The HOL system is a mechanized proof assistant for higher order logic that has been under continuous development since the mid-1980s, by an ever-changing group of developers and external contributors. We give a brief overview of various implementations of the HOL logic before focusing on the evolution of certain important features available in a recent implementation. We also illustrate how the module system of Standard ML provided security and modularity in the construction of the HOL kernel, as well as serving in a separate capacity as a useful representation medium for persistent, hierarchical logical theories.

Using the notions of unique xed point, converging equivalence relation, and contracting function, we generalize the technique of well-founded recursion. We are able to de ne functions in the Isabelle theorem prover that recursively call themselves an in nite number of times. In particular, we can easily de ne recursive functions that operate over coinductively-de ned types, such as in nite lists. Previously in Isabelle such functions could only be de ned corecursively, or had to operate over types containing \extra" bottom-elements. We conclude the paper by showing that the functions for ltering and attening in nite lists have simple recursive de nitions. 1 Well-founded recursion Rather than specify recursive functions by possibly inconsistent axioms, several higher order logic (HOL) theorem provers[3, 9, 12] provide well-founded recursive function de nition packages, where new functions can be de ned conservatively. Recursive functions are de ned by giving a series of...

Abstract. We show that certain input-output relations, termed inductive invariants are of central importance for termination proofs of algorithms defined by nested recursion. Inductive invariants can be used to enhance recursive function definition packages in higher-order logic mechanizations. We demonstrate the usefulness of inductive invariants on a large example of the BDD algorithm Apply. Finally, we introduce a related concept of inductive fixpoints with the property that for every functional in higher-order logic there exists a largest partial function that is such a fixpoint. 1

pport. Contents 1 Introduction and Overview 1 2 Types for Proofs 2 2.1 Formal Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 2.1.1 What is a Formal System? . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 2.1.2 The Origins of Formal Systems . . . . . . . . . . . . . . . . . . . . . . . . . 2 2.1.3 Formal Systems in Computer Science . . . . . . . . . . . . . . . . . . . . . 3 2.2 Theorem Proving: Making Formal Systems Usable . . . . . . . . . . . . . . . . . . 4 2.2.1 Objectives of Interactive Theorem Proving . . . . . . . . . . . . . . . . . . 4 2.2.2 How to Ensure Correctness . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 2.2.3 How to Facilitate Denitions . . . . . . . . . . . . . . . . . . . . . . . . . . 5 2.2.4 How to Facilitate Reasoning . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 2.3 Reasoning in Higher-Order Logic (HOL) . . . . . . . . . . . . . . . . . . . . . . . . 6 2.3.1 Church's Si