[PDF] - Automated Reasoning 1 Automated Reasoning John Harrison Univ PDF Document

SLIDE 1 Automated Reasoning 1 Automated Reasoning John Harrison Univ ersit y

f

Cam bridge

What

is automated reasoning? Automatic vs. in teractiv e.

Successes
f

the AI and logic approac hes

Dev

elopmen t

f

formal logic

History
f

automated reasoning

V

erication

Curren

t researc h topics John Harrison Univ ersit y

f

Cam bridge, 22 Jan uary 1997

SLIDE 2 Automated Reasoning 2 What is automated reasoning? In

ne

sense w e'll in terpret

ur

title narro wly: w e are in terested in reasoning in logic and mathematics, rather than ev eryda y life. The eld is also called automate d the

r

em pr

ving.

In another sense w e in terpret it broadly: w e don't just consider making computers pro v e theorems automatically , but also w a ys in whic h they can supp

rt

h umans. The correct title migh t b e me chanize d the

r

em pr

ving.

W e'll divide the discussion in to (fully) automatic systems, and inter active systems. John Harrison Univ ersit y

f

Cam bridge, 22 Jan uary 1997

SLIDE 3 Automated Reasoning 3 The limits

f

automated reasoning It's almost certainly imp

ssible,

ev en in principle, that a computer can pro v e automatically all the mathematical theorems w e are in terested in. This follo ws from T arski's the

r

em

n

the undenability

f

truth (1936), whic h implies that the set

f

true facts

f

arithmetic is not ev en semic

mputable.

Ho w ev er w e can set up logical systems that are capable

f

deducing man y , p erhaps most, in teresting theorems, suc h that the set

f

logically v alid form ulas is at least semic

mputable.

F

r

example, the system

f

Zermelo-F r aenkel set the

ry

based

n

rst

r

der lo gic has this prop ert y . But this do esn't include al l true facts (G

del

1930, also a corollary to T arski's theorem). And it is still not c

mputable.

John Harrison Univ ersit y

f

Cam bridge, 22 Jan uary 1997

SLIDE 4 Automated Reasoning 4 Decidable systems In fact, for some limited areas

f

mathematics

r

logic, there are systems for whic h v alidit y is actually c

mputable.

A simple example is prop

sitional

logic. W e can decide if :(p _ q ) ) :p ^ :q is v alid simply b y considering cases, e.g. writing a truth table. F

r

a more in teresting example, the rst

rder

theory

f

reals with m ultiplication is decidable (T arski 1948). This theory includes man y non trivial problems. In general, note that a system that is c

mplete

and semic

mputable

is also c

mputable.

(This follo ws from a classic theorem in computabilit y theory that if a set and its complemen t are b

th

RE, the set is recursiv e.) John Harrison Univ ersit y

f

Cam bridge, 22 Jan uary 1997

SLIDE 5 Automated Reasoning 5 Do wn to earth Despite these promising facts, t w

similar

problems remain. 1. Ev en if a theory is decidable in principle, the time

r

space usage

f

the decision pro cedure ma y mak e it ineectiv e in practice. This applies to the rst

rder

theory

f

reals, for example. 2. In systems where v alidit y is semic

mputable,

w e just ha v e to k eep searc hing un til w e nd the theorem. This is also impractical in man y cases; t ypically , w e use ingenious tric ks to cut do wn the searc h space. The tric ks are usually dra wn either from lo

king

at human b ehaviour

r

considering the

r

ems fr

m

lo gicians. There w as (is?) still a con tro v ersy

v

er whether the h uman-orien ted `AI' approac h

r

the `logic' approac h is b etter. John Harrison Univ ersit y

f

Cam bridge, 22 Jan uary 1997

SLIDE 6 Automated Reasoning 6 A theorem in geometry One

f

the early successes in automated theorem pro ving (the AI side) w as the pro

f
f

the follo wing theorem: A B C

A

A A A A A A A If the sides AB and AC are equal (i.e. the triangle is isoseles), then the angles AB C and AC B are equal. John Harrison Univ ersit y

