This repository has been archived by the owner on May 2, 2020. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 1
theoremprover-museum/oleg
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Folders and files
| Name | Name | Last commit message | Last commit date | |
|---|---|---|---|---|
Repository files navigation
This directory contains the current samizdat version of OLEG, specifically
src the source code (still needs SML/NJ 0.93)
bin linux binaries compiled from the above
examples some demo scripts
papers related old drafts of papers now changed beyond recognition
(and generally for the better)
emacs-hack.el not so much an oleg mode; more a nightmare of comint and
font-lock
Things you might like to know
(1) EMACS GADGETS
Try adjusting the code in emacs-hack.el to point to your oleg binary,
then run it when you start emacs (e.g. by pasting it into .emacs).
Now, when you've just loaded an oleg script, do M-x run-lego and it'll
start an oleg process for you. Moreover, the tab key in the script
buffer will send a line to the oleg process. More moreover, most things
will get coloured in properly.
It's not even Proof Lance Corporal, but it's better than a poke in the
eye.
By the way, if things start going really slowly, try watching in black
and white...
(2) LIBRARY
Er. Sorry about that. I can't quite remember how, but I seem to have
broken the module system at some point---it's incompatible in some way
with the labelling mechanism or something.
Anyhow, the library as was isn't so useful for oleg development. On
the other hand, you'll notice that each of the example files has the
same prelude. More or less. I guess it could be an include file.
(3) EXAMPLES
BasicProg.l demonstrates the basics of the exciting new programming
tactics
TypeCheck.l is the implementation of the typechecker from VfL version I
(the early funny one---see PAPERS)
TYPES03.l is the demo script used at TYPES 2003, in which we have
the joy of gcd
Exception.l is the code and correctness proof for my variation on the
theme of Hutton and Wright's compiler-with-exceptions;
as advertized in their paper
Unify.l if the code and correctness proof for first order unification
by structural recursion (see PAPERS)
(4) PAPERS
old-elim.ps is the original no-you-can't-fit-all-that-in-19-pages
version of EwaM, which attempts to be forthcoming about
no confusion and no cycle proofs, and has some moderately
provocative ideas about what the gadgets might be good
for; most of which got censored, in favour of doing one
job well...
view-I.ps is the earlier funnier (and shorter) version of VfL; whilst
anonymous referees provoked significant improvements
and much useful work on elaboration, I do feel that the
official version has lost (a) the emphasis on interactive
programming (like we do it in oleg) and (b) the feeling
of how much fun it is to work this way, rather than how
hard you have to work to make a machine believe in it...
unify.ps is actually quite close to the real thing, and
proof.ps is the correctness proof which nobody read, but is actually
quite cool; the Unify.l file follows this pretty closely
(5) EQUALITY
The Elim, KJunify and Program X tactics all use John Major equality,
but Qrepl (and its monster-in-the-basement chum Wave) still use
Martin-Lof equality. Also, some of the gadget-makers expect to find
M-L eq. So we need both. Sometimes we need to convert between the two.
Not so hard.
(6) GADGETS
The brackets (!...!) enclose tags---the codes oleg tactics use to refer
to constructions they exploit. The Generate tactic attempts to find a
provider for the construction with a given tag. The Label tactic
maps a tag to a given construction.
Gadget generation is no longer automatically triggered when you
declare an inductive datatype. Trigger it yourself, thus
Inductive [Nat : Type] Constructors
[zero : Nat]
[suc : {n:Nat}Nat];
Generate (!Nat cases!); (* the case analysis principle *)
Generate (!Nat eduardo!); (* the recursion principle *)
Note that generating `eduardo' relies on finding
Inductive [Unit : Type] Constructors [void : Unit];
Label (!unit!) Unit;
Label (!unit void!) void;
to provide the trivial memo structure.
The gadgets which prove no confusion still generate the M-L equality
version. Ugh! I never got around to automating the much simpler JM
construction, although you can find the template in the example
files. Here it is again
[Absurd = {T:Type}T];
Goal {x,y:Nat}Type;
Program NatNoConfStmt x y; (* compute matrix of statements *)
Program Elim (!Nat cases!) x;
Program Elim (!Nat cases!) y;
Program Refine {Phi:Type}Phi->Phi;
Program Refine Absurd;
Program Elim (!Nat cases!) y;
Program Refine Absurd;
Program Names y x;
Program Refine {Phi:Type}((x == y)->Phi)->Phi;
Program Save;
Goal {x,y:Nat}{q:x == y}{tg:Target q}NatNoConfStmt x y;
Program NatNoConf x y q tg; (* justify the injective diagonal *)
Program Elim (!JM elim!) q;
Program Elim (!Nat cases!) x;
Program Refine [Phi:Type][phi:Phi]phi;
Program Refine [Phi:Type][phi:(n == n)->Phi]phi (JMr n);
Program Save;
Label (!Nat noConf!) NatNoConf; (* tell KJunify *)
Er, also, the effect of
Label (!nat zero!) zero;
Label (!nat suc!) suc;
is to allow (!3!) to abbreviate suc (suc (suc zero)) and so on. Sadly
only on the input side.
