A New Face for Ergo: Adding a User Interface to a Programmable Theorem Prover

Abstract

We describe some of the technology we used to build a user interface for a programmable theorem prover. By separating the user interface from the application itself, it is possible to experiment with new interface features very easily, without compromising the soundness of the proof tool. INTRODUCTION In this paper, we describe some of the technology that allowed us to construct a workable user interface for a programmable theorem prover in a very short time. The theorem prover is Ergo [1, 2], which is a termrewriting theorem prover using a proof paradigm called window inference [3, 4]. Ergo is constructed in a way that allows programmers to easily add new theory management and proof commands, and even new commandline interfaces, without disturbing a trusted theoremproving core. The `outer levels' of our user interface were written in Emacs [5]. We hope that our positive experience with Emacs as an interface building tool will encourage other software engineers to attempt similar projects, and that the simple ideas we use for communication can be adapted to suit the requirements of other systems. First, we describe the essential features of the architecture of Ergo and of the window inference proof paradigm upon which Ergo is based. We also discuss Ergo's default command-line interface and the facilities it provides to assist with nding proofs, and identify some of its shortcomings. Then, we describe the features of the customizable editor, Emacs, that we used to construct our interface. Finally, we describe the very simple protocols used to connect Ergo and Emacs, and summarize some of the features of the Ergo-Emacs proof tool. ERGO The Ergo theorem prover was designed and implemented in the Software Veri cation Research Centre at the University of Queensland. The mission of the Centre is to create improved methods and tools for supporting the development of high-integrity software systems. In the main, these methods are formal, and involve precise mathematical speci cation, validation and formal transformation to code. All these activities become practical only with the support of a good interactive theorem proving tool, and the Ergo tool has been developed under the auspices of several S.V.R.C. projects. Layered Design Because Ergo forms the basis of so many of our formal development tools, it is important that Ergo can be trusted. Ideally, the proof tool should itself be developed formally, from a speci cation of the desired behaviour, through validation that the speci cation indeed captures the requirements correctly, to a veri ed, executable implementation. Unfortunately, such a largescale formal development is infeasible with current technology; indeed, that development is the problem being addressed by the research that Ergo is intended to support. Thus, Ergo itself has been designed and developed using traditional software engineering techniques. To enhance the trustability of the complete proof tool, its design is layered (Figure 1). The proof engine itself is a relatively small core of Ergo, and is amenable to formal veri cation. It is this core that must be trusted to be sound (accepting only correct proofs of valid theorems). The proof engine of Ergo supports the window inference proof paradigm, which we shall brie y describe shortly. Slightly less critical is the theory database, which is Ergo's repository of information about object logics. It is essential that facts put into the theory database are retrieved without corruption. On the other hand, the theory organization and search facilities that the database supports are less critical, as failure to nd a fact might prevent a proof from being completed, but can never result in an invalid proof. The next layer contains tactics [6] (untrusted, userwritable code) that implement the command-line interfaces for constructing the theory database and for Emacs Interface Tactics Proof Tactics Theory Database Proof Engine Proof Interface Tactics

1 Figure or Table

Cite this paper

@inproceedings{Utting1995ANF, title={A New Face for Ergo: Adding a User Interface to a Programmable Theorem Prover}, author={Mark Utting and Ray Nickson}, year={1995} }