简体繁体 English

Isabelle / HOL中验证者的核心

[英]Core of Verifier in Isabelle/HOL

原文 2013-02-05 09:24:15 7 2 proof/ isabelle

Question 题

What is the core algorithm of the Isabelle/HOL verifier? Isabelle / HOL验证器的核心算法是什么？

I'm looking for something on the level of a scheme metacircular evaluator. 我正在寻找一个计划水平评估员的水平。

Clarification 澄清

I'm only interested in the Verifier , not the strategies for automated theorem proving. 我只对Verifier感兴趣，而不是自动定理证明的策略。

Context 上下文

I want to implement a simple proof verifier from scratch (purely for education reasons, not for production use.) 我想从头开始实现一个简单的验证验证器（纯粹出于教育原因，而不是用于生产用途。）

I want to understand the core Verifier algorithm of Isabelle/HOL. 我想了解Isabelle / HOL的核心Verifier算法。 I don't care about the strategies / code used for automated theorem proving. 我不关心用于自动定理证明的策略/代码。

I have a suspicion that the core Verifier algorithm is very simple (and elegant). 我怀疑核心Verifier算法非常简单（而且优雅）。 However, I can't find it. 但是，我找不到它。

Thanks! 谢谢！

2 个解决方案

Isabelle is a member of the "LCF family" of proof checkers, which means you have a special module --- the inference kernel -- where all inferences are run through to produce values of the abstract datatype thm . Isabelle是证明检查器的“LCF家族”的成员，这意味着你有一个特殊的模块---推理内核 - 所有的推论都通过它来生成抽象数据类型的值thm 。 This is a bit like an operating system kernel processing system calls. 这有点像操作系统内核处理系统调用。 Everything you can produce this way is "correct by construction" relative to the correctness of the kernel implementation. 相对于内核实现的正确性，您可以通过这种方式生成的所有内容都是“正确的构造”。 Since the programming language environment of the prover (Standard ML) has very strong static type-correctness properties, the correctness-by-construction of the inference kernel carries over to the rest of the proof assistant implementation, which can be quite huge. 由于证明器（标准ML）的编程语言环境具有非常强的静态类型正确性属性，因此推理内核的构造的正确性延续到证明助理实现的其余部分，这可能是非常大的。

So in principle you have a relatively small "trusted kernel" part and a really big "application user-space". 所以原则上你有一个相对较小的“可信内核”部分和一个非常大的“应用程序用户空间”。 In particular, most of Isabelle/HOL is actually a big collection of library theories and add-on tools (mostly in SML) in Isabelle user-land. 特别是，大多数Isabelle / HOL实际上是Isabelle用户界中的大量图书馆理论和附加工具（主要是SML）。

In Isabelle, the kernel infrastructure is quite complex, but still very small compared to the rest of the system. 在Isabelle中，内核基础结构非常复杂，但与系统的其他部分相比仍然非常小。 The kernel is in fact layered into a "micro kernel" ( the Thm module ) and a "nano kernel" ( the Context module ). 事实上，内核分为“微内核”（ Thm模块）和“纳米内核”（ Context模块）。 Thm produces thm values in the sense of Milner's LCF-approach, and Context takes care of theory certficates for any results you produce, as well as proof contexts for local reasoning (notably in the Isar proof language). Thm产生thm在米尔纳的LCF-方法的感测值，以及Context需要照顾的theory certficates对您产生任何结果，以及证明对上下文推理的地方（特别是在伊萨尔证明语言）。

If you want to learn more about LCF-style provers, I recommend looking also at HOL-Light which is probably the smallest realistic system of the LCF-family, realistic in the sense that people have done big applications with it. 如果你想了解更多关于LCF风格的证据，我建议你再看一下HOL-Light ，这可能是LCF系列中最小的现实系统，从某种意义上说，人们已经用它做了大量应用。 HOL-Light has the big advantage that its implementation can be easily understood, but this minimalism also has some disdavantages: it does not fully protect the user from doing non-sense in its ML environment, which is OCaml instead of SML. HOL-Light具有很大的优势，它的实现可以很容易理解，但这种极简主义也有一些不利之处：它不能完全保护用户在其ML环境中无意义，这是OCaml而不是SML。 For various technical reasons, OCaml is not as "safe" by default as Standard ML. 由于各种技术原因，OCaml默认情况下不像标准ML那样“安全”。