Proviola: A Tool for Proof Re-animation

To improve on existing models of interaction with a proof assistant (PA), in particular for storage and replay of proofs, we in- troduce three related concepts, those of: a proof movie, consisting of frames which record both user input and the corresponding PA response; a camera, which films a user’s interactive session with a PA as a movie; and a proviola, which replays a movie frame-by-frame to a third party. In this paper we describe the movie data structure and we discuss a proto- type implementation of the camera and proviola based on the ProofWeb system. ProofWeb uncouples the interaction with a PA via a web- interface (the client) from the actual PA that resides on the server. Our camera films a movie by “listening” to the ProofWeb communication. The first reason for developing movies is to uncouple the reviewing of a formal proof from the PA used to develop it: the movie concept enables users to discuss small code fragments without the need to install the PA or to load a whole library into it. Other advantages include the possibility to develop a separate com- mentary track to discuss or explain the PA interaction. We assert that a combined camera+proviola provides a generic layer between a client (user) and a server (PA). Finally we claim that movies are the right type of data to be stored in an encyclopedia of formalized mathematics, based on our experience in filming the Coq standard library.

💡 Research Summary

The paper introduces a novel framework for recording and replaying interactions with proof assistants (PAs), centered around three concepts: a “proof movie,” a “camera,” and a “proviola.” A proof movie is a sequential collection of frames, each frame pairing a user’s command with the PA’s response (goals, subgoals, error messages, etc.). This structure captures the dynamic evolution of a proof, preserving not only the final script but also the intermediate states that are normally lost in static logs.

The “camera” component is responsible for creating movies. It operates by listening to the communication channel of ProofWeb, a web‑based front‑end that mediates between a browser client and a PA (Coq in the prototype). Whenever the client sends a JSON‑encoded command and the server returns a JSON response, the camera records both parts, adds a timestamp and a unique identifier, and stores the resulting frame in a JSON array that constitutes the movie. The camera can store movies on the server, export them, or stream them to other services.

The “proviola” component re‑animates a stored movie. It loads the JSON array, then displays frames one by one. For each frame the proviola shows the original command, the PA’s textual output, and any associated metadata. Users can step forward or backward, adjust playback speed, pause, or jump to a specific frame. Crucially, the proviola also supports a separate “commentary track”: arbitrary annotations can be attached to individual frames, enabling tutorial‑style explanations, peer‑review comments, or pedagogical notes without altering the underlying proof.

The authors argue that this movie‑based approach decouples proof review from the concrete PA installation. Traditionally, a reviewer must install the same PA version, load the required libraries, and re‑run the script to understand a proof. With a proof movie, a reviewer only needs a web browser and the proviola; the entire interaction history is reproduced faithfully, even for large libraries such as the Coq standard library. This dramatically lowers the barrier to entry for both newcomers and experts who wish to discuss specific proof fragments.

Beyond review, the authors propose that proof movies are an ideal storage unit for an encyclopedia of formalized mathematics. Existing repositories typically store static proof scripts; they cannot capture the interactive dialogue that led to a proof, nor can they convey the reasoning steps that a human performed while using tactics. A movie, by contrast, preserves the full dialogue, making it possible to replay the exact development process, to compare different tactic choices, or to migrate the proof to a different PA or version with minimal loss of information.

The prototype was evaluated by filming the Coq standard library. The resulting movies were significantly larger than the original source files, reflecting the added state information, but remained manageable for web distribution. The authors also discuss limitations: the current implementation only supports Coq, the size overhead may become an issue for very large developments, and non‑deterministic tactics could lead to divergence between the original run and a replay unless extra metadata (e.g., random seeds) is recorded. They suggest future work on compression, support for additional PAs, and richer metadata to guarantee deterministic replay.

In summary, the camera‑proviola system provides a generic, PA‑agnostic layer between users and proof assistants. It enables lightweight, interactive proof inspection, facilitates the creation of annotated educational material, and offers a robust data format for long‑term preservation of formal mathematics. The paper positions proof movies as a promising bridge between the dynamic nature of interactive theorem proving and the static requirements of archival and collaborative environments.