f

Cam bridge, 22 Jan uary 1997

SLIDE 7 Automated Reasoning 7 The usual pro

f

The usual pro

f

pro ceeds b y dropping a p erp endicular do wn from the p

in

t A to the side B C , meeting it at a p

in

t D : A B C D

A

A A A A A A A and then using the fact that the triangles AB D and AC D are congruen t. John Harrison Univ ersit y

f

Cam bridge, 22 Jan uary 1997

SLIDE 8 Automated Reasoning 8 The computer's pro

f

The computer found an ingenious pro

f

whic h had b een missed b y most writers

n

geometry (though it had already b een used b y P appus). A B C

A

A A A A A A A Simply , the triangles AB C and AC B are congruen t. Q.E.D. John Harrison Univ ersit y

f

Cam bridge, 22 Jan uary 1997

SLIDE 9 Automated Reasoning 9 The Robbins Conjecture (1) A v ery recen t success in automated reasoning, this time

n

the logic side, w as the pro

f

b y McCune's program EQP

f

the Robbins Conjecture. Hun tington (1933) presen ted the follo wing basis for Bo

lean

algebra: x + y = y + x (x + y ) + z = x + (y + z ) n(n(x) + y ) + n(n(x) + n(y )) = x Shortly thereafter, Herb ert Robbins conjectured that the Hun tington equation can b e replaced with a simpler

ne:

n(n(x + y ) + n(x + n(y ))) = x John Harrison Univ ersit y

f

Cam bridge, 22 Jan uary 1997

SLIDE 10 Automated Reasoning 10 The Robbins Conjecture (2) This conjecture w en t unpro v ed for more that 50 y ears, despite b eing studied b y man y mathematicians, ev en including T arski. It b ecause a p

pular

target for researc hers in automated reasoning. In Ma y 1996, it w as claimed that a pro

f

had b een found automatically using the REVEAL pro v er. Ho w ev er this w as traced to a bug in REVEAL. The in Octob er 1996 a correct pro

f

w as found b y McCune's program EQP . The successful searc h to

k

ab

ut

8 da ys

n

an RS/6000 pro cessor and used ab

ut

30 megab ytes

f

memory . John Harrison Univ ersit y

f

Cam bridge, 22 Jan uary 1997

SLIDE 11 Automated Reasoning 11 Origins

f

mec hanization The idea

f

mec hanizing reasoning in a manner similar to arithmetic calculation is an

ld
ne,

going bac k at least to Hobb es. Reason [. . . ] is nothing but Rec k

ning.

F

r

as Arithmeticians teac h to adde and subtract in numb ers [...] The Logicians teac h the same in consequences

f

w

rds

[...] And as in Arithmetique, unpractised men m ust, and Professors themselv es ma y

ften

erre, and cast up false; so also in an y

ther

sub ject

f

Reasoning the ablest, most atten tiv e, and most practised men, ma y deceiv e themselv es, and inferre false conclusions. Leibniz en visaged a c alculus r atio cinator. First ho w ev er w e need a char acteristic a universalis. John Harrison Univ ersit y

f

Cam bridge, 22 Jan uary 1997

SLIDE 12 Automated Reasoning 12 Dev elopmen t

f

formal logic W e can highligh t sev eral imp

rtan

t phases in the dev elopmen t

f

formal logic.

The

So cratic metho d

Aristotle's

syllogisms

Leibniz's

attempts at a char acteristic a

Bo
le's

algebra

f

logic

F

rege's Be grisschrift

P

eano's F

rmulair

e

Russell

and Whitehead's Principia Mathematic a.

