![Page 1: Coq 8.5 at work - IRIFsozeau/research/publications/Coq_8...Coq 8.5 IA year of beta-testing (3 betas), due to cross-cutting, \deep" features. IMany improvments in interaction, semantics](https://reader034.vdocument.in/reader034/viewer/2022042222/5ec9201b63190d714930b1a8/html5/thumbnails/1.jpg)
Coq 8.5 at workM. Sozeau, M. Denes – Inria
CoqPLJanuary 23rd 2016St Petersburg, FL
![Page 2: Coq 8.5 at work - IRIFsozeau/research/publications/Coq_8...Coq 8.5 IA year of beta-testing (3 betas), due to cross-cutting, \deep" features. IMany improvments in interaction, semantics](https://reader034.vdocument.in/reader034/viewer/2022042222/5ec9201b63190d714930b1a8/html5/thumbnails/2.jpg)
Announcement
Coq 8.5 is released (at last)!
coq.inria.fr/coq-85
Coq 8.5 at work – M. Sozeau, M. Denes 2
![Page 3: Coq 8.5 at work - IRIFsozeau/research/publications/Coq_8...Coq 8.5 IA year of beta-testing (3 betas), due to cross-cutting, \deep" features. IMany improvments in interaction, semantics](https://reader034.vdocument.in/reader034/viewer/2022042222/5ec9201b63190d714930b1a8/html5/thumbnails/3.jpg)
Coq 8.5
I A year of beta-testing (3 betas), due to cross-cutting, “deep”features.
I Many improvments in interaction, semantics of the new proofengine constructs and usability of universes.
I More external contributions than ever: pull requests arewelcome!
Next episode: code streamlining, tactics and interface accessibility.Expected deprecation of features and factoring of similarfunctionalities.
Coq 8.5 at work – M. Sozeau, M. Denes 3
![Page 4: Coq 8.5 at work - IRIFsozeau/research/publications/Coq_8...Coq 8.5 IA year of beta-testing (3 betas), due to cross-cutting, \deep" features. IMany improvments in interaction, semantics](https://reader034.vdocument.in/reader034/viewer/2022042222/5ec9201b63190d714930b1a8/html5/thumbnails/4.jpg)
Coq 8.5 at work
1 Coq 8.5 featuresIncremental development – E. TassiNew proof engine – A. SpiwackUniverse polymorphism – M. SozeauNative compilation – M. Denes & B. GregoireFast record projections – M. SozeauMisc – Coq dev team & contributorsopam
Performance
2 Coq future
3 Focus on universe polymorphism
Coq 8.5 at work – M. Sozeau, M. Denes 4
![Page 5: Coq 8.5 at work - IRIFsozeau/research/publications/Coq_8...Coq 8.5 IA year of beta-testing (3 betas), due to cross-cutting, \deep" features. IMany improvments in interaction, semantics](https://reader034.vdocument.in/reader034/viewer/2022042222/5ec9201b63190d714930b1a8/html5/thumbnails/5.jpg)
Incremental developmentEnrico Tassi
Coq 8.5 at work – M. Sozeau, M. Denes 5
![Page 6: Coq 8.5 at work - IRIFsozeau/research/publications/Coq_8...Coq 8.5 IA year of beta-testing (3 betas), due to cross-cutting, \deep" features. IMany improvments in interaction, semantics](https://reader034.vdocument.in/reader034/viewer/2022042222/5ec9201b63190d714930b1a8/html5/thumbnails/6.jpg)
Incremental development – E. Tassi
Asynchronous and parallel processing of definitions. Separatecompilation.
Huge gain in user productivity.
–/++ Not optional, backwards-compatible
+++ Faster interaction and parallel compilation
Coq 8.5 at work – M. Sozeau, M. Denes 6
![Page 7: Coq 8.5 at work - IRIFsozeau/research/publications/Coq_8...Coq 8.5 IA year of beta-testing (3 betas), due to cross-cutting, \deep" features. IMany improvments in interaction, semantics](https://reader034.vdocument.in/reader034/viewer/2022042222/5ec9201b63190d714930b1a8/html5/thumbnails/7.jpg)
New proof engineArnaud Spiwack
Coq 8.5 at work – M. Sozeau, M. Denes 7
![Page 8: Coq 8.5 at work - IRIFsozeau/research/publications/Coq_8...Coq 8.5 IA year of beta-testing (3 betas), due to cross-cutting, \deep" features. IMany improvments in interaction, semantics](https://reader034.vdocument.in/reader034/viewer/2022042222/5ec9201b63190d714930b1a8/html5/thumbnails/8.jpg)
New proof engine – A. Spiwack
Expressive and clear proof-search semantics, dependent subgoals,managment of subgoals.
