Isabelle-PyTorch Neurosymbolic Pipeline

Updated 31 January 2026

The Isabelle-PyTorch pipeline is a formally verified neurosymbolic framework that integrates tensor-based LTL₍f₎ semantics from Isabelle/HOL with PyTorch for neural trajectory learning.
It employs smooth approximations for differentiable loss functions, enabling automatic gradient computation to enforce complex temporal logic constraints.
The approach ensures efficient, correctness-preserving code extraction and integration, with applications in robotics and safe neural learning pipelines.

The Isabelle-PyTorch neurosymbolic pipeline is a formally verified framework for integrating linear temporal logic on finite traces (LTL₍f₎) constraints into neural trajectory learning. Developed through the mechanised theorem prover Isabelle/HOL, this pipeline employs a tensor-based functional semantics for LTL₍f₎, provides sound and efficient differentiable loss functions for complex temporal logic properties, and enables automatic, correctness-preserving code generation and integration within the PyTorch deep learning ecosystem without requiring hand-written gradient code. The approach ensures that neural learners, such as those for synthesising or imitating robot trajectories, provably satisfy prespecified logical constraints with guarantees extending from specification to executable code (Chevallier et al., 23 Jan 2025).

1. Formalisation in Isabelle/HOL

The pipeline commences with a rigorous mechanisation of tensor semantics for LTL₍f₎ in Isabelle/HOL. Central components include:

Dependent Tensor Types: Tensor₍S₎ is parameterised by element type—either booleans or reals—and explicit dimension vectors. For example, $\mathrm{Tensor}_{(S)} = \langle \mathrm{dims} : \mathbb{N}^n, \mathrm{vec} : S^{\prod \mathrm{dims}} \rangle$ .
LTL₍f₎ Abstract Syntax: The language encompasses atomic comparisons (e.g., $<$ , $\leq$ , $=$ , $\neq$ ), Boolean connectives ( $\wedge$ , $\vee$ ), and temporal operators such as strong/weak next ( $\mathcal{N}/\mathcal{X}$ ), always ( $\Box$ ), eventually ( $\Diamond$ ), until ( $U$ ), and release ( $R$ ).
Semantics via Eval and Loss: The evaluation function eval maps formulae, tensor traces, and a time index to a tensor of booleans, returning the logical truth of the formula pointwise over a trajectory batch. The differentiable loss function $\mathcal{L}$ recursively mirrors eval, returning a real-valued tensor whose limit as $\gamma \to 0$ is zero if and only if the LTL₍f₎ property is satisfied.
Derivatives: Partial derivatives of the smooth loss with respect to inputs are defined explicitly. Proofs for soundness (correctness relative to logical semantics), compositionality (associativity, commutativity, and idempotence), and the correctness of differentiability are machine-checked in Isabelle/HOL.

Key formal constructs, such as $\mathrm{eval}(\rho, T, t) \in \mathrm{Tensor}_{(\text{Bool})}$ and $\mathcal{L}(\rho, T, t, \gamma) \in \mathrm{Tensor}_{(\text{Real})}$ , provide fully structured semantic mappings. Base cases, atomic comparisons, Boolean operations, and temporal constructs are encoded for efficient tensor computation. For instance, the formula $\mathcal{N}\,\rho$ is evaluated by $\mathrm{eval}(\rho, T, t+1)$ , and always is unrolled as a conjunction over time slices (Chevallier et al., 23 Jan 2025).

2. Differentiable Loss via Smooth Approximations

The pipeline introduces a family of smooth approximations for the minimum, maximum, and related operators to enable differentiability:

$\mathrm{max}_\gamma(a, b) = \gamma \ln\left(e^{a/\gamma} + e^{b/\gamma}\right)$
$\mathrm{min}_\gamma(a, b) = -\gamma \ln\left(e^{-a/\gamma} + e^{-b/\gamma}\right)$
$\mathrm{gaussian}_\gamma(a) = e^{-a^2/(2\gamma^2)}$

When $\gamma > 0$ , these provide soft-min/max versions that are continuous and differentiable, essential for gradient-based optimisation in neural pipelines. The loss $\mathcal{L}$ substitutes these smoothed operators for classical Boolean connectives, mapping $1$ (False) and $0$ (True) as real-valued surrogates. This construction is proven to be sound: correct logical satisfaction corresponds exactly to vanishing loss as $\gamma \rightarrow 0$ . The partial derivatives $d\mathcal{L}$ are also formally verified.

