Unified Classical Logic Completeness A Coinductive Pearl Jasmin - - PowerPoint PPT Presentation

Unified Classical Logic Completeness

A Coinductive Pearl

Jasmin Blanchette Andrei Popescu Dmitriy Traytel

λ → ∀

=

Isabelle

β α

H O L

All too often, proof-theoretic methods are neglected in favor of shorter, and superficially more elegant semantic arguments. [In contrast, in Gallier’s book] the treatment of the proof theory of the Gentzen system is oriented towards computation with proofs. For example, a pseudo-Pascal version of a complete search procedure for first-order cut-free Gentzen proofs is presented. Frank Pfenning

A Proof

∀x. p(x) ⊢ p(y) ∧ p(z)

A Proof

∀x. p(x) ⊢ p(y) ∧ p(z) ∀x. p(x) ⊢ p(y) ∀x. p(x) ⊢ p(z)

CONJRp(y), p(z)

A Proof

∀x. p(x) ⊢ p(y) ∧ p(z) ∀x. p(x) ⊢ p(y) ∀x. p(x), p(y) ⊢ p(y) ∀x. p(x) ⊢ p(z)

CONJRp(y), p(z) ALLLx,p(x),y

A Proof

∀x. p(x) ⊢ p(y) ∧ p(z) ∀x. p(x) ⊢ p(y) ∀x. p(x), p(y) ⊢ p(y) ∀x. p(x) ⊢ p(z)

CONJRp(y), p(z) ALLLx,p(x),y AXp(y)

A Proof

∀x. p(x) ⊢ p(y) ∧ p(z) ∀x. p(x) ⊢ p(y) ∀x. p(x), p(y) ⊢ p(y) ∀x. p(x) ⊢ p(z) ∀x. p(x), p(z) ⊢ p(z)

CONJRp(y), p(z) ALLLx,p(x),y ALLLx,p(x),z AXp(y)

A Proof

∀x. p(x) ⊢ p(y) ∧ p(z) ∀x. p(x) ⊢ p(y) ∀x. p(x), p(y) ⊢ p(y) ∀x. p(x) ⊢ p(z) ∀x. p(x), p(z) ⊢ p(z)

CONJRp(y), p(z) ALLLx,p(x),y ALLLx,p(x),z AXp(y) AXp(z)

A Failing Proof

∀x. p(x) ⊢ p(y) ∧ p(z) ∀x. p(x) ⊢ p(y) ∀x. p(x), p(y) ⊢ p(y) ∀x. p(x) ⊢ p(z)

CONJRp(y), p(z) ALLLx,p(x),y AXp(y)

A Failing Proof

∀x. p(x) ⊢ p(y) ∧ p(z) ∀x. p(x) ⊢ p(y) ∀x. p(x), p(y) ⊢ p(y) ∀x. p(x) ⊢ p(z) ∀x. p(x), p(y) ⊢ p(z)

CONJRp(y), p(z) ALLLx,p(x),y AXp(y) ALLLx,p(x),y

A Failing Proof

∀x. p(x) ⊢ p(y) ∧ p(z) ∀x. p(x) ⊢ p(y) ∀x. p(x), p(y) ⊢ p(y) ∀x. p(x) ⊢ p(z) ∀x. p(x), p(y) ⊢ p(z) ∀x. p(x), p(y) ⊢ p(z)

CONJRp(y), p(z) ALLLx,p(x),y AXp(y) ALLLx,p(x),y ALLLx,p(x),y

A Failing Proof

∀x. p(x) ⊢ p(y) ∧ p(z) ∀x. p(x) ⊢ p(y) ∀x. p(x), p(y) ⊢ p(y) ∀x. p(x) ⊢ p(z) ∀x. p(x), p(y) ⊢ p(z) ∀x. p(x), p(y) ⊢ p(z) ∀x. p(x), p(y) ⊢ p(z)

. . .

CONJRp(y), p(z) ALLLx,p(x),y AXp(y) ALLLx,p(x),y ALLLx,p(x),y ALLLx,p(x),y ALLLx,p(x),y

A Systematic Proof

∀x. p(x) ⊢ p(y) ∧ p(z) ∀x. p(x) ⊢ p(y) ∀x. p(x), p(y) ⊢ p(y) ∀x. p(x) ⊢ p(z) ∀x. p(x), p(x) ⊢ p(z) ∀x. p(x), p(y) ⊢ p(z) ∀x. p(x), p(z) ⊢ p(z)

CONJRp(y), p(z) ALLLx,p(x),y AXp(y) ALLLx,p(x),x ALLLx,p(x),y ALLLx,p(x),z AXp(z)

A Failing Systematic Proof

∀x. p(x) ⊢ p(y) ∧ q(z) ∀x. p(x) ⊢ p(y) ∀x. p(x), p(y) ⊢ p(y) ∀x. p(x) ⊢ q(z) ∀x. p(x), p(x) ⊢ q(z) ∀x. p(x), p(y) ⊢ q(z) ∀x. p(x), p(z) ⊢ q(z)

. . .

