[PDF] - First Order Logic in Practice 1 First Order Logic in PDF Document

SLIDE 1 First Order Logic in Practice 1 First Order Logic in Practice John Harrison Univ ersit y

f

Cam bridge http://www.cl.cam.ac.u k/u ser s/j rh/

Bac

kground: in teraction and automation

Wh

y do w e need rst

rder

automation?

First
rder

automation for ric her logics

Whic

h problems arise in practice?

Do

the existing metho ds w

rk?
Final

remarks John Harrison Univ ersit y

f

Cam bridge, 27 Octob er 1997

SLIDE 2 First Order Logic in Practice 2 The sp ectrum

f

theorem pro v ers A UTOMA TH (de Bruijn) Stanford LCF (Milner) Mizar (T rybulec) . . . . . . PVS (Owre, Rush b y , Shank ar) . . . . . . SETHEO (Letz et al.) Otter (McCune) John Harrison Univ ersit y

f

Cam bridge, 27 Octob er 1997

SLIDE 3 First Order Logic in Practice 3 In teraction plus Automation It's a v ery natural idea for in teractiv e theorem pro v ers to include automation for lling in the in termediate steps. The idea go es bac k at least to the SAM (semi-automated mathematics) pro ject in the late 60s. No w ada ys man y

f

the leading in teractiv e systems include automation. There are man y dieren t asp ects

f

reasoning that ma y b e automated, e.g.

Pure

logic (rst/higher

rder

with/without equalit y)

Linear

arithmetic (or nonlinear arithmetic)

Algebraic

simplication

Rewriting,

completion and

ther

equalit y reasoning

Inductiv

e pro

fs

John Harrison Univ ersit y

f

Cam bridge, 27 Octob er 1997

SLIDE 4 First Order Logic in Practice 4 What kind

f

automation? Dieren t in teractiv e systems tend to fo cus

n

some

f

these in particular, b ecause they are considered more imp

rtan

t and/or easier to implemen t. F

r

example:

Isab

elle | mainly automation

f

logical and equalit y reasoning. No decision pro cedures for arithmetic.

PVS

| decision pro cedures for imp

rtan

t theories suc h as linear arithmetic, tigh tly coupled using congruence closure. Minimal supp

rt

for pure logic.

HOL

| automation for logical and equalit y reasoning and linear arithmetic, as w ell as Bo y er-Mo

re

st yle automation

f

induction pro

fs.

But minimal in tegration

f

these dieren t pro v ers. Whic h are really the most imp

rtan

t? John Harrison Univ ersit y

f

Cam bridge, 27 Octob er 1997

SLIDE 5 First Order Logic in Practice 5 Logical v theory reasoning (1) The simple answ er is that all

f

these can b e imp

rtan

t, some more than

thers,

dep ending

n

the application. Dieren t applications migh t include: 1. F

rmalizing

abstract algebra (e.g. general results ab

ut

comm utativ e rings) 2. F

rmalizing

more concrete mathematics (e.g. particular T a ylor expansions) 3. V erifying abstract system mo dels (e.g. securit y proto cols) 4. V erifying concrete system mo dels (e.g.

ating

p

in

t arithmetic) F

r

example, logical reasoning is t ypically more imp

rtan

t for (1) and (3), algebraic simplication for (2) and linear arithmetic for (4). Of course, these are just v ague general rules. John Harrison Univ ersit y

f

Cam bridge, 27 Octob er 1997

SLIDE 6 First Order Logic in Practice 6 Logical v theory reasoning (2) But w e can in general sa y that automating theory reasoning is more imp

rtan

t. Wh y?

Explicit

pro

fs
f,

sa y , facts

f

linear arithmetic (e.g. jx

y

j

jjxj
jy

jj) tend to b e almost un b earably dull and tedious.

The

logical reasoning in an argumen t is usually relativ ely in teresting, and fairly simple. Our

wn

recen t w

rk

b ears this

ut

| w e use b

th

logical and theory reasoning but w

uld

m uc h prefer to giv e up the former than the latter. Wh y , then, should w e b e in terested in logical automation? W ell, ev en if it's not the most useful form, it is still useful. But there is a deep er reason wh y logical automation is particularly signican t. John Harrison Univ ersit y

f

Cam bridge, 27 Octob er 1997

SLIDE 7 First Order Logic in Practice 7 A Declarativ e Pro

f

St yle W e ha v e said that the logical structures

f

t ypical theorems are reasonably simple and in teresting. Ho w ev er sometimes the precise c horeographing

f

logical steps is quite tedious when

ne

theorem `ob viously' follo ws from a giv en set

f

premisses. Mizar allo ws the user merely to state the premisses, and nds the pro

f

itself, using an

ptimized

sp ecial case

f

tableaux as w ell as simple tec hniques for equalit y reasoning. This

p

ens up the p

ssibilit

y

f

stating pro

fs

in a m uc h less prescriptiv e and more de clar ative st yle, whic h arguably leads to a n um b er

f

adv an tages in readabilit y , main tainabilit y and indeed writabilit y . The same adv an tages can b e had in man y

ther

in teractiv e systems, giv en adequate logical automation. John Harrison Univ ersit y

f

Cam bridge, 27 Octob er 1997

SLIDE 8 First Order Logic in Practice 8 Ric her logics Man y

f

the leading in teractiv e systems lik e HOL and PVS are based

n

a higher-order logic. It w

uld

seem that w e need to automate higher

rder

logic, as in Andrews's system TPS, not rst

rder

logic. Ideally y es, but (empirically) rst

rder

automation is sucien t for man y

f

the problems that arise in practice, using the w ell-kno wn mec hanical reduction

f

higher

rder

to rst

rder

logic. First

rder

logic has the adv an tage that there are w ell engineered `o-the-shelf ' tec hniques (and systems) to handle it. John Harrison Univ ersit y

f

Cam bridge, 27 Octob er 1997

SLIDE 9 First Order Logic in Practice 9 HOL to F OL There are some signican t c hoices in the reduction

f

higher

rder

to rst

rder

logic.

Ho

w to deal with higher

rder

features suc h as lam b da abstractions. A translation

f

P [ x: t[x]] to 8f : (8x: f (x) = t[x]) ) P [f ]?

Ho

w to cop e with the p

lymorphic

t yp es used in sev eral higher

rder

theorem pro v ers. Preserv e the t yp e information

r

thro w it a w a y? Ho w do w e ensure soundness?

Ho

w to reduce the problem to the normal form required b y the rst

rder

pro v er. F

r

example, there are man y dieren t w a ys

f

splitting up the problem in to subproblems.

Ho

w to handle equalit y reasoning, whic h is v ery imp

rtan

t in practice. Naiv e equalit y axioms? Brand's transformation? P aramo dulation in the rst

rder

pro v er? John Harrison Univ ersit y

f

Cam bridge, 27 Octob er 1997

SLIDE 10 First Order Logic in Practice 10 Practical Problems T raditionally , rst

rder

pro v ers ha v e b een used for elegan t examples in relativ ely simple axiomatic systems. Often the set

f

axioms, and ev en their form ulation, is pic k ed v ery carefully . The curren t test suites for rst

rder

pro v ers, e.g. TPTP , tend to reect this bias. The problems w e need to solv e in

ur

w

rk

tend to b e dieren t. They are sometimes (not alw a ys) shallo w, but in v

lv

e relativ ely big and in tricate terms, and large amoun ts

f

irrelev an t information. W e suggest compiling a new list

f

problems from real applications

f

rst

rder

reasoning. It w

uld

b e p

ssible

to do this semi-automatically . W e ha v e already compiled a list

f

a few h undred examples from

ur
wn

w

rk.

Preparing a TPTP-st yle public test suite w

uld

b e quite p

ssible,
r

adding them to the new F OF suite. John Harrison Univ ersit y

f

Cam bridge, 27 Octob er 1997

SLIDE 11 First Order Logic in Practice 11 Do existing metho ds w

rk?

But there w

uld

b e little p

in

t in making dieren t test suites unless they demanded signican tly dieren t qualities in a pro v er. There is

ne
b

vious dierence: w e w an t to solv e routine problems quickly, rather than v ery hard problems in hours

r

da ys. Moreo v er,

ur

problems ma y test the sensitivit y

f

systems to v ery large terms, ev en when those terms are irrelev an t to the pro

f,

and the abilit y to discriminate among a large database

f

axioms. Systematic testing

f

dieren t systems

n
ur

problems w

uld

b e in teresting, but w e ha v en't done this y et. W e use a v ersion

f

MESON (see CADE-13 pap er). One in teresting p

in

t has come to ligh t: w e nd that

n

a v erage, naiv e equalit y axioms are b etter than Brand's transformation. Apparen tly

n