{"id":14966295,"url":"https://github.com/uwplse/pumpkin-patch","last_synced_at":"2025-07-31T02:41:36.199Z","repository":{"id":53586004,"uuid":"106067325","full_name":"uwplse/PUMPKIN-PATCH","owner":"uwplse","description":"Proof Updater Mechanically Passing Knowledge Into New Proofs, Assisting The Coq Hacker","archived":false,"fork":false,"pushed_at":"2024-07-17T09:35:45.000Z","size":1809,"stargazers_count":51,"open_issues_count":46,"forks_count":2,"subscribers_count":9,"default_branch":"master","last_synced_at":"2025-06-01T00:02:31.332Z","etag":null,"topics":["coq","coq-plugin","proof-automation","proof-repair","pumpkin-patch"],"latest_commit_sha":null,"homepage":null,"language":"OCaml","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/uwplse.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2017-10-07T02:58:24.000Z","updated_at":"2024-10-07T23:27:51.000Z","dependencies_parsed_at":"2024-09-02T17:48:02.222Z","dependency_job_id":"17cbb6e1-5bef-4150-a9be-96d3618cd120","html_url":"https://github.com/uwplse/PUMPKIN-PATCH","commit_stats":null,"previous_names":[],"tags_count":5,"template":false,"template_full_name":null,"purl":"pkg:github/uwplse/PUMPKIN-PATCH","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/uwplse%2FPUMPKIN-PATCH","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/uwplse%2FPUMPKIN-PATCH/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/uwplse%2FPUMPKIN-PATCH/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/uwplse%2FPUMPKIN-PATCH/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/uwplse","download_url":"https://codeload.github.com/uwplse/PUMPKIN-PATCH/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/uwplse%2FPUMPKIN-PATCH/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":267978187,"owners_count":24175250,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-07-31T02:00:08.723Z","response_time":66,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["coq","coq-plugin","proof-automation","proof-repair","pumpkin-patch"],"created_at":"2024-09-24T13:36:10.543Z","updated_at":"2025-07-31T02:41:36.032Z","avatar_url":"https://github.com/uwplse.png","language":"OCaml","funding_links":[],"categories":[],"sub_categories":[],"readme":"Welcome to the PUMPKIN PATCH proof repair plugin suite!\nThis plugin suite is a collection of plugins for maintaining proofs as\nspecifications change over time:\n\n* PUMPKIN PATCH ([paper](http://tlringer.github.io/pdf/pumpkinpaper.pdf), [talk video](http://www.youtube.com/watch?v=p-V9oerg5DU)): example-based proof repair\n* PUMPKIN Pi (formerly DEVOID) ([ITP 2019 paper](http://tlringer.github.io/pdf/ornpaper.pdf), [standalone plugin](https://github.com/uwplse/ornamental-search), [ITP 2019 talk video](http://www.youtube.com/watch?v=wIuBlOu1IC4), [PLDI 2021 draft](https://arxiv.org/abs/2010.00774)): proof repair across type equivalences (originally just a specific case of this, but since extended)\n\nIn addition, this plugin suite includes some development tools, like\nthe [fix-to-elim](https://github.com/uwplse/fix-to-elim) plugin for automatic\nfixpoint translation, that may be useful for plugin developers and Coq\ncontributors more broadly. We discuss these briefly at the end of the document.\n\nAll of these tools, including DEVOID, are included as dependencies of the \nmain PUMPKIN PATCH plugin, so you can use both at the same time.\n**More information on using PUMPKIN Pi (formerly DEVOID)\ncan be found in the the standalone plugin repository. The remainder of this\ndocument will focus on how to use the main PUMPKIN PATCH plugin.**\nWe hope to add an example of using these both together soon.\n\n# PUMPKIN PATCH for Users\n\nThis is a prototype plugin for finding patches for broken Coq proofs.\nTo use PUMPKIN, the programmer modifies a single proof script to provide \nan _example_ adaptation of a proof to a change. PUMPKIN generalizes this example \ninto a _reusable patch_ which can be used to fix other broken proofs.\n\nReading the [paper](http://tlringer.github.io/pdf/pumpkinpaper.pdf) may help if you are interested\nin understanding the internals of the tool. The paper links to a release that captures\nthe code as it was when we wrote the paper. The [talk video](http://www.youtube.com/watch?v=p-V9oerg5DU)\nmay also be helpful.\n\n## Building PUMPKIN\n\nThe plugin works for Coq 8.9.1. There are branches for Coq 8.5, 8.6, and 8.8, which we are no\nlonger maintaining.