## Source-Level Proof Reconstruction for Interactive Theorem Proving

### Cached

### Download Links

Citations: | 17 - 1 self |

### BibTeX

@MISC{Paulson_source-levelproof,

author = {Lawrence C. Paulson and Kong Woei Susanto},

title = {Source-Level Proof Reconstruction for Interactive Theorem Proving},

year = {}

}

### OpenURL

### Abstract

Abstract. Interactive proof assistants should verify the proofs they receive from automatic theorem provers. Normally this proof reconstruction takes place internally, forming part of the integration between the two tools. We have implemented source-level proof reconstruction: resolution proofs are automatically translated to Isabelle proof scripts. Users can insert this text into their proof development or (if they wish) examine it manually. Each step of a proof is justified by calling Hurd’s Metis prover, which we have ported to Isabelle. A recurrent issue in this project is the treatment of Isabelle’s axiomatic type classes. 1

### Citations

795 |
Isabelle/HOL: A Proof Assistant for Higher-Order Logic, volume 2283
- Nipkow, Paulson, et al.
- 2002
(Show Context)
Citation Context ...Isabelle (§3). There follows a lengthy presentation of how we generate single-step proof scripts (§4), with additional examples (§5). We finally give brief conclusions (§6). 2 Background Isabelle/HOL =-=[14]-=- is an interactive theorem prover for higher-order logic, built upon the Isabelle logical framework [16]. (Henceforth, we shall use Isabelle and Isabelle/HOL synonymously.) Isabelle has been used for ... |

433 | Isabelle: A Generic Theorem Prover
- Paulson
- 1994
(Show Context)
Citation Context ...ith additional examples (§5). We finally give brief conclusions (§6). 2 Background Isabelle/HOL [14] is an interactive theorem prover for higher-order logic, built upon the Isabelle logical framework =-=[16]-=-. (Henceforth, we shall use Isabelle and Isabelle/HOL synonymously.) Isabelle has been used for countless projects, such as the mechanization of the prime number theorem by Avigad et al. [1]. Isabelle... |

358 | How to make ad-hoc polymorphism less ad hoc
- Wadler, Blott
- 1989
(Show Context)
Citation Context ...er-order logic from other versions. In Isabelle, a type may belong to any finite number of type classes. This idea, which gives a controlled treatment of overloading, originates with Wadler and Blott =-=[22]-=-. It is particularly powerful in an interactive theorem prover, where type classes can be specified using axioms [24]. Finite types, for example, can be characterized by an axiom stating that there ex... |

181 |
The Design and Implementation of Vampire
- Riazanov, Voronkov
- 2002
(Show Context)
Citation Context ...uch as functions or booleans being passed as arguments, then it is translated into a first-order form [9]. An automatic theorem prover is then invoked: currently, either E [19], SPASS [23] or Vampire =-=[18]-=-. The prover is given a considerable amount of processor time, perhaps 60 seconds per subgoal. Because this is much longer than users may want to wait, the prover runs in the background, allowing the ... |

133 |
Edinburgh LCF - A mechanised logic of computation
- Gordon, Milner, et al.
- 1979
(Show Context)
Citation Context ...ulson [9] show that using a compact translation improves the external tool’s success rate, but admits the possibility of unsound proofs. Finally, many interactive provers adhere to the LCF philosophy =-=[2]-=- that all inferences must be checked by a small proof kernel. For all of these reasons, the interactive prover must check the automatic tool’s output. This paper concerns proof reconstruction at the s... |

93 | Combining superposition, sorts and splitting
- Weidenbach
- 2001
(Show Context)
Citation Context ...order features such as functions or booleans being passed as arguments, then it is translated into a first-order form [9]. An automatic theorem prover is then invoked: currently, either E [19], SPASS =-=[23]-=- or Vampire [18]. The prover is given a considerable amount of processor time, perhaps 60 seconds per subgoal. Because this is much longer than users may want to wait, the prover runs in the backgroun... |

