Towards Machine Learning Induction for Isabelle/HOL This work was - - PowerPoint PPT Presentation

Towards Machine Learning Induction for Isabelle/HOL

Yutaka Nagashima

University of Innsbruck Czech Technical University

This work was supported by the project AI&Reasoning (reg. no. CZ.02.1.01/0.0/0.0/15_003/0000466).

git clone https://github.com/data61/PSL

Towards Machine Learning Induction for Isabelle/HOL

This work was supported by the project AI&Reasoning (reg. no. CZ.02.1.01/0.0/0.0/15_003/0000466).

?

git clone https://github.com/data61/PSL

Towards Machine Learning Induction for Isabelle/HOL

This work was supported by the project AI&Reasoning (reg. no. CZ.02.1.01/0.0/0.0/15_003/0000466).

?

Who is Isabelle?

git clone https://github.com/data61/PSL

Towards Machine Learning Induction for Isabelle/HOL

This work was supported by the project AI&Reasoning (reg. no. CZ.02.1.01/0.0/0.0/15_003/0000466).

?

Why induction? Who is Isabelle?

git clone https://github.com/data61/PSL

Towards Machine Learning Induction for Isabelle/HOL

This work was supported by the project AI&Reasoning (reg. no. CZ.02.1.01/0.0/0.0/15_003/0000466).

?

Why induction? Who is Isabelle?

git clone https://github.com/data61/PSL

https://www.logic.at/staff/gramlich/

• Prof. Bernhard Gramlich

ITP (Inductive Theorem Proving) problems are at the heart of many verification and reasoning tasks in

Towards Machine Learning Induction for Isabelle/HOL

This work was supported by the project AI&Reasoning (reg. no. CZ.02.1.01/0.0/0.0/15_003/0000466).

?

Why induction? Who is Isabelle?

git clone https://github.com/data61/PSL

we are convinced that substantial progress in ITP will take time.

https://www.logic.at/staff/gramlich/

• Prof. Bernhard Gramlich

ITP (Inductive Theorem Proving) problems are at the heart of many verification and reasoning tasks in

Towards Machine Learning Induction for Isabelle/HOL

This work was supported by the project AI&Reasoning (reg. no. CZ.02.1.01/0.0/0.0/15_003/0000466).

?

Why induction? Who is Isabelle?

git clone https://github.com/data61/PSL

we are convinced that substantial progress in ITP will take time.

https://www.logic.at/staff/gramlich/

• Prof. Bernhard Gramlich

ITP (Inductive Theorem Proving) problems are at the heart of many verification and reasoning tasks in spectacular breakthroughs are unrealistic, in view of the enormous problems and the inherent difficulty of inductive theorem proving.

Strategic Issues, Problems and Challenges in Inductive Theorem Proving

Why induction? we are convinced that substantial progress in ITP will take time. ITP (Inductive Theorem Proving) problems are at the heart of many verification and reasoning tasks in

Towards Machine Learning Induction for Isabelle/HOL

This work was supported by the project AI&Reasoning (reg. no. CZ.02.1.01/0.0/0.0/15_003/0000466).

?

Who is Isabelle?

git clone https://github.com/data61/PSL

spectacular breakthroughs are unrealistic, in view of the enormous problems and the inherent difficulty of inductive theorem proving.

https://www.logic.at/staff/gramlich/

• Prof. Bernhard Gramlich

Strategic Issues, Problems and Challenges in Inductive Theorem Proving

Challenge accepted!

Why induction? we are convinced that substantial progress in ITP will take time. ITP (Inductive Theorem Proving) problems are at the heart of many verification and reasoning tasks in

Towards Machine Learning Induction for Isabelle/HOL

This work was supported by the project AI&Reasoning (reg. no. CZ.02.1.01/0.0/0.0/15_003/0000466).

?

Who is Isabelle?

git clone https://github.com/data61/PSL

spectacular breakthroughs are unrealistic, in view of the enormous problems and the inherent difficulty of inductive theorem proving.

https://www.logic.at/staff/gramlich/

• Prof. Bernhard Gramlich

Strategic Issues, Problems and Challenges in Inductive Theorem Proving

Challenge accepted!

The time has come!

Why induction? we are convinced that substantial progress in ITP will take time. ITP (Inductive Theorem Proving) problems are at the heart of many verification and reasoning tasks in

Towards Machine Learning Induction for Isabelle/HOL

This work was supported by the project AI&Reasoning (reg. no. CZ.02.1.01/0.0/0.0/15_003/0000466).

?

