yet another nice and accurate interactive theorem prover
play

yet another nice and accurate interactive theorem prover - PowerPoint PPT Presentation

Mar 27, 2024 •38 likes •288 views

yet another nice and accurate interactive theorem prover (sufficiently similar, sufficiently different) Freek Wiedijk Radboud University Nijmegen 2018 06 25 0 nice combining the nicest aspects of state-of-the-art provers:

  1. yet another nice and accurate interactive theorem prover (sufficiently similar, sufficiently different) Freek Wiedijk Radboud University Nijmegen 2018 06 25 ⇐← 0 →

  2. nice combining the nicest aspects of state-of-the-art provers: ◮ document centric (Isabelle/Mizar) ◮ small (stateless) LCF kernel (HOL/Isabelle/Coq) ◮ saving state per source file (Coq) ◮ first order logic with schemes (Mizar) ◮ ZFC set theory (Mizar) ◮ (soft) dependent types (Mizar/Coq) ◮ subtyping, intersection types (Mizar) ◮ declarative (structured) proofs (Mizar/Isar) ◮ procedural proofs (SSReflect/HOL) ◮ declarative interface (Isabelle/Mizar) ◮ user proof automation (HOL/Coq) ◮ proper treatment of partiality (PVS/B) ⇐← 1 →

  3. accurate ◮ accurate for mathematics ◮ classical mathematics ◮ full strength of set theory ◮ declarative proofs ◮ first class binders ( � dx , � d , , lim , etc) ◮ proper treatment of partiality ◮ accurate for computer science ◮ implemented/programmable in a functional language (ML) ◮ mathematical language contains a functional language ◮ algebraic datatypes ◮ recursive functions (with general recursion) ◮ inductively defined predicates/relations ◮ Poincaré principle = computations do not need proofs ⇐← 2 →

  4. three interfaces ◮ ML read-eval-print loop (HOL) ◮ batch compiler (Coq/Mizar) ◮ web based IDE (Isabelle-style, but in web browser) ◮ light weight ◮ text only, just a few panes ⇐← 3 →

  5. three interfaces ◮ ML read-eval-print loop (HOL) ◮ batch compiler (Coq/Mizar) ◮ web based IDE (Isabelle-style, but in web browser) ◮ light weight ◮ text only, just a few panes ◮ later maybe: diagrams corresponding to proof state ◮ later maybe: proof display as formal proof sketches ◮ later maybe: cross referencing with informal math ⇐← 3 →

  6. some further plans ◮ first class version management ◮ integrated social network (global name space) ◮ Pollack-consistent (= parsing is left inverse of printing) ◮ grow declarative proofs using procedural steps (miz3) ◮ automatically convert procedural proofs to declarative (miz3) ◮ computer algebra using filter calculus (FEAR) ◮ thm keeps track of axioms and lamps used ◮ the only state in the implementation: global ref variables ◮ only plain text (outside 7-bit ASCII = syntax error) ⇐← 4 →

  7. target trial formalizations ◮ the real numbers are a field ◮ Bert Jutting (Automath) ◮ John Harrison (HOL) ◮ Milad Niqui (Coq) ◮ Russell O’Connor (Coq) ◮ Georges Gonthier (Coq) etc ◮ big step semantics ← → small step semantics of small while language (IMP) ◮ Tobias Nipkow, Gerwin Klein: concrete semantics (Isabelle) ◮ Benjamin Pierce: software foundations (Coq) etc ⇐← 5 →

  8. two kernels ◮ inner kernel ◮ untyped ◮ total ◮ de Bruijn indices ◮ no contexts ◮ small ◮ abstract datatypes protected by a module ◮ ‘magic lamps’ ◮ outer kernel ◮ typed ◮ partial ◮ named variables ◮ contexts with typed variables ◮ large ◮ data creation not protected by an abstract interface kernel data structures isomorphic apart from ‘tags’ ⇐← 6 →

