Specification in Lean

Lean is a dependently typed functional programming language that incorporates the correspondence between propositions and types (and between proofs and programs). As such it is able to serve as a basis for the formalisation of mathematics (i.e., the statement and proof of theorems). Indeed, a considerable body of mathematics has been formalised in Lean, and is packaged as mathlib4. A good introduction to the use of Lean for the formalisation of mathematics is Theorem Proving in Lean.

The programming language component of Lean (version 4) is a comprehensive functional programming language, in the style of Haskell. A good introduction to the use of Lean as a programming language is Functional Programming in Lean. While Haskell has a more traditional type system, the dependently typed system of Lean and its underlying logic bring a number of benefits from a software perspective:

  • Lean is a fully featured specification language. It can be used to specify the functionality of software that can be implemented in Lean or other languages.
  • Lean software can be verified in Lean itself (using the same logic employed for mathematical proof).
  • When a Lean specification is viewed as a theorem in the Lean logic, a proof of that theorem yields a program that satisfies the specification.

The cost of this capability is that the type system is undecidable: the system cannot, given a program and a type (specification), determine automatically whether the program meets the specification. A proof is required. When the dependent type theory of Lean is used to its full capacity, type correctness = program correctness.

This tutorial is an introduction to the use of Lean for the specification of software functionality. The aim is to express what a function is intended to achieve, not how it is achieved. How one might verify or derive a program that meets a specification using the Lean logic is not addressed here. The contents of this tutorial are:

IntroductionIntroduction to Lean as a specification language
Quotient & RemainderQuotient and remainder on division
SortSorting a list of items
KnapsackKnapsack: an optimisation problem
GraphGraph searching
TMIA scheduling example from the aviation industry
Flight PlanningFlight planning message processing example from the aviation industry

The following supplementary modules support the example specifications:

UtilGeneral purpose functions that could in future appear in a standard library
TemporalA simple theory of dates, times, durations and intervals
GeoBasic geospatial entities

Some discussion on the use of Lean for specifications is here (to do).

Creating The Markdown Files

The files are Lean scripts from which markdown is generated using the mdgen tool.

Build the markdown files with lake exe mdgen LeanSpec md.

Acknowledgement

Thanks to Kevin Buzzard, Mario Caneiro and Partick Massot for their valuable comments.