Add to collection(s) Add to saved
  1. Math
  2. Calculus

Focused Inductive Theorem Proving

advertisement 
Focused Inductive Theorem Proving
David Baelde, Dale Miller & Zach Snow
University of Minnesota & INRIA / EĢcole Polytechnique
IJCAR 2010
Introduction
Tac
I
An interactive theorem prover
for intuitionistic logic with least and greatest fixed points
I
A powerful tactic for automated (co)inductive theorem proving
Foundations
I
I
Sequent calculus: clear, modular, certificates
Focusing
I
I
Organizes choices in proof search
Better foundation for designing heuristics
Logic programming
A specification (Γ)
∀k .
∀x ∀l ∀k ∀m.
app nil k k
app l k m ⊃ app (x :: l ) k (x :: m)
Ugly sequent calculus proofs
..
.
Γ, ∀k ∀m. app [4] k m ⊃ app [3; 4] k (3 :: m) ` app [0] nil [0]
Γ ` app [0] nil [0]
Γ, app nil [1; 2; 3] [1; 2; 3] ` app [0] nil [0]
Γ ` app [0] nil [0]
Logic programming
A specification (Γ)
∀k .
∀x ∀l ∀k ∀m.
app nil k k
app l k m ⊃ app (x :: l ) k (x :: m)
Focused proofs
Γ, app nil nil nil ` app nil nil nil
Γ, ∀k . app nil k k ` app nil nil nil
Γ, app [0] nil [0] ` app [0] nil [0]
Γ ` app nil nil nil
Γ, app nil nil nil ⊃ app [0] nil [0] ` app [0] nil [0]
Γ, ∀x ∀k ∀l ∀m. . . . ` app [0] nil [0]
Γ ` app [0] nil [0]
Logic programming
A specification (Γ)
∀k .
∀x ∀l ∀k ∀m.
app nil k k
app l k m ⊃ app (x :: l ) k (x :: m)
Focused proofs
∀L , init
Γ ` app nil nil nil
∀L , ⊃ L , init
Γ ` app [0] nil [0]
Fixed points
The intention behind logic programs is to represent an
inductive specification.
We reformulate using least fixed points in the logic:
I
We can now reason about the specification.
I
We also get more structured proofs, with or without focusing.
Computation
Rules
→
−
Γ ` B (µB ) t
→
−
Γ ` µB t
Specification
def
app =
µ(λA λl , k , m. (l = nil ∧ k = m)
∨
(∃x , l 0 , m0 . l = x :: l 0 ∧ m = x :: m0 ∧ A l 0 k m0 ))
Computing
µR , ∨R , =R
=R
=R
` [0] = [0]
` [0] = [0]
` app nil nil nil
∧R
` [0] = [0] ∧ [0] = [0] ∧ app nil nil nil
µR , ∨R , ∃R
` app [0] nil [0]
Computation
Rules
→
−
Γ ` B (µB ) t
→
−
Γ ` µB t
Specification
def
app =
µ(λA λl , k , m. (l = nil ∧ k = m)
∨
(∃x , l 0 , m0 . l = x :: l 0 ∧ m = x :: m0 ∧ A l 0 k m0 ))
Computing
` app [0] nil [0]
µR , ∨R , ∃R , =R
Finite reasoning
Rules
→
−
Γ, B (µB ) t ` P
→
−
Γ, µB t ` P
→
−
Γ ` B (µB ) t
→
−
Γ ` µB t
Reasoning by computing
x :: l = nil , k = nil `⊥ x :: l = x :: l 0 , nil = x :: m0 , app l 0 k m0 `⊥
app (x :: l ) k nil ` ⊥
` ∀x , l , k . app (x :: l ) k nil ⊃ ⊥
More examples: connectedness, path unicity, (bi)simulation. . .
for finite systems.
Finite reasoning
Rules
→
−
Γ, B (µB ) t ` P
→
−
Γ, µB t ` P
→
−
Γ ` B (µB ) t
→
−
Γ ` µB t
Reasoning by computing
..
.
..
.
. . . ` path C Ni . . .
` node C ` ∀N . node N ⊃ path C N
` ∃C . node C ∧ ∀N . node N ⊃ path C N
More examples: connectedness, path unicity, (bi)simulation. . .
for finite systems.
Infinity (identity)
Rules
→
−
Γ, B (µB ) t ` P
→
−
Γ, µB t ` P
→
−
Γ ` B (µB ) t
→
−
Γ ` µB t
→
−
→
−
Γ, µB t ` µB t
Infinity (identity)
Rules
→
−
→
−
Γ, B (µB ) t ` P Γ ` B (µB ) t
→
−
→
−
Γ, µB t ` P
Γ ` µB t
→
−
Γ, µB t ` P
→
−
→
−
→
−
Γ, µB t ` P
Γ, µB t ` µB t
Infinity (identity)
Rules
→
−
→
−
Γ, B (µB ) t ` P Γ ` B (µB ) t
→
−
→
−
Γ, µB t ` P
Γ ` µB t
→
−
Γ, µB t ` P
→
−
→
−
→
−
Γ, µB t ` P
Γ, µB t ` µB t
Example
nat x ` nat x
nat x ` nat (s 10 x )
nat x ` nat (s 10 x )
nat (s 3 x ) ` nat (s 10 x )
Infinity (induction)
Rules
→
−
Γ, S t ` P
→
−
→
−
BS x ` S x
→
−
Γ, µB t ` P
→
−
Γ, µB t ` P
→
−
Γ, µB t ` P
→
−
Γ ` B (µB ) t
→
−
Γ ` µB t
→
−
→
−
Γ, µB t ` µB t
A unique structural induction principle that fully defines µB.
