Theorem provers

Posted By: jason818_253.33 | Dec 3rd, 2008 @ 12:24 PM
page 1 of 1
Comments: 18 | Views: 1339
#Dec 3rd, 2008 @ 12:24 PM
jason818_253.33
jason818_253.33
Yippi skippy

There are a number of them out there. Call me a newb but what is a theorem prover? I know in the c9 community there are probably a majority of people who could elaborate on the subject.

 

At Microsoft research they are developing Z3 theorem prover (Satisfiability Modulo Theories). What theorems are they asking the machine? What is it being built to do? I went to the frequently asked questions portion of the site but didn’t find the answers. If C9 gets over in that direction I would be fascinated to hear people talk about it.

Im trying to wrap my head around something that is still clearly in the fog to me.

#Dec 3rd, 2008 @ 12:47 PM
Bass
Bass
www.s​preadfirefox.c​om/5years/
A software tool that can generate mathematical proofs.
#Dec 3rd, 2008 @ 12:55 PM
jason818_253.33
jason818_253.33
Yippi skippy
Thanks Bass, Im trying to break it down to its simplest form. then I can build it back up. To me it's really a complex topic.
#Dec 3rd, 2008 @ 1:23 PM
jason818_253.33
jason818_253.33
Yippi skippy
"A software tool that can generate mathematical proofs."

Im not very good with mathematics and i dont know what a proof is. can it be made any more simple? can you or another 9er think of a real world example. Thanks much.
#Dec 3rd, 2008 @ 1:43 PM
Bass
Bass
www.s​preadfirefox.c​om/5years/
A mathematical proof is some kind of logical reasoning for some statement to be true. I know that probably doesn't help but it's a very complex subject to begin with.

Euclid said once to a King once who wanted Euclid to explain geometry to him in a few hours: "there is no royal road to geometry". If you really want to learn this stuff you should probably get a book on algebra and calculus and build up from there, but it does take a lot of time and effort to understand mathematics.


#Dec 3rd, 2008 @ 2:05 PM
evildictaitor
evildictaitor
if( !succeed( try() ) ) { while(true) try(); }
There are lots of different types of theorem prover, but basically they fall into three major categories:

* Boolean (Satisfiability/Model) provers
For example, in the statement:

(L || K)  && (!L || !K) && (!L || M) && (!M || K) && (M || R)

for what set of values L,M,K,R is the above statement true?
There are a few methods - the most obvious is to just try all values, and then simplify at the end (you can use a Karnaugh-map to get a simple boolean expression from a truth-table), or there are various better methods.

One such method is the Davis Putnam method (which you can look up for more info if you want) which basically goes along the lines of

Using the notation (for readability) AB = A || B ;  A, B = A && B  ;  a = !A, the above becomes

LK, lk, lM, mK, MR

Since R is pure, we can set R in our model to be true, and the last OR becomes true, so we can get rid of it,

LK, lk, lM, mK   (model = {R} )

If L is true:
    LK is true, lk is true iff k is true, lM is true iff M is true, mK is unchanged:
    k, M, mK
    model = {L,R}
    If K is also true
       Then k is false, and the entire statement is false, so K cannot also be true
    Else k is true
       Then k is true, M is unchanged, mK is true iff m is true
       M, m
       model {L,R,K}
       But M and m cannot both be true, so contradition
    EndIf
    So the model {L,R} is not true if we have either K or k to be true, so the model {L,R} doesn't work
Else if l is true
   LK is true iff K is true, lk is always true, lM is always true, mK is unchanged
   K, mK
   model = {l,R}
   K is pure in both of the above statements, so we can take it out;
   model = {l,R,K}
   and we've run out of statements, so setting the values

L = false, R = true, K = true and M = anything will yield true for the original statement\




The next type of theorem prover is the "proper" math style theorem prover, used to generate mathematical proofs. These fall into two general categories of "theorem prover" and "theorem checker", which are basically distinguished by the fact that "theorem provers" are cool, clever and difficult to make, and "theorem checkers" are manual, boring and easy to make. So let's talk about the provers.

