Gradual computerisation and verification of mathematics : MathLang's path into Mizar

There are many proof checking tools that allow capturing mathematical knowledge into formal representation. Those proof systems allow further automatic verifica- tion of the logical correctness of the captured knowledge. However, the process of encoding common mathematical documents in a chosen proof system is still labour- intensive and requires comprehensive knowledge of such system. This makes the use of proof checking tools inaccessible for ordinary mathematicians. This thesis provides a solution for the computerisation of mathematical documents via a num- ber of gradual steps using the MathLang framework. We express the full process of formalisation into the Mizar proof checker. The first levels of such gradual computerisation path have been developing well before the course of this PhD started. The whole project, called MathLang, dates back to 2000 when F. Kamareddine and J.B. Wells started expressing their ideas of novel approach for computerising mathematical texts. They mainly aimed at developing a mathematical framework which is flexible enough to connect existing, in many cases different, approaches of computerisation mathematics, which allows various degrees of formalisation (e.g., partial, full formalisation of chosen parts, or full formalisation of the entire doc- ument), which is compatible with different mathematical foundations (e.g., type theory, set theory, category theory, etc.) and proof systems (e.g., Mizar, Isar, Coq, HOL, Vampire). The first two steps in the gradual formalisation were developed by F. Kamareddine, J.B. Wells and M. Maarek with a small contribution of R. Lamar to the second step. In this thesis we develop the third level of the gradual path, which aims at capturing the rhetorical structure of mathematical documents. We have also integrated further steps of the gradual formalisation, whose final goal is the Mizar system. We present in this thesis a full path of computerisation and formalisation of math- ematical documents into the Mizar proof checker using the MathLang framework. The development of this method was driven by the experience of computerising a number of mathematical documents (covering different authoring styles)

CoSMed: A Confidentiality-Verified Social Media Platform

This paper describes progress with our agenda of formal verification of information flow security for realistic systems. We present CoSMed, a social media platform with verified document confidentiality. The system’s kernel is implemented and verified in the proof assistant Isabelle/HOL. For verification, we employ the framework of Bounded-Deducibility (BD) Security, previously introduced for the conference system CoCon. CoSMed is a second major case study in this framework. For CoSMed, the static topology of declassification bounds and triggers that characterized previous instances of BD Security has to give way to a dynamic integration of the triggers as part of the bounds. We also show that, from a theoretical viewpoint, the removal of triggers from the notion of BD Security does not restrict its expressiveness

Extracting proofs from documents

Often, theorem checkers like PVS are used to check an existing proof, which is part of some document. Since there is a large difference between the notations used in the documents and the notations used in the theorem checkers, it is usually a laborious task to convert an existing proof into a format which can be checked by a machine. In the system that we propose, the author is assisted in the process of converting an existing proof into the PVS language and having it checked by PVS. 1 Introduction The now-classic ALGOL 60 report [5] recognized three different levels of language: a reference language, a publication language and several hardware representations, whereby the publication language was intended to admit variations on the reference language and was to be used for stating and communicating processes. The importance of publication language ---often referred to nowadays as "pseudo-code"--- is difficult to exaggerate since a publication language is the most effective way..

Automated Deduction – CADE 28

This open access book constitutes the proceeding of the 28th International Conference on Automated Deduction, CADE 28, held virtually in July 2021. The 29 full papers and 7 system descriptions presented together with 2 invited papers were carefully reviewed and selected from 76 submissions. CADE is the major forum for the presentation of research in all aspects of automated deduction, including foundations, applications, implementations, and practical experience. The papers are organized in the following topics: Logical foundations; theory and principles; implementation and application; ATP and AI; and system descriptions

A Tool for Producing Verified, Explainable Proofs

Mathematicians are reluctant to use interactive theorem provers. In this thesis I argue that this is because proof assistants don't emphasise explanations of proofs; and that in order to produce good explanations, the system must create proofs in a manner that mimics how humans would create proofs. My research goals are to determine what constitutes a human-like proof and to represent human-like reasoning within an interactive theorem prover to create formalised, understandable proofs. Another goal is to produce a framework to visualise the goal states of this system. To demonstrate this, I present HumanProof: a piece of software built for the Lean 3 theorem prover. It is used for interactively creating proofs that resemble how human mathematicians reason. The system provides a visual, hierarchical representation of the goal and a system for suggesting available inference rules. The system produces output in the form of both natural language and formal proof terms which are checked by Lean's kernel. This is made possible with the use of a structured goal state system which interfaces with Lean's tactic system which is detailed in Chapter 3. In Chapter 4, I present the subtasks automation planning subsystem, which is used to produce equality proofs in a human-like fashion. The basic strategy of the subtasks system is break a given equality problem in to a hierarchy of tasks and then maintain a stack of these tasks in order to determine the order in which to apply equational rewriting moves. This process produces equality chains for simple problems without having to resort to brute force or specialised procedures such as normalisation. This makes proofs more human-like by breaking the problem into a hierarchical set of tasks in the same way that a human would. To produce the interface for this software, I also created the ProofWidgets system for Lean 3. This system is detailed in Chapter 5. The ProofWidgets system uses Lean's metaprogramming framework to allow users to write their own interactive, web-based user interfaces to display within the VSCode editor and in an online web-editor. The entire tactic state is available to the rendering engine, and hence expression structure and types of subexpressions can be explored interactively. The ProofWidgets system also allows the user interface to interactively edit the proof document, enabling a truly interactive modality for creating proofs; human-like or not. In Chapter 6, the system is evaluated by asking real mathematicians about the output of the system, and what it means for a proof to be understandable to them. The user group study asks participants to rank and comment on proofs created by HumanProof alongside natural language and pure Lean proofs. The study finds that participants generally prefer the HumanProof format over the Lean format. The verbal responses collected during the study indicate that providing intuition and signposting are the most important properties of a proof that aid understanding.EPSR

Refinement of Classical Proofs for Program Extraction

The A-Translation enables us to unravel the computational information in classical proofs, by first transforming them into constructive ones, however at the cost of introducing redundancies in the extracted code. This is due to the fact that all negations inserted during translation are replaced by the computationally relevant form of the goal. In this thesis we are concerned with eliminating such redundancies, in order to obtain better extracted programs. For this, we propose two methods: a controlled and minimal insertion of negations, such that a refinement of the A-Translation can be used and an algorithmic decoration of the proofs, in order to mark the computationally irrelevant components. By restricting the logic to be minimal, the Double Negation Translation is no longer necessary. On this fragment of minimal logic we apply the refined A-Translation, as proposed in (Berget et al., 2002). This method identifies further selected classes of formulas for which the negations do not need to be substituted by computationally relevant formulas. However, the refinement imposes restrictions which considerably narrow the applicability domain of the A-Translation. We address this issue by proposing a controlled insertion of double negations, with the benefit that some intuitionistically valid \Pi^0_2-formulas become provable in minimal logic and that certain formulas are transformed to match the requirements of the refined A-Translation. We present the outcome of applying the refined A-translation to a series of examples. Their purpose is two folded. On one hand, they serve as case studies for the role played by negations, by shedding a light on the restrictions imposed by the translation method. On the other hand, the extracted programs are characterized by a specific behaviour: they adhere to the continuation passing style and the recursion is in general in tail form. The second improvement concerns the detection of the computationally irrelevant subformulas, such that no terms are extracted from them. In order to achieve this, we assign decorations to the implication and universal quantifier. The algorithm that we propose is shown to be optimal, correct and terminating and is applied on the examples of factorial and list reversal.Die A-Übersetzung ermöglicht es, die rechnerische Information aus klassischen Beweisen einzuholen. Dennoch hat sie den Nachteil, dass die Programme, die man aus auf diese Weise transformierten Beweisen extrahiert, viele redundante Teile enthalten. Das liegt daran, dass die A-Übersetzung viele doppelte Negationen hinzufügt und alle diese Negationen durch die rechnerisch relevante Form der Ziel-Formel substituiert werden. In dieser Doktorarbeit werden Methoden dargestellt, um Teile der redundante Information in den extrahierten Programen zu entfernen. Einerseits wird das Einfügen der Negationen minimal gehalten und anderseits werden die nicht rechnerischen Teile als solche indentifiziert und ausgezeichnet. Wir bemerken zuerst, dass in der Minimallogik das Einfügen der doppelten Negationen nicht mehr nötig ist. Darüber hinaus, um das Ersetzen aller Negationen zu vermeiden, identifizieren (Berger et al., 2002) diejenigen, wo die Substitution nicht nötig ist. Diese verfeinerte A-Übersetzung hat aber den Nachteil, dass sie den Anwendungsbereich begrenzt. Um das zu beseitigen, wird in dieser Dissertation eine verfeinerte Doppel-Negation angewandt, die bestimmte Formeln so umsetzt, dass die verfeinerte A-Übersetzung darauf anwendbar ist. Als Zugabe kann diese Methode auch benutzt werden, um konstruktive Beweise mancher \Pi^0_2-Formeln in der Minimallogik durchzuführen. Dieses Verfahren wird durch Anwendung der verfeinerten A-Übersetzung auf eine Reihe von bedeutenden Fallstudien illustriert. Es werden das Lemma von Dickson, das unendliche Schubfachprinzip und das Erdös-Szekeres Theorem betrachtet. Dabei wird es festgestellt, dass ein Zusammenhang zu der Endrekursion und dem Rechnen mit Fortsezungen besteht. Ferner, um möglichst viel der überflüssigen Information zu entfernen, wird ein Dekorationsalgorithmus vorgelegt. Dadurch werden die rechnerisch irrelevanten Komponenten identifiziert und entsprechend annotiert, so dass sie während der Extraktion nicht berücksichtigt werden. Es wird gezeigt, dass das vorgeschlagene Dekorationsverfahren, das auf Beweisebene eingesetzt wird, optimal, korrekt und terminierend ist

Automated Reasoning

This volume, LNAI 13385, constitutes the refereed proceedings of the 11th International Joint Conference on Automated Reasoning, IJCAR 2022, held in Haifa, Israel, in August 2022. The 32 full research papers and 9 short papers presented together with two invited talks were carefully reviewed and selected from 85 submissions. The papers focus on the following topics: Satisfiability, SMT Solving,Arithmetic; Calculi and Orderings; Knowledge Representation and Jutsification; Choices, Invariance, Substitutions and Formalization; Modal Logics; Proofs System and Proofs Search; Evolution, Termination and Decision Prolems. This is an open access book