Return-Path: <john.harrison-request@uk.ac.cam.cl>
Delivery-Date: 
Received: from ted.cs.uidaho.edu (no rfc931) by swan.cl.cam.ac.uk 
          with SMTP (PP-6.4) outside ac.uk; Wed, 3 Mar 1993 17:44:15 +0000
Received: by ted.cs.uidaho.edu (16.6/1.34) id AA12852;
          Wed, 3 Mar 93 09:22:33 -0800
Sender: info-hol-request@edu.uidaho.cs.ted
Errors-To: info-hol-request@edu.uidaho.cs.ted
Precedence: bulk
Received: from Sun.COM by ted.cs.uidaho.edu (16.6/1.34) id AA12847;
          Wed, 3 Mar 93 09:22:05 -0800
Received: from Eng.Sun.COM (zigzag-bb.Corp.Sun.COM) by Sun.COM (4.1/SMI-4.1) 
          id AA19680; Wed, 3 Mar 93 09:21:18 PST
Received: from lara.Eng.Sun.COM by Eng.Sun.COM (4.1/SMI-4.1) id AA01039;
          Wed, 3 Mar 93 09:28:07 PST
Received: by lara.Eng.Sun.COM (4.1/SMI-4.1) id AA17554;
          Wed, 3 Mar 93 09:23:37 PST
Date: Wed, 3 Mar 93 09:23:37 PST
From: Paul.Loewenstein@COM.Sun.Eng (Paul Loewenstein)
Message-Id: <9303031723.AA17554@lara.Eng.Sun.COM>
To: peters@edu.uark.mozart
Cc: info-hol@edu.uidaho.cs.ted
In-Reply-To: James Peters's message of Wed, 3 Mar 93 10:33:44 CST <9303031633.AA00648@mozart.uark.edu>
Subject: extracting code
Content-Length: 1382


James Peters writes:

> 
> To hol90/hol88 researchers:
> 
>    I am wondering if work is being done on the problem of extracting
> code from hol (hol90 or hol88) proofs.  I am hoping someone might be
> developing a version of hol (or a tool) similar to nuprl, which produces
> a lambda term during a nuprl proof.
> 
> Jim

I am not an "expert" in this field, but to extract code one needs
a *constructive* proof.  HOL is a classical logic and admits proof
by contradiction.

The extraction of an implementation from the proof of the existence
of something satisfying a specification requires an explicit witness
for that "something".  In HOL one can just derive a contradiction from
the assumption that nothing exists.  See my proof of koenig's lemma as
an example of an "essentially classical" proof.  The theorem is not
constructively derivable.

From what I have seen of constructive logics, and the difficulty of
introducing anything resembling theorem proving into engineering, I
think that constructive logics pose more problems than they solve
(at least from a hardware engineer's perspective).


Paul Loewenstein              Sun Microsystems Inc, Mailstop MPK 3-103,
Staff Engineer                2550 Garcia Avenue, Mountain View, CA 94043, USA
Formal Verification           Tel: 415-688-9664  FAX: 415-688-9565
                              paul.loewenstein@eng.sun.com