A Graphical User Interface for Formal Proofs in Geometry.

Geometry.

Julien Narboux

To cite this version:

Julien Narboux.

A Graphical User Interface for Formal Proofs in Geometry..

Journal of

Automated Reasoning, Springer Verlag, 2007, Special Issue on User Interfaces in Theorem

Proving, 39 (2), pp.161-180.

<

10.1007/s10817-007-9071-4

>

.

<

inria-00118903

>

HAL Id: inria-00118903

https://hal.inria.fr/inria-00118903

Submitted on 7 Dec 2006

HAL

is a multi-disciplinary open access

archive for the deposit and dissemination of

sci-entific research documents, whether they are

pub-lished or not.

The documents may come from

L’archive ouverte pluridisciplinaire

HAL

, est

destin´

ee au d´

epˆ

ot et `

a la diffusion de documents

scientifiques de niveau recherche, publi´

es ou non,

´

emanant des ´

etablissements d’enseignement et de

Julien Narboux(julien.narbouxinria.fr)

ProjetPCRIPleCommundeReherheenInformatiquedu plateau deSalay, CNRS,ÉolePolytehnique,INRIA,Université Paris-Sud.

Otober10,2006

Abstrat. Wepresentinthispaperthedesignofagraphialuserinterfaetodeal with proofs ingeometry.The software developedombinesthreetools:adynami geometrysoftwaretoexplore,measureandinventonjetures,anautomatitheorem proverto hekfatsand aninterativeproofsystem(Coq)tomehaniallyhek proofsbuiltinterativelybytheuser.

Keywords: geometry,theorem prover, proof assistant, interfae, Coq, dynami geometry,automatedtheoremproving

1. Introdution

Dynami Geometry Software (DGS) and Computer Algebra Software (CAS) arethe most widely used software for mathematis inthe edu-ation.DGSsallowthe userto reate omplexgeometri onstrutions stepbystepusingfreeobjetssuhasfreepointsandpredenedatomi onstrutions depending onotherobjets (forinstanetheline passing through two points, themidpoint of asegment, et.). The freeobjets an be draggedusingthemouseand the gureisupdatedinrealtime. CAS allow symboli manipulations ofmathematial expressions.

Themostwidelyusedsystemsarethehistorialoneswhihappeared inthe90s,namelyGeometer'sskethpad (Jakiw, 1990)andCabri Ge-ometer(LabordeandBellemain,1998).Butthereexistsalargenumber of freeand ommerial softwareaswell

1

.

Theeduationommunityhasstudiedtheimpatoftheuseofthese software on the proving ativity (Yevdokimov, 2004; Furinghetti and Domingo, 2003). DGSsaremainly usedfor two ativities:

−

to makethestudent reate geometri onstrutions;

1

Weanite(thelistisnotintendedtobeexhaustive):CaR,ChypreCinderella, Déli,De,Dr.Geo,Eulid,EuklidDynaGeo,Eukleides,Gava,GeoExp,GeoFlash, GeoLabo, GeoLog, Geometria, Geometrix, Geometry Explorer, Geometry Tutor, GeoPlanW,GeoSpaeW,GEUP,GeoView,GEX,GRACE,KGeo,KIG,Mentoniezh, MM-Geometer,Non-Eulid,XCas,et.

−

tomakethestudentexplorethegure,inventonjeturesandhek fats.

We believe that these software systems should also be used to help the student in the proving ativity itself.Work has been performed in this diretion and several DGS with proof related features have been produed.Thesesystemsanberoughlylassiedintotwoategories:

1. thesystemswhihpermitto build proofs;

2. thesystemswhih permitto hekfats using an automated theo-remprover.

TheGeometryTutor (Andersonetal.,1985),Mentoniezh (Py,1990), De (Ag-Almouloud,1992),Chypre (Bernat,1993),Cabri-Eulide (Lu-engo, 1997), Geometrix (Gressier,1998) andBaghera (Balahe etal., 2002) systems belongs to the rst ategory. Using these systems the studentanprodueproofsinterativelyusingasetofknowntheorems. Inmostofthesesystemsthestudentannotinventaproofverydierent from what the program had pre-omputed using automated theorem proving methods. As far as we know, the exeption is Cabri-Eulide whihontainsasmallformalsystemandthereforegivesmorefreedom to thestudent. Baghera inludes also e-learning features, suh as task management and network ommuniation between teahers and their students.

MMP-Geometer(Gao,2000),GeometryExpert(GaoandLin,2002), Ge-ometry Explorer(Wilson and Fleuriot, 2005) and Cinderella (Korten-kamp,1999;KortenkampandRihter-Gebert,2004;Rihter-Gebertand Kortenkamp, 1999; Shwartz, 1979) belongs to the seond ategory. Geometry Expert and MMP-Geometer are DGS whih are used as a graphial interfae for an implementation of the main deision proe-duresingeometry.Geometry Explorer providesadiagrammati visual-ization of proofs generated automatially by a prolog implementation of Chou's full angle method (Chou et al., 1996). Cinderella allows to export the desription of the gure to omputer algebra software to perform algebraiproofs.

Thework losestto oursis(Bertot etal.,2003). TheGeoView soft-wareprovidesavisualizationtoolforsomeformalgeometristatements usingano-the-shelfDGSandthePCoquserinterfaefor Coq(Bertot and Thery,1998; Amerkad etal.,2001). Itis intendedto be usedwith theformalization of geometry forthe Frenh urriulumby Frédérique Guilhot (Guilhot, 2005) in the Coq proof assistant (Coq development team,The, 2004).

We present in this paper the design of a system whose aim is to ombineautomati theoremproving,interativetheoremprovingusing

a formal proofsystem (theCoqproof assistant)and diagrammati vi-sualization.Thedierenebetweenourapproahandtheothersystems wehaveited(exeptGeoView)isthatweuseofageneralpurposeproof assistantandombineinterative andautomatedtheoremproving.The dierenebetweenoursystemandGeoViewisthatommuniationwith Coqgoesintheother diretion.

