Getting started with Isabelle/Isar Makarius Wenzel TU M unchen - PowerPoint PPT Presentation

Getting started with Isabelle/Isar Makarius Wenzel TU M¨ unchen August 2007 1. Foundations: logical framework 2. Forward reasoning: proof context 3. Backward reasoning: proof state

PRELUDE: Notions of proof

Isabelle tactic scripts lemma A apply ( rule-tac x = x in allE ) apply simp-all apply blast? apply ( subgoal-tac B ) apply auto? oops Problems: • machine instructions • dependent on hidden goal state • goal accumulates local parameters, local premises, conclusions • not modular, not scalable • hard to maintain, hard to re-use (derivative work!) Notions of proof 2

Mathematical vernacular [Davey and Priestley, 1990, pages 93–94] The Knaster-Tarski Fixpoint Theorem. Let L be a complete lattice and f : L → L an order-preserving map. Then � { x ∈ L | f ( x ) ≤ x } is a fixpoint of f . Proof. Let H = { x ∈ L | f ( x ) ≤ x } and a = � H . For all x ∈ H we have a ≤ x , so f ( a ) ≤ f ( x ) ≤ x . Thus f ( a ) is a lower bound of H , whence f ( a ) ≤ a . We now use this inequality to prove the reverse one (!) and thereby complete the proof that a is a fixpoint. Since f is order-preserving, f ( f ( a )) ≤ f ( a ) . This says f ( a ) ∈ H , so a ≤ f ( a ) . Notions of proof 3

Isabelle/Isar proof text theorem Knaster-Tarski : assumes mono : V x y . x ≤ y = ⇒ f x ≤ f y shows f ( � { x . f x ≤ x } ) = � { x . f x ≤ x } ( is f ?a = ?a ) proof − have ∗ : f ?a ≤ ?a ( is - ≤ � ?H ) proof fix x assume x ∈ ?H then have ?a ≤ x .. also from � x ∈ ?H � have f . . . ≤ x .. moreover note mono finally show f ?a ≤ x . qed also have ?a ≤ f ?a proof from mono and ∗ have f ( f ?a ) ≤ f ?a . then show f ?a ∈ ?H .. qed finally show f ?a = ?a . qed Notions of proof 4

Isabelle/Pure proof term Knaster-Tarski ≡ λ H : - . order-antisym · - · - · ( Inter-greatest · - · - · ( λ X Ha : - . order-subst2 · - · - · ?f · - · ( Inter-lower · - · - · Ha ) · ( iffD1 · - · - · ( mem-Collect-eq · - · ( λ x . ?f x ≤ x )) · Ha ) · H )) · ( Inter-lower · - · - · ( iffD2 · - · - · ( mem-Collect-eq · - · ( λ a . ?f a ≤ a )) · ( H · ?f ( � { x . ?f x ≤ x } ) · � { x . ?f x ≤ x } · ( Inter-greatest · - · - · ( λ X Ha : - . order-subst2 · - · - · ?f · - · ( Inter-lower · - · - · Ha ) · ( iffD1 · - · - · ( mem-Collect-eq · - · ( λ x . ?f x ≤ x )) · Ha ) · H ))))) Notions of proof 5

PART I: Foundations

The Pure framework

Pure syntax and primitive rules ⇒ function type constructor � :: ( α ⇒ prop ) ⇒ prop universal quantifier = ⇒ :: prop ⇒ prop ⇒ prop implication [ x :: α ] . . . . b ( x ) :: β b :: α ⇒ β a :: α λ x . b ( x ) :: α ⇒ β ( ⇒ I ) ( ⇒ E ) b ( a ) :: β [ x ] . . . . B ( x ) V x . B ( x ) V x . B ( x ) ( V I ) ( V E ) B ( a ) [ A ] . . . . A = ⇒ B B A ⇒ B (= ⇒ I ) (= ⇒ E ) A = B Foundations: The Pure framework 8

Equality ≡ :: prop ⇒ prop ⇒ prop Axioms for t ≡ u : α, β, η, refl , subst , ext , iff Unification: solving equations modulo αβη • Huet: full higher-order unification (infinitary enumeration!) • Miller: higher-order patterns (unique result) Foundations: The Pure framework 9

Hereditary Harrop Formulas Define the following sets: variables x atomic formulae (without = ⇒ / � ) A � x ∗ . A ∗ = ⇒ A Horn Clauses H def = � x ∗ . H ∗ = ⇒ A Hereditary Harrop Formulas (HHF) Conventions for results: • outermost quantification � x . B x is rephrased via schematic variables B ?x • equivalence ( A = ⇒ ( � x . B x )) ≡ ( � x . A = ⇒ B x ) produces canonical HHF Foundations: The Pure framework 10

Rules everywhere

Natural Deduction rules Examples: A B A ∧ B A = ⇒ B = ⇒ A ∧ B [ A ] . . . . B A − → B ( A = ⇒ B ) = ⇒ A − → B [ n ][ P n ] . . . . P 0 P ( Suc n ) P 0 = ⇒ ( V n . P n = ⇒ P ( Suc n )) = ⇒ P n P n Foundations: Rules everywhere 12

Representing goals Protective marker: # :: prop ⇒ prop # ≡ λ A :: prop . A Initialization: ⇒ # C ( init ) C = General situation: subgoals imply main goal B 1 = ⇒ . . . = ⇒ B n = ⇒ # C Finalization: # C C ( finish ) Foundations: Rules everywhere 13

