SLIDE 1
NICOLAS TABAREAU
NOT A SINGLE PROOF ASSISTANT FOR ALL
BUT PROOF ASSISTANTS FOR EVERYONE
Not a single proof assistant for all but proof assistants for everyone
N OT A SINGLE PROOF ASSISTANT FOR ALL BUT PROOF ASSISTANTS FOR - - PowerPoint PPT Presentation
N OT A SINGLE PROOF ASSISTANT FOR ALL BUT PROOF ASSISTANTS FOR - - PowerPoint PPT Presentation
N OT A SINGLE PROOF ASSISTANT FOR ALL BUT PROOF ASSISTANTS FOR EVERYONE N ICOLAS T ABAREAU Not the Work of a Single Man Not a single proof assistant for all but proof assistants for everyone Coq: a success but ... Based on the
SLIDE 2
SLIDE 3
Not a single proof assistant for all but proof assistants for everyone
Coq: a success but ...
3
Based on the correspondence: Formula ⟺ Type Proof ⟺ Program Type Theory has been developed, providing a common language for mathematics and computer science ⇒ Coq
SLIDE 4
Not a single proof assistant for all but proof assistants for everyone
Coq: a success but ...
3
Based on the correspondence: Formula ⟺ Type Proof ⟺ Program Type Theory has been developed, providing a common language for mathematics and computer science ⇒ Coq “At the same time a programming language and a logical system”
SLIDE 5
Not a single proof assistant for all but proof assistants for everyone
Coq: a success but ...
4
CompCert Compiler
Theorem Proving Program certification
Odd Order Theorem
A mature system: ACM 2013 Software System Award Coq Consortium (Inria Foundation) Continuous Integration, 2 releases per year
SLIDE 6
Not a single proof assistant for all but proof assistants for everyone
... not the last word
5
Many weaknesses cannot be solved without changing the theoretical foundations of Coq: Extend Coq as a programming language Extend Coq as a logical system
SLIDE 7
Not a single proof assistant for all but proof assistants for everyone
Extend the logic
6
common operators/principles cannot be “constructed” (e.g., excluded middle) the notion of equality/conversion is too weak
SLIDE 8
Not a single proof assistant for all but proof assistants for everyone
Extend the logic
6
common operators/principles cannot be “constructed” (e.g., excluded middle) the notion of equality/conversion is too weak
(n;prime_n) ≠ (n;prime_n)
Example: prime integers
SLIDE 9
Not a single proof assistant for all but proof assistants for everyone
Extend the logic
7
The difficulty is that every new logical principle must come with its computational interpretation.
SLIDE 10
Not a single proof assistant for all but proof assistants for everyone
Extend the logic
7
The difficulty is that every new logical principle must come with its computational interpretation. For instance, what is the computational meaning of the excluded middle ?
SLIDE 11
Not a single proof assistant for all but proof assistants for everyone 8
Great, and now can you show me a “Hello World” ? … sorry. That’s not possible ! Well, …Extend the language
Hello World in Coq
SLIDE 12
Not a single proof assistant for all but proof assistants for everyone 8
No “Hello World” !
Great, and now can you show me a “Hello World” ? … sorry. That’s not possible ! Well, …Extend the language
Hello World in Coq
SLIDE 13
Not a single proof assistant for all but proof assistants for everyone 9
Users Need More
On the logical side: Excluded Middle UIP Univalence / FunExt Definitional Pf Irr On the PL side: Exceptions Memory Non-determinism Non-termination
SLIDE 14
Not a single proof assistant for all but proof assistants for everyone 10
Excluded Middle
∀P, ¬P + P
<latexit sha1_base64="TGU4BnQTnSoMD9C3VkQodt34vfY=">AB/3icbVDLSgMxFL1TX7W+qoIbN8EiCEqZEUGXRTcuR7AP6Awlk2ba0EwyJBmhjF34K25cKOLW3Dn35g+Ftp6IHA491zuyYlSzrRx3W+nsLS8srpWXC9tbG5t75R39xpaZorQOpFcqlaENeVM0LphtNWqihOIk6b0eBmPG8+UKWZFPdmNIwT3BYkawsVKnfBDEUmHOkX+GAi6kQT46RX6nXHGr7gRokXgzUoEZrP8r6EqSJVQYwrHWbc9NTZhjZRjhdFQKMk1TAa4R9uWCpxQHeaT/CN0bJUuskHsEwZN1N8bOU60HiaRdSbY9PX8bCz+N2tnJr4KcybSzFBpofijCMj0bgM1GWKEsOHlmCimM2KSB8rTIytrGRL8Oa/vEga51XPrXp3F5Xa9ayOIhzCEZyAB5dQg1vwoQ4EHuEZXuHNeXJenHfnY2otOLOdfgD5/MHZ1aUYw=</latexit><latexit sha1_base64="TGU4BnQTnSoMD9C3VkQodt34vfY=">AB/3icbVDLSgMxFL1TX7W+qoIbN8EiCEqZEUGXRTcuR7AP6Awlk2ba0EwyJBmhjF34K25cKOLW3Dn35g+Ftp6IHA491zuyYlSzrRx3W+nsLS8srpWXC9tbG5t75R39xpaZorQOpFcqlaENeVM0LphtNWqihOIk6b0eBmPG8+UKWZFPdmNIwT3BYkawsVKnfBDEUmHOkX+GAi6kQT46RX6nXHGr7gRokXgzUoEZrP8r6EqSJVQYwrHWbc9NTZhjZRjhdFQKMk1TAa4R9uWCpxQHeaT/CN0bJUuskHsEwZN1N8bOU60HiaRdSbY9PX8bCz+N2tnJr4KcybSzFBpofijCMj0bgM1GWKEsOHlmCimM2KSB8rTIytrGRL8Oa/vEga51XPrXp3F5Xa9ayOIhzCEZyAB5dQg1vwoQ4EHuEZXuHNeXJenHfnY2otOLOdfgD5/MHZ1aUYw=</latexit><latexit sha1_base64="TGU4BnQTnSoMD9C3VkQodt34vfY=">AB/3icbVDLSgMxFL1TX7W+qoIbN8EiCEqZEUGXRTcuR7AP6Awlk2ba0EwyJBmhjF34K25cKOLW3Dn35g+Ftp6IHA491zuyYlSzrRx3W+nsLS8srpWXC9tbG5t75R39xpaZorQOpFcqlaENeVM0LphtNWqihOIk6b0eBmPG8+UKWZFPdmNIwT3BYkawsVKnfBDEUmHOkX+GAi6kQT46RX6nXHGr7gRokXgzUoEZrP8r6EqSJVQYwrHWbc9NTZhjZRjhdFQKMk1TAa4R9uWCpxQHeaT/CN0bJUuskHsEwZN1N8bOU60HiaRdSbY9PX8bCz+N2tnJr4KcybSzFBpofijCMj0bgM1GWKEsOHlmCimM2KSB8rTIytrGRL8Oa/vEga51XPrXp3F5Xa9ayOIhzCEZyAB5dQg1vwoQ4EHuEZXuHNeXJenHfnY2otOLOdfgD5/MHZ1aUYw=</latexit><latexit sha1_base64="TGU4BnQTnSoMD9C3VkQodt34vfY=">AB/3icbVDLSgMxFL1TX7W+qoIbN8EiCEqZEUGXRTcuR7AP6Awlk2ba0EwyJBmhjF34K25cKOLW3Dn35g+Ftp6IHA491zuyYlSzrRx3W+nsLS8srpWXC9tbG5t75R39xpaZorQOpFcqlaENeVM0LphtNWqihOIk6b0eBmPG8+UKWZFPdmNIwT3BYkawsVKnfBDEUmHOkX+GAi6kQT46RX6nXHGr7gRokXgzUoEZrP8r6EqSJVQYwrHWbc9NTZhjZRjhdFQKMk1TAa4R9uWCpxQHeaT/CN0bJUuskHsEwZN1N8bOU60HiaRdSbY9PX8bCz+N2tnJr4KcybSzFBpofijCMj0bgM1GWKEsOHlmCimM2KSB8rTIytrGRL8Oa/vEga51XPrXp3F5Xa9ayOIhzCEZyAB5dQg1vwoQ4EHuEZXuHNeXJenHfnY2otOLOdfgD5/MHZ1aUYw=</latexit> SLIDE 15
Not a single proof assistant for all but proof assistants for everyone 10
Excluded Middle
∀P, ¬P + P
<latexit sha1_base64="TGU4BnQTnSoMD9C3VkQodt34vfY=">AB/3icbVDLSgMxFL1TX7W+qoIbN8EiCEqZEUGXRTcuR7AP6Awlk2ba0EwyJBmhjF34K25cKOLW3Dn35g+Ftp6IHA491zuyYlSzrRx3W+nsLS8srpWXC9tbG5t75R39xpaZorQOpFcqlaENeVM0LphtNWqihOIk6b0eBmPG8+UKWZFPdmNIwT3BYkawsVKnfBDEUmHOkX+GAi6kQT46RX6nXHGr7gRokXgzUoEZrP8r6EqSJVQYwrHWbc9NTZhjZRjhdFQKMk1TAa4R9uWCpxQHeaT/CN0bJUuskHsEwZN1N8bOU60HiaRdSbY9PX8bCz+N2tnJr4KcybSzFBpofijCMj0bgM1GWKEsOHlmCimM2KSB8rTIytrGRL8Oa/vEga51XPrXp3F5Xa9ayOIhzCEZyAB5dQg1vwoQ4EHuEZXuHNeXJenHfnY2otOLOdfgD5/MHZ1aUYw=</latexit><latexit sha1_base64="TGU4BnQTnSoMD9C3VkQodt34vfY=">AB/3icbVDLSgMxFL1TX7W+qoIbN8EiCEqZEUGXRTcuR7AP6Awlk2ba0EwyJBmhjF34K25cKOLW3Dn35g+Ftp6IHA491zuyYlSzrRx3W+nsLS8srpWXC9tbG5t75R39xpaZorQOpFcqlaENeVM0LphtNWqihOIk6b0eBmPG8+UKWZFPdmNIwT3BYkawsVKnfBDEUmHOkX+GAi6kQT46RX6nXHGr7gRokXgzUoEZrP8r6EqSJVQYwrHWbc9NTZhjZRjhdFQKMk1TAa4R9uWCpxQHeaT/CN0bJUuskHsEwZN1N8bOU60HiaRdSbY9PX8bCz+N2tnJr4KcybSzFBpofijCMj0bgM1GWKEsOHlmCimM2KSB8rTIytrGRL8Oa/vEga51XPrXp3F5Xa9ayOIhzCEZyAB5dQg1vwoQ4EHuEZXuHNeXJenHfnY2otOLOdfgD5/MHZ1aUYw=</latexit><latexit sha1_base64="TGU4BnQTnSoMD9C3VkQodt34vfY=">AB/3icbVDLSgMxFL1TX7W+qoIbN8EiCEqZEUGXRTcuR7AP6Awlk2ba0EwyJBmhjF34K25cKOLW3Dn35g+Ftp6IHA491zuyYlSzrRx3W+nsLS8srpWXC9tbG5t75R39xpaZorQOpFcqlaENeVM0LphtNWqihOIk6b0eBmPG8+UKWZFPdmNIwT3BYkawsVKnfBDEUmHOkX+GAi6kQT46RX6nXHGr7gRokXgzUoEZrP8r6EqSJVQYwrHWbc9NTZhjZRjhdFQKMk1TAa4R9uWCpxQHeaT/CN0bJUuskHsEwZN1N8bOU60HiaRdSbY9PX8bCz+N2tnJr4KcybSzFBpofijCMj0bgM1GWKEsOHlmCimM2KSB8rTIytrGRL8Oa/vEga51XPrXp3F5Xa9ayOIhzCEZyAB5dQg1vwoQ4EHuEZXuHNeXJenHfnY2otOLOdfgD5/MHZ1aUYw=</latexit><latexit sha1_base64="TGU4BnQTnSoMD9C3VkQodt34vfY=">AB/3icbVDLSgMxFL1TX7W+qoIbN8EiCEqZEUGXRTcuR7AP6Awlk2ba0EwyJBmhjF34K25cKOLW3Dn35g+Ftp6IHA491zuyYlSzrRx3W+nsLS8srpWXC9tbG5t75R39xpaZorQOpFcqlaENeVM0LphtNWqihOIk6b0eBmPG8+UKWZFPdmNIwT3BYkawsVKnfBDEUmHOkX+GAi6kQT46RX6nXHGr7gRokXgzUoEZrP8r6EqSJVQYwrHWbc9NTZhjZRjhdFQKMk1TAa4R9uWCpxQHeaT/CN0bJUuskHsEwZN1N8bOU60HiaRdSbY9PX8bCz+N2tnJr4KcybSzFBpofijCMj0bgM1GWKEsOHlmCimM2KSB8rTIytrGRL8Oa/vEga51XPrXp3F5Xa9ayOIhzCEZyAB5dQg1vwoQ4EHuEZXuHNeXJenHfnY2otOLOdfgD5/MHZ1aUYw=</latexit>Useful to do proof by contradiction
Note: I don’t want to dive into constructivism debate
SLIDE 16
Not a single proof assistant for all but proof assistants for everyone 11
Functional Extensionality
∀A B (f g : ∀a : A, B a), (∀a, f a = g a) → f = g
<latexit sha1_base64="sqAD2wG+DQ2YJIpdMsvY/R3PhQ=">ACRHicbVDLSgNBEJz1bXxFPXpDEKEHZFUAIBEy8eFUwMZEPoncxuBmcfzMwqIeTjvPgB3vwCLx4U8SrOxi+GnoqrpnvISwZW27Xtranpmdm5+YTG3tLyupZf32iqOJWUNWgsYtnyUDHBI9bQXAvWSiTD0BPswrs8zvSLKyYVj6NzPUhYJ8Qg4j6nqA3VzbdP5YoBNTAhbrpom+eACrwKWAFaqWxhLslKH7RJcicCFUw9kx0JQ/6GqWMr41UhaCbL9hle1zwFzgTUCTOu3m79xeTNOQRZoKVKrt2InuDFqTgUb5dxUsQTpJQasbWCEIVOd4TiEewYpgfmOtORhjH7fWKIoVKD0DPOEHVf/dYy8j+tnWr/sDPkUZJqFtGPRX4qQMeQJQo9LhnVYmAUsnNrUD7KJFqk3vOhOD8/vJf0NwrO3bZOdsvHNUncSyQLbJNisQhB+SInJBT0iCU3JAH8kSerVvr0XqxXj+sU9ZkZpP8KOvtHfaBqmA=</latexit><latexit sha1_base64="sqAD2wG+DQ2YJIpdMsvY/R3PhQ=">ACRHicbVDLSgNBEJz1bXxFPXpDEKEHZFUAIBEy8eFUwMZEPoncxuBmcfzMwqIeTjvPgB3vwCLx4U8SrOxi+GnoqrpnvISwZW27Xtranpmdm5+YTG3tLyupZf32iqOJWUNWgsYtnyUDHBI9bQXAvWSiTD0BPswrs8zvSLKyYVj6NzPUhYJ8Qg4j6nqA3VzbdP5YoBNTAhbrpom+eACrwKWAFaqWxhLslKH7RJcicCFUw9kx0JQ/6GqWMr41UhaCbL9hle1zwFzgTUCTOu3m79xeTNOQRZoKVKrt2InuDFqTgUb5dxUsQTpJQasbWCEIVOd4TiEewYpgfmOtORhjH7fWKIoVKD0DPOEHVf/dYy8j+tnWr/sDPkUZJqFtGPRX4qQMeQJQo9LhnVYmAUsnNrUD7KJFqk3vOhOD8/vJf0NwrO3bZOdsvHNUncSyQLbJNisQhB+SInJBT0iCU3JAH8kSerVvr0XqxXj+sU9ZkZpP8KOvtHfaBqmA=</latexit><latexit sha1_base64="sqAD2wG+DQ2YJIpdMsvY/R3PhQ=">ACRHicbVDLSgNBEJz1bXxFPXpDEKEHZFUAIBEy8eFUwMZEPoncxuBmcfzMwqIeTjvPgB3vwCLx4U8SrOxi+GnoqrpnvISwZW27Xtranpmdm5+YTG3tLyupZf32iqOJWUNWgsYtnyUDHBI9bQXAvWSiTD0BPswrs8zvSLKyYVj6NzPUhYJ8Qg4j6nqA3VzbdP5YoBNTAhbrpom+eACrwKWAFaqWxhLslKH7RJcicCFUw9kx0JQ/6GqWMr41UhaCbL9hle1zwFzgTUCTOu3m79xeTNOQRZoKVKrt2InuDFqTgUb5dxUsQTpJQasbWCEIVOd4TiEewYpgfmOtORhjH7fWKIoVKD0DPOEHVf/dYy8j+tnWr/sDPkUZJqFtGPRX4qQMeQJQo9LhnVYmAUsnNrUD7KJFqk3vOhOD8/vJf0NwrO3bZOdsvHNUncSyQLbJNisQhB+SInJBT0iCU3JAH8kSerVvr0XqxXj+sU9ZkZpP8KOvtHfaBqmA=</latexit><latexit sha1_base64="sqAD2wG+DQ2YJIpdMsvY/R3PhQ=">ACRHicbVDLSgNBEJz1bXxFPXpDEKEHZFUAIBEy8eFUwMZEPoncxuBmcfzMwqIeTjvPgB3vwCLx4U8SrOxi+GnoqrpnvISwZW27Xtranpmdm5+YTG3tLyupZf32iqOJWUNWgsYtnyUDHBI9bQXAvWSiTD0BPswrs8zvSLKyYVj6NzPUhYJ8Qg4j6nqA3VzbdP5YoBNTAhbrpom+eACrwKWAFaqWxhLslKH7RJcicCFUw9kx0JQ/6GqWMr41UhaCbL9hle1zwFzgTUCTOu3m79xeTNOQRZoKVKrt2InuDFqTgUb5dxUsQTpJQasbWCEIVOd4TiEewYpgfmOtORhjH7fWKIoVKD0DPOEHVf/dYy8j+tnWr/sDPkUZJqFtGPRX4qQMeQJQo9LhnVYmAUsnNrUD7KJFqk3vOhOD8/vJf0NwrO3bZOdsvHNUncSyQLbJNisQhB+SInJBT0iCU3JAH8kSerVvr0XqxXj+sU9ZkZpP8KOvtHfaBqmA=</latexit> SLIDE 17
Not a single proof assistant for all but proof assistants for everyone 11
Functional Extensionality
Applications: prove monadic laws, for instance for states actually useful as soon as we need to deal with equality of functions
∀A B (f g : ∀a : A, B a), (∀a, f a = g a) → f = g
<latexit sha1_base64="sqAD2wG+DQ2YJIpdMsvY/R3PhQ=">ACRHicbVDLSgNBEJz1bXxFPXpDEKEHZFUAIBEy8eFUwMZEPoncxuBmcfzMwqIeTjvPgB3vwCLx4U8SrOxi+GnoqrpnvISwZW27Xtranpmdm5+YTG3tLyupZf32iqOJWUNWgsYtnyUDHBI9bQXAvWSiTD0BPswrs8zvSLKyYVj6NzPUhYJ8Qg4j6nqA3VzbdP5YoBNTAhbrpom+eACrwKWAFaqWxhLslKH7RJcicCFUw9kx0JQ/6GqWMr41UhaCbL9hle1zwFzgTUCTOu3m79xeTNOQRZoKVKrt2InuDFqTgUb5dxUsQTpJQasbWCEIVOd4TiEewYpgfmOtORhjH7fWKIoVKD0DPOEHVf/dYy8j+tnWr/sDPkUZJqFtGPRX4qQMeQJQo9LhnVYmAUsnNrUD7KJFqk3vOhOD8/vJf0NwrO3bZOdsvHNUncSyQLbJNisQhB+SInJBT0iCU3JAH8kSerVvr0XqxXj+sU9ZkZpP8KOvtHfaBqmA=</latexit><latexit sha1_base64="sqAD2wG+DQ2YJIpdMsvY/R3PhQ=">ACRHicbVDLSgNBEJz1bXxFPXpDEKEHZFUAIBEy8eFUwMZEPoncxuBmcfzMwqIeTjvPgB3vwCLx4U8SrOxi+GnoqrpnvISwZW27Xtranpmdm5+YTG3tLyupZf32iqOJWUNWgsYtnyUDHBI9bQXAvWSiTD0BPswrs8zvSLKyYVj6NzPUhYJ8Qg4j6nqA3VzbdP5YoBNTAhbrpom+eACrwKWAFaqWxhLslKH7RJcicCFUw9kx0JQ/6GqWMr41UhaCbL9hle1zwFzgTUCTOu3m79xeTNOQRZoKVKrt2InuDFqTgUb5dxUsQTpJQasbWCEIVOd4TiEewYpgfmOtORhjH7fWKIoVKD0DPOEHVf/dYy8j+tnWr/sDPkUZJqFtGPRX4qQMeQJQo9LhnVYmAUsnNrUD7KJFqk3vOhOD8/vJf0NwrO3bZOdsvHNUncSyQLbJNisQhB+SInJBT0iCU3JAH8kSerVvr0XqxXj+sU9ZkZpP8KOvtHfaBqmA=</latexit><latexit sha1_base64="sqAD2wG+DQ2YJIpdMsvY/R3PhQ=">ACRHicbVDLSgNBEJz1bXxFPXpDEKEHZFUAIBEy8eFUwMZEPoncxuBmcfzMwqIeTjvPgB3vwCLx4U8SrOxi+GnoqrpnvISwZW27Xtranpmdm5+YTG3tLyupZf32iqOJWUNWgsYtnyUDHBI9bQXAvWSiTD0BPswrs8zvSLKyYVj6NzPUhYJ8Qg4j6nqA3VzbdP5YoBNTAhbrpom+eACrwKWAFaqWxhLslKH7RJcicCFUw9kx0JQ/6GqWMr41UhaCbL9hle1zwFzgTUCTOu3m79xeTNOQRZoKVKrt2InuDFqTgUb5dxUsQTpJQasbWCEIVOd4TiEewYpgfmOtORhjH7fWKIoVKD0DPOEHVf/dYy8j+tnWr/sDPkUZJqFtGPRX4qQMeQJQo9LhnVYmAUsnNrUD7KJFqk3vOhOD8/vJf0NwrO3bZOdsvHNUncSyQLbJNisQhB+SInJBT0iCU3JAH8kSerVvr0XqxXj+sU9ZkZpP8KOvtHfaBqmA=</latexit><latexit sha1_base64="sqAD2wG+DQ2YJIpdMsvY/R3PhQ=">ACRHicbVDLSgNBEJz1bXxFPXpDEKEHZFUAIBEy8eFUwMZEPoncxuBmcfzMwqIeTjvPgB3vwCLx4U8SrOxi+GnoqrpnvISwZW27Xtranpmdm5+YTG3tLyupZf32iqOJWUNWgsYtnyUDHBI9bQXAvWSiTD0BPswrs8zvSLKyYVj6NzPUhYJ8Qg4j6nqA3VzbdP5YoBNTAhbrpom+eACrwKWAFaqWxhLslKH7RJcicCFUw9kx0JQ/6GqWMr41UhaCbL9hle1zwFzgTUCTOu3m79xeTNOQRZoKVKrt2InuDFqTgUb5dxUsQTpJQasbWCEIVOd4TiEewYpgfmOtORhjH7fWKIoVKD0DPOEHVf/dYy8j+tnWr/sDPkUZJqFtGPRX4qQMeQJQo9LhnVYmAUsnNrUD7KJFqk3vOhOD8/vJf0NwrO3bZOdsvHNUncSyQLbJNisQhB+SInJBT0iCU3JAH8kSerVvr0XqxXj+sU9ZkZpP8KOvtHfaBqmA=</latexit> SLIDE 18
