Computational Logic

Misyurov D.A. Dialectical formulas based on the binary notation as the development formulas // Credo New. 2012. №2

by Dmitry Misyurov

The article suggests dialectical formulas based on the binary notation as the development formulas: formula with... more The article suggests dialectical formulas based on the binary notation as the development formulas: formula with dominant and the non-dominant elements; universal formula; formula with symbolic weight of elements; tautological formula. For example, it suggests an opportunity to use the dialectical formulas for modeling and artificial intelligence creation, etc.

Traduzione di un linguaggio per l'ingegneria dei requisiti orientato agli agenti in logica computazionale

by Domenico Corapi

Possibilistic semantics for logic programs with ordered disjunction

by Roberto Confalonieri

Isabelle: the next 700 theorem provers

by Lawrence Paulson

In: P. Odifreddi (editor), Logic and Computer Science (Academic Press, 1990), 361–386.

The theorem prover Isabelle is described briefly and informally. Its historical development is traced from Edinburgh... more The theorem prover Isabelle is described briefly and informally. Its historical development is traced from Edinburgh LCF to the present day. The main issues are unification, quantifiers, and the representation of inference rules. The Edinburgh Logical Framework is also described, for a comparison with Isabelle. An appendix presents several Isabelle logics, including set theory and Constructive Type Theory, with examples of theorems.

Designing a theorem prover

by Lawrence Paulson

In: S. Abramsky, D. M. Gabbay and T. S. E. Maibaum (editors), Handbook of Logic in Computer Science, Vol II (Oxford, 1992), 415–475.

This tutorial illustrates some of the issues involved in coding a theorem prover by presenting the design of a simple... more This tutorial illustrates some of the issues involved in coding a theorem prover by presenting the design of a simple automatic prover for first-order logic. The source code is written in standard ML. A first-order logical calculus is also presented and explained.

A fixedpoint approach to implementing (Co)inductive definitions

by Lawrence Paulson

A. Bundy (editor), AUTOMATED DEDUCTION — CADE-12
Lecture Notes in Computer Science, 1994, Volume 814/1994, 148-161, DOI: 10.1007/3-540-58156-1_11

This paper presents a fixedpoint approach to inductive definitions. Instead of using a syntactic test such as strictly... more This paper presents a fixedpoint approach to inductive definitions. Instead of using a syntactic test such as strictly positive, the approach lets definitions involve any operators that have been proved monotone. It is conceptually simple, which has allowed the easy implementation of mutual recursion and other conveniences. It also handles coinductive definitions: simply replace the least fixedpoint by a greatest fixedpoint. This represents the first automated support for coinductive definitions.

The method has been implemented in Isabelle's formalization of ZF set theory. It should be applicable to any logic in which the Knaster-Tarski Theorem can be proved. Examples include lists of n elements, the accessible part of a relation and the set of primitive recursive functions. One example of a coinductive definition is bisimulations for lazy lists.

Information. Causation and Computation

by John Collier

In Information and Computation: Essays on Scientific and Philosophical Understanding of Foundations of Information and Computation, Ed by Gordana Dodig Crnkovic and Mark Burgin, (2011, Singapore: World Scientific)

Causation can be understood as a computational process once we understand causation in informational terms. I argue... more Causation can be understood as a computational process once we understand causation in informational terms. I argue that if we see processes as information channels, then causal processes are most readily interpreted as the transfer of information from one state to another. This directly implies that the later state is a computation from the earlier state, given causal laws, which can also be interpreted computationally. This approach unifies the ideas of causation and computation.

Set Theory for Verification: I. From Foundations to Functions

by Lawrence Paulson

JOURNAL OF AUTOMATED REASONING
Volume 11, Number 3, 353-389, DOI: 10.1007/BF00881873

A logic for specification and verification is derived from the axioms of Zermelo-Fraenkel set theory. The proofs are... more A logic for specification and verification is derived from the axioms of Zermelo-Fraenkel set theory. The proofs are performed using the proof assistant Isabelle. Isabelle is generic, supporting several different logics. Isabelle has the flexibility to adapt to variants of set theory. Its higher-order syntax supports the definition of new binding operators. Unknowns in subgoals can be instantiated incrementally. The paper describes the derivation of rules for descriptions, relations, and functions and discusses interactive proofs of Cantor''s Theorem, the Composition of Homomorphisms challenge [9], and Ramsey''s Theorem [5]. A generic proof assistant can stand up against provers dedicated to particular logics.

