## From formal proofs to mathematical proofs: A safe, incremental way for building in first-order decision procedures (2008)

Venue: | In TCS 2008: 5th IFIP International Conference on Theoretical Computer Science |

Citations: | 11 - 0 self |

### BibTeX

@INPROCEEDINGS{Blanqui08fromformal,

author = {Fréderic Blanqui and Jean-pierre Jouannaud and Pierre-yves Strub},

title = {From formal proofs to mathematical proofs: A safe, incremental way for building in first-order decision procedures},

booktitle = {In TCS 2008: 5th IFIP International Conference on Theoretical Computer Science},

year = {2008},

publisher = {Springer-Verlag}

}

### OpenURL

### Abstract

(CIC) on which the proof assistant Coq is based: the Calculus of Congruent Inductive Constructions, which truly extends CIC by building in arbitrary first-order decision procedures: deduction is still in charge of the CIC kernel, while computation is outsourced to dedicated first-order decision procedures that can be taken from the shelves provided they deliver a proof certificate. The soundness of the whole system becomes an incremental property following from the soundness of the certificate checkers and that of the kernel. A detailed example shows that the resulting style of proofs becomes closer to that of the working mathematician. 1

### Citations

527 | Lambda Calculi with Types
- Barendregt
(Show Context)
Citation Context ...and C2(X) = X → X. As expected, we obtain here the standard inductive definition of natural numbers given in Section 2.1: Ind(X : ⋆){X,X → X}. The translation 0 of 0 (resp. S of S) is then simply nat =-=[1]-=- (resp. nat [2] ). Translating list is not very different. Being of arity 1, with two associated constructor symbols (nil and cons), list is mapped to the already seen parametrized inductive type list... |

485 |
The calculus of constructions
- Coquand, Huet
- 1988
(Show Context)
Citation Context ... of a proof development relies entirely on the kernel. Trusting the kernel is therefore vital. The (intuitionist) logic on which Coq is based is the Calculus of Constructions (CC) of Coquand and Huet =-=[10]-=-, an impredicative type theory incorporating polymorphism, dependent types and type constructors. Unlike logics without dependent types, CC enjoys a powerful type-checking rule, called conversion, whi... |

112 |
Inductively defined types
- Coquand, Paulin-Mohring
- 1990
(Show Context)
Citation Context ...hnique, 91128 Palaiseau, France, e-mail: jouannaud,strub@lix.polytechnique.fr 12 F. Blanqui and J.-P. Jouannaud and P.-Y. Strub types and the corresponding rules for higher-order primitive recursion =-=[11]-=-. The recent versions of Coq are based on a slight generalization of this calculus [15]. Still, such a simple function as reverse of a dependent list cannot be defined in CIC as one would expect, beca... |

104 | Specification and proof in membership equational logic
- Bouhoula, Jouannaud, et al.
(Show Context)
Citation Context ...etric sorted algebras Parametric sorted signature. Order-sorted algebras were introduced as a formal framework for the OBJ language in [13], before to be generalized as membership equational logic in =-=[8]-=-. We use here a polymorphic version of a restriction of the latter, by assuming given a signature (Λ,Σ), Λ for the sort constructors, and Σ for the function symbols made of a set of constructors for e... |

68 |
A practical decision procedure for arithmetic with function symbols
- Shostak
- 1979
(Show Context)
Citation Context ... assistant PVS uses a potentially stronger paradigm than Coq by combining its deduction mechanism with a notion of computation based on the powerful Shostak’s method for combining decision procedures =-=[20]-=-, a framework dubbed little proof engines by Shankar [19]. Indeed, the little engines of proof hide away the easy computational steps, without any user assistance. Unfortunately, proofchecking is not ... |

61 |
Une Théorie des Constructions Inductives
- Werner
- 1994
(Show Context)
Citation Context ...pe Q of terms constructed by induction is at predicate level, from weak ιelimination when Q is at object level. Strong elimination is restricted to small inductive types to ensure logical consistency =-=[24]-=-. ⎬ ⎭6 F. Blanqui and J.-P. Jouannaud and P.-Y. Strub Typing judgments. A typing environment Γ is a sequence of pairs xi : Ti made of a variable xi and a term Ti (we say that Γ binds xi to the type T... |

