This completes the implementation of the examples in the paper
"Applications of Applicative Proof Search" (Liam O'Connor, 2016).
Unfortunately, the final example is an example of something that _can_
be expressed, but _cannot_ be model-checked by the approach in the
paper.
(Side note on `petersonsCorrect`: The paper mentions that it checks in
~3 minutes on a 2013 MacBook Pro. Assuming they mean "type-checks", this
is roughly consistent with our observations of just short of 2 minutes.
I doubt that they evaluated it, since an attempt at doing this on a
reasonably modern server (Intel Xeon Gold 5220R, 502 GB of RAM) was
killed after just over 3 hours, producing the following resource log:
Command exited with non-zero status 255
Time: 11320.46s user, 35.12s system, 3h09m46s elapsed, 99%CPU
Memory: 57644016 Kbytes RAM
)
On average across 10 runs on an Intel Core i7-8750H with 15.2GB of
available system memory (16GB installed in system), type-checking
`libs/papers/Search/GCL.idr` WITH `petersonsCorrect` takes:
* 1 minute 48.7 seconds, consuming 3.92GB of RAM
By contrast, commenting `petersonsCorrect` out results in type-checking
taking on average (same #runs, same config):
* 0 minutes 1.2 seconds, consuming 0.25GB of RAM
And good luck trying to evaluate the thing!
(This might be a good performance test at some point, but uh, we're not
there yet...)
Thanks to the debug info supplied by #2673, I was able to spot which
functions were blocking and `public import` the relevant files in
`papers/Search/Properties.idr`.
As a result the GCL file now type-checks, albeit extremely slowly!
I stopped an evaluation of `petersonsCorrect` at the REPL after 15
minutes and ~14GB of RAM consumed.
* Currying the `ops` function makes the totality checker spot that it
_is_ actually total.
* Instance arguments are heavily abused in the paper, along with
implicit `open` magic, but Idris allows no such ~~luxury~~
obfuscation, so we have to pass things explicitly.
* `decSo` is not `public export`ed, so we have to define `IsTT` by
pattern-matching (which is fine).
Currently, it gets stuck on checking `petersonsCorrect` for some,
currently unknown, reason. (And the log output is loooooong O.O)
Once again, this would not have been possible without gallais insigths.
Many thanks!
Co-authored-by: Guillaume Allais <guillaume.allais@ens-lyon.org>
* Switch to `Inf` to actually use codata/corecursion.
* Add `%hint`s to mark the interface implementations as such, despite
use of a record for `DepthInv` (this is necessary for other stuff).
* Pass in `Oh` to `reaches10.evidence` in order for things to work.
With huge thanks to gallais for helping me put the final things in
place!
Co-authored-by: Guillaume Allais <guillaume.allais@ens-lyon.org>
Termination checking needs figuring out. There is some funky stuff going
on with the half-deciders and their constructors. Other than that, I
**think** it's nearly done. God knows how much RAM it'll take though...
Seems to be very slow though...
And Idris is unable to find the depth-inv instance for `r10Proof`.
Could be that auto-search is not as strong as Agda's? Or more likely,
I've set things up slightly wrong...
This also caught an implementation error in the Global formula
definitions:
AG f = A[ f U (f AND' Completed) ]
and **not**
AG f = A[ (f U f) AND' Completed ]
(both of which are valid parsings of the original
AG f = A[ f u f AND' Completed]
)
This makes more sense in terms of `EU` being efficient and only
evaluating as much as it needs to. However, I'm not sure `model.follow`
is implemented correctly (Agda delays the call to `model.followAll`,
which I'm unsure if we can do (and if so, how to do it) in Idris)...
This reveals an unfortunate problem/misunderstanding: For `ExistsUntil`
to make sense, in terms of evaluation speedups, the list needs to be
lazy. Which is _not_ what `Lazy (List a)` does /!\
I need to switch to LazyList...
And here's a good case against allowing custom unicode syntax:
〈$〉 is `<$>`, i.e. the infix notation for `map`. That's fine; If you
happen to know it!
ESPECIALLY, if your paper defines 〈_〉 as custom notation for a guarded
expression! Then there is **no way** to tell that the expression 〈$〉
is not a guarded expression over `$`, but is instead the alias for
`map`!! You just have to magically know this beforehand!
We also need an explicit `Lazy` annotation for Idris to be happy with
the implicit `ms` in the `IsCompleted` constructor.
The proofs of depth-invariance for Always Until and Exists Until require
mapping the proofs over the Formulae's internal `All` and `Any`
respectively. Idris provides some functions for this, but they erase the
list and so don't quite work. Instead we need to implement our own,
which don't erase the list.
Don't you love when papers introduce syntax and functions which you've
never seen before and don't seem to match the types of the existing
stuff?
P.S. YEET! (aka. that's probably enough for today ^^)
The original Agda code declares the module with L and Sigma (Lbls and
Sts) with type Set. This is apparently close to a parameter block, which
solves the unification error I was having with `now`! Huge thanks to
gallais for showing me that!
I should have put this under version-control WAAAAAY sooner than this!
Oh well, better late than never...
There are some fun problems to solve in terms of type-mismatch and
erasure, but that's for another day.