Not a single proof assistant for all but proof assistants for everyone 12
Univalence
8(A B : Type), A ' B ! A = B
<latexit sha1_base64="pvpMkLrq3mCtURYQAKG+SGAJCc=">ACJnicbVDLSgMxFM3UV62vqks3wSJUkDIjgiIUat24rNAXdIaSTNtaOZhckcpQ7/Gjb/ixkVFxJ2fYtrOQlsPBA7n3EvuOW4kuALT/DIyK6tr6xvZzdzW9s7uXn7/oKnCWFLWoKEIZdsligkesAZwEKwdSUZ8V7CWO7yd+q1HJhUPgzqMIub4pB9wj1MCWurmy7YXSiIELt5gG1fxNbZ9AgOApK6nx6dnWOuK+xBm7bk/QEQKcMnLZdxtZsvmCVzBrxMrJQUIpaNz+xeyGNfRYAFUSpjmVG4CREAqeCjXN2rFhE6JD0WUfTgPhMOcks5hifaKWH9b36BYBn6u+NhPhKjXxXT04zqEVvKv7ndWLwrpyEB1EMLKDzj7xYAjxtDPc45JRECNCJVc34rpgEhCQTeb0yVYi5GXSfO8ZJkl6/6iUKmdWTRETpGRWShS1RBd6iGoiZ/SKJujdeDHejA/jcz6aMdKdQ/QHxvcP1VOi6g=</latexit><latexit sha1_base64="pvpMkLrq3mCtURYQAKG+SGAJCc=">ACJnicbVDLSgMxFM3UV62vqks3wSJUkDIjgiIUat24rNAXdIaSTNtaOZhckcpQ7/Gjb/ixkVFxJ2fYtrOQlsPBA7n3EvuOW4kuALT/DIyK6tr6xvZzdzW9s7uXn7/oKnCWFLWoKEIZdsligkesAZwEKwdSUZ8V7CWO7yd+q1HJhUPgzqMIub4pB9wj1MCWurmy7YXSiIELt5gG1fxNbZ9AgOApK6nx6dnWOuK+xBm7bk/QEQKcMnLZdxtZsvmCVzBrxMrJQUIpaNz+xeyGNfRYAFUSpjmVG4CREAqeCjXN2rFhE6JD0WUfTgPhMOcks5hifaKWH9b36BYBn6u+NhPhKjXxXT04zqEVvKv7ndWLwrpyEB1EMLKDzj7xYAjxtDPc45JRECNCJVc34rpgEhCQTeb0yVYi5GXSfO8ZJkl6/6iUKmdWTRETpGRWShS1RBd6iGoiZ/SKJujdeDHejA/jcz6aMdKdQ/QHxvcP1VOi6g=</latexit><latexit sha1_base64="pvpMkLrq3mCtURYQAKG+SGAJCc=">ACJnicbVDLSgMxFM3UV62vqks3wSJUkDIjgiIUat24rNAXdIaSTNtaOZhckcpQ7/Gjb/ixkVFxJ2fYtrOQlsPBA7n3EvuOW4kuALT/DIyK6tr6xvZzdzW9s7uXn7/oKnCWFLWoKEIZdsligkesAZwEKwdSUZ8V7CWO7yd+q1HJhUPgzqMIub4pB9wj1MCWurmy7YXSiIELt5gG1fxNbZ9AgOApK6nx6dnWOuK+xBm7bk/QEQKcMnLZdxtZsvmCVzBrxMrJQUIpaNz+xeyGNfRYAFUSpjmVG4CREAqeCjXN2rFhE6JD0WUfTgPhMOcks5hifaKWH9b36BYBn6u+NhPhKjXxXT04zqEVvKv7ndWLwrpyEB1EMLKDzj7xYAjxtDPc45JRECNCJVc34rpgEhCQTeb0yVYi5GXSfO8ZJkl6/6iUKmdWTRETpGRWShS1RBd6iGoiZ/SKJujdeDHejA/jcz6aMdKdQ/QHxvcP1VOi6g=</latexit><latexit sha1_base64="pvpMkLrq3mCtURYQAKG+SGAJCc=">ACJnicbVDLSgMxFM3UV62vqks3wSJUkDIjgiIUat24rNAXdIaSTNtaOZhckcpQ7/Gjb/ixkVFxJ2fYtrOQlsPBA7n3EvuOW4kuALT/DIyK6tr6xvZzdzW9s7uXn7/oKnCWFLWoKEIZdsligkesAZwEKwdSUZ8V7CWO7yd+q1HJhUPgzqMIub4pB9wj1MCWurmy7YXSiIELt5gG1fxNbZ9AgOApK6nx6dnWOuK+xBm7bk/QEQKcMnLZdxtZsvmCVzBrxMrJQUIpaNz+xeyGNfRYAFUSpjmVG4CREAqeCjXN2rFhE6JD0WUfTgPhMOcks5hifaKWH9b36BYBn6u+NhPhKjXxXT04zqEVvKv7ndWLwrpyEB1EMLKDzj7xYAjxtDPc45JRECNCJVc34rpgEhCQTeb0yVYi5GXSfO8ZJkl6/6iUKmdWTRETpGRWShS1RBd6iGoiZ/SKJujdeDHejA/jcz6aMdKdQ/QHxvcP1VOi6g=</latexit> SLIDE 19
Not a single proof assistant for all but proof assistants for everyone 12
Univalence
Applications: conversion between equivalent structures synthetic homotopy
8(A B : Type), A ' B ! A = B
<latexit sha1_base64="pvpMkLrq3mCtURYQAKG+SGAJCc=">ACJnicbVDLSgMxFM3UV62vqks3wSJUkDIjgiIUat24rNAXdIaSTNtaOZhckcpQ7/Gjb/ixkVFxJ2fYtrOQlsPBA7n3EvuOW4kuALT/DIyK6tr6xvZzdzW9s7uXn7/oKnCWFLWoKEIZdsligkesAZwEKwdSUZ8V7CWO7yd+q1HJhUPgzqMIub4pB9wj1MCWurmy7YXSiIELt5gG1fxNbZ9AgOApK6nx6dnWOuK+xBm7bk/QEQKcMnLZdxtZsvmCVzBrxMrJQUIpaNz+xeyGNfRYAFUSpjmVG4CREAqeCjXN2rFhE6JD0WUfTgPhMOcks5hifaKWH9b36BYBn6u+NhPhKjXxXT04zqEVvKv7ndWLwrpyEB1EMLKDzj7xYAjxtDPc45JRECNCJVc34rpgEhCQTeb0yVYi5GXSfO8ZJkl6/6iUKmdWTRETpGRWShS1RBd6iGoiZ/SKJujdeDHejA/jcz6aMdKdQ/QHxvcP1VOi6g=</latexit><latexit sha1_base64="pvpMkLrq3mCtURYQAKG+SGAJCc=">ACJnicbVDLSgMxFM3UV62vqks3wSJUkDIjgiIUat24rNAXdIaSTNtaOZhckcpQ7/Gjb/ixkVFxJ2fYtrOQlsPBA7n3EvuOW4kuALT/DIyK6tr6xvZzdzW9s7uXn7/oKnCWFLWoKEIZdsligkesAZwEKwdSUZ8V7CWO7yd+q1HJhUPgzqMIub4pB9wj1MCWurmy7YXSiIELt5gG1fxNbZ9AgOApK6nx6dnWOuK+xBm7bk/QEQKcMnLZdxtZsvmCVzBrxMrJQUIpaNz+xeyGNfRYAFUSpjmVG4CREAqeCjXN2rFhE6JD0WUfTgPhMOcks5hifaKWH9b36BYBn6u+NhPhKjXxXT04zqEVvKv7ndWLwrpyEB1EMLKDzj7xYAjxtDPc45JRECNCJVc34rpgEhCQTeb0yVYi5GXSfO8ZJkl6/6iUKmdWTRETpGRWShS1RBd6iGoiZ/SKJujdeDHejA/jcz6aMdKdQ/QHxvcP1VOi6g=</latexit><latexit sha1_base64="pvpMkLrq3mCtURYQAKG+SGAJCc=">ACJnicbVDLSgMxFM3UV62vqks3wSJUkDIjgiIUat24rNAXdIaSTNtaOZhckcpQ7/Gjb/ixkVFxJ2fYtrOQlsPBA7n3EvuOW4kuALT/DIyK6tr6xvZzdzW9s7uXn7/oKnCWFLWoKEIZdsligkesAZwEKwdSUZ8V7CWO7yd+q1HJhUPgzqMIub4pB9wj1MCWurmy7YXSiIELt5gG1fxNbZ9AgOApK6nx6dnWOuK+xBm7bk/QEQKcMnLZdxtZsvmCVzBrxMrJQUIpaNz+xeyGNfRYAFUSpjmVG4CREAqeCjXN2rFhE6JD0WUfTgPhMOcks5hifaKWH9b36BYBn6u+NhPhKjXxXT04zqEVvKv7ndWLwrpyEB1EMLKDzj7xYAjxtDPc45JRECNCJVc34rpgEhCQTeb0yVYi5GXSfO8ZJkl6/6iUKmdWTRETpGRWShS1RBd6iGoiZ/SKJujdeDHejA/jcz6aMdKdQ/QHxvcP1VOi6g=</latexit><latexit sha1_base64="pvpMkLrq3mCtURYQAKG+SGAJCc=">ACJnicbVDLSgMxFM3UV62vqks3wSJUkDIjgiIUat24rNAXdIaSTNtaOZhckcpQ7/Gjb/ixkVFxJ2fYtrOQlsPBA7n3EvuOW4kuALT/DIyK6tr6xvZzdzW9s7uXn7/oKnCWFLWoKEIZdsligkesAZwEKwdSUZ8V7CWO7yd+q1HJhUPgzqMIub4pB9wj1MCWurmy7YXSiIELt5gG1fxNbZ9AgOApK6nx6dnWOuK+xBm7bk/QEQKcMnLZdxtZsvmCVzBrxMrJQUIpaNz+xeyGNfRYAFUSpjmVG4CREAqeCjXN2rFhE6JD0WUfTgPhMOcks5hifaKWH9b36BYBn6u+NhPhKjXxXT04zqEVvKv7ndWLwrpyEB1EMLKDzj7xYAjxtDPc45JRECNCJVc34rpgEhCQTeb0yVYi5GXSfO8ZJkl6/6iUKmdWTRETpGRWShS1RBd6iGoiZ/SKJujdeDHejA/jcz6aMdKdQ/QHxvcP1VOi6g=</latexit> SLIDE 20
Not a single proof assistant for all but proof assistants for everyone 13
Uniqueness of Identity Proof
∀A (x y : A) (e e0 : x = y), e = e0
<latexit sha1_base64="fQdRyP9J6gr2Cuo3Qj+xdqYpg=">ACG3icbVBLSwMxEM7WV62vVY9egkXagpTdIiC0OrFYwX7gO5Ssum0Dc0+SLSpfR/ePGvePGgiCfBg/G9HQ1oHMfPNDJn5vIgzqSzr20itrK6tb6Q3M1vbO7t75v5BXYaxoFCjIQ9F0yMSOAugpji0IwEN/j0PAGN5N64wGEZGFwr5IXJ/0AtZlChNtc2S0w0F4RxXsIPzQ+0SfIkrhUkG2kFOp0N8hZPCKQYdIdc2s1bRmhpeBvYcZNHcqm3z0+mENPYhUJQTKVu2FSl3RIRilM48QSIkIHpActDQPig3RH09vG+EQzHayX1C9QeMr+nhgRX8rE93SnT1RfLtYm5H+1Vqy6F+6IBVGsIKCzj7oxyrE6FwhwmgicaECqY3hXTPhGEKi1nRotgL568DOqlom0V7buzbPl6LkcaHaFjlEc2OkdldIuqIYoekTP6BW9GU/Gi/FufMxaU8Z85hD9MePrBxPmy0=</latexit><latexit sha1_base64="fQdRyP9J6gr2Cuo3Qj+xdqYpg=">ACG3icbVBLSwMxEM7WV62vVY9egkXagpTdIiC0OrFYwX7gO5Ssum0Dc0+SLSpfR/ePGvePGgiCfBg/G9HQ1oHMfPNDJn5vIgzqSzr20itrK6tb6Q3M1vbO7t75v5BXYaxoFCjIQ9F0yMSOAugpji0IwEN/j0PAGN5N64wGEZGFwr5IXJ/0AtZlChNtc2S0w0F4RxXsIPzQ+0SfIkrhUkG2kFOp0N8hZPCKQYdIdc2s1bRmhpeBvYcZNHcqm3z0+mENPYhUJQTKVu2FSl3RIRilM48QSIkIHpActDQPig3RH09vG+EQzHayX1C9QeMr+nhgRX8rE93SnT1RfLtYm5H+1Vqy6F+6IBVGsIKCzj7oxyrE6FwhwmgicaECqY3hXTPhGEKi1nRotgL568DOqlom0V7buzbPl6LkcaHaFjlEc2OkdldIuqIYoekTP6BW9GU/Gi/FufMxaU8Z85hD9MePrBxPmy0=</latexit><latexit sha1_base64="fQdRyP9J6gr2Cuo3Qj+xdqYpg=">ACG3icbVBLSwMxEM7WV62vVY9egkXagpTdIiC0OrFYwX7gO5Ssum0Dc0+SLSpfR/ePGvePGgiCfBg/G9HQ1oHMfPNDJn5vIgzqSzr20itrK6tb6Q3M1vbO7t75v5BXYaxoFCjIQ9F0yMSOAugpji0IwEN/j0PAGN5N64wGEZGFwr5IXJ/0AtZlChNtc2S0w0F4RxXsIPzQ+0SfIkrhUkG2kFOp0N8hZPCKQYdIdc2s1bRmhpeBvYcZNHcqm3z0+mENPYhUJQTKVu2FSl3RIRilM48QSIkIHpActDQPig3RH09vG+EQzHayX1C9QeMr+nhgRX8rE93SnT1RfLtYm5H+1Vqy6F+6IBVGsIKCzj7oxyrE6FwhwmgicaECqY3hXTPhGEKi1nRotgL568DOqlom0V7buzbPl6LkcaHaFjlEc2OkdldIuqIYoekTP6BW9GU/Gi/FufMxaU8Z85hD9MePrBxPmy0=</latexit><latexit sha1_base64="fQdRyP9J6gr2Cuo3Qj+xdqYpg=">ACG3icbVBLSwMxEM7WV62vVY9egkXagpTdIiC0OrFYwX7gO5Ssum0Dc0+SLSpfR/ePGvePGgiCfBg/G9HQ1oHMfPNDJn5vIgzqSzr20itrK6tb6Q3M1vbO7t75v5BXYaxoFCjIQ9F0yMSOAugpji0IwEN/j0PAGN5N64wGEZGFwr5IXJ/0AtZlChNtc2S0w0F4RxXsIPzQ+0SfIkrhUkG2kFOp0N8hZPCKQYdIdc2s1bRmhpeBvYcZNHcqm3z0+mENPYhUJQTKVu2FSl3RIRilM48QSIkIHpActDQPig3RH09vG+EQzHayX1C9QeMr+nhgRX8rE93SnT1RfLtYm5H+1Vqy6F+6IBVGsIKCzj7oxyrE6FwhwmgicaECqY3hXTPhGEKi1nRotgL568DOqlom0V7buzbPl6LkcaHaFjlEc2OkdldIuqIYoekTP6BW9GU/Gi/FufMxaU8Z85hD9MePrBxPmy0=</latexit> SLIDE 21
Not a single proof assistant for all but proof assistants for everyone 13
Uniqueness of Identity Proof
Applications: avoid higher coherence issue
∀A (x y : A) (e e0 : x = y), e = e0
<latexit sha1_base64="fQdRyP9J6gr2Cuo3Qj+xdqYpg=">ACG3icbVBLSwMxEM7WV62vVY9egkXagpTdIiC0OrFYwX7gO5Ssum0Dc0+SLSpfR/ePGvePGgiCfBg/G9HQ1oHMfPNDJn5vIgzqSzr20itrK6tb6Q3M1vbO7t75v5BXYaxoFCjIQ9F0yMSOAugpji0IwEN/j0PAGN5N64wGEZGFwr5IXJ/0AtZlChNtc2S0w0F4RxXsIPzQ+0SfIkrhUkG2kFOp0N8hZPCKQYdIdc2s1bRmhpeBvYcZNHcqm3z0+mENPYhUJQTKVu2FSl3RIRilM48QSIkIHpActDQPig3RH09vG+EQzHayX1C9QeMr+nhgRX8rE93SnT1RfLtYm5H+1Vqy6F+6IBVGsIKCzj7oxyrE6FwhwmgicaECqY3hXTPhGEKi1nRotgL568DOqlom0V7buzbPl6LkcaHaFjlEc2OkdldIuqIYoekTP6BW9GU/Gi/FufMxaU8Z85hD9MePrBxPmy0=</latexit><latexit sha1_base64="fQdRyP9J6gr2Cuo3Qj+xdqYpg=">ACG3icbVBLSwMxEM7WV62vVY9egkXagpTdIiC0OrFYwX7gO5Ssum0Dc0+SLSpfR/ePGvePGgiCfBg/G9HQ1oHMfPNDJn5vIgzqSzr20itrK6tb6Q3M1vbO7t75v5BXYaxoFCjIQ9F0yMSOAugpji0IwEN/j0PAGN5N64wGEZGFwr5IXJ/0AtZlChNtc2S0w0F4RxXsIPzQ+0SfIkrhUkG2kFOp0N8hZPCKQYdIdc2s1bRmhpeBvYcZNHcqm3z0+mENPYhUJQTKVu2FSl3RIRilM48QSIkIHpActDQPig3RH09vG+EQzHayX1C9QeMr+nhgRX8rE93SnT1RfLtYm5H+1Vqy6F+6IBVGsIKCzj7oxyrE6FwhwmgicaECqY3hXTPhGEKi1nRotgL568DOqlom0V7buzbPl6LkcaHaFjlEc2OkdldIuqIYoekTP6BW9GU/Gi/FufMxaU8Z85hD9MePrBxPmy0=</latexit><latexit sha1_base64="fQdRyP9J6gr2Cuo3Qj+xdqYpg=">ACG3icbVBLSwMxEM7WV62vVY9egkXagpTdIiC0OrFYwX7gO5Ssum0Dc0+SLSpfR/ePGvePGgiCfBg/G9HQ1oHMfPNDJn5vIgzqSzr20itrK6tb6Q3M1vbO7t75v5BXYaxoFCjIQ9F0yMSOAugpji0IwEN/j0PAGN5N64wGEZGFwr5IXJ/0AtZlChNtc2S0w0F4RxXsIPzQ+0SfIkrhUkG2kFOp0N8hZPCKQYdIdc2s1bRmhpeBvYcZNHcqm3z0+mENPYhUJQTKVu2FSl3RIRilM48QSIkIHpActDQPig3RH09vG+EQzHayX1C9QeMr+nhgRX8rE93SnT1RfLtYm5H+1Vqy6F+6IBVGsIKCzj7oxyrE6FwhwmgicaECqY3hXTPhGEKi1nRotgL568DOqlom0V7buzbPl6LkcaHaFjlEc2OkdldIuqIYoekTP6BW9GU/Gi/FufMxaU8Z85hD9MePrBxPmy0=</latexit><latexit sha1_base64="fQdRyP9J6gr2Cuo3Qj+xdqYpg=">ACG3icbVBLSwMxEM7WV62vVY9egkXagpTdIiC0OrFYwX7gO5Ssum0Dc0+SLSpfR/ePGvePGgiCfBg/G9HQ1oHMfPNDJn5vIgzqSzr20itrK6tb6Q3M1vbO7t75v5BXYaxoFCjIQ9F0yMSOAugpji0IwEN/j0PAGN5N64wGEZGFwr5IXJ/0AtZlChNtc2S0w0F4RxXsIPzQ+0SfIkrhUkG2kFOp0N8hZPCKQYdIdc2s1bRmhpeBvYcZNHcqm3z0+mENPYhUJQTKVu2FSl3RIRilM48QSIkIHpActDQPig3RH09vG+EQzHayX1C9QeMr+nhgRX8rE93SnT1RfLtYm5H+1Vqy6F+6IBVGsIKCzj7oxyrE6FwhwmgicaECqY3hXTPhGEKi1nRotgL568DOqlom0V7buzbPl6LkcaHaFjlEc2OkdldIuqIYoekTP6BW9GU/Gi/FufMxaU8Z85hD9MePrBxPmy0=</latexit> SLIDE 22
Not a single proof assistant for all but proof assistants for everyone 14
Definitional Proof Irrelevance
∀ (P : Prop)(x y : P), x ≡ y
<latexit sha1_base64="ksPgdqmlU6BJYnplxUGZ1PvRvyk=">ACH3icbVDLSgMxFM34rPVdekmWIQWpMyIqHRVdONyBPuAzlAyadqGZh4md4rD0D9x46+4caGIuOvfmLaz0NYDgZNz7+We7xIcAWmOTFWVtfWNzZzW/ntnd29/cLBYUOFsaSsTkMRypZHFBM8YHXgIFgrkoz4nmBNb3g7rTdHTCoeBg+QRMz1ST/gPU4JaKlTuHR6oSRCYAfjkl1fAIDgNSWYTQu49KT1hNcxXb5TDP9Y48xH+GkUyiaFXMGvEysjBRBrtT+Ha6IY19FgAVRKm2ZUbgpkQCp4KN806sWETokPRZW9OA+Ey56ey+MT7VShdro/oFgGfq74mU+Eolvqc7p/7VYm0q/ldrx9C7dlMeRDGwgM4X9WKBIcTsHCXS0ZBJoQKrn2iumASEJBR5rXIViLJy+TxnFMivW/UWxdpPFkUPH6ASVkIWuUA3dIRvVEUXP6BW9ow/jxXgzPo2veuKkc0coT8wJj9Y6aAI</latexit><latexit sha1_base64="ksPgdqmlU6BJYnplxUGZ1PvRvyk=">ACH3icbVDLSgMxFM34rPVdekmWIQWpMyIqHRVdONyBPuAzlAyadqGZh4md4rD0D9x46+4caGIuOvfmLaz0NYDgZNz7+We7xIcAWmOTFWVtfWNzZzW/ntnd29/cLBYUOFsaSsTkMRypZHFBM8YHXgIFgrkoz4nmBNb3g7rTdHTCoeBg+QRMz1ST/gPU4JaKlTuHR6oSRCYAfjkl1fAIDgNSWYTQu49KT1hNcxXb5TDP9Y48xH+GkUyiaFXMGvEysjBRBrtT+Ha6IY19FgAVRKm2ZUbgpkQCp4KN806sWETokPRZW9OA+Ey56ey+MT7VShdro/oFgGfq74mU+Eolvqc7p/7VYm0q/ldrx9C7dlMeRDGwgM4X9WKBIcTsHCXS0ZBJoQKrn2iumASEJBR5rXIViLJy+TxnFMivW/UWxdpPFkUPH6ASVkIWuUA3dIRvVEUXP6BW9ow/jxXgzPo2veuKkc0coT8wJj9Y6aAI</latexit><latexit sha1_base64="ksPgdqmlU6BJYnplxUGZ1PvRvyk=">ACH3icbVDLSgMxFM34rPVdekmWIQWpMyIqHRVdONyBPuAzlAyadqGZh4md4rD0D9x46+4caGIuOvfmLaz0NYDgZNz7+We7xIcAWmOTFWVtfWNzZzW/ntnd29/cLBYUOFsaSsTkMRypZHFBM8YHXgIFgrkoz4nmBNb3g7rTdHTCoeBg+QRMz1ST/gPU4JaKlTuHR6oSRCYAfjkl1fAIDgNSWYTQu49KT1hNcxXb5TDP9Y48xH+GkUyiaFXMGvEysjBRBrtT+Ha6IY19FgAVRKm2ZUbgpkQCp4KN806sWETokPRZW9OA+Ey56ey+MT7VShdro/oFgGfq74mU+Eolvqc7p/7VYm0q/ldrx9C7dlMeRDGwgM4X9WKBIcTsHCXS0ZBJoQKrn2iumASEJBR5rXIViLJy+TxnFMivW/UWxdpPFkUPH6ASVkIWuUA3dIRvVEUXP6BW9ow/jxXgzPo2veuKkc0coT8wJj9Y6aAI</latexit><latexit sha1_base64="ksPgdqmlU6BJYnplxUGZ1PvRvyk=">ACH3icbVDLSgMxFM34rPVdekmWIQWpMyIqHRVdONyBPuAzlAyadqGZh4md4rD0D9x46+4caGIuOvfmLaz0NYDgZNz7+We7xIcAWmOTFWVtfWNzZzW/ntnd29/cLBYUOFsaSsTkMRypZHFBM8YHXgIFgrkoz4nmBNb3g7rTdHTCoeBg+QRMz1ST/gPU4JaKlTuHR6oSRCYAfjkl1fAIDgNSWYTQu49KT1hNcxXb5TDP9Y48xH+GkUyiaFXMGvEysjBRBrtT+Ha6IY19FgAVRKm2ZUbgpkQCp4KN806sWETokPRZW9OA+Ey56ey+MT7VShdro/oFgGfq74mU+Eolvqc7p/7VYm0q/ldrx9C7dlMeRDGwgM4X9WKBIcTsHCXS0ZBJoQKrn2iumASEJBR5rXIViLJy+TxnFMivW/UWxdpPFkUPH6ASVkIWuUA3dIRvVEUXP6BW9ow/jxXgzPo2veuKkc0coT8wJj9Y6aAI</latexit> SLIDE 23
Not a single proof assistant for all but proof assistants for everyone 14
Definitional Proof Irrelevance
∀ (P : Prop)(x y : P), x ≡ y
