a b c
play

a = b c . . . 1 C ONTENT Intro & motivation, getting started - PowerPoint PPT Presentation

Nov 30, 2023 •326 likes •1.26k views

NICTA Advanced Course Theorem Proving Principles, Techniques, Applications a = b c . . . 1 C ONTENT Intro & motivation, getting started with Isabelle Foundations & Principles Lambda Calculus Higher Order Logic,

  1. NICTA Advanced Course Theorem Proving Principles, Techniques, Applications a = b ≤ c ≤ . . . 1

  2. C ONTENT ➜ Intro & motivation, getting started with Isabelle ➜ Foundations & Principles • Lambda Calculus • Higher Order Logic, natural deduction • Term rewriting ➜ Proof & Specification Techniques • Inductively defined sets, rule induction • Datatypes, recursion, induction • More recursion, Calculational reasoning • Hoare logic, proofs about programs • Locales, Presentation C ONTENT 2

  3. L AST W EEK ➜ Constructive Logic & Curry-Howard-Isomorphism L AST W EEK 3

  4. L AST W EEK ➜ Constructive Logic & Curry-Howard-Isomorphism ➜ The Coq System L AST W EEK 3- A

  5. L AST W EEK ➜ Constructive Logic & Curry-Howard-Isomorphism ➜ The Coq System ➜ The HOL4 system L AST W EEK 3- B

  6. L AST W EEK ➜ Constructive Logic & Curry-Howard-Isomorphism ➜ The Coq System ➜ The HOL4 system ➜ Before that: datatypes, recursion, induction L AST W EEK 3- C

  7. G ENERAL R ECURSION The Choice G ENERAL R ECURSION 4

  8. G ENERAL R ECURSION The Choice ➜ Limited expressiveness, automatic termination • primrec G ENERAL R ECURSION 4- A

  9. G ENERAL R ECURSION The Choice ➜ Limited expressiveness, automatic termination • primrec ➜ High expressiveness, prove termination manually • recdef G ENERAL R ECURSION 4- B

  10. RECDEF — EXAMPLES consts sep :: ”’a × ’a list ⇒ ’a list” recdef sep ”measure ( λ (a, xs). size xs)” ”sep (a, x # y # zs) = x # a # sep (a, y # zs)” ”sep (a, xs) = xs” RECDEF — EXAMPLES 5

  11. RECDEF — EXAMPLES consts sep :: ”’a × ’a list ⇒ ’a list” recdef sep ”measure ( λ (a, xs). size xs)” ”sep (a, x # y # zs) = x # a # sep (a, y # zs)” ”sep (a, xs) = xs” consts ack :: ”nat × nat ⇒ nat” recdef ack ”measure ( λ m. m) < *lex* > measure ( λ n. n)” ”ack (0, n) = Suc n” ”ack (Suc m, 0) = ack (m, 1)” ”ack (Suc m, Suc n) = ack (m, ack (Suc m, n))” RECDEF — EXAMPLES 5- A

  12. RECDEF ➜ The definiton: • one parameter • free pattern matching, order of rules important • termination relation ( measure sufficient for most cases) 6 RECDEF

  13. RECDEF ➜ The definiton: • one parameter • free pattern matching, order of rules important • termination relation ( measure sufficient for most cases) ➜ Termination relation: • must decrease for each recursive call • must be well founded 6- A RECDEF

  14. RECDEF ➜ The definiton: • one parameter • free pattern matching, order of rules important • termination relation ( measure sufficient for most cases) ➜ Termination relation: • must decrease for each recursive call • must be well founded ➜ Generates own induction principle 6- B RECDEF

  15. RECDEF — INDUCTION PRINCIPLE ➜ Each recdef definition induces an induction principle RECDEF — INDUCTION PRINCIPLE 7

  16. RECDEF — INDUCTION PRINCIPLE ➜ Each recdef definition induces an induction principle ➜ For each equation: show that the property holds for the lhs provided it holds for each recursive call on the rhs RECDEF — INDUCTION PRINCIPLE 7- A

