The Theorema project aims at extending current computer algebra systems by facilities for supporting mathematical proving. The present early-prototype version of the Theorema software system is implemented in Mathematica 3.0. The system consists of a general higher-order predicate logic prover and a collection of special provers that call each other depending on the particular proof situations. The individual provers imitate the proof style of human mathematicians and aim at producing human-readable proofs in natural language presented in nested cells that facilitate studying the computer-generated proofs at various levels of detail. The special provers are intimately connected with the functors that build up the various mathematical domains. 1 The Objectives of the Theorema Project The Theorema project aims at providing a uniform (logic and software) frame for computing, solving, and proving. In a simplified view, given a "knowledge base" K of formulae (and a logical / computat...

A logic for specification and verification is derived from the axioms of Zermelo-Fraenkel set theory. The proofs are performed using the proof assistant Isabelle. Isabelle is generic, supporting several different logics. Isabelle has the flexibility to adapt to variants of set theory. Its higher-order syntax supports the definition of new binding operators. Unknowns in subgoals can be instantiated incrementally. The paper describes the derivation of rules for descriptions, relations and functions, and discusses interactive proofs of Cantor’s Theorem, the Composition of Homomorphisms challenge [9], and Ramsey’s Theorem [5]. A generic proof assistant can stand up against provers dedicated to particular logics. Key words. Isabelle, set theory, generic theorem proving, Ramsey’s Theorem,

. We describe an implementation of the Display Logic calculus for relation algebra as an Isabelle theory. Our implementation is the first mechanisation of any display calculus, but also provides a useful interactive proof assistant for relation algebra. The inference rules of Display Logic are coded directly as Isabelle theorems, thereby guaranteeing the correctness of all derivations. We describe various tactics and derived rules developed for simplifying proof search, including an automatic cutelimination procedure, and example theorems proved using Isabelle. We show how some relation algebraic theorems proved using our system can be put in the form of structural rules of Display Logic, facilitating later re-use. We then show how the implementation can be used to prove results comparing alternative formalizations of relation algebra from a proof-theoretic perspective. Keywords: logical frameworks, higher-order logic, relation algebra, display logic 1 Introduction Relation algebras a...

The Tecton Proof System is an experimental tool for constructing proofs of first order logic formulas and of program specifications expressed using formulas in Hoare's axiomatic proof formalism. It is designed to make interactive proof construction easier than with previous proof tools, by maintaining multiple proof attempts internally in a structured form called a proof forest; displaying them in an easy to comprehend form, using a combination of tabular formats, graphical representations, and hypertext links; and automating substantial parts of proofs through rewriting, induction, case analysis, and generalization inference mechanisms, along with a linear arithmetic decision procedure. Further development of the system is planned as part of an overall framework aimed at supporting the kind of abstractions and specializations necessary for building libraries of generic software and hardware components. Partially supported by National Science Foundation Grants CCR--8906678...

. We show how logical frameworks can provide a basis for logic program synthesis. With them, we may use first-order logic as a foundation to formalize and derive rules that constitute program development calculi. Derived rules may be in turn applied to synthesize logic programs using higher-order resolution during proof that programs meet their specifications. We illustrate this using Paulson's Isabelle system to derive and use a simple synthesis calculus based on equivalence preserving transformations. 1 Introduction Background In 1969 Dana Scott developed his Logic for Computable Functions and with it a model of functional program computation. Motivated by this model, Robin Milner developed the theorem prover LCF whose logic PP used Scott's theory to reason about program correctness. The LCF project [13] established a paradigm of formalizing a programming logic on a machine and using it to formalize different theories of functional programs (e.g., strict and lazy evaluation) and the...

