COQHOTT
A NEW PROOF-ASSISTANT THAT REVISITS THE THEORETICAL FOUNDATIONS OF COQ USING HOMOTOPY TYPE THEORY
NICOLAS TABAREAU The CoqHoTT project
Design and implement a brand-new proof assistant by revisiting the theoretical foundations of Coq.
Type Theory Homotopy Type Theory
CoqHoTT, a brand-new proof assistant based on Homotopy Type Theory 2 Coq: a success but ...
Based on the correspondence: Formula ⟺ Type Proof ⟺ Program
Type Theory has been developed, providing a common language for mathematics and computer science ⇒ Coq
Program certification Theorem Proving
CompCert The 4 Colour Compiler Theorem
CoqHoTT, a brand-new proof assistant based on Homotopy Type Theory 3 Coq: a success but ...
Program certification: CompCert First ever certified Compiler C-Compiler
Theorem proving: extraction High impact in computer The 4 Colour science as well as in Theorem mathematics
CoqHoTT, a brand-new proof assistant based on Homotopy Type Theory 3 ... not the last word
Many weaknesses cannot be solved without changing the theoretical foundations of Coq: common operators/principles cannot be “constructed” (eg., general fixpoints or the law of excluded middle) the notion of equality is too weak
CoqHoTT, a brand-new proof assistant based on Homotopy Type Theory 4 ... not the last word
Many weaknesses cannot be solved without changing the theoretical foundations of Coq: common operators/principles cannot be “constructed” (eg., general fixpoints or the law of excluded middle) the notion of equality is too weak
Example: bounded integers (n;bounded_n) ≠ (n;bounded_n)
CoqHoTT, a brand-new proof assistant based on Homotopy Type Theory 4 Only one way out
make use of axioms consistency issues valid axioms can be wrong altogether breaks the extraction mechanism axioms have no computational meaning limits possibility of automation can not use reflection in the proof
CoqHoTT, a brand-new proof assistant based on Homotopy Type Theory 5 The CoqHoTT project
Design and implement a brand-new proof assistant by revisiting the theoretical foundations of Coq.
Type Theory Homotopy Type Theory
CoqHoTT, a brand-new proof assistant based on Homotopy Type Theory 6 The CoqHoTT project
Design and implement a brand-new proof assistant by revisiting the theoretical foundations of Coq.
Type Theory Homotopy Type Theory
Uniform equality Relativized equality (syntactic) (semantic)
CoqHoTT, a brand-new proof assistant based on Homotopy Type Theory 6 The Big Challenge
Revisit the theory behind Coq using HoTT and provide a brand-new proof assistant with: equality as a first-class citizen axiom-free extensions of the logic
CoqHoTT, a brand-new proof assistant based on Homotopy Type Theory 7 The Big Challenge
Revisit the theory behind Coq using HoTT and provide a brand-new proof assistant with: equality as a first-class citizen axiom-free extensions of the logic
Apart from relaxing the drawbacks of using axioms, it will simplify a lot the development of new proofs for users. (n;bounded_n) = (n;bounded_n)
CoqHoTT, a brand-new proof assistant based on Homotopy Type Theory 7 Nicolas TABAREAU - CoqHoTT - Part B2! "2 because they come with a nice elimination principle which allows to substitute a term by an Id- equivalent one anywhere in a type. This is Leibniz’s principle of indiscernability of identicals.! To the opposite, the notion of equality in mathematics is eminently semantics, with a definition that is relative to the type of terms being considered. This is why the functional extensionality principle is easy toInternalization set in this setting, because of the the definition Weak of equality Groupoid is specialized Interpretation accordingly of when it comes to function types. The problem with that point of view is that it does not come with a generic substitution principle, thus it is difficult to use itType in a programming Theory language.!
