Safety and conservativity of definitions in HOL and Isabelle/HOL

Definitions are traditionally considered to be a safe mechanism for introducing concepts on top of a logic known to be consistent. In contrast to arbitrary axioms, definitions should in principle be treatable as a form of abbreviation, and thus compiled away from the theory without losing provability. In particular, definitions should form a conservative extension of the pure logic. These properties are crucial for modern interactive theorem provers, since they ensure the consistency of the logic, as well as a valid environment for total/certified functional programming. We prove these properties, namely, safety and conservativity, for Higher-Order Logic (HOL), a logic implemented in several mainstream theorem provers and relied upon by thousands of users. Some unique features of HOL, such as the requirement to give non-emptiness proofs when defining new types and the impossibility to unfold type definitions, make the proof of these properties, and also the very formulation of safety, nontrivial. Our study also factors in the essential variation of HOL definitions featured by Isabelle/HOL, a popular member of the HOL-based provers family. The current work improves on recent results which showed a weaker property, consistency of Isabelle/HOL's definitions.

[1]  T. Melham Automating recursive type definitions in higher order logic , 1989 .

[2]  Bruno Barras,et al.  Sets in Coq, Coq in Sets , 2010, J. Formaliz. Reason..

[3]  Thorsten Altenkirch,et al.  Proving Strong Normalization of CC by Modifying Realizability Semantics , 1994, TYPES.

[4]  Andrei Popescu,et al.  Strong Normalization for System F by HOAS on Top of FOAS , 2010, 2010 25th Annual IEEE Symposium on Logic in Computer Science.

[5]  John Harrison,et al.  Towards Self-verification of HOL Light , 2006, IJCAR.

[6]  Markus Wenzel,et al.  Constructive Type Classes in Isabelle , 2006, TYPES.

[7]  Lawrence C. Paulson,et al.  A formulation of the simple theory of types (for Isabelle) , 1990, Conference on Computer Logic.

[8]  Panagiotis Manolios,et al.  Computer-Aided Reasoning: An Approach , 2011 .

[9]  Michael Norrish,et al.  A Brief Overview of HOL4 , 2008, TPHOLs.

[10]  Andrea Asperti,et al.  The Matita Interactive Theorem Prover , 2011, CADE.

[11]  Tjark Weber,et al.  Model-Theoretic Conservative Extension for Definitional Theories , 2017, LSFA.

[12]  Karl Crary,et al.  Flexible type analysis , 1999, ICFP '99.

[13]  Donald Sannella,et al.  Foundations of Algebraic Specification and Formal Software Development , 2012, Monographs in Theoretical Computer Science. An EATCS Series.

[14]  Tobias Nipkow,et al.  A Fully Verified Executable LTL Model Checker , 2013, CAV.

[15]  M. Gordon,et al.  Introduction to HOL: a theorem proving environment for higher order logic , 1993 .

[16]  Markus Wenzel,et al.  Type Classes and Overloading in Higher-Order Logic , 1997, TPHOLs.

[17]  Rob Arthan HOL Constant Definition Done Right , 2014, ITP.

[18]  Alonzo Church,et al.  A formulation of the simple theory of types , 1940, Journal of Symbolic Logic.

[19]  Richard A. Shore Alonzo Church , 1997, Bull. Symb. Log..

[20]  J. H. Geuvers Logics and type systems , 1993 .

[21]  Markus Wenzel,et al.  Isar - A Generic Interpretative Approach to Readable Formal Proof Documents , 1999, TPHOLs.

[22]  D. Turner Total Functional Programming , 2004, J. Univers. Comput. Sci..

[23]  PopescuAndrei,et al.  Safety and conservativity of definitions in HOL and Isabelle/HOL , 2017 .

[24]  Lawrence C. Paulson A Mechanised Proof of Gödel’s Incompleteness Theorems Using Nominal Isabelle , 2015, Journal of Automated Reasoning.

[25]  Magnus O. Myreen,et al.  Self-Formalisation of Higher-Order Logic , 2016, Journal of Automated Reasoning.

[26]  Ramana Kumar,et al.  HOL with Definitions: Semantics, Soundness, and a Verified Implementation , 2014, ITP.

[27]  J. Gallier,et al.  A Proof of Strong Normalization for the Theor y of Constructions Using a Kripke-like Interpretation , 1990 .

[28]  Magnus O. Myreen,et al.  The Reflective Milawa Theorem Prover Is Sound - (Down to the Machine Code That Runs It) , 2014, ITP.

[29]  Thierry Coquand,et al.  A Proof of Strong Normalisation using Domain Theory , 2006, 21st Annual IEEE Symposium on Logic in Computer Science (LICS'06).

[30]  Shankar Natarajan,et al.  The Formal Semantics of PVS , 1999 .

[31]  Michael Norrish,et al.  seL4: formal verification of an operating-system kernel , 2010, Commun. ACM.

[32]  K. Rustan M. Leino,et al.  Dafny: An Automatic Program Verifier for Functional Correctness , 2010, LPAR.

[33]  Andreas Lochbihler,et al.  Verifying a Compiler for Java Threads , 2010, ESOP.

[34]  R. Arthan,et al.  Some Mathematical Case Studies in ProofPower - , 2008 .

[35]  Andrei Popescu,et al.  A Consistent Foundation for Isabelle/HOL , 2015, Journal of Automated Reasoning.

[36]  Brigitte Pientka,et al.  Beluga: A Framework for Programming and Reasoning with Deductive Systems (System Description) , 2010, IJCAR.

[37]  Thierry Coquand,et al.  Normalization by Evaluation for Martin-Lof Type Theory with Typed Equality Judgements , 2007, 22nd Annual IEEE Symposium on Logic in Computer Science (LICS 2007).

[38]  John C. Reynolds,et al.  Types, Abstraction and Parametric Polymorphism , 1983, IFIP Congress.

[39]  Bernhard Beckert,et al.  Deductive Software Verification – The KeY Book , 2016, Lecture Notes in Computer Science.

[40]  Markus Wenzel,et al.  System description: Isabelle/jEdit in 2014 , 2014, UITP.

[41]  Steven Obua,et al.  Checking Conservativity of Overloaded Definitions in Higher-Order Logic , 2006, RTA.

[42]  Tobias Nipkow,et al.  A Proof Assistant for Higher-Order Logic , 2002 .

[43]  Jasmin Christian Blanchette,et al.  Three years of experience with Sledgehammer, a Practical Link Between Automatic and Interactive Theorem Provers , 2012, IWIL@LPAR.

[44]  Michael Norrish Recursive Function Definition for Types with Binders , 2004, TPHOLs.

[45]  Mark Adams Introducing HOL Zero - (Extended Abstract) , 2010, ICMS.

[46]  Frank Pfenning,et al.  System Description: Twelf - A Meta-Logical Framework for Deductive Systems , 1999, CADE.

[47]  Leon Henkin,et al.  The completeness of the first-order functional calculus , 1949, Journal of Symbolic Logic.

[48]  Tobias Nipkow,et al.  Concrete Semantics: With Isabelle/HOL , 2014 .

[49]  Andrei Popescu,et al.  A Formalized General Theory of Syntax with Bindings , 2017, ITP.

[50]  Freek Wiedijk Stateless HOL , 2009, TYPES.

[51]  Andrei Popescu,et al.  Foundational, Compositional (Co)datatypes for Higher-Order Logic: Category Theory Applied to Theorem Proving , 2012, 2012 27th Annual IEEE Symposium on Logic in Computer Science.

[52]  Tobias Nipkow,et al.  Type Classes and Overloading Resolution via Order-Sorted Unification , 1991, FPCA.

[53]  Andrei Popescu,et al.  Recursion principles for syntax with bindings and substitution , 2011, ICFP '11.

[54]  Andrei Popescu,et al.  Truly Modular (Co)datatypes for Isabelle/HOL , 2014, ITP.

[55]  Andrei Popescu,et al.  From Types to Sets by Local Type Definitions in Higher-Order Logic , 2016, ITP.

[56]  Ondrej Kuncar Correctness of Isabelle's Cyclicity Checker: Implementability of Overloading in Proof Assistants , 2015, CPP.

[57]  Andrei Popescu,et al.  Comprehending Isabelle/HOL's Consistency , 2017, ESOP.

[58]  John Harrison,et al.  HOL Light: An Overview , 2009, TPHOLs.

[59]  Karl Crary,et al.  Intensional polymorphism in type-erasure semantics , 1998, ICFP '98.

[60]  John Harrison,et al.  HOL Light: A Tutorial Introduction , 1996, FMCAD.

[61]  Alexander Krauss,et al.  Automating recursive definitions and termination proofs in higher-order logic , 2009 .

[62]  Yves Bertot,et al.  Interactive Theorem Proving and Program Development: Coq'Art The Calculus of Inductive Constructions , 2010 .

[63]  Ulf Norell,et al.  A Brief Overview of Agda - A Functional Language with Dependent Types , 2009, TPHOLs.