## Formal proof—theory and practice (2008)

Venue: | Notices AMS |

Citations: | 12 - 1 self |

### BibTeX

@INPROCEEDINGS{Harrison08formalproof—theory,

author = {John Harrison},

title = {Formal proof—theory and practice},

booktitle = {Notices AMS},

year = {2008}

}

### OpenURL

### Abstract

Aformal proof is a proof written in a precise artificial language that admits only a fixed repertoire of stylized steps. This formal language is usually designed so that there is a purely mechanical process by which the correctness of a proof in the language can be verified. Nowadays, there are numerous computer programs known as proof assistants that can check, or even partially construct, formal proofs written in their preferred proof language. These can be considered as practical, computer-based realizations of the traditional systems of formal symbolic logic and set theory proposed as foundations for mathematics. Why should we wish to create formal proofs?

### Citations

530 |
P.: The Mythical Man-Month
- BROOKS
- 1975
(Show Context)
Citation Context ...ct programs, and delivering them on time, began to be recognized almost as soon as computers became popular. By the 1970s, the general situation was often referred to as the “Software Crisis”. Brooks =-=[5]-=-, drawing on the experience of managing the design of IBM’s new operating system OS/360, recounted how adding more people to foundering projects often just made things worse, drawing a striking analog... |

136 |
Proofs and refutations: the logic of mathematical discovery
- Lakatos
- 1976
(Show Context)
Citation Context ...ices, edges, and faces of a polyhedron, reveals a succession of concerns over whether apparent problems are errors in a “proof” or indicate unstated assumption about the class of polyhedra considered =-=[15]-=-. Since mathematics is supposed to be an exact science and, at least in its modern incarnation, one with a formal foundation, this situation seems thoroughly lamentable. It is hard to resist the concl... |

129 | Solution of the robbins problem
- Mccune
- 1997
(Show Context)
Citation Context ... for pure first-order logic. Decision procedures have proven useful in verification applications, while proof search has achieved some notable successes in mathematics, such as the solution by McCune =-=[23]-=-, using the automated theorem prover EQP, of the longstanding “Robbins conjecture” concerning the axiomatization of Boolean algebra, which had resisted human mathematicians for some time. However, for... |

87 |
Edinburgh LCF: A Mechanised Logic
- Gordon, Milner, et al.
- 1979
(Show Context)
Citation Context ...s of design can provide a fairly satisfying answer. Some systems satisfy the de Bruijn criterion: they can output a proof that is checkable by a much simpler program. Others based on the LCF approach =-=[10]-=- generate all theorems internally using a small logical kernel: only this is allowed to create objects of the special type “theorem”, just as only the kernel of an operating system is allowed to execu... |

34 |
Mathematics Form and Function
- Lane, Saunders
- 1986
(Show Context)
Citation Context ...f is rigorous when it is (or could be) written out in the first-order predicate languageL(∈) as a sequence of inferences from the axioms ZFC, each inference made according to one of the stated rules. =-=[19]-=- Yet mathematicians seldom make set-theoretic axioms explicit in their work, except for those whose results depend on more “exotic” hypotheses. And there is little use of formal proof, or even formal ... |

19 | Anatomy of the pentium bug
- Pratt
- 1995
(Show Context)
Citation Context ... the system to behave in unintended ways. The consequences of bugs can be quite dramatic: the recall of some early Intel® Pentium® processors owing to a bug in the floating-point division instruction =-=[25]-=-, and the explosion of the Ariane 5 rocket on its maiden voyage as the result of a software bug, were each estimated to have cost around US$500 million. At a more mundane level, many of us who use com... |

17 |
Mechanizing Proof: Computing, Risk, and Trust
- MacKenzie
- 2001
(Show Context)
Citation Context ... of program verification, emphasized the role of machine checking and generation of proofs. The subsequent evolution of automated reasoning has been closely intertwined with verification applications =-=[20]-=-. Automated Reasoning in Theory The idea of reducing reasoning to mechanical calculation is an old dream [21]. Hobbes made explicit the analogy between reasoning and computation in his slogan “Reason ... |

16 |
Computer programs for checking mathematical proofs. Recursive Function Theory
- McCarthy
- 1962
(Show Context)
Citation Context ...ent against formal verification. Rather, we think it further emphasizes the inadequacy of the traditional social process of proof and the need for a formal, computerbased replacement. Indeed McCarthy =-=[22]-=-, one of the earliest proponents of program verification, emphasized the role of machine checking and generation of proofs. The subsequent evolution of automated reasoning has been closely intertwined... |

13 |
A Computer Program for Presburger’s Algorithm. In: Summary of talks presented at the
- Davis
- 1957
(Show Context)
Citation Context ...ts in the late 1950s, most of the interest was in purely automated theorem proving. Perhaps the first theorem prover to be implemented on a computer was a decision procedure for Presburger arithmetic =-=[6]-=-. 1404 Notices of the AMS Volume 55, Number 11Subsequently, research was dominated by proof search algorithms for pure first-order logic. Decision procedures have proven useful in verification applic... |

10 |
Induction and Analogy
- Polya
- 1954
(Show Context)
Citation Context ...His email address isjohnh@ichips. intel.com. lacking obvious logical justification. Yet many great mathematicians like Newton and Euler were clearly self-conscious about a lack of rigor in their work =-=[24]-=-. Following the waves of innovation, there have always followed corresponding periods of retrenchment, analyzing foundations and increasingly adopting a strict axiomatic-deductive style, either to res... |

