Basic Foundations of Isabelle/HOL

Similar documents
HOL DEFINING HIGHER ORDER LOGIC LAST TIME ON HOL CONTENT. Slide 3. Slide 1. Slide 4. Slide 2 WHAT IS HIGHER ORDER LOGIC? 2 LAST TIME ON HOL 1

Overview. A Compact Introduction to Isabelle/HOL. Tobias Nipkow. System Architecture. Overview of Isabelle/HOL

COMP 4161 NICTA Advanced Course. Advanced Topics in Software Verification. Toby Murray, June Andronick, Gerwin Klein

λ calculus is inconsistent

Theorem Proving Principles, Techniques, Applications Recursion

Isabelle s meta-logic. p.1

Higher-Order Logic. Specification and Verification with Higher-Order Logic

Introduction to dependent types in Coq

Automated Reasoning. Natural Deduction in First-Order Logic

Integration of SMT Solvers with ITPs There and Back Again

Programs and Proofs in Isabelle/HOL

Formal Predicate Calculus. Michael Meyling

Calculus of Inductive Constructions

Pure Lambda Calculus. Lecture 17

Preuves Interactives et Applications

1. M,M sequential composition: try tactic M; if it succeeds try tactic M. sequential composition (, )

The Typed λ Calculus and Type Inferencing in ML

Programming and Proving in

Fundamentals and lambda calculus

Fundamentals and lambda calculus. Deian Stefan (adopted from my & Edward Yang s CSE242 slides)

1 Scope, Bound and Free Occurrences, Closed Terms

Typed Lambda Calculus

Typed Lambda Calculus for Syntacticians

Computer-supported Modeling and Reasoning. First-Order Logic. 1 More on Isabelle. 1.1 Isabelle System Architecture

Activity. CSCI 334: Principles of Programming Languages. Lecture 4: Fundamentals II. What is computable? What is computable?

CITS3211 FUNCTIONAL PROGRAMMING

c constructor P, Q terms used as propositions G, H hypotheses scope identifier for a notation scope M, module identifiers t, u arbitrary terms

Coq quick reference. Category Example Description. Inductive type with instances defined by constructors, including y of type Y. Inductive X : Univ :=

CSC Discrete Math I, Spring Sets

Logical Verification Course Notes. Femke van Raamsdonk Vrije Universiteit Amsterdam

MLW. Henk Barendregt and Freek Wiedijk assisted by Andrew Polonsky. March 26, Radboud University Nijmegen

The three faces of homotopy type theory. Type theory and category theory. Minicourse plan. Typing judgments. Michael Shulman.

CSE-321 Programming Languages 2011 Final

Coq with Classes. Matthieu Sozeau. Journées PPS 2011 September 5th 2011 Trouville, France. Project Team πr 2 INRIA Paris

COMP 4161 Data61 Advanced Course. Advanced Topics in Software Verification. Gerwin Klein, June Andronick, Christine Rizkallah, Miki Tanaka

Functional Programming and Modeling

Inductive Definitions, continued

Concepts of programming languages

An Introduction to Programming and Proving in Agda (incomplete draft)

3.4 Deduction and Evaluation: Tools Conditional-Equational Logic

An Introduction to Isabelle/HOL 2008

Foundations of AI. 9. Predicate Logic. Syntax and Semantics, Normal Forms, Herbrand Expansion, Resolution

Lecture Notes on Program Equivalence

Programming and Proving in Isabelle/HOL

Polarized Rewriting and Tableaux in B Set Theory

Inductive datatypes in HOL. lessons learned in Formal-Logic Engineering

Introduction to the Lambda Calculus

The Eisbach User Manual

Functional Programming with Isabelle/HOL

Proving Theorems with Athena

Symmetry in Type Theory

First-Class Type Classes

λ calculus Function application Untyped λ-calculus - Basic Idea Terms, Variables, Syntax β reduction Advanced Formal Methods

Reasoning about programs. Chapter 9 of Thompson

On Agda JAIST/AIST WS CVS/AIST Yoshiki Kinoshita, Yoriyuki Yamagata. Agenda

Mathematics for Computer Scientists 2 (G52MC2)

Introduction to the Lambda Calculus. Chris Lomont

Lecture #13: Type Inference and Unification. Typing In the Language ML. Type Inference. Doing Type Inference

a brief introduction to (dependent) type theory

5. Introduction to the Lambda Calculus. Oscar Nierstrasz

From Types to Sets in Isabelle/HOL

Axiom 3 Z(pos(Z) X(X intersection of Z P(X)))

