Tutorial on Isabelle/HOL

More documents

Recommendations

Info

PrefaceThis volume is a self-contained introduction to interactive proof in higherorderlogic (HOL), using the proof assistant Isabelle. It is written for potentialusers rather than for our colleagues in the research world.The book has three parts.– The first part, Elementary Techniques, shows how to model functionalprograms in higher-order logic. Early examples involve lists and the naturalnumbers. Most proofs are two steps long, consisting of induction on achosen variable followed by the auto tactic. But even this elementary partcovers such advanced topics as nested and mutual recursion.– The second part, Logic and Sets, presents a collection of lower-leveltactics that you can use to apply rules selectively. It also describes Isabelle/HOL’streatment of sets, functions and relations and explains how todefine sets inductively. One of the examples concerns the theory of modelchecking, and another is drawn from a classic textbook on formal languages.– The third part, Advanced Material, describes a variety of other topics.Among these are the real numbers, records and overloading. Advancedtechniques for induction and recursion are described. A whole chapter isdevoted to an extended example: the verification of a security protocol.The typesetting relies on Wenzel’s theory presentation tools. An annotatedsource file is run, typesetting the theory in the form of a L A TEX sourcefile. This book is derived almost entirely from output generated in this way.The final chapter of Part I explains how users may produce their own formaldocuments in a similar fashion.Isabelle’s web site 1 contains links to the download area and to documentationand other information. Most Isabelle sessions are now run from withinDavid Aspinall’s wonderful user interface, Proof General 2 , even together withthe X-Symbol 3 package for XEmacs. This book says very little about ProofGeneral, which has its own documentation. In order to run Isabelle, you willneed a Standard ML compiler. We recommend Poly/ML 4 , which is free and1 http://isabelle.in.tum.de/2 http://proofgeneral.inf.ed.ac.uk/3 http://x-symbol.sourceforge.net4 http://www.polyml.org/
viPrefacegives the best performance. The other fully supported compiler is StandardML of New Jersey 5 .This tutorial owes a lot to the constant discussions with and the valuablefeedback from the Isabelle group at Munich: Stefan Berghofer, Olaf Müller,Wolfgang Naraschewski, David von Oheimb, Leonor Prensa Nieto, CorneliaPusch, Norbert Schirmer and Martin Strecker. Stephan Merz was also kindenough to read and comment on a draft version. We received comments fromStefano Bistarelli, Gergely Buday, John Matthews and Tanja Vos.The research has been funded by many sources, including the dfggrants NI 491/2, NI 491/3, NI 491/4, NI 491/6, bmbf project Verisoft,the epsrc grants GR/K57381, GR/K77051, GR/M75440, GR/R01156/01GR/S57198/01 and by the esprit working groups 21900 and IST-1999-29001(the Types project).5 http://www.smlnj.org/index.html
Page 1: Tobias NipkowMarkus WenzelLawrence
Page 5 and 6: viiiContents3.1.3 The simp Method .
Page 7 and 8: xContents6.6 Case Study: Verified M
Page 9 and 10: xiiContents
Page 12 and 13: 1. The Basics1.1 IntroductionThis b
Page 14 and 15: 1.3 Types, Terms and Formulae 5base
Page 16 and 17: 1.4 Variables 71.4 VariablesIsabell
Page 18: 2. Functional Programming in HOLThi
Page 21 and 22: 12 2. Functional Programming in HOL
Page 36 and 37: 3. More Functional ProgrammingThe p
Page 38 and 39: 3.1 Simplification 29could have bee
Page 40 and 41: 3.1 Simplification 31lemma "(let xs
Page 42 and 43: 3.1 Simplification 33lemma "rev [a]
Page 44 and 45: 3.2 Induction Heuristics 35Proof Ge
Page 46 and 47: 3.3 Case Study: Compiling Expressio
Page 48 and 49: 3.4 Advanced Datatypes 39two case-e
Page 50 and 51: apply simp_all3.4 Advanced Datatype
Page 52 and 53:
3.4 Advanced Datatypes 43lemma [sim
Page 54 and 55:
3.4 Advanced Datatypes 45✑◗ ✑
Page 56 and 57:
3.5 Total Recursive Functions: fun
Page 58 and 59:
"ack2 n 0 = Suc n" |"ack2 0 (Suc m)
Page 60:
3.5 Total Recursive Functions: fun
Page 63 and 64:
54 4. Presenting Theoriesdefinition
Page 65 and 66:
56 4. Presenting Theories| Yen nat
Page 67 and 68:
58 4. Presenting Theories4.2.1 Isab
Page 69 and 70:
60 4. Presenting Theoriesheader {*
Page 71 and 72:
62 4. Presenting Theoriestext {*Thi
Page 73 and 74:
64 4. Presenting TheoriesTagged com
Page 76 and 77:
5. The Rules of the GameThis chapte
Page 79:
70 5. The Rules of the GameThe assu
Page 83 and 84:
74 5. The Rules of the Game¬(P →
Page 85 and 86:
76 5. The Rules of the GameOther me
Page 87 and 88:
78 5. The Rules of the Gamere-orien
Page 89 and 90:
80 5. The Rules of the Gamelemma "[
Page 91 and 92:
82 5. The Rules of the GameAs befor
Page 93 and 94:
84 5. The Rules of the Gamelemma "[
Page 95 and 96:
86 5. The Rules of the Game5.10.1 D
Page 97 and 98:
88 5. The Rules of the Game5.11 Som
Page 99 and 100:
90 5. The Rules of the GameThe next
Page 101 and 102:
92 5. The Rules of the Gameit can p
Page 103 and 104:
94 5. The Rules of the Game5.15.1 M
Page 105 and 106:
96 5. The Rules of the Game5.15.2 M
Page 107 and 108:
98 5. The Rules of the Game5.16.1 T
Page 109 and 110:
100 5. The Rules of the Game5.17 Ma
Page 111 and 112:
102 5. The Rules of the GameWe deci
Page 113 and 114:
104 5. The Rules of the Gamegcd ?m1
Page 116 and 117:
6. Sets, Functions and RelationsThi
Page 118 and 119:
6.1 Sets 1096.1.1 Finite Set Notati
Page 120 and 121:
6.2 Functions 111The internal form
Page 122 and 123:
6.3 Relations 1131. ∀ x y. f x =
Page 124 and 125:
Induction over the reflexive transi
Page 126 and 127:
inv_image r f ≡ {(x,y). (f x, f y
Page 128 and 129:
6.6 Case Study: Verified Model Chec
Page 130 and 131:
Page 132 and 133:
6.6.2 Computation Tree Logic — CT
Page 134 and 135:
Page 136:
Page 139 and 140:
130 7. Inductively Defined Setsan e
Page 141 and 142:
132 7. Inductively Defined Sets1. n
Page 143 and 144:
134 7. Inductively Defined Setsindu
Page 145 and 146:
136 7. Inductively Defined SetsNow
Page 147 and 148:
138 7. Inductively Defined Sets7.3.
Page 149 and 150:
140 7. Inductively Defined Setswher
Page 151 and 152:
142 7. Inductively Defined Sets7.3.
Page 153 and 154:
144 7. Inductively Defined Sets| "[
Page 155 and 156:
146 7. Inductively Defined Setstheo
Page 158:
Part IIIAdvanced Material
Page 161 and 162:
152 8. More about TypesThe intuitiv
Page 163 and 164:
154 8. More about Typesthe simplifi
Page 165 and 166:
156 8. More about Typesmore is impl
Page 167 and 168:
158 8. More about TypesThe cases me
Page 169 and 170:
160 8. More about Types8.3 Axiomati
Page 171 and 172:
162 8. More about Typesprefix_def:"
Page 173 and 174:
164 8. More about TypesLinear Order
Page 175 and 176:
166 8. More about Types8.4 NumbersU
Page 177 and 178:
168 8. More about Types2 + n = Suc
Page 179 and 180:
170 8. More about Typeswhen the lef
Page 181 and 182:
172 8. More about Types((c::’a::r
Page 183 and 184:
174 8. More about Types8.5.2 Defini
Page 185 and 186:
176 8. More about TypesThe fact tha
Page 187 and 188:
178 9. Advanced Simplification and
Page 189 and 190:
Page 191 and 192:
Page 193 and 194:
Page 195 and 196:
Page 198 and 199:
10. Case Study: Verifying a Securit
Page 200 and 201:
10.2 Agents and Messages 1911. A
Page 202 and 203:
analz (synth H) = analz H ∪ synth
Page 204 and 205:
10.6 Proving Elementary Properties
Page 206 and 207:
10.7 Proving Secrecy Theorems 197No
Page 208 and 209:
10.7 Proving Secrecy Theorems 199ca
Page 210:
201You know my methods. Apply them!
Page 213 and 214:
204 A. AppendixConstant Type Syntax
Page 215 and 216:
206 BIBLIOGRAPHY[13] Florian Haftma
Page 217 and 218:
Index!, 203?, 203∃! , 203?!, 203&
Page 219 and 220:
210 Index- defining inductively, 12
Page 221 and 222:
212 Index- and fun, 48patterns- hig
show all

Tutorial on Isabelle/HOL

Create successful ePaper yourself

Delete template?

Save as template?