C H TT - Inriacoqhott.gforge.inria.fr/fichiers/CoqHoTT-local.pdf · 2016. 4. 5. · treatment of equality causes problems when proofs need to be combined, which is one of the key

NICOLAS TABAREAU

COQHOTT

A NEW PROOF-ASSISTANT THAT REVISITS THE THEORETICAL FOUNDATIONS OF COQ USING

HOMOTOPY TYPE THEORY

CoqHoTT, a brand-new proof assistant based on Homotopy Type Theory

The CoqHoTT project

2

Design and implement a brand-new proof assistant by revisiting the theoretical foundations of Coq.

Type Theory Homotopy Type Theory


Coq: a success but ...

3

The 4 Colour Theorem

CompCert Compiler

Based on the correspondence:

Formula ⟺ TypeProof ⟺ Program

Type Theory has been developed, providing a common language for mathematics and computer science ⇒ Coq

Theorem Proving Program certification


Coq: a success but ...

3

The 4 Colour Theorem

CompCert Compiler

extraction

Program certification:

First ever certified C-Compiler

Theorem proving:

High impact in computer science as well as in mathematics


Many weaknesses cannot be solved without changing the theoretical foundations of Coq:

common operators/principles cannot be “constructed”

(eg., general fixpoints or the law of excluded middle)

the notion of equality is too weak

... not the last word

4


Many weaknesses cannot be solved without changing the theoretical foundations of Coq:

common operators/principles cannot be “constructed”

(eg., general fixpoints or the law of excluded middle)

the notion of equality is too weak

... not the last word

4

(n;bounded_n) ≠

(n;bounded_n)

Example: bounded integers


consistency issuesvalid axioms can be wrong altogether

breaks the extraction mechanismaxioms have no computational meaning

limits possibility of automation can not use reflection in the proof

5

Only one way out

make use of axioms


The CoqHoTT project

6




The CoqHoTT project

6


Uniform equality Relativized equality (syntactic) (semantic)



Revisit the theory behind Coq using HoTT and provide a brand-new proof assistant with:

equality as a first-class citizen axiom-free extensions of the logic

7

The Big Challenge


Revisit the theory behind Coq using HoTT and provide a brand-new proof assistant with:

equality as a first-class citizen axiom-free extensions of the logic

Apart from relaxing the drawbacks of using axioms, it will simplify a lot the development

of new proofs for users.

7

The Big Challenge

(n;bounded_n) =

(n;bounded_n)


Idea:equality ⟺ homotopy

+ the univalence principle [Streicher, Voevodsky], which allows to derive equality principles used in mathematics:

State of the art. Homotopy Type Theory

8

Nicolas TABAREAU - CoqHoTT - Part B2! " 2

because they come with a nice elimination principle which allows to substitute a term by an Id-equivalent one anywhere in a type. This is Leibniz’s principle of indiscernability of identicals.!

To the opposite, the notion of equality in mathematics is eminently semantics, with a definition that is relative to the type of terms being considered. This is why the functional extensionality principle is easy to set in this setting, because the definition of equality is specialized accordingly when it comes to function types. The problem with that point of view is that it does not come with a generic substitution principle, thus it is difficult to use it in a programming language.!

This mismatch prevents proof developments from using more advanced semantical tools in their reasoning (e.g. the well-established logical relations for the CompCert project) because of the explicit manipulation of mathematical equality together with axioms. Of course, some important work has been done to work around this difficulty by defining other notions of equalities beside, using the well known notion of setoids [7]. But this does not provide equality as we mean it on black board because we can not use the generic substitution principle on equality available for identity types. If a working computer scientist wants to use a setoid-based notion of equality and do some rewriting with it in an expression, she needs to prove beforehand that this expression validates the substitution principle. And when the considered expression comes from a separated development, this can be a very complex task, even for a single expression. This non-uniform treatment of equality causes problems when proofs need to be combined, which is one of the key stones of mathematical developments. As a consequence, significant Coq developments have been done, but only by virtuosos playing around with advanced concepts of both computer science and mathematics, which excludes by definition our working computer scientist (and also working mathematicians). This project aims at solving this issue by delivering a proof assistant in which a working computer scientist or mathematicians can manipulate the notion of equality as she does on black board. !

The birth of homotopy type theory!

To correct the fundamental mismatch between equality in mathematics and in type theory, Hofmann and Streicher have introduced a new point of view on type theory, where types are not viewed as simple sets but as sets enriched with an homotopical structure [5]. This way, each type comes with a specialized notion of equality and the homotopical structure describes how to substitute a term by another equivalent one in a type. Voevodsky recognized recently that this simplicial interpretation of type theory satisfies a further crucial property, dubbed univalence, which had not previously been considered in type theory. The univalence principle says that two types (or structures) T and U are equal when they are equivalent (or isomorphic):!

This principle subsumes the other missing principles of equality and as such, is the key to equip type theory with a notion of equality that is compatible with traditional mathematical reasonings. In recent developments of HoTT [1], the univalence principle is added to the type theory of Coq (or Agda) in the form of a new axiom. This has far-reaching consequences in the formalization of homotopy theory, such as the proof that the first homotopy group of the sphere is equivalent to � [13]. But, the univalence principle has also a very interesting interpretation in computer science. It allows to use a function/method of a library—that has been defined on a data type A—on another data type B, as soon as there is an explicit type isomorphism between A and B. Take for instance A to be the inductive type for lists.

Suppose now a developer has used its own inductive type for lists in its development and for convenience has defined the constructor cons by taking the arguments in a reverse order

Internalization of the Weak Groupoid Interpretation of

Type Theory

November 28, 2013

Require Export Unicode.Utf8 core.

Require Import Arith.

Set Implicit Arguments.

Axiom functional extensionality : 8 A B (f g : A ! B), (8 x, f x = g x ) ! f = g.

Definition SL := � n:nat, n + 1. Definition SR := � n:nat, 1 + n.

Lemma trivial eq : SL = SR. Proof. ??

CoInductive Stream : Type := | cons : nat ! Stream ! Stream.

CoInductive seq : Stream ! Stream ! Prop :=

| seq : 8 n s1 s2, seq s1 s2 ! seq (cons n s1 ) (cons n s2 ).

Axiom stream eq : 8 n s1 s2, s1 = s2 ! cons n s1 = cons n s2.

CoFixpoint one := cons 1 one. CoFixpoint zero := cons 0 zero.

CoFixpoint plus : Stream ! Stream ! Stream.

Defined.

Infix ”++” := plus.

Lemma trivial eq2 : one ++ zero = one. Proof. ??

Parameter equiv : Type ! Type ! Type.

Infix ”⇠” := equiv (at level 50).

Definition univalence := 8 T U : Type, T ⇠ U ! T = U.

1


Type Theory

March 13, 2014




Axiom fun ext : 8 A B {f g : A ! B}, (8 x , f x = g x) ! f = g .





Definition univalence := 8 T U : Type, T ⇠ U ! T = U .

Definition refl {A x} := eq refl (A:=A) x .

Inductive list1 A : Type := nil1 : list1 A | cons1 : A ! list1 A ! list1 A.

Inductive list2 A : Type := nil2 : list2 A | cons2 : list2 A ! A ! list2 A.

1


Type Theory

March 13, 2014













1


Idea:equality ⟺ homotopy

+ the univalence principle [Streicher, Voevodsky], which allows to derive equality principles used in mathematics:

Issue: Univalence is still stated as an axiom.

State of the art. Homotopy Type Theory

8

Nicolas TABAREAU - CoqHoTT - Part B2! " 2

because they come with a nice elimination principle which allows to substitute a term by an Id-equivalent one anywhere in a type. This is Leibniz’s principle of indiscernability of identicals.!

To the opposite, the notion of equality in mathematics is eminently semantics, with a definition that is relative to the type of terms being considered. This is why the functional extensionality principle is easy to set in this setting, because the definition of equality is specialized accordingly when it comes to function types. The problem with that point of view is that it does not come with a generic substitution principle, thus it is difficult to use it in a programming language.!

This mismatch prevents proof developments from using more advanced semantical tools in their reasoning (e.g. the well-established logical relations for the CompCert project) because of the explicit manipulation of mathematical equality together with axioms. Of course, some important work has been done to work around this difficulty by defining other notions of equalities beside, using the well known notion of setoids [7]. But this does not provide equality as we mean it on black board because we can not use the generic substitution principle on equality available for identity types. If a working computer scientist wants to use a setoid-based notion of equality and do some rewriting with it in an expression, she needs to prove beforehand that this expression validates the substitution principle. And when the considered expression comes from a separated development, this can be a very complex task, even for a single expression. This non-uniform treatment of equality causes problems when proofs need to be combined, which is one of the key stones of mathematical developments. As a consequence, significant Coq developments have been done, but only by virtuosos playing around with advanced concepts of both computer science and mathematics, which excludes by definition our working computer scientist (and also working mathematicians). This project aims at solving this issue by delivering a proof assistant in which a working computer scientist or mathematicians can manipulate the notion of equality as she does on black board. !

The birth of homotopy type theory!

To correct the fundamental mismatch between equality in mathematics and in type theory, Hofmann and Streicher have introduced a new point of view on type theory, where types are not viewed as simple sets but as sets enriched with an homotopical structure [5]. This way, each type comes with a specialized notion of equality and the homotopical structure describes how to substitute a term by another equivalent one in a type. Voevodsky recognized recently that this simplicial interpretation of type theory satisfies a further crucial property, dubbed univalence, which had not previously been considered in type theory. The univalence principle says that two types (or structures) T and U are equal when they are equivalent (or isomorphic):!

This principle subsumes the other missing principles of equality and as such, is the key to equip type theory with a notion of equality that is compatible with traditional mathematical reasonings. In recent developments of HoTT [1], the univalence principle is added to the type theory of Coq (or Agda) in the form of a new axiom. This has far-reaching consequences in the formalization of homotopy theory, such as the proof that the first homotopy group of the sphere is equivalent to � [13]. But, the univalence principle has also a very interesting interpretation in computer science. It allows to use a function/method of a library—that has been defined on a data type A—on another data type B, as soon as there is an explicit type isomorphism between A and B. Take for instance A to be the inductive type for lists.

Suppose now a developer has used its own inductive type for lists in its development and for convenience has defined the constructor cons by taking the arguments in a reverse order


Type Theory

November 28, 2013




Axiom functional extensionality : 8 A B (f g : A ! B), (8 x, f x = g x ) ! f = g.



CoInductive Stream : Type := | cons : nat ! Stream ! Stream.

CoInductive seq : Stream ! Stream ! Prop :=

| seq : 8 n s1 s2, seq s1 s2 ! seq (cons n s1 ) (cons n s2 ).

Axiom stream eq : 8 n s1 s2, s1 = s2 ! cons n s1 = cons n s2.

CoFixpoint one := cons 1 one. CoFixpoint zero := cons 0 zero.

CoFixpoint plus : Stream ! Stream ! Stream.

Defined.

Infix ”++” := plus.

Lemma trivial eq2 : one ++ zero = one. Proof. ??



Definition univalence := 8 T U : Type, T ⇠ U ! T = U.

1


Type Theory

March 13, 2014













1


Type Theory

March 13, 2014













1


State of the art. Logic Extension in Mathematical LogicIdea: Translating formulas of rich logic into formulas of a simpler logic by using complex proof transformations

9

forcing

sheafification

logic withnew principles original logic


State of the art. Logic Extension in Mathematical LogicIdea: Translating formulas of rich logic into formulas of a simpler logic by using complex proof transformations

Issue: Type Theory ≠ Mathematical Logic

9

forcing

sheafification

logic withnew principles original logic


C1 Type Theory with a built-in notion of univalence

C2 Implement CoqHoTT without overhead

C3 Define and implement Higher Inductive Types

C4 Extend Type Theory without axioms

CoqHoTT Challenges

10


C1 Type Theory with a built-in notion of univalence

C2 Implement CoqHoTT without overhead

C3 Define and implement Higher Inductive Types

C4 Extend Type Theory without axioms

CoqHoTT Challenges

10


programs a:T are points

type T is a space

proofs of equality p : a = b are paths

Type Theory with Univalence

11


programs a:T are points

type T is a space

proofs of equality p : a = b are paths

Path operations:id : a =T a

p-1 : b =T a

q o p : a =T c

Homotopies:left-id : id o p =a=b p

right-id : p o id =a=b p

assoc :r o (q o p) =a=d (r o q) o p

Type Theory with Univalence

11


The main novelty of this approach is to realize that

homotopies between homotopies

cannot be omitted, and this up to infinite dimension.