Hilb

ert's programme

Metamathematical

studies (G

del,

T arski, Ch urc h, T uring, . . . ) John Harrison Univ ersit y

f

Cam bridge, 22 Jan uary 1997

SLIDE 13 Automated Reasoning 13 Early computer exp erimen ts The earliest uses

f

computers in theorem pro ving w ere in the late 50s and early 60s. Among the pioneers w ere:

New

ell and Simon (AI)

Gelen

tner's geometry mac hine (AI)

Gilmore

(logical)

W

ang (logical)

Pra

witz (logical) The logical approac h pro v ed successful, but so

n

reac hed its limits. Pra witz's metho d is quite close to mo dern table aux pro v ers. But more p

w

erful metho ds w ere needed. John Harrison Univ ersit y

f

Cam bridge, 22 Jan uary 1997

SLIDE 14 Automated Reasoning 14 More recen t metho ds The t w

most

ecien t general rst

rder

theorem pro ving metho ds w ere in v en ted in the 60s.

Resolution,

in v en ted b y Alan Robinson, is a b

ttom-up,

lo cal, pro

f

metho d based

n

a single, v ery simple, inference rule: p _ q :p q

Mo

del elimination, in v en ted b y Donald Lo v eland, is a top-do wn, global, pro

f

metho d whic h in man y v ersions is quite similar to Prolog. These are still the big t w

metho

ds to da y , represen ted b y SETHEO (from Munic h) and Otter (from Chicago), probably the most p

w

erful general rst

rder

pro v ers at presen t. John Harrison Univ ersit y

f

Cam bridge, 22 Jan uary 1997

SLIDE 15 Automated Reasoning 15 Logical foundations T ableaux, mo del elimination and resolution all rely

n

a n um b er

f

fundamen tal theorems in logic, due to G

del,

Sk

lem,

Gen tzen, Herbrand and

thers.

The most imp

rtan

t is the `uniformit y theorem', also called the Sk

lem-G
del-Herbrand

theorem, whic h states that if: 9x 1 ; : : : ; x n : P [x 1 ; : : : ; x n ] is v alid then there are terms suc h that the follo wing is to

:

P [t 1 1 ; : : : ; t 1 n ] _

_

P [t k 1 ; : : : ; t k n ] This can b e pro v ed either b y seman tic

r

syn tactic means. In the latter v ersion it is prop erly kno wn as Herbrand's theorem. John Harrison Univ ersit y

f

Cam bridge, 22 Jan uary 1997

SLIDE 16 Automated Reasoning 16 Ob viousness A problem with automation is that what h umans and computers nd

b

vious are not the same. F

r

example computers nd: (8x y z : P (x; y ) ^ P (y ; z ) ) P (x; z )) ^ (8x y z : Q(x; y ) ^ Q(y ; z ) ) Q(x; z )) ^ (8x y : Q(x; y ) ) Q(y ; x)) ^ (8x y : P (x; y ) _ Q(x; y )) ) (8x y : P (x; y )) _ (8x y : Q(x; y )) v ery

b

vious, but most p eople need to think ab

ut

it. Con v ersely , most p eople nd McCarth y's `m utilated c hec k erb

ard'
b

vious (when sho wn the tric k) but computers ha v e trouble. Computers are really

rien

ted to w ards `logical'

b

viousness. John Harrison Univ ersit y

f

Cam bridge, 22 Jan uary 1997

SLIDE 17 Automated Reasoning 17 The Bo y er-Mo

re

Pro v er Bo y er and Mo

re's

NQTHM is un usual in that it do esn't w

rk

in pure logic. Instead it uses a v ery simple system

f

`primitiv e recursiv e arithmetic' (Sk

lem,

Go

dstein).

It has the remark able abilit y to do pro

fs

b y induction automatically . These prop erties mak e it m uc h more useful in man y real situations than pro v ers for pure logic. It has b een used for man y impressiv e applications, mainly in v erication, whic h w e consider later. It is fully automatic. Nev ertheless, the user still has to guide it in some w a y b y selecting a sequence

f

lemmas. And there is not m uc h con trol

v

er what it do es. John Harrison Univ ersit y

f

Cam bridge, 22 Jan uary 1997

SLIDE 18 Automated Reasoning 18 In teractiv e theorem pro ving Giv en the limitations

f

automation, wh y not build systems to com bine automation with h uman con trol and guidance? There w ere pioneering attempts in the SAM (semi-automated mathematics) pro ject. Other pioneering pro

f

c hec k ers app eared in the 70s:

A

UTOMA TH (de Bruijn)

Mizar

(T rybulec et al.)

