Skip to content

Add @[proof_condition] attribute for conditional formal proofs#4368

Open
williamjblair wants to merge 5 commits into
google-deepmind:mainfrom
williamjblair:proof-condition-attribute
Open

Add @[proof_condition] attribute for conditional formal proofs#4368
williamjblair wants to merge 5 commits into
google-deepmind:mainfrom
williamjblair:proof-condition-attribute

Conversation

@williamjblair

@williamjblair williamjblair commented Jul 1, 2026

Copy link
Copy Markdown
Contributor

Some solved problems only have formal proofs under an unproven assumption like GRH. This lets the repo record that assumption as a Lean statement instead of leaving it implicit in a declaration name, so the site can tell conditional formal proofs apart from unconditional ones and show what exactly is assumed.

For context on where this comes from: I audit hosted Lean proofs of Erdős problems at https://williamjblair.github.io/erdos-frontier/, picking up where the erdosproblems wiki's AI-contributions page left off when it was frozen on June 30, and the same audit feeds my #3998 statement batches here. It has so far turned up nine problems whose claimed formal proofs are conditional on unproven hypotheses, four of which #print axioms alone would not catch because the assumption rides as a theorem parameter. This attribute gives that information a home in the repo itself.

Following the review discussion, there is no separate attribute: conditional is a modifier on formal_proof, and the assumed hypotheses are stated in the same file (with sorry proofs) and referenced by name:

/-- The unproven hypothesis assumed by the conditional proof below (statement only). -/
@[category research open]
theorem grh : ... := by
  sorry

@[category research solved,
  conditional formal_proof using lean4 at "https://example.com/proof" assuming grh]
theorem a_conditionally_proved_problem : ... := by
  sorry

Behaviour worth knowing:

  • names in assuming are resolved against the environment, so an unknown name is an error and hovering one jumps to the statement
  • conditional without assuming is an error, as is assuming without conditional
  • if a referenced hypothesis later gains a sorry-free proof, the attribute warns that the proof may no longer need to be conditional
  • extract_names emits the declaration names under proofConditions (and supports --exclude=proofConditions); the theorem page shows a Conditional badge and an "Assumes" line

I left the existing Artin conditional declarations unannotated for now, since they don't carry a formal_proof link yet.

Tested with lake build FormalConjectures.Util.Attributes.Basic, a scratch file (not committed) covering the one- and two-hypothesis forms plus the three error paths under #guard_msgs, and lake exe extract_names on that file. Also rebuilt Wikipedia.ArtinPrimitiveRootsConjecture.

@github-actions

github-actions Bot commented Jul 1, 2026

Copy link
Copy Markdown

👋 This is an automated welcome message. 🤖
Thanks for the contributions!

A few friendly reminders while the review gets started:

  • Please take a look at the style guidelines,
    especially the conventions for references, categories, AMS tags, and answer(sorry).
  • You can manage some PR labels by leaving a comment with +label-name or -label-name; for example, +awaiting-author or -awaiting-author.
  • This repository is mainly for formalised statements. Proofs longer than about 25-50 lines are usually out of scope; longer proofs are welcome to be included/linked via the formal_proof mechanism.

Thanks again for helping improve Formal Conjectures.

Some solved problems have a formal proof that holds only under an unproven
assumption such as GRH. The repository already flags these by naming
convention (`conditional_artin_primitive_roots`, with a
`(h : type_of% generalized_riemann_hypothesis)` hypothesis), but the
condition is not machine-readable: `extract_names` and the site cannot
distinguish a conditional proof from an unconditional one.

Add a `@[proof_condition "..."]` attribute, repeatable with one condition per
application, mirroring the existing `formal_proof` and `category`
infrastructure. `extract_names` emits a `proofConditions` field, `build.js`
carries it to the client, and the theorem page shows a "Conditional" badge
and a "Proof conditions" line.

Annotate the four `conditional_artin_primitive_roots` theorems with
`proof_condition "GRH"` as the first use.
@williamjblair williamjblair force-pushed the proof-condition-attribute branch from b44bcae to 41735ef Compare July 1, 2026 16:05
@williamjblair williamjblair marked this pull request as ready for review July 1, 2026 16:31
@williamjblair williamjblair marked this pull request as draft July 1, 2026 17:52
sorry
```

## The Proof Condition Attribute:

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hey! I think this is a nice idea! How about instead modifying the formal_proof attribute to have an optional conditional keyword in front - this would allow us to write e.g. conditional formal_proof ....

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

in some sense it would also be nice to store exactly what the hypothesis used is, since that should be relatively short, perhaps we could add those statements to the file (with a sorry proof of course) and then add the declaration name to the attribute?!

@williamjblair williamjblair Jul 2, 2026

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @Paul-Lez , agreed! conditional is now a modifier on formal_proof itself (with no separate attribute), so it reads @[conditional formal_proof using lean4 at "<link>" assuming grh]. conditional without assuming errors, as does assuming without conditional.

@williamjblair williamjblair Jul 2, 2026

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@mo271 makes sense to me! assuming takes declaration names, so the hypothesis lives in the file as a statement with a sorry proof and the attribute references it. The idents resolve against the environment (an unknown name errors, hover jumps to the statement), and extract_names would emit the fully qualified names. This is useful as well bc if the hypothesis later gains a sorry-free proof, the attribute warns that the formal proof may no longer need to be conditional.

@williamjblair williamjblair marked this pull request as ready for review July 2, 2026 14:07
Per review: fold the separate @[proof_condition] attribute into
formal_proof as an optional `conditional` modifier (Paul-Lez), and
record the assumed hypotheses as named declarations stated in the same
file with sorry proofs, referenced from an `assuming` clause (mo271).

@[conditional formal_proof using lean4 at "<link>" assuming grh]

The hypothesis idents are resolved against the environment (unknown
names error, hovers jump to the statement), `conditional` without
`assuming` and vice versa are errors, and a sorry-free hypothesis
triggers a warning that the proof may no longer be conditional.
extract_names emits the fully-qualified declaration names under the
existing proofConditions key.
@williamjblair williamjblair force-pushed the proof-condition-attribute branch from fb0cf4b to d0ec99c Compare July 2, 2026 14:13
@williamjblair

williamjblair commented Jul 2, 2026

Copy link
Copy Markdown
Contributor Author

@Paul-Lez @mo271 reworked along the lines you both suggested: conditional is now a modifier on formal_proof, and the assumed hypotheses are declarations in the file, referenced from an assuming clause. Details in the updated description.

Some context on the motivation: the erdosproblems wiki froze its AI-contributions page on June 30, and I have been continuing that tracking at https://williamjblair.github.io/erdos-frontier/ while auditing the hosted Lean proofs I sync for #3998. That audit has so far turned up nine claimed formal proofs that are conditional on unproven hypotheses, four of them invisible to #print axioms because the assumption rides as a theorem parameter. This attribute is meant to give those conditions a first-class home in the repo

Set to active for review now as well

@@ -207,9 +234,11 @@ initialize formalProofExt :
}

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could you add a few tests in FormalConjecturesTest? There should already be a file with tests for attributes, so you could just add a few statements that demo the functionalities you've added.

@williamjblair williamjblair Jul 2, 2026

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, just added. I added the tests in FormalConjecturesTest/Util/Attributes/Basic.lean covering conditional formal_proof usage, multiple assumed hypotheses, recorded proofConditions + the intended errors for conditional without assuming and assuming without conditional.

The tests also caught that the documented @[conditional formal_proof ...] form was not actually parsing as an attribute, so I fixed that parser registration in the same commit.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants