Commit graph

256 commits

Author SHA1 Message Date
Leonardo de Moura
340d643d89 fix(library/kernel_bindings): make sure that when a formatter is invoked and it has a reference to an environment object, we get a read-only lock to the environment object
Signed-off-by: Leonardo de Moura <leonardo@microsoft.com>
2013-12-08 16:55:55 -08:00
Leonardo de Moura
8add5571f1 refactor(library/tactic): remove 'null' tactic, and operator bool tactics
Signed-off-by: Leonardo de Moura <leonardo@microsoft.com>
2013-12-08 15:00:16 -08:00
Leonardo de Moura
04b67f8b14 refactor(kernel/object): remove 'null' object, and operator bool for kernel objects
Signed-off-by: Leonardo de Moura <leonardo@microsoft.com>
2013-12-08 14:37:38 -08:00
Leonardo de Moura
2f88d6710c feat(kernel/expr): add some_expr and none_expr for building values of type optional<expr>
Signed-off-by: Leonardo de Moura <leonardo@microsoft.com>
2013-12-08 10:34:38 -08:00
Leonardo de Moura
3e1fd06903 refactor(kernel/expr): remove 'null' expression, and operator bool for expression
After this commit, a value of type 'expr' cannot be a reference to nullptr.
This commit also fixes several bugs due to the use of 'null' expressions.

TODO: do the same for kernel objects, sexprs, etc.

Signed-off-by: Leonardo de Moura <leonardo@microsoft.com>
2013-12-07 23:21:10 -08:00
Leonardo de Moura
e2999d3ff6 feat(*): add component name to check_stack and check_system
I also reduced the stack size to 8 Mb in the tests at tests/lean and tests/lean/slow. The idea is to simulate stackoverflow conditions.

Signed-off-by: Leonardo de Moura <leonardo@microsoft.com>
2013-12-07 15:11:55 -08:00
Leonardo de Moura
195ea24d71 refactor(kernel/type_checker): pass buffer<unification_constraint> as a pointer
The idea is to make it an optional parameter independent of metavar_env.

Signed-off-by: Leonardo de Moura <leonardo@microsoft.com>
2013-12-07 10:27:11 -08:00
Leonardo de Moura
5f3b9dbbbd fix(library/fo_unify): unify (?f ?x) with (g a b)
We flat applications. So, (g a b) is actually ((g a) b).
So, we must be able to unify (?f ?x) with (g a b).
Solution:
        ?g <- (g a)
        ?x <- b

Signed-off-by: Leonardo de Moura <leonardo@microsoft.com>
2013-12-07 10:25:11 -08:00
Leonardo de Moura
015bff8283 fix(library/tactic/goal): to_goal way of handling context_entries of the form (name, domain, body) where domain is null, and body is a proof term
This commit fixes a problem exposed by t13.lean.
It has a theorem of the form:

Theorem T1 (A B : Bool) : A /\ B -> B /\ A :=
     fun assumption : A /\ B,
          let lemma1 := (show A by auto),
              lemma2 := (show B by auto)
          in (show B /\ A by auto)

When to_goal creates a goal for the metavariable associated with (show B /\ A by auto) it receives a context and proposition of the form

 [ A : Bool, B : Bool, assumption : A /\ B, lemma1 := Conjunct1 assumption, lemma2 := Conjunct2 assumption ] |- B /\ A

The context_entries "lemma1 := Conjunct1 assumption" and "lemma2 := Conjunct2 assumption" do not have a domain (aka type).
Before this commit, to_goal would simply replace and references to "lemma1" and "lemma2" in "B /\ A" with their definitions.
Note that, "B /\ A" does not contain references to "lemma1" and "lemma2". Then, the following goal is created
     A : Bool, B : Bool, assumption : A /\ B |- B /\ A
That is, the lemmas are not available when solving B /\ A.
Thus, the tactic auto produced the following (weird) proof for T1, where the lemmas are computed but not used.

    Theorem T1 (A B : Bool) (assumption : A ∧ B) : B ∧ A :=
            let lemma1 := Conjunct1 assumption,
                lemma2 := Conjunct2 assumption
            in Conj (Conjunct2 assumption) (Conjunct1 assumption)

This commit fixed that. It computes the types of "Conjunct1 assumption" and "Conjunct2 assumption", and creates the goal
     A : Bool, B : Bool, assumption : A /\ B, lemma1 : A, lemma2 : B |- B /\ A

After this commit, the proof for theorem T1 is

Theorem T1 (A B : Bool) (assumption : A ∧ B) : B ∧ A :=
    let lemma1 := Conjunct1 assumption,
        lemma2 := Conjunct2 assumption
    in Conj lemma2 lemma1

as expected.