74 | Type classes and overloading in higher-order logic
- Wenzel
- 1997
(Show Context)
Citation Context ...hich gives a controlled treatment of overloading, originates with Wadler and Blott [22]. It is particularly powerful in an interactive theorem prover, where type classes can be specified using axioms =-=[24]-=-. Finite types, for example, can be characterized by an axiom stating that there exists a list enumerating all of the type’s elements. We can then prove individual types to be finite by exhibiting suc... |

71 | HOL light: A tutorial introduction
- Harrison
- 1996
(Show Context)
Citation Context ...ountless projects, such as the mechanization of the prime number theorem by Avigad et al. [1]. Isabelle’s version of higher-order logic has many similarities with that used in HOL4 [15] and HOL Light =-=[3]-=-. All are based on polymorphic simple type theory, without subtyping or dependent types. Polymorphism is expressed by free type variables with implicit universal quantification, so a theorem like rev ... |

51 | First-Order Proof Tactics in Higher-Order Logic Theorem Provers
- Hurd
- 2003
(Show Context)
Citation Context ...o much with the result. We can now perform proof reconstruction by parsing the output of any ATP that delivers proofs in TSTP format [21]. Each inference is justified by a call to Hurd’s Metis prover =-=[5]-=-. Paper outline. We begin (§2) by presenting the background material: Isabelle and our project to link it with automatic theorem provers. We then describe our experience of porting Metis to Isabelle (... |

47 | System Description: E 0.81
- Schulz
- 2004
(Show Context)
Citation Context ...ains higher-order features such as functions or booleans being passed as arguments, then it is translated into a first-order form [9]. An automatic theorem prover is then invoked: currently, either E =-=[19]-=-, SPASS [23] or Vampire [18]. The prover is given a considerable amount of processor time, perhaps 60 seconds per subgoal. Because this is much longer than users may want to wait, the prover runs in t... |

43 | Integrating Gandalf and HOL
- Hurd
- 1999
(Show Context)
Citation Context ...ne by calling Metis. That project is the main subject of this paper. 3 Porting Metis to Isabelle Hurd has written his Metis prover [5] in order to add further automation to HOL4. He has already shown =-=[4]-=- how difficult it is to harness existing ATPs for this purpose: ambiguities in their output complicate proof reconstruction. Although Metis cannot compete with the best ATPs, it includes a full implem... |

39 | Structured Proofs in Isar/HOL
- Nipkow
(Show Context)
Citation Context ...orphic types. After removing all polymorphic lines, we still have a proof because the final line is monomorphic: it is simply False and has type bool. We output the proof as an Isar structured script =-=[13]-=- of a simple form: a series of assertions and justifications. The script begins with the proof method neg clausify, which negates the subgoal and converts it into clauses. All assertions must be expli... |

34 | Order-sorted polymorphism in Isabelle
- Nipkow
- 1993
(Show Context)
Citation Context ...ified both in the list xs and in the anonymous type of its elements. None of these tools offer explicit quantification over type variables [7]. 2.1 Order-sorted Polymorphism Order-sorted polymorphism =-=[12]-=- distinguishes Isabelle’s version of higher-order logic from other versions. In Isabelle, a type may belong to any finite number of type classes. This idea, which gives a controlled treatment of overl... |

30 | L.C.: Lightweight relevance filtering for machine-generated resolution problems
- Meng, Paulson
- 2009
(Show Context)
Citation Context ...ntain hundreds of clauses; Metis is relatively easy to integrate with interactive theorem provers. However, we foresaw that Metis alone would often be insufficient. We performed extensive experiments =-=[8]-=- with 285 first-order problems. We were able to put nearly all of these problems into a minimal form by using an ATP to identify the necessary axioms. These minimal problems were similar to those that... |

