CoqHoTT

Page 1

A new proof assistant to stop software bugs from biting

Implementation of Homotopy Type Theory as a compilation phase into Type Theory.

Proof assistants like Coq are an important tool in mathematics research and software development, yet there are weaknesses in the current version of the system. Researchers in the CoqHoTT project are revisiting the theoretical foundations of Coq, aiming to improve and extend the system for today’s mathematicians and computer scientists, as Dr Nicolas Tabareau explains. The mathematical community commonly uses proof assistants to formally prove theorems, while they are also an important tool for software companies, who use them to prove that a particular program meets its specification. One of the major proof assistants currently in use is Coq, a proof management system with its roots in research dating back to the early ‘80s, and it has since grown in prominence. “Coq is quite a popular proof assistant, yet it still lacks some facilities and features which would make it convenient and easy to use,” says Dr Nicholas Tabareau, a researcher at Inria in France. This is an issue central to the work of CoqHoTT, an ERC-backed project which is revisiting the theoretical foundations of Coq using ideas from Homotopy Type Theory (HoTT). “The goal is to improve the proof assistant and to include more properties in the logic, so that it can offer more reasoning principles to the user,” outlines Dr Tabareau, the project’s Principal Investigator. A major priority in the project is making Coq more useable for mathematicians in particular, which will help to simplify the development of new proofs and improve

48

efficiency. While the system itself has been around for over thirty years now, Dr Tabareau says that most mathematicians are still reluctant to use Coq. “It should be a help for them in developing and proving their theorems, but at the moment it’s still a bit more of a burden,” he explains. The Coq proof assistant has two main weaknesses in particular, says Dr Tabareau.

using other paradigms in Coq. This means it will be possible to directly prove elements of Coq that have been written in mainstream languages like C or Rust for example. “It will be an extension of Coq, but more from the programming language point of view,” says Dr Tabareau. Coq is not just a programming language, but also a proof assistant, so Dr Tabareau says that extensions need to

Part of the project is about trying to manipulate this assistant, using ideas from HoTT, in order to provide a universal equality that we hope will be

more useful for mathematicians. “One is that it is too rigid for mathematical reasoning with respect to equalities and how objects are defined,” he outlines. “The second main weakness is the fact that you are in a pure functional setting, it’s a pure language. So it’s quite restricted, and it’s very different from mainstream programming languages.” By extending and improving the system, researchers will open up the possibility of

be dealt with in a logical way, taking into account the impact on the system. “That’s the major challenge that we face, in terms of extending the system,” he continues. “It’s not like a traditional programming language, where if you want a new feature, you just implement it. The challenge is to extend the power of the language, while also filtering out the possibility of any fake proofs being introduced.”

EU Research

Mathematical proof This work holds important implications for industry, potentially providing a smoother path to proving that software is correct and minimising vulnerabilities, while Dr Tabareau says a lot of emphasis in the project is being placed on helping mathematicians develop proofs more efficiently. There is an internal notion of equality within the Coq system, which Dr Tabareau says is an important part of building and developing a mathematical proof. “Mathematicians reason about this equality,” he explains. This notion of equality within Coq is currently not ideal for mathematicians’ purposes however, as it’s too rigid. “In mathematics, we are used to a notion of equality more semantic than that currently in Coq,” outlines Dr Tabareau. “Objects and structures are not considered to be equal in the system, even though they are isomorphic.” The univalence principle, which allows researchers to derive equality principles used in mathematics, is a key concept in this respect. However, the univalence principle is not currently satisfied within the Coq proof assistant, an issue that Dr Tabareau and his colleagues are working to address in the project. “Part of the project is about trying to manipulate this assistant, using ideas from HoTT, in order to provide a universal equality that we hope will be more useful for mathematicians,” he explains. Disruption will be kept to a minimum during this process, so that mathematicians

