定理証明をやろう

Transcript

1. 定理証明をやろう Hiroki Tokunaga

2. 自己紹介 名前 ：Hiroki Tokunaga 仕事 ：セキュリティエンジニア@DeNA 趣味 ：Haskell、OCaml、Rocq、Lean 関数型まつり2025で登壇した X

   ：_toku_san GitHub ：toku-sa-n 2

3. 定理証明で「何」ができる？ プログラムも数学も 形式化して ⇨ 証明できる！ 3 ➕ 🗺 🛡 ⾜し算 四⾊定理 型安全性

   ▼ 機械的に確認できる例

4. どうやって？ 定理証明⽀援系を使う 4

5. 定理証明支援系？ 定理証明を⾏うための ソフトウェア 5 例：Lean, Agda, Isabelle, F*, Rocq（旧称Coq）

6. スクリーンショット 6

7. Leanのコード例：リストを逆順にする def reverse : List α → List α |

   [] => [] | h :: t => reverse t ++ [h] 7

8. Leanのコード例：2つのリストの結合の逆順 theorem reverse_app : ∀ (xs ys : List α),

   reverse (xs ++ ys) = reverse ys ++ reverse xs := by intro xs ys induction xs with | nil => rewrite [List.nil_append, reverse, List.append_nil] rfl | cons h t ih => rewrite [reverse, ← List.append_assoc, ← ih] rfl 8

9. 証明の流れ (1/13) theorem reverse_app : ∀ (xs ys : List

   α), reverse (xs ++ ys) = reverse ys ++ reverse xs := by 9 α : Type u_1 ⊢ ∀ (xs ys : List α), reverse (xs ++ ys) = reverse ys ++ reverse xs

10. 証明の流れ (2/13) intro xs ys 10 α : Type u_1

    xs ys : List α ⊢ reverse (xs ++ ys) = reverse ys ++ reverse xs

11. 証明の流れ (3/13) induction xs with 11 α : Type u_1

    xs ys : List α ⊢ reverse (xs ++ ys) = reverse ys ++ reverse xs

12. 証明の流れ (4/13) | nil => 12 α : Type u_1

    ys : List α ⊢ reverse ([] ++ ys) = reverse ys ++ reverse []

13. 証明の流れ (5/13) rewrite [List.nil_append, reverse, List.append_nil] 13 case nil α

    : Type u_1 ys : List α ⊢ reverse ys = reverse ys ++ reverse [] List.nil_append : ∀ as, [] ++ as = as

14. 証明の流れ (6/13) rewrite [List.nil_append, reverse, List.append_nil] 14 case nil α

    : Type u_1 ys : List α ⊢ reverse ys = reverse ys ++ []

15. 証明の流れ (7/13) rewrite [List.nil_append, reverse, List.append_nil] 15 case nil α

    : Type u_1 ys : List α ⊢ reverse ys = reverse ys List.append_nil : ∀ as, as ++ [] = as

16. 証明の流れ (8/13) rfl 16 Goals accomplished 🎉

17. 証明の流れ (9/13) | cons h t ih => 17 case

    cons α : Type u_1 ys : List α h : α t : List α ih : reverse (t ++ ys) = reverse ys ++ reverse t ⊢ reverse (h :: t ++ ys) = reverse ys ++ reverse (h :: t)

18. 証明の流れ (10/13) rewrite [reverse, ← List.append_assoc, ← ih] 18 case

    cons α : Type u_1 ys : List α h : α t : List α ih : reverse (t ++ ys) = reverse ys ++ reverse t ⊢ reverse (h :: t ++ ys) = reverse ys ++ (reverse t ++ [h])

19. 証明の流れ (11/13) rewrite [reverse, ← List.append_assoc, ← ih] 19 case

    cons α : Type u_1 ys : List α h : α t : List α ih : reverse (t ++ ys) = reverse ys ++ reverse t ⊢ reverse (h :: t ++ ys) = reverse ys ++ reverse t ++ [h] List.append_assoc : ∀ (as bs cs : List α), as ++ bs ++ cs = as ++ (bs ++ cs)

20. 証明の流れ (12/13) rewrite [reverse, ← List.append_assoc, ← ih] 20 case

    cons α : Type u_1 ys : List α h : α t : List α ih : reverse (t ++ ys) = reverse ys ++ reverse t ⊢ reverse (h :: t ++ ys) = reverse (t ++ ys) ++ [h]

21. 証明の流れ (13/13) rfl 21 Goals accomplished 🎉

22. 定理証明の活用例 22 🔒 HACL*[1] 🔨 seL4[3] - 暗号化ライブラリ - FirefoxのCurve25519実装で

    使用[2] - F*で実装[1] - OS - 自動車などで使用[4] - Isabelleで実装[5] [1] https://github.com/hacl-star/hacl-star [2] https://blog.mozilla.org/security/2020/07/06/performance-improvements-via-formally-verified-cryptography-in-firefox/ [3] https://sel4.systems/ [4] https://sel4.systems/use.html [5] https://sel4.systems/Verification/proofs.html

23. 定理証明をやってみたい？ Rocq Software Foundations （特に第⼀巻のLogical Foundations ） Lean Theorem Proving

    in Lean 4 Functional Programming in Lean 23