translating proofs from hol to coq
play

Translating proofs from HOL to Coq Theoretical and practical - PowerPoint PPT Presentation

Oct 09, 2023 •147 likes •439 views

Translating proofs from HOL to Coq Theoretical and practical aspects Chantal Keller and Benjamin Werner Ecole Polytechnique & INRIA jeudi 11 octobre 12 What are mathematics ? The Bodensee is beautiful Everyone in Baden loves Dampfnudeln,

  1. Translating proofs from HOL to Coq Theoretical and practical aspects Chantal Keller and Benjamin Werner Ecole Polytechnique & INRIA jeudi 11 octobre 12

  2. What are mathematics ? The Bodensee is beautiful Everyone in Baden loves Dampfnudeln, Markus is in Baden, thus Markus loves Dampfnudeln. syntax ! Proof-system : • detail the proof up to primitive logical rules • have it checked by the machine jeudi 11 octobre 12

  3. Proof-system • A formalism : language, logical rules. • A software : for manipulating, checking, storing, building proofs. • A proof language. • A library : mathematical corpus. Similar to a programming language + a compiler : formalism = abstract syntax proof language concrete syntax jeudi 11 octobre 12

  4. Concrete syntax Both systems use a proof language made of tactics . They have a common ancestor : LCF Thus, the proof languages bear some similarities, but are undoubtedly different (say like Java and C). Lemma subst_idt_lift_term : forall j u i, subst_idt (lift_term u i j) S = lift_term (subst_idt u S) i j. Proof. move => j; elim => [n|x X|[C|C|||||||C|C]|c C|t IHt u IHu|A t IHt] //= i. - by case: (_ <= _). - by rewrite IHt IHu. - by rewrite IHt. Qed. jeudi 11 octobre 12

  5. Concrete syntax Both systems use a proof language made of tactics . They have a common ancestor : LCF Thus, the proof languages bear some similarities, but are undoubtedly different (say like Java and C). let EQ_MULT_LCANCEL = prove (`!m n p. (m * n = m * p) <=> (m = 0) \/ (n = p)`, INDUCT_TAC THEN REWRITE_TAC[MULT_CLAUSES; NOT_SUC] THEN REPEAT INDUCT_TAC THEN ASM_REWRITE_TAC[MULT_CLAUSES; ADD_CLAUSES; GSYM NOT_SUC; NOT_SUC] THEN ASM_REWRITE_TAC[SUC_INJ; GSYM ADD_ASSOC; EQ_ADD_LCANCEL]);; jeudi 11 octobre 12

  6. Diversity : for the worst or the best ? • Many proof-systems; all incompatible. The common language of mathematics seems lost. • Each proofs-system has its strengths : Coq : good for computations (four-color theorem, primality, but also specific design considerations for algebra...) HOL : good for classical analysis. Jordan curve theorem, prime number theorem... jeudi 11 octobre 12

  7. HOL / HOL-light Formalism : Church’s Higher-Order logic Objects : simply typed lambda-calculus (expressions with binders) Proofs : • No computations in the language (almost) Γ ⊢ A Γ ⊢ B Γ ⊢ A ∧ B • The proofs are not stored How can we trust them ? jeudi 11 octobre 12

  8. Architecture of the HOL checker HOL is implemented in ML; in the implementation : Γ ⊢ A : thm All the functions allowing objects of type thm are simple and carefully checked : they correspond to logical steps. If we trust these functions, we trust HOL. jeudi 11 octobre 12

  9. Coq Formalism : type theory Γ ⊢ p:A Γ ⊢ q:B Γ ⊢ (p,q):A ∧ B proofs are objects, proofs are kept - they can be re-checked Objects are functional typed programs - with a very powerful type system. jeudi 11 octobre 12

  10. Programs and functions An example : addition HOL Coq Prove the existence Define a function of a function such such that: that: 0+m ⊳ m 0+m = m S(n)+m ⊳ S(n+m) S(n)+m = S(n+m) jeudi 11 octobre 12

  11. Computational proofs jeudi 11 octobre 12

  12. Translation • Translating the «concrete» syntax: unrealistic, unreliable, fragile. we have to translate the statements in the first place • Translating the «abstract syntax» : Logical embedding HOL ⊂ Type Theory Two kinds of logical embedding : deep and shallow jeudi 11 octobre 12

  13. Embedding HOL in type theory These functions are defined outside of Shallow embedding the formalisms objects t ↦ |t| propositions P ↦ |P| proofs: if Γ ⊢ P then | Γ | ⊢ |P| jeudi 11 octobre 12

  14. Shallow embedding jeudi 11 octobre 12

  15. Embedding HOL in type theory Deep embedding Represent HOL in a datatype of type theory «speak about» HOL in type theory jeudi 11 octobre 12

