L AST T IME ON HOL ➜ Proof rules for propositional and predicate logic ➜ Safe and unsafe rules NICTA Advanced Course ➜ Forward Proof Theorem Proving ➜ The Epsilon Operator Slide 1 Slide 3 Principles, Techniques, Applications ➜ Some automation HOL C ONTENT ➜ Intro & motivation, getting started with Isabelle ➜ Foundations & Principles • Lambda Calculus • Higher Order Logic, natural deduction • Term rewriting Slide 2 Slide 4 D EFINING H IGHER O RDER L OGIC ➜ Proof & Specification Techniques • Datatypes, recursion, induction • Inductively defined sets, rule induction • Calculational reasoning, mathematics style proofs • Hoare logic, proofs about programs L AST T IME ON HOL 1 W HAT IS H IGHER O RDER L OGIC ? 2
W HAT IS H IGHER O RDER L OGIC ? H IGHER O RDER A BSTRACT S YNTAX Problem: Define syntax for binders like ∀ , ∃ , ε ➜ Propositional Logic: • no quantifiers One approach: ∀ :: var ⇒ term ⇒ bool • all variables have type bool Drawback: need to think about substitution, α conversion again. ➜ First Order Logic: • quantification over values, but not over functions and predicates, Slide 5 Slide 7 But: Already have binder, substitution, α conversion in meta logic • terms and formulas syntactically distinct λ ➜ Higher Order Logic: • quantification over everything, including predicates • consistency by types So: Use λ to encode all other binders. • formula = term of type bool • definition built on λ → with certain default types and constants D EFINING H IGHER O RDER L OGIC H IGHER O RDER A BSTRACT S YNTAX Default types: Example: bool ind ⇒ ALL :: ( α ⇒ bool ) ⇒ bool ➜ bool sometimes called o HOAS usual syntax Slide 6 Slide 8 ➜ ⇒ sometimes called fun ALL ( λx. x = 2) ∀ x. x = 2 ALL P ∀ x. P x Default Constants: :: bool ⇒ bool ⇒ bool − → Isabelle can translate usual binder syntax into HOAS. = :: α ⇒ α ⇒ bool ǫ :: ( α ⇒ bool ) ⇒ α H IGHER O RDER A BSTRACT S YNTAX 3 S IDE T RACK : S YNTAX D ECLARATIONS IN I SABELLE 4
S IDE T RACK : S YNTAX D ECLARATIONS IN I SABELLE T HE A XIOMS OF HOL � x. f x = g x ➜ mixfix: s = t P s consts drvbl :: ct ⇒ ct ⇒ fm ⇒ bool (” , ”) ⊢ ( λx. f x ) = ( λx. g x ) ext subst t = t refl P t Legal syntax now: Γ , Π ⊢ F P = ⇒ Q P − → Q P ➜ priorities: mp → Q impI P − Q pattern can be annotated with priorities to indicate binding strength Example: drvbl :: ct ⇒ ct ⇒ fm ⇒ bool (” , ⊢ ” [30 , 0 , 20] 60) → ( P = Q ) iff Slide 9 Slide 11 ( P − → Q ) − → ( Q − → P ) − ➜ infixl/infixr : short form for left/right associative binary operators Example: or :: bool ⇒ bool ⇒ bool ( infixr ” ∨ ” 30) P = True ∨ P = False True or False ➜ binders: declaration must be of the form P ? x P ( SOME x. P x ) someI c :: ( τ 1 ⇒ τ 2 ) ⇒ τ 3 ( binder ” B ” < p > ) B x. P x translated into c P (and vice versa) ∃ f :: ind ⇒ ind. inj f ∧ ¬ surj f infty Example ALL :: ( α ⇒ bool ) ⇒ bool ( binder ” ∀ ” 10) More (including pretty printing) in Isabelle Reference Manual (7.3) B ACK TO HOL T HAT ’ S IT . Base: bool , ⇒ , ind = , − → , ε ➜ 3 basic constants And the rest is definitions: ➜ 3 basic types True ≡ ( λx :: bool. x ) = ( λx. x ) ➜ 9 axioms All P ≡ P = ( λx. True ) With this you can define and derive all the rest. Ex P ≡ ∀ Q. ( ∀ x. P x − → Q ) − → Q Slide 10 Slide 12 False ≡ ∀ P. P ¬ P ≡ P − → False Isabelle knows 2 more axioms: P ∧ Q ≡ ∀ R. ( P − → Q − → R ) − → R ≡ ∀ R. ( P − → R ) − → ( Q − → R ) − x = y P ∨ Q → R ( THE x. x = a ) = a the eq trivial x ≡ y eq reflection If P x y ≡ SOME z. ( P = True − → z = x ) ∧ ( P = False − → z = y ) ≡ ∀ x y. f x = f y − → x = y inj f ≡ ∀ y. ∃ x. y = f x surj f T HE A XIOMS OF HOL 5 6
