Chuanhu Cheng,Yan Xiong,Wenchao Huang,Lu Ma

DOI: https://doi.org/10.1109/BigCom51056.2020.00018

2020-01-01

Abstract:Formal verification is a trustable method to produce correct, safe, and fast code. However, the cost of formal verification remains prohibitively high for most projects, as it requires significant manual effort by highly trained experts. In this paper, we propose a novel approach to proof automation in Coq that generates proof script based on context-awareness. We develop AutoMagic, an automatic theorem proving framework, which can use the generated proof script to achieve a fully automatic proof of the theorem. Our method is simple but pushes the limits of automatic proof. The performance of AutoMagic is evaluated in the Coq standard library. We show that 37.87% of the theorems can be proved in a push-button mode, and can be used to prove new theorems not previously provable by automated methods.

Mario Frank

DOI: https://doi.org/10.48550/arXiv.2101.07761

2021-01-15

Abstract:In this work, we present a visualisation tool that is able to process Coq proof scripts and generate a table representation of the contained proofs as $\LaTeX$ or PDF files. This tool has the aim to support both education and review processes as all proof steps can be visualised. Thus, there is no need to use Coq in order to review proofs or use them as examples in teaching. In contrast to the usual approach of visualising proofs as hypertext or markdown documents, the generated files can be easily printed.

Logic in Computer Science,Computers and Society

Jason Gross,Andres Erbsen,Jade Philipoom,Rajashree Agrawal,Adam Chlipala

DOI: https://doi.org/10.1007/s10817-024-09705-6

2024-08-15

Abstract:We address the challenges of scaling verification efforts to match the increasing complexity and size of systems. We propose a research agenda aimed at building a performant proof engine by studying the asymptotic performance of proof engines and redesigning their building blocks. As a case study, we explore equational rewriting and introduce a novel prototype proof engine building block for rewriting in Coq, utilizing proof by reflection for enhanced performance. Our prototype implementation can significantly improve the development of verified compilers, as demonstrated in a case study with the Fiat Cryptography toolchain. The resulting extracted command-line compiler is about 1000$\times$ faster while featuring simpler compiler-specific proofs. This work lays some foundation for scaling verification efforts and contributes to the broader goal of developing a proof engine with good asymptotic performance, ultimately aimed at enabling the verification of larger and more complex systems.

Programming Languages

Valentin Blot,Denis Cousineau,Enzo Crance,Louise Dubois de Prisque,Chantal Keller,Assia Mahboubi,Pierre Vial

DOI: https://doi.org/10.1145/3573105.3575676

2024-02-21

Abstract:In the context of interactive theorem provers based on a dependent type theory, automation tactics (dedicated decision procedures, call of automated solvers, ...) are often limited to goals which are exactly in some expected logical fragment. This very often prevents users from applying these tactics in other contexts, even similar ones. This paper discusses the design and the implementation of pre-processing operations for automating formal proofs in the Coq proof assistant. It presents the implementation of a wide variety of predictible, atomic goal transformations, which can be composed in various ways to target different backends. A gallery of examples illustrates how it helps to expand significantly the power of automation engines.

Logic in Computer Science

Salwa Tabet Gonzalez,Predrag Janičić,Julien Narboux

DOI: https://doi.org/10.4204/EPTCS.398.6

2024-01-22

Abstract:Conjecturing and theorem proving are activities at the center of mathematical practice and are difficult to separate. In this paper, we propose a framework for completing incomplete conjectures and incomplete proofs. The framework can turn a conjecture with missing assumptions and with an under-specified goal into a proper theorem. Also, the proposed framework can help in completing a proof sketch into a human-readable and machine-checkable proof. Our approach is focused on synthetic geometry, and uses coherent logic and constraint solving. The proposed approach is uniform for all three kinds of tasks, flexible and, to our knowledge, unique such approach.

Artificial Intelligence,Logic in Computer Science

Laila El-Beheiry,Giselle Reis,Ammar Karkour

DOI: https://doi.org/10.4204/EPTCS.337.6

2021-07-16

Abstract:Formally reasoning about functional programs is supposed to be straightforward and elegant, however, it is not typically done as a matter of course. Reasoning in a proof assistant requires "reimplementing" the code in those tools, which is far from trivial. SMLtoCoq provides an automatic translation of SML programs and function contracts into Coq. Programs are translated into Coq specifications, and function contracts into theorems, which can then be formally proved. Using the Equations plugin and other well established Coq libraries, SMLtoCoq is able to translate SML programs without side-effects containing partial functions, structures, functors, records, among others. Additionally, we provide a Coq version of many parts of SML's basis library, so that calls to these libraries are kept almost as is.