  16. The trick Shallow Deep Type theory allows lifting deep from shallow encoding (various work, from Martin-Löf to Garrillot & Werner, 2007) jeudi 11 octobre 12

  17. The trick Shallow Coq Deep HOL The encoding is the interface between the two systems jeudi 11 octobre 12

  18. Encoding : types jeudi 11 octobre 12

  19. Encoding : terms jeudi 11 octobre 12

  20. Lifting to Coq term type jeudi 11 octobre 12

  21. Modelling the proofs A function check: term � proof � bool such that if (check t p)=true then : • t is a well-formed proposition / boolean • p is a proof of t jeudi 11 octobre 12

  22. A function check: term � proof � bool such that if (check t p)=true then : • t is a well-formed proposition / boolean • p is a proof of | t| • this entails that | t| is true - in Coq Nice point : | t| is a “real’’ Coq theorem : it is intelligible jeudi 11 octobre 12

  23. Status of definitions in the two systems Definition four := 4. In HOL : new object : four : N new lemma : four = 4 In Coq : new object : four : nat new rule : four ⊳ 4 jeudi 11 octobre 12

  24. Recording HOL-light proofs The type proof is a pure data-type; we can : • define its twin in ML, in the HOL-light implementation • instrument the basic tactics so that they construct the proof-tree on the fly (reuse code of S. Obua and now from the OpenTheory projet) • export these proof-trees to Coq by straightforward pretty-printing The bottleneck becomes the size of these proof-trees (as expected) We introduce new lemmas for sharing. jeudi 11 octobre 12

  25. The bottleneck becomes the size of these proof-trees (as expected) We introduce new lemmas for sharing. jeudi 11 octobre 12

  26. Substantial gains expected in a reasonable close future jeudi 11 octobre 12

  27. What about classical logic ? HOL is inherently classical : • excluded middle • Hilbert’s ε choice operator We have no choice : we need to add classical axioms to Coq jeudi 11 octobre 12

  28. Conclusion • Translation and cooperation between proof-systems can work, sometimes. • Allows re-using but also re-checking of HOL proofs in Coq • Relies on work specific to the two involved formalisms. • Nice point : the translated theorems are intelligible and reusable. • Efficiency and memory consumptation remains an issue; currently some further progress by using Coq arrays and switching to OpenTheory • Mathematical proofs as massive date; a flavour of the future ? jeudi 11 octobre 12

Recommend

On Hypersequents and Labelled Sequents Translating Labelled Sequent Proofs to Hypersequent Proofs

On Hypersequents and Labelled Sequents Translating Labelled Sequent Proofs to Hypersequent Proofs

On Hypersequents and Labelled Sequents Translating Labelled Sequent Proofs to Hypersequent Proofs Robert Rothenberg 1 2 1 School of Computer Science University of St Andrews 2 Interactive Information, Ltd Edinburgh Workshop in Honour of Roy

393 views • 26 slides
Proofs, Continued Today Proofs : A style guide Proofs should be easy to

Proofs, Continued Today Proofs : A style guide Proofs should be easy to

Euclid (300 BC) Proofs, Continued Today Proofs : A style guide Proofs should be easy to verify. All the cleverness goes into finding/writing the proof, not reading/verifying it! P vs. NP (informally) : P =

682 views • 21 slides
Welcome to PROOFS! PROOFS: Security Proofs for Embedded Systems Introduction to the fifth

Welcome to PROOFS! PROOFS: Security Proofs for Embedded Systems Introduction to the fifth

Welcome to PROOFS! PROOFS: Security Proofs for Embedded Systems Introduction to the fifth workshop Introduction to the workshop PROOFS: Security Proofs for Embedded Systems UCSB August 20, 2016 5th edition of PROOFS PROOFS 2012:

311 views • 7 slides
Translating Henri Poincar Bruce D. Popp, Ph.D. ATA Certified Translator, Fr&gt;En ATA 57th

Translating Henri Poincar Bruce D. Popp, Ph.D. ATA Certified Translator, Fr&gt;En ATA 57th

Translating Henri Poincar Bruce D. Popp, Ph.D. ATA Certified Translator, Fr&gt;En ATA 57th Annual Conference Translating Poincar 1 November 5, 2016 Bruce D. Popp, Ph.D. Translating Poincar French, Mathematical Physics and Chaos

674 views • 45 slides
Interactive Proofs Lecture 18 AM 1 Interactive Proofs 2 Interactive Proofs IP[k] 2

Interactive Proofs Lecture 18 AM 1 Interactive Proofs 2 Interactive Proofs IP[k] 2