  17. RECDEF — INDUCTION PRINCIPLE ➜ Each recdef definition induces an induction principle ➜ For each equation: show that the property holds for the lhs provided it holds for each recursive call on the rhs ➜ Example sep.induct : [ V a. P a []; [ V a w. P a [ w ] V a x y zs. P a ( y # zs ) = ⇒ P a ( x # y # zs ); ] ] = ⇒ P a xs RECDEF — INDUCTION PRINCIPLE 7- B

  18. T ERMINATION Isabelle tries to prove termination automatically ➜ For most functions and termination relations this works. T ERMINATION 8

  19. T ERMINATION Isabelle tries to prove termination automatically ➜ For most functions and termination relations this works. ➜ Sometimes not T ERMINATION 8- A

  20. T ERMINATION Isabelle tries to prove termination automatically ➜ For most functions and termination relations this works. ➜ Sometimes not ⇒ error message with unsolved subgoal T ERMINATION 8- B

  21. T ERMINATION Isabelle tries to prove termination automatically ➜ For most functions and termination relations this works. ➜ Sometimes not ⇒ error message with unsolved subgoal ➜ You can give hints (additional lemmas) to the recdef package: recdef quicksort ”measure length” quicksort [] = [] quicksort ( x # xs ) = quicksort [ y ∈ xs.y ≤ x ]@[ x ]@ quicksort [ y ∈ xs.x < y ] (hints recdef simp: less Suc eq le) T ERMINATION 8- C

  22. T ERMINATION Isabelle tries to prove termination automatically ➜ For most functions and termination relations this works. ➜ Sometimes not ⇒ error message with unsolved subgoal ➜ You can give hints (additional lemmas) to the recdef package: recdef quicksort ”measure length” quicksort [] = [] quicksort ( x # xs ) = quicksort [ y ∈ xs.y ≤ x ]@[ x ]@ quicksort [ y ∈ xs.x < y ] (hints recdef simp: less Suc eq le) For exploration: ➜ allow failing termination proof T ERMINATION 8- D

  23. T ERMINATION Isabelle tries to prove termination automatically ➜ For most functions and termination relations this works. ➜ Sometimes not ⇒ error message with unsolved subgoal ➜ You can give hints (additional lemmas) to the recdef package: recdef quicksort ”measure length” quicksort [] = [] quicksort ( x # xs ) = quicksort [ y ∈ xs.y ≤ x ]@[ x ]@ quicksort [ y ∈ xs.x < y ] (hints recdef simp: less Suc eq le) For exploration: ➜ allow failing termination proof ➜ recdef (permissive) quicksort ”measure length” T ERMINATION 8- E

  24. T ERMINATION Isabelle tries to prove termination automatically ➜ For most functions and termination relations this works. ➜ Sometimes not ⇒ error message with unsolved subgoal ➜ You can give hints (additional lemmas) to the recdef package: recdef quicksort ”measure length” quicksort [] = [] quicksort ( x # xs ) = quicksort [ y ∈ xs.y ≤ x ]@[ x ]@ quicksort [ y ∈ xs.x < y ] (hints recdef simp: less Suc eq le) For exploration: ➜ allow failing termination proof ➜ recdef (permissive) quicksort ”measure length” ➜ termination conditions as assumption in simp and induct rules T ERMINATION 8- F

  25. D EMO 9

  26. H OW DOES RECDEF WORK ? We need: general recursion operator H OW DOES RECDEF WORK ? 10

  27. H OW DOES RECDEF WORK ? We need: general recursion operator rec F = F ( rec F ) something like: H OW DOES RECDEF WORK ? 10- A

  28. H OW DOES RECDEF WORK ? We need: general recursion operator rec F = F ( rec F ) something like: ( F stands for the recursion equations) Example: H OW DOES RECDEF WORK ? 10- B