<latexit sha1_base64="ksPgdqmlU6BJYnplxUGZ1PvRvyk=">ACH3icbVDLSgMxFM34rPVdekmWIQWpMyIqHRVdONyBPuAzlAyadqGZh4md4rD0D9x46+4caGIuOvfmLaz0NYDgZNz7+We7xIcAWmOTFWVtfWNzZzW/ntnd29/cLBYUOFsaSsTkMRypZHFBM8YHXgIFgrkoz4nmBNb3g7rTdHTCoeBg+QRMz1ST/gPU4JaKlTuHR6oSRCYAfjkl1fAIDgNSWYTQu49KT1hNcxXb5TDP9Y48xH+GkUyiaFXMGvEysjBRBrtT+Ha6IY19FgAVRKm2ZUbgpkQCp4KN806sWETokPRZW9OA+Ey56ey+MT7VShdro/oFgGfq74mU+Eolvqc7p/7VYm0q/ldrx9C7dlMeRDGwgM4X9WKBIcTsHCXS0ZBJoQKrn2iumASEJBR5rXIViLJy+TxnFMivW/UWxdpPFkUPH6ASVkIWuUA3dIRvVEUXP6BW9ow/jxXgzPo2veuKkc0coT8wJj9Y6aAI</latexit><latexit sha1_base64="ksPgdqmlU6BJYnplxUGZ1PvRvyk=">ACH3icbVDLSgMxFM34rPVdekmWIQWpMyIqHRVdONyBPuAzlAyadqGZh4md4rD0D9x46+4caGIuOvfmLaz0NYDgZNz7+We7xIcAWmOTFWVtfWNzZzW/ntnd29/cLBYUOFsaSsTkMRypZHFBM8YHXgIFgrkoz4nmBNb3g7rTdHTCoeBg+QRMz1ST/gPU4JaKlTuHR6oSRCYAfjkl1fAIDgNSWYTQu49KT1hNcxXb5TDP9Y48xH+GkUyiaFXMGvEysjBRBrtT+Ha6IY19FgAVRKm2ZUbgpkQCp4KN806sWETokPRZW9OA+Ey56ey+MT7VShdro/oFgGfq74mU+Eolvqc7p/7VYm0q/ldrx9C7dlMeRDGwgM4X9WKBIcTsHCXS0ZBJoQKrn2iumASEJBR5rXIViLJy+TxnFMivW/UWxdpPFkUPH6ASVkIWuUA3dIRvVEUXP6BW9ow/jxXgzPo2veuKkc0coT8wJj9Y6aAI</latexit><latexit sha1_base64="ksPgdqmlU6BJYnplxUGZ1PvRvyk=">ACH3icbVDLSgMxFM34rPVdekmWIQWpMyIqHRVdONyBPuAzlAyadqGZh4md4rD0D9x46+4caGIuOvfmLaz0NYDgZNz7+We7xIcAWmOTFWVtfWNzZzW/ntnd29/cLBYUOFsaSsTkMRypZHFBM8YHXgIFgrkoz4nmBNb3g7rTdHTCoeBg+QRMz1ST/gPU4JaKlTuHR6oSRCYAfjkl1fAIDgNSWYTQu49KT1hNcxXb5TDP9Y48xH+GkUyiaFXMGvEysjBRBrtT+Ha6IY19FgAVRKm2ZUbgpkQCp4KN806sWETokPRZW9OA+Ey56ey+MT7VShdro/oFgGfq74mU+Eolvqc7p/7VYm0q/ldrx9C7dlMeRDGwgM4X9WKBIcTsHCXS0ZBJoQKrn2iumASEJBR5rXIViLJy+TxnFMivW/UWxdpPFkUPH6ASVkIWuUA3dIRvVEUXP6BW9ow/jxXgzPo2veuKkc0coT8wJj9Y6aAI</latexit><latexit sha1_base64="ksPgdqmlU6BJYnplxUGZ1PvRvyk=">ACH3icbVDLSgMxFM34rPVdekmWIQWpMyIqHRVdONyBPuAzlAyadqGZh4md4rD0D9x46+4caGIuOvfmLaz0NYDgZNz7+We7xIcAWmOTFWVtfWNzZzW/ntnd29/cLBYUOFsaSsTkMRypZHFBM8YHXgIFgrkoz4nmBNb3g7rTdHTCoeBg+QRMz1ST/gPU4JaKlTuHR6oSRCYAfjkl1fAIDgNSWYTQu49KT1hNcxXb5TDP9Y48xH+GkUyiaFXMGvEysjBRBrtT+Ha6IY19FgAVRKm2ZUbgpkQCp4KN806sWETokPRZW9OA+Ey56ey+MT7VShdro/oFgGfq74mU+Eolvqc7p/7VYm0q/ldrx9C7dlMeRDGwgM4X9WKBIcTsHCXS0ZBJoQKrn2iumASEJBR5rXIViLJy+TxnFMivW/UWxdpPFkUPH6ASVkIWuUA3dIRvVEUXP6BW9ow/jxXgzPo2veuKkc0coT8wJj9Y6aAI</latexit>Applications:
(n;prime_n) = (n;prime_n)
SLIDE 24
Not a single proof assistant for all but proof assistants for everyone 15
Exceptions
by a function raise : E → ΠA : ⇤. A wher limits the ability to catch exceptions on the
catchBe : ΠP : Be → ⇤e
i . P truee → P falsee →
which is subject to the following equations
→ (Πe : E. P (raise Be e)) → Πb : Be. P b
quations
SLIDE 25
Not a single proof assistant for all but proof assistants for everyone 15
Exceptions
Applications: partiality : define head without premisses importing Haskell functions into Coq (hs-to-coq project)
by a function raise : E → ΠA : ⇤. A wher limits the ability to catch exceptions on the
catchBe : ΠP : Be → ⇤e
i . P truee → P falsee →
which is subject to the following equations
→ (Πe : E. P (raise Be e)) → Πb : Be. P b
quations
SLIDE 26
Not a single proof assistant for all but proof assistants for everyone 16
Memory
write : Mem → N → ()
<latexit sha1_base64="7RahF5Fa+bhAz4Lqtz1apD4fgPs=">ACI3icbVBNS0JBFJ1nX2ZfVs2QxLYRt6LoHAltWlTGOQHqMi8aqD8z6YuS+Rh/+lTX+lTYtC2rTovzQ+XaR2YOBwzrncucNpdBo29Wam19Y3MrvZ3Z2d3bP8geHlV1ECkOFR7IQNVdpkEKHyoUEI9VMA8V0LNHdxO/dozKC0C/wlHIbQ81vNFV3CGRmpni02PYR8xHiqBMKZFeg8ebSrR6yNTKhjSJOC68cN4Qc6ft7M5u2AnoKvEmZMcmaPczk6anYBHvjIJdO64dghtmKmUHAJ40wz0hAyPmA9aBjqMw90K05uHNMzo3RoN1Dm+UgT9e9EzDytR5rktMP62VvKv7nNSLsXrdi4YcRgs9ni7qRpBjQaWG0IxRwlCNDGDclCU5nynG0dSaMSU4yevkupFwbELzuNlrnQzryNTsgpyROHXJESuSNlUiGcvJA38kE+rVfr3ZpYX7NoyprPHJMFWD+/h5KkxA=</latexit><latexit sha1_base64="7RahF5Fa+bhAz4Lqtz1apD4fgPs=">ACI3icbVBNS0JBFJ1nX2ZfVs2QxLYRt6LoHAltWlTGOQHqMi8aqD8z6YuS+Rh/+lTX+lTYtC2rTovzQ+XaR2YOBwzrncucNpdBo29Wam19Y3MrvZ3Z2d3bP8geHlV1ECkOFR7IQNVdpkEKHyoUEI9VMA8V0LNHdxO/dozKC0C/wlHIbQ81vNFV3CGRmpni02PYR8xHiqBMKZFeg8ebSrR6yNTKhjSJOC68cN4Qc6ft7M5u2AnoKvEmZMcmaPczk6anYBHvjIJdO64dghtmKmUHAJ40wz0hAyPmA9aBjqMw90K05uHNMzo3RoN1Dm+UgT9e9EzDytR5rktMP62VvKv7nNSLsXrdi4YcRgs9ni7qRpBjQaWG0IxRwlCNDGDclCU5nynG0dSaMSU4yevkupFwbELzuNlrnQzryNTsgpyROHXJESuSNlUiGcvJA38kE+rVfr3ZpYX7NoyprPHJMFWD+/h5KkxA=</latexit><latexit sha1_base64="7RahF5Fa+bhAz4Lqtz1apD4fgPs=">ACI3icbVBNS0JBFJ1nX2ZfVs2QxLYRt6LoHAltWlTGOQHqMi8aqD8z6YuS+Rh/+lTX+lTYtC2rTovzQ+XaR2YOBwzrncucNpdBo29Wam19Y3MrvZ3Z2d3bP8geHlV1ECkOFR7IQNVdpkEKHyoUEI9VMA8V0LNHdxO/dozKC0C/wlHIbQ81vNFV3CGRmpni02PYR8xHiqBMKZFeg8ebSrR6yNTKhjSJOC68cN4Qc6ft7M5u2AnoKvEmZMcmaPczk6anYBHvjIJdO64dghtmKmUHAJ40wz0hAyPmA9aBjqMw90K05uHNMzo3RoN1Dm+UgT9e9EzDytR5rktMP62VvKv7nNSLsXrdi4YcRgs9ni7qRpBjQaWG0IxRwlCNDGDclCU5nynG0dSaMSU4yevkupFwbELzuNlrnQzryNTsgpyROHXJESuSNlUiGcvJA38kE+rVfr3ZpYX7NoyprPHJMFWD+/h5KkxA=</latexit><latexit sha1_base64="7RahF5Fa+bhAz4Lqtz1apD4fgPs=">ACI3icbVBNS0JBFJ1nX2ZfVs2QxLYRt6LoHAltWlTGOQHqMi8aqD8z6YuS+Rh/+lTX+lTYtC2rTovzQ+XaR2YOBwzrncucNpdBo29Wam19Y3MrvZ3Z2d3bP8geHlV1ECkOFR7IQNVdpkEKHyoUEI9VMA8V0LNHdxO/dozKC0C/wlHIbQ81vNFV3CGRmpni02PYR8xHiqBMKZFeg8ebSrR6yNTKhjSJOC68cN4Qc6ft7M5u2AnoKvEmZMcmaPczk6anYBHvjIJdO64dghtmKmUHAJ40wz0hAyPmA9aBjqMw90K05uHNMzo3RoN1Dm+UgT9e9EzDytR5rktMP62VvKv7nNSLsXrdi4YcRgs9ni7qRpBjQaWG0IxRwlCNDGDclCU5nynG0dSaMSU4yevkupFwbELzuNlrnQzryNTsgpyROHXJESuSNlUiGcvJA38kE+rVfr3ZpYX7NoyprPHJMFWD+/h5KkxA=</latexit>read : Mem → N
<latexit sha1_base64="njxwQUtr7Mv4BvJyJbjY6z9otI0=">ACE3icbVDLSsNAFJ3UV62vqEs3g0UQFyURQXFVdONGqWAf0JQymUzaoZMHMzdKCfkHN/6KGxeKuHXjzr9xmahrQcGDufcw9x73FhwBZb1bZQWFpeWV8qrlbX1jc0tc3unpaJEUtakYhkxyWKCR6yJnAQrBNLRgJXsLY7upz47XsmFY/COxjHrBeQch9TgloqW8eOQGBIUCqQ16Gz/E1C7Aj+WAIRMroAe+6Y3Wd+sWjUrB54ndkGqECjb345XkSTgIVABVGqa1sx9FIigVPBsoqTKBYTOiID1tU0JAFTvTS/KcMHWvGwH0n9QsC5+juRkCpceDqycmGatabiP953QT8s17KwzgBFtLpR34iMER4UhD2uGQUxFgTQiXu2I6JQ0DVWdAn27MnzpHVcs62afXtSrV8UdZTRHtpHh8hGp6iOrlADNRFj+gZvaI348l4Md6Nj+loySgyu+gPjM8fO+yeXw=</latexit><latexit sha1_base64="njxwQUtr7Mv4BvJyJbjY6z9otI0=">ACE3icbVDLSsNAFJ3UV62vqEs3g0UQFyURQXFVdONGqWAf0JQymUzaoZMHMzdKCfkHN/6KGxeKuHXjzr9xmahrQcGDufcw9x73FhwBZb1bZQWFpeWV8qrlbX1jc0tc3unpaJEUtakYhkxyWKCR6yJnAQrBNLRgJXsLY7upz47XsmFY/COxjHrBeQch9TgloqW8eOQGBIUCqQ16Gz/E1C7Aj+WAIRMroAe+6Y3Wd+sWjUrB54ndkGqECjb345XkSTgIVABVGqa1sx9FIigVPBsoqTKBYTOiID1tU0JAFTvTS/KcMHWvGwH0n9QsC5+juRkCpceDqycmGatabiP953QT8s17KwzgBFtLpR34iMER4UhD2uGQUxFgTQiXu2I6JQ0DVWdAn27MnzpHVcs62afXtSrV8UdZTRHtpHh8hGp6iOrlADNRFj+gZvaI348l4Md6Nj+loySgyu+gPjM8fO+yeXw=</latexit><latexit sha1_base64="njxwQUtr7Mv4BvJyJbjY6z9otI0=">ACE3icbVDLSsNAFJ3UV62vqEs3g0UQFyURQXFVdONGqWAf0JQymUzaoZMHMzdKCfkHN/6KGxeKuHXjzr9xmahrQcGDufcw9x73FhwBZb1bZQWFpeWV8qrlbX1jc0tc3unpaJEUtakYhkxyWKCR6yJnAQrBNLRgJXsLY7upz47XsmFY/COxjHrBeQch9TgloqW8eOQGBIUCqQ16Gz/E1C7Aj+WAIRMroAe+6Y3Wd+sWjUrB54ndkGqECjb345XkSTgIVABVGqa1sx9FIigVPBsoqTKBYTOiID1tU0JAFTvTS/KcMHWvGwH0n9QsC5+juRkCpceDqycmGatabiP953QT8s17KwzgBFtLpR34iMER4UhD2uGQUxFgTQiXu2I6JQ0DVWdAn27MnzpHVcs62afXtSrV8UdZTRHtpHh8hGp6iOrlADNRFj+gZvaI348l4Md6Nj+loySgyu+gPjM8fO+yeXw=</latexit><latexit sha1_base64="njxwQUtr7Mv4BvJyJbjY6z9otI0=">ACE3icbVDLSsNAFJ3UV62vqEs3g0UQFyURQXFVdONGqWAf0JQymUzaoZMHMzdKCfkHN/6KGxeKuHXjzr9xmahrQcGDufcw9x73FhwBZb1bZQWFpeWV8qrlbX1jc0tc3unpaJEUtakYhkxyWKCR6yJnAQrBNLRgJXsLY7upz47XsmFY/COxjHrBeQch9TgloqW8eOQGBIUCqQ16Gz/E1C7Aj+WAIRMroAe+6Y3Wd+sWjUrB54ndkGqECjb345XkSTgIVABVGqa1sx9FIigVPBsoqTKBYTOiID1tU0JAFTvTS/KcMHWvGwH0n9QsC5+juRkCpceDqycmGatabiP953QT8s17KwzgBFtLpR34iMER4UhD2uGQUxFgTQiXu2I6JQ0DVWdAn27MnzpHVcs62afXtSrV8UdZTRHtpHh8hGp6iOrlADNRFj+gZvaI348l4Md6Nj+loySgyu+gPjM8fO+yeXw=</latexit> SLIDE 27
Not a single proof assistant for all but proof assistants for everyone 16
Memory
Applications: define and reason on efficient functions e.g., in computer algebra
write : Mem → N → ()
<latexit sha1_base64="7RahF5Fa+bhAz4Lqtz1apD4fgPs=">ACI3icbVBNS0JBFJ1nX2ZfVs2QxLYRt6LoHAltWlTGOQHqMi8aqD8z6YuS+Rh/+lTX+lTYtC2rTovzQ+XaR2YOBwzrncucNpdBo29Wam19Y3MrvZ3Z2d3bP8geHlV1ECkOFR7IQNVdpkEKHyoUEI9VMA8V0LNHdxO/dozKC0C/wlHIbQ81vNFV3CGRmpni02PYR8xHiqBMKZFeg8ebSrR6yNTKhjSJOC68cN4Qc6ft7M5u2AnoKvEmZMcmaPczk6anYBHvjIJdO64dghtmKmUHAJ40wz0hAyPmA9aBjqMw90K05uHNMzo3RoN1Dm+UgT9e9EzDytR5rktMP62VvKv7nNSLsXrdi4YcRgs9ni7qRpBjQaWG0IxRwlCNDGDclCU5nynG0dSaMSU4yevkupFwbELzuNlrnQzryNTsgpyROHXJESuSNlUiGcvJA38kE+rVfr3ZpYX7NoyprPHJMFWD+/h5KkxA=</latexit><latexit sha1_base64="7RahF5Fa+bhAz4Lqtz1apD4fgPs=">ACI3icbVBNS0JBFJ1nX2ZfVs2QxLYRt6LoHAltWlTGOQHqMi8aqD8z6YuS+Rh/+lTX+lTYtC2rTovzQ+XaR2YOBwzrncucNpdBo29Wam19Y3MrvZ3Z2d3bP8geHlV1ECkOFR7IQNVdpkEKHyoUEI9VMA8V0LNHdxO/dozKC0C/wlHIbQ81vNFV3CGRmpni02PYR8xHiqBMKZFeg8ebSrR6yNTKhjSJOC68cN4Qc6ft7M5u2AnoKvEmZMcmaPczk6anYBHvjIJdO64dghtmKmUHAJ40wz0hAyPmA9aBjqMw90K05uHNMzo3RoN1Dm+UgT9e9EzDytR5rktMP62VvKv7nNSLsXrdi4YcRgs9ni7qRpBjQaWG0IxRwlCNDGDclCU5nynG0dSaMSU4yevkupFwbELzuNlrnQzryNTsgpyROHXJESuSNlUiGcvJA38kE+rVfr3ZpYX7NoyprPHJMFWD+/h5KkxA=</latexit><latexit sha1_base64="7RahF5Fa+bhAz4Lqtz1apD4fgPs=">ACI3icbVBNS0JBFJ1nX2ZfVs2QxLYRt6LoHAltWlTGOQHqMi8aqD8z6YuS+Rh/+lTX+lTYtC2rTovzQ+XaR2YOBwzrncucNpdBo29Wam19Y3MrvZ3Z2d3bP8geHlV1ECkOFR7IQNVdpkEKHyoUEI9VMA8V0LNHdxO/dozKC0C/wlHIbQ81vNFV3CGRmpni02PYR8xHiqBMKZFeg8ebSrR6yNTKhjSJOC68cN4Qc6ft7M5u2AnoKvEmZMcmaPczk6anYBHvjIJdO64dghtmKmUHAJ40wz0hAyPmA9aBjqMw90K05uHNMzo3RoN1Dm+UgT9e9EzDytR5rktMP62VvKv7nNSLsXrdi4YcRgs9ni7qRpBjQaWG0IxRwlCNDGDclCU5nynG0dSaMSU4yevkupFwbELzuNlrnQzryNTsgpyROHXJESuSNlUiGcvJA38kE+rVfr3ZpYX7NoyprPHJMFWD+/h5KkxA=</latexit><latexit sha1_base64="7RahF5Fa+bhAz4Lqtz1apD4fgPs=">ACI3icbVBNS0JBFJ1nX2ZfVs2QxLYRt6LoHAltWlTGOQHqMi8aqD8z6YuS+Rh/+lTX+lTYtC2rTovzQ+XaR2YOBwzrncucNpdBo29Wam19Y3MrvZ3Z2d3bP8geHlV1ECkOFR7IQNVdpkEKHyoUEI9VMA8V0LNHdxO/dozKC0C/wlHIbQ81vNFV3CGRmpni02PYR8xHiqBMKZFeg8ebSrR6yNTKhjSJOC68cN4Qc6ft7M5u2AnoKvEmZMcmaPczk6anYBHvjIJdO64dghtmKmUHAJ40wz0hAyPmA9aBjqMw90K05uHNMzo3RoN1Dm+UgT9e9EzDytR5rktMP62VvKv7nNSLsXrdi4YcRgs9ni7qRpBjQaWG0IxRwlCNDGDclCU5nynG0dSaMSU4yevkupFwbELzuNlrnQzryNTsgpyROHXJESuSNlUiGcvJA38kE+rVfr3ZpYX7NoyprPHJMFWD+/h5KkxA=</latexit>read : Mem → N
<latexit sha1_base64="njxwQUtr7Mv4BvJyJbjY6z9otI0=">ACE3icbVDLSsNAFJ3UV62vqEs3g0UQFyURQXFVdONGqWAf0JQymUzaoZMHMzdKCfkHN/6KGxeKuHXjzr9xmahrQcGDufcw9x73FhwBZb1bZQWFpeWV8qrlbX1jc0tc3unpaJEUtakYhkxyWKCR6yJnAQrBNLRgJXsLY7upz47XsmFY/COxjHrBeQch9TgloqW8eOQGBIUCqQ16Gz/E1C7Aj+WAIRMroAe+6Y3Wd+sWjUrB54ndkGqECjb345XkSTgIVABVGqa1sx9FIigVPBsoqTKBYTOiID1tU0JAFTvTS/KcMHWvGwH0n9QsC5+juRkCpceDqycmGatabiP953QT8s17KwzgBFtLpR34iMER4UhD2uGQUxFgTQiXu2I6JQ0DVWdAn27MnzpHVcs62afXtSrV8UdZTRHtpHh8hGp6iOrlADNRFj+gZvaI348l4Md6Nj+loySgyu+gPjM8fO+yeXw=</latexit><latexit sha1_base64="njxwQUtr7Mv4BvJyJbjY6z9otI0=">ACE3icbVDLSsNAFJ3UV62vqEs3g0UQFyURQXFVdONGqWAf0JQymUzaoZMHMzdKCfkHN/6KGxeKuHXjzr9xmahrQcGDufcw9x73FhwBZb1bZQWFpeWV8qrlbX1jc0tc3unpaJEUtakYhkxyWKCR6yJnAQrBNLRgJXsLY7upz47XsmFY/COxjHrBeQch9TgloqW8eOQGBIUCqQ16Gz/E1C7Aj+WAIRMroAe+6Y3Wd+sWjUrB54ndkGqECjb345XkSTgIVABVGqa1sx9FIigVPBsoqTKBYTOiID1tU0JAFTvTS/KcMHWvGwH0n9QsC5+juRkCpceDqycmGatabiP953QT8s17KwzgBFtLpR34iMER4UhD2uGQUxFgTQiXu2I6JQ0DVWdAn27MnzpHVcs62afXtSrV8UdZTRHtpHh8hGp6iOrlADNRFj+gZvaI348l4Md6Nj+loySgyu+gPjM8fO+yeXw=</latexit><latexit sha1_base64="njxwQUtr7Mv4BvJyJbjY6z9otI0=">ACE3icbVDLSsNAFJ3UV62vqEs3g0UQFyURQXFVdONGqWAf0JQymUzaoZMHMzdKCfkHN/6KGxeKuHXjzr9xmahrQcGDufcw9x73FhwBZb1bZQWFpeWV8qrlbX1jc0tc3unpaJEUtakYhkxyWKCR6yJnAQrBNLRgJXsLY7upz47XsmFY/COxjHrBeQch9TgloqW8eOQGBIUCqQ16Gz/E1C7Aj+WAIRMroAe+6Y3Wd+sWjUrB54ndkGqECjb345XkSTgIVABVGqa1sx9FIigVPBsoqTKBYTOiID1tU0JAFTvTS/KcMHWvGwH0n9QsC5+juRkCpceDqycmGatabiP953QT8s17KwzgBFtLpR34iMER4UhD2uGQUxFgTQiXu2I6JQ0DVWdAn27MnzpHVcs62afXtSrV8UdZTRHtpHh8hGp6iOrlADNRFj+gZvaI348l4Md6Nj+loySgyu+gPjM8fO+yeXw=</latexit><latexit sha1_base64="njxwQUtr7Mv4BvJyJbjY6z9otI0=">ACE3icbVDLSsNAFJ3UV62vqEs3g0UQFyURQXFVdONGqWAf0JQymUzaoZMHMzdKCfkHN/6KGxeKuHXjzr9xmahrQcGDufcw9x73FhwBZb1bZQWFpeWV8qrlbX1jc0tc3unpaJEUtakYhkxyWKCR6yJnAQrBNLRgJXsLY7upz47XsmFY/COxjHrBeQch9TgloqW8eOQGBIUCqQ16Gz/E1C7Aj+WAIRMroAe+6Y3Wd+sWjUrB54ndkGqECjb345XkSTgIVABVGqa1sx9FIigVPBsoqTKBYTOiID1tU0JAFTvTS/KcMHWvGwH0n9QsC5+juRkCpceDqycmGatabiP953QT8s17KwzgBFtLpR34iMER4UhD2uGQUxFgTQiXu2I6JQ0DVWdAn27MnzpHVcs62afXtSrV8UdZTRHtpHh8hGp6iOrlADNRFj+gZvaI348l4Md6Nj+loySgyu+gPjM8fO+yeXw=</latexit> SLIDE 28
Not a single proof assistant for all but proof assistants for everyone 17
Non-determinism
nd : ∀ A, A → A → A
