formal proof between mathematics and computer...
TRANSCRIPT
![Page 1: formal proof between mathematics and computer scienceaep-math2015.spm.pt/sites/default/files/webform/... · ⇐←0→ formal proof between mathematics and computer science FreekWiedijk](https://reader035.vdocument.in/reader035/viewer/2022063008/5fbe9173843bc97b87510184/html5/thumbnails/1.jpg)
⇐←0→
formal proof betweenmathematics and computer science
Freek Wiedijk
Radboud University NijmegenThe Netherlands
June 13, 2015
![Page 2: formal proof between mathematics and computer scienceaep-math2015.spm.pt/sites/default/files/webform/... · ⇐←0→ formal proof between mathematics and computer science FreekWiedijk](https://reader035.vdocument.in/reader035/viewer/2022063008/5fbe9173843bc97b87510184/html5/thumbnails/2.jpg)
⇐←1→
the questions
I do formal proof in mathematics and formal proof in computerscience require different approaches?
I what are the ingredients of a formal proof system?(in case you want to build one yourself)
I what are the unsolved problems in formal proof?(in case you think you can do better than the state of the art)
I can one be certain a formal proof is fully correct?
I how does computation fit into formal proof?
![Page 3: formal proof between mathematics and computer scienceaep-math2015.spm.pt/sites/default/files/webform/... · ⇐←0→ formal proof between mathematics and computer science FreekWiedijk](https://reader035.vdocument.in/reader035/viewer/2022063008/5fbe9173843bc97b87510184/html5/thumbnails/3.jpg)
⇐←1→
the questions
I do formal proof in mathematics and formal proof in computerscience require different approaches?
I what are the ingredients of a formal proof system?(in case you want to build one yourself)
I what are the unsolved problems in formal proof?(in case you think you can do better than the state of the art)
I can one be certain a formal proof is fully correct?
I how does computation fit into formal proof?
![Page 4: formal proof between mathematics and computer scienceaep-math2015.spm.pt/sites/default/files/webform/... · ⇐←0→ formal proof between mathematics and computer science FreekWiedijk](https://reader035.vdocument.in/reader035/viewer/2022063008/5fbe9173843bc97b87510184/html5/thumbnails/4.jpg)
⇐←1→
the questions
I do formal proof in mathematics and formal proof in computerscience require different approaches?
I what are the ingredients of a formal proof system?(in case you want to build one yourself)
I what are the unsolved problems in formal proof?(in case you think you can do better than the state of the art)
I can one be certain a formal proof is fully correct?
I how does computation fit into formal proof?
![Page 5: formal proof between mathematics and computer scienceaep-math2015.spm.pt/sites/default/files/webform/... · ⇐←0→ formal proof between mathematics and computer science FreekWiedijk](https://reader035.vdocument.in/reader035/viewer/2022063008/5fbe9173843bc97b87510184/html5/thumbnails/5.jpg)
⇐←1→
the questions
I do formal proof in mathematics and formal proof in computerscience require different approaches?
I what are the ingredients of a formal proof system?(in case you want to build one yourself)
I what are the unsolved problems in formal proof?(in case you think you can do better than the state of the art)
I can one be certain a formal proof is fully correct?
I how does computation fit into formal proof?
![Page 6: formal proof between mathematics and computer scienceaep-math2015.spm.pt/sites/default/files/webform/... · ⇐←0→ formal proof between mathematics and computer science FreekWiedijk](https://reader035.vdocument.in/reader035/viewer/2022063008/5fbe9173843bc97b87510184/html5/thumbnails/6.jpg)
⇐←1→
the questions
I do formal proof in mathematics and formal proof in computerscience require different approaches?
I what are the ingredients of a formal proof system?(in case you want to build one yourself)
I what are the unsolved problems in formal proof?(in case you think you can do better than the state of the art)
I can one be certain a formal proof is fully correct?
I how does computation fit into formal proof?
![Page 7: formal proof between mathematics and computer scienceaep-math2015.spm.pt/sites/default/files/webform/... · ⇐←0→ formal proof between mathematics and computer science FreekWiedijk](https://reader035.vdocument.in/reader035/viewer/2022063008/5fbe9173843bc97b87510184/html5/thumbnails/7.jpg)
⇐←2→
my research interests
interactive formal proof
I formal proof for mathematics
formal proof languagesformal proof interfaces
FEAR projectformal proof and computer algebra
logical frameworkspartiality in formal proof
I formal proof for computer science
CH2O projectformal version of the C standardRobbert Krebbers
static analysis + interactive formal proof
![Page 8: formal proof between mathematics and computer scienceaep-math2015.spm.pt/sites/default/files/webform/... · ⇐←0→ formal proof between mathematics and computer science FreekWiedijk](https://reader035.vdocument.in/reader035/viewer/2022063008/5fbe9173843bc97b87510184/html5/thumbnails/8.jpg)
⇐←3→
formal proof for computer science: zero days exploits
![Page 9: formal proof between mathematics and computer scienceaep-math2015.spm.pt/sites/default/files/webform/... · ⇐←0→ formal proof between mathematics and computer science FreekWiedijk](https://reader035.vdocument.in/reader035/viewer/2022063008/5fbe9173843bc97b87510184/html5/thumbnails/9.jpg)
⇐←4→
CH2O operational semantics
Γ,m ` (v1 v2) defined([v1]Ω1 [v2]Ω2 ,m) _h ([v1 v2]Ω1∪Ω2 ,m)
(load [a]Ω,m) _h ([m〈a〉Γ]Ω, forceΓa m)
writableΓ a m τ = typeof a Γ,m ` (τ)v defined v′ = (τ)v([a]Ω1 := [v]Ω2 ,m) _h ([v′]a∪Ω1∪Ω2 , lockΓa (m[a := v′]Γ))
(e1,m1) _h (e2,m2)S(P[], E[e1],m1) _ S(P[], E[e2],m2)
context E[] chosen non-deterministically
S(P[], (, e),m) _ S(P[e], e,m)
S(P[e], [v]Ω,m) _ S(P[], (, e), unlockΩ m)
S(P[], (, if (e) s1 else s2),m) _ S(P[if (e) s1 else s2], e,m)
m ` (zero vb) defined ¬ zero vbS(P[if (e) s1 else s2], [vb]Ω,m) _ S(P[if (e) else s2], (, s1), unlockΩ m)
![Page 10: formal proof between mathematics and computer scienceaep-math2015.spm.pt/sites/default/files/webform/... · ⇐←0→ formal proof between mathematics and computer science FreekWiedijk](https://reader035.vdocument.in/reader035/viewer/2022063008/5fbe9173843bc97b87510184/html5/thumbnails/10.jpg)
⇐←5→
mathematics versus computer science
different cultures?
