Kernel tries to reduce WF definitions #2171
Comments
For some reason, I've never realized this. I've always thought the proofs in well-founded definitions need to reduce, which is infeasible if we had to ensure that for all proofs. But this is of course not the case. The only proof that needs to reduce here is the proof that the relation is well-founded. And for natural numbers this is just induction. |
|
Just stumbled on this due to a support question. The self-contained #mwe here was def f (x0 : Nat) : Nat :=
if h : x0 = 0 then
1
else
4 + f (x0 - 1)
termination_by x0
decreasing_by simp_wf; omega
example : f 10000 = id f (id 10000) := rfl -- deep recusion
example : id f 10000 = id f (id 10000) := rfl -- fine
example : f 10000 + 0 = f (id 10000) + 0 := rfl -- deep recursion
example : f 10000 = f (id 10000) := rfl -- fineAnd as Gabriel pointed out: It may be better if the Is there a good an easy way to make a proof term not reduce? I played around with the identity function as an axiom dontReduce {α : Prop} : α → α
def NNat := Nat
instance NNat.lt_wfRel : WellFoundedRelation NNat where
rel := fun x y => Nat.lt x y
wf := dontReduce Nat.lt_wfRel.2
def NNat.ofNat : Nat → NNat := fun x => x
def g (x0 : Nat) : Nat :=
if h : x0 = 0 then
1
else
4 + g (x0 - 1)
termination_by NNat.ofNat x0
decreasing_by simp_wf; unfold NNat.ofNat; omega
example : g 10000 = id g (id 10000) := rfl
example : id g 10000 = id g (id 10000) := rfl
example : g 10000 + 0 = g (id 10000) + 0 := rfl
example : g 10000 = g (id 10000) := rflCan we define And should that be used in the Or better to wait for the kernel to learn about reducibility flags, and/or the module system? |
|
Ah, of course I can make a reduction blocking theorem dontReduce {P : Prop} (h : P) : P :=
(Classical.em P).elim (fun h' => h') (fun h' => False.elim (h' h))So what if we replaced noncomputable def fix (hwf : WellFounded r) (F : ∀ x, (∀ y, r y x → C y) → C x) (x : α) : C x :=
fixF F x (apply hwf x)with noncomputable def fix (hwf : WellFounded r) (F : ∀ x, (∀ y, r y x → C y) → C x) (x : α) : C x :=
fixF F x (dontReduce (apply hwf x))Would this have the effect that the kernel never reduces well-founded functions, and would that be desirable? We could even make it so that the kernel unfolds once, so that the base cases still work. Will maybe play around with it. |
|
First observations: Yes, using But it closes the A tedious work-around would be to offer a tactic that unfolds Less tedious would be to let the translation of wf rec functions look at the reducibity setting, and if it's |
|
NB: Since #3772 (merged two weeks ago), |
The following theorem fails to type-check in the kernel:
Presumably this happens because we provide a too constructive proof of
Acc (· < ·) 314159, which allows the kernel to unfold the definition 314159 times. (theorized by @digama0)as reported by @thorimur
The text was updated successfully, but these errors were encountered: