Skip to Content.
Sympa Menu

coq-club - [Coq-Club] Manual proof terms definitions and typechecking

coq-club AT inria.fr

Subject: The Coq mailing list

List archive

[Coq-Club] Manual proof terms definitions and typechecking


Chronological Thread 
    < Chronological >      < Thread >
  • From: Matthieu Baty <matthieu.baty AT epfl.ch>
  • To: <coq-club AT inria.fr>
  • Subject: [Coq-Club] Manual proof terms definitions and typechecking
  • Date: Tue, 18 Apr 2023 14:51:28 +0200
  • Authentication-results: mail3-smtp-sop.national.inria.fr; spf=None smtp.pra=matthieu.baty AT epfl.ch; spf=Pass smtp.mailfrom=matthieu.baty AT epfl.ch; spf=None smtp.helo=postmaster AT smtp2.epfl.ch
  • Dkim-filter: OpenDKIM Filter v2.11.0 smtp2.epfl.ch AC99040AB17D
  • Ironport-data: A9a23:aG9Yg6yS1Qd93sxM2WF6t+e8wirEfRIJ4+MujC+fZmQN5Upmgn1D0 SoCHzzEY6PVNVJBSakjINzrtRZTp9DleuUTTABt/383FyoQ9ZHPX4XEcU6hZHuYJ8acEk5rs 5lPYYjOfMlvQnPVrRymb+Do9XAgifvSFrfxVbObMS0pGVM9Qk/N5f4bd8sR2+aE1vDjW13d0 T+Ln/DiBbOF59JVGmtOsv7Y+Blhtf6i4z5C51E3PqpHsQXUmydNAp9BLvzqBnapGYM88sySF 7+Slunhlo/6105wUY39yu6TnmkiGOO60d2m0yIOM0SaqkEe4HZ0iM7XDdJEAW9PkTKFgttt/ 9tEsJ20WG8BM7bF8Agne0Aw/xpWYOsXqdcrHVDl6ZbIlxGfIyO2qxlTJBhe0bMwqr4f7V5mr qRwxAAlNnirm++wybSnfehg7uxLwB7DYevzElk5pd3oJa5OraLrG80m1vcEtNsEvf2iKN6FD yYvhZWDWzybC/FHEg9/5JvTB45EjFGnG9FTgAr9SabafwE/ZeG+uVTgGIO9RzCEeSlatla6/ V7h2UjVPgs5CfWAxCPf9jGQh9aayEsXWKpKfFG53uVvnEXJgGELBhlQXlvTTfuR0xTuHYsAe wpOo3Bo8/BaGE+DFrERWzW9qWKYvh8RRpxaGvErwAyVxK6S6Abx6m0sE2UfNoR7655eqToC9 E2Az9DEOxpTnqCLSE2gzIiNpAHjEH1ARYMFTXReFFBbv4mLTJsIphnIV5NoFLO/psbkHCn5h TGMtik3wbsJ5fPnzI2g+EzfhC+w4JXRQApz7QW/sn+ZAh1RdKz+W6uOxXTn99V9BZmUVwOF/ 0QFop3LhAwRNq2lmCuISeQLObim4feZLTHR6WJS84kdGyeFpyD+JN4LiN1qDBk0Yp5eEdP8S BKL0T698qO/K1OBTcebiaqVAtkxxK7mGLwJvdiNNoMTCnSdXDGO4S0GWKJ993vojFArjL15N I+VdYCnDR726JiLLhLoG4/xMpdylkjSIF8/o7igknxLNpLFORaopU8tagfmUwzAxPrsTP/p2 