From LCF to Isabelle/HOL

Interactive theorem provers have developed dramatically over the past four decades, from primitive beginnings to today’s powerful systems. Here, we focus on Isabelle/HOL and its distinctive strengths. They include automatic proof search, borrowing techniques from the world of first order theorem proving, but also the automatic search for counterexamples. They include a highly readable structured language of proofs and a unique interactive development environment for editing live proof documents. Everything rests on the foundation conceived by Robin Milner for Edinburgh LCF: a proof kernel, using abstract types to ensure soundness and eliminate the need to store proofs. Compared with the research prototypes of the 1970s, Isabelle is a practical and versatile tool. It is used by system designers, mathematicians and many others.

[1]  Markus Wenzel,et al.  Eisbach: A Proof Method Language for Isabelle , 2016, Journal of Automated Reasoning.

[2]  Markus Wenzel,et al.  Asynchronous User Interaction and Tool Integration in Isabelle/PIDE , 2014, ITP.

[3]  Wang Yi,et al.  Uppaal in a nutshell , 1997, International Journal on Software Tools for Technology Transfer.

[4]  Lawrence C. Paulson,et al.  The Inductive Approach to Verifying Cryptographic Protocols , 2021, J. Comput. Secur..

[5]  Peter Lammich,et al.  Verified Model Checking of Timed Automata , 2018, TACAS.

[6]  Tobias Nipkow,et al.  Higher-Order Unification, Polymorphism, and Subsorts (Extended Abstract) , 1990, CTRS.

[7]  Tobias Nipkow,et al.  Order-sorted polymorphism in Isabelle , 1993 .

[8]  Tobias Nipkow,et al.  Code Generation via Higher-Order Rewrite Systems , 2010, FLOPS.

[9]  Joseph A. Goguen,et al.  Some design principles and theory for OBJ-O, a language to express and execute algebraic specification for programs , 1978, Mathematical Studies of Information Processing.

[10]  Lawrence C. Paulson,et al.  The foundation of a generic theorem prover , 1989, Journal of Automated Reasoning.

[11]  Tobias Nipkow,et al.  Random testing in Isabelle/HOL , 2004, Proceedings of the Second International Conference on Software Engineering and Formal Methods, 2004. SEFM 2004..

[12]  Lawrence Charles Paulson The Relative Consistency of the Axiom of Choice Mechanized Using Isabelle⁄zf , 2021, 2104.12674.

[13]  Gerard J. Holzmann,et al.  The Model Checker SPIN , 1997, IEEE Trans. Software Eng..

[14]  Alan Bundy,et al.  Constructing Induction Rules for Deductive Synthesis Proofs , 2006, CLASE.

[15]  Florian Kammüller,et al.  Locales - A Sectioning Concept for Isabelle , 1999, TPHOLs.

[16]  Markus Wenzel,et al.  Type Classes and Overloading in Higher-Order Logic , 1997, TPHOLs.

[17]  Lawrence C. Paulson,et al.  Deciding Univariate Polynomial Problems Using Untrusted Certificates in Isabelle/HOL , 2017, Journal of Automated Reasoning.

[18]  William F. Clocksin,et al.  Programming in Prolog , 1987, Springer Berlin Heidelberg.

[19]  J. A. Robinson,et al.  A Machine-Oriented Logic Based on the Resolution Principle , 1965, JACM.

[20]  Tobias Nipkow,et al.  Executing Higher Order Logic , 2000, TYPES.

[21]  Clemens Ballarin Locales: A Module System for Mathematical Theories , 2013, Journal of Automated Reasoning.

[22]  Lukas Bulwahn,et al.  The New Quickcheck for Isabelle - Random, Exhaustive and Symbolic Testing under One Roof , 2012, CPP.

[23]  Saumya K. Debray,et al.  Automatic Mode Inference for Logic Programs , 1988, J. Log. Program..

