Proof Checking and Logic Programming

International audienceIn a world where trusting software systems is increasingly important, formal methods and formal proof can help provide trustable foundations. Proof checking can help to reduce the size of the trusted base since we do not need to trust an entire theorem prover if we can check the proofs they produce by a trusted (and smaller) checker. Many approaches to building proof checkers require embedding within them a full programming language. In most many modern proof checkers and theorem provers, that programming language is a functional programming language, often a variant of ML. In fact, parts of ML (e.g., strong typing , abstract datatypes, and higher-order programming) were designed to make ML into a trustworthy " metalanguage " for checking proofs. While there is considerable overlap in the foundations of logic programming and proof checking (both benefit from unification, backtracking search, efficient term structures, etc), the discipline of logic programming has, in fact, played a minor role in the history of proof checking. I will argue that logic programming can have a major role in the future of this important topic

Two Applications of Logic Programming to Coq

The logic programming paradigm provides a flexible setting for representing, manipulating, checking, and elaborating proof structures. This is particularly true when the logic programming language allows for bindings in terms and proofs. In this paper, we make use of two recent innovations at the intersection of logic programming and proof checking. One of these is the foundational proof certificate (FPC) framework which provides a flexible means of defining the semantics of a range of proof structures for classical and intuitionistic logic. A second innovation is the recently released Coq-Elpi plugin for Coq in which the Elpi implementation of ?Prolog can send and retrieve information to and from the Coq kernel. We illustrate the use of both this Coq plugin and FPCs with two example applications. First, we implement an FPC-driven sequent calculus for a fragment of the Calculus of Inductive Constructions and we package it into a tactic to perform property-based testing of inductive types corresponding to Horn clauses. Second, we implement in Elpi a proof checker for first-order intuitionistic logic and demonstrate how proof certificates can be supplied by external (to Coq) provers and then elaborated into the fully detailed proof terms that can be checked by the Coq kernel

Proof Outlines as Proof Certificates: A System Description

We apply the foundational proof certificate (FPC) framework to the problem of designing high-level outlines of proofs. The FPC framework provides a means to formally define and check a wide range of proof evidence. A focused proof system is central to this framework and such a proof system provides an interesting approach to proof reconstruction during the process of proof checking (relying on an underlying logic programming implementation). Here, we illustrate how the FPC framework can be used to design proof outlines and then to exploit proof checkers as a means for expanding outlines into fully detailed proofs. In order to validate this approach to proof outlines, we have built the ACheck system that allows us to take a sequence of theorems and apply the proof outline "do the obvious induction and close the proof using previously proved lemmas".Comment: In Proceedings WoF'15, arXiv:1511.0252

Proof search issues in some non-classical logics

This thesis develops techniques and ideas on proof search. Proof search is used with one of two meanings. Proof search can be thought of either as the search for a yes/no answer to a query (theorem proving), or as the search for all proofs of a formula (proof enumeration). This thesis is an investigation into issues in proof search in both these senses for some non-classical logics. Gentzen systems are well suited for use in proof search in both senses. The rules of Gentzen sequent calculi are such that implementations can be directed by the top level syntax of sequents, unlike other logical calculi such as natural deduction. All the calculi for proof search in this thesis are Gentzen sequent calculi. In Chapter 2, permutation of inference rules for Intuitionistic Linear Logic is studied. A focusing calculus, ILLF, in the style of Andreoli ([And92]) is developed.This calculus allows only one proof in each equivalence class of proofs equivalent up to permutations of inferences. The issue here is both theorem proving and proof enumeration. For certain logics, normal natural deductions provide a proof-theoretic semantics. Proof enumeration is then the enumeration of all these deductions. Herbelin’s cutfree LJT ([Her95], here called MJ) is a Gentzen system for intuitionistic logic allowing derivations that correspond in a 1–1 way to the normal natural deductions of intuitionistic logic. This calculus is therefore well suited to proof enumeration. Such calculi are called ‘permutation-free’ calculi. In Chapter 3, MJ is extended to a calculus for an intuitionistic modal logic (due to Curry) called Lax Logic. We call this calculus PFLAX. The proof theory of MJ is extended to PFLAX. Chapter 4 presents work on theorem proving for propositional logics using a history mechanism for loop-checking. This mechanism is a refinement of one developed by Heuerding et al ([HSZ96]). It is applied to two calculi for intuitionistic logic and also to two modal logics: Lax Logic and intuitionistic S4. The calculi for intuitionistic logic are compared both theoretically and experimentally with other decision procedures for the logic. Chapter 5 is a short investigation of embedding intuitionistic logic in Intuitionistic Linear Logic. A new embedding of intuitionistic logic in Intuitionistic Linear Logic is given. For the hereditary Harrop fragment of intuitionistic logic, this embedding induces the calculus MJ for intuitionistic logic. In Chapter 6 a ‘permutation-free’ calculus is given for Intuitionistic Linear Logic. Again, its proof-theoretic properties are investigated. The calculus is proved to besound and complete with respect to a proof-theoretic semantics and (weak) cutelimination is proved. Logic programming can be thought of as proof enumeration in constructive logics. All the proof enumeration calculi in this thesis have been developed with logic programming in mind. We discuss at the appropriate points the relationship between the calculi developed here and logic programming. Appendix A contains presentations of the logical calculi used and Appendix B contains the sets of benchmark formulae used in Chapter

Extending Coq with Imperative Features and its Application to SAT Verification

This work was supported in part by the french ANR DECERT initiativeInternational audienceCoq has within its logic a programming language that can be used to replace many deduction steps into a single computation, this is the so-called reflection. In this paper, we present two extensions of the evaluation mechanism that preserve its correctness and make it possible to deal with cpu-intensive tasks such as proof checking of SAT traces

Proof Search Issues in Some Non-Classical Logics

This thesis develops techniques and ideas on proof search. Proof search is used with one of two meanings. Proof search can be thought of either as the search for a yes/no answer to a query (theorem proving), or as the search for all proofs of a formula (proof enumeration). This thesis is an investigation into issues in proof search in both these senses for some non-classical logics. Gentzen systems are well suited for use in proof search in both senses. The rules of Gentzen sequent calculi are such that implementations can be directed by the top level syntax of sequents, unlike other logical calculi such as natural deduction. All the calculi for proof search in this thesis are Gentzen sequent calculi. In Chapter 2, permutation of inference rules for Intuitionistic Linear Logic is studied. A focusing calculus, ILLF, in the style of Andreoli (citeandreoli-92) is developed. This calculus allows only one proof in each equivalence class of proofs equivalent up to permutations of inferences. The issue here is both theorem proving and proof enumeration. For certain logics, normal natural deductions provide a proof-theoretic semantics. Proof enumeration is then the enumeration of all these deductions. Herbelin's cut-free LJT (citeherb-95, here called MJ) is a Gentzen system for intuitionistic logic allowing derivations that correspond in a 1--1 way to the normal natural deductions of intuitionistic logic. This calculus is therefore well suited to proof enumeration. Such calculi are called `permutation-free' calculi. In Chapter 3, MJ is extended to a calculus for an intuitionistic modal logic (due to Curry) called Lax Logic. We call this calculus PFLAX. The proof theory of MJ is extended to PFLAX. Chapter 4 presents work on theorem proving for propositional logics using a history mechanism for loop-checking. This mechanism is a refinement of one developed by Heuerding emphet al (citeheu-sey-zim-96). It is applied to two calculi for intuitionistic logic and also to two modal logics: Lax Logic and intuitionistic S4. The calculi for intuitionistic logic are compared both theoretically and experimentally with other decision procedures for the logic. Chapter 5 is a short investigation of embedding intuitionistic logic in Intuitionistic Linear Logic. A new embedding of intuitionistic logic in Intuitionistic Linear Logic is given. For the hereditary Harrop fragment of intuitionistic logic, this embedding induces the calculus MJ for intuitionistic logic. In Chapter 6 a `permutation-free' calculus is given for Intuitionistic Linear Logic. Again, its proof-theoretic properties are investigated. The calculus is proved to be sound and complete with respect to a proof-theoretic semantics and (weak) cut-elimination is proved. Logic programming can be thought of as proof enumeration in constructive logics. All the proof enumeration calculi in this thesis have been developed with logic programming in mind. We discuss at the appropriate points the relationship between the calculi developed here and logic programming. Appendix A contains presentations of the logical calculi used and Appendix B contains the sets of benchmark formulae used in Chapter 4

Experiments in abstract interpretation-based code certification for pervasive systems

Proof carrying code (PCC) is a general is originally a roof in ñrst-order logic of certain vermethodology for certifying that the execution of an un- ification onditions and the checking process involves trusted mobile code is safe. The baste idea is that the ensuring that the certifícate is indeed a valid ñrst-order code supplier attaches a certifícate to the mobile code proof. which the consumer checks in order to ensure that the The main practical difñculty of PCC techniques is in code is indeed safe. The potential benefit is that the generating safety certiñeates which at the same time: i) consumer's task is reduced from the level of proving to allow expressing interesting safety properties, ii) can be the level of checking. Recently, the abstract interpre- generated automatically and, iii) are easy and efficient tation techniques developed, in logic programming have to check. In [1], the abstract interpretation techniques been proposed as a basis for PCC. This extended ab- [5] developed in logic programming1 are proposed as stract reports on experiments which illustrate several is- a basis for PCC. They offer a number of advantages sues involved in abstract interpretation-based certifica- for dealing with the aforementioned issues. In particution. First, we describe the implementation of our sys- lar, the xpressiveness of existing abstract domains will tem in the context of CiaoPP: the preprocessor of the be implicitly available in abstract interpretation-based Ciao multi-paradigm programming system. Then, by code certification to deñne a wide range of safety propermeans of some experiments, we show how code certifi- ties. Furthermore, the approach inherits the automation catión is aided in the implementation of the framework. and inference power of the abstract interpretation en- Finally, we discuss the application of our method within gines used in (Constraint) Logic Programming, (C)LP. the área, of pervasive system