tm: Paper.thy@965df91a24bc (annotated)

6 50880fcda34d added paper Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1	(<)
50880fcda34d added paper Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	2	theory Paper
50880fcda34d added paper Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	3	imports UTM
50880fcda34d added paper Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	4	begin
50880fcda34d added paper Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	5
50880fcda34d added paper Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	6	declare [[show_question_marks = false]]
50880fcda34d added paper Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	7	(>)
50880fcda34d added paper Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	8
50880fcda34d added paper Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	9	section {* Introduction *}
50880fcda34d added paper Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	10
50880fcda34d added paper Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	11	text {*
50880fcda34d added paper Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	12
8 c216ae455c90 more on the paper Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 7 diff changeset	13	\noindent
c216ae455c90 more on the paper Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 7 diff changeset	14	We formalised in earlier work the correctness proofs for two
c216ae455c90 more on the paper Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 7 diff changeset	15	algorithms in Isabelle/HOL---one about type-checking in
c216ae455c90 more on the paper Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 7 diff changeset	16	LF~\cite{UrbanCheneyBerghofer11} and another about deciding requests
c216ae455c90 more on the paper Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 7 diff changeset	17	in access control~\cite{WuZhangUrban12}. The formalisations
c216ae455c90 more on the paper Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 7 diff changeset	18	uncovered a gap in the informal correctness proof of the former and
c216ae455c90 more on the paper Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 7 diff changeset	19	made us realise that important details were left out in the informal
c216ae455c90 more on the paper Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 7 diff changeset	20	model for the latter. However, in both cases we were unable to
c216ae455c90 more on the paper Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 7 diff changeset	21	formalise in Isabelle/HOL computability arguments about the
c216ae455c90 more on the paper Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 7 diff changeset	22	algorithms. The reason is that both algorithms are formulated in terms
c216ae455c90 more on the paper Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 7 diff changeset	23	of inductive predicates. Suppose @{text "P"} stands for one such
c216ae455c90 more on the paper Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 7 diff changeset	24	predicate. Decidability of @{text P} usually amounts to showing
c216ae455c90 more on the paper Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 7 diff changeset	25	whether \mbox{@{term "P \<or> \<not>P"}} holds. But this does \emph{not} work
c216ae455c90 more on the paper Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 7 diff changeset	26	in Isabelle/HOL, since it is a theorem prover based on classical logic
c216ae455c90 more on the paper Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 7 diff changeset	27	where the law of excluded middle ensures that \mbox{@{term "P \<or> \<not>P"}}
c216ae455c90 more on the paper Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 7 diff changeset	28	is always provable no matter whether @{text P} is constructed by
c216ae455c90 more on the paper Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 7 diff changeset	29	computable means. The same problem would arise if we had formulated
c216ae455c90 more on the paper Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 7 diff changeset	30	the algorithms as recursive functions, because internally in
c216ae455c90 more on the paper Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 7 diff changeset	31	Isabelle/HOL, like in all HOL-based theorem provers, functions are
c216ae455c90 more on the paper Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 7 diff changeset	32	represented as inductively defined predicates.
c216ae455c90 more on the paper Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 7 diff changeset	33
c216ae455c90 more on the paper Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 7 diff changeset	34	The only satisfying way out is to formalise a theory of
c216ae455c90 more on the paper Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 7 diff changeset	35	computability. Norrish provided such a formalisation for the HOL4
c216ae455c90 more on the paper Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 7 diff changeset	36	theorem prover. He choose the $\lambda$-calculus as the starting point
c216ae455c90 more on the paper Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 7 diff changeset	37	for his formalisation, because of its ``simplicity'' \cite[Page
c216ae455c90 more on the paper Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 7 diff changeset	38	297]{Norrish11}. Part of his formalisation is a clever infrastructure
c216ae455c90 more on the paper Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 7 diff changeset	39	for reducing $\lambda$-terms. He also established the computational
c216ae455c90 more on the paper Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 7 diff changeset	40	equivalence between the lambda-calculus and recursive functions.
