
Arend: Theorem Prover Based on Homotopy Type Theory by JetBrains - adamnemecek
https://arend-lang.github.io/
======
jey
Wow, JetBrains has a whole HoTT and Dependent Types Research Group:
[https://research.jetbrains.org/groups/group-for-dependent-
ty...](https://research.jetbrains.org/groups/group-for-dependent-types-and-
hott)

~~~
cschmidt
Why would they be working on something like this? Is it useful for JetBrain's
line of work? I mean it is cool, but it makes me curious as to why.

~~~
nextos
I think formal methods may take off sometime in the future, hopefully not too
distant from now. But this has been a thing since the mid 90s, and tools might
still not be mature enough.

I did a whole MSc in Formal Methods about a decade ago, and I think abstract
interpretation, model checking and axiomatic specifications are ready for
prime time now. Exotic type systems and theorem provers are still a bit costly
to use, but have achieved some spectacular successes like seL4.

I guess JetBrains wants to be in this space once things mature.

~~~
im_down_w_otp
The reason I'm so excited about this development is that it's a commercial
product-focused company putting a level of effort into polish and refinement
into this domain. The lack of that kind of polish is an enormous inhibitor to
adoption and acceptance of these classes of tools.

Most, not all, formal methods tools are a tire fire of incoherent UX, bespoke
Byzantine runtime requirements, and scattered piecemeal documentation &
tutorials.

Which makes complete sense when you consider where they originate, what
they're typically used for, how they're maintained, and who their subset of
end users are. You have to _reeeeaaaalllly_ need to reach for one of these
tools to put up with how bad they are, and the population of developers who
have that need is significantly smaller than the population who could derive
some value & benefit from the methods were they not also unnecessarily painful
to use on top of their already being conceptually challenging for the
uninitiated.

Their niche status becomes self-perpetuating. A company like JetBrains making
a move like this might stand a chance of breaking the logjam.

------
ocfnash
Wow, I am delighted to see this!

However I cannot find a precise reference for the chosen type theory.

E.g., is univalence a theorem in their type theory? I presume it is given that
they say their language has "syntax similar to cubical type theory" but I
could not say for sure.

What I'm looking for is a reference containing the actual typing rules, like
this one for Coq: [https://coq.inria.fr/refman/language/cic.html#typing-
rules](https://coq.inria.fr/refman/language/cic.html#typing-rules)

rather than the syntax of the language used for building these terms.

~~~
cjfd
Yes, I came here to say precisely that. It looks like it has about the same
things available as coq as far as syntax is concerned, so what are the
differences?

~~~
ocfnash
Well they claim it is a HoTT (thus presumably univalent) and furthermore has
higher inductive types, neither of which exist in Coq's CIC.

For example, they emphasise that function extensionality is a theorem here:
[https://arend-lang.github.io/about/arend-features](https://arend-
lang.github.io/about/arend-features) (not true in CIC).

It would just be nice to see a list of the rules.

Still I don't want to get hung up on this; the rules must exist somewhere and
presumably will become more discoverable. The project looks superb.

------
namelosw
Wow. Finally a prover with serious IDE support.

I always believe this field would be very useful and evolving steadily in the
industry. It just doesn't attract eyeballs like machine learning and
blockchains.

~~~
baron_harkonnen
> It just doesn't attract eyeballs like machine learning and blockchains.

... yet. The next AI Winter is right around the corner. While there has been
seriously amazing work coming out of ML, in industry there is an insane amount
of resources being put into completely BS ML systems. Outside of FAANG there
are many "fancy" ML projects in industry that are just continually accruing
massive technical debt, and for no good reason. The number of deep neural
networks being used for problems that can be solved with radically much more
simple (and easier to debug and maintain) techniques is astounding. Right now
there is a boom in complex and fragile a systems made by teams of PhD in non-
engineering fields that don't know anything about system or software design.

In a few years these complex systems will need to be maintained and fixed and
it will quickly become apparent that the vast majority of these projects are a
huge business liability with minimal financial or engineering benefit. Expect
a huge back lash against predictions coming from complex, non-interpretable
linear algebra heaps.

