cpa · Nov 15, 2011
diff --git a/‎Lib/Arithmetic.hs
+50 b/‎Lib/Arithmetic.hs
+50
diff --git a/‎Lib/BinaryTree.hs
+28 b/‎Lib/BinaryTree.hs
+28
diff --git a/‎Lib/List.hs
+15 b/‎Lib/List.hs
+15
diff --git a/‎Lib/Logic.hs
+22 b/‎Lib/Logic.hs
+22
diff --git a/‎Lib/Prelude.hs
+30 b/‎Lib/Prelude.hs
+30
diff --git a/‎TODO.org
+27-2 b/‎TODO.org
+27-2
diff --git a/‎lib/arithmetic.hs
-37 b/‎lib/arithmetic.hs
-37
diff --git a/‎lib/logic.hs
-16 b/‎lib/logic.hs
-16
diff --git a/‎macros.el
+3 b/‎macros.el
+3
diff --git a/‎no/add-and-mult-nonZero.hs
+8-17 b/‎no/add-and-mult-nonZero.hs
+8-17
diff --git a/‎no/bad-is-cf.hs
+8-2 b/‎no/bad-is-cf.hs
+8-2
diff --git a/‎no/const-bad-is-cf-to-cf.hs
+7-2 b/‎no/const-bad-is-cf-to-cf.hs
+7-2
diff --git a/‎no/crash-on-wrong-nat.hs
+11-16 b/‎no/crash-on-wrong-nat.hs
+11-16
diff --git a/‎no/mult-gt.hs
+5-3 b/‎no/mult-gt.hs
+5-3
diff --git a/‎run-tests.sh
+2-2 b/‎run-tests.sh
+2-2
diff --git a/‎yes/add-and-mult-nonZero.hs
+7-3 b/‎yes/add-and-mult-nonZero.hs
+7-3
@@ -0,0 +1,50 @@
+module Lib.Arithmetic(module Lib.Prelude, module Lib.Arithmetic) where
+
+import Lib.Prelude ;;
+
+one = Succ Zero;;
+two = Succ one;;
+
+add x y = case x of
+  ; Zero -> y
+  ; Succ x_ -> Succ (add x_ y);;
+
+mult a b = case a of
+  ; Zero -> Zero
+  ; Succ x -> add b (mult x b);;
+
+notZero x = case x of
+  ; Zero -> False
+  ; Succ x_ -> True;;
+
+isZero x = case x of
+  ; Zero -> True
+  ; Succ x_ -> False;;
+
+eqNat x y = case x of
+  ; Zero -> isZero y
+  ; Succ x_ -> eqNatAux x_ y;;
+
+eqNatAux x y = case y of
+  ; Zero -> False
+  ; Succ y_ -> eqNat x y_;;
+
+gt x y = case x of
+  ; Zero -> False
+  ; Succ x_ -> gtAux x_ y;;
+
+gtAux x y = case y of
+  ; Zero -> True
+  ; Succ y_ -> gt x y_;;
+
+max a b = case (ge a b) of
+  ; True -> a
+  ; False -> b;;
+    
+ge x y = case x of
+  ; Zero -> isZero y
+  ; Succ x_ -> ge_ x_ y;;
+  
+ge_ x y = case y of
+  ; Zero -> True
+  ; Succ y_ -> ge x y_;;
@@ -0,0 +1,28 @@
+module Lib.BinaryTree where
+
+import Lib.Arithmetic ;;
+import Lib.Logic ;;
+
+data Tree
+    = Leaf
+    | Node Tree Tree;;
+
+isLeaf t = case t of
+  ; Leaf -> True
+  ; Node a b -> False;;
+
+eqTree t1 t2 = case t1 of
+  ; Leaf -> isLeaf t2
+  ; Node a b -> eqTreeAux t2 a b;;
+    
+eqTreeAux t a b = case t of
+  ; Leaf -> False
+  ; Node c d -> and (eqTree a c) (eqTree b d);;
+
+height t = case t of
+  ; Leaf -> Zero
+  ; Node l r -> Succ (max (height l) (height r));;
+
+size t = case t of
+  ; Leaf -> Succ Zero
+  ; Node l r -> Succ (add (size l) (size r));;
@@ -0,0 +1,15 @@
+module Lib.List where
+
+import Lib.Prelude ;;
+
+length x = case x of
+  ; Nil -> Zero
+  ; Cons a b -> Succ (length b);;
+    
+null x = case x of
+  ; Nil -> False
+  ; Cons a b -> True;;
+
+reverse x acc = case x of
+  ; Nil -> acc
+  ; Cons a b -> reverse b (Cons a acc);;
@@ -0,0 +1,22 @@
+-- Boolean logic.
+module Lib.Logic where
+
+data Bool
+    = False
+    | True ;;
+
+and a b = case a of
+  ; True -> b
+  ; False -> False;;
+
+or a b = case a of
+  ; True -> True
+  ; False -> b;;
+
+not a = case a of
+  ; True -> False
+  ; False -> True;;
+
+implies a b = case a of
+  ; False -> True
+  ; True -> b;;
@@ -0,0 +1,30 @@
+module Lib.Prelude(module Prelude,module Lib.Prelude) where
+
+{- SKIP -}
+import Prelude(error,Show)
+
+data Bool
+    = False
+    | True
+    {- SKIP -}
+    deriving Show
+    ;;
+
+data Nat
+    = Zero
+    | Succ Nat
+    {- SKIP -}
+    deriving Show
+    ;;
+
+data List
+    = Nil 
+    | Cons Nat List
+    {- SKIP -}
+    deriving Show
+    ;;
+
+{- SKIP -}
+unr = unr
+{- SKIP -}
+bad = error "BAD"
@@ -55,9 +55,13 @@ is very wrong!
       fewer quantifiers seems good, but i need to experiment to see if
       there is an improvement in practice.
 - [ ] whether the 'forall a. a = ...' versions are used.
-** TODO move 'Bool' into a library
+** DONE move 'Bool' into a library
 the translation of 'Bool' is hardcoded in the translation, but we
 could have lib/bool.hs and then tests could 'import "../lib/bool.hs"'.
+** TODO restrict generated theory to relevant defs
+right now we insert more defs than neccessary when generating the
+theory, which slows things down significantly in some cases.
+something like a transitive free variable check should be sufficient.
 ** TODO better test suite
 borrow IsaPlanner examples from Zeno directly, or from the IsaPlanner
 site. the urls are in the zeno tech report:
@@ -87,7 +91,7 @@ but if nested case were allowed we'd simply need to change the (e = pi
 : [[ f xs = ei ]]
 