–/++ Not optional, backwards-compatibility layer
–/+ 0-15% time overhead, unnoticeable as the rest of the systemgot faster/Opportunities to have faster primitive tactics
Coq 8.5 at work – M. Sozeau, M. Denes 8
![Page 9: Coq 8.5 at work - IRIFsozeau/research/publications/Coq_8...Coq 8.5 IA year of beta-testing (3 betas), due to cross-cutting, \deep" features. IMany improvments in interaction, semantics](https://reader034.vdocument.in/reader034/viewer/2022042222/5ec9201b63190d714930b1a8/html5/thumbnails/9.jpg)
Universe polymorphismMatthieu Sozeau
Coq 8.5 at work – M. Sozeau, M. Denes 9
![Page 10: Coq 8.5 at work - IRIFsozeau/research/publications/Coq_8...Coq 8.5 IA year of beta-testing (3 betas), due to cross-cutting, \deep" features. IMany improvments in interaction, semantics](https://reader034.vdocument.in/reader034/viewer/2022042222/5ec9201b63190d714930b1a8/html5/thumbnails/10.jpg)
Universe polymorphism – M. Sozeau
Truly polymorphic definitions and inductives, cleaner kernel.
=/++ Kernel change - impacts the ML hacker only.Backwards-compatibility layer.
=+/+ Comparable or better performance, more expressive
Coq 8.5 at work – M. Sozeau, M. Denes 10
![Page 11: Coq 8.5 at work - IRIFsozeau/research/publications/Coq_8...Coq 8.5 IA year of beta-testing (3 betas), due to cross-cutting, \deep" features. IMany improvments in interaction, semantics](https://reader034.vdocument.in/reader034/viewer/2022042222/5ec9201b63190d714930b1a8/html5/thumbnails/11.jpg)
Native compilationMaxime Denes & Benjamin Gregoire
Coq 8.5 at work – M. Sozeau, M. Denes 11
![Page 12: Coq 8.5 at work - IRIFsozeau/research/publications/Coq_8...Coq 8.5 IA year of beta-testing (3 betas), due to cross-cutting, \deep" features. IMany improvments in interaction, semantics](https://reader034.vdocument.in/reader034/viewer/2022042222/5ec9201b63190d714930b1a8/html5/thumbnails/12.jpg)
Native compilation – M. Denes & B. Gregoire
FourColor RecNoAllocLucas Cooper
20
40
60
80
100100 100100 100
25
7
38
20178
23
Rel
ativ
eti
me
(%)
VM Native Extracted
Coq 8.5 at work – M. Sozeau, M. Denes 12
![Page 13: Coq 8.5 at work - IRIFsozeau/research/publications/Coq_8...Coq 8.5 IA year of beta-testing (3 betas), due to cross-cutting, \deep" features. IMany improvments in interaction, semantics](https://reader034.vdocument.in/reader034/viewer/2022042222/5ec9201b63190d714930b1a8/html5/thumbnails/13.jpg)
Native compilation – M. Denes & B. Gregoire
Down to assembly through OCaml.Useful for large reflection proofs.
+ Optional
++/– Faster at runtime, compilation is slow
Coq 8.5 at work – M. Sozeau, M. Denes 13
![Page 14: Coq 8.5 at work - IRIFsozeau/research/publications/Coq_8...Coq 8.5 IA year of beta-testing (3 betas), due to cross-cutting, \deep" features. IMany improvments in interaction, semantics](https://reader034.vdocument.in/reader034/viewer/2022042222/5ec9201b63190d714930b1a8/html5/thumbnails/14.jpg)
Fast record projectionsMatthieu Sozeau
Coq 8.5 at work – M. Sozeau, M. Denes 14
![Page 15: Coq 8.5 at work - IRIFsozeau/research/publications/Coq_8...Coq 8.5 IA year of beta-testing (3 betas), due to cross-cutting, \deep" features. IMany improvments in interaction, semantics](https://reader034.vdocument.in/reader034/viewer/2022042222/5ec9201b63190d714930b1a8/html5/thumbnails/15.jpg)
Fast record projections – M. Sozeau
Faster conversion and type-checking, smaller memory footprint.
+/+– Optional, backwards-compatibility layer, small source-levelincompatibilities.
