Skip to content

Add correctness of the term creators in SMT/Factory.lean#1103

Merged
joscoh merged 15 commits into
mainfrom
jlee/smt-factory-correct
May 5, 2026
Merged

Add correctness of the term creators in SMT/Factory.lean#1103
joscoh merged 15 commits into
mainfrom
jlee/smt-factory-correct

Conversation

@aqjune-aws

@aqjune-aws aqjune-aws commented May 4, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

(Creating a new pull request because for some reason pushing to a branch didn't update #1088)

This proves that the term creators in SMT (which are also called 'Factory') are sound with respect to the denotational semantics. Initially the patch was defining a cleaner inductive predicate DenotePred that is analogous to denoteTerm but avoids carrying data structures that are necessary to construct the Lean goals.
However, this turned out to introduce a big amount of boilerplate code because soundness/completeness of DenotePred w.r.t. denoteTerm turned out to be very big proofs.
Instead, this pull request directly uses the denoteTerm and its family functions to state & prove correctnesses.

There is one operation in Factory.lean which could not be proven: quant. The quant operation does the following simplification: forall x, forall y, e ==> forall x y, e. Proving this was hard because the result of denoteTerm is TermDenoteResult ctx which is a dependent type (ctx : Context)... And rewriting the dependent type position was challenging.

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

@aqjune-aws aqjune-aws requested a review from a team May 4, 2026 15:44
@github-actions github-actions Bot added the SMT label May 4, 2026
joscoh
joscoh reviewed May 4, 2026
View reviewed changes

@joscoh joscoh left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Haven't gone through it all yet but I'd love to know your thoughts on whether the theorem conclusions should be existentially quantified or direct.

Comment thread Strata/DL/SMT/FactoryCorrect.lean Outdated
Comment thread Strata/DL/SMT/FactoryCorrect.lean Outdated
Comment thread Strata/DL/SMT/FactoryCorrect.lean
tautschnig
tautschnig reviewed May 5, 2026
View reviewed changes
Comment thread Strata/DL/SMT/FactoryCorrect.lean Outdated
Comment thread Strata/DL/SMT/Denote.lean Outdated
Comment thread Strata/DL/SMT/Factory.lean
Comment thread Strata/DL/SMT/FactoryCorrect.lean
@tautschnig tautschnig mentioned this pull request May 5, 2026
Merged
@tautschnig tautschnig assigned joscoh and unassigned aqjune-aws May 5, 2026
joscoh
joscoh approved these changes May 5, 2026
View reviewed changes

@joscoh joscoh left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I like how nice the theorem statements turn out!

@joscoh joscoh added this pull request to the merge queue May 5, 2026
Merged via the queue into main with commit f345bfa May 5, 2026
22 checks passed
@joscoh joscoh deleted the jlee/smt-factory-correct branch May 5, 2026 18:19
@aqjune-aws aqjune-aws restored the jlee/smt-factory-correct branch May 6, 2026 15:56
@aqjune-aws aqjune-aws deleted the jlee/smt-factory-correct branch June 4, 2026 21:21
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@tautschnig tautschnig tautschnig approved these changes

@joscoh joscoh joscoh approved these changes

Assignees

@joscoh joscoh

Labels

SMT

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@aqjune-aws @tautschnig @joscoh