 when ei = case e' of [pi' -> ei'].
-** TODO use haskell syntax
+** DONE use haskell syntax
 zeno does this, and it seems like a good idea.  we only require a few
 changes:
 1. use real imports
@@ -217,3 +221,24 @@ then, when axiomitizing a function def, we can have
 :                -> T(f x1 ... xn) /\ <the usual axiomitization>
 
 where f : T1 -> ... -> Tn -> T.
+** MAYBE add type checking for contracts
+they're in comments and not haskell, so GHQ ignores them.  one easy
+way to type check them would be to generate a lambda and typecheck it
+with ghc. a translation like
+
+: [[ x:c -> c' ]] ==> \x -> ([[ c ]], [[ c' ]])
+: [[ c -> c' ]]   ==> [[ _:c -> c' ]]
+: [[ c1&&c2 ]] ==> ([[ c1 ]], [[ c2 ]])
+: [[ c1||c2 ]] ==> ([[ c1 ]], [[ c2 ]])
+: [[ CF ]]     ==> ()
+: [[ {x : p } ]] ==> \x . p
+
+might work.  so, e.g., we'd have
+
+: [[ CF -> {x: nonZero x} -> y:(CF&&{y: p y}) -> {r : q y r} ]]
+: ==>
+: \_ -> ((),
+:        \_ -> (\x -> nonZero x,
+:               \y -> (((),
+:                       \y -> p y),
+:                      \r -> q y r)))
@@ -0,0 +1,3 @@
+;; wraps a 'f ::: c;;' style contract in a 'CONTRACT' pragma comment.
+(setq last-kbd-macro
+   [?\C-m up ?\{ ?- ?# ?  ?C ?O ?N ?T ?R ?A ?C ?T down end left left ?\C-m ?# ?- ?\} end down home])
@@ -3,20 +3,11 @@
 --
 -- Note the '{y:True}' (i.e. 'Any') contract on 'mult's second
 -- argument: this is wrong.  cf. ../yes/add-and-mult-nonZero.hs.
-data Nat = Zero 0
-         | Succ 1;;
-
-add a b = case a of
-  | Zero -> b
-  | Succ x -> Succ (add x b);;
-
-mult a b = case a of
-  | Zero -> Zero
-  | Succ x -> add b (mult x b);;
-
-notZero x = case x of
-  | Zero -> False
-  | Succ a -> True;;
-
-add  ::: {x:notZero x} -> {y:notZero y} -> {z:notZero z};;
-mult ::: {x:notZero x} -> {y:True}      -> {z:notZero z};;
+import Lib.Arithmetic ;;
+
+{-# CONTRACT
+add  ::: {x:notZero x} -> {y:notZero y} -> {z:notZero z}
+#-};;
+{-# CONTRACT
+mult ::: {x:notZero x} -> {y:True}      -> {z:notZero z}
+#-};;
@@ -1,3 +1,9 @@
 -- Wrongly assert that 'BAD' is CF.
-bad = BAD;;
-bad ::: CF;;
+
+-- XXX: doesn't work to simply use 'bad' below?  I don't think it's
+-- worth fixing.
+f = bad ;;
+
+{-# CONTRACT
+f ::: CF
+#-};;
@@ -1,4 +1,9 @@
+import Lib.Prelude ;;
+
 -- Wrongly assert that 'const BAD' is CF.
 const x y = x;;
-cbad = const BAD;;
-cbad ::: CF -> CF;;
+cbad = const bad;;
+
+{-# CONTRACT
+cbad ::: CF -> CF
+#-};;
@@ -2,25 +2,20 @@
 -- to swapping 'Zero' and 'Succ'.  This is wrong because 'Succ' may
 -- contain a crashing subexpression that 'isZero' did not inspect.
 -- cf. ../yes/crash-on-wrong-nat.hs.
-data Nat = Zero 0
-         | Succ 1;;
+import Lib.Arithmetic ;;
 
