A Synthesis of the Procedural and Declarative Styles of Interactive Theorem Proving

We propose a synthesis of the two proof styles of interactive theorem proving: the procedural style (where proofs are scripts of commands, like in Coq) and the declarative style (where proofs are texts in a controlled natural language, like in Isabelle/Isar). Our approach combines the advantages of the declarative style - the possibility to write formal proofs like normal mathematical text - and the procedural style - strong automation and help with shaping the proofs, including determining the statements of intermediate steps. Our approach is new, and differs significantly from the ways in which the procedural and declarative proof styles have been combined before in the Isabelle, Ssreflect and Matita systems. Our approach is generic and can be implemented on top of any procedural interactive theorem prover, regardless of its architecture and logical foundations. To show the viability of our proposed approach, we fully implemented it as a proof interface called miz3, on top of the HOL Light interactive theorem prover. The declarative language that this interface uses is a slight variant of the language of the Mizar system, and can be used for any interactive theorem prover regardless of its logical foundations. The miz3 interface allows easy access to the full set of tactics and formal libraries of HOL Light, and as such has “industrial strength”. Our approach gives a way to automatically convert any procedural proof to a declarative counterpart, where the converted proof is similar in size to the original. As all declarative systems have essentially the same proof language, this gives a straightforward way to port proofs between interactive theorem provers.

💡 Research Summary

The paper addresses a long‑standing dichotomy in interactive theorem proving (ITP): the procedural style, where proofs are written as sequences of tactic commands (as in Coq, HOL Light), and the declarative style, where proofs resemble natural‑language mathematical texts (as in Isabelle/Isar or Mizar). Procedural proofs benefit from powerful automation, goal‑splitting, and fine‑grained control, but their scripts are often opaque to human readers. Declarative proofs are readable and maintain a clear logical narrative, yet they typically lack seamless integration with tactic‑based automation and require manual construction of intermediate lemmas.

To bridge this gap, the authors propose a generic synthesis that can be layered on top of any procedural ITP, regardless of its underlying logic. The key contribution is the implementation of a proof interface called miz3, built on top of the HOL Light system. miz3 retains full access to HOL Light’s extensive tactic library and libraries of theorems, while presenting the user with a Mizar‑like declarative language for writing proofs. The declarative language is a slight variant of Mizar’s language, deliberately chosen because it is expressive enough to capture most mathematical arguments yet simple enough to be generated automatically from procedural steps.

The core technical mechanism is an automatic conversion algorithm that maps each tactic invocation to a declarative fragment. When a tactic is executed, miz3 extracts the current goal, the premises, and any sub‑goals produced. It then emits corresponding “assume”, “have”, “show”, and “thus” statements in the Mizar‑style syntax, preserving a one‑to‑one correspondence between procedural steps and declarative sentences. This ensures that the resulting declarative proof is roughly the same length as the original script, avoiding the blow‑up that often occurs when manually translating proofs. The conversion is performed on‑the‑fly, so the user sees the declarative text evolve as tactics are applied, and can edit the declarative part directly if desired.

From an implementation perspective, miz3 is a plug‑in that hooks into HOL Light’s core API. Users start a normal HOL Light session, load miz3, and then issue a “prove” command. The system runs the supplied tactics, updates an internal buffer containing the declarative proof, and displays it in a separate window or buffer. Because miz3 does not modify HOL Light’s kernel, all existing tactics, automation, and libraries remain available unchanged, giving the interface “industrial strength”.

The authors validate their approach by fully formalising several non‑trivial theorems in HOL Light using only procedural tactics, then automatically converting those proofs into declarative form with miz3. The converted proofs are human‑readable, maintain the same logical structure, and can be exported to other ITPs that support a Mizar‑style language. This demonstrates a straightforward pathway for proof portability: a proof written procedurally in one system can be turned into a declarative manuscript, which can then be imported into another system without re‑engineering the underlying tactics.

Beyond the HOL Light case study, the paper argues that the synthesis is logic‑agnostic. Any procedural ITP that exposes its goal state and tactic execution can be equipped with a similar front‑end, making the approach a potential universal bridge between the procedural and declarative worlds. The authors contrast their work with earlier attempts in Isabelle (Isar), Ssreflect, and Matita, noting that those systems intertwine procedural and declarative features at the kernel level, whereas miz3 operates as an external, language‑level layer, preserving the original system’s architecture.

In summary, the paper presents a novel, generic method for combining the best of procedural automation with the readability of declarative proofs. By implementing miz3 on HOL Light, the authors show that the method is practical, that the generated declarative proofs are compact, and that the approach opens up new possibilities for proof sharing, maintenance, and cross‑system migration in the interactive theorem‑proving community.