Theorem Pro v ers and Computer Algebra Systems John Harrison Cam bridge Univ ersit y Computer Lab oratory 2nd No v em b er 1994 1
Theorem Pro v ers � Are mainly used b y computer scien tists � Applications include hardw are, soft w are and proto col v eri�cation � Aim to supp ort logic as applied mathematics � Generally use \discrete" mathematics 2
Computer Algebra Systems � Are mainly used b y applied mathematicians, engineers and scien tists � Multiprecision arithmetic, di�eren tiation, in- tegration . . . � Aim to supp ort con v en tional applied mathe- matics � Mainly use \con tin uous" mathematics 3
F eatures of Theorem Pro v ers � They are logically and mathematically precise � They emplo y rigorous principles of deduction � They are usually di�cult to use � They are often v ery slo w 4
Computer Algebra Systems � Are easy to use � Are e�cien t and p o w erful � Lac k a precise notion of logic � Are deductiv ely unsound 5
The Lac k of Logic in Computer Algebra Systems They are mainly based on a simple dialogue with the user: � The user giv es an expression E 1 � The CAS returns an expression E 2 � W e are supp osed to b eliev e that E = E 1 2 But are w e? What ab out unde�nedness? 2 x � 1 = x + 1 x � 1 Sometimes w e can reason ab out simple inequal- ities, and there is at least a case analysis . . . 6
The Unsoundness of Computer Algebra Systems � Maple: Z p 1 2 x dx = 0 � 1 � Mathematica: Z 1 1 p dx = 0 � 1 2 x An yw a y is an an tideriv ativ e what w e w an t? Ma yb e w e w an t � Riemann In tegral � Leb esgue In tegral � Gauge In tegral 7
The Sp ectrum of Theorem Pro ving Systems � Pro of Chec k ers { Automath (de Bruijn) { Stanford LCF (Milner et al.) . . . . . . . . . � Automatic Theorem Pro v ers { NQTHM (Bo y er-Mo ore) { Otter (McCune) Whic h approac h is b etter? 8
The LCF approac h Aims to com bine lo w-lev el pro of c hec k er and high lev el theorem pro v er. � Lo w-lev el primitiv e inferences � Use of ML as programming en vironmen t for writing complex pro cedures � Secure abstract datat yp e of theorems 9
The LCF family � Original w as Edin burgh LCF (Milner, Gor- don, Morris, New ey , W adsw orth) � Reengineered as Cam bridge LCF (P aulson) � Man y descendan ts include { HOL (Gordon) { Nuprl (Constable) { Co q (Huet) � Re�nemen ts of the basic idea include Isab elle (P aulson) The ML programming language started life as the MetaLanguage for LCF 10
Quic k Summary of HOL � Higher order logic based on simply t yp ed lam b da calculus � ML-st yle parametric p olymorphism � Conserv ativ e de�nition mec hanism � V ery few primitiv e rules (in theory) � Sev eral v ersions (HOL88, hol90, Pro ofP o w er) 11
Analytica { a remedy for the lac k of logic � Designed b y Clark e and Zhao � W ritten in the Mathematica language � Incorp orates man y p o w erful decision pro ce- dures � But it relies on Mathematica's o wn (unsound) simpli�er 12
Mathp ert { a remedy for the lac k of soundness � Designed b y Beeson � In tended for educational use; stresses `glass b o x' approac h � Underlying sequen t calculus where side con- ditions accum ulate � A ttempt to a v oid the logic app earing explic- itly � It remains to b e seen ho w it compares with existing systems in p o w er 13
Harrison and Th � ery { exploiting a link W e link together a Theorem Pro v er (HOL) and a Computer Algebra System (Maple). HOL can ask Maple questions { but what do w e do with the answ ers? 1. T rust the Computer Algebra System completely 2. T rust it partially; tag the theorem 3. Don't trust it at all { c hec k the answ er 14
Examples where Chec king is Easy � Solving equations (of all kinds) � F actorizing p olynomials (or indeed n um b ers!) � In tegrating expressions 15
Example com bining in tegration and factorization (1) W e w an t to ev aluate: Z t 3 sin u du 0 Maple tells us: Z 1 2 2 t 3 2 sin u du = � sin t cos t � cos t + 0 3 3 3 HOL can di�eren tiate this expression to yield 1 2 3 � (2 sin t cos t cos t � sin t ) + sin t 3 3 but it do esn't simplify do wn to what w e w an ted (neither do es Maple in fact!) 16
Example com bining in tegration and factorization (2) W e w an t to sho w that 1 2 3 3 � (2 sin t cos t cos t � sin t ) + sin t = sin t 3 3 Let's replace sin t b y x and cos t b y y ; w e w an t to sho w that 1 2 3 3 ` � (2 x y y � x ) + x � x = 0 3 3 17
Example com bining in tegration and factorization (3) W e ask Maple to factorize this expression, and it tells us: 1 2 2 3 3 2 2 ` � (2 x y y � x ) + x � x = � x ( y + x � 1) 3 3 3 HOL can c hec k this answ er v ery easily . 2 2 When x = sin t and y = cos t w e ha v e y + x � 1 = 0 , so the equation is pro v ed. No w the F undamen tal Theorem of Calculus yields the result. Maple w as righ t! 18
What ha v e w e Gained? In HOL, real analysis, including (gauge) in te- gration and its relationship with di�eren tiation, has b een dev elop ed formally b y de�nitional means. So w e ha v e: � An indep enden t c hec k on Maple's correctness � A formal HOL pro of using incon tro v ertible, lo w-lev el principles � A rigorously de�ned, mathematically useful statemen t 19
Conclusions � More exp erience needed. Do es rigour mean rigor mortis? � F or the approac h to generalize, w e need p o w- erful simpli�ers � But it giv es quite a lot for v ery little w ork � Theorem pro v er and computer algebra de- signers ha v e a lot to learn from eac h other. 20
Recommend
More recommend