Who is Isabelle?

git clone https://github.com/data61/PSL

spectacular breakthroughs are unrealistic, in view of the enormous problems and the inherent difficulty of inductive theorem proving.

https://www.logic.at/staff/gramlich/

• Prof. Bernhard Gramlich

Strategic Issues, Problems and Challenges in Inductive Theorem Proving

Challenge accepted!

The time has come!

…or is coming soon.

Interactive theorem proving with Isabelle/HOL

git clone https://github.com/data61/PSL

Interactive theorem proving with Isabelle/HOL

tactic / proof method proof goal context

git clone https://github.com/data61/PSL

Interactive theorem proving with Isabelle/HOL

tactic / proof method proof goal context subgoals error-message

git clone https://github.com/data61/PSL

Interactive theorem proving with Isabelle/HOL

tactic / proof method proof goal context subgoals error-message

git clone https://github.com/data61/PSL

Interactive theorem proving with Isabelle/HOL

tactic / proof method proof goal context no sub-goal! subgoals error-message

git clone https://github.com/data61/PSL

Interactive theorem proving with Isabelle/HOL

tactic / proof method proof goal context no sub-goal! subgoals error-message

git clone https://github.com/data61/PSL

Interactive theorem proving with Isabelle/HOL

tactic / proof method proof goal context no sub-goal! subgoals error-message

git clone https://github.com/data61/PSL

Interactive theorem proving with Isabelle/HOL

tactic / proof method proof goal context no sub-goal! subgoals error-message

git clone https://github.com/data61/PSL

Interactive theorem proving with Isabelle/HOL

tactic / proof method proof goal context no sub-goal! subgoals error-message

git clone https://github.com/data61/PSL

Interactive theorem proving with Isabelle/HOL

tactic / proof method proof goal context no sub-goal! subgoals error-message

It's blatantly clear You stupid machine, that what I tell you is true (Michael Norrish)

git clone https://github.com/data61/PSL

Interactive theorem proving with Isabelle/HOL

tactic / proof method proof goal context no sub-goal! subgoals error-message

It's blatantly clear You stupid machine, that what I tell you is true (Michael Norrish)

git clone https://github.com/data61/PSL

DEMO!

goal

Dynamic ( Induct ) Auto IsSolved

git clone https://github.com/data61/PSL

goal

Dynamic ( Induct ) Auto IsSolved

apply (induct)

git clone https://github.com/data61/PSL

goal

Dynamic ( Induct ) Auto IsSolved

apply (induct)

git clone https://github.com/data61/PSL

goal

Dynamic ( Induct ) Auto IsSolved

apply (induct) apply (auto)

git clone https://github.com/data61/PSL

goal

Dynamic ( Induct ) Auto IsSolved

apply (induct) apply (auto)

git clone https://github.com/data61/PSL

goal

Dynamic ( Induct ) Auto IsSolved

apply (induct) apply (auto)

git clone https://github.com/data61/PSL

goal

Dynamic ( Induct ) Auto IsSolved

apply (induct) apply (auto)

git clone https://github.com/data61/PSL

goal

Dynamic ( Induct ) Auto IsSolved

apply (induct) apply (auto) apply (induct xs)

git clone https://github.com/data61/PSL

goal

Dynamic ( Induct ) Auto IsSolved

apply (induct) apply (auto) apply (induct xs)

git clone https://github.com/data61/PSL

goal

Dynamic ( Induct ) Auto IsSolved

apply (induct) apply (auto) apply (induct xs)

git clone https://github.com/data61/PSL

goal

Dynamic ( Induct ) Auto IsSolved

apply (induct) apply (auto) apply (induct xs)

git clone https://github.com/data61/PSL

goal

Dynamic ( Induct ) Auto IsSolved

apply (induct) apply (auto) apply (induct xs) apply (auto)

git clone https://github.com/data61/PSL

goal

Dynamic ( Induct ) Auto IsSolved

apply (induct) apply (auto) apply (induct xs) apply (auto)

git clone https://github.com/data61/PSL

goal

Dynamic ( Induct ) Auto IsSolved

apply (induct) apply (auto) apply (induct xs) apply (auto)

git clone https://github.com/data61/PSL

goal

Dynamic ( Induct ) Auto IsSolved

apply (induct) apply (auto) apply (induct xs) apply (auto)

git clone https://github.com/data61/PSL

goal

Dynamic ( Induct ) Auto IsSolved

apply (induct) apply (auto) apply (induct xs) apply (auto) apply (induct xs rule: Demo.sep.induct)

git clone https://github.com/data61/PSL

goal

Dynamic ( Induct ) Auto IsSolved

apply (induct) apply (auto) apply (induct xs) apply (auto) apply (induct xs rule: Demo.sep.induct)

git clone https://github.com/data61/PSL

goal

Dynamic ( Induct ) Auto IsSolved

apply (induct) apply (auto) apply (induct xs) apply (auto) apply (induct xs rule: Demo.sep.induct) apply (auto)