The pendulum will swing back, and likely pretty hard (as always probably too
hard). I'm not sure theorem provers will be the winner, but the general class
of understandable, predicable, and explainable things will become more
popular. It is quite possible that "my tool proves things are stable and work"
will be a big sell in the next wave of tech.

~~~
Fr0styMatt88
I'm genuinely curious - can you give some concrete examples of what you
consider to be such BS ML systems?

It would be fun in a TheDailyWTF way :)

~~~
buzzier
AI Circus, Mid 2019 Update [https://blog.piekniewski.info/2019/05/30/ai-
circus-mid-2019-...](https://blog.piekniewski.info/2019/05/30/ai-circus-
mid-2019-update/)

Stories of AI Failure and How to Avoid Similar AI Fails in 2019
[https://www.lexalytics.com/lexablog/stories-ai-failure-
avoid...](https://www.lexalytics.com/lexablog/stories-ai-failure-avoid-ai-
fails-2019)

How IBM Watson Overpromised and Underdelivered on AI Health Care
[https://spectrum.ieee.org/biomedical/diagnostics/how-ibm-
wat...](https://spectrum.ieee.org/biomedical/diagnostics/how-ibm-watson-
overpromised-and-underdelivered-on-ai-health-care)

Automakers Are Rethinking the Timetable for Fully Autonomous Cars
[https://www.designnews.com/electronics-test/automakers-
are-r...](https://www.designnews.com/electronics-test/automakers-are-
rethinking-timetable-fully-autonomous-cars/93993798360804)

~~~
Fr0styMatt88
Just what I need for my work commute, thanks! :)

As an aside, my worry with AI/ML is that we’re creating these giant, un-
debuggable systems that can’t be fixed when specific problems arise. Every
time I see complaints about YouTube/Facebook/<some other company> giving
nonsense recommendations to people I think “How would they even fix that? Do
they even know how their recommendation systems work?”.

One of the great things about software is that when something is broken, you
can go right in there and fix it. With ML, I can imagine getting to a point
where our only option is to take the black-box we’ve created to therapy and
hope for the best.... :)

------
dwohnitmok
I can't tell if this is JetBrains trying to develop its own version of
Microsoft Research, or if this is the humble beginnings of a project like
Kotlin that it aims to put its weight behind. Both would be cool (and indeed
it could be both), but the latter would be truly exciting and a potentially a
huge leap forward for theorem proving and formal verification.

~~~
yole
This is a research project. At this time there are no plans to invest into it
on the same level as we're investing in Kotlin.

~~~
dwohnitmok
Ah I figured it probably wouldn't be the same degree of commitment as Kotlin
given the disparity of demand. Are you at liberty to say whether this is a
project JetBrains hopes to eventually use in a production capacity for its own
work?

~~~
yole
I'm not in contact with the research team and don't know which practical
applications they have in mind, but as far as IntelliJ is concerned, we don't
have any current plans to use the results of their work.

------
nutjob2
For those who want to understand what Homotopy Type Theory is, here is the
"standard text" free to download or online:

[https://ncatlab.org/nlab/show/Homotopy+Type+Theory+--+Unival...](https://ncatlab.org/nlab/show/Homotopy+Type+Theory+--+Univalent+Foundations+of+Mathematics)

~~~
Smaug123
Though note that it is not simple to understand; it will take quite a lot of
real work to grok, unless for some reason you already know about univalence.

~~~
krapht
The trouble with HoTT is that it has very little to offer in regards to making
it easier to prove the correctness of programs expressed in Hoare logic (which
is ~99% of all computer programs).

~~~
Footpost
They are not mutually exclusive:

\- Use HoTT or any other type theory as a logic / foundation of math.

\- Use Hoare logic to reason about programs, using your logic / foundation of
math to deal with inferences that are not given by the rules of your Hoare
logic, i.e. for Hoare's "Rule of Consequence".

There are several ways of connecting the two. One is Hoare type theory [1].
Another is using Characteristic Formulae [2, 3].

[1] G. A. Delbianco, A. Nanevski, Hoare-Style Reasoning with (Algebraic)
Continuations.

[2] L. Aceto, A. Ingolfsdottir, Characteristic Formulae: From Automata to
Logic.

[3] A. Chargueraud, Formal Software Verification Through Characteristic
Formulae.

------
tom_mellior
I found the language reference and see how to define types and expressions,
but I can't find any examples of what proofs would look like. Has anyone dug
in enough to link to an actual proof of something?

The documentation for \lemma ([https://arend-
lang.github.io/documentation/language-referenc...](https://arend-
lang.github.io/documentation/language-reference/definitions/functions#lemmas))
suggests that you would just write Prop-typed functions, which is very tedious
to do manually and even with automation is IMHO inferior to Coq-style tactics,
which are themselves often inferior to Isabelle's Isar-style proofs.

