Prerequisites Course 2D1453, 2006-07 • Undergraduate logic and discrete maths • CS literacy Advanced Formal Methods • Some functional programming experience useful – The theorem prover Isabelle is programming in SML – Some SML programming may be needed for course projects Mads Dam KTH/CSC • Semantics and formal methods advisable Course Structure Requirements • Lectures • Hand-in assignments – Initial six scheduled, more when needed How? • Hand-in assignments • Course project presentation and report • Course project • Take home exam – Formalize a theory and prove some theorems about it in Isabelle How? • Presentation at final workshop • Course grade determined by exam – Course projects Agreed? – Accompanied by written report • Graduate students: By agreement • Final take home exam – Details to be determined • Reading – Slides, web, references on course page Course Committee - Kursnämnd Practicalities Course web NN1: http://www.csc.kth.se/utbildning/kth/kurser/2D1453/aform07/ NN2: Essential – updated without warning NN3: Registration: Please sign up with Name Program and year Personnummer Email contact Special wishes or interests? 1
What is a Theorem Prover? What is a Theorem? Theorem: A formalizable statement which is provable on Input Output the basis of explicit, formalizable assumptions Yes/no Theorem Pythagoras theorem : In a right triangle with sides A, B, C Proof Model, or where C is hypotenuse, C 2 = A 2 + B 2 Theorem prover theory Proof state – Theorem in the theory of geometry Counterexample User guidance Fundamental theorem of arithmetic : A whole number Automated theorem prover: bigger than 1 can be uniquely represented as a product – Read first order logic sentence, crunch, answer yes or no or fail to of primes terminate, maybe produce counterexample – Theorem in the theory of arithmetic Interactive theorem prover: – Formalize problem in theory, guide theorem prover in proof search, automate when possible, output is proof (or failure) What is a Theorem? Formalized Theorems Theorem : The program ”x:=n ; while x > 0 do x=x-1 od” • Theorems are stated in a formal logic terminates – Self-contained – Theorem in the theory of while program execution – No hidden assumptions • Many different logics are possible Some fictive theorem of Java bytecode verification: – Propositional logic, first order logic, higher order logic, type After passing the Java bytecode verifier (version x.y.z, theory, linear logic, temporal logic, epistemic logic,... this and that implementation) programs written in the • Not mathematical theorems Java Virtual Machine language are guaranteed to be – Theorems in math are informal type safe – Mathematicians are happy with informal statements and proofs – Theorem in the theory of JVM classfile execution Formalized Proofs So Why Bother? • The problem itself rather than the maths is interesting • Proofs are formal objects, subject to manipulation Want to know e.g.: • Not mathematical proofs – Does program P deadlock? • Proofs in math are – Is programming language L type safe? – Informal – Does API A guarantee release of keys only to properly – Validated by ”peer review” authorized users? • Proofs may be huge, boring and repetitive, and not likely Same role as code inspection in software engineering to be examined by peers – Meant to convey a message – how the proof works • Formalizing gives a chance to leave the mechanics to – Formal details are too cumbersome the machine – Proof manipulation and proof recognition • We can carry on with the interesting bits: – Formalization and proof search 2
Automated or Interactive proof? Some History The two are obviously related, and yet not 1929: M. Presburger shows that linear arithmetic is decidable Automated theorem proving: 60’s: Field of automated theorem proving starts – Use: Posing questions small/easy enough to be tractable – Technology: Algorithms and semi-algorithms – SAT – boolean satisfiability solving – Resolution (Robinson, 1965) Interactive theorem proving: – Lots of enthusiasm – Use: Formal modelling and proof search 70’s: Reality sinks in – Technology: Proof representation and manipulation – Complexity theory, hard problems But of course the two are tightly related – Difficult to prove ”interesting” theorems – Pointless to do algorithmic work by hand 70’s – present: Many theorem proving systems built This course: Mainly interactive theorem proving – Otter, Boyer-Moore, NuPrl, isabelle, Coq, PVS, ESC/Java and – At least initially simplify,... In Maths Current Situation 1976: Appel and Haken proves four colour conjecture • Software issues gain importance Splits proof into about 1500 cases examined by computer – Internet – ease of downloading executable code, ease of attacks – Java etc. – code mobility plus manual part – Increased public awareness of computer security issues First use of programs to solve open problem in math – Highly controversial at the time • New interest in software verification Since then other open problems in math have been settled – Automated and interactive program verification 2004: Werner and Gonthier formalizes and proves four – Protocols colour conjecture in CoQ – Language generics: Compilers, type systems, bytecode verifiers – Eliminates need to trust Appel and Haken’s program – Instead need to trust CoQ higher order dependent type theory and its kernel implementation • But the decidability and complexity bounds remain ... What We’ll Do in the Course Isabelle • Theoretical underpinnings • Generic proof assistant – Lambda calculus • Developed by Larry Paulson at Cambridge and Tobias – Type systems Nipkow at Munich – Proof systems, natural deduction – Lots of other contributors – Some theorem proving • Main instantiations are HOL and ZF – Some decision procedures, probably • URL: isabelle.in.tum.de • Isabelle – Getting you started • Several layers: – Some Isabelle specifics – Proof General: User interface – Assignments mix pen and paper + Isabelle – HOL, ZF: Object logics • Projects – Isabelle: Generic proof assistant – Formalize some theory and prove things about it – Standard ML: Programming language – Security protocols, a machine model, a type system – All layers can be accessed 3
Homework • Look up the course page for papers by Hoare, Moore, Demillo et al. • Visit the Isabelle site, download and install if needed • Browse the documentation • Familiarize yourself with the tool. Look through the preview at the overview page. • Start reading the Isabelle tutorial, work through sections 2.1 and 2.2 to do a first example. 4
Recommend
More recommend