coq-club AT inria.fr

Subject: The Coq mailing list

List archive

RE: [Coq-Club] proving a lemma in a proof

From: "Soegtrop, Michael" <michael.soegtrop AT intel.com>
To: "coq-club AT inria.fr" <coq-club AT inria.fr>
Subject: RE: [Coq-Club] proving a lemma in a proof
Date: Fri, 25 Jan 2019 08:24:45 +0000
Accept-language: de-DE, en-US
Authentication-results: mail2-smtp-roc.national.inria.fr; spf=None smtp.pra=michael.soegtrop AT intel.com; spf=Pass smtp.mailfrom=michael.soegtrop AT intel.com; spf=None smtp.helo=postmaster AT mga17.intel.com
Dlp-product: dlpe-windows
Dlp-reaction: no-action
Dlp-version: 11.0.400.15
Ironport-phdr: 9a23:Cdeq6x/WLXq6tP9uRHKM819IXTAuvvDOBiVQ1KB31+wcTK2v8tzYMVDF4r011RmVBdWds6oMotGVmpioYXYH75eFvSJKW713fDhBt/8rmRc9CtWOE0zxIa2iRSU7GMNfSA0tpCnjYgBaF8nkelLdvGC54yIMFRXjLwp1Ifn+FpLPg8it2O2+557ebx9UiDahfLh/MAi4oQLNu8cMnIBsMLwxyhzHontJf+RZ22ZlLk+Nkhj/+8m94odt/zxftPw9+cFAV776f7kjQrxDEDsmKWE169b1uhTFUACC+2ETUmQSkhpPHgjF8BT3VYr/vyfmquZw3jSRMMvrRr42RDui9b9mRh/2hikaKz43/mLZisJyg6JavB2uqBNxzpXIYI6OMPdyYr/Rcc8YSGdHQ81fVzZBAoS5b4YXAeYPIOFYoJfyp1sStxu+AhGsCPvywTFPh3/5wa063P4/HgHC0gArAtUDsHHVrNrpNKcdS/66zK3SwTXYaPNZxzj96JTSchAmufGBRrNwcczNyUYxEwPJlEmfqYvgPz6M0OkGrmaV7+1lVe21im4nrRl8ojmpxscwlIbJgpgZxU3a+ih/3Y07JsW4RVZmbdOgDpdcrSGXOotsTs4iXW1kojs2x70btZKjYSQHyZoqywTRZvGJaYSE/BzuWeKLLTtlh39pZKqziwuz/EWk0OHwSMm53VlQoiZbiNXBt3AA2hrO4cadUPR95F2u2TOX2gDT9O5EJUc0mLLeK54u2LE8i5gevV7CHi/whEX5kquWel849eiv7uTrerTmppmCOI9okgzyL6AjltKlDek4MgUCRWiW9fqm2LH+/UD1Xa1GjvgsnanYtJDaK94bpqm8AwJN14Yj6gqwDze839sGmXkLNklFeBWZgIjmJ1HOOvf4De+kjlStljdr2+7JPrn7DprRKXjDla/tfaxh5E5E1Aoz0ddf6opIBbEGOfL/Q1P+tNjFDhAiKAG02ObmCNBl1owEQ26PA6mZMLnTsVCS/O4vLfOMN8cpv2O3IP88ovXqkHURmFkHfKDv04FdICSzGe0jKEGEa1LthM0AGCEEpFxtYvbtjQjIajleaGqoWLp4rhQ6A4KvAIOJDtSogbeB1Sq/WIZRa29aEFeUOXbua4iAHfwLbXTBcYdajjUYWO35GMca3ha0uVqikus1Hq/v4iQd8Knb+p1w7uzXmws18GUtXcWbz2yJCWpzmzFRHmNk7OVEuUV4j2y7/+1gmfUBTI5S4e9EVkExMpuOl7UnWeC3YRrIe5KycHjjQtiiBmhuHNc+yoZRJUd7B9imyBvE2njyDg==

Dear Enrico, Pierre,

thanks for the detailed explanations! @Enrico: sorry for my bad memory - I
had to get too much new stuff into my brains recently.

I can imagine that there are complicated cases and that in full generality it
is indeed difficult. But I wonder if instead of trying to solve this in full
generality, it wouldn't be a possibility to simply disallow such cases. E.g.
the case you detailed below (hiding a library lemma by a nested lemma and
using both in the outer lemma) I wouldn't expect to work and I don't see
useful applications for this. I would even prefer an error, when I
accidentally would try to do this, since the proof wouldn't work anymore if I
move the nested lemma out.

Can't we say: "A nested lemma is only supported if it's effect is
indistinguishable from the same lemma in front of the outer lemma"? I
wouldn’t have a problem with defining the semantics of a nested lemma like
this. In case the meaning of the outer proof is different with the nested
lemma nested and with the nested lemma in front of the proof, it is an error
(or if it has to be undefined behavior).

Would this simplify the situation?

Best regards,

Michael
Intel Deutschland GmbH
Registered Address: Am Campeon 10-12, 85579 Neubiberg, Germany
Tel: +49 89 99 8853-0, www.intel.de
Managing Directors: Christin Eisenschmid
Chairperson of the Supervisory Board: Nicole Lau
Registered Office: Munich
Commercial Register: Amtsgericht Muenchen HRB 186928

Re: [Coq-Club] proving a lemma in a proof, (continued)