towards smart proof search for isabelleaitp-conference.org/2017/slides/yutaka_aitp2017.pdf · 19...
TRANSCRIPT
![Page 1: Towards Smart Proof Search for Isabelleaitp-conference.org/2017/slides/yutaka_aitp2017.pdf · 19 Towards Smart Proof Search. | Yutaka Nagashima PaMpeR: Proof Method Recommendation](https://reader034.vdocument.in/reader034/viewer/2022043011/5fa56fa2c0cbf0450f100306/html5/thumbnails/1.jpg)
www.csiro.au
Towards Smart Proof Search for IsabellePSL and all thatYutaka Nagashima | Trustworthy System Research GroupMarch 2017
formerly known as
NICTA
until last week
![Page 2: Towards Smart Proof Search for Isabelleaitp-conference.org/2017/slides/yutaka_aitp2017.pdf · 19 Towards Smart Proof Search. | Yutaka Nagashima PaMpeR: Proof Method Recommendation](https://reader034.vdocument.in/reader034/viewer/2022043011/5fa56fa2c0cbf0450f100306/html5/thumbnails/2.jpg)
• Click to edit Master text styles• Second level– Third level– Fourth level• Fifth level
Presentation title | Presenter name
Example proof at Data61
2
taken from:https://github.com/seL4/seL4
![Page 3: Towards Smart Proof Search for Isabelleaitp-conference.org/2017/slides/yutaka_aitp2017.pdf · 19 Towards Smart Proof Search. | Yutaka Nagashima PaMpeR: Proof Method Recommendation](https://reader034.vdocument.in/reader034/viewer/2022043011/5fa56fa2c0cbf0450f100306/html5/thumbnails/3.jpg)
Towards Smart Proof Search. | Yutaka Nagashima
PSL and try-hard for Isabelle/HOLThe percentage of automatically proved obligations out of 1526
proof obligations (timeout = 300s)
0%
25%
50%
75%
100%
try_hard sledgehammer
3
Part 1
73%
57%20%16%
28% Part 2
Not specific to Isabelle!
Other ITPs / Logic Programming
![Page 4: Towards Smart Proof Search for Isabelleaitp-conference.org/2017/slides/yutaka_aitp2017.pdf · 19 Towards Smart Proof Search. | Yutaka Nagashima PaMpeR: Proof Method Recommendation](https://reader034.vdocument.in/reader034/viewer/2022043011/5fa56fa2c0cbf0450f100306/html5/thumbnails/4.jpg)
Towards Smart Proof Search. | Yutaka Nagashima4
Isabelle/HOL before PSL
tactic / sub-tool
proof goal context
no sub-goal!subgoals
error-message It's blatantly clear You stupid machine, that what I tell you is true (Michael Norrish)
![Page 5: Towards Smart Proof Search for Isabelleaitp-conference.org/2017/slides/yutaka_aitp2017.pdf · 19 Towards Smart Proof Search. | Yutaka Nagashima PaMpeR: Proof Method Recommendation](https://reader034.vdocument.in/reader034/viewer/2022043011/5fa56fa2c0cbf0450f100306/html5/thumbnails/5.jpg)
Towards Smart Proof Search. | Yutaka Nagashima5
PSL (Proof Strategy Language)
PSL
meta-tool approach
programming language
extensible(Eisbach)
tacticsquickcheck
runtime tactic generation
extensive proof search
low memory usage
efficient proof generation
native Isabelle proof script
sledgehammer
parallel search
almost no code clutter!!
![Page 6: Towards Smart Proof Search for Isabelleaitp-conference.org/2017/slides/yutaka_aitp2017.pdf · 19 Towards Smart Proof Search. | Yutaka Nagashima PaMpeR: Proof Method Recommendation](https://reader034.vdocument.in/reader034/viewer/2022043011/5fa56fa2c0cbf0450f100306/html5/thumbnails/6.jpg)
Towards Smart Proof Search. | Yutaka Nagashima6
Isabelle/HOL with PSL
strategy
proof goal
context
efficient tacticproved theorem /
subgoals / message
PSL
tactic / sub-tool
proof goal context
Much less interaction with Isabelle.
![Page 7: Towards Smart Proof Search for Isabelleaitp-conference.org/2017/slides/yutaka_aitp2017.pdf · 19 Towards Smart Proof Search. | Yutaka Nagashima PaMpeR: Proof Method Recommendation](https://reader034.vdocument.in/reader034/viewer/2022043011/5fa56fa2c0cbf0450f100306/html5/thumbnails/7.jpg)
PSL and all that. | Yutaka Nagashima
Tactics 1
7
preprocesgoal
Case 2
goal
goal goalimp
subgoal 1
Case 3
imp subgoal 2 goalimpimptactic
new goal
Case 1
imp goal
False Pimp
principle of explosion
![Page 8: Towards Smart Proof Search for Isabelleaitp-conference.org/2017/slides/yutaka_aitp2017.pdf · 19 Towards Smart Proof Search. | Yutaka Nagashima PaMpeR: Proof Method Recommendation](https://reader034.vdocument.in/reader034/viewer/2022043011/5fa56fa2c0cbf0450f100306/html5/thumbnails/8.jpg)
PSL and all that. | Yutaka Nagashima
[ ], ,Tactics 2
8
tactic
preprocesgoal
new goal
Case 1
imp goal
Case 2
goal
goal goalimp
Case 3
imp subgoal 2 goalimpimpsubgoal 1
: thm
![Page 9: Towards Smart Proof Search for Isabelleaitp-conference.org/2017/slides/yutaka_aitp2017.pdf · 19 Towards Smart Proof Search. | Yutaka Nagashima PaMpeR: Proof Method Recommendation](https://reader034.vdocument.in/reader034/viewer/2022043011/5fa56fa2c0cbf0450f100306/html5/thumbnails/9.jpg)
PSL and all that. | Yutaka Nagashima
[ ]Tactics 2
9
tactic
preprocesgoal
Case 4 (failure = empty list)
goal goalimp
![Page 10: Towards Smart Proof Search for Isabelleaitp-conference.org/2017/slides/yutaka_aitp2017.pdf · 19 Towards Smart Proof Search. | Yutaka Nagashima PaMpeR: Proof Method Recommendation](https://reader034.vdocument.in/reader034/viewer/2022043011/5fa56fa2c0cbf0450f100306/html5/thumbnails/10.jpg)
PSL and all that. | Yutaka Nagashima
Tactics 3
10
fun tactic :: thm -> [ thm ]
inductsimpauto
[ , ,…]tacticgoal :: thm goal 1:: thm goal 2 :: thm
Lazy
simp autoOR
THENinduct auto
REPEAT simp
![Page 11: Towards Smart Proof Search for Isabelleaitp-conference.org/2017/slides/yutaka_aitp2017.pdf · 19 Towards Smart Proof Search. | Yutaka Nagashima PaMpeR: Proof Method Recommendation](https://reader034.vdocument.in/reader034/viewer/2022043011/5fa56fa2c0cbf0450f100306/html5/thumbnails/11.jpg)
Towards Smart Proof Search. | Yutaka Nagashima
[ ,…]goal 1-1 [ ]
tactic1[ , ,…]goal 1
tactic2
goal 2
Tactical (THEN)
11
goal :: thm
THENtactic1 tactic2
tactic2
@[ ,…]@[…goal 2-1
tactic2
giant tactic?