git clone https://github.com/data61/PSL

goal

Dynamic ( Induct ) Auto IsSolved

apply (induct) apply (auto) apply (induct xs) apply (auto) apply (induct xs rule: Demo.sep.induct) apply (auto)

git clone https://github.com/data61/PSL

goal

Dynamic ( Induct ) Auto IsSolved

apply (induct) apply (auto) apply (induct xs) apply (auto) apply (induct xs rule: Demo.sep.induct) apply (auto) done

git clone https://github.com/data61/PSL

goal

Dynamic ( Induct ) Auto IsSolved

apply (induct) apply (auto) apply (induct xs) apply (auto) apply (induct xs rule: Demo.sep.induct) apply (auto) done

git clone https://github.com/data61/PSL

Try_Hard: the default strategy

strategy Basic = Ors [ Auto_Solve, Blast_Solve, FF_Solve, Thens [IntroClasses, Auto_Solve], Thens [Transfer, Auto_Solve], Thens [Normalization, IsSolved], Thens [DInduct, Auto_Solve], Thens [Hammer, IsSolved], Thens [DCases, Auto_Solve], Thens [DCoinduction, Auto_Solve], Thens [Auto, RepeatN(Hammer), IsSolved], Thens [DAuto, IsSolved]] strategy Try_Hard = Ors [Thens [Subgoal, Basic], Thens [DInductTac, Auto_Solve], Thens [DCaseTac, Auto_Solve], Thens [Subgoal, Advanced], Thens [DCaseTac, Solve_Many], Thens [DInductTac, Solve_Many] ]

16 percentage point performance improvement compared to sledgehammer PaMpeR: Proof Method Recommendation but the search space explodes

git clone https://github.com/data61/PSL

preparation phase recommendation phase

How does PaMpeR work?

preparation phase recommendation phase

?

proof state proof engineer

How does PaMpeR work?

large proof corpora AFP and standard library

preparation phase recommendation phase

?

proof state proof engineer

How does PaMpeR work?

large proof corpora AFP and standard library

Archive of Formal Proofs (https://www.isa-afp.org)

preparation phase recommendation phase

?

proof state proof engineer

How does PaMpeR work?

large proof corpora AFP and standard library

preparation phase recommendation phase

?

proof state proof engineer

How does PaMpeR work?

full feature extractor 6021 CPU hours 108 assertions large proof corpora AFP and standard library

preparation phase recommendation phase

?

proof state proof engineer

How does PaMpeR work?

full feature extractor 6021 CPU hours 108 assertions :: ( tactic_name, [ bool ] ) database ( 425334 data points ) large proof corpora AFP and standard library

preprocess decision tree construction preparation phase recommendation phase

?

proof state proof engineer

How does PaMpeR work?

full feature extractor 6021 CPU hours 108 assertions :: ( tactic_name, [ bool ] ) database ( 425334 data points ) large proof corpora AFP and standard library

preprocess decision tree construction preparation phase recommendation phase fast feature extractor

?

proof state proof engineer

How does PaMpeR work?

full feature extractor 6021 CPU hours 108 assertions :: ( tactic_name, [ bool ] ) database ( 425334 data points ) large proof corpora AFP and standard library

preprocess decision tree construction feature vector preparation phase recommendation phase fast feature extractor

?

proof state proof engineer

How does PaMpeR work?

full feature extractor 6021 CPU hours 108 assertions :: ( tactic_name, [ bool ] ) database ( 425334 data points ) large proof corpora AFP and standard library

preprocess decision tree construction feature vector proof method recommendation lookup preparation phase recommendation phase fast feature extractor

?

proof state proof engineer

How does PaMpeR work?

full feature extractor 6021 CPU hours 108 assertions :: ( tactic_name, [ bool ] ) database ( 425334 data points ) large proof corpora AFP and standard library

preprocess decision tree construction feature vector proof method recommendation lookup preparation phase recommendation phase fast feature extractor

?

proof state proof engineer

How does PaMpeR work?

full feature extractor 6021 CPU hours 108 assertions :: ( tactic_name, [ bool ] ) database ( 425334 data points ) large proof corpora AFP and standard library

?

AITP2018 review

?

anonymous reviewer

git clone https://github.com/data61/PSL

AITP2018 review

Proof Method Recommendation, PaMpeR!

?

anonymous reviewer

git clone https://github.com/data61/PSL

AITP2018 review

Proof Method Recommendation, PaMpeR!

I have doubts about various approaches proposed in the paper.

?

anonymous reviewer

git clone https://github.com/data61/PSL

AITP2018 review

Proof Method Recommendation, PaMpeR!