This mismatch prevents proof developments from using more advanced semantical tools in their reasoning (e.g. the well-established logical relations for the CompCert project) because of the explicit manipulation of mathematical equality together with axioms. Of course, some important work has been done to work around this difficulty byNovember defining other 28, notions 2013 of equalities beside, using the well known notion of setoids [7]. But this does not provide equality as we mean it on black board because we can not use the generic substitution principle on equality available for identity types. If aRequire working Export computerUnicode.Utf8 scientist wantscore to. use a setoid-based notion of equality and do some rewriting withRequire it in an Import expression,Arith she. needs to prove beforehand that this expression validates the substitution Set principle. Implicit And Arguments when the. considered expression comes from a separated development, this can be a very complex task, even for a single expression. This non-uniform Axiom functional extensionality : AB(fg: A B), ( x, fx= gx) f = g. treatment of equality causes problems when proofs8 need to be combined,! which8 is one of the! key stones of mathematicalDefinition developments.SL := � nAs:nat a , consequence,n + 1. Definition significant S CoqR := developments� n:nat, 1 + haven. been done, but only by virtuosos playing around with advanced concepts of both computer Lemma trivial eq : SL = SR. Proof. ?? science andInternalization mathematics, which excludes of the by definition Weak our Groupoid working computer Interpretation scientist (and also of CoInductive Stream : Type := cons : nat Stream Stream. working mathematicians). This project aims at Typesolving| this Theory issue! by delivering! a proof assistant in which a workingInternalization CoInductivecomputer scientistseq or: ofStream mathematicians the WeakStream can manipulate GroupoidProp := the notion Interpretation of equality as she of does on black board. ! seq : n s1 s2, seq s1! s2 seq (!cons n s1 )(cons n s2 ). | 8 Type! Theory Axiom stream eq : n s1 s2, s1 = s2 cons n s1 = cons n s2. The birth of homotopy type theoryState!8 of the !art. CoFixpoint one := cons 1 oneMarch. CoFixpoint 13, 2014 zero := cons 0 zero. To correct the fundamentalHomotopy mismatch between Type equality Theory in mathematics and in type theory, Hofmann and StreicherCoFixpoint haveplus introduced: Stream a newStream point of viewStream on type. theory, where types are ! ! not viewed as simpleDefined sets. but as sets enrichedMarch with an 13, homotopical 2014 structure [5]. This way, Idea: each type Requirecomes InfixwithExport a ”++”specializedUnicode.Utf8 := plusequality notion. ofcore equality⟺. homotopy and the homotopical structure describes how to substituteRequire a term Importby anotherArith equivalent. one in a type. Voevodsky recognized recently that this Lemma trivial eq2 : one ++ zero = one. Proof. ?? simplicial SetRequireinterpretation+ Implicit theExport univalence of ArgumentstypeUnicode.Utf8 theory principle. satisfiescore [Streicher, a. further crucial Voevodsky], property, which dubbed univalence, which had not previouslyParameter been consideredequiv :inType type theory.Type The Typeunivalence. principle says that two types (or AxiomRequire fun allowsImportext to: ArithderiveA B. equalityf g : A! principlesB ,!( usedx, f x in= mathematics:g x) f = g. structures)Set T and Implicit InfixU are equal” Arguments”:=8 whenequiv they{ .( atare levelequivalent! }50). 8(or isomorphic):!! Definition SL⇠:= � n:nat, n + 1. Definition SR := � n:nat, 1 + n. Axiom Definitionfun ext : AunivalenceB f g ::=A TUB , :(Typex, f, Tx = gUx) Tf==Ug.. Lemma trivial eq 8: SL = S{R. Proof8!. ??} 8 ⇠ !! Definition , + Definition , + This principle subsumesS Lthe:= other� n :natmissingn principles1. of equality SandR := as� such,n:nat is the1 keyn. to equip type theoryLemma with atrivial notion eqof :equalitySL = S thatR. Proofis compatible. ?? with traditional mathematical reasonings. In recent developmentsParameter ofequiv HoTT: Type[1], the univalenceType Type principle. is added to the type theory of Coq (or Agda) in the form of a new axiom.! This has! far-reaching consequences in the formalization of Infix ” ”:=equiv (at level 50). homotopy theory, such as CoqHoTT,the proof a brand-new that the proof first assistant homotopy based on group Homotopy of Type the Theory sphere is8 equivalent to � Parameter⇠ equiv : Type Type Type. [13]. But, Definitionthe univalenceunivalence principle has:=! alsoT Ua very!: Type interesting, T U interpretationT = U . in computer science. It allows to useInfix a function/method” ”:=equiv (ofat alevel library—that8 50). has been⇠ defined! on a data type A—on another ⇠ data type B,Definition as soon as thereunivalence is an explicit:= T typeU : isomorphismType, T U betweenT = AU and. B. Take for instance A Definition refl A x := eq8 refl (A:=A) x. ⇠ ! to be the inductive type for lists.