SLIDE 1
Lean Theorem Prover Tom van Bussel June 14, 2017 Goals It aims to - - PowerPoint PPT Presentation
Lean Theorem Prover Tom van Bussel June 14, 2017 Goals It aims to - - PowerPoint PPT Presentation
Lean Theorem Prover Tom van Bussel June 14, 2017 Goals It aims to bridge the gap between interactive and automated theorem proving, by situating automated tools and methods in a framework that supports user interaction and the construction
SLIDE 2
SLIDE 3
Background
◮ Developed at Microsoft Research and Carnegie Mellon
University
◮ Original authors:
◮ Leonardo de Moura ◮ Soonho Kong ◮ Jeremy Avigad ◮ Floris van Doorn ◮ Jakob von Raumer
Since then, many other people have worked on Lean
SLIDE 4
Background
◮ Calculus of Inductive Constructions ◮ Implemented in C++ ◮ Relatively small kernel of 6000 lines ◮ Additional features such as inductive type families
implemented on top in 700 lines
◮ Proofs and tactics are written in Lean ◮ Emacs and VS Code plug-ins ◮ Browser version written in Javascript
SLIDE 5
Tactic-style proofs
1
example (a b : Prop) : a /\ b -> b /\ a :=
2
begin
3
intro h,
4
cases h,
5
split,
6
assumption,
7
assumption
8
end
SLIDE 6
Declarative proofs
1
example (a b : Prop) : a /\ b -> b /\ a :=
2
fun h, and.intro (and.right h) (and.left h)
SLIDE 7
Declarative proofs
1
example (a b : Prop) : a /\ b -> b /\ a :=
2
fun h, and.intro (and.right h) (and.left h)
1
example (a b : Prop) : a /\ b -> b /\ a :=
2
assume h : a /\ b,
3
have ha : a, from and.left h,
4
have hb : b, from and.right h,
5
show b /\ a, from and.intro hb ha
SLIDE 8
Demo
SLIDE 9
Features
◮ Recursive equations ◮ Coercions ◮ Ad-hoc polymorphism
notation a + b := add a b notation a + b := bor a b
◮ Type classes ◮ Haskell-style monads ◮ Namespaces
- pen classical (renaming em -> excluded_middle)
◮ C++ code generation
SLIDE 10
Structures
◮ Special kind of inductive datatype with only one constructor ◮ Projections are generated automatically ◮ Subtyping/Inheritance
1
structure prod (a b : Type) :=
2
mk :: (fst : a) (snd : b)
3 4
structure has_mul (a : Type u) :=
5
(mul : a -> a -> a)
6 7
structure semigroup [class] (A : Type)
8
extends has_mul A :=
9
(mul_assoc : forall a b c,
10
mul (mul a b) c = mul a (mul b c))
SLIDE 11
Types
nat : Type Type : Type
SLIDE 12
Types
nat : Type Type : Type
Hierarchy of Types
Type.{0} : Type.{1} : Type.{2} : Type.{3} : ... fun (A : Type.{u}) (a : A), a
SLIDE 13
Automation
◮ Implemented as tactics ◮ Resolution prover ◮ Isabelle’s auto ◮ SMT-like automation: Congruence closure, E-matching ◮ Superposition (similar to metis)
SLIDE 14
Small demo
SLIDE 15
Lean vs Coq
Freek: “It has proof irrelevance, function extensionality, classical logic, even a choice operator as part of the standard setup (exactly which of those are hardwired in, and which ones are just conventionally available in the library, I don’t know.)”
SLIDE 16
Proof Irrelevance
Proof irrelevance for Prop is built in. lemma proof_irrel {a : Prop} (h1 h2 : a) : h1 = h2 := rfl
SLIDE 17
Axiom of Choice
class inductive nonempty (a : Sort u) : Prop | intro : a -> nonempty axiom choice {a : Sort u} : nonempty a -> a
Hilbert’s epsilon operator
noncomputable def epsilon {a : Sort u} [h : nonempty a] (p : a -> Prop) : a := ...
SLIDE 18
Function extensionality
Function extensionality is proved from the quotient construction, which is also defined in the standard library and requires a few extra axioms. theorem funext {f1 f2 : forall x : a, b x} (h : forall x, f1 x = f2 x) : f1 = f2 := ...
SLIDE 19
Classical logic
The law of excluded middle follows from Diaconescu’s lemma using function extensionality, propositional extensionality and the axiom
- f choice.
theorem em : p \/ not p := ...
SLIDE 20
Demo
SLIDE 21