  29. H OW DOES RECDEF WORK ? We need: general recursion operator rec F = F ( rec F ) something like: ( F stands for the recursion equations) Example: ➜ recursion equations: f = 0 f ( Suc n ) = fn H OW DOES RECDEF WORK ? 10- C

  30. H OW DOES RECDEF WORK ? We need: general recursion operator rec F = F ( rec F ) something like: ( F stands for the recursion equations) Example: ➜ recursion equations: f = 0 f ( Suc n ) = fn f = λn ′ . case n ′ of 0 ⇒ 0 | Suc n ⇒ f n ➜ as one λ -term: H OW DOES RECDEF WORK ? 10- D

  31. H OW DOES RECDEF WORK ? We need: general recursion operator rec F = F ( rec F ) something like: ( F stands for the recursion equations) Example: ➜ recursion equations: f = 0 f ( Suc n ) = fn f = λn ′ . case n ′ of 0 ⇒ 0 | Suc n ⇒ f n ➜ as one λ -term: F = λf. λn ′ . case n ′ of 0 ⇒ 0 | Suc n ⇒ f n ➜ functor: H OW DOES RECDEF WORK ? 10- E

  32. H OW DOES RECDEF WORK ? We need: general recursion operator rec F = F ( rec F ) something like: ( F stands for the recursion equations) Example: ➜ recursion equations: f = 0 f ( Suc n ) = fn f = λn ′ . case n ′ of 0 ⇒ 0 | Suc n ⇒ f n ➜ as one λ -term: F = λf. λn ′ . case n ′ of 0 ⇒ 0 | Suc n ⇒ f n ➜ functor: ➜ rec :: (( α ⇒ β ) ⇒ ( α ⇒ β )) ⇒ ( α ⇒ β ) like above cannot exist in HOL (only total functions) ➜ But ’guarded’ form possible: wfrec :: ( α × α ) set ⇒ (( α ⇒ β ) ⇒ ( α ⇒ β )) ⇒ ( α ⇒ β ) ➜ ( α × α ) set a well founded order, decreasing with execution H OW DOES RECDEF WORK ? 10- F

  33. H OW DOES RECDEF WORK ? Why rec F = F ( rec F ) ? H OW DOES RECDEF WORK ? 11

  34. H OW DOES RECDEF WORK ? Why rec F = F ( rec F ) ? Because we want the recursion equations to hold. Example: λg. λn ′ . case n ′ of 0 ⇒ 0 | Suc n ⇒ g n ≡ F ≡ f rec F H OW DOES RECDEF WORK ? 11- A

  35. H OW DOES RECDEF WORK ? Why rec F = F ( rec F ) ? Because we want the recursion equations to hold. Example: λg. λn ′ . case n ′ of 0 ⇒ 0 | Suc n ⇒ g n ≡ F ≡ f rec F f 0 = rec F 0 H OW DOES RECDEF WORK ? 11- B

  36. H OW DOES RECDEF WORK ? Why rec F = F ( rec F ) ? Because we want the recursion equations to hold. Example: λg. λn ′ . case n ′ of 0 ⇒ 0 | Suc n ⇒ g n ≡ F ≡ f rec F f 0 = rec F 0 = F ( rec F ) 0 . . . H OW DOES RECDEF WORK ? 11- C

  37. H OW DOES RECDEF WORK ? Why rec F = F ( rec F ) ? Because we want the recursion equations to hold. Example: λg. λn ′ . case n ′ of 0 ⇒ 0 | Suc n ⇒ g n ≡ F ≡ f rec F f 0 = rec F 0 = F ( rec F ) 0 . . . ( λg. λn ′ . case n ′ of 0 ⇒ 0 | Suc n ⇒ g n ) ( rec F ) 0 = . . . H OW DOES RECDEF WORK ? 11- D