c216ae455c90 more on the paper Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 7 diff changeset	41	Nevertheless he concluded that it would be appealing to have
c216ae455c90 more on the paper Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 7 diff changeset	42	formalisations of more operational models of computations such as
c216ae455c90 more on the paper Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 7 diff changeset	43	Turing machines or register machines. One reason is that many proofs
c216ae455c90 more on the paper Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 7 diff changeset	44	in the literature refer to them. He noted however that in the context
c216ae455c90 more on the paper Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 7 diff changeset	45	of theorem provers \cite[Page 310]{Norrish11}:
c216ae455c90 more on the paper Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 7 diff changeset	46
c216ae455c90 more on the paper Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 7 diff changeset	47	\begin{quote}
c216ae455c90 more on the paper Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 7 diff changeset	48	\it``If register machines are unappealing because of their
c216ae455c90 more on the paper Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 7 diff changeset	49	general fiddliness, Turing machines are an even more
c216ae455c90 more on the paper Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 7 diff changeset	50	daunting prospect.''
c216ae455c90 more on the paper Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 7 diff changeset	51	\end{quote}
c216ae455c90 more on the paper Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 7 diff changeset	52
c216ae455c90 more on the paper Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 7 diff changeset	53	\noindent
c216ae455c90 more on the paper Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 7 diff changeset	54	In this paper
6 50880fcda34d added paper Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	55
50880fcda34d added paper Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	56
50880fcda34d added paper Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	57
50880fcda34d added paper Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	58
9 965df91a24bc more Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 8 diff changeset	59	``In particular, the fact that the universal machine operates with a
965df91a24bc more Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 8 diff changeset	60	different alphabet with respect to the machines it simulates is
965df91a24bc more Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 8 diff changeset	61	annoying.'' he writes it is preliminary work \cite{AspertiRicciotti12}
6 50880fcda34d added paper Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	62
50880fcda34d added paper Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	63
9 965df91a24bc more Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 8 diff changeset	64	Our formalisation follows \cite{Boolos87}
6 50880fcda34d added paper Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	65
50880fcda34d added paper Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	66	\noindent
50880fcda34d added paper Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	67	{\bf Contributions:}
50880fcda34d added paper Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	68
50880fcda34d added paper Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	69	*}
50880fcda34d added paper Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	70
9 965df91a24bc more Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 8 diff changeset	71	section {* Formalisation *}
965df91a24bc more Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 8 diff changeset	72
965df91a24bc more Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 8 diff changeset	73	text {*
965df91a24bc more Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 8 diff changeset	74
965df91a24bc more Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 8 diff changeset	75	*}
965df91a24bc more Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 8 diff changeset	76
7 f7896d90aa19 more Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 6 diff changeset	77
f7896d90aa19 more Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 6 diff changeset	78	section {* Wang Tiles *}
f7896d90aa19 more Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 6 diff changeset	79
f7896d90aa19 more Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 6 diff changeset	80	text {*
f7896d90aa19 more Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 6 diff changeset	81	Used in texture mapings - graphics
f7896d90aa19 more Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 6 diff changeset	82	*}
f7896d90aa19 more Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 6 diff changeset	83
f7896d90aa19 more Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 6 diff changeset	84
6 50880fcda34d added paper Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	85	section {* Related Work *}
50880fcda34d added paper Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	86
50880fcda34d added paper Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	87	text {*
50880fcda34d added paper Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	88	The most closely related work is by Norrish. He bases his approach on
50880fcda34d added paper Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	89	lambda-terms. For this he introduced a clever rewriting technology
50880fcda34d added paper Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	90	based on combinators and de-Bruijn indices for
50880fcda34d added paper Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	91	rewriting modulo $\beta$-equivalence (to keep it manageable)
50880fcda34d added paper Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	92	*}
50880fcda34d added paper Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	93
50880fcda34d added paper Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	94
50880fcda34d added paper Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	95	(*
50880fcda34d added paper Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	96	Questions:
50880fcda34d added paper Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	97
50880fcda34d added paper Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	98	Can this be done: Ackerman function is not primitive
50880fcda34d added paper Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	99	recursive (Nora Szasz)
50880fcda34d added paper Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	100
50880fcda34d added paper Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	101	Tape is represented as two lists (finite - usually infinite tape)?
50880fcda34d added paper Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	102
50880fcda34d added paper Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	103	*)
50880fcda34d added paper Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	104
50880fcda34d added paper Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	105
50880fcda34d added paper Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	106	(<)
50880fcda34d added paper Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	107	end
50880fcda34d added paper Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	108	(>)

author	Christian Urban <christian dot urban at kcl dot ac dot uk>
	Sun, 30 Dec 2012 22:15:54 +0000
changeset 9	965df91a24bc
parent 8	c216ae455c90
child 10	44e9d0c24fbc
permissions	-rw-r--r--