For example, Let me tell you that:

1. tan[x] = sin[x] / cos[x]
2. sec[x] = 1 / cos[x]
3. d[sin[x]] = cos[x] * d[x]
4. d[cos[x]] = - sin[x] * d[x]
5. d[a / b] = ( v * d[u] - u d[v] ) / (v^2)

And some helper ones:

6. a * - b = -(a * b)
7. a * a = a ^ 2
8. (a*b) - (c*b) = (a -c) * b
9. (a * b) / b = a   (if b is non-zero)
10. (a / b) / c = a/ (b*c)
11. 1 * a = a
12. -sin[x]^2 + cos[x]^2 = 1
13. (a/(b*c)) = (a/b) * (1/c)

What is d [tan[x]] / d[x] ?

         d[tan[x]] / d[x]
         By rule 1
         d[sin[x] / cos[x]] / d[x]
         By rule 5 where a = sin[x], b = cos[x]
         ((sin[x] * d[cos[x]]) - (cos[x] * d[sin[x]]) / cos[x]^2) / d[x]
         By rule 4
         ((sin[x] * - sin[x] d[x]) - (cos[x] * d[sin[x]]) / cos[x]^2) / d[x]
         By rule 6
         (( -sin[x] * sin[x] * d[x]) - (cos[x] * d[sin[x]]) / cos[x]^2) / d[x]
         By rule 7
         (( -sin[x]^2 * d[x]) - (cos[x] * d[sin[x]]) / cos[x]^2) / d[x]
         By rule 4
         (( -sin[x]^2 * d[x]) - (cos[x] * cos[x] * d[x]) / cos[x]^2) / d[x]
         By rule 6
         ((- sin[x]^2 * d[x]) - (cos[x]^2 * d[x])) / cos[x]^2) / d[x]
         By rule 8
         ((-sin[x]^2 + cos[x]^2) * d[x]) / cos[x]^2) / d[x]
         By rule 12
         ((1 * d[x]) / cos[x]^2) / d[x]
         By rule 11
         (d[x] / cos[x]^2) / d[x]
         By rule 10
         d[x] / cos[x]^2 * d[x]
         By rule 9 (making sure to note that d[x] != 0)
         1 / cos[x]^2
         By inverse of rule 7
         1 / cos[x] * cos[x]
         By rule 13
         (1 / cos[x]) * (1 / cos[x])
         By rule 2
         (sec[x]) * (1 / cos[x])
         By rule 2
         (sec[x]) * (sec[x])
         By rule 7
         sec[x]^2

So without knowing anything about differentiation, and using the only feature that d[x] != 0, we've derived by application of other rules the general result that the differential of tan with respect to x is the square of the secant of x.



The third type of theorem prover is about program verification (yay!). This is all about showing that a program is correct, typically from contractual specifications, and has applications all over compiler theory (e.g. liveness analysis, program flow analysis, optimisations etc)

For example, in the Spec#-esque function:

class List<T> {
...
T[]! array;
int Capacity { get { return array.Length; } }

void EnsureCapacity(int capacity)
   ensures Capacity >= capacity
{
  if(capacity <= 0) { 
    array = new T[0];
  }else {
    T[] bigger = new T[capacity];
    this.CopyIntoArray(bigger);
    array = bigger;
  }
}

}

Let's check the ensures condition:

{
  if(capacity <= 0) { 
    :: Requires( capacity <= 0) 
    array = new T[0];
  }else {
    :: Requires( !(capacity <= 0)) 
    T[] bigger = new T[capacity];
    this.CopyIntoArray(bigger);
    array = bigger;
  }
  :: Ensures ( Capacity >= capacity)
}

