Isabelle Tutorial: System, HOL and Proofs

Similar documents
Isabelle Tutorial: System, HOL and Proofs

Computer-supported Modeling and Reasoning. First-Order Logic. 1 More on Isabelle. 1.1 Isabelle System Architecture

Preuves Interactives et Applications

Isabelle/HOL:Selected Features and Recent Improvements

Unit- and Sequence Test Generation with HOL-TestGen

Plugins for the Isabelle Platform:

HOL DEFINING HIGHER ORDER LOGIC LAST TIME ON HOL CONTENT. Slide 3. Slide 1. Slide 4. Slide 2 WHAT IS HIGHER ORDER LOGIC? 2 LAST TIME ON HOL 1

Lost in translation. Leonardo de Moura Microsoft Research. how easy problems become hard due to bad encodings. Vampire Workshop 2015

Automatic Proof and Disproof in Isabelle/HOL

1. M,M sequential composition: try tactic M; if it succeeds try tactic M. sequential composition (, )

First Order Logic in Practice 1 First Order Logic in Practice John Harrison University of Cambridge Background: int

Overview. A Compact Introduction to Isabelle/HOL. Tobias Nipkow. System Architecture. Overview of Isabelle/HOL

Interactive Theorem Proving in Higher-Order Logics

Improving Coq Propositional Reasoning Using a Lazy CNF Conversion

Numerical Computations and Formal Methods

Integration of SMT Solvers with ITPs There and Back Again

Deductive Verification in Frama-C and SPARK2014: Past, Present and Future

Paral-ITP Front-End Technologies

Deductive Program Verification with Why3, Past and Future

The Isar Proof Language in 2016

Programming and Proving in

Document-oriented Prover Interaction with Isabelle/PIDE

type classes & locales

Case-Analysis for Rippling and Inductive Proof

Isabelle s meta-logic. p.1

COMP4161: Advanced Topics in Software Verification. fun. Gerwin Klein, June Andronick, Ramana Kumar S2/2016. data61.csiro.au

Andrew Reynolds Liana Hadarean

Formal Verification of a Floating-Point Elementary Function

Interactive Theorem Proving (ITP) Course Parts VII, VIII

Programming and Proving in Isabelle/HOL

Deductive Program Verification with Why3

locales ISAR IS BASED ON CONTEXTS CONTENT Slide 3 Slide 1 proof - fix x assume Ass: A. x and Ass are visible Slide 2 Slide 4 inside this context

Programming and Proving in Isabelle/HOL

Why3 where programs meet provers

Induction in Coq. Nate Foster Spring 2018

Programs and Proofs in Isabelle/HOL

COMP 4161 Data61 Advanced Course. Advanced Topics in Software Verification. Gerwin Klein, June Andronick, Christine Rizkallah, Miki Tanaka

Introduction to Coq Proof Assistant

Verified Firewall Policy Transformations for Test Case Generation

Paral-ITP Front-End Technologies

Static and User-Extensible Proof Checking. Antonis Stampoulis Zhong Shao Yale University POPL 2012

PRocH: Proof Reconstruction for HOL Light

Verification and Validation

Verification and Validation

Theorem proving. PVS theorem prover. Hoare style verification PVS. More on embeddings. What if. Abhik Roychoudhury CS 6214

Isabelle/jEdit as IDE for domain-specific formal languages and informal text documents

Functional Programming with Isabelle/HOL

Theorem-prover based Testing with HOL-TestGen

Formal Methods. and its Relevance for Industry and Emmergent Markets. Prof. Burkhart Wolff Univ - Paris-Sud / LRI. Burkhart Wolff

Concrete Semantics. A Proof Assistant Approach. Tobias Nipkow Fakultät für Informatik Technische Universität München

Lee Pike. June 3, 2005

Organisatorials. About us. Binary Search (java.util.arrays) When Tue 9:00 10:30 Thu 9:00 10:30. COMP 4161 NICTA Advanced Course

Now that we have keys defined for the maps, we can start talking about maps. The first of these are Total Maps. Total Maps are defined as follows:

Introduction. Chapter The Nuprl 5 Architecture

Formal Verification in Industry

Introduction to dependent types in Coq

An LCF-Style Interface between HOL and First-Order Logic

Coq with Classes. Matthieu Sozeau. Journées PPS 2011 September 5th 2011 Trouville, France. Project Team πr 2 INRIA Paris

Computing Fundamentals 2 Introduction to CafeOBJ

How Efficient Can Fully Verified Functional Programs Be - A Case Study of Graph Traversal Algorithms

Isabelle Primer for Mathematicians

Playing with Vampire: the dark art of theorem proving

Automated Discovery of Conditional Lemmas in Hipster!

