TSSS(Tsukuba Software Science Seminar)

Suggestions are welcome; if you have suggestion for talks on programming languages, formal methods including program analysis and verification, or related research fields, please send it to the organizers by e-mail (tssss-kanji at score.cs.tsukuba.ac.jp).

TSSS 2014-8

Date & Time: July 24 (Thu), 2014, 16:00- 
Place:       SB1001 (10th floor)  (筑波大学 総合研究棟B 1001号室)
Speaker:     Atsushi Igarashi (Kyoto University)
	     http://www.fos.kuis.kyoto-u.ac.jp/~igarashi/
Title:       A Hoare Logic for SIMT Programs

Abstract: We study a Hoare Logic to reason about GPU kernels, which
are parallel programs executed on GPUs.  We consider the SIMT (Single
Instruction Multiple Threads) execution model, in which multiple
threads execute in lockstep (that is, execute the same instruction at
a time).  When control branches both branches are executed
sequentially but during the execution of each branch only those
threads that take it are enabled; after the control converges, all
threads are enabled and execute in lockstep again.  In this paper we
adapt Hoare Logic to the SIMT setting, by adding an extra component
representing the set of enabled threads to the usual Hoare triples.
It turns out that soundness and relative completeness do not hold for
all programs; a difficulty arises from the fact that one thread can
invalidate the loop termination condition of another thread through
shared memory.  We overcome this difficulty by identifying an
appropriate class of programs for which soundness and relative
completeness hold.  (Joint work with Kensuke Kojima)

TSSS 2014-7

Date & Time: July 17 (Thursday), 2014, 13:00- 
Place:       SB1112 (11th floor)  (筑波大学 総合研究棟B 1112号室)
Speaker:     Fadoua Ghourabi (Kwansei Gakuin University)
Title:       Formalizing the Qualitative Superposition of Rectangles 
	     in Isabelle/HOL

Abstract:
Qualitative spatial reasoning (QSR) provides methods to represent
spatial objects qualitatively. Being a subfield of artificial
intelligence, QSR approximates the human perception of the space,
namely where relation between spatial objects is a sufficient
information, and where computation is performed only when
necessary. The qualitative reasoning generally relies on
"pen-and-paper" proofs. Needless to say, a safer exploitation of a QSR
method requires a formal verification of its correctness. The purpose
of this research is to provide a full formalization of a practically
oriented QSR problem in a proof assistant.
 
We deal with the problem of arranging rectangles in the 2D plane. The
arrangement involves superposition under conditions of visibility. We
use relative directions to qualitatively represent the spatial objects
of interest, i.e. rectangles. We define properties to answer questions
about a superposition, for instance, whether it is successful or
whether the result is a valid rectangle. Checking these properties
formally is a challenge due to the number of the pairwise combinations
of rectangles. In an attempt to optimize the proofs, we group the
results of superposing the rectangles into equivalence classes. We
show that it is enough to check a property for a representative
element of an equivalence class.

TSSS 2014-6

Date & Time: June 20 (Friday), 2014, 15:30-
Place: SB1111 (11th floor), Tsukuba University
Speaker: LIU, Shuang (School of Computing, National University of Singapore)

Title: Towards direct model checking of UML state machines

UML diagrams are gaining increasing usage in Object-Oriented system
designs.  UML state machines are specifically used in modeling dynamic
behaviors of classes.  It has been widely agreed that verification of
system designs at an early stage will dramatically reduce the
development cost. Tool support for verification UML designs can also
encourage consistent usage of UML diagrams throughout the software
development procedure. In this work, we are motivated to provide
theoretical and practical support for model checking UML state
machines. We propose a formal operational semantics covering all
features of the latest version (2.4.1) of UML state machines
specification. The labeled transition system is adopted as the
semantic model, so as to use automatic verification techniques like
model checking. We implement our approach in a tool, named USMMC,
which turns model checking of UML state machines into practice. USMMC
is a self-contained toolkit, which provides editing, interactive
simulation as well as powerful model checking support for UML state
machines. The evaluation results show the effectiveness and
scalability of our tool.

Biodata: LIU Shuang is a PhD candidate in School of Computing,
National University of Singapore. Her research interest falls in
formal methods and software engineering, especially in the area of
integrating formal methods in requirement engineering and software
design phase. She is also interested in exploring various advanced
techniques, such as machine learning and natural language processing
techniques, to aid early defects detection in the software development
activities.

TSSS 2014-5


Date & Time: June 17 (Tuesday), 2014, 14:00- 
Place:       SB1111 (11th floor)  (筑波大学 総合研究棟B 1111号室)
Speaker:     Robert Glueck (DIKU, University of Copenhagen)
	     http://www.diku.dk/~glueck
Title:       Bootstrapping Compiler Generators from Partial Evaluators

Abstract:
Three-step bootstrapping of compiler generators from partial evaluators
(PE) is a viable alternative to the third Futamura projection. To
practically validate the theoretical insight, a novel PE-based compiler
generator was designed implemented for a recursive flowchart language.
This bootstrapping technique was found to produce the same compiler
generator that Gomard & Jones produced more that two decades ago by
self-application, but faster (on the same machine).
Compiler-generator bootstrapping has distinct properties that are not
present in the classic Futamura projections, such as the ability to turn
a PE into a compiler generator in one step without self-application.

