coq-club AT inria.fr

Subject: The Coq mailing list

List archive

Re: [Coq-Club] Experience with formalising projects with length indexed vector (Vector.t) and finite type (Fin.t)

From: Qinshi Wang <qinshiw AT cs.princeton.edu>
To: coq-club AT inria.fr
Subject: Re: [Coq-Club] Experience with formalising projects with length indexed vector (Vector.t) and finite type (Fin.t)
Date: Mon, 16 May 2022 21:26:44 -0400
Authentication-results: mail2-smtp-roc.national.inria.fr; spf=None smtp.pra=qinshiw AT cs.princeton.edu; spf=Pass smtp.mailfrom=qinshiw AT cs.princeton.edu; spf=Pass smtp.helo=postmaster AT orangecrush.cs.princeton.edu
Ironport-data: A9a23:1NQuvahsJyRKju4EMu97FrWzX161ghYKZh0ujC45NGQN5FlHY01je htvWWDXO6zbMTTwKthwad+09k0E75HcmtUxTAJsrSw3Hn5jpJueD7x1DG+gZnLIdpWroGFPt phFNIGYdKjYaleG+39B55C49SEUOZmgH+a6UKieUsxIbVcMpB0J0HqPoMZkxN8x6TSFK1nV4 4mq/pSBYAXNNwNcawr41YrT8HuDg9yp4Fv0jnRmDRyclAK2e9E9VfrzFInpR5fKatE88t2SG 44v+IqEElbxpH/BPD8KfoHTKSXmSpaKVeSHZ+E/t6KK2nCurQRquko32WZ1hUp/0120c95NJ NpliIOtcBwMN7b1xf0eaClkCCthA4RIweqSSZS/mZT7I0zudGHlxfpjB1srJo1e8f0xGXtP8 /cVNDcLKB2PmopawpriELkq3515apCwYsVC5hmMzhmBZRoiaYnCRb7K5MBw1yx2ntpPG/3Te 80fLzdjcXwsZjUUZApHWMllxI9EgFHEdhBAmkKV/pZs/miL3QFvyLK9FPHKL4niqcJ9wxbJ/ Tqbl4jjOTkRM8Xawj6Y+Fq3l+rXlGX6XpgTHfu27JZXbEa7wXYaDhIbXkGmuvn/gVX4Q8heL UcZ5i0o66U+6SRHU+URQTWFv2O9pTsVQOMNCu4B2D2WwLXqygigUz1soiF6VPQqs8o/RDoP3 1CPns/0CTEHjIB5WU5x5Z/I9WjvYnB9wXsqIHBYE1ZZurEPtalp1nryosBf/LlZZzEfMQnqw jaBoTQ5gd3/ZuZTh/jnoTgrbxqKq4eBbAMv/QjGNl9JAyt+foejaIGj80XA7bBLN8CBVFiHt 3UYnM7Y4ewTZX1sqMBvaLlcdF1Kz6/bWNE5vbKJN8N8n9hK0yTzFb28GBkkeC9U3j8sIFcFm nP7twJL/4N0N3C3d6JxaI/ZI510kPK/T4m1DKCJMoYmjn1NmOmvoH0Giam4gz2FraTQuftX1 WqzKJ3zUSlAYUiZ5GDtG4/xLoPHNghjlTKIHc2TI+WPyaCfYnWYVbADeEaIb/409riFvBS9z jqsH5bi9vmra8WnOnO/2ddKdTgicChqbbir+pM/SwJ2ClA5cI3XI6OOkONJlk0Mt/g9q9okC VnnAR8FlAum3CCYQehIA1g6AI7SsV9EhSpTFUQR0ZyAghDPuK6js/UScYUZZ74i+LAxxPJ4V aBbKc6bROxVSzLM9igaa9/woJE7LEanggeHPiyEZjkjfsM8G1CRpIO8Jga/pjMTCieXtNclp +zy3wzWdpMPWgB+AZuEc/mo1V6w4SAQlbsqDUvFK9VeYmv2941uJ3Cjh/M7OZhSex7YgCOA1 gCdDAsfo6/Ar5JsqIvFgqWNroGIFepiHxcGQzWDs+rubSSDpzit245NVuqMbAvxbmKs9fXwf /hRwtH9LOYDzQRDvIdLGrp2yb4zuon0rLhAwwU4RHjGYgj5Cr5kJXXaj8BDurcXlu1eowKwV