<latexit sha1_base64="F8Hht/AH6D1mgAf0fTiRb7AarDc=">ACIXicbVDLSsNAFJ34rPVdelmsAgupCQiWFy1unFZwT6gCWUymbRDJ5Mwc6OU0F9x46+4caFId+LPOG2z0NYDA2fOuZd7/ETwTXY9pe1srq2vrFZ2Cpu7+zu7ZcODls6ThVlTRqLWHV8opngkjWBg2CdRDES+YK1/eHt1G8/MqV5LB9glDAvIn3JQ04JGKlXqroRgQFAJoMxvsZuGCsiBHZx/RzXsat4fwBEqfhp8dcrle2KPQNeJk5OyihHo1eauEFM04hJoIJo3XsBLyMKOBUsHRTVLCB2SPusaKknEtJfNLhzjU6ME2CxngQ8U393ZCTSehT5pnJ6j170puJ/XjeFsOplXCYpMEng8JUYIjxNC4cMUoiJEhCpudsV0QBShYEItmhCcxZOXSeui4tgV5/6yXLvJ4yigY3SCzpCDrlAN3aEGaiKntErekcf1ov1Zn1ak3npipX3HKE/sL5/AMBYop8=</latexit><latexit sha1_base64="F8Hht/AH6D1mgAf0fTiRb7AarDc=">ACIXicbVDLSsNAFJ34rPVdelmsAgupCQiWFy1unFZwT6gCWUymbRDJ5Mwc6OU0F9x46+4caFId+LPOG2z0NYDA2fOuZd7/ETwTXY9pe1srq2vrFZ2Cpu7+zu7ZcODls6ThVlTRqLWHV8opngkjWBg2CdRDES+YK1/eHt1G8/MqV5LB9glDAvIn3JQ04JGKlXqroRgQFAJoMxvsZuGCsiBHZx/RzXsat4fwBEqfhp8dcrle2KPQNeJk5OyihHo1eauEFM04hJoIJo3XsBLyMKOBUsHRTVLCB2SPusaKknEtJfNLhzjU6ME2CxngQ8U393ZCTSehT5pnJ6j170puJ/XjeFsOplXCYpMEng8JUYIjxNC4cMUoiJEhCpudsV0QBShYEItmhCcxZOXSeui4tgV5/6yXLvJ4yigY3SCzpCDrlAN3aEGaiKntErekcf1ov1Zn1ak3npipX3HKE/sL5/AMBYop8=</latexit><latexit sha1_base64="F8Hht/AH6D1mgAf0fTiRb7AarDc=">ACIXicbVDLSsNAFJ34rPVdelmsAgupCQiWFy1unFZwT6gCWUymbRDJ5Mwc6OU0F9x46+4caFId+LPOG2z0NYDA2fOuZd7/ETwTXY9pe1srq2vrFZ2Cpu7+zu7ZcODls6ThVlTRqLWHV8opngkjWBg2CdRDES+YK1/eHt1G8/MqV5LB9glDAvIn3JQ04JGKlXqroRgQFAJoMxvsZuGCsiBHZx/RzXsat4fwBEqfhp8dcrle2KPQNeJk5OyihHo1eauEFM04hJoIJo3XsBLyMKOBUsHRTVLCB2SPusaKknEtJfNLhzjU6ME2CxngQ8U393ZCTSehT5pnJ6j170puJ/XjeFsOplXCYpMEng8JUYIjxNC4cMUoiJEhCpudsV0QBShYEItmhCcxZOXSeui4tgV5/6yXLvJ4yigY3SCzpCDrlAN3aEGaiKntErekcf1ov1Zn1ak3npipX3HKE/sL5/AMBYop8=</latexit><latexit sha1_base64="F8Hht/AH6D1mgAf0fTiRb7AarDc=">ACIXicbVDLSsNAFJ34rPVdelmsAgupCQiWFy1unFZwT6gCWUymbRDJ5Mwc6OU0F9x46+4caFId+LPOG2z0NYDA2fOuZd7/ETwTXY9pe1srq2vrFZ2Cpu7+zu7ZcODls6ThVlTRqLWHV8opngkjWBg2CdRDES+YK1/eHt1G8/MqV5LB9glDAvIn3JQ04JGKlXqroRgQFAJoMxvsZuGCsiBHZx/RzXsat4fwBEqfhp8dcrle2KPQNeJk5OyihHo1eauEFM04hJoIJo3XsBLyMKOBUsHRTVLCB2SPusaKknEtJfNLhzjU6ME2CxngQ8U393ZCTSehT5pnJ6j170puJ/XjeFsOplXCYpMEng8JUYIjxNC4cMUoiJEhCpudsV0QBShYEItmhCcxZOXSeui4tgV5/6yXLvJ4yigY3SCzpCDrlAN3aEGaiKntErekcf1ov1Zn1ak3npipX3HKE/sL5/AMBYop8=</latexit> SLIDE 29
Not a single proof assistant for all but proof assistants for everyone 17
Non-determinism
Applications: modelling and reasoning on physical phenomena which are non-deterministic (or similarly not entirely understood)
nd : ∀ A, A → A → A
<latexit sha1_base64="F8Hht/AH6D1mgAf0fTiRb7AarDc=">ACIXicbVDLSsNAFJ34rPVdelmsAgupCQiWFy1unFZwT6gCWUymbRDJ5Mwc6OU0F9x46+4caFId+LPOG2z0NYDA2fOuZd7/ETwTXY9pe1srq2vrFZ2Cpu7+zu7ZcODls6ThVlTRqLWHV8opngkjWBg2CdRDES+YK1/eHt1G8/MqV5LB9glDAvIn3JQ04JGKlXqroRgQFAJoMxvsZuGCsiBHZx/RzXsat4fwBEqfhp8dcrle2KPQNeJk5OyihHo1eauEFM04hJoIJo3XsBLyMKOBUsHRTVLCB2SPusaKknEtJfNLhzjU6ME2CxngQ8U393ZCTSehT5pnJ6j170puJ/XjeFsOplXCYpMEng8JUYIjxNC4cMUoiJEhCpudsV0QBShYEItmhCcxZOXSeui4tgV5/6yXLvJ4yigY3SCzpCDrlAN3aEGaiKntErekcf1ov1Zn1ak3npipX3HKE/sL5/AMBYop8=</latexit><latexit sha1_base64="F8Hht/AH6D1mgAf0fTiRb7AarDc=">ACIXicbVDLSsNAFJ34rPVdelmsAgupCQiWFy1unFZwT6gCWUymbRDJ5Mwc6OU0F9x46+4caFId+LPOG2z0NYDA2fOuZd7/ETwTXY9pe1srq2vrFZ2Cpu7+zu7ZcODls6ThVlTRqLWHV8opngkjWBg2CdRDES+YK1/eHt1G8/MqV5LB9glDAvIn3JQ04JGKlXqroRgQFAJoMxvsZuGCsiBHZx/RzXsat4fwBEqfhp8dcrle2KPQNeJk5OyihHo1eauEFM04hJoIJo3XsBLyMKOBUsHRTVLCB2SPusaKknEtJfNLhzjU6ME2CxngQ8U393ZCTSehT5pnJ6j170puJ/XjeFsOplXCYpMEng8JUYIjxNC4cMUoiJEhCpudsV0QBShYEItmhCcxZOXSeui4tgV5/6yXLvJ4yigY3SCzpCDrlAN3aEGaiKntErekcf1ov1Zn1ak3npipX3HKE/sL5/AMBYop8=</latexit><latexit sha1_base64="F8Hht/AH6D1mgAf0fTiRb7AarDc=">ACIXicbVDLSsNAFJ34rPVdelmsAgupCQiWFy1unFZwT6gCWUymbRDJ5Mwc6OU0F9x46+4caFId+LPOG2z0NYDA2fOuZd7/ETwTXY9pe1srq2vrFZ2Cpu7+zu7ZcODls6ThVlTRqLWHV8opngkjWBg2CdRDES+YK1/eHt1G8/MqV5LB9glDAvIn3JQ04JGKlXqroRgQFAJoMxvsZuGCsiBHZx/RzXsat4fwBEqfhp8dcrle2KPQNeJk5OyihHo1eauEFM04hJoIJo3XsBLyMKOBUsHRTVLCB2SPusaKknEtJfNLhzjU6ME2CxngQ8U393ZCTSehT5pnJ6j170puJ/XjeFsOplXCYpMEng8JUYIjxNC4cMUoiJEhCpudsV0QBShYEItmhCcxZOXSeui4tgV5/6yXLvJ4yigY3SCzpCDrlAN3aEGaiKntErekcf1ov1Zn1ak3npipX3HKE/sL5/AMBYop8=</latexit><latexit sha1_base64="F8Hht/AH6D1mgAf0fTiRb7AarDc=">ACIXicbVDLSsNAFJ34rPVdelmsAgupCQiWFy1unFZwT6gCWUymbRDJ5Mwc6OU0F9x46+4caFId+LPOG2z0NYDA2fOuZd7/ETwTXY9pe1srq2vrFZ2Cpu7+zu7ZcODls6ThVlTRqLWHV8opngkjWBg2CdRDES+YK1/eHt1G8/MqV5LB9glDAvIn3JQ04JGKlXqroRgQFAJoMxvsZuGCsiBHZx/RzXsat4fwBEqfhp8dcrle2KPQNeJk5OyihHo1eauEFM04hJoIJo3XsBLyMKOBUsHRTVLCB2SPusaKknEtJfNLhzjU6ME2CxngQ8U393ZCTSehT5pnJ6j170puJ/XjeFsOplXCYpMEng8JUYIjxNC4cMUoiJEhCpudsV0QBShYEItmhCcxZOXSeui4tgV5/6yXLvJ4yigY3SCzpCDrlAN3aEGaiKntErekcf1ov1Zn1ak3npipX3HKE/sL5/AMBYop8=</latexit> SLIDE 30
Not a single proof assistant for all but proof assistants for everyone 18
Non-termination
Y : ∀ A B, ((A → B) → (A → B)) → (A → B)
<latexit sha1_base64="YZQxJ+LPLTm/mgDw7Q1d50IbKQ=">ACTXichVHLSgMxFM3UR2t9jbp0EyxCBSkzIiuat24rGAf0hlKJpNpg5lkSDJKf1BN4I7/8KNC0XEtJ2FbQUPXDg516SexIkjCrtOK9Wbml5ZTVfWCub2xubds7u0lUolJAwsmZDtAijDKSUNTzUg7kQTFASOt4P5q7LceiFRU8Fs9SIgfox6nEcVIG6lrh3fwAnqRkIgx6MFLU7VjWC4bImvr5GU4hHWjmaOC+4/dtcuORVnArhI3IyUQIZ6137xQoHTmHCNGVKq4zqJ9odIaoZGRW9VJE4XvUIx1DOYqJ8oeTNEbw0CghNCuZ4hpO1N8TQxQrNYgD0xkj3Vfz3lj8y+ukOjr3h5QnqSYcTy+KUga1gONoYUglwZoNDEFYUvNWiPtIqzNBxRNCO78youkeVJxnYp7c1q1rI4CmAfHIAycMEZqIJrUAcNgMETeAMf4N6t6tL+t72pqzspk9MINc/gc9CbCQ</latexit><latexit sha1_base64="YZQxJ+LPLTm/mgDw7Q1d50IbKQ=">ACTXichVHLSgMxFM3UR2t9jbp0EyxCBSkzIiuat24rGAf0hlKJpNpg5lkSDJKf1BN4I7/8KNC0XEtJ2FbQUPXDg516SexIkjCrtOK9Wbml5ZTVfWCub2xubds7u0lUolJAwsmZDtAijDKSUNTzUg7kQTFASOt4P5q7LceiFRU8Fs9SIgfox6nEcVIG6lrh3fwAnqRkIgx6MFLU7VjWC4bImvr5GU4hHWjmaOC+4/dtcuORVnArhI3IyUQIZ6137xQoHTmHCNGVKq4zqJ9odIaoZGRW9VJE4XvUIx1DOYqJ8oeTNEbw0CghNCuZ4hpO1N8TQxQrNYgD0xkj3Vfz3lj8y+ukOjr3h5QnqSYcTy+KUga1gONoYUglwZoNDEFYUvNWiPtIqzNBxRNCO78youkeVJxnYp7c1q1rI4CmAfHIAycMEZqIJrUAcNgMETeAMf4N6t6tL+t72pqzspk9MINc/gc9CbCQ</latexit><latexit sha1_base64="YZQxJ+LPLTm/mgDw7Q1d50IbKQ=">ACTXichVHLSgMxFM3UR2t9jbp0EyxCBSkzIiuat24rGAf0hlKJpNpg5lkSDJKf1BN4I7/8KNC0XEtJ2FbQUPXDg516SexIkjCrtOK9Wbml5ZTVfWCub2xubds7u0lUolJAwsmZDtAijDKSUNTzUg7kQTFASOt4P5q7LceiFRU8Fs9SIgfox6nEcVIG6lrh3fwAnqRkIgx6MFLU7VjWC4bImvr5GU4hHWjmaOC+4/dtcuORVnArhI3IyUQIZ6137xQoHTmHCNGVKq4zqJ9odIaoZGRW9VJE4XvUIx1DOYqJ8oeTNEbw0CghNCuZ4hpO1N8TQxQrNYgD0xkj3Vfz3lj8y+ukOjr3h5QnqSYcTy+KUga1gONoYUglwZoNDEFYUvNWiPtIqzNBxRNCO78youkeVJxnYp7c1q1rI4CmAfHIAycMEZqIJrUAcNgMETeAMf4N6t6tL+t72pqzspk9MINc/gc9CbCQ</latexit><latexit sha1_base64="YZQxJ+LPLTm/mgDw7Q1d50IbKQ=">ACTXichVHLSgMxFM3UR2t9jbp0EyxCBSkzIiuat24rGAf0hlKJpNpg5lkSDJKf1BN4I7/8KNC0XEtJ2FbQUPXDg516SexIkjCrtOK9Wbml5ZTVfWCub2xubds7u0lUolJAwsmZDtAijDKSUNTzUg7kQTFASOt4P5q7LceiFRU8Fs9SIgfox6nEcVIG6lrh3fwAnqRkIgx6MFLU7VjWC4bImvr5GU4hHWjmaOC+4/dtcuORVnArhI3IyUQIZ6137xQoHTmHCNGVKq4zqJ9odIaoZGRW9VJE4XvUIx1DOYqJ8oeTNEbw0CghNCuZ4hpO1N8TQxQrNYgD0xkj3Vfz3lj8y+ukOjr3h5QnqSYcTy+KUga1gONoYUglwZoNDEFYUvNWiPtIqzNBxRNCO78youkeVJxnYp7c1q1rI4CmAfHIAycMEZqIJrUAcNgMETeAMf4N6t6tL+t72pqzspk9MINc/gc9CbCQ</latexit> SLIDE 31
Not a single proof assistant for all but proof assistants for everyone 18
Non-termination
Applications: dealing with arbitrary fixpoints
Y : ∀ A B, ((A → B) → (A → B)) → (A → B)
<latexit sha1_base64="YZQxJ+LPLTm/mgDw7Q1d50IbKQ=">ACTXichVHLSgMxFM3UR2t9jbp0EyxCBSkzIiuat24rGAf0hlKJpNpg5lkSDJKf1BN4I7/8KNC0XEtJ2FbQUPXDg516SexIkjCrtOK9Wbml5ZTVfWCub2xubds7u0lUolJAwsmZDtAijDKSUNTzUg7kQTFASOt4P5q7LceiFRU8Fs9SIgfox6nEcVIG6lrh3fwAnqRkIgx6MFLU7VjWC4bImvr5GU4hHWjmaOC+4/dtcuORVnArhI3IyUQIZ6137xQoHTmHCNGVKq4zqJ9odIaoZGRW9VJE4XvUIx1DOYqJ8oeTNEbw0CghNCuZ4hpO1N8TQxQrNYgD0xkj3Vfz3lj8y+ukOjr3h5QnqSYcTy+KUga1gONoYUglwZoNDEFYUvNWiPtIqzNBxRNCO78youkeVJxnYp7c1q1rI4CmAfHIAycMEZqIJrUAcNgMETeAMf4N6t6tL+t72pqzspk9MINc/gc9CbCQ</latexit><latexit sha1_base64="YZQxJ+LPLTm/mgDw7Q1d50IbKQ=">ACTXichVHLSgMxFM3UR2t9jbp0EyxCBSkzIiuat24rGAf0hlKJpNpg5lkSDJKf1BN4I7/8KNC0XEtJ2FbQUPXDg516SexIkjCrtOK9Wbml5ZTVfWCub2xubds7u0lUolJAwsmZDtAijDKSUNTzUg7kQTFASOt4P5q7LceiFRU8Fs9SIgfox6nEcVIG6lrh3fwAnqRkIgx6MFLU7VjWC4bImvr5GU4hHWjmaOC+4/dtcuORVnArhI3IyUQIZ6137xQoHTmHCNGVKq4zqJ9odIaoZGRW9VJE4XvUIx1DOYqJ8oeTNEbw0CghNCuZ4hpO1N8TQxQrNYgD0xkj3Vfz3lj8y+ukOjr3h5QnqSYcTy+KUga1gONoYUglwZoNDEFYUvNWiPtIqzNBxRNCO78youkeVJxnYp7c1q1rI4CmAfHIAycMEZqIJrUAcNgMETeAMf4N6t6tL+t72pqzspk9MINc/gc9CbCQ</latexit><latexit sha1_base64="YZQxJ+LPLTm/mgDw7Q1d50IbKQ=">ACTXichVHLSgMxFM3UR2t9jbp0EyxCBSkzIiuat24rGAf0hlKJpNpg5lkSDJKf1BN4I7/8KNC0XEtJ2FbQUPXDg516SexIkjCrtOK9Wbml5ZTVfWCub2xubds7u0lUolJAwsmZDtAijDKSUNTzUg7kQTFASOt4P5q7LceiFRU8Fs9SIgfox6nEcVIG6lrh3fwAnqRkIgx6MFLU7VjWC4bImvr5GU4hHWjmaOC+4/dtcuORVnArhI3IyUQIZ6137xQoHTmHCNGVKq4zqJ9odIaoZGRW9VJE4XvUIx1DOYqJ8oeTNEbw0CghNCuZ4hpO1N8TQxQrNYgD0xkj3Vfz3lj8y+ukOjr3h5QnqSYcTy+KUga1gONoYUglwZoNDEFYUvNWiPtIqzNBxRNCO78youkeVJxnYp7c1q1rI4CmAfHIAycMEZqIJrUAcNgMETeAMf4N6t6tL+t72pqzspk9MINc/gc9CbCQ</latexit><latexit sha1_base64="YZQxJ+LPLTm/mgDw7Q1d50IbKQ=">ACTXichVHLSgMxFM3UR2t9jbp0EyxCBSkzIiuat24rGAf0hlKJpNpg5lkSDJKf1BN4I7/8KNC0XEtJ2FbQUPXDg516SexIkjCrtOK9Wbml5ZTVfWCub2xubds7u0lUolJAwsmZDtAijDKSUNTzUg7kQTFASOt4P5q7LceiFRU8Fs9SIgfox6nEcVIG6lrh3fwAnqRkIgx6MFLU7VjWC4bImvr5GU4hHWjmaOC+4/dtcuORVnArhI3IyUQIZ6137xQoHTmHCNGVKq4zqJ9odIaoZGRW9VJE4XvUIx1DOYqJ8oeTNEbw0CghNCuZ4hpO1N8TQxQrNYgD0xkj3Vfz3lj8y+ukOjr3h5QnqSYcTy+KUga1gONoYUglwZoNDEFYUvNWiPtIqzNBxRNCO78youkeVJxnYp7c1q1rI4CmAfHIAycMEZqIJrUAcNgMETeAMf4N6t6tL+t72pqzspk9MINc/gc9CbCQ</latexit> SLIDE 32
Not a single proof assistant for all but proof assistants for everyone 19
consistency issues valid axioms can be wrong altogether breaks the extraction mechanism axioms have no computational meaning limits possibility of automation can not use reflection in the proof
One EASY way out
make use of axioms
19
SLIDE 33
Not a single proof assistant for all but proof assistants for everyone 20
strong engineering effort HO unification, tactic language, efficiency community issue needs to build a new user community maintenance issue needs a strategy to go beyond prototyping
One HARD way out
define a new proof assistant
20
SLIDE 34
Not a single proof assistant for all but proof assistants for everyone 21
Difficulties in Extending the Theoretical Foundations
can break consistency can break decidability of type checking can break dependent elimination
SLIDE 35
Not a single proof assistant for all but proof assistants for everyone 22
Difficulties in Extending the Theoretical Foundations
can break consistency For several reasons, all not necessarily bad
SLIDE 36
Not a single proof assistant for all but proof assistants for everyone 23
Inconsistency 1: Non-Termination
Y () ⊥ id tt : ⊥
<latexit sha1_base64="4tK+h650gTtxBdcP/mITQq/PGCc=">ACGXicbVC7TsMwFHXKq5RXgZHFokIqS5UgJBTBQtjkegDNVHlOE5r1XnIvkGqovwGC7/CwgBCjDxNzhthtJyJfsen3OvfO9xY8EVmOaPUVpZXVvfKG9WtrZ3dveq+wcdFSWSsjaNRCR7LlFM8JC1gYNgvVgyEriCd3xTa53H5lUPArvYRIzJyDkPucEtDUoGo+YBvXT/VluxHkKSAwAki5l829ADJ8NS0ZVGtmw5wGXgZWAWqoiNag+mV7EU0CFgIVRKm+ZcbgpEQCp4JlFTtRLCZ0TIasr2FIAqacdLpZhk8042E/kvqEgKfsfEdKAqUmgasr80nVopaT/2n9BPxLJ+VhnAL6ewjPxEYIpzbhD0uGQUx0YBQyfWsmI6IJBS0mRVtgrW48jLonDUs2Hdndea14UdZXSEjlEdWegCNdEtaqE2ougJvaA39G48G6/Gh/E5Ky0ZRc8h+hPG9y+jbZ7i</latexit><latexit sha1_base64="4tK+h650gTtxBdcP/mITQq/PGCc=">ACGXicbVC7TsMwFHXKq5RXgZHFokIqS5UgJBTBQtjkegDNVHlOE5r1XnIvkGqovwGC7/CwgBCjDxNzhthtJyJfsen3OvfO9xY8EVmOaPUVpZXVvfKG9WtrZ3dveq+wcdFSWSsjaNRCR7LlFM8JC1gYNgvVgyEriCd3xTa53H5lUPArvYRIzJyDkPucEtDUoGo+YBvXT/VluxHkKSAwAki5l829ADJ8NS0ZVGtmw5wGXgZWAWqoiNag+mV7EU0CFgIVRKm+ZcbgpEQCp4JlFTtRLCZ0TIasr2FIAqacdLpZhk8042E/kvqEgKfsfEdKAqUmgasr80nVopaT/2n9BPxLJ+VhnAL6ewjPxEYIpzbhD0uGQUx0YBQyfWsmI6IJBS0mRVtgrW48jLonDUs2Hdndea14UdZXSEjlEdWegCNdEtaqE2ougJvaA39G48G6/Gh/E5Ky0ZRc8h+hPG9y+jbZ7i</latexit><latexit sha1_base64="4tK+h650gTtxBdcP/mITQq/PGCc=">ACGXicbVC7TsMwFHXKq5RXgZHFokIqS5UgJBTBQtjkegDNVHlOE5r1XnIvkGqovwGC7/CwgBCjDxNzhthtJyJfsen3OvfO9xY8EVmOaPUVpZXVvfKG9WtrZ3dveq+wcdFSWSsjaNRCR7LlFM8JC1gYNgvVgyEriCd3xTa53H5lUPArvYRIzJyDkPucEtDUoGo+YBvXT/VluxHkKSAwAki5l829ADJ8NS0ZVGtmw5wGXgZWAWqoiNag+mV7EU0CFgIVRKm+ZcbgpEQCp4JlFTtRLCZ0TIasr2FIAqacdLpZhk8042E/kvqEgKfsfEdKAqUmgasr80nVopaT/2n9BPxLJ+VhnAL6ewjPxEYIpzbhD0uGQUx0YBQyfWsmI6IJBS0mRVtgrW48jLonDUs2Hdndea14UdZXSEjlEdWegCNdEtaqE2ougJvaA39G48G6/Gh/E5Ky0ZRc8h+hPG9y+jbZ7i</latexit><latexit sha1_base64="4tK+h650gTtxBdcP/mITQq/PGCc=">ACGXicbVC7TsMwFHXKq5RXgZHFokIqS5UgJBTBQtjkegDNVHlOE5r1XnIvkGqovwGC7/CwgBCjDxNzhthtJyJfsen3OvfO9xY8EVmOaPUVpZXVvfKG9WtrZ3dveq+wcdFSWSsjaNRCR7LlFM8JC1gYNgvVgyEriCd3xTa53H5lUPArvYRIzJyDkPucEtDUoGo+YBvXT/VluxHkKSAwAki5l829ADJ8NS0ZVGtmw5wGXgZWAWqoiNag+mV7EU0CFgIVRKm+ZcbgpEQCp4JlFTtRLCZ0TIasr2FIAqacdLpZhk8042E/kvqEgKfsfEdKAqUmgasr80nVopaT/2n9BPxLJ+VhnAL6ewjPxEYIpzbhD0uGQUx0YBQyfWsmI6IJBS0mRVtgrW48jLonDUs2Hdndea14UdZXSEjlEdWegCNdEtaqE2ougJvaA39G48G6/Gh/E5Ky0ZRc8h+hPG9y+jbZ7i</latexit> SLIDE 37
Not a single proof assistant for all but proof assistants for everyone 23
Inconsistency 1: Non-Termination
As a programming language this is not necessarily an issue.
Y () ⊥ id tt : ⊥
<latexit sha1_base64="4tK+h650gTtxBdcP/mITQq/PGCc=">ACGXicbVC7TsMwFHXKq5RXgZHFokIqS5UgJBTBQtjkegDNVHlOE5r1XnIvkGqovwGC7/CwgBCjDxNzhthtJyJfsen3OvfO9xY8EVmOaPUVpZXVvfKG9WtrZ3dveq+wcdFSWSsjaNRCR7LlFM8JC1gYNgvVgyEriCd3xTa53H5lUPArvYRIzJyDkPucEtDUoGo+YBvXT/VluxHkKSAwAki5l829ADJ8NS0ZVGtmw5wGXgZWAWqoiNag+mV7EU0CFgIVRKm+ZcbgpEQCp4JlFTtRLCZ0TIasr2FIAqacdLpZhk8042E/kvqEgKfsfEdKAqUmgasr80nVopaT/2n9BPxLJ+VhnAL6ewjPxEYIpzbhD0uGQUx0YBQyfWsmI6IJBS0mRVtgrW48jLonDUs2Hdndea14UdZXSEjlEdWegCNdEtaqE2ougJvaA39G48G6/Gh/E5Ky0ZRc8h+hPG9y+jbZ7i</latexit><latexit sha1_base64="4tK+h650gTtxBdcP/mITQq/PGCc=">ACGXicbVC7TsMwFHXKq5RXgZHFokIqS5UgJBTBQtjkegDNVHlOE5r1XnIvkGqovwGC7/CwgBCjDxNzhthtJyJfsen3OvfO9xY8EVmOaPUVpZXVvfKG9WtrZ3dveq+wcdFSWSsjaNRCR7LlFM8JC1gYNgvVgyEriCd3xTa53H5lUPArvYRIzJyDkPucEtDUoGo+YBvXT/VluxHkKSAwAki5l829ADJ8NS0ZVGtmw5wGXgZWAWqoiNag+mV7EU0CFgIVRKm+ZcbgpEQCp4JlFTtRLCZ0TIasr2FIAqacdLpZhk8042E/kvqEgKfsfEdKAqUmgasr80nVopaT/2n9BPxLJ+VhnAL6ewjPxEYIpzbhD0uGQUx0YBQyfWsmI6IJBS0mRVtgrW48jLonDUs2Hdndea14UdZXSEjlEdWegCNdEtaqE2ougJvaA39G48G6/Gh/E5Ky0ZRc8h+hPG9y+jbZ7i</latexit><latexit sha1_base64="4tK+h650gTtxBdcP/mITQq/PGCc=">ACGXicbVC7TsMwFHXKq5RXgZHFokIqS5UgJBTBQtjkegDNVHlOE5r1XnIvkGqovwGC7/CwgBCjDxNzhthtJyJfsen3OvfO9xY8EVmOaPUVpZXVvfKG9WtrZ3dveq+wcdFSWSsjaNRCR7LlFM8JC1gYNgvVgyEriCd3xTa53H5lUPArvYRIzJyDkPucEtDUoGo+YBvXT/VluxHkKSAwAki5l829ADJ8NS0ZVGtmw5wGXgZWAWqoiNag+mV7EU0CFgIVRKm+ZcbgpEQCp4JlFTtRLCZ0TIasr2FIAqacdLpZhk8042E/kvqEgKfsfEdKAqUmgasr80nVopaT/2n9BPxLJ+VhnAL6ewjPxEYIpzbhD0uGQUx0YBQyfWsmI6IJBS0mRVtgrW48jLonDUs2Hdndea14UdZXSEjlEdWegCNdEtaqE2ougJvaA39G48G6/Gh/E5Ky0ZRc8h+hPG9y+jbZ7i</latexit><latexit sha1_base64="4tK+h650gTtxBdcP/mITQq/PGCc=">ACGXicbVC7TsMwFHXKq5RXgZHFokIqS5UgJBTBQtjkegDNVHlOE5r1XnIvkGqovwGC7/CwgBCjDxNzhthtJyJfsen3OvfO9xY8EVmOaPUVpZXVvfKG9WtrZ3dveq+wcdFSWSsjaNRCR7LlFM8JC1gYNgvVgyEriCd3xTa53H5lUPArvYRIzJyDkPucEtDUoGo+YBvXT/VluxHkKSAwAki5l829ADJ8NS0ZVGtmw5wGXgZWAWqoiNag+mV7EU0CFgIVRKm+ZcbgpEQCp4JlFTtRLCZ0TIasr2FIAqacdLpZhk8042E/kvqEgKfsfEdKAqUmgasr80nVopaT/2n9BPxLJ+VhnAL6ewjPxEYIpzbhD0uGQUx0YBQyfWsmI6IJBS0mRVtgrW48jLonDUs2Hdndea14UdZXSEjlEdWegCNdEtaqE2ougJvaA39G48G6/Gh/E5Ky0ZRc8h+hPG9y+jbZ7i</latexit> SLIDE 38
Not a single proof assistant for all but proof assistants for everyone 24
Inconsistency I1: UIP + univalence
UIP says there is one proof of given by reflection. Univalence says that there are at least two proofs of , coarsely the identity function and boolean negation.
B = B
<latexit sha1_base64="yF8N+wewkAGPMQ1hEmxI7PHNyA=">ACAHicbVDLSsNAFL2pr1pfURcu3AwWwVJRNCNUOrGZQX7gDaUyXTSDp1MwsxEKCEbf8WNC0Xc+hnu/BsnbUBtPTBw5px7ufceP+ZMacf5skorq2vrG+XNytb2zu6evX/QVlEiCW2RiEey62NFORO0pZnmtBtLikOf04/ucn9zgOVikXiXk9j6oV4JFjACNZGthH/RDrse+njQxdo5/PwK46NWcGtEzcglShQHNgf/aHEUlCKjThWKme68TaS7HUjHCaVfqJojEmEzyiPUMFDqny0tkBGTo1yhAFkTRPaDRTf3ekOFRqGvqmMt9QLXq5+J/XS3Rw5aVMxImgswHBQlHOkJ5GmjIJCWaTw3BRDKzKyJjLDHRJrOKCcFdPHmZtM9rlNz7y6q9UYRxmO4QTOwIVLqMtNKEFBDJ4ghd4tR6tZ+vNep+Xlqyi5xD+wPr4Bh50lhY=</latexit><latexit sha1_base64="yF8N+wewkAGPMQ1hEmxI7PHNyA=">ACAHicbVDLSsNAFL2pr1pfURcu3AwWwVJRNCNUOrGZQX7gDaUyXTSDp1MwsxEKCEbf8WNC0Xc+hnu/BsnbUBtPTBw5px7ufceP+ZMacf5skorq2vrG+XNytb2zu6evX/QVlEiCW2RiEey62NFORO0pZnmtBtLikOf04/ucn9zgOVikXiXk9j6oV4JFjACNZGthH/RDrse+njQxdo5/PwK46NWcGtEzcglShQHNgf/aHEUlCKjThWKme68TaS7HUjHCaVfqJojEmEzyiPUMFDqny0tkBGTo1yhAFkTRPaDRTf3ekOFRqGvqmMt9QLXq5+J/XS3Rw5aVMxImgswHBQlHOkJ5GmjIJCWaTw3BRDKzKyJjLDHRJrOKCcFdPHmZtM9rlNz7y6q9UYRxmO4QTOwIVLqMtNKEFBDJ4ghd4tR6tZ+vNep+Xlqyi5xD+wPr4Bh50lhY=</latexit><latexit sha1_base64="yF8N+wewkAGPMQ1hEmxI7PHNyA=">ACAHicbVDLSsNAFL2pr1pfURcu3AwWwVJRNCNUOrGZQX7gDaUyXTSDp1MwsxEKCEbf8WNC0Xc+hnu/BsnbUBtPTBw5px7ufceP+ZMacf5skorq2vrG+XNytb2zu6evX/QVlEiCW2RiEey62NFORO0pZnmtBtLikOf04/ucn9zgOVikXiXk9j6oV4JFjACNZGthH/RDrse+njQxdo5/PwK46NWcGtEzcglShQHNgf/aHEUlCKjThWKme68TaS7HUjHCaVfqJojEmEzyiPUMFDqny0tkBGTo1yhAFkTRPaDRTf3ekOFRqGvqmMt9QLXq5+J/XS3Rw5aVMxImgswHBQlHOkJ5GmjIJCWaTw3BRDKzKyJjLDHRJrOKCcFdPHmZtM9rlNz7y6q9UYRxmO4QTOwIVLqMtNKEFBDJ4ghd4tR6tZ+vNep+Xlqyi5xD+wPr4Bh50lhY=</latexit><latexit sha1_base64="yF8N+wewkAGPMQ1hEmxI7PHNyA=">ACAHicbVDLSsNAFL2pr1pfURcu3AwWwVJRNCNUOrGZQX7gDaUyXTSDp1MwsxEKCEbf8WNC0Xc+hnu/BsnbUBtPTBw5px7ufceP+ZMacf5skorq2vrG+XNytb2zu6evX/QVlEiCW2RiEey62NFORO0pZnmtBtLikOf04/ucn9zgOVikXiXk9j6oV4JFjACNZGthH/RDrse+njQxdo5/PwK46NWcGtEzcglShQHNgf/aHEUlCKjThWKme68TaS7HUjHCaVfqJojEmEzyiPUMFDqny0tkBGTo1yhAFkTRPaDRTf3ekOFRqGvqmMt9QLXq5+J/XS3Rw5aVMxImgswHBQlHOkJ5GmjIJCWaTw3BRDKzKyJjLDHRJrOKCcFdPHmZtM9rlNz7y6q9UYRxmO4QTOwIVLqMtNKEFBDJ4ghd4tR6tZ+vNep+Xlqyi5xD+wPr4Bh50lhY=</latexit>B = B
<latexit sha1_base64="yF8N+wewkAGPMQ1hEmxI7PHNyA=">ACAHicbVDLSsNAFL2pr1pfURcu3AwWwVJRNCNUOrGZQX7gDaUyXTSDp1MwsxEKCEbf8WNC0Xc+hnu/BsnbUBtPTBw5px7ufceP+ZMacf5skorq2vrG+XNytb2zu6evX/QVlEiCW2RiEey62NFORO0pZnmtBtLikOf04/ucn9zgOVikXiXk9j6oV4JFjACNZGthH/RDrse+njQxdo5/PwK46NWcGtEzcglShQHNgf/aHEUlCKjThWKme68TaS7HUjHCaVfqJojEmEzyiPUMFDqny0tkBGTo1yhAFkTRPaDRTf3ekOFRqGvqmMt9QLXq5+J/XS3Rw5aVMxImgswHBQlHOkJ5GmjIJCWaTw3BRDKzKyJjLDHRJrOKCcFdPHmZtM9rlNz7y6q9UYRxmO4QTOwIVLqMtNKEFBDJ4ghd4tR6tZ+vNep+Xlqyi5xD+wPr4Bh50lhY=</latexit><latexit sha1_base64="yF8N+wewkAGPMQ1hEmxI7PHNyA=">ACAHicbVDLSsNAFL2pr1pfURcu3AwWwVJRNCNUOrGZQX7gDaUyXTSDp1MwsxEKCEbf8WNC0Xc+hnu/BsnbUBtPTBw5px7ufceP+ZMacf5skorq2vrG+XNytb2zu6evX/QVlEiCW2RiEey62NFORO0pZnmtBtLikOf04/ucn9zgOVikXiXk9j6oV4JFjACNZGthH/RDrse+njQxdo5/PwK46NWcGtEzcglShQHNgf/aHEUlCKjThWKme68TaS7HUjHCaVfqJojEmEzyiPUMFDqny0tkBGTo1yhAFkTRPaDRTf3ekOFRqGvqmMt9QLXq5+J/XS3Rw5aVMxImgswHBQlHOkJ5GmjIJCWaTw3BRDKzKyJjLDHRJrOKCcFdPHmZtM9rlNz7y6q9UYRxmO4QTOwIVLqMtNKEFBDJ4ghd4tR6tZ+vNep+Xlqyi5xD+wPr4Bh50lhY=</latexit><latexit sha1_base64="yF8N+wewkAGPMQ1hEmxI7PHNyA=">ACAHicbVDLSsNAFL2pr1pfURcu3AwWwVJRNCNUOrGZQX7gDaUyXTSDp1MwsxEKCEbf8WNC0Xc+hnu/BsnbUBtPTBw5px7ufceP+ZMacf5skorq2vrG+XNytb2zu6evX/QVlEiCW2RiEey62NFORO0pZnmtBtLikOf04/ucn9zgOVikXiXk9j6oV4JFjACNZGthH/RDrse+njQxdo5/PwK46NWcGtEzcglShQHNgf/aHEUlCKjThWKme68TaS7HUjHCaVfqJojEmEzyiPUMFDqny0tkBGTo1yhAFkTRPaDRTf3ekOFRqGvqmMt9QLXq5+J/XS3Rw5aVMxImgswHBQlHOkJ5GmjIJCWaTw3BRDKzKyJjLDHRJrOKCcFdPHmZtM9rlNz7y6q9UYRxmO4QTOwIVLqMtNKEFBDJ4ghd4tR6tZ+vNep+Xlqyi5xD+wPr4Bh50lhY=</latexit><latexit sha1_base64="yF8N+wewkAGPMQ1hEmxI7PHNyA=">ACAHicbVDLSsNAFL2pr1pfURcu3AwWwVJRNCNUOrGZQX7gDaUyXTSDp1MwsxEKCEbf8WNC0Xc+hnu/BsnbUBtPTBw5px7ufceP+ZMacf5skorq2vrG+XNytb2zu6evX/QVlEiCW2RiEey62NFORO0pZnmtBtLikOf04/ucn9zgOVikXiXk9j6oV4JFjACNZGthH/RDrse+njQxdo5/PwK46NWcGtEzcglShQHNgf/aHEUlCKjThWKme68TaS7HUjHCaVfqJojEmEzyiPUMFDqny0tkBGTo1yhAFkTRPaDRTf3ekOFRqGvqmMt9QLXq5+J/XS3Rw5aVMxImgswHBQlHOkJ5GmjIJCWaTw3BRDKzKyJjLDHRJrOKCcFdPHmZtM9rlNz7y6q9UYRxmO4QTOwIVLqMtNKEFBDJ4ghd4tR6tZ+vNep+Xlqyi5xD+wPr4Bh50lhY=</latexit> SLIDE 39
Not a single proof assistant for all but proof assistants for everyone 24
Inconsistency I1: UIP + univalence
UIP says there is one proof of given by reflection. Univalence says that there are at least two proofs of , coarsely the identity function and boolean negation.
B = B
<latexit sha1_base64="yF8N+wewkAGPMQ1hEmxI7PHNyA=">ACAHicbVDLSsNAFL2pr1pfURcu3AwWwVJRNCNUOrGZQX7gDaUyXTSDp1MwsxEKCEbf8WNC0Xc+hnu/BsnbUBtPTBw5px7ufceP+ZMacf5skorq2vrG+XNytb2zu6evX/QVlEiCW2RiEey62NFORO0pZnmtBtLikOf04/ucn9zgOVikXiXk9j6oV4JFjACNZGthH/RDrse+njQxdo5/PwK46NWcGtEzcglShQHNgf/aHEUlCKjThWKme68TaS7HUjHCaVfqJojEmEzyiPUMFDqny0tkBGTo1yhAFkTRPaDRTf3ekOFRqGvqmMt9QLXq5+J/XS3Rw5aVMxImgswHBQlHOkJ5GmjIJCWaTw3BRDKzKyJjLDHRJrOKCcFdPHmZtM9rlNz7y6q9UYRxmO4QTOwIVLqMtNKEFBDJ4ghd4tR6tZ+vNep+Xlqyi5xD+wPr4Bh50lhY=</latexit><latexit sha1_base64="yF8N+wewkAGPMQ1hEmxI7PHNyA=">ACAHicbVDLSsNAFL2pr1pfURcu3AwWwVJRNCNUOrGZQX7gDaUyXTSDp1MwsxEKCEbf8WNC0Xc+hnu/BsnbUBtPTBw5px7ufceP+ZMacf5skorq2vrG+XNytb2zu6evX/QVlEiCW2RiEey62NFORO0pZnmtBtLikOf04/ucn9zgOVikXiXk9j6oV4JFjACNZGthH/RDrse+njQxdo5/PwK46NWcGtEzcglShQHNgf/aHEUlCKjThWKme68TaS7HUjHCaVfqJojEmEzyiPUMFDqny0tkBGTo1yhAFkTRPaDRTf3ekOFRqGvqmMt9QLXq5+J/XS3Rw5aVMxImgswHBQlHOkJ5GmjIJCWaTw3BRDKzKyJjLDHRJrOKCcFdPHmZtM9rlNz7y6q9UYRxmO4QTOwIVLqMtNKEFBDJ4ghd4tR6tZ+vNep+Xlqyi5xD+wPr4Bh50lhY=</latexit><latexit sha1_base64="yF8N+wewkAGPMQ1hEmxI7PHNyA=">ACAHicbVDLSsNAFL2pr1pfURcu3AwWwVJRNCNUOrGZQX7gDaUyXTSDp1MwsxEKCEbf8WNC0Xc+hnu/BsnbUBtPTBw5px7ufceP+ZMacf5skorq2vrG+XNytb2zu6evX/QVlEiCW2RiEey62NFORO0pZnmtBtLikOf04/ucn9zgOVikXiXk9j6oV4JFjACNZGthH/RDrse+njQxdo5/PwK46NWcGtEzcglShQHNgf/aHEUlCKjThWKme68TaS7HUjHCaVfqJojEmEzyiPUMFDqny0tkBGTo1yhAFkTRPaDRTf3ekOFRqGvqmMt9QLXq5+J/XS3Rw5aVMxImgswHBQlHOkJ5GmjIJCWaTw3BRDKzKyJjLDHRJrOKCcFdPHmZtM9rlNz7y6q9UYRxmO4QTOwIVLqMtNKEFBDJ4ghd4tR6tZ+vNep+Xlqyi5xD+wPr4Bh50lhY=</latexit><latexit sha1_base64="yF8N+wewkAGPMQ1hEmxI7PHNyA=">ACAHicbVDLSsNAFL2pr1pfURcu3AwWwVJRNCNUOrGZQX7gDaUyXTSDp1MwsxEKCEbf8WNC0Xc+hnu/BsnbUBtPTBw5px7ufceP+ZMacf5skorq2vrG+XNytb2zu6evX/QVlEiCW2RiEey62NFORO0pZnmtBtLikOf04/ucn9zgOVikXiXk9j6oV4JFjACNZGthH/RDrse+njQxdo5/PwK46NWcGtEzcglShQHNgf/aHEUlCKjThWKme68TaS7HUjHCaVfqJojEmEzyiPUMFDqny0tkBGTo1yhAFkTRPaDRTf3ekOFRqGvqmMt9QLXq5+J/XS3Rw5aVMxImgswHBQlHOkJ5GmjIJCWaTw3BRDKzKyJjLDHRJrOKCcFdPHmZtM9rlNz7y6q9UYRxmO4QTOwIVLqMtNKEFBDJ4ghd4tR6tZ+vNep+Xlqyi5xD+wPr4Bh50lhY=</latexit>B = B
<latexit sha1_base64="yF8N+wewkAGPMQ1hEmxI7PHNyA=">ACAHicbVDLSsNAFL2pr1pfURcu3AwWwVJRNCNUOrGZQX7gDaUyXTSDp1MwsxEKCEbf8WNC0Xc+hnu/BsnbUBtPTBw5px7ufceP+ZMacf5skorq2vrG+XNytb2zu6evX/QVlEiCW2RiEey62NFORO0pZnmtBtLikOf04/ucn9zgOVikXiXk9j6oV4JFjACNZGthH/RDrse+njQxdo5/PwK46NWcGtEzcglShQHNgf/aHEUlCKjThWKme68TaS7HUjHCaVfqJojEmEzyiPUMFDqny0tkBGTo1yhAFkTRPaDRTf3ekOFRqGvqmMt9QLXq5+J/XS3Rw5aVMxImgswHBQlHOkJ5GmjIJCWaTw3BRDKzKyJjLDHRJrOKCcFdPHmZtM9rlNz7y6q9UYRxmO4QTOwIVLqMtNKEFBDJ4ghd4tR6tZ+vNep+Xlqyi5xD+wPr4Bh50lhY=</latexit><latexit sha1_base64="yF8N+wewkAGPMQ1hEmxI7PHNyA=">ACAHicbVDLSsNAFL2pr1pfURcu3AwWwVJRNCNUOrGZQX7gDaUyXTSDp1MwsxEKCEbf8WNC0Xc+hnu/BsnbUBtPTBw5px7ufceP+ZMacf5skorq2vrG+XNytb2zu6evX/QVlEiCW2RiEey62NFORO0pZnmtBtLikOf04/ucn9zgOVikXiXk9j6oV4JFjACNZGthH/RDrse+njQxdo5/PwK46NWcGtEzcglShQHNgf/aHEUlCKjThWKme68TaS7HUjHCaVfqJojEmEzyiPUMFDqny0tkBGTo1yhAFkTRPaDRTf3ekOFRqGvqmMt9QLXq5+J/XS3Rw5aVMxImgswHBQlHOkJ5GmjIJCWaTw3BRDKzKyJjLDHRJrOKCcFdPHmZtM9rlNz7y6q9UYRxmO4QTOwIVLqMtNKEFBDJ4ghd4tR6tZ+vNep+Xlqyi5xD+wPr4Bh50lhY=</latexit><latexit sha1_base64="yF8N+wewkAGPMQ1hEmxI7PHNyA=">ACAHicbVDLSsNAFL2pr1pfURcu3AwWwVJRNCNUOrGZQX7gDaUyXTSDp1MwsxEKCEbf8WNC0Xc+hnu/BsnbUBtPTBw5px7ufceP+ZMacf5skorq2vrG+XNytb2zu6evX/QVlEiCW2RiEey62NFORO0pZnmtBtLikOf04/ucn9zgOVikXiXk9j6oV4JFjACNZGthH/RDrse+njQxdo5/PwK46NWcGtEzcglShQHNgf/aHEUlCKjThWKme68TaS7HUjHCaVfqJojEmEzyiPUMFDqny0tkBGTo1yhAFkTRPaDRTf3ekOFRqGvqmMt9QLXq5+J/XS3Rw5aVMxImgswHBQlHOkJ5GmjIJCWaTw3BRDKzKyJjLDHRJrOKCcFdPHmZtM9rlNz7y6q9UYRxmO4QTOwIVLqMtNKEFBDJ4ghd4tR6tZ+vNep+Xlqyi5xD+wPr4Bh50lhY=</latexit><latexit sha1_base64="yF8N+wewkAGPMQ1hEmxI7PHNyA=">ACAHicbVDLSsNAFL2pr1pfURcu3AwWwVJRNCNUOrGZQX7gDaUyXTSDp1MwsxEKCEbf8WNC0Xc+hnu/BsnbUBtPTBw5px7ufceP+ZMacf5skorq2vrG+XNytb2zu6evX/QVlEiCW2RiEey62NFORO0pZnmtBtLikOf04/ucn9zgOVikXiXk9j6oV4JFjACNZGthH/RDrse+njQxdo5/PwK46NWcGtEzcglShQHNgf/aHEUlCKjThWKme68TaS7HUjHCaVfqJojEmEzyiPUMFDqny0tkBGTo1yhAFkTRPaDRTf3ekOFRqGvqmMt9QLXq5+J/XS3Rw5aVMxImgswHBQlHOkJ5GmjIJCWaTw3BRDKzKyJjLDHRJrOKCcFdPHmZtM9rlNz7y6q9UYRxmO4QTOwIVLqMtNKEFBDJ4ghd4tR6tZ+vNep+Xlqyi5xD+wPr4Bh50lhY=</latexit>This inconsistency is more problematic.
SLIDE 40
Not a single proof assistant for all but proof assistants for everyone 25
Inconsistency III: Mutable States + univalence
Using states, you can build an equivalence between and ().
B
<latexit sha1_base64="yF8N+wewkAGPMQ1hEmxI7PHNyA=">ACAHicbVDLSsNAFL2pr1pfURcu3AwWwVJRNCNUOrGZQX7gDaUyXTSDp1MwsxEKCEbf8WNC0Xc+hnu/BsnbUBtPTBw5px7ufceP+ZMacf5skorq2vrG+XNytb2zu6evX/QVlEiCW2RiEey62NFORO0pZnmtBtLikOf04/ucn9zgOVikXiXk9j6oV4JFjACNZGthH/RDrse+njQxdo5/PwK46NWcGtEzcglShQHNgf/aHEUlCKjThWKme68TaS7HUjHCaVfqJojEmEzyiPUMFDqny0tkBGTo1yhAFkTRPaDRTf3ekOFRqGvqmMt9QLXq5+J/XS3Rw5aVMxImgswHBQlHOkJ5GmjIJCWaTw3BRDKzKyJjLDHRJrOKCcFdPHmZtM9rlNz7y6q9UYRxmO4QTOwIVLqMtNKEFBDJ4ghd4tR6tZ+vNep+Xlqyi5xD+wPr4Bh50lhY=</latexit><latexit sha1_base64="yF8N+wewkAGPMQ1hEmxI7PHNyA=">ACAHicbVDLSsNAFL2pr1pfURcu3AwWwVJRNCNUOrGZQX7gDaUyXTSDp1MwsxEKCEbf8WNC0Xc+hnu/BsnbUBtPTBw5px7ufceP+ZMacf5skorq2vrG+XNytb2zu6evX/QVlEiCW2RiEey62NFORO0pZnmtBtLikOf04/ucn9zgOVikXiXk9j6oV4JFjACNZGthH/RDrse+njQxdo5/PwK46NWcGtEzcglShQHNgf/aHEUlCKjThWKme68TaS7HUjHCaVfqJojEmEzyiPUMFDqny0tkBGTo1yhAFkTRPaDRTf3ekOFRqGvqmMt9QLXq5+J/XS3Rw5aVMxImgswHBQlHOkJ5GmjIJCWaTw3BRDKzKyJjLDHRJrOKCcFdPHmZtM9rlNz7y6q9UYRxmO4QTOwIVLqMtNKEFBDJ4ghd4tR6tZ+vNep+Xlqyi5xD+wPr4Bh50lhY=</latexit><latexit sha1_base64="yF8N+wewkAGPMQ1hEmxI7PHNyA=">ACAHicbVDLSsNAFL2pr1pfURcu3AwWwVJRNCNUOrGZQX7gDaUyXTSDp1MwsxEKCEbf8WNC0Xc+hnu/BsnbUBtPTBw5px7ufceP+ZMacf5skorq2vrG+XNytb2zu6evX/QVlEiCW2RiEey62NFORO0pZnmtBtLikOf04/ucn9zgOVikXiXk9j6oV4JFjACNZGthH/RDrse+njQxdo5/PwK46NWcGtEzcglShQHNgf/aHEUlCKjThWKme68TaS7HUjHCaVfqJojEmEzyiPUMFDqny0tkBGTo1yhAFkTRPaDRTf3ekOFRqGvqmMt9QLXq5+J/XS3Rw5aVMxImgswHBQlHOkJ5GmjIJCWaTw3BRDKzKyJjLDHRJrOKCcFdPHmZtM9rlNz7y6q9UYRxmO4QTOwIVLqMtNKEFBDJ4ghd4tR6tZ+vNep+Xlqyi5xD+wPr4Bh50lhY=</latexit><latexit sha1_base64="yF8N+wewkAGPMQ1hEmxI7PHNyA=">ACAHicbVDLSsNAFL2pr1pfURcu3AwWwVJRNCNUOrGZQX7gDaUyXTSDp1MwsxEKCEbf8WNC0Xc+hnu/BsnbUBtPTBw5px7ufceP+ZMacf5skorq2vrG+XNytb2zu6evX/QVlEiCW2RiEey62NFORO0pZnmtBtLikOf04/ucn9zgOVikXiXk9j6oV4JFjACNZGthH/RDrse+njQxdo5/PwK46NWcGtEzcglShQHNgf/aHEUlCKjThWKme68TaS7HUjHCaVfqJojEmEzyiPUMFDqny0tkBGTo1yhAFkTRPaDRTf3ekOFRqGvqmMt9QLXq5+J/XS3Rw5aVMxImgswHBQlHOkJ5GmjIJCWaTw3BRDKzKyJjLDHRJrOKCcFdPHmZtM9rlNz7y6q9UYRxmO4QTOwIVLqMtNKEFBDJ4ghd4tR6tZ+vNep+Xlqyi5xD+wPr4Bh50lhY=</latexit>Contextual Isomorphisms, P. B. Levy, POPL’17
SLIDE 41
Not a single proof assistant for all but proof assistants for everyone 25
Inconsistency III: Mutable States + univalence
Using states, you can build an equivalence between and ().
B
<latexit sha1_base64="yF8N+wewkAGPMQ1hEmxI7PHNyA=">ACAHicbVDLSsNAFL2pr1pfURcu3AwWwVJRNCNUOrGZQX7gDaUyXTSDp1MwsxEKCEbf8WNC0Xc+hnu/BsnbUBtPTBw5px7ufceP+ZMacf5skorq2vrG+XNytb2zu6evX/QVlEiCW2RiEey62NFORO0pZnmtBtLikOf04/ucn9zgOVikXiXk9j6oV4JFjACNZGthH/RDrse+njQxdo5/PwK46NWcGtEzcglShQHNgf/aHEUlCKjThWKme68TaS7HUjHCaVfqJojEmEzyiPUMFDqny0tkBGTo1yhAFkTRPaDRTf3ekOFRqGvqmMt9QLXq5+J/XS3Rw5aVMxImgswHBQlHOkJ5GmjIJCWaTw3BRDKzKyJjLDHRJrOKCcFdPHmZtM9rlNz7y6q9UYRxmO4QTOwIVLqMtNKEFBDJ4ghd4tR6tZ+vNep+Xlqyi5xD+wPr4Bh50lhY=</latexit><latexit sha1_base64="yF8N+wewkAGPMQ1hEmxI7PHNyA=">ACAHicbVDLSsNAFL2pr1pfURcu3AwWwVJRNCNUOrGZQX7gDaUyXTSDp1MwsxEKCEbf8WNC0Xc+hnu/BsnbUBtPTBw5px7ufceP+ZMacf5skorq2vrG+XNytb2zu6evX/QVlEiCW2RiEey62NFORO0pZnmtBtLikOf04/ucn9zgOVikXiXk9j6oV4JFjACNZGthH/RDrse+njQxdo5/PwK46NWcGtEzcglShQHNgf/aHEUlCKjThWKme68TaS7HUjHCaVfqJojEmEzyiPUMFDqny0tkBGTo1yhAFkTRPaDRTf3ekOFRqGvqmMt9QLXq5+J/XS3Rw5aVMxImgswHBQlHOkJ5GmjIJCWaTw3BRDKzKyJjLDHRJrOKCcFdPHmZtM9rlNz7y6q9UYRxmO4QTOwIVLqMtNKEFBDJ4ghd4tR6tZ+vNep+Xlqyi5xD+wPr4Bh50lhY=</latexit><latexit sha1_base64="yF8N+wewkAGPMQ1hEmxI7PHNyA=">ACAHicbVDLSsNAFL2pr1pfURcu3AwWwVJRNCNUOrGZQX7gDaUyXTSDp1MwsxEKCEbf8WNC0Xc+hnu/BsnbUBtPTBw5px7ufceP+ZMacf5skorq2vrG+XNytb2zu6evX/QVlEiCW2RiEey62NFORO0pZnmtBtLikOf04/ucn9zgOVikXiXk9j6oV4JFjACNZGthH/RDrse+njQxdo5/PwK46NWcGtEzcglShQHNgf/aHEUlCKjThWKme68TaS7HUjHCaVfqJojEmEzyiPUMFDqny0tkBGTo1yhAFkTRPaDRTf3ekOFRqGvqmMt9QLXq5+J/XS3Rw5aVMxImgswHBQlHOkJ5GmjIJCWaTw3BRDKzKyJjLDHRJrOKCcFdPHmZtM9rlNz7y6q9UYRxmO4QTOwIVLqMtNKEFBDJ4ghd4tR6tZ+vNep+Xlqyi5xD+wPr4Bh50lhY=</latexit><latexit sha1_base64="yF8N+wewkAGPMQ1hEmxI7PHNyA=">ACAHicbVDLSsNAFL2pr1pfURcu3AwWwVJRNCNUOrGZQX7gDaUyXTSDp1MwsxEKCEbf8WNC0Xc+hnu/BsnbUBtPTBw5px7ufceP+ZMacf5skorq2vrG+XNytb2zu6evX/QVlEiCW2RiEey62NFORO0pZnmtBtLikOf04/ucn9zgOVikXiXk9j6oV4JFjACNZGthH/RDrse+njQxdo5/PwK46NWcGtEzcglShQHNgf/aHEUlCKjThWKme68TaS7HUjHCaVfqJojEmEzyiPUMFDqny0tkBGTo1yhAFkTRPaDRTf3ekOFRqGvqmMt9QLXq5+J/XS3Rw5aVMxImgswHBQlHOkJ5GmjIJCWaTw3BRDKzKyJjLDHRJrOKCcFdPHmZtM9rlNz7y6q9UYRxmO4QTOwIVLqMtNKEFBDJ4ghd4tR6tZ+vNep+Xlqyi5xD+wPr4Bh50lhY=</latexit>Contextual Isomorphisms, P. B. Levy, POPL’17
true = false → ⊥
<latexit sha1_base64="CHCEv09+OU1qt+TCm8BHk+Dw1q8=">ACGHicbVDLSsNAFJ34rPUVdelmsAiuaiKCboSiG5cV7AOaUCbTSTt0kgkzN0oJ/Qw3/obF4q47c6/cdJG0NYDA2fOuZd7wkSwTU4zpe1tLyurZe2ihvbm3v7Np7+0tU0VZg0ohVTsgmgkeswZwEKydKEaiQLBWMLzJ/dYDU5rL+B5GCfMj0o95yCkBI3XtUy8iMADIQKVsjK/wz8kQhvBU7w/AKUfMReIKFrV5yqMwVeJG5BKqhAvWtPvJ6kacRioIJo3XGdBPyMKOBUsHZSzVLCB2SPusYGpOIaT+bHjbGx0bp4VAq82LAU/V3R0YirUdRYCrztfW8l4v/eZ0Uwks/43GSAovpbFCYCgwS5ynhHleMghgZQqjiZldMB0QRCibLsgnBnT95kTPq5Tde/OK7XrIo4SOkRH6AS56ALV0C2qowai6Am9oDf0bj1br9aH9TkrXbKngP0B9bkGzaPoRs=</latexit><latexit sha1_base64="CHCEv09+OU1qt+TCm8BHk+Dw1q8=">ACGHicbVDLSsNAFJ34rPUVdelmsAiuaiKCboSiG5cV7AOaUCbTSTt0kgkzN0oJ/Qw3/obF4q47c6/cdJG0NYDA2fOuZd7wkSwTU4zpe1tLyurZe2ihvbm3v7Np7+0tU0VZg0ohVTsgmgkeswZwEKydKEaiQLBWMLzJ/dYDU5rL+B5GCfMj0o95yCkBI3XtUy8iMADIQKVsjK/wz8kQhvBU7w/AKUfMReIKFrV5yqMwVeJG5BKqhAvWtPvJ6kacRioIJo3XGdBPyMKOBUsHZSzVLCB2SPusYGpOIaT+bHjbGx0bp4VAq82LAU/V3R0YirUdRYCrztfW8l4v/eZ0Uwks/43GSAovpbFCYCgwS5ynhHleMghgZQqjiZldMB0QRCibLsgnBnT95kTPq5Tde/OK7XrIo4SOkRH6AS56ALV0C2qowai6Am9oDf0bj1br9aH9TkrXbKngP0B9bkGzaPoRs=</latexit><latexit sha1_base64="CHCEv09+OU1qt+TCm8BHk+Dw1q8=">ACGHicbVDLSsNAFJ34rPUVdelmsAiuaiKCboSiG5cV7AOaUCbTSTt0kgkzN0oJ/Qw3/obF4q47c6/cdJG0NYDA2fOuZd7wkSwTU4zpe1tLyurZe2ihvbm3v7Np7+0tU0VZg0ohVTsgmgkeswZwEKydKEaiQLBWMLzJ/dYDU5rL+B5GCfMj0o95yCkBI3XtUy8iMADIQKVsjK/wz8kQhvBU7w/AKUfMReIKFrV5yqMwVeJG5BKqhAvWtPvJ6kacRioIJo3XGdBPyMKOBUsHZSzVLCB2SPusYGpOIaT+bHjbGx0bp4VAq82LAU/V3R0YirUdRYCrztfW8l4v/eZ0Uwks/43GSAovpbFCYCgwS5ynhHleMghgZQqjiZldMB0QRCibLsgnBnT95kTPq5Tde/OK7XrIo4SOkRH6AS56ALV0C2qowai6Am9oDf0bj1br9aH9TkrXbKngP0B9bkGzaPoRs=</latexit><latexit sha1_base64="CHCEv09+OU1qt+TCm8BHk+Dw1q8=">ACGHicbVDLSsNAFJ34rPUVdelmsAiuaiKCboSiG5cV7AOaUCbTSTt0kgkzN0oJ/Qw3/obF4q47c6/cdJG0NYDA2fOuZd7wkSwTU4zpe1tLyurZe2ihvbm3v7Np7+0tU0VZg0ohVTsgmgkeswZwEKydKEaiQLBWMLzJ/dYDU5rL+B5GCfMj0o95yCkBI3XtUy8iMADIQKVsjK/wz8kQhvBU7w/AKUfMReIKFrV5yqMwVeJG5BKqhAvWtPvJ6kacRioIJo3XGdBPyMKOBUsHZSzVLCB2SPusYGpOIaT+bHjbGx0bp4VAq82LAU/V3R0YirUdRYCrztfW8l4v/eZ0Uwks/43GSAovpbFCYCgwS5ynhHleMghgZQqjiZldMB0QRCibLsgnBnT95kTPq5Tde/OK7XrIo4SOkRH6AS56ALV0C2qowai6Am9oDf0bj1br9aH9TkrXbKngP0B9bkGzaPoRs=</latexit> SLIDE 42
Not a single proof assistant for all but proof assistants for everyone 26
Undecidability of type checking
SLIDE 43
Not a single proof assistant for all but proof assistants for everyone 26
Undecidability of type checking
x = y → x ≡ y
<latexit sha1_base64="UCspBMo2E7QqtwG/B9e+ZGaC5w=">ACBXicbVDLSsNAFJ3UV62vqEtdDBbBVUlE0I1QdOygn1AE8pkOmHTmbizKQ2hG7c+CtuXCji1n9w5984bPQ1gMXDufcy73BDGjSjvOt1VYWl5ZXSulzY2t7Z37N29hKJxKSOBROyFSBFGOWkrqlmpBVLgqKAkWYwuJ74zSGRigp+p9OY+BHqcRpSjLSROvbhCF7CFHqS9voaSke4Ah65D6hQ5h27LJTcaAi8TNSRnkqHXsL68rcBIRrjFDSrVdJ9Z+hqSmJFxyUsUiREeoB5pG8pRJSfTb8Yw2OjdGEopCmu4VT9PZGhSKk0CkxnhHRfzXsT8T+vnejws8ojxNOJ4tChMGtYCTSGCXSoI1Sw1BWFJzK8R9JBHWJriSCcGdf3mRNE4rlNxb8/K1as8jiI4AEfgBLjgHFTBDaiBOsDgETyDV/BmPVkv1rv1MWstWPnMPvgD6/MHSpCXzQ=</latexit><latexit sha1_base64="UCspBMo2E7QqtwG/B9e+ZGaC5w=">ACBXicbVDLSsNAFJ3UV62vqEtdDBbBVUlE0I1QdOygn1AE8pkOmHTmbizKQ2hG7c+CtuXCji1n9w5984bPQ1gMXDufcy73BDGjSjvOt1VYWl5ZXSulzY2t7Z37N29hKJxKSOBROyFSBFGOWkrqlmpBVLgqKAkWYwuJ74zSGRigp+p9OY+BHqcRpSjLSROvbhCF7CFHqS9voaSke4Ah65D6hQ5h27LJTcaAi8TNSRnkqHXsL68rcBIRrjFDSrVdJ9Z+hqSmJFxyUsUiREeoB5pG8pRJSfTb8Yw2OjdGEopCmu4VT9PZGhSKk0CkxnhHRfzXsT8T+vnejws8ojxNOJ4tChMGtYCTSGCXSoI1Sw1BWFJzK8R9JBHWJriSCcGdf3mRNE4rlNxb8/K1as8jiI4AEfgBLjgHFTBDaiBOsDgETyDV/BmPVkv1rv1MWstWPnMPvgD6/MHSpCXzQ=</latexit><latexit sha1_base64="UCspBMo2E7QqtwG/B9e+ZGaC5w=">ACBXicbVDLSsNAFJ3UV62vqEtdDBbBVUlE0I1QdOygn1AE8pkOmHTmbizKQ2hG7c+CtuXCji1n9w5984bPQ1gMXDufcy73BDGjSjvOt1VYWl5ZXSulzY2t7Z37N29hKJxKSOBROyFSBFGOWkrqlmpBVLgqKAkWYwuJ74zSGRigp+p9OY+BHqcRpSjLSROvbhCF7CFHqS9voaSke4Ah65D6hQ5h27LJTcaAi8TNSRnkqHXsL68rcBIRrjFDSrVdJ9Z+hqSmJFxyUsUiREeoB5pG8pRJSfTb8Yw2OjdGEopCmu4VT9PZGhSKk0CkxnhHRfzXsT8T+vnejws8ojxNOJ4tChMGtYCTSGCXSoI1Sw1BWFJzK8R9JBHWJriSCcGdf3mRNE4rlNxb8/K1as8jiI4AEfgBLjgHFTBDaiBOsDgETyDV/BmPVkv1rv1MWstWPnMPvgD6/MHSpCXzQ=</latexit><latexit sha1_base64="UCspBMo2E7QqtwG/B9e+ZGaC5w=">ACBXicbVDLSsNAFJ3UV62vqEtdDBbBVUlE0I1QdOygn1AE8pkOmHTmbizKQ2hG7c+CtuXCji1n9w5984bPQ1gMXDufcy73BDGjSjvOt1VYWl5ZXSulzY2t7Z37N29hKJxKSOBROyFSBFGOWkrqlmpBVLgqKAkWYwuJ74zSGRigp+p9OY+BHqcRpSjLSROvbhCF7CFHqS9voaSke4Ah65D6hQ5h27LJTcaAi8TNSRnkqHXsL68rcBIRrjFDSrVdJ9Z+hqSmJFxyUsUiREeoB5pG8pRJSfTb8Yw2OjdGEopCmu4VT9PZGhSKk0CkxnhHRfzXsT8T+vnejws8ojxNOJ4tChMGtYCTSGCXSoI1Sw1BWFJzK8R9JBHWJriSCcGdf3mRNE4rlNxb8/K1as8jiI4AEfgBLjgHFTBDaiBOsDgETyDV/BmPVkv1rv1MWstWPnMPvgD6/MHSpCXzQ=</latexit>reflection rule (extensional type theory)
SLIDE 44
Not a single proof assistant for all but proof assistants for everyone 26
Undecidability of type checking
undecidable because it assumes that every equality can be computed by the system
x = y → x ≡ y
<latexit sha1_base64="UCspBMo2E7QqtwG/B9e+ZGaC5w=">ACBXicbVDLSsNAFJ3UV62vqEtdDBbBVUlE0I1QdOygn1AE8pkOmHTmbizKQ2hG7c+CtuXCji1n9w5984bPQ1gMXDufcy73BDGjSjvOt1VYWl5ZXSulzY2t7Z37N29hKJxKSOBROyFSBFGOWkrqlmpBVLgqKAkWYwuJ74zSGRigp+p9OY+BHqcRpSjLSROvbhCF7CFHqS9voaSke4Ah65D6hQ5h27LJTcaAi8TNSRnkqHXsL68rcBIRrjFDSrVdJ9Z+hqSmJFxyUsUiREeoB5pG8pRJSfTb8Yw2OjdGEopCmu4VT9PZGhSKk0CkxnhHRfzXsT8T+vnejws8ojxNOJ4tChMGtYCTSGCXSoI1Sw1BWFJzK8R9JBHWJriSCcGdf3mRNE4rlNxb8/K1as8jiI4AEfgBLjgHFTBDaiBOsDgETyDV/BmPVkv1rv1MWstWPnMPvgD6/MHSpCXzQ=</latexit><latexit sha1_base64="UCspBMo2E7QqtwG/B9e+ZGaC5w=">ACBXicbVDLSsNAFJ3UV62vqEtdDBbBVUlE0I1QdOygn1AE8pkOmHTmbizKQ2hG7c+CtuXCji1n9w5984bPQ1gMXDufcy73BDGjSjvOt1VYWl5ZXSulzY2t7Z37N29hKJxKSOBROyFSBFGOWkrqlmpBVLgqKAkWYwuJ74zSGRigp+p9OY+BHqcRpSjLSROvbhCF7CFHqS9voaSke4Ah65D6hQ5h27LJTcaAi8TNSRnkqHXsL68rcBIRrjFDSrVdJ9Z+hqSmJFxyUsUiREeoB5pG8pRJSfTb8Yw2OjdGEopCmu4VT9PZGhSKk0CkxnhHRfzXsT8T+vnejws8ojxNOJ4tChMGtYCTSGCXSoI1Sw1BWFJzK8R9JBHWJriSCcGdf3mRNE4rlNxb8/K1as8jiI4AEfgBLjgHFTBDaiBOsDgETyDV/BmPVkv1rv1MWstWPnMPvgD6/MHSpCXzQ=</latexit><latexit sha1_base64="UCspBMo2E7QqtwG/B9e+ZGaC5w=">ACBXicbVDLSsNAFJ3UV62vqEtdDBbBVUlE0I1QdOygn1AE8pkOmHTmbizKQ2hG7c+CtuXCji1n9w5984bPQ1gMXDufcy73BDGjSjvOt1VYWl5ZXSulzY2t7Z37N29hKJxKSOBROyFSBFGOWkrqlmpBVLgqKAkWYwuJ74zSGRigp+p9OY+BHqcRpSjLSROvbhCF7CFHqS9voaSke4Ah65D6hQ5h27LJTcaAi8TNSRnkqHXsL68rcBIRrjFDSrVdJ9Z+hqSmJFxyUsUiREeoB5pG8pRJSfTb8Yw2OjdGEopCmu4VT9PZGhSKk0CkxnhHRfzXsT8T+vnejws8ojxNOJ4tChMGtYCTSGCXSoI1Sw1BWFJzK8R9JBHWJriSCcGdf3mRNE4rlNxb8/K1as8jiI4AEfgBLjgHFTBDaiBOsDgETyDV/BmPVkv1rv1MWstWPnMPvgD6/MHSpCXzQ=</latexit><latexit sha1_base64="UCspBMo2E7QqtwG/B9e+ZGaC5w=">ACBXicbVDLSsNAFJ3UV62vqEtdDBbBVUlE0I1QdOygn1AE8pkOmHTmbizKQ2hG7c+CtuXCji1n9w5984bPQ1gMXDufcy73BDGjSjvOt1VYWl5ZXSulzY2t7Z37N29hKJxKSOBROyFSBFGOWkrqlmpBVLgqKAkWYwuJ74zSGRigp+p9OY+BHqcRpSjLSROvbhCF7CFHqS9voaSke4Ah65D6hQ5h27LJTcaAi8TNSRnkqHXsL68rcBIRrjFDSrVdJ9Z+hqSmJFxyUsUiREeoB5pG8pRJSfTb8Yw2OjdGEopCmu4VT9PZGhSKk0CkxnhHRfzXsT8T+vnejws8ojxNOJ4tChMGtYCTSGCXSoI1Sw1BWFJzK8R9JBHWJriSCcGdf3mRNE4rlNxb8/K1as8jiI4AEfgBLjgHFTBDaiBOsDgETyDV/BmPVkv1rv1MWstWPnMPvgD6/MHSpCXzQ=</latexit>reflection rule (extensional type theory)
SLIDE 45
Not a single proof assistant for all but proof assistants for everyone 27
Invalid Dependent Elimination
SLIDE 46
Not a single proof assistant for all but proof assistants for everyone 27
Invalid Dependent Elimination
∀ n m : N, n + m = m + n