Example (Derived rules for nat)
def
nat x = µ(λN λx . x = 0 ∨ ∃y . x = s y ∧ N y )x
Γ ` nat 0
Γ ` nat x
Γ ` nat (s x )
` P 0 P y ` P (s y ) Γ, P x ` G
Γ, nat x ` G
µLJ
The full logic is:
I
first-order intuitionistic sequent calculus
I
with equality (elimination by case analysis on csu)
I
and least (µ) and greatest (ν) fixed points,
characterized by induction and coinduction.
It enjoys cut-elimination, and
we provide a sound and complete focused proof system for it.
Automated proof search in µLJ
Difficulties
I
Some really complicated choices (invariants)
I
A lot of other difficult choices (induction, freeze, unfold)
I
And the usual problems (contractions, order of rules)
Our approach
I
Focusing allows to deal with essential choices
without getting lost in inessential details.
I
Design a few simple heuristics in that framework.
Heuristics: computation and deduction
Theorem proving is going to be very expensive, we’ll limit it,
but we need to perform potentially long computations.
Progress
Progressing fixed point unfoldings result in a single branch,
in the focused system.
→
− →
− →
−
→
−
→
−
→
− →
−
→
−
→
−
µ(λp λ x . (∃ y 1 . x = C1 y ∧φ1 p y )∨. . .∨(∃ y n . x = Cn y ∧φn p y ))
Example
∀x . mult 10 10 x ⊃ P x
∼
∃x . mult 10 10 x ∧ P x
Heuristics: choosing invariants
Inventing (co)invariants is complicated!
Let’s see what we can do by barely generalizing. . .
When applying the induction rule
→
−
→
−
→
−
→
−
Σ; Γ, S t ` G x ; BS x ` S x
→
−
Σ; Γ, µB t ` G
→
−
→
−
→
−
we choose S := λ x . ∀Σ. x = t ⊃ (
and do not try any other invariant.
V
Γ) ⊃ G,
Example
This gives the expected proofs for ∀x . nat x ⊃ even x ∨ odd x,
∀x , l . equal l (x :: l ) ⊃ ⊥, or ∀p . sim p p.
Heuristics: the big picture
Bottom up focused proof search
1. Apply asynchronous rules in any order
2. Choose a focus
3. Apply synchronous rules on the formula under focus
4. Release focus and repeat (1)
Asynchronous choices
I
Apply progressing unfolding eagerly
I
Otherwise: freeze, (co)induct or unfold
Bounds
I
Reasoning bound: low (3)
I
Computational bound for progressing unfolding: high (10. . . )
Examples
Description
0
Success
0
l @l of even length iff l @l is too
x ∈ l implies x ∈ l @l 0
l = rotate (length (l ), l )
equiv. of mutual and straight definitions of even
natural numbers are even or odd
verifying abstractions in model checking
whisky problem
commutativity and associativity of plus
totality of many Horn programs, e.g., half , ack
Hilbert’s abstraction theorem
involutivity of list reversal
antisymmetry of the subtree ordering on binary trees
reflexivity and transitivity of ∼
subject reduction and determinacy of typing for PCF
transitivity of subtyping for F ≤
Automatic
Automatic
Guided, Lemma
Automatic
Automatic
Guided, Lemmas
Automatic, Lemma
Automatic
Automatic
Automatic
Automatic
Automatic
Automatic
Manual, Lemmas
Manual, Lemmas
Comparison
ACL2, rewriting-based approaches
I
Less generic foundation, no proof witnesses
I
Induction principles are external and specialized
I
Excellent at equational reasoning,
using lemmas and (for ACL2) informing the user
Twelf
I
I
Very good dedicated techniques for totality, functionality, etc.
A general meta-theorem-prover M2 for the ∀∃ fragment:
I
I
I
single toplevel induction
various orderings (user provided)
no progress ⇒ sensitive bounds
I
Excellent support for bindings and hypothetical contexts
I
No interactive mode
Conclusion
We are still not done with focusing!
Tac
Free software, OCaml, available at
http://slimmer.gforge.inria.fr/tac
Related documents
Group work and group discussion can help students feel connected
Group work and group discussion can help students feel connected
Level 6 MIT Credits 20 The purpose of this course is to provide the
Level 6 MIT Credits 20 The purpose of this course is to provide the
Download
advertisement