A Graphical User Interface for Formal Proofs in Geometry.

HAL Id: inria-00118903

https://hal.inria.fr/inria-00118903

Submitted on 7 Dec 2006

Geometry.

Julien Narboux

To cite this version:

Julien Narboux. A Graphical User Interface for Formal Proofs in Geometry.. Journal of Automated

Reasoning, Springer Verlag, 2007, Special Issue on User Interfaces in Theorem Proving, 39 (2), pp.161-

180. �10.1007/s10817-007-9071-4�. �inria-00118903�

Julien Narboux(julien.narbouxinria.fr)

ProjetPCRIPleCommundeReherheenInformatiquedu plateau deSalay,

CNRS,ÉolePolytehnique,INRIA,Université Paris-Sud.

Otober10,2006

Abstrat. Wepresentinthispaperthedesignofagraphialuserinterfaetodeal

with proofs ingeometry.The software developedombinesthreetools:adynami

geometrysoftwaretoexplore,measureandinventonjetures,anautomatitheorem

proverto hekfatsand aninterativeproofsystem(Coq)tomehaniallyhek

proofsbuiltinterativelybytheuser.

Keywords: geometry,theorem prover, proof assistant, interfae, Coq, dynami

geometry,automatedtheoremproving

1. Introdution

Dynami Geometry Software (DGS) and Computer Algebra Software

(CAS) arethe most widely used software for mathematis inthe edu-

ation.DGSsallowthe userto reate omplexgeometri onstrutions

stepbystepusingfreeobjetssuhasfreepointsandpredenedatomi

onstrutions depending onotherobjets (forinstanetheline passing

through two points, themidpoint of asegment, et.). The freeobjets

an be draggedusingthemouseand the gureisupdatedinrealtime.

CAS allow symboli manipulations ofmathematial expressions.

Themostwidelyusedsystemsarethehistorialoneswhihappeared

inthe90s,namelyGeometer'sskethpad (Jakiw, 1990)andCabriGe-

ometer(LabordeandBellemain,1998).Butthereexistsalargenumber

of freeand ommerial softwareaswell

1

.

Theeduationommunityhasstudiedtheimpatoftheuseofthese

software on the proving ativity (Yevdokimov, 2004; Furinghetti and

Domingo, 2003). DGSsaremainly usedfor two ativities:

−

1

Weanite(thelistisnotintendedtobeexhaustive):CaR,ChypreCinderella,

Déli,De,Dr.Geo,Eulid,EuklidDynaGeo,Eukleides,Gava,GeoExp,GeoFlash,

GeoLabo, GeoLog, Geometria, Geometrix, Geometry Explorer, Geometry Tutor,

GeoPlanW,GeoSpaeW,GEUP,GeoView,GEX,GRACE,KGeo,KIG,Mentoniezh,

MM-Geometer,Non-Eulid,XCas,et.

−

fats.

We believe that these software systems should also be used to help

the student in the proving ativity itself.Work has been performed in

this diretion and several DGS with proof related features have been

produed.Thesesystemsanberoughlylassiedintotwoategories:

1. thesystemswhihpermitto build proofs;

2. thesystemswhih permitto hekfats using an automatedtheo-

remprover.

TheGeometryTutor (Andersonetal.,1985),Mentoniezh (Py,1990),

De (Ag-Almouloud,1992),Chypre (Bernat,1993),Cabri-Eulide(Lu-

engo, 1997), Geometrix (Gressier,1998) andBaghera (Balahe etal.,

2002) systems belongs to the rst ategory. Using these systems the

studentanprodueproofsinterativelyusingasetofknowntheorems.

Inmostofthesesystemsthestudentannotinventaproofverydierent

from what the program had pre-omputed using automated theorem

proving methods. As far as we know, the exeption is Cabri-Eulide

whihontainsasmallformalsystemandthereforegivesmorefreedom

to thestudent. Baghera inludes also e-learning features, suh as task

management and network ommuniation between teahers and their

students.

MMP-Geometer(Gao,2000),GeometryExpert(GaoandLin,2002),Ge-

ometry Explorer(Wilson and Fleuriot, 2005) and Cinderella (Korten-

kamp,1999;KortenkampandRihter-Gebert,2004;Rihter-Gebertand

Kortenkamp, 1999; Shwartz, 1979) belongs to the seond ategory.

Geometry Expert and MMP-Geometer are DGS whih are used as a

graphial interfae for an implementation of the main deision proe-

duresingeometry.Geometry Explorer providesadiagrammati visual-

ization of proofs generated automatially by a prolog implementation

of Chou's full angle method (Chou et al., 1996). Cinderella allows to

export the desription of the gure to omputer algebra software to

perform algebraiproofs.

Thework losestto oursis(Bertot etal.,2003). TheGeoView soft-

wareprovidesavisualizationtoolforsomeformalgeometristatements

usingano-the-shelfDGSandthePCoquserinterfaefor Coq(Bertot

and Thery,1998; Amerkad etal.,2001). Itis intendedto be usedwith

theformalization of geometry forthe Frenh urriulumby Frédérique

Guilhot (Guilhot, 2005) in the Coq proof assistant (Coq development

team,The, 2004).

We present in this paper the design of a system whose aim is to

ombineautomati theoremproving,interativetheoremprovingusing

a formal proofsystem (theCoqproof assistant)and diagrammati vi-

sualization.Thedierenebetweenourapproahandtheothersystems

wehaveited(exeptGeoView)isthatweuseofageneralpurposeproof

assistantandombineinterative andautomatedtheoremproving.The

dierenebetweenoursystemandGeoViewisthatommuniationwith

Coqgoesintheother diretion.

Our approah isguidedbythefollowing motivations:

−

matirepresentation andevensometimesadiagramanbeseenas

ahighleveldesriptionofaproof(BarwiseandAllwein,1996;Jam-

nik, 2001; Miller, 2001; Wilson and Fleuriot, 2005; Winterstein,

2004a;Winterstein,2004b). Butsometimes adiagramanbemis-

leading.Thatiswhythe veriationoftheproofbyaformalproof

systemisruial asitprovidesa very highlevelofondene.

−

use of a general purpose proof assistant suh as the Coq proof

assistantprovidesawaytoombinegeometrialproofswithlarger

proofs.For example,it ispossible to usethe Coqsystemto prove

fatsabout polygonsbyindutiononthenumberofedges,orfats

about transformations usingomplex numbers.

−

arefats that are diult to understand without a graphial rep-

resentation.Hene, we need to ombine both approahes.

−

user/student.

We will rstgive ashort introdution ofour prototypenamed Geo-

Proof. Then we will fous on the proof related features of GeoProof:

automati theorem proving and interative generation of Coq state-

ments.

2. An overview of GeoProof

GeoProof is a free and open soure Dynami Geometry Software. It

allows one to reate and then manipulate geometri onstrutions. It

is distributed under the term of the GPL Version 2 liense. It has

been implemented by starting from a projet alled DrGeoCaml ini-

tiallydevelopedbyNiolas François. GeoProofiswritten intheOaml

programminglanguage usingonlyportable librariesinsuh awaythat

itan beompiled for Linux, Windowsand MaOSX.

In this setion, we fous on the dynami geometry features of Geo-

Proof, the proof oriented funtionality will be desribed in the next

setions.Figure1 givesaquikoverviewofthegraphial userinterfae

of GeoProof.The dierent tools an be sorted infour ategories. The

onstrutionstoolsareusedtoreate newgeometriobjets.GeoProof

supportsthe maingeometrionstrutions andtransformationsinvolv-

ingpoints, irles,lines, segmentsand vetors.

The visualization tools allow to hange the zoomfator and move the

gure on the page. The manipulation tools allow to selet, delete and

move objets. The measures and tests tools are shortuts to reate

speial dynami labels (those are desribed in the setion 2.2). For

instane the toolto testif twolines areparallel reatesa textuallabel

whih tells if the two lines are parallel on the instane of the gure

whih is urrently displayed. These test tools do not provide a proof,

theyshouldbeusedtoquiklytestthevalidityofaonjetureonseveral

instanes ofthe gurebymanipulating thefreepoints.

To simplify the reation of large gures,the useran organizethe ob-

jets using layers and hange the drawing style of the objets (hidden

ornot,dashedornot,olor...).Aompletedesriptionofthefeatures

of GeoProofan befound in(Narboux, 2006d).

Construction tools Measures and tests tools

Visualization tools

Working window Description of the figure

Undo/Redo Selection Manipulation Help

Status bar

Labels

Figure 1. Asreen-shotofthemainwindowofGeoProof.

2.1. Input/Output

The doumentsan besaved using an open format basedon theXML

tehnology. It an export the gures using a bitmap format (PNG,

BMP, JPEG), a vetor graphi format (SVG) or a textual desription

inpseudo-natural language.

Thedesriptionofthegureanalsobeexportedtotheinputlanguage

oftheEukleidessoftwaretoeasetheinsertionofguresinaL A

T

E Xdo-

ument

2

. The language used by Eukleidesfor thedesription of gures

ishighlevel. Thismeansthatafterreatingthegureusing GeoProof,

iftheuserwantstoperformsmallhangesitisnotneessarytoopenit

again using GeoProof, the desription is readable enough to be edited

diretlywithin the L A

T

E

X le. Figure2 shows anexample sript.

frame(-10.00000,6.00000,12.48000,-3.90000,0.93416)

A = point(-3.22000,4.30000)

olor(red)

thikness(2)

draw(A,dot)

olor(blak)

draw("A",A,0.28000,arg(irle(A,1),point(1.400,1.400)):)

...

...

Segment_3 = segment(C,A)

olor(blak)

thikness(2)

draw(Segment_3,full)

Line_1 = line(D,E)

olor(blue)

thikness(2)

draw(Line_1,dashed)

Figure 2. ExporttoL A

T

E

XusingEukleides.

2.2. Dynami labels

Adynamilabelisatextelementenrihedwiththepossibilitytodisplay

the result of a omputation dened using a small language (Narboux,

2006d). Textual labels whih appear in a gure an ontain dynami

elds. Dynami elds ontains expressions whih are evaluated inreal

2

http://www.eukleides.org/

Figure 3. Thedenitionofadynamilabel.

time when the gure is manipulated. Dynami eld are delimited by

the sign #. As all the omputations done by GeoProof, the evaluation

oftheseexpressionsisperformedusingarbitrarypreision.Thankstoa

onguration le theuser an hooseat whih preision the omputa-

tions are performed. If themathematial expressions ontained in the

text elementsdepend onotherpointsof the gure,thetext isupdated

inreal time whenthe user hangesthepositionof thefreepoints.The

dynami part of the labels an ontain measures and prediate tests

using variables depending on other objets. For instane if the user

wants to dene a label to ompare the size of two triangles he an

dene the following label: .

The triangle ABC is #if area(A,B,C)>area(D,E,F) then

"bigger" else "smaller"# than the triangle DEF.

Figure3showsanexampleofadynamilabeltotestifthreepointsare

ollinear.Using predeneddynamilabelstheuseran hekeasily for

example iftwo linesare parallel (on the spei instane of the gure

displayed).

3. Automati proof

We present in this setionhow GeoProof an ommuniate withauto-

matitheoremprovingtools.Wehaveimplementedautomati theorem

proving in GeoProof using two dierent systems: the rst one takes

advantageofanimplementationof theGröbnerbasisandWumethods

(Wu,1978;Chou,1988)written byJohnHarrison(Harrison,2003),the

seond one onsistsof exporting to our ownimplementation of Chou's

deision proedure for ane geometry (Chou et al., 1994) in theCoq

proofassistant(Narboux,2004).TheimplementationbyJohnHarrison

wasdesigned to aompany atextbookonautomatedtheoremproving

andishenenotintendedtobeeient.Wehavehosenthisimplemen-

tationbeauseitisfreeandanbetightlyintegratedwithGeoProof.We

plan to add the possibility to use the other implementations provided

bytheCAS.

3.1. Using embedded automati theorem prover

TheformalizationusedbyJohnHarrisonisbasedonatheorywithonly

pointsasbasiobjetswhereasGeoProofusespoints,linesandirlesas

thebasimathematialobjets.Weneedtotranslatefromonelanguage

tothe otherone.TheinputoftheATPisarstorderformulawiththe

following prediates:

collinear

parallel

perpendicular

eq

distance

(written as

AB = CD

eq

angles

using analgebrai formula usingtheoordinates ofthepoints.

