Papers
Topics
Authors
Recent
Gemini 2.5 Flash
Gemini 2.5 Flash
162 tokens/sec
GPT-4o
7 tokens/sec
Gemini 2.5 Pro Pro
45 tokens/sec
o3 Pro
4 tokens/sec
GPT-4.1 Pro
38 tokens/sec
DeepSeek R1 via Azure Pro
28 tokens/sec
2000 character limit reached

Lean4Lean: Towards a Verified Typechecker for Lean, in Lean (2403.14064v2)

Published 21 Mar 2024 in cs.PL

Abstract: In this paper we present a new "external checker" for the Lean theorem prover, written in Lean itself. This is the first complete typechecker for Lean 4 other than the reference implementation in C++ used by Lean itself, and our new checker is competitive with the original, running between 20% and 50% slower and usable to verify all of Lean's mathlib library, forming an additional step in Lean's aim to self-host the full elaborator and compiler. Moreover, because the checker is written in a language which admits formal verification, it is possible to state and prove properties about the kernel itself, and we report on some initial steps taken in this direction to formalize the Lean type theory abstractly and express the relation between the kernel functions and the type theory. We plan to use this project to help justify any future changes to the kernel and type theory and ensure unsoundness does not sneak in through either the abstract theory or implementation bugs.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (12)
  1. Failure of Normalization in Impredicative Type Theory with Proof-Irrelevant Propositional Equality. Logical Methods in Computer Science, Volume 16, Issue 2, June 2020. URL: https://lmcs.episciences.org/6606, doi:10.23638/LMCS-16(2:14)2020.
  2. Coq in Coq. Available on the WWW, 1997.
  3. Interactive Theorem Proving and Program Development: Coq’Art: The Calculus of Inductive Constructions. Springer Science & Business Media, 2013.
  4. Mario Carneiro. The Type Theory of Lean. 2019. URL: https://github.com/digama0/lean-type-theory/releases/tag/v1.0.
  5. Mario Carneiro. Metamath zero: Designing a theorem prover prover. In Intelligent Computer Mathematics: 13th International Conference, CICM 2020, Bertinoro, Italy, July 26–31, 2020, Proceedings, page 71–88, Berlin, Heidelberg, 2020. Springer-Verlag. doi:10.1007/978-3-030-53518-6_5.
  6. A self-verifying theorem prover. PhD thesis, University of Texas, 2009.
  7. The Lean Theorem Prover (system description). In International Conference on Automated Deduction, pages 378–388. Springer, 2015.
  8. Peter Dybjer. Inductive Families. Formal aspects of computing, 6(4):440–465, 1994.
  9. John Harrison. Towards self-verification of hol light. In Ulrich Furbach and Natarajan Shankar, editors, Proceedings of the third International Joint Conference, IJCAR 2006, volume 4130 of Lecture Notes in Computer Science, pages 177–191, Seattle, WA, 2006. Springer-Verlag.
  10. CakeML: A Verified Implementation of ML. SIGPLAN Not., 49(1):179–191, January 2014. URL: http://doi.acm.org/10.1145/2578855.2535841, doi:10.1145/2578855.2535841.
  11. Coq Coq correct! verification of type checking and erasure for Coq, in Coq. Proc. ACM Program. Lang., 4(POPL), dec 2019. doi:10.1145/3371076.
  12. Sebastian Andreas Ullrich. An Extensible Theorem Proving Frontend. PhD thesis, Karlsruher Institut für Technologie (KIT), 2023. doi:10.5445/IR/1000161074.

Summary

  • The paper develops Lean4Lean, an external verifier implemented in Lean to formalize Lean’s metatheory and boost correctness.
  • It validates mathlib and core libraries while operating 20-50% slower than the C++ kernel, ensuring improved trust in proofs.
  • The work paves the way for self-hosting Lean’s elaborator and compiler, advancing formal verification and reliable theorem proving.

Lean4Lean: Towards a Formalized Metatheory for the Lean Theorem Prover

In "Lean4Lean: Towards a formalized metatheory for the Lean theorem prover," Mario Carneiro details the development of an "external verifier" for the Lean theorem prover itself, implemented in Lean. This initiative marks a significant milestone as it introduces the first complete verifier for Lean 4 aside from its original C++ implementation. The verifier demonstrates competitive performance, running between 20% and 50% slower than the reference C++ implementation and is proven capable of comprehensively verifying Lean's mathlib library. This work aligns with Lean's broader objective to self-host its full elaborator and compiler, thereby enhancing the system's self-sufficiency and reliability. The development also opens avenues for formal verification of the kernel properties, thus improving the credibility of proofs constructed within Lean by eliminating potential implementation errors.

Lean and Metatheory Development

Lean, a prominent theorem prover, offers a leaner kernel than its counterparts, like Coq. It gained attention due to its simpler foundational design and lack of soundness bugs in Lean 3's kernel. However, Lean 4's overhaul, aimed at implementing most components in Lean, brought new features which introduced some soundness bugs. Additionally, Lean 4’s redesign of its metaprogramming infrastructure necessitated new external verifiers due to the obsolescence of those used for Lean 3.

Carneiro embarks on reintroducing external verifiers to reestablish Lean's soundness, utilizing Lean as the language for the verification process. A kernel written in Lean permits users to leverage easy querying of internal states and facilitates proof tasks, thanks to Lean's dual functionality as both a programming and proving environment.

Technical Insights

The paper elaborates on the verifier, named Lean4Lean, demonstrating its capacity to validate the entirety of foundational Lean packages, including Lean itself, its standard library, and Mathlib. Although Lean4Lean operates slower than the C++ kernel, the trade-off is justified by the extra assurances it provides and its role as a complementary tool in ascertaining correctness.

The manuscript also ventures into formalizing Lean’s metatheory, setting a course towards verifying Lean4Lean’s correctness against the metatheory, akin to goals outlined in the MetaCoq project. The primary contributions highlight the encoding of typing judgments, along with empirical results aligned with theoretical consistency checks for the Lean type theory kernel.

Future Directions

Carneiro's work on Lean4Lean opens prospective research avenues, both practically and theoretically. Practically, it suggests enhancements in Lean's capacity for internal justification of kernel and type theory alterations. Theoretically, it provides groundwork for a robust verification framework that might eventually enhance similar theorem provers by offering replicable methodologies and insights into formalizing metatheory.

The project could see fruitful future developments, potentially influencing the integration of Lean in areas demanding high reliability and trust in computational proofs. Verification efforts in Lean could inspire analogous endeavors in other theorem proving ecosystems, driving forward the commitment to advancing formal methods and verifying mathematical software.

The intersections of logical foundations, computer-assisted proofs, and software reliability underscore the implications of Carneiro’s contributions, marking substantial progress in the ongoing formalization efforts in interactive theorem provers. This work pushes the understanding and trust in formalized math by offering a pathway to more secure, verified computational tools.

File Document Download Save Streamline Icon: https://streamlinehq.com PDF File Document Download Save Streamline Icon: https://streamlinehq.com Markdown
Youtube Logo Streamline Icon: https://streamlinehq.com

YouTube