Preuves Interactives et Applications

Similar documents
Functional Programming with Isabelle/HOL

HOL DEFINING HIGHER ORDER LOGIC LAST TIME ON HOL CONTENT. Slide 3. Slide 1. Slide 4. Slide 2 WHAT IS HIGHER ORDER LOGIC? 2 LAST TIME ON HOL 1

Isabelle Tutorial: System, HOL and Proofs

locales ISAR IS BASED ON CONTEXTS CONTENT Slide 3 Slide 1 proof - fix x assume Ass: A. x and Ass are visible Slide 2 Slide 4 inside this context

Isabelle Tutorial: System, HOL and Proofs

Basic Foundations of Isabelle/HOL

First-Class Type Classes

Overview. A Compact Introduction to Isabelle/HOL. Tobias Nipkow. System Architecture. Overview of Isabelle/HOL

λ calculus is inconsistent

1. M,M sequential composition: try tactic M; if it succeeds try tactic M. sequential composition (, )

Theorem Proving Principles, Techniques, Applications Recursion

Introduction to dependent types in Coq

COMP 4161 NICTA Advanced Course. Advanced Topics in Software Verification. Toby Murray, June Andronick, Gerwin Klein

Integration of SMT Solvers with ITPs There and Back Again

Inductive datatypes in HOL. lessons learned in Formal-Logic Engineering

Coq, a formal proof development environment combining logic and programming. Hugo Herbelin

CS 4110 Programming Languages & Logics. Lecture 28 Recursive Types

CSE-321 Programming Languages 2010 Final

Programming Languages Lecture 14: Sum, Product, Recursive Types

L04_in_class.v. L04_in_class.v. Printed by Zach Tatlock

The Isar Proof Language in 2016

CMSC 336: Type Systems for Programming Languages Lecture 5: Simply Typed Lambda Calculus Acar & Ahmed January 24, 2008

Coq with Classes. Matthieu Sozeau. Journées PPS 2011 September 5th 2011 Trouville, France. Project Team πr 2 INRIA Paris

Functional Programming and Modeling

Isabelle s meta-logic. p.1

From Types to Sets in Isabelle/HOL

Unit- and Sequence Test Generation with HOL-TestGen

MLW. Henk Barendregt and Freek Wiedijk assisted by Andrew Polonsky. March 26, Radboud University Nijmegen

Programming Languages

A CRASH COURSE IN SEMANTICS

c constructor P, Q terms used as propositions G, H hypotheses scope identifier for a notation scope M, module identifiers t, u arbitrary terms

Coq quick reference. Category Example Description. Inductive type with instances defined by constructors, including y of type Y. Inductive X : Univ :=

Inductive Definitions, continued

Automated Reasoning. Natural Deduction in First-Order Logic

Embedding logics in Dedukti

Computer-supported Modeling and Reasoning. First-Order Logic. 1 More on Isabelle. 1.1 Isabelle System Architecture

type classes & locales

Introduction to Co-Induction in Coq

Programming and Proving in Isabelle/HOL

A Simple Supercompiler Formally Verified in Coq

A Verified Compiler from Isabelle/HOL to CakeML

CS 456 (Fall 2018) Scribe Notes: 2

Context aware Calculation and Deduction

Higher-Order Logic. Specification and Verification with Higher-Order Logic

CS 4110 Programming Languages & Logics. Lecture 27 Recursive Types

MoreIntro.v. MoreIntro.v. Printed by Zach Tatlock. Oct 07, 16 18:11 Page 1/10. Oct 07, 16 18:11 Page 2/10. Monday October 10, 2016 lec02/moreintro.

Programming Languages Lecture 15: Recursive Types & Subtyping

Programs and Proofs in Isabelle/HOL

Programming Languages Third Edition

Packaging Theories of Higher Order Logic

Coq. LASER 2011 Summerschool Elba Island, Italy. Christine Paulin-Mohring

Logical Verification Course Notes. Femke van Raamsdonk Vrije Universiteit Amsterdam

CSE-321 Programming Languages 2011 Final

3.4 Deduction and Evaluation: Tools Conditional-Equational Logic

Inductive data types

Expr_annotated.v. Expr_annotated.v. Printed by Zach Tatlock

Inductive prod (A B : Set) : Set := pair : A -> B -> prod A B. Inductive sum (A B : Set) : Set := inl : A -> sum A B inr : B -> sum A B.

Contractive Signatures with Recursive Types, Type Parameters, and Abstract Types

2 Programming and Proving

Programming and Proving in Isabelle/HOL

Equations: a tool for dependent pattern-matching

Lecture Notes on Program Equivalence

L06_exercise.v. L06_exercise.v

On Agda JAIST/AIST WS CVS/AIST Yoshiki Kinoshita, Yoriyuki Yamagata. Agenda

Synthesis of distributed mobile programs using monadic types in Coq

Certified Programming with Dependent Types

Programming and Proving in

1 Introduction. 3 Syntax

CS 6110 S11 Lecture 25 Typed λ-calculus 6 April 2011

Verification in Coq. Prof. Clarkson Fall Today s music: Check Yo Self by Ice Cube

Towards Lean 4: Sebastian Ullrich 1, Leonardo de Moura 2.

CS152: Programming Languages. Lecture 11 STLC Extensions and Related Topics. Dan Grossman Spring 2011

Induction and Semantics in Dafny

A Verified Simple Prover for First-Order Logic

Plugins for the Isabelle Platform:

MoreIntro_annotated.v. MoreIntro_annotated.v. Printed by Zach Tatlock. Oct 04, 16 21:55 Page 1/10

Programming with Universes, Generically

Coq projects for type theory 2018

Analysis of dependent types in Coq through the deletion of the largest node of a binary search tree

Pattern Matching and Abstract Data Types

Type Classes and Overloading in Higher-Order Logic

CIS 194: Homework 8. Due Wednesday, 8 April. Propositional Logic. Implication

The Isabelle/Isar Reference Manual

Toward explicit rewrite rules in the λπ-calculus modulo

Mathematics for Computer Scientists 2 (G52MC2)

ML 4 Unification Algorithm

a brief introduction to (dependent) type theory

Printed by Zach Tatlock Dec 08, 15 22:18 Page 1/11. Lemma subst_only_free: forall e1 e2 x e3, Subst e1 e2 x e3 > ~ free e1 x > e1 = e3. Proof.

An Introduction to ProofPower

CMSC 330: Organization of Programming Languages

Programming and Proving in Isabelle/HOL

Verified Firewall Policy Transformations for Test Case Generation

Interactive Proof: Introduction to Isabelle/HOL

CMSC 330: Organization of Programming Languages. Formal Semantics of a Prog. Lang. Specifying Syntax, Semantics

A Case Study of Co-induction in Isabelle 1

On Theorem Prover-based Testing

Programming with (co-)inductive types in Coq

Efficient Mergesort. Christian Sternagel. October 11, 2017

3.7 Denotational Semantics

A Pronominal Account of Binding and Computation

Transcription:

Preuves Interactives et Applications Christine Paulin & Burkhart Wolff http://www.lri.fr/ paulin/preuvesinteractives Université Paris-Saclay HOL and its Specification Constructs 10/12/16 B. Wolff - M2 - PIA 1

Revisions 10/12/16 B. Wolff - M2 - PIA 2

Revision: Documents and Commands! Isabelle has (similar to Eclipse) a document-centric view of development: there is a notion on an entire project which is processed globally.! Documents (~ projects in Eclipse) consists of files (with potentially different file-type);.thy files consists of headers commands. 10/12/16 B. Wolff - M2 - PIA 3

What is Isabelle as a System?! Global View of a session Document / Theory A B C D

What is Isabelle as a System?! Global View Document / Theory A atom detailed view: B C token token token D

Revision: Documents and Commands! Each position in document corresponds to a global context Θ to a local context Θ, Γ! There are specific Inspection Commands that give access to information in the contexts thm, term, typ, value, prop : global context print_cases, facts,..., thm : local context 10/12/16 B. Wolff - M2 - PIA 6

What is Isabelle as a System?! Document positions were evaluated to an implicit state, the theory context T Document / A Theory B C Θ 0 Θ 3-1 Θ 3-2 Θ 3 semantic evaluation as SML function D

Inspection Commands! Type-checking terms: term <hol-term>! Evaluating terms: example: term (a::nat) + b = b + a" value <hol-term> example: term (3::nat) + 4 = 7" 10/12/16 B. Wolff - M2 - PIA 8

Simple Proof Commands! Simple (Backward) Proofs: lemma <thmname> : [<contextelem> + shows] <phi> <proof> There are different formats of proofs, we concentrate on the simplest one: apply(<method 1 >)... apply(<method n >) done

Exercise demo3.thy! Examples lemma X1 : A B C (A B) C (* output: A; B; C (A B) C ) *) lemma X2 : assume A and B and C shows (A B) C lemma X2 : assume h1: A and h2: B and h3: C shows (A B) C 10/12/16 B. Wolff - M2 - PIA 10

How to built theories in a logically safe manner? Beyond the question: Is the Kernel of Isabelle correct? there is the question: Is the HOL Library consistent? What guarantees can we have for systems with 15000 rules??? 10/12/16 B. Wolff - M2 - PIA 11

Isabelle Specification Constructs! Constant Definitions: definition f:: <τ> where <name> : f x 1 x n = <t>! Type Definitions: example: definition C::"bool where "C x = x" bool" typedef ('α 1..'α n ) κ = <set-expr> <proof> example: typedef even = "{x::int. x mod 2 = 0} 10/12/16 B. Wolff - M2 - PIA 12

Isabelle Specification Constructs and Theory Construction by Conservative Extension 10/12/16 B. Wolff - M2 - PIA 13

Semantics of Constant Definition! Constant definition: (S, A) T definition f:: <τ> where <name> : f x 1 x n = <expr> (S f::τ! A {f_def f x 1 x n = <expr> }) T' where f is fresh in T λ x 1 x n = <expr> is closed [and type-closed] f does not occur in <expr> 10/12/16 B. Wolff - M2 - PIA 14

Semantics of a Type Definition! Idea: Similar to constant definitions; we define the new entity ( a type ) by an old one.! For Type Definitions, we define the new type to be isomorphic to a (non-empty) subset of an old one.! The Isomorphism is stated by three (conservative) axioms. 10/12/16 B. Wolff - M2 - PIA 15

Semantics of a Type Definition! Idea: Similar to constant definitions; we define the new entity ( a type ) by an old one. ('α 1..'α n ) κ Abs_κ Rep_κ ('α 1..'α n )τ (('α 1..'α n )τ) set 10/12/16 B. Wolff - M2 - PIA 16

Isabelle Specification Constructs! Type definition: (S, A) T typedef ('α 1..'α n ) κ = <expr:: (('α 1..'α n )τ) set> <proof> (S ('α 1..'α n ) κ Abs_κ::('α 1..'α n )τ ('α 1..'α n )κ Rep_κ::('α 1..'α n )κ ('α 1..'α n )τ A {Rep_κ_inverse Abs_κ (Rep_κ x) = x } {Rep_κ_inject (Rep_κ x = Rep_κ y) = (x = y) } {Rep_κ Rep_κ x {x. expr x}) T' where the type-constructor κ is fresh in T expr is closed <expr:: ('α 1..'α n )τ set> is non-empty (to be proven by a witness) 10/12/16 B. Wolff - M2 - PIA 17

Isabelle Specification Constructs! Major example: The introduction of the cartesian product: subsubsection {* Type definition *} definition Pair_Rep :: "'a 'b 'a 'b bool" where "Pair_Rep a b = (λx y. x = a y = b)" definition "prod = {f. a b. f = Pair_Rep (a 'a) (b 'b)}" typedef ('a, 'b) prod (infixr "*" 20) = "prod :: ('a 'b bool) set" unfolding prod_def by auto type_notation (xsymbols) "prod" ("(_ / _)" [21, 20] 20) 10/12/16 B. Wolff - M2 - PIA 18