Set Theory for Verification: II. Induction and Recursion

by Lawrence Paulson

JOURNAL OF AUTOMATED REASONING
Volume 15, Number 2, 167-215, DOI: 10.1007/BF00881916

A theory of recursive definitions has been mechanized in Isabelle''s Zermelo-Fraenkel (ZF) set theory. The objective... more A theory of recursive definitions has been mechanized in Isabelle''s Zermelo-Fraenkel (ZF) set theory. The objective is to support the formalization of particular recursive definitions for use in verification, semantics proofs, and other computational reasoning.

Inductively defined sets are expressed as least fixedpoints, applying the Knaster-Tarski theorem over a suitable set.Recursive functions are defined by well-founded recursion and its derivatives, such as transfinite recursion.Recursive data structures are expressed by applying the Knaster-Tarski theorem to a set, such asV , that is closed under Cartesian product and disjoint sum.

Worked examples include the transitive closure of a relation, lists, variable-branching trees, and mutually recursive trees and forests. The Schröder-Bernstein theorem and the soundness of propositional logic are proved in Isabelle sessions.

Mechanizing Set Theory: Cardinal Arithmetic and the Axiom of Choice

by Lawrence Paulson

Paulson, Lawrence C. and Grcabczewski, Krzysztof (1996) Mechanizing Set Theory: Cardinal Arithmetic and the Axiom of Choice. Journal of Automated Reasoning, 17 (3). pp. 291-323.

Fairly deep results of Zermelo-Fraenkel (ZF) set theory have been mechanized using the proof assistant Isabelle. The... more Fairly deep results of Zermelo-Fraenkel (ZF) set theory have been mechanized using the proof assistant Isabelle. The results concern cardinal arithmetic and the Axiom of Choice (AC). A key result about cardinal multiplication is K*K=K, where K is any infinite cardinal. Proving this result required developing theories of orders, order-isomorphisms, order types, ordinal arithmetic, cardinals, etc.; this covers most of Kunen, Set Theory, Chapter I. Furthermore, we have proved the equivalence of 7 formulations of the Well-ordering Theorem and 20 formulations of AC; this covers the first two chapters of Rubin and Rubin, Equivalents of the Axiom of Choice, and involves highly technical material. The definitions used in the proofs are largely faithful in style to the original mathematics.

Mechanizing Coinduction and Corecursion in Higher-order Logic

by Lawrence Paulson

J Logic Computation (1997) 7 (2): 175-204.
doi: 10.1093/logcom/7.2.175

A theory of recursive and corecursive definitions has been developed in higher-order logic (HOL) and mechanized using... more A theory of recursive and corecursive definitions has been developed in higher-order logic (HOL) and mechanized using Isabelle. Least fixedpoints express inductive data types such as strict lists: greatest fixedpoints express coinductive data types, such as lazy lists. Well-founded recursion expresses recursive functions over inductive data types: corecursion expresses functions that yield elements of coinductive data types. The theory rests on a traditional formalization of infinite trees. The theory is intended for use in specification and verification. It supports reasoning about a wide range of computable functions, but it does not formalize their operational semantics and can express noncomputable functions also. The theory is illustrated using finite and infinite lists. Corecursion expresses functions over infinite lists, coinduction reasons about such functions.

Formal Verification of Analog Designs using MetiTarski

by Lawrence Paulson

William Denman, Behzad Akbarpour, Sofiène Tahar, Mohamed H. Zaki and L. C. Paulson.
Formal Verification of Analog Designs using MetiTarski.
In: Armin Biere and Carl Pixley (editors), Formal Methods in Computer Aided Design (2009), 93–100.

