

(s : S)

^ù

[ P # Q ] A s

^ù

[ P ] ([ Q ] A) s

seq s x =

t p u q

^ù

x u (t , (p , q))

ú

₂

▼❆✺✾ ✩✪✁✂✄☎❈ ❁✆✝

ë ✞❝❇❯✟➅➁❲❣❤

3.

^{▲◆✼➘➴◆✠}^✡☛^☞✌✍^✎^✏✽➱

➚➪❧st➦✑❯❴❵❢❣❃✞❻❚➋ ✒☎❛➍↕❻

❉❅➻➦❜❝❚✐⑥➦❲❤ ➠➡st❻➯➲➳❯➵➸❣

❦➺➼⑩➏ ❯

_Agda

st❙➨➩➅➋ ♠♥♦♣→❛❄■

❲❯⑤❛➼⑩➏✡ ❛➚í ✐➅➁❵➂ ❢❣⑤✐❻➦❣❤

⑤⑤❙❚×☎✐➅➁➋ ✓ ❇✔✵ ➼⑩➏❯❞ ❡❢❣❤

➚➪ ❧st

_L

✐✉❛✕✕ ✖✸

_M

❾➵➸⑦⑥❳✐

➟➋

_M

❛✗➽❋❣✘✙✓ ❇❛❂✞❯

_S

✐❢❣❤ ♠♥

♦♣→❛✕✕❚

_M

❛✓ ❇✔✵❯✚➟✛⑤❢➈❛➦❛

❙➋ ✉❛✔ ✵❥✜❯➨❢

_S

✡❛★ ✚❦➄t✐➅➁î

➸

⑦⑥❣❤ ✝❳➋ ④❣❀ß❛✖✸

_M

❻❥❢❣

_“

➚í

_”

❚➋ ✉⑥❯❑❢➍

↕

➦✓❇❛❂✞❯

✢➌❢❣➈

❛ ❙④

❣❤ ➍➞➁➋ ⑤⑥❚

_S

✡❛✣ ✚❦➄t✐î➸⑦⑥❣❤

⑤❛✤➦➌✥Ù❛✷➋ ♠♥♦♣→

_P

✐➚í

_A

❻➠➅

➁➋ ✤✄ ➚í

_{“[P ] A”}

❯✧❛➍↕❻➌➀❣❤

[P ] A s ^{⇐⇒ ∀} ^△ t, P s t ⇒ A t

⑤⑥❚✬ ♠♥♦♣→

_P

❛✕✕✒❻❚✭✞

_A

❾✮➽ Ô➞➁❲❣✯ ⑤✐❯➨ ❢➚í❙④❣❤

❄

₂

❻✟➅❳

_Agda

✰⑨✱❙❚➋ ✡➃❛✤✄➃☞❯

➌ç➅➁➋ ♠♥♦♣→❛ ✲✧✕✕❯➨❢❘❀

_‘#’

✐❛

❥✜❯❵➂➅➁❲❣❤ ⑤❛➚ í

_seq

❚➋ ➚ ➪❧st

❛❴❵❻✳➤⑥❣➳✇✴①❙④❣✶➻➳✇

_(Dynamic

Logic) ³⁾

^{❛✹✇❛×➊❙④❣}^❤ ^⑤^❛Ð➋ ^{✻✿❏❊✁●}

➽❍➅✕ ✕➋ ✂❖➻✕✕❻➊❲ ➁❛✹✇➈④➽➋ ⑤⑥

⑦❯❵➂➅➁♣P✎♣➓Ù➅➁æ➥➭➋ ⑤❛✴①❻❐

➛♠♥♦♣

→❴ ❵❯

_Agda

✡❙✕↕⑤

✐

❾❙➟

❣❤

4.

^◗^❘^❙^☞^❚^❯➮➷

Agda

✒❱❙➄✏❳➼⑩➏Ù❙❚➋ ✕ ✕✖ ✸

_M

✁✉❛✓

❇❂✞

_S

❛❲✴ ➻➦❳❨❚➋ ✭✞➅➈➂➝❙④❣✭

❩❚➦❲❤ ✕ ✕✖✸❛❄■❲ ❯❬➝⑦❛❭❪❻➍➽Õ

⑧➾➓♠❬st❚➋ ❵Û❛ ❫♠➓❛⑨❰❜r❨❩❬

❭❪❫✁✖✸❰⑧Ï→☛❛❝❞❯✕↕❡➻❙➐❱➑⑥

❣❤

➠➡✐

➦

❣❰⑧Ï→❛ ✘✙❳❨❚❢➂❙④❣⑤✐

❾✑ ❲❤ ⑤❛➍↕➦

_{Black Box}

❯✹❣❤✞➻❰⑧Ï

→❻æ❲ ➁➋ ⑧➾➓♠❬✈✇❾✐❥❻✕➤⑥➁❲❣⑤

✐❯❴❵❢❣❛❚➋ ➼⑩➏ ❴❦❛ ➍↕➦✟✶➎⑨➏ ❙

❚❧♠❙④➽➋

_Agda

☛❯❱ ❲❳➌✇❵➂❝❻➍❣❴

❵❾♥❱➦❛❙❚➦❲➝✐♦➸

❣❤

♣q

4)

❙❚ ⑤❛ ➍↕➦❰⑧Ï→❛ ❴❵☎✐➅➁➋ ❤

❦❛r⑨s➝⑦➦❣t✉❬✈✇❰⑧Ï→❛✟✶①②➠

✶❯③➞➁❲❣❤ ④r⑨s❻❚ ⑤➊➝❛❨❩❬❭❪❫

❾⑥⑦➅➁æ➽➋ ❤❦❛ ⑧➾➓♠❬❾ ⑤⑥ ⑦❯❝❞➅

➁①②❻➠✈❢❣❤ ④✰r⑧⑨tr❬⑨ r⑨s

_,

❨❩

❬❭❪❫⑩ ❛✔✵➼⑩➏❯❶➽➋ ✓❇❂✞❷❛❸❹❯

➐❱➅➁➋✉⑥❺⑥❛ t❻✁✹✇❯✄❼✚❱➅➦❾ ⑦➋

➣↔❛❵➂❯✕➞❳❤

➙ ❽❾❿ ➀➁➂

➙ ❽❾❿ ➀➃➄

➅➆➇❿ ➈➉➊

➋➌➍➎

➽➏➈ ➃➄

➙ ❽❾❿ ➀➐➑ ➈➒➄

Apache

ScrEngine ScrEngine

SysLog

SysLog ScrEngine

WebServer ApplicationServer

Tomcat

SysLog

➓❽➔❿→➣↔

Console

5.

^↕ ^➷ ^■

❥❦❧♠♥♦♣qr♦st

_Agda

✐✉⑥❻➍❣❨❩

❬❭❪❫❴❵❝❯❞❡➅❳❤ ✝❳⑧➾➓♠❬✈✇❴❵

➛❛✶ ❱ ❻➊❲➁♦❪ ➅❳❤

➜ ➝ ➞ ➟

1) “The Agda wiki”,

http://wiki.portal.chalmers.se/agda/pmwiki.php.

2) Howard, William A., ”The formulae-as-types

notion of construction”, in Seldin, Jonathan P.;

Hindley, J. Roger, To H.B. Curry: Essays on

Combinatory Logic, Lambda Calculus and For-

malism, Boston, MA: Academic Press, 1980,

pp. 479490

3) Vaughan Pratt, “Semantical Considerations

on Floyd-Hoare Logic”, Proc. 17th Annual

IEEE Symposium on Foundations of Computer

Science, 1976, 109-121.

4)

^➠➡➹➢

,

^➤✷➥➦

.

^❰^⑧Ï^→^❛✰^r^⑧^⑨t^r

❬❳✮❻➧➨➅❳

_CD

t✉❬✈✇❻æ➥❣①②

➠✶❛

Assurance Case

^❶✮

,

^{❀➩❷➺➫➭ ➯➲}

(AIST-PS-2012-003),

➳➵ ➸➺➻ ✞➫➭➼

WS2 05 Agda 最近の更新履歴 ソフトウェアエンジニアリングシンポジウム2012

Agda

†1

†1

Agda

Agda

Verification by Agda in script programming

Yoshifumi Yuasa †1 and Yoshiki Kinoshita †1

Agda, a functional programming language, is a powerful proof description langage as well.

In this talk, we introduce basic methods to verify software by Agda, and argue their applica-

tions to script programming.

1.

Agda

Agda

Chalmers

1)

Agda

Agda

Agda

2. Agda

Agda

Martin-

L¨ of

“X → Y ”

“(x : X) → Y (x)”

x

x

“

”

†1 (

)

National Institute of Advanced Industrial Science and

Technology (AIST)

data nat : Set where

zero : nat

succ : nat

nat

data _==_ (n : nat) : nat

Set where

refl : n == n

_+_ : nat

nat

nat

zero + m = m

succ y + m = succ (y + m)

succ-eq :

{x y : nat}

x == y

succ x == succ y

succ-eq refl = refl

assoc :

(n m l : nat)

(n + m) + l == n + (m + l)

assoc zero m l = refl

assoc (succ y) m l = succ-eq (assoc y m l)

1 Agda

Curry-Howard

Agda

Agda

1

Agda

[_] : {S : Set}

Trans S

Prop S

Prop S

[ P ] A s = (t : S)

P s t

A t

_#_ : {S : Set}

Trans S

Trans S

Trans S

_#_ P Q s u =

S ( t

(P s t)

(Q t u))

seq : {S : Set}

{P Q : Trans S}

{A : Prop S}

(s : S)

WS2 05 Agda 最近の更新履歴ソフトウェアエンジニアリングシンポジウム2012

_Agda

_Agda

Yoshifumi Yuasa ^†1 and Yoshiki Kinoshita ^†1

_Agda

_Agda

_Agda

_Agda

_Agda

_Martin-

_{“X → Y ”}

_x

_x

_“

_”

_{1 Agda}

₂

_Agda

_L

_M

_M

_S

_M

_S

_M

_“

_”

_S

_P

_A

_{“[P ] A”}

[P ] A s ^{⇐⇒ ∀} ^△ t, P s t ⇒ A t

_P

_A

₂

_Agda

_‘#’

_seq

_(Dynamic

Logic) ³⁾

_Agda

_M

_S

_{Black Box}

_Agda

_,

_Agda

_CD