## The Ergo 5 Generic Proof Engine (1997)

Citations: | 2 - 0 self |

### BibTeX

@TECHREPORT{Utting97theergo,

author = {Mark Utting},

title = {The Ergo 5 Generic Proof Engine},

institution = {},

year = {1997}

}

### OpenURL

### Abstract

This paper describes the design principles and the architecture of the latest version of the Ergo proof engine, Ergo 5. Ergo 5 is a generic interactive theorem prover, similar to Isabelle, but based on sequent calculus rather than natural deduction and with a quite different approach to handling variable scoping. An efficient implementation of Ergo 5, based on Qu-Prolog, is also described, together with some benchmark results.

### Citations

509 |
Programming from Specifications
- Morgan
(Show Context)
Citation Context ...s by giving schemas a semantic model in a ZFC theory based on classical predicate calculus, whereas the program refinement tool project [CHN + 96b] uses a modal logic to model the refinement calculus =-=[Mor94]-=-. Ergo 5 is the latest in a series of proof tools designed to fulfill these reasoning requirements. Our design goals included the following. 1. Provide a generic interactive proof tool that supports a... |

312 | Formal Verification for Fault-Tolerant Architectures: Prolegomena to the Design of PVS
- Owre, Rushby, et al.
- 1995
(Show Context)
Citation Context ... ask, why build yet another interactive proof tool? Why not use an existing tool? There are several excellent interactive theorem provers freely available, including Isabelle [Law94], HOL [GM93], PVS =-=[ORSvH95]-=-, Mural [JJLM91] and ACL2 [KM94]. The one that comes closest to meeting the above requirements is Isabelle. However, at the time that we started designing Ergo 5 (early 1995), Isabelle did not produce... |

273 |
Investigations into logical deduction
- Gentzen
- 1969
(Show Context)
Citation Context ... ; ::: p(x )] can be abbreviated to [x : T ; p(x )]. With these shorthands, hyp+++[A,B] is equivalent to: hyp === hyp(ConclId) +++ [ ::: A,s::: B] . As a larger example, Gentzen's or elimination rule =-=[Gen69]-=- would be written as rule orelim === A or B, hyp+++[A] ---? C, hyp+++[B] ---? C ------------------------ C. Assuming that the current logic has exactly one kind of context list, called hyp, this is eq... |

202 |
Melham, editors. Introduction to HOL: A Theorem Proving Environment for Higher Order Logic
- Gordon, F
- 1993
(Show Context)
Citation Context ...propriate to ask, why build yet another interactive proof tool? Why not use an existing tool? There are several excellent interactive theorem provers freely available, including Isabelle [Law94], HOL =-=[GM93]-=-, PVS [ORSvH95], Mural [JJLM91] and ACL2 [KM94]. The one that comes closest to meeting the above requirements is Isabelle. However, at the time that we started designing Ergo 5 (early 1995), Isabelle ... |

173 |
Logic and Computation: Interactive proof with Cambridge LCF
- Paulson
- 1987
(Show Context)
Citation Context ... Engine Architecture The Ergo 5 architecture can be regarded as a development of the Isabelle theorem prover [Pau86]. Isabelle is a generic successor to the LCF family of tactic-based theorem provers =-=[Pau87]-=-. Experience with Isabelle has demonstrated that it is sufficiently generic to model many different styles of reasoning, including natural deduction, sequent calculi [Law94] and window inference [Sta9... |

172 |
A unification Algorithm for Typed !-calculus
- Huet
- 1975
(Show Context)
Citation Context ...tions in various ways: leaving them as constraints, choosing a particular solution based on how the variables are used in the proof, or returning a series of possible unifiers (e.g., Huet's algorithm =-=[Hue75]-=-). 7 The Qu-Prolog substitution notation [T/x]B stands for the term B with all free occurences of x correctly replaced by T, where correctly means that capture of variables free in T by bindings in B ... |

103 | A Prolog Technology Theorem Prover: Implementation by an Extended Prolog Compiler
- Stickel
- 1988
(Show Context)
Citation Context ... Ergo proof engine in some way? 3.1 Advantages and Disadvantages of using Prolog There are several reasons why using the Prolog proof engine would be attractive for the proposed architecture. Stickel =-=[Sti88]-=- identifies three main aspects of Prolog implementation technology that make it a highly efficient theorem prover. By modifying Prolog systems in ways that preserve these three aspects, he has built h... |

89 | mural: A Formal Development Support System
- Jones, Jones, et al.
- 1991
(Show Context)
Citation Context ...et another interactive proof tool? Why not use an existing tool? There are several excellent interactive theorem provers freely available, including Isabelle [Law94], HOL [GM93], PVS [ORSvH95], Mural =-=[JJLM91]-=- and ACL2 [KM94]. The one that comes closest to meeting the above requirements is Isabelle. However, at the time that we started designing Ergo 5 (early 1995), Isabelle did not produce explicit proof ... |

55 | Natural deduction as higher-order resolution
- Paulson
- 1986
(Show Context)
Citation Context ...f construction (based on ANGEL [MGW96]), are beyond the scope of this paper. 2 Ergo 5 Proof Engine Architecture The Ergo 5 architecture can be regarded as a development of the Isabelle theorem prover =-=[Pau86]-=-. Isabelle is a generic successor to the LCF family of tactic-based theorem provers [Pau87]. Experience with Isabelle has demonstrated that it is sufficiently generic to model many different styles of... |

48 |
Formalizing a hierarchical structure of practical mathematical reasoning
- Robinson, Staples
- 1993
(Show Context)
Citation Context ...oncepts. We want to be able to prove derived rules, as well as use them. 6. Provide good support for window inference, which was originally proposed as an inference scheme for general theorem proving =-=[RS93]-=-, but has also been found to be an ideal basis for program refinement [NH96, CHN + 96a, Gru92]. Window inference emphasizes transformation with respect to some preorder relation, such as refinement (v... |

30 | A simplified proof method for elementary logic - Kanger - 1983 |

28 | Generic automatic proof tools
- Paulson
- 1997
(Show Context)
Citation Context ...more, the speed of most inferences in Ergo 5 is independent of the size of the context lists and the number of variables in the proof, whereas Ergo 4.2 slowed down dramatically as these increased. In =-=[Pau97], Paulson -=-states that Isabelle can perform "a few hundred inferences per second" on a Sun SuperSPARC Model 61, which is roughly similar to the SPARC system used for the above Ergo results. On a 133Mhz... |

27 | Ergo user manual
- Utting, Whitwell
- 1994
(Show Context)
Citation Context ...t information during transformation of subterms. 7. Generalize window inference to more easily handle different kinds of context, rather than just a single kind. For example, earlier versions of Ergo =-=[UW94]-=- support only implication assumptions and the HOL implementation of window inference [Gru91] supports only derivability assumptions. That is, the window (Context ; Focus ; Reln; Goal) represents Conte... |

24 | Formalized mathematics - Harrison - 1996 |

22 | A window inference tool for refinement - Grundy - 1992 |

19 |
Window inference in the hol system
- Grundy
- 1991
(Show Context)
Citation Context ...ily handle different kinds of context, rather than just a single kind. For example, earlier versions of Ergo [UW94] support only implication assumptions and the HOL implementation of window inference =-=[Gru91]-=- supports only derivability assumptions. That is, the window (Context ; Focus ; Reln; Goal) represents Context ) (Focus Reln Goal) in Ergo 4, but Context ` (Focus Reln Goal) in the HOL implementation ... |

9 |
Numerical Calculus
- Eudoxus, Martin
- 1993
(Show Context)
Citation Context ...eory database, support for theory interpretation and instantiation [HNTU96, UNT96], details of the textual and graphical user interfaces and the tactic language for proof construction (based on ANGEL =-=[MGW96]-=-), are beyond the scope of this paper. 2 Ergo 5 Proof Engine Architecture The Ergo 5 architecture can be regarded as a development of the Isabelle theorem prover [Pau86]. Isabelle is a generic success... |

8 | Program window inference - Nickson, Hayes - 1995 |

8 | Supporting contexts in program refinement
- Nickson, Hayes
- 1997
(Show Context)
Citation Context ... ` (Focus Reln Goal) in the HOL implementation of window inference. We want an architecture that can easily support both, as well as other types of assumptions that are specific to program refinement =-=[NH96]-=-. 8. Provide support for the development of proof tactics. 2 9. Provide support for modern graphical user interfaces and proof visualization tools. Before describing Ergo 5, it is appropriate to ask, ... |