[24]  Clemens Ballarin,et al.  Interpretation of Locales in Isabelle: Theories and Proof Contexts , 2006, MKM.

[25]  Furio Honsell,et al.  A framework for defining logics , 1993, JACM.

[26]  Sara Kalvala HOL Around The World , 1991, 1991., International Workshop on the HOL Theorem Proving System and Its Applications.

[27]  Adam Naumowicz,et al.  The Role of the Mizar Mathematical Library for Interactive Proof Development in Mizar , 2017, Journal of Automated Reasoning.

[28]  Michael Norrish,et al.  A Brief Overview of HOL4 , 2008, TPHOLs.

[29]  Sarfraz Khurshid,et al.  Pythia : Automatic Generation of Counterexamples for ACL 2 using Alloy , 2007 .

[30]  Markus Wenzel Isabelle as Document-Oriented Proof Assistant , 2011, Calculemus/MKM.

[31]  Dale Miller,et al.  A Logic Programming Language with Lambda-Abstraction, Function Variables, and Simple Unification , 1991, J. Log. Comput..

[32]  Makarius Wenzel,et al.  Interaction with Formal Mathematical Documents in Isabelle/PIDE , 2019, CICM.

[33]  Markus Wenzel,et al.  Efficient parallel programming in Poly/ML and Isabelle/ML , 2010, DAMP '10.

[34]  Julian Nagele,et al.  Certification of Classical Confluence Results for Left-Linear Term Rewrite Systems , 2016, ITP.

[35]  Benjamin C. Pierce,et al.  Foundational Property-Based Testing , 2015, ITP.

[36]  Assia Mahboubi,et al.  An introduction to small scale reflection in Coq , 2010, J. Formaliz. Reason..

[37]  허윤정,et al.  Holzmann의 ˝The Model Checker SPIN˝에 대하여 , 1998 .

[38]  Jasmin Christian Blanchette,et al.  Automatic proofs and refutations for higher-order logic , 2012 .

[39]  Daniel Jackson,et al.  Software Abstractions - Logic, Language, and Analysis , 2006 .

[40]  Lukas Bulwahn,et al.  Counterexample generation for higher-order logic using functional and logic programming , 2012 .

[41]  Tobias Nipkow,et al.  Concrete Semantics: With Isabelle/HOL , 2014 .

[42]  M. J. C. Gordon Tactics for mechanized reasoning: a commentary on Milner (1984) ‘The use of machines to assist in rigorous proof’ , 2015, Philosophical Transactions of the Royal Society A: Mathematical, Physical and Engineering Sciences.

[43]  Peter Lammich Efficient Verified (UN)SAT Certificate Checking , 2017, CADE.

[44]  Lawrence C. Paulson,et al.  Isabelle’s Object-Logics , 2011 .

[45]  Markus Wenzel,et al.  READ-EVAL-PRINT in Parallel and Asynchronous Proof-checking , 2013, UITP.

[46]  Tobias Nipkow,et al.  Isabelle-91 , 1992, CADE.

[47]  Colin Runciman,et al.  Smallcheck and lazy smallcheck: automatic exhaustive testing for small values , 2008, Haskell '08.

[48]  Tobias Nipkow,et al.  Nitpick: A Counterexample Generator for Higher-Order Logic Based on a Relational Model Finder , 2010, ITP.

[49]  Tobias Nipkow,et al.  Isabelle/HOL , 2002, Lecture Notes in Computer Science.

[50]  Peter Lammich,et al.  Refinement to Imperative HOL , 2015, Journal of Automated Reasoning.

[51]  Peter Lammich,et al.  Automatic Data Refinement , 2013, ITP.

[52]  Freek Wiedijk,et al.  Mizar Light for HOL Light , 2001, TPHOLs.

[53]  Michael J. O'Donnell,et al.  Computing in systems described by equations , 1977, Lecture Notes in Computer Science.

[54]  Peter Lammich,et al.  Refinement based verification of imperative data structures , 2016, CPP.