![Page 12: Towards Smart Proof Search for Isabelleaitp-conference.org/2017/slides/yutaka_aitp2017.pdf · 19 Towards Smart Proof Search. | Yutaka Nagashima PaMpeR: Proof Method Recommendation](https://reader034.vdocument.in/reader034/viewer/2022043011/5fa56fa2c0cbf0450f100306/html5/thumbnails/12.jpg)
Towards Smart Proof Search. | Yutaka Nagashima
Giant tactic
12
problem 2: Giant tactics are too slow!
problem 1: Default tactics are too weak!
problem 3: Sledgehammer and quick-check are not tactics!
giant tactic?
force autosimp fastOR OR OR
![Page 13: Towards Smart Proof Search for Isabelleaitp-conference.org/2017/slides/yutaka_aitp2017.pdf · 19 Towards Smart Proof Search. | Yutaka Nagashima PaMpeR: Proof Method Recommendation](https://reader034.vdocument.in/reader034/viewer/2022043011/5fa56fa2c0cbf0450f100306/html5/thumbnails/13.jpg)
Towards Smart Proof Search. | Yutaka Nagashimanon-determinism
Thens [Dynamic(Induct), Auto, IsSolved]
13
(InductA ++ InductB ++ …) THEN auto THEN is_solvedgoal
Dynamic ( Induct )
Auto
IsSolved
sequential combination
(THEN)
runtime interpretation
![Page 14: Towards Smart Proof Search for Isabelleaitp-conference.org/2017/slides/yutaka_aitp2017.pdf · 19 Towards Smart Proof Search. | Yutaka Nagashima PaMpeR: Proof Method Recommendation](https://reader034.vdocument.in/reader034/viewer/2022043011/5fa56fa2c0cbf0450f100306/html5/thumbnails/14.jpg)
Towards Smart Proof Search. | Yutaka Nagashima
Monadic interpretation
14
goal
Dynamic ( Induct )
Auto
IsSolved
type tactic = thm -> thm Seq.seq type ‘a tactic = ‘a -> ‘a monad
writer monad + non-deterministic monad
efficient proof scripts
as “state”
pointer?
explicit tree construction?
![Page 15: Towards Smart Proof Search for Isabelleaitp-conference.org/2017/slides/yutaka_aitp2017.pdf · 19 Towards Smart Proof Search. | Yutaka Nagashima PaMpeR: Proof Method Recommendation](https://reader034.vdocument.in/reader034/viewer/2022043011/5fa56fa2c0cbf0450f100306/html5/thumbnails/15.jpg)
Towards Smart Proof Search. | Yutaka Nagashima
Sledgehammer as tactic
15
They work on Proof.state not on thm.
problem 3: Sledgehammer and quick-check are not tactics!
type ‘a tactic = 'a -> ‘a nondet_state_monad
type tactic = P.state -> P.state nondet_state_monad
persistant hammering
Thens [Dyn (Induct), Thens[Hammer+ , IsSolved]]
parallel
PThenOne
![Page 16: Towards Smart Proof Search for Isabelleaitp-conference.org/2017/slides/yutaka_aitp2017.pdf · 19 Towards Smart Proof Search. | Yutaka Nagashima PaMpeR: Proof Method Recommendation](https://reader034.vdocument.in/reader034/viewer/2022043011/5fa56fa2c0cbf0450f100306/html5/thumbnails/16.jpg)
PSL and all that. | Yutaka Nagashima
try_hard: the default strategy
16
strategy Basic = Ors [ Auto_Solve, Blast_Solve, FF_Solve, Thens [IntroClasses, Auto_Solve], Thens [Transfer, Auto_Solve], Thens [Normalization, IsSolved], Thens [DInduct, Auto_Solve], Thens [Hammer, IsSolved], Thens [DCases, Auto_Solve], Thens [DCoinduction, Auto_Solve], Thens [Auto, RepeatN(Hammer), IsSolved], Thens [DAuto, IsSolved]]
strategy Try_Hard =Ors [Thens [Subgoal, Basic], Thens [DInductTac, Auto_Solve], Thens [DCaseTac, Auto_Solve], Thens [Subgoal, Advanced], Thens [DCaseTac, Solve_Many], Thens [DInductTac, Solve_Many] ]
