coq-club AT inria.fr

Subject: The Coq mailing list

List archive

Re: [Coq-Club] Proving transitiviy of simple type system

From: Xavier Leroy <Xavier.Leroy AT inria.fr>
To: coq-club AT inria.fr
Subject: Re: [Coq-Club] Proving transitiviy of simple type system
Date: Tue, 3 Oct 2023 11:26:13 +0200
Authentication-results: mail2-smtp-roc.national.inria.fr; spf=None smtp.pra=Xavier.Leroy AT inria.fr; spf=Pass smtp.mailfrom=xavier.leroy AT gmail.com; spf=None smtp.helo=postmaster AT mail-lf1-f45.google.com
Ironport-data: A9a23:yddRz6+Sx9B7bbLHgOHTDrUDyHuTJUtcMsCJ2f8bNWPcYEJGY0x3m 2tOXjjQM/6KYmWmf9kkao3jpEkE7cCByIcwSlE5rChEQiMRo6IpJ/zJdxaqZ3v6wu7rFR88s Z1GMrEsCOhuExcwcz/0auCJQUFUjP3OHPymYAL9EngZbRd+Tys8gg5Ulec8g4p56fC0GArlV ena+qUzA3f7nWYvWo4ow/jb8kg25Kyp4GlwUmEWPJingneOzxH5M7pEfcldH1OgKqFIE+izQ fr0zb3R1gs1KD9wYj8Nuu+TnnwiGtY+DyDW4pZlc/TKbix5m8AH+v1T2Mzwxqtgo27hc9hZk L2hvHErIOsjFvWkdO81C3G0H8ziVEHvFXCuzXWX6KSuI0P6n3TEnddLCWY5MrIk3vsoE1pS3 s1CEgg0cUXW7w626OrTpuhEg80iKIzvMtpatC09iz7eCvkiTNbIRKCiCd1whm9hwJATW6+AO IxFNFKDbzyYC/FLEkceFpMzhqGsi2P4YhVXrVuUoew85G27IAlZieK8aYWPIYLULSlTtmmIq XvkomTbOAAfZNO1ySOd30qwoeCayEsXX6pXTtVU7MVCi1qKg2cXFRc+Tkq+ufD/i0ikWtsZJ VZ8x8Y1ha079UjuStekGhPk/TiLuRkTX9cWGOo/gO2Q9pfpD8+iLjBsZlZ8hBYO76fanBR7j gXbrMCjHjF1rryeRFSU87re/3v4OjEYISVGLWUIRBcMqYur6owirAP9fvA6Go6Mj/rxBW7Rx RKOp3MAnLk9t5MA+Ji62lHluAiSgKb1YDQ73DiKYVL93DhFPNakQ6eK9Wnk6e1xKdfFb1uZ4 1kBtcuszMEPKpCvkiaybv0HN+yr7azdMRn3o11mL78+/RuDpl+heoFx5mllBUFLa8wrRx7gU HXxiyhwuqBBHSKNRrBlRq6MEOIW9LjEOfW5c+HLf/xMT4NUdgTazBpxZEWV4X/hoHIsnY47J 52fV8SmVlQeNohK0xu0QPU7w5Yw5yVj217We4/3/y6n3ZWaenSRb7UPa3mKT+Ih6ZK7sBfny MleO+SK2idgfrXHOAePyrEqLHcOMXQfLrL1oZYOdue8fyxXKFt4APrVmb4ca4hpmppOrdjx/ 1a/ZB586EH+jnj5Owm1eihdSLfwb61e81M/HwIRZGiN5VZyQLyS/J8+doQ2d4YJ7OZM7+B5Z NhbdtSiAsZgcCXm+TMcZ6bTtIZJLQ+Zhy+SDSicORw6c4BqHQDSyOS5fAG1rCgqJQi0vPsYv LeP+F76Q50CZgI6F+fQSqul4G2QtEgnutBZfhX3MPxMXkTz4a5WKyDVpd0mEfEmcBns6GOT6 FeLPE0+u+LInb4QzPDIoqK196GSDOp0GxthLVnxtLqZG3HTwTu+/NVmTu2NQDH6UVH08oWEY cF+7an1EN8DrWZwn7tMKZRZ5oNg2IK3vJ5f9BpuI1vTZVfyCr9AHGiP7fMSioJznI1mqSmEc WPR3OkCIriYGtLXIHhILiofU+mz//U1mD7T0PcLHHvH9BJHpLqqbEEDECSP2Qp8LaR0OrwL2 