Structured Induction Proofs in Isabelle/Isar Makarius April 2006 - - PowerPoint PPT Presentation

structured induction proofs in isabelle isar
SMART_READER_LITE
LIVE PREVIEW

Structured Induction Proofs in Isabelle/Isar Makarius April 2006 - - PowerPoint PPT Presentation

Jun 10, 2023 325 likes •588 views

Structured Induction Proofs in Isabelle/Isar Makarius April 2006 1. Motivation 2. The Isabelle/Isar framework 3. The induct method 4. Common induction patterns Motivation Introduction Isabelle/Pure: simple logical framework (models abstract

slide-1
SLIDE 1

Structured Induction Proofs in Isabelle/Isar

Makarius April 2006

  • 1. Motivation
  • 2. The Isabelle/Isar framework
  • 3. The induct method
  • 4. Common induction patterns
slide-2
SLIDE 2

Motivation

slide-3
SLIDE 3

Introduction

Isabelle/Pure: simple logical framework (models abstract syntax and primitive inferences) Isabelle/Isar: framework for human-readable structured proofs (interprets declarative proof texts in terms of Pure concepts) Observation: realistic applications routinely use compound inductive predicates, including

  • local parameters x. . . .
  • local premises A =

⇒ . . .

  • local definitions x ≡ a y
  • simultaneous goals P x & Q y

Motivation 2

slide-4
SLIDE 4

Example: Induction is trivial?

Natural deduction rule: nat-induct: P 0 = ⇒ (n. P n = ⇒ P (Suc n)) = ⇒ P n Canonical Isar proof:

lemma fixes n :: nat shows P n proof (rule nat-induct) show P 0 proof next fix n assume P n show P (Suc n) proof qed

Motivation 3

slide-5
SLIDE 5

Example: Induction is non-trivial!

lemma fixes n :: nat and x :: ′a assumes A n x shows P n x proof − have ∀ x. A n x − → P n x proof (rule nat-induct) show ∀ x. A 0 x − → P 0 x proof fix x show A 0 x − → P 0 x proof assume A 0 x show P 0 x proof qed qed next

Motivation 4

slide-6
SLIDE 6

fix n assume raw-hyp: ∀ x. A n x − → P n x have hyp: Vx. A n x = ⇒ P n x proof − fix x from raw-hyp have A n x − → P n x .. also assume A n x finally show P n x . qed show ∀ x. A (Suc n) x − → P (Suc n) x proof fix x show A (Suc n) x − → P (Suc n) x proof assume prem: A (Suc n) x show P (Suc n) x proof qed qed qed then have A n x − → P n x .. also note A n x finally show P n x .

Motivation 5

slide-7
SLIDE 7

qed

Motivation 6

slide-8
SLIDE 8

Discussion

Anything wrong with Isabelle/Isar?

  • Primitive natural deduction exhibits many details.
  • Object-level connectives ∀ , −

→ demand extra work.

  • “. . . , but this can be automated.” (Really?)

Other systems:

  • Old-style Isabelle tactic scripts often refer to adhoc automation,

e.g. [rule-format], (intro strip), blast.

  • Coq induction seems to be slightly better: full proof context may

participate in the induction. Proper Isar approach: → Natural Induction as specific Isar proof method. → Sane proof structure instead of ad-hoc automation.

Motivation 7

slide-9
SLIDE 9

Example: Induction is trivial!

lemma fixes n :: nat and x :: ′a assumes A n x shows P n x using A n x proof (induct n fixing: x) case 0 from A 0 x show P 0 x proof next case (Suc n) from Vx. A n x = ⇒ P n x and A (Suc n) x show P (Suc n) x proof qed

Motivation 8

slide-10
SLIDE 10

The Isabelle/Isar framework

slide-11
SLIDE 11

Pure logic

⇒ function type constructor :: (α ⇒ prop) ⇒ prop universal quantifier = ⇒ :: prop ⇒ prop ⇒ prop implication [x] . . . . B(x)

  • x. B(x) (I )
  • x. B(x)

B(a) (E) [A] . . . . B A = ⇒ B (= ⇒I ) A = ⇒ B A B (= ⇒E) ≡ :: α ⇒ α ⇒ prop equality (αβη-conversion) & :: prop ⇒ prop ⇒ prop ephemeral conjunction

The Isabelle/Isar framework 10

slide-12
SLIDE 12

Isar contexts

Idea: elaborate Γ of natural deduction judgments Γ ⊢ ϕ.

