262 research outputs found
A Web Interface for Matita
This article describes a prototype implementation of a web interface for the
Matita proof assistant. The interface supports all basic functionalities of the
local Gtk interface, but takes advantage of the markup to enrich the document
with several kinds of annotations or active elements. Annotations may have both
a presentational/hypertextual nature, aimed to improve the quality of the proof
script as a human readable document, or a more semantic nature, aimed to help
the system in its processing of the script. The latter kind comprises
information automatically generated by the proof assistant during previous
compilations, and stored to improve the performance of re-executing expensive
operations like disambiguation or automation
Proviola: A Tool for Proof Re-animation
To improve on existing models of interaction with a proof assistant (PA), in
particular for storage and replay of proofs, we in- troduce three related
concepts, those of: a proof movie, consisting of frames which record both user
input and the corresponding PA response; a camera, which films a user's
interactive session with a PA as a movie; and a proviola, which replays a movie
frame-by-frame to a third party. In this paper we describe the movie data
structure and we discuss a proto- type implementation of the camera and
proviola based on the ProofWeb system. ProofWeb uncouples the interaction with
a PA via a web- interface (the client) from the actual PA that resides on the
server. Our camera films a movie by "listening" to the ProofWeb communication.
The first reason for developing movies is to uncouple the reviewing of a formal
proof from the PA used to develop it: the movie concept enables users to
discuss small code fragments without the need to install the PA or to load a
whole library into it. Other advantages include the possibility to develop a
separate com- mentary track to discuss or explain the PA interaction. We assert
that a combined camera+proviola provides a generic layer between a client
(user) and a server (PA). Finally we claim that movies are the right type of
data to be stored in an encyclopedia of formalized mathematics, based on our
experience in filming the Coq standard library.Comment: Accepted for the 9th International Conference on Mathematical
Knowledge Management (MKM 2010), 15 page
Isabelle/PIDE as Platform for Educational Tools
The Isabelle/PIDE platform addresses the question whether proof assistants of
the LCF family are suitable as technological basis for educational tools. The
traditionally strong logical foundations of systems like HOL, Coq, or Isabelle
have so far been counter-balanced by somewhat inaccessible interaction via the
TTY (or minor variations like the well-known Proof General / Emacs interface).
Thus the fundamental question of math education tools with fully-formal
background theories has often been answered negatively due to accidental
weaknesses of existing proof engines.
The idea of "PIDE" (which means "Prover IDE") is to integrate existing
provers like Isabelle into a larger environment, that facilitates access by
end-users and other tools. We use Scala to expose the proof engine in ML to the
JVM world, where many user-interfaces, editor frameworks, and educational tools
already exist. This shall ultimately lead to combined mathematical assistants,
where the logical engine is in the background, without obstructing the view on
applications of formal methods, formalized mathematics, and math education in
particular.Comment: In Proceedings THedu'11, arXiv:1202.453
Proof in Context -- Web Editing with Rich, Modeless Contextual Feedback
The Agora system is a prototypical Wiki for formal mathematics: a web-based
system for collaborating on formal mathematics, intended to support informal
documentation of formal developments. This system requires a reusable proof
editor component, both for collaborative editing of documents, and for
embedding in the resulting documents. This paper describes the design of
Agora's asynchronous editor, that is generic enough to support different tools
working on editor content and providing contextual information, with
interactive theorem proverss being a special, but important, case described in
detail for the Coq theorem prover.Comment: In Proceedings UITP 2012, arXiv:1307.152
User-friendly Support for Common Concepts in a Lightweight Verifier
Machine verification of formal arguments can only increase our confidence in the correctness of those arguments, but the costs of employing machine verification still outweigh the benefits for some common kinds of formal reasoning activities. As a result, usability is becoming increasingly important in the design of formal verification tools. We describe the "aartifact" lightweight verification system, designed for processing formal arguments involving basic, ubiquitous mathematical concepts. The system is a prototype for investigating potential techniques for improving the usability of formal verification systems. It leverages techniques drawn both from existing work and from our own efforts. In addition to a parser for a familiar concrete syntax and a mechanism for automated syntax lookup, the system integrates (1) a basic logical inference algorithm, (2) a database of propositions governing common mathematical concepts, and (3) a data structure that computes congruence closures of expressions involving relations found in this database. Together, these components allow the system to better accommodate the expectations of users interested in verifying formal arguments involving algebraic and logical manipulations of numbers, sets, vectors, and related operators and predicates. We demonstrate the reasonable performance of this system on typical formal arguments and briefly discuss how the system's design contributed to its usability in two case studies
Stateless HOL
We present a version of the HOL Light system that supports undoing
definitions in such a way that this does not compromise the soundness of the
logic. In our system the code that keeps track of the constants that have been
defined thus far has been moved out of the kernel. This means that the kernel
now is purely functional.
The changes to the system are small. All existing HOL Light developments can
be run by the stateless system with only minor changes.
The basic principle behind the system is not to name constants by strings,
but by pairs consisting of a string and a definition. This means that the data
structures for the terms are all merged into one big graph. OCaml - the
implementation language of the system - can use pointer equality to establish
equality of data structures fast. This allows the system to run at acceptable
speeds. Our system runs at about 85% of the speed of the stateful version of
HOL Light.Comment: In Proceedings TYPES 2009, arXiv:1103.311
Matita Tutorial
This tutorial provides a pragmatic introduction to the main functionalities of the Matita interactive theorem prover, offering a guided tour through a set of not so trivial examples in the field of software specification and verification.\u
Practical Heterogeneous Unification for Dependent Type Checking
Dependent types can specify in detail which inputs to a program are allowed, and how the properties of its output depend on the inputs. A program called the type checker assesses whether a program has a given type, thus detecting situations where the implementation of a program potentially differs from its intended behaviour. When using dependent types, the inputs to a program often occur in the types of other inputs or in the type of the output. The user may omit some of these redundant inputs when calling the program, expecting the type-checker to infer those subterms automatically. Some type-checkers restrict the inference of missing subterms to those cases where there is a provably unique solution. This makes the process more predictable, but also limits the situations in which the omitted terms can be inferred; specially when considering that whether a unique solution exists is in general an undecidable problem. This restriction can be made less limiting by giving flexibility to the type-checker regarding the order in which the missing subterms are inferred. The type-checker can then use the information gained by filling in any one subterm in order to infer others, until the whole program has been type-checked. However, this flexibility may in some cases lead to ill-typed subterms being inferred, breaking internal invariants of the type-checker and causing it to crash or loop. The type checker could mitigate this by consistently rechecking the type of each inferred subterm, but this might incur a performance penalty.\ua0An approach by Gundry and McBride (2012) called twin types has the potential to afford the desired flexibility while preserving well-typedness invariants. However, this method had not yet been tested in a practical setting. In this thesis we streamline the method of twin types in order to ease its practical implementation, justify the correctness of our modifications, and then implement the result in an established dependently-typed language called Agda. We show that our implementation resolves certain existing bugs in Agda while still allowing a wide range of examples to be type-checked, and achieves this without heavily impacting performance
- …