• Mechanization of decidable type conversion with surjective pairing
  • Quick start
  • Properties proven in the paper
    • Section 2
    • Section 3
    • Section 4
    • Section 5

Mechanization of decidable type conversion with surjective pairing

This repository contains a mechanized proof of decidable type conversion for a dependent type theory with a cumulative universe hierarchy, subtyping (contravariant on functions), natural numbers with an induction principle, aud $\eta$-laws for functions and pairs.

Unlike existing mechanizations, our proof uses the confluence of untyped $\beta\eta$-reduction for the inductively defined set of strongly-normalizing terms by Raamsdonk and Severi's paper On normalisation.

We prove the correctness result syntactically using strong normalization of well-typed terms and $\beta\eta$-confluence. The logical predicate is untyped and minimal since we only need it to be adequate to show normalization.

Quick start

Inside a fresh opam switch, run the following commands to install the required dependencies.

opam update
opam install -y coq-hammer-tactics coq-equations coq-stdpp coq-autosubst-ocaml
eval $(opam env)

After the dependencies are installed, run the following command to validate the proof development. The -j2 flag allows make to validate up to 2 files in parallel. You can pass in a bigger number if your CPU has more available cores.

make -j2

The termination proof can be brittle because we expect the inversion to produce the subproofs of the domain relation that make the termination checker happy.

Here are the versions of the Rocq packages that are known to work.

• coq 8.20.1
• coq-stdpp 1.11.0
• coq-hammer-tactics 1.3.2
• coq-autosubst-ocaml 1.1
• coq-equations 1.3.1

Note that if you don't plan to modify and regenerate the syntax.v file from syntax.sig using autosubst, you can choose not to install coq-autosubst-ocaml. However, you need to be careful not to accidentally run make clean, which will delete the auto-generated syntax files.

Properties proven in the paper

Section 2

Lemma 2.1 (context regularity)

structural.v, wff_mutual

Lemma 2.2 (generation)

structural.v, admissible.v, *_Inv

Lemma 2.3 (weakening)

structural.v, renaming

Lemma 2.4 (substitution)

structural.v, substitution

Lemma 2.5 (subject reduction)

preservation.v, RRed_Eq, subject_reduction

Lemma 2.6 (regularity)

structural.v, regularity

Section 3

Lemma 3.1

fp_red.v, RRed.nf_imp

Lemma 3.3

fp_red.v, ERed.nf_preservation

Lemma 3.4

fp_red.v, LoReds.FromSN_mutual

Lemma 3.5 (no stuck terms)

fp_red.v, SN_NoForbid.*_imp

Lemma 3.6 (sn renaming)

fp_red.v, sn_renaming

Lemma 3.7 (sn antisubstitution)

fp_red.v, sn_unmorphing

Lemma 3.8 (sn inversion)

fp_red.v, SN_NoForbid.P_*Inv

Lemma 3.9 (sn preservation)

fp_red.v, RERed.sn_preservation, epar_sn_preservation, red_sn_preservation

Lemma 3.10 (nonelim and elim)

fp_red.v, R_nonelim_nothf, R_elim_nonelim

Lemma 3.11 (restrictive-$\eta$ and normal form)

fp_red.v, R_elim_nf

Lemma 3.12 ($\eta$-decomposition)

fp_red.v, η_split

Lemma 3.13 ($\eta$-postponement)

fp_red.v, eta_postponement

Corollary 3.1 (strengthened $\eta$-postponement)

fp_red.v, eta_postponement_star'

Corollary 3.2 ($\eta$-postponement for normal forms)

fp_red.v, standardization

Lemma 3.14 (confluence for $\beta$)

fp_red.v, red_confluence

Lemma 3.15 (confluence for $\eta$)

fp_red.v, ered_confluence

Theorem 3.1 (confluence for $\beta\eta$

fp_red.v, rered_confluence

Lemma 3.16 (transitivity of joinability)

fp_red.v, DJoin.transitive

Lemma 3.17 (injectivity of joinability)

fp_red.v, DJoin.hne_app_inj, DJoin.hne_proj_inj

Lemma 3.18 (transitivity of one-step subtyping)

fp_red.v, Sub1.transitive

Lemma 3.19 (commutativity of one-step subtyping)

fp_red.v, Sub1.commutativity0

Lemma 3.20 (one-step subtyping preserves sn)

fp_red.v, Sub1.sn_preservation

Corollary 3.3 (transitivity of untyped subtyping)

fp_red.v, Sub.transitive

Lemma 3.21 (noconfusion for untyped subtyping)

fp_red.v, Sub.*_noconf

Lemma 3.22 (untyped injectivity of type constructors)

fp_red.v, Sub.*_inj

Lemma 3.23 (adequacy)

logrel.v, adequacy

Lemma 3.24 (backward closure)

logrel.v, InterpUniv_back_clos

Lemma 3.25 (logical predicate cases)

logrel.v, InterpUniv_case

Lemma 3.26 (logical predicate is preserved by subtyping)

logrel.v, InterpUniv_Sub0

Lemma 3.4 (logical predicate is preserved by subtyping)

logrel.v, InterpUniv_Sub0

Corollary 3.4 (logical predicate is functional)

logrel.v, InterpUniv_Functional

Lemma 3.27 (logical predicate is cumulative)

logrel.v, InterpUniv_cumulative

Lemma 3.28 (semantic weakening)

logrel.v, weakening_Sem

Lemma 3.29 (semantic substitution)

logrel.v, morphing_SemWt

Lemma 3.30 (structural rules for semantic well-formedness)

logrel.v, SemWff

Theorem 3.2 (fundamental theorem)

soundness.v, fundamental_theorem

Corollary 3.6 (completeness of reduce-and-compare)

soundness.v, synsub_to_usub

Section 4

Lemma 4.1 ($\Pi$-subtyping)

logrel.v, Sub_Bind_Inv{L,R}

Lemma 4.2 (univ-subtyping)

logrel.v, Sub_Univ_Inv{L,R}

Lemma 4.3 (soundness for algorithmic equality)

algorithmic.v, coqeq_sound_mutual

Lemma 4.4 (soundness for algorithmic subtyping)

algorithmic.v, coqleq_sound_mutual

Lemma 4.5 (metric implies domain)

algorithmic.v, sn_term_metric

Lemma 4.6 (termination of Coquand's algorithm)

executable.v, check_sub

Lemma 4.7 (completeness of Coquand's algorithm)

algorithmic.v, coqeq_complete'

Lemma 4.8 (completeness of Coquand's algorithmic subtyping)

algorithmic.v, coqleq_complete'

Section 5

Proposition 5.1

cosn.v Safe_NoForbid