Collaborative Interactive Theorem Proving with Clide Martin Ring, - - PowerPoint PPT Presentation

Collaborative Interactive Theorem Proving with Clide

Martin Ring, Christoph Lüth ITP 2014, 15.07.2014, Vienna

1 [18]

Motivation

Interactive theorem proving can be

• lonesome. . .

2 [18]

Motivation

Interactive theorem proving can be

• lonesome. . .

. . . but mathematics is a social activity!

2 [18]

Introducing Clide

◮ Previous work: a web interface for Isabelle ◮ Next step: extend this to real-time collaborative proof ◮ “Google docs for proofs”

3 [18]

Action!

4 [18]

Use Cases

◮ Scientific collaboration: a small number of co-authors writing a joint proof ◮ Proof review: one user explicates content of proof to others, e.g. teacher to students or

vice versa

◮ Machine-assisted collaboration: collaborating with a machine

5 [18]

Under the hood

◮ The basic problem: synchronisation

Client B Client C Server Client A

◮ Well researched solution: operational transformation

6 [18]

Operational Transformations

◮ Basic Problem:

• D

a ✲ D′ b

′

✲

• a

′

✲

b

✲

◮ Basic correctness:

∀D. applyOp b′ (applyOp a D) = applyOp a′ (applyOp b D). (1)

◮ Given by auxiliary transform

and two equations: applyOp (b ◦ a) D = applyOp b (applyOp a D) (2) transform a b = a′, b′ = ⇒ b′ ◦ a = a′ ◦ b (3)

7 [18]

Operational Transformation: Basic Principle

Text is modified using three basic actions:

◮ Retain – Copy current character ◮ Delete – Drop current character ◮ Insert c – Insert c

An operation is a sequence of actions.

8 [18]

Operational Transformation: Basic Principle

Text is modified using three basic actions:

◮ Retain – Copy current character ◮ Delete – Drop current character ◮ Insert c – Insert c

An operation is a sequence of actions. An example: Input: I P T Output: Operation: [

8 [18]

Operational Transformation: Basic Principle

Text is modified using three basic actions:

◮ Retain – Copy current character ◮ Delete – Drop current character ◮ Insert c – Insert c

An operation is a sequence of actions. An example: Input: P T Output: I Operation: [Retain,

8 [18]

Operational Transformation: Basic Principle

Text is modified using three basic actions:

◮ Retain – Copy current character ◮ Delete – Drop current character ◮ Insert c – Insert c

An operation is a sequence of actions. An example: Input: T Output: I Operation: [Retain, Delete,

8 [18]

Operational Transformation: Basic Principle

Text is modified using three basic actions:

◮ Retain – Copy current character ◮ Delete – Drop current character ◮ Insert c – Insert c

An operation is a sequence of actions. An example: Input: Output: I T Operation: [Retain, Delete, Retain,

8 [18]

Operational Transformation: Basic Principle

Text is modified using three basic actions:

◮ Retain – Copy current character ◮ Delete – Drop current character ◮ Insert c – Insert c

An operation is a sequence of actions. An example: Input: Output: I T P Operation: [Retain, Delete, Retain, Insert P]

8 [18]

Operational Transformation: Basic Principle

Text is modified using three basic actions:

◮ Retain – Copy current character ◮ Delete – Drop current character ◮ Insert c – Insert c

An operation is a sequence of actions. An example: Input: Output: I T P Operation: [Retain, Delete, Retain, Insert P]

8 [18]

Operational Transformation: Basic Principle

Text is modified using three basic actions:

◮ Retain – Copy current character ◮ Delete – Drop current character ◮ Insert c – Insert c

An operation is a sequence of actions. An example: Input: Output: I T P Operation: [Retain, Delete, Retain, Insert P]

◮ Note: operations are partial. ◮ Need to consider: composition and transformation

8 [18]

Composing Operations

◮ Composing operations: case distinction on the action

◮ Note: not simple concatenation!

◮ Example:

p = [Delete, Insert X, Retain] q = [Retain, Insert Y, Delete] compose a b =

◮ compose is partial.

9 [18]

Composing Operations

◮ Composing operations: case distinction on the action

◮ Note: not simple concatenation!

◮ Example:

p = [Insert X, Retain] q = [Retain, Insert Y, Delete] compose a b = [Delete,

◮ compose is partial.

