├── .gitmodules ├── test ├── .gitignore ├── coq_builtins.v ├── test24.znn ├── test09.znn ├── test00.znn ├── test18.znn ├── test10.znn ├── test19.znn ├── test21.znn ├── test22.znn ├── test12.znn ├── test23.znn ├── test25.znn ├── test02.znn ├── test07.znn ├── poly01.t ├── test50.coz ├── test05.znn ├── test75.znn ├── test01.znn ├── test71.znn ├── test11.znn ├── test76.coz ├── test74.znn ├── test06.znn ├── test26.znn ├── test04.znn ├── test27.znn ├── test73.znn ├── arith-2.t ├── test03.znn ├── test17.znn ├── test15.znn ├── test13.znn ├── test14.znn ├── test72.znn ├── test69.coz ├── test68.coz ├── test30.znn ├── test54.coz ├── test39.znn ├── test58.coz ├── test36.znn ├── test38.znn ├── test60.coz ├── test65.coz ├── equivbench.sh ├── test61.coz ├── test49.coz ├── test32.znn ├── test52.coz ├── test51.coz ├── test64.coz ├── test62.coz ├── test70.coz ├── test28.znn ├── test53.coz ├── test37.znn ├── test66.coz ├── test44.znn ├── test63.coz ├── test35.znn ├── test56.coz ├── test47.znn ├── test08.znn ├── test67.coz ├── test59.coz ├── test55.coz ├── test57.coz ├── test46.znn ├── test45.znn ├── test33.znn ├── test40.znn ├── test41.znn ├── test43.znn ├── test42.znn ├── test29.znn ├── test48.znn ├── test31.znn ├── test34.znn └── Makefile ├── .gitattributes ├── regression ├── examples │ ├── data │ │ └── TLAPS.tla │ ├── cantor │ │ ├── Cantor6.tla │ │ ├── Cantor7.tla │ │ ├── Cantor5.tla │ │ ├── Cantor1.tla │ │ ├── Cantor9.tla │ │ ├── Cantor8.tla │ │ ├── Cantor4.tla │ │ ├── Cantor2.tla │ │ └── Cantor3.tla │ ├── consensus │ │ └── Consensus.tla │ └── two-phase │ │ ├── TLAProofRules.tla │ │ └── Alternate.tla ├── sets │ ├── singleton.tla │ └── .svnignore ├── .svnignore ├── backend │ ├── testnat.tla │ ├── testball.tla │ ├── testbool.tla │ ├── testbex.tla │ ├── testsubset.tla │ ├── testbchoose.tla │ └── testarith.tla ├── misc │ ├── .svnignore │ ├── Bug1.tla │ ├── Forall.tla │ ├── test4.tla │ ├── Contra.tla │ ├── test3.tla │ ├── test1.tla │ ├── test2.tla │ └── test5.tla ├── features │ ├── .svnignore │ ├── test_choose_in.tla │ ├── test_case.tla │ └── test_record.tla ├── peterson │ ├── .svnignore │ └── MutexQ.tla ├── Makefile └── test.sh ├── doc ├── .gitignore ├── macros.tex ├── options.tex ├── messages.tex ├── input-coq.tex ├── input-tptp.tex ├── install.tex ├── input-zen.tex ├── reference.tex ├── Makefile ├── intro.tex └── zenon-logo.ps ├── .merlin ├── zenon.mli ├── ext_arith.mli ├── configure-for-focalize ├── lexsmtlib.mli ├── smtlib.mli ├── checksum.mli ├── .github ├── dependabot.yml └── workflows │ └── main.yml ├── ext_equiv.mli ├── ext_focal.mli ├── ext_induct.mli ├── ext_tla.mli ├── lexcoq.mli ├── lexdk.mli ├── lexzen.mli ├── ext_recfun.mli ├── lextptp.mli ├── main.mli ├── tptp.mli ├── config.mli ├── step.mli ├── version.mli ├── smtlib_util.mli ├── zenon.ml ├── lltoisar.mli ├── typesmtlib.mli ├── progress.mli ├── watch.mli ├── mltoll.mli ├── typetptp.mli ├── version.ml ├── dkprint.mli ├── lpprint.mli ├── versionnum.mli ├── lltocoq.mli ├── .svnignore ├── smtlib_util.ml ├── lltodk.mli ├── lltolp.mli ├── heap.mli ├── isar_case.mli ├── versionnum.ml ├── error.mli ├── cc.dk ├── dune ├── .gitignore ├── dune-project ├── eqrel.mli ├── namespace.ml ├── examples ├── empty_set_example.p └── bool_and_commute.coz ├── dk_tuple.dk ├── node.mli ├── namespace.mli ├── typer.mli ├── zenon_modulo.opam ├── coqterm.mli ├── rewrite.mli ├── phrase.mli ├── globals.mli ├── error.ml ├── prove.mli ├── globals.ml ├── zenon_induct.v ├── print.mli ├── zenon.spec ├── misc.mli ├── progress.ml ├── LICENSE ├── enum.mli ├── extension.mli ├── lexsmtlib.mll ├── ext_recfun.ml ├── heap.ml ├── basics_minimal.dk ├── index.mli ├── lexdk.mll ├── step.ml ├── lexzen.mll ├── README.md ├── log.mli ├── run ├── watch.ml ├── dk_bool.dk ├── extension.ml ├── arith.mli └── log.ml /.gitmodules: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /test/.gitignore: -------------------------------------------------------------------------------- 1 | .svn 2 | -------------------------------------------------------------------------------- /.gitattributes: -------------------------------------------------------------------------------- 1 | *.ml ident 2 | -------------------------------------------------------------------------------- /regression/examples/data/TLAPS.tla: -------------------------------------------------------------------------------- 1 | ../TLAPS.tla -------------------------------------------------------------------------------- /doc/.gitignore: -------------------------------------------------------------------------------- 1 | *.aux 2 | *.log 3 | *.toc 4 | reference.pdf 5 | .svn 6 | -------------------------------------------------------------------------------- /.merlin: -------------------------------------------------------------------------------- 1 | PKG zarith 2 | 3 | S ./ 4 | S simplex/ 5 | 6 | B ./ 7 | B simplex/ 8 | -------------------------------------------------------------------------------- /zenon.mli: -------------------------------------------------------------------------------- 1 | (* Copyright 2013 Inria *) 2 | 3 | (* This file left blank intentionally. *) 4 | -------------------------------------------------------------------------------- /ext_arith.mli: -------------------------------------------------------------------------------- 1 | (* Copyright 2014 INRIA *) 2 | 3 | (* This file left blank intentionally. *) 4 | -------------------------------------------------------------------------------- /test/coq_builtins.v: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Deducteam/zenon_modulo/HEAD/test/coq_builtins.v -------------------------------------------------------------------------------- /configure-for-focalize: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Deducteam/zenon_modulo/HEAD/configure-for-focalize -------------------------------------------------------------------------------- /lexsmtlib.mli: -------------------------------------------------------------------------------- 1 | (* Copyright 2014 INIA *) 2 | 3 | val token : Lexing.lexbuf -> Parsesmtlib.token 4 | -------------------------------------------------------------------------------- /doc/macros.tex: -------------------------------------------------------------------------------- 1 | % Copyright 2006 INRIA 2 | % $Id: macros.tex,v 1.2 2006-03-01 14:39:03 doligez Exp $ 3 | -------------------------------------------------------------------------------- /smtlib.mli: -------------------------------------------------------------------------------- 1 | (* Copyright 2014 INRIA *) 2 | 3 | val translate : Smtlib_syntax.commands option -> Phrase.phrase list 4 | -------------------------------------------------------------------------------- /regression/sets/singleton.tla: -------------------------------------------------------------------------------- 1 | ---- MODULE singleton ---- 2 | THEOREM foo == \A x : \E S : x \in S 3 | OBVIOUS 4 | ==== 5 | -------------------------------------------------------------------------------- /checksum.mli: -------------------------------------------------------------------------------- 1 | (* Copyright 2006 INRIA *) 2 | (* $Id: checksum.mli,v 1.1 2006-02-27 16:56:52 doligez Exp $ *) 3 | 4 | val v : string;; 5 | -------------------------------------------------------------------------------- /regression/.svnignore: -------------------------------------------------------------------------------- 1 | ## after changing this file, do ". .svnignore" 2 | svn propset svn:ignore -F .svnignore . < bool;; 5 | 6 | -------------------------------------------------------------------------------- /ext_tla.mli: -------------------------------------------------------------------------------- 1 | (* Copyright 2008 INRIA *) 2 | (* $Id: ext_tla.mli,v 1.1 2008-08-26 13:47:41 doligez Exp $ *) 3 | 4 | (* This file left blank intentionally. *) 5 | -------------------------------------------------------------------------------- /lexcoq.mli: -------------------------------------------------------------------------------- 1 | (* Copyright 2005 INRIA *) 2 | (* $Id: lexcoq.mli,v 1.2 2005-11-05 11:13:17 doligez Exp $ *) 3 | 4 | val token : Lexing.lexbuf -> Parsecoq.token;; 5 | -------------------------------------------------------------------------------- /lexdk.mli: -------------------------------------------------------------------------------- 1 | (* Copyright 2005 INRIA *) 2 | (* $Id: lexcoq.mli,v 1.2 2005-11-05 11:13:17 doligez Exp $ *) 3 | 4 | val token : Lexing.lexbuf -> Parsedk.token;; 5 | -------------------------------------------------------------------------------- /lexzen.mli: -------------------------------------------------------------------------------- 1 | (* Copyright 2005 INRIA *) 2 | (* $Id: lexzen.mli,v 1.2 2005-11-05 11:13:17 doligez Exp $ *) 3 | 4 | val token : Lexing.lexbuf -> Parsezen.token;; 5 | -------------------------------------------------------------------------------- /test/test09.znn: -------------------------------------------------------------------------------- 1 | ; Copyright 2006 INRIA 2 | ; $Id: test09.znn,v 1.3 2006-03-01 14:39:03 doligez Exp $ 3 | 4 | $goal 5 | (=> (P a) 6 | (E. ((x) (P x)))) 7 | -------------------------------------------------------------------------------- /doc/options.tex: -------------------------------------------------------------------------------- 1 | % Copyright 2006 INRIA 2 | % $Id: options.tex,v 1.2 2006-03-01 14:39:03 doligez Exp $ 3 | 4 | \chapter{Command-line options}\label{chap:options} 5 | 6 | -------------------------------------------------------------------------------- /ext_recfun.mli: -------------------------------------------------------------------------------- 1 | (* Copyright 2009 INRIA *) 2 | (* $Id: ext_recfun.mli,v 1.1 2009-03-19 17:05:43 doligez Exp $ *) 3 | 4 | (* This file left blank intentionally. *) 5 | -------------------------------------------------------------------------------- /lextptp.mli: -------------------------------------------------------------------------------- 1 | (* Copyright 2005 INRIA *) 2 | (* $Id: lextptp.mli,v 1.2 2005-11-05 11:13:17 doligez Exp $ *) 3 | 4 | val token : Lexing.lexbuf -> Parsetptp.token;; 5 | -------------------------------------------------------------------------------- /test/test00.znn: -------------------------------------------------------------------------------- 1 | ; Copyright 2006 INRIA 2 | ; $Id: test00.znn,v 1.6 2011-12-28 16:43:33 doligez Exp $ 3 | 4 | $hyp "h" (A. ((x) (P x))) 5 | 6 | $goal (E. ((x) (P x))) 7 | -------------------------------------------------------------------------------- /doc/messages.tex: -------------------------------------------------------------------------------- 1 | % Copyright 2006 INRIA 2 | % $Id: messages.tex,v 1.2 2006-03-01 14:39:03 doligez Exp $ 3 | 4 | \chapter{Warnings and error messages}\label{chap:messages} 5 | -------------------------------------------------------------------------------- /regression/backend/testbool.tla: -------------------------------------------------------------------------------- 1 | ---- MODULE testbool ---- 2 | 3 | THEOREM foo == 4 | ASSUME NEW x \in BOOLEAN 5 | PROVE x = TRUE \/ x = FALSE 6 | OBVIOUS 7 | 8 | ==== 9 | -------------------------------------------------------------------------------- /doc/input-coq.tex: -------------------------------------------------------------------------------- 1 | % Copyright 2006 INRIA 2 | % $Id: input-coq.tex,v 1.3 2006-03-01 14:39:03 doligez Exp $ 3 | 4 | \chapter{The Coq-style input format}\label{chap:input-coq} 5 | -------------------------------------------------------------------------------- /doc/input-tptp.tex: -------------------------------------------------------------------------------- 1 | % Copyright 2006 INRIA 2 | % $Id: input-tptp.tex,v 1.2 2006-03-01 14:39:03 doligez Exp $ 3 | 4 | \chapter{The TPTP input file format}\label{chap:input-tptp} 5 | -------------------------------------------------------------------------------- /doc/install.tex: -------------------------------------------------------------------------------- 1 | % Copyright 2006 INRIA 2 | % $Id: install.tex,v 1.2 2006-03-01 14:39:03 doligez Exp $ 3 | 4 | \chapter{How to compile and install Zenon}\label{chap:install} 5 | -------------------------------------------------------------------------------- /test/test18.znn: -------------------------------------------------------------------------------- 1 | ; Copyright 2006 INRIA 2 | ; $Id: test18.znn,v 1.3 2006-03-01 14:39:03 doligez Exp $ 3 | 4 | # buveurs 5 | 6 | $goal (E. ((x) (=> (P x) (A. ((y) (P y)))))) 7 | -------------------------------------------------------------------------------- /doc/input-zen.tex: -------------------------------------------------------------------------------- 1 | % Copyright 2006 INRIA 2 | % $Id: input-zen.tex,v 1.2 2006-03-01 14:39:03 doligez Exp $ 3 | 4 | \chapter{The native Zenon input file format}\label{chap:input-zen} 5 | -------------------------------------------------------------------------------- /regression/backend/testbex.tla: -------------------------------------------------------------------------------- 1 | ---- MODULE testbex ---- 2 | 3 | THEOREM foo == 4 | ASSUME NEW S, NEW v, 5 | v \in S 6 | PROVE \E x \in S : x = x 7 | OBVIOUS 8 | 9 | ==== 10 | -------------------------------------------------------------------------------- /test/test10.znn: -------------------------------------------------------------------------------- 1 | ; Copyright 2006 INRIA 2 | ; $Id: test10.znn,v 1.7 2011-12-28 16:43:33 doligez Exp $ 3 | 4 | $hyp "h" (A. ((x) (\/ (R x) (R (f x))))) 5 | $goal (E. ((x) (/\ (R x) (R (f (f x)))))) 6 | -------------------------------------------------------------------------------- /main.mli: -------------------------------------------------------------------------------- 1 | (* Copyright 2000 INRIA *) 2 | 3 | val argspec : (Arg.key * Arg.spec * Arg.doc) list;; 4 | val parse_command_line : (Arg.key * Arg.spec * Arg.doc) list -> unit;; 5 | val do_main : unit -> unit;; 6 | -------------------------------------------------------------------------------- /tptp.mli: -------------------------------------------------------------------------------- 1 | (* Copyright 2004 INRIA *) 2 | (* $Id: tptp.mli,v 1.7 2006-02-16 09:22:46 doligez Exp $ *) 3 | 4 | open Phrase;; 5 | 6 | val translate : string list -> tpphrase list -> phrase list * string;; 7 | -------------------------------------------------------------------------------- /regression/backend/testsubset.tla: -------------------------------------------------------------------------------- 1 | ---- MODULE testsubset ---- 2 | 3 | THEOREM test == 4 | ASSUME NEW A, NEW B, 5 | A \subseteq B 6 | PROVE \A x : x \in A => x \in B 7 | OBVIOUS 8 | 9 | ==== 10 | -------------------------------------------------------------------------------- /config.mli: -------------------------------------------------------------------------------- 1 | (* Copyright 2006 INRIA *) 2 | (* $Id: config.mli,v 1.2 2006-04-05 09:19:03 doligez Exp $ *) 3 | 4 | (** configure variables needed at run-time. 5 | the library dir of zenon. *) 6 | val libdir: string;; 7 | -------------------------------------------------------------------------------- /step.mli: -------------------------------------------------------------------------------- 1 | (* Copyright 2004 INRIA *) 2 | (* $Id: step.mli,v 1.4 2005-11-13 22:49:11 doligez Exp $ *) 3 | 4 | val forms : string -> (Expr.expr * Expr.goalness) list -> unit;; 5 | val rule : string -> Mlproof.rule -> unit;; 6 | -------------------------------------------------------------------------------- /version.mli: -------------------------------------------------------------------------------- 1 | (* Copyright 2004 INRIA *) 2 | (* $Id: version.mli,v 1.3 2008-10-22 11:51:04 doligez Exp $ *) 3 | 4 | (* file-by-file CVS version strings *) 5 | 6 | val add : string -> unit;; 7 | val print_cvs : out_channel -> unit;; 8 | -------------------------------------------------------------------------------- /regression/backend/testbchoose.tla: -------------------------------------------------------------------------------- 1 | ---- MODULE testbchoose ---- 2 | 3 | THEOREM foo == 4 | ASSUME NEW S, NEW v, NEW P(_), 5 | v \in S, 6 | P (v) 7 | PROVE P (CHOOSE x \in S : P (x)) 8 | OBVIOUS 9 | 10 | ==== 11 | -------------------------------------------------------------------------------- /test/test19.znn: -------------------------------------------------------------------------------- 1 | ; Copyright 2006 INRIA 2 | ; $Id: test19.znn,v 1.3 2006-03-01 14:39:03 doligez Exp $ 3 | 4 | # trivial (Pierre Weis) 5 | $goal (=> (/\ (/\ (=> A B) (=> B C)) (=> C A)) 6 | (/\ (/\ (<=> A B) (<=> B C)) (<=> A C))) 7 | -------------------------------------------------------------------------------- /test/test21.znn: -------------------------------------------------------------------------------- 1 | ; Copyright 2006 INRIA 2 | ; $Id: test21.znn,v 1.6 2011-12-28 16:43:33 doligez Exp $ 3 | 4 | $hyp "h1" (A. ((x) (= (p _0 x) x))) 5 | $hyp "h2" (A. ((x) (A. ((y) (= (p x y) (p y x)))))) 6 | 7 | $goal (= (p (p _0 _1) _0) _1) 8 | -------------------------------------------------------------------------------- /test/test22.znn: -------------------------------------------------------------------------------- 1 | ; Copyright 2006 INRIA 2 | ; $Id: test22.znn,v 1.6 2011-12-28 16:43:33 doligez Exp $ 3 | 4 | $hyp "h1" (A. ((x) (= (p x _0) x))) 5 | $hyp "h2" (A. ((x) (A. ((y) (= (p x y) (p y x)))))) 6 | 7 | $goal (= (p (p _0 _1) _0) _1) 8 | -------------------------------------------------------------------------------- /smtlib_util.mli: -------------------------------------------------------------------------------- 1 | type extradata = unit 2 | val initial_data : unit -> unit 3 | val file : string ref 4 | val line : int ref 5 | type pos = int 6 | val string_of_pos : int -> string 7 | val cur_pd : unit -> int * unit 8 | type pd = pos * extradata 9 | -------------------------------------------------------------------------------- /test/test12.znn: -------------------------------------------------------------------------------- 1 | ; Copyright 2006 INRIA 2 | ; $Id: test12.znn,v 1.7 2011-12-28 16:43:33 doligez Exp $ 3 | 4 | $hyp "h1" (\/ A B) 5 | $hyp "h2" (=> B C) 6 | $hyp "h3" (=> A C) 7 | $hyp "h4" (=> C D) 8 | $hyp "h5" (-. D) 9 | 10 | $goal F. 11 | -------------------------------------------------------------------------------- /test/test23.znn: -------------------------------------------------------------------------------- 1 | ; Copyright 2006 INRIA 2 | ; $Id: test23.znn,v 1.5 2011-12-28 16:43:33 doligez Exp $ 3 | 4 | $hyp "h1" (=> (<=> A B) (<=> B C)) 5 | $hyp "h2" (=> (<=> B C) (<=> C A)) 6 | $hyp "h3" (=> (<=> C A) (<=> A B)) 7 | 8 | $goal (=> A B) 9 | -------------------------------------------------------------------------------- /test/test25.znn: -------------------------------------------------------------------------------- 1 | ; Copyright 2006 INRIA 2 | ; $Id: test25.znn,v 1.4 2006-03-01 14:39:03 doligez Exp $ 3 | 4 | $sig abst_T () "Type" 5 | $sig abst_p ("abst_T") "bool" 6 | 7 | $goal (A. ((x "abst_T") (=> (Is_true (abst_p x)) (Is_true (abst_p x))))) 8 | -------------------------------------------------------------------------------- /zenon.ml: -------------------------------------------------------------------------------- 1 | (* Copyright 2013 Inria *) 2 | Version.add "$Id: 728bd2d41fbc587d21aa8a9f44052a5628d721f1 $";; 3 | 4 | Printexc.record_backtrace true;; 5 | Extension.activate "recfun";; 6 | Main.parse_command_line Main.argspec;; 7 | Main.do_main ();; 8 | -------------------------------------------------------------------------------- /regression/misc/Forall.tla: -------------------------------------------------------------------------------- 1 | ---- MODULE Forall ---- 2 | 3 | CONSTANTS i, j, P(_), Q(_) 4 | 5 | THEOREM 6 | ASSUME 7 | i = j, 8 | \A i : P(i) => Q(j) 9 | PROVE 10 | P(i) => Q(i) 11 | OBVIOUS 12 | 13 | 14 | ==================== 15 | -------------------------------------------------------------------------------- /test/test02.znn: -------------------------------------------------------------------------------- 1 | ; Copyright 2006 INRIA 2 | ; $Id: test02.znn,v 1.3 2006-03-01 14:39:03 doligez Exp $ 3 | 4 | $goal 5 | (<=> A 6 | (<=> B 7 | (<=> C 8 | (<=> D 9 | (<=> E 10 | (<=> A 11 | (<=> B 12 | (<=> C 13 | (<=> D 14 | E))))))))) 15 | -------------------------------------------------------------------------------- /regression/misc/test4.tla: -------------------------------------------------------------------------------- 1 | ------------------ MODULE test4 ----------------- 2 | 3 | CONSTANT flag 4 | 5 | ASSUME thm == flag = 1 6 | 7 | THEOREM \A a : a = 1 => a = flag 8 | BY thm 9 | 10 | 11 | 12 | ================================================ 13 | -------------------------------------------------------------------------------- /lltoisar.mli: -------------------------------------------------------------------------------- 1 | (* Copyright 2008 INRIA *) 2 | (* $Id: lltoisar.mli,v 1.2 2008-11-24 15:28:27 doligez Exp $ *) 3 | 4 | val output : 5 | out_channel -> 6 | Phrase.phrase list -> 7 | Phrase.phrase list -> 8 | Llproof.proof -> 9 | string list 10 | ;; 11 | -------------------------------------------------------------------------------- /typesmtlib.mli: -------------------------------------------------------------------------------- 1 | (* Copyright 2014 INRIA *) 2 | 3 | exception Type_error of string 4 | 5 | type env 6 | val default_env : env 7 | 8 | val type_tff_expr : env -> Expr.t -> Expr.t * env 9 | 10 | val typecheck : Phrase.phrase list -> Phrase.phrase list 11 | 12 | -------------------------------------------------------------------------------- /progress.mli: -------------------------------------------------------------------------------- 1 | (* Copyright 2005 INRIA *) 2 | (* $Id: progress.mli,v 1.3 2008-10-24 13:36:36 doligez Exp $ *) 3 | 4 | type progress = No | Bar | Msg;; 5 | val level : progress ref;; 6 | val do_progress : (unit -> unit) -> char -> unit;; 7 | val end_progress : string -> unit;; 8 | -------------------------------------------------------------------------------- /watch.mli: -------------------------------------------------------------------------------- 1 | (* Copyright 2005 INRIA *) 2 | (* $Id: watch.mli,v 1.5 2006-02-27 16:56:52 doligez Exp $ *) 3 | 4 | val warn : 5 | (Phrase.phrase * bool) list -> Llproof.proof Lazy.t -> string list -> unit 6 | ;; 7 | val warn_unused_var : (Phrase.phrase * bool) list -> unit;; 8 | -------------------------------------------------------------------------------- /mltoll.mli: -------------------------------------------------------------------------------- 1 | (* Copyright 2004 INRIA *) 2 | (* $Id: mltoll.mli,v 1.6 2008-11-03 14:17:25 doligez Exp $ *) 3 | 4 | val translate : string -> Phrase.phrase list -> Mlproof.proof -> Llproof.proof;; 5 | 6 | val is_meta : string -> bool;; 7 | val get_meta_type : string -> string;; 8 | -------------------------------------------------------------------------------- /test/test07.znn: -------------------------------------------------------------------------------- 1 | ; Copyright 2006 INRIA 2 | ; $Id: test07.znn,v 1.4 2006-03-01 14:39:03 doligez Exp $ 3 | 4 | # TPTP syn064+1 5 | 6 | $sig P ("nat" "nat") "Prop" 7 | 8 | $goal 9 | (E. ((X "nat") (E. ((Y "nat") 10 | (=> (P X Y) (A. ((Z "nat") (A. ((W "nat") (P Z W)))))))))) 11 | -------------------------------------------------------------------------------- /test/poly01.t: -------------------------------------------------------------------------------- 1 | % Comments : 2 | % ----------------------------------------------- 3 | tff(pdef, type, 4 | p : !>[A: $tType] : (A > $o)). 5 | 6 | tff(test, conjecture, 7 | (! [B: $tType, X: B] : p(B, X) ) => p($i, a) ). 8 | 9 | % ----------------------------------------------- 10 | -------------------------------------------------------------------------------- /test/test50.coz: -------------------------------------------------------------------------------- 1 | (* Copyright 2006 INRIA *) 2 | (* $Id: test50.coz,v 1.7 2006-07-20 13:19:21 doligez Exp $ *) 3 | 4 | (* 5 | ; test du parseur de syntaxe Coq 6 | *) 7 | 8 | Parameter A : Prop. 9 | Parameter B : Prop. 10 | 11 | Theorem thm : forall (x: nat), A -> forall (y: nat), B -> A. 12 | -------------------------------------------------------------------------------- /typetptp.mli: -------------------------------------------------------------------------------- 1 | (* Copyright 2014 INRIA *) 2 | 3 | exception Type_error of string 4 | 5 | type env 6 | val default_env : env 7 | 8 | val type_tff_expr : env -> Expr.t -> Expr.t * env 9 | 10 | val typecheck : Phrase.phrase list -> Phrase.phrase list 11 | 12 | val is_axiom : string -> bool 13 | -------------------------------------------------------------------------------- /regression/misc/Contra.tla: -------------------------------------------------------------------------------- 1 | ---- MODULE Contra ---- 2 | 3 | CONSTANT A 4 | 5 | THEOREM A => ~ ~ A 6 | PROOF 7 | <1>. HAVE A 8 | <1>. ASSUME ~ A 9 | PROVE FALSE 10 | <2>. A /\ ~ A OBVIOUS 11 | <2>. QED OBVIOUS 12 | <1>. QED OBVIOUS 13 | 14 | 15 | ==================== 16 | -------------------------------------------------------------------------------- /test/test05.znn: -------------------------------------------------------------------------------- 1 | ; Copyright 2006 INRIA 2 | ; $Id: test05.znn,v 1.6 2011-12-28 16:43:33 doligez Exp $ 3 | 4 | # TPTP syn051+1 5 | 6 | $sig F ("nat") "Prop" 7 | 8 | $hyp "h1" (E. ((X "nat") (=> p (F X)))) 9 | $hyp "h2" (E. ((X "nat") (=> (F X) p))) 10 | 11 | $goal (E. ((X "nat") (<=> p (F X)))) 12 | -------------------------------------------------------------------------------- /test/test75.znn: -------------------------------------------------------------------------------- 1 | ; Copyright 2006 INRIA 2 | ; $Id: test75.znn,v 1.7 2011-12-28 16:43:34 doligez Exp $ 3 | 4 | $hyp "h1" (A. ((X) (A. ((Y) (A. ((Z) (=> (/\ (r X Y) (r Y Z)) (r X Z)))))))) 5 | $hyp "h2" (A. ((X Y) (=> (r X Y) (r Y X)))) 6 | $hyp "h3" (A. ((x) (r b x))) 7 | $hyp "h4" (=> T. (= a b)) 8 | $goal (r c a) 9 | -------------------------------------------------------------------------------- /test/test01.znn: -------------------------------------------------------------------------------- 1 | ; Copyright 2006 INRIA 2 | ; $Id: test01.znn,v 1.6 2011-12-28 16:43:33 doligez Exp $ 3 | 4 | $sig P ("nat") "Prop" 5 | $sig Q ("nat") "Prop" 6 | 7 | $hyp "h1" (A. ((x "nat") (P x))) 8 | $hyp "h2" (A. ((x "nat") (Q x))) 9 | $goal (-. (\/ (A. ((x "nat") (-. (Q x)))) (A. ((x "nat") (-. (P x)))))) 10 | -------------------------------------------------------------------------------- /test/test71.znn: -------------------------------------------------------------------------------- 1 | ; Copyright 2006 INRIA 2 | ; $Id: test71.znn,v 1.7 2008-08-14 14:02:09 doligez Exp $ 3 | 4 | $sig p ("zenon_U") "Prop" 5 | $sig f ("zenon_U") "zenon_U" 6 | $goal 7 | (E. ((x) (-. (/\ (\/ (p x) (p (f (f (f (f (f (f (f (f x)))))))))) 8 | (\/ (-. (p x)) (-. (p (f (f (f (f (f (f (f x)))))))))))))) 9 | -------------------------------------------------------------------------------- /version.ml: -------------------------------------------------------------------------------- 1 | (* Copyright 2004 INRIA *) 2 | let myvers = "$Id: 34c58a3afac083cc607b116f4d95546502fbd4b7 $";; 3 | 4 | open Printf;; 5 | 6 | let version_list = ref [myvers];; 7 | 8 | let add x = (version_list := x :: !version_list);; 9 | 10 | let print_cvs ch = List.iter (fun x -> fprintf ch "%s\n" x) !version_list;; 11 | -------------------------------------------------------------------------------- /dkprint.mli: -------------------------------------------------------------------------------- 1 | open Dkterm 2 | 3 | val print_line : out_channel -> line -> unit 4 | val print_goal_type : out_channel -> string -> dkterm -> unit 5 | val print_dk_type : out_channel -> dkterm -> unit 6 | val print_dk_term : out_channel -> dkterm -> unit 7 | val print_proof : out_channel -> string -> dkterm -> unit 8 | -------------------------------------------------------------------------------- /lpprint.mli: -------------------------------------------------------------------------------- 1 | open Dkterm 2 | 3 | val print_line : out_channel -> line -> unit 4 | val print_goal_type : out_channel -> string -> dkterm -> unit 5 | val print_dk_type : out_channel -> dkterm -> unit 6 | val print_dk_term : out_channel -> dkterm -> unit 7 | val print_proof : out_channel -> string -> dkterm -> unit 8 | -------------------------------------------------------------------------------- /test/test11.znn: -------------------------------------------------------------------------------- 1 | ; Copyright 2006 INRIA 2 | ; $Id: test11.znn,v 1.5 2011-12-28 16:43:33 doligez Exp $ 3 | 4 | $hyp "h1" (-. (E. ((x) (/\ (S x) (Q x))))) 5 | $hyp "h2" (A. ((x) (\/ (-. (P x)) (\/ (Q x) (R x))))) 6 | $hyp "h3" (\/ (E. ((x) (P x))) (E. ((x) (Q x)))) 7 | $hyp "h4" (A. ((x) (\/ (-. (\/ (Q x) (R x))) (S x)))) 8 | $goal (E. ((x) (/\ (P x) (R x)))) 9 | -------------------------------------------------------------------------------- /versionnum.mli: -------------------------------------------------------------------------------- 1 | (* Copyright 2008 INRIA *) 2 | (* $Id: versionnum.mli,v 1.1 2008-10-22 14:54:35 doligez Exp $ *) 3 | 4 | (* whole-program release and version numbers *) 5 | 6 | val number : int;; 7 | val date : string;; 8 | 9 | val major : int;; 10 | val minor : int;; 11 | val bugfix : int;; 12 | 13 | val short : string;; 14 | val full : string;; 15 | -------------------------------------------------------------------------------- /test/test76.coz: -------------------------------------------------------------------------------- 1 | (* Copyright 2006 INRIA *) 2 | (* $Id: test76.coz,v 1.5 2008-08-14 14:02:09 doligez Exp $ *) 3 | 4 | (* Testing inductive types. *) 5 | (* Need "-x inductive" for this one *) 6 | 7 | Inductive foo : Set := 8 | | A : foo -> foo 9 | | B : foo 10 | . 