Our approah isguidedbythefollowing motivations:

−

It is very natural in geometry to illustrate a proof by a diagram-matirepresentation andevensometimesadiagramanbeseenas ahighleveldesriptionofaproof(BarwiseandAllwein,1996; Jam-nik, 2001; Miller, 2001; Wilson and Fleuriot, 2005; Winterstein, 2004a;Winterstein,2004b). Butsometimes adiagramanbe mis-leading.Thatiswhythe veriationoftheproofbyaformalproof systemisruial asitprovidesa very highlevelofondene.

−

Compared to an adho proof system speialized in geometry, the use of a general purpose proof assistant suh as the Coq proof assistantprovidesawaytoombinegeometrialproofswithlarger proofs.For example,it ispossible to usethe Coqsystemto prove fatsabout polygonsbyindutiononthenumberofedges,orfats about transformations usingomplex numbers.

−

There are fats that an not be visualized graphially and there arefats that are diult to understand without a graphial rep-resentation.Hene, we need to ombine both approahes.

−

Weshouldhaveboththeabilitytomakearbitrarilyomplexproofs or to use a base of known lemmas, depending on thelevel of the user/student.

We will rstgive ashort introdution ofour prototypenamed Geo-Proof. Then we will fous on the proof related features of GeoProof: automati theorem proving and interative generation of Coq state-ments.

2. An overview of GeoProof

GeoProof is a free and open soure Dynami Geometry Software. It allows one to reate and then manipulate geometri onstrutions. It is distributed under the term of the GPL Version 2 liense. It has been implemented by starting from a projet alled DrGeoCaml ini-tiallydevelopedbyNiolas François. GeoProofiswritten intheOaml programminglanguage usingonlyportable librariesinsuh awaythat

itan beompiled for Linux, Windowsand MaOSX.

In this setion, we fous on the dynami geometry features of Geo-Proof, the proof oriented funtionality will be desribed in the next setions.Figure1 givesaquikoverviewofthegraphial userinterfae of GeoProof.The dierent tools an be sorted infour ategories. The onstrutionstoolsareusedtoreate newgeometriobjets.GeoProof supportsthe maingeometrionstrutions andtransformations involv-ingpoints, irles,lines, segmentsand vetors.

The visualization tools allow to hange the zoomfator and move the gure on the page. The manipulation tools allow to selet, delete and move objets. The measures and tests tools are shortuts to reate speial dynami labels (those are desribed in the setion 2.2). For instane the toolto testif twolines areparallel reatesa textuallabel whih tells if the two lines are parallel on the instane of the gure whih is urrently displayed. These test tools do not provide a proof, theyshouldbeusedtoquiklytestthevalidityofaonjetureonseveral instanes ofthe gurebymanipulating thefreepoints.

To simplify the reation of large gures,the useran organizethe ob-jets using layers and hange the drawing style of the objets (hidden ornot,dashedornot,olor...).Aompletedesriptionofthefeatures of GeoProofan befound in(Narboux, 2006d).

Construction tools

Measures and

tests tools

Visualization tools

Working window

Description of the figure

Undo/Redo

Selection

Manipulation

Help

Status bar

Labels

2.1. Input/Output

The doumentsan besaved using an open format basedon theXML tehnology. It an export the gures using a bitmap format (PNG, BMP, JPEG), a vetor graphi format (SVG) or a textual desription inpseudo-natural language.

Thedesriptionofthegureanalsobeexportedtotheinputlanguage oftheEukleidessoftwaretoeasetheinsertionofguresinaL

A T E X do-ument

2

. The language used by Eukleidesfor thedesription of gures ishighlevel. Thismeansthatafterreatingthegureusing GeoProof, iftheuserwantstoperformsmallhangesitisnotneessarytoopenit again using GeoProof, the desription is readable enough to be edited diretlywithin the L

A T

E

X le. Figure2 shows anexample sript.

frame(-10.00000,6.00000,12.48000,-3.90000,0.93416) A = point(-3.22000,4.30000) olor(red) thikness(2) draw(A,dot) olor(blak) draw("A",A,0.28000,arg(irle(A,1),point(1.400,1.400)):) ... ... Segment_3 = segment(C,A) olor(blak) thikness(2) draw(Segment_3,full) Line_1 = line(D,E) olor(blue) thikness(2) draw(Line_1,dashed) Figure 2. ExporttoL A T E XusingEukleides. 2.2. Dynami labels

Adynamilabelisatextelementenrihedwiththepossibilitytodisplay the result of a omputation dened using a small language (Narboux, 2006d). Textual labels whih appear in a gure an ontain dynami elds. Dynami elds ontains expressions whih are evaluated inreal

2

Figure 3. Thedenitionofadynamilabel.

time when the gure is manipulated. Dynami eld are delimited by the sign #. As all the omputations done by GeoProof, the evaluation oftheseexpressionsisperformedusingarbitrarypreision.Thankstoa onguration le theuser an hooseat whih preision the omputa-tions are performed. If themathematial expressions ontained in the text elementsdepend onotherpointsof the gure,thetext isupdated inreal time whenthe user hangesthepositionof thefreepoints.The dynami part of the labels an ontain measures and prediate tests using variables depending on other objets. For instane if the user wants to dene a label to ompare the size of two triangles he an dene the following label: .

The triangle ABC is #if area(A,B,C)>area(D,E,F) then "bigger" else "smaller"# than the triangle DEF.

Figure3showsanexampleofadynamilabeltotestifthreepointsare ollinear.Using predeneddynamilabelstheuseran hekeasily for example iftwo linesare parallel (on the spei instane of the gure displayed).

