Stateless HOL

We present a version of the HOL Light system that supports undoing definitions in such a way that this does not compromise the soundness of the logic. In our system the code that keeps track of the constants that have been defined thus far has been moved out of the kernel. This means that the kernel now is purely functional. The changes to the system are small. All existing HOL Light developments can be run by the stateless system with only minor changes. The basic principle behind the system is not to name constants by strings, but by pairs consisting of a string and a definition. This means that the data structures for the terms are all merged into one big graph. OCaml - the implementation language of the system - can use pointer equality to establish equality of data structures fast. This allows the system to run at acceptable speeds. Our system runs at about 85% of the speed of the stateful version of HOL Light.Comment: In Proceedings TYPES 2009, arXiv:1103.311

Automated verification of refinement laws

Demonic refinement algebras are variants of Kleene algebras. Introduced by von Wright as a light-weight variant of the refinement calculus, their intended semantics are positively disjunctive predicate transformers, and their calculus is entirely within first-order equational logic. So, for the first time, off-the-shelf automated theorem proving (ATP) becomes available for refinement proofs. We used ATP to verify a toolkit of basic refinement laws. Based on this toolkit, we then verified two classical complex refinement laws for action systems by ATP: a data refinement law and Back's atomicity refinement law. We also present a refinement law for infinite loops that has been discovered through automated analysis. Our proof experiments not only demonstrate that refinement can effectively be automated, they also compare eleven different ATP systems and suggest that program verification with variants of Kleene algebras yields interesting theorem proving benchmarks. Finally, we apply hypothesis learning techniques that seem indispensable for automating more complex proofs

Not every pseudoalgebra is equivalent to a strict one

We describe a finitary 2-monad on a locally finitely presentable 2-category for which not every pseudoalgebra is equivalent to a strict one. This shows that having rank is not a sufficient condition on a 2-monad for every pseudoalgebra to be strictifiable. Our counterexample comes from higher category theory: the strict algebras are strict 3-categories, and the pseudoalgebras are a type of semi-strict 3-category lying in between Gray-categories and tricategories. Thus, the result follows from the fact that not every Gray-category is equivalent to a strict 3-category, connecting 2-categorical and higher-categorical coherence theory. In particular, any nontrivially braided monoidal category gives an example of a pseudoalgebra that is not equivalent to a strict one.Comment: 17 pages; added more explanation; final version, to appear in Adv. Mat

Arrow's impossibility theorem: Two simple single-profile versions

In this short paper we provide two simple new versions of Arrow's impossibility theorem, in a world with only one preference profile. Both versions are extremely transparent. The first version assumes a two-agent society; the second version, which is similar to a theorem of Pollak, assumes two or more agents. Both of our theorems rely on diversity of preferences axioms, and we explore alternative notions of diversity at length. Our first theorem also uses a neutrality assumption, commonly used in the literature; our second theorem uses a neutrality/monotonicity assumption, which is stronger and less commonly used. We provide examples to show the logical independence of the axioms, and to illustrate our points.Arrow's theorem; single-profile