Reference:

Glück R., Bootstrapping compiler generators from partial evaluators.
In Clarke E.M., et al. (eds.), Perspectives of System Informatics.
LNCS 7162, 2012. http://dx.doi.org/10.1007/978-3-642-29709-0_13

TSSS 2014-4

Date&Time:  2014年 5月 15日 (木) 15:30-
Place:      筑波大学 総合研究棟B 1001号室 (10階)
Speaker:    山形賴之(産総研)	

Title: ZIPC-to-PAT

Abstract:
キャッツ株式会社が開発しているソフトウェアモデリングツールZIPCに対して、
その記法をCSPに変換し、PATモデル検査器によりモデル検査するZIPC-to-PATに
ついて報告する。

TSSS 2014-3

Date&Time:  2014年 4月 11日 (金) 11:00-
Place:      筑波大学 総合研究棟B 1111号室 (11階)
Speaker:    Oleg Kiselyov 
p
Talk 1:
Extensible Effects: An Alternative to Monad Transformers
Oleg Kiselyov, Amr Sabry and Cameron Swords

We design and implement a Haskell library that solves the long-standing
problem of combining effects without imposing restrictions on their
interactions (such as static ordering). Effects arise from
interactions between a client and an effect handler (interpreter);
interactions may vary throughout the program and dynamically adapt to
execution conditions. Existing code that relies on monad transformers
may be used with our library with minor changes, gaining efficiency
over long monad stacks. In addition, our library has greater
expressiveness, allowing for practical idioms that are inefficient,
cumbersome, or outright impossible without a global re-write 
with monad transformers.

Our alternative to a monad transformer stack is a single monad, for
the coroutine-like communication of a client with its handler. Its
type reflects possible requests, i.e., possible effects of a
computation. To support arbitrary effects and their combinations,
requests are values of an extensible union type, which allows adding
and, notably, subtracting summands.  Extending and, upon handling,
shrinking of the union of possible requests is reflected in its type,
yielding a type-and-effect system for Haskell. The library is
lightweight, generalizing the extensible exception handling to other
effects and accurately tracking them in types.

The talk will use Haskell to motivate and illustrate extensible
effects, which however are not limited to Haskell.

TSSS 2014-2


Date&Time:  2014年 3月 14日 (金) 14:00-
Place:      筑波大学 総合研究棟B 1001号室 (10階)
Speaker:    Oleg Kiselyov 

Title:	    Code generation with effects and hygiene

Abstract:

The appeal of generative programming is ``abstraction without guilt'':
eliminating the vexing trade-off between writing high-level code and
highly-performant code. Generative programming also promises to
formally capture the domain-specific knowledge and heuristics used by
high-performance computing (HPC) experts. Effects are indispensable in
code generators, to report failures, to generate alternatives to
choose the fastest from, to introduce auxiliary variables, to
interchange loops, etc.  Extensive painful experience shows that
unrestricted effects interact with generated binders in undesirable
ways to produce unexpectedly unbound variables, or worse, unexpectedly
bound ones.  These subtleties hinder domain experts in using and
extending the generator.  A pressing problem is thus to express the
desired effects while regulating them so that the generated code is
correct, or at least correctly scoped, by construction.

Assuredly maintaining hygiene while reshuffling open code is not only
important practically but is interesting theoretically.  We present
two ways to solve the problem, from different angles. Both solutions
permit arbitrary effects, including mutable references and delimited
control, that move open code across generated binders. Both statically
guarantee that the generated code is well-typed and well-scoped.

On one hand, we generate code with quasi-quotation and ensure hygiene
at the generation time. Attempting to build code values with unbound
or mistakenly bound variables raises an exception with good
diagnostics. This approach requires no fancy types and has been
implemented in BER MetaOCaml (a superset of OCaml with data types and
operations for constructing and executing typed code values).

Fancier types (mainly, first-class polymorphism) on the other hand can
ensure hygiene even before the generator is run: a well-typed
generator, when run, will never even attempt to build ill-scoped code.
More insightfully, static types of generator expressions indicate the
lexical scopes of generated binders, hence preventing mixing up
variables with different scopes. We demonstrate this approach on a
Haskell code-combinator library, which may be regarded as a `staged
Haskell.'

TSSS 2014-1

Date&Time:  2014年 2月 14日 (金) 14:00-
Place:      筑波大学 総合研究棟B 1111号室 (11階)
Speaker:    佐藤 雅彦 (京都大学名誉教授)

Title:      A Name-Free Lambda Calculus

Abstract:
This talk introduces a name-free lambda calculus. In contrast to the fact 
that the traditional lambda calculus is defined as a calculus on open-terms 
containing free variables, the name-free lambda calculus presented here is 
a calculus on closed-terms. The definition of such a calculus is made 
possible by inductively defining the set of closed lambda terms without
using variables.  The advantage of the calculus over the name-carrying 
lambda calculus is that metatheorems about the calculus can be shown 
without using the notion of a variable and hence also without notions of 
alpha-equivalence, substitution and fresh names. It is shown that 
metatheorems can be proved more naturally in this name-free calculus than 
in the name-carrying calculus.