Alexander Grothendieck Ken Thompson & Dennis Ritchie(Fields medal 1966) (Turing award 1983)
![Page 11: formal proof between mathematics and computer scienceaep-math2015.spm.pt/sites/default/files/webform/... · ⇐←0→ formal proof between mathematics and computer science FreekWiedijk](https://reader035.vdocument.in/reader035/viewer/2022063008/5fbe9173843bc97b87510184/html5/thumbnails/11.jpg)
⇐←5→
mathematics versus computer science
different cultures?
Alexander Grothendieck Ken Thompson & Dennis Ritchie(Fields medal 1966) (Turing award 1983)
![Page 12: formal proof between mathematics and computer scienceaep-math2015.spm.pt/sites/default/files/webform/... · ⇐←0→ formal proof between mathematics and computer science FreekWiedijk](https://reader035.vdocument.in/reader035/viewer/2022063008/5fbe9173843bc97b87510184/html5/thumbnails/12.jpg)
⇐←6→
trying out formal proof:
five
four formal proof systems
= proof assistants= interactive theorem provers
primarily developed primarily developedfor mathematics for computer science
Coq
Mizar Isabelle/HOL
HOL Light
HOL4
![Page 13: formal proof between mathematics and computer scienceaep-math2015.spm.pt/sites/default/files/webform/... · ⇐←0→ formal proof between mathematics and computer science FreekWiedijk](https://reader035.vdocument.in/reader035/viewer/2022063008/5fbe9173843bc97b87510184/html5/thumbnails/13.jpg)
⇐←6→
trying out formal proof: five formal proof systems
= proof assistants= interactive theorem provers
primarily developed primarily developedfor mathematics for computer science
Coq
Mizar Isabelle/HOL
HOL Light
HOL4
![Page 14: formal proof between mathematics and computer scienceaep-math2015.spm.pt/sites/default/files/webform/... · ⇐←0→ formal proof between mathematics and computer science FreekWiedijk](https://reader035.vdocument.in/reader035/viewer/2022063008/5fbe9173843bc97b87510184/html5/thumbnails/14.jpg)
⇐←7→
biggest successes per system
I Coqfour color theorem (mathematics)odd order theorem (mathematics)CompCert C compiler (computer science)
I Isabelle/HOLseL4 operating system (computer science)
I HOL Lightprime number theorem (mathematics)Flyspeck project = Kepler conjecture (mathematics)
I HOL4ARM processor (computer science)CakeML compiler (computer science)
I Mizartextbook on continuous lattices (mathematics)
![Page 15: formal proof between mathematics and computer scienceaep-math2015.spm.pt/sites/default/files/webform/... · ⇐←0→ formal proof between mathematics and computer science FreekWiedijk](https://reader035.vdocument.in/reader035/viewer/2022063008/5fbe9173843bc97b87510184/html5/thumbnails/15.jpg)
⇐←8→
state of the art
I mathematicsformal proof: not yet routineserious formal proof convincingly demonstrated
just one practical example: Flyspeck
I theoretical computer scienceformal proof: routine
conferences: ITP, CPP, POPL
I practical computer scienceformal proof: not yet routinescalable formal proof not yet convincingly demonstrated
spin-off technologies: model checking, SAT/SMT solvers
![Page 16: formal proof between mathematics and computer scienceaep-math2015.spm.pt/sites/default/files/webform/... · ⇐←0→ formal proof between mathematics and computer science FreekWiedijk](https://reader035.vdocument.in/reader035/viewer/2022063008/5fbe9173843bc97b87510184/html5/thumbnails/16.jpg)
⇐←9→
the ingredients
teaching an interactive theorem prover
I statements
13%
I proof steps
59%
I definitions
6%
I imports
1%
I proof automation
4%
I comments
7%
I blank lines
10%
![Page 17: formal proof between mathematics and computer scienceaep-math2015.spm.pt/sites/default/files/webform/... · ⇐←0→ formal proof between mathematics and computer science FreekWiedijk](https://reader035.vdocument.in/reader035/viewer/2022063008/5fbe9173843bc97b87510184/html5/thumbnails/17.jpg)
⇐←9→
the ingredients
teaching an interactive theorem prover
I statements 13%
I proof steps 59%
I definitions 6%
I imports 1%
I proof automation 4%
I comments 7%
I blank lines 10%
![Page 18: formal proof between mathematics and computer scienceaep-math2015.spm.pt/sites/default/files/webform/... · ⇐←0→ formal proof between mathematics and computer science FreekWiedijk](https://reader035.vdocument.in/reader035/viewer/2022063008/5fbe9173843bc97b87510184/html5/thumbnails/18.jpg)
⇐←9→
the ingredients
teaching an interactive theorem prover
I statements 13%
I proof steps 59%
I definitions 6%
I imports 1%
I proof automation 4%
I comments 7%
I blank lines 10%
![Page 19: formal proof between mathematics and computer scienceaep-math2015.spm.pt/sites/default/files/webform/... · ⇐←0→ formal proof between mathematics and computer science FreekWiedijk](https://reader035.vdocument.in/reader035/viewer/2022063008/5fbe9173843bc97b87510184/html5/thumbnails/19.jpg)
⇐←10→
statement example: Sylow theorem Google: 100 theorems
I informal statementLet p be a prime factor with multiplicity n of the order of a finite groupG, so that the order of G can be written as pnm, where n > 0 and pdoes not divide m. Let np be the number of Sylow p-subgroups of G.Then the following hold:
I np divides m, which is the index of the Sylow p-subgroup in G.I np ≡ 1 mod p.I np = |G : NG(P)|, where P is any Sylow p-subgroup of G
and NG denotes the normalizer.