U+E4MRBOfOCI4X9Cl8XLwc5aeLF2P0Jw2GA4fMwKUT8xSl24LvaDRkOZ0fQ0HRQfOlvLYco4 eY9o8pHuQWwhy0jPsuCki0JpX+HKWYNUvl/u5xGUpXnjBEnlgNLbZDGUH+k54uGbdpBOVM3O T/Sj7GEn65dwEHPb301U3XBwLMF15gJvRlLyn4EJkiIx4aZ2qdpgEUJ/GRlVBlRwzVGz/l3a zpiOEBCLKmT+ytl2ZpYVGe2FgAdXBCU9yQdEbfSeLE1kqVpaoDMEIH5EeGX9UYW/mlGYyNbu rqDjn7/UDDhcd322G0/VVMNRznLU4lq7gOb8Cy4N53tInX4SWONbmySia4goAChGdkwgkbKu e5suut8dMUX8AYO9rYjBdDyOas4EXi5ya8rfR2l1KgSW3nGeTe51CSJLQa8dt4lyzkmN6OnI 5QGG/+jnChSGMpDQv73yELMz3JJcCYV2ec/
Ironport-hdrordr: A9a23:G7JQ8KunaIzDwKtGiL9+HB7m7skDVtV00zEX/kB9WHVpm62j5r mTdZsgpH3JYVoqKRIdcJW7WJVoIkmzyXcW2/h0AV7KZmCP0wGVxcNZjLcKqAeQfBEWmNQts5 uIsJISNPTASXZ/hcb+pC+iE9ghx9GDtISln/3XwXsobSwCUdAE0+60MGqm+4RNKzV7OQ==
Ironport-phdr: A9a23:Kncuhx8TBXpcgf9uWfC2ngc9DxPPW53KNwIYoqAql6hJOvz6uci4Z wqCu74x0BfgZsby07p8ke3YsqTtCyQrwK2qlzQ8SqFKTAIPks4MngYtU4avAEz/K+P2PWRhR JwRHFBq8GumPkdLBc3we0PdomGo7T4VBx7zKRd5Kv76F4LMgcm7zeC/9pzcbwhHize2fK9/I gixoQjNrMcdnJFsKrw2yhvHo3tIf/pZyGZ1Ll+NnBjy+9m98od7/ytfp/wu+chAUb7nf6sjV rxXEC4mM2Eu68L1sxTIUBaC6WEdUmUSlRpIHhTF4RTnVZr/rif2quxw0zScMMbrT747RC6i4 r9kRx/miigJNzA3/mLKhMJukK1WuwiuqwBlzoPOfI2ZKPhzc6XAdt0aX2pBWcNRWjRaDIO9a YsPFOoBPedFpIb9vVQOqxS+DhSrCeP2yz9IgGT23a070+UvCgzJwBcgE8gWsHTOrdX1MrsdX v6pzKnPyzXPde1Z1irg6IXRdB0qvP6DU65qf8XL1UkvCx3Kjk+WqYH9MT2YyuoAvWeV4uRgW ++hhWEqph9xrzWzyMoglpfEi4wLx13K+yh13IQ4KNy4RUN5btOpDYVduzyZOoZ2QM4uXWdls zs0xL0BvJ60ZikKyJI/yh7ebfyHaYmI7Qj5WOafOzd0nH1leLOjhxay7Eiv0ffwWdWz0FZPq CdOj9rCtmgV2hDO9MSKSeFx8lq81TqRzQzf9+9JLEEumafbJJMt2qA8moYXvEjZHSL7mF/6g LGIekk54OSl6+vqb7P7rZGBL497kAT+PKc2msKnH+s4LgYPX2+B+eS/zLDv4FP1TbZQgvErj 6XVrorWKdkVq6O4GQNY0oku5hCiBDm8ytsYh2MILFdddRKHkYfpP1bOLej/DfelmVusljhry O7aMb37H5XNNXjDnK39crZm8UJc0BAzzdFZ551IFL4BPPXzWknruNPGExA5LhS4w+fhCNpjy oMTQX+DDrGaPa/IrFOE+/wjL/ORaIIbuTvxMfgo6vH2gX88g1AdfK2p3ZUNaHC/G/RrO1yZY XvqgtcaEWcKvwQ/Qff2h12ZSzJTf2yyX6M65j4nFo2mEYDDRoa3jLOfwSi7A4VaZmZdBV+UC 3fna52EW+sQaCKVOsJtjyQIVaK9RI85yRGuqAj6xqJ7IerT4y0UrI7s1Nxo5+LIjhwy7jx1D 8GF026XVW10n2UIRyU33K9lu0B9xE2DguBEhKlTEsUW7PdUWC87M4Tdxqp0EYPcQAXEK+6IT k2mQ52ZCDc+BoYowtkVY0diM965yAjZ3iyhDqMSkfqGCIFiofGU5GT4O8sokyWO76ImlVRzG qOnVEWjj697rU3IApLR1l+enOCsfLgd2yjE8CGCy3CPtQdWSl04Sr3LCFYYYEaettHl/gXaV bb7ELUhKQtA1uaJMe1ScNzvhlhaQ/GlNdjDMCqqg2nlPR+T3fuXaZbyPWAU3SHTEk8BxhkS+ 