278 %made us realise that important details were left out in the informal |
278 %made us realise that important details were left out in the informal |
279 %model for the latter. However, in both cases we were unable to |
279 %model for the latter. However, in both cases we were unable to |
280 %formalise in Isabelle/HOL computability arguments about the |
280 %formalise in Isabelle/HOL computability arguments about the |
281 %algorithms. |
281 %algorithms. |
282 |
282 |
283 |
283 %Suppose you want to mechanise a proof for whether a predicate @{term P}, |
284 \noindent |
284 %say, is decidable or not. Decidability of @{text P} usually |
285 Suppose you want to mechanise a proof for whether a predicate @{term |
285 %amounts to showing whether \mbox{@{term "P \<or> \<not>P"}} holds. But this |
286 P}, say, is decidable or not. Decidability of @{text P} usually |
286 %does \emph{not} work in |
287 amounts to showing whether \mbox{@{term "P \<or> \<not>P"}} holds. But this |
287 |
288 does \emph{not} work in Isabelle/HOL and other HOL theorem provers, |
288 |
289 since they are based on classical logic where the law of excluded |
289 %Since Isabelle/HOL and other HOL theorem provers, |
290 middle ensures that \mbox{@{term "P \<or> \<not>P"}} is always provable no |
290 %are based on classical logic where the law of excluded |
291 matter whether @{text P} is constructed by computable means. We hit on |
291 %middle ensures that \mbox{@{term "P \<or> \<not>P"}} is always provable no |
292 this limitation previously when we mechanised the correctness proofs |
292 %matter whether @{text P} is constructed by computable means. We hit on |
293 of two algorithms \cite{UrbanCheneyBerghofer11,WuZhangUrban12}, but |
293 %this limitation previously when we mechanised the correctness proofs |
294 were unable to formalise arguments about decidability or undecidability. |
294 %of two algorithms \cite{UrbanCheneyBerghofer11,WuZhangUrban12}, but |
|
295 %were unable to formalise arguments about decidability or undecidability. |
295 |
296 |
296 %The same problem would arise if we had formulated |
297 %The same problem would arise if we had formulated |
297 %the algorithms as recursive functions, because internally in |
298 %the algorithms as recursive functions, because internally in |
298 %Isabelle/HOL, like in all HOL-based theorem provers, functions are |
299 %Isabelle/HOL, like in all HOL-based theorem provers, functions are |
299 %represented as inductively defined predicates too. |
300 %represented as inductively defined predicates too. |
300 |
301 |
301 The only satisfying way out of this problem in a theorem prover based |
302 \noindent |
302 on classical logic is to formalise a theory of computability. Norrish |
303 The motivation of this paper is to bring the ability to reason |
303 provided such a formalisation for HOL4. He choose the |
304 about results from computability theory, for example decidability of the halting problem, |
304 $\lambda$-calculus as the starting point for his formalisation because |
305 to the theorem prover Isabelle/HOL. Norrish formalised computability |
305 of its ``simplicity'' \cite[Page 297]{Norrish11}. Part of his |
306 theory in HOL4. He choose the $\lambda$-calculus as the starting point |
306 formalisation is a clever infrastructure for reducing |
307 for his formalisation because of its ``simplicity'' \cite[Page |
307 $\lambda$-terms. He also established the computational equivalence |
308 297]{Norrish11}. Part of his formalisation is a clever infrastructure |
308 between the $\lambda$-calculus and recursive functions. Nevertheless |
309 for reducing $\lambda$-terms. He also established the computational |
309 he concluded that it would be appealing to have formalisations for |
310 equivalence between the $\lambda$-calculus and recursive functions. |
310 more operational models of computations, such as Turing machines or |
311 Nevertheless he concluded that it would be appealing to have |
311 register machines. One reason is that many proofs in the literature |
312 formalisations for more operational models of computations, such as |
312 use them. He noted however that \cite[Page 310]{Norrish11}: |
313 Turing machines or register machines. One reason is that many proofs |
|
314 in the literature use them. He noted however that \cite[Page |
|
315 310]{Norrish11}: |
313 |
316 |
314 \begin{quote} |
317 \begin{quote} |
315 \it``If register machines are unappealing because of their |
318 \it``If register machines are unappealing because of their |
316 general fiddliness,\\ Turing machines are an even more |
319 general fiddliness,\\ Turing machines are an even more |
317 daunting prospect.'' |
320 daunting prospect.'' |
408 to construct a universal Turing machine we therefore do not follow |
411 to construct a universal Turing machine we therefore do not follow |
409 \cite{AspertiRicciotti12}, instead follow the proof in |
412 \cite{AspertiRicciotti12}, instead follow the proof in |
410 \cite{Boolos87} by translating abacus machines to Turing machines and in |
413 \cite{Boolos87} by translating abacus machines to Turing machines and in |
411 turn recursive functions to abacus machines. The universal Turing |
414 turn recursive functions to abacus machines. The universal Turing |
412 machine can then be constructed by translating from a recursive function. |
415 machine can then be constructed by translating from a recursive function. |
|
416 The part of mechanising the translation of recursive function to register |
|
417 machines has already been done by Zammit in HOL \cite{Zammit99}, |
|
418 although his register machines use a slightly different instruction |
|
419 set than the one described in \cite{Boolos87}. |
413 |
420 |
414 \smallskip |
421 \smallskip |
415 \noindent |
422 \noindent |
416 {\bf Contributions:} We formalised in Isabelle/HOL Turing machines |
423 {\bf Contributions:} We formalised in Isabelle/HOL Turing machines |
417 following the description of Boolos et al \cite{Boolos87} where tapes |
424 following the description of Boolos et al \cite{Boolos87} where tapes |
1517 Turing machines, an unexpected outcome of our work is that we |
1524 Turing machines, an unexpected outcome of our work is that we |
1518 identified an inconsistency in their use of a definition. This is |
1525 identified an inconsistency in their use of a definition. This is |
1519 unexpected since \cite{Boolos87} is a classic textbook which has |
1526 unexpected since \cite{Boolos87} is a classic textbook which has |
1520 undergone several editions (we used the fifth edition; the material |
1527 undergone several editions (we used the fifth edition; the material |
1521 containing the inconsistency was introduced in the fourth edition |
1528 containing the inconsistency was introduced in the fourth edition |
1522 \cite{BoolosFourth}). The central |
1529 of this book). The central |
1523 idea about Turing machines is that when started with standard tapes |
1530 idea about Turing machines is that when started with standard tapes |
1524 they compute a partial arithmetic function. The inconsistency arises |
1531 they compute a partial arithmetic function. The inconsistency arises |
1525 when they define the case when this function should \emph{not} return a |
1532 when they define the case when this function should \emph{not} return a |
1526 result. Boolos at al write in Chapter 3, Page 32: |
1533 result. Boolos at al write in Chapter 3, Page 32: |
1527 |
1534 |