Abstract
Despite recent successes, large-scale proof development within proof assistants remains an arcane art that is extremely time-consuming. We argue that this can be attributed to two profound shortcomings in the architecture of modern proof assistants. The first is that proofs need to include a large amount of minute detail; this is due to the rigidity of the proof checking process, which cannot be extended with domain-specific knowledge. In order to avoid these details, we rely on developing and using tactics, specialized procedures that produce proofs. Unfortunately, tactics are both hard to write and hard to use, revealing the second shortcoming of modern proof assistants. This is because there is no static knowledge about their expected use and behavior. As has recently been demonstrated, languages that allow type-safe manipulation of proofs, like Beluga, Delphin and VeriML, can be used to partly mitigate this second issue, by assigning rich types to tactics. Still, the architectural issues remain. In this paper, we build on this existing work, and demonstrate two novel ideas: an extensible conversion rule and support for static proof scripts. Together, these ideas enable us to support both user-extensible proof checking, and sophisticated static checking of tactics, leading to a new point in the design space of future proof assistants. Both ideas are based on the interplay between a light-weight staging construct and the rich type information available.
Supplemental Material
Available for Download
sutcTR.pdf: Extended version of the paper. This version includes a technical appendix with full details for the definitions and proofs mentioned within the paper.
- H.P. Barendregt and H. Geuvers. Proof-assistants using dependent type systems. In A. Robinson and A. Voronkov, editors, Handbook of Automated Reasoning. Elsevier Sci. Pub. B.V., 1999. Google Scholar
Digital Library
- B. Barras, S. Boutin, C. Cornes, J. Courant, Y. Coscoy, D. Delahaye, D. de Rauglaudre, J.C. Filliâtre, E. Giménez, H. Herbelin, et al. The Coq proof assistant reference manual (version 8.3), 2010.Google Scholar
- F. Blanqui, J.P. Jouannaud, and M. Okada. The calculus of algebraic constructions. In Rewriting Techniques and Applications, pages 671--671. Springer, 1999. Google Scholar
Digital Library
- F. Blanqui, J.P. Jouannaud, and P.Y. Strub. A calculus of congruent constructions. Unpublished draft, 2005.Google Scholar
- S. Boutin. Using reflection to build efficient and certified decision procedures. Lecture Notes in Computer Science, 1281: 515--529, 1997. Google Scholar
Digital Library
- A. Chlipala. Mostly-automated verification of low-level programs in computational separation logic. In Proceedings of the 2011 ACM SIGPLAN conference on Programming Language Design and Implementation. ACM, 2011. Google Scholar
Digital Library
- R.L. Constable, S.F. Allen, H.M. Bromley, W.R. Cleaveland, J.F. Cremer, R.W. Harper, D.J. Howe, T.B. Knoblock, N.P. Mendler, P. Panangaden, et al. Implementing Mathematics with the Nuprl Proof Development System. Prentice-Hall, NJ, 1986. Google Scholar
Digital Library
- R. Davies and F. Pfenning. A modal analysis of staged computation. In Proceedings of the 23rd ACM SIGPLAN-SIGACT symposium on Principles of programming languages, pages 258--270. ACM, 1996. Google Scholar
Digital Library
- G. Gonthier. Formal proof--the four-color theorem. Notices of the AMS, 55 (11): 1382--1393, 2008.Google Scholar
- G. Gonthier, B. Ziliani, A. Nanevski, and D. Dreyer. How to make ad hoc proof automation less ad hoc. In Proceeding of the 16th ACM SIGPLAN International Conference on Functional Programming, pages 163--175. ACM, 2011. Google Scholar
Digital Library
- J. Harrison. HOL Light: A tutorial introduction. Lecture Notes in Computer Science, pages 265--269, 1996. Google Scholar
Digital Library
- G. Klein, K. Elphinstone, G. Heiser, J. Andronick, D. Cock, P. Derrin, D. Elkaduwe, K. Engelhardt, R. Kolanski, M. Norrish, et al. seL4: Formal verification of an OS kernel. In Proceedings of the ACM SIGOPS 22nd Symposium on Operating Systems Principles, pages 207--220. ACM, 2009. Google Scholar
Digital Library
- X. Leroy. Formal verification of a realistic compiler. Communications of the ACM, 52 (7): 107--115, 2009. Google Scholar
Digital Library
- T. Nipkow, L.C. Paulson, and M. Wenzel. Isabelle/HOL : A Proof Assistant for Higher-Order Logic, volume 2283 of LNCS, 2002. Google Scholar
Digital Library
- B. Pientka and J. Dunfield. Programming with proofs and explicit contexts. In Proceedings of the 10th international ACM SIGPLAN conference on Principles and Practice of Declarative Programming, pages 163--173. ACM New York, NY, USA, 2008. Google Scholar
Digital Library
- A. Poswolsky and C. Schürmann. Practical programming with higher-order encodings and dependent types. Lecture Notes in Computer Science, 4960: 93, 2008. Google Scholar
Digital Library
- V. Siles and H. Herbelin. Equality is typable in semi-full pure type systems. In 2010 25th Annual IEEE Symposium on Logic in Computer Science, pages 21--30. IEEE, 2010. Google Scholar
Digital Library
- K. Slind and M. Norrish. A brief overview of HOL4. Theorem Proving in Higher Order Logics, pages 28--32, 2008. Google Scholar
Digital Library
- M. Sozeau. Subset coercions in coq. In Proceedings of the 2006 International Conference on Types for Proofs and Programs, pages 237--252. Springer-Verlag, 2006. Google Scholar
Digital Library
- A. Stampoulis and Z. Shao. VeriML: Typed computation of logical terms inside a language with effects. In Proceedings of the 15th ACM SIGPLAN International Conference on Functional Programming, pages 333--344. ACM, 2010. Google Scholar
Digital Library
- A. Stampoulis and Z. Shao. Static and user-extensible proof checking (extended version). Available in the ACM Digital Library, 2012. Google Scholar
Digital Library
- P.Y. Strub. Coq modulo theory. In Proceedings of the 24th International Conference on Computer Science Logic, pages 529--543. Springer-Verlag, 2010. Google Scholar
Digital Library
Index Terms
Static and user-extensible proof checking
Recommendations
Static and user-extensible proof checking
POPL '12: Proceedings of the 39th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languagesDespite recent successes, large-scale proof development within proof assistants remains an arcane art that is extremely time-consuming. We argue that this can be attributed to two profound shortcomings in the architecture of modern proof assistants. The ...
VeriML: typed computation of logical terms inside a language with effects
ICFP '10Modern proof assistants such as Coq and Isabelle provide high degrees of expressiveness and assurance because they support formal reasoning in higher-order logic and supply explicit machine-checkable proof objects. Unfortunately, large scale proof ...
VeriML: typed computation of logical terms inside a language with effects
ICFP '10: Proceedings of the 15th ACM SIGPLAN international conference on Functional programmingModern proof assistants such as Coq and Isabelle provide high degrees of expressiveness and assurance because they support formal reasoning in higher-order logic and supply explicit machine-checkable proof objects. Unfortunately, large scale proof ...







Comments