43 |
A modular proof of strong normalization for the calculus of constructions
- Geuvers, Neherhof
- 1989
(Show Context)
Citation Context ...two sorts: ⋆ (or Prop, or object level universe), □ (or Type, or predicate level universe) and △. We denote {⋆,□,△}, the set of CIC sorts, by S . Following the presentation of Pure Type Systems (PTS) =-=[14]-=-, we use two classes of variables: X ⋆ and X □ are countably infinite sets of term variables and predicate variables such that X ⋆ and X □ are disjoint. We write X for X ⋆ ∪ X □ . We shall use u for a... |

38 | Definitions by Rewriting in the Calculus of Constructions
- Blanqui
(Show Context)
Citation Context ...t answer the question of hiding easy steps away. A first attempt towards our goal is the Calculus of Algebraic Constructions (CAC), obtained by adding to CC user-defined computations as rewrite rules =-=[5, 3]-=-. Although conceptually quite powerful since CAC captures CIC [4], this paradigm does not yet fulfill all needs. In particular, the user needs to hide away the easy steps by himself, that is by giving... |

35 | Structural recursive definitions in Type Theory
- Giménez
- 1998
(Show Context)
Citation Context ...anqui and J.-P. Jouannaud and P.-Y. Strub types and the corresponding rules for higher-order primitive recursion [11]. The recent versions of Coq are based on a slight generalization of this calculus =-=[15]-=-. Still, such a simple function as reverse of a dependent list cannot be defined in CIC as one would expect, because (reverse l :: l ′ ) and (reverse l ′ ) :: (reverse l), assuming :: is list concaten... |

28 |
Auto-validation d’un système de preuves avec familles inductives
- Barras
- 1999
(Show Context)
Citation Context ... X. As expected, we obtain here the standard inductive definition of natural numbers given in Section 2.1: Ind(X : ⋆){X,X → X}. The translation 0 of 0 (resp. S of S) is then simply nat [1] (resp. nat =-=[2]-=- ). Translating list is not very different. Being of arity 1, with two associated constructor symbols (nil and cons), list is mapped to the already seen parametrized inductive type list = λ[A : T ].In... |

28 |
Investigations into intensional type theory
- Streicher
- 1993
(Show Context)
Citation Context ...onversion. ECC can be seen as a particular case of OCC in which all provable equalities can be used in conversion, which can also be achieved by adding the extensionality and Streicher’s axioms to CC =-=[22]-=-, hence the name of this calculus. Unfortunately, strong normalization and decidability of type checking are then lost, which shows that we should seek for more restrictive extensions. In a preliminar... |

26 | The Calculus of Algebraic Constructions
- Blanqui, Jouannaud, et al.
- 1999
(Show Context)
Citation Context ...t answer the question of hiding easy steps away. A first attempt towards our goal is the Calculus of Algebraic Constructions (CAC), obtained by adding to CC user-defined computations as rewrite rules =-=[5, 3]-=-. Although conceptually quite powerful since CAC captures CIC [4], this paradigm does not yet fulfill all needs. In particular, the user needs to hide away the easy steps by himself, that is by giving... |

15 | Inductive types in the Calculus of Algebraic Constructions, in "Fundamenta Informaticae", vol. 65, n o 1-2
- BLANQUI
(Show Context)
Citation Context ...ards our goal is the Calculus of Algebraic Constructions (CAC), obtained by adding to CC user-defined computations as rewrite rules [5, 3]. Although conceptually quite powerful since CAC captures CIC =-=[4]-=-, this paradigm does not yet fulfill all needs. In particular, the user needs to hide away the easy steps by himself, that is by giving the necessary rewrite rules and by verifying that they satisfy t... |

14 | Little engines of proof
- Shankar
- 2002
(Show Context)
Citation Context ...Coq by combining its deduction mechanism with a notion of computation based on the powerful Shostak’s method for combining decision procedures [20], a framework dubbed little proof engines by Shankar =-=[19]-=-. Indeed, the little engines of proof hide away the easy computational steps, without any user assistance. Unfortunately, proofchecking is not decidable in PVS. Further, since the little engines of pr... |

