the lcf approach to theorem proving
play

The LCF Approach to Theorem Proving John Harrison Intel - PDF document

Nov 22, 2022 •181 likes •375 views

The LCF Approach to Theorem Proving 1 The LCF Approach to Theorem Proving John Harrison Intel Corporation Ideas and historical context Key ideas of LCF Equational logic example More about HOL Light Programming example John

  1. The LCF Approach to Theorem Proving 1 The LCF Approach to Theorem Proving John Harrison Intel Corporation • Ideas and historical context • Key ideas of LCF • Equational logic example • More about HOL Light • Programming example John Harrison Intel Corporation, 12 September 2001

  2. The LCF Approach to Theorem Proving 2 Key ideas Despite decades of steady progress in automated theorem proving, there are still difficulties in tackling many real-world problems in mathematics and verification. There’s a need to: • Organize and use large body of knowledge • Make use both of pure logical deduction and special decision methods • Have a reasonable level of assurance that proofs are indeed correct LCF is an approach to the design of theorem proving programs that attempts to satisfy these needs. John Harrison Intel Corporation, 12 September 2001

  3. The LCF Approach to Theorem Proving 3 Historical context Most early theorem provers were fully automatic, even though there were several different approaches: • Pure logical deduction (Gilmore, Wang, Prawitz) • Special decision methods (Davis) • Human-oriented AI style approaches (Newell-Simon, Gelerntner) John Harrison Intel Corporation, 12 September 2001

  4. The LCF Approach to Theorem Proving 4 Interactive theorem proving The idea of a more ‘interactive’ approach was already anticipated by pioneers, e.g. Wang (1960): [...] the writer believes that perhaps machines may more quickly become of practical use in mathematical research, not by proving new theorems, but by formalizing and checking outlines of proofs, say, from textbooks to detailed formalizations more rigorous that Principia [Mathematica], from technical papers to textbooks, or from abstracts to technical papers. John Harrison Intel Corporation, 12 September 2001

  5. The LCF Approach to Theorem Proving 5 Early interactive systems Some ‘interactive’ systems were really batch-oriented proof checkers, e.g. • AUTOMATH (de Bruijn et al.) • Mizar (Trybulec et al.) • Stanford LCF (Milner) Others like the SAM series (Guard et al.) were truly interactive: Semi-automated mathematics [...] seeks to combine automatic logic routines [with] human intervention in the form of control and guidance. John Harrison Intel Corporation, 12 September 2001

  6. The LCF Approach to Theorem Proving 6 Edinburgh LCF The LCF approach started in the mid/late 1970s with Edinburgh LCF (Milner et al.) The name LCF comes from the logic implemented in that project, namely Scott’s “Logic of Computable Functions” However, the key LCF approach is applicable to any logic. There are now various LCF descendants, e.g. • Nuprl (Constable et al., Martin-L¨ of type theory) • HOL (Gordon et al., classical higher order logic) • Coq (Coquand, Huet et al., the Calculus of Constructions) John Harrison Intel Corporation, 12 September 2001

  7. The LCF Approach to Theorem Proving 7 Basic LCF ideas The key ideas behind the LCF approach are as follows: • Have a special abstract type thm of ‘theorems’ • Make the constructors of the abstract type the inference rules of the logical system • Implement the system in a strongly-typed high-level language The ML family of programming languages (CAML, Objective CAML, Standard ML) are all descended from the programming language designed in the LCF project. John Harrison Intel Corporation, 12 September 2001

  8. The LCF Approach to Theorem Proving 8 The advantages of LCF The abstract type supported by strong typing in the implementation language enforces logical correctness: everything of type thm has really been proved. Yet proofs do not need to be explicitly generated, still less stored. The embedding in a full programming language allows the user to implement more sophisticated derived rules that decompose to the primitives, without compromising soundness. Thus, proof can be conducted at a much higher level than in a simple proof checker. John Harrison Intel Corporation, 12 September 2001

