Towards Self-verification of HOL Light

  • John Harrison
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4130)


The HOL Light prover is based on a logical kernel consisting of about 400 lines of mostly functional OCaml, whose complete formal verification seems to be quite feasible. We would like to formally verify (i) that the abstract HOL logic is indeed correct, and (ii) that the OCaml code does correctly implement this logic. We have performed a full verification of an imperfect but quite detailed model of the basic HOL Light core, without definitional mechanisms, and this verification is entirely conducted with respect to a set-theoretic semantics within HOL Light itself. We will duly explain why the obvious logical and pragmatic difficulties do not vitiate this approach, even though it looks impossible or useless at first sight. Extension to include definitional mechanisms seems straightforward enough, and the results so far allay most of our practical worries.


Concrete Syntax Proof Checker Polymorphic Type Mathematical Axiom Boolean Type 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Andrews, P.B.: An Introduction to Mathematical Logic and Type Theory: To Truth Through Proof. Academic Press, London (1986)MATHGoogle Scholar
  2. 2.
    Barendregt, H.: The impact of the lambda calculus on logic and computer science. Bulletin of Symbolic Logic 3, 181–215 (1997)MATHCrossRefMathSciNetGoogle Scholar
  3. 3.
    Church, A.: A formulation of the Simple Theory of Types. Journal of Symbolic Logic 5, 56–68 (1940)MATHCrossRefMathSciNetGoogle Scholar
  4. 4.
    Davis, P.J.: Fidelity in mathematical discourse: Is one and one really two? The American Mathematical Monthly 79, 252–263 (1972)MATHCrossRefMathSciNetGoogle Scholar
  5. 5.
    Diaconescu, R.: Axiom of choice and complementation. Proceedings of the American Mathematical Society 51, 176–178 (1975)MATHCrossRefMathSciNetGoogle Scholar
  6. 6.
    Dijkstra, E.W.: Formal techniques and sizeable programs (EWD563). In: Dijkstra, E.W. (ed.) Selected Writings on Computing: A Personal Perspective, pp. 205–214. Springer, Heidelberg (1976); (Paper prepared for Symposium on the Mathematical Foundations of Computing Science, Gdansk 1976)Google Scholar
  7. 7.
    Forster, T.: Reasoning about theoretical entities. Advances in Logic, vol. 3. World Scientific, Singapore (2003)MATHCrossRefGoogle Scholar
  8. 8.
    Gordon, M.J.C.: Representing a logic in the LCF metalanguage. In: Néel, D. (ed.) Tools and notions for program construction: an advanced course, pp. 163–185. Cambridge University Press, Cambridge (1982)Google Scholar
  9. 9.
    Gordon, M.J.C., Melham, T.F.: Introduction to HOL: a theorem proving environment for higher order logic. Cambridge University Press, Cambridge (1993)MATHGoogle Scholar
  10. 10.
    Gordon, M.J.C., Milner, R., Wadsworth, C.P.: Edinburgh LCF. LNCS, vol. 78. Springer, Heidelberg (1979)Google Scholar
  11. 11.
    Harrison, J.: HOL Light: A tutorial introduction. In: Srivas, M., Camilleri, A. (eds.) FMCAD 1996. LNCS, vol. 1166, pp. 265–269. Springer, Heidelberg (1996)CrossRefGoogle Scholar
  12. 12.
    Lambek, J., Scott, P.J.: Introduction to higher order categorical logic. Cambridge studies in advanced mathematics, vol. 7. Cambridge University Press, Cambridge (1986)MATHGoogle Scholar
  13. 13.
    Lecat, M.: Erreurs de Mathématiciens. Brussels (1935)Google Scholar
  14. 14.
    McCune, W., Shumsky, O.: Ivy: A preprocessor and proof checker for first-order logic. In: Kaufmann, M., Manolios, P., Moore, J.S. (eds.) Computer-Aided Reasoning: ACL2 Case Studies, pp. 265–281. Kluwer, Dordrecht (2000)Google Scholar
  15. 15.
    Melham, T.F.: The HOL logic extended with quantification over type variables. In: Claesen, L.J.M., Gordon, M.J.C. (eds.) Proceedings of the IFIP TC10/WG10.2 International Workshop on Higher Order Logic Theorem Proving and its Applications, IMEC, Leuven, Belgium. IFIP Transactions A: Computer Science and Technology, vol. A-20, pp. 3–18. North-Holland, Amsterdam (1992)Google Scholar
  16. 16.
    Pollack, R.: How to believe a machine-checked proof. In: Sambin, G., Smith, J. (eds.) Twenty-Five Years of Constructive Type Theory, Oxford University Press, Oxford (1998), also available on the Web as Google Scholar
  17. 17.
    Ridge, T.: A mechanically verified, efficient, sound and complete theorem prover for first order logic (2005), available via
  18. 18.
    Rudnicki, P.: An overview of the MIZAR project (1992), available on the Web as
  19. 19.
    Scott, D.: A type-theoretical alternative to ISWIM, CUCH, OWHY. Theoretical Computer Science 121, 411–440 (1993): Annotated version of a 1969 manuscriptMATHCrossRefMathSciNetGoogle Scholar
  20. 20.
    Slind, K.: Reasoning about terminating functional programs. PhD thesis, Institut für Informatik, Technische Universität München (1999), available from
  21. 21.
    Smullyan, R.M.: Gödel’s Incompleteness Theorems. Oxford Logic Guides, vol. 19. Oxford University Press, Oxford (1992)MATHGoogle Scholar
  22. 22.
    Wong, W.: Recording HOL proofs. Technical Report 306, University of Cambridge Computer Laboratory, New Museums Site, Pembroke Street, Cambridge, CB2 3QG, UK (1993)Google Scholar
  23. 23.
    von Wright, J.: Representing higher-order logic proofs in HOL. In: Melham, T.F., Camilleri, J. (eds.) HUG 1994. LNCS, vol. 859, pp. 456–470. Springer, Heidelberg (1994)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • John Harrison
    • 1
  1. 1.Intel CorporationHillsboroUSA

Personalised recommendations