CONJRp(y), p(z) ALLLx,p(x),y AXp(y) ALLLx,p(x),x ALLLx,p(x),y ALLLx,p(x),z ALLLx,p(x),y

Our Interest in Gallier’s Proof

Polymorphic FOL

• TFF1

− → Monomorphic FOL

• TFF0

− → Untyped FOL

• FOF

Our Interest in Gallier’s Proof

Polymorphic FOL

• TFF1

− → Monomorphic FOL

• TFF0

− → Untyped FOL

• FOF

Claessen, Lillieström, Smallbone CADE 2011 Blanchette, Böhme, Popescu, Smallbone TACAS 2013

Our Interest in Gallier’s Proof

Polymorphic FOL

• TFF1

− → Monomorphic FOL

• TFF0

− → Untyped FOL

• FOF

Claessen, Lillieström, Smallbone CADE 2011 Blanchette, Böhme, Popescu, Smallbone TACAS 2013 Blanchette, Popescu FroCoS 2013

How to Formalize Completeness?

Harrison TPHOLs 1998 HOL Light Henkin Berghofer 2002 Isabelle/HOL Henkin Ridge, Margetson TPHOLs 2005 Isabelle/HOL Beth–Hintikka Ilik 2010 Coq Henkin Schlöder, Koepke 2012 Mizar Henkin

Henkin ≈ Gödel ≈ canonical models ≈ semantic Beth–Hintikka ≈ Gallier ≈ complete prover ≈ syntactic

How to Formalize Completeness?

Harrison TPHOLs 1998 HOL Light Henkin Berghofer 2002 Isabelle/HOL Henkin Ridge, Margetson TPHOLs 2005 Isabelle/HOL Beth–Hintikka Ilik 2010 Coq Henkin Schlöder, Koepke 2012 Mizar Henkin

Henkin ≈ Gödel ≈ canonical models ≈ semantic Beth–Hintikka ≈ Gallier ≈ complete prover ≈ syntactic

Our Version

• Isabelle/HOL, Beth–Hintikka
• Abstract proof + instantiation with rich FOLs
• Codatatype of possibly infinite trees
• Code generation to Haskell

Our Version

• Isabelle/HOL, Beth–Hintikka
• Abstract proof + instantiation with rich FOLs
• Codatatype of possibly infinite trees
• Code generation to Haskell

A A pseudo-Pascal version of a complete search procedure for first-order cut-free Gentzen proofs is presented.

Our Version

• Isabelle/HOL, Beth–Hintikka
• Abstract proof + instantiation with rich FOLs
• Codatatype of possibly infinite trees
• Code generation to Haskell

A Haskell A pseudo-Pascal ——————– version of a complete search procedure for first-order cut-free Gentzen proofs is presented.

Isabelle/HOL Demonstration

Codatatypes

Inductive (or algebraic) datatypes: datatype α list = Nil | Cons α (α list)

Codatatypes

Inductive (or algebraic) datatypes: datatype α list = Nil | Cons α (α list) Theorems: Distinctness, injectivity, exhaustiveness, induction

Codatatypes

Inductive (or algebraic) datatypes: datatype α list = Nil | Cons α (α list) Theorems: Distinctness, injectivity, exhaustiveness, induction Coinductive (or coalgebraic) datatypes: codatatype α llist = LNil | LCons α (α llist)

Codatatypes

Inductive (or algebraic) datatypes: datatype α list = Nil | Cons α (α list) Theorems: Distinctness, injectivity, exhaustiveness, induction Coinductive (or coalgebraic) datatypes: codatatype α llist = LNil | LCons α (α llist) codatatype α stream = SCons α (α stream)

Codatatypes

Inductive (or algebraic) datatypes: datatype α list = Nil | Cons α (α list) Theorems: Distinctness, injectivity, exhaustiveness, induction Coinductive (or coalgebraic) datatypes: codatatype α llist = LNil | LCons α (α llist) codatatype α stream = SCons α (α stream) Theorems: Distinctness, injectivity, exhaustiveness, coinduction

