ProofPeer - A Cloud-based Interactive Theorem Proving System

ProofPeer strives to be a system for cloud-based interactive theorem proving. After illustrating why such a system is needed, the paper presents some of the design challenges that ProofPeer needs to meet to succeed. Contexts are presented as a solution to the problem of sharing proof state among the users of ProofPeer. Chronicles are introduced as a way to organize and version contexts

Interactive Theorem Proving with Indexed Formulas

Since more than two decades research in interactive theorem proving (ITP) has attracted growing interest. The primary application domains for ITPs range from hard- and software verification tools to mathematical tutor systems. To support communication with the user in an adequate way these systems depend on calculi that allow for the construction of human understandable and readable proofs. However, most calculi that are used in current ITPs fall still short of supporting the user in an optimal way. The reason is that they enforce the user to construct proofs at a level that is far more detailed than the one that can be found in human constructed proofs. Autexier [Aut03] has recently proposed a new theorem proving framework that allows to model different logics and calculi in an uniform way. In CORE, a proof-state is always represented as a single formula that can be manipulated by the application of replacement rules that are generated from the logical context of the subformula under transformation. This approach also facilitates proof construction at the assertion level which is considered as more closely matching the level at which humans construct proofs (see for instance [Hua94]). Together with COREs window inference technique this makes CORE a potentially well suited basis for interactive theorem proving. This thesis tries to excerpt COREs potential for interactive theorem proving by mapping important concepts of the established proof system ΩMEGA to CORE. A task structure is developed to present the context of a subformula in an intuitive way to the user and to assist him in structuring proofs. The development of a method interpreter makes it possible to specify abstract inference steps declaratively and to encode proof strategies for the use in CORE. The adaptation of ΩMEGAS agent-based suggestion mechanism ΩANTS to CORE helps the user with the identification of applicable methods and replacement rules.Interaktives Theorembeweisen hat in den letzten zwei Jahrzehnten zunehmend an Bedeutung gewonnen. Die Anwendungsbereiche von Systemen mit denen sich Beweise interaktiv führen lassen reichen von der Hard- und Software Verifikation bis zu mathematischen Tutor-Systemen. Die genannten Anwendungsgebiete machen es erforderlich das der Anwender bei der Beweisführung adequat untersützt wird. Um eine entsprechende Kommunikation mit dem Benutzer zu ermöglichen verwenden interaktive Beweissysteme Kalküle, in denen Beweise in einer für den Benutzer nachvollziehbaren Art und Weise, geführt werden können. Trotzdem kann man noch nicht davon sprechen, dass interaktive Beweiser den Benutzer optimal unterstützen. Der Hauptrgund hierfür ist, dass die eingesetzten Kalküle automatisch dazu führen, dass Beweise auf einer viel detailliertern Ebene geführt werden müssen, als man typischerweise in einem mathematischen Beweis finden würde. Autexier [Aut03]hat kürzlich eine neue logische Umgebung für die Beweissuche entwickelt, welche es ermöglicht verschiedene Logiken und Kalküle einheitlich zu modellieren. In CORE ist ein Beweiszustand immer als eine einzige Formel repräsentiert, welche durch das Anwenden von Ersetzungsregeln, die aus dem Kontext einer Teilformel abgeleitet werden, transformiert werden kann. Diese Herangehensweise erleichtert es auch, Beweise auf der sogenannten Assertion-Ebene (vgl. [Hua94]) zu führen, welche allgemein als eine natürlichere Ebene für die Beweisführung angesehen wird. Zusammen mit der Window-Inferenz Technik, die von CORE unterstützt, wird stellt CORE ein System dar das potentiell als eine verbesserte Grundlage für die interaktive Beweissuche angesehen werden kann. In dieser Arbeit geht es darum, das Potential von CORE im Hinblick auf die interaktive Beweiskonstruktion auszunutzen. Dieses geschieht zum einen dadurch, dass etablierte Konzepte im Bereich des interaktiven Beweisens, wie sie auch im Beweis-System ΩMEGA verwendet werden, auf das CORE-System abgebildet werden. Desweiteren wird eine Task-Srukture entwickelt, die es zum einen ermöglicht, den logischen Kontext einer Teilformel für den Benutzer verständlich aufzubereiten und darzustellen; zum anderen untersützt sie den Anwender auch darin, Beweise strukturiert zu führen. Der Entwurf eines Methoden-Interpreters ermöglicht es, abstrakte Beweisschritte zu kodieren und im System anzuwenden. Die Anpassung des Vorschlags-Mechanismus ΩANTS an CORE stellt eine weitere Unterstützung für den Benutzer bereit, indem sie automatisch Vorschläge über mögliche Fortsetzungen eines Beweises generiert

Integrating Testing and Interactive Theorem Proving

Using an interactive theorem prover to reason about programs involves a sequence of interactions where the user challenges the theorem prover with conjectures. Invariably, many of the conjectures posed are in fact false, and users often spend considerable effort examining the theorem prover's output before realizing this. We present a synergistic integration of testing with theorem proving, implemented in the ACL2 Sedan (ACL2s), for automatically generating concrete counterexamples. Our method uses the full power of the theorem prover and associated libraries to simplify conjectures; this simplification can transform conjectures for which finding counterexamples is hard into conjectures where finding counterexamples is trivial. In fact, our approach even leads to better theorem proving, e.g. if testing shows that a generalization step leads to a false conjecture, we force the theorem prover to backtrack, allowing it to pursue more fruitful options that may yield a proof. The focus of the paper is on the engineering of a synergistic integration of testing with interactive theorem proving; this includes extending ACL2 with new functionality that we expect to be of general interest. We also discuss our experience in using ACL2s to teach freshman students how to reason about their programs.Comment: In Proceedings ACL2 2011, arXiv:1110.447

Balancing lists: a proof pearl

Starting with an algorithm to turn lists into full trees which uses non-obvious invariants and partial functions, we progressively encode the invariants in the types of the data, removing most of the burden of a correctness proof. The invariants are encoded using non-uniform inductive types which parallel numerical representations in a style advertised by Okasaki, and a small amount of dependent types.Comment: To appear in proceedings of Interactive Theorem Proving (2014

SEPIA: Search for Proofs Using Inferred Automata

This paper describes SEPIA, a tool for automated proof generation in Coq. SEPIA combines model inference with interactive theorem proving. Existing proof corpora are modelled using state-based models inferred from tactic sequences. These can then be traversed automatically to identify proofs. The SEPIA system is described and its performance evaluated on three Coq datasets. Our results show that SEPIA provides a useful complement to existing automated tactics in Coq.Comment: To appear at 25th International Conference on Automated Deductio

Mathematics and language

This essay considers the special character of mathematical reasoning, and draws on observations from interactive theorem proving and the history of mathematics to clarify the nature of formal and informal mathematical language. It proposes that we view mathematics as a system of conventions and norms that is designed to help us make sense of the world and reason efficiently. Like any designed system, it can perform well or poorly, and the philosophy of mathematics has a role to play in helping us understand the general principles by which it serves its purposes well