In this paper we describe an environment for reasoning about the reals which combines the rigour of a theorem prover with the power of a computer algebra system. 1 Introduction Computer theorem provers are a topic of research interest in their own right. However much of their popularity stems from their application in computeraided verification, i.e. proving that designs of electronic or computer systems, programs, protocols and crypto-systems satisfy certain properties. Such proofs, as compared with the proofs one finds in mathematics books, usually involve less sophisticated central ideas, but contain far more technical Supported by the Science and Engineering Research Council, UK. y Supported by SERC grant GR/G 33837 and a grant from DSTO Australia. details and therefore tend to be much more difficult for humans to write or check without making mistakes. Hence it is appealing to let computers help. Some fundamental mathematical theories, such as arithmetic, are usually requi...

It is generally accepted that in principle it’s possible to formalize completely almost all of present-day mathematics. The practicability of actually doing so is widely doubted, as is the value of the result. But in the computer age we believe that such formalization is possible and desirable. In contrast to the QED Manifesto however, we do not offer polemics in support of such a project. We merely try to place the formalization of mathematics in its historical perspective, as well as looking at existing praxis and identifying what we regard as the most interesting issues, theoretical and practical.

Abstract not found

. This paper presents the formalization of some elements of mathematical analysis using the PVS verification system. Our main motivation was to extend the existing PVS libraries and provide means of modelling and reasoning about hybrid systems. The paper focuses on several important aspects of PVS including recent extensions of the type system and discusses their merits and effectiveness. We conclude by a brief comparison with similar developments using other theorem provers. 1 Introduction PVS is a specification and verification system whose ambition is to make formal proofs practical and applicable to large and complex problems. The system is based on a variant of higher order logic which includes complex typing mechanisms such as predicate subtypes or dependent types. It offers an expressive specification language coupled with a theorem prover designed for efficient interactive proof construction. In previous work we have applied PVS to the requirements analysis of a substantially ...

. Computer algebra systems are extremely powerful and flexible, but often give results which require careful interpretation or are downright incorrect. By contrast, theorem provers are very reliable but lack the powerful specialized decision procedures and heuristics of computer algebra systems. In this paper we try to get the best of both worlds by careful exploitation of a link between a theorem prover and a computer algebra system. 1 Motivation In the HOL theorem prover[5], a theory of real numbers has been developed, using a rigorous definition in terms of Dedekind cuts [8]. It is therefore possible to apply HOL to areas traditionally within the purview of Computer Algebra Systems (CASs). This offers two main benefits. Firstly, theorem provers are designed to manipulate proofs and theorems in a coherent and structured way, with all concepts clearly defined. By contrast, most CASs have no concept of `logic' as such -- they usually take an algebraic expression and return another pur...

A quotient construction defines an abstract type from a concrete type, using an equivalence relation to identify elements of the concrete type that are to be regarded as indistinguishable. The elements of a quotient type are equivalence classes: sets of equivalent concrete values. Simple techniques are presented for defining and reasoning about quotient construction, based on a general lemma library concerning functions that operate on equivalence classes. The techniques are applied to a definition of the integers from the natural numbers, and then to the definition of a recursive datatype satisfying equational constraints.

ion in itself is not the goal: for Whitehead [117]"it is the large generalisation, limited by a happy particularity, which is the fruitful conception." As an example consider the theorem in ring theory, which states that if R is a ring, f(x) is a polynomial over R and f(r) = 0 for every element of r of R then R is commutative. Special cases of this, for example f(x) is x 2 \Gamma x or x 3 \Gamma x, can be given a first order proof in a few lines of symbol manipulation. The usual proof of the general result [20] (which takes a semester's postgraduate course to develop from scratch) is a corollary of other results: we prove that rings satisfying the condition are semi-simple artinian, apply a theorem which shows that all such rings are matrix rings over division rings, and eventually obtain the result by showing that all finite division rings are fields, and hence commutative. This displays von Neumann's architectural qualities: it is "deep" in a way in which the symbol manipulati...

Abstract. For formal system verification to become common practice, it has to be supported by flexible and powerful deductive tools that can accommodate adequate levels of abstraction as well as a high degree of automation. In this paper, we report on a case study on combination of deductive tools to support verification of distributed algorithms. More specifically, we verify several clock synchronization algorithms using an interactive proof assistant, in combination with several arithmetic and SAT solvers. Our initial finding has been positive; the use of automated provers helps solving a significant part of the verification problem that deals with real arithmetics (which cannot be handled by the proof assistant) and first-order reasoning. 1

This project aims to demonstrate that it is practical, using existing theorem proving technology, to formally verify industrially significant floating point algorithms and their implementations. Models of such algorithms will be mechanically verified with the hol theorem proving system against precise specifications, often based on real numbers. Industry is sceptical about the value of formal verification. It is hoped that our studies will help convince manufacturers that the potential benefits far outweigh the costs. This could have a tremendous impact on the industrial uptake of `formal methods'. B Scientific/Technological Relevance In most circumstances, even intelligent testing and simulation can still leave considerable doubts as to the correctness of computer systems. This makes formal verification appealing. There are well-rehearsed arguments over the value of verification for safety-critical systems, such as fly-by-wire aircraft, antilock braking systems in cars, radiothera...

A quotient construction defines an abstract type from a concrete type, using an equivalence relation to identify elements of the concrete type that are to be regarded as indistinguishable. The elements of a quotient type are equivalence classes: sets of equivalent concrete values. There are simple techniques for defining and reasoning about functions that operate on equivalence classes. A general lemma library is applied to a definition of the integers from the natural numbers, and then to the definition of a recursive datatype satisfying equational constraints.