Interactive Proofs Lecture 18 AM 1 Interactive Proofs 2 Interactive Proofs IP[k] 2 Interactive Proofs IP[k] IP[poly] = PSPACE 2 Interactive Proofs IP[k] IP[poly] = PSPACE IP protocol for TQBF using arithmetization 2 Interactive

1.75k views • 136 slides
Compositional correctness of IP-based system design: Translating C/C++ Models into SIGNAL

Compositional correctness of IP-based system design: Translating C/C++ Models into SIGNAL

Compositional correctness of IP-based system design: Translating C/C++ Models into SIGNAL Processes Rennes, November 04, 2005 Hamoudi Kalla and Jean-Pierre Talpin Espresso Team Outline Introduction Preliminaries Translating C/C++

526 views • 25 slides
Welcome To The ResQIPS Research Symposium Keynote Discussion - Translating Health Policy Into

Welcome To The ResQIPS Research Symposium Keynote Discussion - Translating Health Policy Into

Welcome To The ResQIPS Research Symposium Keynote Discussion - Translating Health Policy Into Research Featuring Senator Heather Carter And Representative Kelli Butler Translating Health Policy into Research TRANSLATING HEALTH POLICY INTO

153 views • 3 slides
Formal proofs, variable binding, and program extraction from proofs Colloquium Logicum 2016 (10

Formal proofs, variable binding, and program extraction from proofs Colloquium Logicum 2016 (10

Formal proofs, variable binding, and program extraction from proofs Colloquium Logicum 2016 (10 - 12 September 2016, Hamburg) Gyesik Lee Hankyong National University 1 Overview 1. Verification of proofs 2. Hales proof of the Kepler

651 views • 43 slides
Proofs that, proofs why, and the analysis of paradoxes To Gerhard, on your 60th birthday Peter

Proofs that, proofs why, and the analysis of paradoxes To Gerhard, on your 60th birthday Peter

Proofs that, proofs why, and the analysis of paradoxes To Gerhard, on your 60th birthday Peter Schroeder-Heister Universit at T ubingen J agerfest Bern, 13.12.2013 p. 1 Russells antinomy in naive set theory Extend natural

688 views • 41 slides
NP-Hardness Proofs With What Problems We . . . What Problems We . . . Realistic Computers

NP-Hardness Proofs With What Problems We . . . What Problems We . . . Realistic Computers

NP-Hardness Proofs . . . Usual Proofs of NP- . . . Proofs of NP- . . . Pedagogical Problem . . . NP-Hardness Proofs With What Problems We . . . What Problems We . . . Realistic Computers Instead What Is NP-Hard: . . . Proof that . . . of

296 views • 12 slides
Translating and Evolving: Towards a model of language change in DisCoCat Tai-Danae Bradley,

Translating and Evolving: Towards a model of language change in DisCoCat Tai-Danae Bradley,

Translating and Evolving: Towards a model of language change in DisCoCat Tai-Danae Bradley, Martha Lewis, Jade Master, and Brad Theilman SYCO3, March 2019 Oxford, UK Bradley &amp; al Translating &amp; Evolving 1/20 Background

571 views • 20 slides
proofs of proximity for distribution testing (Distribution testing now with proofs!) Tom Gur

proofs of proximity for distribution testing (Distribution testing now with proofs!) Tom Gur

proofs of proximity for distribution testing (Distribution testing now with proofs!) Tom Gur (UC Berkeley) October 14, 2017 FOCS 2017 Workshop: Frontiers in Distribution Testing Joint work with Alessandro Chiesa (UC Berkeley) proofs of

2.25k views • 158 slides
Foundation of proofs Jim Hefferon http://joshua.smcvt.edu/proofs The need to prove In

Foundation of proofs Jim Hefferon http://joshua.smcvt.edu/proofs The need to prove In

Foundation of proofs Jim Hefferon http://joshua.smcvt.edu/proofs The need to prove In Mathematics we prove things The base angles of an isoceles triangle are equal seems obvious to a person with mathematical aptitude. a if a = b

678 views • 52 slides
Lecture 8: More Proofs review: proofs Start with hypotheses and facts Use rules of

Lecture 8: More Proofs review: proofs Start with hypotheses and facts Use rules of

cse 311: foundations of computing Fall 2015 Lecture 8: More Proofs review: proofs Start with hypotheses and facts Use rules of inference to extend set of facts Result is proved when it is included in the set Statement Fact 2

185 views • 18 slides
Flexiformality in Proofs: Bridging between Formal and Informal Proofs Michael Kohlhase Professur

Flexiformality in Proofs: Bridging between Formal and Informal Proofs Michael Kohlhase Professur

Flexiformality in Proofs: Bridging between Formal and Informal Proofs Michael Kohlhase Professur fr Wissensreprsentation und -verarbeitung Informatik, FAU Erlangen-Nrnberg http://kwarc.info 20. October 2016, Dagstuhl Seminar on

568 views • 39 slides
(Interactive) Proofs Proofs from 900 BCE until 1800s Pythagorass Theorem: Proof: Looks legit.

