Interoperability between arithmetic proofs using Dedukti PhD - - PowerPoint PPT Presentation

interoperability between arithmetic proofs using dedukti
SMART_READER_LITE
LIVE PREVIEW

Interoperability between arithmetic proofs using Dedukti PhD - - PowerPoint PPT Presentation

Oct 22, 2023 221 likes •509 views

Interoperability between arithmetic proofs using Dedukti PhD supervised by Gilles Dowek & St ephane Graham-Lengrand Fran cois Thir e LSV & LIX November 22, 2018 1/15 Bugs are everywhere! 2/15 Bugs are everywhere! Would you

slide-1
SLIDE 1

1/15

Interoperability between arithmetic proofs using Dedukti

PhD supervised by Gilles Dowek & St´ ephane Graham-Lengrand Fran¸ cois Thir´ e

LSV & LIX

November 22, 2018

slide-2
SLIDE 2

2/15

Bugs are everywhere!

slide-3
SLIDE 3

2/15

Bugs are everywhere!

Would you trust windows to:

◮ drive your car ◮ be used in a nuclear power station ◮ perform surgery on you

slide-4
SLIDE 4

3/15

Proof Assistants (1/2)

Coq

Theorem proj1 : ∀ (A B:Prop), A ∧ B → A. Proof. intros A B H ; destruct H ; assumption. Qed.

slide-5
SLIDE 5

3/15

Proof Assistants (1/2)

Coq

Theorem proj1 : ∀ (A B:Prop), A ∧ B → A. Proof. intros A B H ; destruct H ; assumption. Qed.

produces

− − − − − → Definition proj1’ : ∀ A B:Prop, A ∧ B → A := fun (A B : Prop) (H : A ∧ B) ⇒ match H with | conj H0 ⇒ H0 end.

slide-6
SLIDE 6

4/15

Proof Assistants (2/2)

HOL

v a l AND1 THM = save thm ( ”AND1 THM” , l e t v a l t12 = mk conj ( t1b , t2b ) v a l th2 = RIGHT BETA(AP THM (RIGHT BETA(AP THM AND DEF t1b )) t2b ) v a l th3 = SPEC t1b (EQ MP th2 (ASSUME t12 ) ) v a l th4 = DISCH t1b (DISCH t2b (ADD ASSUM t2b (ASSUME t1b ) ) ) i n GEN t1b (GEN t2b (DISCH t12 (MP th3 th4 ) ) ) end ) ;

slide-7
SLIDE 7

5/15

Proof checkers & automatic provers

◮ Automath ◮ Metamath ◮ Mizar ◮ PVS ◮ HOL family ◮ LF ◮ Coq ◮ Isabelle ◮ Agda ◮ Dedukti ◮ ProofCert ◮ CubicalTT

slide-8
SLIDE 8

6/15

Interoperability problem

◮ There is a lot a proof checkers & logics ◮ Different logics might have different expressivity ◮ Each system has its own library of proofs ◮ There is not standard

slide-9
SLIDE 9

6/15

Interoperability problem

◮ There is a lot a proof checkers & logics ◮ Different logics might have different expressivity ◮ Each system has its own library of proofs ◮ There is not standard

Our goal:

Take a small library (e.g. an arithmetic library) that could be exported to a bunch of proof checkers

slide-10
SLIDE 10

7/15

Methodology

Python Java C++ Javascript

slide-11
SLIDE 11

7/15

Methodology

ASM Python Java C++ Javascript

slide-12
SLIDE 12

8/15

Dedukti

Dedukti Coq CoqInE HOL Holide Matita Krajono Zenon modulo iProver modulo Focalize Focalide

slide-13
SLIDE 13

9/15

From Matita to HOL

HOL4 HOL-light HOL Zero Dedukti Coq CoqInE Open Theory Holide Matita Krajono Zenon modulo Focalize Focalide universo dkmeta,... ediloh Arithmetic library

slide-14
SLIDE 14

10/15

Dedukti[CIC] to Dedukti[HOL]

Dedukti Dedukti[HOL] Dedukti[CIC]

slide-15
SLIDE 15

10/15

Dedukti[CIC] to Dedukti[HOL]

Dedukti[HOL] ... ... ... Dedukti[CIC]

slide-16
SLIDE 16

11/15

Dedukti[CIC] to Dedukti[HOL]

What to do?