3. Automati proof

We present in this setionhow GeoProof an ommuniate with auto-matitheoremprovingtools.Wehaveimplementedautomati theorem proving in GeoProof using two dierent systems: the rst one takes advantageofanimplementationof theGröbnerbasisandWumethods (Wu,1978;Chou,1988)written byJohnHarrison(Harrison,2003),the seond one onsistsof exporting to our ownimplementation of Chou's deision proedure for ane geometry (Chou et al., 1994) in theCoq proofassistant(Narboux,2004).TheimplementationbyJohnHarrison wasdesigned to aompany atextbookonautomatedtheoremproving andishenenotintendedtobeeient.Wehavehosenthis implemen-tationbeauseitisfreeandanbetightlyintegratedwithGeoProof.We plan to add the possibility to use the other implementations provided bytheCAS.

3.1. Using embedded automati theorem prover

TheformalizationusedbyJohnHarrisonisbasedonatheorywithonly pointsasbasiobjetswhereasGeoProofusespoints,linesandirlesas thebasimathematialobjets.Weneedtotranslatefromonelanguage tothe otherone.TheinputoftheATPisarstorderformulawiththe following prediates:

collinear

,

parallel

,

perpendicular

,

eq

_

distance

(written as

AB

=

CD

) and

eq

_

angles

. These prediates are dened using analgebrai formula usingtheoordinates ofthepoints.

Let

x

P

and

y

P

be thex andyoordinates of

P

.

collinear

(

A, B, C

)

≡

(

x

A

−

x

B

)(

y

B

−

y

C

)

−

(

x

B

−

x

C

)(

y

A

−

y

B

) = 0

parallel

(

A, B, C, D

)

≡

(

x

A

−

x

B

)(

y

C

−

y

D

)

−

(

x

C

−

x

D

)(

y

A

−

y

B

) = 0

perpendicular

(

A, B, C, D

)

≡

(

x

A

−

x

B

)(

x

C

−

x

D

) + (

y

A

−

y

B

)(

y

C

−

y

D

) = 0

eq

_

distance

(

A, B, C, D

)

≡

(

x

A

−

x

B

)

2

+ (

y

A

−

y

B

)

2

−

(

x

C

−

x

D

)

2

−

(

y

C

−

y

D

)

2

= 0

eq

_

angle

(

A, B, C, D, E, F

)

≡

((

y

B

−

y

A

)

∗

(

x

B

−

x

C

)

−

(

y

B

−

y

C

)

∗

(

x

B

−

x

A

))

∗

((

x

E

−

x

D

)

∗

(

x

E

−

x

F

) + (

y

E

−

y

D

)

∗

(

y

E

−

y

F

))

=

((

y

E

−

y

D

)

∗

(

x

E

−

x

F

)

−

(

y

E

−

y

F

)

∗

(

x

E

−

x

D

))

∗

((

x

B

−

x

A

)

∗

(

x

B

−

x

C

) + (

y

B

−

y

A

)

∗

(

y

B

−

y

C

))

3.1.1. Translatinga onstrution into a statement for ATP.

We need to translate from one language to the other one. The idea of the translation onsist of maintaining the invariant that lines and irles are always dened by two points. Of ourse this is not true in GeoProof. For instane one an build a line as theparallel of another line passingthroughapoint.Insuhaase weneed to dene aseond dening point for the line. For that purpose we generate new points during the translation. We dene the translation by ase distintion on theonstrution. Table Igivesthe dening points for eah line and irle depending on how these objets have been onstruted.

P

1

l

,

P

2

l

and

O

c

arefresh variables. For eah line and irle we assoiate some freshvariables.Thesenewvariableswhihdonotappearintheoriginal gure are used to dene lines and irles when we do not have two pointson the objeton the gurewe translate from.

Linesaredenedbytwopoints

P

1

(

l

)

and

P

2

(

l

)

.Whenwealreadyknow at least one of thedening points we use it instead of reating a new point beause itsimplies thegenerated formulas.

Cirles aredened bytheir enter

O

(

c

)

and apoint

P

(

c

)

on theirle. Table II provides the translation of GeoProof onstrutions

3

into the language aepted by the embedded theorem prover. Inidentally, it gives a subset of the onstrutions of the language of GeoProof. The non degeneray onditions are inspired by those in (Chou and Gao, 1992). The prediateisotropi isdened by:

isotropic

(

A, B

)

≡

perpendicular

(

A, B, A, B

)

In Eulidean geometry it is equivalent to

A

=

B

but not in metri geometry. We produe a statement whih is interpreted in the metri geometry beause Wu and Gröbner bases methods are omplete only for metri geometry. For more information about this see (Chou and Gao, 1992;Chou, 1988).Moreoverif

I

1

and

I

2

arethetwointersetions of airle andof a lineor a irlethenwe add thefatthat

I

1

6

=

I

2

in thehypotheses.Notethatdierentonstrutionsofthesamegurean lead todierent degenerayonditions and henedierent formulas.

3

To simplify the presentation we only provide the translation for the main GeoProofonstrutions.

GeoProofConstrution Deningpoints

l

passingthrough

A

and

B

P

1

(

l

) =

A

P

2

(

l

) =

B

l

parallellineto

m

passingthrough

A

P

1

(

l

) =

A

P

2

(

l

) =

P

2

l

l

perpendiularlineto

m

passingthrough

A

P

1

(

l

) =

A

P

2

(

l

) =

P

2

l

l

perpendiularbisetorof

A

and

B

P

1

(

l

) =

P

1

l

P

2

(

l

) =

P

2

l

l

bisetoroftheangleformedby

A

,

B

and

C

P

1

(

l

) =

B

P

2

(

l

) =

P

2

l

c

irleofenter

O

passingthrough

A

O

(

c

) =

O

P

(

c

) =

A

c

irlewhosediameteris

A B

O

(

c

) =

O

c

P

(

c

) =

A

3.1.2. Corretness of the translation

To onvine the reader that the translation we give is orret in the senseitorrespondsto theintuitiontheuserofGeoProof anhave,we will provethatthe translationwe giveis equivalent toa moreintuitive semanti based on points, lines and irles. This semanti is given in TableIII.

