Sharing a Library between Proof Assistants: Reaching out the HOL - PowerPoint PPT Presentation

Sharing a Library between Proof Assistants: Reaching out the HOL Family Franc ¸ois Thir´ e July 7, 2018 LSV, CNRS, Inria, ENS Paris-Saclay 1

Introduction

Beluga PVS Automath Coq Agda RedPRL Isabelle/HOL Twelf Abella Matita Dedukti 2

Beluga PVS Automath Coq Agda RedPRL Isabelle/HOL Twelf Abella Matita Dedukti 2

Beluga PVS Automath Coq Agda RedPRL Isabelle/HOL Twelf Abella Matita Dedukti 2

Dedukti 2

OpenTheory Matita Dedukti 2

HOL-Light HOL4 OpenTheory Isabelle/HOL HOL Zero 2

OpenTheory Matita D[Matita] D[OT] Dedukti 2

OpenTheory Matita D[STT ∀ βδ ] D[ CiC ω ] Dedukti 2

OpenTheory Matita D[STT ∀ βδ ] D[ CiC ω ] Dedukti Coq 2

OpenTheory Matita PVS D[ STT ∀ βδ ] D[ CiC ω ] ? Dedukti Coq Lean 2

STT ∀ βδ

A real implementation of STT ∀ βδ ? STT ∀ βδ D[STT ∀ βδ ] Dedukti 3

A real implementation of STT ∀ βδ ? STT ∀ βδ D[STT ∀ βδ ] Dedukti 3

A real implementation of STT ∀ βδ ? STT ∀ βδ D[STT ∀ βδ ] Dedukti In this talk, Dedukti is abstract! The encoding is shallow 3

STT Types A , B : ≡ ι | o | A → B x | λ x A . t | t u | ∀ x A . t | t ⇒ u : ≡ Terms t , u 4

STT : ≡ ι | o | A → B Types A , B x | λ x A . t | t u | ∀ x A . t | t ⇒ u : ≡ Terms t , u C ⊢ t : o C ⊢ t C ⊢ t ⇒ u C , t ⊢ u ⇒ E C ⊢ t ⇒ u ⇒ I C , t ⊢ t assume C ⊢ u C ⊢ ∀ x A . t C , x : A ⊢ t C ⊢ u : A x �∈ C ∀ E ∀ I C ⊢ ∀ x A . t C ⊢ t [ x := u ] Fig. 1: Proof system 4

STT βδ : ≡ ι | o | A → B Types A , B x | λ x A . t | t u | ∀ x A . t | t ⇒ u Terms t , u : ≡ t ≡ βδ t ′ C ⊢ t : o C ⊢ t C , t ⊢ t assume conv C ⊢ t ′ C ⊢ t C ⊢ t ⇒ u C , t ⊢ u ⇒ E C ⊢ t ⇒ u ⇒ I C ⊢ u C ⊢ ∀ x A . t C , x : A ⊢ t x �∈ C C ⊢ u : A ∀ I ∀ E C ⊢ ∀ x A . t C ⊢ t [ x := u ] Fig. 1: Proof system 4

STT ∀ βδ is an extension of STT STT ∀ βδ = STT βδ + prenex polymorphism 5

STT ∀ βδ is an extension of STT : ≡ o | A → B | X | p A 1 . . . A n monotypes A , B polytypes T : ≡ ∀ K X . T | A • nat • ∀ K X . list X • list nat • ∀ K X . X → X → o 5

STT ∀ βδ is an extension of STT : ≡ o | A → B | X | p A 1 . . . A n monotypes A , B : ≡ ∀ K X . T | A polytypes T t,u : ≡ ... | c A 1 . . . A n | Λ X . t monoterms A polyterms τ : ≡ X . τ | t • 0 : nat • Λ X . λ x X . λ y X . ∀ P X → o . P x ⇒ P y : ∀ K X . X → X → o (eq) A X . ∀ a X . eq X a a • 5

STT ∀ βδ is an extension of STT : ≡ o | A → B | X | p A 1 . . . A n monotypes A , B polytypes T : ≡ ∀ K X . T | A : ≡ ... | c A 1 . . . A n | Λ X . t monoterms t,u A : ≡ X . τ | t polyterms τ . . . A C ⊢ C ⊢ A wf C , X ⊢ τ X . τ A A E I A C ⊢ τ [ X := A ] C ⊢ X . τ Fig. 2: Rules for STT ∀ βδ 5

A reflexivity proof A I A X . ∀ a X . eq X a a eq ; ∅ ; ∅ ⊢ 6

A reflexivity proof ∀ I eq ; X ; ∅ ⊢ ∀ a X . eq X a a A I A X . ∀ a X . eq X a a eq ; ∅ ; ∅ ⊢ 6