Rule composition B ′ = � B θ = B ′ θ A = ⇒ B ⇒ C ( compose ) � A θ = ⇒ C θ � A = ⇒ B (= ⇒ -lift ) ( � ⇒ � ⇒ ( � H = A ) = H = ⇒ B ) � A � a = ⇒ B � a ( � -lift ) x. � ( � � A ( � a � x )) = ⇒ ( � � x. B ( � a � x )) Foundations: Rules everywhere 14

Higher-order resolution (back-chaining) � rule : a = ⇒ B � A � a ⇒ B ′ � x. � goal : ( V � H � x = x ) = ⇒ C x )) θ = B ′ θ goal unifier : ( λ� x. B ( � a � ( resolution ) x. � ⇒ � ( V � H � x = A ( � a � x )) θ = ⇒ C θ x. � goal : ( V � x = ⇒ A � x ) = ⇒ C H � assm unifier : A θ = H i θ (for some H i ) ( assumption ) C θ Both inferences are omnipresent in Isabelle/Isar: • resolution : e.g. OF attribute, rule method, also command • assumption : e.g. assumption method, implicit proof ending Foundations: Rules everywhere 15

The Isar proof language

Isar primitives fix x 1 . . . x n :: τ universal parameters assm ≪ inference ≫ a : A 1 . . . A n generic assumptions then indicate forward-chaining of facts have b : B 1 . . . B n local claim show b : B 1 . . . B n local claim, result refines goal using b 1 . . . b n indicate use of facts unfolding b 1 . . . b n unfold definitional equations proof method ? structured refinement qed method ? structured ending { open block } close block next switch block let pat = t term abbreviation (matching) note c = b 1 . . . b n reconsidered facts Foundations: The Isar proof language 17

Derived elements (1) by method 1 method 2 = proof method 1 qed method 2 .. = by rule . = by this from b = note b then with b = from b and this assume = assm ≪ discharge # ≫ fix x assm ≪ expand ≫ x ≡ t def x ≡ t = Γ ∪ � A ⊢ C Γ ∪ x ≡ t ⊢ C t ( discharge #) ( expand ) Γ ⊢ # � A = ⇒ C Γ ⊢ C x Foundations: The Isar proof language 18

Derived elements (2): calculations also 0 = note calculation = this also n +1 = note calculation = trans [ OF calculation this ] finally = also from calculation moreover = note calculation = calculation this ultimately = moreover from calculation Example: have a = b sorry also have . . . = c sorry also have . . . = d sorry finally have a = d . Note: term “ . . . ” abbreviates the argument of the last statement Foundations: The Isar proof language 19

Derived elements (3): forward elimination x where � obtain � B � x � proof � = x. � have reduction : � thesis . ( � � B � x = ⇒ thesis ) = ⇒ thesis � proof � x assm ≪ eliminate reduction ≫ � fix � B � x x. � Γ ⊢ � thesis . ( � � B � x = ⇒ thesis ) = ⇒ thesis Γ ∪ � B � y ⊢ C ( eliminate ) Γ ⊢ C Examples: assume ∃ x . B x then obtain x where B x .. assume A ∧ B then obtain A and B .. Foundations: The Isar proof language 20

Isar proof context elements { { fix x assume A have B x sorry have B sorry } } note � V x . B x � note � A = ⇒ B � { { def x ≡ a obtain x where B x sorry have B x sorry have C sorry } } note � B a � note � C � Foundations: The Isar proof language 21

Isar statements

Statement context and conclusion context-element ∗ conclusion statement ≡ context-element ≡ fixes var and . . . | defines var ≡ term and . . . | assumes name : prop and . . . ≡ shows prop and . . . conclusion Example: r = ⊢ � x y . A x = ⇒ B y = ⇒ C x y theorem r : fixes x and y assumes A x and B y shows C x y proof − from � A x � and � B y � show C x y sorry qed Foundations: Isar statements 23

Forward conclusions Derived conclusion : x where � obtains � B � x . . . = fixes thesis x. � assumes � � B � x = ⇒ thesis and . . . shows thesis Example: r = ⊢ P = ⇒ ( � x y . A x = ⇒ B y = ⇒ thesis ) = ⇒ thesis theorem r : assumes P obtains x and y where A x and B y proof − from � P � have A u and B v sorry then show thesis .. qed Foundations: Isar statements 24

Example: Natural Deduction rules conjI : assumes A and B shows A ∧ B conjE : assumes A ∧ B obtains A and B disjI 1 : assumes A shows A ∨ B disjI 2 : assumes B shows A ∨ B disjE : assumes A ∨ B obtains A B impI : assumes A = ⇒ B shows A − → B impE : assumes A − → B and A obtains B allI : assumes V x . B x shows ∀ x . B x allE : assumes ∀ x . B x obtains B a exI : assumes B a shows ∃ x . B x exE : assumes ∃ x . B x obtains x where B x classical : obtains ¬ thesis Peirce : obtains thesis = ⇒ A Foundations: Isar statements 25

PART II: Forward Reasoning

No Goals!

Atomic proofs Omitted proofs: sorry Automated proofs: by simp by blast by auto Single-step proofs: by rule ≡ .. by this ≡ . by assumption Forward Reasoning: No Goals! 28

Analyzing atomic proofs General atomic proof: by ( initial-method ) ( terminal-method ) Structured expansion: proof ( initial-method ) qed ( terminal-method ) Tactical transformation: apply ( initial-method ) apply ( terminal-method ) apply ( assumption +) ? done Forward Reasoning: No Goals! 29