~~~
optician_owl
[https://github.com/Odomontois/Tincat](https://github.com/Odomontois/Tincat)
Not exactly you asked for but the only one I know.

~~~
tom_mellior
Thanks. The only lemma in that repo is the following (in Cat.ard):

    
    
        \lemma op_is_revertible (C : PreCat) : op (op C) = C =>
          path ( \lam i => \new PreCat {
            | Ob => C.Ob
            | Hom => C.Hom
            | id => C.id
            | o => C.o
            | l_unit => C.l_unit
            | r_unit => C.r_unit
            | assoc => \lam {a} {b} {c} {d} f g h => (inv_inv (C.assoc f g h) @ i)
          }
          )
    

I'm not 100% sure what's going on but it looks like this would be a one-liner
in Coq, something like (hand-waving here):

    
    
        destruct C; auto using assoc, inv_inv.
    

So... yeah. Not enough data to come to a final conclusion, but I do wonder why
people keep building more systems of this kind.

~~~
syrak
> I do wonder why people keep building more systems of this kind.

Not a lot of languages have higher-inductive types which is the main
advertised feature here. At least they're missing in Isabelle and Coq.

That's also orthogonal to the matter of automation/metaprogramming, which,
from the lack of mention, doesn't seem to be their focus right now. There
doesn't seem to be anything fundamentally in the way of Coq-style tactics
either if they really wanted to build that on top of what is presented here.

~~~
tom_mellior
True, there are probably no theoretical obstacles. But there is a huge
implementation effort, and judging from other new proof assistants that
started out without tactics, I wouldn't hold my breath.

Unless you desperately need exactly this kind of fancy logic, if you actually
want to get stuff done, you would choose a different system. That's not great
if they are interested in wide adoption.

------
sriram_malhar
A tutorial or a few example of proofs would be nice. How does the experience
differ from using Coq?

------
bayesian_horse
Again the question: Why is this useful?

Is this just for programming language research? What kind of projects would
you want to use this language for?

~~~
meuk
The premise of an axiomatized system is that you can "mechanically" check
proofs. So you can also invert the question and ask "Why the hell do we still
prove things by hand?".

The answer to that is that there are no good tools and no universally accepted
common notation that is amendable to automatic proof checking yet. Those are
problems that projects like this want to solve.

I applaud the effort really; it's hard work, and people tend to ask more
critical questions ("What is it good for?" "Theorem proving is for academics
only") than for any other type of program.

~~~
wpietri
I gather you understand the topic, but I'm still left wondering: who is this
for, and what will they do with it?

E.g.: Is the hope to make something all mathematicians will eventually use? Is
it targeted at a relatively narrow mathematical field? Is the audience instead
programmers looking to prove things about algorithms they're working on?

~~~
meuk
> I gather you understand the topic, but I'm still left wondering: who is this
> for, and what will they do with it?

'Understand' is a big word. I've played around with Idris (which is a Haskell-
like programming language that supports Homotopy type theory as well). I have
a grasp of the underlying mathematics but don't really understand the stuff
deeply.

Yes, I went on a bit of a rant and totally ignored your (totally reasonable)
question. Theorem proving and proof checking are quite niche, both within
computer science and mathematics. In computer science, the idea is that you
can formally prove the correctness of computer programs to avoid software
failures and have very robust programs. In mathematics, the ideal is to have

    
    
      1. A universal language for proofs
      2. A database of computer-verified results
      3. Easy verification of new results
    

It's a mighty interesting topic, and unfortunately, I've also found it quite
difficult to get more than a shallow understanding of it.

------
bitL
Kuklev @ Göttingen turned his research into a plugin? Great! Can we get one
for VSCode as well please?

------
bob1029
JetBrains has been gaining a lot of stock with me lately. I recently
discovered that Rider is an extremely compelling replacement for VS2019 (for
C# codebases), and this kind of news is going to keep them on my radar for the
foreseeable future.

