1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
1.2 +++ b/doc-isac/CTP-userinterfaces.tex Tue Sep 17 09:50:52 2013 +0200
1.3 @@ -0,0 +1,445 @@
1.4 +\documentclass{article}
1.5 +\usepackage{a4}
1.6 +\usepackage{times}
1.7 +\usepackage{latexsym}
1.8 +\bibliographystyle{alpha}
1.9 +\usepackage{graphicx}
1.10 +
1.11 +\def\isac{${\cal I}\mkern-2mu{\cal S}\mkern-5mu{\cal AC}$}
1.12 +\def\sisac{{\footnotesize${\cal I}\mkern-2mu{\cal S}\mkern-5mu{\cal AC}$}}
1.13 +\def\Problem{ {\tt Problem }}
1.14 +
1.15 +\title{Userinterfaces for Computer Theorem Provers.\\
1.16 + Contributions to Isabelle
1.17 +}
1.18 +
1.19 +\author{G. Schafhauser, A. Schulhofer, M. Steger\\
1.20 +Knowledge Management Institute (KMI)\\
1.21 +TU Graz}
1.22 +
1.23 +\begin{document}
1.24 +\maketitle
1.25 +\abstract{
1.26 +This paper accompanies a pre-study on a sub-project planned within the \sisac-project. The goal of this sub-project is to extend the userinterface of the theorem prover Isabelle such, that Structured Derivations according to R.J.Back are interactively processed. The sub-project is one step towards using the upcoming Isabelle/Isar/Scala layer for \sisac.
1.27 +
1.28 +The paper comprises three parts: (1) Ample space is given to background information about the state of the art in user interfaces for theorem provers and about the upcoming requirements for future developments. (2) focuses the strategy of Isabelle and decisions in order to cope with future requirements. (3) provides a protocol of preparatory work for the sub-project.
1.29 +
1.30 +By the way, this paper shall serve as an entry point for students interested in joining the the work propared.}
1.31 +
1.32 +\section{Introduction}\label{intro}
1.33 +Computer Theorem Provers (CTPs \footnote{The term CTP is used to address two different things in this paper: (1) the academic discipline comprising respective theories as well as (2) the products developed within this discipline, the provers and the respective technology.}) have a tradition as long as Computer Algebra Systems (CAS), another kind of mathematics assistants. However, CTPs task of proving is more challenging than calculating; so, in contrary to CASs, CTPs are not yet in widespread use --- not yet, because CTPs are on the step into industrial use in the current decade: Safe-critical software requires to be proven correct more and more \cite{db:dom-eng}, and the technology of CTP becomes ready to accomplish the task of efficiently proving hundreds of proof obligations.
1.34 +
1.35 +The present shift of the predominant user group from academic experts to software engineers raises novel user requirements for graphical user interfaces (GUI) of CTP. CTPs will become components of integrated development environments, and the knowledge bases have to scale up to industrial size.
1.36 +
1.37 +Two issues are particularly challenging: First, future knowledge bases (containing specifications, programs, tests etc) will under joint construction of many engineers. So requirements concerning cooperative work arise as already known from distributed repositories and version management.
1.38 +
1.39 +Second, CTP tends to exhaust resources in memory and in run-time. So, CTP will take profit from multicore processors upcoming in this decade --- and CTP are best suited to meet the architectural challenges raised by parallel programming, since this kind of mathematics assistants generally follow rigorous architectural principles and are comparably easy to adapt to these challenges \cite{makarius:isa-scala-jedit}.
1.40 +
1.41 +\medskip The paper is organised as follows: First a survey on CTP is given, Sect.\ref{ctp-techn} introduces two prominent CTPs, Sect.\ref{gui-coq-isa} describes their present user interfaces and Sect.\ref{gui-requir} goes into details with the novel requirements mentioned. Then Isabelle's plans for re-designing the user interface are presented: Sect.\ref{ml-users} motivates the strategy of how to approach the users' world, Sect.\ref{scala-medi} describes the rather recent programming language Scala connecting the world of languages for mathematics with the users' world and Sect.\ref{actors} goes into details with Scala's actor library. Finally possible contributions of the \sisac-team at TUG are discussed and prerequisites for such contributions presented: Sect.\ref{struct-der} presents a format for calculations particularly appropriate for education, which requires CTP support, Sect.\ref{plugin} describes plug-in technology required and Sect.\ref{netbeans} notes crucial details of proper project set-up in an integrated development environment.
1.42 +
1.43 +%Georg
1.44 +\section{State of the art in CTP Interfaces}
1.45 +
1.46 +\subsection{A European technology: Coq and Isabelle}\label{ctp-techn}
1.47 +% http://en.wikipedia.org/wiki/Coq\\
1.48 +% http://coq.inria.fr/
1.49 +%
1.50 +% http://en.wikipedia.org/wiki/Isabelle\_(theorem\_prover)\\
1.51 +% http://isabelle.in.tum.de/index.html
1.52 +%
1.53 +%why math -- functional: some of the languages have been specifically designed for constructing software for symbolic computation (SC).
1.54 +%%+ required for \ref{ml-users}
1.55 +%
1.56 +%SC http://en.wikipedia.org/wiki/Symbolic\_computation
1.57 +%% mainly does not compute numerical values, but terms containing variables like functions (symbols)
1.58 +%
1.59 +%The LCF project
1.60 +%http://hopl.murdoch.edu.au/showlanguage.prx?exp=8177
1.61 +%specifically designed a 'meta language' (ML)
1.62 +%http://en.wikipedia.org/wiki/ML\_(programming\_language)
1.63 +%\cite{pl:milner97}
1.64 +%for developing CTP
1.65 +\subsubsection{Standard ML}
1.66 +Standard ML is a general-purpose, modular, functional programming language \cite{pl:milner97}.
1.67 +Programs written in Standard ML consist of expressions to be evaluated, as opposed to statements or commands.
1.68 +Functional programming languages constitute a family very different of object orientated languages, see Sect. \ref{ml-users}. ML originated from the LCF-project(Logic for Computable Functions)\cite{meta-Ml}, where it had been developed as a meta language. Since ML has been standardised this family of language is called Standard ML. Important for the logical foundation of SML is the $\lambda$-calculus.