e0OmtAbwC3hhwsIMuSptDF19WONJ0NdQqwYm4woBq7qriEJyVhyR4PWJQGrwZOIavRKalILJ B3NjoX8pr1s/GjwWFttKmrsh89z3Y8vvjJOx388f2W5oMLP3KIL7UcA4AYJQRRw5TQZ9eBKY 0xAFVB/fIeK9BdW3PlzZXimQVx9NUfI637K6gU7kUPCRBOVTU3LFmo2PNiN8G0/825xejt6/ qmS+F36UATFLd3A4S8vZXFL8/DTb8R91gnnqvCVG86oG5obYz28jJH3NCBM41HiDNgqjULKm fhy8awiIefnPCoXuOsgB5Pcyb0UTwueKXdfRe16upkEBnzYZCr4zA3mx5pdoS+RD6eiHY6E5 81SygZnUh2/0GOKoGleC/JRZbBzm/Et6ZwJfbaDyavqdVeAhmIBjX4S3nGWaKwXrxFGnsM0K 4eXfDWHeoBVrWUBgHfD9aGoJULhCeTpp2TAMCSd8eMTFptFvvsEnYTeFFerly39DTaLNC54c O8Oi2E6AgCiJUlRc1PQL5h+
Ironport-hdrordr: A9a23:E0w3gareaTwcLBJHiwKt+YoaV5ooeYIsimQD101hICG9E/bo8f xG885rtyMc5AxhO03I3OrhBEDiex3hHPxOkOws1N6ZNWGMhILrFuBfBODZslnd8kPFh4lgPG RbHpSWyuebMbG3t6rHCcCDfOod/A==
Ironport-phdr: A9a23:TOAoLRVIg5HBcztThC5LNm+dAtfV8Kz6XzF92vMcY1JmTK2v8tzYM VDF4r011RmVB9WdsKwP0rOe8/i5HzBav9DZ6DFKWacPfidNsd8RkQ0kDZzNImzAB9muURYHG t9fXkRu5XCxPBsdMs//Y1rPvi/6tmZKSV3wOgVvO+v6BJPZgdip2OCu4Z3TZBhDiCagbb9oI xi6swbcutMYjIZjJao91wbFqWZMd+hK2G9kP12ekwj968uq4JJv7yFcsO89+sBdVqn3Y742R qFCAjQ8NGA16szrtR3dQgaK+3ARTGYYnAdWDgbc9B31UYv/vSX8tupmxSmVJtb2QqwuWTSj9 KhkVhnlgzoaOjEj8WHXjstwjL9HoB+kuhdyzZLYbJ2TOfFjeK7WYNEUSndbXstJWCNBDIGzY YsBAeQCIOhWsZXyqkAUoheiHwShHv/jxiNKi3LwwKY00/4hEQbD3AE4Ht0BqmrUrNTrO6cIT Ou7yrfHzS/Eb/JWxDzw74nHfQo/ofGNQ71wa9Ddx08xGAPfiVWRqZfoPzKT1uQXsmiU9fBsV ey1i2M+rQx6vzegyNs2hIbTmoIV1k7L9T9/wIstJ9C0VE51bN+mHZZQtCyXK4R4Tt8sTWxop Ss21LILtYOncSQXzJkqxh3SZfKEfoSU/B7uUOicLDN8iX9keb+ymhC/+lWjxO3kTsS4zkpGo y5fntTPtn0BzQHf58mFR/dn8Uqs2TCC3B3J5O5eO0A7j6/bJoYhwrEukpoTtlzOHirsl0X3i K+ab0Ek+ua15+j+bLXrqZ+RO5V7igH5NaQulci/DvoiPgcSWGib/Pyw1Lzl/ULnXLVHluM6n rXdvZzAJskWprS1DxJU34sh8RqyADer3MwdnXYdLVJFfByHj5LuO1HLOP35Au2wg0qtkDh13 fDKJLnhDYvXLnjEkLbsZrl960tGxwoyydBT/Y5bCrYEIP7rXE/+r8TXDgUlPAys3+bnFNJ92 5sDVW6XGK+WLLvSsUOU5uIoO+SDeIgVuC/kJ/c54/7ukGQ2lEQGfaip2JsXcGq3Eu5nI0Wfe 3rsg80OHX0EvgokH6TWjwiJVicWbHKvVYo94Cs6AcSoF9TtXIeo1YyIwia2BNVya3pBGxjYI X72doieHdMBciWDCs5niD0NE7a7HdxynSqyvRP3nuI0ZtHf/TcV4MqLPLld4uTSkUt37jloF 4GH1GrLSWhon2QOTjtw3aZloEU7xE3QmbNgjal+Etper+hMTh98LYTVmtxzFdH/QETlc82OW