. . . . . . . . . . . . . . Proof Assistants for Free* *Rates may apply Pierre-Marie Pédrot Max Planck Institute for Software Systems EUTypes 2018 24th January 2018 P.-M. Pédrot (MPI-SWS) Proof Assistants for Free 24/01/2018 . . . . . . . . . . . . . . . . . . . . . . . . . . 1 / 26
CIC, a very fancy intuitionistic logical system . CIC, a very powerful functional programming language . . . . . . . . . . . . CIC: « Constructions dans un monde qui bouge » . . CIC, the Calculus of Inductive Constructions. Not just higher-order logic, not just fjrst-order logic First class notion of computation and crazy inductive types Finest types to describe your programs No clear phase separation between runtime and compile time The Pinnacle of the Curry-Howard correspondence P.-M. Pédrot (MPI-SWS) Proof Assistants for Free 24/01/2018 . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 / 26
CIC, a very powerful functional programming language . . . . . . . . . . . . CIC: « Constructions dans un monde qui bouge » . . CIC, the Calculus of Inductive Constructions. Not just higher-order logic, not just fjrst-order logic First class notion of computation and crazy inductive types Finest types to describe your programs No clear phase separation between runtime and compile time The Pinnacle of the Curry-Howard correspondence P.-M. Pédrot (MPI-SWS) Proof Assistants for Free 24/01/2018 . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 / 26 CIC, a very fancy intuitionistic logical system .
. . . . . . . . . . . . . . CIC: « Constructions dans un monde qui bouge » CIC, the Calculus of Inductive Constructions. Not just higher-order logic, not just fjrst-order logic First class notion of computation and crazy inductive types Finest types to describe your programs No clear phase separation between runtime and compile time The Pinnacle of the Curry-Howard correspondence P.-M. Pédrot (MPI-SWS) Proof Assistants for Free 24/01/2018 . . . . . . . . . . . . . . . . . . . . . . . . . . 2 / 26 CIC, a very fancy intuitionistic logical system . CIC, a very powerful functional programming language .
. . . . . . . . . . . . . . CIC: « Constructions dans un monde qui bouge » CIC, the Calculus of Inductive Constructions. Not just higher-order logic, not just fjrst-order logic First class notion of computation and crazy inductive types Finest types to describe your programs No clear phase separation between runtime and compile time The Pinnacle of the Curry-Howard correspondence P.-M. Pédrot (MPI-SWS) Proof Assistants for Free 24/01/2018 . . . . . . . . . . . . . . . . . . . . . . . . . . 2 / 26 CIC, a very fancy intuitionistic logical system . CIC, a very powerful functional programming language .
. . . . . . . . . . . . . . . An Efgective Object One implementation to rule them all... Many big developments using it for computer-checked proofs. Mathematics: Four colour theorem, Feit-Thompson, Unimath... Computer Science: CompCert, VST, RustBelt... P.-M. Pédrot (MPI-SWS) Proof Assistants for Free 24/01/2018 . . . . . . . . . . . . . . . . . . . . . . . . . 3 / 26
. . . . . . . . . . . . . . . An Efgective Object One implementation to rule them all... Many big developments using it for computer-checked proofs. Mathematics: Four colour theorem, Feit-Thompson, Unimath... Computer Science: CompCert, VST, RustBelt... P.-M. Pédrot (MPI-SWS) Proof Assistants for Free 24/01/2018 . . . . . . . . . . . . . . . . . . . . . . . . . 3 / 26
. . . . . . . . . . . . . . . An Efgective Object One implementation to rule them all... Many big developments using it for computer-checked proofs. Mathematics: Four colour theorem, Feit-Thompson, Unimath... Computer Science: CompCert, VST, RustBelt... P.-M. Pédrot (MPI-SWS) Proof Assistants for Free 24/01/2018 . . . . . . . . . . . . . . . . . . . . . . . . . 3 / 26
. . . . . . . . . . . . The CIC Tribe . Actually not quite one single theory. Several fmags tweaking the kernel: Impredicative Set Type-in-type Indices Matter Cumulative inductive types ... The Many Calculi of Inductive Constructions. P.-M. Pédrot (MPI-SWS) Proof Assistants for Free 24/01/2018 . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 / 26