I have doubts about various approaches proposed in the paper.

?

anonymous reviewer

git clone https://github.com/data61/PSL

New users of Isabelle are facing many challenges from

• writing their first definitions,
• stating suitable theorem statements, and
• producing properly structured proofs.

AITP2018 review

Proof Method Recommendation, PaMpeR!

I have doubts about various approaches proposed in the paper.

?

anonymous reviewer

git clone https://github.com/data61/PSL

New users of Isabelle are facing many challenges from

• writing their first definitions,
• stating suitable theorem statements, and
• producing properly structured proofs.

AITP2018 review

Proof Method Recommendation, PaMpeR!

I have doubts about various approaches proposed in the paper. Proof methods are merely the bits at the bottom of that.

?

anonymous reviewer

git clone https://github.com/data61/PSL

New users of Isabelle are facing many challenges from

• writing their first definitions,
• stating suitable theorem statements, and
• producing properly structured proofs.

AITP2018 review

Proof Method Recommendation, PaMpeR!

I have doubts about various approaches proposed in the paper. Proof methods are merely the bits at the bottom of that.

?

anonymous reviewer

I was writing how to prove not how to specify!

git clone https://github.com/data61/PSL

New users of Isabelle are facing many challenges from

• writing their first definitions,
• stating suitable theorem statements, and
• producing properly structured proofs.

AITP2018 review

Proof Method Recommendation, PaMpeR!

I have doubts about various approaches proposed in the paper. Proof methods are merely the bits at the bottom of that.

?

anonymous reviewer

I was writing how to prove not how to specify!

git clone https://github.com/data61/PSL

New users of Isabelle are facing many challenges from

• writing their first definitions,
• stating suitable theorem statements, and
• producing properly structured proofs.

AITP2018 review

Proof Method Recommendation, PaMpeR!

I have doubts about various approaches proposed in the paper. Proof methods are merely the bits at the bottom of that.

?

anonymous reviewer

I was writing how to prove not how to specify! Proof Goal Transformer, PGT!

git clone https://github.com/data61/PSL

PSL with PGT

PGT

git clone https://github.com/data61/PSL

PSL with PGT

PGT strategy proof goal sub-optimal for proof automation context

PGT

git clone https://github.com/data61/PSL

PSL with PGT

PGT strategy proof goal sub-optimal for proof automation context

PGT

tactic / sub-tool proof goal context

git clone https://github.com/data61/PSL

PSL with PGT

PGT strategy proof goal sub-optimal for proof automation context proved theorem / subgoals / message

PGT

tactic / sub-tool proof goal context

git clone https://github.com/data61/PSL

PSL with PGT

PGT strategy proof goal sub-optimal for proof automation context proof for the original goal, and auxiliary lemma

• ptimal for proof automation

proved theorem / subgoals / message

PGT

tactic / sub-tool proof goal context

git clone https://github.com/data61/PSL

PSL with PGT

PGT strategy proof goal sub-optimal for proof automation context proof for the original goal, and auxiliary lemma

• ptimal for proof automation

proved theorem / subgoals / message

PGT

tactic / sub-tool proof goal context

DEMO!

git clone https://github.com/data61/PSL

goal Conjecture Fastforce DInd DInd Quickcheck

git clone https://github.com/data61/PSL

goal Conjecture Fastforce DInd DInd Quickcheck

git clone https://github.com/data61/PSL

goal Conjecture Fastforce DInd DInd Quickcheck

git clone https://github.com/data61/PSL

goal Conjecture Fastforce DInd DInd Quickcheck

git clone https://github.com/data61/PSL

goal Conjecture Fastforce DInd DInd Quickcheck

git clone https://github.com/data61/PSL

goal Conjecture Fastforce DInd DInd Quickcheck

git clone https://github.com/data61/PSL

goal Conjecture Fastforce DInd DInd Quickcheck

git clone https://github.com/data61/PSL

goal Conjecture Fastforce DInd DInd Quickcheck

git clone https://github.com/data61/PSL

goal Conjecture Fastforce DInd DInd Quickcheck

git clone https://github.com/data61/PSL

Success story

git clone https://github.com/data61/PSL

PSL can find how to apply induction for easy problems.

Success story

git clone https://github.com/data61/PSL

PSL can find how to apply induction for easy problems. PaMpeR recommends which proof methods to use.

Success story

git clone https://github.com/data61/PSL

PSL can find how to apply induction for easy problems. PaMpeR recommends which proof methods to use. PGT produces useful auxiliary lemmas.

Success story

git clone https://github.com/data61/PSL

PSL can find how to apply induction for easy problems. PaMpeR recommends which proof methods to use. PGT produces useful auxiliary lemmas.