X6nRM+nCHc/VIF52McANn50AM7qlRXfx2yvCr4RmaaMAckk+7zd0mK3I8tnzGfu26wojl1gS cxKZiW9nqAq0Q/VCsbSllmB0aancaNJxCnW6GKK1naDpmldWQ90FKHLBDUROhaQotP+6UfPC bSpDNzLKyNnzsiPYutPY9zt1xBdQev7fc7ZaCS3knuxAhCBwvWNapDrciMTxneVDk9MiA0V8 XucUGp2Ti68v2LTCiBvHlPzcgvt9+d5snayUk4zyUmDcURg07O//hNdi+abTrsf2bcNuSFpr DsRfh7179vICtea4S5sZqJNSdI7+lZOk2zD9kR8MpGmM6F+lwsGaQ0k90jq1hhxFsBBiZ1w9 CJsnFc0cPzHlg8cJFb6ldjqN7baK3f/5kWqYq/SgBTF1cqOv70I47I+okniuwegEgwj9W9m2 p9bySj5hN2CAQwMXJb2Skty+QJ9ouSQciAj5o7Ok3lhK66lmjDH0tMtQuAiz1zzGrUXeLPBD wL0H8AAUoKeIfIrlkLvSh8eO/F69aguPsrgeeHMi8vJdK5w2Tmhi2pA+oV01EmBojF9RuD/1 JEA2/iE3wGDWl8QlX+Zu9vs0cBBbDAWRC+kzDT8QZRWbet0dJoKDmGnJ4u2wM9/jtjjQSwQ+ FmmDlIAkMinHHjaJ0z0wwxdzwITrGagiAO3yjV1l3ciqa/X0CHVwuvkfQYKISYRHDgk3Qqqe NbryYxHFEGzJxAkjh6k+Vr3y8057OxkIm/fTF0JNyn6Imd+U7eh47+LYspB8pQt4m1cVOWxZ 0zfS6ao+UNLlXO+WTIAm3ZnKmLP2N2xhRFxhWODIWwmqXPYfZs13hLD/JnGQvUX2DMaRS5+g D2RB16mPtDv88/H8vWL+u24SW+lUYVeNCfxyobV/juy+2xnG1u7kuq0i/XoFAE71Wnw0NwgB kCq5F7sJ5Lm0ai3K7ctbkB2BVLmrc53AIZvuoQ1jZAUn3Mdg9/GmBhP2Xe2OtJd16XkaXMLT jNe2N/Z7j/u30h7J26IzYb0BT2Nh9FsbN6gbiYKyzowuopUXbyM4uUOzk4X6hKo6Bjcav9nk nIBxOsyvTQE1voRtlNlzz3BUOtPWxAJZWq2y0vOt5fk8O1WfDr9L+T2jhEl24n/VPfa5VgNP RSxMpY6QX0usIMmaAiKiDurrdu8MNjIMYBN6FvOz0aG37ATcNVrzrILnXY1Zji75CFjkr9hy 0QphMHf3sDPKn0xrv3lREcCa3utIZtUo2+ljL4CzJ/Oj8b2QconSnNTG8GxBfOwTGBL6q+hb lfSVmV68jDCR9+9VUee8Bs09SqeVcD2cSjNdD9Biow9DBiFeB4F2V5SAWV8x89jUFjtnZ2pc V8ltGpIuBii8UoKkbgub16mAwK97E++YzMwAvBzNTJw6QdPrwfQOM2atKdoGj1Au4emp0qLI 3CaYAJBCScIXFaFDhbtJOvm496I6OWeCuekSpmGKbyTtexTUeuJzpOzw8Nn+TiLLMCGInhlC bUyxENCWXlzH8mRlS8ITmQbkCfEbsjToxnZmGU/tsek7PHiQx7i/6OKArpWdNFholW43frFO OmXiyJ0bz1f09JExHPFzqQewE9HiyxqcGrIc/xIvirMQaTM365PWkRDOmUjaY0Rsf16glQeX KyTwsn43bN5kPMvXlJMVFi739qsedRPOWa2clXOGEeMMr2CYzzN2cD+J62mGtgyxK1ZsQO9v TGDHgrtJDOGwnP5Xg6uPPsKiCyBOw12t4S0cxIrAm/mBoGDCFXzIJpsgDs6zKdhzGvNLnIZO CNgflllq7SR6WZcjKw6FTAcqHViKuaAlmCS6OySefN0+bN7Ry9zkexd+nEzzbBYuTpFSPJCk yzXttdyoluin4FnKxJiWRtK7zJF3ceF4RgkNqLe+Z1NH33D+UBVhY1/IxsPrtphTNbovvIJo jAqvKP1MjZLtdzOr5N0Og==
Ironport-sdr: 651bde59_I4gtxfIt/kyRHLlyAnsmPa9do5RteKZMF9KchTkMsl6pHrX Qvr7zYB4kFioIwbG9XoBO/IB691uE7imYKNRKtg==

