1 C ONTENT Intro & motivation, getting started with Isabelle - PowerPoint PPT Presentation

A RROW C HEAT S HEET 0 − → = { ( x, y ) | x = y } identity n +1 n − → = − → ◦ − → n+1 fold composition + i − → = � − → transitive closure i> 0 + 0 ∗ − → = − → ∪ − → refl exive transitive closure = 0 − → = − → ∪ − → refl exive closure − 1 − → = { ( y, x ) | x − → y } inverse − 1 ← − = − → inverse ← → = ← − ∪ − → symmetric closure A RROW C HEAT S HEET 13- G

A RROW C HEAT S HEET 0 − → = { ( x, y ) | x = y } identity n +1 n − → = − → ◦ − → n+1 fold composition + i − → = � − → transitive closure i> 0 + 0 ∗ − → = − → ∪ − → refl exive transitive closure = 0 − → = − → ∪ − → refl exive closure − 1 − → = { ( y, x ) | x − → y } inverse − 1 ← − = − → inverse ← → = ← − ∪ − → symmetric closure i + ← → = � ← → transitive symmetric closure i> 0 + 0 ∗ ← → = ← → ∪ ← → refl exive transitive symmetric closure A RROW C HEAT S HEET 13- H

∗ H OW TO D ECIDE l → r ← Same idea as for β : ∗ H OW TO D ECIDE l → r 14 ←

∗ H OW TO D ECIDE l → r ← ∗ ∗ Same idea as for β : look for n such that l − → n and r − → n Does this always work? ∗ H OW TO D ECIDE l → r 14- A ←

∗ H OW TO D ECIDE l → r ← ∗ ∗ Same idea as for β : look for n such that l − → n and r − → n Does this always work? ∗ ∗ ∗ − → n and r − → n then l ← → r . Ok. If l ∗ H OW TO D ECIDE l → r 14- B ←

∗ H OW TO D ECIDE l → r ← ∗ ∗ Same idea as for β : look for n such that l − → n and r − → n Does this always work? ∗ ∗ ∗ − → n and r − → n then l ← → r . Ok. If l ∗ If l ← → r , will there always be a suitable n ? ∗ H OW TO D ECIDE l → r 14- C ←

∗ H OW TO D ECIDE l → r ← ∗ ∗ Same idea as for β : look for n such that l − → n and r − → n Does this always work? ∗ ∗ ∗ − → n and r − → n then l ← → r . Ok. If l ∗ If l ← → r , will there always be a suitable n ? No! Example: f x − → a , g x − → b , f ( g x ) − → b Rules: ∗ H OW TO D ECIDE l → r 14- D ←

∗ H OW TO D ECIDE l → r ← ∗ ∗ Same idea as for β : look for n such that l − → n and r − → n Does this always work? ∗ ∗ ∗ − → n and r − → n then l ← → r . Ok. If l ∗ If l ← → r , will there always be a suitable n ? No! Example: f x − → a , g x − → b , f ( g x ) − → b Rules: ∗ ← → g x f x − → a ← − f ( g x ) − → b ← − g x f x because ∗ H OW TO D ECIDE l → r 14- E ←

∗ H OW TO D ECIDE l → r ← ∗ ∗ Same idea as for β : look for n such that l − → n and r − → n Does this always work? ∗ ∗ ∗ − → n and r − → n then l ← → r . Ok. If l ∗ If l ← → r , will there always be a suitable n ? No! Example: f x − → a , g x − → b , f ( g x ) − → b Rules: ∗ ← → g x f x − → a ← − f ( g x ) − → b ← − g x f x because But: f x − → a and g x − → b and a, b in normal form ∗ H OW TO D ECIDE l → r 14- F ←

∗ H OW TO D ECIDE l → r ← ∗ ∗ Same idea as for β : look for n such that l − → n and r − → n Does this always work? ∗ ∗ ∗ − → n and r − → n then l ← → r . Ok. If l ∗ If l ← → r , will there always be a suitable n ? No! Example: f x − → a , g x − → b , f ( g x ) − → b Rules: ∗ ← → g x f x − → a ← − f ( g x ) − → b ← − g x f x because But: f x − → a and g x − → b and a, b in normal form Works only for systems with Church-Rosser property: ∗ ∗ ∗ ← → r = ⇒ ∃ n. l − → n ∧ r − → n l ∗ H OW TO D ECIDE l → r 14- G ←

