Laurent Th#ry, Yves Bertot, and Gilles Kahn. Real Theorem Provers Deserve Real User-Interfaces. Software Engineering Notes, 17(5), 1992. Proceedings of the 5th Symposium on Software Development Environments.  Home/Search   Document Not in Database   Summary   Related Articles   Check

....application of mathematical logic to the control problem domain is in its early stages and requires a natural evolutionary cycle. To realize the potential offered by formal methods these and other issues are being addressed by research in the areas of user interfaces to mechanised theorem provers [Sym95, TBK92], automatic decision procedures as inference rules [Bou95] domain specific tools [HC94] and the applicability of formal methods to the development of systems and the verification of previously developed systems [Cro96, MM95] Other methods that partially employ or do not employ modelling and ....

L. Th'ery, Yves Bertot, and Gilles Kahn, Real Theorem Provers Deserve Real User-Interfaces, in Proceedings of the Fifth ACM Symposium on Software Development Environments (SDE5), Washington D.C, December 1992.

....(P O) n:nat) P n) P (S n) n:nat) P n) 1.2 User interface Currently, most of the users of proof systems such as Coq, Lego, or HOL, still work without genuine interface: they write their scripts with an editor and copypast into the proof assistant top level. Bertot, Th ery and Kahn [TBK92] showed that the technology developed around the Centaur system to define programming environments could be used to provide graphical interfaces for interactive proof systems. Doing so, they came up new ideas such as proof by selection [BKT94] or the drag and drop mechanism [Ber97] After ....

Laurent Th'ery, Yves Bertot, and Gilles Kahn. Real Theorem Provers Deserve Real User-Interfaces. Software Engineering Notes, 17(5), 1992. Proceedings of the 5th Symposium on Software Development Environments.

....selection name ( variable:root ( ctedit:subject ctedit) new path) 4.3 Transformation by clicking 4.3.1 Motivation We now comment on the second type of user interaction we have experimented, that is transformation by clicking. Following the work that has been presented in [Th ery92] for mechanical theorem proving, we wanted to address the real problem of a user of such a tool: he wants to parallelize his program, and he may not know how to do it. Therefore, the menu approach of the previous section is not satisfactory. In the transformation by clicking approach, the program ....

....evaluation, in the case back tracking is not needed, translation into attributed grammars specifications. ffl The fact that the semantics of transformations has been formally specified with a rule based language should make it possible to use tools and interfaces such as the ones presented in [Th ery92] to mechanically prove that they preserve the semantics of programs. ffl The relative difficulty of manipulating graphs in TYPOL shows the interest there is in developing a formalism that can be used for pattern matching in graphs, as this has been done by Grundman in [Grundman90] ffl Working ....

[Article contains additional citation context not shown here]

L. Th'ery, G. Kahn, Y. Bertot, "Real Theorem Provers deserve Real User-Interfaces", Proceedings of the 5th ACM SIGSOFT Symposium on Software Development Environments, Washington, December 1992.

....changes and can that way rewind to an earlier state. However the problem with these undo is that they are chronological, which means that often parts of the proof totally unrelated to the part we want to undo have to be removed as well. The desire of a local undo mechanism has been expressed in [TBK92]. The delete operation is a local undo mechanism (earlier presented in [Mag93] Recently, a local undo mechanism was also presented in [FH94] but its application is to a tactic based proof assistant which manipulates renement trees. We believe that the advantage of local undo is well illustrated ....

L. Th#ry, Y. Bertot, and G. Kahn. Real Theorem Provers Deserve Real User-Interfaces. Technical Report 1684, INRIA Sophia-Antipolis, May 1992.

....representations most suitable for texts. The theorems and lemmas used in proofs are not readily available with the proofs and have to be looked up in an often large list of mostly irrelevant theorems and lemmas. Most systems still use a teletype or text editorbuffer style interface. See also [40] for a general discussion of improving interfaces to theorem provers. In Tecton our approach for escaping such limitations combines a structured internal representation of proofs and proof attempts with proof visualization methods using graphics, hypertext links, and tabular formats. For the ....

