Results 1 
2 of
2
Towards Selfverification of HOL Light
 In International Joint Conference on Automated Reasoning
, 2006
"... Abstract. The HOL Light prover is based on a logical kernel consisting of about 400 lines of mostly functional OCaml, whose complete formal verification seems to be quite feasible. We would like to formally verify (i) that the abstract HOL logic is indeed correct, and (ii) that the OCaml code does c ..."
Abstract

Cited by 17 (0 self)
 Add to MetaCart
Abstract. The HOL Light prover is based on a logical kernel consisting of about 400 lines of mostly functional OCaml, whose complete formal verification seems to be quite feasible. We would like to formally verify (i) that the abstract HOL logic is indeed correct, and (ii) that the OCaml code does correctly implement this logic. We have performed a full verification of an imperfect but quite detailed model of the basic HOL Light core, without definitional mechanisms, and this verification is entirely conducted with respect to a settheoretic semantics within HOL Light itself. We will duly explain why the obvious logical and pragmatic difficulties do not vitiate this approach, even though it looks impossible or useless at first sight. Extension to include definitional mechanisms seems straightforward enough, and the results so far allay most of our practical worries. 1 Introduction: quis custodiet ipsos custodes? Mathematical proofs are subjected to peer review before publication, but there
The HOL Light manual (1.1)
, 2000
"... ion is in a precise sense a converse operation to application. Given 49 50 CHAPTER 5. PRIMITIVE BASIS OF HOL LIGHT a variable x and a term t, which may or may not contain x, one can construct the socalled lambdaabstraction x: t, which means `the function of x that yields t'. (In HOL's ASCII concr ..."
Abstract

Cited by 6 (0 self)
 Add to MetaCart
ion is in a precise sense a converse operation to application. Given 49 50 CHAPTER 5. PRIMITIVE BASIS OF HOL LIGHT a variable x and a term t, which may or may not contain x, one can construct the socalled lambdaabstraction x: t, which means `the function of x that yields t'. (In HOL's ASCII concrete syntax the backslash is used, e.g. \x. t.) For example, x: x + 1 is the function that adds one to its argument. Abstractions are not often seen in informal mathematics, but they have at least two merits. First, they allow one to write anonymous functionvalued expressions without naming them (occasionally one sees x 7! t[x] used for this purpose), and since our logic is avowedly higher order, it's desirable to place functions on an equal footing with rstorder objects in this way. Secondly, they make variable dependencies and binding explicit; by contrast in informal mathematics one often writes f(x) in situations where one really means x: f(x). We should give some idea of how ordina...