Are there special considerations for conjunctions and = other basic (or otherwise) logical operators when they are included as = arguments to functions?  Currently I am running into a wall on a = proof that may be characterized by the failure of the folowing = result.  The conjecture

lemma "f ( P & Q ) =3D=3D> f ( Q & P = )"

will not be proved by simp, auto, or blast, but

lemma "P & Q =3D=3D> Q & P" by = auto

is evaluated without complaint.

Am I missing something basic?  Any thoughts on this question would = be appreciated.

Robert

Would you expect something like this to work?

lemma conj_commute: "P & Q =3D=3D> Q = & P" by auto

lemma "f ( P & Q ) =3D=3D> f ( Q & P = )"
proof -
assume "f( P & Q )"
from this conj_commute [of P Q]
have "f( Q & P )" by = simp
qed

This is less terse, but it is more similar to the methods I am using in = my proof.  It fails as well, I am afraid.

Robert Lamar

On Thu 3/2/2006 5:43 AM, Larry Paulson wrote:
|
| The lemma "conj_commute" expresses commutativity of the = conjunction
| operator. You should be able to prove your theorem with something = like
|
|
| Larry Paulson
|

[Apologies for multiple copies of this message] =

CALL FOR PAPERS

ATVA 2006 --

Fourth International Symposium on =

Automated Technology for Verification and = Analysis

Beijing, China, 23-26 October 2006

http://lcs.ios.ac.cn/~atva06/<= /font>

=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D

ATVA 2006 is the fourth in the series of = symposia on Automated Technology

for Verification and Analysis. The purpose of = ATVA is to promote research on

theoretical and practical aspects of automated analysis, verification and

synthesis in East = Asia by providing a forum for interaction = between

the regional and the international research communities and industry in the

field. Submissions reporting original = contributions are solicited in all

areas of automated verification and analysis. =

IMPORTANT DATES

20 May 2006, submission = deadline

10 July 2006, acceptance = notification

1  August 2006, camera-ready = copy

23 October - 26 October 2006, ATVA = 2006

KEYNOTE SPEAKERS

Thomas Ball (Microsoft Research, US)=

Jin Yang (Intel Corporation, = US)

Mihalis Yannakakis (Columbia University. US)

STEERING COMMITTEE =

E.A. Emerson  (University of Texas at Austin) =

Oscar H. Ibarra  = (University of California at Santa = Barbara)

Insup Lee  (University of Pennsylvania)

Doron A. Peled  = (University of Warwick)

Farn Wang  (National Taiwan University) =

Hsu-Chun Yen  (National Taiwan University) =

GENERAL CHAIR

Huimin Lin (Chinese Academy of = Sciences)

PROGRAM CO-CHAIRS

Susanne Graf = (VERIMAG)

Wenhui Zhang (Chinese Academy of Sciences)

LOCAL ARRANGEMENT = CHAIR

Naijun Zhan (Chinese Academy of Sciences)

PROGRAM COMMITTEE

Rajeev = Alur      &n= bsp;     (University of = Pennsylvania)

Christel = Baier           &n= bsp;      (University of = Bonn)

Jonathan = Billington     &n= bsp;  (University of = South = Australia)

Sung-Deok = Cha           &nbs= p; (Korea Advanced Inst. of Sci. and Techn.)

Shing-Chi = Cheung         (Hong Kong = Univ. of Sci. and = Techn.)

Ching-Tsun = Chou           &nb= sp;         = (Intel)

Jin Song = Dong      &n= bsp;         (National University of Singapore)=

E. Allen Emerson (University of Texas at Austin)

Masahiro = Fujita           &= nbsp;   (University of = Tokyo)

Susanne = Graf           &nb= sp;     (VERIMAG)

Wolfgang Grieskamp   (Microsoft = research)

Teruo = Higashino     &nb= sp;      (Osaka = University)

Pei-Hsin = Ho      &nbs= p;            = ; (Synopsys)<= /font>

Oscar H. = Ibarra      =          (University of California at Santa = Barbara)

Orna = Kupferman          &nbs= p; (Hebrew = University)

Robert P. = Kurshan          = (Cadence)

Insup = Lee      &nb= sp;       (University of = Pennsylvania)

Xuandong = Li            = ;        (Nanjing = University)

Shaoying = Liu      &nb= sp;            = (Hosei = University)

Zhiming = Liu           &nbs= p;         (IIST/United Nations University)

Mila E. Majster-Cederbaum    = (University of = Mannheim)

Olaf = Owe      &nb= sp;        (University of = Oslo)

Doron A. = Peled      &= nbsp;         (University of = Warwick)=

Zhong = Shao           &nb= sp;        (Yale = University)

Xiaoyu = Song           &nb= sp;        (Portland = State University)

Yih-Kuen = Tsay           &nb= sp;     (National = Taiwan University)

Irek Ulidowski      =      (Leicester = University)

Bow-Yaw = Wang           &nb= sp;  (Academia Sinica)

Farn = Wang      &n= bsp;     (National = Taiwan University)

Ji = Wang           &nb= sp;           &nbs= p;    (National U. of Techn. of China)