Specification Mechanism Commands! Datatype Definitions (similar SML): (Machinery behind : complex series of const and typedefs!) datatype ('a 1..'a n ) T = <c> :: <τ> <c> :: <τ>! Recursive Function Definitions: (Machinery behind: Veeery complex series of const and typedefs and automated proofs!) fun <c> :: <τ> where <c> <pattern> = <t>... <c> <pattern> = <t> 10/12/16 B. Wolff - M2 - PIA 19

Specification Mechanism Commands! Datatype Definitions (similar SML): (Machinery behind : complex!) datatype ('a 1..'a n ) T = <c> :: <τ> <c> :: <τ>! Recursive Function Definitions: (Machinery behind: Veeery complex!) fun <c> :: <τ> where <c> <pattern> = <t>... <c> <pattern> = <t> NOTE: Isabelle HOL compiles this internally to axiomatic definitions, i.e. a model in HOL!!! 10/12/16 B. Wolff - M2 - PIA 20

Specification Mechanism Commands! Datatype Definitions (similar SML): Examples: datatype mynat = ZERO SUC mynat datatype 'a list = MT CONS "'a" "'a list" 10/12/16 B. Wolff - M2 - PIA 21

Specification Mechanism Commands! Inductively Defined Sets: inductive <c> [ for <v>:: <τ> ] where <thmname> : <φ>... <thmname> = <φ> example: inductive path for rel ::"'a 'a bool" where base : path rel x x step : rel x y path rel y z path rel x z 10/12/16 B. Wolff - M2 - PIA 22

Specification Mechanism Commands! Inductively Defined Sets: inductive <c> [ for <v>:: <τ> ] where <thmname> : <φ>... <thmname> = <φ> NOTE: Isabelle HOL compiles this internally to axiomatic definitions, i.e. a model in HOL!!! example: inductive path for rel ::"'a 'a bool" where base : path rel x x step : rel x y path rel y z path rel x z 10/12/16 B. Wolff - M2 - PIA 23

Specification Mechanism Commands! Extended Notation for Cartesian Products: records (as in SML or OCaml; gives a slightly OO-flavor) record <c> = [<record> + ] tag 1 :: <τ 1 >... tag n :: <τ n >!... introduces also semantics and syntax for selectors : tag 1 x constructors : tag 1 = x 1,..., tag n = x n update-functions : x tag 1 := x n 10/12/16 B. Wolff - M2 - PIA 24

More on Proof Methods 10/12/16 B. Wolff - M2 - PIA 25

More on Proof-Methods! Some composed methods (internally based on assumption, erule_tac and rule_tac + tactic code that constructs the substitutions) subst <equation> (one step left-to-right rewrite, choose any redex) subst <equation>[symmetric] (one step right-to-left rewrite, choose any redex) subst (<n>) <equation> (one step left-to-right rewrite, choose n-th redex) 10/12/16 B. Wolff - M2 - PIA 26

More on Proof-Methods! Some composed methods (internally based on assumption, erule_tac and rule_tac + tactic code that constructs the substitutions) simp (arbitrary number of left-to-right rewrites, assumption or rule refl attepted at the end; a global simpset in the background is used.) simp add: <equation>... <equation> 10/12/16 B. Wolff - M2 - PIA 27

More on Proof-Methods! Some composed methods (internally based on assumption, erule_tac and rule_tac + tactic code that constructs the substitutions) auto (apply in exaustive, non-deterministic manner: all introduction rules, elimination rules and auto intro: <rule>... <rule> elim: <erule>... <erule> simp: <equation>... <equation> 10/12/16 B. Wolff - M2 - PIA 28

More on Proof-Methods! Some composed methods (internally based on assumption, erule_tac and rule_tac + tactic code that constructs the substitutions) cases <formula> (split top goal into 2 cases: <formula> is true or <formula> is false) cases <variable> (- precondition : <variable> has type t which is a data-type) search for splitting rule and do case-split over this variable. induct_tac <variable> (- precondition : <variable> has type t which is a data-type) search for induction rule and do induction over this variable. 10/12/16 B. Wolff - M2 - PIA 29

Screenshot with Examples 10/12/16 B. Wolff - M2 - PIA 30

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback