Foundations for the Management of Formal Mathematical Knowledge

Transcription

1 Foundations for the Management of Formal Mathematical Knowledge Robert L. Constable Cornell University Small Types Workshop Nijmegen, November /28/2004 Nijmegen04 1

2 Vision Very large libraries (databases) of formal mathematical knowledge, created and shared by the theorem proving community, will make interactive theorem provers indispensible tools in parts of mathematics, science, and education as they already have become in formal methods and software practice. In turn, the libraries will grow more rapidly and become interconnected with the intuitive mathematical literature, weaving threads of computational certainty into the oldest rigorous intellectual activity of human kind. 10/28/2004 Nijmegen04 2

3 MetaPRL NuPRL Mizar COQ ACL2 HOL PVS Theorem proving systems as isolated islands, reaching a small community 10/28/2004 Nijmegen04 3

4 MetaPRL NuPRL Mizar COQ Formal Digital Library ACL2 HOL PVS The FDL joins all the small islands into a single big island that can accommodate much more than the sum of all individual islands, and allows people to stand on the ground in between. 10/28/2004 Nijmegen04 4

5 Challenges and Problems 1. Community using formal proofs is relatively small Market for formal proofs is small proof technology not widely used in software proof technology not widely used in science and math proof technology not widely used in education Formal proving is still hard work expansion factor shallow base of basic mathematical facts demanding skill set (programming + math + design) 10/28/2004 Nijmegen04 5

6 Challenges and Problems 2. Community is disconnected Each group uses a different system Almost no sharing (logical difficulties, practical ones) Systems change or go extinct 10/28/2004 Nijmegen04 6

7 Digital Library Approach to the Challenges 1. Widen the community by library will increase the services provided library will decrease the effort to create proofs (seen from experience) 2. Connect the community through a common service the digital libraries approach 10/28/2004 Nijmegen04 7

8 Outline 1. Relating theories and systems 2. The structure of theories 3. Aids to organization and search 10/28/2004 Nijmegen04 8

9 Type Theories There are at least eleven active important interactive provers, some coupled to fully automatic provers such as JProver, Otter, TPS, and Omega. ACL2, Alf, Coq, HOL, Isabelle, MetaPRL, Minlog, Mizar, Nuprl, PVS, Twelf Nine of these are based on higher-order typed logic. Why? Will there ever be ONE system? ONE logic? ONE framework? ONE metalogic? Will there ever be one Operating System? One Programming Language? 10/28/2004 Nijmegen04 9

10 Central Characters Higher-Order Logics and Type Theories HOL/Isabel, B A B A B Nuprl Z, Atom x : A B x : A B a = b in A x : A, x : A a = b in A x : A, x : A Coq and Nuprl share many features, so Coq will be mentioned as well. 10/28/2004 Nijmegen04 10

11 Comparing Representative Type Theories Least Number Principle (LNP): ( ( ) ( ( ) ( ))) P : N B. y :. P y x :. P x & x :. z < x P z Law of Excluded Middle (LEM): ( ) P :Prop. P P i 10/28/2004 Nijmegen04 11

12 Interpretations of LNP In Nuprl LNP specifies a class of programs that includes: least ( P, y ) = for i = 0 to y do () () if P i then return i else i : = i + 1 ( y ) end; return. In HOL and PVS the function P B is ANY function, and it represents any propositional function, including noncomputable ones, e.g.: P(x,m) iff a Turing machine with x states can print the number m and halt starting with blank tape. 10/28/2004 Nijmegen04 12

13 Interpretations of LEM In Nuprl, LEM is not an axiom nor a theorem. There are models of Nuprl for which LEM, and LEM is false in the domain theory of Nuprl. In HOL and PVS, LEM is an axiom. Adding LEM to Nuprl produces a theory we call Classical Nuprl. Doug Howe proved that this theory is consistent. We will examine that proof. 10/28/2004 Nijmegen04 13

14 Type Theory as a Specification Language Integer square root example Thm 1.2 Cor 1.1 Cor 1.2 Cor 1.3 n :.! r :. Root n, r ( ) ( ( )) rt :. n :. Root n, rt n ( 11. ) ext Thm ε ( ext ( 11)( )) n :. Root n, Thm. n 10/28/2004 Nijmegen04 14

