A Case Study on Formalizing Algebra in a Module System Stefania Dumbrava, Fulya Horozal, Kristina Sojakova Jacobs University D-28759, Bremen, Germany [email protected], [email protected], [email protected] ABSTRACT sented by separate theories. These permit to encapsulate We present a case study on a modular formal representa- mathematical theories and re-use them in different contexts. tion of algebra in the recently developed module system for For a long time, Coq [Coq] used a sectioning mechanism the Twelf implementation of the Edinburgh Logical Frame- that separates its formalizations into different sections to work LF. The module system employs signature morphisms which definitions, theorems and proofs are made local. An as its main primitive concept, which makes it particularly ML-like module system for Coq was later implemented (see useful to reason about structural translations between math- [Chr03]), which conveniently lets a user define parametrized ematical concepts. The mathematical content is encoded in theories or data structures to be easily used in other formal- the usual way using LF's higher order abstract syntax and izations. judgments-as-types paradigm, but using the module system Locales ([KW98]) are the modules of Isabelle [Pau94] for to treat all algebraic structures independently. Signature efficient theory management that group relevant mathemat- morphisms are used to give an explicit yet simple represen- ical theories together. They are similar to the sections in tation of modular dependency between the algebraic struc- Coq, but provide additional features. For instance, an al- tures. Our results demonstrate the feasibility of comprehen- ready existing locale can be opened again to add theorems to sively formalizing large-scale theorems and proofs and thus its content. Locales are integrated with Isabelle's language promise significant future applications. for readable proof documents (Isar [Wen99]) and interpreted in the context of proofs. Recently, a module system for the Twelf implementation Categories and Subject Descriptors [PS99] of the Edinburgh Logical Framework LF [HHP93] was I.2.4 [Knowledge Representation Formalisms and Meth- developed (see [RS09]). The Twelf module system employs ods]: Representation languages signatures and signature morphisms as its main primitive concepts. Mathematical theories are formalized in signa- General Terms tures as a collection of constant declarations and constant definitions. The Twelf module system follows the approach Design, Languages, Verification of using signature morphisms to represent structural rela- tionships between mathematical theories (see [Far00]). This Keywords leads to the notion of signature graphs, which are a simple and scalable means to relate signature to one another. Logical frameworks, Twelf, modularity, encodings, abstract In this paper, we present a case study on the formalization algebra of mathematical theories from algebra in the Twelf module system. Algebraic structures are particularly suitable for 1. INTRODUCTION modular representation as there is inherently a large amount In recent decades, a large amount of mathematics has been of sharing involved, and thus are suitable for an evaluation of formalized in various proof systems, which created large a module system. This case study is one of the initial exten- libraries of mechanically verified mathematical knowledge. sive applications of the Twelf module system for mathemat- Several proof systems have developed module systems to ical theories (the other application is on the representation manage their large mathematical developments. These mod- of proof and model theory of first-order logic, see [HR09]). ule systems often follow the \little theories approach" pro- This paper is organized as follows. We present the Twelf posed in [FGT92], in which separate contexts are repre- system and its module system in Sect. 2. In Sect. 3, we present our case study, in particular, the encoding of alge- braic structures in Sec. 3.1 and that of lattices in Sect. 3.2. We summarize our results and discuss future work in Sect. 4. Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. To copy otherwise, to 2. THE TWELF SYSTEM republish, to post on servers or to redistribute to lists, requires prior specific The Twelf system is an implementation of the logical permission and/or a fee. MLPA CADE 2009, Montreal, Canada framework LF designed as a meta-language for the represen- Copyright 2009 ACM 978-1-60558-954-1/09/08 ...