Add @[proof_condition] attribute for conditional formal proofs#4368
Add @[proof_condition] attribute for conditional formal proofs#4368williamjblair wants to merge 5 commits into
Conversation
|
👋 This is an automated welcome message. 🤖 A few friendly reminders while the review gets started:
Thanks again for helping improve Formal Conjectures. |
Some solved problems have a formal proof that holds only under an unproven assumption such as GRH. The repository already flags these by naming convention (`conditional_artin_primitive_roots`, with a `(h : type_of% generalized_riemann_hypothesis)` hypothesis), but the condition is not machine-readable: `extract_names` and the site cannot distinguish a conditional proof from an unconditional one. Add a `@[proof_condition "..."]` attribute, repeatable with one condition per application, mirroring the existing `formal_proof` and `category` infrastructure. `extract_names` emits a `proofConditions` field, `build.js` carries it to the client, and the theorem page shows a "Conditional" badge and a "Proof conditions" line. Annotate the four `conditional_artin_primitive_roots` theorems with `proof_condition "GRH"` as the first use.
b44bcae to
41735ef
Compare
| sorry | ||
| ``` | ||
|
|
||
| ## The Proof Condition Attribute: |
There was a problem hiding this comment.
Hey! I think this is a nice idea! How about instead modifying the formal_proof attribute to have an optional conditional keyword in front - this would allow us to write e.g. conditional formal_proof ....
There was a problem hiding this comment.
in some sense it would also be nice to store exactly what the hypothesis used is, since that should be relatively short, perhaps we could add those statements to the file (with a sorry proof of course) and then add the declaration name to the attribute?!
There was a problem hiding this comment.
Thanks @Paul-Lez , agreed! conditional is now a modifier on formal_proof itself (with no separate attribute), so it reads @[conditional formal_proof using lean4 at "<link>" assuming grh]. conditional without assuming errors, as does assuming without conditional.
There was a problem hiding this comment.
@mo271 makes sense to me! assuming takes declaration names, so the hypothesis lives in the file as a statement with a sorry proof and the attribute references it. The idents resolve against the environment (an unknown name errors, hover jumps to the statement), and extract_names would emit the fully qualified names. This is useful as well bc if the hypothesis later gains a sorry-free proof, the attribute warns that the formal proof may no longer need to be conditional.
Per review: fold the separate @[proof_condition] attribute into formal_proof as an optional `conditional` modifier (Paul-Lez), and record the assumed hypotheses as named declarations stated in the same file with sorry proofs, referenced from an `assuming` clause (mo271). @[conditional formal_proof using lean4 at "<link>" assuming grh] The hypothesis idents are resolved against the environment (unknown names error, hovers jump to the statement), `conditional` without `assuming` and vice versa are errors, and a sorry-free hypothesis triggers a warning that the proof may no longer be conditional. extract_names emits the fully-qualified declaration names under the existing proofConditions key.
fb0cf4b to
d0ec99c
Compare
|
@Paul-Lez @mo271 reworked along the lines you both suggested: Some context on the motivation: the erdosproblems wiki froze its AI-contributions page on June 30, and I have been continuing that tracking at https://williamjblair.github.io/erdos-frontier/ while auditing the hosted Lean proofs I sync for #3998. That audit has so far turned up nine claimed formal proofs that are conditional on unproven hypotheses, four of them invisible to Set to active for review now as well |
| @@ -207,9 +234,11 @@ initialize formalProofExt : | |||
| } | |||
|
|
|||
There was a problem hiding this comment.
Could you add a few tests in FormalConjecturesTest? There should already be a file with tests for attributes, so you could just add a few statements that demo the functionalities you've added.
There was a problem hiding this comment.
Yes, just added. I added the tests in FormalConjecturesTest/Util/Attributes/Basic.lean covering conditional formal_proof usage, multiple assumed hypotheses, recorded proofConditions + the intended errors for conditional without assuming and assuming without conditional.
The tests also caught that the documented @[conditional formal_proof ...] form was not actually parsing as an attribute, so I fixed that parser registration in the same commit.
Some solved problems only have formal proofs under an unproven assumption like GRH. This lets the repo record that assumption as a Lean statement instead of leaving it implicit in a declaration name, so the site can tell conditional formal proofs apart from unconditional ones and show what exactly is assumed.
For context on where this comes from: I audit hosted Lean proofs of Erdős problems at https://williamjblair.github.io/erdos-frontier/, picking up where the erdosproblems wiki's AI-contributions page left off when it was frozen on June 30, and the same audit feeds my #3998 statement batches here. It has so far turned up nine problems whose claimed formal proofs are conditional on unproven hypotheses, four of which
#print axiomsalone would not catch because the assumption rides as a theorem parameter. This attribute gives that information a home in the repo itself.Following the review discussion, there is no separate attribute:
conditionalis a modifier onformal_proof, and the assumed hypotheses are stated in the same file (withsorryproofs) and referenced by name:Behaviour worth knowing:
assumingare resolved against the environment, so an unknown name is an error and hovering one jumps to the statementconditionalwithoutassumingis an error, as isassumingwithoutconditionalconditionalextract_namesemits the declaration names underproofConditions(and supports--exclude=proofConditions); the theorem page shows aConditionalbadge and an "Assumes" lineI left the existing Artin conditional declarations unannotated for now, since they don't carry a
formal_prooflink yet.Tested with
lake build FormalConjectures.Util.Attributes.Basic, a scratch file (not committed) covering the one- and two-hypothesis forms plus the three error paths under#guard_msgs, andlake exe extract_nameson that file. Also rebuiltWikipedia.ArtinPrimitiveRootsConjecture.