∗ H OW TO D ECIDE l → r ← ∗ ∗ Same idea as for β : look for n such that l − → n and r − → n Does this always work? ∗ ∗ ∗ − → n and r − → n then l ← → r . Ok. If l ∗ If l ← → r , will there always be a suitable n ? No! Example: f x − → a , g x − → b , f ( g x ) − → b Rules: ∗ ← → g x f x − → a ← − f ( g x ) − → b ← − g x f x because But: f x − → a and g x − → b and a, b in normal form Works only for systems with Church-Rosser property: ∗ ∗ ∗ ← → r = ⇒ ∃ n. l − → n ∧ r − → n l Fact: − → is Church-Rosser iff it is confl uent. ∗ H OW TO D ECIDE l → r 14- H ←

C ONFLUENCE s ∗ ∗ Problem: x y is a given set of reduction rules confl uent? ∗ ∗ t C ONFLUENCE 15

C ONFLUENCE s ∗ ∗ Problem: x y is a given set of reduction rules confl uent? ∗ ∗ t undecidable C ONFLUENCE 15- A

C ONFLUENCE s ∗ ∗ Problem: x y is a given set of reduction rules confl uent? ∗ ∗ t undecidable Local Confluence s x y ∗ ∗ t C ONFLUENCE 15- B

C ONFLUENCE s ∗ ∗ Problem: x y is a given set of reduction rules confl uent? ∗ ∗ t undecidable Local Confluence s x y ∗ ∗ t Fact: local confl uence and termination = ⇒ confl uence C ONFLUENCE 15- C

T ERMINATION − → is terminating if there are no infinite reduction chains − → is normalizing if each element has a normal form − → is convergent if it is terminating and confl uent Example: T ERMINATION 16

T ERMINATION − → is terminating if there are no infinite reduction chains − → is normalizing if each element has a normal form − → is convergent if it is terminating and confl uent Example: − → β in λ is not terminating, but confl uent T ERMINATION 16- A

T ERMINATION − → is terminating if there are no infinite reduction chains − → is normalizing if each element has a normal form − → is convergent if it is terminating and confl uent Example: − → β in λ is not terminating, but confl uent → β in λ → is terminating and confl − uent, i.e. convergent T ERMINATION 16- B

T ERMINATION − → is terminating if there are no infinite reduction chains − → is normalizing if each element has a normal form − → is convergent if it is terminating and confl uent Example: − → β in λ is not terminating, but confl uent → β in λ → is terminating and confl − uent, i.e. convergent Problem: is a given set of reduction rules terminating? T ERMINATION 16- C

T ERMINATION − → is terminating if there are no infinite reduction chains − → is normalizing if each element has a normal form − → is convergent if it is terminating and confl uent Example: − → β in λ is not terminating, but confl uent → β in λ → is terminating and confl − uent, i.e. convergent Problem: is a given set of reduction rules terminating? undecidable T ERMINATION 16- D

W HEN IS − → T ERMINATING ? Basic Idea : W HEN IS − → T ERMINATING ? 17

W HEN IS − → T ERMINATING ? Basic Idea : when the r i are in some way simpler then the l i W HEN IS − → T ERMINATING ? 17- A

W HEN IS − → T ERMINATING ? Basic Idea : when the r i are in some way simpler then the l i More formally : − → is terminating when there is a well founded order < in which r i < l i for all rules. (well founded = no infinite decreasing chains a 1 > a 2 > . . . ) Example: W HEN IS − → T ERMINATING ? 17- B

W HEN IS − → T ERMINATING ? Basic Idea : when the r i are in some way simpler then the l i More formally : − → is terminating when there is a well founded order < in which r i < l i for all rules. (well founded = no infinite decreasing chains a 1 > a 2 > . . . ) Example: f ( g x ) − → g x , g ( f x ) − → f x This system always terminates. Reduction order: W HEN IS − → T ERMINATING ? 17- C