. . . . . . . . . . . . The CIC Tribe . Actually not quite one single theory. Several fmags tweaking the kernel: Impredicative Set Type-in-type Indices Matter Cumulative inductive types ... The Many Calculi of Inductive Constructions. P.-M. Pédrot (MPI-SWS) Proof Assistants for Free 24/01/2018 . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 / 26
≃ The Extensional pole: The univalent pole: . . . . . . In the Axiom Jungle fi fi fl fl fi fi The A crazy amount of axioms used in the wild! . pole: Excluded middle, UIP, choice Funext, Propext, Bisim-is-eq Univalence, what else? The o c pole: Anti-classical axioms (???) Varying degrees of compatibility. P.-M. Pédrot (MPI-SWS) Proof Assistants for Free 24/01/2018 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 / 26
≃ The Extensional pole: The univalent pole: . . . . . . . . . In the Axiom Jungle . Excluded middle, UIP, choice A crazy amount of axioms used in the wild! . Funext, Propext, Bisim-is-eq Univalence, what else? The o c pole: Anti-classical axioms (???) Varying degrees of compatibility. P.-M. Pédrot (MPI-SWS) Proof Assistants for Free 24/01/2018 . 5 / 26 . . . . . . . . . . . . . . . . . . . . . . . . . . . . The claĄical set-theory pole: Operator iota Operator epsilon Constructive Constructive de fi nite description inde fi nite description Constructive de fi nite descr. Constructive inde fi nite description in propositional context in propositional context Functional choice axiom Axiom of unique choice Relational choice axiom Predicate extensionality (if Set impredicative) Functional extensionality (Diaconescu) Propositional degeneracy Propositional extensionality Not excluded-middle Excluded-middle (needs Prop-impredicativity) (Berardi) Proof-irrelevance Decidability of equality on any A Axiom K on A Uniqueness of re fl exivity proofs for equality on A Uniqueness of equality proofs on A Injectivity of equality on Sigma-types on A Invariance by substitution of re fl exivity proofs for equality on A
≃ The univalent pole: fi . . . . . . In the Axiom Jungle fi fi fl fl fi . . . A crazy amount of axioms used in the wild! Excluded middle, UIP, choice Funext, Propext, Bisim-is-eq Univalence, what else? The o c pole: Anti-classical axioms (???) Varying degrees of compatibility. P.-M. Pédrot (MPI-SWS) Proof Assistants for Free 24/01/2018 . 5 / 26 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . The claĄical set-theory pole: O I S N N A E L T I T The Extensional pole: X É E - L É I B T E I L R A T G É É -
. fi . . . . . . . In the Axiom Jungle fi fi fl fl fi . A crazy amount of axioms used in the wild! Excluded middle, UIP, choice Funext, Propext, Bisim-is-eq Univalence, what else? The o c pole: Anti-classical axioms (???) Varying degrees of compatibility. P.-M. Pédrot (MPI-SWS) Proof Assistants for Free 24/01/2018 . . . . . . . . . . . . . . . . . 5 / 26 . . . . . . . . . . . . . . The claĄical set-theory pole: ≃ The Extensional pole: The univalent pole: « A mathematician is a device for turning toruses into equalities (up to homotopy). »
≃ . fl . . . . . . . . In the Axiom Jungle fi fi fl . fi fi A crazy amount of axioms used in the wild! Excluded middle, UIP, choice Funext, Propext, Bisim-is-eq Univalence, what else? Anti-classical axioms (???) Varying degrees of compatibility. P.-M. Pédrot (MPI-SWS) Proof Assistants for Free 24/01/2018 . . . . . . . . . . . . . . . . . . . . . . . . . 5 / 26 . . . . . The claĄical set-theory pole: The Extensional pole: The univalent pole: The εχ o τι c pole:
≃ . fl . . . . . . . . In the Axiom Jungle fi fi fl . fi fi A crazy amount of axioms used in the wild! Excluded middle, UIP, choice Funext, Propext, Bisim-is-eq Univalence, what else? Anti-classical axioms (???) Varying degrees of compatibility. P.-M. Pédrot (MPI-SWS) Proof Assistants for Free 24/01/2018 . . . . . . . . . . . . . . . . . . . . . . . . . 5 / 26 . . . . . The claĄical set-theory pole: The Extensional pole: The univalent pole: The εχ o τι c pole:
. . . . . . . . . . . . . . Reality Check Theorem 0 Axioms Suck. Proof. They break computation (and thus canonicity). They are hard to justify. They might be incompatible with one another. P.-M. Pédrot (MPI-SWS) Proof Assistants for Free 24/01/2018 . . . . . . . . . . . . . . . . . . . . . . . . . . 6 / 26
Recommend
More recommend