Destruct/induction treat section variables uniformly, fixes #2901 #6826
Conversation
herbelin
added
kind: fix
The fact that clearing Section variables breaks many things is well known. Am I right that this patch does clear section variable more often? |
Yes. |
herbelin
force-pushed
the
master+elim-does-dependent-induction
branch
from
4120002 to
8d8d703
Compare
|
The more systematic clearing breaks lots of stuff! Most of the failing jobs are because of an hypothesis not found anymore. Some errors are a bit different, for instance compcert fails with: Could it be a section variable bug? One thing that would be interesting to check is whether relying on this PR could make the scripts better / simpler or not. I'm afraid that it risks making the scripts more complex instead. I personally was never a fan of the behavior of |
Why don't you like it?
I shall report on a more precise analysis of the failures later on. |
|
I've always thought clearing sections variables was a bad idea™. So I don't understand why it would be good to do it more often. I guess seeing use cases would help understanding why it is important. #2901 doesn't seem convincing to me, because the fix I would have in mind there would be to always refuse to clear or rename section variables. |
|
Sorry, I don't understand neither why you say that it is a bad idea to clear sections variables in general nor how it would solve #2901 which precisely asks that Please explain, because I don't understand what you have in mind. Maybe can you give concrete examples? |
I think I already mentioned this but it can be very confusing to beginners to lose information without really intending to nor realizing it. Moreover the current situation is inconsistent: compare for instance the situation with E.g. in these two cases: Parameters A B : Prop.
Goal (A \/ B) -> False.
intros H.
destruct H as [H | H].
Abort.
Goal (A -> B) -> A -> False.
intros H1 H2.
apply H1 in H2 as H2.
Abort.but not in any of these two cases: Parameters A B : Prop.
Goal (A \/ B) -> False.
intros H.
destruct H as [H1 | H1].
Abort.
Goal (A -> B) -> A -> False.
intros H1 H2.
apply H1 in H2 as H3.
Abort.BTW this should work as well (but it doesn't): Goal (A -> B) -> A -> False.
intros H1 H2.
apply H1 in H2 as H1.FTR here is a real mistake made by many beginners too eager to use Axiom not_not_elim : forall A, ~~A -> A.
Goal forall A, A \/ ~A.
intro. (* Show A \/ ~ A with no hypothesis *)
apply not_not_elim.
intro H.
apply H.
destruct H. (* Loop back to showing A \/ ~ A with no hypothesis *) |
Are you saying you recall none of the previous discussions on that topic? If so, I guess we need to collect such information somewhere easy to find and point to. |
I know the issues with section variables which occur in the body of definitions. I know the issues with section variables occurring in hints and similar other "objects". But I don't see why this makes clearing a section variable bad. If you clear a section variable, of course, you make unavailable everything that depends on it, but as soon as bindings are properly treated, what problems do you see? |
|
Well I see the implementation complexity, but I don't see the use cases. To me it means that the user incorrectly fixed a logical context and later on realizes they want to make it vary. Do you have pointers to actual use cases? |
I believe we do that very commonly. Section S.
Variables n m p : nat.
