Embedding logics in Dedukti

Size: px

Start display at page:

Download "Embedding logics in Dedukti"

Samuel Hardy
5 years ago
Views:

1 1 INRIA, 2 Ecole Polytechnique, 3 ENSIIE/Cedric Embedding logics in Dedukti Ali Assaf 12, Guillaume Burel 3 April 12, 2013 Ali Assaf, Guillaume Burel: Embedding logics in Dedukti, 1

2 Outline Introduction Embedding pure type systems Holide: HOL in Dedukti Coqine: Coq in Dedukti Conclusion Ali Assaf, Guillaume Burel: Embedding logics in Dedukti, 2

3 Introduction Outline Introduction Embedding pure type systems Holide: HOL in Dedukti Coqine: Coq in Dedukti Conclusion Ali Assaf, Guillaume Burel: Embedding logics in Dedukti, 3

4 Introduction Universal proof checker Source: HOL, Coq,... Pure type systems Reconstruction, proof search,... HOL PVS Dedukti Coq Target: Dedukti λπ-calculus modulo (see previous talk) Proof checking (no reconstruction, no proof search,...) Ali Assaf, Guillaume Burel: Embedding logics in Dedukti, 4

5 Introduction Towards interoperability Prove A B in system 1. Prove A in system 2. Can we deduce B? A B 1 A 2 B?? Shallow embeddings: A B 1 = A 1 B 1 Only need to relate A 1 with A 2 Ali Assaf, Guillaume Burel: Embedding logics in Dedukti, 5

6 Introduction Shallow vs. deep embeddings Reuse features of the target language Variables, binders,... Rewriting, computation,... Advantages: Lighter translations Make interoperability easier Ali Assaf, Guillaume Burel: Embedding logics in Dedukti, 6

7 Embedding pure type systems Outline Introduction Embedding pure type systems Holide: HOL in Dedukti Coqine: Coq in Dedukti Conclusion Ali Assaf, Guillaume Burel: Embedding logics in Dedukti, 7

8 Embedding pure type systems Pure type systems Signature P = (S, A, R) S a set of sorts A S S a set of axioms R S S S a set of rules Syntax sorts s S terms t, u, A, B ::= x s λx:a. t Πx:A. B t u contexts Γ ::= Γ, x : A Ali Assaf, Guillaume Burel: Embedding logics in Dedukti, 8

9 Embedding pure type systems Typing rules Γ well-formed Γ x : A (x : A) Γ Γ well-formed Γ s 1 : s 2 (s 1 : s 2) A Γ A : s 1 Γ, x : A t : B Γ (Πx:A. B) : s 3 Γ (λx:a. t) : (Πx:A. B) Γ A : s 1 Γ, x : A B : s 2 (s 1, s 2, s 3) R Γ (Πx:A. B) : s 3 Γ t : (Πx:A. B) Γ (t u) : [u/x]b Γ u : A Γ t : A Γ B : s A β B Γ t : B well-formed Γ well-formed Γ A : s x Γ Γ, x : A well-formed Ali Assaf, Guillaume Burel: Embedding logics in Dedukti, 9

10 Embedding pure type systems Example Example The calculus of constructions (CC) is the PTS defined by the signature: S = type, kind A = (type : kind) R = (type, type, type), (kind, type, type), (type, kind, kind), (kind, kind, kind) The polymorphic identity function id = (λa:type. λx:a. x) is well-typed in CC: id : (ΠA:type. A A) Ali Assaf, Guillaume Burel: Embedding logics in Dedukti, 10

11 Embedding pure type systems Translations λπ-calculus: types may only depend on terms PTS: terms and types may depend on types (polymorphism, type operators) Two translations: t as a term t as a type Ali Assaf, Guillaume Burel: Embedding logics in Dedukti, 11

12 Embedding pure type systems Two Translations As a type: s = s, the universe of terms of type s Πx:A. B = Πx: A. B As a term: s = ṡ, a constant Πx:A. B = π A (λx: A. B ) Ali Assaf, Guillaume Burel: Embedding logics in Dedukti, 12

13 Embedding pure type systems Decoding function A term A can be used as a type Decoding function ε Constraints: A = ε A s = s Πx:A. B = Πx: A. B Ali Assaf, Guillaume Burel: Embedding logics in Dedukti, 13

14 Embedding pure type systems Decoding function A term A can be used as a type Decoding function ε Constraints: A = ε A ε s = s ε Πx:A. B = Πx:ε A. ε B Ali Assaf, Guillaume Burel: Embedding logics in Dedukti, 13

15 Embedding pure type systems Decoding function A term A can be used as a type Decoding function ε Constraints: A = ε A ε ṡ = s ε ( π A (λx: A. B )) = Πx:ε A. ε B Ali Assaf, Guillaume Burel: Embedding logics in Dedukti, 13

16 Embedding pure type systems Decoding function A term A can be used as a type Decoding function ε Constraints: A = ε A ε ṡ = s ε ( π A B) = Πx:ε A. ε (B x) Ali Assaf, Guillaume Burel: Embedding logics in Dedukti, 13

17 Embedding pure type systems Decoding function A term A can be used as a type Decoding function ε Constraints: A = ε A ε ṡ s ε ( π A B) Πx:ε A. ε (B x) Ali Assaf, Guillaume Burel: Embedding logics in Dedukti, 13

18 Embedding pure type systems The embedding Constants s : Type s S ε s : s Type s S ṡ 1 : s 2 (s 1 : s 2 ) A π s1,s 2,s 3 : ΠA:s 1. (ε s1 A s 2 ) s 3 (s 1, s 2, s 3 ) R Rewrite rules ε s2 (ṡ 1 ) s 1 (s 1 : s 2 ) A ε s3 ( π s1,s 2,s 3 A B) Πx:ε s1 A. ε s2 (B x) (s 1, s 2, s 3 ) R Ali Assaf, Guillaume Burel: Embedding logics in Dedukti, 14

19 Embedding pure type systems Example Example Polymorphic identity in CC Translation: λa:type. λx:a. x : (ΠA:type. A A) λa:type. λx:a. x : ΠA:type. A A Ali Assaf, Guillaume Burel: Embedding logics in Dedukti, 15

20 Embedding pure type systems Example Example Polymorphic identity in CC Translation: λa:type. λx:a. x : (ΠA:type. A A) λa:type. λx:a. x : ΠA:type. A A Ali Assaf, Guillaume Burel: Embedding logics in Dedukti, 15

21 Embedding pure type systems Example Example Polymorphic identity in CC Translation: λa:type. λx:a. x : (ΠA:type. A A) λa: type. λx: A. x : ΠA:type. A A Ali Assaf, Guillaume Burel: Embedding logics in Dedukti, 15

22 Embedding pure type systems Example Example Polymorphic identity in CC Translation: λa:type. λx:a. x : (ΠA:type. A A) λa:ε type. λx:ε A. x : ΠA:type. A A Ali Assaf, Guillaume Burel: Embedding logics in Dedukti, 15

23 Embedding pure type systems Example Example Polymorphic identity in CC Translation: λa:type. λx:a. x : (ΠA:type. A A) λa:type. λx:ε A. x : ΠA:type. A A Ali Assaf, Guillaume Burel: Embedding logics in Dedukti, 15

24 Embedding pure type systems Example Example Polymorphic identity in CC Translation: λa:type. λx:a. x : (ΠA:type. A A) λa:type. λx:ε A. x : ε ΠA:type. A A Ali Assaf, Guillaume Burel: Embedding logics in Dedukti, 15

25 Embedding pure type systems Example Example Polymorphic identity in CC Translation: λa:type. λx:a. x : (ΠA:type. A A) λa:type. λx:ε A. x : ε( π type (λa: type....)) Ali Assaf, Guillaume Burel: Embedding logics in Dedukti, 15

26 Embedding pure type systems Example Example Polymorphic identity in CC Translation: λa:type. λx:a. x : (ΠA:type. A A) λa:type. λx:ε A. x : ε( π type (λa:type....)) Ali Assaf, Guillaume Burel: Embedding logics in Dedukti, 15

27 Embedding pure type systems Example Example Polymorphic identity in CC Translation: λa:type. λx:a. x : (ΠA:type. A A) λa:type. λx:ε A. x : ΠA:ε type. (λa:type....)a Ali Assaf, Guillaume Burel: Embedding logics in Dedukti, 15

28 Embedding pure type systems Example Example Polymorphic identity in CC Translation: λa:type. λx:a. x : (ΠA:type. A A) λa:type. λx:ε A. x : ΠA:type. ε A ε A Ali Assaf, Guillaume Burel: Embedding logics in Dedukti, 15