  9. the logic ¬ A ∈ ∆ A ∈ ∆ ⊢ ∆ ¬¬ A ∈ ∆ ⊢ ∆ , A ⊢ ∆ ∨ � ⊢ ∆ , � ∀ � x ∨ A ∈ ∆ � x �∈ FV (∆) A ⊢ ∆ ∨ � x := � ¬ ∀ � x ∨ A ∈ ∆ · · · ⊢ ∆ , ¬ A i [ � t ] · · · ⊢ ∆ t = t ∈ ∆ ⊢ ∆ ¬ ( t = t ′ ) ∈ ∆ ⊢ ∆ , A [ x := t ] ⊢ ∆ , ¬ A [ x := t ′ ] ⊢ ∆ . . . + instantiation + scheme instantiation + cut rule ⇐← 7 →

  10. soft types typing is theorem proving slowest theorem prover ever built into the logic/kernel: Coq HOL here types + + − (co) inductive definitions + − − ⇐← 8 →

  11. soft types imply proper treatment of partiality choice: no predicate subtypes (I want type checking to be non-interactive) ⇐← 9 →

  12. soft types imply proper treatment of partiality choice: no predicate subtypes (I want type checking to be non-interactive) type_of (term "x") = type "real" type_of (term "1/x") = type "real" ⇐← 9 →

  13. soft types imply proper treatment of partiality choice: no predicate subtypes (I want type checking to be non-interactive) type_of (term "x") = type "real" type_of (term "1/x") = type "real" real x |- real x real x |- real (1/x) ⇐← 9 →

  14. soft types imply proper treatment of partiality choice: no predicate subtypes (I want type checking to be non-interactive) type_of (term "x") = type "real" type_of (term "1/x") = type "real" real x |- real x real x |- real (1/x) 1/0 is defined (inner kernel is total) but why should it be real ? ⇐← 9 →

  15. soft types imply proper treatment of partiality choice: no predicate subtypes (I want type checking to be non-interactive) type_of (term "x") = type "real" type_of (term "1/x") = type "real" real x |- real x real x |- real (1/x) 1/0 is defined (inner kernel is total) but why should it be real ? types do not even need to be inhabited outside the domain (I want dependent types to have the possibility to be empty) ⇐← 9 →

  16. soft types imply proper treatment of partiality choice: no predicate subtypes (I want type checking to be non-interactive) type_of (term "x") = type "real" type_of (term "1/x") = type "real" real x |- real x real x |- x != 0 => real (1/x) 1/0 is defined (inner kernel is total) but why should it be real ? types do not even need to be inhabited outside the domain (I want dependent types to have the possibility to be empty) ⇐← 9 →

  17. soft types imply proper treatment of partiality choice: no predicate subtypes (I want type checking to be non-interactive) type_of (term "x") = type "real" type_of (term "1/x") = type "real" cc_of (term "x") = [] cc_of (term "1/x") = [form "x != 0"] real x |- real x real x |- x != 0 => real (1/x) 1/0 is defined (inner kernel is total) but why should it be real ? types do not even need to be inhabited outside the domain (I want dependent types to have the possibility to be empty) every term has a type and a list of correctness conditions ⇐← 9 →

  18. soft types imply proper treatment of partiality choice: no predicate subtypes (I want type checking to be non-interactive) type_of (term "x") = type "real" type_of (term "1/x") = type "real" cc_of (term "x") = [] cc_of (term "1/x") = [form "x != 0"] real x |- real x real x |- x != 0 => real (1/x) 1/0 is defined (inner kernel is total) but why should it be real ? types do not even need to be inhabited outside the domain (I want dependent types to have the possibility to be empty) every term has a type and a list of correctness conditions having to deal with partiality is a natural consequence of soft typing (. . . but the logic is total!) ⇐← 9 →

  19. similar projects ◮ Cezary Kaliszyk : Mizar-like system on top of Isabelle ◮ still sufficiently different? ◮ heavier ◮ partiality? ◮ John Harrison : let’s make set theory great again! ◮ no soft types? ◮ Harvey Friedman ◮ not an implementer ◮ free (partial) logic is weird: ⊢ ∃ x. ¬ ( 1 x = 0) ∧ ¬ ( 1 x � = 0) ? ◮ several other ZFC based systems ⇐← 10 →

  20. what do I have already? ◮ not much yet ⇐← 11 →

  21. what do I have already? ◮ not much yet ◮ plans ⇐← 11 →

  22. what do I have already? ◮ not much yet ◮ plans ◮ several false starts ⇐← 11 →

  23. what do I have already? ◮ not much yet ◮ plans ◮ several false starts ◮ implementation of the inner kernel (currently 266 < 448 lines) ◮ basic version of typed terms ◮ first next step: simple parser/printer (both inner/outer kernels) ⇐← 11 →

  24. what do I have already? ◮ not much yet ◮ plans ◮ several false starts ◮ implementation of the inner kernel (currently 266 < 448 lines) ◮ basic version of typed terms ◮ first next step: simple parser/printer (both inner/outer kernels) ◮ recursive descent parser (CakeML has no parser generator) ◮ Pollack-consistent? x + 0 #[+].1# real x (#0# real) ⇐← 11 →

  25. questions? formalization, like sex, and like innovation, is one of those things where the people who talk about it the most tend to be those who do it the least — John Harrison ⇐← 12 →

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

A Parallelized Theorem Prover for Interactive Theorem Proving David L. Rager, Warren A. Hunt Jr.,

A Parallelized Theorem Prover for Interactive Theorem Proving David L. Rager, Warren A. Hunt Jr.,

Introduction Parallelism Primitives Parallelizing ACL2 Evaluate Approach Conclusion A Parallelized Theorem Prover for Interactive Theorem Proving David L. Rager, Warren A. Hunt Jr., and Matt Kaufmann ragerdl@defthm.com, hunt@cs.utexas.edu,

835 views • 59 slides
1 What is a Theorem Prover? What is a Theorem? Theorem: A formalizable statement which is

1 What is a Theorem Prover? What is a Theorem? Theorem: A formalizable statement which is

Prerequisites Course 2D1453, 2006-07 Undergraduate logic and discrete maths CS literacy Advanced Formal Methods Some functional programming experience useful The theorem prover Isabelle is programming in SML Some SML

644 views • 4 slides
The Abella Interactive Theorem Prover (System Description) Andrew Gacek Department of Computer

The Abella Interactive Theorem Prover (System Description) Andrew Gacek Department of Computer

The Abella Interactive Theorem Prover (System Description) Andrew Gacek Department of Computer Science and Engineering University of Minnesota IJCAR 08 August 12, 2008 Characteristics of the Abella System Abella is a theorem proving

794 views • 40 slides
Meditation for a Theorem Prover Reasoning and Consciousness Teaching a Theorem Prover to let

Meditation for a Theorem Prover Reasoning and Consciousness Teaching a Theorem Prover to let

Meditation for a Theorem Prover Reasoning and Consciousness Teaching a Theorem Prover to let its Mind Wander Ulrich Furbach Claudia Schon Univ. Koblenz - DFG Project Cognitive Reasoning Reasoning and Consciousness Teaching a

715 views • 55 slides
Parallelizing an Interactive Theorem Prover Functional Programming and Proofs with ACL2 David L.

Parallelizing an Interactive Theorem Prover Functional Programming and Proofs with ACL2 David L.

Introduction Parallelism Primitives Parallelizing ACL2 Evaluate Approach Conclusion Talking Points Parallelizing an Interactive Theorem Prover Functional Programming and Proofs with ACL2 David L. Rager ragerdl@gmail.com June 17, 2013 1 /

751 views • 57 slides
Metamath Zero or: How to verify a verifier Mario Carneiro Carnegie Mellon University January 9,

Metamath Zero or: How to verify a verifier Mario Carneiro Carnegie Mellon University January 9,

Metamath Zero or: How to verify a verifier Mario Carneiro Carnegie Mellon University January 9, 2020 What is an interactive theorem prover? What is an interactive theorem prover? Interactive: You and the computer collaborate to

700 views • 49 slides
Lean Theorem Prover Tom van Bussel June 14, 2017 Goals It aims to bridge the gap between

Lean Theorem Prover Tom van Bussel June 14, 2017 Goals It aims to bridge the gap between

Lean Theorem Prover Tom van Bussel June 14, 2017 Goals It aims to bridge the gap between interactive and automated theorem proving, by situating automated tools and methods in a framework that supports user interaction and the construction

324 views • 21 slides
A Self-Verifying Theorem Prover Jared Davis (advertisement by J Strother Moore)

A Self-Verifying Theorem Prover Jared Davis (advertisement by J Strother Moore)