[55]  Jasmin Christian Blanchette Relational analysis of (co)inductive predicates, (co)algebraic datatypes, and (co)recursive functions , 2011, Software Quality Journal.

[56]  Krzysztof Grabczewski,et al.  Mechanizing Set Theory: Cardinal Arithmetic and the Axiom of Choice , 2001, ArXiv.

[57]  Greg Nelson,et al.  Fast Decision Procedures Based on Congruence Closure , 1980, JACM.

[58]  P. Martin-Löf Constructive mathematics and computer programming , 1984 .

[59]  Christoph Weidenbach,et al.  Combining Superposition, Sorts and Splitting , 2001, Handbook of Automated Reasoning.

[60]  Tobias Nipkow,et al.  A Fully Verified Executable LTL Model Checker , 2013, CAV.

[61]  Lawrence C. Paulson,et al.  Extending Sledgehammer with SMT Solvers , 2011, Journal of Automated Reasoning.

[62]  Xavier Leroy,et al.  A Formally Verified Compiler Back-end , 2009, Journal of Automated Reasoning.

[63]  Jürgen Giesl,et al.  Analyzing Program Termination and Complexity Automatically with AProVE , 2016, Journal of Automated Reasoning.

[64]  Pierre Castéran,et al.  Interactive Theorem Proving and Program Development , 2004, Texts in Theoretical Computer Science An EATCS Series.

[65]  Tobias Nipkow,et al.  Type checking type classes , 1993, POPL '93.

[66]  Peter Dybjer,et al.  Combining Testing and Proving in Dependent Type Theory , 2003, TPHOLs.

[67]  Florian Haftmann,et al.  Code generation from specifications in higher-order logic , 2009 .

[68]  Lawrence C. Paulson,et al.  Natural Deduction as Higher-Order Resolution , 1986, J. Log. Program..

[69]  Lawrence C. Paulson,et al.  A Generic Tableau Prover and its Integration with Isabelle , 1999, J. Univers. Comput. Sci..

[70]  Sreeranga P. Rajan Executing HOL Specifications: Towards an Evaluation Semantics for Classical Higher Order Logic , 1992, TPHOLs.

[71]  Rob Sumners Checking ACL2 theorems via SAT checking , 2002 .

[72]  Random Testing in PVS , 2006 .

[73]  Emina Torlak,et al.  Kodkod: A Relational Model Finder , 2007, TACAS.

[74]  Lawrence C. Paulson,et al.  The Relative Consistency of the Axiom of Choice - Mechanized Using Isabelle/ZF , 2008, CiE.

[75]  Adam Naumowicz,et al.  Four Decades of Mizar , 2015, Journal of Automated Reasoning.

[76]  Lawrence Charles Paulson,et al.  Isabelle/HOL: A Proof Assistant for Higher-Order Logic , 2002 .

[77]  R. Petit A Tutorial Introduction , 1980 .

[78]  Robert S. Boyer,et al.  Computational Logic , 1990, ESPRIT Basic Research Series.

[79]  Stephan Schulz,et al.  System Description: E 0.81 , 2004, IJCAR.

[80]  C PaulsonLawrence The inductive approach to verifying cryptographic protocols , 1998 .

[81]  Jon Barwise,et al.  An Introduction to First-Order Logic , 1977 .

[82]  Peter Lammich,et al.  Applying Data Refinement for Monadic Programs to Hopcroft's Algorithm , 2012, ITP.

[83]  Michael Hanus,et al.  Functional logic programming , 2010, CACM.

[84]  Manuel Eberl,et al.  A Decision Procedure for Univariate Real Polynomials in Isabelle/HOL , 2015, CPP.

[85]  N. Shankar Little Engines of Proof , 2002, FME.

[86]  Gérard P. Huet,et al.  A Unification Algorithm for Typed lambda-Calculus , 1975, Theor. Comput. Sci..