Syntax and Semantics

datatype fmla = Atm atom | Neg fmla | Conj fmla fmla | All var fmla

Syntax and Semantics

datatype fmla = Atm atom | Neg fmla | Conj fmla fmla | All var fmla Terms

xS

ξ

= ξ x f(t1, ... , tn)S

ξ

=

F

f

• t1S

ξ , ... , tnS ξ

• Atoms

S | =ξ p(t1, ... , tn) =

P

p

• t1S

ξ , ... , tnS ξ

Syntax and Semantics

datatype fmla = Atm atom | Neg fmla | Conj fmla fmla | All var fmla Terms

xS

ξ

= ξ x f(t1, ... , tn)S

ξ

=

F

f

• t1S

ξ , ... , tnS ξ

• Atoms

S | =ξ p(t1, ... , tn) =

P

p

• t1S

ξ , ... , tnS ξ

• Formulas

S | =ξ Atm a = S | =ξ a S | =ξ Neg ϕ = S | =ξ ϕ S | =ξ Conj ϕ ψ = S | =ξ ϕ ∧ S | =ξ ψ S | =ξ All x ϕ = ∀a∈ S. S | =ξ[x←a] ϕ

A Gentzen System

AX

Γ, Atm a ⊢ ∆, Atm a Γ ⊢ ∆, ϕ

NEGL

Γ, Neg ϕ ⊢ ∆ Γ, ϕ ⊢ ∆

NEGR

Γ ⊢ ∆, Neg ϕ Γ, ϕ, ψ ⊢ ∆

CONJL

Γ, Conj ϕ ψ ⊢ ∆ Γ ⊢ ∆, ϕ Γ ⊢ ∆, ψ

CONJR

Γ ⊢ ∆, Conj ϕ ψ Γ, All x ϕ, ϕ[t/x] ⊢ ∆

ALLL

Γ, All x ϕ ⊢ ∆ Γ ⊢ ∆, ϕ[y/x] ALLR (y fresh) Γ ⊢ ∆, All x ϕ

Abstracting Away

∀x. p(x) ⊢ p(y) ∧ p(z) ∀x. p(x) ⊢ p(y) ∀x. p(x), p(y) ⊢ p(y) ∀x. p(x) ⊢ p(z) ∀x. p(x), p(x) ⊢ p(z) ∀x. p(x), p(y) ⊢ p(z) ∀x. p(x), p(z) ⊢ p(z)

CONJRp(y), p(z) ALLLx,p(x),y AXp(y) ALLLx,p(x),x ALLLx,p(x),y ALLLx,p(x),z AXp(z)

Abstracting Away

s0 s1 s3 s2 s4 s5 s6

r0 r1 r3 r2 r4 r5 r6

Abstracting Away

(s0, r0) (s1, r1) (s3, r3) (s2, r2) (s4, r4) (s5, r5) (s6, r6)

Abstracting Away

(s0, r0) (s1, r1) (s3, r3) (s2, r2) (s4, r4) (s5, r5) (s6, r6)

∀x. p(x) ⊢ p(y) ∧ p(z) ∀x. p(x) ⊢ p(y) ∀x. p(x), p(y) ⊢ p(y) ∀x. p(x) ⊢ p(z) ∀x. p(x), p(y) ⊢ p(z) ∀x. p(x), p(y) ⊢ p(z) ∀x. p(x), p(y) ⊢ p(z)

. . . CONJRp(y), p(z) ALLLx,p(x),y AXp(y) ALLLx,p(x),y ALLLx,p(x),y ALLLx,p(x),y AXp(z)

Abstracting Away

(s0, r0) (s1, r1) (s3, r3) (s2, r2) (s4, r4) (s5, r5) (s6, r6) (s0, r0) (s1, r1) (s3, r3) (s2, r2) (s4, r4) (s5, r5) (s6, r6)

. . .

Abstracting Away

(s0, r0) (s1, r1) (s3, r3) (s2, r2) (s4, r4) (s5, r5) (s6, r6)

. . .