Kripke-Style Contextual Modal Type Theory

Dependent types and program equivalence. Stephanie Weirich, University of Pennsylvania with Limin Jia, Jianzhou Zhao, and Vilhelm Sjöberg

Less naive type theory

CSE 311: Foundations of Computing. Lecture 8: Predicate Logic Proofs

Formal Systems and their Applications

Foundations. Yu Zhang. Acknowledgement: modified from Stanford CS242

CS152: Programming Languages. Lecture 11 STLC Extensions and Related Topics. Dan Grossman Spring 2011

From the λ-calculus to Functional Programming Drew McDermott Posted

Lecture #23: Conversion and Type Inference

A computer implemented philosophy of mathematics

Lambda Calculus. Variables and Functions. cs3723 1

Recursive Definitions, Fixed Points and the Combinator

Conversion vs. Subtyping. Lecture #23: Conversion and Type Inference. Integer Conversions. Conversions: Implicit vs. Explicit. Object x = "Hello";

Type Checking and Type Inference

The Isar Proof Language in 2016

Lexicografie computationala Feb., 2012

Programming and Proving in Isabelle/HOL

Last class. CS Principles of Programming Languages. Introduction. Outline

CS-XXX: Graduate Programming Languages. Lecture 17 Recursive Types. Dan Grossman 2012

CSE-321 Programming Languages 2012 Midterm

CIS 194: Homework 8. Due Wednesday, 8 April. Propositional Logic. Implication

Introduction to Lambda Calculus. Lecture 7 CS /08/09

CSCI.6962/4962 Software Verification Fundamental Proof Methods in Computer Science (Arkoudas and Musser) Chapter p. 1/27

The Untyped Lambda Calculus

Organisatorials. About us. Binary Search (java.util.arrays) When Tue 9:00 10:30 Thu 9:00 10:30. COMP 4161 NICTA Advanced Course

CMSC 330: Organization of Programming Languages. Operational Semantics

Computation Club: Gödel s theorem

Programming Language Concepts: Lecture 19

Concrete Semantics. A Proof Assistant Approach. Tobias Nipkow Fakultät für Informatik Technische Universität München

Lambda Calculus and Extensions as Foundation of Functional Programming

Provably Correct Software

Lambda Calculus and Type Inference

Overview. CS389L: Automated Logical Reasoning. Lecture 6: First Order Logic Syntax and Semantics. Constants in First-Order Logic.

Induction and Semantics in Dafny

Induction Schemes. Math Foundations of Computer Science

Lambda Calculi With Polymorphism

Section 2.4: Arguments with Quantified Statements

Introduction to Lambda Calculus. Lecture 5 CS 565 1/24/08

Transcription:

Basic Foundations of Isabelle/HOL Peter Wullinger May 16th 2007 1 / 29

1 Introduction into Isabelle s HOL Why Type Theory Basic Type Syntax 2 More HOL Typed λ Calculus HOL Rules 3 Example proof 2 / 29

1 Introduction into Isabelle s HOL Why Type Theory Basic Type Syntax 2 More HOL Typed λ Calculus HOL Rules 3 Example proof 3 / 29

Higher Order Logic (HOL) HOL Higher Order Logic (HOL) Reasoning over higher order constructs (e.g. functions of propositions) meta-logic: reasoning about logic At the core: typed λ calculus Type Theory? Each symbol has a type A type is a (non-empty) set of individuals Reasoning with types 4 / 29

Why Type Theory? Simple Type Theory Formal calculus available: Typed λ calculus Reason over types Functions have types, too! Higher order reasoning tλc is strongly normalizing for simple type theory! 5 / 29

1 Introduction into Isabelle s HOL Why Type Theory Basic Type Syntax 2 More HOL Typed λ Calculus HOL Rules 3 Example proof 6 / 29

Type Syntax Basic Syntactical Components (using Paulsen s notation) τ ::= (τ) bool nat... basic types τ list (lists of τ) τ τ total functions τ τ pairs (ASCII: ) (cross product) a b... type variables... user defined types We will explain all of this now. 7 / 29

Basic Types Basic Syntactical Components (using Paulsen s notation) τ ::= (τ) bool nat... basic types τ list (lists of τ) τ τ total functions τ τ pairs (ASCII: ) (cross product) a b... type variables... user defined types 8 / 29

Basic Types Basic Types bool bool = {, } this is the type of formulæ nat natural numbers list note that 0, 1,... are overloaded. when in doubt use 0 :: nat. simple recursive datatype: [] empty list x#xs concatentation Where # is of type (list list) list 9 / 29

