The Lean 4 Theorem Prover and Programming Language

Lean 4 is a reimplementation of the Lean interactive theorem prover (ITP) in Lean itself. It addresses many shortcomings of the previous versions and contains many new features. Lean 4 is fully extensible: users can modify and extend the parser, elaborator, tactics, decision procedures, pretty printer, and code generator. The new system has a hygienic macro system custom-built for ITPs. It contains a new typeclass resolution procedure based on tabled resolution, addressing significant performance problems reported by the growing user base. Lean 4 is also an efficient functional programming language based on a novel programming paradigm called functional but in-place. Efficient code generation is crucial for Lean users because many write custom proof automation procedures in Lean itself

Formalized Class Group Computations and Integral Points on Mordell Elliptic Curves

Diophantine equations are a popular and active area of research in number theory. In this paper we consider Mordell equations, which are of the form $y^2=x^3+d$, where $d$ is a (given) nonzero integer number and all solutions in integers $x$ and $y$ have to be determined. One non-elementary approach for this problem is the resolution via descent and class groups. Along these lines we formalized in Lean 3 the resolution of Mordell equations for several instances of $d<0$. In order to achieve this, we needed to formalize several other theories from number theory that are interesting on their own as well, such as ideal norms, quadratic fields and rings, and explicit computations of the class number. Moreover we introduced new computational tactics in order to carry out efficiently computations in quadratic rings and beyond.Comment: 14 pages. Submitted to CPP '23. Source code available at https://github.com/lean-forward/class-group-and-mordell-equatio

Formalizing the Ring of Witt Vectors

The ring of Witt vectors $\mathbb{W} R$ over a base ring $R$ is an important tool in algebraic number theory and lies at the foundations of modern $p$-adic Hodge theory. $\mathbb{W} R$ has the interesting property that it constructs a ring of characteristic $0$ out of a ring of characteristic $p > 1$, and it can be used more specifically to construct from a finite field containing $\mathbb{Z}/p\mathbb{Z}$ the corresponding unramified field extension of the $p$-adic numbers $\mathbb{Q}_p$ (which is unique up to isomorphism). We formalize the notion of a Witt vector in the Lean proof assistant, along with the corresponding ring operations and other algebraic structure. We prove in Lean that, for prime $p$, the ring of Witt vectors over $\mathbb{Z}/p\mathbb{Z}$ is isomorphic to the ring of $p$-adic integers $\mathbb{Z}_p$. In the process we develop idioms to cleanly handle calculations of identities between operations on the ring of Witt vectors. These calculations are intractable with a naive approach, and require a proof technique that is usually skimmed over in the informal literature. Our proofs resemble the informal arguments while being fully rigorous

Trustworthy Formal Natural Language Specifications

Interactive proof assistants are computer programs carefully constructed to check a human-designed proof of a mathematical claim with high confidence in the implementation. However, this only validates truth of a formal claim, which may have been mistranslated from a claim made in natural language. This is especially problematic when using proof assistants to formally verify the correctness of software with respect to a natural language specification. The translation from informal to formal remains a challenging, time-consuming process that is difficult to audit for correctness. This paper shows that it is possible to build support for specifications written in expressive subsets of natural language, within existing proof assistants, consistent with the principles used to establish trust and auditability in proof assistants themselves. We implement a means to provide specifications in a modularly extensible formal subset of English, and have them automatically translated into formal claims, entirely within the Lean proof assistant. Our approach is extensible (placing no permanent restrictions on grammatical structure), modular (allowing information about new words to be distributed alongside libraries), and produces proof certificates explaining how each word was interpreted and how the sentence's structure was used to compute the meaning. We apply our prototype to the translation of various English descriptions of formal specifications from a popular textbook into Lean formalizations; all can be translated correctly with a modest lexicon with only minor modifications related to lexicon size.Comment: arXiv admin note: substantial text overlap with arXiv:2205.0781

An Improved Interface for Interactive Proofs in Separation Logic

Seit Software entwickelt wird, stellt sich die Frage, ob diese korrekt ist, d.h. ob sie das tut, was sie tun soll. Gegeben eine formale Spezifikation der Anforderungen, ist eine Aufgabe der Softwareverifikation also zu beweisen, ob eine Implementierung diese Spezifikation erfüllt. Diese Aufgabe kann schwierig zu lösen sein, wenn die verwendete Programmiersprache Befehle mit globalem Effekt erlaubt, sodass diese andere Befehle in unabhängigen Teilen des Programms beeinflussen können, zum Beispiel durch einen gemeinsam genutzten Heap-Speicher. Separation-Logic löst dieses Problem, indem es Aussagen um einen separierenden Operator erweitert, wodurch es möglich ist, Teile eines Programms als unabhängig vom Rest des Programms anzusehen. Ein Werkzeug, das Beweise zur Softwareverifikation unterstützt, sind interaktive Theorembeweiser. Allerdings benötigen Separation-Logic-Beweise in interaktiven Theorembeweisern, besonders mit nicht-linearem Typsystem, viel manuellen Aufwand zur Verwaltung der benötigten Datenstrukturen. Dies kann vermieden werden, indem dem Nutzer eine Schnittstelle zur Verfügung gestellt wird, die Beweise auf der typischen, höheren Abstraktionsebene ermöglicht. Diese Arbeit beschreibt eine neue Schnittstelle für Separation-Logic-Beweise in dem interaktiven Theorembeweiser Lean 4, basierend auf dem Iris-Projekt, und die Verbesserungen an dieser Schnittstelle

The design of mathematical language

As idealized descriptions of mathematical language, there is a sense in which formal systems specify too little, and there is a sense in which they specify too much. They are silent with respect to a number of features of mathematical language that are essential to the communicative and inferential goals of the subject, while many of these features are independent of a specific choice of foundation. This chapter begins to map out the design features of mathematical language without descending to the level of formal implementation, drawing on examples from the mathematical literature and insights from the design of computational proof assistants

The design of mathematical language

As idealized descriptions of mathematical language, there is a sense in which formal systems specify too little, and there is a sense in which they specify too much. On the one hand, formal languages fail to account for a number of features of informal mathematical language that are essential to the communicative and inferential goals of the subject. On the other hand, many of these features are independent of the choice of a formal foundation, so grounding their analysis on a particular choice of a formal system introduces unnecessary specificity. This chapter begins to map out the design features of mathematical language without descending to the level of formal implementation, drawing on examples from the mathematical literature and insights from the design of computational proof assistants and their libraries