\n\n```\ncd plugin\n./build.sh\n```\n\nIf you would like to use PUMPKIN in all of your developments, add this line:\n\n```\nRequire Import Patcher.Patch.\n```\nto the beginning of your [coqrc](https://coq.inria.fr/refman/practical-tools/coq-commands.html#by-resource-file) resource file. Otherwise, you will want to write this line whenever you use PUMPKIN within a file.\n\n## Using PUMPKIN\n\nWe will walk through a simple example. You can follow along this example\nby looking at the code in [Example.v](/plugin/coq/Example.v).\n\nSuppose you have proven a theorem `old1`:\n\n```\nTheorem old1:\n  forall (n m p : nat),\n    n \u003c= m -\u003e\n    m \u003c= p -\u003e\n    n \u003c= p + 1.\nProof.\n  ...\nQed.\n```\n\nYou then realize that the conclusion of `old1` is weak, so you strengthen it\nto the theorem `new1`:\n\n```\nTheorem new1:\n  forall (n m p : nat),\n    n \u003c= m -\u003e\n    m \u003c= p -\u003e\n    n \u003c= p.\nProof.\n  ...\nQed.\n```\n\nYou would like to port a proof that applies `old1`:\n\n```\napply old1.\n```\n\nTo instead apply `new1`:\n\n```\n... apply new1.\n```\n\nTo do this using PUMPKIN, load the file `Example.v` (feel free to use your favorite IDE here instead of `coqtop`):\n\n```\ncoqtop -load-vernac-source plugin/coq/Example.v\n```\n\nNext, import the plugin:\n\n```\nRequire Import Patcher.Patch.\n```\n\nInvoke the plugin to produce a patch:\n\n```\nPatch Proof old1 new1 as patch.\n```\n\nThis defines a term `patch`. Let's check the type of `patch`:\n\n```\nCheck patch.\n```\nThis should produce this output:\n\n```\npatch\n  : forall n m p : nat, n \u003c= m -\u003e m \u003c= p -\u003e n \u003c= p -\u003e n \u003c= p + 1\n```\n\nIn other words, `patch` is a function that takes the conclusion of `new1` back to the conclusion of `old1`. \nThen anywhere we have a proof that applies `old1`:\n\n```\napply old1.\n```\n\nWe can use `patch` to port this proof to use `new1` instead:\n\n```\napply patch. apply new1.\n```\n\n### Tactic Interface\n\nWithin a proof, you can run the tactic:\n\n```\npatch old new as h.\n```\n\nto add a new hypothesis `h` to your proof state. This has the same functionality as the command version for\nnow, but will eventually suggest new tactics directly. \n\n### Applying Patches\n\nOne thing that you'll notice is that in the example above, we applied this patch by hand.\nFor now, PUMPKIN does not automatically apply patches that it finds. We are working on a better user experience.\n\nIn the meantime, we suggest adding patches to a hint database. For example, instead of writing this:\n\n```\napply patch. apply new1.\n```\n\nYou can instead add `patch` to your hints:\n\n```\nHint Resolve patch.\n```\n\nYou can then port your proof to use ```new1``` with no additional changes:\n\n```\napply new1.\n```\n\n### Git Integration\n\nThe [PUMPKIN-git](http://github.com/uwplse/PUMPKIN-git) interface searches for patches across\nGit revisions. It also automatically removes the reference to the old definition.\nPlease see the repository for more details.\n\n### Pattern Matching and Fixpoints\n\nBy default, PUMPKIN has very limited support for proofs that use pattern matching and fixpoints.\nHowever, the `Preprocess` command by Nate Yazdani automatically converts simple pattern matching and fixpoints\ninto induction principles, which PUMPKIN does support. You can `Preprocess` individual proofs:\n\n```\nPreprocess old as old'.\nPreprocess new as new'.\nPatch Proof old' new' as patch.\n```\n\nOr you can preprocess entire modules:\n\n```\nPreprocess Module Old as Old'.\nPreprocess Module New as New'.\nPatch Proof Old'.old New'.new as patch.\n```\n\nSee [Preprocess.v](/plugin/coq/Preprocess.v) and [PreprocessModule.v](/plugin/coq/PreprocessModule.v) for examples\nof how to use these commands. There are also proofs in [Regress.v](/plugin/coq/Regress.v) and [IntegersNew.v](/plugin/coq/IntegersNew.v) \nthat demonstrate its use with `Patch Proof`.\nThis command is available as a [standalone plugin](https://github.com/uwplse/fix-to-elim) as well, if you are interested.\n\n### Cutting Lemmas\n\nFor some kinds of proofs, PUMPKIN needs extra guidance to search for a patch.\nThe hope is that this will eventually be unecessary, but for now, it is a way to work around\nlimitations in the tool.