Finally, this example suggests that the encoding

Theorem T1 (A B : Bool) : A /\ B -> B /\ A :=
     fun assumption : A /\ B,
          let lemma1 : A := (by auto),
              lemma2 : B := (by auto)
          in (show B /\ A by auto)

is more efficient than

Theorem T1 (A B : Bool) : A /\ B -> B /\ A :=
     fun assumption : A /\ B,
          let lemma1 := (show A by auto),
              lemma2 := (show B by auto)
          in (show B /\ A by auto)

Signed-off-by: Leonardo de Moura <leonardo@microsoft.com>
2013-12-06 16:14:25 -08:00
Leonardo de Moura
bd9df3b08f fix(library/tactic/goal): null hypothesis being added by to_goal
Signed-off-by: Leonardo de Moura <leonardo@microsoft.com>
2013-12-06 16:03:06 -08:00
Leonardo de Moura
0390f3c39b feat(library/tactic/boolean_tactics): avoid unnecessary Let expression in proof terms
Signed-off-by: Leonardo de Moura <leonardo@microsoft.com>
2013-12-06 15:01:54 -08:00
Leonardo de Moura
1df9d18891 feat(frontends/lean): allow 'tactic hints' to be associated with 'holes'
Signed-off-by: Leonardo de Moura <leonardo@microsoft.com>
2013-12-06 14:49:39 -08:00
Leonardo de Moura
d79a626523 fix(kernel/type_checker): Pi with metavariables case
The type checker (and type inferer) were not handling correctly Pi expressions where the type universe cannot be established due to the occurrence of metavariables. In this case, a max-constraint is created. The problem is that the domain and body of the Pi are in different contexts. The constrain generated before this commit was incorrect, it could contain a free variable. This commit fix the issue by using the context of the body, and lifting the free variables in the domain by 1.

Signed-off-by: Leonardo de Moura <leonardo@microsoft.com>
2013-12-06 13:07:59 -08:00
Leonardo de Moura
fa03ae2a26 fix(library/elaborator): strength elaborator procedure for handling equality and convertability constraints
This commit improves the condition for showing that an equality(and convertability) constraint cannot be solved. A nice consequence is that Lean produces nicer error messages. For example, the error message for unit test elab1.lean is more informative.

Signed-off-by: Leonardo de Moura <leonardo@microsoft.com>
2013-12-06 13:04:34 -08:00
Leonardo de Moura
c841763a05 feat(library/elaborator): add special treatment for constraints of the form ?m[inst:i v] << t, where t is a proposition
Signed-off-by: Leonardo de Moura <leonardo@microsoft.com>
2013-12-06 04:51:07 -08:00
Leonardo de Moura
13f9454fe1 feat(library/tactic/proof_state): add option tactic::proof_state::goal_names
Signed-off-by: Leonardo de Moura <leonardo@microsoft.com>
2013-12-05 21:18:22 -08:00
Leonardo de Moura
0c059a9917 feat(library/tactic): use _tac suffix instead of _tactic like Isabelle
Signed-off-by: Leonardo de Moura <leonardo@microsoft.com>
2013-12-05 20:06:32 -08:00
Leonardo de Moura
c1afefb873 feat(library/fo_unify): unify heterogeneous - homogeneous equality
Signed-off-by: Leonardo de Moura <leonardo@microsoft.com>
2013-12-05 19:00:31 -08:00
Leonardo de Moura
a1b5a8e50f fix(frontends/lean): check wheter the synthesized proof term has metavars or not
Signed-off-by: Leonardo de Moura <leonardo@microsoft.com>
2013-12-05 14:22:19 -08:00
Leonardo de Moura
43ef8b9a4b refactor(library/tactic): rename boolean.* to boolean_tactics.*
Signed-off-by: Leonardo de Moura <leonardo@microsoft.com>
2013-12-05 05:03:18 -08:00
Leonardo de Moura
fa98c1358f feat(library/tactic): add disj_tactic
Signed-off-by: Leonardo de Moura <leonardo@microsoft.com>
2013-12-05 04:49:06 -08:00
Leonardo de Moura
029ef57abd feat(library/tactic): add apply_tactic
Signed-off-by: Leonardo de Moura <leonardo@microsoft.com>
2013-12-05 03:22:12 -08:00
Leonardo de Moura
ef069e39b0 chore(*): replace to_expr with to_nonnull_expr (when appropriate)
The goal is to make the Lua API more robust.