Let

x P

y P

P

collinear(A, B, C) ≡

(x A − x B )(y B − y C ) − (x B − x C )(y A − y B ) = 0 parallel(A, B, C, D) ≡

(x A − x B )(y C − y D ) − (x C − x D )(y A − y B ) = 0 perpendicular(A, B, C, D) ≡

(x A − x B )(x C − x D ) + (y A − y B )(y C − y D ) = 0 eq

distance(A, B, C, D) ≡

(x A − x B ) ² + (y A − y B ) ² − (x C − x D ) ² − (y C − y D ) ² = 0

eq

angle(A, B, C, D, E, F ) ≡

((y B − y A ) ∗ (x B − x C ) − (y B − y C ) ∗ (x B − x A ))∗

((x E − x D ) ∗ (x E − x F ) + (y E − y D ) ∗ (y E − y F ))

=

((y E − y D ) ∗ (x E − x F ) − (y E − y F ) ∗ (x E − x D ))∗

((x B − x A ) ∗ (x B − x C ) + (y B − y A ) ∗ (y B − y C ))

3.1.1. Translatinga onstrution into a statement for ATP.

We need to translate from one language to the other one. The idea

of the translation onsist of maintaining the invariant that lines and

irles are always dened by two points. Of ourse this is not true in

GeoProof. For instane one an build a line as theparallel of another

line passingthroughapoint.Insuhaase weneed to dene aseond

dening point for the line. For that purpose we generate new points

during the translation. We dene the translation by ase distintion

on theonstrution. Table Igivesthe dening points for eah line and

irle depending on how these objets have been onstruted.

P 1 l

P 2 l

and

O c

freshvariables.Thesenewvariableswhihdonotappearintheoriginal

gure are used to dene lines and irles when we do not have two

pointson the objeton the gurewe translate from.

Linesaredenedbytwopoints

P ¹ (l)

P ² (l)

at least one of thedening points we use it instead of reating a new

point beause itsimplies thegenerated formulas.

Cirles aredened bytheir enter

O(c)

P(c)

Table II provides the translation of GeoProof onstrutions

3

into the

language aepted by the embedded theorem prover. Inidentally, it

gives a subset of the onstrutions of the language of GeoProof. The

non degeneray onditions are inspired by those in (Chou and Gao,

1992). The prediateisotropi isdened by:

isotropic(A, B) ≡ perpendicular(A, B, A, B)

In Eulidean geometry it is equivalent to

A = B

geometry. We produe a statement whih is interpreted in the metri

geometry beause Wu and Gröbner bases methods are omplete only

for metri geometry. For more information about this see (Chou and

Gao, 1992;Chou, 1988).Moreoverif

I 1

I 2

I 1 6= I 2

thehypotheses.Notethatdierentonstrutionsofthesamegurean

lead todierent degenerayonditions and henedierent formulas.

3

To simplify the presentation we only provide the translation for the main

GeoProofonstrutions.

GeoProofConstrution Deningpoints

l

A

B P

(l) = A P

(l) = B l

m

A P

(l) = A P

(l) = P 2

l

m

A P

(l) = A P

(l) = P 2

l

A

B P

(l) = P 1

P

(l) = P 2

l

A

B

C P

(l) = B P

(l) = P 2

c

O

A O(c) = O P(c) = A c

A B O(c) = O

P(c) = A

3.1.2. Corretness of the translation

To onvine the reader that the translation we give is orret in the

senseitorrespondsto theintuitiontheuserofGeoProof anhave,we

will provethatthe translationwe giveis equivalent toa moreintuitive

semanti based on points, lines and irles. This semanti is given in

TableIII.

Weassumethatwehavethreetypesofobjets:

P oint

Line

Circle

Weassume wehave two relations ofinidene

4

:

_

∈

: P oint → Line → P rop

and

_

∈

: P oint → Circle → P rop

Weassumethatwehavethe perpendiularandparallel prediatesover

lines:

_

k

: Line → Line → P rop

and

_

⊥

: Line → Line → P rop

Weassumethatwehave aprediateexpressingthefatthatapointis

the enter ofa irle:

_

is

center

: P oint → Circle → P rop

Wewanttoshowthattheformulasdenedbythetwo semantis are

equisatisable.Wefollowthedenitionofthetranslationandprovethe

property byase distintion, we onlyshowafew ases:

Point

P

l

way

l

4

Notethatthenotation

∈

TableII. Prediateformfor eahtypeofonstrution

GeoProof Constrution Prediateform

Freepoint

true

Point

P

l collinear(P, P

(l), P

(l))

