The HOL system is a fully-expansive theorem prover: Proofs generated in the system are composed of applications of the primitive inference rules of the underlying logic. This has two main advantages. First, the soundness of the system depends only on the implementations of the primitive rules. Second, users can be given the freedom to write their own proof procedures without the risk of making the system unsound. A full functional programming language is provided for this purpose. The disadvantage with the approach is that performance is compromised. This is partly due to the inherent cost of fully expanding a proof but, as demonstrated in this thesis, much of the observed inefficiency is due to the way the derived proof procedures are written. This thesis seeks to identify sources of non-inherent inefficiency in the HOL system and proposes some general-purpose and some specialised techniques for eliminating it. One area that seems to be particularly amenable to optimisation is equational reasoning. This is significant because equational reasoning constitutes large portions of many proofs. A number of techniques are proposed that transparently optimise equational reasoning. Existing programs in the HOL system require little or no modification to work faster. The other major contribution of this thesis is a framework in which part of the computation involved in HOL proofs can be postponed. This enables users to make better use of their time. The technique exploits a form of lazy evaluation. The critical feature is the separation of the code that generates the structure of a theorem from the code that justifies it logically. Delaying the justification allows some non-local optimisations to be performed in equational reasoning. None of the techniques sacrifice the securit...

Abstract not found

. We describe an attempt to formalise the semantics of the

The Temporal Logic of Actions is a formalism for reasoning about concurrent and reactive systems. In this paper I present a formulation of TLA in the Isabelle theorem prover, in which I make extensive use of facilities in the Isabelle system for embedding different logics, particularly the syntax for easy axiomatisation of logics and the existence of parsing and printing facilities. I show how these aspects of Isabelle have facilitated the embedding, and describe an example proof done within the implementation. 1 Introduction When applying logical formalisms to reason about computational systems, it is often found useful to have intermediate formalisms and abstractions that make the problem tractable. One may describe a system through a programming language or a hardware description language, or use a mathematical calculus. The Temporal Logic of Actions [8] provides one useful abstraction level. TLA consists of two components: a logic of actions, where an action represents a rel...

By a predicate we mean a term in the HOL logic of type * -? bool, where * can be any type. Boolean connectives, quantifiers and sequents in the HOL logic can all be lifted to operate on predicates. The lifted logical operators and sequents form a Logic of Predicates (LP) whose behavior resembles closely that of the unlifted HOL logic. Of the applications of LP we describe two in some detail: (1) a semantic embedding of Lamport's Temporal Logic of Actions, and (2) an alternative formulation of set theory. The main contribution of this paper is a systematic approach for lifting tactics that works in the unlifted HOL logic to ones that works in LP, so that one can enjoy the rich proof infrastructure of HOL when reasoning in LP. The power of this approach is illustrated by examples from modal and temporal logics. The implementation technique is briefly described. Keyword Codes: F.4.1; I.2.3 Keywords: Mathematical Logic; Deduction and Theorem Proving. 1 A Logic of Predicates By a predicate...

An analysis is given of the conventional dy notation for derivatives that explains it dx as a notational abbreviation for expressions using the simpler binding structure standard in modern formalizations. The Nuprl display system was used to implement examples of such notation. It turns out that the same methods can be used to explain conventional modal logic notations. We construe necessity as a first-order quantifier, in a well known way, then explain standard modal notation as a way simply to display these formulas of a non-modal logic. We contrast the method with the interpretation of necessity as a sentential operator, and also with higher-order interpretations that have been used to interpret temporal logic in HOL. The methods are then applied to a simple first-order temporal logic. The intention is that the user can work in this notation interactively, not just produce it for printing. The methods to be discussed here for formalizing a few mathematical and logical concepts are already well known, or are small variations on well known methods, and are not the true subject of this paper. This paper is about notational enhancements for exploiting those methods, and may also serve as an explanation for some notations that are conventional, but do not obviously conform to the simpler syntax and semantics of current-day computerized formal mathematics. We apply a particular combination of notational devices to a few examples, revealing their notational similarity. We start with Leibniz’s notation for derivatives, dy dx, and end with firstorder temporal logic for programs. These notational methods have been made precise, and implemented in the Nuprl proof development system, 1 where they are meant for use as working notation. These examples were developed within it, although almost none of the mathematics for which these notations were implemented has been carried out in Nuprl. The basic idea: How dy dx works. Suppose Deriv(x. e(x) ; a) is a binding operator used to stand for the derivative, at a, of the function denoted by e(x) in variable x. 2 So, for example,

Abstract. This paper describes a semantic connection between the symbolic trajectory evaluation model-checking algorithm and relational verification in higher-order logic. We prove a theorem that translates correctness results from trajectory evaluation over a four-valued lattice into a shallow embedding of temporal operators over Boolean streams. This translation connects the specialized world of trajectory evaluation to a general-purpose logic and provides the semantic basis for connecting additional decision procedures and model checkers. 1

To the few people who believed I could do it even when I myself didn’t Acknowledgments This dissertation has been shaped by many people, including my teachers, collabo-rators, friends, and family. I would like to take this opportunity to acknowledge the influence they have had in my development as a person and as a scientist. First and foremost, I wish to thank my advisor J Strother Moore. J is an amazing advisor, a marvellous collaborator, an insightful researcher, an empathetic teacher, and a truly great human being. He gave me just the right balance of freedom, encouragement, and direction to guide the course of this research. My stimulating discussions with him made the act of research an experience of pure enjoyment, and helped pull me out of many low ebbs. At one point I used to believe that whenever I was stuck with a problem one meeting with J would get me back on track. Furthermore, my times together with J and Jo during Thanksgivings and other occasions always made me feel part of his family. There was no problem, technical or otherwise, that I could not discuss with J, and there was no time when

Abstract We discuss some of the problems faced when trying to embed modal and temporal logics in a higher-order logic framework, and suggest a technique to obtain a sound embedding of TLA that is highly amenable to mechanized reasoning. 1 Background Formal methods that support the design and verification of nontrivial pieces of hardware or software require computer-based tools to discharge the resulting proof obligations. Such tools have to be readily extensible to accomodate the representation of domainspecific data theories. It is therefore attractive to embed formal methods in standard logical frameworks with adequate theorem-proving capabilities, such as the Larch prover, descendants of the LCF system such as Isabelle or HOL, or the PVS system. In this paper, we describe some of the issues encountered in a representation of Lamport's Temporal Logic of Actions (TLA) in Isabelle.

This thesis deals with the computer-assisted verification of embedded systems described as Input/Output automata. We achieve contributions in two fields: the theory of untimed I/O automata and its tool support. For the latter a combination of the theorem prover Isabelle with model checking is used. Concerning the theory