22GNBcWDTznu3jfCjdjCVXpJU7g7Lo2s2u1G3c91BrCdEh9z/y19xoS0OSbUO8W16kYtT0Jr C99Glmw1MjLENrGrBEnZL9dZ9gw/FBBk2/VqmSRJ7SGKKZvzh4begVz5Qb10glvT59Hmo4sp W8rywx7LeSZ1klAfnWWx8K4PLqfMWT08B21DsyekljDzNab/LsO4/Ukuh3iug+uDE8r73Rg1 ZFczXKd4pzACAdaX4j2Vw478B1zpreSZSdYhcuczHxqKqm1rRfJwJQxHuojwRu8eNEZPa+ZV UfzH8AcG8myObkygVH6C3BMdOtW9aMyI4anb67fgv7tZb862mv90yIavNMYsArE7Sd3R+/W0 oxQxviZ2lHCTDLglBK7tcuxn4lYZDYUF275yC7+BYcXaLchGORDQWqoPcCzwc1zwpD3XHsNv keiAUgG2dCBcgHUd0b82wZdyUMR53GrhGHrql482yFstaeZ0CHUlq77dRwcOm9UbGJ5y0/2I I6/gswdWg6lYxVjx37HrQ7qgqNcoqp4NWzaR0xFKjP3I29VWay1rrOeYsRL5fvEqA1vWf+nK RCfQ7/5+V4B1j/7WnFZz3Y9fi2rvZPwm1p7jnicJTB9tiiRdcZ1zBbZrNvSIJwZliMHQjJ4i Cb/DUP6J8Oo+96Zi5DF9O2ySiqtW4ZSfi/i0Y6b/HLhtSszWEf5xqvt3IC7WQEhtE2zn8FnT yDJsArxbsHw2qK2PPgmNkhkCVng6tZrT4R3k48+npYVih14zt2e+XsKl3u2MM0OgPiuKiNUH 3hSmICTvVS2vS8rZmiEzI/4SHiHl85oZt3gJ3gTxjp49cdBTqGd8L1DmyJx5Fu+twPYJ/Znz VJ/gbMj7mAXh+YRtU8j1CKYV/oLHE9DPS3zvx+TqcikraNcaXqod/692Fc0zrXDRPmS5xpRX nr0YMJoBC529cV+L3rHyzvr8IDic9TMatRVuxGJ2USl7aAdONc6kfwEgjBiMGT2sCg+yuI1u hdp2ImzoImNL2g+tLL8GBNTMSf5It8C4jy4x7gLhd6Yhsr8e/cpUiVORpbjSuikVS4fpeiyf RjbCyUy8z+eCfLeBVPNsR026SuWSdbybC/RfD5DlrAADFGcIkdbnQwZDi0gn5gyGxytworsf Fox8DkV4hSQRgJk8utzLFG/V27eoF3tcTIoUN2FKxEQ6Ahe5kDTOMjY7+RpHige8Ifz5ACKL 2WaYUxPAwRrEgScAEv/O7C1+dTa2++CD+yxIvDUfK6O7+dFEe+SxJSk35dh+XCBOtjHMnR5D vI901ZORhUbU4yAwWVJEnVN0XuWMYjG+F+14WVvo9q68ej3VQ6n/oaJB7ZIcJ1u9x2wnaafJ ruQiSJ+elM6ntsHwX7FzqRa3UZH0ns+MWD0S/JZ7nCLEf6D/80fRwQWYC5yKsZSuqc13w0Xf NXelsuwzLlzyPg8F1ZCU1Xl3MCvf80DZW+nZzalTA6GMqqLITrTzoT5e6S5HPdJjeNPtxyvk T2AVVf5PzKImiXuUVaiPfwG30T5dFRO/ZqwdBpgEz2pVNX9dhiyK8N6lxUx27QyiX7BL3MHM X53aAVVtLyW5i5EhfM5FmBcpCkAT6HMi2OS6O/WLYwTuP1gD3Fvlu5U1389zqNc8CBOQPEm0 DuXtNNlpEuq1/We0jcyGgQbsS5F3cjY2CcqcbWc7JRLXmzIuQ4A/XnFQQpfvMNrU5Xm8+VZz tyF/EoWADxZtcrO/M0XCtTTLoSKPGdzaXIB9xbfF00dVz+tPmzDgEobnf2PpCT9RnkSrYLln pUDQaVGT1xzHehcEl5kGtcPPJBxGD4ojOzC5PM=
Ironport-sdr: gwDGU3QD9HpokaB/ErI8xk2vzxZVSM7zkpL2g/BKqQphHUV4pBbb5DK+Zxup9+Fi8clgLfuF2O vXkEpOGBGBvuhoSyEuN6OcaLb0xiAE1dYSsQM5nU/FHnTXvjLVMLNRlbG0jmrwwf4reAjBbm/9 I71DNqGxeLNEzj+XPPJKIHfHJqV8gZuQ7gNLUXVCBA4wbZI81XhnfmYlKWI0HMNcJZz5U5TDIs 96muI9yEVjbRu3khfrICcXQud2Zy6yH1XfhnZNMTqAcVLKjC2wsx2soDaqxoJ/2LpcjhNq6xM2 tra/AKJ3v3oOPj1T2LtyIKbL