15 Interpretations of Integer Square Root These theorems could be true in Coq, HOL, Nuprl, and PVS if HOL and PVS supported extraction of functions from statements according to the Semantics of Evidence; see my MOD 1982 lecture notes, Assigning Meaning to Proofs; and my Handbook of Proof Theory article [39], Types in Logic, Mathematics and Programming. In Coq and Nuprl, the function in Cor 1.1 is computable. 10/28/2004 Nijmegen04 15

16 The Root Program Extract The Working Material, Appendix A, p. 46, shows the extract term for this proof in ML notation: let rec sqrt i = if i = 0 then < 0, pf > else let ( ) 2 0 i 1 ( i 1) in if r + 1 n then < r + 1, pf > else < r, pf >= sqrt - < r, pf ' > i i 10/28/2004 Nijmegen04 16

17 Relating theories and systems (early period) CLASSICAL Simple type theory STT (HOL, Isabelle) Extended STT STT + (PVS) CONSTRUCTIVE Intuitionistic type theory ITT (Alf) Computational type theory CTT (Nuprl, MetaPRL) Calculus of Inductive Constructions CIC (Coq, MetaPRL) 10/28/2004 Nijmegen04 17

18 CLASSICAL Simple type theory STT (HOL, Isabelle) Extended STT STT + (PVS) Classical CTT (Howe 1997) Polymorphic Computational includes sets (Classical Nuprl) Relating theories and systems (current period) CONSTRUCTIVE Constructive Simple type theory CSTT (Berghofer/Nipkow 2002) Intuitionistic type theory ITT Computational type theory CTT Calculus of Inductive Constructions CIC 10/28/2004 Nijmegen04 18

19 Semantics of STT Andy Pitts gives a clean semantics of STT in ZF set theory. In that semantics: = { } { } { φ, φ,{ φ, φ },...} ( ) ( ) { } λx : N. b x = x, b x x is the set of functional relation s on x. 10/28/2004 Nijmegen04 19

20 Semantics of CTT Per Martin-Lof provided an intuitive axiomatic semantics based on his doctrine of canonical forms. Stuart Allen gave a PER (partial equivalence relation) semantics in a neutral theory of inductive definitions. In that semantics: = all terms that evaluate to canonical integers { n} = { x: Term x n} is z { z} z 10/28/2004 Nijmegen04 20

21 Semantics of CTT ( ) λxb. x {} { f3} is is defined by evaluation rules think of 3 f z: {} z { fz} ( ) λxx. is in all A A! 10/28/2004 Nijmegen04 21

22 Subtyping in CTT versus Set Theory Notice Even In CTT, B Even B consider λx.rm(x,2) In Set Theory, any f in Even B is a subset of a function in B 10/28/2004 Nijmegen04 22

23 The Cumulative Hierarchy of Sets ( ( φ )) ( φ ) P P P φ ω ω + ω p i φ i=0 Captures the intuition of collecting stages and co-finality unending stages. ( ) 10/28/2004 Nijmegen04 23

24 Zermelo Fraenkel Set Theory (ZF) ZF can be axiomatized in 1 st order logic by axioms, 2 axiom schemas (separation, replacement). Axiom of choice is a 9 th axiom. Z 0 = φ The hierarchy is defined as: Z = Z Z α α + 1 Z = β< α α Ord β ( ) = P Z Every ZF set x is in some Z α ; its rank is the least such ordinal α. Z α α 10/28/2004 Nijmegen04 24

25 Semantics for HOL STT Pitts ZC C-STT Cornell CZ Werner C-STT Coq ZFC 10/28/2004 Nijmegen04 25

26 An Intuitionistic Cumulative Hierarchy of Sets C-STT into IZF ( ( φ )) ( φ ) P P P φ ω + ω ω Prop First Order Logic (FOL) Base with proof terms (proofs-as-programs.) 10/28/2004 Nijmegen04 26

27 Types Review of Set Theoretic Semantics Structured Sets A = { αi} (HOL, PVS, MML 0 ) ω + ω α i rank ω ( α ) i The Cumulative Hierarchy of Sets 10/28/2004 Nijmegen04 27