TSSS 2013-6

Date&Time:  2013年 11月6日 (水) 16:00-
Place:      筑波大学 総合研究棟B 1001号室 (10階)
Speaker:    片山 晋 (宮崎大学)
	    http://nautilus.cs.miyazaki-u.ac.jp/~skata/

Title:
MagicHaskeller on the Web: サービスとしての自動プログラミング

Abstract:
ウェブベースの自動プログラミングツールである,MagicHaskeller on the Web
の紹介を行う.本ツールは,手軽さ,使いやすさに重点を置いたものであり,
ウェブ検索エンジンを使うのと同様の感覚で短いプログラムを生成することが
できる.この講演では,MagicHaskeller on the Webの使用方法について紹介
した後,実装方法について説明し,また,Microsoft Excel 2013の同様の機能
であるFlash Fillとの比較検討を行う.

TSSS 2013-5

Date&Time:  8月7日 (水) 15:30-
Place:   筑波大学 総合研究棟B 1001号室
Speaker: Jacques Garrigue(名古屋大学)

Title: Ambivalent Types for Principal Type Inference with GADTs
       (Joint work with Didier Remy)

Abstract:
GADTs, short for Generalized Algebraic DataTypes, which allow
restricting type parameters for specific constructors, have many
useful applications.  However, pattern matching on GADTs
introduces local type equality assumptions, which are a source of
ambiguities that may destroy principal types, and must be resolved by type
annotations.

We introduce "ambivalent types" to tighten the definition of ambiguities
and better confine them, so that type inference has principal types,
remains monotonic, and requires fewer type annotations.

TSSS 2013-4

Date&Time:  July 25 (Thu) 16:00-
Place:   筑波大学 総合研究棟B 1001号室
Speaker: 西澤弘毅(神奈川大学 工学部 情報システム創成学科)

Title: クオンテイルと完備べき等左半環の表現定理
Abstract:
完備束に分配するモノイド構造が入った代数構造はクオンテイルと呼ばれ、
その典型例として、固定された集合上の二項関係全体が知られている。また、
クオンテイルの分配束を片側だけ弱めた代数構造が完備べき等左半環と呼ば
れ、その典型例として、固定された集合上の上に閉じた多重関係全体が知ら
れている。この講演では、クオンテイルの関係表現定理に関するいくつかの
結果と、完備べき等左半環の多重関係表現定理に関するいくつかの結果につ
いてまとめる。 
なお、この研究は鹿児島大学の古澤仁氏との共同研究である。

TSSS 2013-3

Date:    June 27 (Thu) 15:30-
Place:   Room 1001 (10th floor), Lab. of Adv. Res.-B bldg. ("Sogo-kenkyu-tou" B)
Speaker: Aart Middeldorp (University of Innsbruck)

Title:

 Beyond Peano Arithmetic - Automatically Proving Termination of the
 Goodstein Sequence

Abstract:

 Kirby and Paris (1982) proved in a celebrated paper that a theorem
 of Goodstein (1944) cannot be established in Peano (1889) arithmetic.
 We present an encoding of Goodstein's theorem as a termination
 problem of a finite rewrite system. Using a novel implementation of
 ordinal interpretations, we are able to automatically prove termination
 of this system, resulting in the first automatic termination proof for
 a system whose derivational complexity is not multiply recursive. The
 talk is based on joint work with Sarah Winkler and Harald Zankl.

TSSS 2013-2

Date&Time: May 16(Thu), 17:00-
Place: 第12会議室(本部・情報棟6階), 産総研つくば中央

Speaker: 平井洋一(産総研)
Title: 並列データ構造の検証、次の一手

Abstract:
並列索引構造の検証をしたい。ファイルシステムやデータベースの索引に
使われていて重要である。スタックやキューの並列版の検証は自動化
できて性能を競っているのに、索引構造の並列版の検証は手動でさえ十
分でない(たとえばlinearizabilityを形式手法で示せていない)。ところで
実は、大勢が検証しようとしている並列索引構造もそうでない並列索引
構造もある。特に応用範囲が広いのに研究されていない並列索引構造
を紹介する。

TSSS 2013-1

Date&Time: Feb. 25(Mon), 15:30-
Place: Room SB-1001 (総合研究棟B, 10階), 筑波大学

Speaker: 塚田武志(東北大学大学院情報科学研究科)

Title: 2レベルゲームによる共通型の意味論

Summary: 
木 T と木オートマトン A が与えられたとき,T が A に受理されるか否
かを争う,証明者と反証者の間のゲーム G を考えることができる.ゲー
ム G のルールは木 T の構造にしたがって定義され,この意味でゲーム
G は木 T の構造の上のゲームであると言うことができる.

これを一般化のひとつが,本発表で述べる2レベルゲームである.2レベ
ルゲームは(単純型付きの)Boehm木の構造の上のゲームである.すなわ
ち,与えられたBoehm木 M が与えられた性質 P を満たすかを争う,
Boehm木 M の構造にしたがって定義されるゲームである.

本発表では,2レベルゲームのアイデアと基本的な性質をみたのち,2レ
ベルゲームが共通型システムと呼ばれる型システムの完全かつ健全な意味
論を与えることをみる.また,2レベルゲームのプログラム検証への応用
に関する展望を述べる.

TSSS 2012-11

Date&Time: Dec. 20(Thu), 15:30-
Place: Room SB-1001 (総合研究棟B, 10階), 筑波大学

Speaker: Reynald Affeldt (産業技術総合研究所)

Title: Formal Verification of Shannon's Theorems
       (joint work with Manabu Hagiwara and Jonas Senizergues)

Summary: The most fundamental results of information theory are Shannon's
theorems. These theorems express the bounds for reliable data
compression and transmission over a noisy channel. Their proofs are
non-trivial but rarely detailed, even in the introductory literature.
This lack of formal foundations is all the more unfortunate that
crucial results in computer security rely solely on information theory
(the so-called ``unconditional security''). In this presentation, we
report on the formalization of a library for information theory in the
SSReflect extension of the Coq proof-assistant. In particular, we
produce the first formal proofs of the source coding theorem (that
introduces the entropy as the bound for lossless compression), and of
the channel coding theorem (that introduces the capacity as the bound
for reliable communication over a noisy channel).

TSSS 2012-10.5

Date & Time: Dec. 10 (Mon), 10:30 - 12:00
Place: Room SB-1112 (筑波大学 総合研究棟B 11階)

Speaker: Oleg Kiselyov (http://okmij.org/)

Title: Iteratees

Abstract:
  Iteratee IO is a style of incremental input processing with precise
  resource control. The style encourages building input processors from
  a user-extensible set of primitives by chaining, layering, pairing and
  other modes of compositions. The programmer is still able, where
  needed, to precisely control look-ahead, the allocation of buffers,
  file descriptors and other resources. The style is especially suitable
  for processing of communication streams, large amount of data, and
  data undergone several levels of encoding such as pickling,
  compression, chunking, framing.  It has been used for programming
  high-performance (HTTP) servers and web frameworks, in computational
  linguistics and financial trading.
  
   The talk will introduce programming with Iteratees in Haskell,
  contrasting them with |stdio|-like IO and Lazy IO and relating to
  online parser combinators. The talk will stress principles and
  characteristic examples common to all iteratee libraries across
  several languages.

TSSS 2012-10

Date&Time: Nov. 9(Fri), 15:00-16:00
Place: Room SB-1001 (Sogo-Kenkyuto-B, 10th Floor), University of Tsukuba

Speaker: Walid Taha (Halmstad University, Sweden)

Title: Staging, 15 years later

Abstract: 
Multi-stage Programming with Explicit annotations, or staging for
short, gives the programmer control over program evaluation order. It
enables rapid development of program generators and domain-specific
languages. Staging was introduced in 1997 in a paper by Tim Sheard, my PhD
advisor, and myself. Significant activity by numerous researches followed.
This talk reviews the key concepts and developments in the area of staging,
and suggests some promising directions for future work.

TSSS 2012-9

Date&Time: Oct. 22(Mon), 15:30-
Place: Room SB-1111 (Sogo-Kenkyuto-B, 10th Floor), University of Tsukuba

Speaker: 寺内 多智弘(名古屋大学)

Title: A Template-based Approach to Complete Predicate Refinement

Abstract:
SLAM, BLASTなどに代表されるソフトウェアモデル検査器が抱える課題の一つに、
抽象の詳細化(abstraction refinement)がある。モデル検査器の性能は
refinementのやり方に大きく依存し、refinementを誤ると停止性が損なわれる
こともある。この問題に対し、Jhala & McMillanはTACAS 2006の論文で「完全
なrefinement」の手法を提案した。この手法は、(predicate abstractionにお
いて)refinementを無限に間違え続けるということを防ぎ、モデル検査器の停止
性を保証することができる。具体的には、Jhala & McMillanは、限量子なしの
difference constraintとuninterpreted functionの一階述語論理の理論で有効
な手法を示した。しかし、これは非常に限られた理論であり、多くのモデル検
査器で用いられる線形演算の理論などに対応していない。今回は、線形演算や
配列など、より広い理論に対して有効な、完全なrefinementの手法を提案する。

TSSS 2012-8

Date&Time: Oct. 4 (Thu), 14:00-
Place: Room SB-1001 (Sogo-Kenkyuto-B, 10th Floor), University of Tsukuba

Speaker: Daan Leijen (Microsoft Research in Redmond)

Title: Koka: a function-oriented language with safe side-effects

Abstract: 
Koka is a new function-oriented language with strong static type
inference. A novel feature is the (side) effect inference
where every function shows the potential side-effects in its type. 
The Koka language essentially takes the strict evaluation 
from ML and combines it with monadic side effects from Haskell. 
In this talk, I will show how effect inference can be made to 
work in a polymorphic and higher-order setting. As a 
demonstration of its use, I will also show a safe tier-splitted 
program, where a single program has code that runs on both 
the server and client (using NodeJS and a Browser), but through 
the effect system we can guarantee that there is no 
unsafe sharing between client and server code.
See also http://www.rise4fun.com/koka/tutorial for more information.

Bio: 
Daan Leijen is a researcher at Microsoft Research in Redmond, 
WA, where he specializes in language design. In particular, he 
enjoys working on functional languages like Haskell and OCaml, 
and studied various type inference systems.
He was also the implementor of the Parsec parser library, and 
the Parallel extensions to .NET (Task library) that ships with Windows.

TSSS 2012-7

Date&Time: 9月21日 (金), 15:30-
Place: Room SB-1001 (Sogo-Kenkyuto-B, 10th Floor)
Speaker: Yasuhiko Minamide (University of Tsukuba) Title: Reachability Analysis of the HTML5 Parser Specification and its Application to Compatibility Testing Abstract: A draft standard for HTML, HTML5, includes the detailed specification of the parsing algorithm for HTML5 documents, including error handling. In this paper, we develop a reachability analyzer for the parsing specification of HTML5 and automatically generate HTML documents to test compatibilities of Web browsers. The set of HTML documents are extracted using our reachability analysis of the statements in the specification. This analysis is based on a translation of the specification to a conditional pushdown system and on a new algorithm for the reachability analysis of conditional pushdown systems. In our preliminary experiments, we generated 353 HTML documents automatically from a subset of the specification and found several compatibility problems by supplying them to Web browsers. This is joint work with Shunsuke Mori.

TSSS 2012-6

Date&Time: 7月26日 (木), 16:00-
Place: Room SB-1014 (Sogo-Kenkyuto-B, 10th Floor)

Speaker: Hiroshi Unno (University of Tsukuba)

Title:
MoCHi: Software Model Checker for a Higher-Order Functional Language

Abstract:
We will demonstrate MoCHi, a fully-automated program verification tool
(so called a "software model checker") for a subset of OCaml,
supporting integers, recursive data types (such as lists), exceptions,
higher-order functions and recursion. MoCHi is based on higher-order
model checking, and consists of three layers. The top layer transforms
a source program into an intermediate program of a core language,
which is a simply-typed call-by-value higher-order functional language
with recursion, booleans and integers (a la "PCF"). The transformation
is carried out by encoding exceptions and recursive data types using
higher-order functions. The middle layer further transforms the
intermediate program into a higher-order boolean functional program (a
la "finitary PCF"), by using predicate abstraction and
counter-example-guided abstraction refinement (CEGAR). Finally, on the
bottom layer, the higher-order boolean functional program is verified
by using a higher-order model checker TRecS. In this talk, we
use MoCHi to verify several sample programs, and explain how it works
internally. We will also discuss the current limitations and
ongoing/future work.
(Joint work with Ryosuke Sato and Naoki Kobayashi)

TSSS 2012-5

Date&Time: April 17 (Tue), 16:00-17:00
Place: Room SB-1111 (Sogo-Kenkyuto-B, 11th Floor)

Speaker: Yutaka Oiwa (AIST)

Title:
Fail-Safe C: a memory-safe ANSI-C compiler to make existing programs safe

Abstract:
Fail-Safe C は、完全なメモリ安全性を保証する ANSI-C (C90) 互換言語処理系です。 このコンパイラは規格で認められた自由なポインタ演算やキャスト操作にも 完全に対応し、既存のC言語プログラムにほとんど手を加えずに、 バッファ溢れや dangling pointer などによるメモリ破壊を防止し、 コンピュータウィルスなどの不正コードのメモリへの侵入を完全に抑止することができます。 ANSI-C との高い互換性により、メールサーバやDNSサーバなどいろいろな既存の さまざまなプログラムを最小限の変更で動作させることもできます。 今回の講演では、Fail-Safe Cによるメモリ安全性の保証手法のほか、 実用プログラムを動作させるための周辺環境やライブラリ整備についても お話しします。 Fail-Safe C is a completely memory-safe, completely ANSI-compatible C language (C90) compiler. It supports all C90 semantics including pointer arithmetics and pointer casts. By using this compiler, we can prevent all kinds of memory data corruptions caused by buffer overrun, dangling pointers etc., and thus prevent intrusion of malicious codes (such as computer viruses) into the program memory, with no or little modification of existing code bases. The high compatibility to the ANSI-C specification allows execution of various existing production-level programs such as mail and DNS servers. In the talk I will explain our effort for accepting existing huge programs, as well as the core methodology of the Fail-Safe C compiler.

TSSS 2012-4

Date&Time: April 11 (Wed), 15:00-17:00
Place: Room SB-1111 (Sogo-Kenkyuto-B, 11th Floor)

Speaker: Chung-chieh Shan (University of Tsukuba)
Title: Entailment above the word level in distributional semantics (joint work with Marco Baroni, Raffaella Bernardi, Ngoc-Quynh Do)

Abstract:
Distributional semantics (DS) and formal semantics (FS) are two ways to study natural-language meaning, whose strengths today are complementary. On one hand, DS represents meaning as vectors that summarize the contexts where expressions occur. This approach has successfully extracted semantic relations among words from large corpora. On the other hand, FS represents meaning as formulas and assembles them by composition rules. This approach has successfully modeled quantification and captured inference among phrases and sentences. We bring DS and FS closer by introducing two ways to detect entailment among phrases using their DS representations. Our first experiment shows that the entailment relation between adjective-noun constructions and their nouns (big cat |= cat), once represented as vector pairs, generalizes to entailment among nouns (dog |= animal). Our second experiment shows that entailment among quantifier phrases (many dogs |= some dogs) similarly generalizes to unseen quantifiers (all cats |= several cats). Moreover, the entailment relations in our two experiments appear to tap into different vector properties, as predicted by FS because nouns and quantifiers phrases have different types.

TSSS 2012-3

Date&Time: March 5 (Mon), 11:00-12:00
Place: Room SB-1111 (Sogo-Kenkyuto-B, 11th Floor)

Speaker: Sebastian Fischer(Christian-Albrechts-University of Kiel, Germany)
Title: Lazy Functional Logic Programming and Encapsulated Search

Abstract:
Functional Logic Programming (FLP) combines features from functional programming such as first-class functions and algebraic datatypes with features from logic programming such as unbound logic variables and nondeterministic search. I will introduce lazy (call-by-need) FLP using the Curry language and review different ways to encapsulate search, that is, to access different results of nondeterministic computations deterministically. The interaction of laziness and encapsulated search is an old problem with some new solutions in the FLP community. By talking about both the problem and some existing solutions, I hope to motivate discussion on the topic from the perspective of control operators in the presence of call-by-need.


TSSS 2012-2

Date: 15:00-16:00, Feb. 15 (Wed), 2012
Place: Room SB-1001 (Sogo-Kenkyuto-B, 10th Floor)

Speaker: Chung-chieh (Ken) Shan
Title: Embedding probabilistic languages

Abstract:
Probabilistic inference is popular in machine learning for writing
programs that classify music and locate planes. It is also useful in
cognitive science for modeling how people interpret words and recognize
faces. However, it is applied much less than it could be because
most inference programs are written from scratch by hand. Instead,
probabilistic models and inference procedures should be written as
separate reusable modules. To this end, we carried out and popularized
a new approach that is easier to use and more expressive, namely to
write models and inference in the same general-purpose language. Our
approach makes deterministic parts of models run at full speed and
lets inference procedures reason about themselves without interpretive
overhead. I will describe our approach and how we apply the same
inference implementations to multiple realistic models, with performance
competitive with the state of the art. This work exemplifies a
recurring theme: we can apply tools from programming-language theory,
such as continuations and staging, to represent declarative knowledge as
executable code instead of passive data.

Dr. Chung-chieh Shan's web page is
http://www.cs.ruters.edu/~ccshan/

TSSS 2012-1

Date & Time: February 7, 2012, 11:00 - 12:00
Venue : SB 110, University of Tsukuba

Speaker: Olga Caprotti
Department of Computer Science and Engineering,
Chalmers University of Technology and University of Gothenburg, Sweden

Title: MOLTO, Multilingual Online Translation

Abstract MOLTO's goal is to develop a set of tools for translating
texts between multiple languages in real time with high
quality. Languages are separate modules in the tool and can be varied;
prototypes covering a majority of the EU's 23 official languages will
be built. As its main technique, MOLTO uses domain-specific semantic
grammars and ontology-based interlinguas. These components are
implemented in GF (Grammatical Framework), which is a grammar
formalism where multiple languages are related by a common abstract
syntax. GF has been applied in several small-to-medium size domains,
typically targeting up to ten languages but MOLTO will scale this up
in terms of productivity and applicability.

A part of the scale-up is to increase the size of domains and the
number of languages. A more substantial part is to make the technology
accessible for domain experts without GF expertise and minimize the
effort needed for building a translator. Ideally, this can be done by
just extending a lexicon and writing a set of example sentences.

The most research-intensive parts of MOLTO are the two-way
interoperability between ontology standards (OWL) and GF grammars, and
the extension of rule-based translation by statistical methods. The
OWL-GF interoperability will enable multilingual
natural-language-based interaction with machine-readable
knowledge. The statistical methods will add robustness to the system
when desired. New methods will be developed for combining GF grammars
with statistical translation, to the benefit of both.

MOLTO technology will be released as open-source libraries which can
be plugged in to standard translation tools and web pages and thereby
fit into standard workflows. It will be demonstrated in web-based
demos and applied in three case studies: mathematical exercises in 15
languages, patent data in at least 3 languages, and museum object
descriptions in 15 languages.

TSSS 2011-3

Date: 16:00-17:00, Jan 12, 2012

Place: Room SB-1111

Speaker: Jun Inoue (Department of Computer Science, Rice University)

Title: Reasoning About Multi-stage Programs

Abstract:

Multi-stage プログラミング (MSP) は、プログラムの生成・合成・実行を指
示する為の特殊な注釈を用いて、プログラムを生成するプログラムを書く手
法である。MSP は専ら汎用性を犠牲にせずに実行効率が高いプログラムを書
くために効果的な手法として研究されてきた。しかし、従来そうし
た multi-stage プログラムの正しさを如何に証明するかという研究は乏しく、
そうした証明でとりうるアプローチも、multi-stage 特有の障碍が存在する
かもよく知られていなかった。本研究ではこの点を改善するた
め、multi-stage プログラムの検証に役立つような multi-stage λ算法の性
質とそれらを活用する証明技法を確立し、また証明の際に注意すべき MSP 言
語の特質を取りまとめた。

特に、本研究では multi-stage プログラムの検証に必然的な次の三つの疑問
点を解決した。第一に、プログラム言語に MSP の注釈機構を導入することで、
導入前の言語では等価であった式同士が等価でなくなる事はあるか。残念な
がら等価性が破壊される場合は存在し、一般に自由変数を含む項の扱いが導
入前とは異なってしまう。第二に、MSP の注釈は「注釈」の名の示す通りプ
ログラムの意味をほぼ変えないものと期待されて使われるが、それが厳密に
保証されるのはどのような場合か。本研究では、プログラムが一定の停止条
件を満たせば十分であることを示した。第三に、multi-stage プログラムに
外延的な論証 (∀x. f(x) = g(x) なら f = g など) を適用して良いか。本
研究では applicative bisimulation と呼ばれる双模倣を MSP 用に適応させ
ることで外延性のみならず、理論上は成立する全ての等式を証明できる、健
全で完全な証明手段を確立した。これらの成果を通じて深まった MSP の理解
により、複雑なプログラムの検証も可能になった。

TSSS 2011-2

Date: 14:00-16:00, Dec 15, 2011

Place: Room SB-1112

1. Kohei Suenaga (Kyoto University, JSPS Research Fellow (PD))
Programming with Infinitesimals: A WHILE-Language for Hybrid System Modeling
(Joint work with Ichiro Hasuo)
2. Keiko Nakata (Institute of Cybernetics, Tallinn University of Technology)
Hoare Logic for the Coinductive Trace-Based Big-Step Semantics of While
(Joint work with Tarmo Uustalu.)