....the proof. As previously noted, however, such large tactics are not by themselves adequate for human understanding; to show the details of the proof, tactics have to be broken back down into a sequence of smaller tactics or tactics that are then replayed to see the subgoals they produce. Th ery [40] discusses principles for providing graphical interfaces to proof checkers in general, and in particular to the HOL system. However, we believe such approaches are not likely to succeed unless they are based on some well chosen record of proof structure such as the Tecton notion of proof forest; ....

L. Th'ery, Y. Bertot, and G. Kahn, "Real theorem provers deserve real userinterfaces, " University of Cambridge report, May, 1992.

....to reduce this command into simpler formulas. The commands that one applies in this mode are usually called tactics. The tactics form a sub language of the command language of proof environments, with control and composition operators. Recent studies in the user interface of theorem proving tools [22] have shown that the characteristics of modern computer workstations could be used eOEciently to improve the usage of proof environments. With features like Proofby pointing [2] it is possible to interpret simple tokens of information, like the position of the mouse with respect to a logical ....

.... of locations selected by the user, has been formally described in [2] and [4] It has been implemented in several experiments of proof environments, based on a variety of proof systems: Isabelle [20] HOL [21] a theorem prover developped in prolog [8] and Coq [13] all using a structure editor [22,5] to facilitate the input of mouse location information. Although the initial algorithm is intended for icommonj logics, extensions of this notion have also been studied for modal logic [10] On the implementation side, the importance of structure editors for mouse interaction has also been studied ....

Laurent Th#ry, Yves Bertot, and Gilles Kahn. Real Theorem Provers Deserve Real User-Interfaces. Software Engineering Notes, 17(5), 1992. Proceedings of the 5th Symposium on Software Development Environments.

....for making recursive definitions over the new type and performing proofs by structural induction. 1.2. The HOL system The primary interface to HOL is the functional programming language ML (the name ML is an acronym for Meta Language ) There is also a graphics interface implemented in Centaur [16] that can be mounted on top of the ML interface. Theorem proving tools are functions in ML. It is intended that users of HOL will build their own application specific theorem proving infrastructure by writing programs in ML. HOL can be used for directly proving theorems but more often its role is ....

....solved. The subgoal package then automatically generates a theorem corresponding to the original goal. This subgoaling process can either be driven by executing ML commands explicitly, or it can by driven by pointing and clicking on parts of goals displayed on the screen via the Centaur interface [16]. Just as ML functions representing rules of inference can be combined to obtain complex derived rules, so tactics can be combined (using operators called tacticals) to obtain more complex tactics. HOL comes equipped with predefined tactics for rewriting and for applying decision procedures (e.g. ....

L. Th'ery, Y. Bertot, and G. Kahn. Real theorem provers deserve real user-interfaces. In Proceedings of the Fifth ACM SIGSOFT Symposium on Software Development Environments, volume 17(5) of Software Engineering Notes, Tyson's Corner, Va, USA,

....suggested that window inference could form the basis of a simple graphic user interface to the HOL system. While in Cambridge, Laurent Th ery of INRIA Sophia Antipolis constructed a graphic front end for the window inference interface [Th e93] The front end was constructed using the Centaur tool [BKT94, TBK92]. Users of the graphic front end may open subwindows on terms in the focus or context of a window by selecting the desired subterm with the mouse. A variety of transformations, like rewriting, can be applied to a window by selecting them from a menu. Users can write their own transformations and ....

Laurent Th'ery, Yves Bertot, and Gilles Kahn. Real theorem provers deserve real user-interfaces. Rapports de Recherche: Programme 2 --- N ffi 1684, INRIA, Domaine de Volceau, Rocquencourt, BP 105, F-78153 Le Chesnay Cedex, France, May 1992.

....suggesting commands and applying the heuristically preferred one automatically to the proof. 7 Related Work and Conclusion The necessity to develop (graphical) user interfaces and mechanisms to better support the user within interactive theorem proving environments has been pointed out by [13]. Even though, current theorem proving environments still offer many potentialities for an improvement and still have not adapted all the usable techniques developed for user interfaces in other domains [12] Focusing techniques are well known from natural language processing and have been ....

