Learning Problems in Theorem Proving - .Learning Problems in Theorem Proving Cezary Kaliszyk...

download Learning Problems in Theorem Proving - .Learning Problems in Theorem Proving Cezary Kaliszyk Universit

of 90

  • date post

    24-Aug-2018
  • Category

    Documents

  • view

    219
  • download

    0

Embed Size (px)

Transcript of Learning Problems in Theorem Proving - .Learning Problems in Theorem Proving Cezary Kaliszyk...

  • Learning Problemsin Theorem Proving

    Cezary Kaliszyk

    Universitat Innsbruck

    July 3, 2017LAIVe Summer School

    http://cl-informatik.uibk.ac.athttp://cl-informatik.uibk.ac.at/~cek

  • Computer Theorem Proving: Historical Context

    1940s: Algorithmic proof search (-calculus)

    1960s: de Bruijns Automath

    1970s: Small Certifiers (LCF)

    1990s: Resolution (Superposition)

    2000s: Large theories

    2010s: ?

    C. Kaliszyk (Universitat Innsbruck) Learning Problems in Theorem Proving 2/72

  • Lecture content

    Theorem Proving Introduction

    Machine Learning Problems in Theorem Proving

    Premise Selection

    Useful Intermediate Steps

    Theorem Names

    Internal Guidance

    C. Kaliszyk (Universitat Innsbruck) Learning Problems in Theorem Proving 3/72

  • Theorem Proving Introduction

    Outline

    Theorem Proving Introduction

    Machine Learning Problems in Theorem Proving

    Premise Selection

    Useful Intermediate Steps

    Theorem Names

    Internal Guidance

    C. Kaliszyk (Universitat Innsbruck) Learning Problems in Theorem Proving 4/72

  • Theorem Proving Introduction

    The Kepler Conjecture (year 1611)

    The most compact way ofstacking balls of the same size inspace is a pyramid.

    V =18 74%

    C. Kaliszyk (Universitat Innsbruck) Learning Problems in Theorem Proving 5/72

  • Theorem Proving Introduction

    C. Kaliszyk (Universitat Innsbruck) Learning Problems in Theorem Proving 6/72

  • Theorem Proving Introduction

    The Kepler Conjecture (year 1611)

    Proved in 1998 Tom Hales, 300 page proof using computer programs Submitted to the Annals of Mathematics

    99% correct. . . but we cannot verify the programs

    1039 equalities and inequalities

    For example:

    x1x3x2x4+x1x5+x3x6x5x6++x2(x2+x1+x3x4+x5+x6)4x2( x2x4(x2+x1+x3x4+x5+x6)++x1x5(x2x1+x3+x4x5+x6)++x3x6(x2+x1x3+x4+x5x6)x1x3x4x2x3x5x2x1x6x4x5x6

    ) < tan(2 0.74)

    C. Kaliszyk (Universitat Innsbruck) Learning Problems in Theorem Proving 7/72

  • Theorem Proving Introduction

    The Kepler Conjecture (year 1611)

    Proved in 1998 Tom Hales, 300 page proof using computer programs Submitted to the Annals of Mathematics 99% correct. . . but we cannot verify the programs

    1039 equalities and inequalities

    For example:

    x1x3x2x4+x1x5+x3x6x5x6++x2(x2+x1+x3x4+x5+x6)4x2( x2x4(x2+x1+x3x4+x5+x6)++x1x5(x2x1+x3+x4x5+x6)++x3x6(x2+x1x3+x4+x5x6)x1x3x4x2x3x5x2x1x6x4x5x6

    ) < tan(2 0.74)

    C. Kaliszyk (Universitat Innsbruck) Learning Problems in Theorem Proving 7/72

  • Theorem Proving Introduction

    The Kepler Conjecture (year 1611)

    Solution? Formalized Proof! Formalize the proof using Proof Assistants Implement the computer code in the system Prove the code correct Run the programs inside the Proof Assistant

    Flyspeck Project

    Completed 2015 Many Proof Assistants and contributors

    C. Kaliszyk (Universitat Innsbruck) Learning Problems in Theorem Proving 8/72

  • Theorem Proving Introduction

    What is a Proof Assistant? (1/2)

    A Proof Assistant is a a computer program to assist a mathematician in the production of a proof that is mechanically checked

    What does a Proof Assistant do? Keep track of theories, definitions, assumptions Interaction - proof editing Proof checking Automation - proof search

    What does it implement? (And how?)

    a formal logical system intended as foundation for mathematics decision procedures

