tm: Paper.thy@a7ec585d7f20 (annotated)

6 50880fcda34d added paper Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1	(<)
50880fcda34d added paper Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	2	theory Paper
50880fcda34d added paper Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	3	imports UTM
50880fcda34d added paper Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	4	begin
50880fcda34d added paper Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	5
50880fcda34d added paper Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	6	declare [[show_question_marks = false]]
50880fcda34d added paper Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	7	(>)
50880fcda34d added paper Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	8
50880fcda34d added paper Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	9	section {* Introduction *}
50880fcda34d added paper Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	10
50880fcda34d added paper Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	11	text {*
50880fcda34d added paper Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	12
8 c216ae455c90 more on the paper Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 7 diff changeset	13	\noindent
c216ae455c90 more on the paper Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 7 diff changeset	14	We formalised in earlier work the correctness proofs for two
c216ae455c90 more on the paper Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 7 diff changeset	15	algorithms in Isabelle/HOL---one about type-checking in
c216ae455c90 more on the paper Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 7 diff changeset	16	LF~\cite{UrbanCheneyBerghofer11} and another about deciding requests
c216ae455c90 more on the paper Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 7 diff changeset	17	in access control~\cite{WuZhangUrban12}. The formalisations
c216ae455c90 more on the paper Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 7 diff changeset	18	uncovered a gap in the informal correctness proof of the former and
c216ae455c90 more on the paper Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 7 diff changeset	19	made us realise that important details were left out in the informal
c216ae455c90 more on the paper Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 7 diff changeset	20	model for the latter. However, in both cases we were unable to
c216ae455c90 more on the paper Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 7 diff changeset	21	formalise in Isabelle/HOL computability arguments about the
c216ae455c90 more on the paper Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 7 diff changeset	22	algorithms. The reason is that both algorithms are formulated in terms
c216ae455c90 more on the paper Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 7 diff changeset	23	of inductive predicates. Suppose @{text "P"} stands for one such
c216ae455c90 more on the paper Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 7 diff changeset	24	predicate. Decidability of @{text P} usually amounts to showing
c216ae455c90 more on the paper Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 7 diff changeset	25	whether \mbox{@{term "P \<or> \<not>P"}} holds. But this does \emph{not} work
c216ae455c90 more on the paper Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 7 diff changeset	26	in Isabelle/HOL, since it is a theorem prover based on classical logic
c216ae455c90 more on the paper Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 7 diff changeset	27	where the law of excluded middle ensures that \mbox{@{term "P \<or> \<not>P"}}
c216ae455c90 more on the paper Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 7 diff changeset	28	is always provable no matter whether @{text P} is constructed by
c216ae455c90 more on the paper Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 7 diff changeset	29	computable means. The same problem would arise if we had formulated
c216ae455c90 more on the paper Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 7 diff changeset	30	the algorithms as recursive functions, because internally in
c216ae455c90 more on the paper Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 7 diff changeset	31	Isabelle/HOL, like in all HOL-based theorem provers, functions are
10 44e9d0c24fbc added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 9 diff changeset	32	represented as inductively defined predicates too.
8 c216ae455c90 more on the paper Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 7 diff changeset	33
12 dd400b5797e1 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 10 diff changeset	34	The only satisfying way out of this problem in a theorem prover based on classical
10 44e9d0c24fbc added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 9 diff changeset	35	logic is to formalise a theory of computability. Norrish provided such
44e9d0c24fbc added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 9 diff changeset	36	a formalisation for the HOL4 theorem prover. He choose the
44e9d0c24fbc added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 9 diff changeset	37	$\lambda$-calculus as the starting point for his formalisation
44e9d0c24fbc added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 9 diff changeset	38	of computability theory,
44e9d0c24fbc added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 9 diff changeset	39	because of its ``simplicity'' \cite[Page 297]{Norrish11}. Part of his
44e9d0c24fbc added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 9 diff changeset	40	formalisation is a clever infrastructure for reducing
44e9d0c24fbc added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 9 diff changeset	41	$\lambda$-terms. He also established the computational equivalence
44e9d0c24fbc added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 9 diff changeset	42	between the $\lambda$-calculus and recursive functions. Nevertheless he
44e9d0c24fbc added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 9 diff changeset	43	concluded that it would be ``appealing'' to have formalisations for more
44e9d0c24fbc added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 9 diff changeset	44	operational models of computations, such as Turing machines or register
12 dd400b5797e1 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 10 diff changeset	45	machines. One reason is that many proofs in the literature use
10 44e9d0c24fbc added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 9 diff changeset	46	them. He noted however that in the context of theorem provers
44e9d0c24fbc added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 9 diff changeset	47	\cite[Page 310]{Norrish11}:
8 c216ae455c90 more on the paper Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 7 diff changeset	48
c216ae455c90 more on the paper Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 7 diff changeset	49	\begin{quote}
c216ae455c90 more on the paper Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 7 diff changeset	50	\it``If register machines are unappealing because of their
c216ae455c90 more on the paper Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 7 diff changeset	51	general fiddliness, Turing machines are an even more
c216ae455c90 more on the paper Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 7 diff changeset	52	daunting prospect.''