1.69 +%http://en.wikipedia.org/wiki/Standard_M
1.70 +\subsubsection{Coq}
1.71 +Coq is an interactive theorem prover, developed in France.
1.72 +It is programmed in Objective Caml, an ML based programming language.
1.73 +It has the ability to express mathematical assertions and check proof of mathematical assertions.
1.74 +Furthermore Coq includes automatic theorem proving tactics and decision procedures.
1.75 +Properties, programs and proofs are written a functional programming language called the Calculus of Inductive Constructions (CIC).
1.76 +Proof development in Coq is done through a language of tactics that allows a user-guided proof process \cite{coq1999}.
1.77 +Another feature of Coq is “that it can automatically extract executable programs from specifications, as either Objective Caml
1.78 +or Haskell source code.“
1.79 +There are many easy-to-read introductions to Coq \footnote{http://coq.inria.fr/a-short-introduction-to-coq} on the internet.
1.80 +\subsubsection{Isabelle}
1.81 +Isabelle is an interactive theorem proving framework for high-level natural deduction proofs \cite{Paulson:Isa94}, written in Standard ML.
1.82 +Isabelle is developed at University of Cambridge, Technische Universit\"at M\"unchen
1.83 +and Universit\'e Paris-Sud. Isabelle is called a framework, because it implements several object logics.
1.84 +The most widespread logic of Isabelle is Isabelle/HOL, short for higher-order logic.
1.85 +Isabelle/HOL includes several specification tools, e.g. for data-types, inductive definitions and functions with complex pattern matching.
1.86 +Proofs are written in the structured proof language Isar \cite{wenzel:isar}.Isabelle implements several tools, e.g. a reasoner, a simplifier and powerful automatic provers(Sledgehammer), increase the user's productivity in theorem proving.
1.87 +Isabelle provides notational support: new notations can be introduced, using normal mathematical symbols.
1.88 +Definitions and proofs may include \LaTeX{} source, from which Isabelle can automatically generate typeset documents.
1.89 +Isabelle/HOL allows to turn executable specifications directly into code in SML, OCaml, and Haskell \cite{Haftmann-Nipkow:2010:code}.
1.90 +%(http://www.cl.cam.ac.uk/research/hvg/Isabelle/overview.html)
1.91 +\subsection{Userinterfaces for CTP: Coq and Isabelle}\label{gui-coq-isa}
1.92 +% CoqIDE, ..
1.93 +% http://coq.inria.fr/what-is-coq?q=node/57\\
1.94 +% earlier than Isabelle/jEdit
1.95 +%
1.96 +% ProofGeneral for Isabelle
1.97 +% http://proofgeneral.inf.ed.ac.uk/\\
1.98 +% emacs stone age ?
1.99 +\subsubsection{Coq Integrated Development Environment}
1.100 +CoqIDE\footnote{http://coq.inria.fr/V8.1/refman/Reference-Manual016.html}, short for Coq Integrated Development Environment, is a graphical interface for Coq. It is written in Ocaml.
1.101 +Its main purpose is to allow the user to navigate forward and backward into a Coq file,
1.102 +executing corresponding commands or undoing them respectively.
1.103 +There are several buffers for helping to write proof scripts.
1.104 +Among all these buffers, there is always one which is the current running buffer, whose name is displayed on a green background,
1.105 +which is the one where Coq commands are currently executed.
1.106 +CoqIDE provides also a feedback system for the user.
1.107 +Therefore the background is green when a command succeeds, otherwise an error message is displayed in the message window and the error location is underlined red.
1.108 +CoqIDE offers only basic editing commands, therefore it is possible to launch another more sophisticated text editor.
1.109 +Furthermore CoqIde provides a proof wizard “for automatically trying to solve the current goal using simple tactics.”
1.110 +Another features of this IDE are the customisation options, which can be accessed by the Edit menu.
1.111 +This allows the user to change the appearance of the IDE.
1.112 +
1.113 +
1.114 +\begin{figure}[htbp]
1.115 +\centering
1.116 +%\includegraphics[bb=0 0 10 10]{coqide.png}
1.117 +\includegraphics[scale=0.20]{fig/coqide}
1.118 +\caption{CoqIDE main screen}
1.119 +\end{figure}
1.120 +
1.121 +
1.122 +%(http://coq.inria.fr/V8.1/refman/Reference-Manual016.html)
1.123 +\subsubsection{Proof General for Isabelle}
1.124 +Proof General is a generic front-end for proof assistants \cite{Aspinall:2007:FIP:1420412.1420429}, based on the text editor Emacs.
1.125 +It has been developed at the University of Edinburgh with contributions from other sites.
1.126 +Proof General supports the following proof assistants: Isabelle, Coq, PhoX, LEGO.
1.127 +It is used to write proof scripts. A Proof Script is a sequence of commands sent to theorem prover.
1.128 +The communication between the user and the theorem prover takes place via two or more Emacs text widgets.
1.129 +Therefore the user sees only the output from the latest proof step.
1.130 +
1.131 +
1.132 +Isabelle/Isar\footnote{http://proofgeneral.inf.ed.ac.uk/} Proof General has full support for multiple file scripting, with dependencies between theories communicated between Isabelle and Proof General.
1.133 +There is full support for Unicode Tokens, using the Isabelle print mode for X Symbol tokens. Many Isabelle theories have X Symbol syntax already defined
1.134 +and it's easy to add to your own theories.
1.135 +%(http://proofgeneral.inf.ed.ac.uk/fileshow.php?file=releases%2FProofGeneral%2Fisar%2FREADME)
1.136 +\begin{figure}[htbp]
1.137 +\centering
1.138 +\includegraphics[scale=0.30]{fig/pgisabelle}
1.139 +\caption{Proof General for Isabelle}%
1.140 +\end{figure}
1.141 +
1.142 +\subsubsection{Isabelle/Jedit}
1.143 +jEdit is a text editor for programmers, written in Java.
