From Mike Gordon 6 Apr 89 Date: Thu, 6 Apr 89 16:57 BST From: Mike Gordon To: info-hol@clover.ucdavis.edu Subject: HOL88 news and bug report Status: RO |============================| | | | HOL 88 NEWS AND BUG REPORT | | -------------------------- | | | | Mike Gordon | | | | Cambridge, 6 April 1989 | | | |============================| The next release of HOL will be HOL88.1.05 and will be sent to HOL distribution sites within the next few days. Version 1.05 contains a number of features to support libraries in a uniform way, together with five new libraries. 1. The ICL tautology checker (code for this has already been distributed via info-hol). 2. A theory containing definitions of the concepts of monotonicity, continuity, fixed-points and chain-completeness (i.e. admitting induction) for polymorphic predicates. Various basic lemmas are proved, concluding with the validity of Scott induction (also called fixed-point induction and computation induction) in the following form: |- !(p:(*->bool)->bool) fun. ADMITS_INDUCTION p /\ CONTINUOUS fun /\ p BOTTOM /\ (!f. p f ==> p(fun f)) ==> p(FIX fun) 3. The experimental tools to support programming logics in HOL decribed in the paper: "Mechanizing Programming Logics in Higher Order Logic", by M.J.C. Gordon, in "Current Trends in Hardware Verification and Automated Theorem Proving" edited by P.A. Subrahmanyam and Graham Birtwistle, Springer-Verlag, 1989. This library is provided primarily to help readers of the paper who want more details. The tools in the library were implemented to test the ideas and are not likely to be useful for serious software verification. Eventually, it is hoped to implement practical tools to support reasoning about imperative programs. 4. Elsa Gunter's library developing first-order and higher-order group theory, including the notions of subgroup, left coset, normal subgroup, quotient group, homomorphism, and isomorphism. 5. Elsa Gunther's development of the basic algebraic and order- theoretic structure of the integers and basic algebraic properties of modular arithmetic. ------------------------------------------------------------------------- Since HOL88.1.00 was released a number of small bugs have emerged. These are mainly due to differences between the the version of Franz Lisp used at SRI (currently Opus 38.69) and other versions. A bug in GEN_TAC has also come to light. This causes the tactic to fail in some circumstances where it should work. Specifically, if GEN_TAC is applied to a goal [t1; ... ;tn], !x.t where "x" is free in one of the assumptions t1, ... ,tn, then although the correct subgoal is produced, i.e. [t1; ... ;tn], t[x'/x] (where "x'" is a variant of "x" not free in the assumptions), the proof part is \[th]. GEN "x" (INST ["x","x'"] th) which will generate a failure from GEN "x", as "x" is free in the assumptions. The fix is to rename "x'" back to "x" by alpha-conversion after the generalization, rather than by instantiation before it. A suitable proof function to do this is: \[th]. let th' = GEN "x'" th in EQ_MP (GEN_ALPHA_CONV "x" (concl th')) th' To fix HOL replace the definition of X_GEN_TAC in ml/tactics.ml by: let X_GEN_TAC x' :tactic = if not(is_var x') then failwith `X_GEN_TAC` else \(asl,w).((let x,body = dest_forall w in if x=x' then ([(asl,body)], \[th]. GEN x' th) else ([(asl,subst[x',x]body)], \[th]. let th' = GEN x' th in EQ_MP (GEN_ALPHA_CONV x (concl th')) th')) ? failwith `X_GEN_TAC`);; This also slighly optimizes the tactic to avoid a redundant substitution and alpha-conversion when "x" is not free in the assumptions. All known bugs are corrected in HOL88.1.05. -------------------------------------------------------------------------