SlideShare a Scribd company logo

The Relative Consistency of the Axiom of Choice — Mechanized Using Isabelle/ZF

Lawrence Paulson
Lawrence Paulson
Technology
1 of 19
Download to read offline
The Relative Consistency of the Axiom of Choice Mechanized Using Isabelle/ZF Lawrence C. Paulson Computer Laboratory
Why Do Proofs By Machine? • Too many been done already! – Gödel’s incompleteness theorem (Shankar) – thousands of Mizar proofs • But many types of reasoning are hard to formalize. – Algebraic structures (e.g. group theory) – Proofs involving metamathematics • And this one concerns Hilbert’s First Problem! 2
Outline of Gödel’s Proof • • • • Define the constructible universe, L Show that L satisfies the ZF axioms Show that L satisfies the axiom V=L Show that V=L implies AC and GCH A contradiction from ZF and V=L can be translated into one from ZF alone. 3
The Sets That Must Exist 4
L satisfies the ZF axioms • Union, pairing – Unions and pairs are definable by formulae • Powerset, replacement scheme – Using a rank function for L • Comprehension scheme (separation) – By the Reflection Theorem – Scheme can be proved only in the metatheory 5
Show that L satisfies V=L • V=L means “all sets are constructible” • The concept of “constructible” is absolute • Absolute means same in all models – Most concepts are absolute: unions, ordinals, functions, bijections, etc. – Not absolute: powersets, function spaces, cardinals 6
Show that V=L implies AC (or rather, the well-ordering theorem) • The set of formulae is countable • Parameter lists for formulae can be wellordered lexicographically • So, if X is well-ordered then so is D(X) • Inductively construct a well-ordering on L 7
Satisfaction for Class Models? For M a set, can define satisfaction recursively: For M a class, satisfaction cannot be defined! The nondefinability of truth (Tarski) 8
Satisfaction Defined Syntactically The relativization of f to M 9
A contradiction using V=L? • Can prove that (V=L)L is a ZF theorem • … as is f L provided f is a ZF axiom • Thus, a contradiction from ZF + (V=L) amounts to a contradiction in ZF alone • Developing the argument (Gödel never did) requires proof theory 10
Isabelle/ZF • Same code base as Isabelle/HOL • Higher-order metalogic, ideal for – Theorem schemes – Classes – Class functions • Develops set theory from the ZermeloFraenkel axioms to transfinite cardinals 11
Defining the Class L in Isabelle • Datatype declaration of the set formula • Primitive recursive functions: – Satisfaction relation – Arity of a formula – De Bruijn renaming • Definable powersets: Dpow(X) • Constructible hierarchy: Lset(i) • The predicate L 12
Relativization in Isabelle • Define a separate predicate for each concept: 0, », «, function, limit ordinal, … • Make each predicate relative to a class M • Absoluteness: prove that the predicate agrees with the native concept Outcome: a relational language of sets 13
Examples: Pairs and Domains 14
Proving that L is a Model of ZF • Express ZF axioms using the predicates • Mechanize proofs from Kunen (1980) • Separation axiom (comprehension): – By previous proof of Reflection Theorem – Meta-$ quantifier to hide giant classes – Automatic translation from real formulae to elements of the set formula – 40 separate instances proved 15
Proving that L is a Model of V=L • Absoluteness of well-founded recursion • Absoluteness and relativization for … – Recursive datatypes – About 100 primitive concepts – The satisfaction function (detailed breakdown needed) • The concepts Dpow(X) and Lset(i) • Define Constructible(M,x) • Finally prove L(x) fi Constructible(L,x) 16
Comparative Sizes of Theories (in Tokens) Reflection theorem 3400 Definition of L 4140 ZF holds in L (excluding separation) 5100 V=L holds in L 29700 V=L implies AC 1769 17
Doing without Metamathematics • Can’t reason on the structure of formulae • Can’t prove separation schematically • Can’t formalize how a contradiction from V=L leads to a contradiction in ZF • But: can use native set theory – Isabelle/ZF’s built-in set theory libraries – benefits of a shallow embedding 18
Conclusions • • • • A mechanized proof of consistency for AC Big:12000 lines or 49000 tokens Just escape having to formalize metatheory Future challenges: – Repeat, with a formalized metatheory – Prove generalized continuum hypothesis – Formalize forcing proofs: independence of AC 19

Recommended

Ch4a
Ch4aCh4a
Ch4akinnarshah8888
 
First and follow set
First and follow setFirst and follow set
First and follow set
Dawood Faheem Abbasi
 
5.2 Venn Diagrams
5.2 Venn Diagrams5.2 Venn Diagrams
5.2 Venn Diagrams
Nicholas Lykins
 
Regular Expressions 101
Regular Expressions 101Regular Expressions 101
Regular Expressions 101
Kai Koenig
 
Left factor put
Left factor putLeft factor put
Left factor put
siet_pradeep18
 
07 properties of real numbers
07 properties of real numbers07 properties of real numbers
07 properties of real numbers
ethelremitio
 
Probability Formula sheet
Probability Formula sheetProbability Formula sheet
Probability Formula sheet
Haris Hassan
 
The Reflection Theorem: Formalizing Meta-Theoretic Reasoning
The Reflection Theorem: Formalizing Meta-Theoretic ReasoningThe Reflection Theorem: Formalizing Meta-Theoretic Reasoning
The Reflection Theorem: Formalizing Meta-Theoretic ReasoningLawrence Paulson
 

Recommended

Ch4a
Ch4aCh4a
Ch4akinnarshah8888
 
First and follow set
First and follow setFirst and follow set
First and follow set
Dawood Faheem Abbasi
 
5.2 Venn Diagrams
5.2 Venn Diagrams5.2 Venn Diagrams
5.2 Venn Diagrams
Nicholas Lykins
 
Regular Expressions 101
Regular Expressions 101Regular Expressions 101
Regular Expressions 101
Kai Koenig
 
Left factor put
Left factor putLeft factor put
Left factor put
siet_pradeep18
 
07 properties of real numbers
07 properties of real numbers07 properties of real numbers
07 properties of real numbers
ethelremitio
 
Probability Formula sheet
Probability Formula sheetProbability Formula sheet
Probability Formula sheet
Haris Hassan
 
The Reflection Theorem: Formalizing Meta-Theoretic Reasoning
The Reflection Theorem: Formalizing Meta-Theoretic ReasoningThe Reflection Theorem: Formalizing Meta-Theoretic Reasoning
The Reflection Theorem: Formalizing Meta-Theoretic ReasoningLawrence Paulson
 
Hak dl07
Hak dl07Hak dl07
Hak dl07
Hassan Aït-Kaci
 
popl04.ppt
popl04.pptpopl04.ppt
popl04.ppt
SHUJEHASSAN
 
Fuzzy Logic_HKR
Fuzzy Logic_HKRFuzzy Logic_HKR
Fuzzy Logic_HKRHirak Kr. Roy
 
Theorem proving 2018 2019
Theorem proving 2018 2019Theorem proving 2018 2019
Theorem proving 2018 2019
Emmanuel Zarpas
 
Propositional logic(part 2)
Propositional logic(part 2)Propositional logic(part 2)
Propositional logic(part 2)
SURBHI SAROHA
 
bisection method
bisection methodbisection method
bisection methodMuhammad Usama
 
Lti and z transform
Lti and z transformLti and z transform
Lti and z transform
pranvendra29
 
Theorem proving 2018 2019
Theorem proving 2018 2019Theorem proving 2018 2019
Theorem proving 2018 2019
Emmanuel Zarpas
 
Proving Security Protocols Correct
Proving Security Protocols CorrectProving Security Protocols Correct
Proving Security Protocols Correct
Lawrence Paulson
 
MetiTarski's menagerie of cooperating systems
MetiTarski's menagerie of cooperating systemsMetiTarski's menagerie of cooperating systems
MetiTarski's menagerie of cooperating systems
Lawrence Paulson
 
Automated theorem proving for special functions: the next phase
Automated theorem proving for special functions: the next phaseAutomated theorem proving for special functions: the next phase
Automated theorem proving for special functions: the next phase
Lawrence Paulson
 