Weassumethatwehavethreetypesofobjets:

P oint

,

Line

and

Circle

. Weassume wehave two relations ofinidene

4

:

_

∈

_

:

P oint

→

Line

→

P rop

and

_

∈

_

:

P oint

→

Circle

→

P rop

Weassumethatwehavethe perpendiularandparallel prediatesover lines:

_

k

_

:

Line

→

Line

→

P rop

and

_

⊥

_

:

Line

→

Line

→

P rop

Weassumethatwehave aprediateexpressingthefatthatapointis the enter ofa irle:

_

is

_

center

_

:

P oint

→

Circle

→

P rop

Wewanttoshowthattheformulasdenedbythetwo semantis are equisatisable.Wefollowthedenitionofthetranslationandprovethe property byase distintion, we onlyshowafew ases:

Point

P

on line

l

Weneedtoperformanotherasedistintiononthe way

l

hasbeen onstruted:

4

TableII. Prediateformfor eahtypeofonstrution

GeoProof Constrution Prediateform

Freepoint

true

Point

P

online

l

collinear

(

P,

P

1

(

l

)

,

P

2

(

l

))

Point

P

onirle

c

O

(

c

)

P

(

c

) =

P

O

(

c

)

I

midpointof

A

and

B

IA

=

IB

∧

collinear

(

I, A, B

)

I

intersetionof

l

1

and

l

2

collinear

(

I,

P

1

(

l

1

)

,

P

2

(

l

1

))

∧

collinear

(

I,

P

1

(

l

2

)

,

P

2

(

l

2

))

∧

¬

parallel

(

P

1

(

l

1

)

,

P

2

(

l

1

)

,

P

1

(

l

2

)

,

P

2

(

l

2

))

I

anintersetionof

c

1

and

c

2

I

O

(

c

1

) =

O

(

c

1

)

P

(

c

1

)

∧

I

O

(

c

2

) =

O

(

c

2

)

P

(

c

2

)

∧

¬

isotropic

(

O

(

c

1

)

,

O

(

c

2

))

I

anintersetionof

c

and

l

I

O

(

c

) =

O

(

c

)

P

(

c

)

∧

collinear

(

I,

P

1

(

l

)

,

P

2

(

l

))

∧

¬

isotropic

(

P

1

(

l

)

,

P

2

(

l

))

l

passingthrough

A

and

B

A

6

=

B

l

parallelto

m

passingthrough

A

parallel

(

A,

P

2

(

l

)

,

P

1

(

m

)

,

P

2

(

m

))

∧

A

6

=

P

2

(

l

)

l

perpendiular to

m

passing through

A

perpendicular

(

A,

P

2

(

l

)

,

P

1

(

m

)

,

P

2

(

m

))

∧

A

6

=

P

2

(

l

)

l

perpendiularbisetorof

A

and

B

P

1

(

l

)

A

=

P

1

(

l

)

B

∧ P

2

(

l

)

A

=

P

2

(

l

)

B

∧

P

1

(

l

)

6

=

P

2

(

l

)

∧

A

6

=

B

l

bisetoroftheangle

A

,

B

,

C

eq

_

angle

(

A, B,

P

2

(

l

)

,

P

2

(

l

)

, B, C

)

∧

B

6

=

P

2

(

l

)

∧

A

6

=

B

∧

B

6

=

C

c

irleofenter

O

passingthrough

A

true

c

irlewhosediameteris

A B

collinear

(

O

(

c

)

, A, B

)

∧

O

(

c

)

A

=

O

(

c

)

B

GeoProof Constrution Prediateform(seond)

Freepoint

true

Point

P

online

l

P

∈

l

Point

P

onirle

c

P

∈

c

I

midpointof

A

and

B

IA

=

IB

∧

collinear

(

I, A, B

)

I

intersetionof

l

1

and

l

2

I

∈

l

1

∧

I

∈

l

2

∧

l

1

6k

l

2

I

anintersetionof

c

1

and

c

2

I

∈

c

1

∧

I

∈

c

2

O

1

is

_

center c

1

∧

O

2

is

_

center c

2

∧

O

1

∈

m

O

₁

O

₂

∧

O

2

∈

m

O

₁

O

₂

∧

¬

isotropic

(

m

O

₁

O

₂

)

I

anintersetionof

c

and

l

I

∈

c

∧

I

∈

l

∧ ¬

isotropic

(

l

)

l

passingthrough

A

and

B

A

6

=

B

∧

A

∈

l

∧

B

∈

l

l

parallelto

m

passingthrough

A

l

k

m

∧

A

∈

l

l

perpendiular to

m

passing through

A

l

⊥

m

∧

A

∈

l

l

perpendiularbisetorof

A

and

B

IA

=

IB

∧

collinear

(

I, A, B

)

∧

I

∈

l

∧

l

⊥

m

AB

∧

A

∈

m

AB

∧

B

∈

m

AB

l

bisetoroftheangle

A

,

B

,

C

eq

_

angle

(

A, B,

P

2

(

l

)

,

P

2

(

l

)

, B, C

)

∧

B

6

=

P

2

(

l

)

∧

A

6

=

B

∧

B

6

=

C

c

irleofenter

O

passingthrough

A

A

∈

c

∧

O is

_

center c

c

irlewhosediameteris

A B

collinear

(

O

c

, A, B

)

∧

O

c

A

=

O

c

B

∧

O

c

is

_

center c

∧

A

∈

c

l

passing through

A

and

B

Theformuladened inTableIand IIis the following:

collinear

(

P, A, B

)