    C. Kaliszyk (Universitat Innsbruck) Learning Problems in Theorem Proving 9/72

  • Theorem Proving Introduction

    WKHRUHPVTUWBQRWBUDWLRQDOVTUWUHDOSURRIDVVXPHVTUWUHDOWKHQREWDLQPQQDWZKHUHQBQRQ]HURQXDQGVTUWBUDWhVTUWUHDOh UHDOPUHDOQDQGORZHVWBWHUPVJFGPQ IURPQBQRQ]HURDQGVTUWBUDWKDYHUHDOP hVTUWUHDOhUHDOQE\VLPSWKHQKDYHUHDOPt VTUWUHDOtUHDOQtE\DXWRVLPSDGGSRZHUBHTBVTXDUHDOVRKDYHVTUWUHDOt UHDOE\VLPSDOVRKDYHUHDOPt UHDOQtE\VLPSILQDOO\KDYHHTPt QtKHQFHGYGPtZLWKWZRBLVBSULPHKDYHGYGBPGYGPE\UXOHSULPHBGYGBSRZHUBWZRWKHQREWDLQNZKHUHP NZLWKHTKDYHQt tNtE\DXWRVLPSDGGSRZHUBHTBVTXDUHPXOWBDFKHQFHQt NtE\VLPSKHQFHGYGQtZLWKWZRBLVBSULPHKDYHGYGQE\UXOHSULPHBGYGBSRZHUBWZRZLWKGYGBPKDYHGYGJFGPQE\UXOHJFGBJUHDWHVWZLWKORZHVWBWHUPVKDYHGYGE\VLPSWKXV)DOVHE\DULWKTHG

    de Bruijn factor

    C. Kaliszyk (Universitat Innsbruck) Learning Problems in Theorem Proving 10/72

  • Theorem Proving Introduction

    WKHRUHPVTUWBQRWBUDWLRQDOVTUWUHDOSURRIDVVXPHVTUWUHDOWKHQREWDLQPQQDWZKHUHQBQRQ]HURQXDQGVTUWBUDWhVTUWUHDOh UHDOPUHDOQDQGORZHVWBWHUPVJFGPQ IURPQBQRQ]HURDQGVTUWBUDWKDYHUHDOP hVTUWUHDOhUHDOQE\VLPSWKHQKDYHUHDOPt VTUWUHDOtUHDOQtE\DXWRVLPSDGGSRZHUBHTBVTXDUHDOVRKDYHVTUWUHDOt UHDOE\VLPSDOVRKDYHUHDOPt UHDOQtE\VLPSILQDOO\KDYHHTPt QtKHQFHGYGPtZLWKWZRBLVBSULPHKDYHGYGBPGYGPE\UXOHSULPHBGYGBSRZHUBWZRWKHQREWDLQNZKHUHP NZLWKHTKDYHQt tNtE\DXWRVLPSDGGSRZHUBHTBVTXDUHPXOWBDFKHQFHQt NtE\VLPSKHQFHGYGQtZLWKWZRBLVBSULPHKDYHGYGQE\UXOHSULPHBGYGBSRZHUBWZRZLWKGYGBPKDYHGYGJFGPQE\UXOHJFGBJUHDWHVWZLWKORZHVWBWHUPVKDYHGYGE\VLPSWKXV)DOVHE\DULWKTHG

    de Bruijn factorC. Kaliszyk (Universitat Innsbruck) Learning Problems in Theorem Proving 10/72

  • Theorem Proving Introduction

    Intel Pentium R P5 (1994)

    Superscalar; Dual integer pipeline; Faster floating-point, ...

    4 159 835

    3 145 727= 1.333820...

    4 159 835

    3 145 727P5= 1.333739...

    FPU division lookup table: for certain inputs division result off

    Replacement

    Few customers cared, still cost of $475 million Testing and model checking insufficient:

    Since then Intel and AMD processors formally verified HOL Light and ACL2 (along other techniques)

    C. Kaliszyk (Universitat Innsbruck) Learning Problems in Theorem Proving 11/72

  • Theorem Proving Introduction

    Intel Pentium R P5 (1994)

    Superscalar; Dual integer pipeline; Faster floating-point, ...

    4 159 835

    3 145 727= 1.333820...

    4 159 835

    3 145 727P5= 1.333739...

    FPU division lookup table: for certain inputs division result off

    Replacement

    Few customers cared, still cost of $475 million Testing and model checking insufficient:

    Since then Intel and AMD processors formally verified HOL Light and ACL2 (along other techniques)

    C. Kaliszyk (Universitat Innsbruck) Learning Problems in Theorem Proving 11/72

  • Theorem Proving Introduction

    Typical proof assistant problem

    Does there exist a function f from R to R, such thatfor all x and y , f (x + y2) f (x) y ?

