NICTA Advanced Course Theorem Proving Principles, Techniques, … · 2004. 9. 20. · Some...

NICTA Advanced Course

Theorem Proving

Principles, Techniques, Applications

HOL

1

CONTENT

➜ Intro & motivation, getting started with Isabelle

➜ Foundations & Principles

• Lambda Calculus

• Higher Order Logic, natural deduction

• Term rewriting

➜ Proof & Specification Techniques

• Datatypes, recursion, induction

• Inductively defined sets, rule induction

• Calculational reasoning, mathematics style proofs

• Hoare logic, proofs about programs

CONTENT 2

LAST TIME ON HOL

➜ Proof rules for propositional and predicate logic

➜ Safe and unsafe rules

➜ Forward Proof

➜ The Epsilon Operator

➜ Some automation

LAST TIME ON HOL 3

LAST TIME ON HOL



➜ Forward Proof


➜ Some automation

LAST TIME ON HOL 3-A

LAST TIME ON HOL



➜ Forward Proof


➜ Some automation

LAST TIME ON HOL 3-B

LAST TIME ON HOL



➜ Forward Proof


➜ Some automation

LAST TIME ON HOL 3-C

LAST TIME ON HOL



➜ Forward Proof


➜ Some automation

LAST TIME ON HOL 3-D

DEFINING HIGHER ORDER LOGIC

4

WHAT IS HIGHER ORDER LOGIC?

➜ Propositional Logic:

• no quantifiers

• all variables have type bool

➜ First Order Logic:

• quantification over values, but not over functions and predicates,

• terms and formulas syntactically distinct

➜ Higher Order Logic:

• quantification over everything, including predicates

• consistency by types

• formula = term of type bool

• definition built on λ→ with certain default types and constants

WHAT IS HIGHER ORDER LOGIC? 5



• no quantifiers










WHAT IS HIGHER ORDER LOGIC? 5-A



• no quantifiers










WHAT IS HIGHER ORDER LOGIC? 5-B


Default types:

bool

⇒ ind

➜ bool sometimes called o

➜ ⇒ sometimes called fun

Default Constants:

−→ :: bool ⇒ bool ⇒ bool

= :: α ⇒ α ⇒ bool

ε :: (α ⇒ bool) ⇒ α

DEFINING HIGHER ORDER LOGIC 6


Default types:

bool ⇒

ind



Default Constants:


= :: α ⇒ α ⇒ bool

ε :: (α ⇒ bool) ⇒ α

DEFINING HIGHER ORDER LOGIC 6-B


Default types:

bool ⇒ ind



Default Constants:


= :: α ⇒ α ⇒ bool

ε :: (α ⇒ bool) ⇒ α

DEFINING HIGHER ORDER LOGIC 6-C


Default types:

bool ⇒ ind



Default Constants:


= :: α ⇒ α ⇒ bool

ε :: (α ⇒ bool) ⇒ α

DEFINING HIGHER ORDER LOGIC 6-D


Default types:

bool ⇒ ind



Default Constants:


= :: α ⇒ α ⇒ bool

ε :: (α ⇒ bool) ⇒ α

DEFINING HIGHER ORDER LOGIC 6-E


Default types:

bool ⇒ ind



Default Constants:


= :: α ⇒ α ⇒ bool

ε :: (α ⇒ bool) ⇒ α

DEFINING HIGHER ORDER LOGIC 6-F


Default types:

bool ⇒ ind



Default Constants:


= :: α ⇒ α ⇒ bool

ε :: (α ⇒ bool) ⇒ α

DEFINING HIGHER ORDER LOGIC 6-G


Default types:

bool ⇒ ind



Default Constants:


= :: α ⇒ α ⇒ bool

ε :: (α ⇒ bool) ⇒ α

DEFINING HIGHER ORDER LOGIC 6-H

HIGHER ORDER ABSTRACT SYNTAX

Problem: Define syntax for binders like ∀, ∃, ε

One approach: ∀ :: var ⇒ term ⇒ bool

Drawback: need to think about substitution, α conversion again.

But: Already have binder, substitution, α conversion in meta logic

λ

So: Use λ to encode all other binders.