28 Goal of Howe s Approach Pure Type Theory a, a,, a 1 2 f ( a) f λx. b p < a, b> ( ) λ xb. < a, b> c a U i i enlarge i Type Theory with Set Terms a1, a2,, a i α 1, α 2,, α i A γ f a ϕ α A ( ) ( ) ( ) ( ) λxb. a b < a, b> < α, β > c a c α i ( ) i ( ) f λxb. f ϕ c α c α i i 10/28/2004 Nijmegen04 28

29 Howe s Meaning Functions Howe s Approach to Set-theoretic Semantics: like Pitts, Dybjer, Troelstra, and others, Doug Howe maps types into sets; for A, a type, A is a set. However, he introduces new ideas to handle functionality, polymorphism, subtyping, quotient types, and types as objects (universes). For instance, λxx. is an element ϕ of A A A A and he writes that ϕ λxx.. 10/28/2004 Nijmegen04 29

30 Limitations of Set Embedding Unlike with PVS and HOL, no embedding can cover all of Nuprl because ( T B) Recursive types allow T = B Domains all absolutely unsolvable problems But Howe gets a very substantial part and Moran extends to more. 10/28/2004 Nijmegen04 30

31 Goal of Howe s Approach Extend the family of structured sets Create constants for all structured sets Extend evaluation to all terms Define approximation (covering) α a to relate sets α to i i i terms a i 10/28/2004 Nijmegen04 31

32 Howe s Method 1. Encode type terms and types into sets in the cumulative hierarchy W γ < ty, γ > < fn, ϕ > i α1,, αn c i ( α ) < c < >> 2. Define a subset of W with a unique meaning property; call it V. 3. Define a term model for all V sets; call it T Define evaluation and approximation on T 0 ; this provides a computational type theory with set oracles. I present a variant used by Evan Moran to extend Howe s results. ϕ 10/28/2004 Nijmegen04 32

33 Extending Set Theoretic Semantics to ML-82, Alf, Nuprl Can we account for these ideas in set theory? Can we embed CTT into the cumulative hierarchy? U j U 2 U 1 τ 1 τ 2 τi are inaccessible cardinals 10/28/2004 Nijmegen04 33

34 Howe s Semantics We think of types as collections of equivalence classes of terms: or a i We need to allow sets representing equivalence classes into the collection of types. α i α, α,, α 1 2 n written γ { α1, α2,, α n } ( approximates ) where α covers a α a α a i i i i i i 10/28/2004 Nijmegen04 34

35 Disjointness and Incompatibility The equivalence classes are disjoint, of course. A = a 1 a a i if ai aj 0 then ai = aj The set elements must also be incompatible: γ = A { α, α,, α } 1 2 con( α, α ) implies α = α i j i j For each a A there will be a unique α γ, such that α a. i i A i j i 10/28/2004 Nijmegen04 35

36 Disjointness and Incompatibility The key condition for functions is: ϕ < α, β >, < α, β >,, < α, β >, i i ϕ ' < α', β' >, < α', β' >,, < α', β' >, If for all < α, β ><, α ', β ' > con ( α, α' ) implies con( β, β' ) i i i i con then ( ϕϕ, ) ' i i 10/28/2004 Nijmegen04 36

37 Compatibility (Consistency) Examples 0 0 and 1 1are compatible (consistent) since ϕ { < 00, > } ϕ{ < 11, > } ϕ { < 00, >, < 11, > } intersection, and have a non-empty ( ) ( ) 0, { 0, 0 } con 0, 1, 1 0 con 0 and ϕ{ < 0, 0 > } con ϕ{ < 1, 1> } and are compatible, i.e. since { < < > > } { < { < > } > } ϕ ϕ ϕ ϕ.. 10/28/2004 Nijmegen04 37

38 Membership and Approximation If the type A is interpreted as the set a A, there is a unique α such that α a. γ A, then for each We will say A = γ A and a = α. A 10/28/2004 Nijmegen04 38

39 Uniqueness Theorem For any term t in T, 0 1. If γ t and γ t, then γ = γ For all γ V and α, α γ, 1 2 if α t and α t, then α = α /28/2004 Nijmegen04 39

40 The Term Language T 0 Howe defines a term language, T 0, that includes the Nuprl terms with binding, such as x : A B, x : A B, λx. b, x : A B, ( ) decide ( p x a y b ) less n; m; a; b, ;. ;., T 0 includes the constructors and constants, such as U i, nat { n}, pair ( a; b ), inl ( a ), inr ( b ), ap ( f ; a ), ( ) T 0 includes constants for all of the γ, ϕ, ξ, c i α sets. Howe uses γ, ϕ, ξ to denote the set terms. 10/28/2004 Nijmegen04 40

41 The Term Language T 0 Howe extends the evaluation relation to all terms, for example: ( ) ( 01 ;; ; ) ap λx. b; a c if b a / x c less a b c if a c For instance, ap ( λx. x ; ϕ) ϕ. 10/28/2004 Nijmegen04 41

42 Evaluation Rules f ( ) φ α, β φ α a f λx. b b a / x v f f a v ( ap ) φ ( a ) β ( ) ( apλ ) λxb. λxb. c ( a) c ( a) i i γ γ 10/28/2004 Nijmegen04 42

43 Approximation Rules e v α v j αj aj α e c ( ) i α1,, αn ci a1,, a ( ) n ( ) b α, β φ β α / x φ λxb. Howe does not use this rule because it is unproven when the non-determinism of functions on quotient types is allowed. 10/28/2004 Nijmegen04 43

44 Examples { } ϕ { 02 } {, 17, ', 18 } Let ϕ = <, >, <, > ' = <, > ψ = < ϕ > < ϕ > ( ) ϕ because ϕ λxx. + 4 but not ϕ' λxx. + 4 ( xx. ) ψ λ /28/2004 Nijmegen04 44

45 The Substitution Lemma If α a then for any term e, β e α / x implies β e a / x The intuition is that for any demonstration of if it does not examine α, then it also establishes β e a / x. α, β e α / x, α If the derivation depends on then since and is a term, there is more information in α, β e α / x a α. a a than in any approximation and that information will establish the facts used about to show using in place of a α 10/28/2004 Nijmegen04 45

46 Rationale for the Substitution Lemma α a β e α x β e α / x means α β λ x.. e λxe. γ α β, a singleton set, and Assume and / To say Thus, (1). ( 2 ) From e a / x { } α From (1) and (2) we have thus, γ β { } { } a we know a γ { α} ( λxe. ) a γ { β} { }, and hence λxe γ α γ β β e a / x., 10/28/2004 Nijmegen04 46

47 Soundness the Meaning of x : A B x : A B is the set of functions ϕ with domain A such that for all < α, β > ϕ, β B α / x = γα. 10/28/2004 Nijmegen04 47

48 Soundness of Function Elimination Conclusion there is a β in f ( a) B [ a / x ] [ / ] We need to know that is defined, i.e. B a x ( a ). β f We know that for any by the premise for f. a α α < α β > ϕ β α f B x,, /, To say = means a. (Recall "Membership and Approximation.") A 10/28/2004 Nijmegen04 48

49 Soundness of Function Elimination Conclusion By the Substitution Lemma, if γ B α / x, then γ α B a / x, thus, γ B α / x = = B a / x. Likewise, if β f α then β f a. But by the Subs titution Lemma, we know β f ( α ), since ϕ f and β ϕ α. f ( ) ( ) ( ) f ( ) Hence f a B a / x as required. B [ a / x ] 10/28/2004 Nijmegen04 49

50 Types Review of Set Theoretic Semantics Structured Sets A = { αi} (HOL, PVS, MML 0 ) ω + ω α i rank ω ( α ) i Cumulative Hierarchy of Sets 10/28/2004 Nijmegen04 50

51 Issues with Nuprl Type Theories Some Nuprl theorems contradict classical set theory and classical logic. (a) Nuprl can solve this recursion equation on types: T = ( T B) B ( ) using µ X. X B B. (b) Nuprl s domain theory (bar types) includes this result: ( ( ) ) h : B. x :. h x = t iff x 10/28/2004 Nijmegen04 51

52 Nuprl has Union and Intersection The types A B, B, A B, B, x : A B x x A x A all violate Howe s construction as outlined. x ({ 0} { 0} ) { 1} { 1} ( ) includes 0 0 and 1 1 but no α β can approximate both. 10/28/2004 Nijmegen04 52

