coq-club AT inria.fr

Subject: The Coq mailing list

List archive

Re: [Coq-Club] Why is the signature of sqrt R->R ?

From: Joseph Tassarotti <jtassaro AT andrew.cmu.edu>
To: coq-club AT inria.fr
Subject: Re: [Coq-Club] Why is the signature of sqrt R->R ?
Date: Thu, 31 Jan 2019 12:49:22 -0500
Authentication-results: mail3-smtp-sop.national.inria.fr; spf=None smtp.pra=jtassaro AT andrew.cmu.edu; spf=Pass smtp.mailfrom=jtassaro AT andrew.cmu.edu; spf=None smtp.helo=postmaster AT mail-it1-f181.google.com
Ironport-phdr: 9a23:UJNLxR0QInA4GbkRsmDT+DRfVm0co7zxezQtwd8Zse0eK/ad9pjvdHbS+e9qxAeQG9mDu7Qc06L/iOPJYSQ4+5GPsXQPItRndiQuroEopTEmG9OPEkbhLfTnPGQQFcVGU0J5rTngaRAGUMnxaEfPrXKs8DUcBgvwNRZvJuTyB4Xek9m72/q99pHPYAhEniaxba9vJxiqsAvdsdUbj5F/Iagr0BvJpXVIe+VSxWx2IF+Yggjx6MSt8pN96ipco/0u+dJOXqX8ZKQ4UKdXDC86PGAv5c3krgfMQA2S7XYBSGoWkx5IAw/Y7BHmW5r6ryX3uvZh1CScIMb7S60/Vza/4KdxUBLnhykHODw5/m/ZicJ+kbxVrw66qhNl34LZepuYOOZicq7fe94RWGpPXtxWVyxEGo6ya4wPD/EfMuZAr4n2ukUAogGlBQm3Huzv0DhIhmPq3a07zu8sFgPG3BA6ENIVq3Tbts/1NKAJXO+vyqnH0C/DYO1Y2Dvn9IfIdw0hreuSUr1tbMrc0E8iHB7LgFWXrIzqJTKV1uIVvmia6epgT+OvhHQ9pwF/uDij3sYsio/Vho0LzlDI7zh2z5gzKNalS0B7ecapHIVMuyyeLYd7QcMvT3t1tCs7y7AKo4O3cSsXxJkh2hXRceaIc5KS7RLmTOuRISl3hHZieL+ngha960mgyunlWsm1zFZGszNJktfRun0OyhDf8MeHSvx6/keu3TaAyRrf5f1DIUAxjabbKpghzaAslpcLr0jPAiv7lF/1gaKWbEko5+ml5uX9brn7pZKQKpd4igTkPaQvnsy/D/44Mg8LX2WD++S8yKfs/VbiQLpQlP02lbLUv4rcJcsGvK62HQFU3pw/5Ba6EjeqysoXkmQaLF5dYhKIk5DpO03SIPD/Ffqwn1OskC5yy//aOr3hH47CI2PYkLbheLZ981RTxBAyzdBZ/ZJUC6sOLOj9Wk/r55TkCUoyNBXxyOL6Av180JkfUCSBGPy3KqTX5H2P/e83I6GwbZQOsSz6N+Qkr6rskXYiglYHeoGg25cNZW/+FfF7ZUiVfCy/0Z86DW4Ws19mH6TRg1qYXGsLPifgb+cH/jg+TbmeI8LGT4GpjqaG2X7lTJRQanpLFRaHFGqueomZCa5VNHCiZ/R5mzlBboCPDpc73Ejw5gb8x6BqMazf/zBeuJ7+hoAsur/j0Coq/DkxNPyzlmGAS2YuwDENTj4ymaFj+Alzkwfal6d/hPNcGJpY4PYbCgo=

In my opinion, the benefit of making sqrt : R -> R is that you can write down formulas as they would appear on paper without having to insert proofs showing that all the arguments are in the domain. Now, as you say, in general, to apply many lemmas about these functions you're going to have to show that the arguments are in the domain, but at least they don't have to appear in the term. This is especially important when you want to do rewriting involving an _expression_ that occurs as an argument to sqrt. For example, if you had sqrt (x + y) and want to use commutativity of addition to rewrite this to sqrt (y + x), you can do this just with "rewrite". On the other hand, if sqrt took a proof that the argument was >= 0, and we had sqrt Hpf (x + y), where Hpf: (x + y) >= 0, then we can't just rewrite with the usual commutativity rule, because we also need to update the Hpf term to a proof showing that (y + x) >= 0. (Of course this can all be done, but there is a bit more overhead involved.)

As long as the restriction condition on the domain is decidable, you can always define a version that works on unrestricted domain just by first checking if the condition holds, and if it does, supplying the appropriate value, and otherwise returning an arbitrary value. The trick here is that if you can, try to set it up so that the arbitrary value you return will still preserve important properties, so that you can apply lemmas about them without a side condition that the argument is in bounds. This idea is explained quite nicely in section 4.5 of the Coquelicot paper (https://hal.inria.fr/hal-00860648/), where the authors define Lim_seq in such a manner that various equational rules hold even when the limit doesn't exist.

-Joe

On Thu, Jan 31, 2019 at 11:47 AM Soegtrop, Michael <michael.soegtrop AT intel.com> wrote:

Dear Coq Users & Team,

in the last months I started to use the Reals in Coq quite a lot and from my point of view proving stuff with the existing definitions is reasonably straight forward.

Where I started to struggle and question my understanding of the Reals in Coq – which is cause of my education as physicist anyway a bit limited - is when I wanted to write a asin and acos function.

It is fairly easy to define these in the open interval -1 < x < 1 based on atan:

Definition asin_open s := atan(s/sqrt(1-s²)).

Definition acos_open c := PI/2 - asin_open(c).

and it is also easy to prove the most important lemmas, like that these are indeed the inverses of sin and cos.

Now I wanted to define these functions on the closed interval -1 <= x <= 1. This is also rather straight forward, but only if I have the domain restriction as pre condition, while I don’t need -1 < x < 1 as precondition for asin_open above.

Admittedly rather late I started to wonder why the signature of asin as defined above is R->R, although the function is only defined on the closed interval -1..1? This obviously goes back to sqrt also being defined on R->R.

All in all I must say I don’t really understand the domain restrictions for real functions in Coq. Lemmas involving division frequently (but not always) require that the denominator is non zero, but otherwise domain restrictions seem to be rare. Shouldn’t all functions with limited domain require that their arguments are in this domain?

Or is it so that it is not possible to prove anything (interesting) about expressions which contain real valued functions outside of their argument domain? If so I wonder if there is a way to define asin and acos so that they work on the closed interval without requiring a domain condition.

Some insight into the design considerations would be very much appreciated.

Best regards,

Michael

Intel Deutschland GmbH
Registered Address: Am Campeon 10-12, 85579 Neubiberg, Germany
Tel: +49 89 99 8853-0, www.intel.de
Managing Directors: Christin Eisenschmid
Chairperson of the Supervisory Board: Nicole Lau
Registered Office: Munich
Commercial Register: Amtsgericht Muenchen HRB 186928

[Coq-Club] Why is the signature of sqrt R->R ?, Soegtrop, Michael, 01/31/2019
- Re: [Coq-Club] Why is the signature of sqrt R->R ?, Joseph Tassarotti, 01/31/2019