On Mon, Oct 2, 2023 at 8:02 PM Frederic Fort <frederic.fort AT inria.fr> wrote:

Hello,

I am trying to prove the some facts about the type system of a simple Lambda calculus. However, I struggle to prove the transitivity of the subtype relation.
I have seen in papers that certain people simply "axiomatize" properties like transitivity and reflexivity by defining specific rules for these properties.
However, I find this inelegant as this makes proofs in other places more "cluttered" due to the additional constructors.
I have a few proofs that work fine. For transitivity however, I am stuck.
I have tried all kinds of (dependent) induction approaches, but I am generally stuck either because Coq requires me to prove that the unit type is a subtype of a function type or because the induction hypothesis doesn't take into account that subtyping of function input types is in the "opposite direction".

I suppose that there is some "Coq trick" that I am unfamiliar with (maybe I have to define a custom induction scheme ?).

If you try to do the proof on paper (like you should when you're getting stuck), you'll see that it is already non-trivial. So, there's no "Coq trick" specifically, just finding the correct proof.

The solution is to do a structural induction on the middle type t2, followed by inversion on the t1 <: t2 and t2 <: t3 hypotheses.

Lemma trans:
forall t1 t2 t3,
typeSub t1 t2 -> typeSub t2 t3 -> typeSub t1 t3.
Proof.
intros t1 t2; revert t2 t1.
induction t2; intros t1 t3 HSubL HSubR; inversion HSubL; inversion HSubR; econstructor; eauto.
Qed.

Why the middle type t2? Because it's the only form that gives you an induction hypothesis usable with contravariance, which swaps the roles of t1 and t3.

There's a lot more details in the POPLmark challenge, but since it uses a much more complicated subtyping relation, the proof is much more complex. First, transitivity and weakening must be proved simultaneously. Second, in some encodings of bound variables, recursion is not always on a subterm of t2 but on a freshened-up subterm of t2, so the proof is no longer by induction on the structure of t2, but can still be done by induction on the size of t2.

Hope this helps,

- Xavier Leroy

Or maybe it is actually impossible to prove transitivity like that.

If somebody could show me what I am missing, I'd be grateful.

Yours sincerely,
Frédéric Fort

Here are my definitions:
Inductive expr :=
| Unt
| Var (n : nat)
| Lam (v : nat) (e : expr)
| App (f : expr) (arg : expr)
.
Inductive type :=
| TUnit
| TFun (tin tout : type)
.

Inductive typeSub : type -> type -> Prop :=
| SubTUnit : typeSub TUnit TUnit
| SubTFun : forall ti1 to1 ti2 to2, typeSub ti2 ti1 -> typeSub to1 to2 -> typeSub (TFun ti1 to1) (TFun ti2 to2)
.

Lemma refl:
forall t, typeSub t t.
Proof.
intros.
induction t; constructor; auto.
Qed.

Lemma sub_is_eq:
forall t1 t2, typeSub t1 t2 -> t1 = t2.
Proof.
intros.
induction H.
- reflexivity.
- rewrite IHtypeSub1. rewrite IHtypeSub2. reflexivity.
Qed.

Lemma trans:
forall t1 t2 t3,
typeSub t1 t2 -> typeSub t2 t3 -> typeSub t1 t3.
Proof.
intros t1 t2 t3 HSubL HSubR.
Admitted.

[Coq-Club] Proving transitiviy of simple type system, Frederic Fort, 10/02/2023
- Re: [Coq-Club] Proving transitiviy of simple type system, Jason Hu, 10/02/2023
- Re: [Coq-Club] Proving transitiviy of simple type system, Lasse Blaauwbroek, 10/02/2023
  - Re: [Coq-Club] Proving transitiviy of simple type system, Frederic Fort, 10/02/2023
    - Re: [Coq-Club] Proving transitiviy of simple type system, Jason Hu, 10/02/2023
- Re: [Coq-Club] Proving transitiviy of simple type system, Jean-Marie Madiot, 10/02/2023
  - Re: [Coq-Club] Proving transitiviy of simple type system, Lasse Blaauwbroek, 10/03/2023
    - Re: [Coq-Club] Proving transitiviy of simple type system, Jason Hu, 10/03/2023
      - Re: [Coq-Club] Proving transitiviy of simple type system, Lasse Blaauwbroek, 10/03/2023
- Re: [Coq-Club] Proving transitiviy of simple type system, Thorsten Altenkirch, 10/03/2023
- Re: [Coq-Club] Proving transitiviy of simple type system, Xavier Leroy, 10/03/2023