12

and Higher HomotopiesType Theory with Univalence


Type TheoryHomotopy Type Theory

Correct

Incorrect

Compilation Type-Checker

ab

c

pp-1

q

Uniform equality

Higher algebraic structure

Relativized equality

Univalence

This compilation phase uses higher algebraic structure(e.g., ∞-groupoids, cubical sets [Coquand et al.])

13

and Higher HomotopiesType Theory with Univalence


We will use the fact that:

Homotopy Type Theory = Higher Mathematical Logic

Extend Type Theory without Axioms

14


Consider logical transformations (forcing, sheafification) of mathematical logic as compilation phases in HoTT:

increase the power of the logic without axioms

change the logic at compile time, according to a trade-off between efficiency and logical expressivity


Homotopy Type Theory = Higher Mathematical Logic

Extend Type Theory without AxiomsUsing Compilation Phases

14


Consider logical transformations (forcing, sheafification) of mathematical logic as compilation phases in HoTT:

increase the power of the logic without axioms

change the logic at compile time, according to a trade-off between efficiency and logical expressivity


Homotopy Type Theory = Higher Topos Theory [Lurie]

Extend Type Theory without AxiomsUsing Compilation Phases

14

CoqHoTT, a brand-new proof assistant based on Homotopy Type Theory 15

Extend Type Theory without axiomsusing a compilation phase

CoqHoTT +Classical Logic

Excluded Middle

Added principle :

Sheaf Translationw/ Dense Topology

CoqHoTT

CoqHoTT +General Induction

General Inductive TypesLöb Rule

Added principles :

Forcing Translationw/ Natural Numbers

CoqHoTT +Kripke Semantics

Modal Logic

Added principle :

CoqHoTT +Axiom of Choice

Dependent AC

Added principle : Sheaf Translationw/ Dense Topology Natural Numbers

Forcing Translationw/ worlds


Methodology. Distinct compilation phases II

Compile complex typetheories into simplerones.

inherit consistency of Coq

split the complexity of type checking

16

w/o Kripke Semantics

Full CoqHoTT w/o Axiom of

Choicew/o General

Fixpoints

Compiled Coq

w/o Classical Logic

Kernel of Coq

w/o Univalence


Feasability and Impacts

17

The CoqHoTT project is very ambitious—in particular Challenges 1 & 4.

Background and Connections to the Coq community

Connections to the emerging HoTT community


Feasability and Impacts

Our expectation is that CoqHoTT will become a popular proof assistant among:

software engineers : faster and simpler developments computer scientists: integration of type isomorphisms mathematicians : new equality and logical expressivity

17

The CoqHoTT project is very ambitious—in particular Challenges 1 & 4.

Background and Connections to the Coq community

Connections to the emerging HoTT community

CoqHoTT, Coq for Homotopy Type Theory

The PI (75 % of his time) will take charge of the overall scientific direction.

Matthieu Sozeau (20%) is one of the main developers of Coq and its expertise on the subject is crucial to the CoqHoTT project.

The CoqHoTT team …

18

Non-Permanent Staff (ERC):3 PhD, 4 Post-Docs, 1 software engineer

Non-Permanent Staff (Host Institution, Inria):

1 PhD, 1 Post-Doc, 1 support engineer

and hopefully more !

CoqHoTT, Coq for Homotopy Type Theory

… inside a very active community

1818


CoqHoTT in a nutshellNew proof-assistant based on HoTT

Equality as a first-class citizen

Axiom-free extensions of the logic

Defined using distinct compilations phases

A world-class group on a new generationof proof assistants

19

Documents

C H TT - Inriacoqhott.gforge.inria.fr/fichiers/CoqHoTT-local.pdf · 2016. 4. 5. · treatment of equality causes problems when proofs need to be combined, which is one of the key