 crashOnSucc x = case x of
-  | Zero -> Zero
-  | Succ y -> BAD;;
+  ; Zero -> Zero
+  ; Succ y -> bad;;
 
 crashOnZero x = case x of
-  | Zero -> BAD
-  | Succ y -> x;;
+  ; Zero -> bad
+  ; Succ y -> x;;
 
-isZero x = case x of
-  | Zero -> True
-  | Succ a -> False;;
-
-not x = case x of
-  | True -> False
-  | False -> True;;
-
-crashOnSucc :::        {x:     isZero x}   -> CF;;
+{-# CONTRACT
+crashOnSucc :::        {x:     isZero x}   -> CF
+#-};;
 -- Wrong!
-crashOnZero :::        {x:not (isZero x)}  -> CF;;
+{-# CONTRACT
+crashOnZero :::        {x:not (isZero x)}  -> CF
+#-};;
@@ -1,6 +1,8 @@
-import "../lib/arithmetic.hs";;
-import "../lib/logic.hs";;
+import Lib.Arithmetic ;;
+import Lib.Logic ;;
 
 -- Not true, e.g. 'positive 1' and 'CF 1' and '1 = 1 * 1' but not 'gt 1 1'.
+{-# CONTRACT
 mult ::: x:CF -> y:CF -> {z: implies (and (positive x) (positive y)) 
-                                     (and (gt z x)     (gt z y))};;
+                                     (and (gt z x)     (gt z y))}
+#-};;
@@ -12,7 +12,7 @@ TIMEOUT=${TIMEOUT:-10}
 trap 'exit 1' INT
 
 # Run a test and report results
-run-test () { 
+run-test () {
     test="$1"
     passMsg="$2"
     timeoutMsg="$3"
@@ -22,7 +22,7 @@ run-test () {
     # z3 processes with us as parent?
     killall --user `whoami` z3 &>/dev/null
 
-    "$egsDir"/timeout.sh $TIMEOUT "$CHECK" "$test" -q -p # --engine vampire32 # --engine z3
+    "$egsDir"/timeout.sh $TIMEOUT "$CHECK" "$test" -q -p -i "$egsDir" # --engine vampire32 # --engine z3
     ret=$?
     printf "%-50s" "$test: "
     if [[ $ret -eq 0 ]]; then
 
@@ -4,7 +4,11 @@
 -- Note the '{y:True}' (i.e. 'Any') contract on 'add's second
 -- argument.  We can't do the same for 'mult's second argument.
 -- cf. ../no/add-and-mult-nonZero.hs.
-import "../lib/arithmetic.hs";;
+import Lib.Arithmetic ;;
 
-add  ::: {x:notZero x} -> {y:True}      -> {z:notZero z};;
-mult ::: {x:notZero x} -> {y:notZero y} -> {z:notZero z};;
+{-# CONTRACT
+add  ::: {x:notZero x} -> {y:True}      -> {z:notZero z}
+#-};;
+{-# CONTRACT
+mult ::: {x:notZero x} -> {y:notZero y} -> {z:notZero z}
+#-};;
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+;; wraps a 'f ::: c;;' style contract in a 'CONTRACT' pragma comment.`
	`2`	`+(setq last-kbd-macro`
	`3`	`+ [?\C-m up ?\{ ?- ?# ? ?C ?O ?N ?T ?R ?A ?C ?T down end left left ?\C-m ?# ?- ?\} end down home])`