29 Embedding pure type systems Properties Theorem If Γ t : A then Γ t : A. (Soundness) Proof. In [Cousineau and Dowek 2007]. Theorem If Γ t : A then Γ t : A. (Conservativity) Proof. Coming soon! Partial result in [Cousineau and Dowek 2007]. Ali Assaf, Guillaume Burel: Embedding logics in Dedukti, 16

30 Holide: HOL in Dedukti Outline Introduction Embedding pure type systems Holide: HOL in Dedukti Coqine: Coq in Dedukti Conclusion Ali Assaf, Guillaume Burel: Embedding logics in Dedukti, 17

31 Holide: HOL in Dedukti HOL A family of theorem provers (HOL Light, HOL4, ProofPower,...) Based on higher order logic Large formalizations Flyspeck project (Kepler s conjecture) Ali Assaf, Guillaume Burel: Embedding logics in Dedukti, 18

32 Holide: HOL in Dedukti Higher order logic Formulas are terms of the simply-typed λ-calculus types A, B ::= prop A B terms t, u ::= x λx:a. t t u c Can be seen as a PTS S = prop, type, kind A = (prop : type), (type : kind) R = (prop, prop, prop), (type, prop, prop), (type, type, type), (kind, kind, kind) Ali Assaf, Guillaume Burel: Embedding logics in Dedukti, 19

33 Holide: HOL in Dedukti Challenges Classical formulation Equality as a primitive connective, no PTS structure Axioms (β, extensionality, choice,...) No proof inspection LCF architecture: theorems as an abstract datatype Proofs are not kept in memory Proof size No computation in proofs (β, definitions,...) Huge proof trees Free variables Implicit quantification Name clashes Ali Assaf, Guillaume Burel: Embedding logics in Dedukti, 20

34 Holide: HOL in Dedukti Proof retrieval HOL kernel OCaml module defining an abstract datatype for theorems + methods for constructing theorems The HOL kernel must be modified! OpenTheory project [Hurd 2011] A standard for exporting and exchanging HOL proofs A well-defined standard library Ali Assaf, Guillaume Burel: Embedding logics in Dedukti, 21

35 Holide: HOL in Dedukti The OpenTheory article format Instructions that are executed to reconstruct the theorems. Example Reflexivity on a variable x of type A: x A = x A refl OpenTheory article file "A" vartype "x" var varterm refl OCaml execution let A = vartype("a") in let x = varterm(var("x", A)) in refl x Ali Assaf, Guillaume Burel: Embedding logics in Dedukti, 22

36 Holide: HOL in Dedukti Proof size Example A proof of t + t = u + u: let p =... (* A very large proof of t = u *) in appthm (appthm (refl f) p p) (+) = (+) refl π t = u Need proof sharing! (+) t = (+) u appthm (+) t t = (+) u u π t = u appthm Ali Assaf, Guillaume Burel: Embedding logics in Dedukti, 23

37 Holide: HOL in Dedukti Proof sharing Share common subproofs Already provided (partially) by OpenTheory Going further: factorize every step step1 : proof (t = u) :=... step2 : proof ((+) = (+)) := refl q. step3 : proof ((+) t = (+) u) := appthm step2 step1. step4 : proof ((+) t t = (+) u u) := appthm step3 step1. Need lambda lifting Abstract over free variables α-renaming to avoid clashes Ali Assaf, Guillaume Burel: Embedding logics in Dedukti, 24

38 Holide: HOL in Dedukti Proof sharing Share common subproofs Already provided (partially) by OpenTheory Going further: factorize every step step1 : proof (t = u) :=... step2 : proof ((+) = (+)) := refl q. step3 : proof ((+) t = (+) u) := appthm step2 step1. step4 : proof ((+) t t = (+) u u) := appthm step3 step1. Need lambda lifting Abstract over free variables α-renaming to avoid clashes To-do: extend to terms Ali Assaf, Guillaume Burel: Embedding logics in Dedukti, 24

39 Holide: HOL in Dedukti Translation process HOL Light bool.ml list.ml OpenTheory hollight bool.art list.art Dedukti holide bool.dk list.dk hol.dk Ali Assaf, Guillaume Burel: Embedding logics in Dedukti, 25

40 Holide: HOL in Dedukti Results Package Size (in kb) Time (in s) Percentage OpenTheory Dedukti Translation Verification Verified unit % function 89 1, % pair 195 4, % bool 305 4, % sum , % option , % relation , % list , % real , % natural , % set , % Total , ,661 85% Ali Assaf, Guillaume Burel: Embedding logics in Dedukti, 26

41 Coqine: Coq in Dedukti Outline Introduction Embedding pure type systems Holide: HOL in Dedukti Coqine: Coq in Dedukti Conclusion Ali Assaf, Guillaume Burel: Embedding logics in Dedukti, 27

42 Coqine: Coq in Dedukti Coq Proof system based on the calculus of inductive constructions Infinite hierarchy of universes type i Subtyping type i type i+1 Floating universes Inductive types Co-inductive types Modules... Large formalizations 4 color theorem, Feit Thompson theorem,... Ali Assaf, Guillaume Burel: Embedding logics in Dedukti, 28

43 Coqine: Coq in Dedukti Challenges Rich and complex theory (CIC) Much more than a PTS Can we encode it in the λπ-calculus modulo? Proof retrieval No direct export functions Implementation jungle No complete specification Huge code base ( s lines of code) Poorly documented Ali Assaf, Guillaume Burel: Embedding logics in Dedukti, 29

44 Coqine: Coq in Dedukti Infinite universe hierarchy. type 2 type 1 prop type 0 prop : Type. type : Type. eprop : prop Type. etype : type Type. dprop : type. dtype : type. etype dprop prop. etype dtype type. Ali Assaf, Guillaume Burel: Embedding logics in Dedukti, 30

45 Coqine: Coq in Dedukti Infinite universe hierarchy. type 2 type 1 prop type 0 prop : Type. type : nat Type. eprop : prop Type. etype : i : nat type i Type. dprop : type (s z). dtype : i : nat type (s i). etype (s z) dprop prop. etype (s i) (dtype i) type i. Ali Assaf, Guillaume Burel: Embedding logics in Dedukti, 30

46 Coqine: Coq in Dedukti Subtyping In Coq Γ t : A Γ B : s A B Γ t : B A B A B prop type i i j type i type j B C Πx:A. B Πx:A. C In Dedukti Confluence = uniqueness of types Uniqueness of types = no shallow encoding Use type casting Ali Assaf, Guillaume Burel: Embedding logics in Dedukti, 31

47 Coqine: Coq in Dedukti Type casting No implicit type casting Γ t : ε A A B Γ t : ε B Cast function cast : A B ε A ε B Insert when needed Γ t : ε A Γ h : A B Γ cast h t : ε B Need to define A B Ali Assaf, Guillaume Burel: Embedding logics in Dedukti, 32

48 Coqine: Coq in Dedukti Subtyping relation As an inductive relation sub_refl : A A sub_prop : prop type i sub_type : type i type i+j sub_prod : (Πx:εA. (B x) (C x)) π A B π A C = large cast annotations As a rewrite system prop type i prop prop type i type i+j type i type i π A B π A C Πx:εA. (B x) (C x) = canonical proof sub_refl : A A Ali Assaf, Guillaume Burel: Embedding logics in Dedukti, 33

49 Coqine: Coq in Dedukti Inductive types In Coq Inductive nat : Type := z : nat s : nat -> nat. In Dedukti nat : type. z : etype nat. s : etype nat etype nat. Pattern matching: nat_case : P : (etype nat type) fz : etype (P z) fs : (n : eset nat etype (P (s n))) n : etype nat etype (P n). [...] nat_case P fz fs z fz. [...] nat_case P fz fs (s x) fs n. Ali Assaf, Guillaume Burel: Embedding logics in Dedukti, 34

50 Coqine: Coq in Dedukti Fixpoints Translate fixpoints using rewriting rules Fixpoint f x1... xn struct xn := t. [...] f x1... xn t. Termination: CIC fixpoints are unfolded only if their structural argument starts with a constructor. Need to give the same semantics in the λπ-calculus modulo Ali Assaf, Guillaume Burel: Embedding logics in Dedukti, 35

51 Coqine: Coq in Dedukti Fixing fixpoints Cannot use pattern matching because of dependent types Fixpoint f (x y : A) (p : x = y) := t. [...] f x y (eq_refl x) t. Ali Assaf, Guillaume Burel: Embedding logics in Dedukti, 36

52 Coqine: Coq in Dedukti Fixing fixpoints Cannot use pattern matching because of dependent types Fixpoint f (x y : A) (p : x = y) := t. [...] f x y (eq_refl x) t. Add guards to constructors pre_nat : type. z : etype pre_nat. s : etype nat etype pre_nat. nat_constr : pre_nat nat. z = nat_constr z s n = nat_constr (s n ) [...] f x1... (nat_constr xn) t. Increased term size no syntactic equivalence Ali Assaf, Guillaume Burel: Embedding logics in Dedukti, 36