MetiTarski, an automatic theorem prover for inequalities on real-valued elementary functions, can be used to verify... more MetiTarski, an automatic theorem prover for inequalities on real-valued elementary functions, can be used to verify properties of analog circuits. First, a closed form solution to the model of the circuit is obtained. Second, the properties of interest are turned into a set of inequalities involving analytic functions, which are proved automatically using MetiTarski. We verify properties concerning oscillation and the change in gain due to component tolerances.

Inductive Analysis of the Internet Protocol TLS

by Lawrence Paulson

ACM Trans. on Information and System Security 2 3 (1999), 332–351.

Internet browsers use security protocols to protect sensitive messages. An inductive analysis of TLS (a descendant of... more Internet browsers use security protocols to protect sensitive messages. An inductive analysis of TLS (a descendant of SSL 3.0) has been performed using the theorem prover Isabelle. Proofs are based on higher-order logic and make no assumptions concerning beliefs or finiteness. All the obvious security goals can be proved; session resumption appears to be secure even if old session keys have been compromised. The proofs suggest minor changes to simplify the analysis.

TLS, even at an abstract level, is much more complicated than most protocols that researchers have verified. Session keys are negotiated rather than distributed, and the protocol has many optional parts. Nevertheless, the resources needed to verify TLS are modest: six man-weeks of effort and three minutes of processor time.

A Generic Tableau Prover and its Integration with Isabelle

by Lawrence Paulson

J. Universal Computer Science 5 3 (1999), 73–87.

A generic tableau prover has been implemented and integrated with Isa- belle (Paulson, 1994). Compared with classical... more A generic tableau prover has been implemented and integrated with Isa- belle (Paulson, 1994). Compared with classical first-order logic provers, it has numerous extensions that allow it to reason with any supplied set of tableau rules. It has a higher- order syntax in order to support user-defined binding operators, such as those of set theory. The unification algorithm is first-order instead of higher-order, but it includes modifications to handle bound variables.

The proof, when found, is returned to Isabelle as a list of tactics. Because Isabelle verifies the proof, the prover can cut corners for efficiency’s sake without compromis- ing soundness. For example, the prover can use type information to guide the search without storing type information in full.

Automation for Interactive Proof: First Prototype

by Lawrence Paulson

Jia Meng, Claire Quigley and L. C. Paulson.
Automation for Interactive Proof: First Prototype. Information and Computation 204 10 (2006), 1575–1596.

Interactive theorem provers require too much effort from their users. We have been developing a system in which... more Interactive theorem provers require too much effort from their users. We have been developing a system in which Isabelle users obtain automatic support from automatic theorem provers (ATPs) such as Vampire and SPASS. An ATP is invoked at suitable points in the interactive session, and any proof found is given to the user in a window displaying an Isar proof script. There are numerous differences between Isabelle (polymorphic higher-order logic with type classes, natural deduction rule format) and classical ATPs (first-order, untyped, and clause form). Many of these differences have been bridged, and a working prototype that uses background processes already provides much of the desired functionality.

Relations Between Secrets: Two Formal Analyses of the Yahalom Protocol

by Lawrence Paulson

J. Computer Security 9 3 (2001), 197–216.

The Yahalom protocol is one of those analyzed by Burrows et al. [5]. Based upon their analysis, they have proposed... more The Yahalom protocol is one of those analyzed by Burrows et al. [5]. Based upon their analysis, they have proposed modifications to make the protocol easier to understand and to analyze. Both versions of Yahalom have now been analyzed using Isabelle/HOL. Modified Yahalom satisfies strong security goals, and the original version is adequate. The mathematical reasoning behind these machine proofs is presented informally. An Appendix gives extracts from a formal proof.

Yahalom presents special difficulties because the compromise of one session key compromises other secrets. The proofs show that the resulting losses are limited. They rely on a new proof technique, which involves reasoning about the relationship between keys and the secrets encrypted by them. This technique is applicable to other difficult protocols, such as Kerberos IV [2].

The new proofs do not rely on a belief logic. They use a fundamentally different formal model: the inductive method. They confirm the BAN analysis and the advantages of the proposed modifications. The new proof methods detect more flaws than BAN and analyze protocols in finer detail, while remaining broadly consistent with the BAN principles. In particular, the proofs confirm the explicitness principle of Abadi and Needham [1]. The proofs also suggest that any realistic model of security must admit that secrets can become compromised over time.

Source-level Proof Reconstruction for Interactive Theorem Proving

by Lawrence Paulson

L. C. Paulson and Kong Woei Susanto.
Source-level Proof Reconstruction for Interactive Theorem Proving. In: Klaus Schneider and Jens Brandt (editors), Theorem Proving in Higher Order Logics (Springer LNCS 4732, 2007), 232–245.

Interactive proof assistants should verify the proofs they receive from automatic theorem provers. Normally this proof... more Interactive proof assistants should verify the proofs they receive from automatic theorem provers. Normally this proof reconstruction takes place internally, forming part of the integration between the two tools. We have implemented source-level proof reconstruction: resolution proofs are automatically translated to Isabelle proof scripts. Each step of a proof is justified by calling Hurd’s Metis prover, which we have ported to Isabelle. A recurrent issue in this project is the treatment of Isabelle’s axiomatic type classes.

Accountability Protocols: Formalized and Verified

by Lawrence Paulson

Giampaolo Bella and L. C. Paulson.
Accountability Protocols: Formalized and Verified. ACM Trans. on Information and System Security 9 2 (2006), 138–161.

Classical security protocols aim to achieve authentication and confidentiality under the assumption that the peers... more Classical security protocols aim to achieve authentication and confidentiality under the assumption that the peers behave honestly. Some recent protocols are required to achieve their goals even if the peer misbehaves. Accountability is a protocol design strategy that may help. It delivers to peers sufficient evidence of each other's participation in the protocol. Accountability underlies the nonrepudiation protocol of Zhou and Gollmann and the certified email protocol of Abadi et al. This paper provides a comparative, formal analysis of the two protocols, and confirms that they reach their goals under realistic conditions. The treatment, which is conducted with mechanized support from the proof assistant Isabelle, requires various extensions to the existing analysis method. A byproduct is an account of the concept of higher-level protocol.

Translating Higher-Order Clauses to First-Order Clauses

by Lawrence Paulson

With Jia Meng.
Translating Higher-Order Clauses to First-Order Clauses. J. Automated Reasoning 40 1 (2008), 35–60.

Interactive provers typically use higher-order logic, while automatic provers typically use first-order logic. In... more Interactive provers typically use higher-order logic, while automatic provers typically use first-order logic. In order to integrate interactive provers with automatic ones, it is necessary to translate higher-order formulae to first-order form. The translation should ideally be both sound and practical. We have investigated several methods of translating function applications, types and λ-abstractions. Omitting some type information improves the success rate, but can be unsound, so the interactive prover must verify the proofs. This paper presents experimental data that compares the translations in respect of their success rates for three automatic provers.

LEO-II — A Cooperative Automatic Theorem Prover for Classical Higher-Order Logic

by Lawrence Paulson

Christoph Benzmüller, L. C. Paulson, Frank Theiss and Arnaud Fietzke.
LEO-II - A Cooperative Automatic Theorem Prover for Classical Higher-Order Logic. In: Alessandro Armando, Peter Baumgartner, Gilles Dowek (editors), Automated Reasoning-4th International Joint Conference, IJCAR 2008 (Springer LNCS 5195, 2008), 162–170.

LEO-II is a standalone, resolution-based higher-order theorem prover designed for effective cooperation with... more LEO-II is a standalone, resolution-based higher-order theorem prover designed for effective cooperation with specialist provers for natural fragments of higher-order logic. At present LEO-II can cooperate with the first-order automated theorem provers E, SPASS, and Vampire. The improved performance of LEO-II, especially in comparison to its predecessor LEO, is due to several novel features including the exploitation of term sharing and term indexing techniques, support for primitive equality reasoning, and improved heuristics at the calculus level. LEO-II is implemented in Objective Caml and its problem representation language is the new TPTP THF language.