9heLdCW7B5UTffzZCLamaZKcwBTciVlX8qo85cNHgJmHuaAMDxxYxM26e5wE7GJY4wJz48kA 1nnAx8DmQGn7ZE5AVnQNy8LhEzTsWZX9ihiZnJwbT5EKlA4foe09+8Se4Y8dKUm8+orxPh4B +MIYMiJGP9PAjLK5ysad5qVkWCRXErDuO56BAL8OGJXV8c5H2Tho4a0FiOyqnVmJnfp5KMW/ eb6viuFGsVreuiXJJuMAB5Z5wnv7SF1dSMbdxagH+S/j222rdI1enah0qZtSyzOQD2arganO 8+tKU9wjYHwT0UdqYOhaXms/9r5QdhtVFFXBXfa5ruQPCzXtDjri4xZXerCOXiXWGro8e/wL a9Y3tPtAs0hxVxqiotbF6o07KQc49C0maRW4D45F1r2bnOqKIhaHF+44ed1uJdwm4Bp4TmNZ hrX+/1xG6m4B8f+IVtAeCsndrui0N8XqBnz7NM0AkHxyx1s2L+hVmRTIBi+pyhPJ5RlMI4e4 LkAuexHzyedmxYVItK9oSQMzFu1L1sESLQBipEWJKTJmzgb4AhOTrKEAxCn/azVTctHN3cbB wO9hY3Atux6/VXDeX9iLkr997NRqrpWsS8b0WJYAUqCn+fEofoF3Bdx1zATZSYNxzVl19NDA ERaB3dXF46voQgx3NNiWlqyET5vHBeao0z962UYnV3jEnWHaDb/E30fC82somYpq3lRbxpKz oG+kWzFawvnTOv1/yk1WHNmlcDdcMxMxlXCtf2jTuu4HMgcQDv6g6WRS3IChDn5DOgQ2kDWh +lY09xhSK/8NBwgiagxINSY3J8xUzGBHnRJGtt6zZMKHEbdWTC84iePIEaPYfFwJ+TG3Eu7K s52LOdNakiO7zmPpTUlGqI8Gb94s/o37t4keLmwB2o5n5aAjzhu6rT8yzPfgTI1ftBQjsoNE IPdWDacGGi2h3EPuWvsrtFBC1Woc+s/ewzw8+CkwtonT6tZnrlXTngz9b+os1G+EghtpUuUt TyeQZ7m9bVpzIA0krb8FqlGOR6PFuryc+a2oSSTqNVFaO3dPfje7z01rkbVBCUIHL8zdekuq 5Gzno/W5n7VhJc3TGHTpLeZHYZr+8iZfbRaI+D3HlZgjAqAX87nuUJb8EyZNK55utZXzZSlT iCZc+q1T8YeAP1G9U1Wag9fMhcTMLv2ZaHevhGAr+yAJxwe8A7fJva13CbNQUACUQFQILz4K Av/m8j21+BitI4WWSM1XaB3MaF3MHrIePUAdeSokRK6E2PxoFeJmoW6pCoa8TuRV0W1Spfr0 6nkGCr7Wg+54pzT7ddjtId3gB0bIVB9jcQ0fWMf49RGsC+7PkFXMdUiNYg6Nb8MnhzQzJ3YY BT/XFkmAwj5XhVGdkzy3o2yFEPXTOkDIczwKTEV7luZIXX+Tp+JBLx6sDxs+TFqcz/k1/uqM swa5ma2BBWq35V1XqwG05RXWwu8Ki/ynRrkOHwRkvAexz4FBKkSjjpsBARJEyfHey0IeIMnO kBtLV2ogmniIaIyLSqkU3NNFhVftzOHI/AAc3KU2NiG02mE5LQo9RA8Ut0fFpUOdMoOYrUOL Z8yq61h/EjOskEuVWAVVx7FTEO65T9n3iR3EUM7eTAvog==
  • Ironport-hdrordr: A9a23:FW3g9KwaWtFr9zJxYMlTKrPwO71zdoMgy1knxilNoNJuA6+lfq GV8MjzuiWUtN98YhsdcJW7WJVoP0mwyXcF2+Ys1N6ZNWGMhILrFvAG0WKI+VPd8kPFh4xgPN 9bAsxDNOE=