Signed-off-by: Leonardo de Moura <leonardo@microsoft.com>
2013-12-03 12:53:53 -08:00
Leonardo de Moura
bcc8b67592 chore(*): consistent file name convention
Signed-off-by: Leonardo de Moura <leonardo@microsoft.com>
2013-12-03 12:40:52 -08:00
Leonardo de Moura
8e53643b61 feat(library/fo_unify): first order unification
Signed-off-by: Leonardo de Moura <leonardo@microsoft.com>
2013-12-03 12:21:21 -08:00
Leonardo de Moura
f80106a895 chore(*): use 'explicit operator bool' everywhere.
operator bool() may produce unwanted conversions.
For example, we had the following bug in the code base.

...
   object const & obj = find_object(const_name(n));
   if (obj && obj.is_builtin() && obj.get_name() == n)
...

obj.get_name() has type lean::name
n              has type lean::expr

Both have 'operator bool()', then the compiler uses the operator to
convert them to Boolean, and then compare the result.
Of course, this is not our intention.

After this commit, the compiler correctly signs the error.
The correct code is

...
   object const & obj = find_object(const_name(n));
   if (obj && obj.is_builtin() && obj.get_name() == const_name(n))
...

Signed-off-by: Leonardo de Moura <leonardo@microsoft.com>
2013-12-02 23:02:45 -08:00
Leonardo de Moura
d79b2babd3 fix(*): typo
Signed-off-by: Leonardo de Moura <leonardo@microsoft.com>
2013-12-02 08:46:47 -08:00
Leonardo de Moura
25978118df feat(library/tactic): add beta-reduction tactic
Signed-off-by: Leonardo de Moura <leonardo@microsoft.com>
2013-12-02 08:10:51 -08:00
Soonho Kong
a2d6918348 fix(library/rewriter): use Abst axiom in lambda_body RW 2013-12-01 22:24:12 -05:00
Leonardo de Moura
74dfdd02de feat(util): add primitives for checking the amount of available stack space
Recursive functions that may go very deep should invoke the function check_stack. It throws an exception if the amount of stack space is limited.

The function check_system() is syntax sugar for
    check_interrupted();
    check_stack();

Signed-off-by: Leonardo de Moura <leonardo@microsoft.com>
2013-12-01 17:19:27 -08:00
Leonardo de Moura
09f98ecddc feat(library/tactic): add unfold_tactic() that unfolds every non-hidden definition
Signed-off-by: Leonardo de Moura <leonardo@microsoft.com>
2013-12-01 10:41:05 -08:00
Leonardo de Moura
70e06f8e86 feat(library/hidden_defs): hidden definitions are just hints for tactics and solvers
Signed-off-by: Leonardo de Moura <leonardo@microsoft.com>
2013-12-01 10:27:27 -08:00
Leonardo de Moura
ca53a5a1cc feat(library/tactic): add unfold tactic
Signed-off-by: Leonardo de Moura <leonardo@microsoft.com>
2013-12-01 08:51:56 -08:00
Leonardo de Moura
568931ccb1 refactor(library/tactic): remove duplicate code, add add_proofs
Signed-off-by: Leonardo de Moura <leonardo@microsoft.com>
2013-12-01 07:55:01 -08:00
Leonardo de Moura
f91c4901e8 feat(library/tactic): add absurd_tactic
Signed-off-by: Leonardo de Moura <leonardo@microsoft.com>
2013-12-01 07:55:00 -08:00
Leonardo de Moura
bf2adb20e7 feat(library/tactic): add disj_hyp_tactic
Signed-off-by: Leonardo de Moura <leonardo@microsoft.com>
2013-12-01 07:55:00 -08:00
Soonho Kong
064e3fe20d refactor(library/rewriter): rename lc => ti 2013-12-01 01:59:20 -05:00
Soonho Kong
506cca0ac1 feat(library/rewriter): implement depth RW 2013-12-01 01:59:20 -05:00
Soonho Kong
ae0508128f refactor(library/rewriter): move apply_rewriter_fn into rewriter.h 2013-12-01 00:57:09 -05:00
Soonho Kong
d7ba5e3893 doc(library/rewriter): add doxygen annotations for rewrite_* funcs 2013-12-01 00:47:53 -05:00
Leonardo de Moura
1a221d8bbe feat(library/tactic): add focus tactical
Signed-off-by: Leonardo de Moura <leonardo@microsoft.com>
2013-11-30 11:28:38 -08:00
Soonho Kong
f205dd0763 fix(library/rewriter): unused variable warnings 2013-11-30 07:05:18 -05:00
Leonardo de Moura
83aaf64318 fix(library/tactic): memory leaks
Proof/Cex builders and tactics implemented in Lua had a "strong reference" to script_state. If they are stored in the Lua state, then we get a cyclic reference.
That is, script_state points to these objects, and they point back to script_state.