Splay Tree. Tobias Nipkow. April 17, 2016

An Introduction to Isabelle/HOL 2008

Why3 A Multi-Prover Platform for Program Verification

An LCF-Style Interface between HOL and First-Order Logic Joe Hurd p.1/9

Generating Small Countermodels. Andrew Reynolds Intel August 30, 2012

Algebraic Processors

Coq projects for type theory 2018

Problem Set 2 Solutions

A CRASH COURSE IN SEMANTICS

Combining Coq and Gappa for Certifying FP Programs

Coq, a formal proof development environment combining logic and programming. Hugo Herbelin

Functional Programming and Modeling

Programming and Proving in Isabelle/HOL

Functional Programming

Verification of Selection and Heap Sort Using Locales

GNATprove a Spark2014 verifying compiler Florian Schanda, Altran UK

Theorem Proving Principles, Techniques, Applications Recursion

Formalization of Incremental Simplex Algorithm by Stepwise Refinement

First-Class Type Classes

Verification of an LCF-Style First-Order Prover with Equality

Assistant for Language Theory. SASyLF: An Educational Proof. Corporation. Microsoft. Key Shin. Workshop on Mechanizing Metatheory

Natural deduction environment for Matita

ALGEBRAIC PROCESSORS

Logic and Computation Lecture 20 CSU 290 Spring 2009 (Pucella) Thursday, Mar 12, 2009

SMTCoq: A plug-in for integrating SMT solvers into Coq

L R I R A P P O R T D E R E C H E R C H E. HOL-TestGen Version 1.8 USER GUIDE

Polarized Rewriting and Tableaux in B Set Theory

Programming with (co-)inductive types in Coq

The Eisbach User Manual

Integrating a SAT Solver with Isabelle/HOL

Introduction to Denotational Semantics. Class Likes/Dislikes Survey. Dueling Semantics. Denotational Semantics Learning Goals. You re On Jeopardy!

CS 161 Computer Security

Towards certification of TLA + proof obligations with SMT solvers

Translation Validation for a Verified OS Kernel

Theory Exploration on Infinite Structures. Master s thesis in Computer Science Algorithms, Languages, and Logic SÓLRÚN HALLA EINARSDÓTTIR

Lesson 4 Typed Arithmetic Typed Lambda Calculus

Inductive data types

Transcription:

Isabelle Tutorial: System, HOL and Proofs Burkhart Wolff Université Paris-Sud

What we will talk about

What we will talk about Isabelle with: Brief Revision Advanced Automated Proof Techniques Structured Proofs ( declarative style )

Isabelle is Isabelle A Kernel-based Interactive Modeling, Programming and Theorem Proving Environment in the Tradition of LCF style Provers purely functional, highly parallel execution environment

Isabelle Architecture Observation: Effective parallelization is a PERVASIVE PROBLEM, that must be addressed PIDE jedit Scala System Interface decision procedures kernel PO multi-core PolySML C1 C2 C3 C4

Isabelle Architecture In detail: PIDE jedit Scala System Interface decision procedures kernel PO on the execution platform layer multi-core PolySML C1 C2 C3 C4

Isabelle Architecture In detail: PIDE jedit Scala System Interface decision procedures on the kernel layer kernel PO multi-core PolySML C1 C2 C3 C4

Isabelle Architecture In detail: PIDE jedit Scala System Interface on layer of procedures and packages decision procedures kernel PO multi-core PolySML C1 C2 C3 C4

Isabelle Architecture In detail: on the interface layer PIDE framework + Editor PIDE jedit Scala System Interface decision procedures kernel PO multi-core PolySML C1 C2 C3 C4

External Provers

Provers in Isabelle Commonly used internal procedure: fast, formerly: fast_tac (via auto) higher-order tableaux prover As tactic implemented in the decision procedure level requires (f d e)rule - instrumentation HO-Logics, Quantifier-reasoning, Sets, not very strong with large rule sets

Provers in Isabelle Commonly used internal procedure: simp, formerly: simp_tac (via auto) higher-order rewriting prover As tactic implemented, fully internal requires simp-cong-split - instrumentation Quantifier-reasoning, Sets; pretty strong even with large rule sets Supports HO-order pattern ordered context rewriting with splitting Debugging cycles in large rewrite sets can be tedious

(External) Provers Isabelle Commonly used internal externals : blast, formerly: blast_tac (via auto) first-order tableaux prover In SML implemented, semi-external, reconstruction via PO's requires (f d e)rule - instrumentation Quantifier-reasoning, Sets, transitivity; but not not very strong with large rule sets Limited wrt Quantifier alternations, usually faster than fast though

Provers in Isabelle Commonly used internal procedure: auto, combination tactic consisting essentially of simp blast Nowadays no longer the strongest prover, but interactively highly useable, highly configurable (requires simp and blast instrumentation)

Provers in Isabelle Commonly used internal procedure: arith, a tactic solving linear arithmetic Implemented as tactic decision procedure Powerful, but relatively slow

(External) in Isabelle Commonly used semi-internal procedure: metis, an SML implementation for a first-order prover with equality based on ordered paramodulation Proofs integrated in Isabelle by tactic reconstruction NO INSTRUMENTATION NECESSARY Working with it incrementally is impossible Nowadays usually backend of sledgehammer ;-)