+ω Exponentially better performance
Coq 8.5 at work – M. Sozeau, M. Denes 15
![Page 16: Coq 8.5 at work - IRIFsozeau/research/publications/Coq_8...Coq 8.5 IA year of beta-testing (3 betas), due to cross-cutting, \deep" features. IMany improvments in interaction, semantics](https://reader034.vdocument.in/reader034/viewer/2022042222/5ec9201b63190d714930b1a8/html5/thumbnails/16.jpg)
Misc – Coq dev team & contributors
I Interfaces, documentation, and OCaml best practices (P.M.Pedrot, . . .).
I Tactics in terms (P.M. Pedrot)
I Module system simplifications (P. Letouzey)
I Tactic improvements (e.g. intro patterns) (H. Herbelin, P.Letouzey, . . . )
I More expressive guard condition (P. Boutillier, H.Herbelin)
I Rewriting with strategies (M. Sozeau)
Coq 8.5 at work – M. Sozeau, M. Denes 16
![Page 17: Coq 8.5 at work - IRIFsozeau/research/publications/Coq_8...Coq 8.5 IA year of beta-testing (3 betas), due to cross-cutting, \deep" features. IMany improvments in interaction, semantics](https://reader034.vdocument.in/reader034/viewer/2022042222/5ec9201b63190d714930b1a8/html5/thumbnails/17.jpg)
opam
I Coq, any version, git included
I Packages: Ssreflect, Mathematical Components,Containers, Coccinelle, Ergo, . . .
I Submit a pull request! Try! Test!
I Caution: recommended setup still in discussion.
opam.ocaml.org
https://github.com/coq/opam-coq-archive
Coq 8.5 at work – M. Sozeau, M. Denes 17
![Page 18: Coq 8.5 at work - IRIFsozeau/research/publications/Coq_8...Coq 8.5 IA year of beta-testing (3 betas), due to cross-cutting, \deep" features. IMany improvments in interaction, semantics](https://reader034.vdocument.in/reader034/viewer/2022042222/5ec9201b63190d714930b1a8/html5/thumbnails/18.jpg)
Performance
Through careful profiling, many hotspots identified and optimized(thanks to P.M. Pedrot).
I Performance closer to 8.3, despite the many new features:checking of universes, STM layer, more expressive proofengine.
I Hash-consing is used more pervasively: smaller memoryfootprint and proof objects.
Faster universe algorithm scheduled for next version (J.H.Jourdan).
Coq 8.5 at work – M. Sozeau, M. Denes 18
![Page 19: Coq 8.5 at work - IRIFsozeau/research/publications/Coq_8...Coq 8.5 IA year of beta-testing (3 betas), due to cross-cutting, \deep" features. IMany improvments in interaction, semantics](https://reader034.vdocument.in/reader034/viewer/2022042222/5ec9201b63190d714930b1a8/html5/thumbnails/19.jpg)
Coq future
1 Coq 8.5 features
2 Coq futureImproving the developmentCoq consortium
3 Focus on universe polymorphism
Coq 8.5 at work – M. Sozeau, M. Denes 19
![Page 20: Coq 8.5 at work - IRIFsozeau/research/publications/Coq_8...Coq 8.5 IA year of beta-testing (3 betas), due to cross-cutting, \deep" features. IMany improvments in interaction, semantics](https://reader034.vdocument.in/reader034/viewer/2022042222/5ec9201b63190d714930b1a8/html5/thumbnails/20.jpg)
Improving the development
Coq 8.5 showed the limits of the current development model.