53 Outline 1. Relating theories and systems 2. The structure of theories 3. Aids to organization and search 10/28/2004 Nijmegen04 53

54 Theory Structure Should theories be directory-like structures, as in Automath contexts (a tree of knowledge)? These can be internalized as dependent records. {G:Type, op:gxg ax2: Identity(G, op, id); } G; id:g, ax1: Assoc(G, op); The FDL takes a different approach, more like a database than a file system. 10/28/2004 Nijmegen04 54

55 Information Graph of the FDL objects logical dependency textual links accounting links metalogical links 10/28/2004 Nijmegen04 55

56 FDL contains formal objects rules definitions algorithms, code conjectures specifications theorems inferences proofs, partial proofs certificates 10/28/2004 Nijmegen04 56

57 Inferences H G by J, H G by J,, H G by J n n n H G by J H i G i J i a list of formulas (terms) a formula (term) a justification (rule, tactic) 10/28/2004 Nijmegen04 57

58 Proof A proof is a dag of inferences GA, GA, GA, H GR, H GR, H GR, H GR, H GR, H GR, H GR, 10/28/2004 Nijmegen04 58

59 Example of Dependencies RULE DEF DEF THM name1: T by external 1 THM name2: T by 2 proof 10/28/2004 Nijmegen04 59

60 FDL allows sharing among collections PVS Nuprl MetaPRL 10/28/2004 Nijmegen04 60

61 FDL performs archival functions Automath system Auto QE checked the following formalization of Landau s Grundlagen (August 17, 2004). Coq 5.0 created the following extract for the Fundamental Theorem of Algebra (June 14, 2003). Nuprl 5 checked that Total Order (TO) protocol satisfies P (June 5, 2003). MetaPRL compiler produced C code from TO, and P is preserved (October 19, 2003). PVS 2.4 proved Menger s theorem (September 15, 2003). 10/28/2004 Nijmegen04 61

62 Formal Digital Library Editor Nuprl 5 Editor Web Editor Evaluator Maude Evaluator Library THEORY defs, thms, tactics rules, structure Refiner Refiner Nuprl MetaPRL MetaPRL Evaluator SoS (Lisp) Evaluator THEORY PRL defs, thms, tactics rules, structure THEORY (HOL) defs, thms, tactics rules, structure THEORY (PVS) defs, thms, tactics rules, structure THEORY defs, thms, tactics rules, structure THEORY defs, thms, tactics rules, structure Refiner Refiner Refiner HOL/SPIN PVS Ωmega Translator Java Translator OCaml 10/28/2004 Nijmegen04 62

63 Prototype FDL Data (Manual 3.1) Organized to eventually support closed maps D Term(D) D are object names (abstract) Term(D) are objects with embedded references Map is closed under object reference. Working space is the current closed map. Basic data structure is the library table. 10/28/2004 Nijmegen04 63

64 D Term( D) Closed Maps closed under reference (no dangling pointers) closed < id, term() > < id, term() > < id, term() > < id, term() > < id, term() > open < id, term() > < id, term() > < id, term() >? 10/28/2004 Nijmegen04 64

65 Abstract Object Identifiers D D implies Term D ( ) Term ( D ) i.e. d d implies ( ) ( ) ( ) ( ) def d = def d thm d = thm d ( ( )) ( ) ( ) pf thm d = pf thm d 10/28/2004 Nijmegen04 65

66 Concepts for FDL Design FDL supports large-scale operations on collections theory translation, e.g. CZF to Type Theory cross linking via formal thesaurus transplanting theorems classical to constructive translations 10/28/2004 Nijmegen04 66

67 Concepts for FDL Design FDL provides an experimental publication medium Can solicit exemplary contributions hybrid articles formal and informal elegant formalizations challenging formalizations expository articles hypothetical formalizations Articles directly include shared material 10/28/2004 Nijmegen04 67

68 Outline 1. Relating theories and systems 2. The structure of theories 3. Aids to organization and search 10/28/2004 Nijmegen04 68

69 Objective Organize digital formal math by automated and adaptable means Exploratory analysis of formal structure 10/28/2004 Nijmegen04 69

70 Motivation Collections are growing large; need for better automation, search, visualization, personalization <very broad> Can we exploit it in the same was as is done with the structure of the web? Formal Mathematics is rich with structure; can we exploit this as some kind of metadata? 10/28/2004 Nijmegen04 70