L. Th'ery, Y. Bertot, and G. Kahn. Real Theorem Provers Deserve Real UserInterfaces. In Proceedings of The Fifth ACM Symposium on Software Development Environments (SDE5), Washington D.C., USA, December 1992. ACM Press.

....System [18] in which, for example, considerable attention is being devoted to development of a good human interface. 18] contains a discussion of the Tecton notion of proofs as forests of proof trees and how the system constructs and displays such proof trees in a graphical format. See also [24] for a general discussion of improving interfaces to theorem provers. With regard to automation of theorem proving, one of the most successful approaches is the Boyer Moore logic and theorem prover [2, 3] Its well developed heuristic approach to automation of induction proofs has achieved ....

L. Th'ery, Y. Bertot, and G. Kahn, "Real theorem provers deserve real user-interfaces," University of Cambridge report, May, 1992.

....tactics using our ML structure editor and the use of side proofs to further suppress detail and highlight the main thread of an argument. We are also following the work of the Centaur group to make proofs more readable [4, 34] and we expect to use the modularity feature of the Nuprl Light refiner [16] to help structure theories as part of a major effort to improve the readability of proofs. Grant Support Acknowledgments We acknowledge the support granted by the National Science Foundation and the Office of Naval Research. We also thank Stuart Allen and Karl Crary for the discussions and ....

....1993. 14] Michael Gordon, Robin Milner, and Christopher Wadsworth. Edinburgh LCF: a mechanized logic of computation, Lecture Notes in Computer Science, Vol. 78. Springer Verlag, NY, 1979. 15] Jason J. Hickey. Objects and theories as very dependent types. In Proceedings of FOOL 3, July 1996. [16] Jason J. Hickey. Nuprl light: An implementation framework for hgher order logics. In 14th International Conference on Automated Deduction, 1997. 17] John E. Hopcroft and Jeffrey D. Ullman. Formal Languages and Their Relation to Automata. Addison Wesley, Reading, Massachusetts, 1969. 18] ....

L. Th'ery, Y. Bertot, and G. Kahn. Real theorem provers deserve real user-interfaces. In Software Engineering Notes, volume 17(5), pages 120--129. 5th Symposium on Software Development Environments, 1992.

....rem provers. The approach of [EGL92] is referred in 4.2. Furthermore the reduction of theorems into simpler lemmata can be supported by tools. A technique for reducing lattice based proofs of liveness properties is shown in [BM91] A generic interface concept for theorem provers is suggested in [TBK92] The use of automata in proving logical formulas is an alternative to theorem provers. AS89] suggest the use of deterministic Buchi automata for proving temporal properties. A similar approach using 8 Automata for proofs of concurrent programs is shown in [MP87] An algorithm for transforming ....

Laurent Th'ery, Yves Bertot, and Gilles Kahn. Real theorem provers deserve real user-interfaces. Rapports de Recherche 1684, INRIA, B.P. 105, F-78153 Le Chesnay Cedex, May 1992.

....architecture: on the Centaur side, incoming messages have to be immediately recognized and introduced in the appropriate software bus wire, according to their identification label. This part of the implementation uses a contribution to Centaur developed to connect Centaur to the theorem prover HOL [28]. Also, a pattern matching mechanism is available to set the four fields related to the class and name of the message receiver and continuation. Pattern matching allows to set multiple or blank values, leaving message routing to the exclusive responsibility of the control integration architecture ....

Laurent Th'ery, Gilles Kahn, and Yves Bertot. Real Theorem Provers Deserve Real User-Interfaces. Submitted for publication, April 1992.

....[KMN92] is a formal verification system that uses visual techniques such as tables, graphics and hypertext. FormEd [HM90b] is a system that displays formulas of first order logic in a readable, two dimensional format. Graphical interfaces to traditional theorem proving systems are considered in [TBK92]. As opposed to Graphical Interval Logic, however, these systems are based on textual logics and the visualization serves to facilitate proof construction and management. There has been considerable recent interest in the use of visual languages for various aspects of the software development ....

