
Leslie Lamport Tells Mathematicians How to Write Proofs (2014) - smithmayowa
https://blogs.scientificamerican.com/roots-of-unity/computer-scientist-tells-mathematicians-how-to-write-proofs/
======
allenz
Lamport advocates for more rigorous proofs with a justification for every
line, and lines arranged in a hierarchy based on assumption contexts. He is
also the author of TLA+, a formal proof checker:
[https://en.wikipedia.org/wiki/TLA%2B](https://en.wikipedia.org/wiki/TLA%2B)

Fully-justified proofs are frequently used to teach geometry and abstract
algebra, and are also needed for machine-checked proofs. Outside these
contexts, I agree with Lamport that they are useful to catch mistakes, but I
wouldn't write them myself because they are incredibly tedious. For
communication in papers, narrative proofs can convey ideas and intuition at a
much higher bandwidth.

~~~
repolfx
Higher bandwidth but also greater risk of mistakes? If the article is true
that 1/3rd of papers have false theorems in them, that seems like a problem
severe enough to justify slowing down and being more methodical.

~~~
archgoon
> 1/3rd of papers have false theorems in them

Despite the wording in the article, this is false. A theorem is not false if
there is an error in a proof for it. They only showed that 1/3 proofs of
theorems had an error. It doesn't say if these were minor errors (omitting an
edge case where it's still true, but not handled in the proof, but easily
covered), or major (the theorem is actually false).

Quoting the article:

> Some of them were false because the proofs were wrong, and some were false
> because they relied on wrong proofs.

This is not what 'false theorem' means. This might be pendantic, but isn't
that kind of the point here?

~~~
loup-vaillant
Regardless, unproven theorems should not make it to publish papers. At the
very least, they should be marked as "conjectures".

~~~
amelius
Translating this to computer science/programming: what would you call an
unproven program?

~~~
loup-vaillant
One that isn't machine checked to conform to the specification (with Coq or
similar). My standard is even higher for programs than it is for mathematical
statements, because they tend to be orders of magnitude more complex.

On the other hand, it's okay for a program to not be proven, because it can be
useful even if it has bugs.

~~~
AnimalMuppet
> On the other hand, it's okay for a program to not be proven, because it can
> be useful even if it has bugs.

True, and a very important point. But... if the program has bugs, do they
affect the results? Do they affect the results enough to matter? How do you
know? In particular, what is your objective proof that the program does what
you need it to do?

For many programs, such concerns are extreme overkill. For some, though, you
have to _prove_ that it does what you need it to.

~~~
loup-vaillant
That's where you quit proofs, and start experimenting. I found tests to be
extremely effective at rooting out most bugs. Especially if you use property
based tests.

Programs that do need a proof still have model checkers like TLA+, and proof
assistants like Coq.

~~~
AnimalMuppet
Sure, tests are part of what I meant by "objective evidence".

------
aoki
mathematicians writing for peers don’t aim for the maximally explicit proof.
details are frequently left out as obvious to the knowledgeable reader.
leaving out tedious matter is a matter of professional style, like tightening
regular prose so it doesn’t club the reader over the head with every detail.
(my instructor in Fourier analysis would subtly grimace at my very explicit
proofs in office hours, but he knew i was a computer scientist so he politely
said nothing because he knew it would do no good ;-)

~~~
throwaway080383
I would also add that by and large this isn't done because of ego, but simply
brevity. Seminal papers are often already hundreds of pages long, so to add
every detail would bloat them to thousands of pages. And in any case,
"skipping steps" is exactly how the top mathematicians think about the proofs
when creating them.

~~~
loup-vaillant
Yeah, well, paper sucks.

[http://worrydream.com/#!/ScientificCommunicationAsSequential...](http://worrydream.com/#!/ScientificCommunicationAsSequentialArt)

No mathematician today doesn't have access to a computer. Just fold the proof
to some appropriate coarse level by default, and let the reader expand any
part they want to read. It's not like our computers had any meaningful limit
on how big a mathematical proof could be.

~~~
AnimalMuppet
I think the limit may be the _author_ , not the tool the author writes with.

~~~
loup-vaillant
Historically, there was always a limit to how big a paper could be to make it
into a journal. Papers that aren't meant to make it into a journal are often
way bigger.

------
User23
Dijkstra also challenged the sloppiness of traditional mathematicians
frequently in his EWDs. His proof format is extremely readable, and each proof
is a complete manipulable mathematical object, with the steps tied together by
implication, consequence, or equivalence and the validity of the step
documented.

~~~
zeth___
Could you provide a link or citation where he does an expose no it? I am
interested.

~~~
geoalchimista
I found one more example in this TeX StackExchange question [1]. It's
incredibly elegant. But the problem is that it does not seem to be easily
reproducible in LaTeX because writing nested lists is such an unnecessary pain
(take a look at the adopted answer). Need a package to popularize this style.