<latexit sha1_base64="PlLs5PIR+/xD+RLAbN3vip0bvQ=">ACF3icbVDLSsNAFJ34rPUVdelmsAhCpSQiKIJQdONKtgHNKFMpN26MwkzEyEvoXbvwVNy4Ucas7/8ZJmoW2XrhwOde7rkniBlV2nG+rYXFpeWV1dJaeX1jc2vb3tltqSiRmDRxCLZCZAijArS1FQz0oklQTxgpB2MrjO9/UCkopG41+OY+BwNBA0pRtpQPbvmhZFEjEPCtMcXkCPIz0MgvR2cpyzVcNemq4a3LMrTs3JC84DtwAVUFSjZ395/QgnAiNGVKq6zqx9lMkNcWMTMpeokiM8AgNSNdAgThRfpr/NYGHhulDY9C0DBnf2+kiCs15oGZzDyrWS0j/9O6iQ7P/ZSKONFE4OmhMGFQRzALCfapJFizsQEIS2q8QjxEmFtoiybENzZl+dB6TmOjX37rRSvyriKIF9cACOgAvOQB3cgAZoAgwewTN4BW/Wk/VivVsf09EFq9jZA3/K+vwBzvib4Q=</latexit><latexit sha1_base64="PlLs5PIR+/xD+RLAbN3vip0bvQ=">ACF3icbVDLSsNAFJ34rPUVdelmsAhCpSQiKIJQdONKtgHNKFMpN26MwkzEyEvoXbvwVNy4Ucas7/8ZJmoW2XrhwOde7rkniBlV2nG+rYXFpeWV1dJaeX1jc2vb3tltqSiRmDRxCLZCZAijArS1FQz0oklQTxgpB2MrjO9/UCkopG41+OY+BwNBA0pRtpQPbvmhZFEjEPCtMcXkCPIz0MgvR2cpyzVcNemq4a3LMrTs3JC84DtwAVUFSjZ395/QgnAiNGVKq6zqx9lMkNcWMTMpeokiM8AgNSNdAgThRfpr/NYGHhulDY9C0DBnf2+kiCs15oGZzDyrWS0j/9O6iQ7P/ZSKONFE4OmhMGFQRzALCfapJFizsQEIS2q8QjxEmFtoiybENzZl+dB6TmOjX37rRSvyriKIF9cACOgAvOQB3cgAZoAgwewTN4BW/Wk/VivVsf09EFq9jZA3/K+vwBzvib4Q=</latexit><latexit sha1_base64="PlLs5PIR+/xD+RLAbN3vip0bvQ=">ACF3icbVDLSsNAFJ34rPUVdelmsAhCpSQiKIJQdONKtgHNKFMpN26MwkzEyEvoXbvwVNy4Ucas7/8ZJmoW2XrhwOde7rkniBlV2nG+rYXFpeWV1dJaeX1jc2vb3tltqSiRmDRxCLZCZAijArS1FQz0oklQTxgpB2MrjO9/UCkopG41+OY+BwNBA0pRtpQPbvmhZFEjEPCtMcXkCPIz0MgvR2cpyzVcNemq4a3LMrTs3JC84DtwAVUFSjZ395/QgnAiNGVKq6zqx9lMkNcWMTMpeokiM8AgNSNdAgThRfpr/NYGHhulDY9C0DBnf2+kiCs15oGZzDyrWS0j/9O6iQ7P/ZSKONFE4OmhMGFQRzALCfapJFizsQEIS2q8QjxEmFtoiybENzZl+dB6TmOjX37rRSvyriKIF9cACOgAvOQB3cgAZoAgwewTN4BW/Wk/VivVsf09EFq9jZA3/K+vwBzvib4Q=</latexit><latexit sha1_base64="PlLs5PIR+/xD+RLAbN3vip0bvQ=">ACF3icbVDLSsNAFJ34rPUVdelmsAhCpSQiKIJQdONKtgHNKFMpN26MwkzEyEvoXbvwVNy4Ucas7/8ZJmoW2XrhwOde7rkniBlV2nG+rYXFpeWV1dJaeX1jc2vb3tltqSiRmDRxCLZCZAijArS1FQz0oklQTxgpB2MrjO9/UCkopG41+OY+BwNBA0pRtpQPbvmhZFEjEPCtMcXkCPIz0MgvR2cpyzVcNemq4a3LMrTs3JC84DtwAVUFSjZ395/QgnAiNGVKq6zqx9lMkNcWMTMpeokiM8AgNSNdAgThRfpr/NYGHhulDY9C0DBnf2+kiCs15oGZzDyrWS0j/9O6iQ7P/ZSKONFE4OmhMGFQRzALCfapJFizsQEIS2q8QjxEmFtoiybENzZl+dB6TmOjX37rRSvyriKIF9cACOgAvOQB3cgAZoAgwewTN4BW/Wk/VivVsf09EFq9jZA3/K+vwBzvib4Q=</latexit> SLIDE 47
Not a single proof assistant for all but proof assistants for everyone 27
Invalid Dependent Elimination
∀ n m : N, n + m = m + n
<latexit sha1_base64="PlLs5PIR+/xD+RLAbN3vip0bvQ=">ACF3icbVDLSsNAFJ34rPUVdelmsAhCpSQiKIJQdONKtgHNKFMpN26MwkzEyEvoXbvwVNy4Ucas7/8ZJmoW2XrhwOde7rkniBlV2nG+rYXFpeWV1dJaeX1jc2vb3tltqSiRmDRxCLZCZAijArS1FQz0oklQTxgpB2MrjO9/UCkopG41+OY+BwNBA0pRtpQPbvmhZFEjEPCtMcXkCPIz0MgvR2cpyzVcNemq4a3LMrTs3JC84DtwAVUFSjZ395/QgnAiNGVKq6zqx9lMkNcWMTMpeokiM8AgNSNdAgThRfpr/NYGHhulDY9C0DBnf2+kiCs15oGZzDyrWS0j/9O6iQ7P/ZSKONFE4OmhMGFQRzALCfapJFizsQEIS2q8QjxEmFtoiybENzZl+dB6TmOjX37rRSvyriKIF9cACOgAvOQB3cgAZoAgwewTN4BW/Wk/VivVsf09EFq9jZA3/K+vwBzvib4Q=</latexit><latexit sha1_base64="PlLs5PIR+/xD+RLAbN3vip0bvQ=">ACF3icbVDLSsNAFJ34rPUVdelmsAhCpSQiKIJQdONKtgHNKFMpN26MwkzEyEvoXbvwVNy4Ucas7/8ZJmoW2XrhwOde7rkniBlV2nG+rYXFpeWV1dJaeX1jc2vb3tltqSiRmDRxCLZCZAijArS1FQz0oklQTxgpB2MrjO9/UCkopG41+OY+BwNBA0pRtpQPbvmhZFEjEPCtMcXkCPIz0MgvR2cpyzVcNemq4a3LMrTs3JC84DtwAVUFSjZ395/QgnAiNGVKq6zqx9lMkNcWMTMpeokiM8AgNSNdAgThRfpr/NYGHhulDY9C0DBnf2+kiCs15oGZzDyrWS0j/9O6iQ7P/ZSKONFE4OmhMGFQRzALCfapJFizsQEIS2q8QjxEmFtoiybENzZl+dB6TmOjX37rRSvyriKIF9cACOgAvOQB3cgAZoAgwewTN4BW/Wk/VivVsf09EFq9jZA3/K+vwBzvib4Q=</latexit><latexit sha1_base64="PlLs5PIR+/xD+RLAbN3vip0bvQ=">ACF3icbVDLSsNAFJ34rPUVdelmsAhCpSQiKIJQdONKtgHNKFMpN26MwkzEyEvoXbvwVNy4Ucas7/8ZJmoW2XrhwOde7rkniBlV2nG+rYXFpeWV1dJaeX1jc2vb3tltqSiRmDRxCLZCZAijArS1FQz0oklQTxgpB2MrjO9/UCkopG41+OY+BwNBA0pRtpQPbvmhZFEjEPCtMcXkCPIz0MgvR2cpyzVcNemq4a3LMrTs3JC84DtwAVUFSjZ395/QgnAiNGVKq6zqx9lMkNcWMTMpeokiM8AgNSNdAgThRfpr/NYGHhulDY9C0DBnf2+kiCs15oGZzDyrWS0j/9O6iQ7P/ZSKONFE4OmhMGFQRzALCfapJFizsQEIS2q8QjxEmFtoiybENzZl+dB6TmOjX37rRSvyriKIF9cACOgAvOQB3cgAZoAgwewTN4BW/Wk/VivVsf09EFq9jZA3/K+vwBzvib4Q=</latexit><latexit sha1_base64="PlLs5PIR+/xD+RLAbN3vip0bvQ=">ACF3icbVDLSsNAFJ34rPUVdelmsAhCpSQiKIJQdONKtgHNKFMpN26MwkzEyEvoXbvwVNy4Ucas7/8ZJmoW2XrhwOde7rkniBlV2nG+rYXFpeWV1dJaeX1jc2vb3tltqSiRmDRxCLZCZAijArS1FQz0oklQTxgpB2MrjO9/UCkopG41+OY+BwNBA0pRtpQPbvmhZFEjEPCtMcXkCPIz0MgvR2cpyzVcNemq4a3LMrTs3JC84DtwAVUFSjZ395/QgnAiNGVKq6zqx9lMkNcWMTMpeokiM8AgNSNdAgThRfpr/NYGHhulDY9C0DBnf2+kiCs15oGZzDyrWS0j/9O6iQ7P/ZSKONFE4OmhMGFQRzALCfapJFizsQEIS2q8QjxEmFtoiybENzZl+dB6TmOjX37rRSvyriKIF9cACOgAvOQB3cgAZoAgwewTN4BW/Wk/VivVsf09EFq9jZA3/K+vwBzvib4Q=</latexit>Provable by induction on n
SLIDE 48
Not a single proof assistant for all but proof assistants for everyone 28
Invalid Dependent Elimination
- (n , m) => n + m = m + n
∀ n m : N, n + m = m + n
<latexit sha1_base64="PlLs5PIR+/xD+RLAbN3vip0bvQ=">ACF3icbVDLSsNAFJ34rPUVdelmsAhCpSQiKIJQdONKtgHNKFMpN26MwkzEyEvoXbvwVNy4Ucas7/8ZJmoW2XrhwOde7rkniBlV2nG+rYXFpeWV1dJaeX1jc2vb3tltqSiRmDRxCLZCZAijArS1FQz0oklQTxgpB2MrjO9/UCkopG41+OY+BwNBA0pRtpQPbvmhZFEjEPCtMcXkCPIz0MgvR2cpyzVcNemq4a3LMrTs3JC84DtwAVUFSjZ395/QgnAiNGVKq6zqx9lMkNcWMTMpeokiM8AgNSNdAgThRfpr/NYGHhulDY9C0DBnf2+kiCs15oGZzDyrWS0j/9O6iQ7P/ZSKONFE4OmhMGFQRzALCfapJFizsQEIS2q8QjxEmFtoiybENzZl+dB6TmOjX37rRSvyriKIF9cACOgAvOQB3cgAZoAgwewTN4BW/Wk/VivVsf09EFq9jZA3/K+vwBzvib4Q=</latexit><latexit sha1_base64="PlLs5PIR+/xD+RLAbN3vip0bvQ=">ACF3icbVDLSsNAFJ34rPUVdelmsAhCpSQiKIJQdONKtgHNKFMpN26MwkzEyEvoXbvwVNy4Ucas7/8ZJmoW2XrhwOde7rkniBlV2nG+rYXFpeWV1dJaeX1jc2vb3tltqSiRmDRxCLZCZAijArS1FQz0oklQTxgpB2MrjO9/UCkopG41+OY+BwNBA0pRtpQPbvmhZFEjEPCtMcXkCPIz0MgvR2cpyzVcNemq4a3LMrTs3JC84DtwAVUFSjZ395/QgnAiNGVKq6zqx9lMkNcWMTMpeokiM8AgNSNdAgThRfpr/NYGHhulDY9C0DBnf2+kiCs15oGZzDyrWS0j/9O6iQ7P/ZSKONFE4OmhMGFQRzALCfapJFizsQEIS2q8QjxEmFtoiybENzZl+dB6TmOjX37rRSvyriKIF9cACOgAvOQB3cgAZoAgwewTN4BW/Wk/VivVsf09EFq9jZA3/K+vwBzvib4Q=</latexit><latexit sha1_base64="PlLs5PIR+/xD+RLAbN3vip0bvQ=">ACF3icbVDLSsNAFJ34rPUVdelmsAhCpSQiKIJQdONKtgHNKFMpN26MwkzEyEvoXbvwVNy4Ucas7/8ZJmoW2XrhwOde7rkniBlV2nG+rYXFpeWV1dJaeX1jc2vb3tltqSiRmDRxCLZCZAijArS1FQz0oklQTxgpB2MrjO9/UCkopG41+OY+BwNBA0pRtpQPbvmhZFEjEPCtMcXkCPIz0MgvR2cpyzVcNemq4a3LMrTs3JC84DtwAVUFSjZ395/QgnAiNGVKq6zqx9lMkNcWMTMpeokiM8AgNSNdAgThRfpr/NYGHhulDY9C0DBnf2+kiCs15oGZzDyrWS0j/9O6iQ7P/ZSKONFE4OmhMGFQRzALCfapJFizsQEIS2q8QjxEmFtoiybENzZl+dB6TmOjX37rRSvyriKIF9cACOgAvOQB3cgAZoAgwewTN4BW/Wk/VivVsf09EFq9jZA3/K+vwBzvib4Q=</latexit><latexit sha1_base64="PlLs5PIR+/xD+RLAbN3vip0bvQ=">ACF3icbVDLSsNAFJ34rPUVdelmsAhCpSQiKIJQdONKtgHNKFMpN26MwkzEyEvoXbvwVNy4Ucas7/8ZJmoW2XrhwOde7rkniBlV2nG+rYXFpeWV1dJaeX1jc2vb3tltqSiRmDRxCLZCZAijArS1FQz0oklQTxgpB2MrjO9/UCkopG41+OY+BwNBA0pRtpQPbvmhZFEjEPCtMcXkCPIz0MgvR2cpyzVcNemq4a3LMrTs3JC84DtwAVUFSjZ395/QgnAiNGVKq6zqx9lMkNcWMTMpeokiM8AgNSNdAgThRfpr/NYGHhulDY9C0DBnf2+kiCs15oGZzDyrWS0j/9O6iQ7P/ZSKONFE4OmhMGFQRzALCfapJFizsQEIS2q8QjxEmFtoiybENzZl+dB6TmOjX37rRSvyriKIF9cACOgAvOQB3cgAZoAgwewTN4BW/Wk/VivVsf09EFq9jZA3/K+vwBzvib4Q=</latexit> SLIDE 49
Not a single proof assistant for all but proof assistants for everyone 28
Invalid Dependent Elimination
- (3 , 5) => 8 = 8dddddddd
- (n , m) => n + m = m + n
∀ n m : N, n + m = m + n
<latexit sha1_base64="PlLs5PIR+/xD+RLAbN3vip0bvQ=">ACF3icbVDLSsNAFJ34rPUVdelmsAhCpSQiKIJQdONKtgHNKFMpN26MwkzEyEvoXbvwVNy4Ucas7/8ZJmoW2XrhwOde7rkniBlV2nG+rYXFpeWV1dJaeX1jc2vb3tltqSiRmDRxCLZCZAijArS1FQz0oklQTxgpB2MrjO9/UCkopG41+OY+BwNBA0pRtpQPbvmhZFEjEPCtMcXkCPIz0MgvR2cpyzVcNemq4a3LMrTs3JC84DtwAVUFSjZ395/QgnAiNGVKq6zqx9lMkNcWMTMpeokiM8AgNSNdAgThRfpr/NYGHhulDY9C0DBnf2+kiCs15oGZzDyrWS0j/9O6iQ7P/ZSKONFE4OmhMGFQRzALCfapJFizsQEIS2q8QjxEmFtoiybENzZl+dB6TmOjX37rRSvyriKIF9cACOgAvOQB3cgAZoAgwewTN4BW/Wk/VivVsf09EFq9jZA3/K+vwBzvib4Q=</latexit><latexit sha1_base64="PlLs5PIR+/xD+RLAbN3vip0bvQ=">ACF3icbVDLSsNAFJ34rPUVdelmsAhCpSQiKIJQdONKtgHNKFMpN26MwkzEyEvoXbvwVNy4Ucas7/8ZJmoW2XrhwOde7rkniBlV2nG+rYXFpeWV1dJaeX1jc2vb3tltqSiRmDRxCLZCZAijArS1FQz0oklQTxgpB2MrjO9/UCkopG41+OY+BwNBA0pRtpQPbvmhZFEjEPCtMcXkCPIz0MgvR2cpyzVcNemq4a3LMrTs3JC84DtwAVUFSjZ395/QgnAiNGVKq6zqx9lMkNcWMTMpeokiM8AgNSNdAgThRfpr/NYGHhulDY9C0DBnf2+kiCs15oGZzDyrWS0j/9O6iQ7P/ZSKONFE4OmhMGFQRzALCfapJFizsQEIS2q8QjxEmFtoiybENzZl+dB6TmOjX37rRSvyriKIF9cACOgAvOQB3cgAZoAgwewTN4BW/Wk/VivVsf09EFq9jZA3/K+vwBzvib4Q=</latexit><latexit sha1_base64="PlLs5PIR+/xD+RLAbN3vip0bvQ=">ACF3icbVDLSsNAFJ34rPUVdelmsAhCpSQiKIJQdONKtgHNKFMpN26MwkzEyEvoXbvwVNy4Ucas7/8ZJmoW2XrhwOde7rkniBlV2nG+rYXFpeWV1dJaeX1jc2vb3tltqSiRmDRxCLZCZAijArS1FQz0oklQTxgpB2MrjO9/UCkopG41+OY+BwNBA0pRtpQPbvmhZFEjEPCtMcXkCPIz0MgvR2cpyzVcNemq4a3LMrTs3JC84DtwAVUFSjZ395/QgnAiNGVKq6zqx9lMkNcWMTMpeokiM8AgNSNdAgThRfpr/NYGHhulDY9C0DBnf2+kiCs15oGZzDyrWS0j/9O6iQ7P/ZSKONFE4OmhMGFQRzALCfapJFizsQEIS2q8QjxEmFtoiybENzZl+dB6TmOjX37rRSvyriKIF9cACOgAvOQB3cgAZoAgwewTN4BW/Wk/VivVsf09EFq9jZA3/K+vwBzvib4Q=</latexit><latexit sha1_base64="PlLs5PIR+/xD+RLAbN3vip0bvQ=">ACF3icbVDLSsNAFJ34rPUVdelmsAhCpSQiKIJQdONKtgHNKFMpN26MwkzEyEvoXbvwVNy4Ucas7/8ZJmoW2XrhwOde7rkniBlV2nG+rYXFpeWV1dJaeX1jc2vb3tltqSiRmDRxCLZCZAijArS1FQz0oklQTxgpB2MrjO9/UCkopG41+OY+BwNBA0pRtpQPbvmhZFEjEPCtMcXkCPIz0MgvR2cpyzVcNemq4a3LMrTs3JC84DtwAVUFSjZ395/QgnAiNGVKq6zqx9lMkNcWMTMpeokiM8AgNSNdAgThRfpr/NYGHhulDY9C0DBnf2+kiCs15oGZzDyrWS0j/9O6iQ7P/ZSKONFE4OmhMGFQRzALCfapJFizsQEIS2q8QjxEmFtoiybENzZl+dB6TmOjX37rRSvyriKIF9cACOgAvOQB3cgAZoAgwewTN4BW/Wk/VivVsf09EFq9jZA3/K+vwBzvib4Q=</latexit> SLIDE 50
Not a single proof assistant for all but proof assistants for everyone 28
Invalid Dependent Elimination
- (3 , 5) => 8 = 8dddddddd
- (raise “foo”, 8) => raise “foo” = raise “foo”
- (n , m) => n + m = m + n
∀ n m : N, n + m = m + n
<latexit sha1_base64="PlLs5PIR+/xD+RLAbN3vip0bvQ=">ACF3icbVDLSsNAFJ34rPUVdelmsAhCpSQiKIJQdONKtgHNKFMpN26MwkzEyEvoXbvwVNy4Ucas7/8ZJmoW2XrhwOde7rkniBlV2nG+rYXFpeWV1dJaeX1jc2vb3tltqSiRmDRxCLZCZAijArS1FQz0oklQTxgpB2MrjO9/UCkopG41+OY+BwNBA0pRtpQPbvmhZFEjEPCtMcXkCPIz0MgvR2cpyzVcNemq4a3LMrTs3JC84DtwAVUFSjZ395/QgnAiNGVKq6zqx9lMkNcWMTMpeokiM8AgNSNdAgThRfpr/NYGHhulDY9C0DBnf2+kiCs15oGZzDyrWS0j/9O6iQ7P/ZSKONFE4OmhMGFQRzALCfapJFizsQEIS2q8QjxEmFtoiybENzZl+dB6TmOjX37rRSvyriKIF9cACOgAvOQB3cgAZoAgwewTN4BW/Wk/VivVsf09EFq9jZA3/K+vwBzvib4Q=</latexit><latexit sha1_base64="PlLs5PIR+/xD+RLAbN3vip0bvQ=">ACF3icbVDLSsNAFJ34rPUVdelmsAhCpSQiKIJQdONKtgHNKFMpN26MwkzEyEvoXbvwVNy4Ucas7/8ZJmoW2XrhwOde7rkniBlV2nG+rYXFpeWV1dJaeX1jc2vb3tltqSiRmDRxCLZCZAijArS1FQz0oklQTxgpB2MrjO9/UCkopG41+OY+BwNBA0pRtpQPbvmhZFEjEPCtMcXkCPIz0MgvR2cpyzVcNemq4a3LMrTs3JC84DtwAVUFSjZ395/QgnAiNGVKq6zqx9lMkNcWMTMpeokiM8AgNSNdAgThRfpr/NYGHhulDY9C0DBnf2+kiCs15oGZzDyrWS0j/9O6iQ7P/ZSKONFE4OmhMGFQRzALCfapJFizsQEIS2q8QjxEmFtoiybENzZl+dB6TmOjX37rRSvyriKIF9cACOgAvOQB3cgAZoAgwewTN4BW/Wk/VivVsf09EFq9jZA3/K+vwBzvib4Q=</latexit><latexit sha1_base64="PlLs5PIR+/xD+RLAbN3vip0bvQ=">ACF3icbVDLSsNAFJ34rPUVdelmsAhCpSQiKIJQdONKtgHNKFMpN26MwkzEyEvoXbvwVNy4Ucas7/8ZJmoW2XrhwOde7rkniBlV2nG+rYXFpeWV1dJaeX1jc2vb3tltqSiRmDRxCLZCZAijArS1FQz0oklQTxgpB2MrjO9/UCkopG41+OY+BwNBA0pRtpQPbvmhZFEjEPCtMcXkCPIz0MgvR2cpyzVcNemq4a3LMrTs3JC84DtwAVUFSjZ395/QgnAiNGVKq6zqx9lMkNcWMTMpeokiM8AgNSNdAgThRfpr/NYGHhulDY9C0DBnf2+kiCs15oGZzDyrWS0j/9O6iQ7P/ZSKONFE4OmhMGFQRzALCfapJFizsQEIS2q8QjxEmFtoiybENzZl+dB6TmOjX37rRSvyriKIF9cACOgAvOQB3cgAZoAgwewTN4BW/Wk/VivVsf09EFq9jZA3/K+vwBzvib4Q=</latexit><latexit sha1_base64="PlLs5PIR+/xD+RLAbN3vip0bvQ=">ACF3icbVDLSsNAFJ34rPUVdelmsAhCpSQiKIJQdONKtgHNKFMpN26MwkzEyEvoXbvwVNy4Ucas7/8ZJmoW2XrhwOde7rkniBlV2nG+rYXFpeWV1dJaeX1jc2vb3tltqSiRmDRxCLZCZAijArS1FQz0oklQTxgpB2MrjO9/UCkopG41+OY+BwNBA0pRtpQPbvmhZFEjEPCtMcXkCPIz0MgvR2cpyzVcNemq4a3LMrTs3JC84DtwAVUFSjZ395/QgnAiNGVKq6zqx9lMkNcWMTMpeokiM8AgNSNdAgThRfpr/NYGHhulDY9C0DBnf2+kiCs15oGZzDyrWS0j/9O6iQ7P/ZSKONFE4OmhMGFQRzALCfapJFizsQEIS2q8QjxEmFtoiybENzZl+dB6TmOjX37rRSvyriKIF9cACOgAvOQB3cgAZoAgwewTN4BW/Wk/VivVsf09EFq9jZA3/K+vwBzvib4Q=</latexit> SLIDE 51
Not a single proof assistant for all but proof assistants for everyone 28
Invalid Dependent Elimination
- (3 , 5) => 8 = 8dddddddd
- (raise “foo”, 8) => raise “foo” = raise “foo”
- (raise “foo” , raise “bar”) => raise “foo” = raise “bar”dddddddd
- (n , m) => n + m = m + n
∀ n m : N, n + m = m + n
<latexit sha1_base64="PlLs5PIR+/xD+RLAbN3vip0bvQ=">ACF3icbVDLSsNAFJ34rPUVdelmsAhCpSQiKIJQdONKtgHNKFMpN26MwkzEyEvoXbvwVNy4Ucas7/8ZJmoW2XrhwOde7rkniBlV2nG+rYXFpeWV1dJaeX1jc2vb3tltqSiRmDRxCLZCZAijArS1FQz0oklQTxgpB2MrjO9/UCkopG41+OY+BwNBA0pRtpQPbvmhZFEjEPCtMcXkCPIz0MgvR2cpyzVcNemq4a3LMrTs3JC84DtwAVUFSjZ395/QgnAiNGVKq6zqx9lMkNcWMTMpeokiM8AgNSNdAgThRfpr/NYGHhulDY9C0DBnf2+kiCs15oGZzDyrWS0j/9O6iQ7P/ZSKONFE4OmhMGFQRzALCfapJFizsQEIS2q8QjxEmFtoiybENzZl+dB6TmOjX37rRSvyriKIF9cACOgAvOQB3cgAZoAgwewTN4BW/Wk/VivVsf09EFq9jZA3/K+vwBzvib4Q=</latexit><latexit sha1_base64="PlLs5PIR+/xD+RLAbN3vip0bvQ=">ACF3icbVDLSsNAFJ34rPUVdelmsAhCpSQiKIJQdONKtgHNKFMpN26MwkzEyEvoXbvwVNy4Ucas7/8ZJmoW2XrhwOde7rkniBlV2nG+rYXFpeWV1dJaeX1jc2vb3tltqSiRmDRxCLZCZAijArS1FQz0oklQTxgpB2MrjO9/UCkopG41+OY+BwNBA0pRtpQPbvmhZFEjEPCtMcXkCPIz0MgvR2cpyzVcNemq4a3LMrTs3JC84DtwAVUFSjZ395/QgnAiNGVKq6zqx9lMkNcWMTMpeokiM8AgNSNdAgThRfpr/NYGHhulDY9C0DBnf2+kiCs15oGZzDyrWS0j/9O6iQ7P/ZSKONFE4OmhMGFQRzALCfapJFizsQEIS2q8QjxEmFtoiybENzZl+dB6TmOjX37rRSvyriKIF9cACOgAvOQB3cgAZoAgwewTN4BW/Wk/VivVsf09EFq9jZA3/K+vwBzvib4Q=</latexit><latexit sha1_base64="PlLs5PIR+/xD+RLAbN3vip0bvQ=">ACF3icbVDLSsNAFJ34rPUVdelmsAhCpSQiKIJQdONKtgHNKFMpN26MwkzEyEvoXbvwVNy4Ucas7/8ZJmoW2XrhwOde7rkniBlV2nG+rYXFpeWV1dJaeX1jc2vb3tltqSiRmDRxCLZCZAijArS1FQz0oklQTxgpB2MrjO9/UCkopG41+OY+BwNBA0pRtpQPbvmhZFEjEPCtMcXkCPIz0MgvR2cpyzVcNemq4a3LMrTs3JC84DtwAVUFSjZ395/QgnAiNGVKq6zqx9lMkNcWMTMpeokiM8AgNSNdAgThRfpr/NYGHhulDY9C0DBnf2+kiCs15oGZzDyrWS0j/9O6iQ7P/ZSKONFE4OmhMGFQRzALCfapJFizsQEIS2q8QjxEmFtoiybENzZl+dB6TmOjX37rRSvyriKIF9cACOgAvOQB3cgAZoAgwewTN4BW/Wk/VivVsf09EFq9jZA3/K+vwBzvib4Q=</latexit><latexit sha1_base64="PlLs5PIR+/xD+RLAbN3vip0bvQ=">ACF3icbVDLSsNAFJ34rPUVdelmsAhCpSQiKIJQdONKtgHNKFMpN26MwkzEyEvoXbvwVNy4Ucas7/8ZJmoW2XrhwOde7rkniBlV2nG+rYXFpeWV1dJaeX1jc2vb3tltqSiRmDRxCLZCZAijArS1FQz0oklQTxgpB2MrjO9/UCkopG41+OY+BwNBA0pRtpQPbvmhZFEjEPCtMcXkCPIz0MgvR2cpyzVcNemq4a3LMrTs3JC84DtwAVUFSjZ395/QgnAiNGVKq6zqx9lMkNcWMTMpeokiM8AgNSNdAgThRfpr/NYGHhulDY9C0DBnf2+kiCs15oGZzDyrWS0j/9O6iQ7P/ZSKONFE4OmhMGFQRzALCfapJFizsQEIS2q8QjxEmFtoiybENzZl+dB6TmOjX37rRSvyriKIF9cACOgAvOQB3cgAZoAgwewTN4BW/Wk/VivVsf09EFq9jZA3/K+vwBzvib4Q=</latexit> SLIDE 52