11 | 12 | Parameter x : foo. 13 | 14 | Theorem t : B = match x with | A x => B | B => B end. 15 | -------------------------------------------------------------------------------- /lltocoq.mli: -------------------------------------------------------------------------------- 1 | (* Copyright 2004 INRIA *) 2 | (* $Id: lltocoq.mli,v 1.9 2011-12-28 16:43:33 doligez Exp $ *) 3 | 4 | val output : 5 | out_channel -> 6 | Phrase.phrase list -> 7 | Phrase.phrase list -> 8 | Llproof.proof -> 9 | string list 10 | ;; 11 | 12 | val p_expr : out_channel -> Expr.expr -> unit;; 13 | val pp_expr : out_channel -> Expr.expr -> unit;; 14 | -------------------------------------------------------------------------------- /test/test74.znn: -------------------------------------------------------------------------------- 1 | ; Copyright 2006 INRIA 2 | ; $Id: test74.znn,v 1.6 2011-12-28 16:43:34 doligez Exp $ 3 | 4 | ;; zenon fails on this one 5 | $hyp "h00" F. 6 | 7 | $hyp "h" (E. ((Z W) (A. ((X Y) (<=> (big_f X Y) (/\ (= X Z) (= Y W))))))) 8 | 9 | $goal 10 | (E. ((W) (A. ((Y) (<=> (E. ((Z) (A. ((X) (<=> (big_f X Y) (= X Z)))))) 11 | (= Y W)))))) 12 | -------------------------------------------------------------------------------- /.svnignore: -------------------------------------------------------------------------------- 1 | ## after changing, run "svn propset svn:ignore -F .svnignore -R ." 2 | .git 3 | *.output 4 | *.cm* 5 | *.annot 6 | *.vo 7 | *.byt 8 | parsecoq.ml 9 | parsecoq.mli 10 | lexcoq.ml 11 | parsezen.ml 12 | parsezen.mli 13 | lexzen.ml 14 | .config_var 15 | checksum.ml 16 | parsetptp.mli 17 | parsetptp.ml 18 | lextptp.ml 19 | zenon.bin 20 | zenon.opt 21 | zenon 22 | config.ml 23 | -------------------------------------------------------------------------------- /smtlib_util.ml: -------------------------------------------------------------------------------- 1 | (* auto-generated by gt *) 2 | 3 | (* no extra data from grammar file. *) 4 | type extradata = unit;; 5 | let initial_data() = ();; 6 | 7 | let file = ref "stdin";; 8 | let line = ref 1;; 9 | type pos = int;; 10 | let string_of_pos p = "line "^(string_of_int p);; 11 | let cur_pd() = (!line, initial_data());; (* "pd": pos + extradata *) 12 | type pd = pos * extradata;; 13 | -------------------------------------------------------------------------------- /test/test06.znn: -------------------------------------------------------------------------------- 1 | ; Copyright 2006 INRIA 2 | ; $Id: test06.znn,v 1.5 2011-12-28 16:43:33 doligez Exp $ 3 | 4 | # TPTP syn054+1 5 | 6 | $hyp "h1" (-. (E. ((X) (/\ (S X) (Q X))))) 7 | $hyp "h2" (A. ((X) (=> (P X) (\/ (Q X) (R X))))) 8 | $hyp "h3" (=> (-. (E. ((X) (P X)))) (E. ((Y) (Q Y)))) 9 | $hyp "h4" (A. ((X) (=> (\/ (Q X) (R X)) (S X)))) 10 | 11 | $goal (E. ((X) (/\ (P X) (R X)))) 12 | -------------------------------------------------------------------------------- /lltodk.mli: -------------------------------------------------------------------------------- 1 | (* Copyright 2004 INRIA *) 2 | (* $Id: lltocoq.mli,v 1.9 2011-12-28 16:43:33 doligez Exp $ *) 3 | 4 | val output : 5 | out_channel -> 6 | Phrase.phrase list -> 7 | Llproof.proof -> 8 | string list 9 | ;; 10 | 11 | val output_term : 12 | out_channel -> 13 | Phrase.phrase list -> 14 | Phrase.phrase list -> 15 | Llproof.proof -> 16 | string list 17 | ;; 18 | -------------------------------------------------------------------------------- /lltolp.mli: -------------------------------------------------------------------------------- 1 | (* Copyright 2004 INRIA *) 2 | (* $Id: lltocoq.mli,v 1.9 2011-12-28 16:43:33 doligez Exp $ *) 3 | 4 | val output : 5 | out_channel -> 6 | Phrase.phrase list -> 7 | Llproof.proof -> 8 | string list 9 | ;; 10 | 11 | val output_term : 12 | out_channel -> 13 | Phrase.phrase list -> 14 | Phrase.phrase list -> 15 | Llproof.proof -> 16 | string list 17 | ;; 18 | -------------------------------------------------------------------------------- /test/test26.znn: -------------------------------------------------------------------------------- 1 | ; Copyright 2006 INRIA 2 | ; $Id: test26.znn,v 1.6 2011-12-28 16:43:33 doligez Exp $ 3 | 4 | $sig abst_T () "Type" 5 | $sig abst_equal ("abst_T" "abst_T") "bool" 6 | 7 | $def "d1" (abst_different x y) (coq_builtins.bi__not_b (abst_equal x y)) 8 | 9 | $goal (A. ((x "abst_T") (A. ((y "abst_T") 10 | (=> (Is_true (abst_equal x y)) (-. (Is_true (abst_different x y)))))))) 11 | -------------------------------------------------------------------------------- /heap.mli: -------------------------------------------------------------------------------- 1 | (* Copyright 2001 INRIA *) 2 | (* $Id: heap.mli,v 1.3 2005-11-15 15:02:26 doligez Exp $ *) 3 | 4 | type 'a t;; 5 | 6 | val empty : ('a -> 'a -> int) -> 'a t;; 7 | val insert : 'a t -> 'a -> 'a t;; 8 | val remove : 'a t -> ('a * 'a t) option;; 9 | val head : 'a t -> 'a option;; 10 | val length : 'a t -> int;; 11 | val is_empty : 'a t -> bool;; 12 | val iter : ('a -> unit) -> 'a t -> unit;; 13 | -------------------------------------------------------------------------------- /isar_case.mli: -------------------------------------------------------------------------------- 1 | (* Copyright 2009 INRIA *) 2 | (* $Id: isar_case.mli,v 1.2 2010-05-10 14:37:18 doligez Exp $ *) 3 | 4 | (* Utility for printing and proving the lemmas for the CASE rule 5 | for the Isar format output. 6 | Also for the recordset intro rule. 7 | *) 8 | 9 | val print_case : string -> int -> bool -> out_channel -> unit;; 10 | 11 | val print_record : string -> int -> out_channel -> unit;; 12 | -------------------------------------------------------------------------------- /test/test04.znn: -------------------------------------------------------------------------------- 1 | ; Copyright 2006 INRIA 2 | ; $Id: test04.znn,v 1.3 2006-03-01 14:39:03 doligez Exp $ 3 | 4 | # TPTP syn036+1 5 | 6 | $goal 7 | (<=> (<=> (E. ((X) (A. ((Y) (<=> (big_p X) (big_p Y)))))) 8 | (<=> (E. ((U) (big_q U))) (A. ((W) (big_q W))))) 9 | (<=> (E. ((X1) (A. ((Y1) (<=> (big_q X1) (big_q Y1)))))) 10 | (<=> (E. ((U1) (big_p U1))) (A. ((W1) (big_p W1)))))) 11 | -------------------------------------------------------------------------------- /versionnum.ml: -------------------------------------------------------------------------------- 1 | (* Copyright 2008 INRIA *) 2 | Version.add "$Id: 3f4840b1cf6198dc3cc643c58d54a2ac0f0b5ced $";; 3 | 4 | open Printf;; 5 | 6 | let number = 5;; (* strictly increasing *) 7 | let date = "2024-01-01";; 8 | 9 | let major = 0;; 10 | let minor = 5;; 11 | let bugfix = 0;; 12 | 13 | let short = sprintf "%d.%d.%d" major minor bugfix;; 14 | let full = sprintf "%d.%d.%d [a%d] %s" major minor bugfix number date;; 15 | -------------------------------------------------------------------------------- /error.mli: -------------------------------------------------------------------------------- 1 | (* Copyright 2005 INRIA *) 2 | (* $Id: error.mli,v 1.6 2012-04-24 17:32:04 doligez Exp $ *) 3 | 4 | val warnings_flag : bool ref;; 5 | val got_warning : bool ref;; 6 | val err_file : string ref;; 7 | 8 | val set_header : string -> unit;; 9 | val warn : string -> unit;; 10 | val err : string -> unit;; 11 | val errpos : Lexing.position -> string -> unit;; 12 | 13 | exception Lex_error of string;; 14 | exception Abort;; 15 | -------------------------------------------------------------------------------- /cc.dk: -------------------------------------------------------------------------------- 1 | (; Calculus of Construction embedded into Lambda-Pi Modulo ;) 2 | 3 | uT : Type. 4 | def eT : uT -> Type. 5 | 6 | Pi : X : uT -> ((eT X) -> uT) -> uT. 7 | PiT : (uT -> uT) -> uT. 8 | 9 | [X : uT, Y : (eT X) -> uT] 10 | eT (Pi X Y) --> x : (eT X) -> (eT (Y x)) 11 | [Y : uT -> uT] 12 | eT (PiT Y) --> x : uT -> eT (Y x). 13 | 14 | def Arrow : uT -> uT -> uT. 15 | [ t1 : uT, t2 : uT ] 16 | Arrow t1 t2 --> Pi t1 (x : eT t1 => t2). 17 | -------------------------------------------------------------------------------- /regression/examples/cantor/Cantor6.tla: -------------------------------------------------------------------------------- 1 | (* Contributed by Damien Doligez *) 2 | 3 | -------------- MODULE Cantor6 ------------------ 4 | THEOREM cantor == 5 | \A S, f : 6 | \E A \in SUBSET S : 7 | \A x \in S : 8 | f [x] # A 9 | PROOF 10 | <1> USE DEF cantor 11 | <1> TAKE S 12 | <1> TAKE f 13 | <1> WITNESS { z \in S : z \notin f[z] } \in SUBSET S 14 | <1> QED OBVIOUS 15 | =============================================== 16 | -------------------------------------------------------------------------------- /dune: -------------------------------------------------------------------------------- 1 | (env 2 | (dev (flags :standard)) 3 | (release (flags :standard))) 4 | 5 | (ocamllex lexzen lextptp lexsmtlib lexcoq lexdk) 6 | (ocamlyacc parsezen parsetptp parsecoq parsedk) 7 | 8 | (executable 9 | (name main) 10 | (public_name zenon_modulo) 11 | (modes byte native) 12 | (libraries str unix zarith) 13 | ) 14 | 15 | (rule 16 | (targets checksum.ml) 17 | (action 18 | (with-stdout-to checksum.ml 19 | (run echo "let v = \"\""))) 20 | (mode fallback)) 21 | -------------------------------------------------------------------------------- /regression/features/test_case.tla: -------------------------------------------------------------------------------- 1 | ---- MODULE test_case ---- 2 | 3 | THEOREM CASE TRUE -> TRUE 4 | OBVIOUS 5 | 6 | CONSTANT x, A, B, C 7 | 8 | THEOREM 9 | ASSUME x = 1, 10 | 1 # 2, 11 | A 12 | PROVE CASE x = 1 -> A 13 | [] x = 2 -> B 14 | OBVIOUS 15 | 16 | THEOREM 17 | ASSUME x = 1, 18 | 1 # 2, 19 | A 20 | PROVE CASE x = 1 -> A 21 | [] x = 2 -> B 22 | [] OTHER -> C 23 | OBVIOUS 24 | 25 | ==== 26 | -------------------------------------------------------------------------------- /regression/misc/test3.tla: -------------------------------------------------------------------------------- 1 | ------------------- MODULE test3 -------------- 2 | 3 | CONSTANT flag 4 | 5 | (*** 6 | THEOREM (flag \in [{0,1} -> BOOLEAN]) => 7 | \A i \in {0,1} : flag[i] \in BOOLEAN 8 | ****) 9 | THEOREM (flag \in [{0,1} -> BOOLEAN]) => 10 | flag[0] \in BOOLEAN 11 | PROOF <1>1. 0 \in {0,1} 12 | PROOF OBVIOUS 13 | <1> QED 14 | PROOF BY <1>1 15 | ============================================================================= 16 | -------------------------------------------------------------------------------- /test/test27.znn: -------------------------------------------------------------------------------- 1 | ; Copyright 2006 INRIA 2 | ; $Id: test27.znn,v 1.6 2011-12-28 16:43:33 doligez Exp $ 3 | 4 | $sig abst_T () "Type" 5 | $sig not_b ("bool") "bool" 6 | $sig abst_equal ("abst_T" "abst_T") "bool" 7 | 8 | $hyp "h" (A. ((x "bool") (<=> (Is_true (not_b x)) (-. (Is_true x))))) 9 | 10 | $def "d" (abst_different x y) (not_b (abst_equal x y)) 11 | 12 | $goal (A. ((x "abst_T") (A. ((y "abst_T") 13 | (=> (Is_true (abst_equal x y)) (-. (Is_true (abst_different x y)))))))) 14 | -------------------------------------------------------------------------------- /test/test73.znn: -------------------------------------------------------------------------------- 1 | ; Copyright 2006 INRIA 2 | ; $Id: test73.znn,v 1.5 2011-12-28 16:43:34 doligez Exp $ 3 | 4 | ;$hyp (A. ((y) (<=> (= y (f (g y))) (= x0 y)))) 5 | ;$goal (E. ((x1) (A. ((y1) (=> (= y1 (g (f y1))) (= x1 y1)))))) 6 | 7 | ;$hyp (= x (f y)) 8 | ;$hyp (-. (= z (g (f y)))) 9 | ;$hyp (= z (g x)) 10 | 11 | $hyp "h" (E. ((x) (A. ((y) (<=> (= y (f (g y))) (= x y)))))) 12 | ;$goal (E. ((x) (A. ((y) (=> (= y (g (f y))) (= x y)))))) 13 | $goal (E. ((x) (A. ((y) (<=> (= x y) (= y (g (f y)))))))) 14 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | *.vok 2 | *.vos 3 | *.cm[iox] 4 | *.o 5 | *.annot 6 | *.vo 7 | *.glob 8 | .config_var 9 | .depend 10 | *.dko 11 | *.bin 12 | *.byt 13 | zenon_modulo 14 | *.output 15 | parsecoq.ml 16 | parsecoq.mli 17 | parsetptp.ml 18 | parsetptp.mli 19 | parsetstp.ml 20 | parsetstp.mli 21 | parsezen.ml 22 | parsezen.mli 23 | parsedk.ml 24 | parsedk.mli 25 | lexcoq.ml 26 | lextptp.ml 27 | lextstp.ml 28 | lexsmtlib.ml 29 | lexzen.ml 30 | lexdk.ml 31 | checksum.ml 32 | config.ml 33 | .svn 34 | .zenon*.aux 35 | *~ 36 | _build/ -------------------------------------------------------------------------------- /regression/misc/test1.tla: -------------------------------------------------------------------------------- 1 | ---------------------------- MODULE test1 ---------------------------- 2 | CONSTANT Set 3 | 4 | P(x) == x 5 | Q(x) == {} 6 | A == {x \in Set : P(x)} 7 | B == {x \in Set : Q(x)} 8 | 9 | THEOREM A \cup B = {x \in Set : P(x) \/ Q(x)} 10 | PROOF <1>1. {x \in Set : P(x)} \cup {x \in Set : Q(x)} 11 | = {x \in Set : P(x) \/ Q(x)} 12 | PROOF OBVIOUS 13 | <1>2. QED 14 | PROOF BY <1>1 DEF A, B 15 | ====================================================================== 16 | -------------------------------------------------------------------------------- /regression/examples/cantor/Cantor7.tla: -------------------------------------------------------------------------------- 1 | (* Contributed by Damien Doligez *) 2 | 3 | -------------- MODULE Cantor7 ------------------ 4 | THEOREM cantor == 5 | \A S, f : 6 | \E A \in SUBSET S : 7 | \A x \in S : 8 | f [x] # A 9 | PROOF 10 | <1> SUFFICES ASSUME 11 | NEW S, 12 | NEW f 13 | PROVE \E A \in SUBSET S : \A x \in S : f[x] # A 14 | BY DEF cantor 15 | <1> WITNESS { z \in S : z \notin f[z] } \in SUBSET S 16 | <1> QED OBVIOUS 17 | =============================================== 18 | -------------------------------------------------------------------------------- /regression/examples/cantor/Cantor5.tla: -------------------------------------------------------------------------------- 1 | (* Contributed by Damien Doligez *) 2 | 3 | -------------- MODULE Cantor5 ------------------ 4 | THEOREM cantor == 5 | \A S, f : 6 | \E A \in SUBSET S : 7 | \A x \in S : 8 | f [x] # A 9 | PROOF 10 | <1>1. ASSUME 11 | NEW S, 12 | NEW f 13 | PROVE \E A \in SUBSET S : \A x \in S : f[x] # A 14 | PROOF 15 | <2> WITNESS { z \in S : z \notin f[z] } \in SUBSET S 16 | <2> QED OBVIOUS 17 | <1> QED BY <1>1 DEF cantor 18 | =============================================== 19 | -------------------------------------------------------------------------------- /dune-project: -------------------------------------------------------------------------------- 1 | (lang dune 3.7) 2 | 3 | (generate_opam_files true) 4 | 5 | (name zenon_modulo) 6 | (source (github Deducteam/zenon_modulo)) 7 | (authors "INRIA and contributors") 8 | (maintainers "guillaume.burel@ensiie.fr") 9 | (license BSD-3-Clause) 10 | 11 | (package 12 | (name zenon_modulo) 13 | (synopsis "Automated theorem prover generating formal proofs") 14 | (description 15 | "Automated theorem prover for typed first-order logic based on the tableau 16 | method, generating Coq, Dedukti or Lambdapi proofs.") 17 | (depends 18 | (ocaml (>= 4.08.0)) 19 | )) 20 | -------------------------------------------------------------------------------- /test/arith-2.t: -------------------------------------------------------------------------------- 1 | % Comments : Branch&Bound does not terminate on this system 2 | %------------------------------------------------------------------------------ 3 | tff(test,conjecture,( 4 | ! [X1 : $int, X2: $int, X3: $int, Y1: $int, Y2: $int, Y3: $int] : ( 5 | (X1 = X2 & X2 = X3 & Y1 = Y2 & Y2 = Y3) => ( 6 | $lesseq($difference($sum(X1,$sum(X2,X3)),$sum(Y1,$sum(Y2,Y3))), 0) | 7 | $greatereq($difference($sum(X1,$sum(X2,X3)),$sum(Y1,$sum(Y2,Y3))), 3) 8 | )))). 9 | %------------------------------------------------------------------------------ 10 | -------------------------------------------------------------------------------- /test/test03.znn: -------------------------------------------------------------------------------- 1 | ; Copyright 2006 INRIA 2 | ; $Id: test03.znn,v 1.3 2006-03-01 14:39:03 doligez Exp $ 3 | 4 | $goal 5 | (<=> p_1 6 | (<=> p_2 7 | (<=> p_3 8 | (<=> p_4 9 | (<=> p_5 10 | (<=> p_6 11 | (<=> p_7 12 | (<=> p_8 13 | (<=> p_9 14 | (<=> p_10 15 | (<=> p_11 16 | (<=> p_12 17 | (<=> p_13 18 | (<=> p_14 19 | (<=> p_1 20 | (<=> p_2 21 | (<=> p_3 22 | (<=> p_4 23 | (<=> p_5 24 | (<=> p_6 25 | (<=> p_7 26 | (<=> p_8 27 | (<=> p_9 28 | (<=> p_10 29 | (<=> p_11 30 | (<=> p_12 31 | (<=> p_13 32 | p_14 33 | ))))))))))))))))))))))))))) 34 | -------------------------------------------------------------------------------- /test/test17.znn: -------------------------------------------------------------------------------- 1 | ; Copyright 2006 INRIA 2 | ; $Id: test17.znn,v 1.3 2006-03-01 14:39:03 doligez Exp $ 3 | 4 | # File : SYN723+1 5 | # Status : theorem 6 | # Rating : 0.67 7 | # [negated] conjecture : thm138 8 | $goal (<=> (E. ((X) (A. ((Y) (<=> (p X) (p Y)))))) (<=> (<=> (E. ((X) (q X))) (A. ((Y) (r Y)))) (<=> (<=> (E. ((X) (A. ((Y) (<=> (q X) (q Y)))))) (<=> (E. ((X) (r X))) (A. ((Y) (s Y))))) (<=> (E. ((X) (A. ((Y) (<=> (r X) (r Y)))))) (<=> (<=> (E. ((X) (s X))) (A. ((Y) (p Y)))) (<=> (E. ((X) (A. ((Y) (<=> (s X) (s Y)))))) (<=> (E. ((X) (p X))) (A. ((Y) (q Y)))))))))) 9 | -------------------------------------------------------------------------------- /regression/examples/cantor/Cantor1.tla: -------------------------------------------------------------------------------- 1 | (* Contributed by Damien Doligez *) 2 | 3 | -------------- MODULE Cantor1 ------------------ 4 | THEOREM cantor == 5 | \A S : 6 | \A f \in [S -> SUBSET S] : 7 | \E A \in SUBSET S : 8 | \A x \in S : 9 | f [x] # A 10 | PROOF 11 | <1>. USE DEF cantor 12 | <1>2. TAKE S 13 | <1>3. TAKE f \in [S -> SUBSET S] 14 | <1>4. DEFINE T == { z \in S : z \notin f[z] } 15 | <1>5. WITNESS T \in SUBSET S 16 | <1>6. TAKE x \in S 17 | <1>7. QED BY x \in T \/ x \notin T 18 | =============================================== 19 | -------------------------------------------------------------------------------- /doc/reference.tex: -------------------------------------------------------------------------------- 1 | % Copyright 2006 INRIA 2 | % $Id: reference.tex,v 1.4 2006-03-01 14:39:03 doligez Exp $ 3 | 4 | \documentclass[a4paper]{report} 5 | \usepackage{fullpage} 6 | 7 | \input{macros.tex} 8 | 9 | \title{Zenon reference manual} 10 | \author{Damien Doligez \\ INRIA Rocquencourt} 11 | \date{\today} 12 | 13 | \begin{document} 14 | 15 | \maketitle 16 | \tableofcontents 17 | 18 | \input{intro.tex} 19 | \input{install.tex} 20 | \input{options.tex} 21 | \input{input-zen.tex} 22 | \input{input-tptp.tex} 23 | \input{input-coq.tex} 24 | \input{messages.tex} 25 | 26 | \end{document} 27 | -------------------------------------------------------------------------------- /eqrel.mli: -------------------------------------------------------------------------------- 1 | (* Copyright 2004 INRIA *) 2 | (* $Id: eqrel.mli,v 1.3 2004-10-28 13:51:38 doligez Exp $ *) 3 | 4 | val analyse : Expr.expr -> unit;; 5 | val subsumed : Expr.expr -> bool;; 6 | 7 | val refl : Expr.expr -> bool;; 8 | val sym : Expr.expr -> bool;; 9 | val trans : Expr.expr -> bool;; 10 | val any : Expr.expr -> bool;; 11 | 12 | val get_refl_hyp : Expr.expr -> Expr.expr;; 13 | val get_sym_hyp : Expr.expr -> Expr.expr;; 14 | val get_trans_hyp : Expr.expr -> Expr.expr;; 15 | 16 | val get_proof : Expr.expr -> Mlproof.proof * Expr.expr list;; 17 | 18 | val print_rels : out_channel -> unit;; 19 | -------------------------------------------------------------------------------- /test/test15.znn: -------------------------------------------------------------------------------- 1 | ; Copyright 2006 INRIA 2 | ; $Id: test15.znn,v 1.5 2011-12-28 16:43:33 doligez Exp $ 3 | 4 | # File : SYN550+1 5 | # Status : theorem 6 | # Rating : 0.33 7 | $hyp "reflexivity_of_reachable" (A. ((X) (reachable X X))) 8 | $hyp "transitivity_of_reachable" (A. ((X) (A. ((Y) (A. ((Z) (=> (/\ (reachable X Y) (reachable Y Z)) (reachable X Z)))))))) 9 | # [negated] conjecture : prove_this 10 | $goal (<=> (E. ((X) (/\ (reachable (initial_world) X) (A. ((Y) (=> (reachable X Y) (p Y))))))) (E. ((X) (/\ (reachable (initial_world) X) (A. ((Y) (=> (reachable X Y) (E. ((Z) (/\ (reachable Y Z) (A. ((W) (=> (reachable Z W) (p W)))))))))))))) 11 | -------------------------------------------------------------------------------- /regression/misc/test2.tla: -------------------------------------------------------------------------------- 1 | ---------------------------- MODULE test2 ---------------------------- 2 | CONSTANT Set, A, B 3 | 4 | P(x) == x 5 | Q(x) == {} 6 | THEOREM THM1 == A = {x \in Set : P(x)} 7 | THEOREM THM2 == B = {x \in Set : Q(x)} 8 | 9 | THEOREM A \subseteq B <=> \A x \in Set : P(x) => Q(x) 10 | PROOF <1>1. {x \in Set : P(x)} \subseteq {x \in Set : Q(x)} 11 | <=> \A x \in Set : P(x) => Q(x) 12 | \* ETLA produces a parsing error ^ here 13 | PROOF OBVIOUS 14 | <1>2. QED 15 | PROOF BY <1>1, THM1, THM2 DEF THM1, THM2 \* DEF A, B 16 | ====================================================================== 17 | -------------------------------------------------------------------------------- /test/test13.znn: -------------------------------------------------------------------------------- 1 | ; Copyright 2006 INRIA 2 | ; $Id: test13.znn,v 1.5 2011-12-28 16:43:33 doligez Exp $ 3 | 4 | # File : SYN548+1 5 | # Status : theorem 6 | # Rating : 0.67 7 | $hyp "reflexivity_of_reachable" (A. ((X) (reachable X X))) 8 | $hyp "transitivity_of_reachable" (A. ((X) (A. ((Y) (A. ((Z) (=> (/\ (reachable X Y) (reachable Y Z)) (reachable X Z)))))))) 9 | # [negated] conjecture : prove_this 10 | $goal (E. ((X) (/\ (reachable (initial_world) X) (A. ((Y) (=> (reachable X Y) (<=> (A. ((Z) (=> (reachable Y Z) (\/ (p Z) (A. ((V) (=> (reachable Z V) (q V)))))))) (\/ (A. ((W) (=> (reachable Y W) (p W)))) (A. ((W) (=> (reachable Y W) (q W)))))))))))) 11 | -------------------------------------------------------------------------------- /test/test14.znn: -------------------------------------------------------------------------------- 1 | ; Copyright 2006 INRIA 2 | ; $Id: test14.znn,v 1.5 2011-12-28 16:43:33 doligez Exp $ 3 | 4 | # File : SYN549+1 5 | # Status : theorem 6 | # Rating : 0.00 7 | $hyp "reflexivity_of_reachable" (A. ((X) (reachable X X))) 8 | $hyp "transitivity_of_reachable" (A. ((X) (A. ((Y) (A. ((Z) (=> (/\ (reachable X Y) (reachable Y Z)) (reachable X Z)))))))) 9 | # [negated] conjecture : prove_this 10 | $goal (E. ((X) (/\ (reachable (initial_world) X) (A. ((Y) (=> (reachable X Y) (<=> (E. ((Z) (/\ (reachable Y Z) (\/ (p Z) (E. ((V) (/\ (reachable Z V) (q V)))))))) (\/ (E. ((W) (/\ (reachable Y W) (p W)))) (E. ((W) (/\ (reachable Y W) (q W)))))))))))) 11 | -------------------------------------------------------------------------------- /namespace.ml: -------------------------------------------------------------------------------- 1 | (* Copyright 2006 INRIA *) 2 | Version.add "$Id: f64f126ba41a6797d6643ecfd2290bdc3bcd7c08 $";; 3 | 4 | let prefix = "zenon_";; 5 | 6 | let anon_prefix = prefix ^ "A";; 7 | let builtin_prefix = prefix ^ "B";; 8 | let dummy_prefix = prefix ^ "D";; 9 | let hyp_prefix = prefix ^ "H";; 10 | let lemma_prefix = prefix ^ "L";; 11 | let tau_prefix = prefix ^ "T";; 12 | let var_prefix = prefix ^ "V";; 13 | let meta_prefix = prefix ^ "X";; 14 | 15 | let goal_name = prefix ^ "G";; 16 | let any_name = prefix ^ "E";; 17 | let univ_name = prefix ^ "U";; 18 | 19 | let thm_default_name = prefix ^ "thm";; 20 | 21 | let tuple_name = builtin_prefix ^ "tuple";; 22 | -------------------------------------------------------------------------------- /test/test72.znn: -------------------------------------------------------------------------------- 1 | ; Copyright 2006 INRIA 2 | ; $Id: test72.znn,v 1.6 2011-12-28 16:43:34 doligez Exp $ 3 | 4 | ;$hyp (A. ((X) (= X X))) 5 | ;$hyp (A. ((X Y) (=> (= X Y) (= Y X)))) 6 | ;$hyp (A. ((X Y Z) (=> (/\ (= X Y) (= Y Z)) (= X Z)))) 7 | 8 | ;$hyp (A. ((A B C) (=> (/\ (= A B) (big_f A C)) (big_f B C)))) 9 | ;$hyp (A. ((A B C) (=> (/\ (= A B) (big_f C A)) (big_f C B)))) 10 | 11 | ;; zenon can't prove it any more :-( 12 | $hyp "h00" F. 13 | 14 | $hyp "h" (E. ((Z W) (A. ((X Y) 15 | (<=> (big_f X Y) 16 | (/\ (= X Z) 17 | (= Y W))))))) 18 | $goal 19 | (E. ((W) (A. ((Y) 20 | (<=> (E. ((Z) (A. ((X) (<=> (big_f X Y) (= X Z)))))) 21 | (= Y W)))))) 22 | -------------------------------------------------------------------------------- /regression/backend/testarith.tla: -------------------------------------------------------------------------------- 1 | ---- MODULE testarith ---- 2 | 3 | (* This is just for checking the Isabelle translations. *) 4 | 5 | EXTENDS Reals 6 | 7 | THEOREM test == 8 | ASSUME NEW x, NEW y 9 | PROVE /\ x + y = x + y 10 | /\ x - y = x - y 11 | \* /\ (- x) = (- x) 12 | /\ x * y = x * y 13 | \* /\ x / y = x / y 14 | \* /\ x \div y = x \div y 15 | \* /\ x % y = x % y 16 | \* /\ x ^ y = x ^ y 17 | \* /\ Infinity = Infinity 18 | /\ x <= y <=> x <= y 19 | /\ x < y <=> x < y 20 | /\ x >= y <=> x >= y 21 | /\ x > y <=> x > y 22 | \* /\ x .. y = x .. y 23 | OBVIOUS 24 | 25 | ==== 26 | -------------------------------------------------------------------------------- /test/test69.coz: -------------------------------------------------------------------------------- 1 | (* Copyright 2006 INRIA *) 2 | (* $Id: test69.coz,v 1.7 2006-07-20 13:19:21 doligez Exp $ *) 3 | 4 | (* 5 | ; file: products.foc 6 | ; species: cartesian 7 | ; property: equal_reflexive / __lemma_1_2 8 | 9 | ; Attention, ce fichier a ete modifie a la main 10 | *) 11 | 12 | Parameter abst_T : Type. 13 | Parameter foo : Type. 14 | Parameter x : foo. 15 | Parameter scnd : foo -> abst_T. 16 | Parameter setoid_equal : foo -> abst_T -> abst_T -> bool. 17 | Parameter self_s2 : foo. 18 | 19 | Parameter s2equal_reflexive: forall (x: abst_T), 20 | (Is_true ((setoid_equal self_s2 x x)) ). 21 | 22 | Theorem thm : 23 | (Is_true (((setoid_equal self_s2 ) (scnd x ) (scnd x ) )) 24 | ) 25 | . 26 | -------------------------------------------------------------------------------- /test/test68.coz: -------------------------------------------------------------------------------- 1 | (* Copyright 2006 INRIA *) 2 | (* $Id: test68.coz,v 1.7 2006-07-20 13:19:21 doligez Exp $ *) 3 | 4 | (* 5 | ; file: products.foc 6 | ; species: cartesian 7 | ; property: equal_reflexive / __lemma_1_1 8 | 9 | ; Attention, ce fichier a ete modifie a la main 10 | *) 11 | 12 | Parameter abst_T : Type. 13 | Parameter foo : Type. 14 | Parameter x : foo. 15 | Parameter first : foo -> abst_T. 16 | Parameter setoid_equal : foo -> abst_T -> abst_T -> bool. 17 | Parameter self_s1 : foo. 18 | 19 | Parameter s1equal_reflexive: forall (x: abst_T), 20 | (Is_true ((setoid_equal self_s1 x x)) ). 21 | 22 | Theorem thm : 23 | (Is_true (((setoid_equal self_s1 ) (first x ) (first x ) )) 24 | ) 25 | . 26 | -------------------------------------------------------------------------------- /regression/examples/cantor/Cantor9.tla: -------------------------------------------------------------------------------- 1 | -------------- 2 | MODULE Cantor9 3 | -------------- 4 | 5 | Range (f) == { f[x] : x \in DOMAIN f } 6 | 7 | Surj (f, S) == S \subseteq Range (f) 8 | 9 | THEOREM Cantor == 10 | ~ \E f : Surj (f, SUBSET (DOMAIN f)) 11 | <1>1. SUFFICES ASSUME \E f : Surj (f, SUBSET (DOMAIN f)) 12 | PROVE FALSE 13 | OBVIOUS 14 | <1>2. PICK f : Surj (f, SUBSET (DOMAIN f)) OBVIOUS 15 | <1>3. ~ Surj (f, SUBSET (DOMAIN f)) 16 | <2>1. DEFINE D == {x \in DOMAIN f : x \notin f[x]} 17 | <2>2. D \in SUBSET (DOMAIN f) 18 | OBVIOUS 19 | <2>3. D \notin Range (f) 20 | BY DEF Range 21 | <2>4. QED BY <2>2, <2>3 DEF Surj 22 | <1>4. QED BY <1>2, <1>3 23 | 24 | ==== 25 | -------------------------------------------------------------------------------- /examples/empty_set_example.p: -------------------------------------------------------------------------------- 1 | tff(set, type, set: $tType > $tType). 