www.euresearcher.com

and programmers can continue to use the system. “Coq is currently being used in very large and complex projects. If we modify it and specify it to too great a degree, it may negatively affect the performance of the system,” says Dr Tabareau. “So there is a trade-off between providing a more powerful system, and ensuring performance levels are at an acceptable level for users.” A researcher may want to implement a piece of code in Coq for example, prove it, then extract it into a more traditional language. There has been some work on

trying to build an automatic bridge between functional programming languages such as Haskell and Ocaml, which are quite commonly used by major companies. “There has been some work by academics on automatically importing code written in these formal languages into Coq, and then we can prove them in Coq,” outlines Dr Tabareau. This work is expected to have a significant impact in both the mathematical and computer science fields, raising the profile of Coq as a proof assistant and encouraging its wider use. “This is designed for experts who are defending their proofs,

Various possible extensions of the Coq proof assistant as distinct compilation phases.

49

CoqHoTT Coq for Homotopy Type Theory Project Objectives

The goal of the CoqHoTT project is to provide a new generation of proof assistants based on the fascinating connection between homotopy theory and type theory. It may promote Coq (a proof assistant developed at Inria) as a major proof assistant, for both computer scientists and mathematicians, as it should become an essential tool for program certification and formalization of mathematics.

Project Funding

The CoqHoTT project is funded by an ERC Starting Grant

Project Partners

• Inria Rennes Bretagne Atlantique (IRBA) • Laboratoire des sciences du numérique de Nantes (LS2N) • IMT atlantique

Contact Details

Project Coordinator, Dr Nicolas Tabareau Département Informatique École des Mines de Nantes 4, rue Alfred Kastler F - 44307 Nantes cedex 3 France T: +33 (0)2 51 85 82 37 E: nicolas.tabareau@inria.fr W: http://coqhott.gforge.inria.fr/

Dr Nicolas Tabareau

Project Coordinator Nicolas Tabareau is Chargé de Recherche (junior researcher) at Inria. He conducts research on programming languages and proof assistants in order to provide better tools for proofs formalization both to computer scientists and mathematicians.

Extensions of CoqHoTT using model transformations of mathematical logic.

or for software developers,” continues Dr Tabareau. “One of the goals is to help a traditional software developer to prove the correctness of their system, without needing to rely on academic experts.” This could help to improve software security and reduce the impact of software bugs, which currently cost companies millions of euros a year. It is however difficult to guarantee a certain level of security, as it is necessary to make some basic assumptions in the development of

this area, who are more familiar with this type of application.” The project’s work is more exploratory in nature at this stage however, with researchers exploring fundamental questions and looking to modify and improve the theoretical foundations of Coq. With the project over half-way through its funding term, Dr Tabareau hopes their work will eventually lead to the release of a new version of the Coq system. “This version should contain important improvements,

The goal is to improve the proof assistant and to include more properties in the logic, so that it can offer more reasoning principles to the user. a protocol. “It’s very hard to anticipate all the possible uses of a protocol,” acknowledges Dr Tabareau. There are still vulnerabilities in software, which can be exploited. “Currently it is possible that people can steal money, for example from block-chain technology, by finding a flaw in the mechanism. Making code more reliable is the key to building trust in the system,” continues Dr Tabareau. “We are collaborating on these issues with colleagues who are more well-versed in

like making it easier to reason on equality, and with facilities to make the logic more powerful,” he outlines. This work is progressing well, and researchers in the project are confident that a new, improved version of the system will be available in two to three years time, beyond which Dr Tabareau is looking towards further development. “I am planning to work on a second version of the project, a CoqHott 2, which will be less closely connected to HoTT,” he continues.

Main building of the Laboratoire des sciences du numérique de Nantes (LS2N).

50

EU Research

Turn static files into dynamic content formats.

Create a flipbook
Issuu converts static files into: digital portfolios, online yearbooks, online catalogs, digital photo albums and more. Sign up and create your flipbook.