CADE2017

Success story

git clone https://github.com/data61/PSL

PSL can find how to apply induction for easy problems. PaMpeR recommends which proof methods to use. PGT produces useful auxiliary lemmas.

CADE2017 ASE2018

Success story

git clone https://github.com/data61/PSL

PSL can find how to apply induction for easy problems. PaMpeR recommends which proof methods to use. PGT produces useful auxiliary lemmas.

CADE2017 ASE2018 CICM2018

(best system award)

PSL can find how to apply induction for easy problems.

Too good to be true?

git clone https://github.com/data61/PSL

PaMpeR recommends which proof methods to use. PGT produces useful auxiliary lemmas.

PSL can find how to apply induction for easy problems.

Too good to be true?

git clone https://github.com/data61/PSL

PaMpeR recommends which proof methods to use. PGT produces useful auxiliary lemmas.

• n

l y i f P S L c

• m

p l e t e s a p r

• f

s e a r c h

• n

l y i f P S L w i t h P G T c

• m

p l e t e s a p r

• f

s e a r c h

PSL can find how to apply induction for easy problems.

Too good to be true?

git clone https://github.com/data61/PSL

b u t P a M p e R d

• e

s n

• t

r e c

• m

m e n d a r g u m e n t s f

• r

p r

• f

m e t h

• d

s PaMpeR recommends which proof methods to use. PGT produces useful auxiliary lemmas.

• n

l y i f P S L c

• m

p l e t e s a p r

• f

s e a r c h

• n

l y i f P S L w i t h P G T c

• m

p l e t e s a p r

• f

s e a r c h

PSL can find how to apply induction for easy problems.

Too good to be true?

git clone https://github.com/data61/PSL

b u t P a M p e R d

• e

s n

• t

r e c

• m

m e n d a r g u m e n t s f

• r

p r

• f

m e t h

• d

s PaMpeR recommends which proof methods to use. PGT produces useful auxiliary lemmas.

• n

l y i f P S L c

• m

p l e t e s a p r

• f

s e a r c h

• n

l y i f P S L w i t h P G T c

• m

p l e t e s a p r

• f

s e a r c h Recommend how to apply induction without completing a proof.

PSL can find how to apply induction for easy problems.

Too good to be true?

git clone https://github.com/data61/PSL

b u t P a M p e R d

• e

s n

• t

r e c

• m

m e n d a r g u m e n t s f

• r

p r

• f

m e t h

• d

s PaMpeR recommends which proof methods to use. PGT produces useful auxiliary lemmas.

• n

l y i f P S L c

• m

p l e t e s a p r

• f

s e a r c h

• n

l y i f P S L w i t h P G T c

• m

p l e t e s a p r

• f

s e a r c h Recommend how to apply induction without completing a proof. MeLoId: Machine Learning Induction

How does MeLoId work?

[ apply(induct s), apply(induct t), apply(induct u), apply(induct s t arbitrary: u), … ] decision tree construction lookup preparation phase recommendation phase fast feature extractor

?

proof state proof engineer full feature extractor active mining about 40 assertions written in ML large proof corpora AFP and standard library lemma “foo x y = bar x y” apply(induct x arbitrary: y) [ ( apply(induct x arbitrary: y), used ), ( apply(induct y arbitrary: x), not ), ( apply(induct arbitrary: y), used ), ( apply(induct x rule: bar.induct), not ),… ] [ ( [1,0,0,1,…1], used ), ( [0,1,0,1,…1], not ), ( [1,1,0,0,…1], used ), ( [0,1,0,0,…1], not ), … ] lemma “f s t ==> g s u” Dynamic (Induct) [ [1,1,0,1,…1], [0,0,0,1,…1], [1,1,1,0,…1], [1,1,0,1,…1], … ] [ (0.3, apply(induct s t arbitrary: u)) (0.2, apply(induct s t)), (0.15, apply(induct t arbitrary: u)), (0.11, apply(induct u)), … ]

How does MeLoId work?

[ apply(induct s), apply(induct t), apply(induct u), apply(induct s t arbitrary: u), … ] decision tree construction lookup preparation phase recommendation phase fast feature extractor

?

proof state proof engineer full feature extractor active mining about 40 assertions written in ML large proof corpora AFP and standard library lemma “foo x y = bar x y” apply(induct x arbitrary: y) [ ( apply(induct x arbitrary: y), used ), ( apply(induct y arbitrary: x), not ), ( apply(induct arbitrary: y), used ), ( apply(induct x rule: bar.induct), not ),… ] [ ( [1,0,0,1,…1], used ), ( [0,1,0,1,…1], not ), ( [1,1,0,0,…1], used ), ( [0,1,0,0,…1], not ), … ] lemma “f s t ==> g s u” Dynamic (Induct) [ [1,1,0,1,…1], [0,0,0,1,…1], [1,1,1,0,…1], [1,1,0,1,…1], … ] [ (0.3, apply(induct s t arbitrary: u)) (0.2, apply(induct s t)), (0.15, apply(induct t arbitrary: u)), (0.11, apply(induct u)), … ]

Writing useful assertions in ML is very tricky. => Domain specific language for writing assertions!