HIGHER ORDER ABSTRACT SYNTAX 7






λ


HIGHER ORDER ABSTRACT SYNTAX 7-A






λ


HIGHER ORDER ABSTRACT SYNTAX 7-B






λ


HIGHER ORDER ABSTRACT SYNTAX 7-C


Example:ALL :: (α ⇒ bool) ⇒ bool

HOAS usual syntax

ALL (λx. x = 2) ∀x. x = 2

ALL P ∀x. P x

Isabelle can translate usual binder syntax into HOAS.

HIGHER ORDER ABSTRACT SYNTAX 8



HOAS usual syntax

ALL (λx. x = 2)

∀x. x = 2

ALL P ∀x. P x


HIGHER ORDER ABSTRACT SYNTAX 8-A



HOAS usual syntax

ALL (λx. x = 2) ∀x. x = 2

ALL P ∀x. P x


HIGHER ORDER ABSTRACT SYNTAX 8-B



HOAS usual syntax

ALL (λx. x = 2) ∀x. x = 2

ALL P

∀x. P x


HIGHER ORDER ABSTRACT SYNTAX 8-C



HOAS usual syntax

ALL (λx. x = 2) ∀x. x = 2

ALL P ∀x. P x


HIGHER ORDER ABSTRACT SYNTAX 8-D



HOAS usual syntax

ALL (λx. x = 2) ∀x. x = 2

ALL P ∀x. P x


HIGHER ORDER ABSTRACT SYNTAX 8-E

SIDE TRACK: SYNTAX DECLARATIONS IN ISABELLE

➜ mixfix:consts drvbl :: ct ⇒ ct ⇒ fm ⇒ bool (” , ` ”)

Legal syntax now: Γ, Π ` F

➜ priorities:pattern can be annotated with priorities to indicate binding strengthExample: drvbl :: ct ⇒ ct ⇒ fm ⇒ bool (” , ` ” [30, 0, 20] 60)

➜ infixl/infixr: short form for left/right associative binary operatorsExample: or :: bool ⇒ bool ⇒ bool (infixr ” ∨ ” 30)

➜ binders: declaration must be of the formc :: (τ1 ⇒ τ2) ⇒ τ3 (binder ”B” < p >)

B x. P x translated into c P (and vice versa)Example ALL :: (α ⇒ bool) ⇒ bool (binder ”∀” 10)

More (including pretty printing) in Isabelle Reference Manual (7.3)

SIDE TRACK: SYNTAX DECLARATIONS IN ISABELLE 9









SIDE TRACK: SYNTAX DECLARATIONS IN ISABELLE 9-A









SIDE TRACK: SYNTAX DECLARATIONS IN ISABELLE 9-B









SIDE TRACK: SYNTAX DECLARATIONS IN ISABELLE 9-C









SIDE TRACK: SYNTAX DECLARATIONS IN ISABELLE 9-D

BACK TO HOL

Base: bool, ⇒, ind =, −→, ε

And the rest is

definitions:

True ≡ (λx :: bool. x) = (λx. x)

All P ≡ P = (λx. True)

Ex P ≡ ∀Q. (∀x. P x −→ Q) −→ Q

False ≡ ∀P. P

¬P ≡ P −→ False

P ∧ Q ≡ ∀R. (P −→ Q −→ R) −→ R

P ∨ Q ≡ ∀R. (P −→ R) −→ (Q −→ R) −→ R

If P x y ≡ SOME z. (P = True −→ z = x) ∧ (P = False −→ z = y)

inj f ≡ ∀x y. f x = f y −→ x = y

surj f ≡ ∀y. ∃x. y = f x

BACK TO HOL 10

BACK TO HOL

Base: bool, ⇒, ind =, −→, ε

And the rest is definitions:


All P ≡ P = (λx. True)

Ex P ≡ ∀Q. (∀x. P x −→ Q) −→ Q

False ≡ ∀P. P


P ∧ Q ≡ ∀R. (P −→ Q −→ R) −→ R

P ∨ Q ≡ ∀R. (P −→ R) −→ (Q −→ R) −→ R


inj f ≡ ∀x y. f x = f y −→ x = y

surj f ≡ ∀y. ∃x. y = f x

BACK TO HOL 10-A

THE AXIOMS OF HOL

t = t refls = t P s

P tsubst

∧x. f x = g x

(λx. f x) = (λx. g x)ext

P =⇒ Q

P −→ QimpI

P −→ Q P

Qmp

(P −→ Q) −→ (Q −→ P ) −→ (P = Q)iff

P = True ∨ P = FalseTrue or False

P ?xP (SOME x. P x)

