First Order Logic in Practice 1 First Order Logic in Practice John Harrison Univ ersit y of Cam bridge http://www.cl.cam.ac.u k/u ser s/j rh/ � Bac kground: in teraction and automation � Wh y do w e need �rst order automation? � First order automation for ric her logics � Whic h problems arise in practice? � Do the existing metho ds w ork? � Final remarks John Harrison Univ ersit y of Cam bridge, 27 Octob er 1997
First Order Logic in Practice 2 The sp ectrum of theorem pro v ers A UTOMA TH (de Bruijn) Stanford LCF (Milner) Mizar (T rybulec) . . . . . . PVS (Owre, Rush b y , Shank ar) . . . . . . SETHEO (Letz et al.) Otter (McCune) John Harrison Univ ersit y of Cam bridge, 27 Octob er 1997
First Order Logic in Practice 3 In teraction plus Automation It's a v ery natural idea for in teractiv e theorem pro v ers to include automation for �lling in the in termediate steps. The idea go es bac k at least to the SAM (semi-automated mathematics) pro ject in the late 60s. No w ada ys man y of the leading in teractiv e systems include automation. There are man y di�eren t asp ects of reasoning that ma y b e automated, e.g. � Pure logic (�rst/higher order with/without equalit y) � Linear arithmetic (or nonlinear arithmetic) � Algebraic simpli�cation � Rewriting, completion and other equalit y reasoning � Inductiv e pro ofs John Harrison Univ ersit y of Cam bridge, 27 Octob er 1997
First Order Logic in Practice 4 What kind of automation? Di�eren t in teractiv e systems tend to fo cus on some of these in particular, b ecause they are considered more imp ortan t and/or easier to implemen t. F or example: � Isab elle | mainly automation of logical and equalit y reasoning. No decision pro cedures for arithmetic. � PVS | decision pro cedures for imp ortan t theories suc h as linear arithmetic, tigh tly coupled using congruence closure. Minimal supp ort for pure logic. � HOL | automation for logical and equalit y reasoning and linear arithmetic, as w ell as Bo y er-Mo ore st yle automation of induction pro ofs. But minimal in tegration of these di�eren t pro v ers. Whic h are really the most imp ortan t? John Harrison Univ ersit y of Cam bridge, 27 Octob er 1997
First Order Logic in Practice 5 Logical v theory reasoning (1) The simple answ er is that all of these can b e imp ortan t, some more than others, dep ending on the application. Di�eren t applications migh t include: 1. F ormalizing abstract algebra (e.g. general results ab out comm utativ e rings) 2. F ormalizing more concrete mathematics (e.g. particular T a ylor expansions) 3. V erifying abstract system mo dels (e.g. securit y proto cols) 4. V erifying concrete system mo dels (e.g. �oating p oin t arithmetic) F or example, logical reasoning is t ypically more imp ortan t for (1) and (3), algebraic simpli�cation for (2) and linear arithmetic for (4). Of course, these are just v ague general rules. John Harrison Univ ersit y of Cam bridge, 27 Octob er 1997
First Order Logic in Practice 6 Logical v theory reasoning (2) But w e can in general sa y that automating theory reasoning is more imp ortan t. Wh y? � Explicit pro ofs of, sa y , facts of linear arithmetic (e.g. j x � y j � jj x j � j y jj ) tend to b e almost un b earably dull and tedious. � The logical reasoning in an argumen t is usually relativ ely in teresting, and fairly simple. Our o wn recen t w ork b ears this out | w e use b oth logical and theory reasoning but w ould m uc h prefer to giv e up the former than the latter. Wh y , then, should w e b e in terested in logical automation? W ell, ev en if it's not the most useful form, it is still useful. But there is a deep er reason wh y logical automation is particularly signi�can t. John Harrison Univ ersit y of Cam bridge, 27 Octob er 1997