I statement
![Page 20: formal proof between mathematics and computer scienceaep-math2015.spm.pt/sites/default/files/webform/... · ⇐←0→ formal proof between mathematics and computer science FreekWiedijk](https://reader035.vdocument.in/reader035/viewer/2022063008/5fbe9173843bc97b87510184/html5/thumbnails/20.jpg)
⇐←10→
statement example: Sylow theorem Google: 100 theorems
I informal statementLet p be a prime factor with multiplicity n of the order of a finite groupG, so that the order of G can be written as pnm, where n > 0 and pdoes not divide m. Let np be the number of Sylow p-subgroups of G.Then the following hold:
I np divides m, which is the index of the Sylow p-subgroup in G.I np ≡ 1 mod p.I np = |G : NG(P)|, where P is any Sylow p-subgroup of G
and NG denotes the normalizer.
I Coq statement
[/\ ∀ P, [max P | p.-subgroup(G) P] = p.-Sylow(G) P,[transitive G, on ’Syl_p(G) | ’JG],∀ P, p.-Sylow(G) P → #|’Syl_p(G)| = #|G : ’N_G(P)|
& prime p → #|’Syl_p(G)| %% p = 1%N].
![Page 21: formal proof between mathematics and computer scienceaep-math2015.spm.pt/sites/default/files/webform/... · ⇐←0→ formal proof between mathematics and computer science FreekWiedijk](https://reader035.vdocument.in/reader035/viewer/2022063008/5fbe9173843bc97b87510184/html5/thumbnails/21.jpg)
⇐←10→
statement example: Sylow theorem Google: 100 theorems
I informal statementLet p be a prime factor with multiplicity n of the order of a finite groupG, so that the order of G can be written as pnm, where n > 0 and pdoes not divide m. Let np be the number of Sylow p-subgroups of G.Then the following hold:
I np divides m, which is the index of the Sylow p-subgroup in G.I np ≡ 1 mod p.I np = |G : NG(P)|, where P is any Sylow p-subgroup of G
and NG denotes the normalizer.
I HOL Light statement
!e op i G p.group (G,op,i,e)==> FINITE G==> prime p==> (!n m. CARD G = p EXP n * m
==> coprime (p,m)==> CARD K | subgroup op i K G /\ CARD K = p EXP n
MOD p = 1)
![Page 22: formal proof between mathematics and computer scienceaep-math2015.spm.pt/sites/default/files/webform/... · ⇐←0→ formal proof between mathematics and computer science FreekWiedijk](https://reader035.vdocument.in/reader035/viewer/2022063008/5fbe9173843bc97b87510184/html5/thumbnails/22.jpg)
⇐←10→
statement example: Sylow theorem Google: 100 theorems
I informal statementLet p be a prime factor with multiplicity n of the order of a finite groupG, so that the order of G can be written as pnm, where n > 0 and pdoes not divide m. Let np be the number of Sylow p-subgroups of G.Then the following hold:
I np divides m, which is the index of the Sylow p-subgroup in G.I np ≡ 1 mod p.I np = |G : NG(P)|, where P is any Sylow p-subgroup of G
and NG denotes the normalizer.
I Mizar statement
for G being finite Group, p being prime (natural number) holdscard the_sylow_p-subgroups_of_prime(p,G) mod p = 1 &card the_sylow_p-subgroups_of_prime(p,G) divides ord G;
![Page 23: formal proof between mathematics and computer scienceaep-math2015.spm.pt/sites/default/files/webform/... · ⇐←0→ formal proof between mathematics and computer science FreekWiedijk](https://reader035.vdocument.in/reader035/viewer/2022063008/5fbe9173843bc97b87510184/html5/thumbnails/23.jpg)
⇐←11→
proof example with procedural tactics: Coq/Ssreflect
. . .pose maxp A P := [max P | p.-subgroup(A) P]; pose S := [set P | maxp G P].pose oG := orbit ’JG%act G.have actS: [acts G, on S | ’JG].
apply/subsetP⇒ x Gx; rewrite 3!inE; apply/subsetP⇒ P; rewrite 3!inE.exact: max_pgroupJ.
have S_pG P: P \in S → P \subset G ∧ p.-group P.by rewrite inE ⇒ /maxgroupp/andP[].
have SmaxN P Q: Q \in S → Q \subset ’N(P) → maxp ’N_G(P) Q.rewrite inE ⇒ /maxgroupP[/andP[sQG pQ] maxQ] nPQ.apply/maxgroupP; rewrite /psubgroup subsetI sQG nPQ.by split⇒ // R; rewrite subsetI -andbA andbCA ⇒ /andP[_]; exact: maxQ.
have nrmG P: P \subset G → P <| ’N_G(P).by move⇒ sPG; rewrite /normal subsetIr subsetI sPG normG.
have sylS P: P \in S → p.-Sylow(’N_G(P)) P.move⇒ S_P; have [sPG pP] := S_pG P S_P.by rewrite normal_max_pgroup_Hall ?nrmG //; apply: SmaxN; rewrite ?normG.
haveSmaxN defCS P: P \in S → ’Fix_(S |’JG)(P) = [set P].move⇒ S_P; apply/setP⇒ Q; rewrite 1in_setI 1afixJG.apply/andP/set1P⇒ [[S_Q nQP]|->Q]; last by rewrite normG.apply/esym/val_inj; case: (S_pG Q) ⇒ //= sQG _.by apply: uniq_normal_Hall (SmaxN Q _ _ _) ⇒ //=; rewrite ?sylS ?nrmG.
. . .