T RUE consts True :: bool True ≡ ( λx :: bool. x ) = ( λx. x ) Intuition: right hand side is always true Slide 13 Slide 15 D EMO : T HE D EFINITIONS IN I SABELLE Proof Rules : True TrueI Proof : ( λx :: bool. x ) = ( λx. x ) refl unfold True def True D ERIVING P ROOF R ULES In the following, we will ➜ look at the definitions in more detail ➜ derive the traditional proof rules from the axioms in Isabelle Convenient for deriving rules: named assumptions in lemmas Slide 14 Slide 16 D EMO lemma [ name :] assumes [ name 1 :] ” < prop > 1 ” assumes [ name 2 :] ” < prop > 2 ” . . . shows ” < prop > ” < proof > proves: [ [ < prop > 1 ; < prop > 2 ; . . . ] ] = ⇒ < prop > T RUE 7 U NIVERSIAL Q UANTIFIER 8
U NIVERSIAL Q UANTIFIER N EGATION consts ALL :: ( α ⇒ bool ) ⇒ bool consts Not :: bool ⇒ bool ( ¬ ) ALL P ≡ P = ( λx. True ) ¬ P ≡ P − → False Intuition: ➜ ALL P is Higher Order Abstract Syntax for ∀ x. P x . Intuition: ➜ P is a function that takes an x and yields a truth values. Try P = True and P = False and the traditional truth table for − → . ➜ ALL P should be true iff P yields true for all x , i.e. Slide 17 Slide 19 if it is equivalent to the function λx. True. Proof Rules : Proof Rules : A = ⇒ False ¬ A A notI notE � x. P x ¬ A P P ? x = ∀ x. P x ⇒ R ∀ x. P x allI allE R Proof : Isabelle Demo Proof : Isabelle Demo F ALSE E XISTENTIAL Q UANTIFIER consts EX :: ( α ⇒ bool ) ⇒ bool consts False :: bool EX P ≡ ∀ Q. ( ∀ x. P x − → Q ) − → Q False ≡ ∀ P.P Intuition: Intuition: ➜ EX P is HOAS for ∃ x. P x . (like ∀ ) ➜ Right hand side is characterization of ∃ with ∀ and − Everything can be derived from False . → ➜ Note that inner ∀ binds wide: ( ∀ x. P x − → Q ) Slide 18 Slide 20 ➜ Remember lemma from last time: Proof Rules : False ( ∀ x. P x − → Q ) = (( ∃ x. P x ) − → Q ) FalseE P True � = False Proof Rules : � x. P x = ∃ x. P x ⇒ R P ? x ∃ x. P x exI exE R Proof : Isabelle Demo Proof : Isabelle Demo N EGATION 9 C ONJUNCTION 10
C ONJUNCTION I F -T HEN -E LSE consts And :: bool ⇒ bool ⇒ bool ( ∧ ) consts If :: bool ⇒ α ⇒ α ⇒ α ( if then else ) P ∧ Q ≡ ∀ R. ( P − → Q − → R ) − → R If P x y ≡ SOME z. ( P = True − → z = x ) ∧ ( P = False − → z = y ) Intuition: Intuition: ➜ Mirrors proof rules for ∧ ➜ for P = True , right hand side collapses to SOME z. z = x Slide 21 Slide 23 ➜ Try truth table for P , Q , and R ➜ for P = False , right hand side collapses to SOME z. z = y Proof Rules : Proof Rules : A ∧ B [ [ A ; B ] ] = ⇒ C if True then s else t = s ifTrue if False then s else t = t ifFalse A B A ∧ B conjI conjE C Proof : Isabelle Demo Proof : Isabelle Demo D ISJUNCTION consts Or :: bool ⇒ bool ⇒ bool ( ∨ ) P ∨ Q ≡ ∀ R. ( P − → R ) − → ( Q − → R ) − → R Intuition: ➜ Mirrors proof rules for ∨ (case distinction) Slide 22 Slide 24 T HAT WAS HOL ➜ Try truth table for P , Q , and R Proof Rules : A B A ∨ B A = ⇒ C B = ⇒ C A ∨ B disjI1/2 disjE A ∨ B C Proof : Isabelle Demo I F -T HEN -E LSE 11 M ORE ON A UTOMATION 12
M ORE ON A UTOMATION W E HAVE LEARNED TODAY ... Last time : safe and unsafe rule, heuristics: use safe before unsafe This can be automated ➜ Defining HOL ➜ Higher Order Abstract Syntax Syntax : ➜ Deriving proof rules [ < kind > !] for safe rules ( < kind > one of intro, elim, dest) [ < kind > ] for unsafe rules ➜ More automation Slide 25 Slide 27 Application (roughly): do safe rules first, search/backtrack on unsafe rules only Example: declare attribute globally declare conjI [intro!] allE [elim] remove attribute gloabllay declare allE [rule del] use locally apply (blast intro: someI) delete locally apply (blast del: conjI) E XERCISES ➜ derive the classical contradiction rule ( ¬ P = ⇒ False ) = ⇒ P in Isabelle ➜ define nor and nand in Isabelle ➜ show nor x x = nand x x ➜ derive safe intro and elim rules for them Slide 26 Slide 28 D EMO : A UTOMATION ➜ use these in an automated proof of nor x x = nand x x W E HAVE LEARNED TODAY ... 13 E XERCISES 14
Recommend
More recommend