The consistency of the dynamic and static semantics for a small functional programming language was informally proved by R.Milner and M.Tofte. The notions of co-inductive definitions and the associated principle of co-induction played a pivotal role in the proof. With emphasis on co-induction, the work presented here deals with the formalisation of this result in the generic theorem prover Isabelle. Contents 1 Introduction 1 2 Co-induction in Relation Semantics 2 2.1 Notation : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : 2 2.2 The Language : : : : : : : : : : : : : : : : : : : : : : : : : : : : : 2 2.3 Dynamic Semantics : : : : : : : : : : : : : : : : : : : : : : : : : : 3 2.4 Static Semantics : : : : : : : : : : : : : : : : : : : : : : : : : : : 3 2.5 Consistency : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : 5 3 Isabelle 7 3.1 Documentation : : : : : : : : : : : : : : : : : : : : : : : : : : : : 7 3.2 Notation : : : : : : : : : : : : : : : : : : : : : ...

This paper is about mechanical checking of formal mathematics. Given some formal system, we want to construct derivations in that system, or check the correctness of putative derivations; our job is not to ascertain truth (that is the job of the designer of our formal system), but only proof. However, we are quite rigid about this: only a derivation in our given formal system will do; nothing else counts as evidence! Thus it is not a collection of judgements (provability), or a consequence relation [Avr91] (derivability) we are interested in, but the derivations themselves; the formal system used to present a logic is important. This viewpoint seems forced on us by our intention to actually do formal mathematics. There is still a question, however, revolving around whether we insist on objects that are immediately recognisable as proofs (direct proofs), or will accept some meta-notations that only compute to proofs (indirect proofs). For example, we informally refer to previously proved results, lemmas and theorems, without actually inserting the texts of their proofs in our argument. Such an argument could be made into a direct proof by replacing all references to previous results by their direct proofs, so it might be accepted as a kind of indirect proof. In fact, even for very simple formal systems, such an indirect proof may compute to a very much bigger direct proof, and if we will only accept a fully expanded direct proof (in a mechanical proof checker for example), we will not be able to do much mathematics. It is well known that this notion of referring to previous results can be internalized in a logic as a cut rule, or Modus Ponens. In a logic containing a cut rule, proofs containing cuts are considered direct proofs, and can be directly accepted by a proof ch...

The consistency of the dynamic and static semantics for a small functional programming language was informally proved by R.Milner and M.Tofte. The notions of co-inductive definitions and the associated principle of co-induction played a pivotal role in the proof. With emphasis on co-induction, the work presented here deals with the formalisation of this result in the higher-order logic of the generic theorem prover Isabelle. 1 Introduction In the paper Co-induction in Relational Semantics [1], R.Milner and M.Tofte prove the dynamic and static semantics for a small functional programming language consistent. The dynamic semantics associates a value to an expression of the language, while the static semantics associates a type. A value has a type. Consistency requires that the value of an expression has the type of the expression. Values can be infinite or non-well-founded because the language contains recursive functions. Non-well-founded values are handled using co-inductive def...

Substitution plays an important role in Hoare Logic, as it is used in interpreting assignments. When writing a computer-based realization of Hoare Logic, it is therefore important to choose a good implementation for it. In this paper we compare di#erent definitions and implementations of substitution in a logical framework, in an e#ort to maximize e#ciency. We start by defining substitution as a logical formula. In a conventional approach, this is done by specifying the syntactic changes substitution performs on expressions. We choose instead a semantic definition that describes the behavioral relation between the original expression and its substituted counterpart. Next, we use this semantic definition as an abstract specification, and compare two of its concrete implementations. The first we consider is the usual one, that operates recursively over the structure of the term. This requires a number of inference steps proportional to the size of the expression, which is unacceptable ...

. In this paper we show that the critical part of a correctness proof for implementations of higher--order functional languages is amenable to machine--assisted proof. An extended version of the lambdacalculus is considered, and the congruence between its direct and continuation semantics is proved. The proof has been constructed with the help of a generic theorem prover --- Isabelle. The major part of the problem lies in establishing the existence of predicates which describe the congruence. This has been solved using Milne's inclusive predicate strategy [5]. The most important intermediate results and the main theorem as derived by Isabelle are quoted in the paper. Keywords: Compiler Correctness, Theorem Prover, Congruence Proof, Denotational Semantics, Lambda Calculus 1 Introduction Much of the work done previously in compiler correctness concerns restricted subsets of imperative languages. Some studies involve machine--checked correctness---e.g. Cohn [1], [2]. A lot of research h...