Mechanical Theorem Mechanical Theorem Proving____Proving____The Intellectual Excitement of Computer The Intellectual Excitement of Computer

ScienceScience

Group MembersElita Cheung

Lily Irani

Paul Tenney

IntroductionIntroduction

Mechanical theorem proving is an important subject in artificial intelligence

Even though Turing showed that there is no general decision procedure to check the validity of formulas of the first-order logic, there are proof procedures which can verify that a formula is valid if indeed it is valid...

Our Research Journey Our Research Journey

• Journals about automated theorem Journals about automated theorem provingproving

• Difficult and technical material Difficult and technical material required background we lackedrequired background we lacked

• Talked with professors, read about Talked with professors, read about basic logicbasic logic

Overview of Automated Overview of Automated Theorem ProvingTheorem Proving

• Philosophical issues regarding a Philosophical issues regarding a mechanical theorem provermechanical theorem prover

• Theory and history of the field -- Theory and history of the field -- lesson in logiclesson in logic

• Applications of automated theorem Applications of automated theorem proversprovers

Quick History and TheoryQuick History and Theory• Principles of Automated Theorem Proving Principles of Automated Theorem Proving

heavily based on symbolic logicheavily based on symbolic logic

• Learning the basic vocabulary and concepts Learning the basic vocabulary and concepts was essential to understanding those was essential to understanding those principlesprinciples

• The history of this field can be easier The history of this field can be easier understood along with theoriesunderstood along with theories

• Quick lesson in symbolic logic Quick lesson in symbolic logic

Different sorts of logic...Different sorts of logic...

Higher OrderHigher Order

First OrderFirst Order

PropositionalPropositional

More

Exp

ress

ive

More

inte

ractiv

e

Propositional LogicPropositional Logic

• A proposition is a declarative sentence that is either true or false (it cannot be both).

• Examples of propositions: ”Stuff at Stanford Shopping Mall is expensive", ”Elita is a bargain hunter", ”Elita is shop-aholic at Stanford mall".

Propositional LogicPropositional Logic• B Stuff at Stanford Shopping Mall is expensive

C Elita is a bargain hunter D Elita is a shop-aholic at Stanford Mall

• Symbols, such as B, C, D, that are used to denote propositions are called atoms

Not Or And If… then If and only if

Simple symbols...

Propositional LogicPropositional Logic

• Example: The sentence "If stuff at Stanford Shopping mall is expensive and Elita is a bargain hunter, then Elita is not a shop-aholic at Stanford Mall" can be represented by

(( B C) (D))

• As we see, this compound proposition can represent a complicated idea that we deal with in everyday life.

Propositional LogicPropositional Logic

• Truth Table

G H G (G H) (G H) (G H) (GH)

T T F T T T T

T F F F T F F

F T T F T T F

F F T F F T T

Propositional LogicPropositional Logic• The assignment of truth values {T,F} to {G, H} is

one of four interpretations of formula F (G H)

• Equivalent formulas

• Example: Suppose that bike accidents increase if there are more freshmen on campus. Also, suppose that students will start building their own impact airbags for their bikes when bike accidents increase. Assume that there are more freshmen on campus. Show that you can conclude that students will starting building their own airbags.

Propositional Logic Propositional Logic Example...Example...The four following statements correspond to

this example:

1. If there are more freshmen on campus, the bike accidents increase2. If bike accidents increase, students start building bike airbags3. More freshmen on campus4. Students will start building bike airbags

First Order LogicFirst Order Logic

• First order logic is a more expressive logic than propositional logic. For example, propositional logic cannot denote the following:

P: Every man is mortalQ: Confucius is a manR: Confucius is mortal

First Order LogicFirst Order Logic

• First order logic has three more logical notions than propositional logic

• terms, predicates, and quantifiers

• Most of mathematical and everyday language can be symbolized by the first-order logic.

First Order Logic - New First Order Logic - New TermsTerms

• Predicate

• Quantifier

• Interpretation -- different from propositional • "An interpretation of a formula F in the first-order logic consists of a nonempty

domain D, and an assignment of 'values' to each constant, function symbol, and predicate symbol occurring in F as follows:

– To each constant, we assign an element in D. – To each n-place function symbol, we assign a mapping from

D^n to D. – To each n-place predicate symbol, we assign a mapping from

D^n to {T, F}."

First Order Logic - New First Order Logic - New TermsTerms

• Satisfiable- A formula P is satisfiable (consistent) if and only if there exists an interpretation I such that P has a truth value of True in I.

• Unsatisfiable

Herbrand’s theorem… and Herbrand’s theorem… and a little historya little history

• Leibniz (1646-1716) tried to prove Leibniz (1646-1716) tried to prove validity of formulavalidity of formula

• Turing and Church (1936)Turing and Church (1936)

• Herbrand’s contributionHerbrand’s contribution

• Robinson’s ResolutionRobinson’s Resolution

ResolutionResolution

• Herbrand’s procedure’s problem: Herbrand’s procedure’s problem: amount of time needed to amount of time needed to implement increase exponentially implement increase exponentially (too many interpretations to (too many interpretations to generate!)generate!)

