Tutorial Equations: well-founded recursion #8
Conversation
…into tuto-equations-wf
|
The tutorial is now ready to be reviewed. It :
|
There was a problem hiding this comment.
I've found this tuto a bit more messy than the previous one. I feel my main issues were the following.
There is a lot of knowledge which is not specifically about well-founded induction, but rather about how to generally go about the obligation mechanism. They are scattered through the tutorial as things go, which makes them not so visible. Maybe having a self-contained presentation of this mechanism (Equation vs Equations?, printing and (locally) changing the obligation tactic, printing the obligations with Obligations, being careful that no obligations are left, etc.), either in this tutorial, in the one of Equations' basics, or a self-contained one.
I found the presentation of well-founded induction unclear: the first example, last, is a very specific limitation of the guard-checker of Coq, but it is really at the border, and thus not very enlightening. The examples of nubBy or gcd, which require non-trivial reasoning, are more to the point. Ackerman is nice to introduce lexical ordering, but I feel like this can come slightly later. I would rather start by using a measure with the well-founded order lt on nat (which btw Equation picks by default if you write only by wf (length l)), and introduce lexical order in a second time as a more advanced example. Also, I'm not sure a reader would be able to understand the current 1.1 if they do not already have heard about proofs of termination for functions, well-founded orders, etc.
I know it was a frustrating experience in the writing of the tutorial, and that it's good to give users ways to circumvent issues when they pop up rather than pretending everything is fine, but I feel a lot of cognitive load in 1.2 is spent of funelim and rewrite going wrong. This somehow deflects from the "main point" of the tutorial into subtle, more advanced issues.
Also, a few suggestions on more things that might be useful to have in this tutorial:
- usage of
mapand friends which remember which list an element was in (something similar in spirit to theinspectpattern, see for instance here and here) - using the database [WellFounded], possibly in combination with
Deriveto obtain the subterm relation and an automatic proof that it is well-founded. Very useful for well-founded induction which is more or less structural but more complicated than what the guard detects (for instance, if one want to do thelastexample without resorting tolengthbut directly by a well-founded order on lists)
It's a long review with a lot of comments, but I must say this tuto is still a nice step in the right direction of making Equations more accessible!
|
The comment's are good and I'll look into them. An issue I have is that I lack simple examples. Would you have some to share @MevenBertrand ? In particular, would you have a good example for
|
Co-authored-by: Meven Lennon-Bertrand <[email protected]>
|
Also the issue with ack in 1.2 is that it is supposed to be basic and yet it doesn't work as you would expect. |
|
For your first question: maybe you can show how to do Re: |
-> Seperate section 1 in two sections "Intro to wf" and "wf and Equations" -> Remove the last example from the file, and ack from 1.2 -> Remove content that is now in tuto obligations
|
@MevenBertrand could you review the file tutorial about obligations and tell me if it is looks good to you ? |
src/Tutorial_Equations_Obligations.v
Outdated
|
|
||
| Therefore, we would much rather like to build our terms using the proof mode. | ||
| This is exactly what [Program] and obligations enables us to do. | ||
| At every point in a definition, it enables us: |
There was a problem hiding this comment.
| At every point in a definition, it enables us: | |
| At every point in a definition, it allows us to: |
There was a problem hiding this comment.
The structure of the list is a bit strange, the "allow to" really only applies to the first item. Maybe try to rephrase?
Co-authored-by: Meven Lennon-Bertrand <[email protected]>
…into tuto-equations-wf
src/Tutorial_Equations_wf.v
Outdated
| In the following, we assume basic knowledge of obligations as discussed | ||
| in the (short) tutorial Equations: obligations. | ||
|
|
||
| ** 2.1 Using a size argument |
There was a problem hiding this comment.
Instead of framing the 2.1 and 2.2 examples as "size vs measure" I think it would be clearer to only talk about "measure", then 2.1 gives a simple example (where the measure depends on one argument), and 2.2 shows that the measure can depend on all of the arguments.
There was a problem hiding this comment.
I was thinking about it and hesitating. I'll do that, thanks.
|
Ready to be reviewed again |
src/Tutorial_Equations_wf.v
Outdated
| the obligation [sizeRT l < 1 + list_sum (map sizeRT lt0)] corresponding to | ||
| the case where [lt := l :: _]. | ||
| This is obviously true, but we are stuck trying to prove it as we do not | ||
| remember that [l] in in [lt]: |
There was a problem hiding this comment.
| remember that [l] in in [lt]: | |
| remember that [l] is in [lt]: |
src/Tutorial_Equations_wf.v
Outdated
| Proof. | ||
| simp sizeRT. | ||
| (* What to do know ? We have forgotten that x is in l, | ||
| and hence that sizeRT l < 1 + list_sum (map sizeRT l0) *) |
There was a problem hiding this comment.
| and hence that sizeRT l < 1 + list_sum (map sizeRT l0) *) | |
| and hence that sizeRT l < 1 + list_sum (map sizeRT lt) *) |
Co-authored-by: Meven Lennon-Bertrand <[email protected]>
Co-authored-by: Meven Lennon-Bertrand <[email protected]>
| Hence, when there is no obligation proof mode is open for nothing, and | ||
| has to be closed by hand using [Qed] or [Defined] as it can be seen below. | ||
| As it is easy to forget, a warning is raised. | ||
| *) |
There was a problem hiding this comment.
So I have asked and it does enable a better control, btw that is one of the advantage of Next obligation compared to Equation?, but I would rather not talk about it as it is really advanced.
src/Tutorial_Equations_wf.v
Outdated
|
|
||
| (** Knowing that the previous booleans have been [false] enables us to prove | ||
| that [R] is well-founded when combined with [h]. | ||
| We omit the proof here because it is a bit long, and not very interesting |
There was a problem hiding this comment.
I am not what is the interrest here. To me it was showing of to declare and use a wf, not how to prove it is wf
|
@MevenBertrand could you review the last commit. If all is good for you I'll merge. |
Co-authored-by: Meven Lennon-Bertrand <[email protected]>
Co-authored-by: Meven Lennon-Bertrand <[email protected]>
A tutorial explaining how to use Equations to define functions by well-founded recursion, and how to reason about such functions.
There is left to :
Find a good examples for subterm relation, section 2.1