Abstracts:

1. Programming with Infinitesimals: A WHILE-Language for Hybrid System Modeling

We add, to the common combination of a WHILE-language and a
Hoare-style program logic, a constant dt that represents an
infinitesimal (i.e. infinitely small) value.
The outcome is a framework for modeling and verification
of hybrid systems: hybrid systems exhibit both continuous and discrete dynamics
and getting them right is a pressing challenge. We rigorously define
the semantics
of programs in the language of nonstandard analysis, on the basis of which the
program logic is shown to be sound and relatively complete.

2. Hoare Logic for the Coinductive Trace-Based Big-Step Semantics of While

In search for a foundational framework for reasoning about observable
behavior of programs that may not terminate, we have previously
devised a coinductive operational semantics for While. The
operational semantics keeps track of all the states that an execution
goes through as a trace (a possibly infinite sequence of states). The
trace is finite for a terminating execution and infinite for a
non-terminating execution. Subsequently we designed a Hoare logic
counterpart of our coinductive trace-based semantics and proved it
sound and complete. Our logic subsumes both the partial
correctness Hoare logic and the total correctness Hoare logic: they
are embeddible.

All the results have been formalized in Coq constructively.

In this talk, I will overview the coinductive operational semantics
and the Hoare logic, aiming at delivering the intuition behind.

(Joint work with Tarmo Uustalu.)

TSSS 2011-1

Date: 14:00-15:00, Mar 14, 2011

Place: Room SB-1001

Speaker: Marcin Paprzycki, Systems Research Institute of the Polish Academy of Sciences

Title: Introduction to Software Agents and their Applications

Abstract:

Since 1994 we are told that software agents will become the next revolution
in computing [3]. This change is to occur not only in the ways we construct
software [2] but also to profoundly impact human-computer interactions [1,
3]. Unfortunately, when we turn the computer on in the morning, we do not
contact our Personal Agent to receive a personalized newscast, our day-plan
and, on the basis of that plan as well as the weather forecast and knowledge
of our dressing-preferences, an advice what to wear. Similarly, when
creating software for an e-shop we do not utilize pre-existing agent-modules
(e.g. advertising agents, seller, inventory manager, etc.). Instead, there
exist only few successful large-scale implementations of agent systems.

In the seminar, a general introduction to software agents will be presented.
Discussion includes topics like: conceptual roots and definition of software
agents and agent systems, major points raised “for” and “against” software
agent systems, existing applications of agent systems, and possibility of
developing large scale agent systems. No previous exposure to software
agents and agent systems is assumed.

*References*

1. J. Hendler, Is There an Intelligent Agent in Your Future?, Nature, 11,March, 1999

2. N. R. Jennings, An agent-based approach for building complex software systems,
CACM, 44 (4), 2001, 35-41

3. P. Maes, Agents that Reduce Work and Information Overload, Communications of the ACM, 37(7),
1994, 31-40

TSSS 2010-5

Date: September 17, 2010

Place: Room SB-1001

Program:

13:00 - 14:00
Verifying floating-point algorithms using formalized mathematics
John Harrison (Intel Corporation, USA)
Abstract

14:15 - 14:45
Translating Regular Expression Matching into Transducers
Yasuhiko Minamide (University of Tsukuba)
(joint work with Yuto Sakuma and Andrei Voronkov)

14:45- 15:15
General bindings in Nominal Isabelle
Cezary Kaliszyk (University of Tsukuba)

15:15 - 15:45
Proof certificate for origami theorem proving
Tetsuo Ida (University of Tsukuba)

16:00 - 16:30
Modules for Origami Constructions
Fadoua Ghourabi (University of Tsukuba)

16:30 - 17:00
Web Origami System: WebEos
Asem Kasem (University of Tsukuba)

TSSS 2010-4

Date: 10:00-11:30, Sep 2, 2010

Place: Room SB-1001

Speaker: Cezary Kaliszyk, University of Tsukuba

Title: Computer Algebra and Proof Assistants

Abstract:

Computer algebra systems are programs that allow manipulation
and processing of mathematical expressions. However, the algorithms
provided are not formally verified, which makes computer
algebra systems less reliable than proof assistants.

In this talk we present an approach which bridges the gap
between the two classes of systems. We show a computer
algebra system that ensures absolute correctness of performed
simplifications by using the decision procedures present in
a proof assistant. We show how the system can be extended with
an approach for treating partiality and effective computation with
real numbers.

TSSS 2010-3

Workshop on Symbolic Computation and Software Verification
Date: Apr 8-9, 2010
Link

TSSS 2010-2

Date: 15:00-17:00, Mar 26, 2010

Place: Room SB-1001
Date: 15:00-17:00, Mar 24, 2010

Place: Room SB-1112

Speaker: Andreiv Voronkov, University of Manchester
Title: Tutorial on on satisfiability and theories/SMT

TSSS 2010-1

Date: 11:00-, Mar 11, 2010

Place: Room SB-1001

Speaker: Keiko Nakata, Institute of Cybernetics, Tallinn University of Technology

Title: Lazy modules

Abstract:

The ML module system is well-known for
its support for modular programming. Motivated by practical
experiences with lazy initialization of modules and the desire to
extend ML modules with recursion, we investigate hybrid evaluation
strategies between call-by-value and call-by-need for ML-style modules
supporting recursion. More precisely we propose and examine five
evaluation strategies: a call-by-value strategy and four call-by-need
strategies with different degrees of laziness. We formalize the
strategies by translating a source syntax for modules into target
languages, which are very much inspired by Felleisen and Hieb's
call-by-value lambda calculus with state and Ariola and Felleisen's
call-by-need cyclic lambda calculus. Different strategies are
expressed by tweaking the translation as well as the operational
semantics of the target languages. We look at the strategies through a
series of examples and state inclusion between the strategies.

TSSS 2009-4

日時:  15:00-, Aug 18, 2009

場所: Room SB-1014

講演者: 小林直樹(東北大学)

講演タイトル:型と高階再帰スキームに基づくプログラム検証

要旨:
本講演では、高階再帰スキームを用いた新しいプログラム検証手法を紹介する。
この手法は、高階関数と再帰を含むプログラムの(エラー状態などへの)到達
可能性などの性質を健全かつ完全に判定することができるという点で、これま
でに類をみないものであり、今後、MLなどの高レベルプログラミング言語用の
ソフトウェアモデル検査器の実現につながるものと期待できる。

高階再帰スキームは無限木を生成するための文法であり、ワード言語を考えた
場合には正規言語や文脈自由言語のクラスを真に包含する強力な体系でありな
がら、生成される木が様相μ計算で表現される任意の性質を満たすかどうかを
モデル検査する問題が決定可能であることが2006年にOngによって証明されて
いる。

講演ではまず、高階関数型言語のプログラムの検証問題の多くを、上記の高
階再帰スキームのモデル検査の問題に還元できることを示す[1]。これにより、
再帰を含む単純型付きλ計算で記述されたプログラムの制御フロー解析、到達
可能性問題、資源使用法検証問題などがすべて決定可能であることが導かれる。

次に、高階再帰スキームのモデル検査問題がインターセクション型システムに
おける型判定の問題に還元できることを示し[1,2]、それに基づいたモデル検
査アルゴリズムを提案する[3]。本モデル検査アルゴリズムを実装したモデル
検査器TRecSを用いた実験の結果、高階再帰スキームのモデル検査問題の最悪
計算量はn-EXPTIME 完全であるにもかかわらず、典型的なプログラムから得ら
れる再帰スキームのモデル検査問題の多くを高速に判定できることがわかった。

本講演内容の一部は、オックスフォード大学のLuke Ong教授との共同研究の結
果である。

参考文献:
[1] Naoki Kobayashi,
Types and Higher-Order Recursion Schemes for Verification of Higher-Order Programs,
POPL 2009, pp.416-428, 2009

[2] Naoki Kobayashi and Luke Ong,
A Type System Equivalent to Modal Mu-Calculus Model Checking of Recursion Schemes,
LICS 2009.

[3] Naoki Kobayashi,
Model-Checking Higher-Order Functions,
PPDP 2009.

TSSS 2009-3

Date: 11:00-12:00, Aug 7, 2009

Place: Room SB-1001

Speaker: Franz Winkler, RISC, Johannes Kepler University, Linz, Austria

Title: From Gauss to Groebner and Beyond

Abstract:
Many algorithmic methods in mathematics can be seen
as constructing canonical systems for deciding membership problems.
Important examples are Gauss' elimination method for linear systems,
Euclid's algorithm for computing greatest common divisors,
Buchberger's algorithm for constructing Gr\"obner bases, or
the Knuth-Bendix procedure for equational theories.
We explain the basic concept of canonical systems and investigate
the close connections between these algorithms.

TSSS 2009-2

Date: 10:30-11:30, Jun 19, 2009

Place: Room SB 911-1

Speaker: Prof. Dr. Helmut Schwichtenberg, Ludwig-Maximilians-Universität, München

Title: Program extraction in constructive analysis

Abstract:
We sketch a development of constructive analysis in Bishop's style,
with special emphasis on low type-level witnesses (using
separability of the reals). The goal is to set up things in such a
way that realistically executable programs can be extracted from
proofs. This is carried out for (i) the Intermediate Value Theorem
and (ii) the existence of a continuous inverse to a monotonically
increasing continuous function. Using the Minlog proof assistant,
the proofs leading to the Intermediate Value Theorem are formalized
and realizing terms extracted. It turns out that evaluating these
terms is a reasonably fast algorithm to compute, say, approximations
of the square root of 2.

TSSS 2009-1

Date: 3:30 - 15:00, May 1, 2009

Place: SB-1001

Speaker: Dr. Simon Kramer, University of Tsukuba

Title: A General Definition of Malware (joint work with Julian C. Bradfield, U Edinburgh)

Abstract:
We propose a general, formal definition of malware in the language of modal logic. Our definition is
general thanks to its abstract formulation, which, being abstract, is independent of --- but nonetheless
generally applicable to --- the manifold concrete manifestations of malware. From our formulation of
malware, we derive equally general and formal definitions of benware (not malware), anti-malware
(``antibodies'' against malware), and medware (``medicine'' for affected software). We obtain
theoretical tools and practical techniques for the detection, comparison, and classification of malware
and its derivatives. Our general defining principle is causation of (in)correctness.