External in Isabelle Commonly used external procedure: smt, an SML interface for SMT solvers supporting the SMT-lib Format Tuned for Z3 (which must be ticked for non-commercial use ), for which a tactic reconstruction of the proofs has been developed Quantifiers need instrumentation(triggers) VERY POWERFUL for First-Order proofs with Built-In- Z3 Theories, but discouraged for use in final proof documents Needs instrumentation

Isabelle Architecture In detail: PIDE jedit Scala System Interface SMT-Interface to Z3 (CVC3, AltErgo?) decision procedures kernel PO multi-core PolySML C1 C2 C3 C4

External in Isabelle Commonly used external prover interface sledgehammer, an interface to external provers, which can be server applications - local provers: E (first order with equality), Z3 as smt interface - server applications: Vampire, NO INSTRUMENTATION NECESSARY Produces (structured) tactical proofs skripts; works as filter to large rule sets

Isabelle Architecture In detail: Vampire E Z3 PIDE jedit Scala System Interface decision procedures kernel PO multi-core PolySML C1 C2 C3 C4

Prover Instrumentations (simp-blast-auto)

Generalities Do we need still proof development? sledgehammer makes advances of ATP technology palpable for Isabelle Users However, one should not overestimate them - induction, - quantifier instantiations, in particular HO instances - deep arithmetic reasoning - instantiations with non-ground, non-trivial intermediate steps, and - strategical case-splits remain key decisions in interactive development, where metis, Vampire, smt sometimes gloriously fail

Generalities Do we need still proof development? In contrast to most ATP's, which follow an all - or - nothing behaviour, simp and auto lend themselves to INTERACTIVE development, producing a result following the best that I can (which allows for gradually improving the rewrite-sets or adding intermediate lemmas that were not found automatically)

A Summary of Advanced Proof Methods advanced procedures: insert <thmname> inserts local and global facts into assumptions induct φ, induct_tac φ searches for appropriate induction scheme using type information and instantiates it cases φ, case_tac φ searches for appropriate induction scheme using type information and instantiates it

A Summary of Advanced Proof Methods advanced automated procedures: simp [add: <thmname>+] [del: <thmname>+] [split: <thmname>+] [cong: <thmname>+] auto [simp: <thmname>+] [del split cong] [intro: <thmname>+] [intro []: <thmname>+] [dest: <thmname>+] [dest []: <thmname>+] [elim: <thmname>+] [elim[]: <thmname>+] metis <thmname>+ arith <thmname>+

The Simplifier Supports Rewriting, in particular: Rewriting of HO-Patterns, Ordered Rewriting Conditional Rewriting Context - Rewriting Automatic Case-Splitting INSTRUMENTATION NECESSARY, so it is necessary to tell which rule should be used HOW

The Simplifier What is a higher-order Pattern? It is a λ-term of form that is: constant head, ie of the form c t1 t n linear in free variables All HO Variables occur only in the form: F(x 1 x n ) for distinct x i Seems very limited? Well, you can have λ Consider the rule: (λ x P(x) Q(x)) = (λ x P(x)) ( (λ xq(x))

The Simplifier Supports Rewriting, in particular: Rewriting of HO-Patterns, ie rules of the form: <lhs> = <rhs> where lhs is a HO-Pattern, where lhs is linear in the free variables and free variables in rhs occur also in lhs

The Simplifier Supports Rewriting, in particular: Ordered Rewriting: There is an implicit wf-ordering on terms Rewriting is only done if the re-written term is smaller Commutativity: a+b = b+a With a little trickery, one can have ACI rewriting: disj_comms(2): (P Q R) = (Q P R) disj_comms(1): (P Q) = (Q P) disj_ac(3): ((P Q) R) = (P Q R) disj_ac(2): (P Q R) = (Q P R) disj_ac(1): (P Q) = (Q P) disj_absorb: (A A) = A disj_left_absorb: (A A B) = (A B)

The Simplifier Supports Rewriting, in particular: Conditional Rewriting if_p: P (if P then x else y) = x if_not_p: P (if P then x else y) = y apply(simp cong: if_cong)

The Simplifier Supports Rewriting, in particular: Context - Rewriting HOLif_cong: b = c (c x = u) ( c y = v) (if b then x else y) = (if c then u else v) HOLconj_cong: P = P' (P' Q = Q') (P Q) = (P' Q') apply(simp cong: if_cong)

The Simplifier Supports Rewriting, in particular: Automatic Case-Splitting (by a new type of rule which is NOT constant head) split_if_asm: P (if Q then x else y) = ( (Q P x Q P y)) split_if: P (if Q then x else y) = ((Q P x) ( Q P y)) For any data type (example: Option): Optionoptionsplit_asm: P (case x of None f1 Some x f2 x) = ( (x = None P f1 ( a x = Some a P (f2 a)))) Optionoptionsplit: P (case x of None f1 Some x f2 x) = ((x = None P f1) ( a x = Some a P (f2 a))) apply(simp split: split_if_asm split_if)

blast and auto Tableaux Provers For Logic and Set theory Necessary classification as rule erule drule frule REVISION ELEMENTARY PROOFS

Demo VII Some some examples of automatic proof

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback