Introduction to Milestones in Interactive Theorem Proving

On March 8, 2018, Tobias Nipkow celebrated his sixtieth birthday. In anticipation of the occasion, in January 2016, two of his former students, Gerwin Klein and Jasmin Blanchette, and one of his former postdocs, Andrei Popescu, approached the editorial board of the Journal of Automated Reasoning with a proposal to publish a surprise Festschrift issue in his honor. The e-mail was sent to twenty-six members of the board, leaving out one, for reasons that will become clear in a moment. It is a sign of the love and respect that Tobias commands from his colleagues that within two days every recipient of the e-mail had responded favorably and enthusiastically to the proposal

The formal verification of the ctm approach to forcing

We discuss some highlights of our computer-verified proof of the construction, given a countable transitive set-model $M$ of $\mathit{ZFC}$, of generic extensions satisfying $\mathit{ZFC}+\neg\mathit{CH}$ and $\mathit{ZFC}+\mathit{CH}$. Moreover, let $\mathcal{R}$ be the set of instances of the Axiom of Replacement. We isolated a 21-element subset $\Omega\subseteq\mathcal{R}$ and defined $\mathcal{F}:\mathcal{R}\to\mathcal{R}$ such that for every $\Phi\subseteq\mathcal{R}$ and $M$-generic $G$, $M\models \mathit{ZC} \cup \mathcal{F}\text{``}\Phi \cup \Omega$ implies $M[G]\models \mathit{ZC} \cup \Phi \cup \{ \neg \mathit{CH} \}$, where $\mathit{ZC}$ is Zermelo set theory with Choice. To achieve this, we worked in the proof assistant Isabelle, basing our development on the Isabelle/ZF library by L. Paulson and others.Comment: 20pp + 14pp in bibliography & appendices, 2 table

PaMpeR: Proof Method Recommendation System for Isabelle/HOL

Deciding which sub-tool to use for a given proof state requires expertise specific to each ITP. To mitigate this problem, we present PaMpeR, a Proof Method Recommendation system for Isabelle/HOL. Given a proof state, PaMpeR recommends proof methods to discharge the proof goal and provides qualitative explanations as to why it suggests these methods. PaMpeR generates these recommendations based on existing hand-written proof corpora, thus transferring experienced users' expertise to new users. Our evaluation shows that PaMpeR correctly predicts experienced users' proof methods invocation especially when it comes to special purpose proof methods.Comment: An anonymized version of this paper has been submitted to a Computer Science conference in April 201

The Lean mathematical library

This paper describes mathlib, a community-driven effort to build a unified library of mathematics formalized in the Lean proof assistant. Among proof assistant libraries, it is distinguished by its dependently typed foundations, focus on classical mathematics, extensive hierarchy of structures, use of large- and small-scale automation, and distributed organization. We explain the architecture and design decisions of the library and the social organization that has led us here

Toward Structured Proofs for Dynamic Logics

We present Kaisar, a structured interactive proof language for differential dynamic logic (dL), for safety-critical cyber-physical systems (CPS). The defining feature of Kaisar is *nominal terms*, which simplify CPS proofs by making the frequently needed historical references to past program states first-class. To support nominals, we extend the notion of structured proof with a first-class notion of *structured symbolic execution* of CPS models. We implement Kaisar in the theorem prover KeYmaera X and reproduce an example on the safe operation of a parachute and a case study on ground robot control. We show how nominals simplify common CPS reasoning tasks when combined with other features of structured proof. We develop an extensive metatheory for Kaisar. In addition to soundness and completeness, we show a formal specification for Kaisar's nominals and relate Kaisar to a nominal variant of dL

Arrows for knowledge-based circuits

Knowledge-based programs (KBPs) are a formalism for directly relating agents' knowledge and behaviour in a way that has proven useful for specifying distributed systems. Here we present a scheme for compiling KBPs to executable automata in finite environments with a proof of correctness in Isabelle/HOL. We use Arrows, a functional programming abstraction, to structure a prototype domain-specific synchronous language embedded in Haskell. By adapting our compilation scheme to use symbolic representations we can apply it to several examples of reasonable size