8 |
Theory of sets, Elements of mathematics
- Bourbaki
- 1968
(Show Context)
Citation Context ... Quite often, lip service is paid to formal logical foundations: …the correctness of a mathematical text is verified by comparing it, more or less explicitly, with the rules of a formalized language. =-=[4]-=- A mathematical proof is rigorous when it is (or could be) written out in the first-order predicate languageL(∈) as a sequence of inferences from the axioms ZFC, each inference made according to one o... |

8 |
A Skeptic’s Approach to Combining HOL
- Harrison, Théry
- 1998
(Show Context)
Citation Context ...lored. For example, computer algebra systems already feature many powerful algorithms for automating mainstream mathematics, which if incorporated in a logically principled way could be very valuable =-=[14]-=-. As proof assistant technology further improves, we can expect it to become increasingly accessible to mathematicians who would like to put the correctness of their proofs beyond reasonable doubt. Re... |

4 |
Is mathematical truth time-dependent
- Grabiner
- 1974
(Show Context)
Citation Context ...iods of retrenchment, analyzing foundations and increasingly adopting a strict axiomatic-deductive style, either to resolve apparent problems or just to make the material easier to teach convincingly =-=[11]-=-; the “ǫ-δ” explanation of limits in calculus is a classic example. Complete formalization is a natural further step in this process of evolution towards greater clarity and precision. To be more conc... |

2 |
Every planar map is four colorable, Bulletin of the American Mathematical Society 82
- Appel, Haken
- 1976
(Show Context)
Citation Context ... the case of the Four-Color Theorem. The first purported proof by Kempe in 1879 was accepted for a decade before it was found to be flawed. It was not until the 1970s that a proof was widely accepted =-=[1]-=-, and even that relied on extensive computer checking which could not feasibly be verified by hand. (Gonthier’s paper in this issue describes the complete formalization of this theorem and its proof.)... |

2 |
Mathematical proofs of computer correctness
- Barwise
- 1989
(Show Context)
Citation Context ...ctness of a program in the manner of any other mathematical theorem, rather than relying on the evidence of particular test situations. The idea of formal verification once aroused heated controversy =-=[3]-=-. One criticism is that we are ultimately interested in confirming that a physical computing system satisfies real-life requirements. What we produce instead is a mathematical proof connecting abstrac... |

2 |
How reliable is a computer-based proof?, The Mathematical Intelligencer 12
- Lam
- 1990
(Show Context)
Citation Context ...of of the Four-Color Theorem and Hales’s proof of the Kepler Conjecture, rely extensively on computer checking of cases. It’s not clear how to bring them within the traditional process of peer review =-=[16]-=-, even supposing one finds the status quo otherwise satisfying. When considering the correctness of a conventional informal proof, it’s a partly subjective question what is to be considered an oversig... |

2 |
Erreurs de mathématiciens: des origines à nos jours., Ancienne Librairie Castaigne
- Lecat
- 1939
(Show Context)
Citation Context ...en that relied on extensive computer checking which could not feasibly be verified by hand. (Gonthier’s paper in this issue describes the complete formalization of this theorem and its proof.) A book =-=[17]-=- written seventy years ago gave 130 pages of errors made by major mathematicians up to 1900. To bring this up to date, we would surely need a much larger volume or even a specialist journal. Mathemati... |

1 |
Water-art problems at Sanssouci— Euler’s involvement in practical hydrodynamics on the eve of ideal flow theory
- Eckert
(Show Context)
Citation Context ...e that Frederick II of Prussia, in a 1778 letter to Voltaire, lays at the door of Euler (and of mathematics generally) was arguably caused instead by his contractors’ failure to follow Euler’s advice =-=[9]-=-: I wanted to have a water jet in my garden: Euler calculated the force of the wheels necessary to raise the water to a reservoir, from where it should fall back through channels, finally spurting out... |

1 |
Proof style, Types for Proofs and Programs: International Workshop TYPES’96
- Harrison
- 1996
(Show Context)
Citation Context ...in other characteristics such as the level of automation and the style in which proof hints or sketches are provided [28]. One interesting dichotomy is between procedural and declarative proof styles =-=[12]-=-. Roughly, in a declarative proof one outlines what is to be proved, for example a series of intermediate assertions that act as waystations between the assumptions and conclusions. By contrast, a pro... |

1 |
verification using theorem proving, Formal Methods for Hardware Verification
- Floating-point
- 2006
(Show Context)
Citation Context ...ormalization of mathematics, pure and applied. In his present role, he has been responsible at Intel for the formal verification of a number of algorithms implementing basic floating-point operations =-=[13]-=-. Work of this kind indicates that formalization of pure mathematics and verification applications are not separate activities, one undertaken for fun and the other for profit, but are intimately conn... |

1 |
Mechanization of Reasoning in a Historical Perspective, volume 43
- Marciszewski, Murawski
- 1995
(Show Context)
Citation Context ...olution of automated reasoning has been closely intertwined with verification applications [20]. Automated Reasoning in Theory The idea of reducing reasoning to mechanical calculation is an old dream =-=[21]-=-. Hobbes made explicit the analogy between reasoning and computation in his slogan “Reason […] is nothing but Reckoning”. This connection was developed more explicitly by Leibniz, who emphasized that ... |