This package provides the Proof General support for several theorem provers which are not available as Debian packages yet. This includes: ACL2, HOL98, Isabelle, Isar, LClam, LEGO, Phox, Plastic, Twelf
Proof General is a generic interface for proof assistants, currently based on the customizable text editor Emacs. It works with either XEmacs or GNU Emacs. Proof General has been developed at the LFCS in the University of Edinburgh.
A proof script is a sequence of commands sent to a proof assistant to construct a proof, usually stored in a file. Script management connects the editing of a proof script directly to an interactive proof process, maintaining consistency between the edit buffer and the state of the proof assistant.
Proof General colours a proof script to show the state in the proof assistant. Parts of a proof script that have been processed are displayed in blue and are "locked" -- they cannot be edited. Parts of the script currently being processed by the proof assistant are shown in red. Bodies of completed proofs in the locked region can be hidden from view to help browsing. Proof General has commands for processing new parts of the buffer, or undoing already processed parts.
Simplified interaction model
Proof General is designed for proof assistants which have a command-line (shell) interpreter. When using Proof General, the proof assistant's shell is hidden from the user. Communication takes place via three buffers (Emacs text widgets). The script buffer holds input, the commands to construct a proof. The goals buffer displays the current list of subgoals to be solved. The response buffer displays other output from the proof assistant. By default, only two of these three buffers are displayed at once. This means that the user only sees the output from the most recent interaction, rather than a screen full of output from the proof assistant.
Despite this more friendly communication model, Proof General does not commandeer the proof assistant shell: the user still has complete access to it if necessary.
Script management in Proof General can work across many script files, integrating with the file handling of the proof assistant. When a script is visited in the editor, it is locked (coloured) to reflect whether the proof assistant has loaded it in this session. When a file is unlocked, all of the files which depend on it are automatically unlocked too.
Dependencies between script files are either communicated from the proof assistant to Proof General, or maintained automatically by Proof General (based on the order in which files were processed).
Subterm highlighting and proof by pointing
Using hidden markup in the concrete syntax, Proof General allows the user to explore the structure of complex terms output by the prover. This provides nifty features for cutting-and-pasting subterms, querying the type of a subterm, looking up the definition of an identifier, and so on.
Proof by pointing uses this markup to allow the prover to suggest steps in a proof, guided by the user's gestures in displayed goals. For example, clicking on a hypothesis inserts a proof step into the script to solve a goal using that hypothesis, and executes it.
[Subterm markup is only fully supported by LEGO at the moment, with an experimental implementation of proof by pointing. Isabelle highlights only variables. If you would like to see these features better supported in your favourite proof assistant, please canvas the implementor to add subterm-markup support.]
Toolbar and menus
Proof General has a toolbar with buttons for examining the proof state, starting a proof, manoeuvring in the proof script, restarting the prover, saving a proof, searching for a theorem, issuing a command, interrupting the assistant, and getting help.
Using the toolbar, you can replay proofs without knowing any low-level commands of the proof assistant or any Emacs hot-keys!
Additionally, the toolbar commands and many more besides are available on menus; you don't need to know magical key presses for any features.
Syntax highlighting is an editing feature which decorates a file with different colours or fonts according to the syntax of some language (usually a programming language).
Proof General decorates proof scripts: proof commands are highlighted and different fonts may be used for definitions and assumptions, for example.
Proof General has a close integration with the powerful X-Symbol package, which makes it easy to transparently use real symbols and Greek letters in your proofs.
Instead of seeing "not P", you see "¬ P", instead of "a * b", you see "a × b", etc.
(Those examples are simple so they will work on most browsers without needing images, see the screenshots for more examples.)
Proof-script editing facilities
Many facilities are provided for editing proof scripts. The completion mechanism of Emacs can be used to help type keywords and identifier names. The outline mode of Emacs allows hiding of parts of proof scripts; a further special proof hiding facility is provided to hide the body of completed proofs. Navigation in the script is supported by a pull-down menu which gives easy access to the theorems, definitions, and declarations in the current buffer.
Remote proof assistant.
Sometimes you may want to run a proof assistant on a powerful remote machine. Proof General can communicate with a proof assistant running remotely, while your files and editor reside on your local machine.
Tags are an editing feature which allow you to quickly locate the definition or declaration of a particular identifier. Proof General is supplied with utilities to make tag indexes for Emacs. This makes it easy to quickly access definitions from a standard library, for example, and in large proof developments split across multiple files.
Proof General is designed to be adaptable. Many aspects of its behaviour can be easily customized (using dialogue boxes and buttons, no text file editing!).
Most importantly, Proof General is generic, so you can adapt it to a new proof assistant with surprisingly little effort.
Adapting for a new proof assistant is mainly a matter of setting some variables with regular expressions to help parse output from the prover, and setting other variables with commands to send to the prover. See this basic example instance. To get the most from Proof General (proof by pointing, for example), it may be necessary to put some hooks in the output routines of the proof assistant.
Here are some screenshots of Proof General 3.0 running with different theorem provers. To see the full-size version of a picture, click on its thumbnail. Screenshots of the new PG/Kit applications are available from their respective web-subsites (e.g. PG/Eclipse).
Building a simple proof in LEGO with proof-by-pointing.
The top half of the window displays the proof script. The bottom displays the output from LEGO at each stage of the proof. Here, it shows the current subgoals to be solved. The part of the proof already processed by LEGO has a blue background.
Clicking on terms in the subgoals list generates commands which are added to the proof script.
Coq Proof General running in multiple frame mode, full screen shot (1024x768).
There are separate windows on the screen for the script, goals, and response buffers. In this picture, you can see Proof General's indication that Coq is processing the induction step, because the background of the proof step is pink. It will become blue when Coq finishes that step.
Replaying a domain theory proof in Isabelle's HOLCF logic.
In Isabelle, theory files as well as ML files are coloured. Proof General has some functions for processing and undoing theory files, but most operations it provides are for writing proof scripts in ML files.
Isabelle supports input and output in tokens which display as symbols using theX-Symbol package in conjunction with Proof General. Here you can see some symbols in Isabelle's output.
Replaying a proof in Isar, Isabelle's declarative proof language developed by Markus Wenzel.
LEGO Proof General running in plain console mode.
This shows that you can run Proof General even if sometimes you need to use a plain tty or xterminal. Of course, the graphical features are reduced!
If you liked this article, subscribe to the feed by clicking the image below to keep informed about new contents of the blog:
| || |