  9. The LCF Approach to Theorem Proving 9 Fully-expansive decision procedures How can we code sophisticated derived rules that decompose to primitives? At first sight this might seem hopelessly inefficient. • Represent inference steps as object-level theorems • Separate search from inference Many useful decision procedures can be coded in this manner, without unacceptable slowness. For example, HOL has linear arithmetic, tautology checking and model elimination. Other things, like explicit arithmetic with very large numbers, or the BDD-based fixpoint calculations in model checking, seem more challenging. John Harrison Intel Corporation, 12 September 2001

  10. The LCF Approach to Theorem Proving 10 LCF-style prover for equational logic We start with an abstract type signature: module type Birkhoff = sig type thm val axiom : formula -> thm val inst : (string, term) func -> thm -> thm val refl : term -> thm val sym : thm -> thm val trans : thm -> thm -> thm val cong : string -> thm list -> thm val dest_thm : thm -> formula list * formula end;; This identifies the basic inference rules of equational logic as the only type constructors. John Harrison Intel Corporation, 12 September 2001

  11. The LCF Approach to Theorem Proving 11 Implementation of primitive rules The following is the core’s implementation: module Proven : Birkhoff = struct type thm = formula list * formula let axiom p = match p with Atom("=",[s;t]) -> ([p],p) | _ -> failwith "axiom: not an equation" let inst i (asm,p) = (asm,formsubst i p) let refl t = ([],Atom("=",[t;t])) let sym (asm,Atom("=",[s;t])) = (asm,Atom("=",[t;s])) let trans (asm1,Atom("=",[s;t])) (asm2,Atom("=",[t’;u])) = if t’ = t then (union asm1 asm2,Atom("=",[s;u])) else failwith "trans: theorems don’t match up" let cong f ths = let asms,eqs = unzip(map (fun (asm,Atom("=",[s;t])) -> asm,(s,t)) ths) in let ls,rs = unzip eqs in (unions asms,Atom("=",[Fn(f,ls);Fn(f,rs)])) let dest_thm th = th end;; John Harrison Intel Corporation, 12 September 2001

  12. The LCF Approach to Theorem Proving 12 A simple derived rule We can implement repeated rewriting at depth: let conclusion th = snd(dest_thm th);; let rewrite1 eq t = match conclusion eq with Atom("=",[l;r]) -> inst (term_match l t) eq | _ -> failwith "rewrite1";; let thenc conv1 conv2 t = let th1 = conv1 t in let th2 = conv2 (rhs(conclusion th1)) in trans th1 th2;; let rec depth fn tm = try (thenc fn (depth fn)) tm with Failure _ -> match tm with Var x -> refl tm | Fn(f,args) -> let th = cong f (map (depth fn) args) in if rhs(conclusion th) = tm then th else trans th (depth fn (rhs(conclusion th)));; Similarly, Knuth-Bendix completion etc... John Harrison Intel Corporation, 12 September 2001

  13. The LCF Approach to Theorem Proving 13 More about HOL Light HOL Light is a member of the family of provers descended from Mike Gordon’s HOL system. An LCF-style implementation of classical higher-order logic with object-logic polymorphism. HOL Light is written in CAML Light and is intended to be a cleaner, more rational implementation. The system includes a number of derived rules for automated theorem proving of various kinds and a reasonable body of pre-proved mathematics. Used at Intel to formally verify floating-point algorithms. John Harrison Intel Corporation, 12 September 2001

  14. The LCF Approach to Theorem Proving 14 HOL Light primitive rules (1) ⊢ t = t REFL Γ ⊢ s = t ∆ ⊢ t = u TRANS Γ ∪ ∆ ⊢ s = u Γ ⊢ s = t ∆ ⊢ u = v MK COMB Γ ∪ ∆ ⊢ s ( u ) = t ( v ) Γ ⊢ s = t Γ ⊢ ( λx. s ) = ( λx. t ) ABS ⊢ ( λx. t ) x = t BETA John Harrison Intel Corporation, 12 September 2001

  15. The LCF Approach to Theorem Proving 15 HOL Light primitive rules (2) { p } ⊢ p ASSUME Γ ⊢ p = q ∆ ⊢ p EQ MP Γ ∪ ∆ ⊢ q Γ ⊢ p ∆ ⊢ q (Γ − { q } ) ∪ (∆ − { p } ) ⊢ p = q DEDUCT ANTISYM RULE Γ[ x 1 , . . . , x n ] ⊢ p [ x 1 , . . . , x n ] INST Γ[ t 1 , . . . , t n ] ⊢ p [ t 1 , . . . , t n ] Γ[ α 1 , . . . , α n ] ⊢ p [ α 1 , . . . , α n ] Γ[ γ 1 , . . . , γ n ] ⊢ p [ γ 1 , . . . , γ n ] INST TYPE John Harrison Intel Corporation, 12 September 2001