We are working on improving the development process:
I Predictible short release cycles
I Opening up to external contributions
I Communicating on forthcoming evolutions
Coq 8.5 at work – M. Sozeau, M. Denes 20
![Page 21: Coq 8.5 at work - IRIFsozeau/research/publications/Coq_8...Coq 8.5 IA year of beta-testing (3 betas), due to cross-cutting, \deep" features. IMany improvments in interaction, semantics](https://reader034.vdocument.in/reader034/viewer/2022042222/5ec9201b63190d714930b1a8/html5/thumbnails/21.jpg)
Coq consortium
A consortium of academic and industrial users of Coq is beingbuilt. Its role will be:
I Coordinating the engineering effort on Coq
I Sharing resources
I Providing premium support to members
I Collecting annual membership fees and allocating resourcesthrough a steering committee of members
Contact [email protected]
Coq 8.5 at work – M. Sozeau, M. Denes 21
![Page 22: Coq 8.5 at work - IRIFsozeau/research/publications/Coq_8...Coq 8.5 IA year of beta-testing (3 betas), due to cross-cutting, \deep" features. IMany improvments in interaction, semantics](https://reader034.vdocument.in/reader034/viewer/2022042222/5ec9201b63190d714930b1a8/html5/thumbnails/22.jpg)
Universe Polymorphism
1 Coq 8.5 features
2 Coq future
3 Focus on universe polymorphismPolymorphic UniversesUniverse polymorphic definitionsUnificationMinimizationDealing with Prop
Coq 8.5 at work – M. Sozeau, M. Denes 22
![Page 23: Coq 8.5 at work - IRIFsozeau/research/publications/Coq_8...Coq 8.5 IA year of beta-testing (3 betas), due to cross-cutting, \deep" features. IMany improvments in interaction, semantics](https://reader034.vdocument.in/reader034/viewer/2022042222/5ec9201b63190d714930b1a8/html5/thumbnails/23.jpg)
Polymorphic Universes
I Allow generic developments over universe levels.
I As with typical ambiguity, can be made entirely implicit.
I Explicit mode for careful control of universe instances.
I Compatible with asynchronous checking of proofs and fastconversion algorithms (vm compute and native compute).
Coq 8.5 at work – M. Sozeau, M. Denes 23
![Page 24: Coq 8.5 at work - IRIFsozeau/research/publications/Coq_8...Coq 8.5 IA year of beta-testing (3 betas), due to cross-cutting, \deep" features. IMany improvments in interaction, semantics](https://reader034.vdocument.in/reader034/viewer/2022042222/5ec9201b63190d714930b1a8/html5/thumbnails/24.jpg)
Typical ambiguity
Working with explicit universe indices is cumbersome, annotationspervade definitions and proofs.
⇒ Allow typical ambiguity (first used by Russell in Principia).
Idea: write Type to mean any type that “fits” (keeps the systemconsistent).
I On paper: let the reader infer levels for universes and checkconsistency.
I On computer: let the computer infer levels and checkconsistency in the background.
Coq 8.5 at work – M. Sozeau, M. Denes 24
![Page 25: Coq 8.5 at work - IRIFsozeau/research/publications/Coq_8...Coq 8.5 IA year of beta-testing (3 betas), due to cross-cutting, \deep" features. IMany improvments in interaction, semantics](https://reader034.vdocument.in/reader034/viewer/2022042222/5ec9201b63190d714930b1a8/html5/thumbnails/25.jpg)
Floating universes
Formally, translate from anonymous Types to explicit Typeis.But in general many i’s can work!
Definition id (A : Type) (a : A) := a.
` id : Π(A : Type0), A→ A : Type1
or
` id : Π(A : Type1), A→ A : Type2
or . . . ?
⇒ universe variables
Coq 8.5 at work – M. Sozeau, M. Denes 25
![Page 26: Coq 8.5 at work - IRIFsozeau/research/publications/Coq_8...Coq 8.5 IA year of beta-testing (3 betas), due to cross-cutting, \deep" features. IMany improvments in interaction, semantics](https://reader034.vdocument.in/reader034/viewer/2022042222/5ec9201b63190d714930b1a8/html5/thumbnails/26.jpg)
Floating universes and constraints
Consistency ensured by giving an assignment of natural numbers touniverse variables, satisfying constraints. New judgment `float
Type-intro`float Γ (i, j ∈ L)
Γ `float Typei : Typej i < j
Type-prodΓ `float A : Typei Γ, x : A ` B : Typej
Γ `float Πx : A.B : Typek max(i, j) ≤ k
Coq 8.5 at work – M. Sozeau, M. Denes 26
![Page 27: Coq 8.5 at work - IRIFsozeau/research/publications/Coq_8...Coq 8.5 IA year of beta-testing (3 betas), due to cross-cutting, \deep" features. IMany improvments in interaction, semantics](https://reader034.vdocument.in/reader034/viewer/2022042222/5ec9201b63190d714930b1a8/html5/thumbnails/27.jpg)
Without polymorphism
Floating levels + cumulativity give a restricted form ofpolymorphism:
Definition id (A : Type) (a : A) := a
` id : Π(A : Typel), A→ A : Typel+1
⇒ l is not quantified at the definition level here, it is global:
6` id (Π(A : Typel), A→ A) id : τ
Because l + 1 6≤ l. However l can go “up” as far as required.
