Building Decision Procedures in the Calculus of Inductive Constructions

It is commonly agreed that the success of future proof assistants will rely on their ability to incorporate computations within deduction in order to mimic the mathematician when replacing the proof of a proposition P by the proof of an equivalent proposition P’ obtained from P thanks to possibly complex calculations. In this paper, we investigate a new version of the calculus of inductive constructions which incorporates arbitrary decision procedures into deduction via the conversion rule of the calculus. The novelty of the problem in the context of the calculus of inductive constructions lies in the fact that the computation mechanism varies along proof-checking: goals are sent to the decision procedure together with the set of user hypotheses available from the current context. Our main result shows that this extension of the calculus of constructions does not compromise its main properties: confluence, subject reduction, strong normalization and consistency are all preserved.

💡 Research Summary

The paper tackles a central challenge for the next generation of proof assistants: how to seamlessly blend computation with deduction so that a proof of a proposition P can be replaced by a proof of an equivalent proposition P′ obtained through potentially sophisticated calculations. In the traditional Calculus of Inductive Constructions (CIC), the conversion rule is limited to β‑reduction and η‑expansion, which are static, globally defined rewrite systems. Consequently, complex mathematical transformations—such as those arising in algebraic geometry, real analysis, or number theory—cannot be directly incorporated into the core logical kernel without resorting to external tactics that are difficult to re‑check during proof verification.

The authors propose a novel extension of CIC in which arbitrary decision procedures are integrated directly into the conversion rule. The key idea is to augment the conversion relation with a “DP‑conversion” step: given a goal term M and a context Γ containing all user‑declared hypotheses, a decision procedure DP receives (Γ, M, N) and decides whether M and N are equivalent under the current assumptions. If DP answers positively, the conversion rule permits M ⇔ N. This design makes the computation mechanism context‑sensitive: the same goal may be reduced differently depending on which hypotheses are available at that point in the proof.

The paper proceeds to formalise the extended calculus. The syntax of terms and types remains unchanged, but the conversion judgment Γ ⊢ M ⇔ N is defined as the disjunction of the usual βη‑conversion and the existence of a DP‑conversion. The authors impose minimal requirements on DP: it must be deterministic, terminating, and sound with respect to the intended semantics. Type‑checking rules are left untouched, but the conversion rule now calls DP as a side‑effect, ensuring that any conversion step is justified by either syntactic reduction or a certified decision procedure.

A substantial part of the work is devoted to proving that this extension preserves the essential meta‑theoretic properties of CIC:

• Strong Normalisation – By showing that DP‑conversions cannot introduce infinite reduction cycles, the authors adapt the classic reducibility candidates argument. Since DP is terminating by assumption, any mixed reduction sequence (βη steps interleaved with DP steps) still reaches a normal form after a finite number of steps.

• Subject Reduction – The paper demonstrates that if Γ ⊢ M : A and M ⇔ N, then Γ ⊢ N : A. The proof hinges on the fact that DP is invoked only after the terms involved have already been type‑checked; the decision procedure never changes the type, it merely asserts equivalence.

• Confluence (Church‑Rosser Property) – Because DP‑conversions are deterministic and produce a unique result for a given (Γ, M, N), any divergent reduction paths that involve DP steps can be aligned by a common DP outcome. The authors combine the standard parallel reduction technique for βη with a simple commuting diagram for DP to obtain confluence.

• Consistency – Using the standard set‑theoretic model of CIC, the authors argue that DP‑conversions are conservative: they do not enable the derivation of new inhabited empty types. Since DP only validates equalities already true in the model, the extended system inherits the consistency of the original calculus.

Implementation considerations are discussed through a prototype integration with the Coq proof assistant. The prototype extracts the current context, serialises it, and calls an external SAT/SMT solver as DP. Benchmarks on simple algebraic equality problems show that the overhead of context extraction and solver invocation is modest compared to the gains in proof automation.

The paper concludes by outlining future work: extending the approach to richer decision procedures (e.g., Gröbner basis computation, homotopy‑type‑theoretic decision engines), generating proof certificates from DP to be checked inside the kernel, and exploring meta‑proofs that reason about the correctness of the decision procedures themselves.

In summary, the authors present a clean, theoretically sound method for embedding arbitrary, context‑aware decision procedures into the core conversion mechanism of CIC. Their results demonstrate that such an integration does not compromise confluence, subject reduction, strong normalisation, or consistency, thereby offering a promising pathway toward more powerful and mathematically natural proof assistants.