    C. Kaliszyk (Universitat Innsbruck) Learning Problems in Theorem Proving 12/72

  • Theorem Proving Introduction

    Typical proof assistant problem

    Does there exist a function f from R to R, such thatfor all x and y , f (x + y2) f (x) y ?

    C. Kaliszyk (Universitat Innsbruck) Learning Problems in Theorem Proving 12/72

    1. f (x + y2) f (x) y for any given x and y

    2. f (x + n y2) f (x) n y for any x , y , and n N(easy induction using [1] for the step case)

    3. f (1) f (0) m + 1 for any m N(set n = (m + 1)2, x = 0, y = 1m+1 in [2])

    4. Contradiction with the Archimedean property of R

  • Theorem Proving Introduction

    Formalization

    let lemma =(f:realreal. (x y. f(x + y * y) f(x) y),REWRITE_TAC[real_ge] THEN REPEAT STRIP_TAC THEN

    SUBGOAL_THEN n x y. &n * y f(x + &n * y * y) f(x) MP_TAC THENL[MATCH_MP_TAC num_INDUCTION THEN SIMP_TAC[REAL_MUL_LZERO; REAL_ADD_RID] THEN

    REWRITE_TAC[REAL_SUB_REFL; REAL_LE_REFL; GSYM REAL_OF_NUM_SUC] THEN

    GEN_TAC THEN REPEAT(MATCH_MP_TAC MONO_FORALL THEN GEN_TAC) THENFIRST_X_ASSUM(MP_TAC o SPECL [x + &n * y * y; y:real]) THENSIMP_TAC[REAL_ADD_ASSOC; REAL_ADD_RDISTRIB; REAL_MUL_LID] THEN

    REAL_ARITH_TAC;

    X_CHOOSE_TAC m:num (SPEC f(&1) f(&0):real REAL_ARCH_SIMPLE) THENDISCH_THEN(MP_TAC o SPECL [SUC m EXP 2; &0; inv(&(SUC m))]) THENREWRITE_TAC[REAL_ADD_LID; GSYM REAL_OF_NUM_SUC; GSYM REAL_OF_NUM_POW] THEN

    REWRITE_TAC[REAL_FIELD (&m + &1) pow 2 * inv(&m + &1) = &m + &1;REAL_FIELD (&m + &1) pow 2 * inv(&m + &1) * inv(&m + &1) = &1] THEN

    ASM_REAL_ARITH_TAC]);;

    C. Kaliszyk (Universitat Innsbruck) Learning Problems in Theorem Proving 13/72

  • Theorem Proving Introduction

    Formalization

    let lemma =(f:realreal. (x y. f(x + y * y) f(x) y),REWRITE_TAC[real_ge] THEN REPEAT STRIP_TAC THEN

    SUBGOAL_THEN n x y. &n * y f(x + &n * y * y) f(x) MP_TAC THENL[MATCH_MP_TAC num_INDUCTION THEN SIMP_TAC[REAL_MUL_LZERO; REAL_ADD_RID] THEN

    REWRITE_TAC[REAL_SUB_REFL; REAL_LE_REFL; GSYM REAL_OF_NUM_SUC] THEN

    GEN_TAC THEN REPEAT(MATCH_MP_TAC MONO_FORALL THEN GEN_TAC) THENFIRST_X_ASSUM(MP_TAC o SPECL [x + &n * y * y; y:real]) THENSIMP_TAC[REAL_ADD_ASSOC; REAL_ADD_RDISTRIB; REAL_MUL_LID] THEN

    REAL_ARITH_TAC;

    X_CHOOSE_TAC m:num (SPEC f(&1) f(&0):real REAL_ARCH_SIMPLE) THENDISCH_THEN(MP_TAC o SPECL [SUC m EXP 2; &0; inv(&(SUC m))]) THENREWRITE_TAC[REAL_ADD_LID; GSYM REAL_OF_NUM_SUC; GSYM REAL_OF_NUM_POW] THEN

    REWRITE_TAC[REAL_FIELD (&m + &1) pow 2 * inv(&m + &1) = &m + &1;REAL_FIELD (&m + &1) pow 2 * inv(&m + &1) * inv(&m + &1) = &1] THEN

    ASM_REAL_ARITH_TAC]);;

    C. Kaliszyk (Universitat Innsbruck) Learning Problems in Theorem Proving 13/72

    HOL(y)Hammer: general purposeproof assistant automation

    Machine Learning Automated Reasoning

  • Theorem Proving Introduction

    Proof Assistant (2/2)

    Keep track of theories, definitions, assumptions set up a theory that describes mathematical concepts

    (or models a computer system) express logical properties of the objects