someI

∃f :: ind ⇒ ind. inj f ∧ ¬surj finfty

THE AXIOMS OF HOL 11

THE AXIOMS OF HOL

t = t refls = t P s

P tsubst

∧x. f x = g x


P =⇒ Q

P −→ QimpI

P −→ Q P

Qmp

(P −→ Q) −→ (Q −→ P ) −→ (P = Q)iff


P ?xP (SOME x. P x)

someI


THE AXIOMS OF HOL 11-A

THE AXIOMS OF HOL

t = t refls = t P s

P tsubst

∧x. f x = g x


P =⇒ Q

P −→ QimpI

P −→ Q P

Qmp

(P −→ Q) −→ (Q −→ P ) −→ (P = Q)iff


P ?xP (SOME x. P x)

someI


THE AXIOMS OF HOL 11-B

THE AXIOMS OF HOL

t = t refls = t P s

P tsubst

∧x. f x = g x


P =⇒ Q

P −→ QimpI

P −→ Q P

Qmp

(P −→ Q) −→ (Q −→ P ) −→ (P = Q)iff


P ?xP (SOME x. P x)

someI


THE AXIOMS OF HOL 11-C

THE AXIOMS OF HOL

t = t refls = t P s

P tsubst

∧x. f x = g x


P =⇒ Q

P −→ QimpI

P −→ Q P

Qmp

(P −→ Q) −→ (Q −→ P ) −→ (P = Q)iff


P ?xP (SOME x. P x)

someI


THE AXIOMS OF HOL 11-D

THE AXIOMS OF HOL

t = t refls = t P s

P tsubst

∧x. f x = g x


P =⇒ Q

P −→ QimpI

P −→ Q P

Qmp

(P −→ Q) −→ (Q −→ P ) −→ (P = Q)iff


P ?xP (SOME x. P x)

someI


THE AXIOMS OF HOL 11-E

THAT’S IT.

➜ 3 basic constants

➜ 3 basic types

➜ 9 axioms

With this you can define and derive all the rest.

Isabelle knows 2 more axioms:

x = yx ≡ y eq reflection (THE x. x = a) = a

the eq trivial

THAT’S IT. 12

THAT’S IT.


➜ 3 basic types

➜ 9 axioms




the eq trivial

THAT’S IT. 12-A

THAT’S IT.


➜ 3 basic types

➜ 9 axioms




the eq trivial

THAT’S IT. 12-B

DEMO: THE DEFINITIONS IN ISABELLE

13

DERIVING PROOF RULES

In the following, we will

➜ look at the definitions in more detail

➜ derive the traditional proof rules from the axioms in Isabelle

Convenient for deriving rules: named assumptions in lemmas

lemma [name :]

assumes [name1 :] ”< prop >1”assumes [name2 :] ”< prop >2”...shows ” < prop > ” < proof >

proves: [[ < prop >1; < prop >2; . . . ]] =⇒< prop >

DERIVING PROOF RULES 14






lemma [name :]



DERIVING PROOF RULES 14-A






lemma [name :]



DERIVING PROOF RULES 14-B






lemma [name :]



DERIVING PROOF RULES 14-C






lemma [name :]



DERIVING PROOF RULES 14-D

TRUE

consts True :: bool


Intuition:right hand side is always true

Proof Rules:

TrueTrueI

Proof:(λx :: bool. x) = (λx. x)

refl

Trueunfold True def

TRUE 15

TRUE

consts True :: bool


Intuition:right hand side is always true

Proof Rules:

TrueTrueI

Proof:(λx :: bool. x) = (λx. x)

refl

Trueunfold True def

TRUE 15-A

DEMO

16

UNIVERSIAL QUANTIFIER

consts ALL :: (α ⇒ bool) ⇒ bool

ALL P ≡ P = (λx. True)

Intuition:

➜ ALL P is Higher Order Abstract Syntax for ∀x. P x.

➜ P is a function that takes an x and yields a truth values.

➜ ALL P should be true iff P yields true for all x, i.e.if it is equivalent to the function λx. True.