Functions Basic Syntactical Components (using Paulsen s notation) τ ::= (τ) bool nat... basic types τ list (lists of τ) τ τ total functions τ τ pairs (ASCII: ) (cross product) a b... type variables... user defined types 10 / 29

Functions Functions Q : β x : α Φ = λ abstraction: λx : Q Phi : α β Functions are types like all other types! 11 / 29

Products Basic Syntactical Components (using Paulsen s notation) τ ::= (τ) bool nat... basic types τ list (lists of τ) τ τ total functions τ τ pairs (ASCII: ) (cross product) a b... type variables... user defined types 12 / 29

Products Products tλc extension of Isabelle/HOL: a : α b : β < a, b >: (α β) left injection and right injection possible: Insert left or right parameter Currying can in most cases achieve the same Avoid and use with care 13 / 29

Type Variables Basic Syntactical Components (using Paulsen s notation) τ ::= (τ) bool nat... basic types τ list (lists of τ) τ τ total functions τ τ pairs (ASCII: ) (cross product) a b... type variables... user defined types 14 / 29

Type Variables Type Variables These can be used to implement polymorphism Typically used for user defined a list a list of a (whatever that is) Isabelle performs lazy type checking 15 / 29

User Defined Types Basic Syntactical Components (using Paulsen s notation) τ ::= (τ) bool nat... basic types τ list (lists of τ) τ τ total functions τ τ pairs (ASCII: ) (cross product) a b... type variables... user defined types 16 / 29

User Defined Types User Defined Types Recursive definition of new types Also: Arbitrary new types Restriction: May not be empty (this is proved on definition) Example: datatype a m y l i s t = N i l Cons a ( a m y l i s t ) ; 18 / 29

1 Introduction into Isabelle s HOL Why Type Theory Basic Type Syntax 2 More HOL Typed λ Calculus HOL Rules 3 Example proof 19 / 29

Typed λ Calculus Terms term ::= (term) a λx.term term term... 20 / 29

Typed λ Calculus Terms term ::= (term) a λx.term term term... Abstraction Φ λx.p x : α, P : β Φ : (α β) creates a function mapping 20 / 29

Typed λ Calculus Terms term ::= (term) a λx.term term term... Application The inverse of abstraction Φ (P(x)a) or (λx.p)a P : (α β), a : α Φ : β 20 / 29

Conversions Conversions α-conversion β-conversion η-conversion 21 / 29

Conversions Conversions α-conversion λy(λx.x)y) α λz.(λx.x)z bound variable names don t matter β-conversion η-conversion 21 / 29

Conversions Conversions α-conversion λy(λx.x)y) α λz.(λx.x)z bound variable names don t matter β-conversion (λx.p)a β P[x a] function application (β-reduction) η-conversion 21 / 29

Conversions Conversions α-conversion λy(λx.x)y) α λz.(λx.x)z bound variable names don t matter β-conversion (λx.p)a β P[x a] function application (β-reduction) η-conversion M η λx.(mx) if x is not free in M normal form analysis 21 / 29

Conversions Conversions α-conversion λy(λx.x)y) α λz.(λx.x)z bound variable names don t matter β-conversion (λx.p)a β P[x a] function application (β-reduction) η-conversion M η λx.(mx) if x is not free in M normal form analysis Normal forms these are strongly normalizing any application sequence terminates in a normal form this normal form is unique 21 / 29

Formulæ Formulæ form ::= (form) term = term form form form form form form form x.form x.form 22 / 29

Formulæ Formulæ form ::= (form) term = term form form form form form form form x.form x.form Quantifiers without quantifiers, the logic cannot be higher order only one of or is needed is written in the meta-logic (!!) formally: ( x.(λx : α.p : bool)x) : bool 22 / 29

Formulæ Formulæ form ::= (form) term = term form form form form form form form x.form x.form Quantifiers Introduction and Elimination rules for quantifiers extended tλc is still strongly normalising 22 / 29

Rewrite Rules Rewrite Rules Isabelle has rewrite operations defined on Isabelle Pure Syntax Defining logics, one needs to add rewriting rules Pure Syntax looks very similar to typed λ calculus We introduct differences when encountered 23 / 29

Isabelle Pure Rewrite Rules Isabelle Pure Rewrite Rules There are a few of these Most of them are defined using macros or translation functions e.g. (%x. P)a ==> P[x a] where P[x a] is the result of (built-in) substitution. For now, we just assume that αβη translations are done automatically without presenting rules. 24 / 29