∧

A

6

=

B

Theformuladened inTable IIIisthefollowing:

Itan be shownthat:

collinear

(

P, A, B

)

∧

A

6

=

B

⇐⇒

∃

l, P

∈

l

∧

A

6

=

B

∧

A

∈

l

∧

B

∈

l

Henetheresult.

l

parallel to

m

passing through

A

Theformuladened in Ta-bleIand IIisthe following:

collinear

(

P, A, P

2

l

)

∧

parallel

(

A, P

2

l

, P

1

(

m

)

, P

2

(

m

))

∧

A

6

=

P

2

l

Theformuladened inTable IIIisthefollowing:

P

∈

l

∧

l

k

m

∧

A

∈

l

From

A

6

=

P

2

l

we knowthatthereisan

l

suh that

A

∈

l

and

P

2

l

∈

l

. From

collinear

(

P, A, P

2

l

)

we know that

P

∈

l

(note thathereweneed the hypothesis

A

6

=

P

2

l

).

Inthe other diretion,we rstonstrut apoint

P

2

l

dierent from

A

on

l

.Itfollowsthat

collinear

(

P, A, P

2

l

)

andhenewe have

parallel

(

A, P

2

l

, P

1

(

m

)

, P

2

(

m

))

.

... The otherases aresimilar.

Point

P

on irle

c

We need to perform another ase distintion on theway

c

hasbeen onstruted:

c

irle of enter

O

passing through

A

This ase is a onse-quene ofthe equivalene:

OA

=

P A

⇐⇒ ∃

c, P

∈

c

∧

A

∈

c

∧

O is

_

center c

c

irle whose diameter is

AB

This ase is a onsequene of the equivalene:

O

c

A

=

P O

c

∧

collinear

(

O

c

, A, B

)

∧

O

c

A

=

O

c

B

⇐⇒

∃

c, P

∈

c

∧

collinear

(

O

c

, A, B

)

∧

O

c

A

=

O

c

B

∧

A

∈

c

∧

O

c

is

_

center c

I

midpoint of

A

and

B

This ase is trivial as the formulas for the midpoint arethesamein both semantis.

... We do not detail here the other ases about intersetion of lines and irles. Theyan be be shownbyase distintion onthe way thelinesand theirles have been built.

3.1.3. An example

Let'stake the midpoint theoremasan example,it statesthat:

b

b

A B

C

D E

Theorem 1. Let

ABC

bea triangle, and let

D

and

E

be the midpoints of

AC

and

BC

respetively.Thentheline

DE

is par-allel tothe base

AB

.

The onstrution istranslated into thefollowing statement

5

:

(((((is_midpoint(D,C,A) /\ is_midpoint(E,C,B))/\ ~C=A) /\ ~A=B) /\ ~B=C) /\ ~D=E) /\ ~A=B

The fat that

AB

k

DE

is then heked using the Gröbner basis method.During the proof proessthe user an work onhis gure, ifit takestoolong theproofan beinterrupted.

3.1.4. Dealing with non-degeneray onditions

Non degeneray onditions play a ruialrole informal geometry,this has been emphasized by most papers about formalization of geometry (Guilhot,2005;Meikleand Fleuriot,2003;Narboux, 2004).This trans-lationisnotanexeption,wemustbearefulaboutthesemantiofthe generated statements. For this translationwe have deided toonsider GeoProof asatoolwhihpermits to denea geometri formula andit doesnotbuildamodel ofthisformula.Theuserandeneimpossible gures.For instaneifwe perform thefollowing onstrution:

First, reate two points

A

and

B

and then reate the midpoint

C

of the segment

[

AB

]

and the midpoint

D

of the segment

[

BA

]

. Finally, reate the line passingthrough

C

and

D

.Then ifwe try toprove that

A

=

B

,GeoProofshouldansweryes,asthehypothesesofthetheorem are inonsistent (ex falso quod libet). This is onsistent with logi but not with the user's intuition beause the impossible objets are not displayedbyGeoProof.ThisiswhyinfatGeoProofheksrstiffalse an be proved,ifthis isthe aseitwarnstheuserthatits onstrution is impossible asshownon Figure5.

5

A=B appearstwie inthis statement beause both the line and the segment from

A

to

B

havebeenbuilt.

Figure 4. Chekingthemidpointtheoremusingtheembeddedtheoremprover.

3.2. Using Coq

In(Narboux,2004)wehavedesribedtheimplementationofChou,Gao and Zhang's deision proedure for ane geometry in the Coq proof assistant. This development provides a very high level of ondene as the proofs produed by our tati are heked by the Coq kernel. Thisrequiredthe formalproofsofallthetheoremsneededtoprove the orretnessofthe deisionproedure. Ourformalization hasallowed to xsome non-degeneray onditions inthe statementsof somelemmas. Moreover, as the logi behind Coq is intuitionist, this work has also permitted to larify what are the lassial reasoning steps whih are used in the deision proedure. More information is also available in frenh in(Narboux, 2006a).

Here we want to exporta onstrution built using GeoProof into a statementinthelanguageoftheCoqdevelopment.Ourimplementation of Chou, Gao and Zhang's deision proedure is restrited to ane plane geometry. Hene in GeoProof the tools whih do not have any orresponding oneptinthe Coqimplementation aregrayed out.The Coq development is based on the axiom system shown on Table IV.

Figure 5. Tryingtoproveapropertywithontraditoryhypotheses.

This axiom system is based on two geometri quantities. The signed areaofatriangle (

S

ABC

) andtheratio oftwoorienteddistanes(

AB

CD

). To ease the Coq formalization, this axiom system has been slightly modied ompared to theaxiom system found in (Chou et al., 1994). In the original axiom system the ratio of two oriented distanes

AB

CD

is dened only when

AB

is parallel to

CD

. Here we do not put this restrition at the axiom systemlevel but onlywhen we state theorems involving ratios. It is lear that this axiom system is based on points. Henewehavetoperformatranslationsimilartothosedesribedinthe last setion. Table V gives the translation of some ommon geometri notions in the language of the axiom system. Figure 3.2 shows the translation of the statement orresponding to the midpoint theorem inthesyntaxof Coq.

TableIV. TheChouaxiomsystem(slightlymodiedfortheformalization inCoq).

Points Point:Set

Field

F

isaeld

2

6

= 0

Signeddistane

·

:

Point

→

Point

→

F

AB

= 0

⇐⇒

A

=

B

Signedarea

S

:

Point

→

Point

→

Point

→

F

S

ABC

=

S

CAB

S

ABC

=

−

S

BAC

Chasles'axiom

S

ABC

= 0

→

AB

+

BC

=

AC

Dimension

∃

A, B, C

:

Point

,

S

ABC

6

= 0

S

ABC

=

S

DBC

+

S

ADC

+

S

ABD

Constrution

∀

r

:

F

∃

P

:

P oint,

S

ABP

= 0

∧

AP

=

rAB

A

6

=

B

∧ S

ABP

= 0

∧

AP

=

rAB

∧ S

ABP

′

= 0

∧

AP

′

=

rAB

→

P

=

P

′

Proportions

A

6

=

C

→ S

P AC

6

= 0

→ S

ABC

= 0

→

AB

AC

=

S

P AB

S

P AC

TableV. Expressingsomeommongeometri no-tionsusing

S

andratios

Geometri notions Formalization

A

,

B

and

C

areollinear

S

ABC

= 0

AB

k

CD

S

ABC

=

S

ABD

I

isthemidpointof

AB

AB

Figure 6. Themidpointtheorem,expressedintheCoqlanguagefor Choudeision proedure.

4. Interative input

In this setion we desribe the interative proof mode of GeoProof. Thanks to the onguration menu,the user an hoose between three interative modes, the rst one uses the language desribed insetion 3.2 and the seond one uses the language of the Coq development for high shool geometry by Frédérique Guilhot (Guilhot, 2005) and the thirdoneusethelanguageofourformalizationofthegeometryofTarski (Narboux,2006). Inthe rstmode theuser andealwithaneplane geometry and inthe two other modes withEulidean plane geometry. Theinteration withCoqisperformedthroughthe CoqIDEuser inter-fae. GeoProof ommuniates with CoqIDE

6

via a private lipboard. We have started by implementing the translation from a GeoProof onstrution to a Coq statement. We perform the same translation as in (Bertot etal., 2003) exept that it is inthe reverse diretion (here we translate to Coq)

7

.

The interative modeof GeoProof isdeomposed into four steps:

Init.

/

/

_Construction

/

/

Goal Denition

/

/

P roof

Intheinitializationphase,theommuniationbetweenCoqIDEand GeoProofisstarted.Dependingontheusedlanguagesomeonstrution tools whih an not be exported to Coq are grayed out in GeoProof. TheCoqdenitionsorrespondingtotheusedarelanguageloadedusing the Coq ommand Require. A new setion is opened. If the user had already onstruted some objets before starting the interative proof mode, these objets are now exported to Coq. Objets whih do not have anymeaning in the seletedlanguage areignored.

Intheonstrutionphasetheobjetsreatedbytheuserareaddedin the Coqontext withtheirorrespondingassumptions. Intheexample shown

8

inFigure 9 this orresponds to theVariable and Hypothesis ommands.

Inthe goalphasethe user needsto dene what hewantsto prove. In theontext of eduation this phasean be presentedas an exerise onsistinginndinganinterestingonjetureaboutthegure.Forthat purposeGeoProof providesseveral features:

6

ThisfeaturerequiresCoqIDEversion8.1orlater.

7

In the future we should merge our developmentsto allow ommuniation in both diretions,this requires amoreomplexommuniationsystemas explained inthefutureworksetion.

8

TheprediatesnamesareinFrenhbeausethisdevelopmentisfousedonthe Frenhhigh-shoolurriulum

Figure 7. Theontextualmenuassoiatedtoadynamilabel.

1. Theuseran move thefreepointsofthe gureto guessthe invari-ants.

2. When the user has guessed a onjeture, he an make a rst ex-periment to hek the onjeture by building a dynami label to perform measures onthe gureasdesribedinsetion 2.2.Then if he wants to prove the fat represented by the label, he an right likonthelabeland hoosetheorrespondingmenuentry.Figure 7shows the ontextualmenuof adynami label.

3. To invent a onjeture about the lous of a point i.e. the path traed out bya moving point under given geometrial onditions, theuser an take advantage ofthe trae option. When this option isativatedfor anobjet,thisobjetleavesatraebehindhim.For instane the lous of a point, whih is equidistant from two xed points, isthe perpendiularbisetor ofthestraight line joining the twoxed points.

In the proof phase the user proves his statement within CoqIDE. Hene, the urrent implementation of GeoProof requiresto know how to use Coq. This will be improved in future versions by adding some featuresto allowthe appliation of theorems withinGeoProof.

If during the proof a new objet needs to be reated, theuser an do it using GeoProof. Indeed when a new objet is added in GeoProof a Coq tati is pasted into CoqIDE. This tati applies the theorem whih proves the existene of the objet whih has just been reated and introdue in theontext the knowledge about this new objet. In some ases this generatesnon-degeneray onditions whih need to be proved bytheuser. Figure8showsthe ommand(denedinLta- the tati language of Coq) whih is used when the user reates a point

I

at theintersetionof two lines

AB

and

CD

.

Lta let_intersetion I A B C D :=

let id1 := fresh in ((assert (id1:exists I, I = pt_intersetion (line A B) (line C D));

[apply (existene_pt_intersetion)|DeompEx id1 I℄)).

Figure 8. Thetatitoprovetheexisteneofthepointofintersetion.