Logic in Computer Science,Programming Languages

Guangshuai Mo,Yan Xiong,Wenchao Huang,Lu Ma

DOI: https://doi.org/10.1109/BigCom51056.2020.00016

2020-01-01

Abstract:Proof assistants offer a formal language to write mathematical definitions, executable algorithms, and theorems together with an environment for interactive development of machine-checked proofs. Developers manually construct definitions and lemmas on proof assistants to prove the theorems. However, the time and labor costs of manually proving theorems in proof assistants remain prohibitively high. Therefore, proving the theorem automatically for the sizeable formal project becomes significant. In this paper, we propose SmartCoq, a proof search system that uses a dynamic strategy to solve the problem of automating the interaction with proof assistants. The design of our dynamic strategy is flexible and straightforward: it can automatically optimize itself based on theorems without manual intervention. SmartCoq uses dynamic strategies to learn from the wrong paths in the past and find a correct path to complete the proof. We demonstrate SmartCoq on the proof obligations from a large practical proof project, the CompCert verified C compiler, and the result shows that it can automatically solve 14.5% of proofs in our test dataset.

Pedro Carrott,Nuno Saavedra,Kyle Thompson,Sorin Lerner,João F. Ferreira,Emily First

DOI: https://doi.org/10.1145/3663529.3663814

2024-05-07

Abstract:Proof assistants enable users to develop machine-checked proofs regarding software-related properties. Unfortunately, the interactive nature of these proof assistants imposes most of the proof burden on the user, making formal verification a complex, and time-consuming endeavor. Recent automation techniques based on neural methods address this issue, but require good programmatic support for collecting data and interacting with proof assistants. This paper presents CoqPyt, a Python tool for interacting with the Coq proof assistant. CoqPyt improves on other Coq-related tools by providing novel features, such as the extraction of rich premise data. We expect our work to aid development of tools and techniques, especially LLM-based, designed for proof synthesis and repair. A video describing and demonstrating CoqPyt is available at:

Software Engineering

Saketh Ram Kasibatla,Arpan Agarwal,Yuriy Brun,Sorin Lerner,Talia Ringer,Emily First

2024-10-26

Abstract:Formal verification using proof assistants, such as Coq, is an effective way of improving software quality, but it is expensive. Writing proofs manually requires both significant effort and expertise. Recent research has used machine learning to automatically synthesize proofs, reducing verification effort, but these tools are able to prove only a fraction of the desired software properties. We introduce Cobblestone, a new proof-synthesis approach that improves on the state of the art by taking advantage of partial progress in proof synthesis attempts. Unlike prior tools, Cobblestone can produce multiple unsuccessful proofs using a large language model (LLM), identify the working portions of those proofs, and combine them into a single, successful proof, taking advantage of internal partial progress. We evaluate Cobblestone on two benchmarks of open-source Coq projects, controlling for training data leakage in LLM datasets. Fully automatically, Cobblestone can prove 48% of the theorems, while Proverbot9001, the previous state-of-the-art, learning-based, proof-synthesis tool, can prove 17%. Cobblestone establishes a new state of the art for fully automated proof synthesis tools for Coq. We also evaluate Cobblestone in a setting where it is given external partial proof progress from oracles, serving as proxies for a human proof engineer or another tool. When the theorem is broken down into a set of subgoals and Cobblestone is given a set of relevant lemmas already proven in the project, it can prove up to 58% of the theorems. We qualitatively study the theorems Cobblestone is and is not able to prove to outline potential future research directions to further improve proof synthesis, including developing interactive, semi-automated tools. Our research shows that tools can make better use of partial progress made during proof synthesis to more effectively automate formal verification.

Logic in Computer Science,Artificial Intelligence,Programming Languages

Bernhard Beckert,Sarah Grebing,and Alexander Weigl

DOI: https://doi.org/10.48550/arXiv.1804.04402

2018-04-12

Abstract:Interactive program verification is characterized by iterations of unfinished proof attempts. To support the process of constructing a complete proof, many interactive program verification systems offer a proof scripting language as a text-based way to describe the non-automatic steps in a proof. Such scripting languages are beneficial, but users spent a lot of effort on inspecting proof scripts and the proofs they construct to detect the cause when a proof attempt is unsuccessful and leads to unintended proof states. We present an offline and replay debugger to support the user in analyzing proof attempts performed with proof scripts. This debugger adapts successful concepts from software debugging to the area of proof script debugging. The tool is built on top of KeY, a system for deductive verification of Java programs. The debugger and its graphical user interface are designed to support program verification in particular, the underlying concepts and the implementation, however, are adaptable to other provers and proof tasks.

Logic in Computer Science

Łukasz Czajka,Cezary Kaliszyk

DOI: https://doi.org/10.48550/arXiv.1606.05946

2016-06-20

Logic in Computer Science

Abstract:Hammers are tools that provide general purpose automation for formal proof assistants. Despite the gaining popularity of the more advanced versions of type theory, there are no hammers for such systems. We present an extension of the various hammer components to type theory: (i) a translation of a significant part of the Coq logic into the format of automated proof systems; (ii) a proof reconstruction mechanism based on a Ben-Yelles-type algorithm combined with limited rewriting, congruence closure and a first-order generalization of the left rules of Dyckhoff's system LJT.

Ludovic Font,Philippe R. Richard,Michel Gagnon

DOI: https://doi.org/10.48550/arXiv.1803.01468

IF: 14.4

2018-03-05

Artificial Intelligence

Abstract:The idea of assisting teachers with technological tools is not new. Mathematics in general, and geometry in particular, provide interesting challenges when developing educative softwares, both in the education and computer science aspects. QED-Tutrix is an intelligent tutor for geometry offering an interface to help high school students in the resolution of demonstration problems. It focuses on specific goals: 1) to allow the student to freely explore the problem and its figure, 2) to accept proofs elements in any order, 3) to handle a variety of proofs, which can be customized by the teacher, and 4) to be able to help the student at any step of the resolution of the problem, if the need arises. The software is also independent from the intervention of the teacher. QED-Tutrix offers an interesting approach to geometry education, but is currently crippled by the lengthiness of the process of implementing new problems, a task that must still be done manually. Therefore, one of the main focuses of the QED-Tutrix' research team is to ease the implementation of new problems, by automating the tedious step of finding all possible proofs for a given problem. This automation must follow fundamental constraints in order to create problems compatible with QED-Tutrix: 1) readability of the proofs, 2) accessibility at a high school level, and 3) possibility for the teacher to modify the parameters defining the "acceptability" of a proof. We present in this paper the result of our preliminary exploration of possible avenues for this task. Automated theorem proving in geometry is a widely studied subject, and various provers exist. However, our constraints are quite specific and some adaptation would be required to use an existing prover. We have therefore implemented a prototype of automated prover to suit our needs. The future goal is to compare performances and usability in our specific use-case between the existing provers and our implementation.

Talia Ringer,RanDair Porter,Nathaniel Yazdani,John Leo,Dan Grossman

DOI: https://doi.org/10.1145/3453483.3454033

2021-05-12

Abstract:We describe a new approach to automatically repairing broken proofs in the Coq proof assistant in response to changes in types. Our approach combines a configurable proof term transformation with a decompiler from proof terms to tactic scripts. The proof term transformation implements transport across equivalences in a way that removes references to the old version of the changed type and does not rely on axioms beyond those Coq assumes. We have implemented this approach in PUMPKIN Pi, an extension to the PUMPKIN PATCH Coq plugin suite for proof repair. We demonstrate PUMPKIN Pi's flexibility on eight case studies, including supporting a benchmark from a user study, easing development with dependent types, porting functions and proofs between unary and binary numbers, and supporting an industrial proof engineer to interoperate between Coq and other verification tools more easily.

Programming Languages

Sebastian Böhne,Christoph Kreitz

DOI: https://doi.org/10.48550/arXiv.1803.01466

2018-03-05

Logic in Computer Science

Abstract:We have developed an alternative approach to teaching computer science students how to prove. First, students are taught how to prove theorems with the Coq proof assistant. In a second, more difficult, step students will transfer their acquired skills to the area of textbook proofs. In this article we present a realisation of the second step. Proofs in Coq have a high degree of formality while textbook proofs have only a medium one. Therefore our key idea is to reduce the degree of formality from the level of Coq to textbook proofs in several small steps. For that purpose we introduce three proof styles between Coq and textbook proofs, called line by line comments, weakened line by line comments, and structure faithful proofs. While this article is mostly conceptional we also report on experiences with putting our approach into practise.

Hideki Hashimoto,Zhenjiang Hu,Julien Tesson,Frédéric Loulergue,Masato Takeichi

2009-01-01

Abstract:Program calculation, being a programming technique that derives programs from specification by means of formula manipulation, is a challenging activity. It requires human insights and creativity, and needs systems to help human to focus on clever parts of the derivation by automating tedious ones and verifying correctness of transformations. Different from many existing systems, we show in this paper that Coq, a popular theorem prover, provides a cheap way to implement a powerful system to support program calculation, which has not been recognized so far. We design and implement a set of tactics for the Coq proof assistant to help the user to derive programs by program calculation and to write proofs in calculational form. The use of these tactics is demonstrated through program calculations in Coq based on the theory of lists.