9 [18]

Composing Operations

◮ Composing operations: case distinction on the action

◮ Note: not simple concatenation!

◮ Example:

p = [Retain] q = [Insert Y, Delete] compose a b = [Delete, Insert X,

◮ compose is partial.

9 [18]

Composing Operations

◮ Composing operations: case distinction on the action

◮ Note: not simple concatenation!

◮ Example:

p = [Retain] q = [Delete] compose a b = [Delete, Insert X, Insert Y,

◮ compose is partial.

9 [18]

Composing Operations

◮ Composing operations: case distinction on the action

◮ Note: not simple concatenation!

◮ Example:

p = [] q = [] compose a b = [Delete, Insert X, Insert Y, Delete]

◮ compose is partial.

9 [18]

Composing Operations

◮ Composing operations: case distinction on the action

◮ Note: not simple concatenation!

◮ Example:

p = [Delete, Insert X, Retain] q = [Retain, Insert Y, Delete] compose a b = [Delete, Insert X, Insert Y, Delete]

◮ compose is partial. ◮ Extensional equivalence of operations:

compose a b ∼ = [Delete, Delete, Insert X, Insert Y]

9 [18]

Transforming Operations

◮ Transforming operations: pointwise completion

• a ✲
• b

′

✲

• a

′

✲

b

✲

◮ Example:

a = [Insert X, Retain, Delete] b = [Delete, Retain, Insert Y] transform a b = ([ , [ )

10 [18]

Transforming Operations

◮ Transforming operations: pointwise completion

• a ✲
• b

′

✲

• a

′

✲

b

✲

◮ Example:

a = [Retain, Delete] b = [Delete, Retain, Insert Y] transform a b = ([Insert X, , [Retain, )

10 [18]

Transforming Operations

◮ Transforming operations: pointwise completion

• a ✲
• b

′

✲

• a

′

✲

b

✲

◮ Example:

a = [Delete] b = [Retain, Insert Y] transform a b = ([Insert X, Delete, , [Retain, )

10 [18]

Transforming Operations

◮ Transforming operations: pointwise completion

• a ✲
• b

′

✲

• a

′

✲

b

✲

◮ Example:

a = [] b = [Insert Y] transform a b = ([Insert X, Delete, , [Retain, Delete, )

10 [18]

Transforming Operations

◮ Transforming operations: pointwise completion

• a ✲
• b

′

✲

• a

′

✲

b

✲

◮ Example:

a = [] b = [] transform a b = ([Insert X, Delete, Retain] , [Retain, Delete, Insert Y] )

10 [18]

Transforming Operations

◮ Transforming operations: pointwise completion

• a ✲
• b

′

✲

• a

′

✲

b

✲

◮ Example:

a = [Insert X, Retain, Delete] b = [Delete, Retain, Insert Y] transform a b = ([Insert X, Delete, Retain] , [Retain, Delete, Insert Y] )

10 [18]

Formalisation: Correctness

◮ Correctness of compose (??):

theorem composeCorrect: [ [ compose a b = Some ab; applyOp a d = Some d ′; applyOp b d ′ = Some d ′′ ] ] = ⇒ applyOp ab d = Some d ′′

◮ Correctness of transform (??):

theorem transformCorrect: transform a b = Some (a ′,b ′) = ⇒ compose a b ′ = None ∧ compose a b ′ = compose b a ′

◮ To show previous lemmas, need to construct graphs of the partial functions. ◮ Application: generate Scala code from Isabelle

11 [18]

Annotations

◮ Two types of annotation actions

◮ Plain n – Retain n characters ◮ Annotate n c – Annotate n characters with annotation c

◮ Annotations ≈ identity operations with side-effects ◮ No interference with operations – can be handled separately

lemma transformIdL: transform (ident (inputLength b)) b = Some (ident (outputLength b), b)

◮ Multiple named annotations per collaborator ◮ Selections, syntax coloring, substitutions, tooltips, completion, etc.