1.144 +Compared to fully-featured IDEs, such as Eclipse or NetBeans, jEdit is much
1.145 +smaller and better focused on its primary task of text editing.
1.146 +The general look of the Isabelle/jEdit plug-in is similar to existing Java IDEs \cite{makarius:isa-scala-jedit}.
1.147 +The main Isabelle/jEdit plug-in consists of ten small Scala files that augment some key jEdit components in order to provide a metaphor of asynchronous proof document editing.
1.148 +Isabelle/jEdit integrates the jEdit 4.3.2 framework and some further jEdit plug-ins.
1.149 +It also implements custom-made 'IsabelleText Unicode' font that actually contains the usual Isabelle symbols that users expect from long
1.150 +years of Proof General X-Symbol support.
1.151 +The editor provides useful feedback, via semantic information from the processed document in the background.
1.152 +A lot of information can be directly attached
1.153 +to the source text, via colouring, tool-tips, pop-ups etc.
1.154 +
1.155 +\subsection{Upcoming requirements for userinterfaces in CTP}\label{gui-requir}
1.156 +% @ interaction close to tty (Telegraph)\\
1.157 +% BUT: separate parts in {\em one} proof could be processed in parallel
1.158 +%
1.159 +% @ http://www.informatik.uni-bremen.de/uitp/
1.160 +%
1.161 +% @ ... see\\
1.162 +% http://www4.in.tum.de/~wenzelm/papers/async-isabelle-scala.pdf,\\
1.163 +% http://www4.in.tum.de/~wenzelm/papers/parallel-isabelle.pdf
1.164 +"After several decades, most proof assistants are still centred around TTY-based interaction in a
1.165 +tight read-eval-print loop.
1.166 +All Emacs-based GUI's for CTPs follow this synchronous
1.167 +model based on single commands with immediate response, meaning that the editor waits for the
1.168 +prover after each command", according to \cite{makarius:isa-scala-jedit}. As to multicore politics of leading semiconductor chip manufacturer, parallelism in software technology has become an issue.
1.169 +Therefore the support of parallelism in CTP technology improves the performance and multiuser support.
1.170 +%So it is necessary to use proof documents instead of proof scripts.
1.171 +%Proof scripts are sequences of commands however proof documents are structured texts.
1.172 +%So the proof document idea seems to guarantee the perfect support for parallelism in the CTP technology.
1.173 +Proof language Isar is structured such, that different parts can be interpreted in parallel. For instance, some might employ an
1.174 +an automated prover for some minutes, while the user wants to proceed with other parts of the same proof.
1.175 +A well-established concept able to cope with such parallel processing in actors, as introduced by Erlang.
1.176 +This will be discussed in more detail in Sect. \ref{actors}
1.177 +
1.178 +
1.179 +%Andreas
1.180 +\section{Isabelle's plans for new userinterfaces}\label{gui-plans}
1.181 +
1.182 +The following observations lead to novel requirements for CTPS' userinterface:
1.183 +
1.184 +\begin{itemize}
1.185 +\item theorem proving will be integrated into software development
1.186 +\item hundreds of proof obligations are generated during a software verification process
1.187 +\item so the final goal of Isabelle's planning is integration with other software development tools in an integrated development environment (IDE)
1.188 +\item still many principal issues need to be clarified with respect to integration of CTP and other development tools. So engaging into details makes no sense at the present, and Isabelle will approach the final goal via experimental intermediate steps of integration
1.189 +\item favourite IDE is jEdit, because it is clearer than Eclipse or NetBeans. The reason behind this choice follows in section \ref{plugin}
1.190 +\end{itemize}
1.191 +
1.192 +These indicate design decisions are sketched in the sequel.
1.193 +
1.194 +\subsection{Connect ML-world to the users' world via JVM}\label{ml-users}
1.195 +In Sect.\ref{ctp-techn} reasons have been given, why mathematics software at the state-of-the-art cannot be written in Java or the like. On the other side, Sect.\ref{gui-requir} stated requirements for mathematical userinterfaces, which cannot be accomplished by ML-like languages. These requirements can be best accomplished by languages like Java, which have powerful libraries available for convenient assembly of GUIs.
1.196 +
1.197 +\paragraph{Example: a functional mathematics engine} as the experimental one in the \sisac-project is given by the following signature:
1.198 +{\it
1.199 +\begin{tabbing}
1.200 +\=xx\=xxxxxxxxxxxxxxxxxxxxxxxxx\=\kill
1.201 +\>signature INTERPRETER =\\
1.202 +\>sig\\
1.203 +\>\>type calcstate\\
1.204 +\>\>type step = formula * position * tactic\\
1.205 +\>\> \\
1.206 +\>\>val do\_next : program $\rightarrow$ calcstate $\rightarrow$ (calcstate * step)\\
1.207 +\>\>val apply\_tactic : program $\rightarrow$ calcstate $\rightarrow$ position $\rightarrow$ tactic $\rightarrow$ (calcstate * step list)\\
1.208 +\>\>val apply\_formula : program $\rightarrow$ calcstate $\rightarrow$ position $\rightarrow$ formula $\rightarrow$ (calcstate * step list)\\
1.209 +\>end
1.210 +\end{tabbing}}
1.211 +The three essential functions are \textit{do\_next}, which reads a \textit{program} for determining the next \textit{step} in a calculation, the function \textit{apply\_tactic}, which applies a \textit{tactic} input by the user to the current \textit{position} in a calculation and thus may produce a list of \textit{step}s and the function \textit{apply\_formula}, which applies an input \textit{formula} accordingly.
1.212 +
1.213 +Now, the point with functional programming is, that the functions do {\em not} cause persistent updates in some memory, rather: all three functions above take the current state of the calculation, \textit{calcstate}, as an argument and after they have done they work return the updated \textit{calcstate}.
1.214 +
1.215 +There are several advantages of this kind of programming: more straight forward verification, which is not discussed here, and other features. For instance, given the three functions above, it is easy to undo steps of calculations, or go back to an earlier step of calculations: one just needs to store the \textit{calcstate}s (in a list), even without knowing the details of the \textit{calcstate}, which thus can be encapsulated for internal access only.