Proof Rules:∧

x. P x

∀x. P xallI

∀x. P x P ?x =⇒ RR

allE

Proof: Isabelle Demo

UNIVERSIAL QUANTIFIER 17




Intuition:




Proof Rules:∧

x. P x

∀x. P xallI

∀x. P x P ?x =⇒ RR

allE


UNIVERSIAL QUANTIFIER 17-A




Intuition:




Proof Rules:∧

x. P x

∀x. P xallI

∀x. P x P ?x =⇒ RR

allE


UNIVERSIAL QUANTIFIER 17-B




Intuition:




Proof Rules:∧

x. P x

∀x. P xallI

∀x. P x P ?x =⇒ RR

allE


UNIVERSIAL QUANTIFIER 17-C




Intuition:




Proof Rules:∧

x. P x

∀x. P xallI

∀x. P x P ?x =⇒ RR

allE


UNIVERSIAL QUANTIFIER 17-D

FALSE

consts False :: bool

False ≡ ∀P.P

Intuition:Everything can be derived from False.

Proof Rules:False

PFalseE

True 6= False


FALSE 18

FALSE


False ≡ ∀P.P


Proof Rules:False

PFalseE

True 6= False


FALSE 18-A

FALSE


False ≡ ∀P.P


Proof Rules:False

PFalseE

True 6= False


FALSE 18-B

NEGATION

consts Not :: bool ⇒ bool (¬ )


Intuition:Try P = True and P = False and the traditional truth table for −→.

Proof Rules:

A =⇒ False¬A

notI¬A A

PnotE


NEGATION 19

NEGATION




Proof Rules:

A =⇒ False¬A

notI¬A A

PnotE


NEGATION 19-A

NEGATION




Proof Rules:

A =⇒ False¬A

notI¬A A

PnotE


NEGATION 19-B

EXISTENTIAL QUANTIFIER

consts EX :: (α ⇒ bool) ⇒ bool

EX P ≡ ∀Q. (∀x. P x −→ Q) −→ Q

Intuition:

➜ EX P is HOAS for ∃x. P x. (like ∀)

➜ Right hand side is characterization of ∃ with ∀ and −→

➜ Note that inner ∀ binds wide: (∀x. P x −→ Q)

➜ Remember lemma from last time:(∀x. P x −→ Q) = ((∃x. P x) −→ Q)

Proof Rules:P ?x

∃x. P xexI

∃x. P x∧

x. P x =⇒ R

RexE


EXISTENTIAL QUANTIFIER 20



EX P ≡ ∀Q. (∀x. P x −→ Q) −→ Q

Intuition:





Proof Rules:P ?x

∃x. P xexI

∃x. P x∧

x. P x =⇒ R

RexE


EXISTENTIAL QUANTIFIER 20-A



EX P ≡ ∀Q. (∀x. P x −→ Q) −→ Q

Intuition:





Proof Rules:P ?x

∃x. P xexI

∃x. P x∧

x. P x =⇒ R

RexE


EXISTENTIAL QUANTIFIER 20-B



EX P ≡ ∀Q. (∀x. P x −→ Q) −→ Q

Intuition:





Proof Rules:P ?x

∃x. P xexI

∃x. P x∧

x. P x =⇒ R

RexE


EXISTENTIAL QUANTIFIER 20-C



EX P ≡ ∀Q. (∀x. P x −→ Q) −→ Q

Intuition:





Proof Rules:P ?x

∃x. P xexI

∃x. P x∧

x. P x =⇒ R

RexE


EXISTENTIAL QUANTIFIER 20-D



EX P ≡ ∀Q. (∀x. P x −→ Q) −→ Q

Intuition:





Proof Rules:P ?x

∃x. P xexI

∃x. P x∧

x. P x =⇒ R

RexE


EXISTENTIAL QUANTIFIER 20-E

CONJUNCTION

consts And :: bool ⇒ bool ⇒ bool ( ∧ )

P ∧ Q ≡ ∀R. (P −→ Q −→ R) −→ R

Intuition:

➜ Mirrors proof rules for ∧

➜ Try truth table for P , Q, and R

Proof Rules:

A BA ∧ B

conjIA ∧ B [[A; B]] =⇒ C

CconjE


CONJUNCTION 21

CONJUNCTION


P ∧ Q ≡ ∀R. (P −→ Q −→ R) −→ R

Intuition:



Proof Rules:

