DOCSLIB.ORG

Formalization of Logic in the Isabelle Proof Assistant

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Formalization of Logic in the Isabelle Proof Assistant PhD thesis Formalization of Logic in the Isabelle Proof Assistant Anders Schlichtkrull Technical University of Denmark September 14, 2018 PHD-2018-493 Abstract Isabelle is a proof assistant, i.e. a computer program that helps its user to define concepts in mathematics and computer science as well as to prove properties about them. This process is called formalization. Proof assistants aid their users by ensuring that proofs are constructed correctly and by conducting parts of the proofs automatically. A logical calculus is a set of rules and axioms that can be applied to construct theorems of the calculus. Logical calculi are employed in e.g. tools for formal verification of computer programs. Two important properties of logical calculi are soundness and completeness, since they state, respectively, that all theorems of a given calculus are valid, and that all valid statements are theorems of the calculus. Validity is defined by a semantics, which gives meaning to formulas. This thesis describes formalizations in Isabelle of several logics as well as tools built upon these. Specifically this thesis explains and discusses the following contributions of my PhD project: A formalization of the resolution calculus for first-order logic, Herbrand’s theorem and the • soundness and completeness of the calculus. A formalization of the ordered resolution calculus for first-order logic, an abstract prover • based on it and the prover’s soundness and completeness. A verified automatic theorem prover for first-order logic. The prover is a refinement of the • above formalization of an abstract prover. This explicitly shows that the abstract notion of a prover can describe concrete computer programs. The Natural Deduction Assistant (NaDeA), which is a tool for teaching first-order logic • that allows users to build proofs in natural deduction. The tool is based on a formalization of natural deduction and its soundness and completeness. A verified proof assistant for first-order logic with equality. It is based on an axiomatic • system and constitutes a tool for teaching logic and proof assistants. A formalization of the propositional fragment of a paraconsistent infinite-valued higher- • order logic. Theorems about the necessity of having infinitely many truth values are proved and formalized. Proof assistants are built to reject proofs that contain gaps or mistakes. Therefore, the for- malized results are highly trustworthy. The tools based on formalized calculi consequently have an increased trustworthiness. The above formalizations revealed flaws and mistakes in the lit- erature. In addition to the formalizations and tools themselves, my PhD project contributes solutions that repair these flaws and mistakes. 2 Resumé Titel: Formalisering af logik i Isabelle-bevisassistenten Isabelle er en bevisassistent, dvs. et computerprogram, som kan hjælpe sin bruger med at definere koncepter fra matematik og computer science så vel som med at bevise deres egenskaber. Denne proces kaldes formalisering. Bevisassistenter hjælper deres brugere ved at sikre at beviser bliver konstrueret korrekt og ved at lave dele af beviserne automatisk. En logisk kalkule er en mængde regler og aksiomer, som kan anvendes til at konstruere kal- kulens sætninger. Logiske kalkuler bruges f.eks. i værktøjer til formel verifikation af computer- programmer. To af kalkulers vigtige egenskaber er korrekthed og fuldstændighed, da de formulerer henholdsvis, at alle sætninger i en given kalkule er gyldige, og at alle gyldige udsagn er sætninger i kalkulen. Gyldighed er defineret af en semantik, som tilskriver formler mening. Denne afhandling beskriver formaliseringer i Isabelle af adskillige logikker så vel som værktøjer der bygger på dem. Specifikt forklarer og diskuterer denne afhandling de følgende bidrag fra mit ph.d.