Introduction to Isabelle

Introduction to Isabelle

Clemens Ballarin

λ →

∀=Isa

belle

β

α `

Contents

Part 1

I Syntax of Isabelle/HOL

I Backward proof

I Propositional Reasoning

I Quantifier Reasoning

Part 2

I The Simplifier

I Isar — structured proofs

I Sets

I Inductive Definitions

Isabelle — ` Clemens Ballarin

Isabelle

A generic interactive proof assistantλ →

∀=Isa

belle

β

α

I Generic:not specialised to one particular logic(two large developments: HOL and ZF, will use HOL)

I Interactive:more than just yes/no, you can interactively guide the system

I Proof assistant:helps to explore, find, and maintain proofs


The Heads behind Isabelle

Larry Paulson Tobias Nipkow Markus Wenzel


Why Isabelle?

I Free

I Widely used systems

I Active development

I High expressiveness and automation

I Reasonably easy to use

I and because we know it best ;-)


Syntax


Meta-Logic

∧=⇒ λ ≡


∧

Syntax∧x. F (F another meta-level formula)

in ASCII !!x. F

I Universal quantifier at the meta level

I Used to denote parameters

I Example and more later


=⇒

Syntax A =⇒ B (A,B other meta level formulae)in ASCII A ==> B

Binds to the right

A =⇒ B =⇒ C = A =⇒ (B =⇒ C)

Abbreviation

[[A;B]] =⇒ C = A =⇒ B =⇒ C

I Read: A and B implies C

I Used to write rules, theorems, and proof states


Example: a Theorem

Mathematics if x < 0 and y < 0, then x+ y < 0

Formal logic ` x < 0 ∧ y < 0 −→ x+ y < 0variation {x < 0; y < 0} ` x+ y < 0

Isabelle lemma ”x < 0 ∧ y < 0 −→ x+ y < 0”variation lemma ”[[x < 0; y < 0]] =⇒ x+ y < 0”variation lemma

assumes ”x < 0” and ”y < 0”shows ”x+ y < 0”


Example: a Rule

LogicX Y

X ∧ Y

variationS ` X S ` Y

S ` X ∧ Y

Isabelle [[X;Y ]] =⇒ X ∧ Yvariation X =⇒ Y =⇒ X ∧ Y


Example: a Rule with Nested Implication

LogicX ∨ Y

X

Z

...

Y

Z

...

Z

variationS ∪ {X} ` Z S ∪ {Y } ` Z

S ∪ {X ∨ Y } ` Z

Isabelle [[X ∨ Y ;X =⇒ Z;Y =⇒ Z]] =⇒ Zvariation X ∨ Y =⇒ (X =⇒ Z) =⇒ (Y =⇒ Z) =⇒ Z


λ

Syntax λx. F (F another meta level formula)in ASCII %x. F

I Lambda abstraction

I Used for functions in object logics

I Used to encode bound variables in object logics


Terms

t ::= v | ?v | c | (t t) | (λx. t) | (t :: τ)

v, x variable namesc constants

I Variables & constants: a, a1, name, . . .

I Type constraints: f :: ’a ⇒ ’b

Restrict a term to a type.

I Schematic variables: variables that can be instantiated.


Conventions

I Leave out parentheses where possible

I List variables instead of multiple λ

Example

Instead of (λy. (λx. (x y))) write λy x. x y

Rules

I List variables: λx. (λy. t) = λx y. t

I Application binds to the left: x y z = (x y) z 6= x (y z)

I Abstraction binds to the right:λx. x y = λx. (x y) 6= (λx. x) y


Demo: Interacting with Isabelle


Proofs


Backward Proof

General schema

lemma name: ”〈goal〉”apply 〈method〉apply 〈method〉. . .done

I Sequential application of methods until all subgoals are solved.


The Proof State

1.∧x1 . . . xp.[[A1; . . . ;An]] =⇒ B

2.∧y1 . . . yq.[[C1; . . . ;Cm]] =⇒ D

x1 . . . xp Parameters

A1 . . . An Local assumptions

B Current (sub)goal


Schematic Variables

Two operational roles of variables.

I In lemmas they must be instantiated when applied.

[[X;Y ]] =⇒ X ∧ Y

I During proofs they must not be instantiated.

lemma ”x+ 0 = 0 + x”

Convention: lemma must be true for all x.

Isabelle has free (x), bound (x), and schematic (?x) variables.

Only schematic variables can be instantiated.

Free converted into schematic after proof is finished.


Higher-Order Unification

Unification:Find substitution σ on variables for terms s, t such thatσ(s) = σ(t)

In Isabelle:Find substitution σ on schematic variables such thatσ(s) =αβη σ(t)

Examples:?X ∧ ?Y =αβη x ∧ x [?X 7→ x, ?Y 7→ x]?P x =αβη x ∧ x [?P 7→ λx. x ∧ x]P (?f x) =αβη ?Y x [?f 7→ λx. x, ?Y 7→ P ]

Higher-Order: schematic variables can be functions.


Higher-Order Unification

I Unification modulo αβ is semi-decidable

I Unification modulo αβη is undecidable

I Higher-Order Unification has possibly infinitely many mostgeneral solutions

But:

I Most cases are well-behaved

I Isabelle enumerates solutions and allows backtracking


Propositional Reasoning


Proof by Assumption

apply assumption

proves

1. [[B1; . . . ;Bm]] =⇒ C

by unifying C with one of the Bi

There may be more than one Bi that unifiesand multiple unifiers.

Backtracking!