Theorem proving and the real numbers: overview and challenges
Theorem proving and the real numbers: overview and challengesTheorem proving and the real numbers: overview and challenges
Theorem proving and the real numbers: overview and challenges
Lawrence Paulson
 
Source-Level Proof Reconstruction for Interactive Proving
Source-Level Proof Reconstruction for Interactive ProvingSource-Level Proof Reconstruction for Interactive Proving
Source-Level Proof Reconstruction for Interactive Proving
Lawrence Paulson
 
Defining Functions on Equivalence Classes
Defining Functions on Equivalence ClassesDefining Functions on Equivalence Classes
Defining Functions on Equivalence Classes
Lawrence Paulson
 
Organizing Numerical Theories using Axiomatic Type Classes
Organizing Numerical Theories using Axiomatic Type ClassesOrganizing Numerical Theories using Axiomatic Type Classes
Organizing Numerical Theories using Axiomatic Type Classes
Lawrence Paulson
 
A Generic Tableau Prover and Its Integration with Isabelle
A Generic Tableau Prover and Its Integration with IsabelleA Generic Tableau Prover and Its Integration with Isabelle
A Generic Tableau Prover and Its Integration with Isabelle
Lawrence Paulson
 
Mechanized Proofs for a Recursive Authentication Protocol
Mechanized Proofs for a Recursive Authentication ProtocolMechanized Proofs for a Recursive Authentication Protocol
Mechanized Proofs for a Recursive Authentication Protocol
Lawrence Paulson
 
Mechanizing set theory: cardinal arithmetic and the axiom of choice
Mechanizing set theory: cardinal arithmetic and the axiom of choiceMechanizing set theory: cardinal arithmetic and the axiom of choice
Mechanizing set theory: cardinal arithmetic and the axiom of choice
Lawrence Paulson
 
MetiTarski: An Automatic Prover for Real-Valued Special Functions
MetiTarski: An Automatic Prover for Real-Valued Special FunctionsMetiTarski: An Automatic Prover for Real-Valued Special Functions
MetiTarski: An Automatic Prover for Real-Valued Special FunctionsLawrence Paulson
 
Proving Properties of Security Protocols by Induction
Proving Properties of Security Protocols by InductionProving Properties of Security Protocols by Induction
Proving Properties of Security Protocols by InductionLawrence Paulson
 
A Machine-Assisted Proof of Gödel's Incompleteness Theorems
A Machine-Assisted Proof of Gödel's Incompleteness TheoremsA Machine-Assisted Proof of Gödel's Incompleteness Theorems
A Machine-Assisted Proof of Gödel's Incompleteness TheoremsLawrence Paulson
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance
 

More Related Content

Similar to The Relative Consistency of the Axiom of Choice — Mechanized Using Isabelle/ZF

Hak dl07
Hak dl07Hak dl07
Hak dl07
Hassan Aït-Kaci
 
popl04.ppt
popl04.pptpopl04.ppt
popl04.ppt
SHUJEHASSAN
 
Theorem proving 2018 2019
Theorem proving 2018 2019Theorem proving 2018 2019
Theorem proving 2018 2019
Emmanuel Zarpas
 
Propositional logic(part 2)
Propositional logic(part 2)Propositional logic(part 2)
Propositional logic(part 2)
SURBHI SAROHA
 
Lti and z transform
Lti and z transformLti and z transform
Lti and z transform
pranvendra29
 
Theorem proving 2018 2019
Theorem proving 2018 2019Theorem proving 2018 2019
Theorem proving 2018 2019
Emmanuel Zarpas
 

Similar to The Relative Consistency of the Axiom of Choice — Mechanized Using Isabelle/ZF (8)

Hak dl07
Hak dl07Hak dl07
Hak dl07
 
popl04.ppt
popl04.pptpopl04.ppt
popl04.ppt
 
Fuzzy Logic_HKR
Fuzzy Logic_HKRFuzzy Logic_HKR
Fuzzy Logic_HKR
 
Theorem proving 2018 2019
Theorem proving 2018 2019Theorem proving 2018 2019
Theorem proving 2018 2019
 