12 [18]

The Control Algorithm - Server

◮ Purpose:

◮ sequentialise concurrent operations ◮ distribute transformed operations

Client A Server r0 c1 ✲ r1 c2 ✲ r2 c3 ✲ r3 Client B

13 [18]

The Control Algorithm - Server

◮ Purpose:

◮ sequentialise concurrent operations ◮ distribute transformed operations

Client A

• Server r0

c1 ✲ r1 a

✻

c2 ✲ r2 c3 ✲ r3 Client B

• b

❄

13 [18]

The Control Algorithm - Server

◮ Purpose:

◮ sequentialise concurrent operations ◮ distribute transformed operations

Client A

• c′

2

✲ •

Server r0 c1 ✲ r1 a

✻

c2 ✲ r2 a′

✻

c3 ✲ r3 Client B

• b

❄

13 [18]

The Control Algorithm - Server

◮ Purpose:

◮ sequentialise concurrent operations ◮ distribute transformed operations

Client A

• c′

2

✲ •

c′

3

✲ •

Server r0 c1 ✲ r1 a

✻

c2 ✲ r2 a′

✻

c3 ✲ r3 a′′

✻

Client B

• b

❄

13 [18]

The Control Algorithm - Server

◮ Purpose:

◮ sequentialise concurrent operations ◮ distribute transformed operations

Client A

• c′

2

✲ •

c′

3

✲ •

Server r0 c1 ✲ r1 a

✻

c2 ✲ r2 a′

✻

c3 ✲ r3 a′′

✻

c4 = a′′

✲ r4

= = = = = = = = = = Client B

• b

❄

13 [18]

The Control Algorithm - Server

◮ Purpose:

◮ sequentialise concurrent operations ◮ distribute transformed operations

Client A

• c′

2

✲ •

c′

3

✲ •

Server r0 c1 ✲ r1 a

✻

c2 ✲ r2 a′

✻

c3 ✲ r3 a′′

✻

c4 = a′′

✲ r4

= = = = = = = = = = Client B

• b

❄

c′′

3

✲ •

b′

❄

13 [18]

The Control Algorithm - Server

◮ Purpose:

◮ sequentialise concurrent operations ◮ distribute transformed operations

Client A

• c′

2

✲ •

c′

3

✲ •

Server r0 c1 ✲ r1 a

✻

c2 ✲ r2 a′

✻

c3 ✲ r3 a′′

✻

c4 = a′′

✲ r4

= = = = = = = = = = Client B

• b

❄

c′′

3

✲ •

b′

❄

c′

4

✲ •

b′′

❄

13 [18]

The Control Algorithm - Server

◮ Purpose:

◮ sequentialise concurrent operations ◮ distribute transformed operations

Client A

• c′

2

✲ •

c′

3

✲ •

Server r0 c1 ✲ r1 a

✻

c2 ✲ r2 a′

✻

c3 ✲ r3 a′′

✻

c4 = a′′

✲ r4

c5 = b′′

✲

= = = = = = = = = = r5 Client B

• b

❄

c′′

3

✲ •

b′

❄

c′

4

✲ •

b′′

❄

= = = = = = = = = =

13 [18]

The Control Algorithm - Server

◮ Purpose:

◮ sequentialise concurrent operations ◮ distribute transformed operations

Client A Server r0 c1 ✲ r1 c2 ✲ r2 c3 ✲ r3 Client B

14 [18]

The Control Algorithm - Server

◮ Purpose:

◮ sequentialise concurrent operations ◮ distribute transformed operations

Client A

• Server r0

c1 ✲ r1 a

✻

c2 ✲ r2 c3 ✲ r3 Client B

• b

❄

14 [18]

The Control Algorithm - Server

◮ Purpose:

◮ sequentialise concurrent operations ◮ distribute transformed operations

Client A

• Server r0

c1 ✲ r1 a

✻

c2 ✲ r2 c3 ✲ r3 Client B

• b

❄

c′′

3

✲ •

b′

❄

14 [18]

The Control Algorithm - Server

◮ Purpose:

◮ sequentialise concurrent operations ◮ distribute transformed operations

Client A

• Server r0

c1 ✲ r1 a

✻

c2 ✲ r2 c3 ✲ r3 c4 = b′

✲ r4

Client B

• b

❄

c′′

3

✲ •

b′

❄

= = = = = = = = = =

14 [18]

The Control Algorithm - Server

◮ Purpose:

◮ sequentialise concurrent operations ◮ distribute transformed operations

Client A

• c′

2

✲ •

Server r0 c1 ✲ r1 a

✻

c2 ✲ r2 a′

✻

c3 ✲ r3 c4 = b′

✲ r4

Client B

• b

❄

c′′

3

✲ •

b′

❄

= = = = = = = = = =

14 [18]

The Control Algorithm - Server

◮ Purpose:

◮ sequentialise concurrent operations ◮ distribute transformed operations

Client A

• c′

2

✲ •

c′

3

✲ •

Server r0 c1 ✲ r1 a

✻

c2 ✲ r2 a′

✻

c3 ✲ r3 a′′

✻

c4 = b′

✲ r4

Client B

• b

❄

c′′

3

✲ •

b′

❄

= = = = = = = = = =

14 [18]

The Control Algorithm - Server

◮ Purpose:

◮ sequentialise concurrent operations ◮ distribute transformed operations

Client A

• c′

2

✲ •

c′

3

✲ •

c′

4

✲ •

Server r0 c1 ✲ r1 a

✻

c2 ✲ r2 a′

✻

c3 ✲ r3 a′′

✻

c4 = b′

✲ r4

a′′′

✻

Client B

• b

❄

c′′

3

✲ •

b′

❄

= = = = = = = = = =

14 [18]

The Control Algorithm - Server

◮ Purpose:

◮ sequentialise concurrent operations ◮ distribute transformed operations

Client A

• c′

2

✲ •

c′

3

✲ •

c′

4

✲ •

Server r0 c1 ✲ r1 a

✻

c2 ✲ r2 a′

✻

c3 ✲ r3 a′′

✻

c4 = b′

✲ r4

a′′′

✻

c5 = a′′′

✲ r5

= = = = = = = = = = Client B

• b

❄

c′′

3

✲ •

b′

❄

= = = = = = = = = =

14 [18]

The Control Algorithm - Client

◮ Purpose: buffer operations while waiting for acknowledgment

• a

✲ •

Revision r

15 [18]

The Control Algorithm - Client

◮ Purpose: buffer operations while waiting for acknowledgment

• a

✲ •

Revision r

• c

❄

Revision r + 1

15 [18]

The Control Algorithm - Client

◮ Purpose: buffer operations while waiting for acknowledgment

• a

✲ •

Revision r

• c

❄

a′

✲ •

c′

❄

Revision r + 1

15 [18]

The Control Algorithm - Client

◮ Purpose: buffer operations while waiting for acknowledgment

• a

✲ •

Revision r

15 [18]

The Control Algorithm - Client

◮ Purpose: buffer operations while waiting for acknowledgment

• a

✲ •

b

✲ •

Revision r

15 [18]

The Control Algorithm - Client

◮ Purpose: buffer operations while waiting for acknowledgment

• a

✲ •

b

✲ •

Revision r

• c

❄

Revision r + 1

15 [18]

The Control Algorithm - Client

◮ Purpose: buffer operations while waiting for acknowledgment

• a

✲ •

b

✲ •

Revision r

• c

❄

a′

✲ •

c′

❄

Revision r + 1

15 [18]

The Control Algorithm - Client

◮ Purpose: buffer operations while waiting for acknowledgment

• a

✲ •

b

✲ •

Revision r

• c

❄

a′

✲ •

c′

❄

b′

✲ •

c′′

❄

Revision r + 1

15 [18]

The Control Algorithm - Client

◮ Purpose: buffer operations while waiting for acknowledgment

• a

✲ •

b

✲ •

Revision r

• c

❄

a′

✲ •

c′

❄

b′

✲ •

c′′

❄

Revision r + 1

◮ Problem: web client must be implemented in JavaScript

15 [18]

System Architecture: Components

clide-core clide-web clide-isabelle clide-haskell

Akka Remoting Akka Remoting Akka Remoting WebSocket W e b S

• c

k e t WebSocket WebSocket

...

Akka Remoting

16 [18]

Universal Collaboration

◮ Clide is generic: Isabelle is just one particular collaborator based on the great PIDE

framework.

◮ Paradigm of universal collaboration: document-centered collaborative development. ◮ Allows easy development of new assistants: just define interaction with document,

synchronisation and integration provided by Clide.

◮ Examples: prototypical Haskell and Scala IDE

17 [18]

Concluding Remarks

◮ Clide: Interactive Collaborative Real-Time Theorem Proving

◮ Based on formalisation of Operational Transformations in Isabelle ◮ Compares well to Isabelle/jEdit or ProofGeneral ◮ Flexible system architecture built on Scala, Akka

◮ Clide is generic

◮ Prototypical Haskell and Scala instantiations ◮ Novel concept of universal collaboration 18 [18]