Explicit backtracking command: back


Natural Deduction Rules

A B

A ∧BconjI

A ∧B [[A;B]] =⇒ C

CconjE

A

A ∨BB

A ∨BdisjI1/2

A ∨B A =⇒ C B =⇒ C

CdisjE

A =⇒ B

A −→ BdisjE

A −→ B A B =⇒ C

CimpE

For each connective (∧,∨, etc):introduction and elemination rules


Introduction Rules

Intro rules decompose formulae to the right of =⇒.

apply (rule 〈intro-rule〉)

Intro rule [[A1; . . . ;An]] =⇒ A means

I To prove A it suffices to show A1 . . . An

Applying rule [[A1; . . . ;An]] =⇒ A to subgoal C:

I unify A and C

I replace C with n new subgoals A1 . . . An


Elimination Rules

Elim rules decompose formulae on the left of =⇒.

apply (erule <elim-rule>)

Elim rule [[A1;A2; . . . ;An]] =⇒ A means

I If I know A1 and want to prove A it suffices to show A2 . . . An

Applying rule [[A1; . . . ;An]] =⇒ A to subgoal C:Like rule but also

I unifies first premise of rule with an assumption

I eliminates that assumption


Demo: PropositionalReasoning


Safe and Not so Safe

Safe rules preserve provability:

conjI, impI, notI, iffI, refl, ccontr, classical, conjE,disjE

A B

A ∧BconjI

Unsafe rules can turn a provable goal into an unprovable one:

disjI1, disjI2, impE, iffD1, iffD2, notE

A

A ∨BdisjI1

Apply safe rules before unsafe ones.


Quantifier Reasoning


Scope

I Scope of parameters: whole subgoal

I Scope of ∀, ∃, . . .: ends with meta-level connective:=⇒, ≡ or ;.

Example:∧x y. [[ ∀y. P y −→ Q z y; Q x y ]] =⇒ ∃x. Q x y

means∧x y. [[ (∀y1. P y1 −→ Q z y1); Q x y ]] =⇒ (∃x1. Q x1 y)


Natural Deduction for Quantifiers

∧x. P x

∀x. P xallI

∀x. P x P ?x =⇒ R

RallE

P ?x

∃x. P xexI

∃x. P x∧x. P x =⇒ R

RexE

I allI and exE introduce new parameters (∧x).

I allE and exI introduce new unknowns (?x).


Instantiating Rules

apply (rule tac x = ”〈term〉” in 〈rule〉)

Like rule, but ?x in 〈rule〉 is instantiated by 〈term〉 beforeapplication.

Similar: erule tac

I x is in 〈rule〉, not in goal.

I 〈term〉 may contain parameters from the goal and thoseintroduced in Isar texts (later).


Two Successful Proofs

1. ∀x. ∃y. x = y

apply (rule allI)

1.∧x. ∃y. x = y

Best practice Exploration

apply (rule tac x = ”x” in exI) apply (rule exI)1.

∧x. x = x 1.

∧x. x = ?y x

apply (rule refl) apply (rule refl)?y 7→ λu.u

simpler & clearer shorter & trickier


Two Unsuccessful Proofs

1. ∃y. ∀x. x = y

apply (rule tac x = ??? in exI) apply (rule exI)1. ∀x. x = ?y

apply (rule allI)1.

∧x. x = ?y

apply (rule refl)?y 7→ x yields

∧x′.x′ = x

Principle

?f x1 . . . xn can only be replaced by term tif frees(t) ⊆ {x1, . . . , xn}.


Demo: Quantifier Reasoning


Safe and Unsafe Quantifier Rules

Safe allI, exE

Unsafe allE, exI

Create parameters first, unknowns later


The Classical Reasoner

apply (intro 〈intro-rules〉) repeatedly applies intro rulesapply (elim 〈elim-rules〉) repeatedly applies elim rules

apply clarify applies all safe rulesthat do not split the goal

apply safe applies all safe rules

apply fast sequent based automaticapply best search tactics

apply blast an automatic tableaux prover(works well on predicate logic)

apply metis resolution prover forfirst-order logic with equality


Setting up Automation


Safe and Unsafe Revisited

Review:Safe and unsafe rule; heuristics: use safe before unsafe

This can be automated

Automated methods (fast, blast, clarify etc) are not hardwired.Safe and unsafe intro and elim rules can be declared.

Syntax:[<kind>!] for safe rules (<kind> one of intro, elim, dest)[<kind>] for unsafe rules


Declaring Rules

Application (roughly):do safe rules first, search/backtrack on unsafe rules only

Example:declare attribute globally declare conjI [intro!] allE [elim]remove attribute gloabllay declare allE [rule del]use locally apply (blast intro: someI)delete locally apply (blast del: conjI)


What We Have Seen

Syntax

I Meta-logic

I Basic connectives of HOL

Apply-style proofs

I Proof state

I Making introduction and elimination steps

I Propositional reasoning

I Quantifier reasoning

I Automation


Further Reading

See http://isabelle.in.tum.de

I Learning IsabelleI Tutorial on Isabelle/HOL (LNCS 2283)I Tutorials for various packages

I Reference ManualsI Isabelle/Isar Reference ManualI Isabelle System Manual

I Reference Manuals for Object-Logics

All are also available from within Isabelle.


http://isabelle.in.tum.de

Exercises

Web Page

http://www21.in.tum.de/~ballarin/fomus


http://www21.in.tum.de/~ballarin/fomus

Introduction to Isabelle

Documents

Transcript of Introduction to Isabelle