Yi = Wang           &nb= sp;           &nbs= p;    (Uppsala = University)

Baowen = Xu      &nbs= p;    (Southeast University of China)

Hsu-Chun = Yen           &nbs= p;    (National = Taiwan University)

Tomohiro = Yoneda           &= nbsp;         (Tokyo Institute of Technology)

Wenhui = Zhang           &n= bsp;    (Chinese = Academy of = Sciences)

Lenore = Zuck      &n= bsp;           &nb= sp; (University of Illinois at Chicago)

SCOPE

The scope of interest is intentionally kept = broad; it includes:

(1) theory useful for providing designers with automated support

for obtaining correct = software or hardware systems, including

both functional and non = functional aspects, such as: theory

on (timed) automata, = Petri-nets, concurrency theory, compositionality,

model-checking, automated = theorem proving, synthesis,

performance analysis, = correctness-by-construction results,

infinite state systems, = abstract interpretation, decidability results,

parametric analysis or = synthesis.

(2) applications of theory in engineering = methods and particular

domains and handling of = practical problems occurring in tools,

such as: analysis and = verification tools, synthesis tools,

reducing complexity of = verification by abstraction, improved

representations, handling = user level notations (such as UML), practice

in industry applications to hardware, software or real-time and = embedded

systems. Case studies, = illustrating the usefulness of tools or

a particular approach are = also welcome.

Theory papers should be motivated by practical problems and applications

should be rooted in sound theory. Of particular interest are algorithms

on one hand and methods and tools for = integrating formal approaches into

industrial practice. Special care should be = taken as well to present papers

in such a way that they are accessible not only = to specialists, that is,

jargon need to be defined and intuitive = interpretation provided for theories.

TUTORIALS

Three tutorials on software = verification,

hardware verification and the theory of = verification

will be given by the three keynote = speakers

T. Ball, J. Yang and M. Yannakakis, = respectively.

PUBLICATION

Following ATVA 2004 (LNCS 3299) and ATVA 2005 = (LNCS 3707),

the formal proceedings is planned to be = published in LNCS, Springer-Verlag.

Extended versions of selected papers on = theoretical foundation and

technology-transfer from the conference series = will be solicited for

publication in special issues of the = International Journal of Foundations

of Computer Science (IJFCS) = (http://www.cs.ucsb.edu/~ijfcs) and of

the International Journal on Software Tools for Technology Transfer (STTT)

(http://sttt.cs.uni-dortmund.de).

I am a newbie in isabelle ,and now I am stucked with a proof which looks somewhat trivial. I am using Isabelle2005/HOL with ProofGeneral, the proof is :
!! v s1 s2 .
[| Subject_user v s1 \<in> Users v ; Subject_user v s2 \<in= > Users v ; Subject_user v s1 =3D Subject_user v s2
Subject_role v s1 \<in> tRoles v \/ Subject_role v s1 \= <in> nRoles v ;
Subject_role v s2 \<in> tRoles v \/ Subject_role v s2 \= <in> nRoles v ;
s1 \<in> tSubjects v \/ s1 \<in> nSubjects v= ;
s2 \<in> tSubjects v \/ s2 \<in> nSubjects v= ;
s1 \<noteq> s2;
(Subject_user v s1 , Subject_role v s1) \<in> URs = v;
(Subject_user v s2 , Subject_role v s2) \<in> URs v;
\<forall> u r1 r2 .
u \<in> Users v /\
(r1 \<in> tRoles v \/ r1 \<in> nRoles = v) /\
(r2 \<in> tRoles v \/ r2 \<in> nRoles v) /\=
(EX s1. (s1 \<in> tSubjects v \/ s1 \<in> n= Subjects v) /\
(EX s2. (s2 \<in> tSu= bjects v \/ s2 \<in> nSubjects v) /\
= s1 \<noteq> s2 /\
= u =3D Subject_user v s1 /\ u =3D Subject_user v s2 /\
= r1 =3D Subject_role v s1 /\ r2 =3D Subject_role v s2 /\
(u, r1) \<in> URs v /\ (u, r2) \<in> URs v)) -->
(r1, r2) \<notin> DMRs v /\ (r2, r1) \<notin&= gt; DMRs v;
|]
=3D=3D> (Subject_role v s1, Subject_role v s2) \<notin> DMRs v /\ (Subject_role v s2, Subject_role v s1) \<notin> DMRs v

Sorry for the extreme long proof .Here is some explanation on the notations= :
1 . v is a record
2 . (Subject_role v) is a fuction which takes a = subject and return its role
3 . (Subject_user v) is a function which tak= es a subject and return its user
4 . (Users v) ,(tRoles v) , (nRoles v) , (tSubjects v) , (nSubjects v) = , (URs v) , (DMRs v) are all sets of the record v

You can see the last one of the premises is a derivation rule, and the othe= rs could satisfy the assumption of the rule.
So it is supposed to prove the conclusion ,but I failed to unify the premis= es with the rule in the premises.
Could anyone give me some help on this ? IF POSSIBLE , could you show the p= roof step by step?