◮ Remove useless stuff (proofs not used) ◮ Remove universes ◮ Remove dependent products ◮ Remove rewrite rules

slide-17
SLIDE 17

11/15

Dedukti[CIC] to Dedukti[HOL]

What to do?

◮ Remove useless stuff (proofs not used) ◮ Remove universes ◮ Remove dependent products ◮ Remove rewrite rules

How?

◮ Dedukti rewrite system ◮ OCaml

slide-18
SLIDE 18

11/15

Dedukti[CIC] to Dedukti[HOL]

What to do?

◮ Remove useless stuff (proofs not used) ◮ Remove universes ◮ Remove dependent products ◮ Remove rewrite rules

How?

◮ Dedukti rewrite system ◮ OCaml

Problems:

◮ All at the same time? ◮ What is the best order?

slide-19
SLIDE 19

11/15

Dedukti[CIC] to Dedukti[HOL]

What to do?

◮ Remove useless stuff (proofs not used) ◮ Remove universes ◮ Remove dependent products ◮ Remove rewrite rules

How?

◮ Dedukti rewrite system ◮ OCaml

Problems:

◮ All at the same time? ◮ What is the best order?

slide-20
SLIDE 20

12/15

Remove rewrite rules

nat : Type. 0 : nat. S : nat -> nat.

  • dd : nat -> Prop.

pi : odd (S 0). [] one --> S 0. def pi1 : (odd one) := pi.

slide-21
SLIDE 21

12/15

Remove rewrite rules

nat : Type. 0 : nat. S : nat -> nat.

  • dd : nat -> Prop.

pi : odd (S 0). def eq : nat -> nat -> Prop := x:nat => y:nat => forall (P:(nat -> Prop) => impl (P x) (P y)).

slide-22
SLIDE 22

12/15

Remove rewrite rules

nat : Type. 0 : nat. S : nat -> nat.

  • dd : nat -> Prop.

pi : odd (S 0). def eq : nat -> nat -> Prop := x:nat => y:nat => forall (P:(nat -> Prop) => impl (P x) (P y)). eq_one : eq (S 0) one.

slide-23
SLIDE 23

12/15

Remove rewrite rules

nat : Type. 0 : nat. S : nat -> nat.

  • dd : nat -> Prop.

pi : odd (S 0). def eq : nat -> nat -> Prop. [x,y] eq x y --> forall (P:(nat -> Prop) => impl (P x) (P y)). eq_one : eq (S 0) one. def pi1 : (odd one) := eq_one (ctx => odd ctx) pi.

slide-24
SLIDE 24

13/15

Dedukti[HOL] to OpenTheory (OT)

Should be easy, right? But...

slide-25
SLIDE 25

13/15

Dedukti[HOL] to OpenTheory (OT)

Should be easy, right? But...

◮ Polymorphism in OT is not the handle the same way as in

Dedukti[HOL]

◮ Dedukti is modulo delta (constants unfolding), OT is not ◮ Dedukti is modulo beta, OT is not! ◮ Dedukti using De Bruijn indices, OT uses names!

slide-26
SLIDE 26

14/15

In practice

Dedukti to Dedukti (done)

◮ 6 months ◮ 3 tools ◮ about 1500 lines of OCaml

Dedukti to Dedukti (done)

◮ 5 months ◮ 1 tool ◮ 3000 lines of OCaml

slide-27
SLIDE 27

15/15

Conclusion & Future Work

◮ Find (or invent) a better language to write these compilers (a

futur work with Prof. Brigitte Pientka)

◮ OT has some good ideas for interoperability that could be

reuse

◮ Extend the compiler to other systems such as ProofCert, Coq

  • r PVS