(7) ELIMINATION
Elim rule target ... target;
eliminates with the given rule, after unifying the provided targets
with the expressions marked as {tg:Target exp} in the rule's type;
if the rule is not marked up in that way, Elim kind of guesses what
to do with the targets you provide (in such a way that regular _elim
rules are properly handled). Subgoal simplification by unification is
automatic.
(8) UNIFICATION
KJunify;
should actually be called JMunify
relies on you providing (!Blah noConf!) for each family Blah you need
to work with; see above recipe
(7) NAMING HYPOTHESES
Names x1 x2 x3 ...;
(re)names the hyps in the goal without intros-ing them; long overdue
(8) ABSTRACTION
Abst x exp;
abstracts every occurrence of exp from the goal as a new hyp called x;
can cope with exp living under a prefix of hyps---x goes as far left as
possible
AbstEq x q exp;
similar, but also keeps {q:x == exp} as a hyp; wot a larf!
Examples can be found in Exception.l and Unify.l
(9) REWRITING
Wave > lawsProof;
Wave < lawsProof;
Wave is a multiple rewriting tactic. lawsProof is a term of type
({x:X}... (Eq l[x...] r[x...])) # ... # ({x:X}... (Eq l[x...] r[x...]))
ie a tuple of universally quantified equations. Wave tries to
rewrite like billyo, following these laws, in the direction you
indicate. It's stupid, unsubtle (and potentially unsafe if you
choose dangerous laws). But it doesn't lie to the typechecker.
More safety is achievable via the gasoline-controlled version
Wave n > lawsProof;
Wave n < lawsProof;
which limits the number of iterations allowed.
Favourite applications include
Wave > (plusAbsorbsZero,plusAssociative);
Note the use of M-L Eq rather than JM ==. Also, Wave is not smart
enough to rewrite under hypotheses.
Examples in Unify.l
(10) PROGRAMMING
Thrilling new programming tools!
If your goal is
?0 : {x1:S1}...{xn:Sn}T
and you say
Program f x1 ... xn;
you turn your goal into a programming problem! The new Program Blah
tactics help you solve it! Read on...
(11) PROGRAMMING INFORMATION
After the execution of each Program Blah tactic, you get not only the
proof state, but the program state comprising
(*) the type signatures of the programs currently under development
(*) their code so far
(*) information local to the bit of code you're supposed to write next
All of this information is actually represented in the proof state,
which comprises goals of form
(*) {...}T_myFun p1 ... pn
the unsolved programming problems
(*) <myFun:{...}T>(myFun == [...]vomit[T_myFun goals])
the ghastly proof term, so far
(*) {...}U_myFun p1 ... pn
one for each lhs, solved or not
The program signatures are computed from the <myFun> goals; the
program code is computed by running the ghastly term so far for each
lhs given by the U_myFun goals.
By the way, T_myFun is just a frozen function which computes the
return type of your program. call_myFun and ret_myFun map between
the two in the obvious (but frozen way). U_myFun is just a frozen
function which computes a trivial Prop. Don't worry, they'll thaw
out later.
Program; (* with no args, note *)
attempts to generate and print the program state, if you've
lost it for some reason, eg hand-cranking a bit of the construction.
(12) PROGRAMMING TACTICS
Program Elim rule target;
splits a programming problem by rule on target;
ie does elimination on the given target with the given rule to both the
T_ goal and the U_ goal
Program Refine blah;
fills in blah as the right-hand side of the current goal;
ie solves the relevant T_ goal (having first tried to extract recursive
calls from T_ hypotheses); warning---sometimes the latter mechanism
commits to a T_ hyp too early, leaving unsolvable equations as subgoals
(hence the hand-cranking in gcd in TYPES03.l)
Program Names x1 ... xn;
renames pattern variables (often needed in induction-then-cases progs);
warning---sometimes muddles the goals up, leaving no programming problem
topmost, but nothing that Next can't cure.
Program Abst myFriend arg ... arg;
generates a programming problem for a helper function taking the given
args, which are usually existing pattern vars or some (var as exp),
where exp is an intermediate value you'd like abstracted, and var is
what it gets called; by a miracle of modern technology, the helper
function can still remember how to do recursive calls to the master
function.
(13) KEEPING A PROGRAM
Program Save;
should be called when you've filled in all the bits of program and
killed off any proof obligations apart from the <myFun> and U_ goals.
It unfreezes what it needs to solve these goals, then after QED, it
saves the big nasty term as the defined value of the function, freezes
it, and gives it (iota) reduction rules instead. Freeze/Unfreeze toggles
whether it's iota/delta reduction for that symbol.
(14) MYSTERIOUS Forget/KillRef PROBLEM
I've got some sort of bureaucratic cockup in the lego-state/proof-state/
twilight-zone, which means that retrograde steps sometimes throw away
too much (e.g. KillRef discarding the reduction rules you just saved,
or some such). I recommend ripping it all up and starting again.
Computers are fast. OK, it's still a pain. Undo in proof state is still
ok. Phew.
(15) SUPPORT
Choke. Cough. Splutter.
(16) HAVE FUN
No really, this is possible.
About
No description, website, or topics provided.
Resources
Stars
Watchers
Forks
Releases
No releases published
Packages 0
No packages published