  16. The LCF Approach to Theorem Proving 16 Example of programming In verifying certain floating-point square root algorithms for the Intel Itanium T M processor, we have the following situation: • We can analytically verify correctness for the vast majority of input numbers • Certain ‘difficult cases’ are hard to deal with using the same methods • The difficult cases can be enumerated as the solution of certain diophantine equations. Specifically, the equations are all of the form 2 p m = k 2 + d for small integers d and fixed p , giving the floating-point mantissa m . John Harrison Intel Corporation, 12 September 2001

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

On Theorem Proving for Program Checking Historical perspective and recent developments Maria

On Theorem Proving for Program Checking Historical perspective and recent developments Maria

Outline Introduction Where is theorem proving in program checking Inside theorem proving Big and little engines together: a new theorem proving style Decision procedures with speculative inferences Current and future challenges On Theorem

944 views • 69 slides
Visual theorem proving with the Incredible Proof Machine The idea Theorem Proving without

Visual theorem proving with the Incredible Proof Machine The idea Theorem Proving without

Interactive Theorem Proving, Nancy August 22, 2016 Joachim Breitner Karlsruhe Institute of Technology University of Pennsylvania, Philadelphia Visual theorem proving with the Incredible Proof Machine The idea Theorem Proving without Syntax

579 views • 43 slides
Automated Theorem Proving 1/4: Introduction and Propositional Theorem Proving A.L. Lamprecht

Automated Theorem Proving 1/4: Introduction and Propositional Theorem Proving A.L. Lamprecht

Automated Theorem Proving 1/4: Introduction and Propositional Theorem Proving A.L. Lamprecht Course Program Semantics and Verfication 2020, Utrecht University September 21, 2020 Lecture Notes Automated Reasoning by Gerard A.W. Vreeswijk.

609 views • 40 slides
Automated Theorem Proving 2/4: First-Order Theorem Proving A.L. Lamprecht Course Program

Automated Theorem Proving 2/4: First-Order Theorem Proving A.L. Lamprecht Course Program

Automated Theorem Proving 2/4: First-Order Theorem Proving A.L. Lamprecht Course Program Semantics and Verfication 2020, Utrecht University September 23, 2020 Lecture Notes Automated Reasoning by Gerard A.W. Vreeswijk. Available for

1.03k views • 54 slides
Theorem-Proving Environments Nathan Ng CSC2547: Learning to Search Theorem Proving What is a

Theorem-Proving Environments Nathan Ng CSC2547: Learning to Search Theorem Proving What is a

Theorem-Proving Environments Nathan Ng CSC2547: Learning to Search Theorem Proving What is a theorem? Statement proven based on basis of previously established statements Premise: If I attend UofT, I am a student Premise: I attend

375 views • 25 slides
Artificial Intelligence in Theorem Proving Cezary Kaliszyk VTSA Overview Last Lecture theorem

Artificial Intelligence in Theorem Proving Cezary Kaliszyk VTSA Overview Last Lecture theorem

Artificial Intelligence in Theorem Proving Cezary Kaliszyk VTSA Overview Last Lecture theorem proving problems premise selection deep learning for theorem proving state estimation Today automated reasoning learning in classical ATPs

1.18k views • 97 slides
A Parallelized Theorem Prover for Interactive Theorem Proving David L. Rager, Warren A. Hunt Jr.,

A Parallelized Theorem Prover for Interactive Theorem Proving David L. Rager, Warren A. Hunt Jr.,

Introduction Parallelism Primitives Parallelizing ACL2 Evaluate Approach Conclusion A Parallelized Theorem Prover for Interactive Theorem Proving David L. Rager, Warren A. Hunt Jr., and Matt Kaufmann ragerdl@defthm.com, hunt@cs.utexas.edu,