Th'ery, L., Bertot, Y. and Kahn, G., "Real theorem provers deserve real user interfaces," Proceedings of the 5th ACM SIGSOFT Symposium on Software Development Environments, Tyson's Corner, Virginia, pp. 120-129, Dec. 1992.

....at BYU provides access to on line manuals, technical reports, and keyword search access to info hol mailing group messages[Win93] ffl The Windows Library and xholterm. These packages have investigated techniques to perform subterm manipulation. ffl The interface described in [Th e93] and [TBK92] This interface supports a number of useful proof construction ideas and is built on the Centar interface system[Cen91] ffl Tree based theorem proving interfaces. This style of interaction is quite natural and reflects the breaking down of goals into a collection of subgoals. An emacs tree ....

Laurent Th'ery, Yves Bertot, and Gilles Kahn. Real theorem provers deserve real user-interfaces. Proceedings of the Fifth ACM SIGSOFT Symposium on Software Development Environments, December 1992.

....the information in the proof frame display, or to show a particular help node) the interface tactic s handler invokes a tactic that produces the required effect, without echoing or logging the command. CONCLUSIONS The user interface is often neglected in the design of theorem proving systems [10]. By separating the user interface from our proof engine, we have been able to experiment with interface features easily, without compromising the soundness of the prover. By using an existing editor to build the user interface, and a simple text based protocol to connect the interface to the ....

Laurent Th'ery, Yves Bertot, and Gilles Kahn. Real theorem provers deserve real user-interfaces. In Herbert Weber, editor, Proceedings of the Fifth ACM SIGSOFT Symposium on Software Development Environments, volume 17 of Software Engineering Notes, pages 120--129, 1992.

....quadratic equation is solved. One can reuse the document by changing the rules for the parameters a, b and c. 4 Discussions and Future Works Instead of making efforts to improve traditional structure oriented user interfaces of theorem provers, such as those of adding graphical user interfaces [12], we start with a usual texteditor and add functions for proof checking to a text editor. The added functions are considered to solve constraints, because proofs are represented by constraints that relate pieces of information on a document. The approach taken by WEB [8] is related to ours in the ....

Th'ery,L., Bertot,Y., Kahn,G.: Real Theorem Provers Deserve Real User-Interfaces, Proceedings of the Fifth ACM SIGSOFT Symposium on Software Development Environments (1992), pp.120--129.

....has led to other devices we wish to explore such as structured presentation of tactics using our ML structure editor and the use of side proofs to further suppress detail and highlight the main thread of an argument. We are also following the work of the Centaur group to make proofs more readable [4, 34], and we expect to use the modularity feature of the Nuprl Light refiner [16] to help structure theories as part of a major effort to improve the readability of proofs. Grant Support Acknowledgments We acknowledge the support granted by the National Science Foundation and the Office of Naval ....

L. Th'ery, Y. Bertot, and G. Kahn. Real theorem provers deserve real user-interfaces. In Software Engineering Notes, volume 17(5), pages 120--129. 5th Symposium on Software Development Environments, 1992.

....for four years, plus money for equipment (a SUN Sparc station) and travel. 1.7 Signatures June 2, 1998, R.P. Nederpelt J.H. Geuvers 2 Proposal 2.1 Content 2.1. 1 Scientific problem and context Many type theories, representing various kinds of logics, have been studied as formal systems for theorem proving ( Coquand and Huet 1985, Nordstrom et al. 1990, Barendregt 1992, Geuvers 1995] and have also been implemented as automated theorem provers ( NUPRL 1986, COQ 1995, LEGO 1992, ALF 1994] These implementations interact with the user via open terms : expressions with holes that have to be filled in, while obeying to some type conditions. Although it is ....

L. Th'ery, Y. Bertot and G. Kahn, Real Theorem Provers Deserve Real UserInterfaces, The Fifth ACM Symposium on Software Development Environments (SDE5), Washington D.C., 1992.

