Rewrite execProofMethod #650
Conversation
|
PS: I strongly suggest to merge by squashing and rebasing all commits. The commits themselves don't compile individually. I keep commits separate to be able to merge things back together in the end. |
|
We'll look asap, thanks! |
felixlinker
force-pushed
the
rewrite-prover
branch
from
f120329
to
0ac442c
Compare
felixlinker
force-pushed
the
rewrite-prover
branch
from
0ac442c
to
ed3db6b
Compare
There was a problem hiding this comment.
Hi Felix,
thanks a lot for your work! Much appreciated.
Since I only recently got into the code base, I can't give much feedback. I'm only wondering whether execProofMethod can now be infallible because checkAndExecProofMethod exists now.
There's a small copy-paste error regarding the comments of Result. Apart from that I think the PR looks good!
|
|
||
| -- @execMethod rules method se@ applies the @method@ to the sequent under the | ||
| -- assumption that it is sound to apply the method and that the @rules@ describe | ||
| -- all rewriting rules in scope. | ||
| -- | ||
| -- NOTE that the returned systems have their free substitution fully applied | ||
| -- and all variable indices reset. | ||
| execProofMethod :: ProofContext | ||
| -> ProofMethod -> System -> Maybe (M.Map CaseName System) |
There was a problem hiding this comment.
Now that execProofMethod no longer performs any sanity checks and relies on checkAndExecProofMethod for the checks, can the return type be changed to M.Map CaseName System?
There was a problem hiding this comment.
No, that doesn't work because getting the induction cases can still fail.
| contradiction c = (Contradiction (Just c), "") | ||
| execMethods = mapMaybe execMethod | ||
| execMethod (m, expl) = do | ||
| cases <- execProofMethod ctxt m sys |
There was a problem hiding this comment.
Shouldn't this be a call to checkAndExecProofMethods now that execProofMethod no longer checks whether the method is valid? Or do we rely on execProofMethod returning Nothing if the execution fails?
There was a problem hiding this comment.
rankProofMethods computes all applicable methods itself, i.e., they must be valid (or the computation is buggy, but this shouldn't be fixed by checking that they are valid imo). Thus, checking whether it's valid is not necessary. At this point in the code, it cannot come from an "external" source such as a loaded proof file.
I mean the first of these, yes, but technically, you could also squash commits without rebasing ☝️🤓 (Doesn't make much sense, though.) |
|
My quick merge seems not to have worked (although compilation fails on different file), I guess @felixlinker needs to help here. |
This PR essentially rewrites
execProofMethodand, following from that, applies some other changes. Overall, this PR should be "idempotent", i.e., Tamarin should function exactly as before. I personally find the code cleaner than before, but this is a matter of taste.The intention behind this PR is to factor out changes to Tamarin that I did as part of a research project with @cascremers. They are necessary for that project, but we would like to check that they indeed do not change Tamarin's behavior. But still, I think that some benefit to the added clarity of the code (more deletions than insertions).
Some notes on the changes:
Finished Resultthat replacesSolved,ContradictionandUnfinishable. I think it makes sense to reflect in the type system which kind of methods mean that no further proving needs to be done.execProofMethodwhether the applied method is valid in the given constraint system. In most cases, these checks are redundant because they come from the system. Instead, I implementedcheckAndExecProofMethodthat is now used whenever one must check validity, e.g., upon loading a theory.annotateWith(Diff)Systemsfunctions. They performed tasks fully redundant withexecProofMethod. First, you would apply a proof method and delete the resulting constraint system, then you would annotate it again.Nothingwhen simplify results in the same constraint system inexecProofMethod. If I were to do that, applying a redundant simplify step (e.g., while loading older proofs) would invalidated the proof.execProofMethodnow checks for all ways in which a proof could be finished. Therefore,applyProverAtPathneed not "guess" anymore which other provers we maybe should try to apply.Fast regression tests pass in about the same time as before on my machine. Only difference is that there are slightly fewer steps which results from the now dropped
simplifysteps.I'd appreciate a thorough review and am curious about any feedback!