## Stateless HOL Dedicated to Roel de Vrijer, in the tradition of Automath

### BibTeX

@MISC{Wiedijk_statelesshol,

author = {Freek Wiedijk},

title = {Stateless HOL Dedicated to Roel de Vrijer, in the tradition of Automath},

year = {}

}

### OpenURL

### Abstract

Abstract. We present a version of the HOL Light system that supports undoing definitions in such a way that this does not compromise the soundness of the logic. In our system the code that keeps track of the constants that have been defined thus far has been moved out of the kernel. This means that the kernel now is purely functional. The changes to the system are small. All existing HOL Light developments can be run by the stateless system with only minor changes. The basic principle behind the system is not to name constants by strings, but by pairs consisting of a string and a definition. This means that the data structures for the terms are all merged into one big graph. OCaml – the implementation language of the system – can use pointer equality to establish equality of data structures fast. This allows the system to run at acceptable speeds. Our system is about 1 6 version of HOL Light. th slower than the stateful

### Citations

130 |
Edinburgh LCF: A mechanised logic of computation
- Gordon, Milner, et al.
- 1979
(Show Context)
Citation Context ... been used for extensive verification of floating point algorithms at Intel [10, 12], as well as for impressive formalizations in mathematics [6, 13]. HOL is a direct descendant of the pioneering LCF =-=[5]-=- system from the seventies. In both LCF and HOL the user is not interacting with the proof assistant through a system specific language, but instead interacts directly with the interpreter of the ML l... |

69 | HOL Light: A tutorial introduction
- Harrison
- 1996
(Show Context)
Citation Context ... acceptable speeds. Our system is about 1 6 version of HOL Light. th slower than the stateful 1 Introduction 1.1 Problem This paper describes a modification to the kernel of John Harrison’s HOL Light =-=[9, 11]-=- proof assistant. Proof assistants are the best route to complete reliability, both in abstract mathematics as well as for verification of computer systems. Among the proof assistants HOL [4] is one o... |

31 | A machine-checked theory of floating point arithmetic
- Harrison
- 1999
(Show Context)
Citation Context ...Isabelle, PVS and ACL2), and among the HOL implementations HOL Light is one of the most interesting ones. HOL Light has both been used for extensive verification of floating point algorithms at Intel =-=[10, 12]-=-, as well as for impressive formalizations in mathematics [6, 13]. HOL is a direct descendant of the pioneering LCF [5] system from the seventies. In both LCF and HOL the user is not interacting with ... |

21 |
Mathematical Logic and Hilbert’s ε-Symbol
- Leisenring
- 1969
(Show Context)
Citation Context ... exist a type corresponding to a state. The trick of making the definitions part of the names of constants occurs in logic regularly. For instance, in Leisenring’s book on the epsilon choice operator =-=[14]-=- the term εx.P[x] takes the place of a constant name for a witness of ∃x.P[x]. That way the completeness theorem can be proved without having to Skolemize first nor without having to add new constants... |

15 |
The HOL Light manual
- Harrison
- 2000
(Show Context)
Citation Context ... acceptable speeds. Our system is about 1 6 version of HOL Light. th slower than the stateful 1 Introduction 1.1 Problem This paper describes a modification to the kernel of John Harrison’s HOL Light =-=[9, 11]-=- proof assistant. Proof assistants are the best route to complete reliability, both in abstract mathematics as well as for verification of computer systems. Among the proof assistants HOL [4] is one o... |

9 |
Formalizing an Analytic Proof of the Prime Number Theorem
- Harrison
- 2008
(Show Context)
Citation Context ...ht is one of the most interesting ones. HOL Light has both been used for extensive verification of floating point algorithms at Intel [10, 12], as well as for impressive formalizations in mathematics =-=[6, 13]-=-. HOL is a direct descendant of the pioneering LCF [5] system from the seventies. In both LCF and HOL the user is not interacting with the proof assistant through a system specific language, but inste... |

8 | Floating-point verification using theorem proving
- Harrison
- 2006
(Show Context)
Citation Context ...Isabelle, PVS and ACL2), and among the HOL implementations HOL Light is one of the most interesting ones. HOL Light has both been used for extensive verification of floating point algorithms at Intel =-=[10, 12]-=-, as well as for impressive formalizations in mathematics [6, 13]. HOL is a direct descendant of the pioneering LCF [5] system from the seventies. In both LCF and HOL the user is not interacting with ... |

7 | The Jordan curve theorem, formally and informally
- Hales
- 2007
(Show Context)
Citation Context ...ht is one of the most interesting ones. HOL Light has both been used for extensive verification of floating point algorithms at Intel [10, 12], as well as for impressive formalizations in mathematics =-=[6, 13]-=-. HOL is a direct descendant of the pioneering LCF [5] system from the seventies. In both LCF and HOL the user is not interacting with the proof assistant through a system specific language, but inste... |

2 |
Freek Wiedijk. Pure type systems without explicit contexts
- Geuvers, Krebbers, et al.
- 2010
(Show Context)
Citation Context ...heorem can be proved without having to Skolemize first nor without having to add new constants. We recently applied the idea of having definitional information be part of names to type theory as well =-=[3]-=-. 1.4 Contribution We present a version of the HOL Light system with the following properties: – The kernel of the system is purely functional. – The system supports undoing definitions in a logically... |

1 |
Design of a proof assistant: Coq version 7
- Filliâtre
- 2000
(Show Context)
Citation Context ...ages like OCaml already have a purely functional kernel. For instance the Coq [1] kernel has been purely functional since version 7, when it was replaced with the version by Jean-Christophe Filliâtre =-=[2]-=-. However one might argue that the kernels of these systems are not really stateless. In those systems the state is an object that the kernel operates on. Also there is not a separate type for well-fo... |

1 |
Implementing Theorem Provers in a Purely Functional Style
- Hanna
- 1999
(Show Context)
Citation Context ...ourse holds automatically. For instance the Veritas system [8] from the eighties was implemented in the purely functional language Miranda, and therefore automatically was purely functional (see also =-=[7]-=-). Even some systems implemented in non-pure languages like OCaml already have a purely functional kernel. For instance the Coq [1] kernel has been purely functional since version 7, when it was repla... |

1 |
The Veritas Proof Assistant
- Hanna, Howells
- 1994
(Show Context)
Citation Context ...e proof assistants already have a purely functional kernel. If a system is implemented in a purely functional language like Haskell this of course holds automatically. For instance the Veritas system =-=[8]-=- from the eighties was implemented in the purely functional language Miranda, and therefore automatically was purely functional (see also [7]). Even some systems implemented in non-pure languages like... |

1 |
et al. The Objective Caml system release 3.11, Documentation and user’s manual
- Leroy
- 2008
(Show Context)
Citation Context ...ssistant through a system specific language, but instead interacts directly with the interpreter of the ML language in which the system has been programmed. In the case of HOL Light this is the OCaml =-=[15]-=- language of Xavier Leroy. For this reason in HOL there is no one keeping track of which theorems still are valid. Once a statement has been presented to the user as proved – by giving2 Freek Wiedijk... |