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

The constructible universe of ZFA Matteo Viale KGRC University of Vienna 1 WHY THE FOUNDATION

The constructible universe of ZFA Matteo Viale KGRC University of Vienna 1 WHY THE FOUNDATION

The constructible universe of ZFA Matteo Viale KGRC University of Vienna 1 WHY THE FOUNDATION AXIOM? Axiom 1. is a well founded relation. Kunens textbook justifies the axiom of foun- dation on the ground that it is an essential

526 views • 19 slides
Reverse mathematical bounds for the Termination Theorem Silvia Steila (joint work with Stefano

Reverse mathematical bounds for the Termination Theorem Silvia Steila (joint work with Stefano

Reverse mathematical bounds for the Termination Theorem Silvia Steila (joint work with Stefano Berardi and Keita Yokoyama) Universit` a degli studi di Torino Logic and Information ST 2015: M unchenwiler Meeting March 25th - 26th, 2015

365 views • 22 slides
TERNARY RELATIONAL SEMANTICS STANDARD WITHOUT A SET OF DESIGNATED POINTS RELEVANCE LOGICS

TERNARY RELATIONAL SEMANTICS STANDARD WITHOUT A SET OF DESIGNATED POINTS RELEVANCE LOGICS

1 Relevance logics and intuitionistic negation TERNARY RELATIONAL SEMANTICS STANDARD WITHOUT A SET OF DESIGNATED POINTS RELEVANCE LOGICS NON-RELEVANT LOGICS CONSTRUCTIVE NEGATION Ternary relational semantics : (1) a

484 views • 12 slides
Polluted Resolution and other Combined Proof Search Methods for Propositional Modal Logics

Polluted Resolution and other Combined Proof Search Methods for Propositional Modal Logics

Polluted Resolution and other Combined Proof Search Methods for Propositional Modal Logics Cludia Nalon nalon@unb.br University of Braslia WOLLI, 2015 C. Nalon WOLLI, 2015 1 / 22 Polluted Resolution and other Combined Proof Search

504 views • 38 slides
NON-WELL-FOUNDED SET BASED MULTI-AGENT EPISTEMIC ACTION LANGUAGE 34 th Italian Conference on

NON-WELL-FOUNDED SET BASED MULTI-AGENT EPISTEMIC ACTION LANGUAGE 34 th Italian Conference on

University of Udine Department of Mathematics, Computer Science and Physics NON-WELL-FOUNDED SET BASED MULTI-AGENT EPISTEMIC ACTION LANGUAGE 34 th Italian Conference on Computational Logic Francesco Fabiano , Idriss Riouak, Agostino Dovier and

958 views • 63 slides
Algorithmic Aspects of WQO (Well-Quasi-Ordering) Theory Part I: Basics of WQO Theory Sylvain

Algorithmic Aspects of WQO (Well-Quasi-Ordering) Theory Part I: Basics of WQO Theory Sylvain

Algorithmic Aspects of WQO (Well-Quasi-Ordering) Theory Part I: Basics of WQO Theory Sylvain Schmitz &amp; Philippe Schnoebelen LSV, CNRS &amp; ENS Cachan ESSLLI 2012, Opole, Aug 6-15, 2012 Lecture notes &amp; exercices available at

536 views • 50 slides
A Mechanized Proof of Higmans Lemma by Open Induction Christian Sternagel University of

A Mechanized Proof of Higmans Lemma by Open Induction Christian Sternagel University of

A Mechanized Proof of Higmans Lemma by Open Induction Christian Sternagel University of Innsbruck, Austria January 18, 2016 Dagstuhl Seminar 16031 Well-Quasi-Orders in Computer Science Supported by the Austrian Science Fund (FWF):

833 views • 69 slides
From guarded to well-founded Formalizing Coq s guard condition Cyprien Mangin Matthieu Sozeau

From guarded to well-founded Formalizing Coq s guard condition Cyprien Mangin Matthieu Sozeau

From guarded to well-founded Formalizing Coq s guard condition Cyprien Mangin Matthieu Sozeau cyprien.mangin@m4x.org matthieu.sozeau@inria.fr Inria Paris &amp; IRIF, Universit e Paris-Diderot July 8, 2018 1 Outline 1 Guard condition

860 views • 52 slides
On proving liveness properties of programs Alexey Gotsman University of Cambridge joint work

On proving liveness properties of programs Alexey Gotsman University of Cambridge joint work

On proving liveness properties of programs Alexey Gotsman University of Cambridge joint work with Byron Cook, Andreas Podelski, and Andrey Rybalchenko BCTCS06, 6 April 2006 State-of-the-art Systems Model checking Abstraction Properties

484 views • 13 slides
The Role of the Coinduction Hypothesis in Coinductive Proofs Anton Setzer Swansea University

The Role of the Coinduction Hypothesis in Coinductive Proofs Anton Setzer Swansea University

The Role of the Coinduction Hypothesis in Coinductive Proofs Anton Setzer Swansea University With contributions by Peter Hancock, Andreas Abel, Brigitte Pientka, David Thibodeau Operations, Sets, Types, M unchenwiler near Bern, Switzerland

940 views • 59 slides
Coinductive Reasoning in Dependent Type Theory - Copatterns, Objects, Processes Anton Setzer

Coinductive Reasoning in Dependent Type Theory - Copatterns, Objects, Processes Anton Setzer

Coinductive Reasoning in Dependent Type Theory - Copatterns, Objects, Processes Anton Setzer http://www.cs.swan.ac.uk/~csetzer/index.html Swansea University http://www.swansea.ac.uk/compsci/ (Part on Processes presented by Bashar Igried on

1.1k views • 72 slides
Constraints in Verification Andreas Podelski University of Freiburg two kinds of constraints in

Constraints in Verification Andreas Podelski University of Freiburg two kinds of constraints in

Constraints in Verification Andreas Podelski University of Freiburg two kinds of constraints in verification 1. upper bound for fixpoint constraint over sets of states X F(X) X X bound verification

656 views • 52 slides
Reflection ranks and proof theoretic ordinals (based on joint work with James Walsh) Fedor

Reflection ranks and proof theoretic ordinals (based on joint work with James Walsh) Fedor

Reflection ranks and proof theoretic ordinals (based on joint work with James Walsh) Fedor Pakhomov Steklov Mathematical Institute, Moscow pakhf@mi.ras.ru Logic Colloquium 2018, Udine 24 July 2018 Con -Order def U proves consistence

407 views • 16 slides
First-Order Theorem Proving and Vampire Laura Kov acs (Chalmers University of Technology)

First-Order Theorem Proving and Vampire Laura Kov acs (Chalmers University of Technology)

First-Order Theorem Proving and Vampire Laura Kov acs (Chalmers University of Technology) Andrei Voronkov (The University of Manchester) Outline Introduction First-Order Logic and TPTP Inference Systems Saturation Algorithms Redundancy

1.98k views • 186 slides
Computational content of proofs involving coinduction Helmut Schwichtenberg (j.w.w. Kenji

Computational content of proofs involving coinduction Helmut Schwichtenberg (j.w.w. Kenji

Computational content of proofs involving coinduction Helmut Schwichtenberg (j.w.w. Kenji Miyamoto and Fredrik Nordvall Forsberg) Mathematisches Institut, LMU, M unchen Kyoto University, 19. March 2014 1 / 29 Proof: 2 aspects provides

543 views • 29 slides
Metrizable Spaces Theorem Suppose that X is metrizable. Then the following are equivalent. X is

Metrizable Spaces Theorem Suppose that X is metrizable. Then the following are equivalent. X is