HOL rules HOL rules refl t = (t :: a) subst [ s = t; P s ] ==> P(t :: a) ext (!!x :: a. (f x :: b = g x) ==> (%x. f x = %x. g x) impi (P ==> Q) ==> P > Q mp [ (P > Q); P ] ==> Q iff (P > Q) > (Q > P) > (P = Q) somei P(x :: a) ==> P(@x. P x) True or False P = True P = False These are the basic rewriting rules. They turn basic HOL formalæ into Isabelle Pure (tλc) 25 / 29

HOL rules HOL rules refl t = (t :: a) subst [ s = t; P s ] ==> P(t :: a) ext (!!x :: a. (f x :: b = g x) ==> (%x. f x = %x. g x) impi (P ==> Q) ==> P > Q mp [ (P > Q); P ] ==> Q iff (P > Q) > (Q > P) > (P = Q) somei P(x :: a) ==> P(@x. P x) True or False P = True P = False It is always possible to introduce/delete type variables. 25 / 29

HOL rules HOL rules refl t = (t :: a) subst [ s = t; P s ] ==> P(t :: a) ext (!!x :: a. (f x :: b = g x) ==> (%x. f x = %x. g x) impi (P ==> Q) ==> P > Q mp [ (P > Q); P ] ==> Q iff (P > Q) > (Q > P) > (P = Q) somei P(x :: a) ==> P(@x. P x) True or False P = True P = False Equal terms can be subsituted and imply proving equality 25 / 29

HOL rules HOL rules refl t = (t :: a) subst [ s = t; P s ] ==> P(t :: a) ext (!!x :: a. (f x :: b = g x) ==> (%x. f x = %x. g x) impi (P ==> Q) ==> P > Q mp [ (P > Q); P ] ==> Q iff (P > Q) > (Q > P) > (P = Q) somei P(x :: a) ==> P(@x. P x) True or False P = True P = False Two functional abstractions are equal if they return the same result for all parameters (similar to η conversion) 25 / 29

HOL rules HOL rules refl t = (t :: a) subst [ s = t; P s ] ==> P(t :: a) ext (!!x :: a. (f x :: b = g x) ==> (%x. f x = %x. g x) impi (P ==> Q) ==> P > Q mp [ (P > Q); P ] ==> Q iff (P > Q) > (Q > P) > (P = Q) somei P(x :: a) ==> P(@x. P x) True or False P = True P = False Object logic implication maps to higher order implication 25 / 29

HOL rules HOL rules refl t = (t :: a) subst [ s = t; P s ] ==> P(t :: a) ext (!!x :: a. (f x :: b = g x) ==> (%x. f x = %x. g x) impi (P ==> Q) ==> P > Q mp [ (P > Q); P ] ==> Q iff (P > Q) > (Q > P) > (P = Q) somei P(x :: a) ==> P(@x. P x) True or False P = True P = False Syntax Note: [... ] denotes grouping of presumptions for natural deduction. For rule application, this intuitively means from the list of things that are currently true, select something matching and unify. That is modus ponens can be applied if the presumption of a meta-level implication is also true. 25 / 29

HOL rules HOL rules refl t = (t :: a) subst [ s = t; P s ] ==> P(t :: a) ext (!!x :: a. (f x :: b = g x) ==> (%x. f x = %x. g x) impi (P ==> Q) ==> P > Q mp [ (P > Q); P ] ==> Q iff (P > Q) > (Q > P) > (P = Q) somei P(x :: a) ==> P(@x. P x) True or False P = True P = False Two formulæ imply each other if only if they are equal. 25 / 29

HOL rules HOL rules refl t = (t :: a) subst [ s = t; P s ] ==> P(t :: a) ext (!!x :: a. (f x :: b = g x) ==> (%x. f x = %x. g x) impi (P ==> Q) ==> P > Q mp [ (P > Q); P ] ==> Q iff (P > Q) > (Q > P) > (P = Q) somei P(x :: a) ==> P(@x. P x) True or False P = True P = False Syntax Note: @ is Hilbert s ɛ-operator. @x. P x selects an item x that satisfies P. This is the transfinite axiom, that is if P(x) is true (and thus x is free), then there is also some x that satisfies P(x). 25 / 29

HOL rules HOL rules refl t = (t :: a) subst [ s = t; P s ] ==> P(t :: a) ext (!!x :: a. (f x :: b = g x) ==> (%x. f x = %x. g x) impi (P ==> Q) ==> P > Q mp [ (P > Q); P ] ==> Q iff (P > Q) > (Q > P) > (P = Q) somei P(x :: a) ==> P(@x. P x) True or False P = True P = False This is the classical axiom of choice and gives us tertium non datur, i.e. classical logics. 25 / 29

HOL definitions HOL definitions True def True == ((%x :: bool. x) = (%x. x)) All def All == (%P. P = (%x. True) Ex def Ex == (%P. P(@x. P x))... And def op& == %PQ.!R. (P > Q > R) > R) 26 / 29

HOL definitions HOL definitions True def True == ((%x :: bool. x) = (%x. x)) All def All == (%P. P = (%x. True) Ex def Ex == (%P. P(@x. P x))... And def op& == %PQ.!R. (P > Q > R) > R) Equal terms can be reduced to True 26 / 29

HOL definitions HOL definitions True def True == ((%x :: bool. x) = (%x. x)) All def All == (%P. P = (%x. True) Ex def Ex == (%P. P(@x. P x))... And def op& == %PQ.!R. (P > Q > R) > R) This is a little bit harder The all-quantor takes a proposition of some function type (α bool, where x : α) as argument and returns if the given parametrized proposition can be simplified to true. 26 / 29

HOL definitions HOL definitions True def True == ((%x :: bool. x) = (%x. x)) All def All == (%P. P = (%x. True) Ex def Ex == (%P. P(@x. P x))... And def op& == %PQ.!R. (P > Q > R) > R) Similar to the all-quantor A predicate fulfill the existential quantor if there exist s some x fulfilling it. Rewritten using the ɛ operator 26 / 29

HOL definitions HOL definitions True def True == ((%x :: bool. x) = (%x. x)) All def All == (%P. P = (%x. True) Ex def Ex == (%P. P(@x. P x))... And def op& == %PQ.!R. (P > Q > R) > R) We skip all the others here and just show another interesting one. 26 / 29

HOL definitions HOL definitions True def True == ((%x :: bool. x) = (%x. x)) All def All == (%P. P = (%x. True) Ex def Ex == (%P. P(@x. P x))... And def op& == %PQ.!R. (P > Q > R) > R) & (and, ) is rewritten into object level implication. If P Q, both implications only depend on R. This assumption is then discharged since R R. If one of P or Q is false, there is an R = False and thus the last implication is false. 26 / 29

Derived rules Derived Rules The above rules are the core rules HOL comes with a set of derived rules These are easier to read e.g. conje [ P&Q ]; [ P; Q ] ==> R ] ==> R 27 / 29

Example proof Subgoal Consider the following subgoal: a. occurs a ([] @ ys) = occurs a [] + occurs a ys We introduce rules as we go. 28 / 29

Example proof Proof a. occurs a ([] @ ys) = occurs a [] + occurs a ys 28 / 29

Example proof Proof a. occurs a ([] @ ys) = occurs a [] + occurs a ys [] @?ys?ys a. occurs a ys = occurs a [] + occurs a ys 28 / 29

Example proof Proof a. occurs a ([] @ ys) = occurs a [] + occurs a ys [] @?ys?ys occurs?a [] 0 a. occurs a ys = occurs a [] + occurs a ys a. occurs a ys = 0 + occurs a ys 28 / 29

Example proof Proof a. occurs a ([] @ ys) = occurs a [] + occurs a ys [] @?ys?ys occurs?a [] 0 0 +?x?x a. occurs a ys = occurs a [] + occurs a ys a. occurs a ys = 0 + occurs a ys a. occurs a ys = occurs a ys 28 / 29

Example proof Proof a. occurs a ([] @ ys) = occurs a [] + occurs a ys [] @?ys?ys occurs?a [] 0 0 +?x?x?xs =?xs True a. occurs a ys = occurs a [] + occurs a ys a. occurs a ys = 0 + occurs a ys a. occurs a ys = occurs a ys a. True 28 / 29

Example proof Proof a. occurs a ([] @ ys) = occurs a [] + occurs a ys [] @?ys?ys occurs?a [] 0 0 +?x?x?xs =?xs True a P P a. occurs a ys = occurs a [] + occurs a ys a. occurs a ys = 0 + occurs a ys a. occurs a ys = occurs a ys a. True True 28 / 29

Example proof Proof a. occurs a ([] @ ys) = occurs a [] + occurs a ys [] @?ys?ys occurs?a [] 0 0 +?x?x?xs =?xs True a P P a. occurs a ys = occurs a [] + occurs a ys a. occurs a ys = 0 + occurs a ys a. occurs a ys = occurs a ys a. True True Now this lemma can be used as a new rule! 28 / 29

Try this in Isabelle That s it for today Try to prove the above in Isabelle 29 / 29

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback