Basic Foundations of Isabelle/HOL
|
|
- Trevor Fisher
- 5 years ago
- Views:
Transcription
1 Basic Foundations of Isabelle/HOL Peter Wullinger May 16th / 29
2 1 Introduction into Isabelle s HOL Why Type Theory Basic Type Syntax 2 More HOL Typed λ Calculus HOL Rules 3 Example proof 2 / 29
3 1 Introduction into Isabelle s HOL Why Type Theory Basic Type Syntax 2 More HOL Typed λ Calculus HOL Rules 3 Example proof 3 / 29
4 Higher Order Logic (HOL) HOL Higher Order Logic (HOL) Reasoning over higher order constructs (e.g. functions of propositions) meta-logic: reasoning about logic At the core: typed λ calculus Type Theory? Each symbol has a type A type is a (non-empty) set of individuals Reasoning with types 4 / 29
5 Why Type Theory? Simple Type Theory Formal calculus available: Typed λ calculus Reason over types Functions have types, too! Higher order reasoning tλc is strongly normalizing for simple type theory! 5 / 29
6 1 Introduction into Isabelle s HOL Why Type Theory Basic Type Syntax 2 More HOL Typed λ Calculus HOL Rules 3 Example proof 6 / 29
7 Type Syntax Basic Syntactical Components (using Paulsen s notation) τ ::= (τ) bool nat... basic types τ list (lists of τ) τ τ total functions τ τ pairs (ASCII: ) (cross product) a b... type variables... user defined types We will explain all of this now. 7 / 29
8 Basic Types Basic Syntactical Components (using Paulsen s notation) τ ::= (τ) bool nat... basic types τ list (lists of τ) τ τ total functions τ τ pairs (ASCII: ) (cross product) a b... type variables... user defined types 8 / 29
9 Basic Types Basic Types bool bool = {, } this is the type of formulæ nat natural numbers list note that 0, 1,... are overloaded. when in doubt use 0 :: nat. simple recursive datatype: [] empty list x#xs concatentation Where # is of type (list list) list 9 / 29
10 Functions Basic Syntactical Components (using Paulsen s notation) τ ::= (τ) bool nat... basic types τ list (lists of τ) τ τ total functions τ τ pairs (ASCII: ) (cross product) a b... type variables... user defined types 10 / 29
11 Functions Functions Q : β x : α Φ = λ abstraction: λx : Q Phi : α β Functions are types like all other types! 11 / 29
12 Products Basic Syntactical Components (using Paulsen s notation) τ ::= (τ) bool nat... basic types τ list (lists of τ) τ τ total functions τ τ pairs (ASCII: ) (cross product) a b... type variables... user defined types 12 / 29
13 Products Products tλc extension of Isabelle/HOL: a : α b : β < a, b >: (α β) left injection and right injection possible: Insert left or right parameter Currying can in most cases achieve the same Avoid and use with care 13 / 29
14 Type Variables Basic Syntactical Components (using Paulsen s notation) τ ::= (τ) bool nat... basic types τ list (lists of τ) τ τ total functions τ τ pairs (ASCII: ) (cross product) a b... type variables... user defined types 14 / 29
15 Type Variables Type Variables These can be used to implement polymorphism Typically used for user defined a list a list of a (whatever that is) Isabelle performs lazy type checking 15 / 29
16 User Defined Types Basic Syntactical Components (using Paulsen s notation) τ ::= (τ) bool nat... basic types τ list (lists of τ) τ τ total functions τ τ pairs (ASCII: ) (cross product) a b... type variables... user defined types 16 / 29
17 User Defined Types User Defined Types Recursive definition of new types Also: Arbitrary new types Restriction: May not be empty (this is proved on definition) Example: datatype a m y l i s t = N i l Cons a ( a m y l i s t ) ; 18 / 29
18 1 Introduction into Isabelle s HOL Why Type Theory Basic Type Syntax 2 More HOL Typed λ Calculus HOL Rules 3 Example proof 19 / 29
19 Typed λ Calculus Terms term ::= (term) a λx.term term term / 29
20 Typed λ Calculus Terms term ::= (term) a λx.term term term... Abstraction Φ λx.p x : α, P : β Φ : (α β) creates a function mapping 20 / 29
21 Typed λ Calculus Terms term ::= (term) a λx.term term term... Application The inverse of abstraction Φ (P(x)a) or (λx.p)a P : (α β), a : α Φ : β 20 / 29
22 Conversions Conversions α-conversion β-conversion η-conversion 21 / 29
23 Conversions Conversions α-conversion λy(λx.x)y) α λz.(λx.x)z bound variable names don t matter β-conversion η-conversion 21 / 29
24 Conversions Conversions α-conversion λy(λx.x)y) α λz.(λx.x)z bound variable names don t matter β-conversion (λx.p)a β P[x a] function application (β-reduction) η-conversion 21 / 29
25 Conversions Conversions α-conversion λy(λx.x)y) α λz.(λx.x)z bound variable names don t matter β-conversion (λx.p)a β P[x a] function application (β-reduction) η-conversion M η λx.(mx) if x is not free in M normal form analysis 21 / 29
26 Conversions Conversions α-conversion λy(λx.x)y) α λz.(λx.x)z bound variable names don t matter β-conversion (λx.p)a β P[x a] function application (β-reduction) η-conversion M η λx.(mx) if x is not free in M normal form analysis Normal forms these are strongly normalizing any application sequence terminates in a normal form this normal form is unique 21 / 29
27 Formulæ Formulæ form ::= (form) term = term form form form form form form form x.form x.form 22 / 29
28 Formulæ Formulæ form ::= (form) term = term form form form form form form form x.form x.form Quantifiers without quantifiers, the logic cannot be higher order only one of or is needed is written in the meta-logic (!!) formally: ( x.(λx : α.p : bool)x) : bool 22 / 29
29 Formulæ Formulæ form ::= (form) term = term form form form form form form form x.form x.form Quantifiers Introduction and Elimination rules for quantifiers extended tλc is still strongly normalising 22 / 29
30 Rewrite Rules Rewrite Rules Isabelle has rewrite operations defined on Isabelle Pure Syntax Defining logics, one needs to add rewriting rules Pure Syntax looks very similar to typed λ calculus We introduct differences when encountered 23 / 29
31 Isabelle Pure Rewrite Rules Isabelle Pure Rewrite Rules There are a few of these Most of them are defined using macros or translation functions e.g. (%x. P)a ==> P[x a] where P[x a] is the result of (built-in) substitution. For now, we just assume that αβη translations are done automatically without presenting rules. 24 / 29
32 HOL rules HOL rules refl t = (t :: a) subst [ s = t; P s ] ==> P(t :: a) ext (!!x :: a. (f x :: b = g x) ==> (%x. f x = %x. g x) impi (P ==> Q) ==> P > Q mp [ (P > Q); P ] ==> Q iff (P > Q) > (Q > P) > (P = Q) somei P(x :: a) ==> P(@x. P x) True or False P = True P = False These are the basic rewriting rules. They turn basic HOL formalæ into Isabelle Pure (tλc) 25 / 29
33 HOL rules HOL rules refl t = (t :: a) subst [ s = t; P s ] ==> P(t :: a) ext (!!x :: a. (f x :: b = g x) ==> (%x. f x = %x. g x) impi (P ==> Q) ==> P > Q mp [ (P > Q); P ] ==> Q iff (P > Q) > (Q > P) > (P = Q) somei P(x :: a) ==> P(@x. P x) True or False P = True P = False It is always possible to introduce/delete type variables. 25 / 29
34 HOL rules HOL rules refl t = (t :: a) subst [ s = t; P s ] ==> P(t :: a) ext (!!x :: a. (f x :: b = g x) ==> (%x. f x = %x. g x) impi (P ==> Q) ==> P > Q mp [ (P > Q); P ] ==> Q iff (P > Q) > (Q > P) > (P = Q) somei P(x :: a) ==> P(@x. P x) True or False P = True P = False Equal terms can be subsituted and imply proving equality 25 / 29
35 HOL rules HOL rules refl t = (t :: a) subst [ s = t; P s ] ==> P(t :: a) ext (!!x :: a. (f x :: b = g x) ==> (%x. f x = %x. g x) impi (P ==> Q) ==> P > Q mp [ (P > Q); P ] ==> Q iff (P > Q) > (Q > P) > (P = Q) somei P(x :: a) ==> P(@x. P x) True or False P = True P = False Two functional abstractions are equal if they return the same result for all parameters (similar to η conversion) 25 / 29
36 HOL rules HOL rules refl t = (t :: a) subst [ s = t; P s ] ==> P(t :: a) ext (!!x :: a. (f x :: b = g x) ==> (%x. f x = %x. g x) impi (P ==> Q) ==> P > Q mp [ (P > Q); P ] ==> Q iff (P > Q) > (Q > P) > (P = Q) somei P(x :: a) ==> P(@x. P x) True or False P = True P = False Object logic implication maps to higher order implication 25 / 29
37 HOL rules HOL rules refl t = (t :: a) subst [ s = t; P s ] ==> P(t :: a) ext (!!x :: a. (f x :: b = g x) ==> (%x. f x = %x. g x) impi (P ==> Q) ==> P > Q mp [ (P > Q); P ] ==> Q iff (P > Q) > (Q > P) > (P = Q) somei P(x :: a) ==> P(@x. P x) True or False P = True P = False Syntax Note: [... ] denotes grouping of presumptions for natural deduction. For rule application, this intuitively means from the list of things that are currently true, select something matching and unify. That is modus ponens can be applied if the presumption of a meta-level implication is also true. 25 / 29
38 HOL rules HOL rules refl t = (t :: a) subst [ s = t; P s ] ==> P(t :: a) ext (!!x :: a. (f x :: b = g x) ==> (%x. f x = %x. g x) impi (P ==> Q) ==> P > Q mp [ (P > Q); P ] ==> Q iff (P > Q) > (Q > P) > (P = Q) somei P(x :: a) ==> P(@x. P x) True or False P = True P = False Two formulæ imply each other if only if they are equal. 25 / 29
39 HOL rules HOL rules refl t = (t :: a) subst [ s = t; P s ] ==> P(t :: a) ext (!!x :: a. (f x :: b = g x) ==> (%x. f x = %x. g x) impi (P ==> Q) ==> P > Q mp [ (P > Q); P ] ==> Q iff (P > Q) > (Q > P) > (P = Q) somei P(x :: a) ==> P(@x. P x) True or False P = True P = False Syntax is Hilbert s P x selects an item x that satisfies P. This is the transfinite axiom, that is if P(x) is true (and thus x is free), then there is also some x that satisfies P(x). 25 / 29
40 HOL rules HOL rules refl t = (t :: a) subst [ s = t; P s ] ==> P(t :: a) ext (!!x :: a. (f x :: b = g x) ==> (%x. f x = %x. g x) impi (P ==> Q) ==> P > Q mp [ (P > Q); P ] ==> Q iff (P > Q) > (Q > P) > (P = Q) somei P(x :: a) ==> P(@x. P x) True or False P = True P = False This is the classical axiom of choice and gives us tertium non datur, i.e. classical logics. 25 / 29
41 HOL definitions HOL definitions True def True == ((%x :: bool. x) = (%x. x)) All def All == (%P. P = (%x. True) Ex def Ex == (%P. P(@x. P x))... And def op& == %PQ.!R. (P > Q > R) > R) 26 / 29
42 HOL definitions HOL definitions True def True == ((%x :: bool. x) = (%x. x)) All def All == (%P. P = (%x. True) Ex def Ex == (%P. P(@x. P x))... And def op& == %PQ.!R. (P > Q > R) > R) Equal terms can be reduced to True 26 / 29
43 HOL definitions HOL definitions True def True == ((%x :: bool. x) = (%x. x)) All def All == (%P. P = (%x. True) Ex def Ex == (%P. P(@x. P x))... And def op& == %PQ.!R. (P > Q > R) > R) This is a little bit harder The all-quantor takes a proposition of some function type (α bool, where x : α) as argument and returns if the given parametrized proposition can be simplified to true. 26 / 29
44 HOL definitions HOL definitions True def True == ((%x :: bool. x) = (%x. x)) All def All == (%P. P = (%x. True) Ex def Ex == (%P. P(@x. P x))... And def op& == %PQ.!R. (P > Q > R) > R) Similar to the all-quantor A predicate fulfill the existential quantor if there exist s some x fulfilling it. Rewritten using the ɛ operator 26 / 29
45 HOL definitions HOL definitions True def True == ((%x :: bool. x) = (%x. x)) All def All == (%P. P = (%x. True) Ex def Ex == (%P. P(@x. P x))... And def op& == %PQ.!R. (P > Q > R) > R) We skip all the others here and just show another interesting one. 26 / 29
46 HOL definitions HOL definitions True def True == ((%x :: bool. x) = (%x. x)) All def All == (%P. P = (%x. True) Ex def Ex == (%P. P(@x. P x))... And def op& == %PQ.!R. (P > Q > R) > R) & (and, ) is rewritten into object level implication. If P Q, both implications only depend on R. This assumption is then discharged since R R. If one of P or Q is false, there is an R = False and thus the last implication is false. 26 / 29
47 Derived rules Derived Rules The above rules are the core rules HOL comes with a set of derived rules These are easier to read e.g. conje [ P&Q ]; [ P; Q ] ==> R ] ==> R 27 / 29
48 Example proof Subgoal Consider the following subgoal: a. occurs a ys) = occurs a [] + occurs a ys We introduce rules as we go. 28 / 29
49 Example proof Proof a. occurs a ys) = occurs a [] + occurs a ys 28 / 29
50 Example proof Proof a. occurs a ys) = occurs a [] + occurs a ys a. occurs a ys = occurs a [] + occurs a ys 28 / 29
51 Example proof Proof a. occurs a ys) = occurs a [] + occurs a ys occurs?a [] 0 a. occurs a ys = occurs a [] + occurs a ys a. occurs a ys = 0 + occurs a ys 28 / 29
52 Example proof Proof a. occurs a ys) = occurs a [] + occurs a ys occurs?a [] 0 0 +?x?x a. occurs a ys = occurs a [] + occurs a ys a. occurs a ys = 0 + occurs a ys a. occurs a ys = occurs a ys 28 / 29
53 Example proof Proof a. occurs a ys) = occurs a [] + occurs a ys occurs?a [] 0 0 +?x?x?xs =?xs True a. occurs a ys = occurs a [] + occurs a ys a. occurs a ys = 0 + occurs a ys a. occurs a ys = occurs a ys a. True 28 / 29
54 Example proof Proof a. occurs a ys) = occurs a [] + occurs a ys occurs?a [] 0 0 +?x?x?xs =?xs True a P P a. occurs a ys = occurs a [] + occurs a ys a. occurs a ys = 0 + occurs a ys a. occurs a ys = occurs a ys a. True True 28 / 29
55 Example proof Proof a. occurs a ys) = occurs a [] + occurs a ys occurs?a [] 0 0 +?x?x?xs =?xs True a P P a. occurs a ys = occurs a [] + occurs a ys a. occurs a ys = 0 + occurs a ys a. occurs a ys = occurs a ys a. True True Now this lemma can be used as a new rule! 28 / 29
56 Try this in Isabelle That s it for today Try to prove the above in Isabelle 29 / 29
HOL DEFINING HIGHER ORDER LOGIC LAST TIME ON HOL CONTENT. Slide 3. Slide 1. Slide 4. Slide 2 WHAT IS HIGHER ORDER LOGIC? 2 LAST TIME ON HOL 1
LAST TIME ON HOL Proof rules for propositional and predicate logic Safe and unsafe rules NICTA Advanced Course Forward Proof Slide 1 Theorem Proving Principles, Techniques, Applications Slide 3 The Epsilon
More informationOverview. A Compact Introduction to Isabelle/HOL. Tobias Nipkow. System Architecture. Overview of Isabelle/HOL
Overview A Compact Introduction to Isabelle/HOL Tobias Nipkow TU München 1. Introduction 2. Datatypes 3. Logic 4. Sets p.1 p.2 System Architecture Overview of Isabelle/HOL ProofGeneral Isabelle/HOL Isabelle
More informationCOMP 4161 NICTA Advanced Course. Advanced Topics in Software Verification. Toby Murray, June Andronick, Gerwin Klein
COMP 4161 NICTA Advanced Course Advanced Topics in Software Verification Toby Murray, June Andronick, Gerwin Klein λ 1 Last time... λ calculus syntax free variables, substitution β reduction α and η conversion
More informationλ calculus is inconsistent
Content Rough timeline COMP 4161 NICTA Advanced Course Advanced Topics in Software Verification Gerwin Klein, June Andronick, Toby Murray λ Intro & motivation, getting started [1] Foundations & Principles
More informationTheorem Proving Principles, Techniques, Applications Recursion
NICTA Advanced Course Theorem Proving Principles, Techniques, Applications Recursion 1 CONTENT Intro & motivation, getting started with Isabelle Foundations & Principles Lambda Calculus Higher Order Logic,
More informationIsabelle s meta-logic. p.1
Isabelle s meta-logic p.1 Basic constructs Implication = (==>) For separating premises and conclusion of theorems p.2 Basic constructs Implication = (==>) For separating premises and conclusion of theorems
More informationHigher-Order Logic. Specification and Verification with Higher-Order Logic
Higher-Order Logic Specification and Verification with Higher-Order Logic Arnd Poetzsch-Heffter (Slides by Jens Brandt) Software Technology Group Fachbereich Informatik Technische Universität Kaiserslautern
More informationIntroduction to dependent types in Coq
October 24, 2008 basic use of the Coq system In Coq, you can play with simple values and functions. The basic command is called Check, to verify if an expression is well-formed and learn what is its type.
More informationAutomated Reasoning. Natural Deduction in First-Order Logic
Automated Reasoning Natural Deduction in First-Order Logic Jacques Fleuriot Automated Reasoning Lecture 4, page 1 Problem Consider the following problem: Every person has a heart. George Bush is a person.
More informationIntegration of SMT Solvers with ITPs There and Back Again
Integration of SMT Solvers with ITPs There and Back Again Sascha Böhme and University of Sheffield 7 May 2010 1 2 Features: SMT-LIB vs. Yices Translation Techniques Caveats 3 4 Motivation Motivation System
More informationPrograms and Proofs in Isabelle/HOL
Programs and Proofs in Isabelle/HOL Makarius Wenzel http://sketis.net March 2016 = Isabelle λ β α Introduction What is Isabelle? Hanabusa Itcho : Blind monks examining an elephant Introduction 2 History:
More informationFormal Predicate Calculus. Michael Meyling
Formal Predicate Calculus Michael Meyling May 24, 2013 2 The source for this document can be found here: http://www.qedeq.org/0_04_07/doc/math/qedeq_formal_logic_v1.xml Copyright by the authors. All rights
More informationCalculus of Inductive Constructions
Calculus of Inductive Constructions Software Formal Verification Maria João Frade Departmento de Informática Universidade do Minho 2008/2009 Maria João Frade (DI-UM) Calculus of Inductive Constructions
More informationPure Lambda Calculus. Lecture 17
Pure Lambda Calculus Lecture 17 Lambda Calculus Lambda Calculus (λ-calculus) is a functional notation introduced by Alonzo Church in the early 1930s to formalize the notion of computability. Pure λ-calculus
More informationPreuves Interactives et Applications
Preuves Interactives et Applications Christine Paulin & Burkhart Wolff http://www.lri.fr/ paulin/preuvesinteractives Université Paris-Saclay HOL and its Specification Constructs 10/12/16 B. Wolff - M2
More information1. M,M sequential composition: try tactic M; if it succeeds try tactic M. sequential composition (, )
Dipl.-Inf. Achim D. Brucker Dr. Burkhart Wolff Computer-supported Modeling and Reasoning http://www.infsec.ethz.ch/ education/permanent/csmr/ (rev. 16802) Submission date: FOL with Equality: Equational
More informationThe Typed λ Calculus and Type Inferencing in ML
Notes on Types S. Arun-Kumar Department of Computer Science and Engineering Indian Institute of Technology New Delhi, 110016 email: sak@cse.iitd.ernet.in April 14, 2002 2 Chapter 1 The Typed λ Calculus
More informationProgramming and Proving in
Programming and Proving in = λ β Isabelle HOL α Tobias Nipkow Fakultät für Informatik Technische Universität München 1 Notation Implication associates to the right: A = B = C means A = (B = C) Similarly
More informationFundamentals and lambda calculus
Fundamentals and lambda calculus Again: JavaScript functions JavaScript functions are first-class Syntax is a bit ugly/terse when you want to use functions as values; recall block scoping: (function ()
More informationFundamentals and lambda calculus. Deian Stefan (adopted from my & Edward Yang s CSE242 slides)
Fundamentals and lambda calculus Deian Stefan (adopted from my & Edward Yang s CSE242 slides) Logistics Assignments: Programming assignment 1 is out Homework 1 will be released tomorrow night Podcasting:
More information1 Scope, Bound and Free Occurrences, Closed Terms
CS 6110 S18 Lecture 2 The λ-calculus Last time we introduced the λ-calculus, a mathematical system for studying the interaction of functional abstraction and functional application. We discussed the syntax
More informationTyped Lambda Calculus
Department of Linguistics Ohio State University Sept. 8, 2016 The Two Sides of A typed lambda calculus (TLC) can be viewed in two complementary ways: model-theoretically, as a system of notation for functions
More informationTyped Lambda Calculus for Syntacticians
Department of Linguistics Ohio State University January 12, 2012 The Two Sides of Typed Lambda Calculus A typed lambda calculus (TLC) can be viewed in two complementary ways: model-theoretically, as a
More informationComputer-supported Modeling and Reasoning. First-Order Logic. 1 More on Isabelle. 1.1 Isabelle System Architecture
Dipl-Inf Achim D Brucker Dr Burkhart Wolff Computer-supported Modeling and easoning http://wwwinfsecethzch/ education/permanent/csmr/ (rev 16814) Submission date: First-Order Logic In this lecture you
More informationActivity. CSCI 334: Principles of Programming Languages. Lecture 4: Fundamentals II. What is computable? What is computable?
Activity CSCI 334: Principles of Programming Languages Lecture 4: Fundamentals II Write a function firsts that, when given a list of cons cells, returns a list of the left element of each cons. ( (a. b)
More informationCITS3211 FUNCTIONAL PROGRAMMING
CITS3211 FUNCTIONAL PROGRAMMING 9. The λ calculus Summary: This lecture introduces the λ calculus. The λ calculus is the theoretical model underlying the semantics and implementation of functional programming
More informationc constructor P, Q terms used as propositions G, H hypotheses scope identifier for a notation scope M, module identifiers t, u arbitrary terms
Coq quick reference Meta variables Usage Meta variables Usage c constructor P, Q terms used as propositions db identifier for a hint database s string G, H hypotheses scope identifier for a notation scope
More informationCoq quick reference. Category Example Description. Inductive type with instances defined by constructors, including y of type Y. Inductive X : Univ :=
Coq quick reference Category Example Description Meta variables Usage Meta variables Usage c constructor P, Q terms used as propositions db identifier for a hint database s string G, H hypotheses scope
More informationCSC Discrete Math I, Spring Sets
CSC 125 - Discrete Math I, Spring 2017 Sets Sets A set is well-defined, unordered collection of objects The objects in a set are called the elements, or members, of the set A set is said to contain its
More informationLogical Verification Course Notes. Femke van Raamsdonk Vrije Universiteit Amsterdam
Logical Verification Course Notes Femke van Raamsdonk femke@csvunl Vrije Universiteit Amsterdam autumn 2008 Contents 1 1st-order propositional logic 3 11 Formulas 3 12 Natural deduction for intuitionistic
More informationMLW. Henk Barendregt and Freek Wiedijk assisted by Andrew Polonsky. March 26, Radboud University Nijmegen
1 MLW Henk Barendregt and Freek Wiedijk assisted by Andrew Polonsky Radboud University Nijmegen March 26, 2012 inductive types 2 3 inductive types = types consisting of closed terms built from constructors
More informationThe three faces of homotopy type theory. Type theory and category theory. Minicourse plan. Typing judgments. Michael Shulman.
The three faces of homotopy type theory Type theory and category theory Michael Shulman 1 A programming language. 2 A foundation for mathematics based on homotopy theory. 3 A calculus for (, 1)-category
More informationCSE-321 Programming Languages 2011 Final
Name: Hemos ID: CSE-321 Programming Languages 2011 Final Prob 1 Prob 2 Prob 3 Prob 4 Prob 5 Prob 6 Total Score Max 15 15 10 17 18 25 100 There are six problems on 18 pages in this exam, including one extracredit
More informationCoq with Classes. Matthieu Sozeau. Journées PPS 2011 September 5th 2011 Trouville, France. Project Team πr 2 INRIA Paris
Coq with Classes Matthieu Sozeau Project Team πr 2 INRIA Paris Journées PPS 2011 September 5th 2011 Trouville, France This talk A quick overview of Coq Elaboration Type Classes Matthieu Sozeau - Coq with
More informationCOMP 4161 Data61 Advanced Course. Advanced Topics in Software Verification. Gerwin Klein, June Andronick, Christine Rizkallah, Miki Tanaka
COMP 4161 Data61 Advanced Course Advanced Topics in Software Verification Gerwin Klein, June Andronick, Christine Rizkallah, Miki Tanaka 1 COMP4161 c Data61, CSIRO: provided under Creative Commons Attribution
More informationFunctional Programming and Modeling
Chapter 2 2. Functional Programming and Modeling 2.0 2. Functional Programming and Modeling 2.0 Overview of Chapter Functional Programming and Modeling 2. Functional Programming and Modeling 2.1 Overview
More informationInductive Definitions, continued
1 / 27 Inductive Definitions, continued Assia Mahboubi Jan 7th, 2016 2 / 27 Last lecture Introduction to Coq s inductive types: Introduction, elimination and computation rules; Twofold implementation :
More informationConcepts of programming languages
Concepts of programming languages Lecture 5 Wouter Swierstra 1 Announcements Submit your project proposal to me by email on Friday; The presentation schedule in now online Exercise session after the lecture.
More informationAn Introduction to Programming and Proving in Agda (incomplete draft)
An Introduction to Programming and Proving in Agda (incomplete draft) Peter Dybjer January 29, 2018 1 A first Agda module Your first Agda-file is called BoolModule.agda. Its contents are module BoolModule
More information3.4 Deduction and Evaluation: Tools Conditional-Equational Logic
3.4 Deduction and Evaluation: Tools 3.4.1 Conditional-Equational Logic The general definition of a formal specification from above was based on the existence of a precisely defined semantics for the syntax
More informationAn Introduction to Isabelle/HOL 2008
An Introduction to Isabelle/HOL 2008 Tobias Nipkow TU München p.1 Overview of Isabelle/HOL p.2 System Architecture ProofGeneral Isabelle/HOL Isabelle Standard ML (X)Emacs based interface Isabelle instance
More informationFoundations of AI. 9. Predicate Logic. Syntax and Semantics, Normal Forms, Herbrand Expansion, Resolution
Foundations of AI 9. Predicate Logic Syntax and Semantics, Normal Forms, Herbrand Expansion, Resolution Wolfram Burgard, Andreas Karwath, Bernhard Nebel, and Martin Riedmiller 09/1 Contents Motivation
More informationLecture Notes on Program Equivalence
Lecture Notes on Program Equivalence 15-312: Foundations of Programming Languages Frank Pfenning Lecture 24 November 30, 2004 When are two programs equal? Without much reflection one might say that two
More informationProgramming and Proving in Isabelle/HOL
Programming and Proving in Isabelle/HOL Tobias Nipkow Fakultät für Informatik Technische Universität München 2013 MOD Summer School 1 Notation Implication associates to the right: A = B = C means A = (B
More informationPolarized Rewriting and Tableaux in B Set Theory
Polarized Rewriting and Tableaux in B Set Theory SETS 2018 Olivier Hermant CRI, MINES ParisTech, PSL Research University June 5, 2018 O. Hermant (MINES ParisTech) Polarized Tableaux Modulo in B June 5,
More informationInductive datatypes in HOL. lessons learned in Formal-Logic Engineering
Inductive datatypes in HOL lessons learned in Formal-Logic Engineering Stefan Berghofer and Markus Wenzel Institut für Informatik TU München = Isabelle λ β HOL α 1 Introduction Applications of inductive
More informationIntroduction to the Lambda Calculus
Introduction to the Lambda Calculus Overview: What is Computability? Church s Thesis The Lambda Calculus Scope and lexical address The Church-Rosser Property Recursion References: Daniel P. Friedman et
More informationThe Eisbach User Manual
= Isabelle λ β Eisbach α The Eisbach User Manual Daniel Matichuk Makarius Wenzel Toby Murray 8 October 2017 Preface Eisbach is a collection of tools which form the basis for defining new proof methods
More informationFunctional Programming with Isabelle/HOL
Functional Programming with Isabelle/HOL = Isabelle λ β HOL α Florian Haftmann Technische Universität München January 2009 Overview Viewing Isabelle/HOL as a functional programming language: 1. Isabelle/HOL
More informationProving Theorems with Athena
Proving Theorems with Athena David R. Musser Aytekin Vargun August 28, 2003, revised January 26, 2005 Contents 1 Introduction 1 2 Proofs about order relations 2 3 Proofs about natural numbers 7 3.1 Term
More informationSymmetry in Type Theory
Google May 29th, 2012 What is Symmetry? Definition Symmetry: Two or more things that initially look distinct, may actually be instances of a more general underlying principle. Why do we care? Simplicity.
More informationFirst-Class Type Classes
First-Class Type Classes Matthieu Sozeau Joint work with Nicolas Oury LRI, Univ. Paris-Sud - Démons Team & INRIA Saclay - ProVal Project Gallium Seminar November 3rd 2008 INRIA Rocquencourt Solutions for
More informationλ calculus Function application Untyped λ-calculus - Basic Idea Terms, Variables, Syntax β reduction Advanced Formal Methods
Course 2D1453, 2006-07 Advanced Formal Methods Lecture 2: Lambda calculus Mads Dam KTH/CSC Some material from B. Pierce: TAPL + some from G. Klein, NICTA Alonzo Church, 1903-1995 Church-Turing thesis First
More informationReasoning about programs. Chapter 9 of Thompson
Reasoning about programs Chapter 9 of Thompson Proof versus testing A proof will state some property of a program that holds for all inputs. Testing shows only that a property holds for a particular set
More informationOn Agda JAIST/AIST WS CVS/AIST Yoshiki Kinoshita, Yoriyuki Yamagata. Agenda
On Agda 2009.3.12 JAIST/AIST WS CVS/AIST Yoshiki Kinoshita, Yoriyuki Yamagata Agenda On Agda Agda as a programming language Agda as a proof system Further information. 2 1 Agenda On Agda Agda as a programming
More informationMathematics for Computer Scientists 2 (G52MC2)
Mathematics for Computer Scientists 2 (G52MC2) L07 : Operations on sets School of Computer Science University of Nottingham October 29, 2009 Enumerations We construct finite sets by enumerating a list
More informationIntroduction to the Lambda Calculus. Chris Lomont
Introduction to the Lambda Calculus Chris Lomont 2010 2011 2012 www.lomont.org Leibniz (1646-1716) Create a universal language in which all possible problems can be stated Find a decision method to solve
More informationLecture #13: Type Inference and Unification. Typing In the Language ML. Type Inference. Doing Type Inference
Lecture #13: Type Inference and Unification Typing In the Language ML Examples from the language ML: fun map f [] = [] map f (a :: y) = (f a) :: (map f y) fun reduce f init [] = init reduce f init (a ::
More informationa brief introduction to (dependent) type theory
a brief introduction to (dependent) type theory Cory Knapp January 14, 2015 University of Birmingham what is type theory? What is type theory? formal language of terms with types x : A x has type A What
More information5. Introduction to the Lambda Calculus. Oscar Nierstrasz
5. Introduction to the Lambda Calculus Oscar Nierstrasz Roadmap > What is Computability? Church s Thesis > Lambda Calculus operational semantics > The Church-Rosser Property > Modelling basic programming
More informationFrom Types to Sets in Isabelle/HOL
From Types to Sets in Isabelle/HOL Extented Abstract Ondřej Kunčar 1 and Andrei Popescu 1,2 1 Fakultät für Informatik, Technische Universität München, Germany 2 Institute of Mathematics Simion Stoilow
More informationAxiom 3 Z(pos(Z) X(X intersection of Z P(X)))
In this section, we are going to prove the equivalence between Axiom 3 ( the conjunction of any collection of positive properties is positive ) and Proposition 3 ( it is possible that God exists ). First,
More informationKripke-Style Contextual Modal Type Theory
Kripke-Style Contextual Modal Type Theory YUITO MURASE THE UNIVERSITY OF TOKYO Agenda Background Logic Type System Future Plan/Related Work Background: Syntactical Metaprogramming Extend the syntax of
More informationDependent types and program equivalence. Stephanie Weirich, University of Pennsylvania with Limin Jia, Jianzhou Zhao, and Vilhelm Sjöberg
Dependent types and program equivalence Stephanie Weirich, University of Pennsylvania with Limin Jia, Jianzhou Zhao, and Vilhelm Sjöberg What are dependent types? Types that depend on values of other types
More informationLess naive type theory
Institute of Informatics Warsaw University 26 May 2007 Plan 1 Syntax of lambda calculus Why typed lambda calculi? 2 3 Syntax of lambda calculus Why typed lambda calculi? origins in 1930s (Church, Curry)
More informationCSE 311: Foundations of Computing. Lecture 8: Predicate Logic Proofs
CSE 311: Foundations of Computing Lecture 8: Predicate Logic Proofs Last class: Propositional Inference Rules Two inference rules per binary connective, one to eliminate it and one to introduce it Elim
More informationFormal Systems and their Applications
Formal Systems and their Applications Dave Clarke (Dave.Clarke@cs.kuleuven.be) Acknowledgment: these slides are based in part on slides from Benjamin Pierce and Frank Piessens 1 Course Overview Introduction
More informationFoundations. Yu Zhang. Acknowledgement: modified from Stanford CS242
Spring 2013 Foundations Yu Zhang Acknowledgement: modified from Stanford CS242 https://courseware.stanford.edu/pg/courses/317431/ Course web site: http://staff.ustc.edu.cn/~yuzhang/fpl Reading Concepts
More informationCS152: Programming Languages. Lecture 11 STLC Extensions and Related Topics. Dan Grossman Spring 2011
CS152: Programming Languages Lecture 11 STLC Extensions and Related Topics Dan Grossman Spring 2011 Review e ::= λx. e x e e c v ::= λx. e c τ ::= int τ τ Γ ::= Γ, x : τ (λx. e) v e[v/x] e 1 e 1 e 1 e
More informationFrom the λ-calculus to Functional Programming Drew McDermott Posted
From the λ-calculus to Functional Programming Drew McDermott drew.mcdermott@yale.edu 2015-09-28 Posted 2015-10-24 The λ-calculus was intended from its inception as a model of computation. It was used by
More informationLecture #23: Conversion and Type Inference
Lecture #23: Conversion and Type Inference Administrivia. Due date for Project #2 moved to midnight tonight. Midterm mean 20, median 21 (my expectation: 17.5). Last modified: Fri Oct 20 10:46:40 2006 CS164:
More informationA computer implemented philosophy of mathematics
A computer implemented philosophy of mathematics M. Randall Holmes May 14, 2018 This paper presents a philosophical view of the basic foundations of mathematics, which is implemented in actual computer
More informationLambda Calculus. Variables and Functions. cs3723 1
Lambda Calculus Variables and Functions cs3723 1 Lambda Calculus Mathematical system for functions Computation with functions Captures essence of variable binding Function parameters and substitution Can
More informationRecursive Definitions, Fixed Points and the Combinator
Recursive Definitions, Fixed Points and the Combinator Dr. Greg Lavender Department of Computer Sciences University of Texas at Austin Recursive Self-Reference Recursive self-reference occurs regularly
More informationConversion vs. Subtyping. Lecture #23: Conversion and Type Inference. Integer Conversions. Conversions: Implicit vs. Explicit. Object x = "Hello";
Lecture #23: Conversion and Type Inference Administrivia. Due date for Project #2 moved to midnight tonight. Midterm mean 20, median 21 (my expectation: 17.5). In Java, this is legal: Object x = "Hello";
More informationType Checking and Type Inference
Type Checking and Type Inference Principles of Programming Languages CSE 307 1 Types in Programming Languages 2 Static Type Checking 3 Polymorphic Type Inference Version: 1.8 17:20:56 2014/08/25 Compiled
More informationThe Isar Proof Language in 2016
The Isar Proof Language in 2016 Makarius Wenzel sketis.net August 2016 = Isabelle λ β Isar α Introduction History of Isar 1999: first usable version primary notion of proof document (not proof script )
More informationLexicografie computationala Feb., 2012
Lexicografie computationala Feb., 2012 Anca Dinu University of Bucharest Introduction When we construct meaning representations systematically, we integrate information from two different sources: 1. The
More informationProgramming and Proving in Isabelle/HOL
Tobias Nipkow Programming and Proving in Isabelle/HOL = Isabelle λ β α February 12, 2013 Contents 1 Introduction 1 2 Programming and Proving 3 21 Basics 3 22 Types bool, nat and list 5 23 Type and function
More informationLast class. CS Principles of Programming Languages. Introduction. Outline
Last class CS6848 - Principles of Programming Languages Principles of Programming Languages V. Krishna Nandivada IIT Madras Interpreters A Environment B Cells C Closures D Recursive environments E Interpreting
More informationCS-XXX: Graduate Programming Languages. Lecture 17 Recursive Types. Dan Grossman 2012
CS-XXX: Graduate Programming Languages Lecture 17 Recursive Types Dan Grossman 2012 Where are we System F gave us type abstraction code reuse strong abstractions different from real languages (like ML),
More informationCSE-321 Programming Languages 2012 Midterm
Name: Hemos ID: CSE-321 Programming Languages 2012 Midterm Prob 1 Prob 2 Prob 3 Prob 4 Prob 5 Prob 6 Total Score Max 14 15 29 20 7 15 100 There are six problems on 24 pages in this exam. The maximum score
More informationCIS 194: Homework 8. Due Wednesday, 8 April. Propositional Logic. Implication
CIS 194: Homework 8 Due Wednesday, 8 April Propositional Logic In this section, you will prove some theorems in Propositional Logic, using the Haskell compiler to verify your proofs. The Curry-Howard isomorphism
More informationIntroduction to Lambda Calculus. Lecture 7 CS /08/09
Introduction to Lambda Calculus Lecture 7 CS 565 02/08/09 Lambda Calculus So far, we ve explored some simple but non-interesting languages language of arithmetic expressions IMP (arithmetic + while loops)
More informationCSCI.6962/4962 Software Verification Fundamental Proof Methods in Computer Science (Arkoudas and Musser) Chapter p. 1/27
CSCI.6962/4962 Software Verification Fundamental Proof Methods in Computer Science (Arkoudas and Musser) Chapter 2.1-2.7 p. 1/27 CSCI.6962/4962 Software Verification Fundamental Proof Methods in Computer
More informationThe Untyped Lambda Calculus
Resources: The slides of this lecture were derived from x = 1 [Järvi], with permission of the original author, by copy & let x = 1 in... paste or by selection, annotation, or rewording. [Järvi] is in turn
More informationOrganisatorials. About us. Binary Search (java.util.arrays) When Tue 9:00 10:30 Thu 9:00 10:30. COMP 4161 NICTA Advanced Course
Organisatorials COMP 4161 NICTA Advanced Course When Tue 9:00 10:30 Thu 9:00 10:30 Where Tue: Law 163 (F8-163) Thu: Australian School Business 205 (E12-205) Advanced Topics in Software Verification Rafal
More informationCMSC 330: Organization of Programming Languages. Operational Semantics
CMSC 330: Organization of Programming Languages Operational Semantics Notes about Project 4, Parts 1 & 2 Still due today (7/2) Will not be graded until 7/11 (along with Part 3) You are strongly encouraged
More informationComputation Club: Gödel s theorem
Computation Club: Gödel s theorem The big picture mathematicians do a lot of reasoning and write a lot of proofs formal systems try to capture the ideas of reasoning and proof in a purely mechanical set
More informationProgramming Language Concepts: Lecture 19
Programming Language Concepts: Lecture 19 Madhavan Mukund Chennai Mathematical Institute madhavan@cmi.ac.in http://www.cmi.ac.in/~madhavan/courses/pl2009 PLC 2009, Lecture 19, 01 April 2009 Adding types
More informationConcrete Semantics. A Proof Assistant Approach. Tobias Nipkow Fakultät für Informatik Technische Universität München
Concrete Semantics A Proof Assistant Approach Tobias Nipkow Fakultät für Informatik Technische Universität München 2014-1-26 1 Part I Isabelle 2 Chapter 2 Programming and Proving 3 1 Overview of Isabelle/HOL
More informationLambda Calculus and Extensions as Foundation of Functional Programming
Lambda Calculus and Extensions as Foundation of Functional Programming David Sabel and Manfred Schmidt-Schauß 29. September 2015 Lehrerbildungsforum Informatik Last update: 30. September 2015 Overview
More informationProvably Correct Software
Provably Correct Software Max Schäfer Institute of Information Science/Academia Sinica September 17, 2007 1 / 48 The Need for Provably Correct Software BUT bugs are annoying, embarrassing, and cost gazillions
More informationLambda Calculus and Type Inference
Lambda Calculus and Type Inference Björn Lisper Dept. of Computer Science and Engineering Mälardalen University bjorn.lisper@mdh.se http://www.idt.mdh.se/ blr/ August 17, 2007 Lambda Calculus and Type
More informationOverview. CS389L: Automated Logical Reasoning. Lecture 6: First Order Logic Syntax and Semantics. Constants in First-Order Logic.
Overview CS389L: Automated Logical Reasoning Lecture 6: First Order Logic Syntax and Semantics Işıl Dillig So far: Automated reasoning in propositional logic. Propositional logic is simple and easy to
More informationInduction and Semantics in Dafny
15-414 Lecture 11 1 Instructor: Matt Fredrikson Induction and Semantics in Dafny TA: Ryan Wagner Encoding the syntax of Imp Recall the abstract syntax of Imp: a AExp ::= n Z x Var a 1 + a 2 b BExp ::=
More informationInduction Schemes. Math Foundations of Computer Science
Induction Schemes Math Foundations of Computer Science Topics Induction Example Induction scheme over the naturals Termination Reduction to equational reasoning ACL2 proof General Induction Schemes Induction
More informationLambda Calculi With Polymorphism
Resources: The slides of this lecture were derived from [Järvi], with permission of the original author, by copy & x = 1 let x = 1 in... paste or by selection, annotation, or rewording. [Järvi] is in turn
More informationSection 2.4: Arguments with Quantified Statements
Section 2.4: Arguments with Quantified Statements In this section, we shall generalize the ideas we developed in Section 1.3 to arguments which involve quantified statements. Most of the concepts we shall
More informationIntroduction to Lambda Calculus. Lecture 5 CS 565 1/24/08
Introduction to Lambda Calculus Lecture 5 CS 565 1/24/08 Lambda Calculus So far, we ve explored some simple but non-interesting languages language of arithmetic expressions IMP (arithmetic + while loops)
More information