IETF Logo Mail Archive

Re: [Ufmrg] [EXT] Re: A few questions about UFMRG goals

Hans-Dieter Hiep <hdh@cwi.nl> Mon, 11 September 2023 13:06 UTC

Return-Path: <hdh@cwi.nl>
X-Original-To: ufmrg@ietfa.amsl.com
Delivered-To: ufmrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CDCEFC151994 for <ufmrg@ietfa.amsl.com>; Mon, 11 Sep 2023 06:06:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.198
X-Spam-Level:
X-Spam-Status: No, score=-7.198 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, NICE_REPLY_A=-0.091, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cwi.nl
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8ozJaan8Jos5 for <ufmrg@ietfa.amsl.com>; Mon, 11 Sep 2023 06:06:26 -0700 (PDT)
Received: from fester.cwi.nl (fester.cwi.nl [192.16.191.27]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DB239C15155F for <ufmrg@irtf.org>; Mon, 11 Sep 2023 06:06:24 -0700 (PDT)
Received: from [192.16.201.115] (hanko.fm.cwi.nl [192.16.201.115]) (authenticated bits=0) by fester.cwi.nl (8.15.2/8.15.2/Debian-14~deb10u1) with ESMTPSA id 38BD6Mfc012987 (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=NOT) for <ufmrg@irtf.org>; Mon, 11 Sep 2023 15:06:22 +0200
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=cwi.nl; s=default; t=1694437582; bh=HMOwTehzGRNfo8NBmFNeQ3wIb4KAIb5XcJMZfjxv4Ok=; h=Date:Subject:To:References:From:In-Reply-To:From; b=2JC+PO9lN3vNFgFgzDO0BrsEWt0HBm42bNFGvW8MnWKu1m4gX+SdG8KGdqI3ANBIq t/cwxiglz8eEXQwRwrRClxRv0f8DoUcnVIPpaeqy8KLNlkrFNea5/BIuf05gcKEgfm cZJNiuYGNtjM0nqChf41LxHkRdsCdGMI7M0/4XpQ=
Content-Type: multipart/alternative; boundary="------------EV0Y2sFnh3AloIYnOIhmdhWv"
Message-ID: <58829667-9c0f-0ce7-177b-e5fb31caba23@cwi.nl>
Date: Mon, 11 Sep 2023 15:06:22 +0200
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.4.1
Content-Language: en-US
To: ufmrg@irtf.org
References: <PH0PR09MB76899049A294230B248B1428B9E4A@PH0PR09MB7689.namprd09.prod.outlook.com> <9b35faa9-923a-4258-28a4-7577635101df@cs.tcd.ie> <PH0PR09MB7689628541D0ABDCF1FFD05BB9EEA@PH0PR09MB7689.namprd09.prod.outlook.com> <CACykbs1AUJ2LmDtFxkLkrrZfMnU89AxMXyd4gt5EVneEyPsSRA@mail.gmail.com> <0c6cc15b2a32476dacf13bb0b2083320@tu-dresden.de>
From: Hans-Dieter Hiep <hdh@cwi.nl>
In-Reply-To: <0c6cc15b2a32476dacf13bb0b2083320@tu-dresden.de>
Archived-At: <https://mailarchive.ietf.org/arch/msg/ufmrg/XMqTqpfH5ffZFyUZK3RSgiAOoPE>
Subject: Re: [Ufmrg] [EXT] Re: A few questions about UFMRG goals
X-BeenThere: ufmrg@irtf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Usable Formal Methods Research Group <ufmrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/ufmrg>, <mailto:ufmrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ufmrg/>
List-Post: <mailto:ufmrg@irtf.org>
List-Help: <mailto:ufmrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/ufmrg>, <mailto:ufmrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Mon, 11 Sep 2023 13:06:30 -0000

Hi Usama,


The Coq training we will be giving will be tailored to 
intermediate-level Coq users, but beginners and experts are of course 
also welcome. We will already make some material available on-line in 
one month to allow attendees to prepare, and we expect the audience to 
have already some experience with the basics of Coq (but still go over 
it quicktly; we can spend most time on intermediate-level proving). The 
training is not reused, it's designed from scratch by me and Dalia in 
the coming weeks. If there are any suggestions, please let me know.


Kind regards, Hans-Dieter


On 9/8/23 09:45, Muhammad Usama Sardar wrote:
>
> Hi Joshua,
>
> Thanks for your questions. I think they are very good points. Until 
> this thread, I was under the impression of 1(b) as well.
>
>
> If the main goal is 1(c), then improving the manuals of tools should 
> be an equally (if not more) important activity. Let's face it: we all 
> know how poorly most (if not all) of these manuals are documented.
>
>
> > One piece of feedback I get when I ask people why they don't use 
> formal methods is that there is no intermediate level training available.
>
> I don't think this was explicitly clarified before to the volunteers. 
> Some questions in my mind are:
>
>   * Are the trainers now aware that they are supposed to give
>     intermediate level training and not repeat what they have already
>     presented elsewhere?
>   * Is it still feasible for them to create this intermediate level
>     training within the next 2 months?
>   * Are you certain that you will get enough people in the audience
>     interested in intermediate level training (i.e., well-aware of the
>     basics of the tools)?
>
>
> Thanks,
>
> Usama
>
>
> ------------------------------------------------------------------------------------------------------------------------------------------
> Best Regards,
>
> Muhammad Usama Sardar (M.Sc.)
>
> Research Associate
>
> Technische Universität Dresden
>
>
> Faculty of Computer Science
>
> Institute of Systems Architecture
>
> Chair of Systems Engineering
>
>
> Office: APB 3073
>
> Phone: +49 351 463-42048
>
> Email: muhammad_usama.sardar@tu-dresden.de
>
> Website: 
> https://tu-dresden.de/ing/informatik/sya/se/die-professur/beschaeftigte/muhammad-usama-sardar 
> <https://tu-dresden.de/ing/informatik/sya/se/die-professur/beschaeftigte/muhammad-usama-sardar>
>
> ------------------------------------------------------------------------------------------------------------------------------------------
>
>
>
> ------------------------------------------------------------------------
> *Von:* Ufmrg <ufmrg-bounces@irtf.org> im Auftrag von Jonathan Hoyland 
> <jonathan.hoyland@gmail.com>
> *Gesendet:* Freitag, 8. September 2023 00:27
> *An:* Joshua D Guttman
> *Cc:* Stephen Farrell; ufmrg@ietfa.amsl.com
> *Betreff:* Re: [Ufmrg] [EXT] Re: A few questions about UFMRG goals
> Hi Joshua,
>
> One piece of feedback I get when I ask people why they don't use 
> formal methods is that there is no intermediate level training available.
>
> There is documentation for some tools, and sometimes YouTube tutorials 
> for the basics, but unless you work with the tool authors, or people 
> experienced in modelling, there isn't somewhere to learn all the tips 
> and tricks necessary to prove complex things. So people get through a 
> very basic tutorial, and then go look at papers that include huge, 
> complex models, and have no idea how to get between those two places.
>
> The goal of the training is to hopefully build up a set of recorded 
> pieces of training that help people use the tools as they are. By 
> running multiple trainings the hope is to provide a pathway, along 
> with a place you can go and ask questions of experts.
>
> Certainly one of my hopes for this group is that we can provide 
> actionable feedback to tool authors so that they can improve their 
> tools, but starting with the things we can achieve without going 
> outside the group seems like the best way to get started.
>
> Another thing I think we can do fairly immediately is provide guidance 
> on which tools might be most appropriate for which tasks, and thus 
> help work out what work needs to be done to prove the properties we want.
>
> So overall I agree with Stephen's 1c, and mostly 2c. I think the 
> training (along with making the materials available) does make the 
> tool more useable, even though I agree a proper usability study would 
> be even better. I do think there are a number of easy usability 
> improvements to be had in many tools before we need to go for a 
> usability study, so I don't think we're completely unable to proceed 
> on that front.
>
> We are definitely looking for people who have a background in things 
> like user studies to help us make both the training and the group 
> overall a success, so if you have suggestions (or even suggestions of 
> people we can ask) they would be very gratefully received.
>
> Regards,
>
> Jonathan
>
> On Thu, 7 Sept 2023, 23:04 Joshua D Guttman, <guttman@mitre.org> wrote:
>
>     I was really impressed by the fast three minute
>
>     response, just before the interim mtg a week ago.
>
>     But I'm not sure that the reply really gets to the
>
>     heart of the matter.
>
>     You write:
>
>     >    1(c) is fine
>
>     in response to:
>
>     >>    1.  I'm a little unsure whether the primary
>
>     >>    goal is:
>
>     >>
>
>     >>          (a) To determine whether formal
>
>     >>          methods are effectively usable for
>
>     >>          IETF-type purposes;
>
>     >>
>
>     >>          (b) To persuade people that formal
>
>     >>          methods are effectively usable for
>
>     >>          IETF-type purposes; or
>
>     >>
>
>     >>          (c) To cause formal methods to become
>
>     >>          more effectively usable for IETF-type
>
>     >>          purposes.
>
>     >>
>
>     >>          Of course, a possible response is to
>
>     >>          give a blend of more or less of these
>
>     >>          three components.  And maybe
>
>     >> additional components?  But what would
>
>     >>          be the right characterization?
>
>     What makes this a bit askew is the fact that the
>
>     most visible activities -- such as the planned
>
>     tutorials at the Nov 4 Prague meeting -- really
>
>     seem to me closer to 1(b).
>
>     I guess the tutorial goal is primarily education.
>
>     Since formal methods are in fact very useful, one
>
>     expects education to be key to "persuading people
>
>     that formal methods are effectively usable for
>
>     IETF-type purposes."  ( :- )
>
>     And I suspect that persuading and educating may be
>
>     a more achievable goal for the UFMRG than actually
>
>     causing formal methods to become more effectively
>
>     usable.
>
>     That requires instead a lot of research, both with
>
>     a high level of insight into formal modeling and
>
>     proving, and with a bunch of user studies and
>
>     appraising the kinds of people who could benefit
>
>     from specific kinds of FM.
>
>     Would the 4 Nov tutorials even give us any insight
>
>     into the latter?
>
>     It's conceivable but might require some
>
>     coordination and restructuring.
>
>     More on question (2) in a separate msg.  I'd be
>
>     eager to know what people think about these
>
>     aspects of question (1).
>
>             Joshua
>
>     On 9/1/23, 12:01, "Stephen Farrell" <stephen.farrell@cs.tcd.ie> wrote:
>
>     1(c) is fine, 2(c) is closest but not quite right
>
>     On 01/09/2023 16:58, Joshua D Guttman wrote:
>
>     > May I ask a few questions about the UFMRG goals?
>
>     >
>
>     > 1.  I'm a little unsure whether the primary goal
>
>     >      is:
>
>     >
>
>     >      (a) To determine whether formal methods are
>
>     >          effectively usable for IETF-type purposes;
>
>     >
>
>     >      (b) To persuade people that formal methods are
>
>     >          effectively usable for IETF-type purposes;
>
>     >          or
>
>     >
>
>     >      (c) To cause formal methods to become more
>
>     >          effectively usable for IETF-type purposes.
>
>     >
>
>     >      Of course, a possible response is to give a
>
>     >      blend of more or less of these three
>
>     >      components.  And maybe additional components?
>
>     >      But what would be the right characterization?
>
>     >
>
>     > 2.  Along another axis, we sometimes have
>
>     >      different formal methods that may be useful
>
>     >      for different sets of goals (eg establishing
>
>     >      that a program respects an inductive invariant
>
>     >      vs establishing that a protocol achieves an
>
>     >      authentication goal), and maybe also competing
>
>     >      formal methods that approach the same goals in
>
>     >      different (or similar :- ) ways.
>
>     >
>
>     >      Do we aim to:
>
>     >
>
>     >      (a) Identify some methods as suitable for some
>
>     >          kinds of goals?
>
>     >
>
>     >      (b) Grade the usability of some "competing"
>
>     >          methods for overlapping goals?
>
>     >
>
>     >      (c) Identify combinations of methods for
>
>     >          purposes that require several kinds of
>
>     >          results?
>
>     >
>
>     >      Again, blends may make sense together.
>
>     >
>
>     > Thanks!
>
>     >
>
>     >    Joshua
>
>     >
>
>     >
>
>     -- 
>     Ufmrg mailing list
>     Ufmrg@irtf.org
>     https://www.irtf.org/mailman/listinfo/ufmrg
>
>

v2.23.0 | Report a Bug | By Email