How does MeLoId work?

[ apply(induct s), apply(induct t), apply(induct u), apply(induct s t arbitrary: u), … ] decision tree construction lookup preparation phase recommendation phase fast feature extractor

?

proof state proof engineer full feature extractor active mining about 40 assertions written in ML large proof corpora AFP and standard library lemma “foo x y = bar x y” apply(induct x arbitrary: y) [ ( apply(induct x arbitrary: y), used ), ( apply(induct y arbitrary: x), not ), ( apply(induct arbitrary: y), used ), ( apply(induct x rule: bar.induct), not ),… ] [ ( [1,0,0,1,…1], used ), ( [0,1,0,1,…1], not ), ( [1,1,0,0,…1], used ), ( [0,1,0,0,…1], not ), … ] lemma “f s t ==> g s u” Dynamic (Induct) [ [1,1,0,1,…1], [0,0,0,1,…1], [1,1,1,0,…1], [1,1,0,1,…1], … ] [ (0.3, apply(induct s t arbitrary: u)) (0.2, apply(induct s t)), (0.15, apply(induct t arbitrary: u)), (0.11, apply(induct u)), … ]

Writing useful assertions in ML is very tricky. => Domain specific language for writing assertions!

WIP!

Thank you!

git clone https://github.com/data61/PSL

Thank you!

Leave a star at GitHub for PSL!

git clone https://github.com/data61/PSL

Thank you!

Leave a star at GitHub for PSL!

git clone https://github.com/data61/PSL

Let’s write a review paper “AITP deserves High-Performance Computing, Too!”

Thank you!

Leave a star at GitHub for PSL!

git clone https://github.com/data61/PSL

Let’s write a review paper “AITP deserves High-Performance Computing, Too!”

PaMpeR’s feature extractor?

Time

git clone https://github.com/data61/PSL

Time

1986~ Isabelle

git clone https://github.com/data61/PSL

Time

1986~ Isabelle 2004~ AFP

git clone https://github.com/data61/PSL

Time

1986~ Isabelle 2004~ AFP 2017~ PaMpeR

git clone https://github.com/data61/PSL

Time

1986~ Isabelle 2004~ AFP 2017~ PaMpeR 2018~ more articles in the AFP

git clone https://github.com/data61/PSL

Time

1986~ Isabelle 2004~ AFP 2017~ PaMpeR 2018~ more articles in the AFP 2018 PaMpeR’s data extraction

git clone https://github.com/data61/PSL

Time

1986~ Isabelle 2004~ AFP 2017~ PaMpeR 2018~ more articles in the AFP 2019 definition of the “sep” function 2018 PaMpeR’s data extraction

git clone https://github.com/data61/PSL

Time

1986~ Isabelle 2004~ AFP 2017~ PaMpeR 2018~ more articles in the AFP 2019 definition of the “sep” function 2018 PaMpeR’s data extraction lemma “map f (sep x xs) = sep (f x) (map f xs)"

git clone https://github.com/data61/PSL

Time

1986~ Isabelle 2004~ AFP 2017~ PaMpeR 2018~ more articles in the AFP 2019 definition of the “sep” function 2018 PaMpeR’s data extraction lemma “map f (sep x xs) = sep (f x) (map f xs)" AITP2019 which_method?

git clone https://github.com/data61/PSL

Time

1986~ Isabelle 2004~ AFP 2017~ PaMpeR 2018~ more articles in the AFP 2019 definition of the “sep” function 2018 PaMpeR’s data extraction lemma “map f (sep x xs) = sep (f x) (map f xs)" AITP2019 which_method?

PaMpeR’s feature extractor has to be able to analyze things (e.g. “sep”) that do not exist yet!

git clone https://github.com/data61/PSL

Time

1986~ Isabelle 2004~ AFP 2017~ PaMpeR 2018~ more articles in the AFP 2019 definition of the “sep” function 2018 PaMpeR’s data extraction lemma “map f (sep x xs) = sep (f x) (map f xs)" AITP2019 which_method?

DEMO! PaMpeR’s feature extractor has to be able to analyze things (e.g. “sep”) that do not exist yet!

git clone https://github.com/data61/PSL

Feature extractor?

automatically proves and saves many auxiliary lemmas in the context sep.simps, sep.induct, sep.elims, etc.