c216ae455c90 more on the paper Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 7 diff changeset	53	\end{quote}
c216ae455c90 more on the paper Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 7 diff changeset	54
c216ae455c90 more on the paper Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 7 diff changeset	55	\noindent
13 a7ec585d7f20 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 12 diff changeset	56	In this paper we took on this daunting prospect and provide a
a7ec585d7f20 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 12 diff changeset	57	formalisation of Turing machines, as well as abacus machines (a kind
a7ec585d7f20 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 12 diff changeset	58	of register machines) and recursive functions. To see the difficulties
a7ec585d7f20 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 12 diff changeset	59	involved with this work, one has to understand that interactive
a7ec585d7f20 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 12 diff changeset	60	theorem provers, like Isabelle/HOL, are at their best when the
a7ec585d7f20 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 12 diff changeset	61	data-structures at hand are ``structurally'' defined, like lists,
a7ec585d7f20 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 12 diff changeset	62	natural numbers, regular expressions, etc. Such data-structures come
a7ec585d7f20 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 12 diff changeset	63	in theorem provers with convenient reasoning infrastructures (for
a7ec585d7f20 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 12 diff changeset	64	example induction principles, recursion combinators and so on). But
a7ec585d7f20 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 12 diff changeset	65	this is \emph{not} the case with Turing machines (and also not with
a7ec585d7f20 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 12 diff changeset	66	register machines): underlying their definition is a set of states
a7ec585d7f20 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 12 diff changeset	67	together with a transition function, both of which are not
a7ec585d7f20 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 12 diff changeset	68	structurally defined. This means we have to implement our own
a7ec585d7f20 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 12 diff changeset	69	reasoning infrastructure in order to prove properties about them. This
a7ec585d7f20 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 12 diff changeset	70	leads to annoyingly lengthy and detailed formalisations. We noticed
a7ec585d7f20 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 12 diff changeset	71	first the difference between both structural and non-structural
a7ec585d7f20 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 12 diff changeset	72	``worlds'' when formalising the Myhill-Nerode theorem, where regular
a7ec585d7f20 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 12 diff changeset	73	expressions fared much better than automata \cite{WuZhangUrban11}.
a7ec585d7f20 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 12 diff changeset	74	However, with Turing machines there seems to be no alternative if one
a7ec585d7f20 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 12 diff changeset	75	wants to formalise the great many proofs that use them. We give as
a7ec585d7f20 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 12 diff changeset	76	example one proof---undecidability of Wang tilings---in Section
a7ec585d7f20 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 12 diff changeset	77	\ref{Wang}. The standard proof of this property uses the notion of
a7ec585d7f20 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 12 diff changeset	78	\emph{universal Turing machines}.
12 dd400b5797e1 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 10 diff changeset	79
13 a7ec585d7f20 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 12 diff changeset	80	We are not the first who formalised Turing machines in a theorem
a7ec585d7f20 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 12 diff changeset	81	prover: we are aware of the preliminary work by Asperti and Ricciotti
a7ec585d7f20 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 12 diff changeset	82	\cite{AspertiRicciotti12}. They describe a formalisation of Turing
a7ec585d7f20 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 12 diff changeset	83	machines in the Matita theorem prover. They report
a7ec585d7f20 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 12 diff changeset	84	that the informal proofs from which they started are not
a7ec585d7f20 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 12 diff changeset	85	``sufficiently accurate to be directly used as a guideline for
a7ec585d7f20 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 12 diff changeset	86	formalization'' \cite[Page 2]{AspertiRicciotti12}. For our formalisation
a7ec585d7f20 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 12 diff changeset	87	we followed the proofs from the textbook \cite{Boolos87} and found that the description
a7ec585d7f20 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 12 diff changeset	88	is quite detailed. Some details are left out however: for
a7ec585d7f20 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 12 diff changeset	89	example, it is only shown how the universal
a7ec585d7f20 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 12 diff changeset	90	Turing machine is constructed for Turing machines computing unary
a7ec585d7f20 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 12 diff changeset	91	functions. We had to figure out a way to generalize this result to
a7ec585d7f20 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 12 diff changeset	92	$n$-ary functions. Similarly, when compiling recursive functions to
a7ec585d7f20 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 12 diff changeset	93	abacus machines, the textbook again only shows how it can be done for
a7ec585d7f20 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 12 diff changeset	94	2- and 3-ary functions, but in the formalisation we need arbitrary
a7ec585d7f20 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 12 diff changeset	95	function. But the general ideas for how to do this are clear enough in
a7ec585d7f20 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 12 diff changeset	96	\cite{Boolos87}.
