Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

a simpler corres method #654

Merged
merged 5 commits into from
Jun 30, 2023
Merged

a simpler corres method #654

merged 5 commits into from
Jun 30, 2023

Conversation

lsf37
Copy link
Member

@lsf37 lsf37 commented Jun 28, 2023
edited
Loading

This new corres method is similar to the corresK method and calculus, but much less ambitious. Its main purpose is to automate boilerplate proof steps in corres proofs and is specifically not trying to fully automate such proofs (although some few might be solved).

The idea is that the method will make some progress with obvious steps and leave over a proof state the user can operate on further.

I've tried to put in a lot of comments to document the design and some of the rationale, but there are no examples yet.

Implements #634 (see there for parts of the design discussion)

This is on top of #653, which renames the old Corres_Method to CorresK_Method

@lsf37 lsf37 self-assigned this Jun 28, 2023
@lsf37 lsf37 added proof engineering nicer, shorter, more maintainable etc proofs proof tools convenience, automation, productivity tools labels Jun 28, 2023
@lsf37
Copy link
Member Author

lsf37 commented Jun 28, 2023

I might try to replace some of the existing corresKsimp invocations and maybe add a file with examples. Depending on how fast that goes, this would either be a separate PR or another commit or two on top of this one.

@lsf37
Copy link
Member Author

lsf37 commented Jun 29, 2023

Have now deployed the method in a few places in RISCV64 Refine and fine tuned thing a bit from that experience.

Seems to be working relatively well, at least I was able to develop with it incrementally fairly nicely and then collapse things down. The real test will be if it works for others as well.

Xaphiosis
Xaphiosis reviewed Jun 29, 2023
View reviewed changes
lib/Corres_UL.thy Outdated Show resolved Hide resolved
Xaphiosis
Xaphiosis reviewed Jun 29, 2023
View reviewed changes
lib/Corres_Method.thy Outdated Show resolved Hide resolved
Xaphiosis
Xaphiosis reviewed Jun 29, 2023
View reviewed changes
lib/Corres_Method.thy Outdated Show resolved Hide resolved
Xaphiosis
Xaphiosis reviewed Jun 29, 2023
View reviewed changes
lib/Corres_Method.thy Outdated Show resolved Hide resolved
Xaphiosis
Xaphiosis reviewed Jun 30, 2023
View reviewed changes
lib/Corres_Method.thy Outdated Show resolved Hide resolved
Xaphiosis
Xaphiosis approved these changes Jun 30, 2023
View reviewed changes
Copy link
Member

@Xaphiosis Xaphiosis left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm impressed you did this only with Eisbach. I'd have gone down rabbit holes of examining terms for schematics, which would result in faster code, but definitely less comprehensible. The documentation is solid as well.

There was one thing I didn't comment on directly because I'm used to it, but not sure if it's confusing to others or not: inline etc in the docs, e.g. "rules such as moving asserts to guards etc when the user" can be a tad confusing.

@lsf37 lsf37 mentioned this pull request Jun 30, 2023
Merged
michaelmcinerney
michaelmcinerney approved these changes Jun 30, 2023
View reviewed changes
Copy link
Contributor

@michaelmcinerney michaelmcinerney left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks very cool. I'm sure I don't understand many of the subtleties of the method setup, but corressimp is used a fair bit in MCS and if I am the one who handles the merge, then I'm sure it'll be a good opportunity to test this out a bit.

Base automatically changed from corresK-rename to master June 30, 2023 04:55
@lsf37
lib: add new corres method
865df55 
The new corres method is similar to the corresK method and calculus,
but much less ambitious. Its main purpose is to automate boilerplate
proof steps in corres proofs and is specifically not trying to fully
automate corres proofs (although some few might be solved).

The idea is that the method will make some progress with obvious steps
and leave over a proof state the user can operate on further.

Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>
@lsf37
lib: cleanup in Corres_UL and around liftM in Monads
445a8e4 
Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>
@lsf37
lib: some remarks on corres_mapM*
691c9e2 
Explain why the rule is strong enough as is before I prove the
(not really) stronger version yet again.

Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>
@lsf37
refine: make corres method available in Refine
fad4b70 
Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>
@lsf37
riscv refine: example corres method use
01a4216 
Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>
@lsf37
Copy link
Member Author

lsf37 commented Jun 30, 2023

Review feedback addressed and commits squashed.

@lsf37 lsf37 merged commit 01a4216 into master Jun 30, 2023
14 checks passed
@lsf37 lsf37 deleted the corres-method branch June 30, 2023 22:49
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Xaphiosis Xaphiosis Xaphiosis approved these changes

@michaelmcinerney michaelmcinerney michaelmcinerney approved these changes

@corlewis corlewis Awaiting requested review from corlewis

Assignees

@lsf37 lsf37

Labels
proof engineering nicer, shorter, more maintainable etc proofs proof tools convenience, automation, productivity tools
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@lsf37 @Xaphiosis @michaelmcinerney