[PDF] - Theorem Pro v ers and Computer Algebra Systems John Harrison PDF Document

SLIDE 1 Theorem Pro v ers and Computer Algebra Systems John Harrison Cam bridge Univ ersit y Computer Lab

ratory

2nd No v em b er 1994 1

SLIDE 2 Theorem Pro v ers

Are

mainly used b y computer scien tists

Applications

include hardw are, soft w are and proto col v erication

Aim

to supp

rt

logic as applied mathematics

Generally

use \discrete" mathematics 2

SLIDE 3 Computer Algebra Systems

Are

mainly used b y applied mathematicians, engineers and scien tists

Multiprecision

arithmetic, dieren tiation, in- tegration . . .

Aim

to supp

rt

con v en tional applied mathematics

Mainly

use \con tin uous" mathematics 3

SLIDE 4 F eatures

f

Theorem Pro v ers

They

are logically and mathematically precise

They

emplo y rigorous principles

f

deduction

They

are usually dicult to use

They

are

ften

v ery slo w 4

SLIDE 5 Computer Algebra Systems

Are

easy to use

Are

ecien t and p

w

erful

Lac

k a precise notion

f

logic

Are

deductiv ely unsound 5

SLIDE 6 The Lac k

f

Logic in Computer Algebra Systems They are mainly based

n

a simple dialogue with the user:

The

user giv es an expression E 1

The

CAS returns an expression E 2

W

e are supp

sed

to b eliev e that E 1 = E 2 But are w e? What ab

ut

undenedness? x 2

1

x

1

= x + 1 Sometimes w e can reason ab

ut

simple inequal- ities, and there is at least a case analysis . . . 6

SLIDE 7 The Unsoundness

f

Computer Algebra Systems

Maple:

Z 1 1 p x 2 dx =

Mathematica:

Z 1 1 1 p x 2 dx = An yw a y is an an tideriv ativ e what w e w an t? Ma yb e w e w an t

Riemann

In tegral

Leb

esgue In tegral

Gauge

In tegral 7

SLIDE 8 The Sp ectrum

f

Theorem Pro ving Systems

Pro
f

Chec k ers { Automath (de Bruijn) { Stanford LCF (Milner et al.) . . . . . . . . .

Automatic

Theorem Pro v ers { NQTHM (Bo y er-Mo

re)

{ Otter (McCune) Whic h approac h is b etter? 8

SLIDE 9 The LCF approac h Aims to com bine lo w-lev el pro

f

c hec k er and high lev el theorem pro v er.

Lo

w-lev el primitiv e inferences

Use
f

ML as programming en vironmen t for writing complex pro cedures

Secure

abstract datat yp e

f

theorems 9

SLIDE 10 The LCF family

Original

w as Edin burgh LCF (Milner, Gor- don, Morris, New ey , W adsw

rth)
Reengineered

as Cam bridge LCF (P aulson)

Man

y descendan ts include { HOL (Gordon) { Nuprl (Constable) { Co q (Huet)

Renemen

ts

f

the basic idea include Isab elle (P aulson) The ML programming language started life as the MetaLanguage for LCF 10

SLIDE 11 Quic k Summary

f

HOL

Higher
rder

logic based

n

simply t yp ed lam b da calculus

ML-st

yle parametric p

lymorphism
Conserv

ativ e denition mec hanism

V

ery few primitiv e rules (in theory)

Sev

eral v ersions (HOL88, hol90, Pro

fP
w

er) 11

SLIDE 12 Analytica { a remedy for the lac k

f

logic

Designed

b y Clark e and Zhao

W

ritten in the Mathematica language

Incorp
rates

man y p

w

erful decision pro cedures

But

it relies

n

Mathematica's

wn

(unsound) simplier 12

SLIDE 13 Mathp ert { a remedy for the lac k

f

soundness

Designed

b y Beeson

In

tended for educational use; stresses `glass b

x'

approac h

Underlying

sequen t calculus where side con- ditions accum ulate

A

ttempt to a v

id

the logic app earing explic- itly

It

remains to b e seen ho w it compares with existing systems in p

w

er 13

SLIDE 14 Harrison and Th

ery

{ exploiting a link W e link together a Theorem Pro v er (HOL) and a Computer Algebra System (Maple). HOL can ask Maple questions { but what do w e do with the answ ers? 1. T rust the Computer Algebra System completely 2. T rust it partially; tag the theorem 3. Don't trust it at all { c hec k the answ er 14

SLIDE 15 Examples where Chec king is Easy

Solving

equations (of all kinds)

F

actorizing p

lynomials

(or indeed n um b ers!)

In

tegrating expressions 15

SLIDE 16 Example com bining in tegration and factorization (1) W e w an t to ev aluate: Z t sin 3 u du Maple tells us: Z t sin 3 u du =

1

3 sin 2 t cos t

2

3 cos t + 2 3 HOL can dieren tiate this expression to yield

1

3 (2 sin t cos t cos t

sin

3 t) + 2 3 sin t but it do esn't simplify do wn to what w e w an ted (neither do es Maple in fact!) 16

SLIDE 17 Example com bining in tegration and factorization (2) W e w an t to sho w that

1

3 (2 sin t cos t cos t

sin

3 t) + 2 3 sin t = sin 3 t Let's replace sin t b y x and cos t b y y ; w e w an t to sho w that `

1

3 (2 x y y

x

3 ) + 2 3 x

x

3 = 17

SLIDE 18 Example com bining in tegration and factorization (3) W e ask Maple to factorize this expression, and it tells us: `

1

3 (2 x y y

x

3 ) + 2 3 x

x

3 =

2

3 x (y 2 + x 2

1)

HOL can c hec k this answ er v ery easily . When x = sin t and y = cos t w e ha v e y 2 + x 2

1

= 0, so the equation is pro v ed. No w the F undamen tal Theorem

f

Calculus yields the result. Maple w as righ t! 18

SLIDE 19 What ha v e w e Gained? In HOL, real analysis, including (gauge) in tegration and its relationship with dieren tiation, has b een dev elop ed formally b y denitional means. So w e ha v e:

An

indep enden t c hec k

n

Maple's correctness

A

formal HOL pro

f

using incon tro v ertible, lo w-lev el principles

A

rigorously dened, mathematically useful statemen t 19

SLIDE 20 Conclusions

More

exp erience needed. Do es rigour mean rigor mortis?

F
r

the approac h to generalize, w e need p

w-

erful simpliers

But

it giv es quite a lot for v ery little w

rk
Theorem

pro v er and computer algebra de- signers ha v e a lot to learn from eac h

ther.

20