First Order Logic in Practice 7 A Declarativ e Pro of St yle W e ha v e said that the logical structures of t ypical theorems are reasonably simple and in teresting. Ho w ev er sometimes the precise c horeographing of logical steps is quite tedious when one theorem `ob viously' follo ws from a giv en set of premisses. Mizar allo ws the user merely to state the premisses, and �nds the pro of itself, using an optimized sp ecial case of tableaux as w ell as simple tec hniques for equalit y reasoning. This op ens up the p ossibilit y of stating pro ofs in a m uc h less prescriptiv e and more de clar ative st yle, whic h arguably leads to a n um b er of adv an tages in readabilit y , main tainabilit y and indeed writabilit y . The same adv an tages can b e had in man y other in teractiv e systems, giv en adequate logical automation. John Harrison Univ ersit y of Cam bridge, 27 Octob er 1997
First Order Logic in Practice 8 Ric her logics Man y of the leading in teractiv e systems lik e HOL and PVS are based on a higher-order logic. It w ould seem that w e need to automate higher order logic, as in Andrews's system TPS, not �rst order logic. Ideally y es, but (empirically) �rst order automation is su�cien t for man y of the problems that arise in practice, using the w ell-kno wn mec hanical reduction of higher order to �rst order logic. First order logic has the adv an tage that there are w ell engineered `o�-the-shelf ' tec hniques (and systems) to handle it. John Harrison Univ ersit y of Cam bridge, 27 Octob er 1997
First Order Logic in Practice 9 HOL to F OL There are some signi�can t c hoices in the reduction of higher order to �rst order logic. � Ho w to deal with higher order features suc h as lam b da abstractions. A translation of P [ � x: t [ x ]] to 8 f : ( 8 x: f ( x ) = t [ x ]) ) P [ f ]? � Ho w to cop e with the p olymorphic t yp es used in sev eral higher order theorem pro v ers. Preserv e the t yp e information or thro w it a w a y? Ho w do w e ensure soundness? � Ho w to reduce the problem to the normal form required b y the �rst order pro v er. F or example, there are man y di�eren t w a ys of splitting up the problem in to subproblems. � Ho w to handle equalit y reasoning, whic h is v ery imp ortan t in practice. Naiv e equalit y axioms? Brand's transformation? P aramo dulation in the �rst order pro v er? John Harrison Univ ersit y of Cam bridge, 27 Octob er 1997
First Order Logic in Practice 10 Practical Problems T raditionally , �rst order pro v ers ha v e b een used for elegan t examples in relativ ely simple axiomatic systems. Often the set of axioms, and ev en their form ulation, is pic k ed v ery carefully . The curren t test suites for �rst order pro v ers, e.g. TPTP , tend to re�ect this bias. The problems w e need to solv e in our w ork tend to b e di�eren t. They are sometimes (not alw a ys) shallo w, but in v olv e relativ ely big and in tricate terms, and large amoun ts of irrelev an t information. W e suggest compiling a new list of problems from real applications of �rst order reasoning. It w ould b e p ossible to do this semi-automatically . W e ha v e already compiled a list of a few h undred examples from our o wn w ork. Preparing a TPTP-st yle public test suite w ould b e quite p ossible, or adding them to the new F OF suite. John Harrison Univ ersit y of Cam bridge, 27 Octob er 1997
First Order Logic in Practice 11 Do existing metho ds w ork? But there w ould b e little p oin t in making di�eren t test suites unless they demanded signi�can tly di�eren t qualities in a pro v er. There is one ob vious di�erence: w e w an t to solv e routine problems quickly , rather than v ery hard problems in hours or da ys. Moreo v er, our problems ma y test the sensitivit y of systems to v ery large terms, ev en when those terms are irrelev an t to the pro of, and the abilit y to discriminate among a large database of axioms. Systematic testing of di�eren t systems on our problems w ould b e in teresting, but w e ha v en't done this y et. W e use a v ersion of MESON (see CADE-13 pap er). One in teresting p oin t has come to ligh t: w e �nd that on a v erage, naiv e equalit y axioms are b etter than Brand's transformation. Apparen tly on more standard test problems, the opp osite is true. John Harrison Univ ersit y of Cam bridge, 27 Octob er 1997
Recommend
More recommend