As another poster said, it seems like they are trying to build their own
version of Microsoft Research. It is also entirely feasible JetBrains wants to
build out these concepts to further enhance their core products. Detecting and
executing refactor opportunities across complex, strongly-typed codebases
could have some synergy with this research and tooling.

~~~
manigandham
Rider is basically taking Resharper (their VS extension that has been around
for years) and merging it into their own IntelliJ IDE platform. It removes the
performance and integration limitations and is fantastic to use.

------
kccqzy
This is extremely exciting as very few functional languages have good IDE
support. I'm quite excited to see how building in IDE-support from the get go
would help things.

~~~
taeric
Slime is quite capable. Just a few curves to get involved.

~~~
dan-robertson
The IDE features of slime are quite different to the ones one would want in a
theorem prover. In particular many functional languages that aren’t CL have
strong type systems (so you’ll want feedback about the types of things) and
poor introspection (so something like swank isn’t so easy).

A language like Agda does have good emacs support and can do useful things
like help you fill in holes. But every speed bump on the way to setting up a
theorem prover is important because the target audience isn’t necessarily
programming experts who will go through a lot of pain so long as they can use
emacs at the end of it.

------
UK-Al05
These sorts of new functional languages coming out will be a boon for
jetbrains. Imagine doing program synthsis in an ide?

------
pmontra
Knowing nothing about Homotopy Type Theory and looking at the language only
for the way it looks:

1) Nice to see that the pipe is only a | and not |> like in Elixir. One
character is better than two (and a Shift key.)

2) {- comment -} probably comes from another language (which one?) but I'm
always surprised by the cleverness of language designers, even when there is
no need for it.

3) The backslash before the keywords is a backslash, pun intended. Why is that
necessary and why did somebody even think about it? Cleverness fails designers
sometimes.

4) I like that this-is-a-valid-identifier. This_is_slower_to_type because of
the shift keys. ThisIsNotMuchFaster.

Then I'm also wondering what the language is being used for now. Somebody else
asked the same question and got downvoted but it looked like a honest
question. Is it still borderline to research and will maybe influence
mainstream languages or are we already unknowingly using some program written
in Arend on our machines or somebody's else server?

~~~
HerrMonnezza
3) Backslash before keywords looks inspired by TeX to me.

~~~
js8
I actually kinda like the idea. The concept of (limited set of) "reserved
keywords" always annoyed the mathematical purist in me.

On an unrelated note, this-is-a-valid-identifier also in Lisp, but weirdly
enough, the parens "( )" require shift. I think Lisp should use "[ ]" as
parens because they do not require shift on modern keyboards.

~~~
Sharlin
You mean, modern _English keyboard layouts!_ Square brackets require alt(gr)
on my keyboard. Seriously, most European layouts are ridiculously coding-
unfriendly.

~~~
pmontra
Probably because coding was invented (and most of it still is) on an English
keyboard.

I switch the layout of my non English keyboard in all coding windows and my
fingers know what to press there.

------
dllthomas
_" Classes are just records with additional functionality, which makes them
into a haskell-style type classes."_

But (IIUC) without coherence?

~~~
Blaisorblade0
Good point, but never seen typeclass coherence with dependent types (in either
Coq or the various versions of the Agda design). Not sure for Isabelle.

~~~
dllthomas
I'm not sure I can name another language with coherence, dependant types or
not. To be fair, even GHC is half-hearted about it.

------
karoofish
i'm a little confused. Is this BY Jetbrains as the title says, or by another
company? Its using the same style as the Jetbrains website and and says "By"
but also says Arend?

~~~
j88439h84
JetBrains is a company and they made a product called "Arend"

~~~
kccqzy
Is this actually an official product by JetBrains though? The github repo
shows majority of commits by a single person. This looks more like a 20% time
project by an engineer at JetBrains.

~~~
manojlds
It's in JetBrains Incubator.

~~~
tunesmith
[https://research.jetbrains.org/groups/group-for-dependent-
ty...](https://research.jetbrains.org/groups/group-for-dependent-types-and-
hott)

------
auggierose
Chuckle. What an odd choice to use HTT for a JetBrains theorem prover.

------
quickthrower2
deleted

~~~
binarycrusader
Apache 2.0: [https://github.com/JetBrains/arend-
lib/blob/master/LICENSE](https://github.com/JetBrains/arend-
lib/blob/master/LICENSE)

------
xvilka
Too bad it is Java. What about using proper, native compiled language? Like
Rust, or OCaml.