![Page 24: formal proof between mathematics and computer scienceaep-math2015.spm.pt/sites/default/files/webform/... · ⇐←0→ formal proof between mathematics and computer science FreekWiedijk](https://reader035.vdocument.in/reader035/viewer/2022063008/5fbe9173843bc97b87510184/html5/thumbnails/24.jpg)
⇐←11→
proof example with procedural tactics: Coq/Ssreflect. . .pose maxp A P := [max P | p.-subgroup(A) P]; pose S := [set P | maxp G P].pose oG := orbit ’JG%act G.have actS: [acts G, on S | ’JG].
apply/subsetP⇒ x Gx; rewrite 3!inE; apply/subsetP⇒ P; rewrite 3!inE.exact: max_pgroupJ.
have S_pG P: P \in S → P \subset G ∧ p.-group P.by rewrite inE ⇒ /maxgroupp/andP[].
have SmaxN P Q: Q \in S → Q \subset ’N(P) → maxp ’N_G(P) Q.rewrite inE ⇒ /maxgroupP[/andP[sQG pQ] maxQ] nPQ.apply/maxgroupP; rewrite /psubgroup subsetI sQG nPQ.by split⇒ // R; rewrite subsetI -andbA andbCA ⇒ /andP[_]; exact: maxQ.
have nrmG P: P \subset G → P <| ’N_G(P).by move⇒ sPG; rewrite /normal subsetIr subsetI sPG normG.
have sylS P: P \in S → p.-Sylow(’N_G(P)) P.move⇒ S_P; have [sPG pP] := S_pG P S_P.by rewrite normal_max_pgroup_Hall ?nrmG //; apply: SmaxN; rewrite ?normG.
haveSmaxN defCS P: P \in S → ’Fix_(S |’JG)(P) = [set P].move⇒ S_P; apply/setP⇒ Q; rewrite 1in_setI 1afixJG.apply/andP/set1P⇒ [[S_Q nQP]|->Q]; last by rewrite normG.apply/esym/val_inj; case: (S_pG Q) ⇒ //= sQG _.by apply: uniq_normal_Hall (SmaxN Q _ _ _) ⇒ //=; rewrite ?sylS ?nrmG.
. . .
![Page 25: formal proof between mathematics and computer scienceaep-math2015.spm.pt/sites/default/files/webform/... · ⇐←0→ formal proof between mathematics and computer science FreekWiedijk](https://reader035.vdocument.in/reader035/viewer/2022063008/5fbe9173843bc97b87510184/html5/thumbnails/25.jpg)
⇐←11→
proof example with procedural tactics: Coq/Ssreflect. . .pose maxp A P := [max P | p.-subgroup(A) P]; pose S := [set P | maxp G P].pose oG := orbit ’JG%act G.have actS: [acts G, on S | ’JG].
apply/subsetP⇒ x Gx; rewrite 3!inE; apply/subsetP⇒ P; rewrite 3!inE.exact: max_pgroupJ.
have S_pG P: P \in S → P \subset G ∧ p.-group P.by rewrite inE ⇒ /maxgroupp/andP[].
have SmaxN P Q: Q \in S → Q \subset ’N(P) → maxp ’N_G(P) Q.rewrite inE ⇒ /maxgroupP[/andP[sQG pQ] maxQ] nPQ.apply/maxgroupP; rewrite /psubgroup subsetI sQG nPQ.by split⇒ // R; rewrite subsetI -andbA andbCA ⇒ /andP[_]; exact: maxQ.
have nrmG P: P \subset G → P <| ’N_G(P).by move⇒ sPG; rewrite /normal subsetIr subsetI sPG normG.
have sylS P: P \in S → p.-Sylow(’N_G(P)) P.move⇒ S_P; have [sPG pP] := S_pG P S_P.by rewrite normal_max_pgroup_Hall ?nrmG //; apply: SmaxN; rewrite ?normG.
haveSmaxN defCS P: P \in S → ’Fix_(S |’JG)(P) = [set P].move⇒ S_P; apply/setP⇒ Q; rewrite 1in_setI 1afixJG.apply/andP/set1P⇒ [[S_Q nQP]|->Q]; last by rewrite normG.apply/esym/val_inj; case: (S_pG Q) ⇒ //= sQG _.by apply: uniq_normal_Hall (SmaxN Q _ _ _) ⇒ //=; rewrite ?sylS ?nrmG.
. . .
![Page 26: formal proof between mathematics and computer scienceaep-math2015.spm.pt/sites/default/files/webform/... · ⇐←0→ formal proof between mathematics and computer science FreekWiedijk](https://reader035.vdocument.in/reader035/viewer/2022063008/5fbe9173843bc97b87510184/html5/thumbnails/26.jpg)
⇐←12→
proof example with declarative steps only: Mizar. . .
ex h being Element of G st y = h & Q9 |^ h = Q9proof
set h = y;the carrier of Q9 c= the carrier of G by GROUP_2:def 5;then reconsider h as Element of G by A33;take h;thus y = h;for g being Element of G holds g in Q9 iff g in Q9 |^ hproof
let g be Element of G;hereby
assumeA34: g in Q9;
ex g9 being Element of G st g = g9 |^ h & g9 in Q9proof
set g9 = h * g * h";take g9;thus g9 |^ h = h" * g9 * h by GROUP_3:def 2
.= h" * (h * (g * h")) * h by GROUP_1:def 3
.= (h" * h) * (g * h") * h by GROUP_1:def 3
.= 1_G * (g * h") * h by GROUP_1:def 5. . .
![Page 27: formal proof between mathematics and computer scienceaep-math2015.spm.pt/sites/default/files/webform/... · ⇐←0→ formal proof between mathematics and computer science FreekWiedijk](https://reader035.vdocument.in/reader035/viewer/2022063008/5fbe9173843bc97b87510184/html5/thumbnails/27.jpg)
⇐←13→
flavors of definitions
I abbreviations (mathematics, computer science)
f (x1, . . . , xn) := . . .