Coq 8.5 at work – M. Sozeau, M. Denes 27
![Page 28: Coq 8.5 at work - IRIFsozeau/research/publications/Coq_8...Coq 8.5 IA year of beta-testing (3 betas), due to cross-cutting, \deep" features. IMany improvments in interaction, semantics](https://reader034.vdocument.in/reader034/viewer/2022042222/5ec9201b63190d714930b1a8/html5/thumbnails/28.jpg)
With polymorphism
Real, bounded polymorphism:
Polymorphic Definition id (A : Type) (a : A) := a
idl : Π(A : Typel), A→ A
⇒ l is quantified at the definition level now and we can instantiateit at each application:
l < k `poly idk idl : Π(A : Typel), A→ A
Coq 8.5 at work – M. Sozeau, M. Denes 28
![Page 29: Coq 8.5 at work - IRIFsozeau/research/publications/Coq_8...Coq 8.5 IA year of beta-testing (3 betas), due to cross-cutting, \deep" features. IMany improvments in interaction, semantics](https://reader034.vdocument.in/reader034/viewer/2022042222/5ec9201b63190d714930b1a8/html5/thumbnails/29.jpg)
Constraint checking
Constraints are generated once at refinement time outside thekernel. The kernel just checks that the constraints are consistentand sufficient to typecheck the terms.
universe context Ψ ::=−→i � Θ
Elaboration in bidirectionl fashion:
I Inference: Γ; Ψ ` t ⇑ Ψ′ ` t′ : TI Checking: Γ; Ψ ` t ⇓ T Ψ′ ` t′ : T
Check-Typeθ ` Typei+1 ≤ T θ′
Γ;us � θ ` Type ⇓ T us, i � θ′ ` Typei : T
Coq 8.5 at work – M. Sozeau, M. Denes 29
![Page 30: Coq 8.5 at work - IRIFsozeau/research/publications/Coq_8...Coq 8.5 IA year of beta-testing (3 betas), due to cross-cutting, \deep" features. IMany improvments in interaction, semantics](https://reader034.vdocument.in/reader034/viewer/2022042222/5ec9201b63190d714930b1a8/html5/thumbnails/30.jpg)
Constraint checking
Constraints are generated once at refinement time outside thekernel. The kernel just checks that the constraints are consistentand sufficient to typecheck the terms.
universe context Ψ ::=−→i � Θ
Elaboration in bidirectionl fashion:
I Inference: Γ; Ψ ` t ⇑ Ψ′ ` t′ : TI Checking: Γ; Ψ ` t ⇓ T Ψ′ ` t′ : T
Check-Typeθ ` Typei+1 ≤ T θ′
Γ;us � θ ` Type ⇓ T us, i � θ′ ` Typei : T
Coq 8.5 at work – M. Sozeau, M. Denes 29
![Page 31: Coq 8.5 at work - IRIFsozeau/research/publications/Coq_8...Coq 8.5 IA year of beta-testing (3 betas), due to cross-cutting, \deep" features. IMany improvments in interaction, semantics](https://reader034.vdocument.in/reader034/viewer/2022042222/5ec9201b63190d714930b1a8/html5/thumbnails/31.jpg)
Constraint checking
Constraints are generated once at refinement time outside thekernel. The kernel just checks that the constraints are consistentand sufficient to typecheck the terms.
universe context Ψ ::=−→i � Θ
Elaboration in bidirectionl fashion:
I Inference: Γ; Ψ ` t ⇑ Ψ′ ` t′ : TI Checking: Γ; Ψ ` t ⇓ T Ψ′ ` t′ : T
Check-Typeθ ` Typei+1 ≤ T θ′
Γ;us � θ ` Type ⇓ T us, i � θ′ ` Typei : T
Coq 8.5 at work – M. Sozeau, M. Denes 29
![Page 32: Coq 8.5 at work - IRIFsozeau/research/publications/Coq_8...Coq 8.5 IA year of beta-testing (3 betas), due to cross-cutting, \deep" features. IMany improvments in interaction, semantics](https://reader034.vdocument.in/reader034/viewer/2022042222/5ec9201b63190d714930b1a8/html5/thumbnails/32.jpg)
Introducing universe polymorphic definitions
Suppose a top-level Definition c : T := t.
1 Γ;` T ⇑ Ψ ` T ′ : s2 Γ; Ψ ` t ⇓ T ′ Ψ′ ` t′ : T ′
3 Add c : ∀ Ψ′, T ′ := t′ to the environment.
4 Each use of c carries a universe instance: c−→l
: T ′[−→l/i]
Guiding principle and main difficulty:Constants are transparent, indistinguishable from their bodies.