....generic interactive programming environment generator Centaur [6] The new graphical interface is programmed in a dioeerent language, Java, and most of the design decisions that had been made for CtCoq have been re considered. The CtCoq system advocated a few basic principles, mainly described in [15, 4, 2]: the user interface is a separate process from the logical engine, Coq [1] the logical data in the user interface is manipulated as structured, tree like data, and the user interface manipulates the sequence of commands sent to the logical engine as a complete document, the consistency of which ....

Laurent Th#ry, Yves Bertot, and Gilles Kahn. Real Theorem Provers Deserve Real User-Interfaces. Software Engineering Notes, 17(5), 1992. Proceedings of the 5th Symposium on Software Development Environments.

.... de plusieurs processus, l aOEchage de donn#es, l interaction # la souris, et la gestion de scripts Mots cl#s : D#monstration automatique, D#veloppement interactif de preuves, Interfaces graphiques, CtCoq, preuve par s#lection The CtCoq System: Design and Architecture 3 1 Introduction In [TBK92, BT98] we claim that computer aided deduction systems need powerful userinterfaces and we lay out general techniques to construct such user interfaces, based on a multi process architecture and tools coming from programming environments. Following these ideas, we have developed a specic ....

....a signal to the Coq process, whose process identier is known since creation time. A second issue is that we have to make sure the communication protocol is not broken by signals coming at random times. Messages sent by Coq to CtCoq all have a regular form, following the encapsulation proposed in [TBK92] Messages have a header (used on the receiving end to decide how to parse the contents) some contents, and an end marker. If the Coq process is interrupted between the moments when it outputs the header and the end marker, the receiving end protocol procedures get stuck, expecting an end marker ....

Laurent Th#ry, Yves Bertot, and Gilles Kahn. Real Theorem Provers Deserve Real User-Interfaces. Software Engineering Notes, 17(5), 1992. Proceedings of the 5th Symposium on Software Development Environments.

....Of course, the user may follow a strategy that does not lead to a proof, and need to backtrack and attempt an alternative proof. With standard user interfaces, the user issues commands to perform such actions. These commands may be typed by hand or constructed using a structured editor as in [TBK92] or [Nuprl86] The idea in proof by pointing is that the mere gesture of pointing at a subexpression in a subgoal is enough to synthesize appropriate commands for the system. Consider for example the following formula in first order logic, where a and b are individuals and p and q are predicate ....

....is cumbersome. The ideal solution is to use a finger or a mouse to select a subterm. This implies that the interface component keeps track of the underlying term structure of the formulas being displayed. In our experiments, we have built user interfaces following the methodology advocated in [TBK92]. The interface is a separate process that knows about the syntactic structure of logical expressions and is able to get at a subexpression with a single click and to construct an abstract selection describing the location of this subexpression relative to the complete goal where it occurs. There ....

L. Th'ery, Y. Bertot, G. Kahn, "Real Theorem Provers Deserve Real UserInterfaces ", in Proceedings of the Fifth ACM SIGSOFT Symposium on Soft- ware Development Environments, Tyson's Corner, Va, USA, Software Engineering Notes, Vol. 17, no. 5, ACM Press, 1992.

....the contrary, the constant addition of new theories and new tools makes it even harder to handle. Our aim in building a proof development system is to simplify the use of HOL by providing a user friendly environment for doing proofs. From generic ideas about interface of theorem provers given in [10], some specific tools have been implemented for HOL. In this paper, we present these different tools starting from the theory level, through the proof level and finally to the tactic level. 2 Theories HOL has the notion of theory to structure and organise the proof activity. A theory regroups the ....

L. Th'ery, Y. Bertot, G. Kahn, "Real Theorem Provers Deserve Real UserInterfaces ", in Proceedings of the Fifth ACM SIGSOFT Symposium on Software Development Environments, Tyson's Corner, Va, USA, Software Engineering Notes, Vol. 17, no. 5, ACM Press, 1992.

No context found.

L. Th'ery, Y. Bertot, and G. Kahn. Real theorem provers deserve real user-interfaces. Research Report 1684, INRIA Sophia, May 1992.

No context found.

L. Th'ery, Y. Bertot, and G. Kahn. Real theorem provers deserve real user-interfaces. Rapport de Recherche 1684, INRIA Sophia, May 1992.

First 50 documents

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC