Importing HOL-Light into Coq...Embedding the higher rdero logic into Coq Presentation What we want:...


Transcript of Importing HOL-Light into Coq...Embedding the higher rdero logic into Coq Presentation What we want:...

Page 1: Importing HOL-Light into Coq...Embedding the higher rdero logic into Coq Presentation What we want: deep and shallow embeddings translation function from deep to shallow HOL-Light


Importing HOL-Light into Coq

Deep and shallow embeddings of the higher order logic into Coq

Work in progress

Chantal Keller Bejamin [email protected] [email protected]

ÉNS Lyon - INRIA Saclay - LIX

2009 Types meeting

Chantal Keller [email protected] ÉNS Lyon - INRIA Saclay - LIX

Importing HOL-Light into Coq 1 / 24

Page 2: Importing HOL-Light into Coq...Embedding the higher rdero logic into Coq Presentation What we want: deep and shallow embeddings translation function from deep to shallow HOL-Light




long term: importing HOL-Light theorems and proofs into Coq

short term:

encoding the Higher Order Logic into Coq

de�ning and exporting HOL-Light proof terms


theoretical interest

analysis libraries

veri�cation of HOL-Light into Coq

Chantal Keller [email protected] ÉNS Lyon - INRIA Saclay - LIX

Importing HOL-Light into Coq 2 / 24

Page 3: Importing HOL-Light into Coq...Embedding the higher rdero logic into Coq Presentation What we want: deep and shallow embeddings translation function from deep to shallow HOL-Light


Double embedding

Deep embedding (data-type to represent types and terms):

reasoning by induction over the structure



Shallow embedding (using Coq types and terms):

using the Coq features

obtaining Coq propositions

↪→ translation function from deep to shallow

Chantal Keller [email protected] ÉNS Lyon - INRIA Saclay - LIX

Importing HOL-Light into Coq 3 / 24

Page 4: Importing HOL-Light into Coq...Embedding the higher rdero logic into Coq Presentation What we want: deep and shallow embeddings translation function from deep to shallow HOL-Light


Double embedding

Deep embedding (data-type to represent types and terms):

reasoning by induction over the structure



Shallow embedding (using Coq types and terms):

using the Coq features

obtaining Coq propositions

↪→ translation function from deep to shallow

Chantal Keller [email protected] ÉNS Lyon - INRIA Saclay - LIX

Importing HOL-Light into Coq 3 / 24

Page 5: Importing HOL-Light into Coq...Embedding the higher rdero logic into Coq Presentation What we want: deep and shallow embeddings translation function from deep to shallow HOL-Light


Double embedding

Deep embedding (data-type to represent types and terms):

reasoning by induction over the structure



Shallow embedding (using Coq types and terms):

using the Coq features

obtaining Coq propositions

↪→ translation function from deep to shallow

Chantal Keller [email protected] ÉNS Lyon - INRIA Saclay - LIX

Importing HOL-Light into Coq 3 / 24

Page 6: Importing HOL-Light into Coq...Embedding the higher rdero logic into Coq Presentation What we want: deep and shallow embeddings translation function from deep to shallow HOL-Light


Double embedding

Deep embedding (data-type to represent types and terms):

reasoning by induction over the structure



Shallow embedding (using Coq types and terms):

using the Coq features

obtaining Coq propositions

↪→ translation function from deep to shallow

Chantal Keller [email protected] ÉNS Lyon - INRIA Saclay - LIX

Importing HOL-Light into Coq 3 / 24

Page 7: Importing HOL-Light into Coq...Embedding the higher rdero logic into Coq Presentation What we want: deep and shallow embeddings translation function from deep to shallow HOL-Light






proof term

proof of P

Coq proposition Ptra




Coq +

classical axioms

HOL−Light +

proof recording


Chantal Keller [email protected] ÉNS Lyon - INRIA Saclay - LIX

Importing HOL-Light into Coq 4 / 24

Page 8: Importing HOL-Light into Coq...Embedding the higher rdero logic into Coq Presentation What we want: deep and shallow embeddings translation function from deep to shallow HOL-Light



1 A short presentation of HOL-Light

2 Embedding the higher order logic into Coq

3 Recording and exporting HOL-Light proof terms

4 Conclusion and perspectives

Chantal Keller [email protected] ÉNS Lyon - INRIA Saclay - LIX

Importing HOL-Light into Coq 5 / 24

Page 9: Importing HOL-Light into Coq...Embedding the higher rdero logic into Coq Presentation What we want: deep and shallow embeddings translation function from deep to shallow HOL-Light

A short presentation of HOL-Light

Part I

A short presentation of HOL-Light

Chantal Keller [email protected] ÉNS Lyon - INRIA Saclay - LIX

Importing HOL-Light into Coq 6 / 24

Page 10: Importing HOL-Light into Coq...Embedding the higher rdero logic into Coq Presentation What we want: deep and shallow embeddings translation function from deep to shallow HOL-Light

A short presentation of HOL-Light



proof assistant written by John Harrison et al.

in an OCaml top-level

higher order classical logic

automated tools and pre-proved theorems

programmable without compromising soundness

simpler logical kernel than HOL

Chantal Keller [email protected] ÉNS Lyon - INRIA Saclay - LIX

Importing HOL-Light into Coq 7 / 24

Page 11: Importing HOL-Light into Coq...Embedding the higher rdero logic into Coq Presentation What we want: deep and shallow embeddings translation function from deep to shallow HOL-Light

A short presentation of HOL-Light

Types and terms

Logical framework:

simply-typed λ-calculus

terms and type variables and constants

polymorphism: type schemes

all the types must be inhabited

theorem: term of type bool under the hypotheses of other

terms of type bool

no proof terms

Example: |− !x:A. ?y:A. x = y

Chantal Keller [email protected] ÉNS Lyon - INRIA Saclay - LIX

Importing HOL-Light into Coq 8 / 24

Page 12: Importing HOL-Light into Coq...Embedding the higher rdero logic into Coq Presentation What we want: deep and shallow embeddings translation function from deep to shallow HOL-Light

A short presentation of HOL-Light


Example of an inference rule:

Γ ` p ⇔ q ∆ ` pΓ ∪∆ ` q

where ⇔ is =bool


main type constants: bool and −>

main term constants: = : A −> A −> bool and

ε : (A −> bool)−> A (choice operator)

possibility to de�ne new constants

Chantal Keller [email protected] ÉNS Lyon - INRIA Saclay - LIX

Importing HOL-Light into Coq 9 / 24

Page 13: Importing HOL-Light into Coq...Embedding the higher rdero logic into Coq Presentation What we want: deep and shallow embeddings translation function from deep to shallow HOL-Light

Embedding the higher order logic into Coq

Part II

Embedding the higher order logic into Coq

Chantal Keller [email protected] ÉNS Lyon - INRIA Saclay - LIX

Importing HOL-Light into Coq 10 / 24

Page 14: Importing HOL-Light into Coq...Embedding the higher rdero logic into Coq Presentation What we want: deep and shallow embeddings translation function from deep to shallow HOL-Light

Embedding the higher order logic into Coq


What we want:

deep and shallow embeddings

translation function from deep to shallow

HOL-Light inference rules

proof of correctness of these inference rules with respect to


Carrying out:

inductive Coq data-types type and term

a translation function sem_term that maps any term of type Bool

onto a term of type Prop (in particular)

inductive data-type deriv : set term −> term −> Prop

a proof of: forall G p, deriv G p −> has_sem G −> has_sem p

Chantal Keller [email protected] ÉNS Lyon - INRIA Saclay - LIX

Importing HOL-Light into Coq 11 / 24

Page 15: Importing HOL-Light into Coq...Embedding the higher rdero logic into Coq Presentation What we want: deep and shallow embeddings translation function from deep to shallow HOL-Light

Embedding the higher order logic into Coq


Inductive data-type type:

Bool ∈ type Num ∈ type

X ∈ idT

TVar X ∈ type

C ∈ defT T1, . . . ,Tn ∈ type

TDef C [T1; . . . ;Tn] ∈ type

A,B ∈ type

A −→ B ∈ type

idT, defT two sets.

Chantal Keller [email protected] ÉNS Lyon - INRIA Saclay - LIX

Importing HOL-Light into Coq 12 / 24

Page 16: Importing HOL-Light into Coq...Embedding the higher rdero logic into Coq Presentation What we want: deep and shallow embeddings translation function from deep to shallow HOL-Light

Embedding the higher order logic into Coq


Inductive data-type cst:

Hand ∈ cst Hor ∈ cst Himp ∈ cst Hnot ∈ cst

Htrue ∈ cst Hfalse ∈ cst

A ∈ type

Heq A ∈ cst

A ∈ type

Heps A ∈ cst

A ∈ type

Hforall A ∈ cst

A ∈ type

Hexists A ∈ cst

Chantal Keller [email protected] ÉNS Lyon - INRIA Saclay - LIX

Importing HOL-Light into Coq 13 / 24

Page 17: Importing HOL-Light into Coq...Embedding the higher rdero logic into Coq Presentation What we want: deep and shallow embeddings translation function from deep to shallow HOL-Light

Embedding the higher order logic into Coq


Inductive data-type term:

c ∈ cst

Cst c ∈ term

n ∈ NDbr n ∈ term

x ∈ idV A ∈ type

Var x A ∈ term

c ∈ defV C ∈ type

Def c C ∈ term

u, v ∈ term

App u v ∈ term

A ∈ type u ∈ term

Abs A u ∈ term

idV, defV two sets

Chantal Keller [email protected] ÉNS Lyon - INRIA Saclay - LIX

Importing HOL-Light into Coq 14 / 24

Page 18: Importing HOL-Light into Coq...Embedding the higher rdero logic into Coq Presentation What we want: deep and shallow embeddings translation function from deep to shallow HOL-Light

Embedding the higher order logic into Coq


General idea:

types: interface between syntax and semantics

translation of a type: |T |


|A −→ B|


≡ |A|


→ |B|


translation of a term (using dependent types):

∀t,T , t : T → |T |


a De Bruijn context

interpretation functions for variables and de�nitions


Chantal Keller [email protected] ÉNS Lyon - INRIA Saclay - LIX

Importing HOL-Light into Coq 15 / 24

Page 19: Importing HOL-Light into Coq...Embedding the higher rdero logic into Coq Presentation What we want: deep and shallow embeddings translation function from deep to shallow HOL-Light

Embedding the higher order logic into Coq


General idea:

types: interface between syntax and semantics

translation of a type: |T |?

|A −→ B|? ≡ |A|? → |B|?

translation of a term (using dependent types):

∀t,T , t : T → |T |?

a De Bruijn context

interpretation functions for variables and de�nitions


Chantal Keller [email protected] ÉNS Lyon - INRIA Saclay - LIX

Importing HOL-Light into Coq 15 / 24

Page 20: Importing HOL-Light into Coq...Embedding the higher rdero logic into Coq Presentation What we want: deep and shallow embeddings translation function from deep to shallow HOL-Light

Embedding the higher order logic into Coq


General idea:

types: interface between syntax and semantics

translation of a type: |T |?

|A −→ B|? ≡ |A|? → |B|?

translation of a term (using dependent types):

∀t,T , t : T → |T |?

a De Bruijn context

interpretation functions for variables and de�nitions


Chantal Keller [email protected] ÉNS Lyon - INRIA Saclay - LIX

Importing HOL-Light into Coq 15 / 24

Page 21: Importing HOL-Light into Coq...Embedding the higher rdero logic into Coq Presentation What we want: deep and shallow embeddings translation function from deep to shallow HOL-Light

Embedding the higher order logic into Coq


General idea:

types: interface between syntax and semantics

translation of a type: |T |?

|A −→ B|? ≡ |A|? → |B|?

translation of a term (using dependent types):

∀t,T , t : T → |T |?

a De Bruijn context

interpretation functions for variables and de�nitions


Chantal Keller [email protected] ÉNS Lyon - INRIA Saclay - LIX

Importing HOL-Light into Coq 15 / 24

Page 22: Importing HOL-Light into Coq...Embedding the higher rdero logic into Coq Presentation What we want: deep and shallow embeddings translation function from deep to shallow HOL-Light

Embedding the higher order logic into Coq

Inference rules

General idea:

inductive data-type deriv : set term −> term −> Prop

a proof of: forall G p, deriv G p −> has_sem G −> has_sem p

has_sem p:

p is locally closed


the translation of p is a correct proposition


Chantal Keller [email protected] ÉNS Lyon - INRIA Saclay - LIX

Importing HOL-Light into Coq 16 / 24

Page 23: Importing HOL-Light into Coq...Embedding the higher rdero logic into Coq Presentation What we want: deep and shallow embeddings translation function from deep to shallow HOL-Light

Embedding the higher order logic into Coq

Inference rules

General idea:

inductive data-type deriv : set term −> term −> Prop

a proof of: forall G p, deriv G p −> has_sem G −> has_sem p

has_sem p:

p is locally closed


the translation of p is a correct proposition


Chantal Keller [email protected] ÉNS Lyon - INRIA Saclay - LIX

Importing HOL-Light into Coq 16 / 24

Page 24: Importing HOL-Light into Coq...Embedding the higher rdero logic into Coq Presentation What we want: deep and shallow embeddings translation function from deep to shallow HOL-Light