Coq 8.5 at work – M. Sozeau, M. Denes 30
![Page 33: Coq 8.5 at work - IRIFsozeau/research/publications/Coq_8...Coq 8.5 IA year of beta-testing (3 betas), due to cross-cutting, \deep" features. IMany improvments in interaction, semantics](https://reader034.vdocument.in/reader034/viewer/2022042222/5ec9201b63190d714930b1a8/html5/thumbnails/33.jpg)
Introducing universe polymorphic definitions
Suppose a top-level Definition c : T := t.
1 Γ;` T ⇑ Ψ ` T ′ : s
2 Γ; Ψ ` t ⇓ T ′ Ψ′ ` t′ : T ′
3 Add c : ∀ Ψ′, T ′ := t′ to the environment.
4 Each use of c carries a universe instance: c−→l
: T ′[−→l/i]
Guiding principle and main difficulty:Constants are transparent, indistinguishable from their bodies.
Coq 8.5 at work – M. Sozeau, M. Denes 30
![Page 34: Coq 8.5 at work - IRIFsozeau/research/publications/Coq_8...Coq 8.5 IA year of beta-testing (3 betas), due to cross-cutting, \deep" features. IMany improvments in interaction, semantics](https://reader034.vdocument.in/reader034/viewer/2022042222/5ec9201b63190d714930b1a8/html5/thumbnails/34.jpg)
Introducing universe polymorphic definitions
Suppose a top-level Definition c : T := t.
1 Γ;` T ⇑ Ψ ` T ′ : s2 Γ; Ψ ` t ⇓ T ′ Ψ′ ` t′ : T ′
3 Add c : ∀ Ψ′, T ′ := t′ to the environment.
4 Each use of c carries a universe instance: c−→l
: T ′[−→l/i]
Guiding principle and main difficulty:Constants are transparent, indistinguishable from their bodies.
Coq 8.5 at work – M. Sozeau, M. Denes 30
![Page 35: Coq 8.5 at work - IRIFsozeau/research/publications/Coq_8...Coq 8.5 IA year of beta-testing (3 betas), due to cross-cutting, \deep" features. IMany improvments in interaction, semantics](https://reader034.vdocument.in/reader034/viewer/2022042222/5ec9201b63190d714930b1a8/html5/thumbnails/35.jpg)
Introducing universe polymorphic definitions
Suppose a top-level Definition c : T := t.
1 Γ;` T ⇑ Ψ ` T ′ : s2 Γ; Ψ ` t ⇓ T ′ Ψ′ ` t′ : T ′
3 Add c : ∀ Ψ′, T ′ := t′ to the environment.
4 Each use of c carries a universe instance: c−→l
: T ′[−→l/i]
Guiding principle and main difficulty:Constants are transparent, indistinguishable from their bodies.
Coq 8.5 at work – M. Sozeau, M. Denes 30
![Page 36: Coq 8.5 at work - IRIFsozeau/research/publications/Coq_8...Coq 8.5 IA year of beta-testing (3 betas), due to cross-cutting, \deep" features. IMany improvments in interaction, semantics](https://reader034.vdocument.in/reader034/viewer/2022042222/5ec9201b63190d714930b1a8/html5/thumbnails/36.jpg)
Unification
Unification of idi and idj :Definition U2 := Typei.Definition U1 : U2 := Typej j < iDefinition U0 : U1 := Typek k < jDefinition U02 : U2 := U0 k < i
idi U02 ∼ idj U0 i = j
But:idi U02→∗ (U0→ U0)←∗ idj U0
Coq 8.5 at work – M. Sozeau, M. Denes 31
![Page 37: Coq 8.5 at work - IRIFsozeau/research/publications/Coq_8...Coq 8.5 IA year of beta-testing (3 betas), due to cross-cutting, \deep" features. IMany improvments in interaction, semantics](https://reader034.vdocument.in/reader034/viewer/2022042222/5ec9201b63190d714930b1a8/html5/thumbnails/37.jpg)
Unification and Conversion
Conv-FO−→as ==
ψ
−→bs ψ |= −→u = −→v
c−→u−→as =R
ψ c−→v−→bs
Uses backtracking (Ziliani & Sozeau, ICFP’15).