• Resolution decreases the number of Resolution decreases the number of interpretationsinterpretations

ResolutionResolution• The basic idea of the resolution principle is to

check rather any set S of clauses contains the empty clause . If S contains , then S is unsatisfiable. If S does not contain , then check to see if can be derived from S. If it can, then it is also unsatisfiable.

• Example in propositional logic

• Example in first order logic

Propositional ResolutionPropositional Resolution• For propositional logic, the principle can

be roughly described as the following: combine the literal that are complementary to each other so that they cancel out (e.g. P and ~P are complementary).

• Example in propositional logic

First Order ResolutionFirst Order Resolution• substitution and unification

• Example in first order logic

First Order ResolutionFirst Order Resolution• S = {T(x,y,u,v) v P(x,y,u,v), P(x,y,u,v) v E(x,y,v,u,v,y),

T(a,b,c,d), E(a,b,d,c,d,b)}

1. T(x,y,u,v) v P(x,y,u,v)

2. P(x,y,u,v) v E(x,y,v,u,v,y)

3. T(a,b,c,d)

4. E(a,b,d,c,d,b)

5. ~P(a,b,c,d)

6.~T(a,b,c,d)

7. a resolvent of 2 and 4

a resolvent of a and 5

a resolvent of 3 and 6

Applied TheoryApplied Theory

• First order specificationsFirst order specifications

• Boyer and Moore’s InductionBoyer and Moore’s Induction

Intel Pentium Chip Intel Pentium Chip Specification - IEEE level Specification - IEEE level 7474

• ““when rounding towards negative when rounding towards negative infinity, the result shall be the infinity, the result shall be the format’s value ... closest to and no format’s value ... closest to and no greater than the infinitely precise greater than the infinitely precise result”result”

InformalInformal

round(toNegInf, R, V) = round(toNegInf, R, V) =

(R <= V) ^ (V < R + ulp(R <= V) ^ (V < R + ulp++))

R = result, V = value to be rounded, R = result, V = value to be rounded,

ulpulp+ + = smallest representable increment= smallest representable increment

Formal (First Order)Formal (First Order)

Intel Pentium Chip Intel Pentium Chip Specification - IEEE level Specification - IEEE level 7474

Induction Induction AlgorithmAlgorithm

ApplicationsApplications

• Mathematical proof checkingMathematical proof checking

• The QED ProjectThe QED Project

• Computer chip verificationsComputer chip verifications

• Software verificationSoftware verification

Mathematical Proof Mathematical Proof CheckingChecking

• Automated Automated theorem provers theorem provers do not do not “automate” math“automate” math

• ““Debugs” proofsDebugs” proofs

• Hard to use many Hard to use many proof checkersproof checkers

The QED ProjectThe QED Project• Effort of scientists from many Effort of scientists from many

laboratories and institutionslaboratories and institutions

“The development of mathematics towards a greater appreciation has

led... to the formalization of large tracts of it, so that one can prove any theorem using nothing

but a few mechanical rules.”

-K.Gödel

• Will represent Will represent mathematical mathematical knowledge, knowledge, techniquetechnique

• Based on a few Based on a few pages of mathpages of math

• Still in early stagesStill in early stages

The QED Project- Hoped The QED Project- Hoped BenefitsBenefits

• Reduce mathematical “noise pollution.”Reduce mathematical “noise pollution.”

• Speed publication of papers by taking Speed publication of papers by taking focus off of proof checking. Referees focus off of proof checking. Referees can focus on relevance.can focus on relevance.

• Cultural monument to mathematics.Cultural monument to mathematics.

Chip VerificationChip Verification

• Formal vs. Formal vs. testbenchtestbench

• Comparison Comparison verificationverification

• NP-CompleteNP-Complete

• IBM, Intel, AMD IBM, Intel, AMD successessuccesses

Software VerificationSoftware Verification

• Hardware is more economically viableHardware is more economically viable

• More design effort put into softwareMore design effort put into software

• => Software verification is viable=> Software verification is viable

• Especially useful for critical Especially useful for critical applications: safety, e-commerce, applications: safety, e-commerce, militarymilitary

Software Verification Software Verification ParadoxParadox

• What will verify the What will verify the verification program?verification program?

• Pragmatism does not Pragmatism does not demand ideal accuracydemand ideal accuracy

• Significant improvement Significant improvement enoughenough

More InformationMore Information

Our website:Our website:

• demonstrations of demonstrations of theorem proving theorem proving tools onlinetools online

• additional researchadditional research

CreditsCredits

Thank you to Professor David Dill for Thank you to Professor David Dill for information and support through e-information and support through e-mail and in person. mail and in person.