Foundational proof certificates: making proof universal and permanent

Consider a world where exporting proof evidence into a declarative, universal, and permanent format is taken as ``feature zero'' for computational logic systems. In such a world, provers will be able to communicate and share theorems and proofs; libraries can archive and organize proofs; and marketplaces of proofs would be open to any prover that admits checkable proof objects. In that world, proof checkers must be entrusted with the task of checking whether or not such proof evidence elaborates into a formal proof. A key to developing such a universal and permanent approach to proof evidence is the selection of an appropriate logical framework for defining the semantics of proof evidence. Recent developments in structural proof theory provide a foundational approach to proof certificates. In particular, the focused proof systems LJF, LKF, and LKU for classical and intuitionistic logics can be fashioned into a high-level and declarative framework for defining the semantics of a wide range of proof evidence. The resulting framework is an approach to foundational proof certificates (FPCs) that provides precise descriptions of proofs that are both independent of the technology that produced them as well as flexible enough to allow encoding a rich collection of proof structures such as, for example, Frege proofs, natural deductions, resolution refutations, and Herbrand disjunctions. The lambda Prolog programming language is an appropriate programming language for implementing a checker for FPC (over first-order logic proofs) and for specifying the semantics of proof evidence. While lambda Prolog contains typing, abstract datatypes, and higher-order programming in a style similar to ML---the first programming language designed for implementing proof checkers---it goes beyond ML by providing a logically clean notion of binding and (object-level) substitution. Furthermore, lambda Prolog implements both unification and backtracking search, two features critical for implementing proof reconstruction. These two features will allow proof certificates to have the option of eliding some proof evidence in the hope that the proof checker can reconstruct the missing details. Allowing a trade-off between certificate size and checking (and proof reconstruction) time is a valuable aid in designing flexible proof certificate formats. The progress and plans for the ProofCert project within the Parsifal team at INRIA will be presented in this talk.