Coq 8.5 at work – M. Sozeau, M. Denes 32
![Page 38: Coq 8.5 at work - IRIFsozeau/research/publications/Coq_8...Coq 8.5 IA year of beta-testing (3 betas), due to cross-cutting, \deep" features. IMany improvments in interaction, semantics](https://reader034.vdocument.in/reader034/viewer/2022042222/5ec9201b63190d714930b1a8/html5/thumbnails/38.jpg)
Least-commitment principle
Use two kinds of universe level variables during elaboration:
I Polymorphic constants get elaborated with fresh flexibleargument levels that can be unified.
I Typical ambiguity (e.g. Type) creates rigid variables.
I User-given levels are rigid
Coq 8.5 at work – M. Sozeau, M. Denes 33
![Page 39: Coq 8.5 at work - IRIFsozeau/research/publications/Coq_8...Coq 8.5 IA year of beta-testing (3 betas), due to cross-cutting, \deep" features. IMany improvments in interaction, semantics](https://reader034.vdocument.in/reader034/viewer/2022042222/5ec9201b63190d714930b1a8/html5/thumbnails/39.jpg)
Design choice
Universe instances are levels: Suppose
id : ∀i,ΠA : Typei, A→ A
Levels only, adding constraint if an algebraic would appear:
Γ;` id Type ⇑ i j � i < j ` idj Typei : Typei → Typei
and not:
Γ;` id Type ⇑ i ` idi+1 Typei : Typei → Typei
Coq 8.5 at work – M. Sozeau, M. Denes 34
![Page 40: Coq 8.5 at work - IRIFsozeau/research/publications/Coq_8...Coq 8.5 IA year of beta-testing (3 betas), due to cross-cutting, \deep" features. IMany improvments in interaction, semantics](https://reader034.vdocument.in/reader034/viewer/2022042222/5ec9201b63190d714930b1a8/html5/thumbnails/40.jpg)
Minimization
That’s a lot of fresh universe variables!!
Typical example:
Γ;` id true ⇑ if � Set ≤ i ` @idi bool true : bool
We’d want: @idSet bool true : bool, no new universe, no additionalconstraint, just as general.
⇒ Minimization: compute a minimal set of universe variables.
See Cardelli’s greedy algorithm for F≤ inference, local typeinference (Pierce & Turner).
I Only applies to flexible variables.
Coq 8.5 at work – M. Sozeau, M. Denes 35
![Page 41: Coq 8.5 at work - IRIFsozeau/research/publications/Coq_8...Coq 8.5 IA year of beta-testing (3 betas), due to cross-cutting, \deep" features. IMany improvments in interaction, semantics](https://reader034.vdocument.in/reader034/viewer/2022042222/5ec9201b63190d714930b1a8/html5/thumbnails/41.jpg)
Minimization
That’s a lot of fresh universe variables!!
Typical example:
Γ;` id true ⇑ if � Set ≤ i ` @idi bool true : bool
We’d want: @idSet bool true : bool, no new universe, no additionalconstraint, just as general.
⇒ Minimization: compute a minimal set of universe variables.
See Cardelli’s greedy algorithm for F≤ inference, local typeinference (Pierce & Turner).
I Only applies to flexible variables.
Coq 8.5 at work – M. Sozeau, M. Denes 35
![Page 42: Coq 8.5 at work - IRIFsozeau/research/publications/Coq_8...Coq 8.5 IA year of beta-testing (3 betas), due to cross-cutting, \deep" features. IMany improvments in interaction, semantics](https://reader034.vdocument.in/reader034/viewer/2022042222/5ec9201b63190d714930b1a8/html5/thumbnails/42.jpg)
Minimization
That’s a lot of fresh universe variables!!
Typical example:
Γ;` id true ⇑ if � Set ≤ i ` @idi bool true : bool
We’d want: @idSet bool true : bool, no new universe, no additionalconstraint, just as general.
⇒ Minimization: compute a minimal set of universe variables.
See Cardelli’s greedy algorithm for F≤ inference, local typeinference (Pierce & Turner).
I Only applies to flexible variables.
Coq 8.5 at work – M. Sozeau, M. Denes 35
![Page 43: Coq 8.5 at work - IRIFsozeau/research/publications/Coq_8...Coq 8.5 IA year of beta-testing (3 betas), due to cross-cutting, \deep" features. IMany improvments in interaction, semantics](https://reader034.vdocument.in/reader034/viewer/2022042222/5ec9201b63190d714930b1a8/html5/thumbnails/43.jpg)
Minimization, results
Correctness proof: easy, preservation of local solutions.
Of course this is not endangering the consistency of Coq!
