Importing HOL-Light into Coq...Embedding the higher rdero logic into Coq Presentation What we want:...
Transcript of Importing HOL-Light into Coq...Embedding the higher rdero logic into Coq Presentation What we want:...
Outlines
Importing HOL-Light into Coq
Deep and shallow embeddings of the higher order logic into Coq
Work in progress
Chantal Keller Bejamin [email protected] [email protected]
ÉNS Lyon - INRIA Saclay - LIX
2009 Types meeting
Chantal Keller [email protected] ÉNS Lyon - INRIA Saclay - LIX
Importing HOL-Light into Coq 1 / 24
Outlines
Introduction
What:
long term: importing HOL-Light theorems and proofs into Coq
short term:
encoding the Higher Order Logic into Coq
de�ning and exporting HOL-Light proof terms
Why:
theoretical interest
analysis libraries
veri�cation of HOL-Light into Coq
Chantal Keller [email protected] ÉNS Lyon - INRIA Saclay - LIX
Importing HOL-Light into Coq 2 / 24
Outlines
Double embedding
Deep embedding (data-type to represent types and terms):
reasoning by induction over the structure
simple
compact
Shallow embedding (using Coq types and terms):
using the Coq features
obtaining Coq propositions
↪→ translation function from deep to shallow
Chantal Keller [email protected] ÉNS Lyon - INRIA Saclay - LIX
Importing HOL-Light into Coq 3 / 24
Outlines
Double embedding
Deep embedding (data-type to represent types and terms):
reasoning by induction over the structure
simple
compact
Shallow embedding (using Coq types and terms):
using the Coq features
obtaining Coq propositions
↪→ translation function from deep to shallow
Chantal Keller [email protected] ÉNS Lyon - INRIA Saclay - LIX
Importing HOL-Light into Coq 3 / 24
Outlines
Double embedding
Deep embedding (data-type to represent types and terms):
reasoning by induction over the structure
simple
compact
Shallow embedding (using Coq types and terms):
using the Coq features
obtaining Coq propositions
↪→ translation function from deep to shallow
Chantal Keller [email protected] ÉNS Lyon - INRIA Saclay - LIX
Importing HOL-Light into Coq 3 / 24
Outlines
Double embedding
Deep embedding (data-type to represent types and terms):
reasoning by induction over the structure
simple
compact
Shallow embedding (using Coq types and terms):
using the Coq features
obtaining Coq propositions
↪→ translation function from deep to shallow
Chantal Keller [email protected] ÉNS Lyon - INRIA Saclay - LIX
Importing HOL-Light into Coq 3 / 24
Outlines
Idea
HOL−Light
theorem
encoded
proof term
proof of P
Coq proposition Ptra
nslatio
n
function
Coq +
classical axioms
HOL−Light +
proof recording
export
Chantal Keller [email protected] ÉNS Lyon - INRIA Saclay - LIX
Importing HOL-Light into Coq 4 / 24
Outlines
Outlines
1 A short presentation of HOL-Light
2 Embedding the higher order logic into Coq
3 Recording and exporting HOL-Light proof terms
4 Conclusion and perspectives
Chantal Keller [email protected] ÉNS Lyon - INRIA Saclay - LIX
Importing HOL-Light into Coq 5 / 24
A short presentation of HOL-Light
Part I
A short presentation of HOL-Light
Chantal Keller [email protected] ÉNS Lyon - INRIA Saclay - LIX
Importing HOL-Light into Coq 6 / 24
A short presentation of HOL-Light
HOL-Light
HOL-Light:
proof assistant written by John Harrison et al.