Stanford

LCF (Milner) Ho w ev er, these tended to b e tedious to use. What w as needed w as a b etter mix

f

automation with the man ual con trollabilit y . John Harrison Univ ersit y

f

Cam bridge, 22 Jan uary 1997

SLIDE 19 Automated Reasoning 19 Edin burgh LCF One

f

the most imp

rtan

t dev elopmen ts in theorem pro ving w as the dev elopmen t

f

Edin burgh LCF (Milner et al.) This pro vides lo w-lev el securit y , and at the same time, programmabilit y . The user can write completely arbitrary pro cedures in the ML programming language. A t the same time, inside the mac hine, ev erything happ ens b y simple primitiv e inferences. Man y descendan ts including HOL (Gordon), Isab elle (P aulson), Co q (Huet et al.) and Nuprl (Constable et al.) John Harrison Univ ersit y

f

Cam bridge, 22 Jan uary 1997

SLIDE 20 Automated Reasoning 20 F

rmalized

Mathematics One application

f

theorem pro v ers is to c hec k large b

dies
f

existing mathematics, making them completely formal. P eano started suc h a pro ject with his F

rmulair

e but did not really formalize pr

fs.

Bourbaki seems to b eliev e in formalization `in principle', but not in practice. Ho w ev er with the help

f

the computer w e can actually ac hiev e formalization. The most impressiv e example is the Mizar pro ject. There is a recen t prop

sal

for a QED Pro ject to extend this formalization m uc h further. John Harrison Univ ersit y

f

Cam bridge, 22 Jan uary 1997

SLIDE 21 Automated Reasoning 21 V erication The idea

f

v erication is to mak e sure computer systems (hardw are, soft w are) w

rk

correctly b y formal v erication

f

the design. It is a more systematic approac h than testing. It's imp

rtan

t to understand exactly what this means. 1. The informal requiremen ts 2. F

rmal

sp ecication 3. Mo del

f

the implemen tation 4. Actual implemen tation W e try to link lev els 2 and 3. The connections b et w een 1 and 2 and b et w een 3 and 4 are informal, though w e can try hard to mak e them small. John Harrison Univ ersit y

f

Cam bridge, 22 Jan uary 1997

SLIDE 22 Automated Reasoning 22 Conclusions W e can dra w the follo wing conclusions:

Automated

reasoning is

ne
f

the most in teresting applications

f

sym b

lic

pro cessing. It is also a con trolled testground for ideas from Articial In telligence.

There

is m uc h researc h w aiting to b e done. Man y problems ha v e not b een solv ed and there are man y comp eting and completely dieren t theorem pro v ers in the w

rld.
The

formalization

f

mathematics seems to b e an in teresting pro ject, with particular v alue for education.

It

ma y b e that theorem pro ving is the w a y to mak e the next generation

f

computer systems more reliable. John Harrison Univ ersit y

f

Cam bridge, 22 Jan uary 1997

SLIDE 23 Automated Reasoning 23 P

stscript

A theorem pro v er in 6 lines

f

Prolog (Bec k ert and P

ssega):

prove(Fml,VarLim) :- nonvar(VarLim),!,prove(Fml, [],[ ],[] ,Var Lim ). prove(Fml,Result) :- iterate(VarLim,1,prove(Fm l,[] ,[], [], VarL im), Resu lt). prove_uv(Fml,VarLim) :- nonvar(VarLim),!,prove(F ml,[ ],[] ,[], [], [],V arLi m). prove_uv(Fml,Result) :- iterate(VarLim,1,prove(Fm l,[] ,[], [], [],[ ],Va rLim ),Re sul t). iterate(Current,Current,G

al,

Curr ent) :- nl, write('Limit = '), write(Current),nl, Goal. iterate(VarLim,Current,Go al,R esul t) :- Current1 is Current + 1, iterate(VarLim,Current1,G

al,

Resu lt) . John Harrison Univ ersit y

f

Cam bridge, 22 Jan uary 1997