Skip to Content.
Sympa Menu

coq-club - Re: [Coq-Club] That time we proved False in Coq

coq-club AT inria.fr

Subject: The Coq mailing list

List archive

Re: [Coq-Club] That time we proved False in Coq


Chronological Thread 
    < Chronological >      < Thread >
  • From: Mario Carneiro <di.gama AT gmail.com>
  • To: coq-club AT inria.fr
  • Subject: Re: [Coq-Club] That time we proved False in Coq
  • Date: Tue, 28 Dec 2021 22:10:58 -0500
  • Authentication-results: mail3-smtp-sop.national.inria.fr; spf=None smtp.pra=di.gama AT gmail.com; spf=Pass smtp.mailfrom=di.gama AT gmail.com; spf=None smtp.helo=postmaster AT mail-qk1-f175.google.com
  • Ironport-data: A9a23:lsnx3aP3ivoja1XvrR3FlsFynXyQoLVcMsFnjC/WdQfv1T9z1TAGzGQZUG2HP6zbYzf8eYtyOo23/UwC75+Ev4NqS1BcGVNFHysb85KdbTi6Bh6tZH3KdpWroHqKXqzyU/GYRCwPZiKa9kfF3oTJ9yEmjPjSHOukUYYoBwgoLeNaYHd54f5cs7Vh6mJYqYDR7zKl4bsekeWHULOW82Ic3lYv1k62gEgHUMIeF98vlgdWifhj5DcynpSOZX4VDfnZw3DQGuG4EgMmLtsvwo1V/kuBl/ssItask7K+a05TB7CLYlXIhX1RVKyvxBNFo0Te0I5hbKtaORoR0W/T2Ykulb2htrToIestFqHN3usUVhBwHCR3PKkA87jCSZS6mZXKkBaYKiGEL/JGVRlqZ+X04N1fCmZXsPccNToldQGGn+vwwbShS+AqiN5LESVBFJdH7ysmkiWAWK5gGYSZFv2Mv44JhSNr05gIQOKBMuMHTRFqSDjARzxGHGsNLKw/ufPx3iyhN2JMwL6Oja8+4myW1Q8olba0b4eTdduNSsFY2E2fowr7E63CKklyHLSiJfCtqxpAR9MjnB8XnKoXHby8s+dp2RidnzNOThIRUlS/rL+yjUvWtxd3Q6AL0nJGkETw3BXDohrBs9mQr3uNvxpaUN1VewH/wB/Y0bLaum51GUBdJgOsq7UaWAseSjkj11vPlNTsbdCqmNV5VlrFnoqpQfiO1eT54IPMieLojefI3jU7nLwOsw==
  • Ironport-hdrordr: A9a23:DTciyKmsD/G0ozWvSvAy6lPuk/XpDfIV3DAbv31ZSRFFG/Fw9vre5cjzsCWftN9/YgBEpTntAtjjfZqYz+8X3WBzB9aftWvdyQ+VxehZhOOI/9SjIU3DH4VmpMBdmsZFebvN5JtB4foSIjPULz/t+ra6GWmT69vj8w==
  • Ironport-phdr: A9a23:TqVX9RMULde0eQWxosIl6nbYDRdPi9zP1u491JMrhvp0f7i5+Ny6ZQqDv6wr1QWRFtiAo9t/yMPu+5j6XmIB5ZvT+FsjS7drEyE/tMMNggY7C9SEA0CoZNTjbig9AdgQHAQ9pyLzPkdaAtvxaEPPqXOu8zESBg//NQ1oLejpB4Lelcu62/6v95HJfglEmiaxbbxyIRi4sA7cqtQYjYx+J6gr1xDHuGFIe+NYxWNpIVKcgRPx7dqu8ZBg7ipdpesv+9ZPXqvmcas4S6dYDCk9PGAu+MLrrxjDQhCR6XYaT24bjwBHAwnB7BH9Q5fxri73vfdz1SWGIcH7S60/VjO/4ad2Ux/okDkIOCIl8G/ZjcxwibhUoBOnpxdix4LZb4WYOP94c6jAf90VWHBBU95eWCxPAIyyb4UBAekcM+hGs4bwvEEBoQekCAS2GO/j1j1Fi3nr1qM6yeQhFgTG0RQnEd0UqnTUrdL1P7oMXO+v1qnIyyvMb/JM2Tf69YPFdQ0uofCWUbJ/a8XRzFMgGhjKjlWVs4PlPjeV2v4RvGic6uptTOSigHMopA9tuDag3NssipXXiYIPzFDJ7Sd0zYc2KNO3VUJ2bt6qHZ9QuSyeK4d7RsIvTW9qtSsm1LALpYK2cTUOxZg62RLSZeCLfoqU7h7+SOudPDl2iXFjdbmiiRiy9k2gxff9VsmyyFtKoStFksXMtnAQzBPf8MmHSvxl8keu2DaPywDT6vxfLkwuiaXbLJshz7gtnZQQqUTOBjH6lFnygaOMdUgp+vKk5/r5brn4vJOQKo15hwH4P68zgMKwG/44PRILX2WD+eSzyrnj/UrhTbVPlPI2k63ZvInDJcQYu6K1GgFV3psh5hu/FTum39MYnX4ILFJBZh2LlZTmO1bLIPzgDPe/hUqjkCtzyvzYIrHsBo/BI3vDnbv7Y7px9VBQxBAuwd1d559YErQBL+jyWk/1utzYFBg5Mwmszun6CdVxzIweVniKAqCDK67SvlqI6fguI+mIfoMapDH9K/096/70kXA5gUMdfbWu3ZYPdH+4Ge1mL1yFbnron9cOCnwHvhE+TezvkF2NSyRfZ3e0X6Im5zE0EpiqDYnZRtPlvLvU1yCiW5ZSe2puC1aWEH6ueZ/Xde0LbXe3K9VglXQvXKKnRo470ln6uA68xLNiJ8Lb/yQZsdTo090jtL6brg076TEhV5fV6GqKVWwhwjJgr9Ae06V2oEg7wVCGg/EQax1wENVS47ZQUV5/O8eDkqp1DNf9Xg+HddCMGg7OqjCODjQ4T9Z3yNgLMR4VJg==
Does the Coq Coq Correct! project address the issues pertinent to this unsoundness bug? Last I checked they axiomatized the part that would have interacted with this guardedness condition: https://metacoq.github.io/metacoq/html/MetaCoq.PCUIC.PCUICTyping.html#ind_guard . This (and other "advanced" inductive extensions) is the part I find most dubious about Coq generally, so I really hope they get around to it at some point.