1.216 +
1.217 +\paragraph{Example: an object-oriented wrapper} as required for embedding the above mathematics engine into an object-oriented system. Such a wrapper may look like this:
1.218 +{\footnotesize
1.219 +\begin{verbatim}
1.220 + public class Calcstate
1.221 + {
1.222 + private Program program_;
1.223 + private Tree<Step> calcstate_;
1.224 + private Position position_;
1.225 +
1.226 + public Calcstate(Program program) {...}
1.227 + public Step do_next() {...}
1.228 + public List<Step> apply_tactic(Tactic tactic) {...}
1.229 + public List<Step> apply_formular(Formular formular) {...}
1.230 + }
1.231 +\end{verbatim}
1.232 +}
1.233 +\subsection{Scala as a mediator between ML and JVM}\label{scala-medi}
1.234 +Scala \footnote{http://www.scala-lang.org} is a hybrid programming language. It combines object-oriented programming and functional programming. Scala runs on the Java Virtual Machine and is byte-code compatible with existing Java programs. The compilation model of Scala is nearly the same as the Java's model. So existing tools, libraries and applications can be used with Scala. The syntax of Scala is similar to Java and ML. A number of keywords plus the block syntax is adopted from Java and from ML the syntax for type annotation and declaration. The source-code is typically reduced, concisely and more compact compared to equivalent Java code \footnote{http://www.scalasolutions.com/scala}.
1.235 +
1.236 +Scala is pure object-oriented, this means every value is an object \cite{odersky:scala06}. The same is true for primitive data types, because compiler-generated byte code is using primitive data types. Known design patterns from OOP can be used with Scala as well. "Data types and behaviours of objects are described by classes and traits" \footnote{http://en.wikipedia.org/wiki/Scala\_(programming\_language)}. Traits not only consist of definitions, they also can contain implementations of methods. To avoid the problems of multiple inheritance, classes are able to extend various traits, this is a flexible mixin-based mechanism. The keyword Object is used to implement a Singleton-Class.
1.237 +
1.238 +In Scala every function is a value, hence Scala is also a functional language \cite{odersky:scala06}. Functions in Scala are first-class objects, this means it is possible to pass a function as a parameter, return a function from a subroutine, or assign to a variable. Scala also supports case classes, which are used for pattern matching. Case classes are regular classes which export their constructor parameters \footnote{http://de.wikipedia.org/wiki/Scala\_(Programmiersprache)}. Furthermore Scala allows functions to be nested.
1.239 +
1.240 +Scala is more statically typed than Java, but is able to infer types by usage. So most static type declarations are optional. This static type system ensures a safe and coherent use of abstraction. Scala supports \footnote{http://en.wikipedia.org/wiki/Scala\_(programming\_language)}:
1.241 +
1.242 +\begin{itemize}
1.243 +\item generic classes
1.244 +\item variance annotations
1.245 +\item upper and lower type bounds
1.246 +\item classes and abstract types as object members
1.247 +\item compound types
1.248 +\item explicitly typed self references
1.249 +\item views
1.250 +\item polymorphic methods
1.251 +\end{itemize}
1.252 +
1.253 +Static types need no explicit declaration but can be given to give the code some clarity.
1.254 +
1.255 +Scala supports threads, but the Scala library contains an actor model inspired from Erlang \cite{armstrong:erlang96}. Concurrency and Scala actors follow in the next section.
1.256 +
1.257 +\subsection{Support for parallel processing}\label{actors}
1.258 +Concurrency has lately become more and more attention, because multicore processors make concurrency very important for efficient program execution, by running multiple threads parallel and so concurrent programming gets indispensable and distributed computing, web services and mobile environments are naturally concurrent. A very attractive model is message-based concurrency, which is based on the actor model.
1.259 +
1.260 +An actor is a concurrent process that executes a function. The state of an actor gets never shared, so it doesn't need to compete for locks of shared data. Actors own a mailbox where incoming messages are stored in. A mailbox is mainly a queue with actors, which operate as several producers and one consumer. Actors share data by sending messages which are sent asynchronously. Messages are unchangeable, so they don't require a lock. By creating new actors, by sending messages to known actors, or changing its behaviour, an actor is able to reply to a message. The actor-based process is combined with pattern matching for messages.
1.261 +
1.262 +The Erlang programming language is a functional programming language that supports message-based concurrency, which operates with actors. It was developed for real-time control systems. Such systems are telephone exchanges, network simulators and distributed resource controllers \cite{scala:jmlc06}. These systems use a very popular lightweight implementation and a large number of concurrent processes, which can be active simultaneously.
1.263 +
1.264 +Operating system threads and threads of virtual machines are too heavyweight for the implementation of such processes. The standard concurrency for mainstream platforms were shared-memory threads with locks. Such a platform is the Java Virtual Machine (JVM), which suffers from high memory consumption and context-switching overhead.
1.265 +The most disadvantageous consequences are \cite{scala:jmlc06}:
1.266 +\begin{enumerate}
1.267 +\item quick exhaustion of virtual address space
1.268 +\item locking mechanisms often lack suitable contention managers
1.269 +\end{enumerate}
1.270 +
1.271 +For that reasons Erlang uses lightweight concurrent processes by its own run time system and not by the underlying operating system \cite{scala:jmlc06} and the computations on these platforms are often modelled in an event-driven style, which is complicated and error-prone.
1.272 +\paragraph{Two different strategies for concurrency} are being used for implementation. This two strategies often follow different programming models, the benefit of thread-based models is that they are easier to use, but they still suffer from the memory consumption and the context-switching. The event-based models are just the opposite of the thread-based, they are more efficient, but in massive designs they are very difficult.
1.273 +
1.274 +\subparagraph{Thread-based implementation:} The behaviour of a concurrent process is defined by implementing a thread-specific method. The execution state is maintained by an associated thread stack \cite{Haller:2009:SAU:1496391.1496422}.
1.275 +Supports blocking operations and can be executed on multicore processors in parallel.
1.276 +
1.277 +\subparagraph{Event-based implementation:} The behaviour is defined by a number of (non-nested) event-handlers which are called from inside an event loop. The execution state of a concurrent process is maintained by an associated record or object \cite{Haller:2009:SAU:1496391.1496422}. Targets to a large number of actor which can be active simultaneously, because they are more lightweight.
1.278 +
1.279 +\paragraph{Actors in Scala} are based on actors in Erlang. Scala uses the basic thread model of Erlang, but on the other hand all higher-level functions got implemented in the Scala library as classes or methods. The Scala-actors are a unification of the implementation models mentioned above and they are compatible with normal Virtual Machine (VM) thread. Normal VM threads can use the same communication and monitoring capabilities, because they are treated like an actor. A message-based concurrency seems to be more secure than shared-memory with locks, because accessing an actor's mailbox is race-free. The advantage of a implementation in a library is that it can be flexibly extended and adapted to new needs. The library makes use of Scala abstraction opportunities, like partial functions and pattern matching.
1.280 +
1.281 +The main idea of this model is that an actor is able to wait for a message by using two different operations, which try to remove a message from the current actor's mailbox. To do so, a partial function must be given to the operation, that specifies a set of message patterns. These are {\itshape receive} and {\itshape react}. 'An actor can suspend with a full thread stack (receive) or it can suspend with just a continuation closure (react)' \cite{Haller:2009:SAU:1496391.1496422}. The first operation of an actor to wait for an message is equal to thread-based programming and the second operation to event-based programming.
1.282 +
1.283 +\subparagraph{receive:} The current actor's mailbox get scanned and if there is one message which matches one of the patterns declared in the partial function, the message is removed from the mailbox and the partial function is applied to the message, the result is returned. The declaration of receive:
1.284 +$$\mathit{def}\;\mathit{receive}\mathit{[R]}(f: \mathit{PartialFunction}[Any, R]): \mathit{R}$$
1.285 +Otherwise the current thread blocks. Thus the receiving actor has the ability to execute normally when receiving a message which matches. Note that receive retains the complete call stack of the receiving actor; the actor’s behaviour is therefore a sequential program which corresponds to thread-based programming \cite{Haller:2009:SAU:1496391.1496422}.
1.286 +\subparagraph{react:} The action which is specified in the partial function is the last code that the current actor executes, if the message is matching. The declaration of react:
1.287 +$$\mathit{def}\;\mathit{react}(f: \mathit{PartialFunction}[Any, Unit]): \mathit{Nothing}$$
1.288 +The partial function gets registered by the current actor and the underlying thread gets released. React has the return type Nothing, this means that the method never returns normally. When the actor receives a matching message, the earlier registered partial function gets called and the actor's execution gets continued. The partial function f which corresponds to a set of event handlers \cite{Haller:2009:SAU:1496391.1496422}.
1.289 +
1.290 +For this implementation multiple actors are executed by multiple threads and therefore a thread pool is used. Whenever it is necessary the pool can be re sized, to support the operations of the thread-based and event-based model. If only operations of the event-based model are executed then the thread pool could be fixed. To avoid system-included deadlocks, if some actors use thread-based operations, the thread pool has to grow, because if there are outstanding tasks and every worker thread is occupied by a blocked actor, new threads are necessary.
1.291 +
1.292 +Since the communication between actors takes place through asynchronous message passing, asynchronous operations get executed, tasks have to be created and submitted to a thread pool for execution. A new task is created, when an actor spawns a new actor or a message, which enables an actor to continue, is send to an actor which is suspended in a react operation or by calling react, where a message can be immediately removed from the mailbox \cite{Haller:2009:SAU:1496391.1496422}.
1.293 +
1.294 +% Marco
1.295 +\section{Planned contributions at TU Graz}
1.296 +
1.297 +\subsection{Make Isabelle process structured derivations}\label{struct-der}
1.298 +Structured Derivations (SD) is a format for calculational reasoning, which has been established by \cite{back-grundy-wright-98}. This is an example calculation:
1.299 +{\it\begin{tabbing}
1.300 +123\=123\=123\=123\=123\=123\=123\=123\=123\=123\=123\=123\=\kill
1.301 +\> $\bullet$\> \Problem [ maximum\_by, calculus ]\\
1.302 +\>\> $\vdash$\> $A = 2\cdot u\cdot v - u^2$\\
1.303 +\>\> $\bullet$\> \Problem [make, diffable, funtion]\\
1.304 +\>\> \dots\> $\overline{A}(\alpha) = 8\cdot r^2\cdot\sin\alpha\cdot\cos\alpha - 4\cdot r^2\cdot(\sin\alpha)^2$\\
1.305 +\>\> $\bullet$\> \Problem [on\_interval, for\_maximum, differentiate, function]\\
1.306 +\>\>\> $\vdash$\> $\overline{A}(\alpha) = 8\cdot r^2\cdot\sin\alpha\cdot\cos\alpha - 4\cdot r^2\cdot(\sin\alpha)^2$\\
1.307 +\>\>\> $\bullet$\> \Problem [differentiate, funtion]\\
1.308 +\>\>\> \dots\> $\overline{A}^\prime(\alpha) = 8\cdot r^2\cdot(-(\sin\alpha)^2+(\cos\alpha)^2 - 2\cdot\sin\alpha\cdot\cos\alpha)$\\
1.309 +\>\>\> $\bullet$\> \Problem [on\_interval, goniometric, equation]\\
1.310 +\>\>\> \dots\> $\alpha = \tan^{-1}(-1+\sqrt{2})$\\
1.311 +\>\> \dots\> $\alpha = \tan^{-1}(-1+\sqrt{2})$\\
1.312 +\>\> $\bullet$\> \Problem [tool, find\_values]\\
1.313 +\>\> \dots\> [ $u=0.23\cdot r, \:v=0.76\cdot r$ ]\\
1.314 +\> \dots\> [ $u=0.23\cdot r, \:v=0.76\cdot r$ ] %TODO calculate !
1.315 +\end{tabbing}}
1.316 +The plan is to use the machinery provided Isabelle/Isar as a 'logical operating system' ~\cite{isar-impl} and adapt the machinery such that is accepts SC in parallel to the Isar proof language~\cite{wenzel:isar}.