Is true only if it's true at the end of the two paths in the if: (Let's also expand out the definition of Capacity at the same time)

  if(capacity <= 0) {
    :: Requires (capacity <= 0)  
    array = new T[0];
    :: Ensures ( array.Length >= capacity)
  }else {
    :: Requires( !(capacity <= 0)) 
    T[] bigger = new T[capacity];
    this.CopyIntoArray(bigger);
    array = bigger;
    :: Ensures ( array.Length >= capacity)
  }

  if(capacity <= 0) {
    :: Requires (capacity <= 0) 
    array = new T[0];  // <- (new T[X]).Length = X 
    :: Ensures ( 0 >= capacity)
  }else {
    :: Requires( !(capacity <= 0)) 
    T[] bigger = new T[capacity];
    this.CopyIntoArray(bigger);
    :: Ensures ( bigger.Length >= capacity)
    array = bigger;
  }


  if(capacity <= 0) {
    :: Requires (capacity <= 0)
    :: Ensures ( capacity <= 0)
    array = new T[0];  // <- (new T[X]).Length = X
  }else {
    :: Requires( !(capacity <= 0)) 
    T[] bigger = new T[capacity];
    :: Ensures ( bigger.Length >= capacity)
    this.CopyIntoArray(bigger);  // does not affect the Length of bigger
    array = bigger;
  }


  if(capacity <= 0) {
    :: Requires (capacity <= 0)
    :: Ensures ( capacity <= 0)
    array = new T[0];  // <- (new T[X]).Length = X
  }else {
    :: Requires( !(capacity <= 0)) 
    T[] bigger = new T[capacity];  <- (new T[capacity]).Length = capacity
    :: Ensures ( capacity >= capacity)
    this.CopyIntoArray(bigger);  // does not affect the Length of bigger
    array = bigger;
  }


  if(capacity <= 0) {
    :: Requires (capacity <= 0)
    :: Ensures ( true )  ; // guarranteed by the requires condition
    array = new T[0];  // <- (new T[X]).Length = X
  }else {
    :: Requires( !(capacity <= 0)) 
    T[] bigger = new T[capacity];
    :: Ensures (true ) // tautological
    this.CopyIntoArray(bigger);  // does not affect the Length of bigger
    array = bigger;
  }

Since any Ensures(true) statement can be eliminated, we've eliminated all ensures contracts from the method, so we've proved that the method was correct! Hooray!

  if(capacity <= 0) {
    :: Requires (capacity <= 0)
    array = new T[0];  // <- (new T[X]).Length = X
  }else {
    :: Requires( !(capacity <= 0)) 
    T[] bigger = new T[capacity];
    this.CopyIntoArray(bigger);  // does not affect the Length of bigger
    array = bigger;
  }



So there you have it, a brief overview of the three forms of theorem provers.
#Dec 4th, 2008 @ 7:53 AM
Harlequin
Harlequin
http://twitter.c​om/TrueHarlequin
The right-side of my brain shut down about half way through reading that Smiley
#Dec 4th, 2008 @ 5:36 PM
jason818_253.33
jason818_253.33
Yippi skippy

Truth is a very interesting and complex endeavor to explore. I have so many questions I wish I had the answers to. Maybe that is why I am fascinated by the notion of theorem provers.  If that is what they do, find truth. 

Much of Evildictator post looks like a different language to me. I need to work on my math admittedly. Is it something I can comprehend with the current knowledge I have?

Im showing my ignorance by posting. I know, but its a chance I'll take.

#Dec 4th, 2008 @ 5:43 PM
elmer
elmer
I'm on my very last life.

You just need some explosives, some pickup trucks and a selection of finely tuned hammers... Myth-Busters do it all the time.

#Dec 4th, 2008 @ 7:09 PM
Bass
Bass
www.s​preadfirefox.c​om/5years/
Mathematics is the science of truth and perfection. It's really a very interesting and profound field, because all of reality and stuff that even transcend reality can be perfectly described using mathematics, and it's the foundation for computer science as well. Mathematics and computer science are one of the few sciences that deal with ideas that are beyond the scope of the Universe itself.