Feature extractor?

automatically proves and saves many auxiliary lemmas in the context sep.simps, sep.induct, sep.elims, etc.

Feature extractor?

assertion 27: if the outermost constant is the HOL equality?

automatically proves and saves many auxiliary lemmas in the context sep.simps, sep.induct, sep.elims, etc.

Feature extractor?

assertion 27: if the outermost constant is the HOL equality?

automatically proves and saves many auxiliary lemmas in the context sep.simps, sep.induct, sep.elims, etc.

Feature extractor?

assertion 27: if the outermost constant is the HOL equality? assertion 32: if the outermost constant is the HOL existential quantifier?

automatically proves and saves many auxiliary lemmas in the context sep.simps, sep.induct, sep.elims, etc.

Feature extractor?

assertion 27: if the outermost constant is the HOL equality? assertion 32: if the outermost constant is the HOL existential quantifier?

automatically proves and saves many auxiliary lemmas in the context sep.simps, sep.induct, sep.elims, etc.

Feature extractor?

assertion 27: if the outermost constant is the HOL equality? assertion 32: if the outermost constant is the HOL existential quantifier? assertion 93: if the goal has a term of type “real”?

automatically proves and saves many auxiliary lemmas in the context sep.simps, sep.induct, sep.elims, etc.

Feature extractor?

assertion 27: if the outermost constant is the HOL equality? assertion 32: if the outermost constant is the HOL existential quantifier? assertion 93: if the goal has a term of type “real”?

automatically proves and saves many auxiliary lemmas in the context sep.simps, sep.induct, sep.elims, etc. assertion 10: the context has a related recursive simplification rule?

Feature extractor?

assertion 27: if the outermost constant is the HOL equality? assertion 32: if the outermost constant is the HOL existential quantifier? assertion 93: if the goal has a term of type “real”?

automatically proves and saves many auxiliary lemmas in the context sep.simps, sep.induct, sep.elims, etc. assertion 10: the context has a related recursive simplification rule?

Feature extractor?

assertion 27: if the outermost constant is the HOL equality? assertion 32: if the outermost constant is the HOL existential quantifier? assertion 93: if the goal has a term of type “real”?

automatically proves and saves many auxiliary lemmas in the context sep.simps, sep.induct, sep.elims, etc. assertion 10: the context has a related recursive simplification rule?

Feature extractor?

assertion 27: if the outermost constant is the HOL equality? assertion 32: if the outermost constant is the HOL existential quantifier? assertion 93: if the goal has a term of type “real”?

automatically proves and saves many auxiliary lemmas in the context sep.simps, sep.induct, sep.elims, etc. assertion 10: the context has a related recursive simplification rule?

Feature extractor?

assertion 27: if the outermost constant is the HOL equality? assertion 32: if the outermost constant is the HOL existential quantifier? assertion 93: if the goal has a term of type “real”? assertion 58: the context has a constant defined with the “fun” keyword?

automatically proves and saves many auxiliary lemmas in the context sep.simps, sep.induct, sep.elims, etc. assertion 10: the context has a related recursive simplification rule?

Feature extractor?

assertion 27: if the outermost constant is the HOL equality? assertion 32: if the outermost constant is the HOL existential quantifier? assertion 93: if the goal has a term of type “real”? assertion 58: the context has a constant defined with the “fun” keyword?

automatically proves and saves many auxiliary lemmas in the context sep.simps, sep.induct, sep.elims, etc. assertion 10: the context has a related recursive simplification rule?

Feature extractor?

assertion 27: if the outermost constant is the HOL equality? assertion 32: if the outermost constant is the HOL existential quantifier? assertion 93: if the goal has a term of type “real”? assertion 58: the context has a constant defined with the “fun” keyword?

[…,1,…,1,…0,…,1,…0,…]

10th 27th 32nd 58th 93rd

resulting feature vector:

What assertions I wanted to write / wrote…

What assertions I wanted to write / wrote…

check if the induction variables (x and xs) are arguments of the constant (sep) that has an auxiliary lemma (sep.induct). If the induct method uses an auxiliary lemma (sep.induct) … Assertion 01:

What assertions I wanted to write / wrote…

check if the induction variables (x and xs) are arguments of the constant (sep) that has an auxiliary lemma (sep.induct). If the induct method uses an auxiliary lemma (sep.induct) … Assertion 01:

p

• s

i t i

• n
• f

a r g u m e n t s r e l a t i v e t

• c

e r t a i n c

• n

s t a n t s ! I n d u c t i

• n

v a r i a b l e s ( x a n d x s ) a p p e a r m u l t i p l e t i m e s i n t h e g

• a

l !

