max/lean4-htt
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 2
lean4-htt/tests/lean/run/wfirred.lean
Joachim Breitner 39286862e3
feat: well-founded definitions irreducible by default (#4061) 
we keep running into examples where working with well-founded recursion
is slow because defeq checks (which are all over the place, including
failing ones that are back-tracked) unfold well-founded definitions.

The definition of a function defined by well-founded recursion should be
an implementation detail that should only be peeked inside by the
equation generator and the functional induction generator.

We now mark the mutual recursive function as irreducible (if the user
did not
set a flag explicitly), and use `withAtLeastTransparency .all` when
producing
the equations.

Proofs can be fixed by using rewriting, or – a bit blunt, but nice for
adjusting
existing proofs – using `unseal` (a.k.a. `attribute [local
semireducible]`).

Mathlib performance does not change a whole lot:

http://speed.lean-fro.org/mathlib4/compare/08b82265-75db-4a28-b12b-08751b9ad04a/to/16f46d5e-28b1-41c4-a107-a6f6594841f8
Build instructions -0.126 %, four modules with significant instructions
decrease.

To reduce impact, these definitions were changed:

* `Nat.mod`, to make `1 % n` reduce definitionally, so that `1` as a
`Fin 2` literal
works nicely. Theorems with larger `Fin` literals tend to need a `unseal
Nat.modCore`
   https://github.com/leanprover/lean4/pull/4098
* `List.ofFn` rewritten to be structurally recursive and not go via
`Array.ofFn`:
   https://github.com/leanprover-community/batteries/pull/784

Alternative designs explored were

 * Making `WellFounded.fix` irreducible. 
 
One benefit is that recursive functions with equal definitions (possibly
after
instantiating fixed parameters) are defeq; this is used in mathlib to
relate

[`OrdinalApprox.gfpApprox`](https://leanprover-community.github.io/mathlib4_docs/Mathlib/SetTheory/Ordinal/FixedPointApproximants.html#OrdinalApprox.gfpApprox)
with `.lfpApprox`.
   
   But the downside is that one cannot use `unseal` in a
targeted way, being explicit in which recursive function needs to be
reducible here.

And in cases where Lean does unwanted unfolding, we’d still unfold the
recursive
definition once to expose `WellFounded.fix`, leading to large terms for
often no good
   reason.

* Defining `WellFounded.fix` to unroll defintionally once before hitting
a irreducible
`WellFounded.fixF`. This was explored in #4002. It shares most of the
ups and downs
with the previous variant, with the additional neat benefit that
function calls that
do not lead to recursive cases (e.g. a `[]` base case) reduce nicely.
This means that
   the majority of existing `rfl` proofs continue to work.

Issue #4051, which demonstrates how badly things can go if wf recursive
functions can be
unrolled, showed that making the recursive function irreducible there
leads to noticeably
faster elaboration than making `WellFounded.fix` irreducible; this is
good evidence that
the present PR is the way to go. 

This fixes https://github.com/leanprover/lean4/issues/3988

---------

Co-authored-by: Leonardo de Moura <leomoura@amazon.com>
2024-05-10 06:45:21 +00:00

139 lines
2.4 KiB
Text
Raw Blame History

/-!
Tests that definitions by well-founded recursion are irreducible.
-/
def foo : Nat → Nat
| 0 => 0
| n+1 => foo n
termination_by n => n
/--
error: type mismatch
rfl
has type
foo 0 = foo 0 : Prop
but is expected to have type
foo 0 = 0 : Prop
-/
#guard_msgs in
example : foo 0 = 0 := rfl
/--
error: type mismatch
rfl
has type
foo (n + 1) = foo (n + 1) : Prop
but is expected to have type
foo (n + 1) = foo n : Prop
-/
#guard_msgs in
example : foo (n+1) = foo n := rfl
-- This succeeding is a bug or misfeature in the rfl tactic, using the kernel defeq check
#guard_msgs in
example : foo 0 = 0 := by rfl
-- It only works on closed terms:
/--
error: The rfl tactic failed. Possible reasons:
- The goal is not a reflexive relation (neither `=` nor a relation with a @[refl] lemma).
- The arguments of the relation are not equal.
Try using the reflexivitiy lemma for your relation explicitly, e.g. `exact Eq.rfl`.
n : Nat
⊢ foo (n + 1) = foo n
-/
#guard_msgs in
example : foo (n+1) = foo n := by rfl
section Unsealed
unseal foo
example : foo 0 = 0 := rfl
example : foo 0 = 0 := by rfl
example : foo (n+1) = foo n := rfl
example : foo (n+1) = foo n := by rfl
end Unsealed
--should be sealed again here
/--
error: type mismatch
rfl
has type
foo 0 = foo 0 : Prop
but is expected to have type
foo 0 = 0 : Prop
-/
#guard_msgs in
example : foo 0 = 0 := rfl
def bar : Nat → Nat
| 0 => 0
| n+1 => bar n
termination_by n => n
-- Once unsealed, the full internals are visible. This allows one to prove, for example
/--
error: type mismatch
rfl
has type
foo = foo : Prop
but is expected to have type
foo = bar : Prop
-/
#guard_msgs in
example : foo = bar := rfl
unseal foo bar in
example : foo = bar := rfl
-- Attributes on the definition take precedence
@[semireducible] def baz : Nat → Nat
| 0 => 0
| n+1 => baz n
termination_by n => n
example : baz 0 = 0 := rfl
seal baz in
/--
error: type mismatch
rfl
has type
baz 0 = baz 0 : Prop
but is expected to have type
baz 0 = 0 : Prop
-/
#guard_msgs in
example : baz 0 = 0 := rfl
example : baz 0 = 0 := rfl
@[reducible] def quux : Nat → Nat
| 0 => 0
| n+1 => quux n
termination_by n => n
example : quux 0 = 0 := rfl
set_option allowUnsafeReducibility true in
seal quux in
/--
error: type mismatch
rfl
has type
quux 0 = quux 0 : Prop
but is expected to have type
quux 0 = 0 : Prop
-/
#guard_msgs in
example : quux 0 = 0 := rfl
example : quux 0 = 0 := rfl
Reference in a new issue View git blame Copy permalink