835 views • 59 slides
Health Warning Principles, Techniques, Applications Theorem Proving is addictive Gerwin Klein

Health Warning Principles, Techniques, Applications Theorem Proving is addictive Gerwin Klein

W HAT YOU WILL LEARN how to use a theorem prover background, how it works how to prove and specify NICTA Advanced Course Slide 1 Slide 3 Theorem Proving Health Warning Principles, Techniques, Applications Theorem Proving is

262 views • 9 slides
Artificial Intelligence in Theorem Proving Cezary Kaliszyk VTSA 2019 Computer Theorem Proving

Artificial Intelligence in Theorem Proving Cezary Kaliszyk VTSA 2019 Computer Theorem Proving

Artificial Intelligence in Theorem Proving Cezary Kaliszyk VTSA 2019 Computer Theorem Proving Computer used to automate reasoning in a logic Traditionally part of artificial intelligence (not machine learning) Field of research since the

1.25k views • 101 slides
Formal Verification Methods 4: Theorem Proving John Harrison Intel Corporation Need for

Formal Verification Methods 4: Theorem Proving John Harrison Intel Corporation Need for

Formal Verification Methods 4: Theorem Proving Formal Verification Methods 4: Theorem Proving John Harrison Intel Corporation Need for general theorem proving Set theory vs. higher-order logic Herbrand-based approaches

475 views • 18 slides
Learning theorem proving through self-play Stanisaw Purga Overview AlphaZero Proving

Learning theorem proving through self-play Stanisaw Purga Overview AlphaZero Proving

Learning theorem proving through self-play Stanisaw Purga Overview AlphaZero Proving game adjusting MCTS for proving game some results 2019-10 1 Neural black box game state S move policy expected outcome R n v

455 views • 45 slides
Saturation-based Theorem Proving and ML Course Machine Learning and Reasoning 2020 MLR 2020 1 1

Saturation-based Theorem Proving and ML Course Machine Learning and Reasoning 2020 MLR 2020 1 1

First-order Logic and Theorem Proving Saturation-based Proving Further Tuning and the Role of Strategies Summary Saturation-based Theorem Proving and ML Course Machine Learning and Reasoning 2020 MLR 2020 1 1 Czech Technical Univeristy in

913 views • 64 slides
Mechanical Theorem Proving in Tarskis Geometry. Julien Narboux under the supervision of Hugo

Mechanical Theorem Proving in Tarskis Geometry. Julien Narboux under the supervision of Hugo

Mechanical Theorem Proving in Tarskis Geometry. Julien Narboux under the supervision of Hugo Herbelin LIX, INRIA Futurs, Ecole Polytechnique 31/08/2006, Pontevedra, Spain Outline 1 Interactive proof / Automated theorem proving 2

1.1k views • 73 slides
Proving In fi nite Satis fi ability Peter Baumgartner Joshua Bax Goal Theorem Proving in

Proving In fi nite Satis fi ability Peter Baumgartner Joshua Bax Goal Theorem Proving in

Proving In fi nite Satis fi ability Peter Baumgartner Joshua Bax Goal Theorem Proving in Hierarchic Combinations of Speci fi cations Dis Background theory linear integer arithmetic Data structures ? Conjecture list axioms/arrays

443 views • 15 slides
Theorem Proving and the Real Numbers Applications and Challenges Lawrence C Paulson 1.

Theorem Proving and the Real Numbers Applications and Challenges Lawrence C Paulson 1.

Theorem Proving and the Real Numbers Applications and Challenges Lawrence C Paulson 1. Interactive Theorem Proving A partial, biased history A UTOMATH L. S. van Benthem Jutting, Checking Landaus Grundlagen in the A UTOMATH

920 views • 37 slides
Planning and Theorem Proving Slides by Svetlana Lazebnik, 9/2016 with modifications by Mark

Planning and Theorem Proving Slides by Svetlana Lazebnik, 9/2016 with modifications by Mark

Planning and Theorem Proving Slides by Svetlana Lazebnik, 9/2016 with modifications by Mark Hasegawa-Johnson, 1/2019 CC BY-SA 3.0, https://commons.wikimedia.org/w/index.php?curid=18656684 Planning and Theorem Proving Examples Automatic