53 Coqine: Coq in Dedukti Fixing fixpoints Cannot use pattern matching because of dependent types Fixpoint f (x y : A) (p : x = y) := t. [...] f x y (eq_refl x) t. Add guards to constructors pre_nat : type. z : etype pre_nat. s : etype nat etype pre_nat. nat_constr : pre_nat nat. z = nat_constr z s n = nat_constr (s n ) [...] f x1... (nat_constr xn) t. Increased term size no syntactic equivalence Use recursors? Ali Assaf, Guillaume Burel: Embedding logics in Dedukti, 36

54 Coqine: Coq in Dedukti Modules In Coq: Nested modules Module A.... Module B.... End B.... End A. Functors Module F (A : T).... End N. Module expressions Module B := F(A). In Dedukti: Only separate namespaces for files Ali Assaf, Guillaume Burel: Embedding logics in Dedukti, 37

55 Coqine: Coq in Dedukti Translating modules Flatten nesting A.B.C translated as A.B_C Module is expanded into its individual elements Module A := B. is translated into A_x := B_x. A_y := B_y.... Ali Assaf, Guillaume Burel: Embedding logics in Dedukti, 38

56 Coqine: Coq in Dedukti Translating modules Flatten nesting A.B.C translated as A.B_C Module is expanded into its individual elements Module A (C):= B. is translated into A_x C_z1 C_z2... := B_x. A_y C_z1 C_Z2... := B_y.... Increased term size Ali Assaf, Guillaume Burel: Embedding logics in Dedukti, 38

57 Coqine: Coq in Dedukti Proof retrieval Coq proof scripts (.v) Notations Implicit arguments Tactics Coq compiled file (.vo) Low-level proof terms Binary dump of memory content Ali Assaf, Guillaume Burel: Embedding logics in Dedukti, 39

58 Coqine: Coq in Dedukti Using.vo files Advantages: Reconstructed proof terms Exactly the ones used by Coq Reuse Coq s code Disadvantages: Rely on Coq s code Must use the same versions of both ocaml and coqc Coqine is built on top of coqchk Ali Assaf, Guillaume Burel: Embedding logics in Dedukti, 40

59 Coqine: Coq in Dedukti Translation process Coq bool.v arith.v Coq coqc bool.vo arith.vo Dedukti coqine bool.dk arith.dk dedukti coq.dk Ali Assaf, Guillaume Burel: Embedding logics in Dedukti, 41

60 Coqine: Coq in Dedukti Results Working prototype Coq standard library: Can translate 84% Can type-check 20% File size: List.v: 45 kb List.vo: 260 kb List.dk: 2.2MB Ali Assaf, Guillaume Burel: Embedding logics in Dedukti, 42

61 Coqine: Coq in Dedukti Future work Complete the current implementation Solve remaining features Floating universes Contradicts weakening Non-modularity, side-effects Co-inductive types New coq features still coming! Long term: better specification for Coq Ali Assaf, Guillaume Burel: Embedding logics in Dedukti, 43

62 Conclusion Outline Introduction Embedding pure type systems Holide: HOL in Dedukti Coqine: Coq in Dedukti Conclusion Ali Assaf, Guillaume Burel: Embedding logics in Dedukti, 44

63 Conclusion Coqine Conclusion Embedding various logics can be fun! Theoretical and practical challenges Need good specifications and exporting standards HOL Light HOL4 Coq OpenTheory iprover (modulo) PVS Holide Dedukti Software available at Ali Assaf, Guillaume Burel: Embedding logics in Dedukti, 45

64 Conclusion Coqine Conclusion Embedding various logics can be fun! Theoretical and practical challenges Need good specifications and exporting standards HOL Light HOL4 Coq OpenTheory iprover (modulo) PVS Holide Dedukti your system Software available at Ali Assaf, Guillaume Burel: Embedding logics in Dedukti, 45

Toward explicit rewrite rules in the λπ-calculus modulo

Toward explicit rewrite rules in the λπ-calculus modulo Ronan Saillard (Olivier Hermant) Deducteam INRIA MINES ParisTech December 14th, 2013 1 / 29 Motivation Problem Checking, in a trustful way, that