I characterisations (mathematics)
f (x1, . . . , xn) := ‘the unique y such that P(x1, . . . , xn, y)’
I recursive definitions (computer science)
f (x1, . . . , xn) := . . . ←− may contain f
I algebraic datatypes (computer science)
lists, trees, syntax
I inductively defined predicates (computer science)
smallest relation closed under certain inference rules
![Page 28: formal proof between mathematics and computer scienceaep-math2015.spm.pt/sites/default/files/webform/... · ⇐←0→ formal proof between mathematics and computer science FreekWiedijk](https://reader035.vdocument.in/reader035/viewer/2022063008/5fbe9173843bc97b87510184/html5/thumbnails/28.jpg)
⇐←14→
differences
I formal proof in mathematicsspecific choice of definition not important
few small definitions, relatively easy to get correct
proofs need insightproofs interesting
mostly first order reasoning
I formal proof in computer sciencespecific choice of definition matters
many large definitions, difficult to get correct
proofs largely trivialproofs mostly not interesting
many inductions with many cases
![Page 29: formal proof between mathematics and computer scienceaep-math2015.spm.pt/sites/default/files/webform/... · ⇐←0→ formal proof between mathematics and computer science FreekWiedijk](https://reader035.vdocument.in/reader035/viewer/2022063008/5fbe9173843bc97b87510184/html5/thumbnails/29.jpg)
⇐←15→
the problems
unimportant issues
I looking for the ‘right’ logical foundations
set theory, HOL, type theory, HoTTall work just as well
I making it look like natural language
the COBOL fallacyformal proof language ≈ programming language
![Page 30: formal proof between mathematics and computer scienceaep-math2015.spm.pt/sites/default/files/webform/... · ⇐←0→ formal proof between mathematics and computer science FreekWiedijk](https://reader035.vdocument.in/reader035/viewer/2022063008/5fbe9173843bc97b87510184/html5/thumbnails/30.jpg)
⇐←15→
the problems
unimportant issues
I looking for the ‘right’ logical foundations
set theory, HOL, type theory, HoTTall work just as well
I making it look like natural language
the COBOL fallacyformal proof language ≈ programming language
![Page 31: formal proof between mathematics and computer scienceaep-math2015.spm.pt/sites/default/files/webform/... · ⇐←0→ formal proof between mathematics and computer science FreekWiedijk](https://reader035.vdocument.in/reader035/viewer/2022063008/5fbe9173843bc97b87510184/html5/thumbnails/31.jpg)
⇐←16→
important issues
I automation
integration of computer algebraMetiTarski
hammersSledgehammer, HOL(y)Hammer
I libraries
N ⊂ Z ⊂ Q ⊂ R ⊂ . . .semigroup ⊃ groups ⊃ rings ⊃ fields ⊃ ordered fields ⊃ . . .scalars ⊂ vectors ⊂ matrixes ⊂ tensors ⊂ . . .
just a single 0
MathML fragment of mathematics
![Page 32: formal proof between mathematics and computer scienceaep-math2015.spm.pt/sites/default/files/webform/... · ⇐←0→ formal proof between mathematics and computer science FreekWiedijk](https://reader035.vdocument.in/reader035/viewer/2022063008/5fbe9173843bc97b87510184/html5/thumbnails/32.jpg)
⇐←16→
important issues
I automation
integration of computer algebraMetiTarski
hammersSledgehammer, HOL(y)Hammer
I libraries
N ⊂ Z ⊂ Q ⊂ R ⊂ . . .semigroup ⊃ groups ⊃ rings ⊃ fields ⊃ ordered fields ⊃ . . .scalars ⊂ vectors ⊂ matrixes ⊂ tensors ⊂ . . .
just a single 0
MathML fragment of mathematics
![Page 33: formal proof between mathematics and computer scienceaep-math2015.spm.pt/sites/default/files/webform/... · ⇐←0→ formal proof between mathematics and computer science FreekWiedijk](https://reader035.vdocument.in/reader035/viewer/2022063008/5fbe9173843bc97b87510184/html5/thumbnails/33.jpg)
⇐←16→
important issues
I automation
integration of computer algebraMetiTarski
hammersSledgehammer, HOL(y)Hammer
I libraries
N ⊂ Z ⊂ Q ⊂ R ⊂ . . .semigroup ⊃ groups ⊃ rings ⊃ fields ⊃ ordered fields ⊃ . . .scalars ⊂ vectors ⊂ matrixes ⊂ tensors ⊂ . . .
just a single 0
MathML fragment of mathematics
![Page 34: formal proof between mathematics and computer scienceaep-math2015.spm.pt/sites/default/files/webform/... · ⇐←0→ formal proof between mathematics and computer science FreekWiedijk](https://reader035.vdocument.in/reader035/viewer/2022063008/5fbe9173843bc97b87510184/html5/thumbnails/34.jpg)
⇐←16→
important issues
I automation
integration of computer algebraMetiTarski
hammersSledgehammer, HOL(y)Hammer
I libraries
N ⊂ Z ⊂ Q ⊂ R ⊂ . . .semigroup ⊃ groups ⊃ rings ⊃ fields ⊃ ordered fields ⊃ . . .scalars ⊂ vectors ⊂ matrixes ⊂ tensors ⊂ . . .
just a single 0
MathML fragment of mathematics
![Page 35: formal proof between mathematics and computer scienceaep-math2015.spm.pt/sites/default/files/webform/... · ⇐←0→ formal proof between mathematics and computer science FreekWiedijk](https://reader035.vdocument.in/reader035/viewer/2022063008/5fbe9173843bc97b87510184/html5/thumbnails/35.jpg)
⇐←17→
certainty
what could possibly go wrong?
I bugs in the implementation of the proof system
not a problem
I logical foundations are inconsistentnot a serious problem
I definitions do not match informal understandingthe real problem
Andrzej Trybulec:definitions are a debtproved lemmas pay back that debt
![Page 36: formal proof between mathematics and computer scienceaep-math2015.spm.pt/sites/default/files/webform/... · ⇐←0→ formal proof between mathematics and computer science FreekWiedijk](https://reader035.vdocument.in/reader035/viewer/2022063008/5fbe9173843bc97b87510184/html5/thumbnails/36.jpg)
⇐←17→
certainty
what could possibly go wrong?
I bugs in the implementation of the proof systemnot a problem
I logical foundations are inconsistentnot a serious problem
I definitions do not match informal understandingthe real problem
Andrzej Trybulec:definitions are a debtproved lemmas pay back that debt
![Page 37: formal proof between mathematics and computer scienceaep-math2015.spm.pt/sites/default/files/webform/... · ⇐←0→ formal proof between mathematics and computer science FreekWiedijk](https://reader035.vdocument.in/reader035/viewer/2022063008/5fbe9173843bc97b87510184/html5/thumbnails/37.jpg)
⇐←17→
certainty
what could possibly go wrong?