W HEN IS − → T ERMINATING ? Basic Idea : when the r i are in some way simpler then the l i More formally : − → is terminating when there is a well founded order < in which r i < l i for all rules. (well founded = no infinite decreasing chains a 1 > a 2 > . . . ) Example: f ( g x ) − → g x , g ( f x ) − → f x This system always terminates. Reduction order: s < r t iff size ( s ) < size ( t ) with size ( s ) = numer of function symbols in s W HEN IS − → T ERMINATING ? 17- D

W HEN IS − → T ERMINATING ? Basic Idea : when the r i are in some way simpler then the l i More formally : − → is terminating when there is a well founded order < in which r i < l i for all rules. (well founded = no infinite decreasing chains a 1 > a 2 > . . . ) Example: f ( g x ) − → g x , g ( f x ) − → f x This system always terminates. Reduction order: s < r t iff size ( s ) < size ( t ) with size ( s ) = numer of function symbols in s ➀ g x < r f ( g x ) and f x < r g ( f x ) W HEN IS − → T ERMINATING ? 17- E

W HEN IS − → T ERMINATING ? Basic Idea : when the r i are in some way simpler then the l i More formally : − → is terminating when there is a well founded order < in which r i < l i for all rules. (well founded = no infinite decreasing chains a 1 > a 2 > . . . ) Example: f ( g x ) − → g x , g ( f x ) − → f x This system always terminates. Reduction order: s < r t iff size ( s ) < size ( t ) with size ( s ) = numer of function symbols in s ➀ g x < r f ( g x ) and f x < r g ( f x ) ➁ < r is well founded, because < is well founded on I N W HEN IS − → T ERMINATING ? 17- F

T ERM R EWRITING IN I SABELLE Term rewriting engine in Isabelle is called Simplifier T ERM R EWRITING IN I SABELLE 18

T ERM R EWRITING IN I SABELLE Term rewriting engine in Isabelle is called Simplifier apply simp ➜ uses simplification rules T ERM R EWRITING IN I SABELLE 18- A

T ERM R EWRITING IN I SABELLE Term rewriting engine in Isabelle is called Simplifier apply simp ➜ uses simplification rules ➜ (almost) blindly from left to right T ERM R EWRITING IN I SABELLE 18- B

T ERM R EWRITING IN I SABELLE Term rewriting engine in Isabelle is called Simplifier apply simp ➜ uses simplification rules ➜ (almost) blindly from left to right ➜ until no rule is applicable. T ERM R EWRITING IN I SABELLE 18- C

T ERM R EWRITING IN I SABELLE Term rewriting engine in Isabelle is called Simplifier apply simp ➜ uses simplification rules ➜ (almost) blindly from left to right ➜ until no rule is applicable. termination: not guaranteed (may loop) T ERM R EWRITING IN I SABELLE 18- D

T ERM R EWRITING IN I SABELLE Term rewriting engine in Isabelle is called Simplifier apply simp ➜ uses simplification rules ➜ (almost) blindly from left to right ➜ until no rule is applicable. termination: not guaranteed (may loop) confluence: not guaranteed (result may depend on which rule is used first) T ERM R EWRITING IN I SABELLE 18- E

C ONTROL ➜ Equations turned into simplifaction rules with [simp] attribute C ONTROL 19

C ONTROL ➜ Equations turned into simplifaction rules with [simp] attribute ➜ Adding/deleting equations locally: apply (simp add: < rules > ) and apply (simp del: < rules > ) C ONTROL 19- A

C ONTROL ➜ Equations turned into simplifaction rules with [simp] attribute ➜ Adding/deleting equations locally: apply (simp add: < rules > ) and apply (simp del: < rules > ) ➜ Using only the specified set of equations: apply (simp only: < rules > ) C ONTROL 19- B

D EMO 20

I SAR A L ANGUAGE FOR S TRUCTURED P ROOFS 21

I SAR apply scripts ➜ unreadable I SAR 22

I SAR apply scripts ➜ unreadable ➜ hard to maintain I SAR 22- A

I SAR apply scripts ➜ unreadable ➜ hard to maintain ➜ do not scale I SAR 22- B

I SAR apply scripts ➜ unreadable ➜ hard to maintain ➜ do not scale No structure. I SAR 22- C

I SAR apply scripts What about.. ➜ ➜ unreadable Elegance? ➜ hard to maintain ➜ do not scale No structure. I SAR 22- D