A BA ∧ B


CconjE


CONJUNCTION 21-A

CONJUNCTION


P ∧ Q ≡ ∀R. (P −→ Q −→ R) −→ R

Intuition:



Proof Rules:

A BA ∧ B


CconjE


CONJUNCTION 21-B

CONJUNCTION


P ∧ Q ≡ ∀R. (P −→ Q −→ R) −→ R

Intuition:



Proof Rules:

A BA ∧ B


CconjE


CONJUNCTION 21-C

DISJUNCTION

consts Or :: bool ⇒ bool ⇒ bool ( ∨ )

P ∨ Q ≡ ∀R. (P −→ R) −→ (Q −→ R) −→ R

Intuition:

➜ Mirrors proof rules for ∨ (case distinction)


Proof Rules:

AA ∨ B

BA ∨ B

disjI1/2 A ∨ B A =⇒ C B =⇒ CC

disjE


DISJUNCTION 22

DISJUNCTION


P ∨ Q ≡ ∀R. (P −→ R) −→ (Q −→ R) −→ R

Intuition:



Proof Rules:

AA ∨ B

BA ∨ B


disjE


DISJUNCTION 22-A

DISJUNCTION


P ∨ Q ≡ ∀R. (P −→ R) −→ (Q −→ R) −→ R

Intuition:



Proof Rules:

AA ∨ B

BA ∨ B


disjE


DISJUNCTION 22-B

DISJUNCTION


P ∨ Q ≡ ∀R. (P −→ R) −→ (Q −→ R) −→ R

Intuition:



Proof Rules:

AA ∨ B

BA ∨ B


disjE


DISJUNCTION 22-C

IF-THEN-ELSE

consts If :: bool ⇒ α ⇒ α ⇒ α (if then else )


Intuition:

➜ for P = True, right hand side collapses to SOME z. z = x

➜ for P = False, right hand side collapses to SOME z. z = y

Proof Rules:

if True then s else t = sifTrue

if False then s else t = tifFalse


IF-THEN-ELSE 23

IF-THEN-ELSE



Intuition:



Proof Rules:




IF-THEN-ELSE 23-A

IF-THEN-ELSE



Intuition:



Proof Rules:




IF-THEN-ELSE 23-B

IF-THEN-ELSE



Intuition:



Proof Rules:




IF-THEN-ELSE 23-C

THAT WAS HOL

24

MORE ON AUTOMATION

Last time: safe and unsafe rule, heuristics: use safe before unsafe

This can be automated

Syntax:[<kind>!] for safe rules (<kind> one of intro, elim, dest)[<kind>] for unsafe rules

Application (roughly):do safe rules first, search/backtrack on unsafe rules only

Example:

declare attribute globally declare conjI [intro!] allE [elim]remove attribute gloabllay declare allE [rule del]use locally apply (blast intro: someI)delete locally apply (blast del: conjI)

MORE ON AUTOMATION 25

MORE ON AUTOMATION





Example:


MORE ON AUTOMATION 25-A

MORE ON AUTOMATION





Example:


MORE ON AUTOMATION 25-C

MORE ON AUTOMATION





Example:


MORE ON AUTOMATION 25-D

MORE ON AUTOMATION





Example:


MORE ON AUTOMATION 25-E

DEMO: AUTOMATION

26

WE HAVE LEARNED TODAY ...

➜ Defining HOL

➜ Higher Order Abstract Syntax

➜ Deriving proof rules

➜ More automation

WE HAVE LEARNED TODAY ... 27


➜ Defining HOL



➜ More automation

WE HAVE LEARNED TODAY ... 27-A


➜ Defining HOL



➜ More automation

WE HAVE LEARNED TODAY ... 27-B


➜ Defining HOL



➜ More automation

WE HAVE LEARNED TODAY ... 27-C

EXERCISES

➜ derive the classical contradiction rule (¬P =⇒ False) =⇒ P in

Isabelle

➜ define nor and nand in Isabelle

➜ show nor x x = nand x x

➜ derive safe intro and elim rules for them

➜ use these in an automated proof of nor x x = nand x x

EXERCISES 28

NICTA Advanced Course Theorem Proving Principles, Techniques, … · 2004. 9. 20. · Some...

Documents

Transcript of NICTA Advanced Course Theorem Proving Principles, Techniques, … · 2004. 9. 20. · Some...