  • Ironport-phdr: A9a23:4hSaqRSDZOe3fTfiulAjeBa5wdpsouGWAWYlg6HPa5pwe6iut67vI FbYra00ygOTAMOBuqIP1rSempujcFJDyK7JiGoFfp1IWk1NouQttCtkPvS4D1bmJuXhdS0wE ZcKflZk+3amLRodQ56mNBXdrXKo8DEdBAj0OxZrKeTpAI7SiNm82/yv95HJbAhEmjqwbalsI BiyrgjduckbjIp/Iast1xXFpWdFdOtRyW50P1yYggzy5t23/J5t8iRQv+wu+stdWqjkfKo2U KJVAi0+P286+MPkux/DTRCS5nQHSWUZjgBIAwne4x7kWJr6rzb3ufB82CmeOs32UKw0VDG/5 KplVBPklCEKPCM//WrKiMJ/kbhbrQq9qBJ8zYDbb4+aOvpgcK3AfNMXXm9BUtpLWiFbHo+xY YkCAuwcNuhYtYn9oF4OoAO5Cwa2GOPv1j9Ihn7o0q0nzu8sDBvJ3BAgHtkTt3nUqc/6NLsOU eC1zanH0yjDY+lN1jjn9IjJcgssru+UXbJ+dcrd01UgFwPcg1iWtIfqMC+b2P4XvGiH8+pvS /ivi2g/pgxyojahycgih4bHi48Iy13J9iV3zYcoKNClS0N2fMKpHptMuiyaOIZ7RsEvT31ot is1xLAIt4C2cSYFxpg7yRPSbeGMfYuQ4h/7SeqdPzR1iGh4dL+9hBu+61asxvDiWsWu0VtGs jJJnsTQunwXyhDe6dSLRuFj8kqlwzqC1R3f5+dZKk4uj6XbMYQuwrsom5oTr0vDGij2lV3tj K+TakUk4vak5/75bbX+qJ+cM5V4hR3+Mqg2m8y/B/o3MhQWUmSG5+ix16fv8VD7TbhJlPE6j LTVvI7AKckauqK1GwpV3Zwi6xa7ATemytMYnXwfIVJAYh2Hk5TpO1HPIP/mEPezmU+jny13x /HGJbDuHI3NLnbHkLv7Ybl961ZQyAwowt9H/ZJbFqkBIO7vWk/2rNHUEwc1MxaozOb/FNV9y oQeVHqTDa+eKaPeqEOH5uYyI+aXf4IVozb8K/095/H0l3M5mFkdfbOo3ZQNcny4EO5mcA2lZ i+4idAYVGwOowAWTerwiVTEXyQFNFioWKdpwzgnFIKnAJqLbImxkfTV2S6nAp1Xa30AAFmQA F/lb4uAHfwMPnHBavR9myAJAODyA7Qq0guj4VeSI9tPK+PV/nZdrpf/zJ1u4PWVkxgu9DtyB sDb0meXTmgykHlbDyQu0vVZpkpwgkyGzbA+m+ZRQNla++9JUwonc5TV0/1SBsj8XkTKfoTBU 06oF+2vGip5Vdct25kLakd5Fc+li0XG1ja2A74YivqBDYAl2q/E0Xy3LMYug23e2vwHiF8rC tBKKXXghqN78F3LAJXVlkyCi6uwXb8ZwDaXsmqbw27It0EwvBdYd6LDUDhfY0LXqY+8/UbeV /q1DqxhNAJdyMmEI68Ma9vzjFwASu2xcNLZK3m8nWu9H3PqjvuFcZbqdmMB3S7cFFlMkgYd+ myDPBQ/ASHpqnzXDThnH1biK0329uw2pHS+R04yhwaECi8pn7+85gIVhPGBDfkawqMstT8vr 3N/HBf13t7bDcaBuxs0ZL9VMrZfqB9M0WPUsRA4P4T1dvoywAdBI0It5hmoiU0kb+cI2dInp 34r0gdofKeR0VcaMiidwYi1IbrPbG/74BGobafSnFDYytefvKkVu5Fa4x3uuh+kEk06/jBpy d5QhjGZ74nWDAsfTNT7W1om3xViqbWcaSl3tOa2nTV8dLK5tDPPwYdjAeI51hahcsoZOqqYB Sf/C8MeQcOuYr9P+RDhflcPO+Zc87QxNsWteq6d2aKlC+1nmSqvkWVN5I0VPlukzyNnUaaI2 