I SAR apply scripts What about.. ➜ ➜ unreadable Elegance? ➜ ➜ hard to maintain Explaining deeper insights? ➜ do not scale No structure. I SAR 22- E

I SAR apply scripts What about.. ➜ ➜ unreadable Elegance? ➜ ➜ hard to maintain Explaining deeper insights? ➜ ➜ do not scale Large developments? No structure. I SAR 22- F

I SAR apply scripts What about.. ➜ ➜ unreadable Elegance? ➜ ➜ hard to maintain Explaining deeper insights? ➜ ➜ do not scale Large developments? No structure. Isar! I SAR 22- G

A TYPICAL I SAR PROOF proof assume formula 0 have formula 1 by simp . . . have formula n by blast show formula n +1 by . . . qed A TYPICAL I SAR PROOF 23

A TYPICAL I SAR PROOF proof assume formula 0 have formula 1 by simp . . . have formula n by blast show formula n +1 by . . . qed proves formula 0 = ⇒ formula n +1 A TYPICAL I SAR PROOF 23- A

A TYPICAL I SAR PROOF proof assume formula 0 have formula 1 by simp . . . have formula n by blast show formula n +1 by . . . qed proves formula 0 = ⇒ formula n +1 (analogous to assumes / shows in lemma statements) A TYPICAL I SAR PROOF 23- B

I SAR CORE SYNTAX proof = proof [method] statement ∗ qed | by method I SAR CORE SYNTAX 24

I SAR CORE SYNTAX proof = proof [method] statement ∗ qed | by method method = (simp . . . ) | (blast . . . ) | (rule . . . ) | . . . I SAR CORE SYNTAX 24- A

I SAR CORE SYNTAX proof = proof [method] statement ∗ qed | by method method = (simp . . . ) | (blast . . . ) | (rule . . . ) | . . . statement = fix variables ( � ) | assume proposition ( = ⇒ ) | [ from name + ] ( have | show ) proposition proof | next (separates subgoals) I SAR CORE SYNTAX 24- B

I SAR CORE SYNTAX proof = proof [method] statement ∗ qed | by method method = (simp . . . ) | (blast . . . ) | (rule . . . ) | . . . statement = fix variables ( � ) | assume proposition ( = ⇒ ) | [ from name + ] ( have | show ) proposition proof | next (separates subgoals) proposition = [name:] formula I SAR CORE SYNTAX 24- C

PROOF AND QED proof [method] statement ∗ qed lemma ” [ [ A ; B ] ] = ⇒ A ∧ B ” 25 PROOF AND QED

PROOF AND QED proof [method] statement ∗ qed lemma ” [ [ A ; B ] ] = ⇒ A ∧ B ” proof (rule conjI) 25- A PROOF AND QED

PROOF AND QED proof [method] statement ∗ qed lemma ” [ [ A ; B ] ] = ⇒ A ∧ B ” proof (rule conjI) assume A: ” A ” from A show ” A ” by assumption 25- B PROOF AND QED

PROOF AND QED proof [method] statement ∗ qed lemma ” [ [ A ; B ] ] = ⇒ A ∧ B ” proof (rule conjI) assume A: ” A ” from A show ” A ” by assumption next 25- C PROOF AND QED

PROOF AND QED proof [method] statement ∗ qed lemma ” [ [ A ; B ] ] = ⇒ A ∧ B ” proof (rule conjI) assume A: ” A ” from A show ” A ” by assumption next assume B: ” B ” from B show ” B ” by assumption 25- D PROOF AND QED

PROOF AND QED proof [method] statement ∗ qed lemma ” [ [ A ; B ] ] = ⇒ A ∧ B ” proof (rule conjI) assume A: ” A ” from A show ” A ” by assumption next assume B: ” B ” from B show ” B ” by assumption qed 25- E PROOF AND QED

PROOF AND QED proof [method] statement ∗ qed lemma ” [ [ A ; B ] ] = ⇒ A ∧ B ” proof (rule conjI) assume A: ” A ” from A show ” A ” by assumption next assume B: ” B ” from B show ” B ” by assumption qed ➜ proof ( < method > ) applies method to the stated goal 25- F PROOF AND QED