# Isabelle / HOL Theorem Proving System

## Presentation on theme: "Isabelle / HOL Theorem Proving System"— Presentation transcript:

Isabelle / HOL Theorem Proving System
Quang M. Tran Isabelle / HOL Theorem Proving System Course: CAS760 Logic for Practical Use Instructor: Dr. William M. Farmer Department of Computing and Software McMaster University, ON, Hamilton, Canada

Outline History overview
Isabelle / HOL first taste: screenshot + Prove: rev (rev list) = list Isabelle / HOL: big picture + terminologies Natural deduction: Prove P v Q => Q v P Isabelle classical reasoner References + Conclusion Conclusion Isabelle / HOL

History: All started with Robin Milner
British computer scientist. 1972: Milner developed proof checker for Scott’s “Logic for Computable Functions” (LCF) at Stanford (known as “Stanford LCF” ). 1973: Milner moved to Edinburgh and started the successor project “LCF Edinburgh”. ML language is born in this time. 1981: Mike Gordon joined Cambridge and HOL was born. 1990s: Larry Paulson developed Isabelle. Milner Paulson Isabelle / HOL

Isabelle / HOL first taste : Fun with (Toy)List
(*ToyList.thy*) theory ToyList imports Datatype begin (*Datatype of list*) datatype 'a list = Nil ("[]") | Cons 'a "'a list" (infixr ":" 65) … (contd. next slide) CAS760: list as inductive data type, remember? Syntax annotation Official syntax [] Nil 10 : [] Cons 10 Nil 15 : 10 : [] Cons 15 (Cons 10 Nil) Isabelle / HOL

Isabelle / HOL first taste (contd.)
(*Functions on lists*) primrec concat :: "'a list => 'a list => 'a list" (infixr “++" 65) where "[] ++ ys = ys" | "(x : xs) ++ ys = x : (xs ++ ys)“ primrec rev :: "'a list => 'a list" where "rev [] = [] " | "rev (x : xs) = (rev xs) ++ (x : [])" “++” is defined by primitive recursion. Syntax annotation Official syntax (10 : []) ++ [] concat (Cons 10 Nil) Nil (10 : []) ++ (5 : []) concat (Cons 10 Nil) (5 : Nil) Isabelle / HOL

Proof: rev (rev list) = list
Main goal: rev(rev xs) = xs Subgoal 1: rev (rev []) = [] Simplifier can solve it: rev (rev []) = rev [] = [] Done! Subgoal 2: Forall a list. rev (rev list) = list => rev (rev (a : list)) = a : list Simplifier reduces to subgoal 2.1: Forall a list. rev (rev list) = list => rev (rev list ++ a : []) = a : list Generate subgoals Simplified Simplified theorem rev_rev [simp]: "rev(rev xs) = xs” apply(induct_tac xs) (*Apply induction tactic*) apply(auto) (*Try to solve “automatically” using simplifier) Isabelle / HOL

Proof (contd.) We need a lemma
rev (xs ++ ys) = (rev ys) ++ (rev xs) Subgoal 1: rev ([] ++ ys) = rev ys ++ rev [] Subgoal 2: Forall a list. rev (list ++ ys) = rev ys ++ rev list => rev ((a : list) ++ ys) = rev ys ++ rev (a : list) a list. rev (list ++ ys) = rev ys ++ rev list => (rev ys ++ rev list) ++ a : [] = rev ys ++ rev list ++ a : [] Find subgoals lemma rev_app [simp]: "rev(xs ++ ys) = (rev ys) ++ (rev xs)" apply(induct_tac xs) (*Apply induction tactic on xs*) apply(auto) (*Try to solve “automatically” using simplifier) Isabelle / HOL

Complete Proof: rev(rev list) = list
… lemma app_assoc [simp]: "(xs ++ ys) ++ zs = xs ++ (ys ++ zs)" apply(induct_tac xs) apply(auto) done lemma app_Nil2 [simp]: "xs ++ [] = xs" lemma rev_app [simp]: "rev(xs ++ ys) = (rev ys) ++ (rev xs)" theorem rev_rev [simp]: "rev(rev xs) = xs" We need to prove 3 supporting lemmas , i.e. “Backward” proof This is the theorem what we want to prove Isabelle / HOL

Isabelle: big picture Proof General For Isabelle Isabelle / HOL
(X)Emacs GUI for theorem provers A concrete Isabelle instance for Higher- Order-Logic (HOL) Proof General For Isabelle Isabelle / ZF Isabelle / HOL Isabelle / Your Logic Here Provides a generic infrastructure to develop theorem provers. Isabelle Isabelle / HOL

Theorem proving terminologies
Meaning Examples Theorem The formula we want to prove rev (rev list) = list Lemma Supporting (sub)theorems for proving the target theorem rev (xs ++ ys) = (rev ys) ++ (rev xs) Tactic Produces subgoals from a goal apply(induct_tac) Simplification The process of simplifying a term / formula by repeated application of rewrite rules rev (rev []) = rev [] = [] Isabelle / HOL

Natural deduction By the German mathematician and logician Gentzen.
Motivation: Logical formalism that occurs “naturally” (closely to human reasoning). Assume: “If pigs can fly, then there are green men on Mars” is true. You see a pig flies in Hamilton? Then there are green men on Mars! Gentzen Modus Ponens. This is true for arbitrary P, Q Isabelle / HOL

Natural deduction: Inference rules
Introduction (intro.) Elimination (elim.) Conjunction elim. Conjunction intro. Disjunction intro. Disjunction elim. Implication elim. (modus pones !) Implication intro. Isabelle / HOL

Natural deduction (contd.)
Introduction (intro.) Elimination (elim.) Existential quantifier intro. Existential quantifier elim. Universal quantifier intro. Universal quantifier elim. Isabelle / HOL

Proof: P v Q => Q v P lemma disj_swap: "P v Q => Q v P"
Applies disjunction elim. rule: lemma disj_swap: "P v Q => Q v P" apply (erule disjE) Subgoals: P => Q v P (1) Q => Q v P (2) apply (rule disjI2) Subgoal: P => P apply assumption (*Likewise for (2)*) apply (rule disjI1) done Applies disjunction intro. rule (2) : Isabelle / HOL

Isabelle’s classical reasoner
Working with primitive rules like before are tedious. Classical reasoner = a family of tools that perform proofs automatically. Examples: blast method. lemma disj_swap2: "P v Q => Q v P" apply (blast) No subgoals! Done! “blast“ can solve this automatically Isabelle / HOL

Proof: P v Q => Q v P Demo Isabelle / HOL

References Isabelle newcomers: A Proof Assistant for Higher-Order Logic, written by Isabelle authors e.g. C. Paulson, online PDF available. Historical development: From LCF to HOL: a short history , Mike Gordon and The next 700 Theorem Provers, C. Paulson. Theorem prover design techniques: Design a Theorem Prover, C. Paulson. Isabelle / HOL

Conclusion: Should I bother with Isabelle?
If you need computer-aided proofs, e.g. formal verification. If you want to deepen your knowledge in logics / mathematics / functional programming. If you have interest in mechanizing mathematics. … then the answer is Yes. Isabelle can be used as a tool to get work done or simply a platform to experiment and study. Isabelle / HOL