2 | 3 | tff(mem, type, mem: !>[A : $tType]: ((A * set(A)) > $o)). 4 | 5 | tff(infix_eqeq, type, infix_eqeq: !>[A : $tType]: ((set(A) * set(A)) > $o)). 6 | 7 | tff(infix_eqeq_def, axiom, ![A : $tType]: ![S:set(A), T:set(A)]: 8 | (infix_eqeq(A, S, T) <=> ![X:A]: (mem(A, X, S) <=> mem(A, X, T)))). 9 | 10 | tff(empty, type, empty: !>[A : $tType]: set(A)). 11 | 12 | tff(empty1, axiom, ![A : $tType]: ![X:A]: ~ mem(A, X, empty(A))). 13 | 14 | tff(diff, type, diff: !>[A : $tType]: ((set(A) * set(A)) > set(A))). 15 | 16 | tff(mem_diff, axiom, ![A : $tType]: ![S:set(A), T:set(A), X:A]: (mem(A, X, 17 | diff(A, S, T)) <=> (mem(A, X, S) & ~ mem(A, X, T)))). 18 | 19 | tff(diff_empty, conjecture, ![A : $tType]: ![S:set(A)]: 20 | infix_eqeq(A, diff(A, S, S), empty(A))). 21 | -------------------------------------------------------------------------------- /dk_tuple.dk: -------------------------------------------------------------------------------- 1 | #REQUIRE cc. 2 | 3 | prod : cc.uT -> cc.uT -> cc.uT. 4 | Prod : cc.uT -> cc.uT -> Type. 5 | [A, B] cc.eT (prod A B) --> Prod A B. 6 | 7 | pair : A : cc.uT -> 8 | B : cc.uT -> 9 | cc.eT A -> 10 | cc.eT B -> 11 | Prod A B. 12 | 13 | def fst : A : cc.uT -> B : cc.uT -> Prod A B -> cc.eT A. 14 | def snd : A : cc.uT -> B : cc.uT -> Prod A B -> cc.eT B. 15 | 16 | [a] 17 | fst _ _ (pair _ _ a _) --> a. 18 | [b] 19 | snd _ _ (pair _ _ _ b) --> b. 20 | 21 | def match__pair : A : cc.uT -> 22 | B : cc.uT -> 23 | C : cc.uT -> 24 | Prod A B -> 25 | (cc.eT A -> cc.eT B -> cc.eT C) -> 26 | cc.eT C -> 27 | cc.eT C. 28 | 29 | [f, a, b] 30 | match__pair _ _ _ (pair _ _ a b) f _ --> f a b. 31 | 32 | -------------------------------------------------------------------------------- /doc/Makefile: -------------------------------------------------------------------------------- 1 | # Copyright 2006 INRIA 2 | 3 | REFFILES = reference.tex macros.tex \ 4 | install.tex options.tex input-zen.tex input-tptp.tex \ 5 | input-coq.tex messages.tex 6 | 7 | include ../.config_var 8 | 9 | # Only try to build doc if source files are present. 10 | doc: reference.pdf 11 | 12 | reference.pdf: ${REFFILES} 13 | pdflatex reference.tex 14 | pdflatex reference.tex 15 | 16 | .PHONY: logo 17 | logo: zenon-logo.png zenon-logo-small.png 18 | 19 | zenon-logo.png: zenon-logo.ps 20 | ${GS} -q -sDEVICE=png16m -sOutputFile=zenon-logo.png -r720 -g2400x800 \ 21 | -dNOPAUSE -dBATCH zenon-logo.ps 22 | 23 | # "convert" is part of ImageMagick 24 | zenon-logo-small.png: zenon-logo.png 25 | ${CONVERT} zenon-logo.png -resize 10% zenon-logo-small.png 26 | 27 | clean: 28 | rm -f *.aux *.dvi *.log *.toc 29 | rm -f $(OBJS) zenon-logo.png zenon-logo-small.png 30 | -------------------------------------------------------------------------------- /regression/examples/cantor/Cantor8.tla: -------------------------------------------------------------------------------- 1 | -------------- 2 | MODULE Cantor8 3 | -------------- 4 | 5 | Range (f) == { f[x] : x \in DOMAIN f } 6 | 7 | Surj (f, S) == S \subseteq Range (f) 8 | 9 | THEOREM Cantor == 10 | \A S : ~ \E f \in [S -> SUBSET S] : Surj (f, SUBSET S) 11 | PROOF 12 | <1>1. ASSUME NEW S, 13 | \E f \in [S -> SUBSET S] : Surj (f, SUBSET S) 14 | PROVE FALSE 15 | <2>1. PICK f \in [S -> SUBSET S] : Surj (f, SUBSET S) 16 | OBVIOUS 17 | <2>2. ~ Surj (f, SUBSET S) 18 | <3>1. DEFINE D == {x \in S : x \notin f[x]} 19 | <3>2. D \in SUBSET S 20 | OBVIOUS 21 | <3>3. D \notin Range (f) 22 | BY DEF Range 23 | <3>4. QED BY <3>2, <3>3 DEF Surj 24 | <2>3. QED BY <2>1, <2>2 25 | <1>2. QED BY <1>1 26 | 27 | ==== 28 | -------------------------------------------------------------------------------- /node.mli: -------------------------------------------------------------------------------- 1 | (* Copyright 2004 INRIA *) 2 | (* $Id: node.mli,v 1.9 2008-12-18 17:00:41 doligez Exp $ *) 3 | 4 | open Expr;; 5 | 6 | type priority = 7 | | Prop 8 | | Arity 9 | | Arity_eq 10 | | Inst of expr 11 | ;; 12 | 13 | type node = { 14 | nconc : Expr.expr list; 15 | nrule : Mlproof.rule; 16 | nprio : priority; 17 | ngoal : goalness; 18 | nbranches : Expr.expr list array; 19 | };; 20 | 21 | type node_item = 22 | | Node of node 23 | | Stop 24 | ;; 25 | 26 | val relevant : node_item list list -> node list * bool;; 27 | (* Flatten the list and cut off at the Stop, if any. 28 | Return true if there was a stop. 29 | *) 30 | 31 | type queue;; 32 | val empty : queue;; 33 | val insert : queue -> node -> queue;; 34 | val remove : queue -> (node * queue) option;; 35 | val head : queue -> node option;; 36 | 37 | val size : queue -> string;; (* for debugging *) 38 | -------------------------------------------------------------------------------- /test/test30.znn: -------------------------------------------------------------------------------- 1 | ; Copyright 2006 INRIA 2 | ; $Id: test30.znn,v 1.7 2011-12-28 16:43:33 doligez Exp $ 3 | 4 | # file: species_general_set.foc 5 | # species: ordered_set 6 | # property: equal_reflexive 7 | 8 | # (* to be proved *) 9 | #(x: abst_T) (Is_true ((abst_equal x x)) 10 | #) 11 | #By 12 | # abst_total_order: (x: abst_T) (y: abst_T) 13 | # (or (Is_true ((abst_leq x y)) ) (Is_true ((abst_leq y x)) )) 14 | #By def 15 | # abst_equal:= [x: abst_T][y: abst_T](and_b (abst_leq x y) (abst_leq y 16 | # x)) 17 | #(* Qed *). 18 | 19 | $sig abst_T () "Type" 20 | $sig abst_leq ("abst_T" "abst_T") "bool" 21 | 22 | $def "d" (abst_equal x y) (coq_builtins.bi__and_b (abst_leq x y) (abst_leq y x)) 23 | 24 | $hyp "h" 25 | (A. ((x "abst_T") (A. ((y "abst_T") 26 | (\/ (Is_true (abst_leq x y)) (Is_true (abst_leq y x))))))) 27 | 28 | $goal 29 | (A. ((x "abst_T") (Is_true (abst_equal x x)))) 30 | -------------------------------------------------------------------------------- /test/test54.coz: -------------------------------------------------------------------------------- 1 | (* Copyright 2006 INRIA *) 2 | (* $Id: test54.coz,v 1.7 2006-07-20 13:19:21 doligez Exp $ *) 3 | 4 | (* 5 | ; file: species_general_additive_law.foc 6 | ; species: partially_ordered_additive_monoid 7 | ; property: sup_idempotent / __goal_12 8 | *) 9 | 10 | Parameter abst_T : Type. 11 | Parameter abst_equal : abst_T -> abst_T -> bool. 12 | Parameter abst_sup : abst_T -> abst_T -> abst_T. 13 | Parameter abst_plus : abst_T -> abst_T -> abst_T. 14 | Parameter x : abst_T. 15 | Parameter y : abst_T. 16 | 17 | Parameter 18 | abst_plus_is_regular: forall (x: abst_T) (y: abst_T) (z: abst_T), 19 | ((Is_true ((abst_equal (abst_plus x y) (abst_plus x z))) ))-> 20 | (Is_true ((abst_equal y z)) ). 21 | Parameter __lemma_1_1: (Is_true 22 | ((abst_equal (abst_plus y x ) (abst_plus y (abst_sup x y ) ) )) ). 23 | 24 | Theorem thm : 25 | (Is_true ((abst_equal x (abst_sup x y ) )) 26 | ) 27 | . 28 | -------------------------------------------------------------------------------- /test/test39.znn: -------------------------------------------------------------------------------- 1 | ; Copyright 2006 INRIA 2 | ; $Id: test39.znn,v 1.7 2011-12-28 16:43:33 doligez Exp $ 3 | 4 | ; file: species_general_additive_law.foc 5 | ; species: partially_ordered_additive_monoid 6 | ; property: min_is_min / __lemma_1_1 7 | 8 | ; (* to be proved *) 9 | ; (Is_true ((abst_equal (abst_plus abst_min x ) x )) 10 | ; ) 11 | ; By 12 | ; abst_zero_is_neutral: (x: abst_T) 13 | ; (and (Is_true ((abst_equal (abst_plus x abst_zero) x)) ) (Is_true 14 | ; ((abst_equal (abst_plus abst_zero x) x)) )) 15 | ; By def abst_min:= abst_zero 16 | ; (* Qed *). 17 | 18 | $sig abst_equal ("zenon_U" "zenon_U") "bool" 19 | 20 | $def "d" (abst_min) abst_zero 21 | 22 | $hyp "abst_zero_is_neutral" 23 | (A. ((x) (/\ (Is_true (abst_equal (abst_plus x abst_zero) x)) 24 | (Is_true (abst_equal (abst_plus abst_zero x) x))))) 25 | 26 | $goal 27 | (A. ((x) (Is_true (abst_equal (abst_plus abst_min x) x)))) 28 | -------------------------------------------------------------------------------- /test/test58.coz: -------------------------------------------------------------------------------- 1 | (* Copyright 2006 INRIA *) 2 | (* $Id: test58.coz,v 1.7 2006-07-20 13:19:21 doligez Exp $ *) 3 | 4 | (* 5 | ; file: species_general_additive_law.foc 6 | ; species: partially_ordered_additive_monoid 7 | ; property: order_inf_reverse_order_sup / __lemma_2_2 8 | *) 9 | 10 | Parameter abst_T : Type. 11 | Parameter abst_equal : abst_T -> abst_T -> bool. 12 | Parameter abst_plus : abst_T -> abst_T -> abst_T. 13 | Parameter abst_inf : abst_T -> abst_T -> abst_T. 14 | Parameter abst_sup : abst_T -> abst_T -> abst_T. 15 | Parameter xx : abst_T. 16 | Parameter yy : abst_T. 17 | 18 | Parameter 19 | abst_plus_commutes: forall (x: abst_T) (y: abst_T), (Is_true 20 | ((abst_equal (abst_plus x y) (abst_plus y x))) ). 21 | 22 | Theorem thm : 23 | (Is_true 24 | ((abst_equal 25 | (abst_plus (abst_inf xx yy ) (abst_sup xx yy ) ) 26 | (abst_plus (abst_sup xx yy ) (abst_inf xx yy ) ) 27 | )) 28 | ) 29 | . 30 | -------------------------------------------------------------------------------- /test/test36.znn: -------------------------------------------------------------------------------- 1 | ; Copyright 2006 INRIA 2 | ; $Id: test36.znn,v 1.7 2011-12-28 16:43:33 doligez Exp $ 3 | 4 | # pas utilise 5 | 6 | # file: species_general_additive_law.foc 7 | # species: partially_ordered_additive_monoid 8 | # property: inf_idempotent / __lemma_1_1 9 | 10 | ; (* to be proved *) 11 | ; (Is_true ((abst_equal x (abst_inf x (abst_plus x abst_zero ) ) )) 12 | ; ) 13 | ; By 14 | ; abst_add_keeps_inf: (x: abst_T) (y: abst_T) (Is_true 15 | ; ((abst_order_inf x (abst_plus x y))) ) 16 | ; By def abst_order_inf:= [x: abst_T][y: abst_T](abst_equal x (abst_inf x y)) 17 | ; (* Qed *). 18 | 19 | $sig abst_equal ("zenon_U" "zenon_U") "bool" 20 | 21 | $def "d" (abst_order_inf x y) (abst_equal x (abst_inf x y)) 22 | 23 | $hyp "abst_add_keeps_inf" 24 | (A. ((x) (A. ((y) 25 | (Is_true (abst_order_inf x (abst_plus x y))))))) 26 | 27 | $goal (Is_true (abst_equal x (abst_inf x (abst_plus x abst_zero)))) 28 | -------------------------------------------------------------------------------- /regression/examples/cantor/Cantor4.tla: -------------------------------------------------------------------------------- 1 | (* Contributed by Stephan Merz *) 2 | (* Modified into TLA+ proof language syntax *) 3 | 4 | -------------- MODULE Cantor4 ------------------ 5 | THEOREM cantor == 6 | \A S : 7 | \A f \in [S -> SUBSET S] : 8 | \E A \in SUBSET S : 9 | \A x \in S : 10 | f [x] # A 11 | PROOF 12 | <1>. USE DEF cantor 13 | <1>. TAKE S 14 | <1>. TAKE f \in [S -> SUBSET S] 15 | <1>. DEFINE T == {z \in S : z \notin f[z]} 16 | <1>1. \A x \in S : f[x] # T 17 | PROOF 18 | <2>. TAKE x \in S 19 | <2>1. CASE x \in T 20 | PROOF 21 | <3>1. x \notin f[x] BY <2>1 22 | <3>2. QED BY <3>1 23 | <2>2. CASE x \notin T 24 | PROOF 25 | <3>1. x \in f[x] BY <2>2 26 | <3>2. QED BY <3>1 27 | <2>3. QED BY <2>1, <2>2 28 | <1>. WITNESS T \in SUBSET S 29 | <1>. QED BY <1>1 30 | =============================================== 31 | -------------------------------------------------------------------------------- /examples/bool_and_commute.coz: -------------------------------------------------------------------------------- 1 | 2 | %%begin-auto-proof 3 | %%name: bool_and_commute 4 | %%begin-type-alias: bool := basics.bool__t %%end-type-alias 5 | 6 | [ b : cc.eT bool ] 7 | basics._amper__amper_ b basics.true --> b. 8 | [ b : cc.eT bool ] 9 | basics._amper__amper_ basics.true b --> b. 10 | [ b : cc.eT bool ] 11 | basics._amper__amper_ b basics.false --> basics.false. 12 | [ b : cc.eT bool ] 13 | basics._amper__amper_ basics.false b --> basics.false. 14 | 15 | bool_and_commute : dk_logic.eP ( 16 | dk_logic.forall 17 | bool 18 | (b1 : cc.eT bool => 19 | dk_logic.forall 20 | bool 21 | (b2 : cc.eT bool => 22 | dk_logic.equal bool 23 | (basics._amper__amper_ b1 b2) 24 | (basics._amper__amper_ b2 b1)))). 25 | 26 | %%end-auto-proof 27 | -------------------------------------------------------------------------------- /namespace.mli: -------------------------------------------------------------------------------- 1 | (* Copyright 2006 INRIA *) 2 | (* $Id: namespace.mli,v 1.5 2012-02-24 14:31:28 doligez Exp $ *) 3 | 4 | val prefix : string;; (* prefix of all the following *) 5 | 6 | val anon_prefix : string;; (* anonymous hypotheses *) 7 | val builtin_prefix : string;; (* built-in symbols *) 8 | val dummy_prefix : string;; (* dummy local idents *) 9 | val hyp_prefix : string;; (* local hypotheses *) 10 | val lemma_prefix : string;; (* lemmas *) 11 | val tau_prefix : string;; (* skolem constants *) 12 | val var_prefix : string;; (* gensym variables *) 13 | val meta_prefix : string;; (* meta variables *) 14 | 15 | val goal_name : string;; (* the goal *) 16 | val any_name : string;; (* an element of the universe *) 17 | val univ_name : string;; (* the 1st-order universe *) 18 | 19 | val thm_default_name : string;; (* default name of the theorem *) 20 | 21 | val tuple_name : string;; (* built-in constructor for tuples *) 22 | -------------------------------------------------------------------------------- /test/test38.znn: -------------------------------------------------------------------------------- 1 | ; Copyright 2006 INRIA 2 | ; $Id: test38.znn,v 1.7 2011-12-28 16:43:33 doligez Exp $ 3 | 4 | ;; zenon cannot prove this ? 5 | $hyp "h00" F. 6 | 7 | $sig abst_equal ("zenon_U" "zenon_U") "bool" 8 | 9 | $def "d" (abst_order_inf x y) (abst_equal x (abst_inf x y)) 10 | 11 | $hyp "abst_add_keeps_inf" 12 | (A. ((x) (A. ((y) (Is_true (abst_order_inf x (abst_plus x y))))))) 13 | 14 | $hyp "abst_equal_transitive" 15 | (A. ((x) (A. ((y) (A. ((z) 16 | (=> (Is_true (abst_equal x y)) 17 | (=> (Is_true (abst_equal y z)) 18 | (Is_true (abst_equal x z)))))))))) 19 | 20 | $hyp "abst_inf_congruence" 21 | (A. ((x) (A. ((y) (A. ((z) 22 | (=> (Is_true (abst_equal x y)) 23 | (/\ (Is_true (abst_equal (abst_inf x z) (abst_inf y z))) 24 | (Is_true (abst_equal (abst_inf z x) (abst_inf z y))))))))))) 25 | 26 | $hyp "__lemma_1_1" 27 | (Is_true (abst_equal (abst_plus x abst_zero) y)) 28 | 29 | $goal (Is_true (abst_equal x (abst_inf x y))) 30 | -------------------------------------------------------------------------------- /typer.mli: -------------------------------------------------------------------------------- 1 | 2 | (* Parameters of the type checking/inference functions *) 3 | type opts = 4 | { 5 | default_type : Expr.expr; (* A type to associate to free variables *) 6 | scope_warnings : bool; (* Should we warn when we encounter free variables? *) 7 | undeclared_functions_warning : bool; (* Should we warn when we encounter undeclared function symbols? *) 8 | register_new_constants : bool; (* If we infer the type of an unknown function symbol, should we register it? *) 9 | fully_type : bool; (* Should everything be typed? *) 10 | } 11 | ;; 12 | 13 | (* Add a declaration for a global constant. *) 14 | val declare_constant : (string * Expr.expr) -> unit 15 | 16 | (* Print the declared constants, one by line *) 17 | val print_constant_decls : out_channel -> unit 18 | 19 | (* Type-check a list of phrases, the bool annotation is passed unchanged *) 20 | val phrasebl : opts -> (Phrase.phrase * bool) list -> (Phrase.phrase * bool) list 21 | -------------------------------------------------------------------------------- /zenon_modulo.opam: -------------------------------------------------------------------------------- 1 | # This file is generated by dune, edit dune-project instead 2 | opam-version: "2.0" 3 | synopsis: "Automated theorem prover generating formal proofs" 4 | description: """ 5 | Automated theorem prover for typed first-order logic based on the tableau 6 | method, generating Coq, Dedukti or Lambdapi proofs.""" 7 | maintainer: ["guillaume.burel@ensiie.fr"] 8 | authors: ["INRIA and contributors"] 9 | license: "BSD-3-Clause" 10 | homepage: "https://github.com/Deducteam/zenon_modulo" 11 | bug-reports: "https://github.com/Deducteam/zenon_modulo/issues" 12 | depends: [ 13 | "dune" {>= "3.7"} 14 | "ocaml" {>= "4.08.0"} 15 | "odoc" {with-doc} 16 | "ocamlfind" 17 | "zarith" 18 | ] 19 | build: [ 20 | ["dune" "subst"] {dev} 21 | [ 22 | "dune" 23 | "build" 24 | "-p" 25 | name 26 | "-j" 27 | jobs 28 | "@install" 29 | "@runtest" {with-test} 30 | "@doc" {with-doc} 31 | ] 32 | ] 33 | dev-repo: "git+https://github.com/Deducteam/zenon_modulo.git" 34 | -------------------------------------------------------------------------------- /test/test60.coz: -------------------------------------------------------------------------------- 1 | (* Copyright 2006 INRIA *) 2 | (* $Id: test60.coz,v 1.7 2006-07-20 13:19:21 doligez Exp $ *) 3 | 4 | (* 5 | ; file: species_general_additive_law.foc 6 | ; species: partially_ordered_additive_monoid 7 | ; property: order_inf_reverse_order_sup / __goal_20 8 | *) 9 | 10 | Parameter abst_T : Type. 11 | Parameter abst_equal : abst_T -> abst_T -> bool. 12 | Parameter abst_order_inf : abst_T -> abst_T -> bool. 13 | Parameter abst_order_sup : abst_T -> abst_T -> bool. 14 | Parameter x : abst_T. 15 | Parameter y : abst_T. 16 | 17 | Parameter 18 | __lemma_2: 19 | forall (xx: abst_T) (yy: abst_T), ((Is_true ((abst_order_sup xx yy )) ))-> 20 | (Is_true ((abst_order_inf yy xx )) ). 21 | Parameter __lemma_1: (Is_true 22 | ((abst_order_sup y x )) ). 23 | 24 | Theorem thm : 25 | ( 26 | ((Is_true ((abst_order_inf x y)) ))-> 27 | (Is_true ((abst_order_sup y x)) ) 28 | ) /\ ( 29 | ((Is_true ((abst_order_sup x y)) ))-> 30 | (Is_true ((abst_order_inf y x)) ) 31 | ) 32 | . 33 | -------------------------------------------------------------------------------- /test/test65.coz: -------------------------------------------------------------------------------- 1 | (* Copyright 2006 INRIA *) 2 | (* $Id: test65.coz,v 1.7 2006-07-20 13:19:21 doligez Exp $ *) 3 | 4 | (* 5 | ; file: species_general_additive_law.foc 6 | ; species: partially_ordered_additive_monoid 7 | ; property: sup_commutes / __goal_11 8 | *) 9 | 10 | Parameter abst_T : Type. 11 | Parameter abst_equal : abst_T -> abst_T -> bool. 12 | Parameter abst_inf : abst_T -> abst_T -> abst_T. 13 | Parameter abst_sup : abst_T -> abst_T -> abst_T. 14 | Parameter abst_plus : abst_T -> abst_T -> abst_T. 15 | Parameter x : abst_T. 16 | Parameter y : abst_T. 17 | 18 | Parameter 19 | abst_equal_symmetric: forall (x: abst_T) (y: abst_T), 20 | ((Is_true ((abst_equal x y)) ))-> 21 | (Is_true ((abst_equal y x)) ). 22 | Parameter __lemma_1_2_1: (Is_true 23 | ((abst_equal (abst_plus x y ) (abst_plus (abst_inf y x ) (abst_sup y x ) ) 24 | )) 25 | ). 26 | 27 | Theorem thm : 28 | (Is_true 29 | ((abst_equal (abst_plus (abst_inf y x ) (abst_sup y x ) ) (abst_plus x y ) )) 30 | ) 31 | . 32 | -------------------------------------------------------------------------------- /test/equivbench.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # Copyright 2006 INRIA 3 | # $Id: equivbench.sh,v 1.5 2007-04-23 17:19:11 doligez Exp $ 4 | 5 | usage() { echo 'usage: equivbench.sh ' >&2; } 6 | 7 | case $# in 8 | 1) ;; 9 | *) usage; exit 2;; 10 | esac 11 | 12 | n=$1 13 | 14 | awk 'BEGIN { 15 | print "$goal"; 16 | for (i = 0; i < '$n'; i++){ 17 | printf ("(<=> p_%d\n", i); 18 | } 19 | for (i = 0; i < '$n'; i++){ 20 | printf ("(<=> p_%d\n", i); 21 | } 22 | print "T."; 23 | for (i = 0; i < 2 * '$n'; i++){ 24 | printf ")"; 25 | } 26 | print ""; 27 | }' >equivbenchtmp.znn 28 | 29 | awk 'BEGIN { 30 | print "Require Import zenon."; 31 | print "Require Import zenon_equiv."; 32 | for (i = 0; i < '$n'; i++){ 33 | printf ("Parameter p_%d : Prop.\n", i); 34 | } 35 | print "Load equivbenchtmp."; 36 | }' >equivbenchmeta.v 37 | 38 | #time ../zenon equivbenchtmp.znn -x equiv 39 | 40 | time ../zenon equivbenchtmp.znn -x equiv -ocoqterm -short >equivbenchtmp.v 41 | wc equivbenchtmp.v 42 | #time coqc -I /usr/local/lib/zenon equivbenchmeta.v 43 | -------------------------------------------------------------------------------- /coqterm.mli: -------------------------------------------------------------------------------- 1 | (* Copyright 2004 INRIA *) 2 | (* $Id: coqterm.mli,v 1.13 2010-01-12 16:09:35 doligez Exp $ *) 3 | 4 | type coqterm;; 5 | type coqproof;; 6 | 7 | val trproof : 8 | Phrase.phrase list -> 9 | Phrase.phrase list -> 10 | Llproof.proof -> 11 | coqproof * string list 12 | ;; 13 | val print : out_channel -> coqproof -> unit;; 14 | 15 | val declare_context : out_channel -> Phrase.phrase list -> unit;; 16 | val print_use_all : out_channel -> Phrase.phrase list -> unit;; 17 | 18 | val init_mapping : Phrase.phrase list -> unit;; 19 | val is_mapped : Expr.expr -> bool;; 20 | val is_goal : Expr.expr -> bool;; 21 | val init_induct : Phrase.phrase list -> unit;; 22 | val get_induct : 23 | string -> string list * (string * Phrase.inductive_arg list) list * string 24 | ;; 25 | val is_constr : Expr.expr -> bool;; 26 | (* [is_constr e] is true iff [e] is the application of a constructor of 27 | an inductive type. *) 28 | val getname : Expr.expr -> string;; 29 | val synthesize : Expr.expr -> string;; 30 | val constants_used : string list ref;; 31 | exception Cannot_infer of string;; 32 | -------------------------------------------------------------------------------- /regression/examples/cantor/Cantor2.tla: -------------------------------------------------------------------------------- 1 | (* Contributed by Leslie Lamport *) 2 | 3 | -------------- MODULE Cantor2 ------------------ 4 | THEOREM cantor == 5 | \A S : 6 | \A f \in [S -> SUBSET S] : 7 | \E A \in SUBSET S : 8 | \A x \in S : 9 | f [x] # A 10 | PROOF 11 | <1>1. SUFFICES ASSUME NEW S, 12 | NEW f \in [S -> SUBSET S] 13 | PROVE \E A \in SUBSET S : 14 | \A x \in S : f [x] # A 15 | BY DEF cantor 16 | <1>2. DEFINE T == {z \in S : z \notin f [z]} 17 | <1>3. SUFFICES ASSUME NEW x \in S 18 | PROVE f[x] # T 19 | PROOF 20 | <2>1. WITNESS T \in SUBSET S 21 | <2>2. QED 22 | PROOF OBVIOUS 23 | <1>4. CASE x \in T 24 | PROOF 25 | <2>1. x \notin f [x] BY <1>4 26 | <2>2. QED BY <2>1 27 | <1>5. CASE x \notin T 28 | PROOF 29 | <2>1. x \in f [x] BY <1>5 30 | <2>2. QED BY <2>1 31 | <1>6. QED 32 | PROOF BY <1>4, <1>5 33 | =============================================== 34 | -------------------------------------------------------------------------------- /test/test61.coz: -------------------------------------------------------------------------------- 1 | (* Copyright 2006 INRIA *) 2 | (* $Id: test61.coz,v 1.8 2008-08-14 14:02:09 doligez Exp $ *) 3 | 4 | (* 5 | ; file: species_general_additive_law.foc 6 | ; species: partially_ordered_additive_monoid 7 | ; property: sup_commutes / __lemma_1_1_1 8 | *) 9 | 10 | Parameter abst_T : Type. 11 | Parameter abst_equal : abst_T -> abst_T -> bool. 12 | Parameter abst_inf : abst_T -> abst_T -> abst_T. 13 | Parameter abst_sup : abst_T -> abst_T -> abst_T. 14 | Parameter abst_plus : abst_T -> abst_T -> abst_T. 15 | Parameter x : abst_T. 16 | Parameter y : abst_T. 17 | 18 | Parameter 19 | abst_plus_is_left_congruence: forall (x: abst_T) (y: abst_T) (z: abst_T), 20 | ((Is_true ((abst_equal x y)) ))-> 21 | (Is_true ((abst_equal (abst_plus x z) (abst_plus y z))) ). 22 | Parameter 23 | abst_inf_commutes: forall (x: abst_T) (y: abst_T), (Is_true 24 | ((abst_equal (abst_inf x y) (abst_inf y x))) ). 25 | 26 | Theorem thm : 27 | (Is_true 28 | ((abst_equal 29 | (abst_plus (abst_inf x y ) (abst_sup x y ) ) 30 | (abst_plus (abst_inf y x ) (abst_sup x y ) ) 31 | )) 32 | ) 33 | . 34 | -------------------------------------------------------------------------------- /rewrite.mli: -------------------------------------------------------------------------------- 1 | (* Copyright 2003 INRIA *) 2 | (* $Id: modnorm.mli,v 1.00 2013-04_05 15:19:00 halmagrand Exp $ *) 3 | 4 | open Expr;; 5 | 6 | val unif_aux : ( expr * expr ) list -> expr -> expr -> (expr * expr ) list;; 7 | (* [unif_aux l t1 t2] 8 | return [l] the list of pair whch symbolise the substitution 9 | sigma : t1 -> t2 10 | *) 11 | 12 | val unif : expr -> expr -> (expr * expr ) list;; 13 | (* [unif t1 t2] 14 | return [l] the list of pair whch symbolise the substitution 15 | sigma : t1 -> t2 16 | *) 17 | 18 | val nb_rewrite : unit -> int * int;; 19 | (* return the number of rewrites on terms and props *) 20 | 21 | val rewrite_term : (expr * expr) -> expr -> expr;; 22 | 23 | val rewrite_prop : (expr * expr) -> expr -> expr;; 24 | 25 | val normalize_fm : expr -> expr;; 26 | 27 | val normalize_list : expr list -> expr list;; 28 | 29 | val printer : expr -> unit;; 30 | 31 | exception Unif_failed;; 32 | 33 | val add_rwrt_term : string -> expr -> unit;; 34 | val add_rwrt_prop : string -> expr -> unit;; 35 | 36 | val select_rwrt_rules : Phrase.phrase list -> Phrase.phrase list;; 37 | -------------------------------------------------------------------------------- /test/test49.coz: -------------------------------------------------------------------------------- 1 | (* Copyright 2006 INRIA *) 2 | (* $Id: test49.coz,v 1.7 2006-07-20 13:19:21 doligez Exp $ *) 3 | 4 | (* 5 | ; file: species_general_additive_law.foc 6 | ; species: partially_ordered_additive_monoid 7 | ; property: add_absorbes_sup / __goal_11 8 | *) 9 | 10 | Parameter abst_T : Type. 11 | Parameter x : abst_T. 12 | Parameter y : abst_T. 13 | Parameter abst_equal : abst_T -> abst_T -> bool. 14 | Parameter abst_plus : abst_T -> abst_T -> abst_T. 15 | Parameter abst_sup : abst_T -> abst_T -> abst_T. 16 | 17 | Parameter 18 | abst_plus_is_regular: forall (x: abst_T) (y: abst_T) (z: abst_T), 19 | ((Is_true ((abst_equal (abst_plus x y) (abst_plus x z))) ))-> 20 | (Is_true ((abst_equal y z)) ) 21 | . 22 | Parameter __lemma_1_1: (Is_true 23 | ((abst_equal 24 | (abst_plus x (abst_plus x y ) ) 25 | (abst_plus x (abst_sup (abst_plus x y ) x ) ) 26 | )) 27 | ) 28 | . 29 | Definition 30 | abst_order_sup := 31 | (fun (x: abst_T) => (fun (y: abst_T) => (abst_equal x (abst_sup x y)))) 32 | . 33 | 34 | Theorem thm : (Is_true ((abst_order_sup (abst_plus x y ) x ))). 35 | -------------------------------------------------------------------------------- /test/test32.znn: -------------------------------------------------------------------------------- 1 | ; Copyright 2006 INRIA 2 | ; $Id: test32.znn,v 1.6 2011-12-28 16:43:33 doligez Exp $ 3 | 4 | # file: species_general_set.foc 5 | # species: lattice 6 | # property: order_inf_is_reflexive 7 | 8 | # (* to be proved *) 9 | #(x: abst_T) (Is_true ((abst_order_inf x x)) 10 | #) 11 | #By 12 | # abst_equal_reflexive: (x: abst_T) (Is_true ((abst_equal x x)) ) 13 | # abst_inf_idempotent: (x: abst_T) (y: abst_T) 14 | # ((Is_true ((abst_equal x y)) ))-> 15 | # (Is_true ((abst_equal x (abst_inf x y))) ) 16 | #By def abst_order_inf:= [x: abst_T][y: abst_T](abst_equal x (abst_inf x y)) 17 | #(* Qed *). 18 | 19 | $sig abst_T () "Type" 20 | $sig abst_equal ("abst_T" "abst_T") "bool" 21 | $sig abst_inf ("abst_T" "abst_T") "abst_T" 22 | 23 | $def "d1" (abst_order_inf x y) (abst_equal x (abst_inf x y)) 24 | 25 | $hyp "h1" (A. ((x "abst_T") (Is_true (abst_equal x x)))) 26 | 27 | $hyp "h2" (A. ((x "abst_T") (A. ((y "abst_T") 28 | (=> (Is_true (abst_equal x y)) 29 | (Is_true (abst_equal x (abst_inf x y)))))))) 30 | 31 | $goal (A. ((x "abst_T") (Is_true (abst_order_inf x x)))) 32 | -------------------------------------------------------------------------------- /test/test52.coz: -------------------------------------------------------------------------------- 1 | (* Copyright 2006 INRIA *) 2 | (* $Id: test52.coz,v 1.7 2006-07-20 13:19:21 doligez Exp $ *) 3 | 4 | (* 5 | ; file: species_general_additive_law.foc 6 | ; species: partially_ordered_additive_monoid 7 | ; property: sup_idempotent / __lemma_1_1_2 8 | *) 9 | 10 | Parameter abst_T : Type. 11 | Parameter abst_equal : abst_T -> abst_T -> bool. 12 | Parameter abst_inf : abst_T -> abst_T -> abst_T. 13 | Parameter x : abst_T. 14 | Parameter y : abst_T. 15 | 16 | Parameter 17 | abst_equal_transitive: forall (x: abst_T) (y: abst_T) (z: abst_T), 18 | ((Is_true ((abst_equal x y)) ))-> 19 | ((Is_true ((abst_equal y z)) ))-> 20 | (Is_true ((abst_equal x z)) ). 21 | Parameter 22 | abst_equal_symmetric: forall (x: abst_T) (y: abst_T), 23 | ((Is_true ((abst_equal x y)) ))-> 24 | (Is_true ((abst_equal y x)) ). 25 | Parameter abst_inf_idempotent: forall (x: abst_T) 26 | (y: abst_T), 27 | ((Is_true ((abst_equal x y)) ))-> 28 | (Is_true ((abst_equal x (abst_inf x y))) ). 29 | Parameter H_1_1: (Is_true 30 | ((abst_equal x y )) ). 31 | 32 | Theorem thm : 33 | (Is_true ((abst_equal (abst_inf x y ) y )) 34 | ) 35 | . 36 | -------------------------------------------------------------------------------- /.github/workflows/main.yml: -------------------------------------------------------------------------------- 1 | on: 2 | pull_request: 3 | types: [opened, synchronize, edited, reopened] 4 | push: 5 | workflow_dispatch: 6 | jobs: 7 | build_lambdapi: 8 | strategy: 9 | fail-fast: false 10 | matrix: 11 | ocaml-version: [5.2.0, 5.1.1, 5.0.0, 4.14.1, 4.13.1, 4.12.1, 4.11.2, 4.10.2, 4.09.1, 4.08.1] 12 | runs-on: ubuntu-latest 13 | steps: 14 | - name: checking out lambdapi repo ... 15 | uses: actions/checkout@v6 16 | - name: recovering cached opam files ... 17 | uses: actions/cache@v4 18 | with: 19 | path: ~/.opam 20 | key: ${{ runner.os }}-ocaml-${{ matrix.ocaml-version }} 21 | - name: setting up opam ... 22 | uses: avsm/setup-ocaml@v3 23 | with: 24 | ocaml-compiler: ${{ matrix.ocaml-version }} 25 | - name: installing dependencies ... 26 | run: | 27 | opam pin add -n -k path zenon_modulo . 28 | opam install --deps-only zenon_modulo 29 | - name: compiling zenon_modulo ... 30 | run: | 31 | eval `opam env` 32 | ./configure 33 | make zenon_modulo.bin 34 | 35 | -------------------------------------------------------------------------------- /regression/Makefile: -------------------------------------------------------------------------------- 1 | ########################################################## 2 | # Makefile --- Makefile for regression tests # 3 | # # 4 | # Author: Damien Doligez # 5 | # # 6 | # Copyright (C) 2008 INRIA and Microsoft Corporation # 7 | ########################################################## 8 | 9 | # usage: 10 | # 11 | # Type "make" to run the full regression test suite. 12 | # 13 | # If you added a foo.tla file, you can generate the corresponding 14 | # .exact file with "make foo.exact". 15 | # 16 | # Type "make clean" to get rid of temporary files and test results. 17 | 18 | 19 | .PHONY: default 20 | default: 21 | ./test.sh 22 | 23 | .PHONY: quick 24 | quick: 25 | ./test.sh -quick 26 | 27 | .PHONY: clean 28 | clean: 29 | rm -rf temp/* 30 | find . -name '*.diff' -exec rm -f '{}' ';' 31 | find . -name 'TLA_*.thyx' -exec rm -f '{}' ';' 32 | find . -name 'TLA_*.thy' -exec rm -f '{}' ';' 33 | find . -name 'TLA_*.fp' -exec rm -f '{}' ';' 34 | find . -name 'TLA_*.fp.history' -exec rm -rf '{}' ';' 35 | find . -name '*.log' -exec rm -f '{}' ';' 36 | -------------------------------------------------------------------------------- /phrase.mli: -------------------------------------------------------------------------------- 1 | (* Copyright 2004 INRIA *) 2 | (* $Id: phrase.mli,v 1.14 2012-04-24 17:32:04 doligez Exp $ *) 3 | 4 | open Expr;; 5 | 6 | type inductive_arg = 7 | | Param of string 8 | | Self 9 | ;; 10 | 11 | type phrase = 12 | | Hyp of string * expr * int 13 | | Def of definition 14 | | Sig of string * string list * string (* sym, args, result *) 15 | | Inductive of 16 | string * string list * (string * inductive_arg list) list * string 17 | | Rew of string * expr * int 18 | ;; 19 | 20 | type zphrase = 21 | | Zhyp of string * expr * int 22 | | Zdef of definition 23 | | Zsig of string * string list * string 24 | | Zinductive of 25 | string * string list * (string * inductive_arg list) list * string 26 | | Zinclude of string 27 | ;; 28 | 29 | val separate : 30 | string list -> phrase list -> definition list * (expr * int) list 31 | ;; 32 | 33 | type tpphrase = 34 | | Include of string * string list option 35 | | Formula of string * string * expr * string option 36 | | Annotation of string 37 | ;; 38 | 39 | (** Turn a def-shaped formula into a (real) definition. 40 | Raise [Invalid_argument] if the argument is not def-shaped. *) 41 | val change_to_def : string list -> expr -> definition;; 42 | -------------------------------------------------------------------------------- /test/test51.coz: -------------------------------------------------------------------------------- 1 | (* Copyright 2006 INRIA *) 2 | (* $Id: test51.coz,v 1.7 2006-07-20 13:19:21 doligez Exp $ *) 3 | 4 | (* 5 | ; file: species_general_additive_law.foc 6 | ; species: partially_ordered_additive_monoid 7 | ; property: sup_idempotent / __lemma_1_1_1 8 | *) 9 | 10 | Parameter abst_T : Type. 11 | Parameter abst_equal : abst_T -> abst_T -> bool. 12 | Parameter abst_plus : abst_T -> abst_T -> abst_T. 13 | Parameter abst_inf : abst_T -> abst_T -> abst_T. 14 | Parameter abst_sup : abst_T -> abst_T -> abst_T. 15 | Parameter x : abst_T. 16 | Parameter y : abst_T. 17 | 18 | Parameter 19 | abst_equal_transitive: forall (x: abst_T) (y: abst_T) (z: abst_T), 20 | ((Is_true ((abst_equal x y)) ))-> 21 | ((Is_true ((abst_equal y z)) ))-> 22 | (Is_true ((abst_equal x z)) ). 23 | Parameter 24 | abst_plus_commutes: forall (x: abst_T) (y: abst_T), (Is_true 25 | ((abst_equal (abst_plus x y) (abst_plus y x))) ). 26 | Parameter 27 | abst_sum_is_inf_plus_sup: forall (x: abst_T) (y: abst_T), (Is_true 28 | ((abst_equal (abst_plus x y) (abst_plus (abst_inf x y) (abst_sup x 29 | y)))) 30 | ). 31 | 32 | Theorem thm : 33 | (Is_true 34 | ((abst_equal (abst_plus y x ) (abst_plus (abst_inf x y ) (abst_sup x y ) ) )) 35 | ). 36 | -------------------------------------------------------------------------------- /test/test64.coz: -------------------------------------------------------------------------------- 1 | (* Copyright 2006 INRIA *) 2 | (* $Id: test64.coz,v 1.7 2006-07-20 13:19:21 doligez Exp $ *) 3 | 4 | (* 5 | ; file: species_general_additive_law.foc 6 | ; species: partially_ordered_additive_monoid 7 | ; property: sup_commutes / __lemma_1_2_1 8 | *) 9 | 10 | Parameter abst_T : Type. 11 | Parameter abst_equal : abst_T -> abst_T -> bool. 12 | Parameter abst_inf : abst_T -> abst_T -> abst_T. 13 | Parameter abst_sup : abst_T -> abst_T -> abst_T. 14 | Parameter abst_plus : abst_T -> abst_T -> abst_T. 15 | Parameter x : abst_T. 16 | Parameter y : abst_T. 17 | 18 | Parameter 19 | abst_equal_transitive: forall (x: abst_T) (y: abst_T) (z: abst_T), 20 | ((Is_true ((abst_equal x y)) ))-> 21 | ((Is_true ((abst_equal y z)) ))-> 22 | (Is_true ((abst_equal x z)) ). 23 | Parameter 24 | abst_plus_commutes: forall (x: abst_T) (y: abst_T), (Is_true 25 | ((abst_equal (abst_plus x y) (abst_plus y x))) ). 26 | Parameter 27 | abst_sum_is_inf_plus_sup: forall (x: abst_T) (y: abst_T), (Is_true 28 | ((abst_equal (abst_plus x y) (abst_plus (abst_inf x y) (abst_sup x 29 | y)))) 30 | ). 31 | 32 | Theorem thm : 33 | (Is_true 34 | ((abst_equal (abst_plus x y ) (abst_plus (abst_inf y x ) (abst_sup y x ) ) )) 35 | ) 36 | . 37 | -------------------------------------------------------------------------------- /doc/intro.tex: -------------------------------------------------------------------------------- 1 | % Copyright 2006 INRIA 2 | % $Id: intro.tex,v 1.3 2006-03-01 14:39:03 doligez Exp $ 3 | 4 | \chapter{Introduction}\label{chap:intro} 5 | 6 | Zenon is an automatic theorem-prover whose main claim to fame is that 7 | it produces actual proofs of theorems. 8 | Correctness is an explicit non-goal in the design of Zenon: the proof 9 | output needs to be checked by another program before the theorem is 10 | considered proved. 11 | As a consequence, Zenon is not 12 | designed for direct use by humans, but rather for interfacing into 13 | formal proof systems, such as interactive proof assistants and 14 | non-interactive proof checkers. 15 | 16 | This document gives a detailed description of all the information 17 | needed by users of Zenon. Chapter~\ref{chap:install} describes how to 18 | compile and install Zenon from source code. Chapter~\ref{chap:options} 19 | describes all the command-line options accepted by Zenon. 20 | Chapter~\ref{chap:input-zen} describes the native input syntax of 21 | Zenon; chapter~\ref{chap:input-tptp} describes the TPTP input syntax; 22 | chapter~\ref{chap:input-coq} describes the Coq-style input 23 | syntax. Chapter~\ref{chap:messages} describes the error and warning 24 | messages that Zenon may output when searching for a proof. 25 | -------------------------------------------------------------------------------- /test/test62.coz: -------------------------------------------------------------------------------- 1 | (* Copyright 2006 INRIA *) 2 | (* $Id: test62.coz,v 1.8 2008-08-14 14:02:09 doligez Exp $ *) 3 | 4 | (* 5 | ; file: species_general_additive_law.foc 6 | ; species: partially_ordered_additive_monoid 7 | ; property: sup_commutes / __goal_9 8 | *) 9 | 10 | Parameter abst_T : Type. 11 | Parameter abst_equal : abst_T -> abst_T -> bool. 12 | Parameter abst_inf : abst_T -> abst_T -> abst_T. 13 | Parameter abst_sup : abst_T -> abst_T -> abst_T. 14 | Parameter abst_plus : abst_T -> abst_T -> abst_T. 15 | Parameter x : abst_T. 16 | Parameter y : abst_T. 17 | 18 | Parameter 19 | abst_equal_transitive: forall (x: abst_T) (y: abst_T) (z: abst_T), 20 | ((Is_true ((abst_equal x y)) ))-> 21 | ((Is_true ((abst_equal y z)) ))-> 22 | (Is_true ((abst_equal x z)) ). 23 | Parameter 24 | abst_sum_is_inf_plus_sup: forall (x: abst_T) (y: abst_T), (Is_true 25 | ((abst_equal (abst_plus x y) (abst_plus (abst_inf x y) (abst_sup x 26 | y)))) 27 | ). 28 | Parameter __lemma_1_1_1: (Is_true 29 | ((abst_equal 30 | (abst_plus (abst_inf x y ) (abst_sup x y ) ) 31 | (abst_plus (abst_inf y x ) (abst_sup x y ) ) 32 | )) 33 | ). 34 | 35 | Theorem thm : 36 | (Is_true 37 | ((abst_equal (abst_plus x y ) (abst_plus (abst_inf y x ) (abst_sup x y ) ) )) 38 | ) 39 | . 40 | -------------------------------------------------------------------------------- /globals.mli: -------------------------------------------------------------------------------- 1 | (* Copyright 1997 INRIA *) 2 | (* $Id: globals.mli,v 1.15 2008-10-09 13:21:30 doligez Exp $ *) 3 | 4 | val debug_flag : bool ref;; 5 | 6 | val stats_flag : bool ref;; 7 | val quiet_flag : bool ref;; 8 | val size_limit : float ref;; 9 | val step_limit : float ref;; 10 | val time_limit : float ref;; 11 | val short_flag : bool ref;; 12 | val ctx_flag : bool ref;; 13 | val random_flag : bool ref;; 14 | val random_seed : int ref;; 15 | val load_path : string ref;; 16 | val namespace_flag : bool ref;; 17 | val use_all_flag : bool ref;; 18 | 19 | val inferences : int ref;; 20 | val proof_nodes : int ref;; 21 | val top_num_forms : int ref;; 22 | val stored_lemmas : int ref;; 23 | val num_expr : int ref;; 24 | 25 | val output_dk : bool ref;; 26 | val output_lp : bool ref;; 27 | val modulo : bool ref;; 28 | val modulo_heuri : bool ref;; 29 | val modulo_heuri_simple : bool ref;; 30 | val debug_rwrt : bool ref;; 31 | 32 | val output_sig : bool ref;; 33 | val signature_name : string ref;; 34 | val lp_package : string ref;; 35 | val conjecture : string ref;; 36 | val check_axiom : bool ref;; 37 | val szs : bool ref;; 38 | 39 | val begin_comment : unit -> string;; 40 | val end_comment : unit -> string;; 41 | 42 | (* Has a conjecture, useful for SZS output *) 43 | val has_a_conjecture : bool ref;; 44 | -------------------------------------------------------------------------------- /error.ml: -------------------------------------------------------------------------------- 1 | (* Copyright 2005 INRIA *) 2 | Version.add "$Id: af6004ec6e3900adb00b13aa1e67da873f9dd706 $";; 3 | 4 | open Printf;; 5 | 6 | let warnings_flag = ref true;; 7 | let got_warning = ref false;; 8 | let err_file = ref "";; 9 | 10 | let print_header = ref false;; 11 | let header = ref "";; 12 | 13 | let set_header msg = 14 | print_header := true; 15 | header := msg; 16 | ;; 17 | 18 | let err_oc = ref stderr;; 19 | let err_inited = ref false;; 20 | 21 | let print kind msg = 22 | if not !err_inited then begin 23 | if !err_file <> "" then err_oc := open_out !err_file; 24 | if !print_header then fprintf !err_oc "%s\n" !header; 25 | err_inited := true; 26 | end; 27 | fprintf !err_oc "%s%s\n" kind msg; 28 | flush !err_oc; 29 | ;; 30 | 31 | let warn msg = 32 | if !warnings_flag then begin 33 | print "Zenon warning: " msg; 34 | got_warning := true; 35 | end; 36 | ;; 37 | 38 | let err msg = print "Zenon error: " msg;; 39 | 40 | let errpos pos msg = 41 | let s = sprintf "File \"%s\", line %d, character %d:" 42 | pos.Lexing.pos_fname pos.Lexing.pos_lnum 43 | (pos.Lexing.pos_cnum - pos.Lexing.pos_bol) 44 | in 45 | print "" s; 46 | print "Zenon error: " msg; 47 | ;; 48 | 49 | exception Lex_error of string;; 50 | exception Abort;; 51 | -------------------------------------------------------------------------------- /test/test70.coz: -------------------------------------------------------------------------------- 1 | (* Copyright 2006 INRIA *) 2 | (* $Id: test70.coz,v 1.7 2006-07-20 13:19:21 doligez Exp $ *) 3 | 4 | (* 5 | ; file: products.foc 6 | ; species: cartesian 7 | ; property: equal_reflexive / __lemma_1_2 8 | 9 | ; Attention, ce fichier a ete modifie a la main 10 | *) 11 | 12 | Parameter abst_T : Type. 13 | Parameter x : abst_T. 14 | Parameter foo : Type. 15 | Parameter first : abst_T -> foo. 16 | Parameter scnd : abst_T -> foo. 17 | Parameter setoid_equal : foo -> foo -> foo -> bool. 18 | Parameter self_s1 : foo. 19 | Parameter self_s2 : foo. 20 | Parameter and_b : bool -> bool -> bool. 21 | 22 | Parameter 23 | def_and_b: forall (x : bool) (y : bool), 24 | (Is_true (and_b x y)) <-> ((Is_true x) /\ (Is_true y)). 25 | 26 | Definition 27 | abst_equal:= (fun (a: abst_T) => (fun (b: abst_T) => 28 | let a1:= (first a) in 29 | let a2:= (scnd a) in 30 | let b1:= (first b) in 31 | let b2:= (scnd b) in 32 | (and_b ((setoid_equal self_s1 ) a1 b1) ((setoid_equal self_s2 ) a2 33 | b2)))). 34 | 35 | Parameter 36 | __lemma_1_2: (Is_true (((setoid_equal self_s2 ) (scnd x ) (scnd x ) )) ). 37 | Parameter 38 | __lemma_1_1: (Is_true (((setoid_equal self_s1 ) (first x ) (first x ) )) ). 39 | 40 | Theorem thm : 41 | (Is_true ((abst_equal x x )) 42 | ) 43 | . 44 | -------------------------------------------------------------------------------- /prove.mli: -------------------------------------------------------------------------------- 1 | (* Copyright 1997 INRIA *) 2 | (* $Id: prove.mli,v 1.3 2009-08-05 14:47:43 doligez Exp $ *) 3 | 4 | open Expr;; 5 | 6 | exception NoProof;; 7 | exception LimitsExceeded;; 8 | 9 | type branch_state = 10 | | Open 11 | | Closed of Mlproof.proof 12 | | Backtrack 13 | ;; 14 | 15 | type rule;; 16 | type params = { 17 | rules : rule list; 18 | fail : unit -> branch_state; 19 | progress : unit -> unit; 20 | end_progress : string -> unit; 21 | iter : (Mlproof.proof list -> Mlproof.proof list) -> Mlproof.proof list -> Mlproof.proof list; 22 | };; 23 | 24 | val prove : params -> definition list -> (expr * int) list -> Mlproof.proof list;; 25 | val default_params : params;; 26 | val open_params : int option -> params;; 27 | 28 | val newnodes_absurd : rule;; 29 | val newnodes_closure : rule;; 30 | val newnodes_eq_str : rule;; 31 | val newnodes_jtree : rule;; 32 | val newnodes_alpha : rule;; 33 | val newnodes_beta : rule;; 34 | val newnodes_delta : rule;; 35 | val newnodes_gamma : rule;; 36 | val newnodes_unfold : rule;; 37 | val newnodes_refl : rule;; 38 | val newnodes_match_congruence : rule;; 39 | val newnodes_match_trans : rule;; 40 | val newnodes_match_sym : rule;; 41 | val newnodes_match : rule;; 42 | val newnodes_preunif : rule;; 43 | val newnodes_useless : rule;; 44 | val newnodes_extensions : rule;; 45 | -------------------------------------------------------------------------------- /test/test28.znn: -------------------------------------------------------------------------------- 1 | ; Copyright 2006 INRIA 2 | ; $Id: test28.znn,v 1.6 2011-12-28 16:43:33 doligez Exp $ 3 | 4 | # species_general_set: lt_is_not_leq 5 | 6 | # (* to be proved *) 7 | #(x: abst_T) (y: abst_T) 8 | #(and 9 | # ((Is_true ((abst_lt x y)) ))-> 10 | # (and (Is_true ((abst_leq x y)) ) (Is_true ((abst_different x y)) )) 11 | # ((Is_true ((abst_leq x y)) ))-> 12 | # (or (Is_true ((abst_lt x y)) ) (Is_true ((abst_equal x y)) ))) 13 | #By 14 | #By def 15 | # abst_different:= [x: abst_T][y: abst_T](not_b (abst_equal x y)) 16 | # abst_lt:= [x: abst_T][y: abst_T](and_b (abst_leq x y) (not_b 17 | # (abst_equal x y))) 18 | #(* Qed *). 19 | 20 | $sig abst_T () "Type" 21 | $sig abst_leq ("abst_T" "abst_T") "bool" 22 | $sig abst_equal ("abst_T" "abst_T") "bool" 23 | 24 | $def "d1" (abst_different x y) (coq_builtins.bi__not_b (abst_equal x y)) 25 | $def "d2" (abst_lt x y) 26 | (coq_builtins.bi__and_b (abst_leq x y) 27 | (coq_builtins.bi__not_b (abst_equal x y))) 28 | 29 | $goal (A. ((x "abst_T") (A. ((y "abst_T") 30 | (/\ (=> (Is_true (abst_lt x y)) 31 | (/\ (Is_true (abst_leq x y)) (Is_true (abst_different x y)))) 32 | (=> (Is_true (abst_leq x y)) 33 | (\/ (Is_true (abst_lt x y)) (Is_true (abst_equal x y))))))))) 34 | -------------------------------------------------------------------------------- /test/test53.coz: -------------------------------------------------------------------------------- 1 | (* Copyright 2006 INRIA *) 2 | (* $Id: test53.coz,v 1.7 2006-07-20 13:19:21 doligez Exp $ *) 3 | 4 | (* 5 | ; file: species_general_additive_law.foc 6 | ; species: partially_ordered_additive_monoid 7 | ; property: sup_idempotent / __goal_11 8 | *) 9 | 10 | Parameter abst_T : Type. 11 | Parameter abst_equal : abst_T -> abst_T -> bool. 12 | Parameter abst_plus : abst_T -> abst_T -> abst_T. 13 | Parameter abst_sup : abst_T -> abst_T -> abst_T. 14 | Parameter abst_inf : abst_T -> abst_T -> abst_T. 15 | Parameter x : abst_T. 16 | Parameter y : abst_T. 17 | 18 | Parameter 19 | abst_equal_transitive: forall (x: abst_T) (y: abst_T) (z: abst_T), 20 | ((Is_true ((abst_equal x y)) ))-> 21 | ((Is_true ((abst_equal y z)) ))-> 22 | (Is_true ((abst_equal x z)) ). 23 | Parameter 24 | abst_plus_is_left_congruence: forall (x: abst_T) (y: abst_T) (z: abst_T), 25 | ((Is_true ((abst_equal x y)) ))-> 26 | (Is_true ((abst_equal (abst_plus x z) (abst_plus y z))) ). 27 | Parameter 28 | __lemma_1_1_2: (Is_true ((abst_equal (abst_inf x y ) y )) ). 29 | Parameter __lemma_1_1_1: 30 | (Is_true 31 | ((abst_equal (abst_plus y x ) (abst_plus (abst_inf x y ) (abst_sup x y ) ) 32 | )) 33 | ). 34 | 35 | Theorem thm : 36 | (Is_true ((abst_equal (abst_plus y x ) (abst_plus y (abst_sup x y ) ) )) 37 | ) 38 | . 39 | -------------------------------------------------------------------------------- /regression/misc/test5.tla: -------------------------------------------------------------------------------- 1 | ------------------ MODULE test5 ----------------- 2 | P(x) == x = x 3 | Q == 1=1 4 | 5 | (******************* the following is proved 6 | THEOREM (\E i : P(i)) => Q 7 | <1>1. ASSUME NEW i 8 | PROVE P(i) => Q 9 | <1>2. QED 10 | BY <1>1 11 | **********************) 12 | 13 | (******************* the following is proved 14 | THEOREM \E i \in {0,1} : P(i) 15 | <1>1. P(1) 16 | <1>2. QED 17 | BY <1>1 18 | **********************) 19 | 20 | THEOREM (~ (\E i : P(i))) <=> (\A i : ~P(i)) 21 | OBVIOUS 22 | ============== 23 | THEOREM (~ (\E i \in {0, 1} : P(i))) <=> (\A i \in {0, 1} : ~P(i)) 24 | OBVIOUS 25 | ================= 26 | 27 | (****** 28 | THEOREM (\E i \in {0, 1} : P(i)) => Q 29 | <1>1. ASSUME NEW i \in {0,1} 30 | PROVE P(i) => Q 31 | <1>2. QED 32 | BY <1>1 33 | **********) 34 | 35 | THEOREM (\E i \in {0, 1} : P(i)) => Q 36 | 37 | 38 | 39 | <1>1. SUFFICES (\A i \in {0, 1} : ~P(i)) \/ Q 40 | OBVIOUS 41 | 42 | <1>2. SUFFICES \A i \in {0, 1} : ~P(i) \/ Q 43 | \* OBVIOUS 44 | <1>3. SUFFICES \A i \in {0, 1} : P(i) => Q 45 | \* OBVIOUS 46 | <1>4. ASSUME NEW i \in {0,1} 47 | PROVE P(i) => Q 48 | <1>5. QED 49 | \* BY <1>4 50 | 51 | ================================================ 52 | -------------------------------------------------------------------------------- /test/test37.znn: -------------------------------------------------------------------------------- 1 | ; Copyright 2006 INRIA 2 | ; $Id: test37.znn,v 1.7 2011-12-28 16:43:33 doligez Exp $ 3 | 4 | # file: species_general_additive_law.foc 5 | # species: partially_ordered_additive_monoid 6 | # property: inf_idempotent / __lemma_1_1 7 | 8 | ; (* to be proved *) 9 | ; (Is_true ((abst_equal (abst_plus x abst_zero ) y )) 10 | ; ) 11 | ; By 12 | ; abst_equal_transitive: (x: abst_T) (y: abst_T) (z: abst_T) 13 | ; ((Is_true ((abst_equal x y)) ))-> 14 | ; ((Is_true ((abst_equal y z)) ))-> 15 | ; (Is_true ((abst_equal x z)) ) 16 | ; abst_zero_is_neutral: (x: abst_T) 17 | ; (and (Is_true ((abst_equal (abst_plus x abst_zero) x)) ) (Is_true 18 | ; ((abst_equal (abst_plus abst_zero x) x)) )) H_1_1: (Is_true 19 | ; ((abst_equal x y )) ) 20 | ; By def 21 | ; (* Qed *). 22 | 23 | $sig abst_equal ("zenon_U" "zenon_U") "bool" 24 | 25 | $hyp "abst_equal_transitive" 26 | (A. ((x) (A. ((y) (A. ((z) 27 | (=> (Is_true (abst_equal x y)) 28 | (=> (Is_true (abst_equal y z)) 29 | (Is_true (abst_equal x z)))))))))) 30 | 31 | $hyp "abst_zero_is_neutral" 32 | (A. ((x) (/\ (Is_true (abst_equal (abst_plus x abst_zero) x)) 33 | (Is_true (abst_equal (abst_plus abst_zero x) x))))) 34 | 35 | $hyp "H_1_1" 36 | (Is_true (abst_equal x y)) 37 | 38 | $goal (Is_true (abst_equal (abst_plus x abst_zero) y)) 39 | -------------------------------------------------------------------------------- /test/test66.coz: -------------------------------------------------------------------------------- 1 | (* Copyright 2006 INRIA *) 2 | (* $Id: test66.coz,v 1.7 2006-07-20 13:19:21 doligez Exp $ *) 3 | 4 | (* 5 | ; file: species_general_additive_law.foc 6 | ; species: partially_ordered_additive_monoid 7 | ; property: sup_commutes / __lemma_1_3 8 | *) 9 | 10 | Parameter abst_T : Type. 11 | Parameter abst_equal : abst_T -> abst_T -> bool. 12 | Parameter abst_inf : abst_T -> abst_T -> abst_T. 13 | Parameter abst_sup : abst_T -> abst_T -> abst_T. 14 | Parameter abst_plus : abst_T -> abst_T -> abst_T. 15 | Parameter x : abst_T. 16 | Parameter y : abst_T. 17 | 18 | Parameter 19 | abst_equal_transitive: forall (x: abst_T) (y: abst_T) (z: abst_T), 20 | ((Is_true ((abst_equal x y)) ))-> 21 | ((Is_true ((abst_equal y z)) ))-> 22 | (Is_true ((abst_equal x z)) ). 23 | Parameter 24 | abst_plus_commutes: forall (x: abst_T) (y: abst_T), (Is_true 25 | ((abst_equal (abst_plus x y) (abst_plus y x))) ). 26 | Parameter abst_plus_is_regular: 27 | forall (x: abst_T) (y: abst_T) (z: abst_T), 28 | ((Is_true ((abst_equal (abst_plus x y) (abst_plus x z))) ))-> 29 | (Is_true ((abst_equal y z)) ). 30 | 31 | Theorem thm : 32 | ((Is_true 33 | ((abst_equal 34 | (abst_plus (abst_inf y x ) (abst_sup y x ) ) 35 | (abst_plus (abst_inf y x ) (abst_sup x y ) ) 36 | )) 37 | ))-> 38 | 39 | (Is_true ((abst_equal (abst_sup y x ) (abst_sup x y ) )) ) 40 | . 41 | -------------------------------------------------------------------------------- /globals.ml: -------------------------------------------------------------------------------- 1 | (* Copyright 1997 INRIA *) 2 | Version.add "$Id: 3fc9d24b2bcdb989b8bcf4f2d4af6f2d9d65f5c8 $";; 3 | 4 | let debug_flag = ref false;; 5 | 6 | let stats_flag = ref false;; 7 | let quiet_flag = ref false;; 8 | let size_limit = ref 1000_000_000.;; 9 | let step_limit = ref 10_000.;; 10 | let time_limit = ref 300.;; 11 | let short_flag = ref false;; 12 | let ctx_flag = ref false;; 13 | let random_flag = ref false;; 14 | let random_seed = ref 0;; 15 | let load_path = ref Config.libdir;; 16 | let namespace_flag = ref false;; 17 | let use_all_flag = ref false;; 18 | 19 | let inferences = ref 0;; 20 | let proof_nodes = ref 0;; 21 | let top_num_forms = ref 0;; 22 | let stored_lemmas = ref 0;; 23 | let num_expr = ref 0;; 24 | 25 | let output_dk = ref false;; 26 | let output_lp = ref false;; 27 | let modulo = ref false;; 28 | let modulo_heuri = ref false;; 29 | let modulo_heuri_simple = ref false;; 30 | let debug_rwrt = ref false;; 31 | 32 | let output_sig = ref false;; 33 | let signature_name = ref "";; 34 | let lp_package = ref "";; 35 | let conjecture = ref "";; 36 | let check_axiom = ref false;; 37 | let szs = ref false;; 38 | 39 | let begin_comment() = 40 | if !output_dk then "(;" 41 | else if !output_lp then "/*" 42 | else "(*" 43 | 44 | let end_comment() = 45 | if !output_dk then ";)" 46 | else if !output_lp then "*/" 47 | else "*)" 48 | 49 | let has_a_conjecture = ref true 50 | -------------------------------------------------------------------------------- /regression/examples/cantor/Cantor3.tla: -------------------------------------------------------------------------------- 1 | (* Contributed by Leslie Lamport *) 2 | 3 | -------------- MODULE Cantor3 ------------------ 4 | THEOREM cantor == 5 | \A S : 6 | \A f \in [S -> SUBSET S] : 7 | \E A \in SUBSET S : 8 | \A x \in S : 9 | f [x] # A 10 | PROOF 11 | <1>1. ASSUME NEW S, 12 | NEW f \in [S -> SUBSET S] 13 | PROVE \E A \in SUBSET S : 14 | \A x \in S : f [x] # A 15 | PROOF 16 | <2>1. DEFINE T == {z \in S : z \notin f [z]} 17 | <2>2. \A x \in S : f [x] # T 18 | PROOF 19 | <3>1. ASSUME NEW x \in S 20 | PROVE f[x] # T 21 | PROOF 22 | <4>1. CASE x \in T 23 | PROOF 24 | <5>1. x \notin f [x] 25 | BY <4>1 26 | <5>2. QED BY <5>1 27 | <4>2. CASE x \notin T 28 | PROOF 29 | <5>1. x \in f [x] 30 | BY <4>2 31 | <5>2. QED BY <5>1 32 | 33 | <4>3. QED 34 | BY <4>1, <4>2 35 | <3>2. QED BY <3>1 36 | <2>3. QED 37 | PROOF 38 | <3>1. WITNESS T \in SUBSET S 39 | <3>2. QED BY <2>2 40 | <1>2. QED 41 | PROOF BY <1>1 DEF cantor 42 | =============================================== 43 | -------------------------------------------------------------------------------- /test/test44.znn: -------------------------------------------------------------------------------- 1 | ; Copyright 2006 INRIA 2 | ; $Id: test44.znn,v 1.7 2011-12-28 16:43:33 doligez Exp $ 3 | 4 | ; file: species_general_additive_law.foc 5 | ; species: partially_ordered_additive_monoid 6 | ; property: sum_is_inf_plus_sup 7 | 8 | ; (* to be proved *) 9 | ; (x: abst_T) (y: abst_T) (Is_true 10 | ; ((abst_equal (abst_plus x y) (abst_plus (abst_inf x y) (abst_sup x y)))) 11 | ; ) 12 | ; By 13 | ; abst_minus_substracts: (x: abst_T) (y: abst_T) (z: abst_T) 14 | ; ((Is_true ((abst_equal z (non_failed (abst_minus x y)))) ))-> 15 | ; (Is_true ((abst_equal x (abst_plus y z))) ) abst_equal_reflexive: 16 | ; (x: abst_T) (Is_true ((abst_equal x x)) ) 17 | ; By def 18 | ; abst_sup:= [x: abst_T][y: abst_T](non_failed (abst_minus (abst_plus 19 | ; x y) (abst_inf x y))) 20 | ; (* Qed *). 21 | 22 | $sig abst_equal ("zenon_U" "zenon_U") "bool" 23 | 24 | $def "d" (abst_sup x y) (non_failed (abst_minus (abst_plus x y) (abst_inf x y))) 25 | 26 | $hyp "abst_minus_substracts" 27 | (A. ((x) (A. ((y) (A. ((z) 28 | (=> (Is_true (abst_equal z (non_failed (abst_minus x y)))) 29 | (Is_true (abst_equal x (abst_plus y z)))))))))) 30 | 31 | $hyp "abst_equal_reflexive" 32 | (A. ((x) (Is_true (abst_equal x x)))) 33 | 34 | $goal 35 | (A. ((x) (A. ((y) 36 | (Is_true (abst_equal (abst_plus x y) 37 | (abst_plus (abst_inf x y) (abst_sup x y)))))))) 38 | -------------------------------------------------------------------------------- /test/test63.coz: -------------------------------------------------------------------------------- 1 | (* Copyright 2006 INRIA *) 2 | (* $Id: test63.coz,v 1.8 2008-08-14 14:02:09 doligez Exp $ *) 3 | 4 | (* 5 | ; file: species_general_additive_law.foc 6 | ; species: partially_ordered_additive_monoid 7 | ; property: sup_commutes / __lemma_1_2 8 | *) 9 | 10 | Parameter abst_T : Type. 11 | Parameter abst_equal : abst_T -> abst_T -> bool. 12 | Parameter abst_inf : abst_T -> abst_T -> abst_T. 13 | Parameter abst_sup : abst_T -> abst_T -> abst_T. 14 | Parameter abst_plus : abst_T -> abst_T -> abst_T. 15 | Parameter x : abst_T. 16 | Parameter y : abst_T. 17 | 18 | 19 | Parameter 20 | abst_equal_transitive: forall (x: abst_T) (y: abst_T) (z: abst_T), 21 | ((Is_true ((abst_equal x y)) ))-> 22 | ((Is_true ((abst_equal y z)) ))-> 23 | (Is_true ((abst_equal x z)) ). 24 | Parameter 25 | abst_plus_commutes: forall (x: abst_T) (y: abst_T), (Is_true 26 | ((abst_equal (abst_plus x y) (abst_plus y x))) ). 27 | Parameter abst_equal_symmetric: 28 | forall (x: abst_T) (y: abst_T), 29 | ((Is_true ((abst_equal x y)) ))-> 30 | (Is_true ((abst_equal y x)) ). 31 | Parameter abst_sum_is_inf_plus_sup: forall (x: abst_T) 32 | (y: abst_T), (Is_true 33 | ((abst_equal (abst_plus x y) (abst_plus (abst_inf x y) (abst_sup x 34 | y)))) 35 | ). 36 | 37 | Theorem thm : 38 | (Is_true 39 | ((abst_equal (abst_plus (abst_inf y x ) (abst_sup y x ) ) (abst_plus x y ) )) 40 | ) 41 | . 42 | -------------------------------------------------------------------------------- /zenon_induct.v: -------------------------------------------------------------------------------- 1 | (* Copyright 2008 INRIA *) 2 | (* $Id: zenon_induct.v,v 1.5 2009-07-31 14:18:08 doligez Exp $ *) 3 | 4 | Lemma zenon_induct_match_redex : forall A : Prop, 5 | (A -> False) -> (A -> False). 6 | Proof. tauto. Qed. 7 | 8 | Definition zenon_induct_match_redex_s := 9 | fun A c h => zenon_induct_match_redex A h c 10 | . 11 | 12 | Lemma zenon_induct_f_equal : forall {T1 T2 : Type} (x y : T1) (f : T1 -> T2), 13 | (f x = f y -> False) -> (x = y -> False). 14 | Proof. intros T1 T2 x y f H1 H2. apply H1. subst x. auto. Qed. 15 | 16 | 17 | Definition zenon_induct_f_equal_s := 18 | fun {t1 t2} x y f c h => @zenon_induct_f_equal t1 t2 x y f h c 19 | . 20 | 21 | Lemma zenon_induct_case_subs : forall (T : Type) (b a : T) P, 22 | (b = a -> P(a) -> False) -> b = a -> P(b) -> False. 23 | Proof. intros T b a P H e pa. subst b. apply H; auto. Qed. 24 | 25 | Lemma zenon_induct_allexnot : forall (T : Type) (P : T -> Prop), 26 | ((~ forall x, (P x)) -> False) -> (exists x, ~(P x)) -> False. 27 | Proof. firstorder. Qed. 28 | 29 | Lemma zenon_induct_allnotex : forall (T : Type) (P : T -> Prop), 30 | ((~forall x, ~(P x)) -> False) -> (exists x, (P x)) -> False. 31 | Proof. firstorder. Qed. 32 | 33 | 34 | Definition zenon_induct_allexnot_s := 35 | fun T P c h => zenon_induct_allexnot T P h c 36 | . 37 | Definition zenon_induct_allnotex_s := 38 | fun T P c h => zenon_induct_allnotex T P h c 39 | . 40 | -------------------------------------------------------------------------------- /print.mli: -------------------------------------------------------------------------------- 1 | (* Copyright 2004 INRIA *) 2 | (* $Id: print.mli,v 1.4 2005-11-05 11:13:17 doligez Exp $ *) 3 | 4 | type output = Buff of Buffer.t | Chan of out_channel;; 5 | 6 | val expr : output -> Expr.expr -> unit;; 7 | val expr_soft : output -> Expr.expr -> unit;; 8 | 9 | val phrase : output -> Phrase.phrase -> unit;; 10 | 11 | val hlproof : output -> int -> Mlproof.proof -> unit;; 12 | 13 | val mlproof : output -> Mlproof.proof -> unit;; 14 | val mlproof_rule : output -> Mlproof.rule -> unit;; 15 | val mlproof_rule_soft : output -> Mlproof.rule -> unit;; 16 | 17 | val llproof : output -> Llproof.proof -> unit;; 18 | val llproof_rule_db : Buffer.t -> Llproof.rule -> unit;; 19 | 20 | val sexpr : Expr.expr -> string;; 21 | val sexpr_t : Expr.expr -> string;; 22 | val sexpr_type : Expr.expr -> string;; 23 | 24 | val pp_lst : (Buffer.t -> 'a -> unit) -> string -> Buffer.t -> 'a list -> unit;; 25 | 26 | val pp_expr : Buffer.t -> Expr.expr -> unit;; 27 | val pp_expr_t : Buffer.t -> Expr.expr -> unit;; 28 | val pp_expr_type : Buffer.t -> Expr.expr -> unit;; 29 | val pp_mlrule : Buffer.t -> Mlproof.rule -> unit;; 30 | val pp_phrase : Buffer.t -> Phrase.phrase -> unit;; 31 | 32 | val dots : output -> ?full_output:bool -> ?max_depth:int -> Mlproof.proof list -> unit;; 33 | 34 | val pr_def : Buffer.t -> Expr.definition -> unit;; 35 | 36 | val print_tbl_term : output -> Expr.rwrt_tbl -> unit;; 37 | val print_tbl_prop : output -> Expr.rwrt_tbl -> unit;; 38 | 39 | -------------------------------------------------------------------------------- /test/test35.znn: -------------------------------------------------------------------------------- 1 | ; Copyright 2006 INRIA 2 | ; $Id: test35.znn,v 1.6 2011-12-28 16:43:33 doligez Exp $ 3 | 4 | # file: species_general_set.foc 5 | # species: ordered_lattice 6 | # property: leq_reflexive 7 | 8 | ; (* to be proved *) 9 | ; (x: abst_T) (y: abst_T) 10 | ; ((Is_true ((abst_equal x y)) ))-> 11 | ; (Is_true ((abst_leq x y)) ) 12 | ; By 13 | ; abst_inf_idempotent: (x: abst_T) (y: abst_T) 14 | ; ((Is_true ((abst_equal x y)) ))-> 15 | ; (Is_true ((abst_equal x (abst_inf x y))) ) 16 | ; abst_order_compatible_with_inf: (x: abst_T) (y: abst_T) 17 | ; ((Is_true ((abst_order_inf x y)) ))-> 18 | ; (Is_true ((abst_leq x y)) ) 19 | ; By def abst_order_inf:= [x: abst_T][y: abst_T](abst_equal x (abst_inf x y)) 20 | ; (* Qed *). 21 | 22 | $sig abst_T () "Type" 23 | $sig abst_equal ("abst_T" "abst_T") "bool" 24 | $sig abst_leq ("abst_T" "abst_T") "bool" 25 | $sig abst_inf ("abst_T" "abst_T") "abst_T" 26 | 27 | $def "d" (abst_order_inf x y) (abst_equal x (abst_inf x y)) 28 | 29 | $hyp "abst_inf_idempotent" (A. ((x "abst_T") (A. ((y "abst_T") 30 | (=> (Is_true (abst_equal x y)) 31 | (Is_true (abst_equal x (abst_inf x y)))))))) 32 | 33 | $hyp "abst_order_compatible_with_inf" (A. ((x "abst_T") (A. ((y "abst_T") 34 | (=> (Is_true (abst_order_inf x y)) 35 | (Is_true (abst_leq x y))))))) 36 | 37 | $goal 38 | (A. ((x "abst_T") (A. ((y "abst_T") 39 | (=> (Is_true (abst_equal x y)) 40 | (Is_true (abst_leq x y))))))) 41 | -------------------------------------------------------------------------------- /test/test56.coz: -------------------------------------------------------------------------------- 1 | (* Copyright 2006 INRIA *) 2 | (* $Id: test56.coz,v 1.7 2006-07-20 13:19:21 doligez Exp $ *) 3 | 4 | (* 5 | ; file: species_general_additive_law.foc 6 | ; species: partially_ordered_additive_monoid 7 | ; property: order_inf_reverse_order_sup / __goal_15 8 | *) 9 | 10 | Parameter abst_T : Type. 11 | Parameter abst_equal : abst_T -> abst_T -> bool. 12 | Parameter abst_plus : abst_T -> abst_T -> abst_T. 13 | Parameter abst_inf : abst_T -> abst_T -> abst_T. 14 | Parameter abst_sup : abst_T -> abst_T -> abst_T. 15 | Parameter x : abst_T. 16 | Parameter y : abst_T. 17 | 18 | Definition abst_order_sup:= 19 | (fun (x: abst_T) => (fun (y: abst_T) => (abst_equal x (abst_sup x y)))). 20 | 21 | Parameter 22 | abst_equal_transitive: forall (x: abst_T) (y: abst_T) (z: abst_T), 23 | ((Is_true ((abst_equal x y)) ))-> 24 | ((Is_true ((abst_equal y z)) ))-> 25 | (Is_true ((abst_equal x z)) ). 26 | Parameter 27 | abst_sup_commutes: forall (x: abst_T) (y: abst_T), (Is_true 28 | ((abst_equal (abst_sup x y) (abst_sup y x))) ). 29 | Parameter abst_plus_is_regular: 30 | forall (x: abst_T) (y: abst_T) (z: abst_T), 31 | ((Is_true ((abst_equal (abst_plus x y) (abst_plus x z))) ))-> 32 | (Is_true ((abst_equal y z)) ). 33 | Parameter __lemma_1_1: (Is_true 34 | ((abst_equal 35 | (abst_plus (abst_inf x y ) y ) (abst_plus (abst_inf x y ) (abst_sup x y ) 36 | ) 37 | )) 38 | ). 39 | 40 | Theorem thm : 41 | (Is_true ((abst_order_sup y x )) 42 | ) 43 | . 44 | -------------------------------------------------------------------------------- /test/test47.znn: -------------------------------------------------------------------------------- 1 | ; Copyright 2006 INRIA 2 | ; $Id: test47.znn,v 1.7 2011-12-28 16:43:33 doligez Exp $ 3 | 4 | ; file: species_general_additive_law.foc 5 | ; species: partially_ordered_additive_monoid 6 | ; property: add_absorbes_sup / __lemma_1_1_2 7 | 8 | ; (* to be proved *) 9 | ; (Is_true ((abst_equal x (abst_inf (abst_plus x y ) x ) )) 10 | ; ) 11 | ; By 12 | ; abst_equal_transitive: (x: abst_T) (y: abst_T) (z: abst_T) 13 | ; ((Is_true ((abst_equal x y)) ))-> 14 | ; ((Is_true ((abst_equal y z)) ))-> 15 | ; (Is_true ((abst_equal x z)) ) 16 | ; abst_add_keeps_inf: (x: abst_T) (y: abst_T) (Is_true 17 | ; ((abst_order_inf x (abst_plus x y))) ) abst_inf_commutes: (x: abst_T) 18 | ; (y: abst_T) (Is_true ((abst_equal (abst_inf x y) (abst_inf y x))) ) 19 | ; By def abst_order_inf:= [x: abst_T][y: abst_T](abst_equal x (abst_inf x y)) 20 | ; (* Qed *). 21 | 22 | $sig abst_equal ("zenon_U" "zenon_U") "bool" 23 | 24 | $def "d" (abst_order_inf x y) (abst_equal x (abst_inf x y)) 25 | 26 | $hyp "abst_equal_transitive" 27 | (A. ((x) (A. ((y) (A. ((z) 28 | (=> (Is_true (abst_equal x y)) 29 | (=> (Is_true (abst_equal y z)) 30 | (Is_true (abst_equal x z)))))))))) 31 | 32 | $hyp "abst_add_keeps_inf" 33 | (A. ((x) (A. ((y) (Is_true (abst_order_inf x (abst_plus x y))))))) 34 | 35 | $hyp "abst_inf_commutes" 36 | (A. ((x) (A. ((y) 37 | (Is_true (abst_equal (abst_inf x y) (abst_inf y x))))))) 38 | 39 | $goal 40 | (Is_true (abst_equal x (abst_inf (abst_plus x y) x))) 41 | -------------------------------------------------------------------------------- /regression/features/test_record.tla: -------------------------------------------------------------------------------- 1 | ---- MODULE test_record ---- 2 | 3 | (* <= 7 fields *) 4 | THEOREM [f1 |-> "v1", f2 |-> "v2"] \in [f1 : {"v1"}, f2 : {"v2"}] 5 | OBVIOUS 6 | 7 | (* > 7 fields *) 8 | THEOREM [ 9 | f1 |-> "v1", 10 | f2 |-> "v2", 11 | f3 |-> "v3", 12 | f4 |-> "v4", 13 | f5 |-> "v5", 14 | f6 |-> "v6", 15 | f7 |-> "v7", 16 | f8 |-> "v8", 17 | f9 |-> "v9", 18 | f10 |-> "v10", 19 | f11 |-> "v11", 20 | f12 |-> "v12", 21 | f13 |-> "v13", 22 | f14 |-> "v14", 23 | f15 |-> "v15", 24 | f16 |-> "v16", 25 | f17 |-> "v17", 26 | f18 |-> "v18", 27 | f19 |-> "v19", 28 | f20 |-> "v20", 29 | f21 |-> "v21", 30 | f22 |-> "v22", 31 | f23 |-> "v23", 32 | f24 |-> "v24", 33 | f25 |-> "v25", 34 | f26 |-> "v26", 35 | f27 |-> "v27", 36 | f28 |-> "v28", 37 | f29 |-> "v29", 38 | f30 |-> "v30" 39 | ] \in [ 40 | f1 : {"v1"}, 41 | f2 : {"v2"}, 42 | f3 : {"v3"}, 43 | f4 : {"v4"}, 44 | f5 : {"v5"}, 45 | f6 : {"v6"}, 46 | f7 : {"v7"}, 47 | f8 : {"v8"}, 48 | f9 : {"v9"}, 49 | f10 : {"v10"}, 50 | f11 : {"v11"}, 51 | f12 : {"v12"}, 52 | f13 : {"v13"}, 53 | f14 : {"v14"}, 54 | f15 : {"v15"}, 55 | f16 : {"v16"}, 56 | f17 : {"v17"}, 57 | f18 : {"v18"}, 58 | f19 : {"v19"}, 59 | f20 : {"v20"}, 60 | f21 : {"v21"}, 61 | f22 : {"v22"}, 62 | f23 : {"v23"}, 63 | f24 : {"v24"}, 64 | f25 : {"v25"}, 65 | f26 : {"v26"}, 66 | f27 : {"v27"}, 67 | f28 : {"v28"}, 68 | f29 : {"v29"}, 69 | f30 : {"v30"} 70 | ] 71 | OBVIOUS 72 | 73 | ==== 74 | -------------------------------------------------------------------------------- /zenon.spec: -------------------------------------------------------------------------------- 1 | %define main_version_number 0.7.2 2 | Name: zenon 3 | Version: %{main_version_number} 4 | Release: 0 5 | Summary: The Zenon Theorem prover 6 | Group: Programming 7 | License: Redistribution and use in source and binary forms allowed under conditions 8 | URL: http://focalize.inria.fr 9 | BuildRoot: %{_tmppath}/%{name}-%{version}-root-%(%{__id_u} -n) 10 | Requires: ocaml >= 3.12 11 | Requires: ocaml-runtime >= 3.12 12 | Requires: coq >= 8.3pl2 13 | 14 | # Here are by git base directory in which the toplevel 'focalize' dir lays. 15 | %define sourcedir /home/didou/devel/ssurf 16 | 17 | %description 18 | Provides the Zenon theorem prover. 19 | 20 | %prep 21 | rm -Rf %{_builddir} 22 | mkdir %{_builddir} 23 | cp -Rf %{sourcedir}/focalize %{_builddir} 24 | 25 | %build 26 | cd %{_builddir}/focalize 27 | ./configure --tools_prefix /usr/bin 28 | cd %{_builddir}/focalize/zenon 29 | ./configure --install_prefix $RPM_BUILD_ROOT/usr 30 | make depend 31 | make all 32 | 33 | %install 34 | cd %{_builddir}/focalize/zenon 35 | # Disable sudo since we are not installing in the real final /usr. 36 | make SUDO="" install 37 | 38 | %clean 39 | # Remove the source tree copied to build. 40 | rm -Rf %{_builddir} 41 | # Remove the temporary directory where bins and lib were stored before the 42 | # RPM archive was fully built. 43 | rm -Rf $RPM_BUILD_ROOT 44 | 45 | 46 | %files 47 | %defattr(-,root,root,755) 48 | %doc 49 | /usr/lib/zenon/* 50 | /usr/bin/zenon 51 | 52 | %changelog 53 | -------------------------------------------------------------------------------- /test/test08.znn: -------------------------------------------------------------------------------- 1 | ; Copyright 2006 INRIA 2 | ; $Id: test08.znn,v 1.5 2011-12-28 16:43:33 doligez Exp $ 3 | 4 | # File : COM003+1 5 | # Status : theorem 6 | # Rating : 0.33 7 | $hyp "p1" (=> (E. ((X) (/\ (algorithm X) (A. ((Y) (=> (program Y) (A. ((Z) (decides X Y Z))))))))) (E. ((W) (/\ (program W) (A. ((Y) (=> (program Y) (A. ((Z) (decides W Y Z)))))))))) 8 | $hyp "p2" (A. ((W) (=> (/\ (program W) (A. ((Y) (=> (program Y) (A. ((Z) (decides W Y Z))))))) (A. ((Y) (A. ((Z) (/\ (=> (/\ (program Y) (halts2 Y Z)) (/\ (halts3 W Y Z) (outputs W (good)))) (=> (/\ (program Y) (-. (halts2 Y Z))) (/\ (halts3 W Y Z) (outputs W (bad)))))))))))) 9 | $hyp "p3" (=> (E. ((W) (/\ (program W) (A. ((Y) (/\ (=> (/\ (program Y) (halts2 Y Y)) (/\ (halts3 W Y Y) (outputs W (good)))) (=> (/\ (program Y) (-. (halts2 Y Y))) (/\ (halts3 W Y Y) (outputs W (bad)))))))))) (E. ((V) (/\ (program V) (A. ((Y) (/\ (=> (/\ (program Y) (halts2 Y Y)) (/\ (halts2 V Y) (outputs V (good)))) (=> (/\ (program Y) (-. (halts2 Y Y))) (/\ (halts2 V Y) (outputs V (bad))))))))))) 10 | $hyp "p4" (=> (E. ((V) (/\ (program V) (A. ((Y) (/\ (=> (/\ (program Y) (halts2 Y Y)) (/\ (halts2 V Y) (outputs V (good)))) (=> (/\ (program Y) (-. (halts2 Y Y))) (/\ (halts2 V Y) (outputs V (bad)))))))))) (E. ((U) (/\ (program U) (A. ((Y) (/\ (=> (/\ (program Y) (halts2 Y Y)) (-. (halts2 U Y))) (=> (/\ (program Y) (-. (halts2 Y Y))) (/\ (halts2 U Y) (outputs U (bad))))))))))) 11 | # [negated] conjecture : prove_this 12 | $goal (-. (E. ((X1) (/\ (algorithm X1) (A. ((Y1) (=> (program Y1) (A. ((Z1) (decides X1 Y1 Z1)))))))))) 13 | -------------------------------------------------------------------------------- /misc.mli: -------------------------------------------------------------------------------- 1 | (* Copyright 1997 INRIA *) 2 | (* $Id: misc.mli,v 1.22 2012-04-24 17:32:04 doligez Exp $ *) 3 | 4 | val index : int -> 'a -> 'a list -> int;; 5 | val ( @@ ) : 'a list -> 'a list -> 'a list;; 6 | val list_init : int -> (unit -> 'a) -> 'a list;; 7 | val list_last : 'a list -> 'a;; 8 | val list_iteri : (int -> 'a -> unit) -> 'a list -> unit;; 9 | val list_iter3 : 10 | ('a -> 'b -> 'c -> unit) -> 'a list -> 'b list -> 'c list -> unit 11 | ;; 12 | val list_fold_left3 : 13 | ('accu -> 'a -> 'b -> 'c -> 'accu) -> 'accu -> 'a list -> 'b list -> 'c list 14 | -> 'accu 15 | ;; 16 | val list_mapi : ('a -> int -> 'b) -> 'a list -> int -> 'b list;; 17 | val list_map3 : 18 | ('a -> 'b -> 'c -> 'd) -> 'a list -> 'b list -> 'c list -> 'd list 19 | ;; 20 | val list_map4 : 21 | ('a -> 'b -> 'c -> 'd -> 'e) 22 | -> 'a list -> 'b list -> 'c list -> 'd list -> 'e list 23 | ;; 24 | val list_nth_tail : 'a list -> int -> 'a list;; 25 | 26 | (** Sort the list and remove duplicates. *) 27 | val list_sort_unique : ('a -> 'a -> int) -> 'a list -> 'a list;; 28 | 29 | val list_indexq : 'a -> 'a list -> int;; 30 | 31 | val string_split : string -> string list;; 32 | val occurs : string -> string -> bool;; 33 | 34 | (** [is_prefix pre str] is [true] iff [pre] is a prefix of [str]. *) 35 | val is_prefix : string -> string -> bool;; 36 | 37 | val replace_first : string -> string -> string -> string;; 38 | val isalnum : char -> bool;; 39 | val isdigit : char -> bool;; 40 | 41 | val debug : ('a, out_channel, unit) format -> 'a;; 42 | 43 | val base26 : int -> string;; 44 | -------------------------------------------------------------------------------- /test/test67.coz: -------------------------------------------------------------------------------- 1 | (* Copyright 2006 INRIA *) 2 | (* $Id: test67.coz,v 1.7 2006-07-20 13:19:21 doligez Exp $ *) 3 | 4 | (* 5 | ; file: species_general_additive_law.foc 6 | ; species: partially_ordered_additive_monoid 7 | ; property: sup_commutes / __goal_13 8 | *) 9 | 10 | Parameter abst_T : Type. 11 | Parameter abst_equal : abst_T -> abst_T -> bool. 12 | Parameter abst_inf : abst_T -> abst_T -> abst_T. 13 | Parameter abst_sup : abst_T -> abst_T -> abst_T. 14 | Parameter abst_plus : abst_T -> abst_T -> abst_T. 15 | Parameter x : abst_T. 16 | Parameter y : abst_T. 17 | 18 | Parameter 19 | abst_equal_symmetric: forall (x: abst_T) (y: abst_T), 20 | ((Is_true ((abst_equal x y)) ))-> 21 | (Is_true ((abst_equal y x)) ). 22 | Parameter abst_equal_transitive: forall (x: abst_T) 23 | (y: abst_T) (z: abst_T), 24 | ((Is_true ((abst_equal x y)) ))-> 25 | ((Is_true ((abst_equal y z)) ))-> 26 | (Is_true ((abst_equal x z)) ). 27 | Parameter 28 | __lemma_1_3: 29 | ((Is_true 30 | ((abst_equal 31 | (abst_plus (abst_inf y x ) (abst_sup y x ) ) 32 | (abst_plus (abst_inf y x ) (abst_sup x y ) ) 33 | )) 34 | ))-> 35 | 36 | (Is_true ((abst_equal (abst_sup y x ) (abst_sup x y ) )) ). 37 | Parameter __lemma_1_2: 38 | (Is_true 39 | ((abst_equal (abst_plus (abst_inf y x ) (abst_sup y x ) ) (abst_plus x y ) 40 | )) 41 | ). 42 | Parameter __lemma_1_1: (Is_true 43 | ((abst_equal (abst_plus x y ) (abst_plus (abst_inf y x ) (abst_sup x y ) ) 44 | )) 45 | ). 46 | 47 | Theorem thm : 48 | (Is_true ((abst_equal (abst_sup x y ) (abst_sup y x ) )) 49 | ) 50 | . 51 | -------------------------------------------------------------------------------- /test/test59.coz: -------------------------------------------------------------------------------- 1 | (* Copyright 2006 INRIA *) 2 | (* $Id: test59.coz,v 1.7 2006-07-20 13:19:21 doligez Exp $ *) 3 | 4 | (* 5 | ; file: species_general_additive_law.foc 6 | ; species: partially_ordered_additive_monoid 7 | ; property: order_inf_reverses_order_sup / __goal_19 8 | *) 9 | 10 | Parameter abst_T : Type. 11 | Parameter abst_equal : abst_T -> abst_T -> bool. 12 | Parameter abst_plus : abst_T -> abst_T -> abst_T. 13 | Parameter abst_inf : abst_T -> abst_T -> abst_T. 14 | Parameter abst_sup : abst_T -> abst_T -> abst_T. 15 | Parameter xx : abst_T. 16 | Parameter yy : abst_T. 17 | 18 | Definition abst_order_inf:= 19 | (fun (x: abst_T) => (fun (y: abst_T) => (abst_equal x (abst_inf x y)))). 20 | 21 | Parameter 22 | abst_equal_transitive: forall (x: abst_T) (y: abst_T) (z: abst_T), 23 | ((Is_true ((abst_equal x y)) ))-> 24 | ((Is_true ((abst_equal y z)) ))-> 25 | (Is_true ((abst_equal x z)) ). 26 | Parameter 27 | abst_inf_commutes: forall (x: abst_T) (y: abst_T), (Is_true 28 | ((abst_equal (abst_inf x y) (abst_inf y x))) ). 29 | Parameter abst_plus_is_regular: 30 | forall (x: abst_T) (y: abst_T) (z: abst_T), 31 | ((Is_true ((abst_equal (abst_plus x y) (abst_plus x z))) ))-> 32 | (Is_true ((abst_equal y z)) ). 33 | Parameter __lemma_2_2: (Is_true 34 | ((abst_equal 35 | (abst_plus (abst_inf xx yy ) (abst_sup xx yy ) ) 36 | (abst_plus (abst_sup xx yy ) (abst_inf xx yy ) ) 37 | )) 38 | ). 39 | Parameter __lemma_2_1: (Is_true 40 | ((abst_equal 41 | (abst_plus (abst_sup xx yy ) yy ) 42 | (abst_plus (abst_inf xx yy ) (abst_sup xx yy ) ) 43 | )) 44 | ). 45 | 46 | Theorem thm : 47 | (Is_true ((abst_order_inf yy xx )) 48 | ) 49 | . 50 | -------------------------------------------------------------------------------- /progress.ml: -------------------------------------------------------------------------------- 1 | (* Copyright 2005 INRIA *) 2 | Version.add "$Id: 4fb251eb2902926efcda56d34547d96152219fcc $";; 3 | 4 | open Printf;; 5 | 6 | type progress = No | Bar | Msg;; 7 | let level = ref Bar;; 8 | 9 | let progress_cur = ref (-1);; 10 | let progress_char = ref 0;; 11 | let progress_anim = "/-\\|";; 12 | let backspace = '\008';; 13 | 14 | let do_progress f bar = 15 | match !level with 16 | | No -> () 17 | | Bar -> 18 | let tm = Sys.time () in 19 | let cur = int_of_float (60. *. tm /. !Globals.time_limit) in 20 | if !progress_cur = -1 then begin 21 | eprintf "%s" (String.make 61 ' '); 22 | eprintf "%s" (String.make 60 backspace); 23 | progress_cur := 0; 24 | end; 25 | progress_char := (!progress_char + 1) mod (String.length progress_anim); 26 | if cur = !progress_cur + 1 then begin 27 | eprintf "%c*%c" backspace progress_anim.[!progress_char]; 28 | progress_cur := cur; 29 | end else if cur > !progress_cur then begin 30 | eprintf "%c" backspace; 31 | for _ = !progress_cur to cur - 1 do 32 | eprintf "%c" bar; 33 | done; 34 | eprintf "%c" (progress_anim.[!progress_char]); 35 | progress_cur := cur; 36 | end else begin 37 | eprintf "%c%c" backspace (progress_anim.[!progress_char]); 38 | end; 39 | flush stderr; 40 | | Msg -> 41 | flush stdout; 42 | flush stderr; 43 | f (); 44 | flush stdout; 45 | flush stderr; 46 | ;; 47 | 48 | let end_progress msg = 49 | match !level with 50 | | No -> () 51 | | Bar -> eprintf "\r"; flush stderr; 52 | | Msg -> if msg <> "" then (eprintf "%s\n" msg; flush stderr) 53 | ;; 54 | -------------------------------------------------------------------------------- /test/test55.coz: -------------------------------------------------------------------------------- 1 | (* Copyright 2006 INRIA *) 2 | (* $Id: test55.coz,v 1.7 2006-07-20 13:19:21 doligez Exp $ *) 3 | 4 | (* 5 | ; file: species_general_additive_law.foc 6 | ; species: partially_ordered_additive_monoid 7 | ; property: order_inf_reverse_order_sup / __lemma_1_1 8 | *) 9 | 10 | Parameter abst_T : Type. 11 | Parameter abst_equal : abst_T -> abst_T -> bool. 12 | Parameter abst_plus : abst_T -> abst_T -> abst_T. 13 | Parameter abst_inf : abst_T -> abst_T -> abst_T. 14 | Parameter abst_sup : abst_T -> abst_T -> abst_T. 15 | Parameter x : abst_T. 16 | Parameter y : abst_T. 17 | 18 | Definition abst_order_inf:= 19 | (fun (x: abst_T) => (fun (y: abst_T) => (abst_equal x (abst_inf x y)))). 20 | 21 | Parameter 22 | abst_equal_symmetric: forall (x: abst_T) (y: abst_T), 23 | ((Is_true ((abst_equal x y)) ))-> 24 | (Is_true ((abst_equal y x)) ). 25 | Parameter 26 | abst_equal_transitive: forall (x: abst_T) 27 | (y: abst_T) (z: abst_T), 28 | ((Is_true ((abst_equal x y)) ))-> 29 | ((Is_true ((abst_equal y z)) ))-> 30 | (Is_true ((abst_equal x z)) ). 31 | Parameter 32 | H_1_1: (Is_true ((abst_order_inf x y )) ). 33 | Parameter 34 | abst_plus_is_left_congruence: 35 | forall (x: abst_T) (y: abst_T) (z: abst_T), 36 | ((Is_true ((abst_equal x y)) ))-> 37 | (Is_true ((abst_equal (abst_plus x z) (abst_plus y z))) ). 38 | Parameter 39 | abst_sum_is_inf_plus_sup: forall (x: abst_T) (y: abst_T), (Is_true 40 | ((abst_equal (abst_plus x y) (abst_plus (abst_inf x y) (abst_sup x 41 | y)))) 42 | ). 43 | 44 | Theorem thm : 45 | (Is_true 46 | ((abst_equal 47 | (abst_plus (abst_inf x y ) y ) (abst_plus (abst_inf x y ) (abst_sup x y ) ) 48 | )) 49 | ). 50 | -------------------------------------------------------------------------------- /test/test57.coz: -------------------------------------------------------------------------------- 1 | (* Copyright 2006 INRIA *) 2 | (* $Id: test57.coz,v 1.7 2006-07-20 13:19:21 doligez Exp $ *) 3 | 4 | (* 5 | ; file: species_general_additive_law.foc 6 | ; species: partially_ordered_additive_monoid 7 | ; property: order_inf_reverse_order_sup / __lemma_2_1 8 | *) 9 | 10 | Parameter abst_T : Type. 11 | Parameter abst_equal : abst_T -> abst_T -> bool. 12 | Parameter abst_plus : abst_T -> abst_T -> abst_T. 13 | Parameter abst_inf : abst_T -> abst_T -> abst_T. 14 | Parameter abst_sup : abst_T -> abst_T -> abst_T. 15 | Parameter xx : abst_T. 16 | Parameter yy : abst_T. 17 | 18 | Definition abst_order_sup:= 19 | (fun (x: abst_T) => (fun (y: abst_T) => (abst_equal x (abst_sup x y)))). 20 | 21 | Parameter 22 | abst_equal_symmetric: forall (x: abst_T) (y: abst_T), 23 | ((Is_true ((abst_equal x y)) ))-> 24 | (Is_true ((abst_equal y x)) ). 25 | Parameter abst_equal_transitive: forall (x: abst_T) 26 | (y: abst_T) (z: abst_T), 27 | ((Is_true ((abst_equal x y)) ))-> 28 | ((Is_true ((abst_equal y z)) ))-> 29 | (Is_true ((abst_equal x z)) ). 30 | Parameter 31 | HH_1_2: (Is_true ((abst_order_sup xx yy )) ). 32 | Parameter abst_plus_is_left_congruence: 33 | forall (x: abst_T) (y: abst_T) (z: abst_T), 34 | ((Is_true ((abst_equal x y)) ))-> 35 | (Is_true ((abst_equal (abst_plus x z) (abst_plus y z))) ). 36 | Parameter 37 | abst_sum_is_inf_plus_sup: forall (x: abst_T) (y: abst_T), (Is_true 38 | ((abst_equal (abst_plus x y) (abst_plus (abst_inf x y) (abst_sup x 39 | y)))) 40 | ). 41 | 42 | Theorem thm : 43 | (Is_true 44 | ((abst_equal 45 | (abst_plus (abst_sup xx yy ) yy ) 46 | (abst_plus (abst_inf xx yy ) (abst_sup xx yy ) ) 47 | )) 48 | ) 49 | . 50 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | Copyright (c) 1997-2015, Institut National de Recherche en 2 | Informatique et en Automatique (INRIA) 3 | 4 | All rights reserved. 5 | 6 | Redistribution and use in source and binary forms, with or without 7 | modification, are permitted provided that the following conditions are 8 | met: 9 | 10 | * Redistributions of source code must retain the above copyright notice, 11 | this list of conditions and the following disclaimer. 12 | 13 | * Redistributions in binary form must reproduce the above copyright 14 | notice, this list of conditions and the following disclaimer in the 15 | documentation and/or other materials provided with the 16 | distribution. 17 | 18 | * Neither the name of INRIA nor the names of its contributors may 19 | be used to endorse or promote products derived from this software 20 | without specific prior written permission. 21 | 22 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 23 | "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 24 | LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 25 | A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 26 | OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 27 | SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 28 | LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 29 | DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 30 | THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 31 | (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 32 | OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 33 | 34 | $Id: LICENSE,v 1.3 2006-03-01 14:40:06 doligez Exp $ 35 | -------------------------------------------------------------------------------- /test/test46.znn: -------------------------------------------------------------------------------- 1 | ; Copyright 2006 INRIA 2 | ; $Id: test46.znn,v 1.7 2011-12-28 16:43:33 doligez Exp $ 3 | 4 | ; file: species_general_additive_law.foc 5 | ; species: partially_ordered_additive_monoid 6 | ; property: add_absorbes_sup / __lemma_1_1_1 7 | 8 | ; (* to be proved *) 9 | ; (Is_true 10 | ; ((abst_equal 11 | ; (abst_plus x (abst_plus x y ) ) 12 | ; (abst_plus (abst_inf (abst_plus x y ) x ) (abst_sup (abst_plus x y ) x ) ) 13 | ; )) 14 | ; ) 15 | ; By 16 | ; abst_equal_transitive: (x: abst_T) (y: abst_T) (z: abst_T) 17 | ; ((Is_true ((abst_equal x y)) ))-> 18 | ; ((Is_true ((abst_equal y z)) ))-> 19 | ; (Is_true ((abst_equal x z)) ) 20 | ; abst_plus_commutes: (x: abst_T) (y: abst_T) (Is_true 21 | ; ((abst_equal (abst_plus x y) (abst_plus y x))) ) 22 | ; abst_sum_is_inf_plus_sup: (x: abst_T) (y: abst_T) (Is_true 23 | ; ((abst_equal (abst_plus x y) (abst_plus (abst_inf x y) (abst_sup x 24 | ; y)))) 25 | ; ) 26 | ; By def 27 | ; (* Qed *). 28 | 29 | $sig abst_equal ("zenon_U" "zenon_U") "bool" 30 | 31 | $hyp "abst_equal_transitive" 32 | (A. ((x) (A. ((y) (A. ((z) 33 | (=> (Is_true (abst_equal x y)) 34 | (=> (Is_true (abst_equal y z)) 35 | (Is_true (abst_equal x z)))))))))) 36 | 37 | $hyp "abst_plus_commutes" 38 | (A. ((x) (A. ((y) 39 | (Is_true (abst_equal (abst_plus x y) (abst_plus y x))))))) 40 | 41 | $hyp "abst_sum_is_inf_plus_sup" 42 | (A. ((x) (A. ((y) 43 | (Is_true (abst_equal (abst_plus x y) 44 | (abst_plus (abst_inf x y) (abst_sup x y)))))))) 45 | 46 | $goal 47 | (Is_true (abst_equal (abst_plus x (abst_plus x y)) 48 | (abst_plus (abst_inf (abst_plus x y) x) 49 | (abst_sup (abst_plus x y) x)))) 50 | -------------------------------------------------------------------------------- /regression/examples/consensus/Consensus.tla: -------------------------------------------------------------------------------- 1 | ----------------------------- MODULE Consensus ------------------------------ 2 | EXTENDS Naturals, Sets, TLAPS 3 | 4 | CONSTANT Value 5 | 6 | VARIABLE chosen 7 | 8 | Init == chosen = {} 9 | Next == /\ chosen = {} 10 | /\ \E v \in Value : chosen' = {v} 11 | Spec == Init /\ [][Next]_chosen 12 | 13 | ----------------------------------------------------------------------------- 14 | 15 | Inv == /\ chosen \subseteq Value 16 | /\ IsFiniteSet(chosen) 17 | /\ Cardinality(chosen) \leq 1 18 | 19 | ----------------------------------------------------------------------------- 20 | 21 | THEOREM Invariance == Spec => []Inv 22 | 23 | <1>1 Init => Inv 24 | <2>1 0 \leq 1 PROOF BY Arithmetic 25 | <2>2 QED PROOF BY <2>1, CardinalityZero DEF Init, Inv 26 | 27 | <1>2 Inv /\ [Next]_chosen => Inv' 28 | <2>1 SUFFICES ASSUME Inv, [Next]_chosen 29 | PROVE Inv' 30 | PROOF BY <2>1 31 | <2>2 SUFFICES /\ chosen' \subseteq Value 32 | /\ IsFiniteSet(chosen') 33 | /\ Cardinality(chosen') \leq 1 34 | PROOF BY DEF Inv, IsFiniteSet, IsBijection 35 | <2>3 USE DEF Inv, Next 36 | <2>4 CASE UNCHANGED chosen PROOF BY <2>1, <2>4 DEF IsFiniteSet 37 | <2>5 CASE Next 38 | <3>1 1 \leq 1 PROOF BY Arithmetic 39 | <3>2 PICK v \in Value : chosen' = {v} PROOF BY <2>5 40 | <3>3 /\ Cardinality({v}) \leq 1 41 | /\ IsFiniteSet({v}) 42 | PROOF BY <3>1, CardinalityOne 43 | <3>4 QED PROOF BY <3>1, <3>2, <3>3 44 | 45 | <2>6 QED PROOF BY <2>1, <2>4, <2>5 46 | 47 | <1>3 QED BY <1>1, <1>2, Inv1 DEF Spec 48 | 49 | ============================================================================= 50 | -------------------------------------------------------------------------------- /enum.mli: -------------------------------------------------------------------------------- 1 | (* Copyright 2009 INRIA *) 2 | (* $Id: enum.mli,v 1.2 2009-10-07 12:20:59 doligez Exp $ *) 3 | 4 | (** Expansion of repeating text with counters. *) 5 | 6 | (** A template is a string of the form [s1 sep s2] where [s1] and [s2] 7 | are identical except for occurrences of nonnegative numbers, and 8 | [sep] doesn't contain any digit. [sep] may be empty and there 9 | may or may not be spaces between [s1] and [sep] and between [sep] 10 | and [s2]. 11 | 12 | Examples: 13 | - [e1, e2] 14 | - [foo1 (foo2 (] 15 | - [f (f (] 16 | - [aaa, aaa] 17 | 18 | In case of ambiguity, [sep] is taken of minimal length. For 19 | example: 20 | - [aaaa] -> ["aa" / "" / "aa"] 21 | 22 | *) 23 | 24 | exception Bad_template of string;; 25 | exception Bad_number of int;; 26 | 27 | (** Expand a template. *) 28 | val expand_string : int -> string -> string;; 29 | 30 | (** Expand a template in reverse order. *) 31 | val expand_string_rev : int -> string -> string;; 32 | 33 | (** 34 | [expand_text p text] expands all the templates found between [@@@] and 35 | [...] in [text]. If a template is followed by [\[n+]i[\]] where i 36 | is an integer, expand it to [p]+i terms. If followed by [\[n-]i[\]], 37 | expand it to [p]-i terms. If followed by nothing or [[n]], expand it 38 | to [p] terms. If you need to write [\[n] right after a template, 39 | you must prefix it with [[n]]. 40 | 41 | If a template starts and ends with a newline (LF or CRLF), and 42 | it doesn't work as a plain template, remove the first and last 43 | newlines and try again. 44 | 45 | If a template is ill-formed, raise [Bad_template]. If the number 46 | of terms is negative, raise [Bad_number]. 47 | *) 48 | val expand_text : int -> string -> string;; 49 | -------------------------------------------------------------------------------- /test/test45.znn: -------------------------------------------------------------------------------- 1 | ; Copyright 2006 INRIA 2 | ; $Id: test45.znn,v 1.8 2011-12-28 16:43:33 doligez Exp $ 3 | 4 | ; file: species_general_additive_law.foc 5 | ; species: partially_ordered_additive_monoid 6 | ; property: add_absorbes_sup 7 | 8 | ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; 9 | ;; Zenon cannot solve this problem yet 10 | ;; hence the following line 11 | ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; 12 | $hyp "h00" F. 13 | 14 | $sig abst_equal ("zenon_U" "zenon_U") "bool" 15 | 16 | $def "d1" (abst_order_inf x y) (abst_equal x (abst_inf x y)) 17 | $def "d2" (abst_order_sup x y) (abst_equal x (abst_sup x y)) 18 | 19 | $hyp "abst_plus_is_left_congruence" 20 | (A. ((x) (A. ((y) (A. ((z) 21 | (=> (Is_true (abst_equal x y)) 22 | (Is_true (abst_equal (abst_plus x z) (abst_plus y z)))))))))) 23 | 24 | $hyp "abst_equal_transitive" 25 | (A. ((x) (A. ((y) (A. ((z) 26 | (=> (Is_true (abst_equal x y)) 27 | (=> (Is_true (abst_equal y z)) 28 | (Is_true (abst_equal x z)))))))))) 29 | 30 | $hyp "abst_plus_is_regular" 31 | (A. ((x) (A. ((y) (A. ((z) 32 | (=> (Is_true (abst_equal (abst_plus x y) (abst_plus x z))) 33 | (Is_true (abst_equal y z))))))))) 34 | 35 | $hyp "abst_plus_commutes" 36 | (A. ((x) (A. ((y) 37 | (Is_true (abst_equal (abst_plus x y) (abst_plus y x))))))) 38 | 39 | $hyp "abst_add_keeps_inf" 40 | (A. ((x) (A. ((y) (Is_true (abst_order_inf x (abst_plus x y))))))) 41 | 42 | $hyp "abst_inf_commutes" 43 | (A. ((x) (A. ((y) 44 | (Is_true (abst_equal (abst_inf x y) (abst_inf y x))))))) 45 | 46 | $hyp "abst_sum_is_inf_plus_sup" 47 | (A. ((x) (A. ((y) 48 | (Is_true (abst_equal (abst_plus x y) 49 | (abst_plus (abst_inf x y) (abst_sup x y)))))))) 50 | 51 | $goal 52 | (A. ((x) (A. ((y) 53 | (Is_true (abst_order_sup (abst_plus x y) x)))))) 54 | -------------------------------------------------------------------------------- /test/test33.znn: -------------------------------------------------------------------------------- 1 | ; Copyright 2006 INRIA 2 | ; $Id: test33.znn,v 1.6 2011-12-28 16:43:33 doligez Exp $ 3 | 4 | # file: species_general_set.foc 5 | # species: lattice 6 | # property: order_inf_is_antisymmetric 7 | 8 | # (* to be proved *) 9 | #(x: abst_T) (y: abst_T) 10 | #((Is_true ((abst_order_inf x y)) ))-> 11 | # ((Is_true ((abst_order_inf y x)) ))-> 12 | # (Is_true ((abst_equal x y)) ) 13 | #By 14 | # abst_equal_transitive: (x: abst_T) (y: abst_T) (z: abst_T) 15 | # ((Is_true ((abst_equal x y)) ))-> 16 | # ((Is_true ((abst_equal y z)) ))-> 17 | # (Is_true ((abst_equal x z)) ) 18 | # abst_equal_symmetric: (x: abst_T) (y: abst_T) 19 | # ((Is_true ((abst_equal x y)) ))-> 20 | # (Is_true ((abst_equal y x)) ) 21 | #abst_inf_commutes: (x: abst_T) (y: abst_T) 22 | # (Is_true ((abst_equal (abst_inf x y) (abst_inf y x))) ) 23 | #By def abst_order_inf:= [x: abst_T][y: abst_T](abst_equal x (abst_inf x y)) 24 | #(* Qed *). 25 | 26 | $sig abst_T () "Type" 27 | $sig abst_equal ("abst_T" "abst_T") "bool" 28 | $sig abst_inf ("abst_T" "abst_T") "abst_T" 29 | 30 | $def "d" (abst_order_inf x y) (abst_equal x (abst_inf x y)) 31 | 32 | $hyp "h1" (A. ((x "abst_T") (A. ((y "abst_T") (A. ((z "abst_T") 33 | (=> (Is_true (abst_equal x y)) 34 | (=> (Is_true (abst_equal y z)) 35 | (Is_true (abst_equal x z)))))))))) 36 | 37 | $hyp "h2" (A. ((x "abst_T") (A. ((y "abst_T") 38 | (=> (Is_true (abst_equal x y)) (Is_true (abst_equal y x))))))) 39 | 40 | $hyp "abst_inf_commutes" 41 | (A. ((x "abst_T") (A. ((y "abst_T") 42 | (Is_true (abst_equal (abst_inf x y) (abst_inf y x))))))) 43 | 44 | $goal 45 | (A. ((x "abst_T") (A. ((y "abst_T") 46 | (=> (Is_true (abst_order_inf x y)) 47 | (=> (Is_true (abst_order_inf y x)) 48 | (Is_true (abst_equal x y)))))))) 49 | -------------------------------------------------------------------------------- /test/test40.znn: -------------------------------------------------------------------------------- 1 | ; Copyright 2006 INRIA 2 | ; $Id: test40.znn,v 1.7 2011-12-28 16:43:33 doligez Exp $ 3 | 4 | ; file: species_general_additive_law.foc 5 | ; species: partially_ordered_additive_monoid 6 | ; property: min_is_min / __goal_6 7 | 8 | ; (* to be proved *) 9 | ; (Is_true ((abst_equal abst_min (abst_inf abst_min x ) )) 10 | ; ) 11 | ; By 12 | ; abst_equal_transitive: (x: abst_T) (y: abst_T) (z: abst_T) 13 | ; ((Is_true ((abst_equal x y)) ))-> 14 | ; ((Is_true ((abst_equal y z)) ))-> 15 | ; (Is_true ((abst_equal x z)) ) 16 | ; abst_inf_congruence: (x: abst_T) (y: abst_T) (z: abst_T) 17 | ; ((Is_true ((abst_equal x y)) ))-> 18 | ; (and (Is_true ((abst_equal (abst_inf x z) (abst_inf y z))) ) (Is_true 19 | ; ((abst_equal (abst_inf z x) (abst_inf z y))) )) 20 | ; abst_add_keeps_inf: (x: abst_T) (y: abst_T) (Is_true 21 | ; ((abst_order_inf x (abst_plus x y))) ) __lemma_1_1: (Is_true 22 | ; ((abst_equal (abst_plus abst_min x ) x )) ) 23 | ; By def abst_order_inf:= [x: abst_T][y: abst_T](abst_equal x (abst_inf x y)) 24 | ; (* Qed *). 25 | 26 | $sig abst_equal ("zenon_U" "zenon_U") "bool" 27 | 28 | $def "d" (abst_order_inf x y) (abst_equal x (abst_inf x y)) 29 | 30 | $hyp "abst_equal_transitive" 31 | (A. ((x) (A. ((y) (A. ((z) 32 | (=> (Is_true (abst_equal x y)) 33 | (=> (Is_true (abst_equal y z)) 34 | (Is_true (abst_equal x z)))))))))) 35 | 36 | $hyp "abst_inf_congruence" 37 | (A. ((x) (A. ((y) (A. ((z) 38 | (=> (Is_true (abst_equal x y)) 39 | (/\ (Is_true (abst_equal (abst_inf x z) (abst_inf y z))) 40 | (Is_true (abst_equal (abst_inf z x) (abst_inf z y))))))))))) 41 | 42 | $hyp "abst_add_keeps_inf" 43 | (A. ((x) (A. ((y) (Is_true (abst_order_inf x (abst_plus x y))))))) 44 | 45 | $hyp "__lemma_1_1" 46 | (Is_true (abst_equal (abst_plus abst_min x) x)) 47 | 48 | $goal 49 | (Is_true (abst_equal abst_min (abst_inf abst_min x))) 50 | -------------------------------------------------------------------------------- /test/test41.znn: -------------------------------------------------------------------------------- 1 | ; Copyright 2006 INRIA 2 | ; $Id: test41.znn,v 1.6 2011-12-28 16:43:33 doligez Exp $ 3 | 4 | ; file: species_general_set.foc 5 | ; species: lattice 6 | ; property: order_inf_is_transitive / __lemma_1_1 7 | 8 | ; (* to be proved *) 9 | ; (Is_true ((abst_equal x (abst_inf x (abst_inf y z ) ) )) 10 | ; ) 11 | ; By 12 | ; abst_equal_transitive: (x: abst_T) (y: abst_T) (z: abst_T) 13 | ; ((Is_true ((abst_equal x y)) ))-> 14 | ; ((Is_true ((abst_equal y z)) ))-> 15 | ; (Is_true ((abst_equal x z)) ) 16 | ; abst_inf_congruence: (x: abst_T) (y: abst_T) (z: abst_T) 17 | ; ((Is_true ((abst_equal x y)) ))-> 18 | ; (and (Is_true ((abst_equal (abst_inf x z) (abst_inf y z))) ) (Is_true 19 | ; ((abst_equal (abst_inf z x) (abst_inf z y))) )) 20 | ; H2_1_1: (Is_true ((abst_order_inf y z )) ) H1_1_1: (Is_true 21 | ; ((abst_order_inf x y )) ) 22 | ; By def abst_order_inf:= [x: abst_T][y: abst_T](abst_equal x (abst_inf x y)) 23 | ; (* Qed *). 24 | 25 | $sig abst_T () "Type" 26 | $sig abst_equal ("abst_T" "abst_T") "bool" 27 | $sig abst_inf ("abst_T" "abst_T") "abst_T" 28 | 29 | $def "d" (abst_order_inf x y) (abst_equal x (abst_inf x y)) 30 | 31 | $hyp "abst_equal_transitive" 32 | (A. ((x "abst_T") (A. ((y "abst_T") (A. ((z "abst_T") 33 | (=> (Is_true (abst_equal x y)) 34 | (=> (Is_true (abst_equal y z)) 35 | (Is_true (abst_equal x z)))))))))) 36 | 37 | $hyp "abst_inf_congruence" 38 | (A. ((x "abst_T") (A. ((y "abst_T") (A. ((z "abst_T") 39 | (=> (Is_true (abst_equal x y)) 40 | (/\ (Is_true (abst_equal (abst_inf x z) (abst_inf y z))) 41 | (Is_true (abst_equal (abst_inf z x) (abst_inf z y))))))))))) 42 | 43 | $sig x () "abst_T" 44 | $sig y () "abst_T" 45 | $sig z () "abst_T" 46 | 47 | $hyp "H2_1_1" 48 | (Is_true (abst_order_inf y z)) 49 | 50 | $hyp "H1_1_1" 51 | (Is_true (abst_order_inf x y)) 52 | 53 | $goal 54 | (Is_true (abst_equal x (abst_inf x (abst_inf y z)))) 55 | -------------------------------------------------------------------------------- /extension.mli: -------------------------------------------------------------------------------- 1 | (* Copyright 2004 INRIA *) 2 | (* $Id: extension.mli,v 1.13 2012-02-24 14:31:28 doligez Exp $ *) 3 | 4 | type translator = 5 | (Expr.expr -> Expr.expr) -> 6 | Mlproof.proof -> 7 | (Llproof.prooftree * Expr.expr list) array -> 8 | Llproof.prooftree * Expr.expr list 9 | ;; 10 | 11 | type t = { 12 | name : string; 13 | newnodes : 14 | Expr.expr -> 15 | Expr.goalness -> 16 | (Expr.expr * Expr.goalness) list -> 17 | Node.node_item list; 18 | make_inst : Expr.expr -> Expr.expr -> Expr.goalness -> Node.node list; 19 | add_formula : Expr.expr -> unit; 20 | remove_formula : Expr.expr -> unit; 21 | iter_open : Mlproof.proof -> bool; 22 | preprocess : Phrase.phrase list -> Phrase.phrase list; 23 | add_phrase : Phrase.phrase -> unit; 24 | postprocess : Llproof.proof -> Llproof.proof; 25 | to_llproof : translator; 26 | declare_context_coq : out_channel -> unit; 27 | p_rule_coq : out_channel -> Llproof.rule -> unit; 28 | predef : unit -> string list; 29 | predecl : unit -> (string * Expr.expr) list; 30 | };; 31 | 32 | val register : t -> unit;; 33 | val activate : string -> unit;; 34 | 35 | val is_active: string -> bool;; 36 | 37 | val newnodes : 38 | Expr.expr -> 39 | Expr.goalness -> 40 | (Expr.expr * Expr.goalness) list -> 41 | Node.node_item list list 42 | ;; 43 | val make_inst : 44 | string -> Expr.expr -> Expr.expr -> Expr.goalness -> Node.node list 45 | ;; 46 | val add_formula : Expr.expr -> unit;; 47 | val remove_formula : Expr.expr -> unit;; 48 | val iter_open : Mlproof.proof -> bool;; 49 | val preprocess : Phrase.phrase list -> Phrase.phrase list;; 50 | val add_phrase : Phrase.phrase -> unit;; 51 | val postprocess : Llproof.proof -> Llproof.proof;; 52 | val to_llproof : translator;; 53 | val declare_context_coq : out_channel -> unit;; 54 | val p_rule_coq : string -> out_channel -> Llproof.rule -> unit;; 55 | val predef : unit -> string list;; 56 | val predecl : unit -> unit;; 57 | -------------------------------------------------------------------------------- /regression/examples/two-phase/TLAProofRules.tla: -------------------------------------------------------------------------------- 1 | ---------------------------- MODULE TLAProofRules --------------------------- 2 | (***************************************************************************) 3 | (* This file defines two fundamental TLA proof rules. Full *) 4 | (* temporal-logic reasoning is not yet implemented in the TLA+ Proof *) 5 | (* System. However, these two proof rules are enough to handle proofs of *) 6 | (* safety properties for specs that don't use hiding (temporal *) 7 | (* existential quantification). *) 8 | (***************************************************************************) 9 | THEOREM Inv1 == ASSUME STATE I, STATE f, ACTION N, 10 | I /\ [N]_f => I' 11 | PROVE I /\ [][N]_f => []I 12 | PROOF OMITTED 13 | 14 | THEOREM StepSimulation == ASSUME STATE I, STATE f, STATE g, 15 | ACTION M, ACTION N, 16 | I /\ [M]_f => [N]_g 17 | PROVE []I /\ [][M]_f => [][N]_g 18 | PROOF OMITTED 19 | 20 | (***************************************************************************) 21 | (* We now mysteriously state a rather obvious theorem. The mystery is *) 22 | (* explained by the comment that follows the statement of the theorem. It *) 23 | (* is a pragma that tells the Proof System to interpret any reference to *) 24 | (* SimpleArithmetic as a fact in a leaf proof to be an instruction to *) 25 | (* perform the proof by applying Cooper's algorithm, which is a decision *) 26 | (* procedure for a class of arithmetic formulas. *) 27 | (***************************************************************************) 28 | THEOREM SimpleArithmetic == TRUE (*{by (cooper) }*) 29 | 30 | ============================================================================= 31 | \* Generated at Fri Nov 06 14:29:58 PST 2009 32 | -------------------------------------------------------------------------------- /lexsmtlib.mll: -------------------------------------------------------------------------------- 1 | { 2 | (* auto-generated by gt *) 3 | 4 | open Parsesmtlib;; 5 | } 6 | 7 | rule token = parse 8 | | ['\t' ' ' ]+ { token lexbuf } 9 | | ';' (_ # '\n')* { token lexbuf } 10 | | ['\n']+ as str { Smtlib_util.line := (!Smtlib_util.line + (String.length str)); token lexbuf } 11 | | "_" { UNDERSCORE } 12 | | "(" { LPAREN } 13 | | ")" { RPAREN } 14 | | "as" { AS } 15 | | "let" { LET } 16 | | "forall" { FORALL } 17 | | "exists" { EXISTS } 18 | | "!" { EXCLIMATIONPT } 19 | | "set-logic" { SETLOGIC } 20 | | "set-option" { SETOPTION } 21 | | "set-info" { SETINFO } 22 | | "declare-sort" { DECLARESORT } 23 | | "define-sort" { DEFINESORT } 24 | | "declare-fun" { DECLAREFUN } 25 | | "define-fun" { DEFINEFUN } 26 | | "push" { PUSH } 27 | | "pop" { POP } 28 | | "assert" { ASSERT } 29 | | "check-sat" { CHECKSAT } 30 | | "get-assertions" { GETASSERT } 31 | | "get-proof" { GETPROOF } 32 | | "get-unsat-core" { GETUNSATCORE } 33 | | "get-value" { GETVALUE } 34 | | "get-assignment" { GETASSIGN } 35 | | "get-option" { GETOPTION } 36 | | "get-info" { GETINFO } 37 | | "exit" { EXIT } 38 | | '#' 'x' ['0'-'9' 'A'-'F' 'a'-'f']+ as str { HEXADECIMAL(str) } 39 | | '#' 'b' ['0'-'1']+ as str { BINARY(str) } 40 | | '|' ([ '!'-'~' ' ' '\n' '\t' '\r'] # ['\\' '|'])* '|' as str { ASCIIWOR(str) } 41 | | ':' ['a'-'z' 'A'-'Z' '0'-'9' '+' '-' '/' '*' '=' '%' '?' '!' '.' '$' '_' '~' '&' '^' '<' '>' '@']+ as str { KEYWORD(str) } 42 | | ['a'-'z' 'A'-'Z' '+' '-' '/' '*' '=''%' '?' '!' '.' '$' '_' '~' '&' '^' '<' '>' '@'] ['a'-'z' 'A'-'Z' '0'-'9' '+' '-' '/' '*' '=''%' '?' '!' '.' '$' '_' '~' '&' '^' '<' '>' '@']* as str { SYMBOL(str) } 43 | | '"' (([ '!'-'~' ' ' '\n' '\t' '\r' ] # ['\\' '"']) | ('\\' ['!'-'~' ' ' '\n' '\t' '\r'] ))* '"' as str { STRINGLIT(str) } 44 | | ( '0' | ['1'-'9'] ['0'-'9']* ) as str { NUMERAL(str) } 45 | | ( '0' | ['1'-'9'] ['0'-'9']* ) '.' ['0'-'9']+ as str { DECIMAL(str) } 46 | | eof { EOF } 47 | | _ {failwith((Lexing.lexeme lexbuf) ^ 48 | ": lexing error on line "^(string_of_int !Smtlib_util.line))}{} 49 | -------------------------------------------------------------------------------- /regression/peterson/MutexQ.tla: -------------------------------------------------------------------------------- 1 | -------------------------------- MODULE MutexQ ------------------------------ 2 | 3 | CONSTANTS x, y, pcx, pcy, xp, yp, pcxp, pcyp, q0, q1, q2 4 | 5 | ASSUME Arith == /\ q1 # q0 6 | /\ q2 # q1 7 | /\ q2 # q0 8 | 9 | Init == /\ x = FALSE 10 | /\ y = FALSE 11 | /\ pcx = q0 12 | /\ pcy = q0 13 | 14 | Next == \/ /\ pcx = q0 15 | /\ pcxp = q1 16 | /\ xp = TRUE 17 | /\ yp = y 18 | /\ pcyp = pcy 19 | \/ /\ pcy = q0 20 | /\ pcyp = q1 21 | /\ yp = TRUE 22 | /\ xp = x 23 | /\ pcxp = pcx 24 | \/ /\ pcx = q1 25 | /\ y = FALSE 26 | /\ pcxp = q2 27 | /\ xp = x 28 | /\ yp = y 29 | /\ pcyp = pcy 30 | \/ /\ pcy = q1 31 | /\ x = FALSE 32 | /\ pcyp = q2 33 | /\ yp = y 34 | /\ xp = x 35 | /\ pcxp = pcx 36 | \/ /\ xp = x 37 | /\ yp = y 38 | /\ pcxp = pcx 39 | /\ pcyp = pcy 40 | 41 | 42 | Inv == /\ x \in BOOLEAN 43 | /\ y \in BOOLEAN 44 | /\ pcx \in {q0, q1, q2} 45 | /\ pcy \in {q0, q1, q2} 46 | /\ \/ pcx = q1 47 | \/ pcx = q2 48 | => x = TRUE 49 | /\ \/ pcy = q1 50 | \/ pcy = q2 51 | => y = TRUE 52 | /\ ~ (pcx = q2 /\ pcy = q2) 53 | 54 | Invp == 55 | /\ xp \in BOOLEAN 56 | /\ yp \in BOOLEAN 57 | /\ pcxp \in {q0, q1, q2} 58 | /\ pcyp \in {q0, q1, q2} 59 | /\ \/ pcxp = q1 60 | \/ pcxp = q2 61 | => xp = TRUE 62 | /\ \/ pcyp = q1 63 | \/ pcyp = q2 64 | => yp = TRUE 65 | /\ ~ (pcxp = q2 /\ pcyp = q2) 66 | 67 | 68 | THEOREM Inv /\ Next => Invp 69 | PROOF 70 | <1>1. USE Arith 71 | <1>2. QED 72 | BY Arith DEFS Inv, Next, Invp 73 | ============================================================================= 74 | -------------------------------------------------------------------------------- /test/test43.znn: -------------------------------------------------------------------------------- 1 | ; Copyright 2006 INRIA 2 | ; $Id: test43.znn,v 1.6 2011-12-28 16:43:33 doligez Exp $ 3 | 4 | ; file: species_general_set.foc 5 | ; species: lattice 6 | ; property: order_inf_is_transitive / __goal_7 7 | 8 | ; (* to be proved *) 9 | ; (Is_true ((abst_order_inf x z )) 10 | ; ) 11 | ; By 12 | ; abst_equal_transitive: (x: abst_T) (y: abst_T) (z: abst_T) 13 | ; ((Is_true ((abst_equal x y)) ))-> 14 | ; ((Is_true ((abst_equal y z)) ))-> 15 | ; (Is_true ((abst_equal x z)) ) 16 | ; abst_inf_is_associative: (x: abst_T) (y: abst_T) (z: abst_T) (Is_true 17 | ; ((abst_equal (abst_inf (abst_inf x y) z) (abst_inf x (abst_inf y z)))) 18 | ; ) __lemma_1_2: (Is_true 19 | ; ((abst_equal (abst_inf (abst_inf x y ) z ) (abst_inf x z ) )) ) 20 | ; __lemma_1_1: (Is_true ((abst_equal x (abst_inf x (abst_inf y z ) ) )) ) 21 | ; By def abst_order_inf:= [x: abst_T][y: abst_T](abst_equal x (abst_inf x y)) 22 | ; (* Qed *). 23 | 24 | $sig abst_T () "Type" 25 | $sig abst_equal ("abst_T" "abst_T") "bool" 26 | $sig abst_inf ("abst_T" "abst_T") "abst_T" 27 | 28 | $def "d" (abst_order_inf x y) (abst_equal x (abst_inf x y)) 29 | 30 | $hyp "abst_equal_transitive" 31 | (A. ((x "abst_T") (A. ((y "abst_T") (A. ((z "abst_T") 32 | (=> (Is_true (abst_equal x y)) 33 | (=> (Is_true (abst_equal y z)) 34 | (Is_true (abst_equal x z)))))))))) 35 | 36 | $hyp "abst_equal_symmetric" 37 | (A. ((x "abst_T") (A. ((y "abst_T") 38 | (=> (Is_true (abst_equal x y)) (Is_true (abst_equal y x))))))) 39 | 40 | $hyp "abst_inf_is_associative" 41 | (A. ((x "abst_T") (A. ((y "abst_T") (A. ((z "abst_T") 42 | (Is_true (abst_equal (abst_inf (abst_inf x y) z) 43 | (abst_inf x (abst_inf y z)))))))))) 44 | 45 | $sig x () "abst_T" 46 | $sig y () "abst_T" 47 | $sig z () "abst_T" 48 | 49 | $hyp "__lemma_1_2" 50 | (Is_true (abst_equal (abst_inf (abst_inf x y) z) (abst_inf x z))) 51 | 52 | $hyp "__lemma_1_1" 53 | (Is_true (abst_equal x (abst_inf x (abst_inf y z)))) 54 | 55 | $goal 56 | (Is_true (abst_order_inf x z)) 57 | -------------------------------------------------------------------------------- /ext_recfun.ml: -------------------------------------------------------------------------------- 1 | (* Copyright 2009 INRIA *) 2 | Version.add "$Id: c9585f01eff6c371988b0874b24ec9039d7ed802 $";; 3 | 4 | (* Extension for recursive function definitions. *) 5 | 6 | open Printf;; 7 | 8 | open Expr;; 9 | open Misc;; 10 | open Mlproof;; 11 | open Node;; 12 | open Phrase;; 13 | 14 | let newnodes e g _ = [];; 15 | 16 | let make_inst m term g = assert false;; 17 | 18 | let add_formula e = ();; 19 | let remove_formula e = ();; 20 | 21 | let preprocess l = l;; 22 | 23 | let add_phrase p = ();; 24 | 25 | let postprocess p = p;; 26 | 27 | let to_llargs tr_expr r = 28 | match r with 29 | | Ext (_, "unfold", [p; a; b; eq]) -> 30 | let h = tr_expr (apply p b) in 31 | let c = tr_expr (apply p a) in 32 | ("zenon_recfun_unfold", [tr_expr p; tr_expr a; tr_expr b; tr_expr eq], 33 | [c], [ [h] ]) 34 | | _ -> assert false 35 | ;; 36 | 37 | let to_llproof tr_expr mlp args = 38 | let (name, meta, con, hyp) = to_llargs tr_expr mlp.mlrule in 39 | let (subs, exts) = List.split (Array.to_list args) in 40 | let ext = List.fold_left Expr.union [] exts in 41 | let extras = Expr.diff ext mlp.mlconc in 42 | let nn = { 43 | Llproof.conc = List.map tr_expr (extras @@ mlp.mlconc); 44 | Llproof.rule = Llproof.Rextension ("", name, meta, con, hyp); 45 | Llproof.hyps = subs; 46 | } 47 | in (nn, extras) 48 | ;; 49 | 50 | let declare_context_coq oc = ();; 51 | 52 | let p_rule_coq oc r = assert false;; 53 | 54 | let predef () = [];; 55 | 56 | Extension.register { 57 | Extension.name = "recfun"; 58 | Extension.newnodes = newnodes; 59 | Extension.make_inst = make_inst; 60 | Extension.add_formula = add_formula; 61 | Extension.remove_formula = remove_formula; 62 | Extension.iter_open = (fun _ -> false); 63 | Extension.preprocess = preprocess; 64 | Extension.add_phrase = add_phrase; 65 | Extension.postprocess = postprocess; 66 | Extension.to_llproof = to_llproof; 67 | Extension.declare_context_coq = declare_context_coq; 68 | Extension.p_rule_coq = p_rule_coq; 69 | Extension.predef = predef; 70 | Extension.predecl = (fun () -> []); 71 | };; 72 | -------------------------------------------------------------------------------- /heap.ml: -------------------------------------------------------------------------------- 1 | (* Copyright 2001 INRIA *) 2 | Version.add "$Id: cd90a6b20441b688fbac060141ef245237cb7320 $";; 3 | 4 | type 'a tree = 5 | | Node of 'a * 'a tree * 'a tree 6 | | Leaf 7 | ;; 8 | 9 | type 'a t = { 10 | cmp : 'a -> 'a -> int; 11 | tree : 'a tree; 12 | curpath : int; 13 | };; 14 | 15 | let empty cmp = { 16 | cmp = cmp; 17 | tree = Leaf; 18 | curpath = 0; 19 | };; 20 | 21 | let rec insert_aux cmp t x path = 22 | match t with 23 | | Leaf -> Node (x, Leaf, Leaf) 24 | | Node (y, b1, b2) -> 25 | let (here, next) = if cmp x y < 0 then (x, y) else (y, x) in 26 | let newpath = path lsr 1 in 27 | if path land 1 = 0 28 | then Node (here, insert_aux cmp b1 next newpath, b2) 29 | else Node (here, b1, insert_aux cmp b2 next newpath) 30 | ;; 31 | 32 | let insert hp x = { 33 | cmp = hp.cmp; 34 | tree = insert_aux hp.cmp hp.tree x hp.curpath; 35 | curpath = hp.curpath + 1; 36 | };; 37 | 38 | let rec remove_aux cmp t = 39 | match t with 40 | | Leaf -> None 41 | | Node (y, Leaf, b2) -> Some (y, b2) 42 | | Node (y, b1, Leaf) -> Some (y, b1) 43 | | Node (y, (Node (z1, _, _) as b1), (Node (z2, _, _) as b2)) -> 44 | let (nb1, nb2) = if cmp z1 z2 < 0 then (b1, b2) else (b2, b1) in 45 | match remove_aux cmp nb1 with 46 | | Some (nz1, nnb1) -> Some (y, Node (nz1, nnb1, nb2)) 47 | | None -> assert false 48 | ;; 49 | 50 | let remove hp = 51 | match remove_aux hp.cmp hp.tree with 52 | | None -> None 53 | | Some (x, newtree) -> Some (x, { hp with tree = newtree }) 54 | ;; 55 | 56 | let head hp = 57 | match hp.tree with 58 | | Leaf -> None 59 | | Node (y, _, _) -> Some y 60 | ;; 61 | 62 | let rec length_aux t = 63 | match t with 64 | | Leaf -> 0 65 | | Node (_, b1, b2) -> 1 + length_aux b1 + length_aux b2 66 | ;; 67 | 68 | let length hp = length_aux hp.tree;; 69 | 70 | let is_empty hp = 71 | match hp.tree with 72 | | Leaf -> true 73 | | Node _ -> false 74 | ;; 75 | 76 | let rec iter_aux f = function 77 | | Leaf -> () 78 | | Node (x, b1, b2) -> f x; iter_aux f b1; iter_aux f b2; 79 | ;; 80 | 81 | let iter f hp = iter_aux f hp.tree;; 82 | -------------------------------------------------------------------------------- /test/test42.znn: -------------------------------------------------------------------------------- 1 | ; Copyright 2006 INRIA 2 | ; $Id: test42.znn,v 1.6 2011-12-28 16:43:33 doligez Exp $ 3 | 4 | ; file: species_general_set.foc 5 | ; species: lattice 6 | ; property: order_inf_is_transitive / __lemma_1_2 7 | 8 | ; (* to be proved *) 9 | ; (Is_true ((abst_equal (abst_inf (abst_inf x y ) z ) (abst_inf x z ) )) 10 | ; ) 11 | ; By 12 | ; abst_equal_symmetric: (x: abst_T) (y: abst_T) 13 | ; ((Is_true ((abst_equal x y)) ))-> 14 | ; (Is_true ((abst_equal y x)) ) abst_equal_transitive: (x: abst_T) 15 | ; (y: abst_T) (z: abst_T) 16 | ; ((Is_true ((abst_equal x y)) ))-> 17 | ; ((Is_true ((abst_equal y z)) ))-> 18 | ; (Is_true ((abst_equal x z)) ) 19 | ; abst_inf_congruence: (x: abst_T) (y: abst_T) (z: abst_T) 20 | ; ((Is_true ((abst_equal x y)) ))-> 21 | ; (and (Is_true ((abst_equal (abst_inf x z) (abst_inf y z))) ) (Is_true 22 | ; ((abst_equal (abst_inf z x) (abst_inf z y))) )) 23 | ; H1_1_1: (Is_true ((abst_order_inf x y )) ) 24 | ; By def abst_order_inf:= [x: abst_T][y: abst_T](abst_equal x (abst_inf x y)) 25 | ; (* Qed *). 26 | 27 | $sig abst_T () "Type" 28 | $sig abst_equal ("abst_T" "abst_T") "bool" 29 | $sig abst_inf ("abst_T" "abst_T") "abst_T" 30 | 31 | $def "d" (abst_order_inf x y) (abst_equal x (abst_inf x y)) 32 | 33 | $hyp "abst_equal_symmetric" (A. ((x "abst_T") (A. ((y "abst_T") 34 | (=> (Is_true (abst_equal x y)) (Is_true (abst_equal y x))))))) 35 | 36 | $hyp "abst_equal_transitive" 37 | (A. ((x "abst_T") (A. ((y "abst_T") (A. ((z "abst_T") 38 | (=> (Is_true (abst_equal x y)) 39 | (=> (Is_true (abst_equal y z)) 40 | (Is_true (abst_equal x z)))))))))) 41 | 42 | $hyp "abst_inf_congruence" 43 | (A. ((x "abst_T") (A. ((y "abst_T") (A. ((z "abst_T") 44 | (=> (Is_true (abst_equal x y)) 45 | (/\ (Is_true (abst_equal (abst_inf x z) (abst_inf y z))) 46 | (Is_true (abst_equal (abst_inf z x) (abst_inf z y))))))))))) 47 | 48 | $sig x () "abst_T" 49 | $sig y () "abst_T" 50 | $sig z () "abst_T" 51 | 52 | $hyp "H1_1_1" 53 | (Is_true (abst_order_inf x y)) 54 | 55 | $goal 56 | (Is_true (abst_equal (abst_inf (abst_inf x y) z) (abst_inf x z))) 57 | -------------------------------------------------------------------------------- /basics_minimal.dk: -------------------------------------------------------------------------------- 1 | #REQUIRE cc. 2 | #REQUIRE dk_bool. 3 | #REQUIRE dk_logic. 4 | #REQUIRE dk_tuple. 5 | 6 | (; Ceci est une version minimale écrite à la main du fichier 7 | habituellement généré basics.dk. Ce fichier permet de tester Zenon 8 | indépendamment de FoCaLiZe. ;) 9 | 10 | def Is_true := dk_logic.ebP. 11 | 12 | def bool__t := dk_bool.bool. 13 | def true := dk_bool.true. 14 | def false := dk_bool.false. 15 | 16 | def _amper__amper_ : cc.eT bool__t -> cc.eT bool__t -> cc.eT bool__t 17 | := dk_bool.and. 18 | 19 | def _bar__bar_ : cc.eT bool__t -> cc.eT bool__t -> cc.eT bool__t 20 | := dk_bool.or. 21 | 22 | def _tilda__tilda_ : cc.eT bool__t -> cc.eT bool__t := dk_bool.not. 23 | 24 | def _bar__lt__gt__bar_ : cc.eT bool__t -> cc.eT bool__t -> cc.eT bool__t 25 | := dk_bool.xor. 26 | 27 | def prod := dk_tuple.prod. 28 | 29 | def pair (a : cc.uT) 30 | (b : cc.uT) 31 | (x : cc.eT a) 32 | (y : cc.eT b) 33 | : cc.eT (dk_tuple.prod a b) := 34 | (dk_tuple.pair a b x y). 35 | 36 | def fst (a : cc.uT) 37 | (b : cc.uT) 38 | (x : cc.eT (dk_tuple.prod a b)) : 39 | cc.eT a := 40 | dk_tuple.fst a b x. 41 | 42 | def snd (a : cc.uT) 43 | (b : cc.uT) 44 | (x : cc.eT (dk_tuple.prod a b)) : 45 | cc.eT b := 46 | dk_tuple.snd a b x. 47 | 48 | _equal_ : a : cc.uT -> cc.eT a -> cc.eT a -> cc.eT bool__t. 49 | 50 | def syntactic_equal := _equal_. 51 | 52 | __beq_refl : a : cc.uT -> 53 | x : cc.eT a -> 54 | dk_logic.eP (dk_logic.ebP (_equal_ a x x)). 55 | 56 | __beq_symm : a : cc.uT -> 57 | x : cc.eT a -> 58 | y : cc.eT a -> 59 | dk_logic.eP (dk_logic.ebP (_equal_ a x y)) -> 60 | dk_logic.eP (dk_logic.ebP (_equal_ a y x)). 61 | 62 | __beq_trans : a : cc.uT -> 63 | x : cc.eT a -> 64 | y : cc.eT a -> 65 | z : cc.eT a -> 66 | dk_logic.eP (dk_logic.ebP (_equal_ a x y)) -> 67 | dk_logic.eP (dk_logic.ebP (_equal_ a y z)) -> 68 | dk_logic.eP (dk_logic.ebP (_equal_ a x z)). 69 | -------------------------------------------------------------------------------- /regression/examples/two-phase/Alternate.tla: -------------------------------------------------------------------------------- 1 | ------------------------------ MODULE Alternate ----------------------------- 2 | (***************************************************************************) 3 | (* This specifies a system that alternately performs two actions, which *) 4 | (* for now I will call A_0 and A_1. It uses a variable v whose value *) 5 | (* alternates between 0 and 1, performing an A_0 action when v changes *) 6 | (* from 0 to 1, and an A_1 action when v changes from 1 to 0. *) 7 | (* *) 8 | (* We let the variable x to represent the part of the state that is *) 9 | (* changed by the A_0 and A_1 actions. We introduce two constant *) 10 | (* operators XInit and XAct, where XInit(x) is assumed to assert that x *) 11 | (* has a correct initial value, and XAct(i, xInit, xNext) is assumed to *) 12 | (* assert that changing the value of x from xInit to xNext represent an *) 13 | (* A_i action, for i=0, 1. *) 14 | (***************************************************************************) 15 | EXTENDS Naturals 16 | VARIABLE v, x 17 | CONSTANT XInit(_), XAct(_, _, _) 18 | 19 | Init == v = 0 /\ XInit(x) 20 | Next == v' = (v + 1) % 2 /\ XAct(v, x, x') 21 | 22 | Spec == Init /\ [][Next]_<> 23 | 24 | (***************************************************************************) 25 | (* A philosophically correct spec would actually be *) 26 | (* *) 27 | (* \EE v : Spec *) 28 | (* *) 29 | (* which is the specification Spec with v hidden. However, engineers are *) 30 | (* interested in what works, not what is philosophically correct, so we *) 31 | (* don't worry about this. *) 32 | (***************************************************************************) 33 | ============================================================================ 34 | \* Generated at Sat Oct 31 02:58:46 PDT 2009 35 | -------------------------------------------------------------------------------- /test/test29.znn: -------------------------------------------------------------------------------- 1 | ; Copyright 2006 INRIA 2 | ; $Id: test29.znn,v 1.7 2011-12-28 16:43:33 doligez Exp $ 3 | 4 | # file: species_general_set.foc 5 | # species: partial_order 6 | # theorem: gt_is_lt 7 | 8 | # (* to be proved *) 9 | #(x: abst_T) (y: abst_T) 10 | #(and 11 | # ((Is_true ((abst_gt x y)) ))-> 12 | # (and (Is_true ((abst_geq x y)) ) (Is_true ((abst_different x y)) )) 13 | # ((Is_true ((abst_geq x y)) ))-> 14 | # (or (Is_true ((abst_gt x y)) ) (Is_true ((abst_equal x y)) ))) 15 | #By 16 | # abst_equal_symmetric: (x: abst_T) (y: abst_T) 17 | # ((Is_true ((abst_equal x y)) ))-> 18 | # (Is_true ((abst_equal y x)) ) 19 | # abst_lt_is_not_leq: (x: abst_T) (y: abst_T) 20 | # (and 21 | # ((Is_true ((abst_lt x y)) ))-> 22 | # (and (Is_true ((abst_leq x y)) ) (Is_true ((abst_different x y)) )) 23 | # ((Is_true ((abst_leq x y)) ))-> 24 | # (or (Is_true ((abst_lt x y)) ) (Is_true ((abst_equal x y)) ))) 25 | #By def 26 | # abst_different:= [x: abst_T][y: abst_T](not_b (abst_equal x y)) 27 | # abst_geq:= [x: abst_T][y: abst_T](abst_leq y x) abst_gt:= 28 | # [x: abst_T][y: abst_T](abst_lt y x) 29 | #(* Qed *). 30 | 31 | $sig not_b ("bool") "bool" 32 | $sig abst_equal ("zenon_U" "zenon_U") "bool" 33 | $sig abst_leq ("zenon_U" "zenon_U") "bool" 34 | $sig abst_lt ("zenon_U" "zenon_U") "bool" 35 | 36 | $def "d1" (abst_different x y) (not_b (abst_equal x y)) 37 | $def "d2" (abst_geq x y) (abst_leq y x) 38 | $def "d3" (abst_gt x y) (abst_lt y x) 39 | 40 | $hyp "h1" 41 | (A. ((x) (A. ((y) 42 | (=> (Is_true (abst_equal x y)) (Is_true (abst_equal y x))))))) 43 | 44 | $hyp "h2" 45 | (A. ((x) (A. ((y) 46 | (/\ (=> (Is_true (abst_lt x y)) 47 | (/\ (Is_true (abst_leq x y)) (Is_true (abst_different x y)))) 48 | (=> (Is_true (abst_leq x y)) 49 | (\/ (Is_true (abst_lt x y)) (Is_true (abst_equal x y))))))))) 50 | 51 | 52 | 53 | # from Bool.v 54 | $hyp "h3" (A. ((x "bool") (<=> (Is_true (not_b x)) (-. (Is_true x))))) 55 | 56 | $goal 57 | (A. ((x) (A. ((y) 58 | (/\ (=> (Is_true (abst_gt x y)) 59 | (/\ (Is_true (abst_geq x y)) (Is_true (abst_different x y)))) 60 | (=> (Is_true (abst_geq x y)) 61 | (\/ (Is_true (abst_gt x y)) (Is_true (abst_equal x y))))))))) 62 | -------------------------------------------------------------------------------- /test/test48.znn: -------------------------------------------------------------------------------- 1 | ; Copyright 2006 INRIA 2 | ; $Id: test48.znn,v 1.7 2011-12-28 16:43:33 doligez Exp $ 3 | 4 | ; file: species_general_additive_law.foc 5 | ; species: partially_ordered_additive_monoid 6 | ; property: add_absorbes_sup / __goal_10 7 | 8 | ; (* to be proved *) 9 | ; (Is_true 10 | ; ((abst_equal 11 | ; (abst_plus x (abst_plus x y ) ) (abst_plus x (abst_sup (abst_plus x y ) x ) 12 | ; ) 13 | ; )) 14 | ; ) 15 | ; By 16 | ; abst_equal_symmetric: (x: abst_T) (y: abst_T) 17 | ; ((Is_true ((abst_equal x y)) ))-> 18 | ; (Is_true ((abst_equal y x)) ) abst_equal_transitive: (x: abst_T) 19 | ; (y: abst_T) (z: abst_T) 20 | ; ((Is_true ((abst_equal x y)) ))-> 21 | ; ((Is_true ((abst_equal y z)) ))-> 22 | ; (Is_true ((abst_equal x z)) ) 23 | ; abst_plus_is_left_congruence: (x: abst_T) (y: abst_T) (z: abst_T) 24 | ; ((Is_true ((abst_equal x y)) ))-> 25 | ; (Is_true ((abst_equal (abst_plus x z) (abst_plus y z))) ) 26 | ; __lemma_1_1_2: (Is_true ((abst_equal x (abst_inf (abst_plus x y ) x ) )) ) 27 | ; __lemma_1_1_1: (Is_true 28 | ; ((abst_equal 29 | ; (abst_plus x (abst_plus x y ) ) 30 | ; (abst_plus (abst_inf (abst_plus x y ) x ) (abst_sup (abst_plus x y ) x ) 31 | ; ) 32 | ; )) 33 | ; ) 34 | ; By def 35 | ; (* Qed *). 36 | 37 | $sig abst_equal ("zenon_U" "zenon_U") "bool" 38 | 39 | $hyp "abst_equal_symmetric" 40 | (A. ((x) (A. ((y) 41 | (=> (Is_true (abst_equal x y)) (Is_true (abst_equal y x))))))) 42 | 43 | $hyp "abst_equal_transitive" 44 | (A. ((x) (A. ((y) (A. ((z) 45 | (=> (Is_true (abst_equal x y)) 46 | (=> (Is_true (abst_equal y z)) 47 | (Is_true (abst_equal x z)))))))))) 48 | 49 | $hyp "abst_plus_is_left_congruence" 50 | (A. ((x) (A. ((y) (A. ((z) 51 | (=> (Is_true (abst_equal x y)) 52 | (Is_true (abst_equal (abst_plus x z) (abst_plus y z)))))))))) 53 | 54 | $hyp "__lemma_1_1_2" 55 | (Is_true (abst_equal x (abst_inf (abst_plus x y) x))) 56 | 57 | $hyp "__lemma_1_1_1" 58 | (Is_true (abst_equal (abst_plus x (abst_plus x y)) 59 | (abst_plus (abst_inf (abst_plus x y) x) 60 | (abst_sup (abst_plus x y) x)))) 61 | 62 | $goal 63 | (Is_true (abst_equal (abst_plus x (abst_plus x y)) 64 | (abst_plus x (abst_sup (abst_plus x y) x)))) 65 | -------------------------------------------------------------------------------- /regression/test.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # test.sh --- regression test script 4 | # 5 | # Author: Damien Doligez 6 | # 7 | # Copyright (C) 2008 INRIA and Microsoft Corporation 8 | 9 | 10 | # To add a regression test, add a *.tla file in a subdirectory here. 11 | 12 | VERSION=5 13 | 14 | PM=tlapm 15 | verbose=true 16 | quick=false 17 | all_files=true 18 | rm -f temp/files 19 | 20 | while : ; do 21 | case $# in 0) break;; esac 22 | case "$1" in 23 | -help|--help) 24 | echo "usage: test.sh [options] [file...]" 25 | echo "options are:" 26 | echo " -help or --help display this message and exit" 27 | echo " -q do not display progress messages" 28 | echo " -v display version number and exit" 29 | exit 0;; 30 | -q) verbose=false; shift;; 31 | -v) echo "test.sh version $VERSION"; exit 0;; 32 | -quick) quick=true; shift;; 33 | -*) echo "unknown option $1" >&2; exit 2;; 34 | *) find "$1" -name *.tla -print >>temp/files; all_files=false; shift;; 35 | esac 36 | done 37 | 38 | num_failed=0 39 | 40 | if $all_files; then 41 | /usr/bin/find . -name '*.tla' -print | sort >temp/files 42 | fi 43 | while read f; do 44 | if $quick && test `wc -l $f | sed -e 's/^\(.*[0-9]\) .*/\1/'` -gt 200 45 | then continue 46 | fi 47 | base="${f%.tla}" 48 | dir=`dirname $f` 49 | failed=false 50 | if $verbose; then echo "testing $base.tla: " | tr -d '\012\015'; fi 51 | 52 | ( cd temp; 53 | $PM --cleanfp -I "../$dir" -C "../$base".tla >output 2>&1 54 | ) || failed=true 55 | grep -F "Zenon error" temp/output >/dev/null && failed=true 56 | grep "Exported obligations in module .* verified" temp/output >/dev/null || failed=true 57 | case "$failed" in 58 | false) if $verbose; then echo "pass"; fi;; 59 | *) if $verbose; then echo "## FAIL ##"; fi 60 | num_failed=`expr $num_failed + 1` 61 | ;; 62 | esac 63 | 64 | done int -> unit;; 10 | val remove : expr -> unit;; 11 | 12 | val member : expr -> bool;; 13 | val get_goalness : expr -> int;; 14 | val get_all : unit -> (expr * goalness) list;; 15 | 16 | val find_pos : string -> (expr * goalness) list;; 17 | val find_neg : string -> (expr * goalness) list;; 18 | 19 | val find_eq_lr : expr -> expr list;; 20 | val find_eq_rl : expr -> expr list;; 21 | 22 | val find_eq : expr -> expr list;; 23 | val find_neq : expr -> expr list;; 24 | 25 | val find_eq_str : unit -> (expr * string) list;; 26 | val find_str_eq : unit -> (expr * string) list;; 27 | 28 | val is_meta_set : expr -> bool;; 29 | 30 | (* ==== transitive relations ==== *) 31 | 32 | type direction = Left | Right | Both;; 33 | 34 | type head = Sym of string | Tau of expr | Meta of expr;; 35 | val get_head : expr -> head;; 36 | exception No_head;; 37 | 38 | val add_trans : expr -> unit;; 39 | val find_trans_left : expr -> head -> (expr * goalness) list;; 40 | val find_trans_right : expr -> head -> (expr * goalness) list;; 41 | 42 | val add_negtrans : expr -> unit;; 43 | val find_negtrans_left : expr -> head -> (expr * goalness) list;; 44 | val find_negtrans_right : expr -> head -> (expr * goalness) list;; 45 | 46 | val find_all_negtrans_left : head -> (expr * goalness) list;; 47 | val find_all_negtrans_right : head -> (expr * goalness) list;; 48 | 49 | (* ==== proof cache ==== *) 50 | 51 | val add_proof : Mlproof.proof -> unit;; 52 | val search_proof : unit -> Mlproof.proof option;; 53 | 54 | (* ==== definitions ==== *) 55 | 56 | val add_def : definition -> unit;; 57 | val has_def : string -> bool;; 58 | val get_def : string -> definition * expr * expr list * expr;; 59 | 60 | (* ==== depth of metavariables ==== *) 61 | 62 | val add_meta : expr -> int -> unit;; 63 | val remove_meta : expr -> unit;; 64 | val get_meta : expr -> int;; 65 | 66 | (* ==== numbering for formulas ==== *) 67 | 68 | val get_number : expr -> int;; 69 | val get_formula : int -> expr (* raises Not_found *);; 70 | 71 | (* ==== numbering for tau-expressions ==== *) 72 | 73 | val make_tau_name : expr -> string;; 74 | -------------------------------------------------------------------------------- /test/test31.znn: -------------------------------------------------------------------------------- 1 | ; Copyright 2006 INRIA 2 | ; $Id: test31.znn,v 1.7 2011-12-28 16:43:33 doligez Exp $ 3 | 4 | # file: species_general_set.foc 5 | # species: ordered_set 6 | # property: lt_is_not_leq 7 | 8 | # (* to be proved *) 9 | #(x: abst_T) (y: abst_T) 10 | #(and 11 | # ((Is_true ((abst_lt x y)) ))-> 12 | # (and (Is_true ((abst_leq x y)) ) (Is_true ((abst_different x y)) )) 13 | # ((Is_true ((abst_leq x y)) ))-> 14 | # (or (Is_true ((abst_lt x y)) ) (Is_true ((abst_equal x y)) ))) 15 | #By 16 | # abst_equal_symmetric: (x: abst_T) (y: abst_T) 17 | # ((Is_true ((abst_equal x y)) ))-> 18 | # (Is_true ((abst_equal y x)) ) 19 | # abst_leq_reflexive: (x: abst_T) (y: abst_T) 20 | # ((Is_true ((abst_equal x y)) ))-> 21 | # (Is_true ((abst_leq x y)) ) 22 | # abst_total_order: (x: abst_T) (y: abst_T) 23 | # (or (Is_true ((abst_leq x y)) ) (Is_true ((abst_leq y x)) )) 24 | # abst_leq_antisymmetric: (x: abst_T) (y: abst_T) 25 | # ((Is_true ((abst_leq x y)) ))-> 26 | # ((Is_true ((abst_leq y x)) ))-> 27 | # (Is_true ((abst_equal x y)) ) 28 | #By def 29 | # abst_different:= [x: abst_T][y: abst_T](not_b (abst_equal x y)) 30 | # abst_lt:= [x: abst_T][y: abst_T](not_b (abst_leq y x)) 31 | #(* Qed *). 32 | 33 | $sig abst_T () "Type" 34 | $sig abst_equal ("abst_T" "abst_T") "bool" 35 | $sig abst_leq ("abst_T" "abst_T") "bool" 36 | 37 | $def "d1" (abst_different x y) (coq_builtins.bi__not_b (abst_equal x y)) 38 | $def "d2" (abst_lt x y) (coq_builtins.bi__not_b (abst_leq y x)) 39 | 40 | $hyp "h1" (A. ((x "abst_T") (A. ((y "abst_T") 41 | (=> (Is_true (abst_equal x y)) (Is_true (abst_equal y x))))))) 42 | 43 | $hyp "h2" (A. ((x "abst_T") (A. ((y "abst_T") 44 | (=> (Is_true (abst_equal x y)) (Is_true (abst_leq x y))))))) 45 | 46 | $hyp "h3" (A. ((x "abst_T") (A. ((y "abst_T") 47 | (\/ (Is_true (abst_leq x y)) (Is_true (abst_leq y x))))))) 48 | 49 | $hyp "h4" (A. ((x "abst_T") (A. ((y "abst_T") 50 | (=> (Is_true (abst_leq x y)) 51 | (=> (Is_true (abst_leq y x)) 52 | (Is_true (abst_equal x y)))))))) 53 | 54 | $goal 55 | (A. ((x "abst_T") (A. ((y "abst_T") 56 | (/\ (=> (Is_true (abst_lt x y)) 57 | (/\ (Is_true (abst_leq x y)) (Is_true (abst_different x y)))) 58 | (=> (Is_true (abst_leq x y)) 59 | (\/ (Is_true (abst_lt x y)) (Is_true (abst_equal x y))))))))) 60 | -------------------------------------------------------------------------------- /lexdk.mll: -------------------------------------------------------------------------------- 1 | (* Copyright 2005 INRIA *) 2 | (* Copyright 2014 Ali Assaf *) 3 | (* Copyright 2014 Raphaël Cauderlier *) 4 | { 5 | Version.add "$Id: lexdk.mll,v 1.16 2012-04-11 18:27:26 doligez Exp $";; 6 | 7 | open Parsedk 8 | let pos lexbuf = (Lexing.lexeme_start_p lexbuf, Lexing.lexeme_end_p lexbuf) 9 | 10 | } 11 | let id = (['_' '\'' '0'-'9' 'a'-'z' 'A'-'Z'])+ 12 | let qid = id '.' id 13 | let space = [' ' '\t'] 14 | 15 | rule token = parse 16 | | space { token lexbuf } (* skip blanks *) 17 | | '\n' { Lexing.new_line lexbuf; token lexbuf } 18 | | "(;" { comment (pos lexbuf) [] lexbuf } 19 | | "cc.uT" { TYPE } 20 | | "cc.eT" { TERM } 21 | | "cc.eP" { PROOF } 22 | | "cc.Arrow" { CCARR } 23 | | "dk_logic.true" { TRUE } 24 | | "dk_logic.false" { FALSE } 25 | | "dk_logic.not" { NOT } 26 | | "dk_logic.and" { AND } 27 | | "dk_logic.or" { OR } 28 | | "dk_logic.imp" { IMP } 29 | | "dk_logic.eqv" { EQV } 30 | | "dk_logic.equal" { EQUAL } 31 | | "dk_logic.forall" { ALL } 32 | | "dk_logic.exists" { EX } 33 | | "dk_logic.forall_type" { ALL_TYPE } 34 | | "dk_logic.exists_type" { EX_TYPE } 35 | | "dk_logic.eP" { PROOF } 36 | | "dk_logic.ebP" { ISTRUE } 37 | | "dk_builtins.prop" { PROP } 38 | | id as id { ID(id) } 39 | | qid as qid { QID(qid) } 40 | | ":" { COLON } 41 | | "." { DOT } 42 | | "=>" { DOUBLE_ARROW } 43 | | ":=" { DEF } 44 | | "(" { LPAREN } 45 | | ")" { RPAREN } 46 | | "[" { LBRACK } 47 | | "]" { RBRACK } 48 | | "," { COMMA } 49 | | "-->" { REW } 50 | 51 | | "(;_MUST_USE_;)" { MUSTUSE } 52 | | "%recursive" { RECURSIVE } 53 | 54 | | "%%begin-auto-proof" { BEGINPROOF } 55 | | "%%type:" { BEGIN_TY } 56 | | "%%begin-type-alias:" { BEGIN_TYPEALIAS } 57 | | "%%begin-variable:" { BEGIN_VAR } 58 | | "%%begin-hypothesis:" { BEGIN_HYP } 59 | | "%%end-type-alias" { END_TYPEALIAS } 60 | | "%%end-variable" { END_VAR } 61 | | "%%end-hypothesis" { END_HYP } 62 | | "%%name:" space* (id as name) space* { BEGINNAME name } 63 | | "%%" id ":" { BEGINHEADER } 64 | | "%%end-auto-proof" { ENDPROOF } 65 | 66 | | eof { EOF } 67 | | _ { raise (Error.Lex_error "Invalid character") } 68 | and comment current stack = parse 69 | | "(;" { comment (pos lexbuf) (current :: stack) lexbuf } 70 | | ";)" { match stack with [] -> token lexbuf | h :: t -> comment h t lexbuf } 71 | | '\n' { Lexing.new_line lexbuf; comment current stack lexbuf } 72 | | eof { raise (Error.Lex_error "This comment is not closed") } 73 | | _ { comment current stack lexbuf } 74 | -------------------------------------------------------------------------------- /step.ml: -------------------------------------------------------------------------------- 1 | (* Copyright 2004 INRIA *) 2 | Version.add "$Id: 42d799195152bef983a91fbd92bacad2da05218e $";; 3 | 4 | open Printf;; 5 | 6 | type condition = 7 | | Count of int * bool 8 | | String of string 9 | ;; 10 | 11 | let cond = ref (Count (0, false));; 12 | 13 | let str_tail s = 14 | String.sub s 1 (String.length s - 1) 15 | ;; 16 | 17 | let cmp_forms (f1, _) (f2, _) = 18 | compare (Index.get_number f1) (Index.get_number f2) 19 | ;; 20 | 21 | let print_forms b fgs = 22 | let f init (e, g) = 23 | bprintf b "%s[%d/%d]" init (Index.get_number e) g; 24 | Print.expr_soft (Print.Buff b) e; 25 | in 26 | match fgs with 27 | | [] | [_] -> List.iter (f "") fgs; 28 | | _ -> List.iter (f "\n ") fgs; 29 | ;; 30 | 31 | let rec pause () = 32 | eprintf " ###> "; 33 | flush stderr; 34 | let l = read_line () in 35 | let len = String.length l in 36 | if len = 0 then Count (0, false) 37 | else begin 38 | match l.[0] with 39 | | '0' .. '9' -> Count (int_of_string l, false) 40 | | '/' -> String (str_tail l) 41 | | '.' when len = 1 -> Count (0, true) 42 | | '.' -> Count (int_of_string (str_tail l), true) 43 | | 'q' -> failwith "exit" 44 | | 'd' -> 45 | eprintf "display current branch:\n"; 46 | let b = Buffer.create 1000 in 47 | print_forms b (List.sort cmp_forms (Index.get_all ())); 48 | Buffer.output_buffer stderr b; 49 | pause () 50 | | _ -> 51 | fprintf stderr "please type [.] or / or d or q\n"; 52 | flush stderr; 53 | pause () 54 | end 55 | ;; 56 | 57 | let b = Buffer.create 1000;; 58 | 59 | let ifstep action = 60 | if !Globals.debug_flag then begin 61 | match !cond with 62 | | Count (n, silent) when n > 0 -> 63 | if not silent then begin 64 | Buffer.reset b; 65 | action b; 66 | Buffer.output_buffer stderr b; 67 | eprintf "\n"; 68 | flush stderr; 69 | end; 70 | cond := Count (n-1, silent); 71 | | Count (_, _) -> 72 | Buffer.reset b; 73 | action b; 74 | Buffer.output_buffer stderr b; 75 | cond := pause (); 76 | | String s -> 77 | Buffer.reset b; 78 | action b; 79 | let msg = Buffer.contents b in 80 | Buffer.output_buffer stderr b; 81 | if Misc.occurs s msg then cond := pause () else eprintf "\n"; 82 | flush stderr; 83 | end; 84 | ;; 85 | 86 | let forms msg fs = 87 | ifstep (fun b -> 88 | bprintf b "#### %s: " msg; 89 | print_forms b fs; 90 | ) 91 | ;; 92 | 93 | let rule msg r = 94 | ifstep (fun b -> 95 | bprintf b "#### %s: " msg; 96 | Print.mlproof_rule_soft (Print.Buff b) r; 97 | bprintf b " "; 98 | ) 99 | ;; 100 | -------------------------------------------------------------------------------- /test/test34.znn: -------------------------------------------------------------------------------- 1 | ; Copyright 2006 INRIA 2 | ; $Id: test34.znn,v 1.7 2011-12-28 16:43:33 doligez Exp $ 3 | 4 | # file: species_general_set.foc 5 | # species: lattice 6 | # property: order_inf_is_transitive 7 | 8 | # (* to be proved *) 9 | # (x: abst_T) (y: abst_T) (z: abst_T) 10 | # ((Is_true ((abst_order_inf x y)) ))-> 11 | # ((Is_true ((abst_order_inf y z)) ))-> 12 | # (Is_true ((abst_order_inf x z)) ) 13 | # By 14 | # abst_inf_congruence: (x: abst_T) (y: abst_T) (z: abst_T) 15 | # ((Is_true ((abst_equal x y)) ))-> 16 | # (and (Is_true ((abst_equal (abst_inf x z) (abst_inf y z))) ) (Is_true 17 | # ((abst_equal (abst_inf z x) (abst_inf z y))) )) 18 | # abst_equal_transitive: (x: abst_T) (y: abst_T) (z: abst_T) 19 | # ((Is_true ((abst_equal x y)) ))-> 20 | # ((Is_true ((abst_equal y z)) ))-> 21 | # (Is_true ((abst_equal x z)) ) 22 | # abst_equal_symmetric: (x: abst_T) (y: abst_T) 23 | # ((Is_true ((abst_equal x y)) ))-> 24 | # (Is_true ((abst_equal y x)) ) 25 | # abst_inf_is_associative: 26 | # (x: abst_T) (y: abst_T) (z: abst_T) (Is_true 27 | # ((abst_equal (abst_inf (abst_inf x y) z) (abst_inf x (abst_inf y z)))) 28 | # ) 29 | # By def abst_order_inf:= [x: abst_T][y: abst_T](abst_equal x (abst_inf x y)) 30 | # (* Qed *). 31 | 32 | ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; 33 | ;; Zenon can't solve this problem yet ;; 34 | ;; hence the following line... ;; 35 | ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; 36 | $hyp "h00" F. 37 | 38 | $sig abst_T () "Type" 39 | $sig abst_equal ("abst_T" "abst_T") "bool" 40 | $sig abst_inf ("abst_T" "abst_T") "abst_T" 41 | 42 | $def "d" (abst_order_inf x y) (abst_equal x (abst_inf x y)) 43 | 44 | $hyp "abst_inf_congruence" 45 | (A. ((x "abst_T") (A. ((y "abst_T") (A. ((z "abst_T") 46 | (=> (Is_true (abst_equal x y)) 47 | (/\ (Is_true (abst_equal (abst_inf x z) (abst_inf y z))) 48 | (Is_true (abst_equal (abst_inf z x) (abst_inf z y))))))))))) 49 | 50 | $hyp "abst_equal_transitive" 51 | (A. ((x "abst_T") (A. ((y "abst_T") (A. ((z "abst_T") 52 | (=> (Is_true (abst_equal x y)) 53 | (=> (Is_true (abst_equal y z)) 54 | (Is_true (abst_equal x z)))))))))) 55 | 56 | $hyp "abst_equal_symmetric" 57 | (A. ((x "abst_T") (A. ((y "abst_T") 58 | (=> (Is_true (abst_equal x y)) (Is_true (abst_equal y x))))))) 59 | 60 | $hyp "abst_inf_is_associative" 61 | (A. ((x "abst_T") (A. ((y "abst_T") (A. ((z "abst_T") 62 | (Is_true (abst_equal (abst_inf (abst_inf x y) z) 63 | (abst_inf x (abst_inf y z)))))))))) 64 | 65 | $goal 66 | (A. ((x "abst_T") (A. ((y "abst_T") (A. ((z "abst_T") 67 | (=> (Is_true (abst_order_inf x y)) 68 | (=> (Is_true (abst_order_inf y z)) 69 | (Is_true (abst_order_inf x z)))))))))) 70 | -------------------------------------------------------------------------------- /lexzen.mll: -------------------------------------------------------------------------------- 1 | (* Copyright 2005 INRIA *) 2 | { 3 | Version.add "$Id: lexzen.mll,v 1.13 2012-04-11 18:27:26 doligez Exp $";; 4 | 5 | open Lexing;; 6 | open Parsezen;; 7 | open Printf;; 8 | 9 | } 10 | 11 | let newline = ('\010' | '\013' | "\013\010") 12 | let space = [' ' '\009' '\012'] 13 | let idstart = ['A'-'Z' 'a'-'z' '_' '0'-'9'] 14 | let idchar = ['A'-'Z' 'a'-'z' '0'-'9' '_' '\'' '.'] 15 | let stringchar = [^ '\000'-'\031' '\"' '\\' '\127'-'\255'] 16 | let hexdigit = ['0'-'9' 'A'-'F' 'a'-'f'] 17 | let stringescape = '\\' (['a' 'b' 'f' 'n' 'r' 't' 'v' '\'' '\"' '\\' '?'] | 18 | ('x' hexdigit hexdigit)) 19 | 20 | rule token = parse 21 | | '#' [^ '\010' '\013'] * { token lexbuf } 22 | | ';' [^ '\010' '\013'] * { token lexbuf } 23 | | newline { 24 | lexbuf.lex_curr_p <- { lexbuf.lex_curr_p with 25 | pos_bol = lexbuf.lex_curr_p.pos_cnum; 26 | pos_lnum = lexbuf.lex_curr_p.pos_lnum + 1; 27 | }; 28 | token lexbuf 29 | } 30 | | space + { token lexbuf } 31 | | "(" { OPEN } 32 | | ")" { CLOSE } 33 | | '$' ['0' - '9'] + { 34 | let s = Lexing.lexeme lexbuf in 35 | let i = int_of_string (String.sub s 1 (String.length s - 1)) in 36 | INT i 37 | } 38 | 39 | | "$def" { DEF } 40 | | "$fix" { FIX } 41 | | "$fixpoint" { FIXPOINT } 42 | | "$goal" { GOAL } 43 | | "$hyp" { HYP } 44 | | "$include" { INCLUDE } 45 | | "$indset" { INDSET } 46 | | "$indprop" { INDPROP } 47 | | "$let" { LET } 48 | | "$match" { MATCH } 49 | | "$self" { SELF } 50 | | "$sig" { SIG } 51 | 52 | | "-." { NOT } 53 | | "/\\" { AND } 54 | | "\\/" { OR } 55 | | "=>" { IMPLY } 56 | | "<=" { RIMPLY } 57 | | "<=>" { EQUIV } 58 | | "T." { TRUE } 59 | | "F." { FALSE } 60 | | "A." { ALL } 61 | | "E." { EX } 62 | | "t." { TAU } 63 | | "=" { EQUAL } 64 | 65 | | "\"" (stringchar | stringescape)* "\"" { 66 | let s = Lexing.lexeme lexbuf in 67 | STRING (String.sub s 1 (String.length s - 2)) 68 | } 69 | 70 | | "\"" (stringchar | stringescape)* "\\" stringchar { 71 | let s = Lexing.lexeme lexbuf in 72 | let msg = sprintf "bad escape in string: \\%c" s.[String.length s - 1] in 73 | raise (Error.Lex_error msg) 74 | } 75 | 76 | | "\"" (stringchar | stringescape)* "\\"? _ { 77 | let s = Lexing.lexeme lexbuf in 78 | let c = String.escaped (String.sub s (String.length s - 1) 1) in 79 | let msg = sprintf "bad character in string: %s" c in 80 | raise (Error.Lex_error msg) 81 | } 82 | 83 | | idstart idchar* { IDENT (Lexing.lexeme lexbuf) } 84 | 85 | | eof { EOF } 86 | | _ { 87 | let msg = sprintf "bad character %C" (Lexing.lexeme_char lexbuf 0) in 88 | raise (Error.Lex_error msg) 89 | } 90 | -------------------------------------------------------------------------------- /test/Makefile: -------------------------------------------------------------------------------- 1 | # Copyright 2004 INRIA 2 | # $Id: Makefile,v 1.14 2011-12-28 16:43:33 doligez Exp $ 3 | 4 | ZOPT = -q -max-time 10m -max-size 600M -x induct -x focal 5 | 6 | BENCH = test13.znn test16.znn test38.znn test41.znn test48.znn 7 | 8 | COQTEST = 00 01 02 04 05 06 07 08 09 \ 9 | 10 11 12 13 14 15 17 18 19 \ 10 | 21 22 23 24 25 26 27 28 29 \ 11 | 30 31 32 33 34 35 36 37 38 39 \ 12 | 41 42 43 44 45 46 47 48 49 \ 13 | 51 52 53 54 55 56 57 58 59 \ 14 | 60 61 62 63 64 65 66 67 68 69 \ 15 | 70 71 72 74 75 16 | 17 | COQTESTTERM = ${COQTEST} 18 | COQTESTSCRIPT = ${COQTEST} 19 | 20 | default: coq 21 | 22 | .PHONY: bench 23 | bench: 24 | @for i in ${BENCH}; do \ 25 | echo $$i' ' | tr -d '\n'; \ 26 | case $$i in *.znn) fmt=z;; *.coz) fmt=focal;; *.p) fmt=tptp;; esac; \ 27 | (/usr/bin/time -p sh -c "../zenon ${ZOPT} -i$$fmt $$i 2>&4" 2>&1 \ 28 | | while read k t; \ 29 | do case $$k in user) echo $$i $$t ' ';; esac; \ 30 | done) \ 31 | 4>&2; \ 32 | done 33 | 34 | .PHONY: test 35 | test: 36 | @for i in test[0-9]*; do \ 37 | echo $$i' ' | tr -d '\n'; \ 38 | case $$i in *.znn) fmt=z;; *.coz) fmt=focal;; *.p) fmt=tptp;; esac; \ 39 | if ../zenon ${ZOPT} -i$$fmt $$i; then \ 40 | : ; \ 41 | else \ 42 | echo $$i '>>> TEST FAILED <<<' ; \ 43 | exit 3 ; \ 44 | fi ; \ 45 | done; \ 46 | echo 47 | 48 | .PHONY: coqscript coqterm coq 49 | coqscript: basics.vo 50 | : testing script output 51 | @for n in ${COQTESTSCRIPT}; do \ 52 | i=`echo test$$n.*`; \ 53 | echo $$i' ' | tr -d '\n'; \ 54 | case $$i in *.znn) fmt=z;; *.coz) fmt=focal;; *.p) fmt=tptp;; esac; \ 55 | if ../zenon ${ZOPT} -i$$fmt $$i -ocoq -context -loadpath .. \ 56 | >tmp_test.v \ 57 | && (echo $$i '-> coqc' | tr -d '\n'; \ 58 | coqc -I .. tmp_test.v); then \ 59 | echo ' ' | tr -d '\n'; \ 60 | else \ 61 | echo $$i '>>> TEST FAILED <<<' ; \ 62 | exit 3 ; \ 63 | fi ; \ 64 | done; \ 65 | echo 66 | rm -f tmp_test.v tmp_test.vo 67 | 68 | coqterm: basics.vo 69 | : testing term output 70 | @for n in ${COQTESTTERM}; do \ 71 | i=`echo test$$n.*`; \ 72 | echo $$i' ' | tr -d '\n'; \ 73 | case $$i in *.znn) fmt=z;; *.coz) fmt=focal;; *.p) fmt=tptp;; esac; \ 74 | if ../zenon ${ZOPT} -i$$fmt $$i -ocoqterm -context -loadpath .. \ 75 | >tmp_test.v \ 76 | && (echo $$i '-> coqc' | tr -d '\n'; \ 77 | coqc -I .. tmp_test.v); then \ 78 | echo ' ' | tr -d '\n'; \ 79 | else \ 80 | echo $$i '>>> TEST FAILED <<<' ; \ 81 | exit 3 ; \ 82 | fi ; \ 83 | done; \ 84 | echo 85 | rm -f tmp_test.v tmp_test.vo 86 | 87 | coq: coqterm coqscript 88 | 89 | .SUFFIXES: .v .vo 90 | 91 | .v.vo: 92 | coqc -I .. $< 93 | 94 | basics.vo: coq_builtins.vo 95 | 96 | clean: 97 | rm -f tmp_test.v tmp_test.vo 98 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # ZENON 2 | 3 | Zenon is a first-order automated theorem prover based on the tableau method. 4 | It is used in the FoCaLiZe project. 5 | 6 | ## COPYRIGHT 7 | 8 | Under the new BSD License (see the file LICENSE for details) 9 | 10 | ## INSTALLATION 11 | 12 | ### DEPENDENCIES 13 | 14 | This depends on: 15 | - `OCaml >= 4.02.1` 16 | - `ZArith >= 1.3` 17 | - `Coq >= 8.0` 18 | - Graphviz (optional) 19 | 20 | ### COMPILATION 21 | 22 | In order to compile, use : 23 | 24 | ./configure 25 | make 26 | 27 | This should make available to you the `zenon` executable in the root directory. 28 | If you want to install the binary, then issue the following command: 29 | 30 | make install 31 | 32 | 33 | ## USAGE 34 | 35 | ### TPTP LIBRARY 36 | 37 | In order to use zenon on problems from the tptp problem library, be suze to use 38 | the `-itptp` option in order to set the corret input parser. A standard use of 39 | zenon would then look like this: 40 | 41 | ./zenon -itptp -max-time 60s -max-size 1G /path/to/tptp/problem.p 42 | 43 | ### ARITHMETIC 44 | 45 | In order to activate the arithmetic extension of zenon, you have to use the 46 | `-x arith` option. You should also use the `-k` option, in order to activate 47 | the arithmetic instantiation search. A usual use of zenon on an arithemtic 48 | problem would look like: 49 | 50 | ./zenon -itptp -max-time 60s -max-size 1G \ 51 | -k -x arith $TPTP/Problems/ARI/ARI001\=1.p 52 | 53 | ### COQ PROOFS 54 | 55 | In order to output checkable coq proofs, you have to use the `-ocoq` option. 56 | Additionally, you should use the `-context` and `-opt0` option. A complete 57 | execution of zenon and checking of the proof by the coq compiler afterwards 58 | would look like the following, assuming that your current working directory 59 | is the zenon root directory. 60 | 61 | ./zenon -itptp -max-time 5s -max-size 1G -k -x arith \ 62 | -ocoq -context -opt0 $TPTP/Problems/ARI/ARI001\=1.p > temp.v 63 | coqc -I ./ temp.v 64 | 65 | If no erros are produced, and the `coqc` command has return code `0`, it means 66 | everything went well and the proof has been accepted by the coq compiler. 67 | 68 | 69 | ## MISC 70 | 71 | ### VERSION NUMBER 72 | 73 | The version number starts from scratch fro this extension, but this extension 74 | will be merged into the main branch of Zenon sooner or later. 