p8Ex6rdxQ6bT3Lni0/ntMnrmIdCbDVUH2ylyCGiCpQDLqF1eI8KDy+pLajVjp17joLxW39V6 RipDk8X8MKxdx7UZFy10QBL1EsRqGCqgmPhlWwyym556PDGhmqQm6zrb1IfN3RORXV+gFuJQ 8D8lN0cUEWyLkAomBaj+Ufm1v1eraV7IXPURBQAdCz3Imd+F6qo4+PYM4gWt8Nu63wNFrrkM jX4AvbnrhAX0j3uBT5bzTE/LHSxv4nh2gd9kCSbJWpyq3zQfYdxww3e7ZrSX600vHJOSS9mh D3QHlX5McOu+IDekp7fruC/Wn/nXJRPYAHm1Y2E8iC7rz4PY1X3j7Wol9vrHBJvmyryy8VqV CjV6hz1fpjD2ry0NaRsfgM7YT20o9o/EYZ4nIwqgZgW0nVPnZSZ800MlmLrOMla06bzPzIdA CQGyNnP7E35yVVueziXkpnhWCzXka4DL5GqJ3kb0SUn44VWBbeIufZayDBtrAPwrBqNM6Enz nFElqtosSBExbtT8As1knfEWOBURBYIe3a1zVLWt7Xc5O1WfDr9KOLgkhMhzZb7Vu3E8kldQ CqrI81yW3YvvoMlag6KiiSjrdq9MNjIMYBK60XSykiQybMTcNVryp9ozWJmIT6v5CB4jbdj0 Fowm8vi5M/ccy1s5P7rW04AcGyvIZpMpHe21u5fhprEhtD3WMQ7XGxUA92zFpfKWHoTrai1b lbTVmxn7C7HQfyHWlXFoEZ+8yCWQ83tZi/RfSJHi4g9DBiFeB4G0F1SBW9n2MRkUFDtnp2EE g8x5yhNtAeo910Wk78ubUChFD+Y/l3gay9oGsHPcVwMtVEEvh2Ta5TZtbs7HjkErMTw9krXd zDdPl0WSz1RPy7MT1H7Yuv3tIKGqbTHQLDmf72QPv2PsbAMDqbTg8jzjc08p2bKaJXHP2E+X aRqigwZGykjS4KB3G9TLk5f3yPVM5zC9Uf6oGsu9Zr5qLOxAkru/dfdUuoCd48pokvox//Eb bXYhT4le28JhtVWgyaUlf5HmwRO7kMmPzi1TeZZ5H6LFuSJxfARV1lBN2tyLJcatvNsmFMLY JGLzIuyjOUwj+ZpWQ4UBRq73Jj5PYpSZDvhUTGPTEeNP7CbKTCZ9Nrvb/n6RKVeiKNft1Wms DKfWScPJxylkD/kH1CqOOBI12SAOQBG/Zq6alBrAHTiS9Tvblu6NsV2hHs42+98gHSCLmMaP TVmFiEF5rSN8SNVhOl+EG1d/zJkK+eDgSOQ8+jfLN4fr/JqBi1+k+8S7m49zvNZ6yRNRfo9n yW3zJYmu1a9juyG0SZqSjJVrypT3sSGpUtmf67Zt9FBVXvC4BMR/DCQBhAN9L4HQpXkv6Fdz MSKlbqmcW0StYuLrY1GXpKSdprUVRhpeQDkEzPVEgYfGDuiNGWEwldYjOnX7XqN6J4ztpnrn pMKDL5dTl08UP0AWSEHVJQPJol6WjQ8nPuVlskNsDC7pQXNRMRXo9bNX+6DKfj3JjLfhrkON H5qifvoaJ8eMIH2wRkocl5hgIHDAFbdR/hWpzF5NEk5uEtJtnN+BD5WuQqtekam53kdEuSxl xg9h15lYOgjwzzr5k8+OlvAoCZYeKwZlM3rhXaacGypRE9fdYxOBS6yvEhja/sToi5uaBGqx wppLDnAAblR3eMISA==
  • Ironport-sdr: 643e9252_DmM6ntnFu6uCx7UeV617S2UsU81lMSxPlPzNDMLiD2nx0ox krHVZqm2eYBodGeqeZVd24lhiYAt7/RxfMXVvBA==
Hello coq-club,