Point

P

c O(c)P(c) = PO(c)

I

A

B IA = IB ∧ collinear(I, A, B)

I

l

l

collinear(I, P

(l

), P

(l

))∧

collinear(I, P

(l

), P

(l

))∧

¬parallel(P

(l

), P

(l

), P

(l

), P

(l

))

I

c

c

IO(c

) = O(c

)P(c

)∧

IO(c

) = O(c

)P(c

)∧

¬isotropic(O(c

), O(c

))

I

c

l

IO(c) = O(c)P(c)∧

collinear(I, P

(l), P

(l))∧

¬isotropic(P

(l), P

(l))

l

A

B A 6= B

l

m

A parallel(A, P

(l), P

(m), P

(m))∧

A 6= P

(l) l

m

through

A

perpendicular(A, P

(l), P

(m), P

(m))∧

A 6= P

(l)

l

A

B P

(l)A = P

(l)B ∧ P

(l)A = P

(l)B∧

P

(l) 6= P

(l) ∧ A 6= B

l

A

B

C eq

angle(A, B, P

(l), P

(l), B, C)∧

B 6= P

(l) ∧ A 6= B ∧ B 6= C c

O

A

true

c

A B collinear(O(c), A, B)∧

O(c)A = O(c)B

GeoProof Constrution Prediateform(seond)

Freepoint

true

Point

P

l P ∈ l

Point

P

c P ∈ c

I

A

B IA = IB ∧ collinear(I, A, B) I

l

l

I ∈ l

∧ I ∈ l

∧ l

6k l

I

c

c

I ∈ c

∧ I ∈ c

O

is

center c

∧ O

is

center c

∧ O

∈ m

∧ O

∈ m

∧

¬isotropic(m

) I

c

l I ∈ c ∧ I ∈ l ∧ ¬isotropic(l) l

A

B A 6= B ∧ A ∈ l ∧ B ∈ l

l

m

A l k m ∧ A ∈ l l

m

through

A

l ⊥ m ∧ A ∈ l

l

A

B IA = IB ∧ collinear(I, A, B) ∧ I ∈ l∧

l ⊥ m

∧ A ∈ m

∧ B ∈ m

l

A

B

C eq

angle(A, B, P

(l), P

(l), B, C)∧

B 6= P

(l) ∧ A 6= B ∧ B 6= C c

O

A

A ∈ c ∧ O is

center c

c

A B collinear(O

, A, B) ∧ O

A = O

B∧

O

is

center c ∧ A ∈ c

l

A

B

IIis the following:

collinear(P, A, B) ∧ A 6= B

Theformuladened inTable IIIisthefollowing:

P ∈ l ∧ A 6= B ∧ A ∈ l ∧ B ∈ l

Itan be shownthat:

collinear(P, A, B) ∧ A 6= B ⇐⇒

∃l, P ∈ l ∧ A 6= B ∧ A ∈ l ∧ B ∈ l

Henetheresult.

l

m

A

bleIand IIisthe following:

collinear(P, A, P 2l )∧parallel(A, P 2l , P 1 (m), P 2 (m))∧A 6= P 2l

Theformuladened inTable IIIisthefollowing:

P ∈ l ∧ l k m ∧ A ∈ l

From

A 6= P 2l

l

A ∈ l

P 2l ∈ l

collinear(P, A, P 2l )

P ∈ l

thathereweneed the hypothesis

A 6= P 2l

Inthe other diretion,we rstonstrut apoint

P 2l

from

A

l

collinear(P, A, P 2l )

have

parallel(A, P 2l , P 1 (m), P 2 (m))

... The otherases aresimilar.

Point

P

c

theway

c

c

O

A

quene ofthe equivalene:

OA = P A ⇐⇒ ∃c, P ∈ c ∧ A ∈ c ∧ O is

center c c

AB

the equivalene:

O c A = P O c ∧ collinear(O c , A, B) ∧ O c A = O c B ⇐⇒

∃c, P ∈ c ∧ collinear(O c , A, B) ∧ O c A = O c B ∧ A ∈ c ∧ O c is

center c

I

A

B

midpoint arethesamein both semantis.

... We do not detail here the other ases about intersetion of lines

and irles. Theyan be be shownbyase distintion onthe way

thelinesand theirles have been built.