Metrizable Spaces Theorem Suppose that X is metrizable. Then the following are equivalent. X is compact. a X is limit point compact. b X is sequentially compact. c Well-Ordered Sets Definition An ordered set ( A , &lt; ) is called

360 views • 6 slides
NO! NO! Albert R Meyer February 13, 2012 Albert R Meyer February 13, 2012 Lec 2M.3 Lec 2M.4

NO! NO! Albert R Meyer February 13, 2012 Albert R Meyer February 13, 2012 Lec 2M.3 Lec 2M.4

Mathematics for Computer Science Well Ordering principle MIT 6.042J/18.062J Every nonempty set of nonnegative integers The Well Ordering has a Principle least element. Familiar? Now you mention it, Yes. Obvious?

479 views • 3 slides
Mechanizing Set Theory: Cardinal Arithmetic and the Axiom of Choice Krzysztof Gra bczewski ,

Mechanizing Set Theory: Cardinal Arithmetic and the Axiom of Choice Krzysztof Gra bczewski ,

Gra bczewski &amp; Paulson Mechanizing Set Theory 1 Mechanizing Set Theory: Cardinal Arithmetic and the Axiom of Choice Krzysztof Gra bczewski , Copernicus University, Torun, Poland Lawrence C Paulson , Computer Laboratory, Cambridge

223 views • 10 slides
13 April Tom Cuchta Who shaves the barber? Last class: imagine a town with precisely one barber.

13 April Tom Cuchta Who shaves the barber? Last class: imagine a town with precisely one barber.

13 April Tom Cuchta Who shaves the barber? Last class: imagine a town with precisely one barber. The barber obeys the Logical Barber Property: the barber shaves all the people, and only the people, who do not shave themselves. Who shaves

425 views • 16 slides
Definable Well-Ordering, the GCH, and Large Cardinals Andrew Brooke-Taylor Work from a doctoral

Definable Well-Ordering, the GCH, and Large Cardinals Andrew Brooke-Taylor Work from a doctoral

Definable Well-Ordering, the GCH, and Large Cardinals Andrew Brooke-Taylor Work from a doctoral thesis at the Kurt G odel Research Center for Mathematical Logic, The University of Vienna Advisor: Sy D. Friedman The existence of a definable

540 views • 18 slides
The finite embeddability property for some noncommutative knotted extensions of RL. Riquelmi

The finite embeddability property for some noncommutative knotted extensions of RL. Riquelmi

The finite embeddability property for some noncommutative knotted extensions of RL. Riquelmi Cardona University of Denver BLAST 2013 Riquelmi Cardona (DU) FEP for some noncommutative knotted RL BLAST 2013 1 / 16 Preliminaries Finite

750 views • 56 slides
Some compactness principles in set theory Radek Honzik Department of Logic Charles University

Some compactness principles in set theory Radek Honzik Department of Logic Charles University

Some compactness principles in set theory Radek Honzik Department of Logic Charles University logika.ff.cuni.cz/radek PhDs in Logic May 2, 2018 R. Honzik Some compactness principles Contents We will discuss two examples of compactness

1.15k views • 87 slides
Foundations of Computer Science Lecture 5 Induction: Proving For All . . . Induction:

Foundations of Computer Science Lecture 5 Induction: Proving For All . . . Induction:

Foundations of Computer Science Lecture 5 Induction: Proving For All . . . Induction: What and Why? Induction: Good, Bad and Ugly Induction, Well-Ordering and the Smallest Counter-Example Last Time 1 Proving if . . . , then . . .

1.42k views • 98 slides
Changs Conjecture, generic elementary embeddings and inner models for huge cardinals Matt

Changs Conjecture, generic elementary embeddings and inner models for huge cardinals Matt

Changs Conjecture, generic elementary embeddings and inner models for huge cardinals Matt Foreman Kyoto October 25-27, 2010 These lectures summarize and organize the material appearing in: Smoke and Mirrors: Combinatorial properties of

452 views • 13 slides

More recommend