(Interactive) Proofs Proofs from 900 BCE until 1800s Pythagorass Theorem: Proof: Looks legit.

15-251: Great Theoretical Ideas in Computer Science Lecture 24 (Interactive) Proofs Proofs from 900 BCE until 1800s Pythagorass Theorem: Proof: Looks legit. Then there was Russell Principia Mathematica Volume 2 Russell and others worked

949 views • 50 slides
Zero-Knowledge Proofs 1 Zero-Knowledge Proofs Lecture 15 1 Interactive Proofs 2 Interactive

Zero-Knowledge Proofs 1 Zero-Knowledge Proofs Lecture 15 1 Interactive Proofs 2 Interactive

Zero-Knowledge Proofs 1 Zero-Knowledge Proofs Lecture 15 1 Interactive Proofs 2 Interactive Proofs 2 Interactive Proofs Prover wants to convince verifier that x has some property 2 Interactive Proofs Prover wants to convince verifier

1.9k views • 174 slides
Proofs Bits of Wisdom on Solving Problems, Writing Proofs, and Enjoying the Process: How to

Proofs Bits of Wisdom on Solving Problems, Writing Proofs, and Enjoying the Process: How to

15-251: Great Theoretical Ideas in Computer Science Fall 2016 Lecture 1.5 August 31, 2016 Proofs Bits of Wisdom on Solving Problems, Writing Proofs, and Enjoying the Process: How to Succeed in This Class No specific topic covered

857 views • 61 slides
CS449/649: Human-Computer Interaction Spring 2017 Lecture VI Anastasia Kuzminykh Translating

CS449/649: Human-Computer Interaction Spring 2017 Lecture VI Anastasia Kuzminykh Translating

CS449/649: Human-Computer Interaction Spring 2017 Lecture VI Anastasia Kuzminykh Translating Needs Into Functionalities Make data Identify right time Turn problems actionable and place into tasks Translating Needs Into Functionalities

409 views • 37 slides
Zero-Knowledge Proofs Lecture 15 Interactive Proofs Interactive Proofs Interactive Proofs

Zero-Knowledge Proofs Lecture 15 Interactive Proofs Interactive Proofs Interactive Proofs

Zero-Knowledge Proofs Lecture 15 Interactive Proofs Interactive Proofs Interactive Proofs Prover wants to convince verifier that x has some property Interactive Proofs Prover wants to convince verifier that x has some property i.e. x is in

3.29k views • 145 slides
Projects. Probabilistically Checkable Proofs... Probabilistically Checkable Proofs Whats a

Projects. Probabilistically Checkable Proofs... Probabilistically Checkable Proofs Whats a

Projects. Probabilistically Checkable Proofs... Probabilistically Checkable Proofs Whats a proof? Statement: A formula is satisfiable. Proof: assignment, a . Property: 5 minute presentations. Can check proof in polynomial time. A real

401 views • 3 slides
UGLY PROOFS and BOOK PROOFS Joel Spencer 1 Tournament T on n players Ranking fit = NonUpsets

UGLY PROOFS and BOOK PROOFS Joel Spencer 1 Tournament T on n players Ranking fit = NonUpsets

DIMACS, April 2006 UGLY PROOFS and BOOK PROOFS Joel Spencer 1 Tournament T on n players Ranking fit = NonUpsets - Upsets Erd os-Moon (1965): There exists T for all fit ( T, ) n 3 / 2 ln n Proof: Random Tournament JS (1972,

299 views • 8 slides
Succinct Malleable NIZKs and an Application to Compact Shuffles Melissa Chase (MSR Redmond)

Succinct Malleable NIZKs and an Application to Compact Shuffles Melissa Chase (MSR Redmond)

Succinct Malleable NIZKs and an Application to Compact Shuffles Melissa Chase (MSR Redmond) Markulf Kohlweiss (MSR Cambridge) Anna Lysyanskaya (Brown University) Sarah Meiklejohn (UC San Diego) 1 Proofs of proofs 2 Proofs of proofs Suppose

1.47k views • 121 slides
Proofs and Computations Helmut Schwichtenberg Mathematisches Institut, LMU, M unchen 22.

Proofs and Computations Helmut Schwichtenberg Mathematisches Institut, LMU, M unchen 22.

Proofs and Computations Helmut Schwichtenberg Mathematisches Institut, LMU, M unchen 22. August 2010 Helmut Schwichtenberg Proofs and Computations Computing with partial continuous functionals Proofs in mathematics: on abstract,

331 views • 22 slides

More recommend