in an OCaml top-level
higher order classical logic
automated tools and pre-proved theorems
programmable without compromising soundness
simpler logical kernel than HOL
Chantal Keller [email protected] ÉNS Lyon - INRIA Saclay - LIX
Importing HOL-Light into Coq 7 / 24
A short presentation of HOL-Light
Types and terms
Logical framework:
simply-typed λ-calculus
terms and type variables and constants
polymorphism: type schemes
all the types must be inhabited
theorem: term of type bool under the hypotheses of other
terms of type bool
no proof terms
Example: |− !x:A. ?y:A. x = y
Chantal Keller [email protected] ÉNS Lyon - INRIA Saclay - LIX
Importing HOL-Light into Coq 8 / 24
A short presentation of HOL-Light
Remarks
Example of an inference rule:
Γ ` p ⇔ q ∆ ` pΓ ∪∆ ` q
where ⇔ is =bool
Constants:
main type constants: bool and −>
main term constants: = : A −> A −> bool and
ε : (A −> bool)−> A (choice operator)
possibility to de�ne new constants
Chantal Keller [email protected] ÉNS Lyon - INRIA Saclay - LIX
Importing HOL-Light into Coq 9 / 24
Embedding the higher order logic into Coq
Part II
Embedding the higher order logic into Coq
Chantal Keller [email protected] ÉNS Lyon - INRIA Saclay - LIX
Importing HOL-Light into Coq 10 / 24
Embedding the higher order logic into Coq
Presentation
What we want:
deep and shallow embeddings
translation function from deep to shallow
HOL-Light inference rules
proof of correctness of these inference rules with respect to
semantics
Carrying out:
inductive Coq data-types type and term
a translation function sem_term that maps any term of type Bool
onto a term of type Prop (in particular)
inductive data-type deriv : set term −> term −> Prop
a proof of: forall G p, deriv G p −> has_sem G −> has_sem p
Chantal Keller [email protected] ÉNS Lyon - INRIA Saclay - LIX
Importing HOL-Light into Coq 11 / 24
Embedding the higher order logic into Coq
Types
Inductive data-type type:
Bool ∈ type Num ∈ type
X ∈ idT
TVar X ∈ type
C ∈ defT T1, . . . ,Tn ∈ type
TDef C [T1; . . . ;Tn] ∈ type
A,B ∈ type
A −→ B ∈ type
idT, defT two sets.
Chantal Keller [email protected] ÉNS Lyon - INRIA Saclay - LIX
Importing HOL-Light into Coq 12 / 24
Embedding the higher order logic into Coq
Constants
Inductive data-type cst:
Hand ∈ cst Hor ∈ cst Himp ∈ cst Hnot ∈ cst
Htrue ∈ cst Hfalse ∈ cst
A ∈ type
Heq A ∈ cst
A ∈ type
Heps A ∈ cst
A ∈ type
Hforall A ∈ cst
A ∈ type
Hexists A ∈ cst
Chantal Keller [email protected] ÉNS Lyon - INRIA Saclay - LIX
Importing HOL-Light into Coq 13 / 24
Embedding the higher order logic into Coq
Terms
Inductive data-type term:
c ∈ cst
Cst c ∈ term
n ∈ NDbr n ∈ term
x ∈ idV A ∈ type
Var x A ∈ term
c ∈ defV C ∈ type
Def c C ∈ term
u, v ∈ term
App u v ∈ term
A ∈ type u ∈ term
Abs A u ∈ term
idV, defV two sets
Chantal Keller [email protected] ÉNS Lyon - INRIA Saclay - LIX
Importing HOL-Light into Coq 14 / 24
Embedding the higher order logic into Coq
Translation
General idea:
types: interface between syntax and semantics
translation of a type: |T |
?
|A −→ B|
?
≡ |A|
?
→ |B|
?
translation of a term (using dependent types):
∀t,T , t : T → |T |
?
a De Bruijn context
interpretation functions for variables and de�nitions
Code
Chantal Keller [email protected] ÉNS Lyon - INRIA Saclay - LIX
Importing HOL-Light into Coq 15 / 24
Embedding the higher order logic into Coq
Translation
General idea:
types: interface between syntax and semantics
translation of a type: |T |?
|A −→ B|? ≡ |A|? → |B|?
translation of a term (using dependent types):
∀t,T , t : T → |T |?
a De Bruijn context
interpretation functions for variables and de�nitions
Code
Chantal Keller [email protected] ÉNS Lyon - INRIA Saclay - LIX
Importing HOL-Light into Coq 15 / 24
Embedding the higher order logic into Coq
Translation
General idea:
types: interface between syntax and semantics
translation of a type: |T |?
|A −→ B|? ≡ |A|? → |B|?
translation of a term (using dependent types):
∀t,T , t : T → |T |?
a De Bruijn context
interpretation functions for variables and de�nitions
Code
Chantal Keller [email protected] ÉNS Lyon - INRIA Saclay - LIX
Importing HOL-Light into Coq 15 / 24
Embedding the higher order logic into Coq
Translation
General idea:
types: interface between syntax and semantics
translation of a type: |T |?
