max/lean4-htt
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 2
lean4-htt/tests/lean/run/nativeReflBackdoor.lean
Joachim Breitner 2907df22ec
feat: one axiom per native computation (#12217) 
This PR implements RFC #12216: native computation (`native_decide`,
`bv_decide`) is represented in the logic as one axiom per computation,
asserting the equality that was obtained from the native computation.
`#print axiom` will no longer show `Lean.trustCompiler`, but rather the
auto-generated names of these axioms (with, for example,
`._native.bv_decide.` in the name). See the RFC for more information.


This PR introduces a common MetaM helper (`nativeEqTrue`) used by
`native_decide` and `bv_decide` alike that runs the computation and then
asserts the result using an axiom.

It also deprecated the `ofReduceBool` axioms etc.

Not included in this PR is infrastructure for enumerating these axioms,
prettier `#print axioms` (should we want his) and tactic concurrency.

Fixes #12216.
2026-02-03 10:15:01 +00:00

40 lines
1.1 KiB
Text
Raw Blame History

set_option linter.unusedVariables false
/-
This example demonstratea that when we are using `native_decide`,
we are also trusting the correctness of `implemented_by` annotations,
foreign functions (i.e., `[extern]` annotations), etc.
-/
def g (b : Bool) := false
/-
The following `implemented_by` is telling the compiler
"trust me, `g` does implement `f`"
which is clearly false in this example.
-/
@[implemented_by g]
def f (b : Bool) := b
theorem fConst (b : Bool) : f b = false :=
match b with
| true =>
/- The following `native_decide` is going to use `g` to evaluate `f`
because of the `implemented_by` directive. -/
have : (f true) = false := by native_decide
this
| false => rfl
theorem trueEqFalse : true = false :=
have h₁ : f true = true := rfl;
have h₂ : f true = false := fConst true;
Eq.trans h₁.symm h₂
/-
We managed to prove `False` using the unsound annotation `implemented_by` above.
-/
theorem unsound : False :=
Bool.noConfusion trueEqFalse
/-- info: 'unsound' depends on axioms: [fConst._native.native_decide.ax_1_3] -/
#guard_msgs in
#print axioms unsound
Reference in a new issue View git blame Copy permalink