Higher Order Proof Engineering: Proof Collaboration, Transformation, Checking and Retrieval

International audienceHigher Order Logic has been used in formal mathematics, software verification and hardware verification over the past decades. Recent developments of interactive theorem made sharing proofs between some theorem provers possible. This paper first gives an introduction and an overview of related recent advances, followed by the proof checking benchmarks of a proof sharing repository, namely OpenTheory (after proof transformation by the upgraded Holide). Finally, we introduce ProofCloud, the first proof retrieval engine for higher order proofs

Dedukti: a Logical Framework based on the λ\lambdaΠ\Pi-Calculus Modulo Theory

Dedukti is a Logical Framework based on the $\lambda$$\Pi$-Calculus Modulo Theory. We show that many theories can be expressed in Dedukti: constructive and classical predicate logic, Simple type theory, programming languages, Pure type systems, the Calculus of inductive constructions with universes, etc. and that permits to used it to check large libraries of proofs developed in other proof systems: Zenon, iProver, FoCaLiZe, HOL Light, and Matita

Encoding of Predicate Subtyping with Proof Irrelevance in the ??-Calculus Modulo Theory

The ??-calculus modulo theory is a logical framework in which various logics and type systems can be encoded, thus helping the cross-verification and interoperability of proof systems based on those logics and type systems. In this paper, we show how to encode predicate subtyping and proof irrelevance, two important features of the PVS proof assistant. We prove that this encoding is correct and that encoded proofs can be mechanically checked by Dedukti, a type checker for the ??-calculus modulo theory using rewriting

Sharing HOL4 and HOL Light proof knowledge

New proof assistant developments often involve concepts similar to already formalized ones. When proving their properties, a human can often take inspiration from the existing formalized proofs available in other provers or libraries. In this paper we propose and evaluate a number of methods, which strengthen proof automation by learning from proof libraries of different provers. Certain conjectures can be proved directly from the dependencies induced by similar proofs in the other library. Even if exact correspondences are not found, learning-reasoning systems can make use of the association between proved theorems and their characteristics to predict the relevant premises. Such external help can be further combined with internal advice. We evaluate the proposed knowledge-sharing methods by reproving the HOL Light and HOL4 standard libraries. The learning-reasoning system HOL(y)Hammer, whose single best strategy could automatically find proofs for 30% of the HOL Light problems, can prove 40% with the knowledge from HOL4

Type Theory Unchained: Extending Agda with User-Defined Rewrite Rules

Dependently typed languages such as Coq and Agda can statically guarantee the correctness of our proofs and programs. To provide this guarantee, they restrict users to certain schemes - such as strictly positive datatypes, complete case analysis, and well-founded induction - that are known to be safe. However, these restrictions can be too strict, making programs and proofs harder to write than necessary. On a higher level, they also prevent us from imagining the different ways the language could be extended. In this paper I show how to extend a dependently typed language with user-defined higher-order non-linear rewrite rules. Rewrite rules are a form of equality reflection that is applied automatically by the typechecker. I have implemented rewrite rules as an extension to Agda, and I give six examples how to use them both to make proofs easier and to experiment with extensions of type theory. I also show how to make rewrite rules interact well with other features of Agda such as ?-equality, implicit arguments, data and record types, irrelevance, and universe level polymorphism. Thus rewrite rules break the chains on computation and put its power back into the hands of its rightful owner: yours

A Rewrite System for Proof Constructivization

International audienceProof constructivization is the problem of automatically extracting constructive proofs out of classical proofs. This process is required when classical theorem provers are integrated in intuitionistic proof assistants. We use the ability of rewrite systems to represent partial functions to implement heuristics for proof constructivization in Dedukti, a logical framework based on rewriting in which proofs are first-class objects which can be the subject of computation. We benchmark these heuristics on the proofs output by the automated theorem prover Zenon on the TPTP library of problems

Un cadre de définition de logiques calculatoires d’ordre supérieur

The main aim of this thesis is to make formal proofs more universal by expressing them in a common logical framework. More specifically, we use the lambda-Pi-calculus modulo rewriting, a lambda calculus equipped with dependent types and term rewriting, as a language for defining logics and expressing proofs in those logics. By representing propositions as types and proofs as programs in this language, we design translations of various systems in a way that is efficient and that preserves their meaning. These translations can then be used for independent proof checking and proof interoperability. In this work, we focus on the translation of logics based on type theory that allow both computation and higher-order quantification as steps of reasoning.Pure type systems are a well-known example of such computational higher-order systems, and form the basis of many modern proof assistants. We design a translation of functional pure type systems to the lambda-Pi-calculus modulo rewriting based on previous work by Cousineau and Dowek. The translation preserves typing, and in particular it therefore also preserves computation. We show that the translation is adequate by proving that it is conservative with respect to the original systems.We also adapt the translation to support universe cumulativity, a feature that is present in modern systems such as intuitionistic type theory and the calculus of inductive constructions. We propose to use explicit coercions to handle the implicit subtyping that is present in cumulativity, bridging the gap between pure type systems and type theory with universes à la Tarski. We also show how to preserve the expressivity of the original systems by adding equations to guarantee that types have a unique term representation, thus maintaining the completeness of the translation.The results of this thesis have been applied in automated proof translation tools. We implemented programs that automatically translate the proofs of HOL, Coq, and Matita, to Dedukti, a type-checker for the lambda-Pi-calculus modulo rewriting. These proofs can then be re-checked and combined together to form new theories in Dedukti, which thus serves as an independent proof checker and a platform for proof interoperability. We tested our tools on a variety of libraries. Experimental results confirm that our translations are correct and that they are efficient compared to the state of the art.L'objectif de cette thèse est de rendre les preuves formelles plus universelles en les exprimant dans un cadre logique commun. Plus précisément nous utilisons le lambda-Pi-calcul modulo réécriture, un lambda calcul équipé de types dépendants et de réécriture, comme langage pour définir des logiques et exprimer des preuves dans ces logiques. En représentant les propositions comme des types et les preuves comme des programmes dans ce langage, nous concevons des traductions de différents systèmes qui sont efficaces et qui préservent leur sens. Ces traductions peuvent ensuite être utilisées pour la vérification indépendante de preuves et l'interopérabilité de preuves. Dans ce travail, nous nous intéressons à la traduction de logiques basées sur la théorie des types qui permettent à la fois le calcul et la quantification d'ordre supérieur comme étapes de raisonnement.Les systèmes de types purs sont un exemple notoire de tels systèmes calculatoires d'ordre supérieur, et forment la base de plusieurs assistants de preuve modernes. Nous concevons une traduction des systèmes de types purs en lambda-Pi calcul modulo réécriture basée sur les travaux de Cousineau et Dowek. La traduction préserve le typage et en particulier préserve donc aussi l'évaluation et le calcul. Nous montrons que la traduction est adéquate en prouvant qu'elle est conservative par rapport au système original.Nous adaptons également la traduction pour inclure la cumulativité d'univers, qui est une caractéristique présente dans les systèmes modernes comme la théorie des types intuitionniste et le calcul des constructions inductives. Nous proposons d'utiliser des coercitions explicites pour traiter le sous-typage implicite présent dans la cumulativité, réconciliant ainsi les systèmes de types purs et la théorie des types avec univers à la Tarski. Nous montrons comment préserver l'expressivité des systèmes d'origine en ajoutant des équations pour garantir que les types ont une représentation unique en tant que termes, conservant ainsi la complétude de la traduction.Les résultats de cette thèse ont été appliqués dans des outils de traduction automatique de preuve. Nous avons implémenté des programmes qui traduisent automatiquement les preuves de HOL, Coq, et Matita, en Dedukti, un vérificateur de types pour le lambda-Pi-calcul modulo réécriture. Ces preuves peuvent ensuite être revérifiées et combinées ensemble pour former de nouvelles théories dans Dedukti, qui joue ainsi le rôle de vérificateur de preuves indépendant et de plateforme pour l'interopérabilité de preuves. Nous avons testé ces outils sur plusieurs bibliothèques. Les résultats expérimentaux confirment que nos traductions sont correctes et qu'elles sont efficaces comparées à l'état des outils actuels

A Distributed and Trusted Web of Formal Proofs

International audienceMost computer checked proofs are tied to the particular technology of a prover's software. While sharing results between proof assistants is a recognized and desirable goal, the current organization of theorem proving tools makes such sharing an exception instead of the rule. In this talk, I argue that we need to turn the current architecture of proof assistants and formal proofs inside-out. That is, instead of having a few mature theorem provers include within them their formally checked theorems and proofs, I propose that proof assistants should sit on the edge of a web of formal proofs and that proof assistant should be exporting their proofs so that they can exist independently of any theorem prover. While it is necessary to maintain the dependencies between definitions, theories, and theorems, no explicit library structure should be imposed on this web of formal proofs. Thus a theorem and its proofs should not necessarily be located at a particular URL or within a particular prover's library. While the world of symbolic logic and proof theory certainly allows for proofs to be seen as global and permanent objects, there is a lot of research and engineering work that is needed to make this possible. I describe some of the required research and development that must be done to achieve this goal

αCheck: a mechanized metatheory model-checker

The problem of mechanically formalizing and proving metatheoretic properties of programming language calculi, type systems, operational semantics, and related formal systems has received considerable attention recently. However, the dual problem of searching for errors in such formalizations has attracted comparatively little attention. In this article, we present $\alpha$Check, a bounded model-checker for metatheoretic properties of formal systems specified using nominal logic. In contrast to the current state of the art for metatheory verification, our approach is fully automatic, does not require expertise in theorem proving on the part of the user, and produces counterexamples in the case that a flaw is detected. We present two implementations of this technique, one based on negation-as-failure and one based on negation elimination, along with experimental results showing that these techniques are fast enough to be used interactively to debug systems as they are developed.Comment: Under consideration for publication in Theory and Practice of Logic Programming (TPLP