30 | TSTP Data-Exchange Formats for Automated Theorem Proving Tools
- Sutcliffe, Zimmer, et al.
(Show Context)
Citation Context ...ve been able to call external provers from Isabelle but could not do much with the result. We can now perform proof reconstruction by parsing the output of any ATP that delivers proofs in TSTP format =-=[21]-=-. Each inference is justified by a call to Hurd’s Metis prover [5]. Paper outline. We begin (§2) by presenting the background material: Isabelle and our project to link it with automatic theorem prove... |

29 | Automation for interactive proof: First prototype
- Meng, Quigley, et al.
- 2005
(Show Context)
Citation Context ...ness, as the reasoning is broken down into small steps that can be examined by hand.sOur particular interest lies in automatic theorem provers (ATPs) for firstorder logic. We have elsewhere described =-=[11]-=- an interface between Isabelle and resolution theorem provers. Until now, we have been able to call external provers from Isabelle but could not do much with the result. We can now perform proof recon... |

24 | Paul(2007) ‘A formally verified proof of the prime number theorem
- Avigad, Donnelly, et al.
(Show Context)
Citation Context ...ramework [16]. (Henceforth, we shall use Isabelle and Isabelle/HOL synonymously.) Isabelle has been used for countless projects, such as the mechanization of the prime number theorem by Avigad et al. =-=[1]-=-. Isabelle’s version of higher-order logic has many similarities with that used in HOL4 [15] and HOL Light [3]. All are based on polymorphic simple type theory, without subtyping or dependent types. P... |

19 | The HOL logic extended with quantification over type variables
- Melham
- 1993
(Show Context)
Citation Context ...ion, so a theorem like rev (rev xs) = xs is universally quantified both in the list xs and in the anonymous type of its elements. None of these tools offer explicit quantification over type variables =-=[7]-=-. 2.1 Order-sorted Polymorphism Order-sorted polymorphism [12] distinguishes Isabelle’s version of higher-order logic from other versions. In Isabelle, a type may belong to any finite number of type c... |

17 | Translating higher-order problems to first-order clauses
- Meng, Paulson
- 2006
(Show Context)
Citation Context ...iable, errors can easily be introduced in the interface code, which translates problems from the interactive prover to the automatic tool. The translations themselves can be unsound: Meng and Paulson =-=[9]-=- show that using a compact translation improves the external tool’s success rate, but admits the possibility of unsound proofs. Finally, many interactive provers adhere to the LCF philosophy [2] that ... |

9 | Organizing Numerical Theories Using Axiomatic Type Classes
- Paulson
(Show Context)
Citation Context ...as shown how axiomatic type classes allow the various numeric types such as the integers, rationals and reals to be formalized without proving separate instances of algebraic properties for each type =-=[17]-=-. Axiomatic type classes are powerful, but they complicate the task of using external verification tools to prove Isabelle subgoals. For one thing, we must ensure that the automatic tools can reason w... |

1 |
Metis performance benchmarks. http://gilith.com/software/metis/performance.html
- Hurd
- 2004
(Show Context)
Citation Context ... in their output complicate proof reconstruction. Although Metis cannot compete with the best ATPs, it includes a full implementation of the superposition calculus, and its performance is respectable =-=[6]-=-. Metis expresses proofs using five simple inference rules, designed for easy emulation in any interactive proof assistant for higher-order logic. 2 � � A1 . . . An axiom [A1, . . . , An] The axiom ru... |

1 |
The HOL system description. On the Internet at http://hol.sourceforge.net
- Norrish, Slind
- 2007
(Show Context)
Citation Context ...has been used for countless projects, such as the mechanization of the prime number theorem by Avigad et al. [1]. Isabelle’s version of higher-order logic has many similarities with that used in HOL4 =-=[15]-=- and HOL Light [3]. All are based on polymorphic simple type theory, without subtyping or dependent types. Polymorphism is expressed by free type variables with implicit universal quantification, so a... |