david delahaye cnam, paris, france micaela mayero université paris nord, villetaneuse, france

MAP’06 Castro Urdiales, Spain

January 9, 2006

David.Delahaye@cnam.frhttp://cedric.cnam.fr/~delahaye/

mayero@lipn.univ-paris13.frhttp://www-lipn.univ-paris13.fr/~mayero/

Quantifier Elimination over Algebraically Closed Fieldsin a Proof Assistant using a Computer Algebra System

David Delahaye

CNAM, Paris, France

Micaela MayeroUniversité Paris Nord, Villetaneuse, France

2

MAP’06 Castro Urdiales, Spain

January 9, 2006

Introduction

• We focus on:

– Theorem Proving

– Computer Algebra

• In a Deduction System (DS):

hard to perform efficient computations.

In a Computer Algebra System (CAS):

no notion of consistency.

3

MAP’06 Castro Urdiales, Spain

January 9, 2006

Approaches

• CASs dedicated to computations

DSs dedicated to validation

Make them interact!

1. To import validation into CASs

2. To import computations into DSs

– Believing approach

– Skeptical approach

– Autarkic approach

3. To build a system with both

• Adams/Dunstan/Gottliebsen Kelsey/Martin/Owre: Maple/PVSMaple/PVS (2001)• Colton: Maple/OtterMaple/Otter (2002)

• Harrison/Théry: HOL/MapleHOL/Maple (1998)• Delahaye/Mayero: Coq/MapleCoq/Maple (2002)

• Focal Team: Focal systemFocal system (1997…)

4

MAP’06 Castro Urdiales, Spain

January 9, 2006

Contribution

• When importing CAS computations into DSs:

enhance the computational power of DSs.

• Our contribution:

Use a CAS to enhance the power of automation of a DS.

• Example:

– Quant. Elimination proc. over alg. closed fields (ACFs)

– In CoqCoq using MapleMaple

– Quite simple (one variable, skeptical appr.)

– Validation available (MapleMaple mode & ring/fieldring/field)

5

MAP’06 Castro Urdiales, Spain

January 9, 2006

Algebraically Closed Fields

• K is an ACF:

• Fundamental theorem of Algebra (D’Alembert’s theorem):

Every non-constant pol. of K[X] has n roots.

• Equation and inequation system:

.0 )( . 0 )deg( ].[ xPKxPXKP

0 , ,0

0 , ,0 )(

1

1

m

n

QQ

PPS

A method of quantifier elimination

6

MAP’06 Castro Urdiales, Spain

January 9, 2006

Quantifier elimination

• n = 0, m > 0: left (prop. 1)

• n > 0, m = 0: (prop. 2)

If P ≠ 1 then left (ACF) else right

• n > 0, m > 0:

– If P = 1 then right

– else G = gcd(P, Q):

If G = 1: (prop. 3)

else P = GP’: (prop. 4)

.0 . Qx

:0 ,

;0 ),(gcd

1

..1 ,

m

i i

nii

mQQ

nPP

0 . Px

0 . Px0 0 ' . GPx

Prop. 1: Q ≠ 0.

Prop. 2: P1 ≠ 0, P2 ≠ 0, G = gcd(P1, P2)..0 . iff 0 0 . 21 GxPPx

Prop. 3: P ≠ 0, Q ≠ 0, gcd(P, Q) = 1..0 . iff 0 0 . PxQPx

Prop. 4: P ≠ 0, Q ≠ 0, G = gcd(P, Q), P = GP1. iff 0 0 . QPx

.0 0 . 1 GPx

Φ ≡ “(S) has a sol.”:

7

MAP’06 Castro Urdiales, Spain

January 9, 2006

Extraction of an algorithm

Prop. 5: P ≠ 0, Q ≠ 0, G = gcd (P, Q), P = GP1.

If G ≠ 1 then deg(P1) < deg(P).

• We proved that “the system (S) has solutions or not” constructively

and using well-founded induction schemes:

the problem is decidable.

• Heyting-Kolmogorov’s semantics:

we can extract an algorithm from the previous proof.

8

MAP’06 Castro Urdiales, Spain

January 9, 2006

AlgorithmI. if n = 0 then go to III else compute

II. if m = 0 then apply prop. 1. Equivalent to

1. if P ≠ 1 then apply def. of ACF

2. else fail

III. if m ≠ 0:

1. compute

2. if n = 0 then apply prop. 2

3. else equivalent to

a. if P = 1 then fail

b. else compute G = gcd(P, Q):i. if G = 1 then apply prop. 3ii. else apply prop. 4 and re-apply the algorithm.

