Towards Smart Proof Search for Isabelle PSL and all that k e e - - PowerPoint PPT Presentation

▶

Feb 25, 2023 36 likes •271 views

s a n w o n k y l A r e T m C I r N o f Towards Smart Proof Search for Isabelle PSL and all that k e e w t s a Yutaka Nagashima | Trustworthy System Research Group l l i t n March 2017 u www.csiro.au Example

SLIDE 1 www.csiro.au

Towards Smart Proof Search for Isabelle

PSL and all that Yutaka Nagashima | Trustworthy System Research Group March 2017 f

m e r l y k n

n a s N I C T A u n t i l l a s t w e e k

SLIDE 2

Click to edit Master text styles
Second level

– Third level – Fourth level

Fifth level

Presentation title | Presenter name

Example proof at Data61

2 taken from: https://github.com/seL4/seL4

SLIDE 3 Towards Smart Proof Search. | Yutaka Nagashima

PSL and try-hard for Isabelle/HOL

The percentage of automatically proved obligations out of 1526 proof obligations (timeout = 300s) 0% 25% 50% 75% 100% try_hard sledgehammer 3 Part 1 73% 57% 20% 16% 28% Part 2 Not specific to Isabelle! Other ITPs / Logic Programming

SLIDE 4 Towards Smart Proof Search. | Yutaka Nagashima 4

Isabelle/HOL before PSL

tactic / sub-tool proof goal context no sub-goal! subgoals error-message It's blatantly clear You stupid machine, that what I tell you is true (Michael Norrish)

SLIDE 5 Towards Smart Proof Search. | Yutaka Nagashima 5

PSL (Proof Strategy Language)

PSL meta-tool approach programming language extensible (Eisbach) tactics quickcheck runtime tactic generation extensive proof search low memory usage efficient proof generation native Isabelle proof script sledgehammer parallel search almost no code clutter!!

SLIDE 6 Towards Smart Proof Search. | Yutaka Nagashima 6

Isabelle/HOL with PSL

strategy proof goal context efficient tactic proved theorem / subgoals / message PSL tactic / sub-tool proof goal context Much less interaction with Isabelle.

SLIDE 7 PSL and all that. | Yutaka Nagashima

Tactics 1

7 preproces goal Case 2 goal goal goal imp subgoal 1 Case 3 imp subgoal 2 goal imp imp tactic new goal Case 1 imp goal False P imp principle of explosion

SLIDE 8 PSL and all that. | Yutaka Nagashima

[ ] , ,

Tactics 2

8 tactic preproces goal new goal Case 1 imp goal Case 2 goal goal goal imp Case 3 imp subgoal 2 goal imp imp subgoal 1

: thm

SLIDE 9 PSL and all that. | Yutaka Nagashima

[ ]

Tactics 2

9 tactic preproces goal Case 4 (failure = empty list) goal goal imp

SLIDE 10 PSL and all that. | Yutaka Nagashima

Tactics 3

10 fun tactic :: thm -> [ thm ] induct simp auto

[ , ,…]

tactic goal :: thm goal 1:: thm goal 2 :: thm Lazy simp auto OR THEN induct auto REPEAT simp

SLIDE 11 Towards Smart Proof Search. | Yutaka Nagashima

[ ,…]

goal 1-1 [ ] tactic1

[ , ,…]

goal 1 tactic2 goal 2

Tactical (THEN)

11 goal :: thm THEN tactic1 tactic2 tactic2

@[ ,…]@[…

goal 2-1 tactic2 giant tactic?

SLIDE 12 Towards Smart Proof Search. | Yutaka Nagashima

Giant tactic

12 problem 2: Giant tactics are too slow! problem 1: Default tactics are too weak! problem 3: Sledgehammer and quick-check are not tactics! giant tactic? force auto simp fast OR OR OR

SLIDE 13 Towards Smart Proof Search. | Yutaka Nagashima non-determinism

Thens [Dynamic(Induct), Auto, IsSolved]

13 (InductA ++ InductB ++ …) THEN auto THEN is_solved goal Dynamic ( Induct ) Auto IsSolved sequential combination (THEN) runtime interpretation

SLIDE 14 Towards Smart Proof Search. | Yutaka Nagashima

Monadic interpretation

14 goal Dynamic ( Induct ) Auto IsSolved type tactic = thm -> thm Seq.seq type ‘a tactic = ‘a -> ‘a monad writer monad + non-deterministic monad efficient proof scripts as “state” pointer? explicit tree construction?

SLIDE 15 Towards Smart Proof Search. | Yutaka Nagashima

Sledgehammer as tactic

15 They work on Proof.state not on thm. problem 3: Sledgehammer and quick-check are not tactics! type ‘a tactic = 'a -> ‘a nondet_state_monad type tactic = P.state -> P.state nondet_state_monad persistant hammering Thens [Dyn (Induct), Thens[Hammer+ , IsSolved]] parallel PThenOne

SLIDE 16 PSL and all that. | Yutaka Nagashima

try_hard: the default strategy

16 strategy Basic = Ors [ Auto_Solve, Blast_Solve, FF_Solve, Thens [IntroClasses, Auto_Solve], Thens [Transfer, Auto_Solve], Thens [Normalization, IsSolved], Thens [DInduct, Auto_Solve], Thens [Hammer, IsSolved], Thens [DCases, Auto_Solve], Thens [DCoinduction, Auto_Solve], Thens [Auto, RepeatN(Hammer), IsSolved], Thens [DAuto, IsSolved]] strategy Try_Hard = Ors [Thens [Subgoal, Basic], Thens [DInductTac, Auto_Solve], Thens [DCaseTac, Auto_Solve], Thens [Subgoal, Advanced], Thens [DCaseTac, Solve_Many], Thens [DInductTac, Solve_Many] ]

SLIDE 17

PSL: Demo

SLIDE 18 Towards Smart Proof Search. | Yutaka Nagashima

PSL and try-hard for Isabelle/HOL

The percentage of automatically proved obligations out of 1526 proof obligations (timeout = 300s) 0% 25% 50% 75% 100% try_hard sledgehammer 18 Part 1 73% 57% 20% 16% 28% Part 2 try_smart

SLIDE 19 Towards Smart Proof Search. | Yutaka Nagashima 19

PaMpeR: Proof Method Recommendation System

proof method recommendation:: (proof method * double) list PaMpeR strategy proof goal context Proof Data Base assertions proof goal context Regression Algorithm proof goal and context as a vector of boolean values e.g. AFP & seL4

huge and complex Type class mechanism? Recursively defined constant?

SLIDE 20

PaMpeR: Demo

Affine_Arithmetic/Affine_Approximation

SLIDE 21 Towards Smart Proof Search. | Yutaka Nagashima 21 efficient tactic PSL tactic / sub-tool proof goal context Even better than PSL. proof goal context try_smart small strategy proof goal context

Future work: try-hard to try-smart

runtime tactic generation state monad transformer PaMpeR

SLIDE 22 Towards Smart Proof Search. | Yutaka Nagashima 22 Isabelle/PSL on Github (https://github.com/data61/PSL) Leave a star if you like. Lean/PSL coming soon(?) Isabelle/PaMpeR on Github (still work in progress) I want you to use PSL / adopt the idea

SLIDE 23 www.csiro.au

Thank You

TS/ProofEngineering Yutaka Nagashima  Engineer