A Self-Verifying Theorem Prover Jared Davis (advertisement by J Strother Moore) Department of Computer Sciences University of Texas at Austin September 18, 2009 1 Theorem Prover ? Yes Proof Checker Yes No 2 Rules of

693 views • 40 slides
Batch Proving and Proof Scripting in PVS C esar A. Mu noz munoz@nianet.org National

Batch Proving and Proof Scripting in PVS C esar A. Mu noz munoz@nianet.org National

Batch Proving and Proof Scripting in PVS C esar A. Mu noz munoz@nianet.org National Institute of Aerospace AFM 2006 NIA @ NASA LaRC 1 The PVS Theorem Prover PVS is a powerful interactive theorem prover. For expert users: PVS provides

442 views • 33 slides
CML Theorem Prover Simon Foster 2nd Review Brussels, 21 November, 2013 Deliverable: D33.2 (m24)

CML Theorem Prover Simon Foster 2nd Review Brussels, 21 November, 2013 Deliverable: D33.2 (m24)

CML Theorem Prover Simon Foster 2nd Review Brussels, 21 November, 2013 Deliverable: D33.2 (m24) www.compass-research.eu Theorem Prover Usage CML specifications to be verified by the COMPASS tool type-checking alone is insufficient to

311 views • 8 slides
Interactive Theorem Proving in Industry John Harrison Intel Corporation 16 April 2012 1 Milner

Interactive Theorem Proving in Industry John Harrison Intel Corporation 16 April 2012 1 Milner

Interactive Theorem Proving in Industry John Harrison Intel Corporation 16 April 2012 1 Milner on automation and interaction I wrote an automatic theorem prover in Swansea for myself and became shattered with the difficulty of doing anything

1.16k views • 81 slides
SMAC and XGBoost your Theorem Prover Edvard K. Holden Konstantin Korovin The University of

SMAC and XGBoost your Theorem Prover Edvard K. Holden Konstantin Korovin The University of

SMAC and XGBoost your Theorem Prover Edvard K. Holden Konstantin Korovin The University of Manchester 1 Theorem Proving in First-Order Logic Proof Axioms + Conjecture iProver | Counter model | Timeout 2 Heuristics - The Key to Success

1.03k views • 26 slides
Hygienic Macros for the ACL2 Theorem Prover Carl Eastlund Matthias Felleisen cce@ccs.neu.edu

Hygienic Macros for the ACL2 Theorem Prover Carl Eastlund Matthias Felleisen cce@ccs.neu.edu

Hygienic Macros for the ACL2 Theorem Prover Carl Eastlund Matthias Felleisen cce@ccs.neu.edu matthias@ccs.neu.edu Northeastern University Boston, MA, USA 1 The ACL2 Theorem Prover 2 (defun double (x) (+ x x)) (defun map-double (lst) (if

898 views • 52 slides
Clause Features for Theorem Prover Guidance uv 1 Josef Urban 1 Jan Jakub AITP19, Obergurgl,

Clause Features for Theorem Prover Guidance uv 1 Josef Urban 1 Jan Jakub AITP19, Obergurgl,

Clause Features for Theorem Prover Guidance uv 1 Josef Urban 1 Jan Jakub AITP19, Obergurgl, Austria, April 2019 1 Czech Technical University in Prague, Czech Republic Jan Jakub uv, Josef Urban Clause Features for Theorem Prover Guidance

589 views • 35 slides
Two-prover entangled games are NP hard Anand Natarajan (MIT) Thomas Vidick (Caltech)

Two-prover entangled games are NP hard Anand Natarajan (MIT) Thomas Vidick (Caltech)

Two-prover entangled games are NP hard Anand Natarajan (MIT) Thomas Vidick (Caltech) arXiv:1710.03062 Interactive proofs MIP IP Completeness: If YES, prover can convince verifier with Pr c (e.g. 2/3) Soundness : If NO, prover cannot

472 views • 19 slides
Haskell: Compiler as Theorem-Prover Greg Price ( price ) 2007 Nov 19 code samples:

Haskell: Compiler as Theorem-Prover Greg Price ( price ) 2007 Nov 19 code samples:

Haskell: Compiler as Theorem-Prover Greg Price ( price ) 2007 Nov 19 code samples: http://cluedumps.mit.edu/wiki/2007/11-19 Greg Price ( price ) () Haskell: Compiler as Theorem-Prover 2007 Nov 19 1 / 26 Software Transactional Memory 1

