In [12]:
def List(S):
    L = Datatype(f"List[{S.name()}]")
    L.declare('nil')
    L.declare('cons', ('car', S), ('cdr', L))
    L = L.create()
    def induct(P):
        x = FreshConst('x', S)
        l = FreshConst('l', L)
        return Implies(And(P(L.nil), ForAll([x, l], Implies(P(l), P(L.cons(x, l))))),
                       ForAll([l], P(l)))
    # def recurse(base, step):
    return L, induct

IntList, intlist_induct,  = List(IntSort())




Modules in ocaml let's say are records that contain values and types.
It is not an issue since we are in a metalanguage to have sorts in our records.
dataclasses are reasonable.

They also should contain proofs.
Kind of dependent records.
Compare with isabelle locales.




In [2]:
from z3 import *
from dataclasses import dataclass

# since we don't have polymorphism, we need to do module style for any container.
@dataclass(frozen=True)
class OrderedType():
    t : SortRef
    le : FuncDeclRef
    le_total : BoolRef # Proof
__OrderedType = OrderedType
def OrderedType(elem : ):
    return __OrderedType(elem[0], elem[1], elem[2])
# https://v2.ocaml.org/api/Set.Make.html
@dataclass(frozen=True)
class SetModule():
    t : SortRef
    elt: SortRef
    cons : FuncDeclRef
    nil : FuncDeclRef
    head : FuncDeclRef
__SetModule = SetModule
# smart constructor
def SetModule(elem : ):


NameError: name 'List' is not defined

In [None]:
@dataclass(frozen=True)
class Nat():
    x : IntRef
    pos : BoolRef # Proof
__Nat = Nat

# refinement types.
def Nat(x : IntRef, by=[]):
    assert isinstance(x, IntRef)
    return __Nat(x, lemma(x >= 0, by))

@dataclass(frozen=True)
class Pos(Nat): # playing with fire here.
    pos : BoolRef
__Pos = Pos
def Pos(x : IntRef, by=[]):
    assert isinstance(x, IntRef)
    return __Pos(x, lemma(x > 0, by))

In [None]:
def monoid(S):
    return {
        "set": S,
        "op": Function("op", S, S, S),
        "unit": Const("unit", S),
        "assoc": ForAll([x,y,z], op(op(x,y),z) == op(x,op(y,z))),
        "unitl": ForAll([x], op(unit,x) == x),
        "unitr": ForAll([x], op(x,unit) == x),
    }    

def monoid(S,op,unit, hyps):
    assoc = ForAll([x,y,z], op(op(x,y),z) == op(x,op(y,z)))
    prove(assoc)
    unitl = ForAll([x], op(unit,x) == x)
    prove(unitl)
    unitr = ForAll([x], op(x,unit) == x)
    prove(unitr)
    return {
        "set": S,
        "op": op,
        "unit": unit,
        "assoc": assoc,
        "unitl": unitl,
        "unitr": unitr,
    }

# check parametric stuff on fresh sorts, but then can trust.

# Older

So last time I blasted in a definition of peano addition to knuckledragger as an axiom. This is fine, but probably not the best.

It is totally fine for fooling around to add new axioms to expediate getting to whatever meat you want to get to. I recall it being a revelation when I saw Cody do that in Coq, that I didn't need to start from inductive datatypes and build a whole world, one can just posit new axioms.

However, it is nice to have the option to instead use more controlled or opinionated interfaces to add axioms.

When you define an inductive datatype in Coq or lean, it says that the system has defined a couple of primitives and helpers for you.

Inductive datatypes by design allow for admitting induction principles.

Since Z3 has support for inductive data types, it seems nice to piggy back on this mechanism

A classic thing to do is create a conservative extension to a theory. This adds new constants and function symbols to the signature, but no new theorems involving only old constants are provable.
See the metamath book section 4.4 <https://us.metamath.org/downloads/metamath.pdf>
<https://en.wikipedia.org/wiki/Conservative_extension>
[FOM: Conservative Extension](https://cs.nyu.edu/pipermail/fom/1998-October/002306.html)

When you intermix inductive datatypes and first class functions things get dicey for some reason. There are certain positivity restrictions to keep things sound.
Mutually recursive datatypes is also a fiddly area.
<https://en.wikipedia.org/wiki/Induction-induction>
<https://en.wikipedia.org/wiki/Induction-recursion>
<https://proofassistants.stackexchange.com/questions/926/what-are-well-founded-inductive-types>

<http://adam.chlipala.net/papers/PhoasICFP08/> HOAS is fiddly
<https://cstheory.stackexchange.com/questions/22157/w-types-vs-inductive-types>
<https://mathoverflow.net/questions/402435/why-are-w-types-called-w> W types fit into this discussion somewhere <https://ncatlab.org/nlab/show/W-type>


In [None]:
from knuckledragger.kernel import *
from z3 import *
class Datatype(z3.Datatype):
    def create(self):
        DT = super().create()  # z3 already checks for positivity.
        PredSort = ArraySort(DT, BoolSort())
        # construct an induction principle.
        P = FreshConst(PredSort, prefix="P")
        hyps = []
        for i in range(DT.num_constructors()):
            constructor = DT.constructor(i)
            args = [
                FreshConst(constructor.domain(j), prefix="a")
                for j in range(constructor.arity())
            ]
            acc = P[constructor(*args)]
            for arg in args:
                if arg.sort() == DT:
                    acc = QForAll([arg], P[arg], acc)
                else:
                    acc = ForAll([arg], acc)
            hyps.append(acc)
        x = FreshConst(DT, prefix="x")
        conc = ForAll([x], P[x])
        induct = Lambda([P], Implies(And(hyps), conc))
        induct_ax = trust(ForAll([P], induct[P] == True))

        # recursor

        # store inside the data type?
        DT.induct = induct
        DT.induct_ax = induct_ax
        #DT.rec = rec
        return DT

def recursor(name, *cases, DT):
    assert all(case.range() == DT for case in cases)
    f = z3.RecFunction(name, DT, )  # also freshness needs to be checked


def define_rec(name, args, body, measure=None):
    sig = [arg.sort() for arg in args]
    f = z3.RecFunction(name, *sig)  # also freshness needs to be checked. Yikes.
    # TODO check termination and totality of definition
    RecAddDefinition(f, body)
    fun_def = infer([], ForAll(args, f(*args) == body))
    return f, fun_def

Wrappers for algebraic datatypes deriving induction principles, recursion principles, others? Some kind of well foundedness? What does isabelle define?

In [None]:
List = Datatype("List")
List.declare("cons", ("car", IntSort()), ("cdr", List))
List.declare("nil")
List = List.create()
List.induct_ax

List2 = Datatype("List")
List2.declare("nil")
List2 = List2.create()
List2.induct_ax

List2 == List # ruh roh

List.induct_ax
List2.induct_ax
prove(List2.nil == List.nil) # yikes
List.num_constructors()
List2.num_constructors()
# ok so we overwrite the old list.

# This possibly invlaidates any oldtheorem

I guess one kind of insane option is to allow delayed validation.

We might need to rexport everything from z3 with some stuff wrapped. That's a somewhat nuclear options.
Or cache when it comes into trust?
An even more nuclear option is make my own adt