= ;            &n= bsp;            = ;            &n= bsp;          Kun  Chen
Found= ation Software Engineer Center
&nb= sp;            =             &nb= sp;            =           Institute of  Software

I am attempting to develop a theory of rings which = features quotients.  So far, I have defined rings through axiomatic = classes and ideals through a predicate constant.  There are several = approaches to defining the quotient ring which present themselves, but = the next step would be to prove that the quotient is an instance of the = ring class.  Is there a straightforward way to do this without = specifying a particular ideal?  My goal, as I imagine it, is to = define a type which is parameterized, essentially, by subsets of = "UNIV::('a::ring set)" (or more specifically, by subsets which = satisfy my is_ideal predicate).  Is this possible?  Is there a = different (better) way to approach this problem?

Thanks,
Robert Lamar
Stetson University

On Mon 3/20/2006 2:09 PM, Brian Huffman wrote:
| On Sunday 19 March 2006 21:55, Robert Lamar wrote:
| > I am attempting to develop a theory of rings which features = quotients.  So
| > far, I have defined rings through axiomatic classes and ideals = through a
| > predicate constant.  There are several approaches to = defining the quotient
| > ring which present themselves, but the next step would be to = prove that the
| > quotient is an instance of the ring class.  Is there a = straightforward way
| > to do this without specifying a particular ideal?
|
| In your case, you could prove the following theorem:
| theorem typedef_ring:
|   fixes Abs :: "'a::ring =3D> = 'b::{zero,plus,times}"
|   assumes type: "type_definition Rep Abs A"
|     and zero: "0 =3D=3D Abs 0"
|     and plus: "op + =3D=3D %x y. Abs (Rep x + = Rep y)"
|     and times: "op * =3D=3D %x y. Abs (Rep x = * Rep y)"
|     and ideal: "is_ideal A"
|   shows "OFCLASS('b, ring_class)"
|
| You wouldn't get a parameterized type, but you would be able to define = new
| types one at a time using typedef, and then prove that each new type = is in
| the ring class using theorem typedef_ring.
|
| - Brian
|

Thank you very much for this suggestion.  The approach you suggest = makes sense to me, and I have set out to prove this result.  = Although it is tedious at times, I am making progress.  There are a = couple of snags I have hit, though, and would appreciate input.

My only question for the moment arises from my attempt to prove a lemma, = that the sum of two elements of a quotient is in the quotient.  I = am unable to get past a certain step, which I isolate in the following = lemma:

lemma "EX s. S =3D coset I s =3D=3D> EX s. S =3D {i + s | = i. i \<in> I}"
proof -
assume "EX s. S =3D coset I s"
from this coset_def [of I s] show "EX s. S =3D = {i + s | i. i \<in> I}"
by simp
qed

I have defined

constdefs
coset ::  "[('a::ring) set, 'a] =3D> 'a = set"
&= nbsp; "coset I a =3D=3D {i + a | i. i \<in> I}"

and would like to think that it is a straightforward matter of = substitution.  However, I know that section 5.11 of the tutorial = makes it clear that reasoning about existential operators can be very = tricky.  Am I missing something crucial?

Robert Lamar

On Wed 3/29/2006 2:04 PM, Brian Huffman wrote:
|
| As a simpler alternative, you can give coset_def as an argument to = simp or
| unfold, which avoids the problems with instantiating type = variables:
|
| lemma "EX s. S =3D coset I s =3D=3D> EX s. S =3D {i + s | i. i = \<in> I}"
|   proof -
|     assume "EX s. S =3D coset I s"
|     then show "EX s. S =3D {i + s | i. i = \<in> I}"
|     by (unfold coset_def)
|   qed
|
| - Brian
|

Brian,

Thanks for your patient and speedy reply.  I do not know why I = didn't think of unfold, but it solved the problem immediately.  It = has been useful in other situations.

Robert Lamar

I am trying to develop a tactic for a sequente calculus for labelled modal logics (from Luca Viganò "Labelled non-Classical Logics", Kluwer, 2000) and I am facing 2 problems that might have been already solved in other context by some of you:

a) In some of those logics an upper bound on the number of applications of non-safe rules (i.e. BoxLeft) can be found depending on the complexity of the formula to be established (or not establised). To represente this an ML-function has to be written that calculates the complexity of the formula (easy). However it is not clear to me how I can write a tactic looking like
REPEAT_DETERM_N (complexity ??formula??)

b) (Saturation) The BoxLeft rule looks like ([|x:[]A; xRy|]==>R)==>([|x:[]A; xRy; y:A|]==>R) and is somehow similar to the left rule for the universal quantifier. There may be several unification possibilities, for example if xRy and xRy1 are present in the premises. I would like to have a rule that uses all possible unifications. For that particular case the rule
([|x:[]A; xRy; xRy1|]==>R)==>([|x:[]A; xRy; xRy1; y:A;y1:A|]==>R) would do. This is similar to having a left rule for the universal quantifier that would instanciate the predicate in all unifiable terms available.

Many thanks,
fmd
ps: just direct me to some code if you have already solved somethig similar
--

Francisco Miguel Dionísio

Departamento de Matemática
Instituto Superior Técnico

tel: 218417143
fmd at math.ist.utl.pt
--------------060104090006070104060402--