I bugs in the implementation of the proof systemnot a problem
I logical foundations are inconsistentnot a serious problem
I definitions do not match informal understandingthe real problem
Andrzej Trybulec:definitions are a debtproved lemmas pay back that debt
![Page 38: formal proof between mathematics and computer scienceaep-math2015.spm.pt/sites/default/files/webform/... · ⇐←0→ formal proof between mathematics and computer science FreekWiedijk](https://reader035.vdocument.in/reader035/viewer/2022063008/5fbe9173843bc97b87510184/html5/thumbnails/38.jpg)
⇐←17→
certainty
what could possibly go wrong?
I bugs in the implementation of the proof systemnot a problem
I logical foundations are inconsistentnot a serious problem
I definitions do not match informal understandingthe real problem
Andrzej Trybulec:definitions are a debtproved lemmas pay back that debt
![Page 39: formal proof between mathematics and computer scienceaep-math2015.spm.pt/sites/default/files/webform/... · ⇐←0→ formal proof between mathematics and computer science FreekWiedijk](https://reader035.vdocument.in/reader035/viewer/2022063008/5fbe9173843bc97b87510184/html5/thumbnails/39.jpg)
⇐←18→
de Bruijn criterion: what to trust?
proof system
‘proof object’
digest proofs
proof kernel
formalization
definitions
compilerproof systemsources
compilersources
![Page 40: formal proof between mathematics and computer scienceaep-math2015.spm.pt/sites/default/files/webform/... · ⇐←0→ formal proof between mathematics and computer science FreekWiedijk](https://reader035.vdocument.in/reader035/viewer/2022063008/5fbe9173843bc97b87510184/html5/thumbnails/40.jpg)
⇐←18→
de Bruijn criterion: what to trust?
proof system
‘proof object’
digest proofs
proof kernel
formalization
definitions
compiler
proof systemsources
compilersources
![Page 41: formal proof between mathematics and computer scienceaep-math2015.spm.pt/sites/default/files/webform/... · ⇐←0→ formal proof between mathematics and computer science FreekWiedijk](https://reader035.vdocument.in/reader035/viewer/2022063008/5fbe9173843bc97b87510184/html5/thumbnails/41.jpg)
⇐←18→
de Bruijn criterion: what to trust?
proof system
‘proof object’
digest proofs
proof kernel
formalization
definitions
compiler
proof systemsources
compilersources
![Page 42: formal proof between mathematics and computer scienceaep-math2015.spm.pt/sites/default/files/webform/... · ⇐←0→ formal proof between mathematics and computer science FreekWiedijk](https://reader035.vdocument.in/reader035/viewer/2022063008/5fbe9173843bc97b87510184/html5/thumbnails/42.jpg)
⇐←18→
de Bruijn criterion: what to trust?
proof system
‘proof object’
digest proofs
proof kernel
formalization
definitions
compilerproof systemsources
compilersources
![Page 43: formal proof between mathematics and computer scienceaep-math2015.spm.pt/sites/default/files/webform/... · ⇐←0→ formal proof between mathematics and computer science FreekWiedijk](https://reader035.vdocument.in/reader035/viewer/2022063008/5fbe9173843bc97b87510184/html5/thumbnails/43.jpg)
⇐←18→
de Bruijn criterion: what to trust?
proof system
‘proof object’
digest proofs
proof kernel
formalization
definitions
compilerproof systemsources
compilersources
![Page 44: formal proof between mathematics and computer scienceaep-math2015.spm.pt/sites/default/files/webform/... · ⇐←0→ formal proof between mathematics and computer science FreekWiedijk](https://reader035.vdocument.in/reader035/viewer/2022063008/5fbe9173843bc97b87510184/html5/thumbnails/44.jpg)
⇐←18→
de Bruijn criterion: what to trust?
proof system
‘proof object’
digest proofs
proof kernel
formalization
definitions
compilerproof systemsources
compilersources
![Page 45: formal proof between mathematics and computer scienceaep-math2015.spm.pt/sites/default/files/webform/... · ⇐←0→ formal proof between mathematics and computer science FreekWiedijk](https://reader035.vdocument.in/reader035/viewer/2022063008/5fbe9173843bc97b87510184/html5/thumbnails/45.jpg)
⇐←18→
de Bruijn criterion: what to trust?
proof system
‘proof object’
digest proofs
proof kernel
formalization
definitions
compilerproof systemsources
compilersources
![Page 46: formal proof between mathematics and computer scienceaep-math2015.spm.pt/sites/default/files/webform/... · ⇐←0→ formal proof between mathematics and computer science FreekWiedijk](https://reader035.vdocument.in/reader035/viewer/2022063008/5fbe9173843bc97b87510184/html5/thumbnails/46.jpg)
⇐←18→
de Bruijn criterion: what to trust?
proof system
‘proof object’
digest proofs
proof kernel
lemmasdefinitions
compilerproof systemsources
compilersources
![Page 47: formal proof between mathematics and computer scienceaep-math2015.spm.pt/sites/default/files/webform/... · ⇐←0→ formal proof between mathematics and computer science FreekWiedijk](https://reader035.vdocument.in/reader035/viewer/2022063008/5fbe9173843bc97b87510184/html5/thumbnails/47.jpg)
⇐←18→
de Bruijn criterion: what to trust?
proof system
‘proof object’
digest proofs
proof kernel
lemmasdefinitions
compilerproof systemsources
compilersources
![Page 48: formal proof between mathematics and computer scienceaep-math2015.spm.pt/sites/default/files/webform/... · ⇐←0→ formal proof between mathematics and computer science FreekWiedijk](https://reader035.vdocument.in/reader035/viewer/2022063008/5fbe9173843bc97b87510184/html5/thumbnails/48.jpg)
⇐←18→
de Bruijn criterion: what to trust?