Figure9. ThemidpointtheoreminthelanguageusedbyFrédériqueGuilhot'sCoq development.

If the user deletes an objet in GeoProof it is removed from the Coq ontext thanks to the lear ommand of Coq. If the user wants to delete some objet without deleting it in Coq, he an hide the objet inGeoProof.

5. Future Work

Theurrent prototype ofGeoProofuses aprivatelipboard

9

asa om-muniation pipe between GeoProof and the Coq Interative

Develop-9

Tehnially,weuseafeatureprovidedbyGTK:wereatealipboardidentied byaname(hereGeoProof)whihisdierentfromthestandardlipboard.

Coq

GeoP roof

Isabelle

PG Broker

o

o

P GI P

/

/

w

w

P GI P

7

7

o

o

o

o

o

o

o

o

o

o

o

o

o

o

o

g

g

P GI P

'

'

O

O

O

O

O

O

O

O

O

O

O

O

O

O

O

'

'

P GI P

g

g

NN

_NN

NN

NN

_NN

NN

NN

_N

/

/

P GI P

o

o

7

7

P GI P

w

w

pp

pp

pp

pp

pp

pp

pp

pp

P Coq

. . .

_CoqIDE

Figure 10. IntegratingGeoProofintheproofgeneralinfrastruture

mentEnvironment.Thisapproahhastheadvantagetobebotheasyto implement and easy to use.The useran start the interation without anyonguration step, he justneedsto launh GeoProofand CoqIDE on the same omputer. But this infrastruture has some limitations. First,theommuniationwithCoqisdoneusingtheCoqsyntax,whih is easy to produe but hard to parse. Seond, the synhronization be-tween what istyped in CoqIDE and the input generated byGeoProof is notensured. A better infrastruture fortheommuniation between Coqand GeoProof wouldbe to usetheProof GeneralInteration Pro-tool(PGIP)framework(Wintersteinetal.,2004;Aspinalletal.,2004). Thisframeworkis basedon XMLand allowsto have severalinterfaes interating at the same time with one proof assistant. This is exatly what we need beause as mentioned before, some proofs are easier to grasp diagrammatially and some arebetter presented the lassi way (proofsusingomplexnumbersforinstane).Inourexample,GeoProof andCoqIDEwouldinteratwiththeCoqproofassistant.Butthisould be generalized to other proof assistants and graphial user interfaes suh as Isabelle, Elipse/Proof General and PCoq as shown in Fig-ure 10. This approah would require implementation of PGIP within Coq,CoqIDE andGeoProof.

The proving features ofGeoProof in itself should also be extended. Weneed to add thepossibilityto apply atheorem graphiallybydrag and drop and to markfats on thediagramto produe newassertions in Coq. We ould also transform maro onstrutions into proof of existeneof geometri objets verifying some properties.

Another planned extension of GeoProof is to adapt it to deal with diagrammati proofsinabstrattermrewriting(seethersthapterof (Baaderand Nipkow, 1998)).We have formalized in(Narboux,2006b) thekindofdiagramswhihareusuallyfoundintherewritingliterature. ThenextstepistoimplementthisformalizationinGeoProoftoprovide

ahighlevelinputlanguagefor proofsinabstratrewriting. Thedesign presentedinthis paperan beadapted to abstratterm rewriting.

We are also aiming at pseudo-diagrammati proofs ineulidean ge-ometry.Beauseofdegeneratedases(impossiblegures)wethinkthat a fully diagrammati and intuitive notation for eulidean geometry is hard to obtain.We believe thatthe solution onsistsin usinga mixed approahwhih isdiagrammati or textual depending onthe ontext.

6. Conlusion

Proving is a ruial aspet of mathematis and hene must have a prominent role inthe eduation. Themost widelyusedsoftwareinthe teahingofmathematisaremainlyusedtoexplore,visualize,alulate, ndounterexamples,onjetures,orhekfats,butmostoftheman not be used to build a proof in itself.We believe that proof assistants should be adaptedto fulllthis need.

Wehavepresentedinthepaperaprototypewhihaimsatintegrating dynami geometry, automati theoremproving and formalproof. This should be onsidered asarst step toward theuseof aproof assistant inthe lassroom.

Availability

GeoProof isavailableat: http://home.gna.org/geoproof/

Aknowledgements

IwanttothankHugoHerbelinforhishelpduringtheelaborationofthis work and Frédérique Guilhot for her omments and the formal proofs shehasadded to herdevelopment forGeoProof.

Referenes

Ag-Almouloud: 1992, `L'ordinateur, outil d'aide à l'apprentissage de la démon-stration etdetraitementde donnéesdidatiques'. Ph.D. thesis, Universitéde Rennes.

Amerkad,A.,Y.Bertot,L.Pottier,and L.Rideau:2001, `MathematisandProof PresentationinPoq'.In:WorkshopProofTransformationandPresentationand ProofComplexities inonnetionwithIJCAR2001.

Anderson,J.R.,C.F.Boyle,andG.Yost: 1985,`ThegeometryTutor'. In:IJCAI Proeedings.pp.17.

Aspinall, D., C. Lüth, and D. Winterstein: 2004, `A Framework for Interative Proof'. Tehnialreport.

Baader, F. and T. Nipkow: 1998, Term rewriting and all that. New York, USA: CambridgeUniversityPress.

Balahe,N.,S.Pesty,M.Oello,R.Caera,C.Webber,andN.Peltier:1999-2002, `Baghera'. http://www-baghera.imag.fr.

Barwise, J.and G.Allwein(eds.):1996, LogialReasoning withDiagrams. Oxford UniversityPress.

Bernat, P.: 1993, `CHYPRE: Un logiiel d'aide au raisonnement'. Tehnial Report10,IREM.