$10.00. tation of deductive systems. It is a dependent type theory with typed terms and kinded type families. % sig FOL = { o : type . i : type . Kinds: K ::= type j A ! K true : o. Type families: A; B ::= a j AM j Πx:AB j A ! B false : o. : : o -> o. Objects: M; N ::= c j x j λx:AM j MN ... }. Twelf features the dependent product type constructor %sig FOLEQ = { Πx:AB and its introductory axiom, the λ-binder λx:AM. As %struct fol : FOL. == : fol.i -> fol.i -> fol.o. usual, application is written as juxtaposition MN. A ! B }. abbreviates Πx:AB if x does not occur freely in B. Type families are kinded by kinds, where types are the type fam- For example, consider the following signature declarations, ilies kinded by type, and objects are typed by types. which we use for our encodings. The signature FOL contains Twelf signatures contain declarations of type- or object- a type o for propositions and a type i for first-order individ- level constants. Constants are declared in the form of decla- uals. The terms truth and false represent the truth values rations a : K or c : A, or definitions a : K = A or c : A = M. for propositions. FOL encodes the logical connectives as ex- Variables x : A are typed, never kinded. pected (e.g., : encodes the unary connective for negation). Signature morphisms define mappings between signatures The signature FOLEQ encodes first-order logic with equality and come in two flavors: structures, which copy and in- by inheriting from FOL via a structure called fol and adds stantiate a signature S into T , and views, which translate a symbol for equality. from a signature S to T . Readers familiar with modular Then the signature FOLEQPF encodes natural deduction theory development languages such as development graphs style proof rules for the logical connectives and quantifiers ([AHMS99]) will recognize structures as definitional theory in FOL. Firstly, it inherits from FOL and FOLEQ where the morphisms and views as postulated theory morphisms. instantiation %struct fol := fol. in the structure foleq A modular Twelf specification is a sequence of signature works as follows: The left side of the instantiation is a sym- bol declared in the domain signature { here: FOLEQ { and declarations DT and view declarations Dv. Signatures are the right side is an expression over the codomain signature sequences of constant declarations Dc, structure declara- { here: FOLEQPF. This instantiation has the effect of a shar- tions Ds and signature inclusions DI . Similarly, views are sequences of assignments to constants and structures. These ing declaration: The two structures fol and foleq.fol in- are shown below in terms of Twelf's concrete syntax. Key- heriting from FOL are identified. Secondly, it declares the words are introduced with % and precede all declarations constant ` as o-indexed type family. This type family ex- except for constant declarations. emplifies how logic encodings in LF represent judgments as types and derivations as objects: Objects of type ` A repre- Start : S ::= DT j Dv ∗ sent derivations of the judgment\A is true". Then it declares Signatures: DT ::= % sig T = {(Dc j Ds j DI ) }. Views : Dv ::= % view v : S -> T = constants that encode the introduction and elimination rules {(c := C j % struct s := µ)∗ }. of connectives and quantifiers (e.g., notI and notE encode Inclusions: DI ::= % include T . the introduction and elimination rules for negation). Constants : Dc ::= c : C. j c : C = C. Structures: Ds ::= % struct s : S = ∗ %sig FOLEQPF = { {(c := C. j % struct s := µ.) }. %struct fol : FOL. Terms : C ::= type j c j x j C -> C j CC %struct foleq : FOLEQ = {%struct fol := fol.}. j {x:C} C j [x:C] C ` : o -> type . Morphisms : µ ::= v j s j µ µ notI : (` A -> {B} ` B) -> ` ( fol .: A). notE : ` A -> ` ( fol .: A) -> {B} ` B. Finally, there are two classes of expressions. Firstly, terms ... are normal LF expressions where the Π-binder is written }. with braces {} and the λ-binder with square brackets []. Note that we use implicit arguments: Upper case free vari- Secondly, morphisms are expressions that translate between ables in declarations are assumed be implicitly Π-bound on signatures: Each structure s or view v induces a signature the outside. This has the effect of free parameters. For ex- morphism, and the juxtaposition µ µ0 of morphisms repre- ample, in notE, the variable A is free. The verbal reading of sents their diagram-order composition. Morphisms preserve the rule is \For any A, if A is true and :A is true, then for all judgments regarding well-formedness, typing, and equal- all B we have B is true ". ity (see [HST94, RS09] for the preservation results). Twelf allows one to omit the qualified names of copied A view declaration encodes a translation between two sig- constants in a signature using the keyword %open. For in- natures. A view occurs on toplevel and gives domain and stance, in FOLEQPF, if we consider the following structure codomain explicitly. It must instantiate all constants (ex- declaration %struct fol : FOL %open :., then it is possi- cept those that have definitions) of the domain signature ble to refer to the negation connective simply as :.