[87]  Tjark Weber,et al.  Bounded Model Generation for Isabelle/HOL , 2005, D/PDPAR@IJCAR.

[88]  Lawrence C. Paulson Organizing Numerical Theories Using Axiomatic Type Classes , 2004, Journal of Automated Reasoning.

[89]  Markus Wenzel,et al.  Constructive Type Classes in Isabelle , 2006, TYPES.

[90]  Rob Arthan On Definitions of Constants and Types in HOL , 2016, Journal of Automated Reasoning.

[91]  Tobias Nipkow,et al.  A Verified Compiler from Isabelle/HOL to CakeML , 2018, ESOP.

[92]  Alastair R. Beresford,et al.  Verifying strong eventual consistency in distributed systems , 2017, Proc. ACM Program. Lang..

[93]  René Thiemann,et al.  Certification of Termination Proofs Using CeTA , 2009, TPHOLs.

[94]  Markus Wenzel,et al.  Local Theory Specifications in Isabelle/Isar , 2009, TYPES.

[95]  Tobias Nipkow,et al.  Data Refinement in Isabelle/HOL , 2013, ITP.

[96]  R. Milner,et al.  The use of machines to assist in rigorous proof , 1984, Philosophical Transactions of the Royal Society of London. Series A, Mathematical and Physical Sciences.

[97]  Lawrence C. Paulson,et al.  Automation for interactive proof: First prototype , 2006, Inf. Comput..

[98]  Jose Divasón,et al.  A Verified Implementation of the Berlekamp–Zassenhaus Factorization Algorithm , 2019, Journal of Automated Reasoning.

[99]  Jeremy Avigad,et al.  The Lean Theorem Prover (System Description) , 2015, CADE.

[100]  Andrei Voronkov,et al.  The design and implementation of VAMPIRE , 2002, AI Commun..

[101]  Michael Norrish,et al.  seL4: formal verification of an operating-system kernel , 2010, Commun. ACM.

[102]  Nikolaj Bjørner,et al.  Z3: An Efficient SMT Solver , 2008, TACAS.

[103]  Tjark Weber,et al.  SAT-based finite model generation for higher-order logic , 2008 .

[104]  Matt Kaufmann,et al.  Industrial hardware and software verification with ACL2 , 2017, Philosophical Transactions of the Royal Society A: Mathematical, Physical and Engineering Sciences.

[105]  Tobias Nipkow,et al.  Higher-order critical pairs , 1991, [1991] Proceedings Sixth Annual IEEE Symposium on Logic in Computer Science.

[106]  Christoph M. Hoffmann,et al.  Programming with Equations , 1982, TOPL.

[107]  Lawrence C. Paulson,et al.  Mechanizing set theory , 1996, Journal of Automated Reasoning.

[108]  David Aspinall,et al.  Proof General: A Generic Tool for Proof Development , 2000, TACAS.

[109]  Peter Lammich,et al.  Formalizing Network Flow Algorithms: A Refinement Approach in Isabelle/HOL , 2019, Journal of Automated Reasoning.

[110]  Michael J. C. Gordon,et al.  From LCF to HOL: a short history , 2000, Proof, Language, and Interaction.

[111]  Tobias Nipkow,et al.  Concrete Semantics , 2014, Springer International Publishing.

[112]  Michael J. C. Gordon,et al.  Edinburgh LCF: A mechanised logic of computation , 1979 .

[113]  Steven Obua,et al.  Checking Conservativity of Overloaded Definitions in Higher-Order Logic , 2006, RTA.

[114]  K. Claessen,et al.  QuickCheck: a lightweight tool for random testing of Haskell programs , 2000, ICFP '00.

[115]  Stefan Berghofer,et al.  Turning Inductive into Equational Specifications , 2009, TPHOLs.

[116]  Tobias Nipkow,et al.  Functional unification of higher-order patterns , 1993, [1993] Proceedings Eighth Annual IEEE Symposium on Logic in Computer Science.

[117]  Andrei Popescu,et al.  Safety and conservativity of definitions in HOL and Isabelle/HOL , 2017, Proc. ACM Program. Lang..

[118]  T. Nipkom Functional unification of higher-order patterns , 1993, LICS 1993.

[119]  John Harrison,et al.  HOL Light: A Tutorial Introduction , 1996, FMCAD.

[120]  M. Gordon,et al.  Introduction to HOL: a theorem proving environment for higher order logic , 1993 .

[121]  Tobias Nipkow,et al.  Automatic Proof and Disproof in Isabelle/HOL , 2011, FroCoS.

[122]  Robin Milner,et al.  Edinburgh LCF , 1979, Lecture Notes in Computer Science.

[123]  Yves Bertot,et al.  Interactive Theorem Proving and Program Development: Coq'Art The Calculus of Inductive Constructions , 2010 .

[124]  Stephen F. Siegel What's Wrong with On-the-Fly Partial Order Reduction , 2019, CAV.

[125]  Andrei Popescu,et al.  A Consistent Foundation for Isabelle/HOL , 2015, Journal of Automated Reasoning.

[126]  José Meseguer,et al.  Principles of OBJ2 , 1985, POPL.

[127]  Andreas Lochbihler,et al.  Animating the Formalised Semantics of a Java-Like Language , 2011, ITP.

[128]  Tobias Nipkow,et al.  A FORMAL PROOF OF THE KEPLER CONJECTURE , 2015, Forum of Mathematics, Pi.

[129]  Lukas Bulwahn,et al.  Smart Testing of Functional Programs in Isabelle , 2012, LPAR.

[130]  Ross A. Overbeek An implementation of hyper-resolution , 1975 .

[131]  Markus Wenzel Shared-Memory Multiprocessing for Interactive Theorem Proving , 2013, ITP.

[132]  Ramana Kumar,et al.  CakeML: a verified implementation of ML , 2014, POPL.

[133]  Chris Mellish,et al.  Programming in Prolog (2nd ed.) , 1984 .

[134]  Doron A. Peled,et al.  Combining partial order reductions with on-the-fly model-checking , 1994, Formal Methods Syst. Des..

[135]  Tobias Nipkow,et al.  Type Classes and Overloading Resolution via Order-Sorted Unification , 1991, FPCA.

[136]  Jose Divasón,et al.  Efficient certification of complexity proofs: formalizing the Perron–Frobenius theorem (invited talk paper) , 2018, CPP.

[137]  Panagiotis Manolios,et al.  Integrating Testing and Interactive Theorem Proving , 2011, ACL2.

[138]  Lawrence C. Paulson,et al.  Source-Level Proof Reconstruction for Interactive Theorem Proving , 2007, TPHOLs.

[139]  Michael J. C. Gordon,et al.  Why higher-order logic is a good formalism for specifying and verifying hardware , 1985 .

[140]  Peter Lammich,et al.  Verified Efficient Implementation of Gabow's Strongly Connected Component Algorithm , 2014, ITP.

[141]  Lawrence C. Paulson,et al.  Computational logic: its origins and applications , 2017, Proceedings of the Royal Society A: Mathematical, Physical and Engineering Sciences.

[142]  Marieke Huisman,et al.  A Comparison of PVS and Isabelle/HOL , 1998, TPHOLs.

[143]  Makarius Wenzel Isabelle/Isar — a Generic Framework for Human-Readable Proof Documents , 2007 .

[144]  Peter Lammich,et al.  Formal Verification of an Executable LTL Model Checker with Partial Order Reduction , 2016, Journal of Automated Reasoning.

[145]  Lawrence C. Paulson,et al.  Isabelle: The Next 700 Theorem Provers , 2000, ArXiv.

[146]  Johannes Hölzl,et al.  Type Classes and Filters for Mathematical Analysis in Isabelle/HOL , 2013, ITP.