|A −→ B|? ≡ |A|? → |B|?
translation of a term (using dependent types):
∀t,T , t : T → |T |?
a De Bruijn context
interpretation functions for variables and de�nitions
Code
Chantal Keller [email protected] ÉNS Lyon - INRIA Saclay - LIX
Importing HOL-Light into Coq 15 / 24
Embedding the higher order logic into Coq
Inference rules
General idea:
inductive data-type deriv : set term −> term −> Prop
a proof of: forall G p, deriv G p −> has_sem G −> has_sem p
has_sem p:
p is locally closed
p:Bool
the translation of p is a correct proposition
Code
Chantal Keller [email protected] ÉNS Lyon - INRIA Saclay - LIX
Importing HOL-Light into Coq 16 / 24
Embedding the higher order logic into Coq
Inference rules
General idea:
inductive data-type deriv : set term −> term −> Prop
a proof of: forall G p, deriv G p −> has_sem G −> has_sem p
has_sem p:
p is locally closed
p:Bool
the translation of p is a correct proposition
Code
Chantal Keller [email protected] ÉNS Lyon - INRIA Saclay - LIX
Importing HOL-Light into Coq 16 / 24
Embedding the higher order logic into Coq
Example
|− !x:A. ?y:A. x = y
` x =A xREFL ‘x ‘
` ∃y : A. x =A yEXISTS ‘∃y : A. x =A y ‘ ‘x ‘
` ∀x : A. ∃y : A. x =A yGEN ‘x ‘
Code
Chantal Keller [email protected] ÉNS Lyon - INRIA Saclay - LIX
Importing HOL-Light into Coq 17 / 24
Embedding the higher order logic into Coq
Example
|− !x:A. ?y:A. x = y
` x =A xREFL ‘x ‘
` ∃y : A. x =A yEXISTS ‘∃y : A. x =A y ‘ ‘x ‘
` ∀x : A. ∃y : A. x =A yGEN ‘x ‘
Code
Chantal Keller [email protected] ÉNS Lyon - INRIA Saclay - LIX
Importing HOL-Light into Coq 17 / 24
Recording and exporting HOL-Light proof terms
Part III
Recording and exporting HOL-Light proof terms
Chantal Keller [email protected] ÉNS Lyon - INRIA Saclay - LIX
Importing HOL-Light into Coq 18 / 24
Recording and exporting HOL-Light proof terms
Proof-recording system by S. Obua
Challenge:
compact proofs
short recording time
Solution:
granularity
Statistics:
recording the basic HOL-Light proofs (1694 theorems): 3min
Chantal Keller [email protected] ÉNS Lyon - INRIA Saclay - LIX
Importing HOL-Light into Coq 19 / 24
Recording and exporting HOL-Light proof terms
Exporting
Challenge:
small �les
small number of �les
Solution:
sharing (proofs, types and terms. . . )
Statistics:
exporting the basic HOL-Light proofs (1694 theorems):
14min
191652 '.v' �les
2.2 Gb
Chantal Keller [email protected] ÉNS Lyon - INRIA Saclay - LIX
Importing HOL-Light into Coq 20 / 24
Conclusion and perspectives
Part IV
Conclusion and perspectives
Chantal Keller [email protected] ÉNS Lyon - INRIA Saclay - LIX
Importing HOL-Light into Coq 21 / 24
Conclusion and perspectives
Conclusion
HOL-Light:
recording proof terms
export proofs
Coq:
Coq representation of HOL-Light data-types
standard lemmas (substitution. . . )
translation function
Coq representation of HOL-Light inference rules
proof of correctness
Chantal Keller [email protected] ÉNS Lyon - INRIA Saclay - LIX
Importing HOL-Light into Coq 22 / 24
Conclusion and perspectives
Perspectives
Perspectives:
�nish the interface and the proofs
deal with inhabited types, de�nitions, axioms
more e�cient Coq data-types
more e�cient exportation and smaller proof terms
user interface
scaling up
Chantal Keller [email protected] ÉNS Lyon - INRIA Saclay - LIX
Importing HOL-Light into Coq 23 / 24
Thank you for your attention!
Any questions?
Chantal Keller [email protected] ÉNS Lyon - INRIA Saclay - LIX
Importing HOL-Light into Coq 24 / 24