proof system
‘proof object’
digest proofs
proof kernel
lemmasdefinitions
compilerproof systemsources
compilersources
![Page 49: formal proof between mathematics and computer scienceaep-math2015.spm.pt/sites/default/files/webform/... · ⇐←0→ formal proof between mathematics and computer science FreekWiedijk](https://reader035.vdocument.in/reader035/viewer/2022063008/5fbe9173843bc97b87510184/html5/thumbnails/49.jpg)
⇐←19→
CakeML and the verified HOL Light kernel
Magnus Myreen, Ramana Kumar, Scott Owens, e.a.‘Cake’ = Cambridge & Kent
implemented in verified inPoly/ML Poly/ML —HOL4 kernel Poly/ML —HOL4 system Poly/ML —OCaml OCaml —HOL Light kernel OCaml —HOL Light system OCaml —CakeML HOL4∗ HOL4vHOL kernel HOL4∗ HOL4
vHOL system CakeML HOL4
∗extracted to CakeML HOL4
![Page 50: formal proof between mathematics and computer scienceaep-math2015.spm.pt/sites/default/files/webform/... · ⇐←0→ formal proof between mathematics and computer science FreekWiedijk](https://reader035.vdocument.in/reader035/viewer/2022063008/5fbe9173843bc97b87510184/html5/thumbnails/50.jpg)
⇐←19→
CakeML and the verified HOL Light kernel
Magnus Myreen, Ramana Kumar, Scott Owens, e.a.‘Cake’ = Cambridge & Kent
implemented in verified inPoly/ML Poly/ML —HOL4 kernel Poly/ML —HOL4 system Poly/ML —OCaml OCaml —HOL Light kernel OCaml —HOL Light system OCaml —CakeML HOL4∗ HOL4vHOL kernel HOL4∗ HOL4vHOL system CakeML HOL4
∗extracted to CakeML HOL4
![Page 51: formal proof between mathematics and computer scienceaep-math2015.spm.pt/sites/default/files/webform/... · ⇐←0→ formal proof between mathematics and computer science FreekWiedijk](https://reader035.vdocument.in/reader035/viewer/2022063008/5fbe9173843bc97b87510184/html5/thumbnails/51.jpg)
⇐←19→
CakeML and the verified HOL Light kernel
Magnus Myreen, Ramana Kumar, Scott Owens, e.a.‘Cake’ = Cambridge & Kent
implemented in verified inPoly/ML Poly/ML —HOL4 kernel Poly/ML —HOL4 system Poly/ML —OCaml OCaml —HOL Light kernel OCaml —HOL Light system OCaml —CakeML
HOL4
vHOL∗
HOL4
vHOLvHOL kernel
HOL4
vHOL∗
HOL4
vHOLvHOL system CakeML
HOL4
vHOL∗extracted to CakeML
HOL4
vHOL
![Page 52: formal proof between mathematics and computer scienceaep-math2015.spm.pt/sites/default/files/webform/... · ⇐←0→ formal proof between mathematics and computer science FreekWiedijk](https://reader035.vdocument.in/reader035/viewer/2022063008/5fbe9173843bc97b87510184/html5/thumbnails/52.jpg)
⇐←19→
CakeML and the verified HOL Light kernel
Magnus Myreen, Ramana Kumar, Scott Owens, e.a.‘Cake’ = Cambridge & Kent
implemented in verified in
Poly/ML Poly/ML —HOL4 kernel Poly/ML —HOL4 system Poly/ML —OCaml OCaml —HOL Light kernel OCaml —HOL Light system OCaml —
CakeML
HOL4
vHOL∗
HOL4
vHOLvHOL kernel
HOL4
vHOL∗
HOL4
vHOLvHOL system CakeML
HOL4
vHOL∗extracted to CakeML
HOL4
vHOL
![Page 53: formal proof between mathematics and computer scienceaep-math2015.spm.pt/sites/default/files/webform/... · ⇐←0→ formal proof between mathematics and computer science FreekWiedijk](https://reader035.vdocument.in/reader035/viewer/2022063008/5fbe9173843bc97b87510184/html5/thumbnails/53.jpg)
⇐←20→
proofs that depend on programs
examples
I four color theoremI check unavoidability of configurationsI check reducibility of configurations
I Mertens conjectureI compute zeroes of Riemann zeta function to many decimals
I Kepler conjectureI solve many linear programsI check many non-linear inequalitiesI enumerate a collection of tame graphs
how to know these programs are correct?
how do these programs fit into a formal proof?
![Page 54: formal proof between mathematics and computer scienceaep-math2015.spm.pt/sites/default/files/webform/... · ⇐←0→ formal proof between mathematics and computer science FreekWiedijk](https://reader035.vdocument.in/reader035/viewer/2022063008/5fbe9173843bc97b87510184/html5/thumbnails/54.jpg)
⇐←20→
proofs that depend on programs
examples
I four color theoremI check unavoidability of configurationsI check reducibility of configurations
I Mertens conjectureI compute zeroes of Riemann zeta function to many decimals
I Kepler conjectureI solve many linear programsI check many non-linear inequalitiesI enumerate a collection of tame graphs
how to know these programs are correct?
how do these programs fit into a formal proof?
![Page 55: formal proof between mathematics and computer scienceaep-math2015.spm.pt/sites/default/files/webform/... · ⇐←0→ formal proof between mathematics and computer science FreekWiedijk](https://reader035.vdocument.in/reader035/viewer/2022063008/5fbe9173843bc97b87510184/html5/thumbnails/55.jpg)
⇐←20→
proofs that depend on programs
examples
I four color theoremI check unavoidability of configurationsI check reducibility of configurations
I Mertens conjectureI compute zeroes of Riemann zeta function to many decimals
I Kepler conjectureI solve many linear programsI check many non-linear inequalitiesI enumerate a collection of tame graphs
how to know these programs are correct?
how do these programs fit into a formal proof?