539 views • 41 slides
Non-speed-up results for purely compositional truth predicates. Mateusz eyk, Bartosz Wciso

Non-speed-up results for purely compositional truth predicates. Mateusz eyk, Bartosz Wciso

Non-speed-up results for purely compositional truth predicates. Mateusz eyk, Bartosz Wciso Institute of Mathematics, Institute of Philosophy, University of Warsaw Research supported by the NCN grant Formalne teorie prawdy (Formal

983 views • 64 slides
Monadic C nadic Compos mpositio ition for or De Deter ermini inistic, P c, Par aral

Monadic C nadic Compos mpositio ition for or De Deter ermini inistic, P c, Par aral

Monadic C nadic Compos mpositio ition for or De Deter ermini inistic, P c, Par aral allel el Bat Batch ch Pr Proc oces essing ng Ryan Scott 1 Omar Navarro Leija 2 Ryan Newton 1 Joe Devietti 2 1 Indiana University 2 University of

696 views • 53 slides
Information Ordering Ling 573 Systems and Applications May 5, 2015 Roadmap Ordering

Information Ordering Ling 573 Systems and Applications May 5, 2015 Roadmap Ordering

Information Ordering Ling 573 Systems and Applications May 5, 2015 Roadmap Ordering models: Chronology and topic structure Mixture of experts Preference ranking: Chronology, topic similarity, succession/precedence

447 views • 44 slides
SYSTEM DEADLOCKS - DINING PHILOSOPHERS D:\mh\docs\lv\nl\nl_skript\nl07_deadlock_phils.sld.fm

SYSTEM DEADLOCKS - DINING PHILOSOPHERS D:\mh\docs\lv\nl\nl_skript\nl07_deadlock_phils.sld.fm

dependability engineering & Petri nets May 2005 SYSTEM DEADLOCKS - DINING PHILOSOPHERS D:\mh\docs\lv\nl\nl_skript\nl07_deadlock_phils.sld.fm 7 - 1 / 20 dependability engineering & Petri nets May 2006 DINING PHILOSOPHERS , ONE

220 views • 20 slides
Welcome to Math 102 Section 107 Krishanu Sankar MWF 8:00 - 8:50 AM, LSK 200 Math 102:

Welcome to Math 102 Section 107 Krishanu Sankar MWF 8:00 - 8:50 AM, LSK 200 Math 102:

Welcome to Math 102 Section 107 Krishanu Sankar MWF 8:00 - 8:50 AM, LSK 200 Math 102: Announcements Instructor: Krishanu Sankar Email: ksankar@math.ubc.ca Course website: https://wiki.math.ubc.ca Today: Course information

591 views • 43 slides
ROOT and C++11 ROOT Users Workshop 2013 Benjamin Bannier Stony Brook University March 13, 2013

ROOT and C++11 ROOT Users Workshop 2013 Benjamin Bannier Stony Brook University March 13, 2013

ROOT and C++11 ROOT Users Workshop 2013 Benjamin Bannier Stony Brook University March 13, 2013 1 / 33 About me and Disclaimers Hi, I am Benjamin Bannier. graduate student at Stony Brook University Experimental Heavy Ion Physics with

648 views • 33 slides
UseR! for Teaching Non-stats student goals: Leave the class able to apply what they have learned

UseR! for Teaching Non-stats student goals: Leave the class able to apply what they have learned

Framework Audience: (Post)-graduates, both in statistics and particularly in other areas. UseR! for Teaching Non-stats student goals: Leave the class able to apply what they have learned to what they really care about. Sanford Weisberg

441 views • 6 slides
INSTITUTO POLITCNICO NACIONAL Centro de Investigacin en Computacin Miguel A. Sanchez-

INSTITUTO POLITCNICO NACIONAL Centro de Investigacin en Computacin Miguel A. Sanchez-

INSTITUTO POLITCNICO NACIONAL Centro de Investigacin en Computacin Miguel A. Sanchez- Miguel A. Sanchez-Pere Perez, Grig z, Grigori ori Sidorov, Alexander Gelbukh idorov, Alexander Gelbukh Tuesday, 16 September 2014 1 Task 1.

567 views • 31 slides

More recommend