{ fix x have B x proof } note Vx. B x { def x ≡ a have B x proof } note B a { assume A have B proof } note A = ⇒ B {

  • btain x where A x proof

have B proof } note B

Abbreviations: case (a x) invokes context expression a being defined in the context

The Isabelle/Isar framework 11

slide-13
SLIDE 13

Isar proofs

Idea: interpretation of algebraic expressions of facts/goals/rules.

have A ∧ B proof (rule A = ⇒ B = ⇒ A ∧ B) show A proof show B proof qed have A proof then have A ∧ B proof (rule A = ⇒ B = ⇒ A ∧ B) show B proof qed have A and B proof then have A ∧ B by (rule A = ⇒ B = ⇒ A ∧ B)

The Isabelle/Isar framework 12

slide-14
SLIDE 14

The induct method

slide-15
SLIDE 15

Method syntax

Idea: sophisticated wrapper for Pure rule method. Method format: facts (induct insts fixing: vars rule: rule)

  • facts: current facts passed to any Isar method (cf. then, using)
  • insts: induction variables x, optionally with definition x ≡ a
  • vars: fixed variables
  • rule: actual induction rule

Note: all arguments are optional.

The induct method 14

slide-16
SLIDE 16

Method operations (1)

  • 1. context: declare local defs for defined induction variables x ≡ a
  • 2. rule: apply insts according to conclusion P x y z
  • 3. rule: expand defs in major premises
  • 4. rule: consume prefix of facts according to major premises
  • 5. goal: insert remaining facts and defs
  • 6. goal: closeup fixed variables, using (x. B x) =

⇒ B a

  • 7. goal: internalize /=

⇒/≡ into the object-logic

  • 8. rule: unify conclusion against goal (→ fully-instantiated rule)
  • 9. rule: carefully recover internalized /=

⇒/≡ in the inductive cases

  • 10. context: extract inductive cases from rule (for case)
  • 11. context: discharge defs
  • 12. goal: apply fully-instantiated rule

The induct method 15

slide-17
SLIDE 17

Method operations (2) — simultaneous goals

  • 1. goal: internalize A & B into object-logic
  • 2. goal: apply induction rule
  • 3. goal: recover A & B and apply congruences wrt. /=

  • 4. goal: eliminate & by currying
  • 5. context: extract nested cases, numbered for each conjunct

Observation: induct has its complexities, but is algorithmic — no automated reasoning here!

The induct method 16

slide-18
SLIDE 18

Common induction patterns

slide-19
SLIDE 19

Local premises and parameters

lemma fixes n :: nat and x :: ′a assumes A n x shows P n x using A n x proof (induct n fixing: x) case 0 note prem = A 0 x show P 0 x proof next case (Suc n) note hyp = Vx. A n x = ⇒ P n x and prem = A (Suc n) x show P (Suc n) x proof qed

Common induction patterns 18

slide-20
SLIDE 20

Local definitions

lemma fixes a :: ′a ⇒ nat assumes A (a x) shows P (a x) using A (a x) proof (induct n ≡ a x fixing: x) case 0 note prem = A (a x) and def = 0 = a x show P (a x) proof next case (Suc n) note hyp = Vx. A (a x) = ⇒ n = a x = ⇒ P (a x) and prem = A (a x) and def = Suc n = a x show P (a x) proof qed

Common induction patterns 19

slide-21
SLIDE 21

Simultaneous goals

lemma fixes n :: nat shows Vx:: ′a. A n x = ⇒ P n x and Vy:: ′b. B n y = ⇒ Q n y proof (induct n) case 0 { case 1 note prem = A 0 x show P 0 x proof } { case 2 note prem = B 0 y show Q 0 y proof } next case (Suc n) note hyps = Vx. A n x = ⇒ P n x Vy. B n y = ⇒ Q n y then have some-interemediate-result proof

Common induction patterns 20

slide-22
SLIDE 22

{ case 1 note prem = A (Suc n) x show P (Suc n) x proof } { case 2 note prem = B (Suc n) y show Q (Suc n) y proof } qed

Common induction patterns 21

slide-23
SLIDE 23

Conclusion

slide-24
SLIDE 24

Stocktaking

  • Isabelle/Isar framework is sufficiently flexible to support domain

specific proof patterns

  • Minimal requirements on induction rule format, possible extensions

include: – nominal induction: additional “freshness” context (nominal-induct x avoiding: a b c fixing: u v) – coinduction: dualized version (not fully implemented yet) (coinduct x fixing: u v)

  • Further examples: cf. POPLmark solutions by Berghofer (induct),

and Urban (nominal-induct)

  • Paper available: http://isabelle.in.tum.de/Isar/Isar-induct.pdf

Conclusion 23