\n\nYou can provide this guidance by cutting a lemma. For example, consider the proofs of `bin_to_nat_pres_incr` in [Induction.v](https://github.com/uwplse/PUMPKIN-PATCH/blob/master/plugin/coq/Induction.v). These proofs each \ncontain proofs of inline lemmas:\n\n```\nassert (H : forall a :nat, S (a + S (a + 0)) = S (S (a + (a + 0)))).\n```\n\n```\nassert (H : forall a :nat, S (a + S a) = S (S (a + a))).\n```\n\nPUMPKIN cannot yet automatically determine that the patch between the versions of `bin_to_nat` referenced\nby each `bin_to_nat_pres_incr` is in the difference of this inline lemma.\nHowever, we can guide it there:\n\n```\nDefinition cut :=\n  forall (a : nat),\n    S (a + S a) = S (S (a + a)) -\u003e\n    S (a + S (a + 0)) = S (S (a + (a + 0))).\n    \nPatch Proof blindfs_induction.bin_to_nat_pres_incr bin_to_nat_pres_incr cut by (fun (H : cut) b0 =\u003e H (bin_to_nat b0)) as patch.\n```\n\nThe interface for this is a little tricky; we plan to improve this significantly, since it is a useful way to work\naround limitations.\n\n### Support \u0026 Limitations\n\nPUMPKIN is a research prototype, and so it is currently limited in the \nkinds of proofs and changes it supports. PUMPKIN is best equipped to handle changes in conclusions of inductive proofs.\nIt has introductory support for changes in hypotheses.\nIt also supports certain changes in definitions (for example, changes in a constructors\nof an inductive type that a proof inducts over, or changes in a case of a fixpoint that a theorem applies),\nand some other styles of proofs (for example, simple applicative proofs, or\nproofs that apply constructors).\n\nWith the help of [DEVOID](https://github.com/uwplse/ornamental-search), PUMPKIN \ncan also handle certain changes from unindexed types to indexed versions.\nPlease see the DEVOID repository for more of those examples.\n\nPUMPKIN does not yet support adding new hypotheses,\nadding constructors to an inductive type, or adding cases to a fixpoint.\nPUMPKIN has very limited support for proofs using logic specific to decidable domains\n(such as proofs that use `omega`) and nested induction.\nSupporting all of these features is on our roadmap.\n\nFor now, if PUMPKIN fails to find a patch, it's likely due to features that are not yet implemented.\nIn any case, if you encounter any error or failure, please cut an issue with a reproducable example, since we can\ndetermine whether the error is a bug or an unimplemented feature, and use it as an eventual test case.\nWith that in mind, we are a small research team, so it may take time to implement all of these features.\nIf you would like to contribute directly to the plugin, feel free to cut a pull request.\n\n## Bonus Functionality\n\n### Refactoring\n\nRight now, there is support for one simple refactoring using the\n`Replace Convertible` command. Just write:\n\n```\nReplace Convertible t in ugly as pretty.\n```\n\nThis will replace all subterms of `ugly` that are convertible to `t` with `t` itself,\nand define it as a new term `pretty`. \n\nYou can also do this over an entire module `Ugly` to get a new module `Pretty`:\n\n```\nReplace Convertible Module t in Ugly as Pretty.\n```\n\nIf you'd like, you can also pass in multiple terms to replace (left to right):\n\n```\nReplace Convertible t1 t2 t3 in ugly as pretty.\nReplace Convertible Module t1 t2 t3 in Ugly as Pretty.\n```\n\nWork is in progress for a better interface for this, and for commands that \ndo this over multiple files. Please cut an issue if you have any ideas\nfor the ideal interface!\n\nSee [Replace.v](/plugin/coq/Replace.v) for examples.\n\nOne note on this: Even stating what it means for a renaming operation in Coq to be correct requires extremely\ndeep type theory due to the way that equality works, for example over inductive types.\nThis is both cool and sad for users. There is WIP on supporting this.\n\n### Proof Optimization\n\nProof patching can be used to optimize proofs as well. Optimization removes extra induction\nand fixpoints (for fixpoints, you need to run `Preprocess` first). You can run this command\nby running:\n\n```\nOptimize Proof Term slow as fast.\n```\n\nThere are some examples of this [here](/plugin/coq/Optimization.v). Note that `Optimize Proof Term` is implemented\non top of `Patch Proof`, and so will face the same limitations.\n\n### Core Components as Commands\n\nThe core of PUMPKIN is a set of five core components. We expose four of those components as commands:\n\n1. `Invert trm as id`: given `trm : ... -\u003e T1 -\u003e T2`, search for an inverse term `id : ... -\u003e T2 -\u003e T1`\n2. `Specialize (fun args =\u003e f args) as id)`: apply `f` to `args`, reduce the result, and define this as `id`\n3. `Abstract trm to typ as id`: abstract `trm` to a term `id : typ`\n4. `Factor trm using prefix id`: given `trm : T1 -\u003e Tn`, search for factors `id_1: T1 -\u003e T2`, ... , `id_n-1: Tn-1 -\u003e Tn`\n\n### Theorem Patching\n\nThere is also an experimental theorem patching command:\n\n```\nPatch Theorem oldT1 newT1 oldT2 as newT2.\n```\n\nThis essentially does dependent substitution of `oldT1` with `newT1` inside of `oldT2`, then defines the result as `newT2`.\nSupport for this is very preliminary. You can find some examples [here](/plugin/coq/Theorem.v).\n\n## Examples\n\nThere are some example proofs to help you get started using PUMPKIN.\nYou can find these in the [coq](/plugin/coq) directory.\nYou can load them using `coqc`, `coqtop`, or your favorite IDE.\n\nThe relevant examples are as follows:\n1. [Example.v](/plugin/coq/Example.v) and [Regress.v](/plugin/coq/Regress.v): Simple changes in conclusions of inductive proofs\n2. [Reverse.v](/plugin/coq/Regress.v): Isomorphic changes in conclusions of inductive proofs\n3. [Cex.v](/plugin/coq/Cex.v): Example of the proof from Section 3 of the paper for which the footnote does not hold\n4. [IntegersOld.v](/plugin/coq/IntegersOld.v) and [IntegersNew.v](/plugin/coq/IntegersNew.v): Case study from Section 4.1 of the paper\n5. [Inductive.v](/plugin/coq/Inductive.v): Case study from Section 4.2 of the paper\n6. [divide.v](/plugin/coq/divide.v): Case study from Section 4.3 of the paper\n7. [Variants.v](/plugin/coq/Variants.v): Patch Generation Suite from Section 6 of the paper\n8. [Abstract.v](/plugin/coq/Abstract.v): Example of using the abstraction command\n9. [Theorem.v](/plugin/coq/Theorem.v): Example fo the experimental theorem patching command\n10. [Hypotheses.v](/plugin/coq/Hypotheses.v): Very simple changes in hypotheses.\n\n# PUMPKIN PATCH for Developers\n\nWe welcome contributors! Especially those willing to help us\nwith build tools, continuous integration, updating Coq versions,\ndocumentation, and other infrastructure.\n\nIn addition, we have included some useful infrastructure for plugin\ndevelopers more broadly.\n\n## Contributing\n\nIf you've never written a Coq plugin before, you might want to check out\nthe [plugin tutorials](https://github.com/coq/coq/tree/master/doc/plugin_tutorial)\nin the main Coq repository.\n\nTo get an idea of how the code is structured, I highly recommend reading Section 5 of the paper\nand following along in the code. The entry-point to the code is [patcher.ml4](/plugin/src/patcher.ml4). \nYou can add new commands there. You can also extend the patch finding procedure or see what it calls out to and modify that.\nThere is a useful debugging function in [differencing.ml](/plugin/src/core/components/differencing/differencing.ml);\nif you are modifying the tool, you may want to use it.\n\nMinor note: .ml4 files don't appear to work with a lot of emacs OCaml plugins.\nYou can run tuareg-mode manually on .ml4 files.\n\n## Developer Tools\n\nThis plugin suite includes two useful tools for plugin developers:\n\n* The [fix-to-elim](https://github.com/uwplse/fix-to-elim) plugin for translating fixpoints to inductive proofs\n* The [coq-plugin-lib](https://github.com/uwplse/coq-plugin-lib) library for plugin development\n\n# Contributors\n\nThis plugin is maintained by Talia Ringer with help from Nate Yazdani and RanDair Porter.\nJohn Leo and Dan Grossman have made conceptual contributions.\n\nThe following community members have also contributed to the code:\n1. Emilio Jesús Gallego Arias\n2. Your name here!\n\n# Licensing\n\nWe use the MIT license because we think that Coq plugins are allowed to do so.\nIf this is incorrect, please let us know kindly so we can fix it.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fuwplse%2Fpumpkin-patch","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fuwplse%2Fpumpkin-patch","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fuwplse%2Fpumpkin-patch/lists"}