(* Some lemmas using n, m, or p or a mix of them *)
End S.In such situations, the variables So, if I understand correctly, you'd like that users use sections only for "parametric" contexts, which behave uniformly in the proofs? |
|
That's not what I meant. You can write a |
|
@Zimmi48: I agree that in a pedagogical context, clearing automatically is somehow not low-level enough, and if Coq had a flag say |
|
@maximedenes: Then, your view is that what you see above the But, if so, why to copy it above the |
Btw, I think a "beginner" profile (as in set of options) would be something interesting to consider. Implicit arguments, for example, could qualify as on by default for regular users but off in the beginner profile. I believe there are many other such options. |
I guess you mean initially, at the beginning of the proof. And this is in fact a very good point. I've often heard complaints from users (not just ssr users FTR) working in very large logical contexts, that they didn't want the context to be repeated in the goals. So have it fixed would also fix this problem, because we could simply remove it (with maybe a way to print it on demand, I haven't thought much about it). |
What? No, that is not true. See the example I gave with proving the excluded middle. |
Well, you're right. Or, more precisely, destructing an inductive type is reversible but when the hypothesis is not purely inductive and includes a dependent product or an implication, the additional application step (i.e. the negative step, since it is fashionable to think in term of positive and negative types) is not inversible (unless being classical and in the implication case). At the end the resulting So, this should indeed be clarified, the reversibility argument applies only to a |
Actually, I tried to do this very long time ago, when I was about your age but I had problems with It still can be done now, and my experiment with distinct section contexts and named contexts in the kernel is going into this direction. Typical issues shall continue to be (at least) with |
|
Report on the failures:
No other failures, so not as bad as I thought: total number of failures is suspectingly < 10, with at least a third of them producing the expected behavior (expected = "do the expected |
|
Clear and section variables is a very complicate discussion, I would just like to add a nit: please let's be careful of confusing UI shortcomings [how to properly display large contexts] with real concerns [as to what tactics / automation see]. |
herbelin
force-pushed
the
master+elim-does-dependent-induction
branch
from
8d8d703 to
c7777a9
Compare
herbelin
requested review from
forestjulien,
letouzey,
mattam82,
ppedrot and
silene
as code owners
We built the scheme as a term. In particular, this does not solve the following weaknesses: - side conditions come first, like for destruct - the "_rect" lemmas remain searched by name in the environment, allowing accidental dynamic overloading; the model I propose is to have a table to register the different schemes and a cache to build them by need. It is not clear that we want it always either. For instance, "intuition" now works on a dependent hypothesis of the form "H:A/\B". See the incompatibilities in Reals.
Dependent Propositions Elimination.
It is a bit heavy, but the advantage is that tactics can pass a parameter to induct/destruct/elim to tell if they explicitly want dependent elimination or not, or if they want to let the tactic decide itself.
…duction. This is potentially source of incompatibilities but an option "Section Variables Clearing Compat" allows to recover the former behavior. This is for uniformity.
herbelin
force-pushed
the
master+elim-does-dependent-induction
branch
from
c7777a9 to
bb57588
Compare
SkySkimmer
added
needs: progress
Zimmi48
added
the
needs: rebase
|
What is the likelihood of this PR getting merged? It has currently more colourful labels than the archetypical Holywood general in a Vietnam war movie. |
I'm not good at probabilities but I can at least rebase it and #6833 and update their status. |
|
Given that there was not activity in more than a year, I believe we can safely close this PR. Not necessarily that the changes shouldn't make in into master, but I think that the integration should be more progressive. In particular, given that the handling of section variables is a sensitive matter, we should at the very least agree on a vague mid-to-long-term plan. |
SkySkimmer
changed the title
It seemed there was in #coq/rfcs#51 an agreement on "treating section variables as constants". Is this a good basis to elaborate on? |
|
I think so. |
|
But then, there was the question of the compatibility of the current |
Kind: bug fix / enhancement
Edit: points 2 below moved to #6833 and points 3 and 4 to #6866. However the PR continues to include #6833 and #6866. Title changed to reflect that this is now for discussion about "
destruct/inductiontreating section variables normally".This PR implements 2 uniformization of the behavior of
destructandinductionin unusual cases + 2 improvement about error/warning messages:inductioncleara section hypothesis implicitly dependent in a definition of the sectiondestruct/inductioncannot remove a section hypothesis because it is dependent in a definition of the sectionBoth 1. and 2. introduce incompatibilities.
Unset Section Variables Clearing CompatUnset Dependent Propositions InductionAn example of application of 2. is (Edit: see the corresponding subset of the current PR at PR #6833):
An indirect consequence of 2. is that
intuitionsucceeds more often since it now destructs dependent proposition. I guess we should prevent this impact onintuition(see #6558 and the possibility to use theassert_succeds (clear id)trick mentioned there).An example of 3. is the change of error message in the following case (Edit: see the corresponding subset of the current PR at PR #6866):
An example of 4. is the warning in the following case (Edit: see the corresponding subset of the current PR at PR #6866):
Fixes #7518.