Bertot, Y.,F. Guilhot,and L. Pottier:2003, `VisualizingGeometrial Statements withGeoView'. Eletroni NotesinTheoretialComputer Siene103,4965. Bertot,Y. andL. Thery:1998, `Ageneri approahtobuilding userinterfaesfor

theoremprovers'. TheJournalofSymboliComputation25,161194.

Chou, S.-C.: 1988, Mehanial Geometry Theorem Proving. D. ReidelPublishing Company.

Chou, S.-C.and X.-S. Gao: 1992, `Alass ofgeometrystatementsofonstrutive typeandgeometrytheoremproving'. In:Proeeding ofCADE92.

Chou, S.-C., X.-S. Gao, and J.-Z. Zhang: 1994, Mahine Proofs in Geometry. Singapore:WorldSienti.

Chou,S.-C.,X.-S.Gao,andJ.-Z.Zhang:1996,`AutomatedGenerationofreadable proofswithgeometriinvariants,TheoremProvingwithFullAngle'. Journalof Automated Reasoning17,325347.

Coq development team, The: 2004, `The Coq proof assistant referene manual, Version8.0'. LogiCalProjet.

Furinghetti,F.andP.Domingo: 2003,`Toprodueonjeturesand toprovethem within a dynami geometry environment: a ase study'. In: Proeeding of PsyhologyofMathematis 27thinternationalConferene.pp.397404. Gao,X.-S.:2000,`GeometryExpert,SoftwarePakage'. http://www.mmr.iss.a.

n/~xgao/gex.html.

Gao, X.-S.andQ.Lin:2002,`MMP/Geometer-asoftware pakagefor automated geometryreasoning'. In:F.Winkler(ed.):ProeedingsofADG2002.pp.4446. Gressier, J.: 1988-1998, `Geometrix'. http://perso.wanadoo.fr/jgressi er/

ENGLISH/english.html.

Guilhot, F.:2005, `Formalisation enCoq et visualisationd'un oursde géométrie pourle lyée'. Revue des Sienes etTehnologies de l'Information,Tehnique etSieneInformatiques, Langagesappliatifs24,11131138. Lavoisier. Harrison,J.:2003, `AutomatiTheoremProvingExamples'. http://www.l.am.

a.uk/users/jrh/atp/index.html.

Jamnik, M.: 2001, Mathematial Reasoning with Diagrams: From Intuition to Automation. CSLIPress.

Kortenkamp, U.: 1999, `Foundations of Dynami Geometry'. Ph.D. thesis, ETH Zürih.

Kortenkamp,U.andJ.Rihter-Gebert:2004,`Usingautomatitheoremprovingto improvetheusabilityofgeometrysoftware'. In:MathematialUserInterfae. Laborde, J.-M. and F. Bellemain: 1993-1998, `Cabri-Geometry II'. http://www.

abri.net.

Luengo,V.:1997,`Cabri-Eulide:UnmiromondedePreuveintégrantlaréfutation'. Ph.D.thesis,UniversitéJosephFourier.

Meikle,L.andJ.Fleuriot:2003,`FormalizingHilbert'sGrundlageninIsabelle/Isar'. In:TheoremProvinginHigherOrderLogis.pp.319334.

Miller, N.: 2001, `A diagrammati formal system for Eulidean geometry'. Ph.D. thesis,CornellUniversity.

Narboux, J.:2004, `A Deision Proedure for Geometryin Coq'. In:S. Konrad, B. Annett, and G. Ganesh (eds.): Proeedings of TPHOLs'2004,Vol. 3223 of LetureNotesinComputer Siene.

Narboux,J.:2006a,`Formalisationetautomatisationduraisonnementgéométrique enCoq'. Ph.D.thesis,UniversitéParisSud.

Narboux,J.:2006b,`Aformalizationofdiagrammatiproofs inabstratrewriting'. Narboux, J.: 2006, `Mehanial Theorem Proving in Tarski's geometry'. In:

ProeedingsofAutomatiDedutioninGeometry06.

Narboux, J.: 2006d, `The user manual of GeoProof'. http://home.gna.org/ geoproof/doumentation.html.

Py,D.:1990,`Reonnaissanedeplanpourl'aideàladémonstrationdansuntuteur intelligentdelagéométrie'. Ph.D.thesis,UniversitédeRennes.

Rihter-Gebert, J. and U. Kortenkamp: 1999, `Die interaktive Geometrie soft-wareCinderella Bookand CD-ROM'. Germanshool-editionof theCinderella software. http://inderella.de.

Shwartz,J.T.:1979, `Probabilistialgorithmsforveriationofpolynomial iden-tities'. In: Symboli and algebrai omputation, Vol. 72 of Leture Notes in Computer Siene.Marseille,pp.200215.

Wilson,S.andJ.Fleuriot:2005,`CombiningDynamiGeometry,Automated Geom-etryTheoremProvingandDiagrammatiProofs'.In:ETAPSSatelliteWorkshop onUserInterfaesforTheoremProvers (UITP).Edinburgh.

Winterstein, D.: 2004a, `Dr.Doodle: A Diagrammati Theorem Prover'. In: ProeedingsofIJCAR2004.

Winterstein, D.: 2004b, `Using Diagrammati Reasoning for Theorem Proving in ContinousDomain'. Ph.D.thesis,TheUniversityofEdinburgh.

Winterstein,D.,D.Aspinall, andC.Lüth:2004,`PG/Elipse:A GeneriInterfae forInterativeProof'. Tehnialreport.

Wu, W.-T.: 1978, `On the deision problem and the mehanization of theorem provinginelementarygeometry'. In:SientiaSinia,Vol.21. pp.157179. Yevdokimov,O.: 2004, `Aboutaonstrutivist approahfor stimulating students'

thinking toprodueonjeturesand their provinginative learning of geome-try'. In:Fourth Congress ofthe European Soietyfor Researh inMathematis Eduation.