[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: [mizar] PVS GPLed

To: mizar-forum@mizar.uwb.edu.pl
Subject: Re: [mizar] PVS GPLed
From: Josef Urban <urban@ktilinux.ms.mff.cuni.cz>
Date: Tue, 16 Sep 2008 16:31:44 +0200 (CEST)



On Tue, 16 Sep 2008, Freek Wiedijk wrote:

I like the "small kernel" approach of HOL Light (or was it already LCF?),


Yes, LCF already I think.

and think that it is really very useful and "trust-encouraging". But I
think it still requires quite some trust, assumptions, and knowledge about
the implementation, when you say that thousands of additional lines of
code "are safe" provided the small kernel is.


Why?  When in HOL I have an object of ML type "thm", I _know_
that the statement of that theorem will be provable in the
HOL logic.  (Provided that there are no bugs in the kernel,
of course.)  It's the power of abstract datatypes.  So what
are the assumptions and knowledge of the implementation
that you're referring to?

You e.g. "know or assume" that there are no ways how to shadow the "MLtype thm" in the rest of code, and in case there are some ways, you knowthe implementation enough to say that they are not used. I know neitherthe various ML dialects, nor their parsers/preprocessors, nor theimplementation. Maybe my concern can be trivially dismissed by more

knowledgable people, but I'd have to trust them :-).

Josef

Follow-Ups:
- Re: [mizar] PVS GPLed
  - From: Freek Wiedijk <freek@cs.ru.nl>

References:
- Re: [mizar] PVS GPLed
  - From: Robert Boyer <boyer@cs.utexas.edu>
- Re: [mizar] PVS GPLed
  - From: Josef Urban <urban@ktilinux.ms.mff.cuni.cz>
- Re: [mizar] PVS GPLed
  - From: Freek Wiedijk <freek@cs.ru.nl>
- Re: [mizar] PVS GPLed
  - From: Josef Urban <urban@ktilinux.ms.mff.cuni.cz>
- Re: [mizar] PVS GPLed
  - From: Freek Wiedijk <freek@cs.ru.nl>

Prev by Date: Re: [mizar] PVS GPLed
Next by Date: Re: [mizar] PVS GPLed
Index(es):
- Chronological
- Thread