75 | 76 | ### LINEAR ARITHMETIC BENCHMARKS 77 | 78 | In the source directory, you will find a file `linear_ari_tptp.list`, which 79 | contains a list of linear problems of the `ARI` section of the tptp library. 80 | These problems only involve linear arithmetic, and do not use the `$to_int`, 81 | `$to_rat`, `$to_real`, `$is_int` or `$is_rat` functions and predicates. 82 | This is the list of files used to benchmark the arithmetic extension of zenon 83 | against the princess and beagle automated provers. 84 | 85 | ## CONTACT 86 | 87 | Guillaume Bury 88 | 89 | Mohamed Yacine EL HADDADD 90 | -------------------------------------------------------------------------------- /doc/zenon-logo.ps: -------------------------------------------------------------------------------- 1 | %! 2 | 3 | % Copyright 2004 INRIA 4 | % $Id: zenon-logo.ps,v 1.1 2006-02-28 14:33:28 doligez Exp $ 5 | 6 | % Use ghostscript to translate to png format: 7 | ( 8 | gs -q -sDEVICE=png16m -sOutputFile=zenon-logo.png -r720 -g2400x800 \ 9 | -dNOPAUSE -dBATCH zenon-logo.ps 10 | ) pop 11 | 12 | %%%% background 13 | 14 | /frametop 1 def 15 | /frameleft 1 def 16 | /frameright 2 def 17 | /framebottom 2 def 18 | 19 | 0 0 0 setrgbcolor 20 | 0 0 moveto 21 | 240 0 lineto 22 | 240 80 lineto 23 | 0 80 lineto 24 | closepath fill 25 | 26 | 1.0 0.95 0.67 setrgbcolor 27 | frameleft framebottom moveto 28 | 240 frameright sub framebottom lineto 29 | 240 frameright sub 80 frametop sub lineto 30 | frameleft 80 frametop sub lineto 31 | closepath fill 32 | 33 | %%%% arrow 34 | 35 | /x 23 def 36 | /y 62 def 37 | 38 | /arrow { 39 | gsave 40 | -10 5 rlineto 41 | 10 -5 rmoveto 42 | -10 -5 rlineto 43 | 10 5 rmoveto 44 | stroke 45 | grestore 46 | } def 47 | 48 | 1 setlinecap 49 | 2 setlinewidth 50 | 0.3 0.2 0.0 setrgbcolor 51 | newpath 52 | x y moveto 53 | 135 0 rlineto 54 | stroke 55 | 56 | 1 setlinewidth 57 | 0.2 0.2 0.2 setrgbcolor 58 | x y moveto arrow 59 | 5 0 rmoveto arrow 60 | 5 0 rmoveto arrow 61 | 62 | 0 0 0 setrgbcolor 63 | x y moveto 64 | 138 0 rmoveto 65 | -10 5 rlineto 66 | 5 -5 rlineto 67 | -5 -5 rlineto 68 | closepath fill 69 | 70 | 71 | %%%% turtle 72 | 73 | /x 174 def 74 | /y 57 def 75 | 76 | 0.0 0.2 0.0 setrgbcolor 77 | 78 | x y moveto 79 | -5 -2 rlineto 80 | 9 1 rlineto 81 | closepath fill 82 | 83 | x y moveto 84 | 6 -1 rmoveto 85 | -11 -4 -1 -9 4 -1 rcurveto 86 | closepath fill 87 | 88 | x y moveto 89 | 39 -1 rmoveto 90 | 11 -4 1 -9 -4 -1 rcurveto 91 | closepath fill 92 | 93 | x y moveto 94 | 45 0 rmoveto 95 | 4 5 4 5 6 4 rcurveto 96 | 4 0 4 4 0 5 rcurveto 97 | -3 1 -3 1 -9 -7 rcurveto 98 | closepath fill 99 | 100 | 0.1 0.5 0.1 setrgbcolor 101 | 102 | newpath 103 | x y moveto 104 | 15 15 30 15 45 0 rcurveto 105 | -15 -5 -30 -5 -45 0 rcurveto 106 | fill 107 | 108 | %%%% Text 109 | 110 | /x -3 def 111 | /y 10 def 112 | /ratio 0.5 def 113 | 114 | /kern1 1 def 115 | /kern2 -1 def 116 | /kern3 -3.5 def 117 | /kern4 -3.5 def 118 | /kern5 10 def 119 | 120 | 0 0 0 setrgbcolor 121 | x y moveto 122 | 123 | /Symbol findfont 48 scalefont setfont 124 | 125 | 4.55 1 scale 126 | (Z) show 127 | kern1 0 rmoveto 128 | ratio 1 scale 129 | (e) show 130 | kern2 0 rmoveto 131 | ratio 1 scale 132 | (n) show 133 | kern3 0 rmoveto 134 | ratio 1 scale 135 | (o) show 136 | kern4 0 rmoveto 137 | ratio 1 scale 138 | (n) show 139 | kern5 0 rmoveto 140 | ratio 1 scale 141 | (e) show 142 | kern1 0 rmoveto 143 | ratio 1 scale 144 | (l) show 145 | kern2 0 rmoveto 146 | ratio 1 scale 147 | 148 | % whatever... it's unreadable anyway 149 | 150 | (e) show 151 | kern3 0 rmoveto 152 | ratio 1 scale 153 | (a) show 154 | kern4 0 rmoveto 155 | ratio 1 scale 156 | (s) show 157 | kern5 0 rmoveto 158 | ratio 1 scale 159 | 160 | showpage 161 | -------------------------------------------------------------------------------- /log.mli: -------------------------------------------------------------------------------- 1 | (* 2 | Copyright (c) 2013, Simon Cruanes 3 | All rights reserved. 4 | 5 | Redistribution and use in source and binary forms, with or without 6 | modification, are permitted provided that the following conditions are met: 7 | 8 | Redistributions of source code must retain the above copyright notice, this 9 | list of conditions and the following disclaimer. Redistributions in binary 10 | form must reproduce the above copyright notice, this list of conditions and the 11 | following disclaimer in the documentation and/or other materials provided with 12 | the distribution. 13 | 14 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND 15 | ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 16 | WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 17 | DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE 18 | FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 19 | DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 20 | SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER 21 | CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 22 | OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 23 | OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 24 | *) 25 | 26 | (** {1 Some helpers} *) 27 | 28 | (** {2 Time facilities} *) 29 | 30 | (** time elapsed since start of program *) 31 | val get_total_time : unit -> float 32 | 33 | (** time at which the program started *) 34 | val get_start_time : unit -> float 35 | 36 | (** {2 Misc} *) 37 | 38 | (** Set debug level *) 39 | val set_debug : int -> unit 40 | 41 | (** Current debug level *) 42 | val get_debug : unit -> int 43 | 44 | (** Cleanup line before printing? *) 45 | val need_cleanup : bool ref 46 | 47 | val debug : int -> ('a, Buffer.t, unit, unit) format4 -> 'a 48 | (** debug message *) 49 | 50 | val pp_pos : Lexing.position -> string 51 | 52 | (** {2 Printing utils} *) 53 | 54 | (** print into a string *) 55 | val sprintf : ('a, Buffer.t, unit, string) format4 -> 'a 56 | 57 | val fprintf : out_channel -> ('a, Buffer.t, unit, unit) format4 -> 'a 58 | 59 | val printf : ('a, Buffer.t, unit, unit) format4 -> 'a 60 | val eprintf : ('a, Buffer.t, unit, unit) format4 -> 'a 61 | val on_buffer : (Buffer.t -> 'a -> unit) -> 'a -> string 62 | 63 | val pp_pair: ?sep:string -> (Buffer.t -> 'a -> unit) -> 64 | (Buffer.t -> 'b -> unit) -> Buffer.t -> ('a * 'b) -> unit 65 | 66 | val pp_opt : (Buffer.t -> 'a -> unit) -> Buffer.t -> 'a option -> unit 67 | 68 | (** print a list of items using the printing function *) 69 | val pp_list: ?sep:string -> (Buffer.t -> 'a -> unit) 70 | -> Buffer.t -> 'a list -> unit 71 | 72 | (** print an array of items with printing function *) 73 | val pp_array: ?sep:string -> (Buffer.t -> 'a -> unit) 74 | -> Buffer.t -> 'a array -> unit 75 | 76 | (** print an array, giving the printing function both index and item *) 77 | val pp_arrayi: ?sep:string -> (Buffer.t -> int -> 'a -> unit) 78 | -> Buffer.t -> 'a array -> unit 79 | -------------------------------------------------------------------------------- /run: -------------------------------------------------------------------------------- 1 | #/bin/bash -e 2 | 3 | # Arg option 4 | case $1 in 5 | test) 6 | echo "Testing ref tests" 7 | FILES=`find test/arith-*.t` 8 | ZINPUT=-itptp 9 | ;; 10 | real) 11 | echo "Testing tptp theorems..." 12 | FILES=`grep -l "Theorem" /home/guigui/build/tptp/Problems/ARI/*.p | xargs grep -l "real"` 13 | ZINPUT=-itptp 14 | ;; 15 | tptp) 16 | echo "Testing tptp theorems..." 17 | FILES=`grep -l "Theorem" /home/guigui/build/tptp/Problems/ARI/*.p` 18 | ZINPUT=-itptp 19 | ;; 20 | smt) 21 | echo "Testing smtlib problems..." 22 | FILES=`find /home/guigui/build/smtlib/ -name *.smt2` 23 | ZINPUT=-ismt 24 | ;; 25 | cs) 26 | echo "Testing counter-satisfiable problems..." 27 | FILES=`grep -L "Status : Theorem" /home/guigui/build/tptp/Problems/ARI/*.p` 28 | ZINPUT=-itptp 29 | ;; 30 | simon) 31 | echo "Testing simon's becnhes" 32 | FILES=`cat benchs/arith_problems` 33 | ZINPUT=-itptp 34 | ;; 35 | clean) 36 | rm -f temp.* 37 | rm -f test/*.gv test/*.svg 38 | rm -f /home/guigui/build/tptp/Problems/ARI/*.gv 39 | rm -f /home/guigui/build/tptp/Problems/ARI/*.svg 40 | exit 0 41 | ;; 42 | bench) 43 | echo "Benchmarking TPTP/ARI" 44 | FILES=`cat ~/benchs/ari.problems` 45 | ZINPUT=-itptp 46 | ;; 47 | *) 48 | FILES=$1 49 | ZINPUT=$2 50 | ;; 51 | esac 52 | 53 | # Testing all files in $FILES 54 | TEMP=./temp.v 55 | TOTAL=0 56 | SOLVED=0 57 | COQS=0 58 | ERRORS=0 59 | 60 | for f in $FILES 61 | do 62 | echo -ne "\r\033[K\e[32m$COQS proved\e[0m /\e[38m $SOLVED solved \e[0m / \e[35m$TOTAL total\e[0m" 63 | TOTAL=$(($TOTAL + 1)) 64 | ./zenon -p0 -max-time 5s -q -kf 5 -x arith $ZINPUT $f > /dev/null 2> /dev/null 65 | RET=$? 66 | if [ $RET -eq 0 ]; 67 | then 68 | SOLVED=$(($SOLVED + 1)) 69 | ./zenon -p0 -max-time 10s -q -odotd 50 -kall -x arith $ZINPUT $f > $f.gv 70 | dot -Tsvg $f.gv -o $f.svg 71 | ./zenon -p0 -max-time 10s -q -context -ocoq -opt0 -k -x arith $ZINPUT $f > $TEMP 2> /dev/null 72 | coqc -I ./ $TEMP > /dev/null 2> /dev/null 73 | if [ $? -eq 0 ]; 74 | then 75 | COQS=$(($COQS + 1)); 76 | echo -e "\r\033[K[PROOF FOUND] $f \e[32m[OK]\e[0m" 77 | else 78 | echo -e "\r\033[K\e[31m[PROOF FOUND] $f [KO]\e[0m" 79 | coqc -I ./ $TEMP 80 | fi 81 | # rm -f $TEMP 82 | elif [ $RET -eq 12 ] || [ $RET -eq 1 ] || [ $RET -eq 13 ]; 83 | then 84 | echo -e "\r\033[K\e[33m[NOT FOUND] $f \e[0m" 85 | : 86 | else 87 | ERRORS=$(($ERRORS + 1)) 88 | echo -e "\r\033[K\e[35m[ERROR $RET] $f \e[0m" 89 | ./zenon -max-time 5s -k -x arith $ZINPUT $f 90 | fi 91 | done 92 | echo -e "\r\033[K-----------------------------------" 93 | echo -ne "\e[32m$COQS proved\e[0m /\e[38m $SOLVED solved\e[0m / \e[35m$TOTAL total\e[0m" 94 | if [ $ERRORS -eq 0 ]; 95 | then 96 | echo "" 97 | else 98 | echo -e "\e[31m($ERRORS unknow errors)\e[0m" 99 | fi 100 | 101 | # Clean temporary files 102 | # rm -f $TEMP 103 | -------------------------------------------------------------------------------- /watch.ml: -------------------------------------------------------------------------------- 1 | (* Copyright 2005 INRIA *) 2 | Version.add "$Id: a4e6361cdfb2813eaad05b7a8a32642ea12b0749 $";; 3 | 4 | open Printf;; 5 | 6 | open Expr;; 7 | open Llproof;; 8 | (* open Namespace;; *) 9 | 10 | module HE = Hashtbl.Make (Expr);; 11 | let hyp_names = (HE.create 37 : string HE.t);; 12 | 13 | let used = (Hashtbl.create 37 : (string, unit) Hashtbl.t);; 14 | 15 | let test n = Hashtbl.mem used n;; 16 | let add n = if not (test n) then Hashtbl.add used n ();; 17 | 18 | let add_def p = 19 | match p.rule with 20 | | Rdefinition (_, s, _, _, _, _, _) -> add s 21 | | _ -> () 22 | ;; 23 | 24 | let add_expr e = 25 | try 26 | let name = HE.find hyp_names e in 27 | add name 28 | with Not_found -> () 29 | ;; 30 | 31 | let extract_name (p, _) = 32 | match p with 33 | | Phrase.Hyp (name, e, _) -> HE.add hyp_names e name 34 | | _ -> () 35 | ;; 36 | 37 | let dowarn kind name = 38 | let msg = sprintf "unused %s: %s" kind name in 39 | Error.warn msg; 40 | ;; 41 | 42 | let check (p, _) = 43 | match p with 44 | | Phrase.Hyp (name, _, _) when not (test name) -> dowarn "hypothesis" name 45 | | Phrase.Def (DefReal (_, s, _, _, _, _)) when not (test s) -> 46 | dowarn "definition" s 47 | | _ -> () 48 | ;; 49 | 50 | let has_deps pds = List.exists snd pds;; 51 | 52 | let warn phrases_dep p moreused = 53 | if !Error.warnings_flag && has_deps phrases_dep then begin 54 | let prf = Lazy.force p in 55 | Hashtbl.clear used; 56 | Hashtbl.add used Namespace.goal_name (); 57 | HE.clear hyp_names; 58 | List.iter extract_name phrases_dep; 59 | List.iter add_expr (Misc.list_last prf).proof.conc; 60 | Llproof.iter add_def prf; 61 | List.iter add moreused; 62 | List.iter check phrases_dep; 63 | end 64 | ;; 65 | 66 | 67 | let rec check_unused name e = 68 | match e with 69 | | Evar _ | Emeta _ | Etrue | Efalse 70 | -> () 71 | | Earrow _ -> assert false 72 | | Eapp (Evar("$fix",_), Elam (_, body, _) :: args, _) -> 73 | List.iter (check_unused name) (body :: args) 74 | | Eapp (_, args, _) -> List.iter (check_unused name) args; 75 | | Enot (e1, _) -> check_unused name e1; 76 | | Eand (e1, e2, _) | Eor (e1, e2, _) | Eimply (e1, e2, _) | Eequiv (e1, e2, _) 77 | -> check_unused name e1; check_unused name e2; 78 | | Eall (Evar (v, _) as var, e1, _) | Eex (Evar (v, _) as var, e1, _) 79 | | Etau (Evar (v, _) as var, e1, _) | Elam (Evar (v, _) as var, e1, _) 80 | -> 81 | if not (Misc.is_prefix Namespace.prefix v) 82 | && (String.length v < 1 || v.[0] <> '_') 83 | && not (List.mem v (get_fv e1)) 84 | then begin 85 | Error.warn (sprintf "unused variable (%s : %s) in %s" v (Print.sexpr (get_type var)) name); 86 | end; 87 | check_unused name e1; 88 | | Eall _ | Eex _ | Etau _ | Elam _ -> assert false 89 | ;; 90 | 91 | let warn_unused_var phr_dep = 92 | let f (p, _) = 93 | match p with 94 | | Phrase.Hyp (name, e, _) -> check_unused name e 95 | | Phrase.Def (DefReal (_, name, _, _, body, _)) -> check_unused name body 96 | | Phrase.Def (DefRec (_, name, _, _, body)) -> check_unused name body 97 | | Phrase.Def (DefPseudo _) -> assert false 98 | | Phrase.Sig _ -> () 99 | | Phrase.Inductive _ -> () 100 | | Phrase.Rew _ -> () 101 | in 102 | List.iter f phr_dep 103 | ;; 104 | -------------------------------------------------------------------------------- /dk_bool.dk: -------------------------------------------------------------------------------- 1 | #REQUIRE cc. 2 | 3 | (; Bool ;) 4 | (; Declaration ;) 5 | bool : cc.uT. 6 | Bool : Type. 7 | [] cc.eT bool --> Bool. 8 | 9 | (; Constructors ;) 10 | true : Bool. 11 | false : Bool. 12 | 13 | (; Pattern-matching ;) 14 | def match : 15 | P : (Bool -> cc.uT) -> 16 | cc.eT (P true) -> 17 | cc.eT (P false) -> 18 | b : Bool -> 19 | cc.eT (P b). 20 | [P : Bool -> cc.uT, 21 | Ht : cc.eT (P true), 22 | Hf : cc.eT (P false) ] 23 | match P Ht Hf true --> Ht 24 | [P : Bool -> cc.uT, 25 | Ht : cc.eT (P true), 26 | Hf : cc.eT (P false) ] 27 | match P Ht Hf false --> Hf. 28 | 29 | (; Operations ;) 30 | (; polymorphic if .. then .. else .. ;) 31 | def ite : 32 | A : cc.uT -> 33 | Bool -> 34 | cc.eT A -> 35 | cc.eT A -> 36 | cc.eT A. 37 | [ A : cc.uT, 38 | x : cc.eT A, 39 | y : cc.eT A, 40 | b : Bool ] 41 | ite A b x y 42 | --> 43 | match (b : Bool => A) x y b. 44 | 45 | def match__true : 46 | Bool -> 47 | A : cc.uT -> 48 | cc.eT A -> 49 | cc.eT A -> 50 | cc.eT A. 51 | [ A : cc.uT, b : Bool, t : cc.eT A, e : cc.eT A] 52 | match__true b A t e --> ite A b t e. 53 | 54 | def match__false : 55 | Bool -> 56 | A : cc.uT -> 57 | cc.eT A -> 58 | cc.eT A -> 59 | cc.eT A. 60 | [ A : cc.uT, b : Bool, t : cc.eT A, e : cc.eT A] 61 | match__false b A t e --> ite A b e t. 62 | 63 | (; boolean if .. then .. else .. ;) 64 | def iteb : Bool -> Bool -> Bool -> Bool 65 | := ite bool. 66 | 67 | (; negation ;) 68 | def not : Bool -> Bool. 69 | [] not true --> false 70 | [] not false --> true 71 | [ b : Bool ] not (not b) --> b. 72 | 73 | (; binary operators ;) 74 | def and : Bool -> Bool -> Bool. 75 | [ b : Bool ] and b true --> b 76 | [ b : Bool ] and true b --> b 77 | [ b : Bool ] and b false --> false 78 | [ b : Bool ] and false b --> false. 79 | 80 | def or : Bool -> Bool -> Bool. 81 | [ b : Bool ] or b true --> true 82 | [ b : Bool ] or true b --> true 83 | [ b : Bool ] or b false --> b 84 | [ b : Bool ] or false b --> b. 85 | 86 | def xor : Bool -> Bool -> Bool. 87 | [ b : Bool ] xor b true --> not b 88 | [ b : Bool ] xor true b --> not b 89 | [ b : Bool ] xor b false --> b 90 | [ b : Bool ] xor false b --> b. 91 | 92 | def imp : Bool -> Bool -> Bool. 93 | [ b : Bool ] imp b true --> true 94 | [ b : Bool ] imp true b --> b 95 | [ b : Bool ] imp b false --> not b 96 | [ b : Bool ] imp false b --> true. 97 | 98 | def eqv : Bool -> Bool -> Bool. 99 | [ b : Bool ] eqv b true --> b 100 | [ b : Bool ] eqv true b --> b 101 | [ b : Bool ] eqv b false --> not b 102 | [ b : Bool ] eqv false b --> not b. 103 | 104 | (; Associativity ;) 105 | [ b1 : Bool, b2 : Bool, b3 : Bool ] 106 | and b1 (and b2 b3) --> and (and b1 b2) b3. 107 | [ b1 : Bool, b2 : Bool, b3 : Bool ] 108 | or b1 (or b2 b3) --> or (or b1 b2) b3. 109 | [ b1 : Bool, b2 : Bool, b3 : Bool ] 110 | xor b1 (xor b2 b3) --> xor (xor b1 b2) b3. 111 | 112 | (; Distributivity ;) 113 | [ b1 : Bool, b2 : Bool, b3 : Bool ] 114 | and b1 (or b2 b3) --> or (and b1 b2) (and b1 b3). 115 | [ b1 : Bool, b2 : Bool, b3 : Bool ] 116 | and (or b1 b2) b3 --> or (and b1 b3) (and b2 b3). 117 | 118 | [ b1 : Bool, b2 : Bool ] 119 | not (and b1 b2) --> or (not b1) (not b2). 120 | [ b1 : Bool, b2 : Bool ] 121 | not (or b1 b2) --> and (not b1) (not b2). 122 | [ b1 : Bool, b2 : Bool ] 123 | not (xor b1 b2) --> eqv (not b1) (not b2). 124 | [ b1 : Bool, b2 : Bool ] 125 | not (eqv b1 b2) --> xor (not b1) (not b2). 126 | -------------------------------------------------------------------------------- /extension.ml: -------------------------------------------------------------------------------- 1 | (* Copyright 2004 INRIA *) 2 | Version.add "$Id: b972a3cc134b527b220b1e21c5af8ec4949a2f48 $";; 3 | 4 | open Mlproof;; 5 | open Printf;; 6 | 7 | type translator = 8 | (Expr.expr -> Expr.expr) -> 9 | Mlproof.proof -> (Llproof.prooftree * Expr.expr list) array -> 10 | Llproof.prooftree * Expr.expr list 11 | ;; 12 | type t = { 13 | name : string; 14 | newnodes : 15 | Expr.expr -> int -> (Expr.expr * Expr.goalness) list -> Node.node_item list; 16 | make_inst : Expr.expr -> Expr.expr -> Expr.goalness -> Node.node list; 17 | add_formula : Expr.expr -> unit; 18 | remove_formula : Expr.expr -> unit; 19 | iter_open : proof -> bool; 20 | preprocess : Phrase.phrase list -> Phrase.phrase list; 21 | add_phrase : Phrase.phrase -> unit; 22 | postprocess : Llproof.proof -> Llproof.proof; 23 | to_llproof : translator; 24 | declare_context_coq : out_channel -> unit; 25 | p_rule_coq : out_channel -> Llproof.rule -> unit; 26 | predef : unit -> string list; 27 | predecl : unit -> (string * Expr.expr) list; 28 | };; 29 | 30 | let theories = ref ([] : t list);; 31 | let active = ref ([] : t list);; 32 | 33 | let register t = theories := t :: !theories;; 34 | 35 | let activate name = 36 | try 37 | let t = List.find (fun t -> t.name = name) !theories in 38 | active := t :: !active; 39 | with Not_found -> 40 | Error.err (sprintf "no extension named %s" name); 41 | Error.err "The following extensions are available"; 42 | List.iter (fun e -> Error.err e.name) !theories; 43 | raise Not_found; 44 | ;; 45 | 46 | let is_active name = List.exists (fun x -> x.name = name) !active;; 47 | 48 | let rec find_extension name l = 49 | match l with 50 | | [] -> assert false 51 | | h::_ when h.name = name -> h 52 | | _::t -> find_extension name t 53 | ;; 54 | 55 | let get_prefix name = 56 | let rec spin n = 57 | if n >= String.length name then name 58 | else 59 | match name.[n] with 60 | | 'a' .. 'z' | 'A' .. 'Z' -> spin (n+1) 61 | | _ -> String.sub name 0 n 62 | in 63 | spin 0 64 | ;; 65 | 66 | let newnodes e g fms = 67 | List.map (fun ext -> ext.newnodes e g fms) (List.rev !active) 68 | ;; 69 | 70 | let make_inst sym m term g = 71 | let ext = get_prefix sym in 72 | if is_active ext 73 | then (find_extension ext !active).make_inst m term g 74 | else [] 75 | ;; 76 | 77 | let add_formula e = 78 | List.iter (fun t -> t.add_formula e) !active 79 | ;; 80 | 81 | let remove_formula e = 82 | List.iter (fun t -> t.remove_formula e) !active 83 | ;; 84 | 85 | let iter_open p = 86 | List.exists (fun x -> x) (List.map (fun t -> t.iter_open p) !active) 87 | ;; 88 | 89 | let preprocess l = 90 | List.fold_left (fun hyps ext -> ext.preprocess hyps) l (List.rev !active) 91 | ;; 92 | 93 | let add_phrase p = 94 | List.iter (fun ext -> ext.add_phrase p) (List.rev !active) 95 | ;; 96 | 97 | let postprocess p = 98 | List.fold_left (fun prf ext -> ext.postprocess prf) p !active 99 | ;; 100 | 101 | let to_llproof tr_expr node subs = 102 | match node.mlrule with 103 | | Ext (th, _, _) -> 104 | let t = find_extension th !active in 105 | t.to_llproof tr_expr node subs 106 | | _ -> assert false 107 | ;; 108 | 109 | let declare_context_coq oc = 110 | List.iter (fun ext -> ext.declare_context_coq oc) !active 111 | ;; 112 | 113 | let p_rule_coq ext oc r = 114 | (find_extension ext !active).p_rule_coq oc r 115 | ;; 116 | 117 | let predef () = 118 | List.flatten (["="] :: List.map (fun ext -> ext.predef ()) !active) 119 | ;; 120 | 121 | let predecl () = 122 | List.iter 123 | (fun ext -> 124 | List.iter 125 | Typer.declare_constant 126 | (ext.predecl ())) 127 | !active 128 | ;; 129 | -------------------------------------------------------------------------------- /arith.mli: -------------------------------------------------------------------------------- 1 | (* Copyright 2014 INRIA *) 2 | 3 | (* Module for arithemtic functions *) 4 | 5 | 6 | exception NotaFormula 7 | exception EndReached 8 | 9 | (* Type manipulation *) 10 | val type_int : Expr.expr 11 | val type_rat : Expr.expr 12 | val type_real : Expr.expr 13 | 14 | val mix_type : Expr.expr -> Expr.expr -> Expr.expr 15 | 16 | (* Q manipulation *) 17 | val is_z : Q.t -> bool 18 | val is_q : Q.t -> bool 19 | val floor : Q.t -> Q.t 20 | val ceil : Q.t -> Q.t 21 | 22 | (* Expression manipulation *) 23 | val comp_neg : string -> string 24 | 25 | val mk_int : string -> Expr.t 26 | val mk_rat : string -> Expr.t 27 | val mk_real : string -> Expr.t 28 | 29 | val is_num_string : string -> bool 30 | 31 | val is_int : Expr.expr -> bool 32 | val is_rat : Expr.expr -> bool 33 | val is_real : Expr.expr -> bool 34 | val is_num : Expr.expr -> bool 35 | 36 | (* Expression construction *) 37 | val mk_op : string -> Expr.expr -> Expr.expr -> Expr.expr 38 | val mk_ubop : string -> Expr.expr -> Expr.expr 39 | val mk_bop : string -> Expr.expr -> Expr.expr -> Expr.expr 40 | 41 | val const : string -> Expr.expr 42 | val sum : Expr.expr -> Expr.expr -> Expr.expr 43 | val diff : Expr.expr -> Expr.expr -> Expr.expr 44 | val uminus : Expr.expr -> Expr.expr 45 | val mul : Expr.expr -> Expr.expr -> Expr.expr 46 | val minus_one : Expr.expr -> Expr.expr 47 | val plus_one : Expr.expr -> Expr.expr 48 | 49 | val less : Expr.expr -> Expr.expr -> Expr.expr 50 | val lesseq : Expr.expr -> Expr.expr -> Expr.expr 51 | val greater : Expr.expr -> Expr.expr -> Expr.expr 52 | val greatereq : Expr.expr -> Expr.expr -> Expr.expr 53 | 54 | val arith_eq : Expr.expr -> Expr.expr -> Expr.expr 55 | 56 | val coerce : Expr.expr -> Expr.expr -> Expr.expr 57 | 58 | (* Formula manipulation *) 59 | val find_coef : Expr.t -> ('a * Expr.t) list -> 'a 60 | 61 | val fadd : (Q.t * Expr.t) list -> (Q.t * Expr.t) list -> (Q.t * Expr.t) list 62 | val fdiff : (Q.t * Expr.t) list -> (Q.t * Expr.t) list -> (Q.t * Expr.t) list 63 | val fmul : Q.t -> (Q.t * 'a) list -> (Q.t * 'a) list 64 | 65 | val fsep : (Q.t * Expr.t) list -> Expr.t -> Q.t * (Q.t * Expr.t) list 66 | val fis_tau : (Q.t * Expr.t) list -> bool 67 | val fis_meta : (Q.t * Expr.t) list -> bool 68 | 69 | val sanitize : (Q.t * 'a) list -> (Q.t * 'a) list 70 | val normalize : 71 | (Q.t * Expr.t) list -> (Q.t * Expr.t) list -> Q.t * (Q.t * Expr.t) list 72 | 73 | (* Conversion functions *) 74 | val of_cexpr : Expr.expr -> Q.t 75 | val of_nexpr : Expr.t -> (Q.t * Expr.t) list 76 | val of_bexpr : Expr.expr -> (Q.t * Expr.t) list * string * Q.t 77 | 78 | val is_bexpr : Expr.expr -> bool 79 | val is_rexpr : Expr.expr -> bool 80 | 81 | val to_nexpr : (Q.t * Expr.expr) list -> Expr.expr 82 | val to_bexpr : (Q.t * Expr.expr) list * string * Q.t -> Expr.expr 83 | 84 | val expr_norm : Expr.expr -> Expr.expr 85 | val norm_coef : Expr.expr -> Expr.expr 86 | 87 | val coqify : Expr.expr -> Expr.expr 88 | val coqify_term : Expr.expr -> Expr.expr 89 | val coqify_to_q : Expr.expr -> Expr.expr 90 | val coqify_to_r : Expr.expr -> Expr.expr 91 | 92 | (* Choice trees *) 93 | type 'a clist 94 | val cl_from_list : 'a list -> 'a clist 95 | val cl_to_list : 'a clist -> 'a list 96 | val cl_current : 'a clist -> 'a 97 | val cl_next : 'a clist -> unit 98 | val cl_reset : 'a clist -> unit 99 | 100 | type 'a ctree = { 101 | node : 'a clist; 102 | children : 'a ctree array; 103 | } 104 | 105 | val collapse : 'a ctree -> 'a ctree 106 | val reset : 'a ctree -> unit 107 | val next : 'a ctree -> unit 108 | val current : 'a ctree -> 'a list 109 | val ct_all : 'a ctree -> 'a list list 110 | val ct_from_ml : Mlproof.proof -> Expr.t ctree option 111 | val next_inst : Mlproof.proof -> Mlproof.proof 112 | 113 | val sctree : Expr.t ctree -> string 114 | 115 | (* Simplex solver helper *) 116 | type solution = 117 | | Unsat 118 | | Abstract of (Expr.t * Expr.t) list 119 | 120 | val try_solve : Expr.t list -> solution 121 | 122 | val solve_tree : Expr.t ctree -> solution 123 | 124 | 125 | -------------------------------------------------------------------------------- /log.ml: -------------------------------------------------------------------------------- 1 | (* 2 | Copyright (c) 2013, Simon Cruanes 3 | All rights reserved. 4 | 5 | Redistribution and use in source and binary forms, with or without 6 | modification, are permitted provided that the following conditions are met: 7 | 8 | Redistributions of source code must retain the above copyright notice, this 9 | list of conditions and the following disclaimer. Redistributions in binary 10 | form must reproduce the above copyright notice, this list of conditions and the 11 | following disclaimer in the documentation and/or other materials provided with 12 | the distribution. 13 | 14 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND 15 | ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 16 | WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 17 | DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE 18 | FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 19 | DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 20 | SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER 21 | CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 22 | OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 23 | OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 24 | *) 25 | 26 | (** {1 Some helpers} *) 27 | 28 | (** {2 Time facilities} *) 29 | 30 | (** Time elapsed since initialization of the program, and time of start *) 31 | let get_total_time, get_start_time = 32 | let start = Unix.gettimeofday () in 33 | (function () -> 34 | let stop = Unix.gettimeofday () in 35 | stop -. start), 36 | (function () -> start) 37 | 38 | (** {2 Misc} *) 39 | 40 | let clear_line () = 41 | output_string Stdlib.stdout 42 | "\r \r"; 43 | flush Stdlib.stdout 44 | 45 | 46 | let debug_level_ = ref 0 47 | let set_debug l = 48 | debug_level_ := l; 49 | if l > 0 then Printexc.record_backtrace true 50 | let get_debug () = !debug_level_ 51 | let need_cleanup = ref false 52 | let debug l format = 53 | let b = Buffer.create 15 in 54 | if l <= !debug_level_ 55 | then ( 56 | (if !need_cleanup then clear_line ()); 57 | Printf.bprintf b "%% [%.3f] " (get_total_time ()); 58 | Printf.kbprintf 59 | (fun b -> print_endline (Buffer.contents b)) 60 | b format) 61 | else 62 | Printf.ifprintf b format 63 | 64 | let pp_pos pos = 65 | let open Lexing in 66 | Printf.sprintf "line %d, column %d" pos.pos_lnum (pos.pos_cnum - pos.pos_bol) 67 | 68 | (** {2 Printing utils} *) 69 | 70 | let sprintf format = 71 | let buffer = Buffer.create 64 in 72 | Printf.kbprintf 73 | (fun _ -> Buffer.contents buffer) 74 | buffer 75 | format 76 | 77 | let fprintf oc format = 78 | let buffer = Buffer.create 64 in 79 | Printf.kbprintf 80 | (fun _ -> Buffer.output_buffer oc buffer) 81 | buffer 82 | format 83 | 84 | let printf format = fprintf stdout format 85 | let eprintf format = fprintf stderr format 86 | 87 | let on_buffer pp x = 88 | let buf = Buffer.create 24 in 89 | pp buf x; 90 | Buffer.contents buf 91 | 92 | let pp_pair ?(sep=" ") px py buf (x,y) = 93 | px buf x; 94 | Buffer.add_string buf sep; 95 | py buf y 96 | 97 | let pp_opt pp buf x = match x with 98 | | None -> Buffer.add_string buf "None" 99 | | Some x -> Printf.bprintf buf "Some %a" pp x 100 | 101 | (** print a list of items using the printing function *) 102 | let rec pp_list ?(sep=", ") pp_item buf = function 103 | | x::((_::_) as l) -> 104 | pp_item buf x; 105 | Buffer.add_string buf sep; 106 | pp_list ~sep pp_item buf l 107 | | x::[] -> pp_item buf x 108 | | [] -> () 109 | 110 | (** print an array of items using the printing function *) 111 | let pp_array ?(sep=", ") pp_item buf a = 112 | for i = 0 to Array.length a - 1 do 113 | (if i > 0 then Buffer.add_string buf sep); 114 | pp_item buf a.(i) 115 | done 116 | 117 | (** print an array of items using the printing function *) 118 | let pp_arrayi ?(sep=", ") pp_item buf a = 119 | for i = 0 to Array.length a - 1 do 120 | (if i > 0 then Buffer.add_string buf sep); 121 | pp_item buf i a.(i) 122 | done 123 | --------------------------------------------------------------------------------