Not a single proof assistant for all but proof assistants for everyone 29
Invalid Dependent Elimination
∀ n m : N, n + m = m + n
<latexit sha1_base64="PlLs5PIR+/xD+RLAbN3vip0bvQ=">ACF3icbVDLSsNAFJ34rPUVdelmsAhCpSQiKIJQdONKtgHNKFMpN26MwkzEyEvoXbvwVNy4Ucas7/8ZJmoW2XrhwOde7rkniBlV2nG+rYXFpeWV1dJaeX1jc2vb3tltqSiRmDRxCLZCZAijArS1FQz0oklQTxgpB2MrjO9/UCkopG41+OY+BwNBA0pRtpQPbvmhZFEjEPCtMcXkCPIz0MgvR2cpyzVcNemq4a3LMrTs3JC84DtwAVUFSjZ395/QgnAiNGVKq6zqx9lMkNcWMTMpeokiM8AgNSNdAgThRfpr/NYGHhulDY9C0DBnf2+kiCs15oGZzDyrWS0j/9O6iQ7P/ZSKONFE4OmhMGFQRzALCfapJFizsQEIS2q8QjxEmFtoiybENzZl+dB6TmOjX37rRSvyriKIF9cACOgAvOQB3cgAZoAgwewTN4BW/Wk/VivVsf09EFq9jZA3/K+vwBzvib4Q=</latexit><latexit sha1_base64="PlLs5PIR+/xD+RLAbN3vip0bvQ=">ACF3icbVDLSsNAFJ34rPUVdelmsAhCpSQiKIJQdONKtgHNKFMpN26MwkzEyEvoXbvwVNy4Ucas7/8ZJmoW2XrhwOde7rkniBlV2nG+rYXFpeWV1dJaeX1jc2vb3tltqSiRmDRxCLZCZAijArS1FQz0oklQTxgpB2MrjO9/UCkopG41+OY+BwNBA0pRtpQPbvmhZFEjEPCtMcXkCPIz0MgvR2cpyzVcNemq4a3LMrTs3JC84DtwAVUFSjZ395/QgnAiNGVKq6zqx9lMkNcWMTMpeokiM8AgNSNdAgThRfpr/NYGHhulDY9C0DBnf2+kiCs15oGZzDyrWS0j/9O6iQ7P/ZSKONFE4OmhMGFQRzALCfapJFizsQEIS2q8QjxEmFtoiybENzZl+dB6TmOjX37rRSvyriKIF9cACOgAvOQB3cgAZoAgwewTN4BW/Wk/VivVsf09EFq9jZA3/K+vwBzvib4Q=</latexit><latexit sha1_base64="PlLs5PIR+/xD+RLAbN3vip0bvQ=">ACF3icbVDLSsNAFJ34rPUVdelmsAhCpSQiKIJQdONKtgHNKFMpN26MwkzEyEvoXbvwVNy4Ucas7/8ZJmoW2XrhwOde7rkniBlV2nG+rYXFpeWV1dJaeX1jc2vb3tltqSiRmDRxCLZCZAijArS1FQz0oklQTxgpB2MrjO9/UCkopG41+OY+BwNBA0pRtpQPbvmhZFEjEPCtMcXkCPIz0MgvR2cpyzVcNemq4a3LMrTs3JC84DtwAVUFSjZ395/QgnAiNGVKq6zqx9lMkNcWMTMpeokiM8AgNSNdAgThRfpr/NYGHhulDY9C0DBnf2+kiCs15oGZzDyrWS0j/9O6iQ7P/ZSKONFE4OmhMGFQRzALCfapJFizsQEIS2q8QjxEmFtoiybENzZl+dB6TmOjX37rRSvyriKIF9cACOgAvOQB3cgAZoAgwewTN4BW/Wk/VivVsf09EFq9jZA3/K+vwBzvib4Q=</latexit><latexit sha1_base64="PlLs5PIR+/xD+RLAbN3vip0bvQ=">ACF3icbVDLSsNAFJ34rPUVdelmsAhCpSQiKIJQdONKtgHNKFMpN26MwkzEyEvoXbvwVNy4Ucas7/8ZJmoW2XrhwOde7rkniBlV2nG+rYXFpeWV1dJaeX1jc2vb3tltqSiRmDRxCLZCZAijArS1FQz0oklQTxgpB2MrjO9/UCkopG41+OY+BwNBA0pRtpQPbvmhZFEjEPCtMcXkCPIz0MgvR2cpyzVcNemq4a3LMrTs3JC84DtwAVUFSjZ395/QgnAiNGVKq6zqx9lMkNcWMTMpeokiM8AgNSNdAgThRfpr/NYGHhulDY9C0DBnf2+kiCs15oGZzDyrWS0j/9O6iQ7P/ZSKONFE4OmhMGFQRzALCfapJFizsQEIS2q8QjxEmFtoiybENzZl+dB6TmOjX37rRSvyriKIF9cACOgAvOQB3cgAZoAgwewTN4BW/Wk/VivVsf09EFq9jZA3/K+vwBzvib4Q=</latexit>Not true in presence of effects
SLIDE 53
Not a single proof assistant for all but proof assistants for everyone 30
Effectful Hierarchies of Universes
This means we need to consider more complex type theories with several hierarchies of universes: pure exceptional ICFP’19 stateful non-terminating
SLIDE 54
Not a single proof assistant for all but proof assistants for everyone 31
- 1. By modifying the kernel of Coq
ITP’14, POPL’19
- 2. By a direct encoding (“high level syntactic sugar”)
ICFP’16, JFP’18, ICFP’18, CPP’19
- 3. By a compilation phase into the initial system
LICS’12, LICS’16, LICS’17, ESOP’18, ICFP’19 There are (at least) three ways to extend Coq:
SLIDE 55
Not a single proof assistant for all but proof assistants for everyone 32
- 1. By modifying the kernel of Coq
- 2. By a direct encoding (“high level syntactic sugar”)
- 3. By a compilation phase into the initial system
There are (at least) three ways to extend Coq:
SLIDE 56
Not a single proof assistant for all but proof assistants for everyone
Definitional Proof-Irrelevance without K
33
- Γ ⊢ A : i
Γ ⊢ x : A Γ ⊢ y : A Γ ⊢ x ≡ y : A
SLIDE 57
Not a single proof assistant for all but proof assistants for everyone
Definitional Proof-Irrelevance without K
33
- Γ ⊢ A : i
Γ ⊢ x : A Γ ⊢ y : A Γ ⊢ x ≡ y : A
- (n;prime_n)
= (n;prime_n)
SLIDE 58
Not a single proof assistant for all but proof assistants for everyone
Definitional Proof-Irrelevance without K
33
Agda
8.10 2.6
- Γ ⊢ A : i
Γ ⊢ x : A Γ ⊢ y : A Γ ⊢ x ≡ y : A
SLIDE 59
Not a single proof assistant for all but proof assistants for everyone 34
- 1. By modifying the kernel of Coq
- 2. By a direct encoding (“high level syntactic sugar”)
- 3. By a compilation phase into the initial system
There are (at least) three ways to extend Coq:
SLIDE 60
Not a single proof assistant for all but proof assistants for everyone
: N N :=
BinNat
Univalent Parametricity ICFP’18
35
SLIDE 61
Not a single proof assistant for all but proof assistants for everyone
: N N :=
BinNat
Univalent Parametricity ICFP’18
35
SLIDE 62
Not a single proof assistant for all but proof assistants for everyone
: N N :=
BinNat
Univalent Parametricity ICFP’18
35
SLIDE 63
Not a single proof assistant for all but proof assistants for everyone
: N N :=
BinNat
Univalent Parametricity ICFP’18
automatic lifting using parametricity and homotopy equivalences
35
SLIDE 64
Not a single proof assistant for all but proof assistants for everyone 36
- 1. By modifying the kernel of Coq
- 2. By a direct encoding (“high level syntactic sugar”)
- 3. By a compilation phase into the initial system
There are (at least) three ways to extend Coq:
36
SLIDE 65
Not a single proof assistant for all but proof assistants for everyone 37
From complex model to simple model
Build complex models from simpler ones.
- Presheaves
- Grothendieck Sheaves
- Coalgebras
- Quotients
source model target model
SLIDE 66
Not a single proof assistant for all but proof assistants for everyone 37
From complex model to simple model
source model target model
Example: Presheaves F : Presheaves F : A Set
SLIDE 67
Not a single proof assistant for all but proof assistants for everyone 38
From high-level languages to low-level languages
Compile high level languages into low level languages
- C binary code
- Prolog abstract machine code
- Scala Java bytecode
- Defunctionalization
source language target language
JpK p
SLIDE 68
Not a single proof assistant for all but proof assistants for everyone 38
From high-level languages to low-level languages
source language target language
JpK p
Example:
SLIDE 69
Not a single proof assistant for all but proof assistants for everyone 39
From complex logics to simple logics
Through the Curry-Howard correspondence: Logical translation = program compilation
SLIDE 70
Not a single proof assistant for all but proof assistants for everyone 40
The connection between extension of models and compilation of languages is more than an analogy
Claim
SLIDE 71
Not a single proof assistant for all but proof assistants for everyone 40
The connection between extension of models and compilation of languages is more than an analogy The target system is the type theory of Coq, seen as an assembly language of logic
Claim
SLIDE 72
Not a single proof assistant for all but proof assistants for everyone 41
Motto
“ Not a single proof assistant for all, but proof assistants for everyone. ”
SLIDE 73
Not a single proof assistant for all but proof assistants for everyone
Methodology.
Distinct compilation phases
Compile complex type theories into simpler
- nes.
inherit consistency
- f Coq
split the complexity
- f type checking
42
Full Coq w/o Exceptions w/o General Fixpoints Compiled Coq w/o Effects Kernel of Coq
ESOP’18 LICS’16 LICS’17 ICFP’19
SLIDE 74
Not a single proof assistant for all but proof assistants for everyone 43
Methodology.
Extend Coq using plugins
+ =
with new principles, without axioms
SLIDE 75
Not a single proof assistant for all but proof assistants for everyone 44
Several Compilation Phases
dependent types + forcing
LICS’12 LICS’16
dependent types + monadic translation
LICS’17
dependent types + exceptional translation
ESOP’18 ICFP’19
SLIDE 76
Not a single proof assistant for all but proof assistants for everyone 45
Users Need More
On the logical side: Excluded Middle UIP Univalence / FunExt Definitional Pf Irr On the PL side: Exceptions Memory Non-determinism Non-termination
SLIDE 77
Not a single proof assistant for all but proof assistants for everyone 46
Users Need More
Excluded Middle SPROP + Gödel translation UIP SPROP + equality elimination Univalence / FunExt Forcing on cubes Definitional Proof Irrelevance SPROP
SLIDE 78
Not a single proof assistant for all but proof assistants for everyone 47
Users Need More
Exceptions Exceptional Translation Memory WE DON’T KNOW YET Non-determinism Monadic Translation Non-termination Monadic Translation
SLIDE 79
Not a single proof assistant for all but proof assistants for everyone
Certified MetaProgramming with MetaCoq
48
SLIDE 80
Not a single proof assistant for all but proof assistants for everyone 49
MetaCoq is a Coq plugin that allows to describe the syntax and type system of Coq in Coq
quoting unquoting
MetaCoq
ITP’18
SLIDE 81
Not a single proof assistant for all but proof assistants for everyone 50
Certification of compilation phases in Coq
quoting compilation + unquoting
SLIDE 82
Not a single proof assistant for all but proof assistants for everyone 51
A Certified Proof Assistant
Certification of Coq in Coq
SLIDE 83
Not a single proof assistant for all but proof assistants for everyone 51
A Certified Proof Assistant
The goal is not to prove the consistency of Coq, but to certify its implementation !
Certification of Coq in Coq
SLIDE 84
Not a single proof assistant for all but proof assistants for everyone 52
Challenges
- 1. Define type preserving compilation phases
- 2. Understand the theory justified by compilation
- 3. Get something usable in practice
SLIDE 85
Not a single proof assistant for all but proof assistants for everyone 53
Challenges
- 1. Define type preserving compilation phases
Correct proofs correspond to well-typed programs => correct compilations must be type-preserving.
SLIDE 86
Not a single proof assistant for all but proof assistants for everyone 54
Challenges
- 2. Understand the theory justified by compilation
What are the new programming features ? What are the new logical features ? How do they compute ?
SLIDE 87
Not a single proof assistant for all but proof assistants for everyone 55
Challenges
- 3. Get something usable in practice
Efficiency is a critical feature for the scaling of proof assistants. Problem: a compilation phase may introduce an exponential blow up in the size of the term !
SLIDE 88
Not a single proof assistant for all but proof assistants for everyone 56
Idea: Implement directly the source theory in the Coq Proof Assistant.
SLIDE 89
Not a single proof assistant for all but proof assistants for everyone 56
Idea: Implement directly the source theory in the Coq Proof Assistant. But HOW ?
SLIDE 90
Not a single proof assistant for all but proof assistants for everyone 57
Rewrite Rules to the Rescue
SLIDE 91
Not a single proof assistant for all but proof assistants for everyone 57
Rewrite Rules to the Rescue
Coq Decidable typechecking Anti-modular and anti-experimentation
SLIDE 92
Not a single proof assistant for all but proof assistants for everyone 57
Rewrite Rules to the Rescue
Coq Decidable typechecking Anti-modular and anti-experimentation Coq + equality reflection Freedom to reflect arbitrary equalities Typechecking requires user input
SLIDE 93
Not a single proof assistant for all but proof assistants for everyone 57
Rewrite Rules to the Rescue
Coq Decidable typechecking Anti-modular and anti-experimentation Coq + equality reflection Freedom to reflect arbitrary equalities Typechecking requires user input Coq + confluent rewrite rules Reflect any confluent rewrite system Typechecking works in practice
SLIDE 94
Not a single proof assistant for all but proof assistants for everyone 58
Coming Back to Exceptions
SLIDE 95
Not a single proof assistant for all but proof assistants for everyone 58
Coming Back to Exceptions
SLIDE 96
Not a single proof assistant for all but proof assistants for everyone 59
Rewrite Rules can break Subject Reduction
SLIDE 97
Not a single proof assistant for all but proof assistants for everyone 60
Rewrite Rules can break SR
SLIDE 98
Not a single proof assistant for all but proof assistants for everyone 61
Tame Your Rewrite Rules in Two Steps
Disallow rewriting of type constructors Check confluence of rewrite rules In Agda : --rewriting --confluence-check Now available in Agda, soon also in Coq!
SLIDE 99
Not a single proof assistant for all but proof assistants for everyone 62
Prevent Misbehaved Examples
SLIDE 100
Not a single proof assistant for all but proof assistants for everyone 63
In a nutshell
Extending proof assistants using compilation phases Certified with MetaCoq Implemented using rewrite rules
Full Coq w/o Exceptions w/o General Fixpoints Compiled Coq w/o Effects Kernel of Coq