Embedding the higher order logic into Coq


|− !x:A. ?y:A. x = y

` x =A xREFL ‘x ‘

` ∃y : A. x =A yEXISTS ‘∃y : A. x =A y ‘ ‘x ‘

` ∀x : A. ∃y : A. x =A yGEN ‘x ‘


Chantal Keller [email protected] ÉNS Lyon - INRIA Saclay - LIX

Importing HOL-Light into Coq 17 / 24

Page 25: Importing HOL-Light into Coq...Embedding the higher rdero logic into Coq Presentation What we want: deep and shallow embeddings translation function from deep to shallow HOL-Light

Embedding the higher order logic into Coq


|− !x:A. ?y:A. x = y

` x =A xREFL ‘x ‘

` ∃y : A. x =A yEXISTS ‘∃y : A. x =A y ‘ ‘x ‘

` ∀x : A. ∃y : A. x =A yGEN ‘x ‘


Chantal Keller [email protected] ÉNS Lyon - INRIA Saclay - LIX

Importing HOL-Light into Coq 17 / 24

Page 26: Importing HOL-Light into Coq...Embedding the higher rdero logic into Coq Presentation What we want: deep and shallow embeddings translation function from deep to shallow HOL-Light

Recording and exporting HOL-Light proof terms

Part III

Recording and exporting HOL-Light proof terms

Chantal Keller [email protected] ÉNS Lyon - INRIA Saclay - LIX

Importing HOL-Light into Coq 18 / 24

Page 27: Importing HOL-Light into Coq...Embedding the higher rdero logic into Coq Presentation What we want: deep and shallow embeddings translation function from deep to shallow HOL-Light

Recording and exporting HOL-Light proof terms

Proof-recording system by S. Obua


compact proofs

short recording time




recording the basic HOL-Light proofs (1694 theorems): 3min

Chantal Keller [email protected] ÉNS Lyon - INRIA Saclay - LIX

Importing HOL-Light into Coq 19 / 24

Page 28: Importing HOL-Light into Coq...Embedding the higher rdero logic into Coq Presentation What we want: deep and shallow embeddings translation function from deep to shallow HOL-Light

Recording and exporting HOL-Light proof terms



small �les

small number of �les


sharing (proofs, types and terms. . . )


exporting the basic HOL-Light proofs (1694 theorems):


191652 '.v' �les

2.2 Gb

Chantal Keller [email protected] ÉNS Lyon - INRIA Saclay - LIX

Importing HOL-Light into Coq 20 / 24

Page 29: Importing HOL-Light into Coq...Embedding the higher rdero logic into Coq Presentation What we want: deep and shallow embeddings translation function from deep to shallow HOL-Light

Conclusion and perspectives

Part IV

Conclusion and perspectives

Chantal Keller [email protected] ÉNS Lyon - INRIA Saclay - LIX

Importing HOL-Light into Coq 21 / 24

Page 30: Importing HOL-Light into Coq...Embedding the higher rdero logic into Coq Presentation What we want: deep and shallow embeddings translation function from deep to shallow HOL-Light

Conclusion and perspectives



recording proof terms

export proofs


Coq representation of HOL-Light data-types

standard lemmas (substitution. . . )

translation function

Coq representation of HOL-Light inference rules

proof of correctness

Chantal Keller [email protected] ÉNS Lyon - INRIA Saclay - LIX

Importing HOL-Light into Coq 22 / 24

Page 31: Importing HOL-Light into Coq...Embedding the higher rdero logic into Coq Presentation What we want: deep and shallow embeddings translation function from deep to shallow HOL-Light

Conclusion and perspectives



�nish the interface and the proofs

deal with inhabited types, de�nitions, axioms

more e�cient Coq data-types

more e�cient exportation and smaller proof terms

user interface

scaling up

Chantal Keller [email protected] ÉNS Lyon - INRIA Saclay - LIX

Importing HOL-Light into Coq 23 / 24

Page 32: Importing HOL-Light into Coq...Embedding the higher rdero logic into Coq Presentation What we want: deep and shallow embeddings translation function from deep to shallow HOL-Light

Thank you for your attention!

Any questions?

Chantal Keller [email protected] ÉNS Lyon - INRIA Saclay - LIX

Importing HOL-Light into Coq 24 / 24