I recently ran into a puzzling Coq behavior regarding the typechecking of manual
proof terms definitions and  I would appreciate some pointers. The attached file
contains a runnable example of what I describe in here.

When proving a lemma through reflexivity, I expect unification to run twice:
once while building the proof term interactively (can be skipped with
exact_no_check eq_refl) and once at Qed time.

Lemma interactive_proof: slow = 0.
Proof.
  Time reflexivity. (* x seconds *)
Time Qed.           (* also x seconds *)

Alternatively, I could bypass interactive proof term construction and provide my
proof as a definition. I would then expect the validation of the term to take as
long as the previous `Qed` (i.e. x seconds). Alas, I would be wrong, as it ends
up taking twice that time.

Time Definition raw_proof: slow = 0 := (@eq_refl nat 0). (* 2x seconds *)

This is not a `Definition` issue, as using `Check` with the appropriate type
annotations yields the same behavior.

Time Check (@eq_refl nat 0: slow = 0). (* also 2x seconds *)

Tactics in terms can help with this: replacing the body of the previous
definition with ltac:(exact_no_check (<my_proof>)) makes it run in the time I
expect it to (x seconds). I can't see why all proof definitions don't behave
like this.

What exactly is going on? Is there a good reason for this behavior?

Thanks,
Matthieu Baty
Fixpoint slow_comp (n: nat) :=
  match n with
  | S n' => slow_comp n' + slow_comp n'
  | 0 => 0
  end.
Definition slow := slow_comp 20.
Set Printing Implicit.



Lemma ex1_refl: slow = 0.
Proof.
  Time reflexivity.                     (* 0.6s *)
  Show Proof.
Time Qed.                               (* 0.6s *)

(* Faster way of getting this version of the proof through the kernel: *)
Lemma ex2_change_no_check: slow = 0.
Proof.
  Time exact_no_check (@eq_refl nat 0). (* 0.0s *)
  Show Proof.                           (* Same as above *)
Time Qed.                               (* 0.6s *)



(* This is about as slow as TWO unifications of slow and 0, why is that? *)
Time Definition ex3_definition: slow = 0 := (@eq_refl nat 0).  (* 1.2s *)
(* Same behavior with Check... *)
Time Check (@eq_refl nat 0: slow = 0).                         (* 1.2s *)
(* ...but not if we use inline ltac with exact_no_check: *)
Time Check (ltac:(exact_no_check (@eq_refl nat 0)): slow = 0). (* 0.6s *)
(* It looks like there is some redundant checking going on. *)



(* Bonus contents: name validity checks occur between the two phases. We reuse
   a previously defined name to highlight this behavior (don't do this at
   home!). *)
Fail Time Definition ex3_definition: slow = 0 := (@eq_refl nat 0). (* 0.6s *)
Fail Time Definition ex3_definition: slow = 0 :=                   (* 0.0s *)
  (ltac:(exact_no_check (@eq_refl nat 0))).
Time Definition fresh_name: slow = 0 :=                            (* 0.6s *)
  (ltac:(exact_no_check (@eq_refl nat 0))).

(* Shouldn't the (usually) much faster name check run before the slower
   unification pass(es)? *)

(* Here's another illustration of why this ordering of checks can be annoying
   (not quite the same as there are no duplicated computations here): *)
Time Definition no_fail := Eval vm_compute in (slow_comp 24).
Fail Time Definition ex3_definition := Eval vm_compute in (slow_comp 24).
(* It took the same time as no_fail, but it could have failed instantaneously
   had the name check occurred before the computation. *)

Archive powered by MHonArc 2.6.19+.

Top of Page