1.317 +
1.318 +This plan involves the following details.
1.319 +
1.320 +\subsection{Add a plug-in to jEdit}\label{plugin}
1.321 + % file structure, copied from example project ...
1.322 +%Die von jEdit verfolgte Strategie im Bezug auf plug-in Management und natürlich generell die totale Offenlegegung des Codes ist für ein Projekt wie Isabelle und auch für das Isac-Project an der TU ideal. plug-ins lassen sich sehr einfach anfügen und durch die riesige Vielfalt von bereits bestehenden plug-ins ist auch die Adaption von plug-ins möglich bzw. zu empfehlen, denn warum sollte nicht bereits funktionierender Code verwendet werden?\\
1.323 +The importance of connecting the ML-world with the world of user interfaces has been is discussed in Sect.\ref{ml-users}. jEdit follows these lines, it is an open-source, Java-based text editor that works on Windows, Mac OS X, and Linux. A big advantage of jEdit is, that there is a very good and also simple way to use and write a plug-in. There are a lot of useful and powerful plug-ins available in the net and it is also possible to use a existing plug-in as part of a new one. Because of this facts, jEdit is very suitable for a project like Isabelle and also for the \sisac-project at TU-Graz.
1.324 +
1.325 +Each jEdit plug-in\footnote{To get more information about the jEdit infrastructure see: http://jedit.org/users-guide/plugin-intro} basically consists of source files, written in Java or Scala, XML-files and property files. The XML-Files are important for the administration of a plug-in and provides information like the name, author, ... of the plug-in. They are also containing small pieces of BeanShell code which is executed upon a user request. (Like pressing the 'start plugin' button.) So the XML-files provide the “glue” between user input and specific plug-in routines located in the source files. As you see, this files are used as interface between the plug-in and the jEdit engine itself.
1.326 +
1.327 +Based on the jEdit API, you are allowed to design your code quit freely and don't have to use a prescribed way to implement your ideas.
1.328 +
1.329 +
1.330 +%isabell plugin beschreiben!!!!!!!!
1.331 +The Isabelle-team also follow use this plug-in structure. In the next paragraph the involved files will be described. The jEdit-Isabelle plug-in consists of:
1.332 +\begin{itemize}
1.333 +\item 14 Scala-source-files
1.334 +\item 3 XML-files
1.335 +\item 1 property file
1.336 +\end{itemize}
1.337 +%Das vom Isabelle-Team erstellte jEdit plug-in folgt natürlich auch dem oben erklärten Muster. Es wird nun genauer auf dieses plug-in eingegangen. The plugin consits of 14 scala-source-files, three xml-files and one property-file.
1.338 +\begin{description}
1.339 +\item[Isabelle.props] The property-file \textit{Isabelle.props} contains general information about the Isabelle plug-in and the needed dependencies between Isabelle and the other used plug-ins like sidekick.
1.340 +\item[dockables.xml] The XML-file \textit{dockables.xml} is used to create the needed dock-able windows which are important to set up the GUI of the plug-in.
1.341 +\item[actions.xml] In the file \textit{actions.xml}, the dockable windows are added to the window-manager \textit{wm} and there is also some BeanShell-code to activate the Isabelle-GUI.
1.342 +\item[services.xml] The last XML-file is \textit{services.xml} and is used to create instances of needed jEdit plug-ins.
1.343 +\end{description}
1.344 +This four files are located in the folder \textit{plugin}.\\
1.345 +
1.346 +The more interesting files, the scala-files of the plug-in, can be found in the 'src/jedit'-directory. In this directory you can find the file \textit{Dummy.java} which is a dummy class and is simply used to make javadoc work. Just forget about this file. Also there is a folder/package \textit{jedit} which contains all Scala-source-files. Now it is time to take a closer look on the source-files:
1.347 +\begin{description}
1.348 +\item[plugin.scala] The file \textit{plugin.scala} is the main-file of the Isabelle plug-in and there are two important parts. First the \textit{Isabelle object}. This object contains data like name and path and also few basic functions. The second part is the \textit{class Plugin} which is derived from EBPlugin. Here the basic methods \textit{handleMessage}, \textit{start} and \textit{stop} are implemented. Each jEdit plug-in should have this methods because they are very important for the handling of the plug-in!
1.349 +\item[dockable.scala] jEdit and also the Isabelle plug-in work with dock-able windows. This means that you can move around each single window and dock it somewhere on the screen. So it is possible to customise the jEdit-GUI. To support this, the file \textit{dockable.scala} is needed. The file \textit{output-dockable.scala} is derived from \textit{dockable.scala} and is used to print the result/output in a dock-able window. The same thing with \textit{protocol-dockable.scala} and \textit{raw-output-dockable.scala}.
1.350 +\item[scala-console.scala] The next interesting file is \textit{scala-console.scala} with the main-class Scala-Console. This class is used to expand the Console plug-in in a way, that it is possible to interpret Scala-code with a Shell inside of jEdit.
1.351 +\item[isabelle-sidekick.scala] The file \textit{isabelle-sidekick.scala} is related to the file \textit{scala-console.scala} because it is also used to adapt the plug-in Sidekick for Isabelle.
1.352 +\item[document-model.scala, document-view.scala] The files \textit{document-model.scala} and \textit{document-view.scala} are used to connect the jEdit-buffer/the text-area to Isabelle. Both classes offer, upon others, methods to activate and deactivate this features.
1.353 +\end{description}
1.354 +There also some other source-files but they aren’t discussed here, because the main goal of this paragraph is to give a basic idea how a jEdit plug-in should be set up and the remaining files are not as important for the Isabelle plug-in structure.