Ludovic Font,Sébastien Cyr,Philippe R. Richard,Michel Gagnon

DOI: https://doi.org/10.4204/EPTCS.313.1

2020-02-28

Abstract:When working on intelligent tutor systems designed for mathematics education and its specificities, an interesting objective is to provide relevant help to the students by anticipating their next steps. This can only be done by knowing, beforehand, the possible ways to solve a problem. Hence the need for an automated theorem prover that provide proofs as they would be written by a student. To achieve this objective, logic programming is a natural tool due to the similarity of its reasoning with a mathematical proof by inference. In this paper, we present the core ideas we used to implement such a prover, from its encoding in Prolog to the generation of the complete set of proofs. However, when dealing with educational aspects, there are many challenges to overcome. We also present the main issues we encountered, as well as the chosen solutions.

Artificial Intelligence,Human-Computer Interaction,Logic in Computer Science

Emilio Jesús Gallego Arias,Benoît Pin,Pierre Jouvelot

DOI: https://doi.org/10.48550/arXiv.1701.07125

2017-01-25

Programming Languages

Abstract:We describe jsCcoq, a new platform and user environment for the Coq interactive proof assistant. The jsCoq system targets the HTML5-ECMAScript 2015 specification, and it is typically run inside a standards-compliant browser, without the need of external servers or services. Targeting educational use, jsCoq allows the user to start interaction with proof scripts right away, thanks to its self-contained nature. Indeed, a full Coq environment is packed along the proof scripts, easing distribution and installation. Starting to use jsCoq is as easy as clicking on a link. The current release ships more than 10 popular Coq libraries, and supports popular books such as Software Foundations or Certified Programming with Dependent Types. The new target platform has opened up new interaction and display possibilities. It has also fostered the development of some new Coq-related technology. In particular, we have implemented a new serialization-based protocol for interaction with the proof assistant, as well as a new package format for library distribution.

David Braun,Nicolas Magaud,Pascal Schreck

DOI: https://doi.org/10.1007/s10817-023-09690-2

2024-01-20

Journal of Automated Reasoning

Abstract:We present an automatic theorem prover for projective incidence geometry. This prover does not consider coordinates. Instead, it follows a combinatorial approach based on the concept of rank. This allows to deal only with sets of points and to capture relations between objects of the projective space (equality, collinearity, coplanarity, etc.) in a homogenous way. Taking advantage of the computational aspect of this approach, we automatically compute by saturation the ranks of all sets of the powerset of the points of the geometric configuration we consider. Upon completion of the saturation phase, our prover then retraces the proof process and generates the corresponding Coq code. This code is then formally checked by the Coq proof assistant, thus ensuring that the proof is actually correct. We use the prover to verify some well-known, non-trivial theorems in projective space geometry, among them: Desargues' theorem and Dandelin–Gallucci's theorem.

computer science, artificial intelligence

Julien Tesson,Hideki Hashimoto,Zhenjiang Hu,Frederic Loulergue,Masato Takeichi

DOI: https://doi.org/10.1007/978-3-642-17796-5_10

2011-01-01

Abstract:Program calculation, being a programming technique that derives programs from specification by means of formula manipulation, is a challenging activity. It requires human insights and creativity, and needs systems to help human to focus on clever parts of the derivation by automating tedious ones and verifying correctness of transformations. Different from many existing systems, we show in this paper that Coq, a popular theorem prover, provides a cheap way to implement a powerful system to support program calculation, which has not been recognized so far. We design and implement a set of tactics for the Coq proof assistant to help the user to derive programs by program calculation and to write proofs in calculational form. The use of these tactics is demonstrated through program calculations in Coq based on the theory of lists.

Cosmo Viola,Max Fan,Talia Ringer

2024-11-22

Abstract:Proofs in proof assistants like Coq can be brittle, breaking easily in response to changes. To address this, recent work introduced an algorithm and tool in Coq to automatically repair broken proofs in response to changes that correspond to type equivalences. However, many changes remained out of the scope of this algorithm and tool -- especially changes in underlying behavior. We extend this proof repair algorithm so that it can express certain changes in behavior that were previously out of scope. We focus in particular on equivalences between quotient types -- types equipped with a relation that describes what it means for any two elements of that type to be equal. Quotient type equivalences can be used to express interesting changes in representations of mathematical structures, as well as changes in the underlying implementations of data structures. We extend this algorithm and tool to support quotient type equivalences in Coq. Notably, since Coq lacks quotient types entirely, our extensions use Coq's setoid machinery to represent quotients externally. Specifically, (1) our extension to the algorithm supports new changes corresponding to setoids, and (2) our extension to the tool supports this new class of changes and further automates away some of the new proof obligations. We ground our setoid extensions by way of a discussion of a corresponding manual proof repair approach in Cubical Agda, which supports quotient types and allows for some internalization of the correctness criteria for proof repair. We demonstrate our extensions on proof repair case studies for previously unsupported changes.

Programming Languages