Project-apics:Proving Bourbaki with Coq

Inria / Raweb 2009
Presentation of the Project apics

Section: New Results

Proving Bourbaki with Coq

Participant : José Grimm.

This is a new research theme. Our objective is to use the proof assistant Coq in order to formally prove a great number of theorems in Algebra. We started with the first book (Theory of sets, [58] ) of the series “Elements of Mathematics”. The first chapter describes Formal Mathematics, and we have shown that it is possible to interpret it in the Coq language. Note that Bourbaki expresses $\forall$ in terms of $\exists$ , which is not possible in Coq, and states that if $\forall$ x, R is false, then $\exists$ x, ¬R . This is a non-constructive statement. Moreover, this implies a general version of the axiom of choice (if for all x there is an y satisfying P(x, y) , then there is a mapping f such that P(x, f(x)) holds for all x ). We use some ideas of Carlos Simpson (University of Nice), and decide that a set is a type, and that X $\in$ Y is true if and only if there is a representative of X of type Y (this is non-constructive, since “representative” is only defined through axioms).

The second chapter of Bourbaki covers the theory of sets proper. It defines ordered pairs, correspondences, union, intersection and product of a family of sets, as well as equivalence relations. Its implementation in Coq corresponds to 300 definitions and 1300 lemmas or theorems. It is described in [30] . The third chapter of Bourbaki covers the theory of ordered sets, well-ordered sets, equipotent sets, cardinals, natural integers, and infinite sets; its implementation in Coq is described in in [31] . All results of the book been proved in Coq (230 definitions and 1200 lemmas), except inverse limits, direct limits and structures, which will be considered later; moreover there are more than one hundred exercises, most of them are non-trivial, and solving them will take some time.

Finite cardinals satisfy an induction principle (this is a special case of transfinite induction); This is the same induction principle as that of natural integers in Coq, so that these two notions are isomorphic. This means that every theorem of the Coq library about natural integers translates directly into a theorem about finite cardinals. This allows us to prove theorems like: The number of increasing (resp. strictly increasing) mappings of a set with p elements into a set with n elements is the number of subsets of p elements of a set with p + n (resp. n ) elements.

We use the following 4 axioms. Let's denote by E the type of sets. We assume existence of a function R, of type $\forall$ x:E, x $\rightarrow$ E , such that, if x:E , then for all a:x and b:x , Ra = Rb implies a = b . The relation a $\in$ b is defined by $\exists$ c:b, Rc = a . The first axioms says that if a and b are sets, then $Im12 ${\#8704 u,u\#8712 a\#8660 u\#8712 b}$$ implies a = b . The empty set $\emptyset$ is inductively defined as a type without constructor. We assume existence of a function C , of type $\forall$ t:E, (t $\rightarrow$ P) $\rightarrow$ Nt $\rightarrow$ t (the first argument is a property p , and the second is a proof q that the type t is non-empty). The axiom of choice says that, if there exists x such that p(x) , then C(p, q) satisfies p (This corresponds to Bourbaki's axioms scheme S5 that says that $\tau$ _x(p) satisfies p in such a case). We assume existence of a function I of type $\forall$ x:E, (x $\rightarrow$ E) $\rightarrow$ E . This means that, if f is a function such that f(x) is a set for all x , then I(f) is a set. The third axiom says y $\in$ I(f) if and only if there exists a:x such that f(a) = y . It implies existence of union of sets, but this Scheme of Substitution is slightly more general than Bourbaki's Scheme of Selection and Union, since it implies in particular the axioms of the set of two elements. The final axiom says that for any property P , if P is not false then it is true.

Logo Inria