On Tue, Dec 28, 2021 at 10:00 PM Jason Gross <jasongross9 AT gmail.com> wrote:
> Would a hypothetical proof of consistency of the entire Coq kernel as it currently exists be possible in principle

You may be interested in the Coq Coq Correct! project, which re-implements a significant fraction of Coq's kernel in Gallina (I think everything except the .vo format, module types / functors, universe polymorphism, and the VM and native reduction machines, but don't quote me on this) and proves it correct relative to an axiom stating strong normalization of CIC.

Best,
Jason


On Tue, Dec 28, 2021 at 6:44 PM Abhishek Anand <aa755 AT pm.me> wrote:

I have a small side question regarding the wiki article. It contains a sentence:

> As a result, not all the legitimate functions that satisfy the current (unsound) guardedness checker will satisfy the new sized type based typechecker.
My impression was that all the actual soundness holes in the guardedness checker were patched, so what unsoundness remains in the checker in recent versions of Coq? Would a hypothetical proof of consistency of the entire Coq kernel as it currently exists be possible in principle, or do we know that this is false without avoiding certain areas?


Mario Carneiro

On Tue, Dec 28, 2021 at 3:34 PM public <aa755 AT pm.me> wrote:
I wrote a wiki article about the last such incident I remember.
(others have since contributed to the article)

Regards,
Abhishek Anand


‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐

On Tuesday, December 28th, 2021 at 3:19 PM, Marco Servetto <marco.servetto AT gmail.com> wrote:

> Hi,
>
> I'm writing a little document talking about soundness/unsoundesses in
>
> verification systems.
>
> I remember that there was a time we managed to prove False in Coq, and
>
> the community came together effectively and promptly to fix it, and
>
> all major proofs were unaffected by the fix. I also remember members
>
> from other communities (Agda?) coming to give a hand.
>
> While I'm not a Coq genius, seeing the honesty and the clear polite
>
> and direct action made by this community filled me up with hope for
>
> the
>
> future.
>
> Do I remember correctly? Can someone help me to summarise the event
>
> and provide some references? Do you have references to other important
>
> tools that have been proved unsound and any discussions about the
>
> response of their community?
>
> Marco.


Archive powered by MHonArc 2.6.19+.

Top of Page