coq-club AT inria.fr

Subject: The Coq mailing list

List archive

Re: [Coq-Club] Mixing [Program Definition] and some [Monad] type leads to impossible [Obligation]

From: Matthieu Sozeau <mattam AT mattam.org>
To: "coq-club AT inria.fr" <coq-club AT inria.fr>
Subject: Re: [Coq-Club] Mixing [Program Definition] and some [Monad] type leads to impossible [Obligation]
Date: Tue, 21 Mar 2017 13:58:29 +0000
Authentication-results: mail3-smtp-sop.national.inria.fr; spf=None smtp.pra=mattam AT mattam.org; spf=Pass smtp.mailfrom=matthieu.sozeau AT gmail.com; spf=None smtp.helo=postmaster AT mail-vk0-f49.google.com
Ironport-phdr: 9a23:SV6cIBX6Kz7E1T6mPsbrR/YlsY3V8LGtZVwlr6E/grcLSJyIuqrYYxeDt8tkgFKBZ4jH8fUM07OQ6PG9HzJRqsvR+Fk5M7V0HycfjssXmwFySOWkMmbcaMDQUiohAc5ZX0Vk9XzoeWJcGcL5ekGA6ibqtW1aFRrwLxd6KfroEYDOkcu3y/qy+5rOaAlUmTaxe71/IRG2oAnLt8QbhYRuJ6YyxxDUvnZGZuNayH9yK1mOhRj8/MCw/JBi8yRUpf0s8tNLXLv5caolU7FWFSwqPG8p6sLlsxnDVhaP6WAHUmoKiBpIAhPK4w/8U5zsryb1rOt92C2dPc3rUbA5XCmp4ql3RBP0jioMKjg0+3zVhMNtlqJWuB2upxJ9zIDUbo+bN+dwcL3Bct4BX2VNQtxcWjZdDo+gbYYCCfcKM+ZCr4n6olsDtRywChOwBOPzyj9Ih2H53bAn2Oo8FgHH3RIvEMgTsH/Jq9j1Mb0dUfypzKbSyDXOdPZW1i3h6IjUaB8hpOuAXbVqccre0EQiER7OgFaIqYH9IT+ZyuAAv3KY4udgT+6jlXMrpg9rrjWgwsohjJTCiJgPxVDe7yp5xZ44Jd2mR05/Zt6pCJ5QuDubN4tyW88iXWJotDojxr0ItpO2eDIGyJsgxx7YZPyHd5aH7gj/W+aWJDd0nHNleLShiBau6UWs1PHwW82u3FtJridJiMfAum0D2hDJ5cWKTuNx/kK71jaO0wDT5PtEIUcxlafDLp4u2KIwloYTsUTCACD2hV/6jLSRdkQl5Oen8fnnb67ppp+ZLYB0iwX+Pr4ylcy4BOQ0KhIOUHSD+eSgyL3j+lX0T6lNjv0vi6XWrJTaJdkAqaOiGA9U0oMj6w6lADu80dQYm2MHLFNfdx6dgYjpIQKGHPetR/y4mhGnlCph7/HAJLzoRJvXZDCXm7D4OL159kR0yQwpzNkZ6YgCWZ8bJ/emf0btqNzZAwJxCAumzu/6QIF4358CUGenB6aFLKrX91iS6bR8cKG3eIYJtWOleLAe7Pn0gCphlA==

Hi,

this is more of a conceptual issue with monads, you'd have to give a dependent type to the bind construct to show how foo produces "smaller" values that you can use to recurse on in bar (I don't claim to know how to do this in general :). Similarly, you can annotate your lambda abstraction to carry the logical information about [i] that you need:

Program Fixpoint recurse (n : nat) { measure n } : unit :=

match n with

| S n' => (fun (i : nat | i <= n') => recurse i) n'

| O => tt

end.

Next Obligation.

auto with arith.

Defined.

Hope this helps,

-- Matthieu

On Fri, Mar 17, 2017 at 10:54 AM Valentin Robert <valentin.robert.42 AT gmail.com> wrote:

Hello,

In trying to define a non-structurally recursive monadic function, I came upon the realization that [Program Fixpoint] is unable to propagate values through immediately-applied lambdas.

Here is a small example that illustrates the issue:

Program Fixpoint recurse (n : nat) { measure n } : unit :=
match n with
| S n' => (fun i => recurse i) n'
| O => tt
end.
Next Obligation.
(* Problem: Coq did not realize that i was n' *)

It seems that in this case, [Fixpoint] is actually smarter, as the following is accepted;

Fixpoint recurse' (n : nat) { struct n } : unit :=
match n with
| S n' => (fun i => recurse' i) n'
| O => tt
end.

Is there a way to have the same power in [Program Fixpoint]? Since monadic code unfolds to (foo >>= (fun x => bar)), it's impossible to prove that recursive calls are safe because the provenance of values is lost in the function application.

- Valentin

[Coq-Club] Mixing [Program Definition] and some [Monad] type leads to impossible [Obligation], Valentin Robert, 03/16/2017
- Re: [Coq-Club] Mixing [Program Definition] and some [Monad] type leads to impossible [Obligation], Matthieu Sozeau, 03/21/2017