10 44e9d0c24fbc added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 9 diff changeset	97
13 a7ec585d7f20 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 12 diff changeset	98	The main difference between our formalisation and the one by Asperti and
a7ec585d7f20 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 12 diff changeset	99	Ricciotti is
10 44e9d0c24fbc added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 9 diff changeset	100
13 a7ec585d7f20 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 12 diff changeset	101	that their universal machines
a7ec585d7f20 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 12 diff changeset	102
a7ec585d7f20 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 12 diff changeset	103	\begin{quote}
a7ec585d7f20 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 12 diff changeset	104	``In particular, the fact that the universal machine operates with a
a7ec585d7f20 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 12 diff changeset	105	different alphabet with respect to the machines it simulates is
a7ec585d7f20 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 12 diff changeset	106	annoying.''
a7ec585d7f20 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 12 diff changeset	107	\end{quote}
6 50880fcda34d added paper Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	108
50880fcda34d added paper Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	109
50880fcda34d added paper Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	110
50880fcda34d added paper Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	111
50880fcda34d added paper Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	112	\noindent
50880fcda34d added paper Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	113	{\bf Contributions:}
50880fcda34d added paper Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	114
50880fcda34d added paper Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	115	*}
50880fcda34d added paper Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	116
9 965df91a24bc more Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 8 diff changeset	117	section {* Formalisation *}
965df91a24bc more Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 8 diff changeset	118
965df91a24bc more Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 8 diff changeset	119	text {*
10 44e9d0c24fbc added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 9 diff changeset	120
9 965df91a24bc more Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 8 diff changeset	121	*}
965df91a24bc more Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 8 diff changeset	122
7 f7896d90aa19 more Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 6 diff changeset	123
13 a7ec585d7f20 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 12 diff changeset	124	section {* Wang Tiles\label{Wang} *}
7 f7896d90aa19 more Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 6 diff changeset	125
f7896d90aa19 more Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 6 diff changeset	126	text {*
f7896d90aa19 more Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 6 diff changeset	127	Used in texture mapings - graphics
f7896d90aa19 more Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 6 diff changeset	128	*}
f7896d90aa19 more Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 6 diff changeset	129
f7896d90aa19 more Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 6 diff changeset	130
6 50880fcda34d added paper Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	131	section {* Related Work *}
50880fcda34d added paper Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	132
50880fcda34d added paper Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	133	text {*
50880fcda34d added paper Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	134	The most closely related work is by Norrish. He bases his approach on
50880fcda34d added paper Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	135	lambda-terms. For this he introduced a clever rewriting technology
50880fcda34d added paper Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	136	based on combinators and de-Bruijn indices for
50880fcda34d added paper Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	137	rewriting modulo $\beta$-equivalence (to keep it manageable)
50880fcda34d added paper Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	138	*}
50880fcda34d added paper Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	139
50880fcda34d added paper Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	140
50880fcda34d added paper Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	141	(*
50880fcda34d added paper Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	142	Questions:
50880fcda34d added paper Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	143
50880fcda34d added paper Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	144	Can this be done: Ackerman function is not primitive
50880fcda34d added paper Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	145	recursive (Nora Szasz)
50880fcda34d added paper Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	146
50880fcda34d added paper Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	147	Tape is represented as two lists (finite - usually infinite tape)?
50880fcda34d added paper Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	148
50880fcda34d added paper Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	149	*)
50880fcda34d added paper Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	150
50880fcda34d added paper Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	151
50880fcda34d added paper Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	152	(<)
50880fcda34d added paper Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	153	end
50880fcda34d added paper Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	154	(>)

author	Christian Urban <christian dot urban at kcl dot ac dot uk>
	Fri, 04 Jan 2013 22:49:02 +0000
changeset 13	a7ec585d7f20
parent 12	dd400b5797e1
child 15	90bc8cccc218
permissions	-rw-r--r--