{ } 1 Inductive list A : Type := nil : list A cons : A list A list A. Definition refl1 A x := eq refl1 (A:=1 A) |x. 1 ! 1 ! 1 { } Suppose nowInductive a developerlist A has: Type used := its nil own: inductivelist A cons type for: list listsA in itsA developmentlist A. and for Inductive list2 A : Type := nil2 : list2 A | cons2 : A 2 list! A ! list2 A. convenience has defined the1 constructor cons1 by taking1 |the arguments1 ! in a1 reverse! order1 Inductive list A : Type := nil : list A cons : list A A list A. 2 2 2 | 2 2 ! ! 2
1
1 Nicolas TABAREAU - CoqHoTT - Part B2! "2 because they come with a nice elimination principle which allows to substitute a term by an Id- equivalent one anywhere in a type. This is Leibniz’s principle of indiscernability of identicals.! To the opposite, the notion of equality in mathematics is eminently semantics, with a definition that is relative to the type of terms being considered. This is why the functional extensionality principle is easy toInternalization set in this setting, because of the the definition Weak of equality Groupoid is specialized Interpretation accordingly of when it comes to function types. The problem with that point of view is that it does not come with a generic substitution principle, thus it is difficult to use itType in a programming Theory language.!
This mismatch prevents proof developments from using more advanced semantical tools in their reasoning (e.g. the well-established logical relations for the CompCert project) because of the explicit manipulation of mathematical equality together with axioms. Of course, some important work has been done to work around this difficulty byNovember defining other 28, notions 2013 of equalities beside, using the well known notion of setoids [7]. But this does not provide equality as we mean it on black board because we can not use the generic substitution principle on equality available for identity types. If aRequire working Export computerUnicode.Utf8 scientist wantscore to. use a setoid-based notion of equality and do some rewriting withRequire it in an Import expression,Arith she. needs to prove beforehand that this expression validates the substitution Set principle. Implicit And Arguments when the. considered expression comes from a separated development, this can be a very complex task, even for a single expression. This non-uniform Axiom functional extensionality : AB(fg: A B), ( x, fx= gx) f = g. treatment of equality causes problems when proofs8 need to be combined,! which8 is one of the! key stones of mathematicalDefinition developments.SL := � nAs:nat a , consequence,n + 1. Definition significant S CoqR := developments� n:nat, 1 + haven. been done, but only by virtuosos playing around with advanced concepts of both computer Lemma trivial eq : SL = SR. Proof. ?? science andInternalization mathematics, which excludes of the by definition Weak our Groupoid working computer Interpretation scientist (and also of CoInductive Stream : Type := cons : nat Stream Stream. working mathematicians). This project aims at Typesolving| this Theory issue! by delivering! a proof assistant in which a workingInternalization CoInductivecomputer scientistseq or: ofStream mathematicians the WeakStream can manipulate GroupoidProp := the notion Interpretation of equality as she of does on black board. ! seq : n s1 s2, seq s1! s2 seq (!cons n s1 )(cons n s2 ). | 8 Type! Theory Axiom stream eq : n s1 s2, s1 = s2 cons n s1 = cons n s2. The birth of homotopy type theoryState!8 of the !art. CoFixpoint one := cons 1 oneMarch. CoFixpoint 13, 2014 zero := cons 0 zero. To correct the fundamentalHomotopy mismatch between Type equality Theory in mathematics and in type theory, Hofmann and StreicherCoFixpoint haveplus introduced: Stream a newStream point of viewStream on type. theory, where types are ! ! not viewed as simpleDefined sets. but as sets enrichedMarch with an 13, homotopical 2014 structure [5]. This way, Idea: each type Requirecomes InfixwithExport a ”++”specializedUnicode.Utf8 := plusequality notion. ofcore equality⟺. homotopy and the homotopical structure describes how to substituteRequire a term Importby anotherArith equivalent. one in a type. Voevodsky recognized recently that this Lemma trivial eq2 : one ++ zero = one. Proof. ?? simplicial SetRequireinterpretation+ Implicit theExport univalence of ArgumentstypeUnicode.Utf8 theory principle. satisfiescore [Streicher, a. further crucial Voevodsky], property, which dubbed univalence, which had not previouslyParameter been consideredequiv :inType type theory.Type The Typeunivalence. principle says that two types (or AxiomRequire fun allowsImportext to: ArithderiveA B. equalityf g : A! principlesB ,!