But to answer your question I think really to understand the idea of a proof at a more deeper level then just the definition you should at least get good with algebra, since algebra is used very often to "prove" something in mathematics. But there are proofs out there, that prove seemly simple statements, that very even experienced mathematics doesn't understand completely. Really proofs can be some of the most complex objects in mathematics, so you can not expect to understand most of them with no or very little mathematical background.
#Dec 4th, 2008 @ 8:13 PM
timothychung
timothychung
Hey Jason, please let us know more about the context. Such as why you are interested in it and what kind of knowledge you are looking for. So that we can give you some pointers to knowledge you need.

For now, I think you can try understanding more about proofing. Try "proof of mathematical theorem" on Google.

Wikipedia entries:

Cheers,
Timothy
#Dec 5th, 2008 @ 2:58 AM
evildictaitor
evildictaitor
if( !succeed( try() ) ) { while(true) try(); }
Math is just a tool - don't over-glorify it. I'm sorry you didn't understand my previous post - my only point was that the word "theorem prover" means different things to different people, and I gave three examples - a theorem prover for boolean logic (called a SAT-prover), an algebraic theorem prover (like Mathematica) and a contract verifyer (like Spec#).

Each of these three fields of theorem provers have different ways of looking at problems, and have different constraints on how they work and what they're used for, but one thing is certain - they have no value except by solving real world problems. SAT-provers are used lots in hardware and chipset vendors to make smaller circuits, algebraic theorem provers are used lots by physists and engineers to solve real-world problems and contract-verifiers are used lots by compilers. Writing an algebraic theorem prover to generate all true statements in math (of which there are infinitely many) would yield a truck load of unuseful statements (such as "x = x + 0", "x = (x + 0 + 0 + 0 + x - x) * 1" etc).

Math is a tool. Nothing more. A drill isn't good because it drills holes - it's good because it helps you put up a shelf. Any use math may have only comes from the fact that it can be used for real world situations. If you don't have theorems that need proving - don't build a theorem prover.
#Dec 5th, 2008 @ 7:23 AM
timothychung
timothychung
Hey evildictaitor,

Do you know where to find applicational examples and patterns of mathematical models and computational models? This thread just ignites my curiosity on modelling. Smiley

Cheers,
Timothy
#Dec 5th, 2008 @ 2:47 PM
jason818_253.33
jason818_253.33
Yippi skippy

Thanks guys. Im understanding better what a Therom is, and what is a proof.

How does modelling ty into this thread?

The Z3 is an SAT-prover. so i guess its being built to help build faster hard ware?

#Dec 5th, 2008 @ 4:00 PM
Bass
Bass
www.s​preadfirefox.c​om/5years/
Mathematics isn't just a "tool". There are people out there that study math not for any specific purpose, but for it's own right. I believe they are called mathematicians.
#Dec 5th, 2008 @ 11:12 PM
Sven Groot
Sven Groot
My name has 9 letters. Coincidence? I think not...
#Dec 6th, 2008 @ 8:10 AM
evildictaitor
evildictaitor
if( !succeed( try() ) ) { while(true) try(); }
Some people spend their lives designing better drills. That doesn't mean a drill isn't a tool.

Maths has no value other than through its applications - I'll grant you that it is elegant, but it isn't USEFUL without being APPLIED to something, which makes it a tool.
#Dec 6th, 2008 @ 8:24 AM
Bass
Bass
www.s​preadfirefox.c​om/5years/
It might not be "useful" (that's extremely debatable), but saying pure math has no "value" is plain trolling. Sorry.
#Dec 6th, 2008 @ 9:15 AM
evildictaitor
evildictaitor
if( !succeed( try() ) ) { while(true) try(); }
If you're going to deliberately misquote me then there's very little point in having a discussion. I said maths is not useful unless it is applied to something and neither I nor mathematics make any claim as to math having "value".

Math is a very useful tool for me, but only because it can be used. If it could not be used, I would still find it interesting, but it would cease to be useful. Don't glorify math, or try and prove things because you can. Prove things that give insight into the world, and use math to come up with descriptions of life and the universe - because it's that insight and those descriptions that are worth searching for - the math that underpins it is just a tool.
page 1 of 1
Comments: 18 | Views: 1339
Microsoft Communities