Re-defining undone defpkgs
ACL2 imposes the following restriction on redefining packages.
Note that for the notion of a package definition being “undone”,
the undoing might have been by use of
Suppose(defpkg "pkg" imports) has been evaluated successfully and then has been undone. Then any future attempt in the same session to define"pkg" as a package must specify an identical imports list.
We will see below that the restriction above is necessary for avoiding unsoundness. But first consider the following simple example, which shows that the package doesn't entirely disappear when undone.
ACL2 !>(defpkg "FOO" nil) Summary Form: ( DEFPKG "FOO" ...) Rules: NIL Time: 0.00 seconds (prove: 0.00, print: 0.00, other: 0.00) "FOO" ACL2 !>(assign x 'foo::a) FOO::A ACL2 !>(u) ; undoes the defpkg event 0:x(EXIT-BOOT-STRAP-MODE) ACL2 !>(@ x) FOO::A ACL2 !>(eq (@ x) 'acl2::a) NIL ACL2 !>
Suppose that (without the restriction) the package
A more important reason for the restriction is that it prevents unsoundness. Consider the following two books.
;;; book1.lisp ;;; Portcullis command: (defpkg "FOO" '()) (in-package "ACL2") (defthm thm1 (equal (symbol-package-name (intern$ "A" "FOO")) "FOO")) ;;;;;; ;;; book2.lisp ;;; Portcullis command: (defpkg "FOO" '(a)) (in-package "ACL2") (defthm thm2 (equal (symbol-package-name (intern$ "A" "FOO")) "ACL2"))
After each of these two books is certifiable in a (separate) fresh ACL2 session, consider the following two events.
(encapsulate () (local (include-book "book1")) (defthm thm1 (equal (symbol-package-name (intern$ "A" "FOO")) "FOO"))) (encapsulate () (local (include-book "book2")) (defthm thm1 (equal (symbol-package-name (intern$ "A" "FOO")) "ACL2")))
Each is accepted in a separate, fresh ACL2 session. But if we could admit
the first and then the second in the same session, we could of course prove
ACL2 Error in ACL2-INTERFACE: We cannot reincarnate the package "FOO" because it was previously defined with a different list of imported symbols.
A final reason for the restriction stems from the reinstallation of saved
logical worlds, as in error recovery and the
The restriction on redefining packages is based on the following part of the logical foundation of ACL2.
Logical Persistence of Packages.
When a package is introduced by defpkg in an ACL2 session, its definition is considered to persist logically even if that defpkg event is undone.
That principle certainly rules out the new definition of an undone package with different imports. It also explains why package definitions from locally included books are included in a book's portcullis commands; see hidden-defpkg. Note that this is a logical principle; if you undo a defpkg event, then ACL2 will prevent you from referencing that package explicitly unless you first reintroduce it — with the same imports, because of the restriction.