)(gcd ..1 , niiPP

:0 . Px

m

i iQQ1

:0 0 . QPx

9

MAP’06 Castro Urdiales, Spain

January 9, 2006

Validation of computations

• We have a skeptical approach.

Theorem (Bézout, converse): P ≠ 0, Q ≠ 0, G ≠ 0.

If G divides P and Q and if there exist A and B s.t. AP + BQ = G

then G = gcd(P, Q).

• The CAS must provide the gcd G, the quotients P1 and Q1,

as well as the cofactors A and B.

• The DS must verify: P = P1G, Q = Q1G and AP + BQ = G.

10

MAP’06 Castro Urdiales, Spain

January 9, 2006

Integration in CoqCoq using MapleMaple

• Why CoqCoq and MapleMaple?

existence of a MapleMaple mode for CoqCoq (Delahaye & Mayero, 2002).

• Work in CoqCoq:

– Theory of univariate polynomials

– Theory of ACFs (proofs of prop.)

– Systems of pol. with rational coefficients

• Work in MapleMaple: nothing to do (just use the gcd when needed).

11

MAP’06 Castro Urdiales, Spain

January 9, 2006

Extension of the MapleMaple mode for CoqCoq

• Initially:

– Algebraic operations over a field

– Validated automatically by the tactic fieldfield

• Extension:

– Import the gcd, the quotients and the cofactors

– Verify the 3 equalities (divisors and Bézout’s relation):

carried out by the tactics ringring (normalization)

and fieldfield (coefficients)

12

MAP’06 Castro Urdiales, Spain

January 9, 2006

Interface between CoqCoq and MapleMaple

CoqCoq MapleMaple

gcd(P, Q) Pm, Qm

Gm = gcdm(Pm, Qm)

with quot. P1, Q1

and cof. A, B

prove:P = P1G, Q = Q1Gand AP + BQ = G

G is the gcd of P and Q!

quotation

validation

13

MAP’06 Castro Urdiales, Spain

January 9, 2006

A simple example

• P = 3X 3 + 10X 2 + 5X + 6

Q = 2X 2 + 5X – 3

• We want to prove:

G = gcd(P, Q) = X + 3; equivalent to: (prop. 4),

where P = P’G. Re-apply the algorithm:

gcd(P’, G) = 1; equivalent to: (prop. 3),

proved by def. of ACF.

0 0 ' . GPx

0 ' . Px

.0 0 . QPx

14

MAP’06 Castro Urdiales, Spain

January 9, 2006

Running in Coq

Coq < Lemma lem1 : exists x : C, eval x P = C0 /\ eval x Q <> C0.

1 subgoal

============================

exists x : C, eval x P = C0 /\ eval x Q <> C0

lem1 < unfold P, Q.

1 subgoal

============================

exists x : C, eval x (PList C ((cte 3, 3) :: (cte 10, 2) :: (cte 5, 1) ::

(cte 6, 0) :: nil) sorted_p) = C0 /\ eval x (PList C ((cte 2, 2) ::

(cte 5, 1) :: (cte (-3), 0) :: nil) sorted_q) <> C0

lem1 < qelim.

Proof completed.

15

MAP’06 Castro Urdiales, Spain

January 9, 2006

Another example

• quartic = X 4 + X 3 + X 2 + X

cubic = X 3 + X 2 + X + 1

line = X + 1

• Points on the two curves but not on the line?

• i, -i and -1 satisfy quartic = 0 and cubic = 0;

-1 does not satisfy line ≠ 0 but i and -i do.

0 0 0 . linecubicquarticx

Coq < Lemma lem2 : exists x : C, eval x quartic = C0 /\ eval x cubic = C0 /\ eval x line <> C0.

lem2 < unfold quartic, cubic, line; qelim.

Proof completed.

16

MAP’06 Castro Urdiales, Spain

January 9, 2006

Conclusion

• CASs can enhance the computational power of DSs:

CASs can also enhance the power of automation of DSs.

• The skeptical approach is a good way to benefit

both efficiency and soundness.

• Extensions:

– Multivariate polynomials: validation vs autarkic computations?

– Real closed fields?

– Interactions with other CASs: MuPADMuPAD, …