Theorem (Conservativity)
Unfolding universe polymorphic definitions gives correct typings inthe original system. Might just not be the most general ones ifminimization did anything. For inductives, each instantiation is anew copy.
Coq 8.5 at work – M. Sozeau, M. Denes 36
![Page 44: Coq 8.5 at work - IRIFsozeau/research/publications/Coq_8...Coq 8.5 IA year of beta-testing (3 betas), due to cross-cutting, \deep" features. IMany improvments in interaction, semantics](https://reader034.vdocument.in/reader034/viewer/2022042222/5ec9201b63190d714930b1a8/html5/thumbnails/44.jpg)
Dealing with Prop
Let falsei : Typei+1 , (ΠA : Typei, A : Typemax(i+1,i)).
But falseProp →∗ ΠA : Prop, A, of type Prop by impredicativity(and TypeProp+1 still).
Fact: Cannot handle the implicit Prop ≤ Type rule andimpredicativity precisely and efficiently (models of proof-irrelevancehave a similar issue).
Ideal Solution: Use an explicit coercion.Current Solution: Forbid instantiation of a polymorphic level withProp. Compatible with an explicit coercion.
Coq 8.5 at work – M. Sozeau, M. Denes 37
![Page 45: Coq 8.5 at work - IRIFsozeau/research/publications/Coq_8...Coq 8.5 IA year of beta-testing (3 betas), due to cross-cutting, \deep" features. IMany improvments in interaction, semantics](https://reader034.vdocument.in/reader034/viewer/2022042222/5ec9201b63190d714930b1a8/html5/thumbnails/45.jpg)
Dealing with Prop
Let falsei : Typei+1 , (ΠA : Typei, A : Typemax(i+1,i)).
But falseProp →∗ ΠA : Prop, A, of type Prop by impredicativity(and TypeProp+1 still).
Fact: Cannot handle the implicit Prop ≤ Type rule andimpredicativity precisely and efficiently (models of proof-irrelevancehave a similar issue).
Ideal Solution: Use an explicit coercion.Current Solution: Forbid instantiation of a polymorphic level withProp. Compatible with an explicit coercion.
Coq 8.5 at work – M. Sozeau, M. Denes 37
![Page 46: Coq 8.5 at work - IRIFsozeau/research/publications/Coq_8...Coq 8.5 IA year of beta-testing (3 betas), due to cross-cutting, \deep" features. IMany improvments in interaction, semantics](https://reader034.vdocument.in/reader034/viewer/2022042222/5ec9201b63190d714930b1a8/html5/thumbnails/46.jpg)
Universe declarations
This restriction gives clear semantics for universe declarations:
I A toplevel, global universe i is always > Set.
I A local universe in a polymorphic definition is always ≥ Set.It can get collapsed to Set during type inference.
I Naturally enforces the invariant that there is no universebetween Prop and Set (or below Prop!).
Coq 8.5 at work – M. Sozeau, M. Denes 38
![Page 47: Coq 8.5 at work - IRIFsozeau/research/publications/Coq_8...Coq 8.5 IA year of beta-testing (3 betas), due to cross-cutting, \deep" features. IMany improvments in interaction, semantics](https://reader034.vdocument.in/reader034/viewer/2022042222/5ec9201b63190d714930b1a8/html5/thumbnails/47.jpg)
Explicit Universes
DEMO
Coq 8.5 at work – M. Sozeau, M. Denes 39
![Page 48: Coq 8.5 at work - IRIFsozeau/research/publications/Coq_8...Coq 8.5 IA year of beta-testing (3 betas), due to cross-cutting, \deep" features. IMany improvments in interaction, semantics](https://reader034.vdocument.in/reader034/viewer/2022042222/5ec9201b63190d714930b1a8/html5/thumbnails/48.jpg)
Summary
I More functional, trustable implementation.
I User-level control on generated universes and constraints(simplification, declaration...).
I Elaboration/tactics become universe aware (earlier errormessages).
Coq 8.5 at work – M. Sozeau, M. Denes 40
![Page 49: Coq 8.5 at work - IRIFsozeau/research/publications/Coq_8...Coq 8.5 IA year of beta-testing (3 betas), due to cross-cutting, \deep" features. IMany improvments in interaction, semantics](https://reader034.vdocument.in/reader034/viewer/2022042222/5ec9201b63190d714930b1a8/html5/thumbnails/49.jpg)
The End
Coq 8.5 at work – M. Sozeau, M. Denes 41