Abstracting Away

(s0, r0) (s1, r1) (s3, r3) (s2, r2) (s4, r4) (s5, r5) (s6, r6)

. . . eff : rule → state → state fset → bool enabled r s = (∃ss. eff r s ss)

Abstracting Away

(s0, r0) (s1, r1) (s3, r3) (s2, r2) (s4, r4) (s5, r5) (s6, r6)

. . . eff : rule → state → state fset → bool enabled r s = (∃ss. eff r s ss) Available ∀s. ∃r. enabled r s Persistent ∀s, r, r ′, s′, ss. enabled r ′ s ∧ r′ = r ∧ eff r s ss ∧ s′ ∈ set ss ⇒ enabled r ′ s′

Abstracting Away

(s0, r0) (s1, r1) (s3, r3) (s2, r2) (s4, r4) (s5, r5) (s6, r6)

. . . eff : rule → state → state fset → bool enabled r s = (∃ss. eff r s ss) Available ∀s. ∃r. enabled r s Persistent ∀s, r, r ′, s′, ss. enabled r ′ s ∧ r′ = r ∧ eff r s ss ∧ s′ ∈ set ss ⇒ enabled r ′ s′

codatatype tree = Node (state× rule) (tree fset)

Abstracting Away

(s0, r0) (s1, r1) (s3, r3) (s2, r2) (s4, r4) (s5, r5) (s6, r6)

. . . eff : rule → state → state fset → bool enabled r s = (∃ss. eff r s ss) Available ∀s. ∃r. enabled r s Persistent ∀s, r, r ′, s′, ss. enabled r ′ s ∧ r′ = r ∧ eff r s ss ∧ s′ ∈ set ss ⇒ enabled r ′ s′

codatatype tree = Node (state× rule) (tree fset)

eff r s ss s′ ∈ ss epath (SCons (s′, r ′) σ) epath (SCons (s, r) (SCons (s′, r ′) σ))

Abstracting Away

(s0, r0) (s1, r1) (s3, r3) (s2, r2) (s4, r4) (s5, r5) (s6, r6)

. . . eff : rule → state → state fset → bool enabled r s = (∃ss. eff r s ss) Available ∀s. ∃r. enabled r s Persistent ∀s, r, r ′, s′, ss. enabled r ′ s ∧ r′ = r ∧ eff r s ss ∧ s′ ∈ set ss ⇒ enabled r ′ s′

codatatype tree = Node (state× rule) (tree fset)

eff r s ss s′ ∈ ss epath (SCons (s′, r ′) σ) epath (SCons (s, r) (SCons (s′, r ′) σ)) Fair ∀r. ev (alw enabledAtr) σ ⇒ alw (ev takenr) σ

Theorem (Abstract Completeness)

Assume that the effect relation is available and persistent. Then each state admits either a finite proof tree or a fair escape path.

Proof Idea.

mk Tree : rule stream → state → tree

Theorem (Abstract Completeness)

Assume that the effect relation is available and persistent. Then each state admits either a finite proof tree or a fair escape path.

Proof Idea.

mk Tree : rule stream → state → tree mk Tree ρ s = let SCons r ρ′ = sdropWhile (λr. ¬ enabled r s) ρ ss = (εss. eff r s ss) in Node (s, r) (image (mk Tree ρ′) ss)

Our CASC-25 Submission

data Stream a = SCons a (Stream a) newtype FSet a = FSet [a] data Tree a = Node a (FSet (Tree a)) fmap f (FSet xs) = FSet (map f xs) sdropWhile p (SCons a s) = if p a then sdropWhile p s else SCons a s mkTree eff rho s = Node (s, r) (fmap (mkTree eff rho’) (fromJust (eff r s))) where SCons r rho’ = sdropWhile (\r -> not (isJust (eff r s))) rho

Our CASC-25 Submission

data Stream a = SCons a (Stream a) newtype FSet a = FSet [a] data Tree a = Node a (FSet (Tree a)) fmap f (FSet xs) = FSet (map f xs) sdropWhile p (SCons a s) = if p a then sdropWhile p s else SCons a s mkTree eff rho s = Node (s, r) (fmap (mkTree eff rho’) (fromJust (eff r s))) where SCons r rho’ = sdropWhile (\r -> not (isJust (eff r s))) rho

Conclusion

Our complete abstract proof:

• 425 lines of Isabelle (≈ 8 pages)
• Rigorous
• Formal (mechanized)
• Coinductive

Conclusion

Our complete abstract proof:

• 425 lines of Isabelle (≈ 8 pages)
• Rigorous
• Formal (mechanized)
• Coinductive

A key part of “mechanized metatheory of Sledgehammer”

Conclusion

Our complete abstract proof:

• 425 lines of Isabelle (≈ 8 pages)
• Rigorous
• Formal (mechanized)
• Coinductive

A key part of “mechanized metatheory of Sledgehammer” Future work:

• Completeness for resolution, superposition, ... ?

Evangelizing presupposes a desire in the Church to come out of

• herself. ... When the Church does not come out of herself to

evangelize, she becomes self-referential and then gets sick. The evils that, over time, happen in ecclesial institutions have their root in self-referentiality and a kind of theological narcissism. Jorge Mario Bergoglio