869 views • 48 slides
Industry Perspective: Custodian Managed SSI Model Bob Stewart, Senior Vice President, BBH Adriana

Industry Perspective: Custodian Managed SSI Model Bob Stewart, Senior Vice President, BBH Adriana

Industry Perspective: Custodian Managed SSI Model Bob Stewart, Senior Vice President, BBH Adriana Pollack, Executive Director, JPM Moderated by: Lavanya Balasubramanian, Director, ITP Product Management, DTCC Abstract A discussion on the

313 views • 4 slides
Mike Pollack GLOBAL SENIOR EXECUTIVE SALES &amp; MARKETING | BUSINESS DEVELOPMENT | SUPPLY CHAIN

Mike Pollack GLOBAL SENIOR EXECUTIVE SALES &amp; MARKETING | BUSINESS DEVELOPMENT | SUPPLY CHAIN

Mike Pollack GLOBAL SENIOR EXECUTIVE SALES &amp; MARKETING | BUSINESS DEVELOPMENT | SUPPLY CHAIN LinkedIn Profile 0 The Aerospace Industry Supply Chain Consolidation: Trends, and Consequences Global A&amp;D Market Channel Dynamics

520 views • 38 slides
What is law? coercive nature of law (i.e., not voluntary) rules of the

What is law? coercive nature of law (i.e., not voluntary) rules of the

What is law? coercive nature of law (i.e., not voluntary) rules of the sovereign (legitimate authority) backed by force Problem: who is the sovereign in US? Congress, courts, executive? federal versus state

774 views • 16 slides
A Logical Framework with Dependently Typed Records Thierry Coquand, Randy Pollack, Makoto

A Logical Framework with Dependently Typed Records Thierry Coquand, Randy Pollack, Makoto

A Logical Framework with Dependently Typed Records Thierry Coquand, Randy Pollack, Makoto Takeyama April 16, 2003 (809) A Logical Framework with Dependently Typed Records Thierry Coquand, Slide 1 Robert Pollack, Makoto Takeyama April 16,

363 views • 13 slides
Linear-size Universal Point Sets for One-Bend Drawings Csaba D. T oth Maarten L offler

Linear-size Universal Point Sets for One-Bend Drawings Csaba D. T oth Maarten L offler

Linear-size Universal Point Sets for One-Bend Drawings Csaba D. T oth Maarten L offler Utrecht University Cal State Northridge Utrecht, The Netherlands Los Angeles, CA, USA Universal point sets Universal point sets Def.: A point set S

805 views • 56 slides
On Exact Polya &amp; Putinars Representations Victor Magron , CNRS Joint work with Mohab Safey

On Exact Polya &amp; Putinars Representations Victor Magron , CNRS Joint work with Mohab Safey

On Exact Polya &amp; Putinars Representations Victor Magron , CNRS Joint work with Mohab Safey El Din (Sorbonne Univ. -INRIA-LIP6 CNRS) ISSAC 17 th July 2018 p p 1 4 ( 1 + x 2 + x 4 ) x Deciding Non-negativity co-NP hard problem: check

1.24k views • 54 slides
Carving-width, tree-width and area-optimal planar graph drawing Therese Biedl University of

Carving-width, tree-width and area-optimal planar graph drawing Therese Biedl University of

Carving-width, tree-width and area-optimal planar graph drawing Therese Biedl University of Waterloo biedl@uwaterloo.ca May 5, 2014 Therese Biedl Carving-width, tree-width and graph drawing 1 / 19 Graph Drawing Given: A graph G = ( V , E

1.04k views • 70 slides
Multiple Inheritance and Coercive Subtyping or how to teach an old dog (on steroids) new tricks

Multiple Inheritance and Coercive Subtyping or how to teach an old dog (on steroids) new tricks

Multiple Inheritance and Coercive Subtyping or how to teach an old dog (on steroids) new tricks Claudio Sacerdoti Coen &lt;sacerdot@cs.unibo.it&gt; Enrico Tassi &lt;tassi@cs.unibo.it&gt; University of Bologna 02/05/2007 Outline Mathematical

738 views • 26 slides

More recommend