A reflexivity proof conv eq ; X , a : X ; ∅ ⊢ eq X a a ∀ I eq ; X ; ∅ ⊢ ∀ a X . eq X a a A I A X . ∀ a X . eq X a a eq ; ∅ ; ∅ ⊢ 6

A reflexivity proof ⇒ I eq ; X , a : X ; ∅ ⊢ P a ⇒ P a conv eq ; X , a : X ; ∅ ⊢ eq X a a ∀ I eq ; X ; ∅ ⊢ ∀ a X . eq X a a A I A X . ∀ a X . eq X a a eq ; ∅ ; ∅ ⊢ 6

A reflexivity proof assume eq ; X , a : X ; P a ⊢ P a ⇒ I eq ; X , a : X ; ∅ ⊢ P a ⇒ P a conv eq ; X , a : X ; ∅ ⊢ eq X a a ∀ I eq ; X ; ∅ ⊢ ∀ a X . eq X a a A I A X . ∀ a X . eq X a a eq ; ∅ ; ∅ ⊢ 6

STT ∀ βδ as a PTS Γ ⊢ A : s 1 Γ , x : A ⊢ B : s 2 ( s 1 , s 2 , s 3 ) ∈ R Γ ⊢ ( x : A ) → B : s 3 7

STT ∀ βδ as a PTS S , A = Prop : Type : Kind ( Type , Kind , Kind ) ∀ K ( Type , Prop , Prop ) ∀ ( Prop , Prop , Prop ) ⇒ ( Type , Type , Type ) → A ( Kind , Prop , Prop ) Type ≺ Kind (subtyping) 7

OpenTheory

OpenTheory D[STT ∀ βδ ] Dedukti Coq 8

OpenTheory vs STT ∀ βδ Terms and types are almost the same! Three main differences: In STT ∀ βδ : In OpenTheory: • β and δ extensional • β and δ intensional • ∀ and ⇒ connectives • = connective • ∀ K is explicit • ∀ K is implicit 9

OpenTheory vs STT ∀ βδ In STT ∀ βδ : In OpenTheory: hard • β and δ extensional β and δ intensional • easy • ∀ and ⇒ connectives • = connective • ∀ K is explicit • ∀ K is implicit easy 9

Why is it hard? t ≡ βδ t ′ C ⊢ t conv C ⊢ t ′ • ≡ βδ is the one of Dedukti • How to annotate proofs? Reduce the term step by step. • β of STT ∀ βδ vs administrative β • Don’t compute the normal form everytime! 10

Coq

OpenTheory D[STT ∀ βδ ] Dedukti Coq 11

Trivial: STT ∀ βδ is a subsystem of Coq ! 12

DEMO 13

Arithmetic library Dedukti[STT] OpenTheory Coq Matita Lean PVS size (mb) 1.5 41 0.6 0.6 0.6 9 translation time (s) - 18 3 3 3 3 checking time (s) 0.1 13 6 2 1 ∼ 300 14

Arithmetic library Dedukti[STT] OpenTheory Coq Matita Lean PVS size (mb) 1.5 41 0.6 0.6 0.6 9 translation time (s) - 18 3 3 3 3 checking time (s) 0.1 13 6 2 1 ∼ 300 • Theorems: 340 (Commutativity of addition, Fermat’s little theorem) • Parameters: 46 (nat, bool, ...) • Axiom: 71 (equalities generated from recursive definitions,...) • Definitions: 34 (le,primes,...) 14

Concept Alignement

Fermat’s little theorem Theorem congruent_exp_pred_SO : forall p a : Nat, prime p -> Not (divides p a) -> congruent (exp a (pred p)) (S O) p. 15

Fermat’s little theorem Theorem congruent_exp_pred_SO : forall p a : Nat, prime p -> Not (divides p a) -> congruent (exp a (pred p)) (S O) p. 15

Fermat’s little theorem Theorem congruent_exp_pred_SO : forall p a : Nat, prime p -> Not (divides p a) -> congruent (exp a (pred p)) (S O) p. Parameter exp : Nat -> Nat -> Nat. Axiom axiom_exp_O : forall n : Nat, equal Nat (exp n O) (S O). Axiom axiom_exp_S : forall n m : Nat, equal Nat (exp n (S m)) (times (exp n m) n). 15

Conclusion

Conclusion OpenTheory Matita PVS D[ CiC ω ] D[ STT ∀ βδ ] ? Dedukti Coq Lean • A relatively weak logic: STT ∀ βδ • An automatic translation of a library to 5 other proof systems 16

Future work • Sharing the aritmetic library to other systems (Agda, Idris,...) • Developing an encylopedia of proofs: Logipedia • A standardization of an arithmetic library? 17

Future work • Sharing the aritmetic library to other systems (Agda, Idris,...) • Developing an encylopedia of proofs: Logipedia • A standardization of an arithmetic library? Contributions are welcome! https://github.com/Deducteam/Logipedia 17