10 | Building decision procedures in the calculus of inductive constructions
- Blanqui, Jouannaud, et al.
- 2007
(Show Context)
Citation Context ... Congruent Constructions (CCC), which incorporates the congruence closure algorithm in CC’s conversion [7], while preserving the good properties of CC, including the decidability of type checking. In =-=[6]-=-, we have described CCN, in whichFrom Formal Proofs to Mathematical Proofs 3 the decision procedure was Presburger arithmetic and strong elimination ruled out. The present work is a continuation of t... |

10 | Extensionality in the calculus of constructions
- Oury
- 2005
(Show Context)
Citation Context ...d trust a Coq proof. Two steps in the direction of integrating decision procedures into CC are Stehr’s Open Calculus of Constructions (OCC) [21] and Oury’s Extensional Calculus of Constructions (ECC) =-=[17]-=-. Implemented in Maude, OCC allows for the use of an arbitrary equational theory in conversion. ECC can be seen as a particular case of OCC in which all provable equalities can be used in conversion, ... |

7 |
Inductive definitions in the system COQ
- Paulin-Mohring
- 1993
(Show Context)
Citation Context ...general typing elimination rule for arbitrary inductive types, which is quite complicated. Instead, we gave the elimination rules obtained for our three inductive types nat,list and word. We refer to =-=[18, 24]-=- for the general case, and for the precise typing rule of ElimW. 2.2 Parametric sorted algebras Parametric sorted signature. Order-sorted algebras were introduced as a formal framework for the OBJ lan... |

5 | The four color theorem in coq - Gonthier - 2004 |

5 | The Open Calculus of Constructions: An equational type theory with dependent types for programming, specification, and interactive theorem proving (part
- Stehr
- 2005
(Show Context)
Citation Context ...lf, one can only believe a PVS proof, while one can check and trust a Coq proof. Two steps in the direction of integrating decision procedures into CC are Stehr’s Open Calculus of Constructions (OCC) =-=[21]-=- and Oury’s Extensional Calculus of Constructions (ECC) [17]. Implemented in Maude, OCC allows for the use of an arbitrary equational theory in conversion. ECC can be seen as a particular case of OCC ... |

3 |
Démonstration automatique en Théorie des Types
- Corbineau
- 2005
(Show Context)
Citation Context ...ctic and then use a reflexion technique to omit checking the proof term being built by proving the decision procedure itself. But the soundness of the entire mechanism cannot be guaranteed in general =-=[12]-=-. Further, this does not answer the question of hiding easy steps away. A first attempt towards our goal is the Calculus of Algebraic Constructions (CAC), obtained by adding to CC user-defined computa... |

2 |
A Calculus of Congruent Constructions
- Blanqui, Jouannaud, et al.
(Show Context)
Citation Context ...xtensions. In a preliminary work, we designed a new, quite restrictive framework, the Calculus of Congruent Constructions (CCC), which incorporates the congruence closure algorithm in CC’s conversion =-=[7]-=-, while preserving the good properties of CC, including the decidability of type checking. In [6], we have described CCN, in whichFrom Formal Proofs to Mathematical Proofs 3 the decision procedure wa... |

2 |
The Coq Proof Assistant Reference Manual - Version 8.0
- Coq-Development-Team
- 2004
(Show Context)
Citation Context ...nel. A detailed example shows that the resulting style of proofs becomes closer to that of the working mathematician. 1 Introduction Proof assistants based on the Curry-Howard isomorphism such as Coq =-=[9]-=- allow to build the proof of a given proposition by applying appropriate proof tactics available from existing libraries or that can otherwise be developed for achieving a specific task. These tactics... |

1 |
The Calculus of Congruent Inductive Constructions
- Strub
(Show Context)
Citation Context ...CAC [3]. A major difficulty was a traditional step towards subject-reduction: compatibility of conversion with products. Decidability of type checking required restricting conversions below recursors =-=[23]-=-. Practical contribution. We give several examples showing the usefulness of this new calculus, in particular for using dependent types such as dependent lists, which has been an important weakness of... |