71 Method Graph-based approach to exploit meta-information from the structure relationships between theories are hidden, mass of objects, ordered by humans Internet search engines seems really smart; they exploit structure Rank results according to authority, Google s Page Rank Teoma ( allows you to refine search based on clusters Equate hyperlinks with dependencies, use HITS 10/28/2004 Nijmegen04 71

72 Kleinberg s HITS Algorithm HUBS AUTHORITIES Hubs point to good authorities & authorities point to good hubs Sparse adjacency matrix, A Hub vector = 1 st eigenvector of AA T Authority vector = 1 st eigenvector of A T A Communities Strongest hubs and authorities from respective non-principle eigenvectors Currently there are improved techniques relying on the same graph 10/28/2004 Nijmegen04 72

73 Iterative Algorithm Define x <n>, y <n> authority, hub weight for node n in graph G with edges E. x <n> y <q> q:(q,n)єe y <n> x <q> q:(n,q)єe Iterate ~ 20 times, normalizing after each. 10/28/2004 Nijmegen04 73

74 Design Decisions What are analogous to hubs and authorities in formal math? Dependency Graphs Theorems and Definitions (Rules, Tactics?) Definitions have no (logical) dependencies Direct Forward Dependencies Control over size and components of Graph, Seeding primes gcd ints 10/28/2004 Nijmegen04 74

75 Graph Statistics Nuprl5 Standard & Num Thy Subset Bickford s Event Systems Nodes Thm Def Max Max Edges Assortativity Outlinks Inlinks /28/2004 Nijmegen04 75

76 Nuprl5 Number Theory 10/28/2004 Nijmegen04 76

77 1 2 Standard and Numthy Communities listify_length, select_listify_id, int_seg_ind, select_append_front, decidable ex_int_seg, or, decidable, so_apply1 fincr_formation, fincr_wf, fincr_wf2, equiv_rel_functionality_wrt_iff 1 2 divides_of_absvals, absval_assoced, absval_wf chrem_exists_aux_a, gcd_ex_n, chrem_exists_aux, atomic_char, prime_elim, gcd_exists_n, bezout_ident_n, chrem_exists 3 fib_coprime, gcd_sat_gcd_p, gcd_sat_pred, fib_wf, gcd_wf ycomb, not_wf 3 div_3_to_1, div_2_to_1, div_4_to_1, divide_wf, nequal 4 atomic_char, assert_of_eq_int, prime_elim, assert_of_eq_atom, le_wf 4 eqff_to_assert, eqtt_to_assert, assert_of_bnot, assert_of_band, prop 10/28/2004 Nijmegen04 77

78 Weight Distributions Nuprl5 AUTHORITIES HUBS HUBS* Value V Value V Hub Weigh Seeded List+ Library Case Number Case Number Sorted Hub Weight Index Step-like Weight Distributions Booleans, lower plateau on authority graph Stratified development of hubs, Bickford s extended list theory 10/28/2004 Nijmegen04 78

79 Level Distribution Def: A node, n, is in level, i, iffn depends only on nodes in levels < i, and i is the smallest value for which this is the case. Characteristic peaks found, suggest characteristic size/complexity of proofs NUPRL5 EVENT SYSTEMS Num Nodes Value V LEVEL Case Number 10/28/2004 Nijmegen04 79

80 HELM Coq Library Comparison Nuprl5 Event Systems Coq in HELM Nodes Thm Def Max Outlinks Max Inlinks Edges Assortativity was /Coq/Reals/RiemannInt/RiemannInt_P28 10/28/2004 Nijmegen04 80

81 Coq Graph 10/28/2004 Nijmegen04 81

82 Coq Link Analysis Coq Outlinks COQ IN-LINKS LOGNODES 4 3 LOGNODES Series LOGDEPS LOGDEPS Similar link distribution pattern LOGOUTS LOGINS LOGLINKS LOGLINKS 10/28/2004 Nijmegen04 82

