In the "little theories" version of the axiomatic method, different portions of mathematics are developed in various different formal axiomatic theories. Axiomatic theories may be related by inclusion or by theory interpretation. We argue that the little theories approach is a desirable way to formalize mathematics, and we describe how imps, an Interactive Mathematical Proof System, supports it.

The concept of locales for Isabelle enables local definition and assumption for interactive mechanical proofs. Furthermore, dependent types are constructed in Isabelle/HOL for first class representation of structure. These two concepts are introduced briefly. Although each of them has proved useful in itself, their real power lies in combination. This paper illustrates by examples from abstract algebra how this combination works and argues that it enables modular reasoning.

Set theory is the standard foundation for mathematics, but the majority of general purpose mechanised proof assistants support versions of type theory (higher order logic). Examples include Alf, Automath, Coq, EHDM, HOL, IMPS, LAMBDA, LEGO, Nuprl, PVS and Veritas. For many applications type theory works well and provides, for specification, the benefits of type-checking that are well-known in programming. However, there are areas where types get in the way or seem unmotivated. Furthermore, most people with a scientific or engineering background already know set theory, whereas type theory may appear inaccessable and so be an obstacle to the uptake of proof assistants based on it. This paper describes some experiments (using HOL) in combining set theory and type theory; the aim is to get the best of both worlds in a single system. Three approaches have been tried, all based on an axiomatically specified type V of ZF-like sets: (i) HOL is used without any additions besides V; (ii) an emb...

. Proof is a programming activity. Consequently programming environments which support proof in the large are required. We describe an environment which supports one area of proof-in-the-large: that of theory management. We present the notion of virtual theories. They give the illusion of multiple active theories allowing the user to switch between different theories at will, proving theorems and making definitions in each. The system ensures that proofs only use resources that are available in the environment of the current virtual theory. The code has been implemented on top of the HOL90 system. A side effect is that a version of autoloading is obtained for HOL90. A more radical feature that is obtained is the autoloading of tools. The system has been tested on part of a real hardware verification proof. Who controls the past controls the future, Who controls the present controls the past. George Orwell, Nineteen Eighty-Four 1 Introduction Interactive, machine-checked proof is ess...

Our work on the verification of real hardware designs using HOL has resulted in very large proof scripts. Consequently, problems were encountered that are not an issue in smaller verification efforts. In particular, we have found that the maintainability of proofs is of paramount importance. There are many reasons why proof scripts in LCF style theorem provers may be reused. This can be in order to maintain and understand old proofs as well as to speed the creation of new ones. Consequently, proofs should be written in styles that ease their maintainability and make them easier to reuse. Furthermore, proof tools and interfaces should be designed with proof reuse as well as proof creation in mind. Many of the problems could be prevented from occurring in the first place with suitable support. 1 Introduction The recent Fairisle switching fabric verification project [3] entailed using HOL [5] to verify real hardware designs. The resulting proofs consist of several hundred theories, the s...