To avoid this memory leak, this commit defines a weak reference for script_state objects. The Proof/Cex builders and tactics now store a weak reference to the Lua state.

Signed-off-by: Leonardo de Moura <leonardo@microsoft.com>
2013-11-30 00:44:39 -08:00
Leonardo de Moura
a7027a1d00 feat(library/tactic): polish tactic API, and add new example showing how to implement tactics using Lua
Signed-off-by: Leonardo de Moura <leonardo@microsoft.com>
2013-11-30 00:16:39 -08:00
Soonho Kong
f5f7380fbe feat(library/rewriter): add apply_rewriter_fn which will be used in depth RW 2013-11-30 02:25:30 -05:00
Soonho Kong
1d76a6f71d feat(library/rewriter): add rewrite_* functions
rewrite_* functions take the rewriting results of the sub-components and
construct the rewriting result for the main component.

For instance, rewrite_app function takes env, ctx, and the value v s.t.

v = (e_0 e_1 ... e_n)

and the rewriting results for e_i's as a vector(buffer)

(e'_0, pf_0 -- proof of e_0 = e'_0)
(e'_1, pf_1 -- proof of e_1 = e'_1)
...
(e'_n, pf_n -- proof of e_n = e'_n).

Then rewrite_app function construct the new v'

v' = (e'_0 e'_1 ... e'_n)

and the proof of v = v' which is constructed with pf_i's.

These functions are used in the component rewriters such as app_RW and
let_type_RW, as well as more complicated rewriters such as depth
rewriter.
2013-11-30 02:25:29 -05:00
Leonardo de Moura
a9eb2a9307 feat(kernel/builtin): add is_* functions
Signed-off-by: Leonardo de Moura <leonardo@microsoft.com>
2013-11-29 11:35:58 -08:00
Leonardo de Moura
18eb9e427f fix(library/tactic): compilation warning
Signed-off-by: Leonardo de Moura <leonardo@microsoft.com>
2013-11-29 10:35:14 -08:00
Leonardo de Moura
f9874cd675 feat(library/tactic): add to_tactic_ext, it allows functions that return tactics to be used where a tactic is expected
For example, after this commit, we can write

simple_tac = REPEAT(ORELSE(imp_tactic, conj_tactic)) .. assumption_tactic

instead of

simple_tac = REPEAT(ORELSE(imp_tactic(), conj_tactic())) .. assumption_tactic()

Signed-off-by: Leonardo de Moura <leonardo@microsoft.com>
2013-11-29 09:40:21 -08:00
Leonardo de Moura
20a36e98ec feat(library/elaborator): modify how elaborator handles constraints of the form ?M << P and P << ?M, where P is a proposition.
Before this commit, the elaborator would only assign ?M <- P, if P was normalized. This is bad since normalization may "destroy" the structure of P.

For example, consider the constraint
[a : Bool; b : Bool; c : Bool] ⊢ ?M::1 ≺ implies a (implies b (and a b))

Before this, ?M::1 will not be assigned to the "implies-term" because the "implies-term" is not normalized yet.
So, the elaborator would continue to process the constraint, and convert it into:

[a : Bool; b : Bool; c : Bool] ⊢ ?M::1 ≺ if Bool a (if Bool b (if Bool (if Bool a (if Bool b false true) true) false true) true) true

Now, ?M::1 is assigned to the term
     if Bool a (if Bool b (if Bool (if Bool a (if Bool b false true) true) false true) true) true

This is bad, since the original structure was lost.

This commit also contains an example that only works after the commit is applied.

Signed-off-by: Leonardo de Moura <leonardo@microsoft.com>
2013-11-29 09:15:01 -08:00