coq-club AT inria.fr

Subject: The Coq mailing list

List archive

Re: [Coq-Club] proving a lemma in a proof

From: Andrew Appel <appel AT cs.princeton.edu>
To: coq-club <coq-club AT inria.fr>
Subject: Re: [Coq-Club] proving a lemma in a proof
Date: Tue, 22 Jan 2019 09:27:46 -0500 (EST)
Authentication-results: mail3-smtp-sop.national.inria.fr; spf=None smtp.pra=appel AT cs.princeton.edu; spf=Pass smtp.mailfrom=appel AT cs.princeton.edu; spf=None smtp.helo=postmaster AT greenlight.cs.princeton.edu
Ironport-phdr: 9a23:ZS8dNR8BGNkErf9uRHKM819IXTAuvvDOBiVQ1KB42uocTK2v8tzYMVDF4r011RmVBdWds6oMotGVmpioYXYH75eFvSJKW713fDhBt/8rmRc9CtWOE0zxIa2iRSU7GMNfSA0tpCnjYgBaF8nkelLdvGC54yIMFRXjLwp1Ifn+FpLPg8it2O2+557ebx9UiDahfLh/MAi4oQLNu8cMnIBsMLwxyhzHontJf+RZ22ZlLk+Nkhj/+8m94odt/zxftPw9+cFAV776f7kjQrxDEDsmKWE169b1uhTFUACC+2ETUmQSkhpPHgjF8BT3VYr/vyfmquZw3jSRMMvrRr42RDui9b9mRhHohikZNDA28m/XhNF/g61HoRKvoAB/zpXOb42JKPVzZLnQcc8YSGdHQ81fVzZBAoS5b4YXE+cBO/tXr5PjqFoAsBCzGRGsBPvxxT9Mm3T72rc10/w5EQ7Y2AwtBM4BsG/OoNXtLqcSUOa1w7XWwjXfaPNW3y3x55bVfRA8uPyBW697f8nJyUQ3Cg/JkFadpZb4Mz+IyOgBqXWX4uRhWO61iWMrtRl9riWxysovkIXFm58Zxk7e+Sh9wIs5P9+1RFNjbdK5DpddtDuWO5ZrTs88WW1kpSg3x78ctZO0YSQHzoksyQTFZPydaYeI5wruVOaPLjd8g3JoYL2/hwys/ke+zO38Usi00FlKripZiNXDqmsN2wbL6sidS/t9+Fuu1iiT1wDU7OFIO147mrfGK5I5w74wkIQcsVjbEyPrhkn7j7Waelg59uS28ejrf7vrq56GO4J2lA3yKqEulda+AeQ8PAgORW+b+eGk2bL55U35WKtFjvktn6bFq5DWP9wbprS4Aw9Tzoks9Qq/DzCg0NgCg3YIMU9FdAqdj4f1I1HOPOz4DfCnjluwlzdr3unKMaHlApXQNXfOi6zhfLZ4605E0gU/19Ff55ROCrEAOv3/QEHxtMaLRiM+Zgez2qPsDMh3ntcVXnvKCauEOovTt0WJ76QhOb/fSpUSvWPULfQ/6uGmpGchlFtVKaCxxZYTQHujWOx8IkOSbGbrhJEMHXpc7Vl2d/DjlFDXCW0bXH21Ra9pvmhqWrLjNp/KQ8WWuJLE2S66GpNMYWUfWgKHCjHwbYSCUPoQbyTUL8N8wGVdCeqRDrQ53BTrjzfUjqJ9J7OEqCYD84r51d5+6vHUk1c/+SEmV53AgVHIdHl9myYzfxFz3K17phYsmFiZ3KV+h/1XFcAV7OgPSh07M5XR0+t8Td3+R1CZcw==

I strongly agree with Adam.

Nested lemmas are very useful during proof development.

Then we often clean up our proof scripts so that you don't see nested lemmas in our published proofs.

Please do not remove nested lemmas from Coq.

-- Andrew Appel

From: "Adam Chlipala" <adamc AT csail.mit.edu>
To: "coq-club" <coq-club AT inria.fr>
Sent: Tuesday, January 22, 2019 9:18:32 AM
Subject: Re: [Coq-Club] proving a lemma in a proof

It's certainly the Coq developers' prerogative to focus maintenance
effort in the way you set out, but to those of us doing serious program
verification, where nested lemmas so far seem like an indispensable
feature to avoid having to replay costly proof scripts, your position
comes across frustratingly close to "the Coq developers have decided to
prioritize pure-math applications over verification of realistic
systems." The latter category probably musters significantly more
funding in the world today, so there is a real danger of a decision at
some point to fork a version oriented toward system verification, which,
after some growing pains, could easily wind up with significantly more
engineering effort devoted and, after a few years, effectively replace
the original Coq version and in some sense remove effective ownership of
the system from Inria.

That doesn't sound like such a nice scenario, so I just wanted to
emphasize the danger here. Coq is already being used for several
industrial applications, and the Coq team sometimes comes across as
stuck in the 20th-century world where it was quite hypothetical that
there would be real commercial users whose processes could be ruined by
e.g. ceasing to maintain the nested-lemma feature.

On 1/22/19 2:47 AM, Théo Zimmermann wrote:
> Sorry to insist but the simplest answer to this question is: use a
> proper interface which will allow you to state your lemma and prove it
> outside (above) your current proof. Nested lemmas are a feature whose
> use is strongly discouraged. Some users insist they need it (in
> particular during computation heavy proofs) and that's the only reason
> the feature has not been removed but the Coq developers are not
> interested in fixing bugs it may have...

[Coq-Club] proving a lemma in a proof, Jeremy Dawson, 01/22/2019
- Re: [Coq-Club] proving a lemma in a proof, Théo Zimmermann, 01/22/2019
  - Re: [Coq-Club] proving a lemma in a proof, Adam Chlipala, 01/22/2019
    - Re: [Coq-Club] proving a lemma in a proof, Andrew Appel, 01/22/2019
    - Re: [Coq-Club] proving a lemma in a proof, Maxime Dénès, 01/22/2019
      - Re: [Coq-Club] proving a lemma in a proof, Jim Fehrle, 01/22/2019
      - RE: [Coq-Club] proving a lemma in a proof, Soegtrop, Michael, 01/23/2019
        
        Re: [Coq-Club] proving a lemma in a proof, Gaëtan Gilbert, 01/23/2019
        
        RE: [Coq-Club] proving a lemma in a proof, Soegtrop, Michael, 01/23/2019
        
        Re: [Coq-Club] proving a lemma in a proof, Enrico Tassi, 01/24/2019
        Re: [Coq-Club] proving a lemma in a proof, Jan Bessai, 01/24/2019
        Re: [Coq-Club] proving a lemma in a proof, Enrico Tassi, 01/25/2019
        
        Re: [Coq-Club] proving a lemma in a proof, Adam Chlipala, 01/24/2019
        
        RE: [Coq-Club] proving a lemma in a proof, Soegtrop, Michael, 01/25/2019