1.355 +%\begin{itemize}
1.356 +%\item $html_panel.scala$
1.357 +%\item $isabelle_encoding.scala$
1.358 +%\item $isabelle_hyperlinks.scala$
1.359 +%\item $isabelle_options.scala$
1.360 +%\item $isabelle_token_maker.scala$
1.361 +%\item $isabelle_hyperlinks.scala$
1.362 +%\end{itemize}
1.363 +
1.364 +
1.365 +% Like each other jEdit-Plugin also this
1.366 +
1.367 +%Das Konzept des frei wählbaren Designs ist am Beginn villeicht etwas schwierig umzusetzten, da es leichter ist, sich irgendwo anzulehnen bzw. ein bereits bestehendes sowie funktionierendes Konzept zu übernehmen. So wurden auch die ersten Schritte an der TU gemacht. Zu diesem Zweck wurde das von den Entwicklern von jEdit zur Verfügung gestellte plugin 'QuickNotepad' übernommen und in Scala übersetzt. Obwohl Scala eng mit Java verknüpft ist, war doch einiges an 'rewritting' notwendig bis das Scala-plugin lauffähig wurde. Die benötigten XML-files konnten dazu nahezu unberührt gelassen werden.\\
1.368 +
1.369 +\subsection{Details of NetBeans projects}\label{netbeans}
1.370 +% Scala + Java: html project files
1.371 +As described in the last paragraph, jEdit is a open-source-project. The jEdit-developers use a NetBeans-project to produce the source-code and so it is beneficial to use a NetBeans project too, because there is a quite good documentation about setting up a NetBeans-project with the jEdit-source. See http://wiki.netbeans.org/NetbeansedJEdit for further information.\\\\
1.372 +If you want to set up a new jEdit plug-in project you have to attend that you have to create some source-files and that there must be a connection to the jEdit-source because you will need to exchange data with the jEdit engine. This could probably look like: \textit{jEdit.getProperty("options.isabelle.isabelle")}\\
1.373 +As shown above, the jEdit-source is needed to compile and build your plug-in. There are two ways to organise your project:
1.374 +\begin{itemize}
1.375 +\item with jEdit source code - two projects in one
1.376 +\item with jedit.jar library
1.377 +\end{itemize}
1.378 +\subsubsection{Plug-in with jEdit-source}
1.379 +It is a good way to download the jEdit source as NetBeans project because then it is possible to add another sub-project to the existing jEdit-NetBeans-project. As you see it is also possible to mix Scala and Java. A big advantage is, that debugging will now work really fine. If you want to set up a project like this, you should complete the following steps.
1.380 +\begin{enumerate}
1.381 +\item {Create a new NetBeans-project for your plug-in like \textit{example-plugin}. This will probably be a Scala-Project.}
1.382 +\item Download (and try out) the \textit{jEdit-NetBeans-project}
1.383 +\item at project \textit{example-plugin}: \textit{Project-browser} $\rightarrow$ Right-click at \textit{Libraries} $\rightarrow$ \textit{add Project...} and then choose the \textit{jEdit-NetBeans-project}.
1.384 +\item at project \textit{example-plugin}: \textit{Project-browser} $\rightarrow$ Right-click at project-name-label $\rightarrow$ \textit{Properties} $\rightarrow$ \textit{Run} $\rightarrow$ \textit{Main Class:} org.gjt.sp.jedit.jEdit
1.385 +\item compile and run
1.386 +\end{enumerate}
1.387 +
1.388 +\subsubsection{Plug-in with jedit.jar}
1.389 +It is also possible to use the \textit{jedit.jar} file. This file is already included in \$ISABELLE-HOME/contrib/jedit-4.3.2. Now you just have to follow this steps:
1.390 +\begin{enumerate}
1.391 +\item {Create a new NetBeans-project for your plug-in like \textit{example-plugin}. This will probably be a Scala-Project.}
1.392 +\item at project \textit{example-plugin}: \textit{Project-browser} $\rightarrow$ Right-click at \textit{Libraries} $\rightarrow$ \textit{add JAR/Folder...} and then choose the \textit{jedit.jar} file.
1.393 +\item at project \textit{example-plugin}: \textit{Project-browser} $\rightarrow$ Right-click at project-name-label $\rightarrow$ \textit{Properties} $\rightarrow$ \textit{Run} $\rightarrow$ \textit{Main Class:} org.gjt.sp.jedit.jEdit
1.394 +\item compile and run
1.395 +\end{enumerate}
1.396 +This are two different ways to get started. It is difficult to say what is better because both versions have advantages. Now it is time to start coding your own plug-in but there are still a few things to think about. Remember, that a plug-in consists of source-, XML- and property-files. On default, NetBeans will just pack the source-files in the \textit{example-plugin.jar}-package. So you have to add a copy/move-routine in the \textit{build.xml} file of your NetBeans-project to get a complemented package.
1.397 +\begin{itemize}
1.398 +\item $\langle target name="-pre-jar"\rangle$
1.399 +\item $ \langle copy $file="plugin/services.xml" todir="\${build.classes.dir}" $/\rangle$
1.400 +\item $ \langle copy $file="plugin/dockables.xml" todir="\${build.classes.dir}" $/\rangle$
1.401 +\item $ \langle copy $file="plugin/actions.xml" todir="\${build.classes.dir}" $/\rangle$
1.402 +\item $ \langle copy $file="plugin/Isabelle.props" todir="\${build.classes.dir}" $/\rangle$
1.403 +\item $ \langle /target\rangle$
1.404 +\end{itemize}
1.405 +%* kurze aufzählung der xml-netbeans-files + erklärung\\
1.406 +\subsubsection{NetBeans project files}
1.407 +As you see in the paragraph above, it is also important to have basic knowledge about NetBeans, the project structure and how to change the operational sequences. A typical NetBeans-project consist of the source- and library-files and administrative XML- and property-files. In this paragraph the administrative part of the project is of note. The most important file is \textit{build.xml}. This file can be found in the project directory. There is also a folder \textit{nbproject} which contains the remaining XML- and property-files and also a folder \textit{private}, where individual user information about the project is stored. The files in this \textit{private} folder are not important to describe (and they should not be pushed on the repository!).
1.408 +
1.409 +A build-file like \textit{build.xml} contains one project and at least one (default) target. Targets contain task elements. Each task element of the build-file can have an id attribute and can later be referred to by the value supplied to this. So the id has to be unique. Such targets can be "run", "debug", "build", ... and can have dependencies to other targets. Tasks define what should happen, if a target is executed. So like in the example above, the target is \textit{pre-jar}, that means that this things will happen before the jar-package is packed. The tasks of this target are copying some files into the package.
1.410 +
1.411 +The files inside the \textit{nbproject}-folder are not so important because some of it are generated from \textit{build.xml} and changes in this files are useless. Just the file project.properties is really interesting because this file gives a nice and tight overview about the project settings.
1.412 +
1.413 +\subsection{Use interfaces between Java and Scala}\label{java-scala}
1.414 +% how are data exchanged between Scala and Java ...
1.415 +jEdit is completely written in Java and the required plugin(s) for \sisac{ }will be coded in Scala - so there must be ways to exchange data between Java and Scala. One way is to connect this two worlds with the in 4.2 described XML-files. Here you need to use a third type of code to get an interface between Java and Scala code. But there is also a way to get a direct connection.
1.416 +
1.417 +This link should be shown on the graphic-library \textit{Swing}. In both languages it is possible to use Swing which provides a lot of different shapes and useful functionality. So there is a Java-Swing and also a Scala-Swing-library. Now it is interesting to examine the connection between this two libraries.
1.418 +
1.419 +In Scala a direct use of Java-Libs (like Java-Swing) is possible. So if you are Java-Programmer and want to use Java-Swing in Scala, you can simply type\\ \textit{import javax.swing.JButton}\footnote{http://download.oracle.com/javase/1.4.2/docs/api/javax/swing/JButton.html} to work with a Java-button. But you can also use the Scala-equivalent \textit{scala.swing.Button}\footnote{http://www.scala-lang.org/api/current/scala/swing/Button.html}. This two button-types will provide nearly the same functionality.
1.420 +
1.421 +So what is the idea of creating a nearly similar library a second time? Why have the Scala-developers done such extra work? The answer is, that they have tried to improve and simplify the usage of the Swing-library(and many other libs too!). So big parts of this Scala-Libraries are just Wrapper-objects, Wrapper-Classes and Wrapper-Methods of already existing parts in Java-Libraries. Needless to say that they also added new useful shapes and functionality.
1.422 +But there is one important question left: Is it possible to mix Scala- and Java-objects? And yes, it is possible. There is a really easy way to convert a Scala-object to the Java-equivalent:
1.423 +\begin{enumerate}
1.424 +\item \textit{import javax.swing.JButton}
1.425 +\item \textit{import scala.swing.Button}
1.426 +\item \textit{var b: scala.swing.Button}
1.427 +\item \textit{var jb: javax.swing.JButton}
1.428 +\item \textit{jb = b.peer}
1.429 +\end{enumerate}
1.430 +As the example above illustrates, a conversion of Scala- to Java-objects is possible. It looks easy but also a little bit useless. Why should you need this? Just imagine that there is a plug-in written in Scala and one coded in Java. With this connection between Scala and Java, it would be easy to connect this two plug-ins!
1.431 +%Diesen direkten Zusammenhang zwischen Java und Scala soll anhand der Grafik-Bibliotheken Swing. Beide Sprachen stellen diese Grafik-Bibliotheken zur Verfügung (und darin auch eigene Shapes und Funktionalität). Es ist jedoch möglich, Java-Bibliotheken, wie eben auch Java-Swing in Scala zu verwenden. Ein JButton kann zum Beispiel mittels \textit{import javax.swing.JButton} eingebunden und damit sofort auch verwendet werden. Auch Scala stellt in seiner Swing-Bibliothek zur Verfügung: \textit{scala.swing.Button}. Es wird nahezu die selbe Funktionalität angeboten und teilweise die Erzeugung bzw. Verwendung vereinfacht(???). Man kann sich nun fragen, warum sich die Scala-Entwickler einerseit die Mühe gemacht haben die Verwendung Java-Swing, wie in Java selbst, möglich zu machen und andererseits mit Scala-Swing eine nahezu idente Alternative geschaffen haben. Die Antwort darauf zeigt wie der objektorientierte Teil von Scala in vielen Bereichen aufgebaut wurden. Es wurde kein neues Konzept für diese Grafikklassen entworfen sondern Wrapper-Objekte/Methoden/Klassen erstellt, die das Arbeiten mit diesen Grafikkomponenten erleichtern soll. Ein Letztes Problem bleibt noch: Es ist zwar sehr einfach ein Java-Swing-Objekt an einen Scala-Swing-Container (zb. Frame) anzubinden, da eine Konvertierung von Java-Komponente in ein Scala-Äquivalent ist problemlos möglich. ...
1.432 +\section{Conclusion and future work}
1.433 +This paper collected background information on the topic of userinterfaces for theorem provers, which is not covered by the standard curriculum at Graz University of Technology: Computer theorem proving, respective interfaces and novel challenges for userinterfaces raised by integration of CTP into software engineering tools within the current decade.
1.434 +
1.435 +The general background information has been related to students' knowledge already gained during studies: functional and object-oriented programming paradigm, programming languages with focus on Scala and Scala's specific concept to handle asynchronous processing of proof documents, the concept of actors.
1.436 +
1.437 +An important part of the paper is a protocol of preparatory work already done on project-setup and software components required for the next goal which is: extend the theorem prover Isabelle with Structured Derivations.
1.438 +
1.439 +This part is considered an appropriate to start realising this goal and to prepare for future work, which will join the \sisac-project with front-of-the-wave technology in computer theorem proving and respective userinterfaces.
1.440 +
1.441 +\bigskip\noindent {\Large\textbf{Acknowledgements}}
1.442 +
1.443 +\medskip\noindent The authors thank the lecturer of 'Verfassen wissenschaftlicher Arbeiten' in winter semester 2010/11, Dipl.-Ing. Dr.techn. Markus Strohmaier, for his support on working on the topic they are interested in.\\
1.444 +The leader of the \sisac-project expresses his pleasure about the efficient collaboration between the institutes IICM and IST at TUG.
1.445 +
1.446 +\bibliography{CTP-userinterfaces}
1.447 +%\bibliography{bib/math-eng,bib/bk,bib/RISC_2,bib/isac,bib/pl,bib/math,bib/pl}
1.448 +\end{document}
1.449 \ No newline at end of file