Propositional logic(part 2)
Propositional logic(part 2)Propositional logic(part 2)
Propositional logic(part 2)
 
bisection method
bisection methodbisection method
bisection method
 
Lti and z transform
Lti and z transformLti and z transform
Lti and z transform
 
Theorem proving 2018 2019
Theorem proving 2018 2019Theorem proving 2018 2019
Theorem proving 2018 2019
 

More from Lawrence Paulson

Proving Security Protocols Correct
Proving Security Protocols CorrectProving Security Protocols Correct
Proving Security Protocols Correct
Lawrence Paulson
 
MetiTarski's menagerie of cooperating systems
MetiTarski's menagerie of cooperating systemsMetiTarski's menagerie of cooperating systems
MetiTarski's menagerie of cooperating systems
Lawrence Paulson
 
Automated theorem proving for special functions: the next phase
Automated theorem proving for special functions: the next phaseAutomated theorem proving for special functions: the next phase
Automated theorem proving for special functions: the next phase
Lawrence Paulson
 
Theorem proving and the real numbers: overview and challenges
Theorem proving and the real numbers: overview and challengesTheorem proving and the real numbers: overview and challenges
Theorem proving and the real numbers: overview and challenges
Lawrence Paulson
 
Source-Level Proof Reconstruction for Interactive Proving
Source-Level Proof Reconstruction for Interactive ProvingSource-Level Proof Reconstruction for Interactive Proving
Source-Level Proof Reconstruction for Interactive Proving
Lawrence Paulson
 
Defining Functions on Equivalence Classes
Defining Functions on Equivalence ClassesDefining Functions on Equivalence Classes
Defining Functions on Equivalence Classes
Lawrence Paulson
 
Organizing Numerical Theories using Axiomatic Type Classes
Organizing Numerical Theories using Axiomatic Type ClassesOrganizing Numerical Theories using Axiomatic Type Classes
Organizing Numerical Theories using Axiomatic Type Classes
Lawrence Paulson
 
A Generic Tableau Prover and Its Integration with Isabelle
A Generic Tableau Prover and Its Integration with IsabelleA Generic Tableau Prover and Its Integration with Isabelle
A Generic Tableau Prover and Its Integration with Isabelle
Lawrence Paulson
 
Mechanized Proofs for a Recursive Authentication Protocol
Mechanized Proofs for a Recursive Authentication ProtocolMechanized Proofs for a Recursive Authentication Protocol
Mechanized Proofs for a Recursive Authentication Protocol
Lawrence Paulson
 
Mechanizing set theory: cardinal arithmetic and the axiom of choice
Mechanizing set theory: cardinal arithmetic and the axiom of choiceMechanizing set theory: cardinal arithmetic and the axiom of choice
Mechanizing set theory: cardinal arithmetic and the axiom of choice
Lawrence Paulson
 
MetiTarski: An Automatic Prover for Real-Valued Special Functions
MetiTarski: An Automatic Prover for Real-Valued Special FunctionsMetiTarski: An Automatic Prover for Real-Valued Special Functions
MetiTarski: An Automatic Prover for Real-Valued Special FunctionsLawrence Paulson
 
Proving Properties of Security Protocols by Induction
Proving Properties of Security Protocols by InductionProving Properties of Security Protocols by Induction
Proving Properties of Security Protocols by InductionLawrence Paulson
 
A Machine-Assisted Proof of Gödel's Incompleteness Theorems
A Machine-Assisted Proof of Gödel's Incompleteness TheoremsA Machine-Assisted Proof of Gödel's Incompleteness Theorems
A Machine-Assisted Proof of Gödel's Incompleteness TheoremsLawrence Paulson
 

More from Lawrence Paulson (13)

Proving Security Protocols Correct
Proving Security Protocols CorrectProving Security Protocols Correct
Proving Security Protocols Correct
 
MetiTarski's menagerie of cooperating systems
MetiTarski's menagerie of cooperating systemsMetiTarski's menagerie of cooperating systems
MetiTarski's menagerie of cooperating systems
 
Automated theorem proving for special functions: the next phase
Automated theorem proving for special functions: the next phaseAutomated theorem proving for special functions: the next phase
Automated theorem proving for special functions: the next phase
 
Theorem proving and the real numbers: overview and challenges
Theorem proving and the real numbers: overview and challengesTheorem proving and the real numbers: overview and challenges
Theorem proving and the real numbers: overview and challenges
 
Source-Level Proof Reconstruction for Interactive Proving
Source-Level Proof Reconstruction for Interactive ProvingSource-Level Proof Reconstruction for Interactive Proving
Source-Level Proof Reconstruction for Interactive Proving
 
Defining Functions on Equivalence Classes
Defining Functions on Equivalence ClassesDefining Functions on Equivalence Classes
Defining Functions on Equivalence Classes
 
Organizing Numerical Theories using Axiomatic Type Classes
Organizing Numerical Theories using Axiomatic Type ClassesOrganizing Numerical Theories using Axiomatic Type Classes
Organizing Numerical Theories using Axiomatic Type Classes
 
A Generic Tableau Prover and Its Integration with Isabelle
A Generic Tableau Prover and Its Integration with IsabelleA Generic Tableau Prover and Its Integration with Isabelle
A Generic Tableau Prover and Its Integration with Isabelle
 
Mechanized Proofs for a Recursive Authentication Protocol
Mechanized Proofs for a Recursive Authentication ProtocolMechanized Proofs for a Recursive Authentication Protocol
Mechanized Proofs for a Recursive Authentication Protocol
 
Mechanizing set theory: cardinal arithmetic and the axiom of choice
Mechanizing set theory: cardinal arithmetic and the axiom of choiceMechanizing set theory: cardinal arithmetic and the axiom of choice
Mechanizing set theory: cardinal arithmetic and the axiom of choice
 
MetiTarski: An Automatic Prover for Real-Valued Special Functions
MetiTarski: An Automatic Prover for Real-Valued Special FunctionsMetiTarski: An Automatic Prover for Real-Valued Special Functions
MetiTarski: An Automatic Prover for Real-Valued Special Functions
 
Proving Properties of Security Protocols by Induction
Proving Properties of Security Protocols by InductionProving Properties of Security Protocols by Induction
Proving Properties of Security Protocols by Induction
 
A Machine-Assisted Proof of Gödel's Incompleteness Theorems
A Machine-Assisted Proof of Gödel's Incompleteness TheoremsA Machine-Assisted Proof of Gödel's Incompleteness Theorems
A Machine-Assisted Proof of Gödel's Incompleteness Theorems
 

Recently uploaded

FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance
 
A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...
sonjaschweigert1
 
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionGenerative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Aggregage
 
Mind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AIMind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AI
Kumud Singh
 
National Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practicesNational Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practices
Quotidiano Piemontese
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
Guy Korland
 
Essentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FMEEssentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FME
Safe Software
 
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Nexer Digital
 
Removing Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software FuzzingRemoving Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software Fuzzing
Aftab Hussain
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
James Anderson
 
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
Neo4j
 
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
名前 です男
 
20240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 202420240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 2024
Matthew Sinclair
 
UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5
DianaGray10
 
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
James Anderson
 
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
Neo4j
 
Free Complete Python - A step towards Data Science
Free Complete Python - A step towards Data ScienceFree Complete Python - A step towards Data Science
Free Complete Python - A step towards Data Science
RinaMondal9
 
UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6
DianaGray10
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
Alan Dix
 
Introduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - CybersecurityIntroduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - Cybersecurity
mikeeftimakis1
 

Recently uploaded (20)

FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
 
A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...
 
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionGenerative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to Production
 
Mind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AIMind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AI
 
National Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practicesNational Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practices
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
 
Essentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FMEEssentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FME
 
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?
 
Removing Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software FuzzingRemoving Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software Fuzzing
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
 
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
 
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
 
20240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 202420240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 2024
 
UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5
 
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
 
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
 
Free Complete Python - A step towards Data Science
Free Complete Python - A step towards Data ScienceFree Complete Python - A step towards Data Science
Free Complete Python - A step towards Data Science
 
UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
 
Introduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - CybersecurityIntroduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - Cybersecurity
 

The Relative Consistency of the Axiom of Choice — Mechanized Using Isabelle/ZF

  • 1. The Relative Consistency of the Axiom of Choice Mechanized Using Isabelle/ZF Lawrence C. Paulson Computer Laboratory
  • 2. Why Do Proofs By Machine? • Too many been done already! – Gödel’s incompleteness theorem (Shankar) – thousands of Mizar proofs • But many types of reasoning are hard to formalize. – Algebraic structures (e.g. group theory) – Proofs involving metamathematics • And this one concerns Hilbert’s First Problem! 2
  • 3. Outline of Gödel’s Proof • • • • Define the constructible universe, L Show that L satisfies the ZF axioms Show that L satisfies the axiom V=L Show that V=L implies AC and GCH A contradiction from ZF and V=L can be translated into one from ZF alone. 3
  • 4. The Sets That Must Exist 4
  • 5. L satisfies the ZF axioms • Union, pairing – Unions and pairs are definable by formulae • Powerset, replacement scheme – Using a rank function for L • Comprehension scheme (separation) – By the Reflection Theorem – Scheme can be proved only in the metatheory 5
  • 6. Show that L satisfies V=L • V=L means “all sets are constructible” • The concept of “constructible” is absolute • Absolute means same in all models – Most concepts are absolute: unions, ordinals, functions, bijections, etc. – Not absolute: powersets, function spaces, cardinals 6
  • 7. Show that V=L implies AC (or rather, the well-ordering theorem) • The set of formulae is countable • Parameter lists for formulae can be wellordered lexicographically • So, if X is well-ordered then so is D(X) • Inductively construct a well-ordering on L 7
  • 8. Satisfaction for Class Models? For M a set, can define satisfaction recursively: For M a class, satisfaction cannot be defined! The nondefinability of truth (Tarski) 8
  • 9. Satisfaction Defined Syntactically The relativization of f to M 9
  • 10. A contradiction using V=L? • Can prove that (V=L)L is a ZF theorem • … as is f L provided f is a ZF axiom • Thus, a contradiction from ZF + (V=L) amounts to a contradiction in ZF alone • Developing the argument (Gödel never did) requires proof theory 10
  • 11. Isabelle/ZF • Same code base as Isabelle/HOL • Higher-order metalogic, ideal for – Theorem schemes – Classes – Class functions • Develops set theory from the ZermeloFraenkel axioms to transfinite cardinals 11
  • 12. Defining the Class L in Isabelle • Datatype declaration of the set formula • Primitive recursive functions: – Satisfaction relation – Arity of a formula – De Bruijn renaming • Definable powersets: Dpow(X) • Constructible hierarchy: Lset(i) • The predicate L 12
  • 13. Relativization in Isabelle • Define a separate predicate for each concept: 0, », «, function, limit ordinal, … • Make each predicate relative to a class M • Absoluteness: prove that the predicate agrees with the native concept Outcome: a relational language of sets 13
  • 14. Examples: Pairs and Domains 14
  • 15. Proving that L is a Model of ZF • Express ZF axioms using the predicates • Mechanize proofs from Kunen (1980) • Separation axiom (comprehension): – By previous proof of Reflection Theorem – Meta-$ quantifier to hide giant classes – Automatic translation from real formulae to elements of the set formula – 40 separate instances proved 15
  • 16. Proving that L is a Model of V=L • Absoluteness of well-founded recursion • Absoluteness and relativization for … – Recursive datatypes – About 100 primitive concepts – The satisfaction function (detailed breakdown needed) • The concepts Dpow(X) and Lset(i) • Define Constructible(M,x) • Finally prove L(x) fi Constructible(L,x) 16
  • 17. Comparative Sizes of Theories (in Tokens) Reflection theorem 3400 Definition of L 4140 ZF holds in L (excluding separation) 5100 V=L holds in L 29700 V=L implies AC 1769 17
  • 18. Doing without Metamathematics • Can’t reason on the structure of formulae • Can’t prove separation schematically • Can’t formalize how a contradiction from V=L leads to a contradiction in ZF • But: can use native set theory – Isabelle/ZF’s built-in set theory libraries – benefits of a shallow embedding 18
  • 19. Conclusions • • • • A mechanized proof of consistency for AC Big:12000 lines or 49000 tokens Just escape having to formalize metatheory Future challenges: – Repeat, with a formalized metatheory – Prove generalized continuum hypothesis – Formalize forcing proofs: independence of AC 19