Main theorem (Isabelle/HOL): For batch index $i$ , trace $T$ , formula $\rho$ , time $t$ ,

$\mathrm{lookup}(i, \mathcal{L}(\rho, T, t, 0)) \geq 0$
$\lim_{\gamma \to 0} \mathrm{lookup}(i, \mathcal{L}(\rho, T, t, \gamma)) = 0 \iff \mathrm{lookup}(i, \mathrm{eval}(\rho, T, t)) = \text{True}$

The formal definitions are refined for computational efficiency via “code equations” in Isabelle/HOL, replacing naïve recursion with array-section implementations (such as subt for extracting slices), and soft-max/min are algorithmically rewritten for numerical stability. Isabelle’s code-generation framework translates the mechanised semantics into OCaml, producing trusted implementations of eval, $\mathcal{L}$ , and $d\mathcal{L}$ .

Exported OCaml interfaces:

forward_L for forward evaluation of the loss,
backward_d for computing the associated gradient tensor.

These functions are guaranteed to inherit the compositionality, differentiability, and soundness properties proven in Isabelle/HOL.

4. PyTorch Integration and Autograd Compatibility

The OCaml-generated library is compiled as a shared object and exposed to Python via OCaml-Python bindings or a C interface. Within PyTorch, $\mathcal{L}$ is wrapped as a custom subclass of torch.autograd.Function:

class LTLfLoss(torch.autograd.Function):
    @staticmethod
    def forward(ctx, formula_repr, trace_tensor, t, γ):
        ctx.save_for_backward(formula_repr, trace_tensor, t, γ)
        return external_lib.forward_L(formula_repr, trace_tensor, t, γ)

    @staticmethod
    def backward(ctx, grad_output):
        formula_repr, trace_tensor, t, γ = ctx.saved_tensors
        dL = external_lib.backward_d(formula_repr, trace_tensor, t, γ)
        return None, grad_output * dL, None, None

Because $d\mathcal{L}$ is pre-verified as the exact Jacobian of $\mathcal{L}$ , the backward pass yields certified gradients; no hand-coded differentiation is required, and PyTorch optimizers (SGD, Adam) can be used out-of-the-box for neural or direct trajectory parameters.

5. Application Scenarios and Empirical Results

Direct Trajectory Optimisation:

A 2D trajectory is encoded as a $(N\, \text{time} \times 2)$ tensor, where endpoints are fixed and intermediate points are optimised via PyTorch optimizers to minimise loss on LTL₍f₎ constraints (e.g., $\mathcal{L}(\Box\,((0.1 \leq \|p - o\|) \wedge (s \geq \|\dot{p}\|) \wedge (a \geq \|\ddot{p}\|)))$ ). The optimised paths strictly satisfy spatial, speed, and acceleration constraints and illustrate curved avoidance trajectories.

Neural Trajectory Learning with DMPs:

A feed-forward network predicts DMP parameters to generate a differentiable trajectory $Q \in \mathbb{R}^{N \times 2}$ . The loss combines imitation ( $L_d(Q, D) = \frac{1}{N} \sum_i \|Q_i - D_i\|^2$ ) and the LTL₍f₎ constraint $\mathcal{L}(\rho, g(Q), \gamma)$ as $L_{\text{full}} = L_d + \eta \cdot \mathcal{L}$ . Five trajectory benchmarks are addressed: Avoid, Patrol, Until, Compound, Loop. Table 1 of the source provides:

Test	$L_d$	$\mathcal{L}$	$L_{\text{full}}$
Avoid	0.0681	0.0263	0.0944
Patrol	0.0694	0.0448	0.1142
...	...	...	...

Visualisations confirm that learning with the logical loss enforces the desired temporal sequencing, patrolling, looping, and avoidance as specified.

6. Performance Characteristics and Scalability

The tensor-based design yields more than a $10\times$ speedup versus scalar logic implementations. Complexity reductions are achieved by flattening nested $\Diamond$ (eventually) operators using domain-aware rewriting (e.g., conjoining rather than nesting properties), reducing worst-case run time from $O(t^4)$ to $O(t^2)$ . This directly accelerates both training and trajectory evaluation. The automated pipeline eliminates manual, potentially error-prone logic integration in Python, subsuming both correctness and efficiency within a single source of truth (the Isabelle formalisation) and trusted code generation (Chevallier et al., 23 Jan 2025).

7. Significance and Implications

The Isabelle-PyTorch neurosymbolic pipeline constitutes a fully verified, end-to-end framework for constrained neural learning where temporal logic properties are not only expressible but also provably enforced during training. A plausible implication is that this methodology can be extended to other domains requiring verified temporal logic compliance, such as safe reinforcement learning, program synthesis, or certified robotics pipelines. By lowering the risk of implementation bugs in logical constraints and ensuring gradient correctness, this approach raises the standard for principled neurosymbolic system design.

Markdown Report Issue Upgrade to Chat

References (1)

Formally Verified Neurosymbolic Trajectory Learning via Tensor-based Linear Temporal Logic on Finite Traces (2025)

Topic to Video (Beta)

No one has generated a video about this topic yet.

Whiteboard

No one has generated a whiteboard explanation for this topic yet.

Follow Topic

Get notified by email when new papers are published related to Isabelle-PyTorch Neurosymbolic Pipeline.