-projekt: En formalisering af resolutionskalkulen for førsteordenslogik, Herbrands sætning og kalku- • lens korrekthed og fuldstændighed. En formalisering af den ordnede resolutionskalkule for førsteordenslogik, en abstrakt bevis- • fører baseret på den og bevisførerens korrekthed og fuldstændighed. En verificeret automatisk bevisfører for førsteordenslogik. Bevisføreren er en forfinelse af • den ovenstående formalisering af en abstrakt bevisfører. Dette viser eksplicit, at den ab- strakte forståelse af en bevisfører rigtignok kan beskrive et konkret computerprogram. Natural Deduction Assistant (NaDeA), som er et værktøj til at undervise i førsteordenslogik, • der gør det muligt for sine brugere at bygge beviser i naturlig deduktion. Værktøjet er baseret på en formalisering af naturlig deduktion og dens korrekthed og fuldstændighed. En verificeret bevisassistent for førsteordenslogik med lighed. Den er baseret på et aksioma- • tisk system og udgør et værktøj til at undervise i logik og bevisassistenter. En formalisering af det udsagnslogiske fragment af en parakonsistent højereordenslogik • med uendeligt mange sandhedsværdier. Sætninger om nødvendigheden af at have uendeligt mange sandhedsværdier bevises og formaliseres. Bevisassistenter bygges til at afvise beviser, som indeholder huller eller fejl. Derfor er de for- maliserede resultater meget pålidelige. Værktøjerne baseret på formaliserede kalkuler har derfor øget pålidelighed. De ovenstående formaliseringer viste mangler og fejl i litteraturen. Ud over for- maliseringerne og værktøjerne i sig selv bidrager mit ph.d.-projekt med løsninger, som reparerer disse mangler og fejl. 3 Preface The 3 years of PhD studies started 15.09.2015 and ended 14.09.2018. My PhD studies took place at the Department of Applied Mathematics and Computer Science (DTU Compute) of the Technical University of Denmark (DTU) under DTU Compute’s PhD school, and were funded by DTU Compute. My main supervisor was Jørgen Villadsen (DTU Compute), and my co- supervisors were Jasmin Christian Blanchette (VU Amsterdam) and Thomas Bolander (DTU Compute). Acknowledgements First of all, I would like to thank my three supervisors Jørgen Villadsen, Jasmin Christian Blanchette and Thomas Bolander. Thank you for all the collaboration, help and inspiration, and for teaching me how to be a researcher. I could not have wished for better supervisors. I would also like to thank Christoph Weidenbach for generously hosting me at the Max Planck Institute for Informatics in Saarbrücken. The four months I spent in his group were a fun experience and I thank all the friends I made at the Max Planck Institute and the rest of the Saarland University Campus Saarbrücken. I would like to thank Christian Sternagel for inviting me to Innsbruck University and hosting me there. Working with you and René (Thiemann) on the interfaces between our projects IsaFoL and IsaFoR was a lot of fun. I was very honored to receive the Springer Travel Award at the International Conference on Interactive Theorem Proving (ITP 2016) and the Woody Bledsoe Student Travel Award at the International Joint Conference on Automated Reasoning (IJCAR 2018). I would like to thank Otto Mønsteds Fond for supporting my participation in the Federated Logic Conference (FLoC 2018). I would like to thank my co- authors Jasmin Christian Blanchette, Kasper Fabæch Brandt, Andreas Halkjær From, Alexander Birch Jensen, John Bruntse Larsen, Dmitriy Traytel, Jørgen Villadsen and Uwe Waldman for all our respective collaborations. I would like to thank all my colleagues at the Section for Algorithms, Logic and Graphs as well as my colleagues at the rest of DTU Compute. I would like to thank my friends and family of course! 4 Contents Introduction 6 1 Formalization of the Resolution Calculus for First-Order Logic 16 2 Formalizing Bachmair and Ganzinger’s Ordered Resolution Prover 48 3 A Verified Automatic Prover Based on Ordered Resolution 73 4 NaDeA: A Natural Deduction Assistant with a Formalization in Isabelle 103 5 Programming and Verifying a Declarative First-Order Prover in Isabelle/HOL 124 6 Formalized Meta-Theory of a Paraconsistent Logic 153 Thesis Appendix: Changes to Published Papers 167 5 Introduction This introduction first motivates formalizing logic in the Isabelle proof assistant. It then gives a quick summary of the following chapters and their relations. Thereafter follow more thorough accounts of the chapters. Hereafter is an account of some new developments that build on the chapters, but which are not included in this thesis. Lastly the introduction gives discussions and perspectives on the results of the thesis. Preliminaries and Motivation Computer programs are central to many of the technological advances of modern day society. However, enormous amounts of resources are spent fighting problems caused by defects and bugs in computer programs. A way to solve this problem is to apply tools that prove correctness of software and thus avoid defects and bugs in the first place. Such tools can be built on a base of logic. In order to ensure that this base is solid, it should be studied thoroughly. Logic is the study of reasoning. Of particular interest is the reasoning performed every day by mathematicians and computer scientists. Mathematicians prove properties about mathematical objects such as numbers, vectors, permutations and groups. Computer scientists prove properties about objects such as programs, algorithms, protocols and compilers. To prove something means to argue rigorously that it is true. A proved property is called a theorem. Examples of famous theorems are the Pythagorean theorem and the correctness of the quicksort sorting algorithm. The reasoning of mathematicians and computer scientists can be captured
Load more

Recommended publications
  • Specifying Verified X86 Software from Scratch
    Specifying verified x86 software from scratch Mario Carneiro Carnegie Mellon University, Pittsburgh, PA, USA [email protected] Abstract We present a simple framework for specifying and proving facts about the input/output behavior of ELF binary files on the x86-64 architecture. A strong emphasis has been placed on simplicity at all levels: the specification says only what it needs to about the target executable, the specification is performed inside a simple logic (equivalent to first-order Peano Arithmetic), and the verification language and proof checker are custom-designed to have only what is necessary to perform efficient general purpose verification. This forms a part of the Metamath Zero project, to build a minimal verifier that is capable of verifying its own binary. In this paper, we will present the specification of the dynamic semantics of x86 machine code, together with enough information about Linux system calls to perform simple IO. 2012 ACM Subject Classification Theory of computation → Program verification; Theory of com- putation → Abstract machines Keywords and phrases x86-64, ISA specification, Metamath Zero, self-verification Digital Object Identifier 10.4230/LIPIcs.ITP.2019.19 Supplement Material The formalization is a part of the Metamath Zero project at https://github. com/digama0/mm0. Funding This material is based upon work supported by AFOSR grant FA9550-18-1-0120 and a grant from the Sloan Foundation. Acknowledgements I would like to thank my advisor Jeremy Avigad for his support and encourage- ment, and for his reviews of early drafts of this work. 1 Introduction The field of software verification is on the verge of a breakthrough.
    [Show full text]
  • Lemma Functions for Frama-C: C Programs As Proofs
    Lemma Functions for Frama-C: C Programs as Proofs Grigoriy Volkov Mikhail Mandrykin Denis Efremov Faculty of Computer Science Software Engineering Department Faculty of Computer Science National Research University Ivannikov Institute for System Programming of the National Research University Higher School of Economics Russian Academy of Sciences Higher School of Economics Moscow, Russia Moscow, Russia Moscow, Russia [email protected] [email protected] [email protected] Abstract—This paper describes the development of to additionally specify loop invariants and termination an auto-active verification technique in the Frama-C expression (loop variants) in case the function under framework. We outline the lemma functions method analysis contains loops. Then the verification instrument and present the corresponding ACSL extension, its implementation in Frama-C, and evaluation on a set generates verification conditions (VCs), which can be of string-manipulating functions from the Linux kernel. separated into categories: safety and behavioral ones. We illustrate the benefits our approach can bring con- Safety VCs are responsible for runtime error checks for cerning the effort required to prove lemmas, compared known (modeled) types, while behavioral VCs represent to the approach based on interactive provers such as the functional correctness checks. All VCs need to be Coq. Current limitations of the method and its imple- mentation are discussed. discharged in order for the function to be considered fully Index Terms—formal verification, deductive verifi- proved (totally correct). This can be achieved either by cation, Frama-C, auto-active verification, lemma func- manually proving all VCs discharged with an interactive tions, Linux kernel prover (i. e., Coq, Isabelle/HOL or PVS) or with the help of automatic provers.
    [Show full text]
  • The Metamathematics of Putnam's Model-Theoretic Arguments
    The Metamathematics of Putnam's Model-Theoretic Arguments Tim Button Abstract. Putnam famously attempted to use model theory to draw metaphysical conclusions. His Skolemisation argument sought to show metaphysical realists that their favourite theories have countable models. His permutation argument sought to show that they have permuted mod- els. His constructivisation argument sought to show that any empirical evidence is compatible with the Axiom of Constructibility. Here, I exam- ine the metamathematics of all three model-theoretic arguments, and I argue against Bays (2001, 2007) that Putnam is largely immune to meta- mathematical challenges. Copyright notice. This paper is due to appear in Erkenntnis. This is a pre-print, and may be subject to minor changes. The authoritative version should be obtained from Erkenntnis, once it has been published. Hilary Putnam famously attempted to use model theory to draw metaphys- ical conclusions. Specifically, he attacked metaphysical realism, a position characterised by the following credo: [T]he world consists of a fixed totality of mind-independent objects. (Putnam 1981, p. 49; cf. 1978, p. 125). Truth involves some sort of correspondence relation between words or thought-signs and external things and sets of things. (1981, p. 49; cf. 1989, p. 214) [W]hat is epistemically most justifiable to believe may nonetheless be false. (1980, p. 473; cf. 1978, p. 125) To sum up these claims, Putnam characterised metaphysical realism as an \externalist perspective" whose \favorite point of view is a God's Eye point of view" (1981, p. 49). Putnam sought to show that this externalist perspective is deeply untenable. To this end, he treated correspondence in terms of model-theoretic satisfaction.
    [Show full text]
  • Experiments in Validating Formal Semantics for C
    Experiments in validating formal semantics for C Sandrine Blazy ENSIIE and INRIA Rocquencourt [email protected] Abstract. This paper reports on the design of adequate on-machine formal semantics for a certified C compiler. This compiler is an optimiz- ing compiler, that targets critical embedded software. It is written and formally verified using the Coq proof assistant. The main structure of the compiler is very strongly conditioned by the choice of the languages of the compiler, and also by the kind of semantics of these languages. 1 Introduction C is still widely used in industry, especially for developing embedded software. The main reason is the control by the C programmer of all the resources that are required for program execution (e.g. memory layout, memory allocation) and that affect performance. C programs can therefore be very efficient, but the price to pay is a programming effort. For instance, using C pointer arithmetic may be required in order to compute the address of a memory cell. However, a consequence of this freedom given to the C programmer is the presence of run-time errors such as buffer overflows and dangling pointers. Such errors may be difficult to detect in programs, because of C type casts and more generally because the C type system is unsafe. Many static analysis tools attempt to detect such errors in order to ensure safety properties that may be ensured by more recent languages such as Java. For instance, CCured is a program transformation system that adds memory safety guarantees to C programs by verifying statically that memory errors cannot oc- cur and by inserting run-time checks where static verification is insufficient [1].
    [Show full text]
  • The Common HOL Platform
    The Common HOL Platform Mark Adams Proof Technologies Ltd, UK Radboud University, Nijmegen, The Netherlands The Common HOL project aims to facilitate porting source code and proofs between members of the HOL family of theorem provers. At the heart of the project is the Common HOL Platform, which defines a standard HOL theory and API that aims to be compatible with all HOL systems. So far, HOL Light and hol90 have been adapted for conformance, and HOL Zero was originally developed to conform. In this paper we provide motivation for a platform, give an overview of the Common HOL Platform’s theory and API components, and show how to adapt legacy systems. We also report on the platform’s successful application in the hand-translation of a few thousand lines of source code from HOL Light to HOL Zero. 1 Introduction The HOL family of theorem provers started in the 1980s with HOL88 [5], and has since grown to include many systems, most prominently HOL4 [16], HOL Light [8], ProofPower HOL [3] and Is- abelle/HOL [12]. These four main systems have developed their own advanced proof facilities and extensive theory libraries, and have been successfully employed in major projects in the verification of critical hardware and software [1, 11] and the formalisation of mathematics [7]. It would clearly be of benefit if these systems could “talk” to each other, specifically if theory, proofs and source code could be exchanged in a relatively seamless manner. This would reduce the considerable duplication of effort otherwise required for one system to benefit from the major projects and advanced capabilities developed on another.
    [Show full text]
  • Better SMT Proofs for Easier Reconstruction Haniel Barbosa, Jasmin Blanchette, Mathias Fleury, Pascal Fontaine, Hans-Jörg Schurr
    Better SMT Proofs for Easier Reconstruction Haniel Barbosa, Jasmin Blanchette, Mathias Fleury, Pascal Fontaine, Hans-Jörg Schurr To cite this version: Haniel Barbosa, Jasmin Blanchette, Mathias Fleury, Pascal Fontaine, Hans-Jörg Schurr. Better SMT Proofs for Easier Reconstruction. AITP 2019 - 4th Conference on Artificial Intelligence and Theorem Proving, Apr 2019, Obergurgl, Austria. hal-02381819 HAL Id: hal-02381819 https://hal.archives-ouvertes.fr/hal-02381819 Submitted on 26 Nov 2019 HAL is a multi-disciplinary open access L’archive ouverte pluridisciplinaire HAL, est archive for the deposit and dissemination of sci- destinée au dépôt et à la diffusion de documents entific research documents, whether they are pub- scientifiques de niveau recherche, publiés ou non, lished or not. The documents may come from émanant des établissements d’enseignement et de teaching and research institutions in France or recherche français ou étrangers, des laboratoires abroad, or from public or private research centers. publics ou privés. Better SMT Proofs for Easier Reconstruction Haniel Barbosa1, Jasmin Christian Blanchette2;3;4, Mathias Fleury4;5, Pascal Fontaine3, and Hans-J¨orgSchurr3 1 University of Iowa, 52240 Iowa City, USA [email protected] 2 Vrije Universiteit Amsterdam, 1081 HV Amsterdam, the Netherlands [email protected] 3 Universit´ede Lorraine, CNRS, Inria, LORIA, 54000 Nancy, France fjasmin.blanchette,pascal.fontaine,[email protected] 4 Max-Planck-Institut f¨urInformatik, Saarland Informatics Campus, Saarbr¨ucken, Germany fjasmin.blanchette,[email protected] 5 Saarbr¨ucken Graduate School of Computer Science, Saarland Informatics Campus, Saarbr¨ucken, Germany [email protected] Proof assistants are used in verification, formal mathematics, and other areas to provide trust- worthy, machine-checkable formal proofs of theorems.
    [Show full text]
  • Introduction to Model Checking and Temporal Logic¹
    Formal Verification Lecture 1: Introduction to Model Checking and Temporal Logic¹ Jacques Fleuriot [email protected] ¹Acknowledgement: Adapted from original material by Paul Jackson, including some additions by Bob Atkey. I Describe formally a specification that we desire the model to satisfy I Check the model satisfies the specification I theorem proving (usually interactive but not necessarily) I Model checking Formal Verification (in a nutshell) I Create a formal model of some system of interest I Hardware I Communication protocol I Software, esp. concurrent software I Check the model satisfies the specification I theorem proving (usually interactive but not necessarily) I Model checking Formal Verification (in a nutshell) I Create a formal model of some system of interest I Hardware I Communication protocol I Software, esp. concurrent software I Describe formally a specification that we desire the model to satisfy Formal Verification (in a nutshell) I Create a formal model of some system of interest I Hardware I Communication protocol I Software, esp. concurrent software I Describe formally a specification that we desire the model to satisfy I Check the model satisfies the specification I theorem proving (usually interactive but not necessarily) I Model checking Introduction to Model Checking I Specifications as Formulas, Programs as Models I Programs are abstracted as Finite State Machines I Formulas are in Temporal Logic 1. For a fixed ϕ, is M j= ϕ true for all M? I Validity of ϕ I This can be done via proof in a theorem prover e.g. Isabelle. 2. For a fixed ϕ, is M j= ϕ true for some M? I Satisfiability 3.
    [Show full text]
  • PROGRAM VERIFICATION Robert S. Boyer and J
    PROGRAM VERIFICATION Robert S. Boyer and J Strother Moore To Appear in the Journal of Automated Reasoning The research reported here was supported by National Science Foundation Grant MCS-8202943 and Office of Naval Research Contract N00014-81-K-0634. Institute for Computing Science and Computer Applications The University of Texas at Austin Austin, Texas 78712 1 Computer programs may be regarded as formal mathematical objects whose properties are subject to mathematical proof. Program verification is the use of formal, mathematical techniques to debug software and software specifications. 1. Code Verification How are the properties of computer programs proved? We discuss three approaches in this article: inductive invariants, functional semantics, and explicit semantics. Because the first approach has received by far the most attention, it has produced the most impressive results to date. However, the field is now moving away from the inductive invariant approach. 1.1. Inductive Assertions The so-called Floyd-Hoare inductive assertion method of program verification [25, 33] has its roots in the classic Goldstine and von Neumann reports [53] and handles the usual kind of programming language, of which FORTRAN is perhaps the best example. In this style of verification, the specifier "annotates" certain points in the program with mathematical assertions that are supposed to describe relations that hold between the program variables and the initial input values each time "control" reaches the annotated point. Among these assertions are some that characterize acceptable input and the desired output. By exploring all possible paths from one assertion to the next and analyzing the effects of intervening program statements it is possible to reduce the correctness of the program to the problem of proving certain derived formulas called verification conditions.
    [Show full text]
  • Formal Verification, Model Checking
    Introduction Modeling Specification Algorithms Conclusions Formal Verification, Model Checking Radek Pel´anek Introduction Modeling Specification Algorithms Conclusions Motivation Formal Methods: Motivation examples of what can go wrong { first lecture non-intuitiveness of concurrency (particularly with shared resources) mutual exclusion adding puzzle Introduction Modeling Specification Algorithms Conclusions Motivation Formal Methods Formal Methods `Formal Methods' refers to mathematically rigorous techniques and tools for specification design verification of software and hardware systems. Introduction Modeling Specification Algorithms Conclusions Motivation Formal Verification Formal Verification Formal verification is the act of proving or disproving the correctness of a system with respect to a certain formal specification or property. Introduction Modeling Specification Algorithms Conclusions Motivation Formal Verification vs Testing formal verification testing finding bugs medium good proving correctness good - cost high small Introduction Modeling Specification Algorithms Conclusions Motivation Types of Bugs likely rare harmless testing not important catastrophic testing, FVFV Introduction Modeling Specification Algorithms Conclusions Motivation Formal Verification Techniques manual human tries to produce a proof of correctness semi-automatic theorem proving automatic algorithm takes a model (program) and a property; decides whether the model satisfies the property We focus on automatic techniques. Introduction Modeling Specification Algorithms Conclusions
    [Show full text]
  • Proof-Assistants Using Dependent Type Systems
    CHAPTER 18 Proof-Assistants Using Dependent Type Systems Henk Barendregt Herman Geuvers Contents I Proof checking 1151 2 Type-theoretic notions for proof checking 1153 2.1 Proof checking mathematical statements 1153 2.2 Propositions as types 1156 2.3 Examples of proofs as terms 1157 2.4 Intermezzo: Logical frameworks. 1160 2.5 Functions: algorithms versus graphs 1164 2.6 Subject Reduction . 1166 2.7 Conversion and Computation 1166 2.8 Equality . 1168 2.9 Connection between logic and type theory 1175 3 Type systems for proof checking 1180 3. l Higher order predicate logic . 1181 3.2 Higher order typed A-calculus . 1185 3.3 Pure Type Systems 1196 3.4 Properties of P ure Type Systems . 1199 3.5 Extensions of Pure Type Systems 1202 3.6 Products and Sums 1202 3.7 E-typcs 1204 3.8 Inductive Types 1206 4 Proof-development in type systems 1211 4.1 Tactics 1212 4.2 Examples of Proof Development 1214 4.3 Autarkic Computations 1220 5 P roof assistants 1223 5.1 Comparing proof-assistants . 1224 5.2 Applications of proof-assistants 1228 Bibliography 1230 Index 1235 Name index 1238 HANDBOOK OF AUTOMAT8D REASONING Edited by Alan Robinson and Andrei Voronkov © 2001 Elsevier Science Publishers 8.V. All rights reserved PROOF-ASSISTANTS USING DEPENDENT TYPE SYSTEMS 1151 I. Proof checking Proof checking consists of the automated verification of mathematical theories by first fully formalizing the underlying primitive notions, the definitions, the axioms and the proofs. Then the definitions are checked for their well-formedness and the proofs for their correctness, all this within a given logic.
    [Show full text]
  • Interactive Theorem Proving (ITP) Course Web Version
    Interactive Theorem Proving (ITP) Course Web Version Thomas Tuerk ([email protected]) Except where otherwise noted, this work is licened under Creative Commons Attribution-ShareAlike 4.0 International License version 3c35cc2 of Mon Nov 11 10:22:43 2019 Contents Part I Preface 3 Part II Introduction 6 Part III HOL 4 History and Architecture 16 Part IV HOL's Logic 24 Part V Basic HOL Usage 38 Part VI Forward Proofs 46 Part VII Backward Proofs 61 Part VIII Basic Tactics 83 Part IX Induction Proofs 110 Part X Basic Definitions 119 Part XI Good Definitions 163 Part XII Deep and Shallow Embeddings 184 Part XIII Rewriting 192 Part XIV Advanced Definition Principles 246 Part XV Maintainable Proofs 267 Part XVI Overview of HOL 4 289 Part XVII Other Interactive Theorem Provers 302 2 / 315 Part I Preface Except where otherwise noted, this work is licened under Creative Commons Attribution-ShareAlike 4.0 International License. Preface these slides originate from a course for advanced master students it was given by the PROSPER group at KTH in Stockholm in 2017 (see https://www.kth.se/social/group/interactive-theorem-) the course focused on how to use HOL 4 students taking the course were expected to I know functional programming, esp. SML I understand predicate logic I have some experience with pen and paper proofs the course consisted of 9 lectures, which each took 90 minutes there were 19 supervised practical sessions, which each took 2 h usually there was 1 lecture and 2 practical sessions each week students were expected to work about 10 h each
    [Show full text]
  • Can the Computer Really Help Us to Prove Theorems?
    Can the computer really help us to prove theorems? Herman Geuvers1 Radboud University Nijmegen and Eindhoven University of Technology The Netherlands ICT.Open 2011 Veldhoven, November 2011 1Thanks to Freek Wiedijk & Foundations group, RU Nijmegen Can the computer really help us to prove theorems? Can the computer really help us to prove theorems? Yes it can Can the computer really help us to prove theorems? Yes it can But it’s hard ... ◮ How does it work? ◮ Some state of the art ◮ What needs to be done Overview ◮ What are Proof Assistants? ◮ How can a computer program guarantee correctness? ◮ Challenges What are Proof Assistants – History John McCarthy (1927 – 2011) 1961, Computer Programs for Checking Mathematical Proofs What are Proof Assistants – History John McCarthy (1927 – 2011) 1961, Computer Programs for Checking Mathematical Proofs Proof-checking by computer may be as important as proof generation. It is part of the definition of formal system that proofs be machine checkable. For example, instead of trying out computer programs on test cases until they are debugged, one should prove that they have the desired properties. What are Proof Assistants – History Around 1970 five new systems / projects / ideas ◮ Automath De Bruijn (Eindhoven) ◮ Nqthm Boyer, Moore (Austin, Texas) ◮ LCF Milner (Stanford; Edinburgh) What are Proof Assistants – History Around 1970 five new systems / projects / ideas ◮ Automath De Bruijn (Eindhoven) ◮ Nqthm Boyer, Moore (Austin, Texas) ◮ LCF Milner (Stanford; Edinburgh) ◮ Mizar Trybulec (Bia lystok, Poland)
    [Show full text]