( usedx, f x in= mathematics:g x) f = g. structures)Set T and Implicit InfixU are equal” Arguments”:=8 whenequiv they{ .( atare levelequivalent! }50). 8(or isomorphic):!! Definition SL⇠:= � n:nat, n + 1. Definition SR := � n:nat, 1 + n. Axiom Definitionfun ext : AunivalenceB f g ::=A TUB , :(Typex, f, Tx = gUx) Tf==Ug.. Lemma trivial eq 8: SL = S{R. Proof8!. ??} 8 ⇠ !! Definition , + Definition , + This principle subsumesS Lthe:= other� n :natmissingn principles1. of equality SandR := as� such,n:nat is the1 keyn. to equip Issue: type theoryLemma with atrivial notion eqof :equalitySL = S thatR. Proofis compatible. ?? with traditional mathematical reasonings. In Univalence is still stated as an axiom. recent developmentsParameter ofequiv HoTT: Type[1], the univalenceType Type principle. is added to the type theory of Coq (or Agda) in the form of a new axiom.! This has! far-reaching consequences in the formalization of Infix ” ”:=equiv (at level 50). homotopy theory, such as CoqHoTT,the proof a brand-new that the proof first assistant homotopy based on group Homotopy of Type the Theory sphere is8 equivalent to � Parameter⇠ equiv : Type Type Type. [13]. But, Definitionthe univalenceunivalence principle has:=! alsoT Ua very!: Type interesting, T U interpretationT = U . in computer science. It allows to useInfix a function/method” ”:=equiv (ofat alevel library—that8 50). has been⇠ defined! on a data type A—on another ⇠ data type B,Definition as soon as thereunivalence is an explicit:= T typeU : isomorphismType, T U betweenT = AU and. B. Take for instance A Definition refl A x := eq8 refl (A:=A) x. ⇠ ! to be the inductive type for lists.{ } 1 Inductive list A : Type := nil : list A cons : A list A list A. Definition refl1 A x := eq refl1 (A:=1 A) |x. 1 ! 1 ! 1 { } Suppose nowInductive a developerlist A has: Type used := its nil own: inductivelist A cons type for: list listsA in itsA developmentlist A. and for Inductive list2 A : Type := nil2 : list2 A | cons2 : A 2 list! A ! list2 A. convenience has defined the1 constructor cons1 by taking1 |the arguments1 ! in a1 reverse! order1 Inductive list A : Type := nil : list A cons : list A A list A. 2 2 2 | 2 2 ! ! 2
1
1 State of the art. Logic Extension in Mathematical Logic Idea: Translating formulas of rich logic into formulas of a simpler logic by using complex proof transformations
logic with forcing original logic new principles sheafification
CoqHoTT, a brand-new proof assistant based on Homotopy Type Theory 9 State of the art. Logic Extension in Mathematical Logic Idea: Translating formulas of rich logic into formulas of a simpler logic by using complex proof transformations
logic with forcing original logic new principles sheafification
Issue: Type Theory ≠ Mathematical Logic
CoqHoTT, a brand-new proof assistant based on Homotopy Type Theory 9 CoqHoTT Challenges
C1 Type Theory with a built-in notion of univalence
C2 Implement CoqHoTT without overhead
C3 Define and implement Higher Inductive Types
C4 Extend Type Theory without axioms
CoqHoTT, a brand-new proof assistant based on Homotopy Type Theory 10 CoqHoTT Challenges
C1 Type Theory with a built-in notion of univalence
C2 Implement CoqHoTT without overhead
C3 Define and implement Higher Inductive Types
C4 Extend Type Theory without axioms
CoqHoTT, a brand-new proof assistant based on Homotopy Type Theory 10 Type Theory with Univalence
type T is a space
programs a:T are proofs of equality points p : a = b are paths
CoqHoTT, a brand-new proof assistant based on Homotopy Type Theory 11 Type Theory with Univalence
type T is a space Path operations: id : a =T a
p-1 : b =T a
q o p : a =T c
Homotopies: left-id : id o p =a=b p programs right-id : p o id =a=b p proofs of equality a:T are r o (q o p) = p : a = b assoc : a=d points (r o q) o p are paths
CoqHoTT, a brand-new proof assistant based on Homotopy Type Theory 11 Type Theory with Univalence and Higher Homotopies
The main novelty of this approach is to realize that homotopies between homotopies cannot be omitted, and this up to infinite dimension.
CoqHoTT, a brand-new proof assistant based on Homotopy Type Theory 12 Type Theory with Univalence and Higher Homotopies
Homotopy Type Theory Compilation Type Theory Type-Checker
Relativized equality Uniform equality Correct p -1 b a p Univalence Higher algebraic q structure Incorrect c
This compilation phase uses higher algebraic structure (e.g., ∞-groupoids, cubical sets [Coquand et al.])
CoqHoTT, a brand-new proof assistant based on Homotopy Type Theory 13 Extend Type Theory without Axioms
We will use the fact that:
Homotopy Type Theory = Higher Mathematical Logic
CoqHoTT, a brand-new proof assistant based on Homotopy Type Theory 14 Extend Type Theory without Axioms Using Compilation Phases We will use the fact that:
Homotopy Type Theory = Higher Mathematical Logic
Consider logical transformations (forcing, sheafification) of mathematical logic as compilation phases in HoTT:
increase the power of the logic without axioms
change the logic at compile time, according to a trade-off between efficiency and logical expressivity
CoqHoTT, a brand-new proof assistant based on Homotopy Type Theory 14 Extend Type Theory without Axioms Using Compilation Phases We will use the fact that:
Homotopy Type Theory = Higher Topos Theory [Lurie]
Consider logical transformations (forcing, sheafification) of mathematical logic as compilation phases in HoTT:
increase the power of the logic without axioms
change the logic at compile time, according to a trade-off between efficiency and logical expressivity
CoqHoTT, a brand-new proof assistant based on Homotopy Type Theory 14 Extend Type Theory without axioms using a compilation phase
CoqHoTT + Sheaf Translation Forcing Translation CoqHoTT + Classical Logic w/ Dense Topology w/ Natural Numbers General Induction Added principles : Added principle : General Inductive Types Excluded Middle Löb Rule
CoqHoTT
CoqHoTT + CoqHoTT + Axiom of Choice Kripke Semantics Added principle : Sheaf Translation Forcing Translation Added principle : w/ Dense Topology w/ worlds Dependent AC Natural Numbers Modal Logic
CoqHoTT, a brand-new proof assistant based on Homotopy Type Theory 15 Methodology. Distinct compilation phases II
Compile complex type w/o Axiom of w/o General theories into simpler Full CoqHoTT Choice Fixpoints ones.
w/o Kripke w/o Classical w/o Univalence inherit consistency Semantics Logic of Coq
split the complexity Kernel of Coq Compiled Coq of type checking
CoqHoTT, a brand-new proof assistant based on Homotopy Type Theory 16 Feasability and Impacts The CoqHoTT project is very ambitious—in particular Challenges 1 & 4.
Background and Connections to the Coq community Connections to the emerging HoTT community
CoqHoTT, a brand-new proof assistant based on Homotopy Type Theory 17 Feasability and Impacts The CoqHoTT project is very ambitious—in particular Challenges 1 & 4.
Background and Connections to the Coq community Connections to the emerging HoTT community
Our expectation is that CoqHoTT will become a popular proof assistant among: software engineers : faster and simpler developments computer scientists: integration of type isomorphisms mathematicians : new equality and logical expressivity
CoqHoTT, a brand-new proof assistant based on Homotopy Type Theory 17 The CoqHoTT team …
The PI (75 % of his time) will take charge of the overall scientific direction. Matthieu Sozeau (20%) is one of the main developers of Coq and its expertise on the subject is crucial to the CoqHoTT project.
Non-Permanent Staff Non-Permanent Staff (ERC): (Host Institution, Inria): 3 PhD, 4 Post-Docs, 1 PhD, 1 Post-Doc, 1 software engineer 1 support engineer
and hopefully more !
CoqHoTT, Coq for Homotopy Type Theory 18 … inside a very active community
CoqHoTT, Coq for Homotopy Type Theory 18 CoqHoTT in a nutshell
New proof-assistant based on HoTT
Equality as a first-class citizen Axiom-free extensions of the logic
Defined using distinct compilations phases
A world-class group on a new generation of proof assistants
CoqHoTT, a brand-new proof assistant based on Homotopy Type Theory 19