mirror of
https://github.com/CatalaLang/catala.git
synced 2024-09-19 16:28:12 +03:00
Updated README
This commit is contained in:
parent
1c9d2dc696
commit
807f707b8a
@ -2,22 +2,25 @@
|
||||
|
||||
## Presentation
|
||||
|
||||
This folder contains the F* proof of the correctness of the translation from the default calculus
|
||||
This folder contains the F\* proof of the correctness of the translation from the default calculus
|
||||
to the target lambda calculus. The proof is organized as follows:
|
||||
|
||||
* `Catala.DefaultCalculus.fst` contains the semantics of the default calculus as well as the
|
||||
- `Catala.DefaultCalculus.fst` contains the semantics of the default calculus as well as the
|
||||
type safety theorems and proofs;
|
||||
* `Catala.LambdaCalculus.fst` contains the semantics of the lambda calculus as well as the
|
||||
- `Catala.LambdaCalculus.fst` contains the semantics of the lambda calculus as well as the
|
||||
type safety theorems and proofs;
|
||||
* `Catala.Translation.Helpers.fst` contains various helpers related to the lambda calculus,
|
||||
- `Catala.Translation.Helpers.fst` contains various helpers related to the lambda calculus,
|
||||
used in the translation correctness proof;
|
||||
* `Catala.Translation.fst` contains the definition of the translation as well as its proof
|
||||
- `Catala.Translation.fst` contains the definition of the translation as well as its proof
|
||||
of correctness, culminating in the last wrap-up theorem of the file.
|
||||
|
||||
The `*.hints` files are merely F\* technical helper files that speed up the proof replay by recording
|
||||
a list of lemmas to feed in priority to the SMT solver.
|
||||
|
||||
## Proof replay
|
||||
|
||||
To replay the proofs, you will need to have [F*](https://github.com/FStarLang/FStar) installed
|
||||
on your machine, and the `FSTAR_HOME` environement variable pointed to the location of the F*
|
||||
To replay the proofs, you will need to have [F\*](https://github.com/FStarLang/FStar) installed
|
||||
on your machine, and the `FSTAR_HOME` environement variable pointed to the location of the F\*
|
||||
directory. You can then replay the proofs using:
|
||||
|
||||
make verify
|
||||
@ -28,19 +31,10 @@ sure to strenghen the flaky proofs for the camera-ready version of the artefact.
|
||||
|
||||
## Disclaimer
|
||||
|
||||
This mechanization contains two distinct admitted lemmas, all related to administrative aspects of
|
||||
the target lambda calculus. Both are in `Catala.TranslationHelpers.fst`.
|
||||
This mechanization contains one admitted lemma, related to administrative aspects of
|
||||
the target lambda calculus. It is in `Catala.TranslationHelpers.fst`.
|
||||
|
||||
* The first admit concerns `well_typed_terms_invariant_by_subst`, which is a classic result stating
|
||||
that correclty typed terms with no free variables are invariant by substitution. The proof in F*
|
||||
needs a version of context invariance different from the one we used to prove type safety, hence
|
||||
this temporary admit.
|
||||
* The second assumed hypothesis in inside `lift_multiple_l_steps_exceptions_head`, and is related
|
||||
two lambda calculus terms, `init0` and `init2`. `init2` is the result of the double application
|
||||
of the beta-reduction to `init0`. Both terms are reduced versions of the big, deeply embedded
|
||||
term `process_exceptions`, which causes F* automation a lot of troubles. The difficulty with
|
||||
the proof seems to stem from the instantiations of `well_typed_terms_invariant_by_subst`, which
|
||||
is missing some key step.
|
||||
|
||||
We plan of course to prove those two hypothesis in due time for an upcoming artefact, and hope these
|
||||
explanations did convince you that the rest of the proof remains solidly grounded.
|
||||
The admit concerns `well_typed_terms_invariant_by_subst`, which is a classic result stating
|
||||
that correclty typed terms with no free variables are invariant by substitution. The proof in F\*
|
||||
needs a version of context invariance different from the one we used to prove type safety, hence
|
||||
this temporary admit.
|
||||
|
Loading…
Reference in New Issue
Block a user