Fast and Reliable Symbolic Computation

Using computers to formulate conjectures and consolidate proof steps pervades all mathematical fields, even the most abstract. Most computer-aided proofs are produced by symbolic computations, using computer algebra systems. From basic research to applications, the importance of mathematics produced today by symbolic computation cannot be overstated. However, the typical architecture of computer-algebra systems renders the systematic verification of computer-produced proof steps challenging, if not impossible.
The central objective of the FRESCO project is thus to improve the reliability of computer-aided mathematics, by delivering fast and reliable symbolic computation. Instead of attempting to retrofit correctness in software that has sacrificed semantics for speed, the proposed approach builds on formal proofs and interactive theorem provers. Both computer algebra systems and interactive theorem provers are designed for manipulating symbolic, exact representations of mathematical data. But when computer algebra systems seek speed and usability, theorem provers enforce foundational correctness, through logic- and computer-based formal proofs: it is now time to reconcile these two approaches. Three scientific objectives structure this grand challenge. The first objective is the design of a programming environment for computational mathematics, by finding the right balance between strong typing and productivity. This environment should allow connecting abstract mathematical descriptions with the bare metal of the processor. The second objective is the design of verification techniques for computational mathematics. This way, we will ensure that specific concerns to low-level code do not leak into the formal verification of a theorem, say, in algebraic geometry. Finally, the last objective of the project is to actually deliver verified state-of-the-art computational mathematics, by populating the environment with enough mathematical vocabulary and eventually confront to frontline research problems in mathematics.

The first period of the project has been devoted to advancing the two first objectives of the project. In the frame of the first objective, we have designed a novel low-level language for computer algebra, called Capla. Halfway between C and Rust, Capla is designed to be both safe and verification-friendly, while being low-level enough to be suitable for computationally intensive applications. The Capla language comes equipped with a formally proved semantics, using the Coq/Rocq interactive prover, and with a formally verified compiler.
Regarding the second objective, the main milestone reached during this first period is a fundamental result in type theory, the logical foundations underlying proof assistants like Coq/Rocq or Lean, or Agda. This theorem explains how to transfer arbitrary properties between related mathematical concepts or data structures, in an automated fashion. This theoretical contribution has enabled the implementation of Trocq, a concrete tool for proof transfer, which provides a Swiss-army knife for automating mundane parts of formal libraries, in particular in the case of code refinements.
Finally, during this period we have developed a computer-aided tool for reliable, machine-checked categorical diagrammatic reasoning. When category theory is used to justify a proof step deemed both technical and little informative, authors often provide succinct descriptions of such a step, under the form of a diagram that guides the intuition of the audience. These diagrams help visualizing the existence of certain morphisms or objects, identities between composition of morphisms, etc. In practice however, diagrammatic proofs soon become overly complex. Such complex proofs only remain readable at the price of hiding non-trivial technical arguments and are, as a result, challenging to rigorously verify by hand. We have designed and studied a dedicated first-order language for proofs by diagram chasing, which constitutes the foundations of a formally verified tool for writing reliable diagrammatic proofs in Abelian categories.

The three main achievements of this first period each represent significant progress beyond the state of the art. All three come with implementations within the Coq/Rocq interactive prover, which can be transposed to other provers based on similar foundations.
The Capla language demonstrates that the programming style of the C and Fortran languages, used by state-of-the-art, reference implementations of core computer algebra routines, can be married with the non-aliasing philosophy that makes formal verification tractable. Formally verified Capla code is so safe that it could just be run inside the interactive prover, without any fear that it might jeopardize the consistency of prover by corrupting its memory. A wider-spread usage of verified Capla code will however require extending the language with a few features, as well as devising a program logic in order to ease deductive verification of functional correctness. The Trocq plugin, and the theoretical results it bases on, advances the understanding of relational models for dependent type theory: it allows for proving more theorems automatically, it does so under weaker assumptions, and its implementation is more robust, more efficient and more extensible than existing comparable tools. We will improve the treatment of inductive types, and generalize further the parametricity results so as to enable a wider adoption of this plugin, in a broader range of applications. Our library for machine-checked categorical diagrammatic reasoning is modular enough to serve any pre-existing library of formalized category theory, and provides unique formal-proof-producing automation.
We will now develop further the formal vocabulary of homological algebra in our library, so as to address the needs of realistic complex paper proofs. The next period will be concerned with the design of the higher-level layer of the envisioned programming environment, and with the structuring of large corpora of formalized mathematics, before attacking the formal verification of modern computer-aided proofs in number theory.