From the Universality of Mathematical Truth to the Interoperability of Proof Systems

The development of computerized proof systems, such as Coq, Matita, Agda, Lean, HOL 4, HOL Light, Isabelle/HOL, Mizar, etc. is a major step forward in the never ending quest of mathematical rigor. But it jeopardizes the universality of mathematical truth [5]: we used to have proofs of Fermat’s little theorem, we now have Coq proofs of Fermat’s little theorem, Isabelle/HOL proofs of Fermat’s little theorem, PVS proofs of Fermat’s little theorem, etc. Each proof system: Coq, Isabelle/HOL, PVS, etc. defining its own language for mathematical statements and its own truth conditions for these statements. This crisis can be compared to previous ones, when mathematicians have disagreed on the truth of some mathematical statements: the discovery of the incommensurability of the diagonal and side of a square, the introduction of infinite series, the non-Euclidean geometries, the discovery of the independence of the axiom of choice, and the emergence of constructivity. All these past crises have been resolved.


Yet another crisis of the universality of mathematical truth
The development of computerized proof systems, such as Coq, Matita, Agda, Lean, HOL 4, HOL Light, Isabelle/HOL, Mizar, etc. is a major step forward in the never ending quest of mathematical rigor.But it jeopardizes the universality of mathematical truth [5]: we used to have proofs of Fermat's little theorem, we now have Coq proofs of Fermat's little theorem, Isabelle/HOL proofs of Fermat's little theorem, PVS proofs of Fermat's little theorem, etc.Each proof system: Coq, Isabelle/HOL, PVS, etc. defining its own language for mathematical statements and its own truth conditions for these statements.This crisis can be compared to previous ones, when mathematicians have disagreed on the truth of some mathematical statements: the discovery of the incommensurability of the diagonal and side of a square, the introduction of infinite series, the non-Euclidean geometries, the discovery of the independence of the axiom of choice, and the emergence of constructivity.All these past crises have been resolved.

Predicate Logic and other logical frameworks
One way to resolve a crisis, such as that of non-Euclidean geometries, or that of the axiom of choice, is to view geometry, or set theory, as an axiomatic theory.The judgement that the statement the sum of the angles in a triangle equals the straight angle is true evolves to that that it is a consequence of the parallel axiom and of the other axioms of geometry.Thus, the truth conditions must be defined, not for the statements of geometry, but for arbitrary sequents: pairs Γ A formed with a theory, a set of axioms, Γ and a statement A.
This induces a separation between the definition of the truth conditions of a sequent: the logical framework and the definition of the various geometries as theories in this logical framework.This logical framework, Predicate logic, was made precise by Hilbert and Ackermann [13], in 1928, more than a century after the beginning of the crisis of non-Euclidean geometries.The invention of Predicate Logic was a huge step forward.But Predicate Logic also has some limitations.
To overcome these limitation, it has been modernized in various ways in the last decades.First, λ-Prolog [15] and Isabelle [17] have extended Predicate logic with variable binding function symbols, such as the symbol λ in the term λx x.Then, the λΠ-calculus [12] has permitted to explicitly represent prooftrees, using the so-called Brouwer-Heyting-Kolmogorov algorithmic interpretation of proofs and Curry-de Bruijn-Howard correspondence.In a second stream of research, Deduction modulo theory [4,6] has introduced a distinction between computation and deduction, in such a way that the statement 27 × 37 = 999 computes to 999 = 999, with the algorithm of multiplication, and then to , with the algorithm of natural number comparison.It thus has a trivial proof.A third stream of research has extended classical Predicate logic to an Ecumenical predicate logic [10,14,3,19,18,9,11] with both constructive and classical logical constants.
These streams of research have merged, to provide a logical framework, the λΠ-calculus modulo theory [2], also called Martin-Löf's logical framework [16].This framework permits function symbols to bind variables, it includes an explicit representation for proof-trees, it distinguishes computation from deduction, and it permits to define both constructive and classical logical constants.It is the basis of the language Dedukti, where Simple type theory, Martin-Löf's type theory, the Calculus of constructions, etc. can easily be expressed.

The theory U
The expression in Dedukti of Simple type theory, Simple type theory with polymorphism, Simple type theory with predicate subtyping, the Calculus of constructions, etc. use symbol declarations and computation rules that play the rôle of axioms in Predicate logic.But, just like the various geometries or the various set theories share a lot of axioms and distinguish by a few, these theories share a lot of symbols and rules.This remark leads to defining a large theory, the theory U [1], that contains Simple type theory, Simple type theory with polymorphism, Simple type theory with predicate subtyping, and the Calculus of constructions, etc. as sub-theories.
Many proofs developed in proof processing systems can be expressed in the theory U and depending on the symbols and rules they use they can be translated to more common formulations of the theories implemented in these systems.
For instance, F. Thiré has expressed a large library of arithmetic, originally developed in Matita, in an sub-theory of the theory U, corresponding to Simple type theory with polymorphism and translated these proofs to the language of seven proof systems [20], Y. Géran has expressed the first book of Euclid's elements originally developed in Coq, in a sub-theory of the theory U, corresponding to Predicate logic, and translated these proofs to the language of many proof systems, including predicate logic ones [8], and T. Felicissimo has shown that a large library of proofs originally developed in Matita, including a proof of Bertrand's postulate, could be expressed in predicative type theory and expressed in Agda [7].