7 |
The Cogito tool architecture
- Bloesch, Traynor
- 1995
(Show Context)
Citation Context ...us aspects and approaches. To gain synergy, we want a common proof tool for all the projects, even though they have differing requirements and use a variety of logics. For instance, the Cogito system =-=[BT96]-=- supports reasoning about Z specifications by giving schemas a semantic model in a ZFC theory based on classical predicate calculus, whereas the program refinement tool project [CHN + 96b] uses a moda... |

7 | Higher level meta programming in Qu-Prolog 3.0 - Cheng, Robinson, et al. - 1991 |

6 | The Qu-Prolog unification algorithm: formalisation and correctness - Nickolas, Robinson - 1996 |

4 | Interpretation and Instantiation of Theories for Reasoning about Formal Specifications
- Hamilton, Nickson, et al.
- 1996
(Show Context)
Citation Context ...ffl We wanted sophisticated theory construction facilities, such as theory interpretation, separate name spaces and support for delayed proof of postulates. These facilities already existed in Ergo 4 =-=[HNTU96]-=-, so we wanted to reuse them. In fact, we were able to build Ergo 5 by simply slotting in a new proof engine, leaving most of the theory facilities of Ergo 4 unchanged. ffl We had experimented with bu... |

4 | Annotations in formal specifications and proofs - Kalvala - 1994 |

4 | Theory structuring in Ergo 4:1 - Utting, Traynor - 1996 |

1 | Annotation issues in Isabelle - Kalvala - 1995 |

1 |
Design goals for ACL2. CLI
- Kaufmann, Moore
- 1994
(Show Context)
Citation Context ...tive proof tool? Why not use an existing tool? There are several excellent interactive theorem provers freely available, including Isabelle [Law94], HOL [GM93], PVS [ORSvH95], Mural [JJLM91] and ACL2 =-=[KM94]-=-. The one that comes closest to meeting the above requirements is Isabelle. However, at the time that we started designing Ergo 5 (early 1995), Isabelle did not produce explicit proof records, which w... |

1 |
with contributions by Tobias Nipkow. Isabelle: A Generic Theorem
- Paulson
- 1994
(Show Context)
Citation Context ...o 5, it is appropriate to ask, why build yet another interactive proof tool? Why not use an existing tool? There are several excellent interactive theorem provers freely available, including Isabelle =-=[Law94]-=-, HOL [GM93], PVS [ORSvH95], Mural [JJLM91] and ACL2 [KM94]. The one that comes closest to meeting the above requirements is Isabelle. However, at the time that we started designing Ergo 5 (early 1995... |

1 |
Implicit parameters in qu-prolog: a logical approach to state-based computation
- Robinson, Nickolas, et al.
- 1998
(Show Context)
Citation Context ..., where correctly means that capture of variables free in T by bindings in B is avoided by suitable changes of bound variables. 21 ffl It provides a set of global variables called implicit parameters =-=[RNS98]-=-, with an assignment operation that is automatically undone on backtracking. These implicit parameters turn out to be ideal for representing the explicit proof trees of our architecture, as described ... |

1 |
Window inference in Isabelle. Presented at the Isabelle Users Workshop
- Staples
- 1995
(Show Context)
Citation Context ...au87]. Experience with Isabelle has demonstrated that it is sufficiently generic to model many different styles of reasoning, including natural deduction, sequent calculi [Law94] and window inference =-=[Sta95]-=-. One of the main advances made by Isabelle was its representation of inference rules as data, rather than as ML functions like the LCF provers. This gives more flexibility in the way that inference r... |

1 |
Using proof schemes in theorem proving
- Traynor
- 1994
(Show Context)
Citation Context ...milton, New Zealand. Email: marku@cs.waikato.ac.nz 1 other kinds of proofs, such as allowing proofs to be displayed in various formats, transformed into tactics, edited and reused within other proofs =-=[Tra94]-=-. 3. Support for schematic proofs, with constraints on the schematic variables. For example, we want to be able to prove theorems like: (8 x (A ) B)) , (A ) (8 x B)) provided x not free in A 4. Suppor... |