[1] [https://tex.stackexchange.com/questions/49416/which-
packages...](https://tex.stackexchange.com/questions/49416/which-packages-
practices-are-relevant-for-writing-structured-derivations-simil/438750)

------
lixtra
Here is the description of hierarchical proofs:
[https://lamport.azurewebsites.net/pubs/proof.pdf](https://lamport.azurewebsites.net/pubs/proof.pdf)

~~~
geoalchimista
This is a pure gem. It's like turning a prose into an abstract syntax tree for
a human parser. :) I do think it adds to the clarity for the examples
presented in it. But whether it applies well to more complicated proofs (those
spanning hundreds of pages in a math paper) remains to be seen. I think at
least writers of introductory textbook could adopt the style to benefit
beginner students.

------
_Microft
The backlash he experienced might be due to the style in which he introduces
his interesting work.

While not quite obvious, he could be seen as adverserial by labelling
hierachical structured proofs as "proofs of the 21st century" and the ones
other mathematicians use as "17th century proofs".

Promoting them as a thorough way to write proofs with additional advantage for
the reader to adjust the level of detail of the explanation to their
respective level of knowledge might have been a way to get people involved.
He's even asking for feedback [1], unfortunately only to denigrate the
adressed people in the next sentence [2].

It reminds a bit of Ignaz Semmelweis who managed to do good by reducing
mortality of women in childbed by requiring desinfection before examinations
but failed to spread the idea by being adverserial to his colleagues [3].

[1] "I am sure my way of writing proofs can be improved, and I encourage
mathematicians to improve it", How to Write a 21st Century Proof, p. 5

[2] "They will not do it by remaining stuck in the 17th century.", How to
Write a 21st Century Proof, p. 5

[3]
[https://en.wikipedia.org/wiki/Ignaz_Semmelweis](https://en.wikipedia.org/wiki/Ignaz_Semmelweis)

~~~
stevesimmons
I feel you do Leslie Lamport a disservice here. I read the SciAm article and
the full "How to Write a 21st Century Proof" and did not get any sense of
denigrating people or being adversarial. Sure, he is concerned about clarity
and correctness, but that is the exact point of mathematical proofs.

So everyone else, please skim the SciAm article and then take 15 minutes to
enjoy reading the paper [1] in Lamport's own words.

[1]
[https://lamport.azurewebsites.net/pubs/proof.pdf](https://lamport.azurewebsites.net/pubs/proof.pdf)

~~~
_Microft
It's not clarity or correctness but how it is said.

See page 2 of the paper (page 5 of the PDF) for example. That is where he is
talking about people being stuck in the 17th century and "how sloppy their
proofs are" [1]. I am _not_ arguing that this might not be true! - I argue
that it is _not helpful_ to approach introducing and advertising the idea in
this way. I'm not a mathematician but I'd understand if someone reacted with
defiance to wording like this.

[1]
[https://lamport.azurewebsites.net/pubs/proof.pdf](https://lamport.azurewebsites.net/pubs/proof.pdf),
p.2 (PDF page 5)

------
tuukkah
There's a recent example of programmers publishing a paper on how to better
prove some mathematics by implementing and discussing the phenomenon in a
programming language: _What’s the Difference? A Functional Pearl on
Subtracting Bijections_ [https://byorgey.wordpress.com/2018/06/23/new-icfp-
functional...](https://byorgey.wordpress.com/2018/06/23/new-icfp-functional-
pearl-on-subtracting-bijections/)

------
kleiba
Funny how the blog is trying to use the x^2 + 10x = 39 example to illustrate
that modern notation helps understanding and reducing errors, but then forgets
the second solution for the equation (x = -13). In all fairness, though, it's
is just meant as a translation of al-Khwarizmi's text into modern notation
where only one solution is given.

~~~
saagarjha
> In all fairness, though, it's is just meant as a translation of al-
> Khwarizmi's text into modern notation where only one solution is given.

Probably because negative solutions were not recognized as valid at the time.

------
cheez
Good software engineers reduce until everything unnecessary is gone. Same
idea, nice to hear people talking about it.

------
adamnemecek
More mathematicians need to know about constructive mathematics
[https://en.m.wikipedia.org/wiki/Constructivism_(mathematics)](https://en.m.wikipedia.org/wiki/Constructivism_\(mathematics\))

Basically, proof by contradiction is not a good idea.

~~~
Ivoirians
Mathematicians know about constructivism, they just tend to rightfully reject
statements like "proof by contradiction is not a good idea" as crackpottery.
Mathematics will continue to be done, constructivists and finitists be damned.

~~~
danharaj
There are settings where LEM is inadmissible. A lot of important mathematics
comes from importing some theory into another, e.g. the theory of topological
groups. Knowing in fine detail what principles a proof relies on let's you
know whether a theorem carries through for free or not.

It might fail if it absolutely must rely on LEM, but a weaker doubly negated
version will still work. This might be a deep, important fact in some setting
or another.

If anyone thinks constructivism is crackpottery, then they're just ignorant
and it's only incidental if it hasn't impoverished their toolkit.

~~~
Ivoirians
I'll admit that calling all constructivists crackpots is unfair, as there are
legitimate mathematicians studying homotopy type theory and whatnot that goes
way over my head. What I refer to as crackpottery is people who argue that a
random proof by contradiction is invalid or who reject things like Cantor's
diagonalization argument with no justification besides their personal
"intuition" or "philosophy" that math should be constructivist. And I think
the latter group vastly outnumbers the former, at least on random internet
forums. But I'll apologize if I offend any of those mathematicians with my
flippant generalizations.

~~~
intuitionist
I'll not take offense, nor will I spout off about metaphysics here, but I
can't let it pass without noting that Cantor's diagonal argument is in fact
constructively valid --- given a function from a set S to its power set 2^S,
Cantor constructs an element of 2^S which can't be in the image of f. The
subtlety here is that there are statements equivalent to Cantor's theorem in
classical settings that are not intuitionistically valid, for instance that
there's no injection from 2^S -> S.

~~~
Ivoirians
Ah, you're right, thanks for the insight.

------
urmish
For some reason this seems incredibly funny to me. I can imagine
mathematicians laughing at this too.

~~~
s-shellfish
Computer science is more rigorous than mathematics. The proofs written for
computers have to actually work in computer, which is a collection of
mathematics that have provably been demostrated to retain their fundamental
basic properties that allow computation to both define and test the validity
of statements.

~~~
Ivoirians
Math is built on a far more rigorous logical foundation than "this program ran
on a physical computer, which proves that the statement is valid". Every valid
mathematical theorem is a consequence of, and can be traced back to, a set of
definitions and well-defined logical axioms. The parts of computer science
that are most rigorous are strict subsets of math, e.g. computability theory,
logic programming, formal languages, etc.

~~~
zeth___
Show me the foundations for the continuum hypothesis.

What you're arguing for is a view of mathematics that has been dead for a
century now. With the Godels incompleteness theorem and Turing halting problem
show you that there are cases of 'true' statements in mathematics that can't
be reduced to "well-defined logical axioms".

~~~
Ivoirians
Re: Continuum hypothesis: the way I try to explain this is, take the statement
S = "x^2 = -1 has no solutions". In Z, S is true. In C, S is false. What does
it mean to say "S is true" without specifying the system? It depends on which
underlying axioms you choose. There are extensions of ZFC where you can prove
CH is true, and extensions where you can prove CH is false. In both
extensions, the proofs are rigorous and valid, and there is plenty of valid
mathematics to be done.

But ok, my point is, how can you say the CH is a true statement that can't be
reduced to axioms? What does it mean to be "true" besides that something
follows from other truths? The choice of axioms matters, sure, but everything
that's true within a system follows from the axioms of that system.

~~~
s-shellfish
There are two ways to see it. But that's also the problem.

> What does it mean to be "true" besides that something follows from other
> truths?

I agree with you, but I also don't. You know as well as I, that 'true' can
mean something besides 'that which follows from other truths'. All the rules
you have to rely on (such as'implication) - that's a truth you are dependent
on for math to work, but can not define within math. Implication is a
fundamental foundation. But can you define implication without using the
concept of implication?

> The choice of axioms matters, sure, but everything that's true within a
> system follows from the axioms of that system.

It's easy to point out flaws in reasoning. It's so, so much harder to have an
airtight reasoning system, that goes for mathematics and computation, both,
together, alone, etc.

> What does it mean to be "true" besides that something follows from other
> truths?

Truth is true, no more, no less. Once you turn it into symbols, it turns into
a mess (or a work of art).

------
fizixer
That's a rubbish title. (edit: the original title was 'Computer scientist
tells mathematicians how to write proofs')

Leslie Lamport is a mathematician by education. And I have a good idea he'd
prefer to be called a mathematician if he had to choose between the two labels
(mathematician and computer scientist).

That's not to say CS, and programming, doesn't contribute to the process of
rigor. In fact, I had a realization that a program is a form of constructive
mathematics, and hence a program is more rigorous than a proof on paper in the
following sense: a single typo in a math proof would be overlooked by the
reader, but a single typo in a program could make it fail.

Still, in order to make connections between programming and mathematical
rigor, you have be trained in mathematics, not just computer science.

------
j2kun
Should tag with 2014

~~~
davnn
The relevant paper is actually from 2011.

~~~
j2kun
Since the article provides information and context, its date is probably the
right one to use.

~~~
davnn
You‘re right.. my comment was thought of as a note for people skimming over
the comments, sorry.

