How to Believe a Machine-Checked Proof

Suppose I say "Here is a machine-checked proof of Fermat's last theorem (FLT)". How can you use my putative machine-checked proof as evidence for belief in FLT? I start from the position that you must have some personal experience of understanding to attain belief, and to have this experience you must engage your intuition and other mental processes which are impossible to formalise. By machine-checked proof I mean a formal derivation in some given formal system; I am talking about derivability, not about truth. Further, I want to talk about actually believing an actual formal proof, not about formal proofs in principle; to be interesting, any approach to this problem must be feasible. You might try to read my proof, just as you would a proof in a journal; however, with the current state of the art, this proof will surely be too long for you to have confidence that you have understood it. This paper presents a technological approach for reducing the problem of believing a formal proof to the same psychological and philosophical issues as believing a conventional proof in a mathematics journal. The approach is not entirely successful philosophically as there seems to be a fundamental difference between machine checked mathematics, which depends on empirical knowledge about the physical world, and informal mathematics, which needs no such knowledge (see section 3.2.2). In the rest of this introduction I outline the approach and mention related work. In following sections I discuss what we expect from a proof, add details to the approach, pointing out problems that arise, and concentrate on what I believe is the primary technical problem: expressiveness and feasibility for checking of formal systems and representations of mathematical notions.

[1]  Kim Guldstrand Larsen,et al.  Compositional Safety Logics , 1997 .

[2]  Peter Bro Miltersen,et al.  Linear Hashing , 1997, BRICS Report Series.

[3]  Robin Milner,et al.  Definition of standard ML , 1990 .

[4]  Dale Miller,et al.  A Logic Programming Language with Lambda-Abstraction, Function Variables, and Simple Unification , 1991, J. Log. Comput..

[5]  J. Horgan THE DEATH OF PROOF , 1993 .

[6]  Bengt Nordström,et al.  Programming in Martin-Lo¨f's type theory: an introduction , 1990 .

[7]  Vladimiro Sassone,et al.  Transition systems with independence and multi-arcs , 1997, Partial Order Methods in Verification.

[8]  Dale Miller,et al.  A logic for reasoning with higher-order abstract syntax , 1997, Proceedings of Twelfth Annual IEEE Symposium on Logic in Computer Science.

[9]  Robert Pollack,et al.  On Extensibility of Proof Checkers , 1994, TYPES.

[10]  Jim Grundy Trustworthy Storage and Exchange of Theorems , 1996 .

[11]  Thomas Tymoczko The Four-color Problem and Its Philosophical Significance , 1979 .

[12]  Andrew D. Gordon,et al.  Five Axioms of Alpha-Conversion , 1996, TPHOLs.

[13]  A. W. Hofmann The Theory of Types , 1964 .

[14]  Alan Smaill,et al.  Experience with F S 0 as a Framework Theory , 1993 .

[15]  Gift Siromoney,et al.  A Perspective in Theoretical Computer Science - Commemorative Volume for Gift Siromoney , 1989, A Perspective in Theoretical Computer Science.

[16]  T. Coquand An algorithm for testing conversion in type theory , 1991 .

[17]  Giovanni Sambin,et al.  Twenty-five years of constructive type theory. , 1998 .

[18]  Lawrence Charles Paulson,et al.  Isabelle: A Generic Theorem Prover , 1994 .

[19]  Stefan Kahrs,et al.  Mistakes and Ambiguities in the definition of Standard ML , 1993 .

[20]  Daniel Fredholm Intensional Aspects of Function Definitions , 1995, Theor. Comput. Sci..

[21]  Glynn Winskel,et al.  Bistructures, Bidomains and Linear Logic , 1994 .

[22]  K. Appel,et al.  Every Planar Map Is Four Colorable , 2019, Mathematical Solitaires & Games.

[23]  Rp Rob Nederpelt,et al.  Selected papers on Automath , 1994 .

[24]  Giovanni Sambin,et al.  Pretopologies and completeness proofs , 1995, Journal of Symbolic Logic.

[25]  Peter Bro Miltersen Error correcting codes, perfect hashing circuits, and deterministic dynamic dictionaries , 1998, SODA '98.

[26]  A. Cohn The notion of proof in hardware verification , 1989 .

[27]  M. Gordon,et al.  Introduction to HOL: a theorem proving environment for higher order logic , 1993 .

[28]  Rance Cleaveland,et al.  Implementing mathematics with the Nuprl proof development system , 1986 .

[29]  Michael J. C. Gordon,et al.  Edinburgh LCF: A mechanised logic of computation , 1979 .

[30]  S. Feferman Finitary inductively presented logics , 1994 .

[31]  James McKinna,et al.  Pure Type Systems Formalized , 1993, TLCA.

[32]  Philippa Gardner,et al.  Representing logics in type theory , 1992 .

[33]  John K. Slaney,et al.  The Crisis in Finite Mathematics: Automated Reasoning as Cause and Cure , 1994, CADE.

[34]  Robert S. Boyer Panel Discussion: A Mechanically Proof-Checked Encyclopedia of Mathematics: Should We Build One? Can We? , 1994, CADE.

[35]  de Ng Dick Bruijn,et al.  Lambda calculus notation with nameless dummies, a tool for automatic formula manipulation, with application to the Church-Rosser theorem , 1972 .

[36]  Gérard P. Huet,et al.  The Constructive Engine , 1989, A Perspective in Theoretical Computer Science.

[37]  Oded Goldreich,et al.  Probabilistic Proof Systems A Survey , 1995 .

[38]  J. Harrison Metatheory and Reflection in Theorem Proving: A Survey and Critique , 1995 .

[39]  Kim Guldstrand Larsen,et al.  Timed Modal Specification —Theory and Tools , 1997 .

[40]  C. W. H. Lam Opinion: How Reliable Is a Computer-Based Proof? , 1990 .

[41]  R. Pollack The Theory of LEGO A Proof Checker for the Extended Calculus of Constructions , 1994 .

[42]  Gopalan Nadathur,et al.  An Overview of Lambda-PROLOG , 1988, ICLP/SLP.

[43]  Richard J. Lipton,et al.  Social processes and proofs of theorems and programs , 1977, POPL.

[44]  Carl A. Gunter,et al.  The machine-assisted proof of programming language properties , 1996 .

[45]  Frank Pfenning,et al.  Higher-order abstract syntax , 1988, PLDI '88.