What assertions I wanted to write / wrote…

check if the induction variables (x and xs) are arguments of the constant (sep) that has an auxiliary lemma (sep.induct). If the induct method uses an auxiliary lemma (sep.induct) … Assertion 01:

p

• s

i t i

• n
• f

a r g u m e n t s r e l a t i v e t

• c

e r t a i n c

• n

s t a n t s ! I n d u c t i

• n

v a r i a b l e s ( x a n d x s ) a p p e a r m u l t i p l e t i m e s i n t h e g

• a

l !

What assertions I wanted to write / wrote…

check if the induction variables (x and xs) are arguments of the constant (sep) that has an auxiliary lemma (sep.induct). If the induct method uses an auxiliary lemma (sep.induct) … Assertion 01: Assertion 02: Do induction on argument number i if the function is defined by recursion in argument number i?

p

• s

i t i

• n
• f

a r g u m e n t s r e l a t i v e t

• c

e r t a i n c

• n

s t a n t s ! I n d u c t i

• n

v a r i a b l e s ( x a n d x s ) a p p e a r m u l t i p l e t i m e s i n t h e g

• a

l !

What assertions I wanted to write / wrote…

check if the induction variables (x and xs) are arguments of the constant (sep) that has an auxiliary lemma (sep.induct). If the induct method uses an auxiliary lemma (sep.induct) … Assertion 01: Assertion 02: Do induction on argument number i if the function is defined by recursion in argument number i?

definition of constants! p

• s

i t i

• n
• f

a r g u m e n t s r e l a t i v e t

• c

e r t a i n c

• n

s t a n t s ! I n d u c t i

• n

v a r i a b l e s ( x a n d x s ) a p p e a r m u l t i p l e t i m e s i n t h e g

• a

l !

What assertions I wanted to write / wrote…

check if the induction variables (x and xs) are arguments of the constant (sep) that has an auxiliary lemma (sep.induct). If the induct method uses an auxiliary lemma (sep.induct) … Assertion 01: Assertion 02: Do induction on argument number i if the function is defined by recursion in argument number i? Assertion03: Are induction variables appear at the deepest level in the syntax tree?

definition of constants! p

• s

i t i

• n
• f

a r g u m e n t s r e l a t i v e t

• c

e r t a i n c

• n

s t a n t s ! I n d u c t i

• n

v a r i a b l e s ( x a n d x s ) a p p e a r m u l t i p l e t i m e s i n t h e g

• a

l !

What assertions I wanted to write / wrote…

check if the induction variables (x and xs) are arguments of the constant (sep) that has an auxiliary lemma (sep.induct). If the induct method uses an auxiliary lemma (sep.induct) … Assertion 01: Assertion 02: Do induction on argument number i if the function is defined by recursion in argument number i? Assertion03: Are induction variables appear at the deepest level in the syntax tree?

definition of constants! depth? un-currying! p

• s

i t i

• n
• f

a r g u m e n t s r e l a t i v e t

• c

e r t a i n c

• n

s t a n t s ! I n d u c t i

• n

v a r i a b l e s ( x a n d x s ) a p p e a r m u l t i p l e t i m e s i n t h e g

• a

l !

What assertions I wanted to write / wrote…

check if the induction variables (x and xs) are arguments of the constant (sep) that has an auxiliary lemma (sep.induct). If the induct method uses an auxiliary lemma (sep.induct) … Assertion 01: Assertion 02: Do induction on argument number i if the function is defined by recursion in argument number i? Assertion03: Are induction variables appear at the deepest level in the syntax tree?

definition of constants! depth? un-currying! p

• s

i t i

• n
• f

a r g u m e n t s r e l a t i v e t

• c

e r t a i n c

• n

s t a n t s ! I n d u c t i

• n

v a r i a b l e s ( x a n d x s ) a p p e a r m u l t i p l e t i m e s i n t h e g

• a

l ! P x y ==> Q y z ==> R z w

Time

git clone https://github.com/data61/PSL

Time 2017: PSL

git clone https://github.com/data61/PSL

Time 2017: PSL 2019: define the “sep” function

git clone https://github.com/data61/PSL

Time 2017: PSL 2019: define the “sep” function

git clone https://github.com/data61/PSL

2019: define the “DInd” strategy

Time 2017: PSL 2019: define the “sep” function 2019:

git clone https://github.com/data61/PSL

2019: define the “DInd” strategy

Time 2017: PSL 2019: define the “sep” function 2019:

git clone https://github.com/data61/PSL

At the time of development (2017), PSL does not know about

• user defined constants (e.g. “sep”) or
• user defined proof strategies (e.g. DInd).

2019: define the “DInd” strategy