83 Coq HITS AUTHORITIES /Init/Logic/eq.ind /Init/Logic/eq_ind /Reals/Rdefinitions/R /Init/Logic/eq_ind_r /Reals/Rdefinitions/R0 /Init/Datatypes/bool.ind /Reals/Rdefinitions/Rplus /Reals/Rdefinitions/R1 /Reals/Rdefinitions/Rmult HUBS /Reals/Rtrigo_alt/cos_bound /Reals/SeqProp/ cv_speed_pow_fact /Reals/RiemannInt/ RiemannInt_P12 RiemannInt_P6 RiemannInt_P28 /Reals/Rtopology/Heine /Reals/Alembert/Alembert_C2 /Reals/RiemannInt/ RiemannInt_P25 RiemannInt_P8 10/28/2004 Nijmegen04 83

84 Coq Communities Logic/Berardi/inv Arith/Wf_nat/induction_gtof1 Arith/Wf_nat/lt_wf_rec1 IntMap/Mapaxioms/MapMerge_assoc Logic/Berardi/i Logic/Berardi/j Bool/Bvector/Vconst Bool/Bvector/vector_rec Bool/Bvector/vector_ind Init/Datatypes/bool_ind Init/Datatypes/bool_rec Logic/ClassicalFacts/f1_o_f2 IntMap/Mapaxioms/FSetUnion_idempotent IntMap/Mapc/MapMerge_idempotent_c Logic/Diaconescu/proof_irrel Logic/Berardi/retract_rect IntMap/Mapaxioms/MapMerge_assoc Logic/Eqdep/eq_dep_dep1 Logic/Eqdep/eq_dep1_eq Relations/Newman/Newman Init/Datatypes/bool_rect Bool/Bvector/vector_rect IntMap/Mapaxioms/MapMerge_assoc 10/28/2004 Nijmegen04 84

85 Coq Communities II Logic/Hurkens/lemma2 Logic/Hurkens/U Logic/Hurkens/sb Logic/Hurkens/le Logic/Hurkens/U Init/Logic_Type/identity_rect_r Init/Logic_Type/identity_rec_r Init/Logic_Type/identity_ind_r Init/Datatypes/identity_rect romega/reflomegacore/tred_factor3_stable omega/omegalemmas/fast_zred_factor3 ZArith/auxiliary/Zred_factor3 romega/reflomegacore/tred_factor3 ring/ring_abstract/minus_varlist_insert_ok ring/ring_abstract/minus_varlist_insert ring/ring_theory/th_plus_zero_left2 ring/ring_theory/th_plus_comm 10/28/2004 Nijmegen04 85

86 Coq HITS HUB WEIGHT AUTH WEIGHT Smoother weight degradation Very small hub values 10/28/2004 Nijmegen04 86

87 References P. Aczel. Notes on the simply typed lambda calculus. In Berger and Schwichtenberg P. Aczel. The type theoretic interpretation of constructive set theory: Inductive definition. In Logic, Methodology and Philosophy of Science VII P. Aczel and M. Rathjen. Notes on Constructive Set Theory. Mittag-Leffler Technical Report No.40, 2000/2001. P. Aczel. The type theoretic interpretation of constructive set theory. In Logic Colloquium 77. P. Aczel. The type theoretick interpretations of constructive set theory: Choice principles. In The L.E.J. Brouwer Centenary Symposium S. Allen. Abstract identifiers, intertextual reference and a computational basis for recordkeeping. First Monday, 9(2), S. Allen. A Non-type-theoretic Definition of Martin-Lof s Types. In Gries H. Barendregt and H. Geuvers. Proof Assistants using dependent type systems. In Handbook of Automated Reasoning S. Berghofer. Proofs, Programs and Executable Specifications in Higher Order Logic. PhD thesis, Technische Universitat Munchen, S. Berghofer and T. Nipkow. Executing higher order logic. In Types for Proofs and Programs: TYPES d R. Constable. Types in logic, mathematics and programming. In S. R. Buss, editor, Handbook of Proof Theory D. Howe. Importing mathematics from HOL into Nuprl. In Theorem Proving in Higher Order Logics, volume 1125, of Lecture Notes in Computer Science D. Howe. Semantic foundations for embedding HOL in Nuprl. In volume 1101 of Lecture Notes in Computer Science E. Moran. Adding Intersection and Union Types to Howe s Model of Type Theory [working title]. PhD thesis, Cornell University, /28/2004 Nijmegen04 87