I would like to pop up with my piece of experience. I agree with jtm that refinement type (a type with a constraint, e.g. {xs : list a | length xs = n}) is easier to use. In particular, it's nice to bind additional information like lengths as a part of types when we don't need to maintain it explicitly. For example, when we have lists of the same length and we usually only read and write to list entries without changing length. In this case, dependent type is your friend. But when you need to write functions to construct lists of different lengths, dependent type is not so friendly. For example, you need to annotate the length for each intermediate value. So refinement type provides the flexibility that one can maintain the constraint part when it's useful and drop it when it's a burden. When it's needed again, we can reconstruct the constraint by giving a proof. Program definition [2] makes this procedure easier. For example,

Require Import Coq.Program.Tactics.

Definition vector A n := {xs : list A | length xs = n}.

Program Definition vector_app {A n m} (xs : vector A n) (ys : vector A m) : vector A (n+m) :=

exist _ (app xs ys) _.

Next Obligation.

...

Qed.

This makes the definition more clear. And a benefit is that the definition is transparent but the proof for the constraint is opaque.

We have an open-source tool [3] for proving list length and indexing that you might find useful. It has a nice automatic prover. It is for basic lists indexed by Z instead of nat, because Z is more intuitive for arithmetic (while the advantage for nat is induction).

Thanks,

Qinshi

[2] https://coq.inria.fr/refman/addendum/program.html
[3] https://github.com/PrincetonUniversity/VST/tree/master/zlist

On Mon, May 16, 2022 at 11:08 AM jtm <me AT jtm.cx> wrote:

On Sun, 2022-05-15 at 19:40 +0100, mukesh tiwari wrote:
> Hi everyone,
>
> Have you formalised some non-trivial project using vectors, and
> finite type [1]? If yes, then what was your experience? What did you
> like and what did you not like about it? Also, could you point me
> towards your project?

I don't have much experience working with [1], but in the couple
instances where I have, I found it very difficult to do dependent
pattern matching (i.e. `match x return y ...`). I found the following
definition to be much easier to work with:

Definition vector a n :=
{ xs : list a | length xs = n }.

I prefer this definition for a couple reasons, First, you can write
functions in terms of plain old lists, and then prove things about
their lengths later. Second, a lot of proofs regarding length can
be solved using `lia`. A big disadvantage is that some functions
regarding vectors need to be defined inside proof blocks to deal
with propositions regarding vector length.

An example of defining vector concatenation:

Definition vector_append : forall a m n,
vector a m -> vector a n -> vector a (m + n).
Proof.
intros a m n [xs P] [ys Q].
exists (xs ++ ys).
rewrite List.app_length.
subst. reflexivity.
Defined.

Best,
jtm

> [1] https://coq.inria.fr/library/Coq.Vectors.VectorDef.html

[Coq-Club] Experience with formalising projects with length indexed vector (Vector.t) and finite type (Fin.t), mukesh tiwari, 05/15/2022
- Re: [Coq-Club] Experience with formalising projects with length indexed vector (Vector.t) and finite type (Fin.t), Dominique Larchey-Wendling, 05/16/2022
- Re: [Coq-Club] Experience with formalising projects with length indexed vector (Vector.t) and finite type (Fin.t), jtm, 05/16/2022
  - Re: [Coq-Club] Experience with formalising projects with length indexed vector (Vector.t) and finite type (Fin.t), Qinshi Wang, 05/17/2022
    - Re: [Coq-Club] Experience with formalising projects with length indexed vector (Vector.t) and finite type (Fin.t), Talia Ringer, 05/17/2022
  - Re: [Coq-Club] Experience with formalising projects with length indexed vector (Vector.t) and finite type (Fin.t), Dominique Larchey-Wendling, 05/17/2022
    - Re: [Coq-Club] Experience with formalising projects with length indexed vector (Vector.t) and finite type (Fin.t), Adam Chlipala, 05/17/2022
- Re: [Coq-Club] Experience with formalising projects with length indexed vector (Vector.t) and finite type (Fin.t), D. Ben Knoble, 05/16/2022
- <Possible follow-up(s)>
- Re: [Coq-Club] Experience with formalising projects with length indexed vector (Vector.t) and finite type (Fin.t), Weijer, W. de (Wessel), 05/17/2022