![Page 56: formal proof between mathematics and computer scienceaep-math2015.spm.pt/sites/default/files/webform/... · ⇐←0→ formal proof between mathematics and computer science FreekWiedijk](https://reader035.vdocument.in/reader035/viewer/2022063008/5fbe9173843bc97b87510184/html5/thumbnails/56.jpg)
⇐←21→
a spectrum of programming languages for mathematics
I computation by deductionHOL
I high-level functional programming languagesML
I low-level imperative programming languagesC
I machine codex86
![Page 57: formal proof between mathematics and computer scienceaep-math2015.spm.pt/sites/default/files/webform/... · ⇐←0→ formal proof between mathematics and computer science FreekWiedijk](https://reader035.vdocument.in/reader035/viewer/2022063008/5fbe9173843bc97b87510184/html5/thumbnails/57.jpg)
⇐←22→
the Poincaré principle: fitting computation to the logic
formally proving` F(M )−→−→N
Isabelle kernel Coq kernel HOL Light kernel
ML
HOL
MLHOL Light kernel++
C
x86
![Page 58: formal proof between mathematics and computer scienceaep-math2015.spm.pt/sites/default/files/webform/... · ⇐←0→ formal proof between mathematics and computer science FreekWiedijk](https://reader035.vdocument.in/reader035/viewer/2022063008/5fbe9173843bc97b87510184/html5/thumbnails/58.jpg)
⇐←22→
the Poincaré principle: fitting computation to the logic
formally proving` F(M )−→−→N
Isabelle kernel Coq kernel HOL Light kernel
ML
HOL
MLHOL Light kernel++
C
x86
![Page 59: formal proof between mathematics and computer scienceaep-math2015.spm.pt/sites/default/files/webform/... · ⇐←0→ formal proof between mathematics and computer science FreekWiedijk](https://reader035.vdocument.in/reader035/viewer/2022063008/5fbe9173843bc97b87510184/html5/thumbnails/59.jpg)
⇐←22→
the Poincaré principle: fitting computation to the logic
formally proving` F(M )−→−→N
Isabelle kernel Coq kernel HOL Light kernel
ML
HOL
MLHOL Light kernel++
C
x86
![Page 60: formal proof between mathematics and computer scienceaep-math2015.spm.pt/sites/default/files/webform/... · ⇐←0→ formal proof between mathematics and computer science FreekWiedijk](https://reader035.vdocument.in/reader035/viewer/2022063008/5fbe9173843bc97b87510184/html5/thumbnails/60.jpg)
⇐←22→
the Poincaré principle: fitting computation to the logic
formally proving` F(M )−→−→N
Isabelle kernel Coq kernel HOL Light kernel
ML
HOL
MLHOL Light kernel++
C
x86
![Page 61: formal proof between mathematics and computer scienceaep-math2015.spm.pt/sites/default/files/webform/... · ⇐←0→ formal proof between mathematics and computer science FreekWiedijk](https://reader035.vdocument.in/reader035/viewer/2022063008/5fbe9173843bc97b87510184/html5/thumbnails/61.jpg)
⇐←22→
the Poincaré principle: fitting computation to the logic
formally proving` F(M )−→−→N
Isabelle kernel Coq kernel HOL Light kernel
ML
HOL
ML
HOL Light kernel++
C
x86
![Page 62: formal proof between mathematics and computer scienceaep-math2015.spm.pt/sites/default/files/webform/... · ⇐←0→ formal proof between mathematics and computer science FreekWiedijk](https://reader035.vdocument.in/reader035/viewer/2022063008/5fbe9173843bc97b87510184/html5/thumbnails/62.jpg)
⇐←22→
the Poincaré principle: fitting computation to the logic
formally proving` F(M )−→−→N
Isabelle kernel
Coq kernel
HOL Light kernel
ML
HOL
Coq kernel
‘ML’
HOL Light kernel++
C
x86
![Page 63: formal proof between mathematics and computer scienceaep-math2015.spm.pt/sites/default/files/webform/... · ⇐←0→ formal proof between mathematics and computer science FreekWiedijk](https://reader035.vdocument.in/reader035/viewer/2022063008/5fbe9173843bc97b87510184/html5/thumbnails/63.jpg)
⇐←22→
the Poincaré principle: fitting computation to the logic
formally proving` F(M )−→−→N
Isabelle kernel
Coq kernel
HOL Light kernel
ML
HOL
Coq kernel
‘ML’HOL Light kernel++
C
x86
![Page 64: formal proof between mathematics and computer scienceaep-math2015.spm.pt/sites/default/files/webform/... · ⇐←0→ formal proof between mathematics and computer science FreekWiedijk](https://reader035.vdocument.in/reader035/viewer/2022063008/5fbe9173843bc97b87510184/html5/thumbnails/64.jpg)
⇐←22→
the Poincaré principle: fitting computation to the logic
formally proving` F(M )−→−→N
Isabelle kernel
Coq kernel
HOL Light kernel
ML
HOL
Coq kernel
‘ML’HOL Light kernel++
x86
![Page 65: formal proof between mathematics and computer scienceaep-math2015.spm.pt/sites/default/files/webform/... · ⇐←0→ formal proof between mathematics and computer science FreekWiedijk](https://reader035.vdocument.in/reader035/viewer/2022063008/5fbe9173843bc97b87510184/html5/thumbnails/65.jpg)
⇐←23→
conclusions
developing a formal proof system
I without good automation it will not be very usable
I without a good lemma library it will not be very appealing
I without a small proof kernel it will not be utterly reliable
I without computation it will not handle proofs that dependon large programs
![Page 66: formal proof between mathematics and computer scienceaep-math2015.spm.pt/sites/default/files/webform/... · ⇐←0→ formal proof between mathematics and computer science FreekWiedijk](https://reader035.vdocument.in/reader035/viewer/2022063008/5fbe9173843bc97b87510184/html5/thumbnails/66.jpg)
⇐←23→
conclusions
developing a formal proof system
I without good automation it will not be very usable
I without a good lemma library it will not be very appealing
I without a small proof kernel it will not be utterly reliable
I without computation it will not handle proofs that dependon large programs
![Page 67: formal proof between mathematics and computer scienceaep-math2015.spm.pt/sites/default/files/webform/... · ⇐←0→ formal proof between mathematics and computer science FreekWiedijk](https://reader035.vdocument.in/reader035/viewer/2022063008/5fbe9173843bc97b87510184/html5/thumbnails/67.jpg)
⇐←24→
any questions?
![Page 68: formal proof between mathematics and computer scienceaep-math2015.spm.pt/sites/default/files/webform/... · ⇐←0→ formal proof between mathematics and computer science FreekWiedijk](https://reader035.vdocument.in/reader035/viewer/2022063008/5fbe9173843bc97b87510184/html5/thumbnails/68.jpg)
⇐←25→
table of contents
contents
my research interests
mathematics versus computer science
the ingredients
the problems
certainty
proofs that depend on programs
conclusions
table of contents