Yiyun Liu
b9f165045a
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
|
||
|---|---|---|
| theories | ||
| .gitignore | ||
| .woodpecker.yaml | ||
| _CoqProject | ||
| Makefile | ||
| README.org | ||
| syntax.sig | ||
Mechanization of decidable type conversion with surjective pairing
This repository contains a mechanized proof of decidable type conversion for a dependent type theory with a cumulative universe hierarchy, subtyping (contravariant on functions), natural numbers with an induction principle, aud $\eta$-laws for functions and pairs.
Unlike existing mechanizations, our proof uses the confluence of untyped $\beta\eta$-reduction for the inductively defined set of strongly-normalizing terms by Raamsdonk and Severi's paper On normalisation.
We prove the correctness result syntactically using strong normalization of well-typed terms and $\beta\eta$-confluence. The logical predicate is untyped and minimal since we only need it to be adequate to show normalization.
Quick start
Inside a fresh opam switch, run the following commands to install
the required dependencies.
opam update
opam install -y coq-hammer-tactics coq-equations coq-stdpp coq-autosubst-ocaml
eval $(opam env)
After the dependencies are installed, run the following command to
validate the proof development. The -j2 flag allows make to
validate up to 2 files in parallel. You can pass in a bigger number if
your CPU has more available cores.
make -j2
The termination proof can be brittle because we expect the inversion
to produce the subproofs of the domain relation that make the termination checker happy.
Here are the versions of the Rocq packages that are known to work.
- coq 8.20.1
- coq-stdpp 1.11.0
- coq-hammer-tactics 1.3.2
- coq-autosubst-ocaml 1.1
- coq-equations 1.3.1
Note that if you don't plan to modify and regenerate the syntax.v
file from syntax.sig using autosubst, you can choose not to install coq-autosubst-ocaml.
However, you need to be careful not to accidentally run make clean,
which will delete the auto-generated syntax files.
Properties proven in the paper
Section 2
- Lemma 2.1 (context regularity)
- structural.v,
wff_mutual - Lemma 2.2 (generation)
- structural.v, admissible.v,
*_Inv - Lemma 2.3 (weakening)
- structural.v,
renaming - Lemma 2.4 (substitution)
- structural.v,
substitution - Lemma 2.5 (subject reduction)
- preservation.v,
RRed_Eq,subject_reduction - Lemma 2.6 (regularity)
- structural.v,
regularity
Section 3
- Lemma 3.1
- fp_red.v,
RRed.nf_imp - Lemma 3.3
- fp_red.v,
ERed.nf_preservation - Lemma 3.4
- fp_red.v,
LoReds.FromSN_mutual - Lemma 3.5 (no stuck terms)
- fp_red.v,
SN_NoForbid.*_imp - Lemma 3.6 (sn renaming)
- fp_red.v,
sn_renaming - Lemma 3.7 (sn antisubstitution)
- fp_red.v,
sn_unmorphing - Lemma 3.8 (sn inversion)
- fp_red.v,
SN_NoForbid.P_*Inv - Lemma 3.9 (sn preservation)
- fp_red.v,
RERed.sn_preservation,epar_sn_preservation,red_sn_preservation - Lemma 3.10 (nonelim and elim)
- fp_red.v,
R_nonelim_nothf,R_elim_nonelim - Lemma 3.11 (restrictive-$\eta$ and normal form)
- fp_red.v,
R_elim_nf - Lemma 3.12 ($\eta$-decomposition)
- fp_red.v,
η_split - Lemma 3.13 ($\eta$-postponement)
- fp_red.v,
eta_postponement - Corollary 3.1 (strengthened $\eta$-postponement)
- fp_red.v,
eta_postponement_star' - Corollary 3.2 ($\eta$-postponement for normal forms)
- fp_red.v,
standardization - Lemma 3.14 (confluence for $\beta$)
- fp_red.v,
red_confluence - Lemma 3.15 (confluence for $\eta$)
- fp_red.v,
ered_confluence - Theorem 3.1 (confluence for $\beta\eta$
- fp_red.v,
rered_confluence - Lemma 3.16 (transitivity of joinability)
- fp_red.v,
DJoin.transitive - Lemma 3.17 (injectivity of joinability)
- fp_red.v,
DJoin.hne_app_inj,DJoin.hne_proj_inj - Lemma 3.18 (transitivity of one-step subtyping)
- fp_red.v,
Sub1.transitive - Lemma 3.19 (commutativity of one-step subtyping)
- fp_red.v,
Sub1.commutativity0 - Lemma 3.20 (one-step subtyping preserves sn)
- fp_red.v,
Sub1.sn_preservation - Corollary 3.3 (transitivity of untyped subtyping)
- fp_red.v,
Sub.transitive - Lemma 3.21 (noconfusion for untyped subtyping)
- fp_red.v,
Sub.*_noconf - Lemma 3.22 (untyped injectivity of type constructors)
- fp_red.v,
Sub.*_inj - Lemma 3.23 (adequacy)
- logrel.v,
adequacy - Lemma 3.24 (backward closure)
- logrel.v,
InterpUniv_back_clos - Lemma 3.25 (logical predicate cases)
- logrel.v,
InterpUniv_case - Lemma 3.26 (logical predicate is preserved by subtyping)
-
logrel.v,
InterpUniv_Sub0 - Lemma 3.4 (logical predicate is preserved by subtyping)
- logrel.v,
InterpUniv_Sub0 - Corollary 3.4 (logical predicate is functional)
- logrel.v,
InterpUniv_Functional - Lemma 3.27 (logical predicate is cumulative)
- logrel.v,
InterpUniv_cumulative - Lemma 3.28 (semantic weakening)
- logrel.v,
weakening_Sem - Lemma 3.29 (semantic substitution)
- logrel.v,
morphing_SemWt - Lemma 3.30 (structural rules for semantic well-formedness)
- logrel.v,
SemWff - Theorem 3.2 (fundamental theorem)
- soundness.v,
fundamental_theorem - Corollary 3.6 (completeness of reduce-and-compare)
- soundness.v,
synsub_to_usub
Section 4
- Lemma 4.1 ($\Pi$-subtyping)
- logrel.v,
Sub_Bind_Inv{L,R} - Lemma 4.2 (univ-subtyping)
- logrel.v,
Sub_Univ_Inv{L,R} - Lemma 4.3 (soundness for algorithmic equality)
- algorithmic.v,
coqeq_sound_mutual - Lemma 4.4 (soundness for algorithmic subtyping)
- algorithmic.v,
coqleq_sound_mutual - Lemma 4.5 (metric implies domain)
- algorithmic.v,
sn_term_metric - Lemma 4.6 (termination of Coquand's algorithm)
- executable.v,
check_sub - Lemma 4.7 (completeness of Coquand's algorithm)
- algorithmic.v,
coqeq_complete' - Lemma 4.8 (completeness of Coquand's algorithmic subtyping)
- algorithmic.v,
coqleq_complete'
Section 5
- Proposition 5.1
- cosn.v
Safe_NoForbid