Uppsala University
Listen to this web page
Information Technology

Interactive Theorem Provers

Motivation

Using interactive theorem provers to do mathematical proofs has long been a goal of many mathematicians and computer scientists. The prospect of having proofs fully machine checked is appealing, but the tools available have been cumbersome to work with since computers lack the intuitive grasp of mathematics that we humans possess. A statement such as: by induction over P we clearly see that... might be fully acceptable in a paper proof but a theorem prover will not allow it since to such a program, nothing is intuitively clear.

The main motivation for our work is to make theorems for the pi-calculus within a theorem prover which resembles their pen-and-paper equivalents to as high a degree as possible especially when it comes to abstraction of alpha-equivalent terms.

Results

snapshot9_small2.pngWe have used the theorem prover Isabelle[External link] to formalise a substantial part of the pi-calculus[External link]. At the core of our formalisation lies the nominal datatype package[External link] developed by Christian Urban[External link] and Stefan Berghofer[External link]. The nominal datatype package is based on the theories of Nominal Logic by Andrew Pitts[External link] et. al.

Our formalisation is, to our knowledge, the most extensive formalisation of a mobile calculus ever to be done inside a theorem prover. It includes the following:

  • Formalisations of both late and early semantics of the monadic pi-calculus, with proofs that:
    • Strong bisimulation is an equivalence relation and preserved by all operators except the input prefix.
    • Strong equivalence is a congruence.
    • Weak bisimulation is preserved by all operators except sum and input prefix.
    • Weak congruence is a congruence
    • Proofs that all early bisimulation relations are included in their late counterparts.
  • A set of algebraic laws, including the tau-laws and the Hennessy lemma.
  • A proof that the axiomatization of strong late bisimilarity is sound and complete.

The completeness proof is the first of its kind to be completely machine checked.

The image on the right contains a sample proof from our formalisation.

The source code for our formalisation can be found here[Tar archive].

Ongoing work

We are currently working with Microsoft Research in Cambridge in their project Samoa[External link] to integrate our ideas in a set of tools for securing web services.

Related work

Theorem provers have been used before to model process algebras. When modelling a process algebra one must deal with its binders in some way. The two most command ways have to date been de-Bruijn indices and higher order abstract syntax (HOAS). Early work by Daniel Hirschkoff[External link] modelled the pi-calculus in Coq[External link] using de-Bruijn indices. Christine Röckl[External link] modelled the pi-calculus in Isabelle using HOAS and Furio Honsel [External link] et. al. did the same using Coq.

Publications

A completeness proof for bisimulation in the pi-calculus using Isabelle[External link]. Jesper Bengtson and Joachim Parrow. In Electronic Notes in Theoretical Computer Science, volume 192, number 1, pp 61-75, 2007.
Formalising the pi-calculus using nominal logic[External link]. Jesper Bengtson and Joachim Parrow. In Proceedings of FOSSACS 2007, pp 63-77, 2007.

Last update: 2009-10-16 14:48:09 Responsible: Björn Victor. Web: Contact
Copyright © 2010 Uppsala University, Department of Information Technology.
Show printer-friendly page      View this page.      Edit this page.
Link types on this page: External link Tar archive