![Page 17: Towards Smart Proof Search for Isabelleaitp-conference.org/2017/slides/yutaka_aitp2017.pdf · 19 Towards Smart Proof Search. | Yutaka Nagashima PaMpeR: Proof Method Recommendation](https://reader034.vdocument.in/reader034/viewer/2022043011/5fa56fa2c0cbf0450f100306/html5/thumbnails/17.jpg)
PSL:Demo
![Page 18: Towards Smart Proof Search for Isabelleaitp-conference.org/2017/slides/yutaka_aitp2017.pdf · 19 Towards Smart Proof Search. | Yutaka Nagashima PaMpeR: Proof Method Recommendation](https://reader034.vdocument.in/reader034/viewer/2022043011/5fa56fa2c0cbf0450f100306/html5/thumbnails/18.jpg)
Towards Smart Proof Search. | Yutaka Nagashima
PSL and try-hard for Isabelle/HOLThe percentage of automatically proved obligations out of 1526
proof obligations (timeout = 300s)
0%
25%
50%
75%
100%
try_hard sledgehammer
18
Part 1
73%
57%20%16%
28% Part 2try_smart
![Page 19: Towards Smart Proof Search for Isabelleaitp-conference.org/2017/slides/yutaka_aitp2017.pdf · 19 Towards Smart Proof Search. | Yutaka Nagashima PaMpeR: Proof Method Recommendation](https://reader034.vdocument.in/reader034/viewer/2022043011/5fa56fa2c0cbf0450f100306/html5/thumbnails/19.jpg)
Towards Smart Proof Search. | Yutaka Nagashima19
PaMpeR: Proof Method Recommendation System
proof method recommendation::
(proof method * double) list
PaMpeR
strategy
proof goal
context
ProofData Base
assertions
proof goal
context
RegressionAlgorithm
proof goal and context as a vector of boolean values
e.g. AFP & seL4
?
huge and complex
Type class mechanism?Recursively defined constant?
![Page 20: Towards Smart Proof Search for Isabelleaitp-conference.org/2017/slides/yutaka_aitp2017.pdf · 19 Towards Smart Proof Search. | Yutaka Nagashima PaMpeR: Proof Method Recommendation](https://reader034.vdocument.in/reader034/viewer/2022043011/5fa56fa2c0cbf0450f100306/html5/thumbnails/20.jpg)
PaMpeR:DemoAffine_Arithmetic/Affine_Approximation
![Page 21: Towards Smart Proof Search for Isabelleaitp-conference.org/2017/slides/yutaka_aitp2017.pdf · 19 Towards Smart Proof Search. | Yutaka Nagashima PaMpeR: Proof Method Recommendation](https://reader034.vdocument.in/reader034/viewer/2022043011/5fa56fa2c0cbf0450f100306/html5/thumbnails/21.jpg)
Towards Smart Proof Search. | Yutaka Nagashima21
efficient tactic
PSL
tactic / sub-tool
proof goal context
Even better than PSL.
proof goal context
try_smart
small strategy
proof goal context
Future work: try-hard to try-smart
runtime tactic generationstate monad transformer
PaMpeR
![Page 22: Towards Smart Proof Search for Isabelleaitp-conference.org/2017/slides/yutaka_aitp2017.pdf · 19 Towards Smart Proof Search. | Yutaka Nagashima PaMpeR: Proof Method Recommendation](https://reader034.vdocument.in/reader034/viewer/2022043011/5fa56fa2c0cbf0450f100306/html5/thumbnails/22.jpg)
Towards Smart Proof Search. | Yutaka Nagashima22
Isabelle/PSL on Github (https://github.com/data61/PSL)
Leave a star if you like.
Lean/PSL coming soon(?)
Isabelle/PaMpeR on Github (still work in progress)
I want you to use PSL / adopt the idea
![Page 23: Towards Smart Proof Search for Isabelleaitp-conference.org/2017/slides/yutaka_aitp2017.pdf · 19 Towards Smart Proof Search. | Yutaka Nagashima PaMpeR: Proof Method Recommendation](https://reader034.vdocument.in/reader034/viewer/2022043011/5fa56fa2c0cbf0450f100306/html5/thumbnails/23.jpg)
www.csiro.au
Thank YouTS/ProofEngineeringYutaka Nagashima Engineer